Issue 96

Minimal mode - traveling for work

It's been less than a month since I joined Articulate, and I'm already invited to a company retreat at Lake Tahoe. No complaints here! This issue will be a minimal one, where I select the stories that jump out to me but with less filtering and summarising.
Next week I'll be visiting BruCon, so it'll be a minimal version then as well. Normal service should resume thereafter.

Breaches and leaks

  • SHEIN: fashion retailer, exposed data and passwords of over 6 million customers.
  • United Nations: a Wordpress site related to the UN exposed thousands of resumes.
  • NewsNow: UK newssite, suffered a breach where "encrypted" passwords were accessed but further details seem sparse.

Mac Mojave zero-day allows malicious apps to access sensitive info

Unwiped drives and servers from NCIX retailer for sale on Craigslist

Zero-day Windows JET database vulnerability disclosed by Zero Day Initiative

Millions of Twitter DMs may have been exposed by year-long bug

Over 80 Cisco products affected by FragmentSmack DoS bug

Tricky DoS attack crashes Mozilla Firefox

Cloudflare improves privacy by encrypting the SNI during TLS negotiation

Update all the things \o/

  • Western Digital finally fixes an authentication bypass in its MyCloud NAS devices: link
  • Cisco Webex Network Recording Player has an update that fixed a remote code execution vulnerability: link

UK regulator fines Equifax Ltd 500,000 pounds for 2017 security breach

Just missed this one last week.

Firefox Monitor starts tracking breached email addresses

Mirai botnet authors avoid jail time by helping FBI


A comprehensive guide to application-level denial of service

The availability of web applications is critical nowadays, more than ever. But it's also at risk because of very complex application-level denial of service attacks. Read this guide that highlights the different DoS techniques used so you know what to look for.

1Password for Teams and Business

Simple and secure password management for you and your team. I use it myself every day and wouldn't want to miss it.