Security Analyst – Jeff Soehner CISSP, GXPN,GPYC,GMOB,GCIH

A two part series on password spraying that can help to illustrate the dangers with web based authentication sites.

This is a good read for those in development that are not familiar with how hackers are gaining access.

https://www.blackhillsinfosec.com/exploiting-password-reuse-on-personal-accounts-how-to-gain-access-to-domain-credentials-without-being-on-a-targets-network-part-1/

https://www.blackhillsinfosec.com/password-spraying-outlook-web-access-how-to-gain-access-to-domain-credentials-without-being-on-a-targets-network-part-2/

https://www.cbc.ca/news/canada/nova-scotia/spotify-charges-td-accounts-virtual-debit-cards-1.5213569

https://www.theverge.com/platform/amp/2019/7/18/20699237/slack-hack-2015-password-reset-keylogger-usernames-credentials

In an effort to remove overhead and avoid the backlash, Chromium devs have decided to remove xss filtering from future versions of chrome.

https://portswigger.net/daily-swig/google-deprecates-xss-auditor-for-chrome

In what I consider to be a concise delivery of how Cybersecurity can affect all of us, this guy has gone in front of the Committee on Public Safety and National Security to tell our politicians why Security is important and what is at stake!

I have known Thomas Davies for several years and consider him well versed in Cybersecurity. He understands how the bad guys continue to penetrate our computers despite the best methods of network defence and has taken the time to share his perspective with our government.

I included this session from April 1 of this year and have snipped a few minutes of what was an hour and a half where many of our Canadian brethren helped hit home the message that ‘Cybersecurity cannot do it alone’. Gone are the days where the masked man on the white horse can swoop in and save the day because there aren’t enough masked men (and women) in our industry, anywhere.

We built a network of interconnected endpoints using a communication method that just wasn’t designed to be secure. We then built applications on top of those networks that were also not designed to be secure. Netscape came along and created a way to provide some security and here we are several decades later. (Not blaming anyone here but this is what we did and now we have to live with the consequences) 😎

My hope is that our government and other countries like ours, will come to understand that without the resources required to ‘try and keep the ship from taking on water’ our electronic commerce will be in jeopardy. It is only a matter of time before a major outage could occur as a result of a major cyber incident.

I am not sure any type of legislation can help us solve this problem in the near future but it might be time for our government to get involved before it’s too late.

Kudos to you Thomas Davies for being part of the solution. I am proud to call you a friend! (we are still friends right?)

I was reading an article on Twitter about heap based vulnerabilities when I came across this descriptive list of explanations and their causes.

Many of these show up as browser based flaws and now hit home why sabdboxing is very important for browser sessions.

This list is a good reference for developers and security professionals and can be useful when searching for bugs.

Whenever I travel and have an opportunity to speak with people from around the world I realize that most of us all have similar issues…

Imagine how lucky I was to find Elvis, alive and well in Vegas during my trip last August.

I am planning to attend Blackhat again this year and I hope he is really still with us 🤔.

If you are planning to be in Vegas the first week in August this year, reach out to me and if we are all very lucky, we might get a chance to see him again.

In this short video article, watch how someone can take a few pieces of your personal data and ruin part of your life!

Trust no one and be careful what you share and with whom.

In this article, we learn about how HSBC lost 14k personal records and they want everyone to know, they have not seen any fraud yet?

With your personal data flying around like this, are you really just worried about one service provider?

https://www.cshub.com/attacks/articles/incident-of-the-week-hsbc-bank-alerts-us-customers-of-data-breach