Security Analyst – Jeff Soehner CISSP, GXPN,GPYC,GMOB,GCIH

RIP Johnny Fever 🤘

https://www.cnn.com/2022/01/30/entertainment/howard-hesseman-wkrp-cincinnati-dies/index.html

It’s here and ready to join your fleet of clusters – check out the newest member of the Anthos capable deployments now on Azure too!

https://cloud.google.com/blog/products/containers-kubernetes/google-cloud-anthos-multicloud-api-and-gke-on-azure-ga

While many of us have been home, wondering if this virus will go away as quickly as it came upon us, Google has been silently preparing for ‘Round 2’ in the phone wars.

SafetyNet is Android’s third party attestation API and if you want to install legit software from the Google Play Store, you already have it.

Getting ready to route out the last of the modified bootloaders, they have now rolled out a hardware backed detection method to ensure application developers can tell if your device is rooted. This allows high risk vendors like your banking app to prevent the application from running to help curb fraud. Read more about it here.

https://www.xda-developers.com/safetynet-hardware-attestation-hide-root-magisk/amp/

As a security professional who provides security guidance to small business (as well as big!), If you use web based services in your organization (and the chances are that you do and you may/may not know it), there is one thing that your web services need to implement…

https://www.uriports.com/blog/creating-a-content-security-policy-csp/

In what looks even better that the Picard series, who doesn’t love Captain Pike?

https://mashable.com/article/star-trek-strange-new-worlds-who-is-christopher-pike/

If you are looking to improve your security in Azure, I have a tip for you. The guys from Managed Sentinel have done a great job articulating the how and the why of security so well, I would even say that you will get some return on your Azure investment by following what these guys do.

https://www.managedsentinel.com/2020/05/10/sentinel-incidents-kpi/

If you were like some of my customers, you probably had a GoDaddy account to manage certificates, websites and even email. It’s time to start using a password manager and use ‘throwaway’ passwords.

https://www.forbes.com/sites/daveywinder/2020/05/05/godaddy-confirms-data-breach-what-19-million-customers-need-to-know/

Imagine running your web server for little or money and putting up with some ads (don’t look down, DON’T LOOK DOWN 🤓) only to find that one of the visitors to your site gets pwned because of an ad like one of these?

https://www.zdnet.com/article/hackers-have-breached-60-ad-servers-to-load-their-own-malicious-ads/

Ever wonder why someone would spend time creating software for your cellphone…for FREE? I mean most of us would install an app with ads enabled rather than pay for the software but these guys may have actually created software to steal your data. This post lists the group by name and you are advised to remove apps that have been created by any of this group.

https://latesthackingnews.com/2020/04/20/secret-network-of-27-app-developers-boasting-android-apps-with-over-69m-installs-unveiled/