C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

  1. Charting Your Course: Cyber Security Governance [National Cyber Security Centre – New Zealand]
    - “The steps outlined in Charting Your Course define the principles of a cyber security programme and help to focus engagement between senior leadership and security practitioners.”
  2. NIST Developing Hardware Security Guidelines for Enterprises [Dennis Fisher, Duo Security] – new draft guidance on supply chain security
    - find it here: Validating the Integrity of Servers and Client Devices
  3. SQL Injection Errors No Longer the Top Software Security Issue [Jai Vijayan, Dark Reading]
    - 2019 CWE Top 25 Most Dangerous Software Errors
    - see also: Runtime Application Self-Protection (RASP), Investigation of the Effectiveness of a RASP Solution in Protecting Known Vulnerable Target Applications
  4. OUCH! Newsletter: Messaging / Smishing Attacks [Jen Fox]
  5. Incident Response Casefile – A successful BEC leveraging lookalike domains [Matan Ben David, Check Point Research]
  6. Fundamentals of Cross Domain Solutions [Australian Cyber Security Centre]
  7. Two third-party SDKs allowed secret harvesting of Twitter and Facebook user data [Catalin Cimpanu, Zero Day]
    - see also: Keeping your account safe from malicious activity
  8. Alert (AA19-339A) – Dridex Malware [US Cybersecurity and Infrastructure Security Agency]
  9. New Disney Plus Streaming Service Hit By Credential Stuffing Cyber Attack [Nicole Lindsey, CPO Magazine / Data Privacy Asia]
  10. Avast Online Security and Avast Secure Browser are spying on you [Wladimir Palant]
  11. Lessons learned from playing a willing phish [Jan Kopriva, SANS ISC]