As we’re right in the silly season, I decided to change the Newsletter format, making it lighter and easier to read. Think of it as a pocket-sized newsletter for people laying on the beach but can’t forget about Cybersecurity. I know you exist 🏖️.

What I read last month

• Digital Services Package: Commission welcomes the adoption by the European Parliament of the EU's new rulebook for digital services (European Comission)

• Facebook data privacy scandal: A cheat sheet (Tech Republic)

• DNS Esoterica - Why you can't dig Switzerland (Terrence Eden’s Blog)

• Your compliance obligations under the UK’s Online Safety Bill; or, welcome to hell (WebDevLaw)

• ‘Zero Trust’ security is a poor choice of words (Mendhak) - Agree with this one and I’ll talk about this soon

• TeamViewer installs suspicious font only useful for web fingerprinting (Ctrl.blog)

• Will new UK data laws put adequacy agreement with EU at risk? (Techmonitor.ai)

• Twitter data breach exposes contact details for 5.4M accounts; on sale for $30k (9to5Mac)

• Denmark bans Gmail and Co from schools due to privacy concerns. (Tutanota)

• People should be a LOT more mad about data collection than they are (Reddit)

On Twitter

Moose @LitMoose

I hate how accurate this is.

July 30th 2022

407 Retweets2,444 Likes

This is indeed accurate. Well, sort of: if your InfoSec maturity is that low, you can spend 50k on the pentest and 450k on corrections. Either way, according to Cybersecurity Dive, the average ransomware payment is now 812k, so we might need to reconsider the calculations.

Nicky @Nickieyey

I have compiled a list of Best Cybersecurity Youtube Channels, that talk about various topics related to cybersecurity. Do check it out 👇 Here is the link to the Github repository: github.com/Nickyie/Cybers… #Pentesting #CyberSec #cyberawarness #bugbounty #infosec #bugbounty

July 31st 2022

661 Retweets2,176 Likes

Very interesting list for those who prefer a Video-like learning experience. Go check it out.

Jeff Geerling @geerlingguy

lol for one of my #opensource projects, an #infosec employee at @EpicGames emailed me this questionnaire with over 100 questions and wants me to fill it out so *they* can use my freely available open source software. No.

June 30th 2022

629 Retweets4,916 Likes

The old Vendor Risk Assessment subject. This time, an Open Source developer was asked to fill a form by a corporation worth $31.5 billion dollars so they can use the software.

It certainly makes sense for the company to assess the software they use, but for an Open Source software with no guarantees, it might be asking too much.

Alex Xu @alexxubyte

How does 𝐆𝐨𝐨𝐠𝐥𝐞 𝐀𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐨𝐫 (or other types of 2-factor authenticators) work? Google authenticator is commonly used for logging into our accounts when 2-factor authentication is enabled. How does it guarantee security?

July 20th 2022

923 Retweets3,823 Likes

Very interesting visual explanation about how Google Authenticator works. If you, like me, use it everyday, this is useful to understand how the transaction is done.

Hooded Ninjas @HoodedNinjas

July 10th 2022

76 Retweets1,718 Likes

At least someone has them 😂