Afleveringen
-
* Millions of Devices at Risk as Microsoft and Google Disable Insecure Email Login Method
* Cybersecurity Giant Fortinet Confirms Data Breach, Downplays Impact
* New Laws Target Banks, Telcos and Tech Giants in Fight Against Scams
* Online Voucher Scam Targets Sydney Restaurants Using Square POS
* TfL Staff Face In-Person Password Resets After Cyberattack
Special Thanks to Justin Butterfield once again for contributing some of the interesting stories for this week’s cyber bites.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* AI-Powered Voice Cloning Scams on the Rise
* Cyberattack Disrupts Transport for London Services
* Typosquatting Threatens Developers: Malicious Code in GitHub Actions
* New Supply Chain Attack Hijacks Removed PyPI Packages
* White House Aims to Strengthen Internet Routing Security
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
Zijn er afleveringen die ontbreken?
-
* Singapore's Consumer Watchdog Fined for Data Breaches, Failed to Secure Consumer Information
* Research Study: What's The Worst Place to Leave Your Secrets
* Critical Infrastructure Under Threat: Zero-Day Vulnerability Exploited to Spread Mirai Botnet
* Banks Under Fire for Inadequate Scam Protection as Victims Suffer
* FIDO Security Token YubiKey 5 Vulnerable to Cloning Attacks
* Critical Vulnerability Found in Airport Security System
Special Thanks to Justin Butterfield for contributing some of the interesting stories for this week’s cyber bites.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Cybersecurity: The Need for a Wake-Up Call
* Digital Banks: Boon for Customers, Target for Scammers?
* ASD Warns of Phishing Emails Targeting Australians
* New Guidance Released on Best Practices for Event Logging and Threat Detection
* Local Networks Exposed: A Flaw in Domain Naming Creates Security Nightmare
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Thousands of Websites Exposed AWS Credentials, Leading to Large-Scale Extortion Campaign
* Mac Users Beware: Microsoft Apps May Have Allowed Hackers to Spy on You
* Ransomware on Track for Record Year Despite Fewer Victims Paying
* FlightAware Data Breach Exposes User Information for Years
* GitHub Actions Exposing Authentication Tokens in Popular Open-Source Projects
Special Thanks to Justin Butterfield once again for contributing some of the interesting stories for this week’s cyber bites.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Background Check Company National Public Data Hit by Massive Data Breach Affecting Nearly 3 Billion People
* Trojan Malware Campaign Hijacks Browsers, Steals Data of Over 300,000 Users (https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign)
* Australian Gold Miner Evolution Hit by Ransomware Attack
* Critical Browser Flaw Exposes Local Networks to Attack via "0.0.0.0"
* Hackers Breaches Educational Security Software Company and Wipes 13,000 students’ iPads and Chromebooks
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Australia to Mandate Ransomware Payment Disclosure
* Hackers Abuse Free Cloudflare Tunnels to deliver Remote Access Trojans
* Stack Exchange Used by Threat Actors to Promote Malicious Open Source Components
* Hackers Poison Software Updates Through ISP Breach
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* New Podcast Aims to Unlock Secrets of Application Security
* SBOMs: A Crucial Tool Hampered by Standardization Issues
* Mysterious Rings and QR Codes: The Emergence of Brushing Scams
* France Battles Cyberespionage Ahead of Olympics
* GitHub's Dark Secret: Deleted Data Never Really Dies
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
The recent CrowdStrike update that led to a global IT outage and the infamous Blue Screen of Death (BSOD) on millions of Windows machines. This incident has brought to light critical lessons in DevSecOps and the importance of Business Continuity Planning (BCP).
Joining me today is a very special guest, Denny Wan who is the Founder of the Reasonable Security Institute, an expert in cybersecurity and risk quantification. We’re going to speak about lessons learned in DevSecOps and BCP and get his thoughts and insights.
A video recording of the interview is also available below.
Show Notes
Denny Wan - https://www.linkedin.com/in/wandenny/
FAIR Institute - https://www.fairinstitute.org/
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
* Hackers Capitalize on CrowdStrike Outage with Phishing and Malware Attacks
* Massive Data Breach at Australian Prescription Service MediSecure
* 20 Million Domains at Risk from New Email Spoofing Attacks
* Google U-Turns on Third-Party Cookie Phaseout
* North Korean Hacker Poses as IT Worker in Attempted Cyberattack
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
Are there a lot more assumed trust in global cybersecurity vendors that security professionals assess them with less rigor compared to other vendors?
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
This week, we'll be covering five major stories:
1. AT&T's massive data breach affecting 109 million customers
2. Key findings from the 2024 SANS SOC Survey
3. Cloudflare's report on the rapid exploitation of vulnerabilities
4. A new ransomware gang targeting unpatched Veeam software
5. A leaked GitHub token that exposed Python to potential tampering
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
This week we're looking at leaked Ticketmaster tickets, major security flaw affecting almost every Apple Device, booking.com scams, US government failure to investigate SolarWinds and Hackers having second thoughts after crippling Indonesian government systems.
* Hackers Leak Ticketmaster Print-at-Home Tickets, Threatening Fans and Event* Major Security Flaw in CocoaPods Exposes Millions of Apple Devices to Supply Chain Attacks* Booking.com Scams: How to Avoid Getting Stung During Vacation Booking* US Govt Board Failed to Investigate Major Cyberattack Despite Presidential Order* Hackers Apologize After Crippling Indonesian Government Systems, Release Encryption Key
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com -
My recent conference presentation on open-source security revealed a common theme. Audience members didn’t realize how pervasive open-source is. Everyone in the audience knew that their organization uses a fair number of open-source components, but they thought that it only makes up a small percentage of their applications, at around 30% or less.
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com