Video Ticketmaster seems to have experienced a data breach, with the ShinyHunters hacker group claiming to have exfiltrated 560 million customer data. Watch as Tony discusses the story and provides useful tips on how to protect people’s data. 07 Jun 2024 Ticketmaster has reportedly been breached by a hacker group known as ShinyHunters, who claim…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-068 DATE(S) ISSUED: 06/07/2024 OVERVIEW: A vulnerability has been discovered in SolarWinds Serv-U that could allow for path transversal that could lead to disclosure of sensitive information. SolarWinds Serv-U is a managed file transfer solution used to store and share files across an enterprise network. It can be hosted on both Windows…
Read MoreLastPass says its almost 12-hour outage yesterday was caused by a bad update to its Google Chrome extension. Starting at around 1 PM ET yesterday, LastPass users were suddenly unable to access their password vaults or log into their accounts, instead seeing “404 Not Found” errors, which typically indicate a page does not exist. The impact…
Read MoreAfter privacy and security experts voiced concerns about Recall – an exclusive, AI-driven search feature in Microsoft’s upcoming Copilot+ PCs – the Windows giant says it will turn off the feature by default, require Windows Hello authentication to use it and add ‘additional layers of data protection.’ Microsoft said it’s improving privacy and security safeguards…
Read MoreFriday Squid Blogging: Squid Catch Quotas in Peru Peru has set a lower squid quota for 2024. The article says “giant squid,” but that seems wrong. We don’t eat those. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog…
Read MoreApply appropriate patches provided by PHP to vulnerable systems immediately after appropriate testing. (M1051: Update Software)o Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.o Safeguard 7.4: Perform…
Read MoreSecurity and Human Behavior (SHB) 2024 This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security. The fifty…
Read MoreApple will reportedly unveil a standalone password manager named ‘Passwords’ as part of iOS 18, iPadOS 18, and macOS 15 during the upcoming Apple Worldwide Developers Conference. According to sources speaking to Bloomberg, the app will be powered by Apple’s iCloud Keychain, the current built-in password management system for macOS and iOS. While Keychain is a full-fledged password…
Read More“SORBS has a long and somewhat checkered history. It was created in the early 2000s, with a DNSBL (Domain Name System-based Blackhole List) version coming online in January 2002,” Chandler wrote. “The closure of SORBS does not mark any real turning point in the email security landscape. Although it was one of the oldest DNSBL…
Read More‘I’ve been trying to build a great company and whenever [a sale happens], we’re ready to go,’ ConnectWise CEO Jason Magee says. A hyperfocus on AI, hitting a billion dollars in revenue, the possibility of being sold and still watching out for the competition gives ConnectWise CEO Jason Magee a lot of balls to juggle…
Read More