World Ethical Data Forum (WEDF) and weekly cyber

This week a coming interesting event is coming, free to attend, it's the World Ethical Data Forum (WEDF) on 2022 Oct 26-28 !

As a privacy and security focused person, I could not refuse the opportunity to speak at this event, and you'll find me, along with a lot of people concerned with data use, collection and ethic.

The 1 minute video above is a great summary about how and why we should care.

On my end, lucky to be invited to many talks, and trying to bring value, triggering awareness on privacy and security by default and by design. It all start with people.

Human decision making process is based on information we get, so whoever controls the information stream, controls our decisions, taste, opinions and actions. Think of this, there is no force needed, it's the good old art of manipulation at scale, technology powered.

If I control the information you get, I control your behavior. Please, keep a critical view on everything you see, read or hear !

Back to the key news of this week :

1 - Report: 81% of IT teams directed to reduce or halt cloud spending by C-suite

2 - Here's everything you need to know to get started with security testing, including all the essential tools for every stage of the process.

3 - LastPass Software Supply Chain Attack: What Happened and Tips to Protect Against Similar Attacks

4 - Emotet Rises Again With More Sophistication, Evasion

5 - US Airports in Cyberattack Crosshairs for Pro-Russian Group Killnet

6 - Toyota discloses data leak after access key exposed on GitHub (so tired of all connected crap, Toyota were amazing, why the hell to they need to connect everything and making them hacked trashes ! )

7 - Intel Confirms Leak of Alder Lake BIOS Source Code

8 - Hackers Steal $100 Million Cryptocurrency from Binance Bridge

9 - Caffeine service lets anyone launch Microsoft 365 phishing attacks

10 - Darkweb market BidenCash gives away 1.2 million credit cards for free

11 - Threat actors need to collect information, they need distribution channels, and remote control channels - 5 Hotspots for Threat Actor Activity

12 - How to manage the cyber security risks lurking within supply chains

13 - Android leaks some traffic even when 'Always-on VPN' is enabled, but iOS as well, no mobile phone can protect your data.

14 - Critical Open Source vm2 Sandbox Escape Bug Affects Millions

15 - VMware vCenter Server bug disclosed last year still not patched

16 - Microsoft Exchange servers hacked to deploy LockBit ransomware

17 - Russia labels Meta an 'extremist' org, sends legal threats to users

18 - Software Supply Chain Attack Leads to Trojanized Comm100 Installer

19 - STATE OF AWS SECURITY - A Look Into Real-World AWS Environments

20 - Google Rolling Out Passkey Passwordless Login Support to Android and Chrome ( I don't like this, especially that this is by evil corp)

21 - E-Commerce Losses to Online Payment Fraud to Exceed $48B Globally in 2023, as Fraud Incursions Evolve

22 - Aruba fixes critical RCE and auth bypass flaws in EdgeConnect

23 - New npm timing attack could lead to supply chain attacks

24 - Cloud Data Breaches Are Running Rampant. What Are the Common Characteristics?

25 - 64,000 Additional Patients Impacted by Omnicell Data Breach - What is Your Data Breach Action Plan?

26 - Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys

27 - Quarter of Healthcare Ransomware Victims Forced to Halt Operations

28 - Cyberattackers Spoof Google Translate in Unique Phishing Tactic

29 - Magniber ransomware now infects Windows users via JavaScript files

30 - Finally an interesting take on leaked credentials trends - Threat Spotlight: Leaked Credentials

31 - Top 4 Cyber Attacks Of Q3 2022

32 - Tour Amazon’s dream home, where every appliance is also a spy - Here’s everything Amazon learns about your family, your home and you

33 - Microsoft’s headset for the military reportedly results in ‘physical impairments’ during tests

34 - O365 message encryption doesn't protect messages ! Serious Security: Microsoft Office 365 attacked over feeble encryption (LOL LMAO, #clowd )

35 - CISA releases open-source 'RedEye' C2 log visualization tool

36 - New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos

37 - Smart buildings may be your cybersecurity downfall

38 - The Ultimate SaaS Security Posture Management Checklist, 2023 Edition

And that's it for this week ! I hope you found some interesting topic for your needs ! As usual, comments, likes and share appreciated !