- Hacker’s Guide to VIP Security – Rachel Tobac
- API Security Best Practices in the Hybrid, Multi-Cloud Digital World – The challenges of API security in a hybrid, multi-cloud digital world, How to get a handle on API and tool sprawl, Insights on trends and solutions for API security
- Proofpoint: Getting Started with Insider Threats
- Shein’s Android App Caught Transmitting Clipboard Data to Remote Servers – Fast fashion seller has already fixed with a new version.
- Police Raid Rounds Up Core Members of DoppelPaymer Ransomware Gang – This is the latest in a line of law-enforcement actions busting up the ransomware scene.
- Acer confirms breach after 160GB of data for sale on hacking forum – threat actors hacked a server hosting private documents used by repair technicians.
- Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears – More than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information.
- Ransomware gang posts video of data stolen from Minneapolis schools – The Medusa ransomware gang is demanding a $1,000,000 ransom from the Minneapolis Public Schools (MPS) district to delete data allegedly stolen in a ransomware attack.
- FBI investigates data breach impacting U.S. House members and staff – The FBI is investigating a data breach affecting U.S. House of Representatives members and staff after their account and sensitive personal information was stolen from DC Health Link’s servers.
- Bitwarden flaw can let hackers steal passwords using iframes – Bitwarden’s credentials autofill feature contains a risky behavior that could allow malicious iframes embedded in trusted websites to steal people’s credentials and send them to an attacker.
- AT&T alerts 9 million customers of data breach after vendor hack – AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January.
- Inside Threat: Developers Leaked 10M Credentials, Passwords in 2022 – More than five out of every 1,000 commits to GitHub included a software secret, half again the rate in 2021, putting applications and businesses at risk.
- Security Now 912 – The NSA @ Home – Hosted by Steve Gibson, Leo Laporte LastPass hack details, Signal says no to UK, more PyPI troubles, QNAP bug bounty
- Smashing Security 311 – TikTok, wiretapping, and your deepfake voice is your password
- Security Now 913 – A Fowl Incident, Hosted by Steve Gibson, Leo Laporte, DDoS’ing Fosstodon, Strategic Objective 3.3, CISA’s Covert Red-Team
Splunk – Using Fields