2024-06-08
This is spicy but very good takes If you're the security team for a SaaS company, your customer's accounts are assets you have to protect whether you think that's fair or not. Big platforms (okta last year, snow, and everything similar) need to step up D&R / account security
TechCrunch
A website for cybercriminals lists 500+ allegedly stolen Snowflake customer credentials, including for environments belonging to Santander and Ticketmaster
The credentials relate to employees at Ticketmaster and Santander, and others One set of exposed credentials appear to belong to a former Snowflake employee. … X: @h4ckmanac : 🚨 #B...
2024-06-07
This is spicy but very good takes If you're the security team for a SaaS company, your customer's accounts are assets you have to protect whether you think that's fair or not. Big platforms (okta last year, snow, and everything similar) need to step up D&R / account security
TechCrunch
A website for cybercriminals lists 500+ allegedly stolen Snowflake customer credentials, including for environments belonging to Santander and Ticketmaster
Cloud data analysis company Snowflake is at the center of a recent spate of alleged data thefts, as its corporate customers scramble …
2023-10-24
This Okta breach is notable because BeyondTrust, Cloudflare, and 1Password all detected this before Okta did. How though? It looks like the threat actor may have been triggering Okta emails that tipped off the victims. Maybe we'll hear from more? https://blog.1password.com/... [image]
Ars Technica
1Password detected suspicious activity on its Okta instance for managing employee-facing apps but “found no compromise of user data or other sensitive systems”
1Password CTO says investigation found no compromise of user data or sensitive systems.
2023-02-24
https://www.dota2.com/... Mic-drop of a blog. Asserting things about your environment that should never happen is easier for most than asserting what _should_ happen. In fact, there's an entire spongebob episode about exactly that. https://twitter.com/...
Polygon
Valve recently patched a Dota 2 exploit used by a third-party cheating client, created a honeypot to catch cheaters, and permanently banned over 40,000 accounts
Nicole Carpenter / Polygon :
2022-03-11
Love this work. There's no silver magecart bullet. It's about leveling up the assurance and integrity you have in your site's js. One step at a time to solving the problem https://twitter.com/...
SecurityWeek
WhatsApp teams up with Cloudflare to unveil Code Verify, an open-source browser extension that verifies the authenticity of code served to the browser
Facebook parent company Meta this week announced the release of Code Verify, an open source browser extension meant to verify the authenticity of code served to the browser.