I see a lot of articles say things like "They now run this service in the cloud—which brings its own set of security challenges." I wish they would equivalently write "They run their IT in their own data centres—which brings its own set of security challenges."
DIY infrastructure? Oh that's obviously secure. Professionally-run commercial clouds? Whoa, they're risky.
Travelex hobbles back online, one month after ransomware hit it hard.
The beleaguered company, hit by the REvil ransomware on New Year's Eve, has not yet been able to restore all of its online services.
Why do #infosec people go around insulting everyone? Everyone who uses the cloud "blindly trust the cloud providers"? Nobody is doing due diligence? Nobody has a long list of security risks they track and controls and mitigations, huh? And they want to "disprove the assumption that cloud infrastructures are secure". Because the existence of one bug means what? It's "insecure"? The research is legit, but the preamble is garbage from an out-of-touch techie. https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-i/
Follow up my colleague Michael Kan's excellent reporting: Avast will end browser data harvesting.
"Avast CEO Ondrej Vlcek announced his company plans to shut down operations at Jumpshot, the subsidiary in charge of selling the browser history data. "As CEO of Avast, I feel personally responsible and I would like to apologize to all concerned," he said in a statement."
#Coalfire trespassing charges dropped!
Just published: Solving #Windows Log Collection Challenges with Event Tracing https://nxlog.co/whitepapers/windows-event-tracing #etw
Event Tracing for Windows (ETW) logs kernel, application and other system activity. ETW provides better data and uses less resources.
I also added a section with an example of messing around with ETW for another reason to do ETW data centralization.
This part had to be taken out though: https://infosec.exchange/@superruserr/103514722074754232
My colleague Michael Kan helped break this story. He's pretty amazing, keep your eye on him.
Webex flaw allowed anyone to join private online meetings - no password required.
Defensive Security Podcast Episode 244
How do you introduce yourself to people in a con/ #infosec environment?
Just your clear name, Just your handle or both?
Please RT for reach
A Mastodon instance for info/cyber security-minded people.