- SingHealth: Singapore's healthcare system. 1.5 million people had their personal information stolen. The attackers also specifically targeted the country's Prime Minister's records.
- Level One Robotics: an engineering service provider for the automotive industry. A whopping 157 gigabytes of information was exposed from top companies as GM, Tesla, Ford and many more. The data was exposed through an unsecured rsync server.
- ComplyRight: an HR and tax service company. It had a data breach exposing customer information of over 600.000 people.
It exploits a problem with the initial key exchange between Bluetooth devices. If successfully exploited one can intercept traffic or do a man-in-the-middle attack. All major vendors have pushed out updates so bring yourself up to date if you haven't yet.
It's been talked about for ages, and we've had plenty of warning. Chrome 68, released this week, also has some other cool security features: not allowing iframes to redirect you to another page, and blocking the 'tab-under' behavior. That last is where when you click a link, a new tab opens but the old tab remains and redirects to ads.
A very cool open-source project meant to enable service-to-service data transfer when a customer wants to move out of one company and in to another. The prototype currently supports photos, e-mail, contacts, calendar and tasks.
They've had great success using Yubikeys for their own employees, and have now started rolling out there own alternative, dubbed the "Titan Security Key".
Well that's nice. He wants all departments to stop deploying Flash-based content within 60 days, and remove Flash completely from all sites and government devices by August 1st 2019.
GSuite has announced a very cool looking "investigation tool", where you can query for public documents, delete malicious e-mail, monitor file sharing, and more. It's available under the Early Adopter Program.
GSuite Business and Enterprise users can now choose where, geographically, their data should be stored: globally distributed, the US, or the EU.
Probably the shortest 'read' I have linked to yet: a single slide that shows how to mature your Kubernetes security in a few common sense steps. More informative that most blogs I've read on the subject ^^
Great thread on Hackernews with links to books, tools, training and CTF (Capture The Flag) games.
A detailed technical article which explains how malicious attackers can target vulnerable web applications running on developers' workstations to bypass corporate firewalls. This might sound far fetched, but it is very typical for developers to run vulnerable (still being developed) web applications on their computers.
Simple and secure password management for you and your team. I use it myself every day and wouldn't want to miss it.