Cyber news catch up from the camp
Alexandre BLANC Cyber Security
Advisor - ISO/IEC 27001 and 27701 Lead Implementer - Named security expert to follow on LinkedIn in 2024 - MCNA - MITRE ATT&CK - LinkedIn Top Voice 2020 in Technology - All my content is sponsored
I'm still on the road, and here is a catch up wrap in regards to the cyber news over the past days.
Storing passwords in a browser is a very bad idea. Use a real password manager instead, and ideally, one that will still give you access to your existing data, even if the service crash !
What's more personal than a password, or authentication information ? This, you should own. I would recommend password managers like bitwarden, which still allow you to access your data when the server is down. Sure, you can't update the data or save new credentials in case of outage, but you can still access your data.
Have you patched your servicenow instances ?!
One threat actor claims to have already gathered email addresses and associated hashes from more than 110 remote IT management databases.
Time to do thing better, maybe ditching windows could help ?
Microsoft says that its initial estimate of 8.5 million PCs affected was only a subset of the affected number of machines in the crash.
Using acronis ? Time to patch and check of IOC (indicators of compromise) if you haven't !
Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited in the wild.
Identity theft ahead :(
领英推荐
Sadly, enough information leaked from "outside their core system" (the cloud ? ) to steal the identity of all these people. connected=hacked, information placed in connected technology leads to incident. Like it or not. The less information you share, the safer.
Another magnificent source of cloud continuous leak. If you don't get it, this is an open door on ALL public cloud, all of them. And it has been in the wild for long (and it's not all, but sshhhhh you love cloud don't you ? )
An attack flow that combines API flaws within "log in with" implementations and Web injection bugs could affect millions of websites.
Meanwhile, who needs to bypass authentication with stolen OAuth token when the cloud is just a wide open crap ?!
"massive scam campaign that exploited an email routing misconfiguration in email security vendor Proofpoint's defenses to send millions of messages spoofing various popular companies like Best Buy, IBM, Nike, and Walt Disney, among others"
Finally a link to a video, that could help security people and more, to get it, and maybe reconsider the dumb clowd stuff and focus on privacy and security by design and by default instead of being sheep herd.
Today Gitguardian welcome J Wolfgang Goerlich, an advisory CISO, mentor, and strategist. They delve into the intricacies of security design frameworks and the importance of building and maintaining relationships in the cybersecurity field.
Hopefully you found value in this post, I get back to the landscapes in the area today.
Comments, additions to what I missed are welcome.
Turning my head here, what I see (being on the road is good for the soul ! ) :
Have a good day all !
Founder of The ITSM Practice Podcast | ITIL Ambassador | Helping CIOs in Fintech, Telecom, and Managed Services Define Robust Service Management and Security Operating Models
3 个月Commenting for my network! HealthEquity, a leading U.S. provider of health savings accounts, recently disclosed a major cybersecurity breach affecting 4.3 million people. 4.3 million people. 4.3 million people. 4.3 million people. On March 9, 2024, hackers accessed sensitive health data using stolen credentials from a partner, with the breach confirmed on June 26 after an internal review. Exposed data includes full names, addresses, employer details, Social Security numbers, and more. Although the compromised data was outside core systems and has been secured, the impact raises concerns. As affected individuals receive credit monitoring services, one must wonder: How secure is our personal information? ---------- ?? Follow The ITSM Practice Podcast on LinkedIn for daily insights on ITSM and IT Security. ?? Check out The ITSM Practice Podcast on Spotify: https://open.spotify.com/show/5UQ70oHik31MuXVtvrqHli?si=48ef9e3e68fd4429 #itil #itsecurity?
Award Winning Global Privacy Expert, Speaker & Media Commentator | Bestselling Author, Podcast Host & Career Coach | I Help Mid Career Professionals Become Confident, Capable & Credible World-Class Privacy Experts
3 个月Enjoyed this read! Storing passwords in your browser is a risky move. A dedicated password manager is definitely the way to go, especially one that still lets you access your info if things go sideways. Bitwarden’s a solid choice for that.
Beta-tester at Parrot Security* Polymath*
3 个月On the Road again -https://youtu.be/qRKNw477onU