As we’re right in the silly season, I decided to change the Newsletter format, making it lighter and easier to read. Think of it as a pocket-sized newsletter for people laying on the beach but can’t forget about Cybersecurity. I know you exist 🏖️.

What I read last month

• Digital Services Package: Commission welcomes the adoption by the European Parliament of the EU's new rulebook for digital services (European Comission)

• Facebook data privacy scandal: A cheat sheet (Tech Republic)

• DNS Esoterica - Why you can't dig Switzerland (Terrence Eden’s Blog)

• Your compliance obligations under the UK’s Online Safety Bill; or, welcome to hell (WebDevLaw)

• ‘Zero Trust’ security is a poor choice of words (Mendhak) - Agree with this one and I’ll talk about this soon

• TeamViewer installs suspicious font only useful for web fingerprinting (Ctrl.blog)

• Will new UK data laws put adequacy agreement with EU at risk? (Techmonitor.ai)

• Twitter data breach exposes contact details for 5.4M accounts; on sale for $30k (9to5Mac)

• Denmark bans Gmail and Co from schools due to privacy concerns. (Tutanota)

• People should be a LOT more mad about data collection than they are (Reddit)

On Twitter

Moose @LitMoose

I hate how accurate this is.

4:57 PM ∙ Jul 30, 2022

---

2,444Likes407Retweets

This is indeed accurate. Well, sort of: if your InfoSec maturity is that low, you can spend 50k on the pentest and 450k on corrections. Either way, according to Cybersecurity Dive, the average ransomware payment is now 812k, so we might need to reconsider the calculations.

Nicky @Nickieyey

I have compiled a list of Best Cybersecurity Youtube Channels, that talk about various topics related to cybersecurity. Do check it out 👇 Here is the link to the Github repository: github.com/Nickyie/Cybers… #Pentesting #CyberSec #cyberawarness #bugbounty #infosec #bugbounty

5:27 AM ∙ Jul 31, 2022

---

2,176Likes661Retweets

Very interesting list for those who prefer a Video-like learning experience. Go check it out.

Jeff Geerling @geerlingguy

lol for one of my #opensource projects, an #infosec employee at @EpicGames emailed me this questionnaire with over 100 questions and wants me to fill it out so *they* can use my freely available open source software. No.

7:24 PM ∙ Jun 30, 2022

---

4,916Likes629Retweets

The old Vendor Risk Assessment subject. This time, an Open Source developer was asked to fill a form by a corporation worth $31.5 billion dollars so they can use the software.

It certainly makes sense for the company to assess the software they use, but for an Open Source software with no guarantees, it might be asking too much.

Alex Xu @alexxubyte

How does 𝐆𝐨𝐨𝐠𝐥𝐞 𝐀𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐨𝐫 (or other types of 2-factor authenticators) work? Google authenticator is commonly used for logging into our accounts when 2-factor authentication is enabled. How does it guarantee security?

3:42 PM ∙ Jul 20, 2022

---

3,823Likes923Retweets

Very interesting visual explanation about how Google Authenticator works. If you, like me, use it everyday, this is useful to understand how the transaction is done.

Hooded Ninjas @HoodedNinjas

4:00 AM ∙ Jul 10, 2022

---

1,718Likes76Retweets

At least someone has them 😂