You are 30K+ subscribers to this weekly cyber ! Woaw
Alexandre BLANC Cyber Security
Advisor - ISO/IEC 27001 and 27701 Lead Implementer - Named security expert to follow on LinkedIn in 2024 - MCNA - MITRE ATT&CK - LinkedIn Top Voice 2020 in Technology - All my content is sponsored
I checked today, and I had a lower number in mind, fairly surprising, more than 30K subscribers ! Thank you !
So here we go for this week, my take, as usual :)
1 - NameCheap's email hacked to send Metamask, DHL phishing emails, this was fairly bad, as we saw that domain name got registered or modified via namecheap to achieve spear phishing with either typo squatting or TLD shifting.
2 - Hopefully you always keep some cash, because that's the only way to pay when any SPOF (single point of failure) crash in the extremely complex digital payment world - Indigo's 'cybersecurity incident' stretches into third day as website still offline - post by Orenda Security
3 - "What is a Secure SDLC?" (Software Development Life Cycle)
And this considering many models such as :
- Waterfall model
- V-shaped model
- Iterative model
- Spiral model
- Big bang model
- Agile model
Enjoy the reading ! After all, it's very close to the spirit of ISO27001 with continuous optimization !
4 - it was apple patch time, update your apples ! Apple fixes new WebKit zero-day exploited to hack iPhones, Macs
5 - A full review of the Redline Stealer Malware, the malware that steals all the credentials you stored in the chrome browser (which is as bad as a spyware BTW)
6 - If you work in the cloud, it's your duty and responsibility to stay on top of your sh...skills !
7 - Microsoft’s new ChatGPT-powered AI has been sending “unhinged” messages to users, according to this article. That was somehow expected. Can't let AI go lose !
8 - Are you doing enough and achieve due care and due diligence in regards to your security responsibility ?
"Google backs federal push for tech to embrace ‘secure by design’" sad that it has to come from evil corp, but secure by design, and privacy by design is the way to go !
A good reminder of the DNS basics you should have in place to prevent easy spoofing of your domain, mainly in phishing campaigns, and overall any impersonation using rogue servers.
Recommended by LinkedIn
10 - The cloud is funny - GitHub Copilot update stops AI model from revealing secrets
11 - Don't forget to deploy your patches to your car ! Hyundai, Kia patch bug allowing car thefts with a USB cable
ChatGPT, DALL-E, all AI (artificial intelligence, or claimed so) and ML (machine learning, building AI on top of stolen customer's data, that's the model of the cloud SAAS), are adopted way quicker by threat actors than by legit solution providers.
What are the ethical considerations or concerns ?
13 - I mean, if you don't patch, you are asking for it ! ESXiArgs Ransomware Hits Over 500 New Targets in European Countries
14 - It leaks and leaks and leaks, I think I should add some plumber numbers in these leaks related posts :P Atlassian: Leaked Data Stolen via Third-Party App, or maybe, better call Saul :P
No putting all the leaks and failures, too much, and doesn't help, most are in my posts this week :)
Data privacy laws and compliance regulations are critical safeguards for protecting consumer and employee data from unnecessary exposure. By complying with these legal requirements, businesses can reduce the risk of legal action and financial penalties, ensure data privacy, increase customer loyalty, as well as avoid reputational damage.
Securing sensitive cloud data is a key challenge and priority for 2023 and there's increasing evidence that traditional data security approaches are not sufficient.
Recently, Enterprise Strategy Group surveyed hundreds of IT, Cloud Security, and DevOps professionals who are responsible for securing sensitive cloud data.
Enjoy the reading showing how you must enhance your security on cloud and stop the constant status of leak of the cloud.
It is YOUR responsibility to protect the damn cloud when you decide to put people's data in it ! So read, do it right !
17 - Godaddy, multi years hack, servers backdored for years, bad.
18 - it's Fortinet patch time ! Fortinet fixes critical RCE flaws in FortiNAC and FortiWeb
19 - it's #cisco patch time ! Admins, patch your Cisco enterprise security solutions! (CVE-2023-20032)
20 - The public cloud used to attack telcos and spy on communications - Novel Spy Group Targets Telecoms in 'Precision-Targeted' Cyberattacks
21 - Top 9 threat hunting tools - In nearly all organizations, a significant cyber attack isn’t a question of “if” – it’s a question of “when.” 62% of organizations “have experienced major security incidents that jeopardized business operations,” discovers a 2022 Cisco report. It’s getting more critical every year to proactively hunt for and neutralize threats hiding in your network before they can do actual harm.
Wishing a good weekend you 30K+ subscribers ! Even if you don't read down to the end, I know what it is, we are bombarded of newsletters, so, thank you if you went that far ! Comments, likes, shares always very appreciated !
Enterprise/Solution Architect, Re-designing Architectes; Moving to Clouds; Blockchain
1y😂 'better call Saul' 😆 Have you already mentioned Yandex sources Ze Big Leeeaaak, by the way???
Cybersecurity Program Management, Retired
1yTo the end!
Chief Innovation Officer @ TOM SHAW
1ySomeone needs to lead through these interesting propaganda times and you are doing a great job!! One day the cloud(s) will part and all will be revealed… 🫡
Senior advisor in dataprotection / infosec / cybersec / privacy enhancing technologies
1yAwesome Alexandre Im so happy for all of us, as your message is important.