Super weird to me that Dropbox has told Dropbox Sign customers to "delete your existing entry and then reset it" if they use app-based MFA. I have never seen "delete your MFA and create new tokens" in post-compromise account hygiene advice before.
I suspect two things:
1.) Dropbox was storing plain text MFA seeds right next to their password hashes
2.) We're going to hear a lot more about this soon.
My book 'PROPAGANDA: from disinformation and influence to operations and information warfare' treats the subject adequately, comprehensively, broadly, expertly. Information surrounds us. How does information influence work? An expert arrangement of the subject. https://blog.lukaszolejnik.com/propaganda-my-book-on-information-security/
Security folks, I need some help. My wife is looking for a job after taking a few years off to take care of the kids and she's having a hard time finding legit security opportunities. And the legit ones she does find don't like the gap in her resume.
If you have or know of any legit remote openings for someone with experience in identity and access management, can you please share?
She has her CISSP and while most of her experience is in IAM she's willing to branch out and learn a new specialty. She also happens to be both the faster learner and the smarter one of the two of us!
Adobe Magneto: una pericolosa minaccia RCE per i siti di e-commerce
Gli specialisti di Sicurezza Informatica hanno avvertito che gli #hacker stanno già sfruttando una nuova #vulnerabilità in #Magento (CVE-2024-20720) e l'utilizzatore per implementare una #backdoor persistente sui siti di e-commerce.
Heads up, developers! Hackers are targeting crypto wallets with sneaky PyPI packages. Thousands of downloads already affected. Check your dependencies!
🤖 Think LLMs are foolproof? Think again! Hackers are exploiting them to steal sensitive data. Protect yourself – learn the latest LLM security risks and how to defend against them.
News about significant data breaches appear to break on a daily basis now. Yet some (business) people still give me strange looks when I tell them that the best way to protect data is to not have it stored. 🙄 You can‘t lose what you don‘t have. It‘s that simple. 🤷♂️
— #privacy#DataProtection#GDPR#InfoSec#InformationSecurity#DataBreach#DataBreaches
#Cybersecurity breaches are no longer just headlines for big corporations. SMBs are on the front lines. Find out how
NTTSHGlobal
is leading the charge to democratize cybersecurity.
🚨 New backdoor called Zardoor used in #cyberattack on Saudi Islamic charity, stealing data for over 2 years. Hackers use everyday tools like WMI to move undetected.