Unfortunately I couldn't spend as much time on this issue as usual, because my wife and daughter fell ill this week. It's all hands on deck here, family comes first :-)
I included the most interesting links, but with less filtering and summarizing than usual. I hope you still get value out of it!
- Veeam: data management and disaster recovery firm (ow, the irony). Exposed more than 440 million names and e-mails of a marketing database.
- FOIA.gov: US government site that deals with data transparency requests. After a site upgrade it started showing sensitive personal data, like social security numbers, that were previously masked.
- mSpy: another spyware maker, leaking millions of call logs, screenshots, location information and what have you.
- Schneider Electric: shipped USB's infected with malware with some of its products.
- NPower: energy company, sent personal and payment information of 5.000 customers to the wrong people.
- Microsoft had its Patch Tuesday, fixing 61 vulnerabilities, 17 of which are critical remote-code execution bugs.
- Cisco released a host of fixes for critical vulnerabilities.
- Adobe pushed security updates for Flash and Coldfusion.
- Mozilla patched nine security issues in Firefox 62, including one arbitrary code execution bug.
WAFs are a good security measure but the security of your web applications should not solely depend on it, because they can be bypassed. Watch this demo on Paul’s Security Weekly during which a researcher from Netsparker explains and demos how modern web application firewalls can be defeated.
Simple and secure password management for you and your team. I use it myself every day and wouldn't want to miss it.