Security Analyst – Jeff Soehner CISSP, GXPN,GPYC,GMOB,GCIH

Impressive list of vulnerabilities this year and even the purchase of Redhat by IBM isn’t making the paid OS immune. Check out the docker images that are floating around and be careful when trusting someone else’s container build.

https://dzone.com/articles/snyk-found-over-four-times-more-vulnerabilities-la?fromrel=true

Do you remember when you bought a license and installed your copy of windows X on a VM and didn’t think twice about it. You loaded your software and maybe setup a reoccurring backup for it and you were done right?

Nowadays, there are risks at even using that Windows license on a cloud provider other than Azure (but that is another story)

Today, running containers is the new thing and that software is open source right? Not always!

You could have more than just Vulnerability risk to worry about. Some container images can also have License risk and you could have legal troubles too!

https://opensource.com/article/18/7/whats-container-image-meeting-legal-challenges

Beginning Jan. 1, 2020, the bank’s Canadian workforce will have a
total of five personal days and the flexibility to take them as needed,
in addition to existing sick and vacation days.

“Our people are our most important asset and their well-being is a
top priority for Scotiabank,” said Barbara Mason, chief human resources
officer, in a press release. “We strongly believe that by offering
employees greater flexibility to take time off to achieve greater
work-life balance, our employee population will be healthier and
happier, and therefore enabled to perform at their very best.”

… and he is teaming up with 7 of 9!

Go borg GO! This is going to be so exciting… https://twitter.com/WIRED/status/1180899318024163328?s=09

Toronto business owner loses $14K to technical glitch at mobile payment company.
https://www.cbc.ca/news/canada/toronto/mobile-payment-glitch-1.5300313

You may remember the post a few months ago that may be related…

https://www.cbc.ca/news/canada/nova-scotia/spotify-charges-debit-account-unauthorized-withdrawals-1.5206053

If you are a security operations analyst, your job just got a whole lot harder.

Lock all your doors and keep your children inside; this one is hard to find…

https://www.microsoft.com/security/blog/2019/09/26/bring-your-own-lolbin-multi-stage-fileless-nodersok-campaign-delivers-rare-node-js-based-malware/?ranMID=24542&ranEAID=TnL5HPStwNw&ranSiteID=TnL5HPStwNw-9DImIrXueu1lqriAutG6sA&epi=TnL5HPStwNw-9DImIrXueu1lqriAutG6sA&irgwc=1&OCID=AID2000142_aff_7593_1243925&tduid=(ir__3nzqlj9gs9kfr1erkk0sohzn0m2xg16uu6zqpcyr00)(7593)(1243925)(TnL5HPStwNw-9DImIrXueu1lqriAutG6sA)()&irclickid=_3nzqlj9gs9kfr1erkk0sohzn0m2xg16uu6zqpcyr00