It's a late, early in the day, hazy, bush-firey Aussie weekly update with a whole bunch of various bits and pieces of interest from throughout the week. The references below will give you a sense of how much I've jammed into this week so I won't repeat it all here in the intro, but I reckon it's a really interesting mix of different things across the industry. Enjoy 😎
References
- Nord has had a heap of credential stuffing attacks (or at least a heap of Pastebin entries with creds from attacks)
- Whilst it sucks for Nord, they do also have some accountability here (the FTC says that "businesses will no longer be able to play the victim-card")
- Veritas (DNA testing) had a breach (whilst DNA data wasn't breached, it begs the question - what would the impact be if it was?)
- Finally - free SSL on the Azure app service for custom domains! (non-apex domains only at present, but it's still preview for now so hopefully that's only a temporary restriction)
- Sectigo - seriously guys, WTF is this garbage about?! (just read it and shake your head...)
- LinkedIn now has a security.txt file! (if your site doesn't have one already, do it because it's free and it's awesome)
- Do HSTS from top to bottom or GTFO (this week's blog post was a perfect illustration of why you need it everywhere)
- Varonis. Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell