In some very exciting news today, CISA announced their Secure by Design Pledge. The Secure by Design Pledge is a voluntary commitment that was signed by 68 software companies, committing to design their products from the ground up in a more secure way. I've linked the...
I never envisioned myself writing about these three companies agreeing, but here we are. And the news is fantastic. I've long been a proponent of passwordless authentication flows, which is really just a buzzword for relying on different factors such as biometrics and...
In a subtle update to the Microsoft Partner Security Requirements article on February 24th, Microsoft precludes the use of third-party MFA for partners wanting to take advantage for Delegated Admin Privileges (DAP) or Granular Delegated Admin Privileges (GDAP). They...
We’re finally getting to the point of seeing more successful law enforcement activity against cybercrime groups. From the FSB arresting the REvil gang to the takedown of tools like VPNLab, there’s obvious signs of progress. I feel rather good about it, and it makes my...
THE RECORD 5JAN22 - The New York Attorney General announced Wednesday that it discovered over 1.1 million compromised online accounts resulting from an investigation into credential stuffing. According to the press release, the office found “thousands of posts that...
Via The Record 5JAN22 - The Federal Trade Commission made an announcement on Tuesday that it may pursue legal punitive action against entities who experience a breach of consumer personal data as a result of failure to patch against Log4Shell and future ‘similar known...