Every week I publish interesting articles and ways to improve your understanding of cybersecurity.
Projects
- TryHackMe – Common Linux Privesc – In Progress
Videos
- SANS Institute published a playlist with 15 videos from their New2Cyber conference.
Articles
- Dropbox says hackers stole customer data, auth secrets from eSignature service – Cloud storage firm Dropbox says hackers breached production systems for its Dropbox Sign eSignature platform and gained access to authentication tokens, MFA keys, hashed passwords, and customer information.
- A million Australian pubgoers wake up to find personal info listed on leak site – Man arrested and blackmail charges expected after allegations of unpaid contractors and iffy infosec
- Novel attack against virtually all VPN apps neuters their entire purpose – TunnelVision vulnerability has existed since 2002 and may already be known to attackers.
- One year on, universities org admits MOVEit attack hit data of 800K people – Nearly 95M people in total snagged by flaw in file transfer tool
- Dell warns of data breach, 49 million customers allegedly affected – Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers.
- Ohio Lottery ransomware attack impacts over 538,000 individuals – The Ohio Lottery is sending data breach notification letters to over 538,000 individuals affected by a cyberattack that hit the organization’s systems on Christmas Eve.
- Dark Reading ‘Drops’ Its First Podcast – Dark Reading Confidential, has officially launched. You don’t want to miss our first episode with the CISO and chief legal officer from Reddit and a cybersecurity attorney, who share their thoughts and advice for CISOs on the new SEC breach disclosure rules.
- UK confirms Ministry of Defence payroll data exposed in data breach – The UK Government confirmed today that a threat actor recently breached the country’s Ministry of Defence and gained access to part of the Armed Forces payment network.
- BetterHelp to pay $7.8 million to 800,000 in health data sharing settlement – BetterHelp has agreed to pay $7.8 million in a settlement agreement with the U.S. Federal Trade Commission (FTC) over allegations of misusing and sharing consumer health data for advertising purposes.
Podcasts
- Smashing Security 370: The closed loop conundrum, default passwords, and Baby Reindeer