Issue 132

Personal note - minimal edition

I've been staying in Portland this week to meet up with my team mates. We're a remote-only company, so real-life face time is a rare and beautiful thing. I wanted to make the most of it, which meant the newsletter had to take a back seat, my apologies :-)

As usual, the minimal edition means that I selected news and articles that seemed interesting to me, but without some of the filtering and summarising that I usually do. I hope you still get value from it!

Breaches and leaks

  • Quest Diagnostics says nearly 12M patients may have had data breached: link
  • One of New York’s largest nonprofits suffers data breach: link
  • Australian National University hit by huge data breach: link
  • Private info of over 1.5M donors exposed by UChicago Medicine: link
  • Citrix sued for not securing employee info before data breach: link

Microsoft issues second warning about patching BlueKeep as PoC code goes public


  • BlueKeep 'mega-worm' looms as fresh PoC shows full system takeover: link
  • Metasploit module created for BlueKeep (private for now): link

MacOS zero day allows trusted apps to run malicious code

Apple announces 'Sign in with Apple' feature

Phishing attacks that bypass 2-factor authentication are now easier to execute

GandCrab ransomware gang announcing their retirement

No ban: IEEE gives Huawei employees the all-clear

What I learned trying to secure Congressional campaigns

Top five ways I get Domain Admin access on your network

SecAlerts - security vulnerabilities in your inbox

This looks useful. I haven't had a chance to try it yet but I will.


1Password for Teams and Business

We use 1Password to share passwords and secure notes at my current job, same as at my last job. I've tried many alternatives, but always ended up with them. By far the best UX and support I've seen.