Issue 132

Personal note - minimal edition

I've been staying in Portland this week to meet up with my team mates. We're a remote-only company, so real-life face time is a rare and beautiful thing. I wanted to make the most of it, which meant the newsletter had to take a back seat, my apologies :-)

As usual, the minimal edition means that I selected news and articles that seemed interesting to me, but without some of the filtering and summarising that I usually do. I hope you still get value from it!



Breaches and leaks

  • Quest Diagnostics says nearly 12M patients may have had data breached: link
  • One of New York’s largest nonprofits suffers data breach: link
  • Australian National University hit by huge data breach: link
  • Private info of over 1.5M donors exposed by UChicago Medicine: link
  • Citrix sued for not securing employee info before data breach: link


Microsoft issues second warning about patching BlueKeep as PoC code goes public

Also:

  • BlueKeep 'mega-worm' looms as fresh PoC shows full system takeover: link
  • Metasploit module created for BlueKeep (private for now): link

zdnet.com


MacOS zero day allows trusted apps to run malicious code


threatpost.com


Apple announces 'Sign in with Apple' feature


zdnet.com


Phishing attacks that bypass 2-factor authentication are now easier to execute


csoonline.com


GandCrab ransomware gang announcing their retirement


sophos.com


No ban: IEEE gives Huawei employees the all-clear


zdnet.com


What I learned trying to secure Congressional campaigns


idlewords.com


Top five ways I get Domain Admin access on your network


medium.com


SecAlerts - security vulnerabilities in your inbox

This looks useful. I haven't had a chance to try it yet but I will.
secalerts.co


Sponsorships

1Password for Teams and Business

We use 1Password to share passwords and secure notes at my current job, same as at my last job. I've tried many alternatives, but always ended up with them. By far the best UX and support I've seen.
1password.com