Tuesday Night Cyber News Wrap

I missed the feed today, so let's play catch up !

Third party risk management is still a nightmare - Most GitHub Actions workflows are insecure in some way - Custom Actions developers, like any open source developer, are not obligated to publish a CVE for a vulnerability found in their code, and sometimes they explicitly refuse to do so.

Kaspersky is offering free security products for six months and tips for staying safe as a parting gift to consumers in the United States. My paranoid side think it's a way to keep a foothold needed to achieve some kind of plan, my empathetic side see a nice gesture from a company wanting to leave in good term with their customers. At this point, security continuity plan is needed anyhow.

Better learn some powershell if you want to work in a security operation center (SOC), which managed the cloud security nightmare - Cloud Security, PowerShell Expertise Emerge as Key SOC Analyst Skills - SOC analysts should also cultivate skills like incident handling and response, threat hunting, digital forensics, Python, and bash scripting.

Modern cars, over connected, are a threat to people. As EFF (Electronic Frontier Foundation) state, and I agree : Modern Cars Can Be Tracking Nightmares. Abuse Survivors Need Real Solutions. Car owners MUST be able to select what data their car collect and transmit. The current situation is unacceptable, and a life threatening situation for a lot of persons.

Privacy is not a fancy need, it's a survival condition for many.

Expect email targeted spam, thanks to the continuous leak of the cloud ! (#clowd) - Email addresses of 15 million Trello users leaked on hacking forum - It's the cloud, it leaks.

Bet what ? Yes, the cloud again ! (Salesforce owned slack)

Disney Hacked: Group Claims to Have Trove of Data, Company Investigating

The hacktivist group 'Nullbulge' is claiming responsibility for the hack, which includes a trove of data apparently taken from internal Slack channels.

The cloud, always the cloud - WhatsApp: AWS leased infrastructure to NSO Group beginning in 2018

Digital transformation makes everything connected, and then, incident happen and everything is taken down at once. Furniture giant shuts down manufacturing facilities after ransomware attack

Maybe you should keep your key production asset segmented and avoid the craziness of over exposure from public cloud. Industrial systems would never end online without the cloud nonsense.

Think twice, use private cloud if you need to digitally transform, it's more expensive but at least you won't be taken down that easily.

And thanks to Cynomi for nominating me, along with other passionate security people - Cynomi has compiled a comprehensive list of the top 9 most influential vCISOs making waves in the industry right now. They’re not only setting trends but also sharing invaluable insights and experiences.

That said, if you read this, you are already following the right guy, and hopefully you'll get 8 other ones to check :P

Have a good day or night, depending of where you are in the world ! That's it for today curated list !

Thanks for your comments, likes, reshare ! It does help !