Cybersecurity Tips

Share this post

šŸ“š High-profile data breaches pile-up, Chromium leaking passwords through spellcheck- Newsletter #6

cyb3rsecurity.tips

šŸ“š High-profile data breaches pile-up, Chromium leaking passwords through spellcheck- Newsletter #6

Nuno
Oct 9, 2022
2
1
Share this post

šŸ“š High-profile data breaches pile-up, Chromium leaking passwords through spellcheck- Newsletter #6

cyb3rsecurity.tips

Last month was fruitful in Data Breaches and this time it went direct high-profile: Samsung lost personal data of an undetermined number of customers in U.S., LastPass admitted that an ā€œunauthorized partyā€ gained access to the Dev systems and Uber confirmed that it was responding to ā€œa cybersecurity incidentā€.

The Uber incident was a specially interesting one, because according to the company:

An Uber EXT contractor had their account compromised by an attacker. It is likely that the attacker purchased the contractor’s Uber corporate password on the dark web, after the contractor’s personal device had been infected with malware, exposing those credentials. The attacker then repeatedly tried to log in to the contractor’s Uber account. Each time, the contractor received a two-factor login approval request, which initially blocked access. Eventually, however, the contractor accepted one, and the attacker successfully logged in.

This means the attacker tried so many times to login with the 2FA, that the user eventually by mistake or sick of receiving notifications, pressed yes. This shows how important it is to have a good User Awareness program.

In line with the topic of data breaches, there’s this article from HBR that tries to reason why they don’t have much impact on stock returns. Despite the good argument, allow me to counter by saying that can indeed be the case, if the company is still able to continue working.

What I read last month

  • Cybersecurity incident at Samsung (Samsung)

  • LastPass was hacked, but it says no user data was compromised (Engadget)

  • Uber security update (Uber)

  • Google, Microsoft can get your passwords via web browser's spellcheck (Bleeping Computer)

  • Crypto Dev Enters Wrong Command, Destroys Entire Company (Medium)

  • The optimal amount of fraud is non-zero (Bits About Money)

  • Apple’s Killing the Password. Here’s Everything You Need to Know (Wired)

  • USA wants AI that can identity anonymous authors (The Register)

  • Dump these small-biz routers, says Cisco, because we won't patch their flawed VPN (The Register)


Thanks for reading Cybersecurity Tips! Subscribe for free to receive new posts and support my work.


On Twitter

Twitter avatar for @dan_abramov
Š“ŃŠ½ @dan_abramov
does anyone seriously believe that employees at early stage startups don’t read users’ private information. like unless it’s end-to-end encrypted, obviously this is happening. why would i use your note taking app
11:38 AM āˆ™ Sep 30, 2022
2,913Likes121Retweets

I totally agree with this tweet: Companies often need to debug production systems for errors or performance reasons. When talking about small companies with limited resources, doing it in production is a common practice.

Twitter avatar for @alexxubyte
Alex Xu @alexxubyte
/1 How do Apple Pay and Google Pay handle sensitive card info? The diagram below shows the differences. Both approaches are very secure, but the implementations are different. To understand the difference, we break down the process into two flows.
Image
3:53 PM āˆ™ Sep 21, 2022
40,264Likes9,581Retweets

Both approaches are secure but with different implementations. Apple Pay, unlike Google Pay, only sends the credit card number around once. Interesting thread, worth the read.

Twitter avatar for @DanHollick
Dan Hollick šŸ‡æšŸ‡¦ @DanHollick
Ever wondered how a QR code works? No, me neither but it's low-key fascinating. (Warning, there is some extremely nerdy shit here.šŸ‘‡ )
Image
1:22 PM āˆ™ Sep 14, 2022
36,438Likes9,542Retweets

The Quick Response code was invented by a subsidiary of Toyota to track parts across the manufacturing process. This thread explains how it works.

Twitter avatar for @darktracer_int
DarkTracer : DarkWeb Criminal Intelligence @darktracer_int
[ALERT] INDONESIA CITIZENSHIP DATABASE (105M) was leaked to the deep web by a bad actor.
Image
5:22 AM āˆ™ Sep 7, 2022
18,237Likes5,854Retweets

105M (!) records of Indonesian Citizens were leaked to the deep web.

Twitter avatar for @ManieshNeupane
Looser @ManieshNeupane
Email Security Mindmap #cybersecurity #pentesting
Image
5:10 PM āˆ™ Sep 29, 2022
356Likes104Retweets

Interesting diagram exploring Email Security threats and security recommendations. Are you protecting yourself against all of them?

Twitter avatar for @brianwhelton
š”…Ķ›š”ÆĶ›š”¦Ķ›š”žĶ›š”«Ķ› Ķ›š”šĶ›š”„Ķ›š”¢Ķ›š”©Ķ›š”±Ķ›š”¬Ķ›š”«Ķ› @brianwhelton
Current RPT, RTO and BDR plans. You can't fail an SLA if it doesn't exist!
Image
1:14 PM āˆ™ Sep 26, 2022
161Likes24Retweets

Exactly this: can’t fail an SLA if it doesn’t exist!


Thanks for reading Cybersecurity Tips! Subscribe for free to receive new posts and support my work.


Telegram Channel

1
Share this post

šŸ“š High-profile data breaches pile-up, Chromium leaking passwords through spellcheck- Newsletter #6

cyb3rsecurity.tips
Previous
Next
1 Comment
Christopher Cottrell :)
Writes Hacker Thoughts
Oct 26, 2022

Thanks for linking all the Twitter examples!

Expand full comment
Reply
TopNewCommunity

No posts

Ready for more?

Ā© 2023 Nuno Batista
Privacy āˆ™ Terms āˆ™ Collection notice
Start WritingGet the app
SubstackĀ is the home for great writing