

Discover more from Cybersecurity Tips
đ High-profile data breaches pile-up, Chromium leaking passwords through spellcheck- Newsletter #6
Last month was fruitful in Data Breaches and this time it went direct high-profile: Samsung lost personal data of an undetermined number of customers in U.S., LastPass admitted that an âunauthorized partyâ gained access to the Dev systems and Uber confirmed that it was responding to âa cybersecurity incidentâ.
The Uber incident was a specially interesting one, because according to the company:
An Uber EXT contractor had their account compromised by an attacker. It is likely that the attacker purchased the contractorâs Uber corporate password on the dark web, after the contractorâs personal device had been infected with malware, exposing those credentials. The attacker then repeatedly tried to log in to the contractorâs Uber account. Each time, the contractor received a two-factor login approval request, which initially blocked access. Eventually, however, the contractor accepted one, and the attacker successfully logged in.
This means the attacker tried so many times to login with the 2FA, that the user eventually by mistake or sick of receiving notifications, pressed yes. This shows how important it is to have a good User Awareness program.
In line with the topic of data breaches, thereâs this article from HBR that tries to reason why they donât have much impact on stock returns. Despite the good argument, allow me to counter by saying that can indeed be the case, if the company is still able to continue working.
What I read last month
Cybersecurity incident at Samsung (Samsung)
LastPass was hacked, but it says no user data was compromised (Engadget)
Uber security update (Uber)
Google, Microsoft can get your passwords via web browser's spellcheck (Bleeping Computer)
Crypto Dev Enters Wrong Command, Destroys Entire Company (Medium)
The optimal amount of fraud is non-zero (Bits About Money)
Appleâs Killing the Password. Hereâs Everything You Need to Know (Wired)
USA wants AI that can identity anonymous authors (The Register)
Dump these small-biz routers, says Cisco, because we won't patch their flawed VPN (The Register)
On Twitter

I totally agree with this tweet: Companies often need to debug production systems for errors or performance reasons. When talking about small companies with limited resources, doing it in production is a common practice.


Both approaches are secure but with different implementations. Apple Pay, unlike Google Pay, only sends the credit card number around once. Interesting thread, worth the read.


The Quick Response code was invented by a subsidiary of Toyota to track parts across the manufacturing process. This thread explains how it works.
105M (!) records of Indonesian Citizens were leaked to the deep web.
Interesting diagram exploring Email Security threats and security recommendations. Are you protecting yourself against all of them?
Exactly this: canât fail an SLA if it doesnât exist!
đ High-profile data breaches pile-up, Chromium leaking passwords through spellcheck- Newsletter #6
Thanks for linking all the Twitter examples!