Security Analyst – Jeff Soehner CISSP, GXPN,GPYC,GMOB,GCIH

In one of the largest breaches that affects over 6 million Canadians and potentially 100 million US customers, Capital One has revealed that it lost customer data and it was related to Security Misconfiguration. A suspect has been arrested, charged with computer fraud and abuse.

https://globalnews.ca/news/5700226/capital-one-data-breach-canada/amp/

Now that IBM has thrown its hat in the cloud with the $34B purchase of Redhat, you should expect more innovation. This article from another WordPress site helps answer the question of why running docker is not necessary to have containerized solutions. You can minimize the attack surface and remove docker by using open source tools available to use today. https://zwischenzugs.com/2019/07/27/goodbye-docker-purging-is-such-sweet-sorrow/amp/

It can be comforting to know that McD’s is still running Windows XP for their drive up kiosks…

and is still having logic based software problems like the rest of big enterprise isn’t it?

https://community.microfocus.com/t5/Security-Blog/WebInspect-has-3-great-new-features/ba-p/1796294?utm_campaign=00164297&utm_campaign=everyonesocial&utm_source=84778&utm_medium=linkedin&es_p=9552664

3 malicious libraries used in many open source packages. https://www.zdnet.com/google-amp/article/malicious-python-libraries-targeting-linux-servers-removed-from-pypi/

https://www.google.com/url?q=https://www.cbc.ca/news/canada/nova-scotia/spotify-charges-td-accounts-virtual-debit-cards-1.5213569&sa=U&ved=2ahUKEwj8p9z30L_jAhUCX80KHa3gBQ4QqOcBMAV6BAgAEAI&usg=AOvVaw2ckJcz6tn3gFEr5LrqHAgT

A two part series on password spraying that can help to illustrate the dangers with web based authentication sites.

This is a good read for those in development that are not familiar with how hackers are gaining access.

https://www.blackhillsinfosec.com/exploiting-password-reuse-on-personal-accounts-how-to-gain-access-to-domain-credentials-without-being-on-a-targets-network-part-1/

https://www.blackhillsinfosec.com/password-spraying-outlook-web-access-how-to-gain-access-to-domain-credentials-without-being-on-a-targets-network-part-2/

https://www.cbc.ca/news/canada/nova-scotia/spotify-charges-td-accounts-virtual-debit-cards-1.5213569

https://www.theverge.com/platform/amp/2019/7/18/20699237/slack-hack-2015-password-reset-keylogger-usernames-credentials

In an effort to remove overhead and avoid the backlash, Chromium devs have decided to remove xss filtering from future versions of chrome.

https://portswigger.net/daily-swig/google-deprecates-xss-auditor-for-chrome