This week I'm at the Brucon security conference (and recovering from a 9-hour timezone difference), so we're in minimal mode again. This means I select news and articles that look interesting, but with less stringent filtering and summarising than usual. Regular service should resume next week.
- Facebook: well, this was a big one. By abusing the "View as" function the attackers were able to access the accounts of 50 million users.
- Chegg: not exactly small either. Chegg, a textbook rental service, had a data breach affecting over 40 million customers.
This bit of news reads like a spy novel. I'm not entirely sure what to make of it. All involved companies released statements completely rejecting everything that was said in the original article. Will no doubt be continued.
Security vulnerability in Apple's Device Enrollment Program could allow full access to corporate networks
- Adobe fixes 47 critical vulnerabilities in Acrobat and Reader: link
- Foxit fixed more than a 100(!) vulnerabilities in their PDF reader: link
- Mozilla patched seven vulnerabilities in Thunderbird, one of them being critical link
I use 1Password to securely share passwords and notes with my colleagues. Can't recommend them enough and I'm super honoured to have them as a sponsor.
Incredible organisations from startups to some of the worlds largest enterprises trust Templarbit to protect their web applications, APIs and microservices. Run a next-gen WAF or ship a smart Content Security Policy workflow in minutes.