Razer Log Breach
Since my keyboard is a Razer, once again I find myself the victim of a data breach. This time it was a mis-configured log store. However, the article goes on to say this about misconfiguring your cloud services. Breaches caused by cloud misconfigurations in 2018 and 2019 exposed nearly 33.4 billion records in total Since… Continue reading Razer Log Breach
Magento – A Tale of Woe
I have tinkered around with Magento a bit on the back end. It is what I would call a hot mess. The code base is huge. I did a GIT pull of their most recent 2.4. The zipped file is 75MB. To put this in perspective, Zen Cart is 10MB. The code is also quite… Continue reading Magento – A Tale of Woe
Voatz E voting Attacking Critics
They appear to be taking a page of the electric generation and telecom industry handbook and going after their critics. Instead of cleaning up the security of their voting platform, they are suing to make it illegal to make sure that their voting application can’t be used fraudulently. When I google Voatz, I get a… Continue reading Voatz E voting Attacking Critics
Yet Another Reason to Automate Off Boarding
A Cisco employee was fired in April but in September he managed to access enough of Cisco’s infrastructure to delete thousands of accounts and virtual machines. How could he have done this five months after he was fired? Simple, the off boarding process at Cisco is either not automated or not sufficiently automated to cancel… Continue reading Yet Another Reason to Automate Off Boarding
Vishing Is Now a Thing
With everyone working remotely tricking people over WebEx, Zoom, etc. into giving up credentials is now becoming more common. Now is the time for the security people to step up and start training others on how to spot fakes. The scheme comes in two variations. Variation 1 has the hacker get on a video conference… Continue reading Vishing Is Now a Thing
Red Curl, The Other Russian Hacking Group
This group is highly sophisticated and seems to engage in industrial scale corporate espionage. They use some very targeted spear phishing to get users to click on malware. The initial emails tend to appear to come from HR and tend to be sent to entire groups at a time since this seems to make it… Continue reading Red Curl, The Other Russian Hacking Group
Misconfigured AWS S3 Buckets on the Rise
If you have been following for any length of time, you know that I have been blogging about Shadow IT and the security risks it poses in terms of both data leakage and outright breaches. Leaving your IT infrastructure in the hands of the uninitiated who just happen to have a procurement card is arguably… Continue reading Misconfigured AWS S3 Buckets on the Rise
Zerologon – So Bad Feds Are Patching Everything by Monday
If you have a Windows server, now is the time to patch it! This one is really bad since you can become an Domain Admin in one click. If you have been living under a rock, there is a flaw in the way that Netlogon works in Windows which allows you to impersonate the domain… Continue reading Zerologon – So Bad Feds Are Patching Everything by Monday
Google’s New Hardware Token Made in China
Ok maybe I should take my foil hat off, but Feitian is making the new Google Titan hardware authentication tokens. Since Google isn’t allowed to operate in China, I am puzzled as to why they would sell anything made there. In their position, I would simply refuse to do business with any business in China.… Continue reading Google’s New Hardware Token Made in China