This Sans news bites is quite interesting. It does cover the Dishhhhhhh Network issues as we had it as of the 28th after all likE I thought they would.
There are other gems here too.
Top of the news
- White House US National Cybersecurity Strategy Seeks to Shift Responsibility for Cybersecurity to Tech Companies
- GitHub Secret Scanning is Now Available to Everyone
- Booking.com Fixes OAuth Misconfiguration That Allowed Account Takeover
Three great top stories. Git Hub is one of the most popular repositories out there for development and collaberation. With that said, this secret scanning ordeal is something that I think we need to pass along to those who use this tool for development work.
It checks to make sure that passwords, usernames and other sensitive info is not in the repository. That’s a good thing!
As for the whitehouse security thing, the U.S. doesn’t even get it. We’ve been fighting this for too long, and a quote from our former president Clinton in 1998 was in this piece by the editors. This means that they’ve been trying to graple with this before it became a problem hasn’t gone anywhere.
The rest of the news
- Good and Bad Data Breach Responses
- Details of Dish Network Cybersecurity Incident Trickle Out
- Cisco Updates Fix Flaws in Web UI of IP Phones
- CISA Adds ZK Framework Flaw to Known Exploited Vulnerabilities Catalog
- CISA Launches Free Tool to Help Map Attacker Activity to MITRE ATT&CK Framework
- BlackLotus Bootkit Can Bypass Secure Boot on Windows 11
- Recently Disclosed Health Sector Data Breaches
Item 7 is pretty bad, as healthcare is so underfunded and care of course is important. Actors know this and they’re going to continue to target places until this issue is slowed down.
As for the worst data breach responses, Lastpass is discussed as having one of the 5 worst responses after a breach. I do hope they learn from these incidents as I discussed on the last news bites I published. I kind of feel bad for them, but there are others who made similar mistakes.
Here is the newsletter for March 3, 2023 and let me know what you think.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.