Monday, January 30, 2023

Weekly Update 332

Presently sponsored by: CrowdSec - Gain crowd-sourced protection against malicious IPs and benefit from the most accurate CTI in the world. Get started for free.Breaches all over the place today! Well, this past week, and there's some debate as...

Weekly Update 331

Presently sponsored by: CrowdSec - Gain crowd-sourced protection against malicious IPs and benefit from the most accurate CTI in the world. Get started for free.Well and truly back into the swing of things in the new year, I think...

Weekly Update 330

Presently sponsored by: CrowdSec - The open-source & collaborative security stack: respond to attacks & share signals across the community. Download it for freeBig week! So big, in fact, that I rushed into this week's update less prepared and...

Weekly Update 329

Presently sponsored by: 1Password, a secure password manager, is building the passwordless experience you deserve. See how passkeys workStrap yourself in, this is a big one! Big video, big breach (scrape?), and a big audience today. The Twitter incident...

Weekly Update 328

Presently sponsored by: 1Password, a secure password manager, is building the passwordless experience you deserve. See how passkeys workWe made it! That's 2022 done and dusted, and what a year it was, both professionally and personally. It feels great...

Weekly Update 327

Presently sponsored by: 1Password, a secure password manager, is building the passwordless experience you deserve. See how passkeys workIt's my last weekly update on the road for a while! As enjoyable as travel is, I'm looking forward to getting...

Weekly Update 326

Presently sponsored by: Kolide believes that maintaining endpoint security shouldn’t mean compromising employee privacy. Check out our manifesto: Honest Security.Despite having both my tripod and mic in the wrong suitcase in the wrong place, Scott and I still pulled...

Weekly Update 325

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.For the first time in I don't know how long, I couldn't do this live. Turns out both cell...

Weekly Update 324

Presently sponsored by: Kolide is an endpoint security solution for teams that want to meet SOC2 compliance goals without sacrificing privacy. Learn more here.We're in Copenhagen! Scott and family joined us in Oslo for round 2 of wedding celebrations...

Weekly Update 323

Presently sponsored by: Kolide is an endpoint security solution for teams that want to meet SOC2 compliance goals without sacrificing privacy. Learn more here.Finally, after nearly 3 long years, I'm back in Norway! We're here at last, leaving our...

Weekly Update 322

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.It's very strange to have gone 1,051 days without spending more than a few hours apart, but here we...

Weekly Update 321

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.What a week to pick to be in Canberra. Planned well before things got cyber-crazy in Australia, I spent...

Weekly Update 320

Presently sponsored by: Kolide is a fleet visibility solution for Mac, Windows, and Linux that can help you securely scale your business. Learn more here.I feel like life is finally complete: I have beaches, sunshine and fast internet! (Yes,...

Weekly Update 319

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.Geez we've been getting hammered down here: Optus, MyDeal, Vinomofo, Medibank and now Australian Clinical Labs. It's crazy how...

Weekly Update 318

Presently sponsored by: EPAS by Detack. No EPAS protected password has ever been cracked and won't be found in any leaks. Give it a try, millions of users use it.Aussie breachapalooza! That what it feels like this week between...

Weekly Update 317

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.I decided to do something a bit different this week and mostly just answer questions from my talk at...

Weekly Update 316

Presently sponsored by: Kolide can help you nail third-party audits and internal compliance goals with endpoint security for your entire fleet. Learn more here.Geez it's nice to be home 😊 It's nice to live in a home that makes...

Weekly Update 315

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.How's this weeks video for a view?! It's a stunning location here in Bali and it's just been the...

Weekly Update 314

Presently sponsored by: SecAlerts vulnerability awareness: Receive CVE & zero-day alerts, news & version updates all matched to your software. Discount code within!Wow, what a week! Of course there's lots of cyber / tech stuff in this week's update,...

Weekly Update 313

Presently sponsored by: Varonis. Reduce your SaaS blast radius with data-centric security for AWS, G Drive, Box, Salesforce, Slack and more.I came so close to skipping this week's video. I'm surrounded by family, friends and my amazing wife to...

GitHub says hackers cloned code-signing certificates in breached repository

Enlarge GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place...
Security Affairs

QNAP addresses a critical flaw impacting its NAS devices

Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that...
The Register

Chromebook SH1MMER exploit promises admin jailbreak

Schools' laptops are out if this one gets around, but beware bricking Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER.…

MusicLM: Google AI generates music in various genres at 24 kHz

Enlarge / An AI-generated image of an exploding ball of music. (credit: Ars Technica) On Thursday, researchers from Google announced a new generative AI model called MusicLM that can create...

Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine

The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.