Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Weekly Update 381

published on 2024-01-07 08:56:48 UTC by Troy Hunt
Content:

Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite

Weekly Update 381

It's another weekly update from the other side of the world with Scott and I in Rome as we continue a bit of downtime before hitting NDC Security in Oslo next week. This week, Scott's sharing details of how he and Joe Tiedman registered a domain Capelli Sport let lapse and now have their JavaScript running on the websites shopping cart page (check your browser console after loading that link) 😲 That's not the crazy bit though, the crazy bit is the months they've spent trying to disclose this to Capelli and getting absolutely nowhere. I'll give them a shout-out this week and see if I have any more luck but when it's this hard to report egregiously bad security issues, is it any wonder we have so many data breaches. As I keep lamenting, it's a great time to be in this industry...

Weekly Update 381
Weekly Update 381
Weekly Update 381
Weekly Update 381

References

  1. Sponsored by: Unpatched devices keeping you up at night? Kolide can get your entire fleet updated in days. It's Device Trust for Okta. Watch the demo!
  2. 23andMe is blaming end users for account takeover attacks (it's obviously lawyery deflection, but they're also partly right)
  3. Anyone got a security contact at Capelli Sport? (I'll give that line a push publicly this coming week, it's just nuts how hard it is to report this stuff)
Article: Weekly Update 381 - published 11 months ago.

https://www.troyhunt.com/weekly-update-381/   
Published: 2024 01 07 08:56:48
Received: 2024 01 14 13:39:56
Feed: Troy Hunt's Blog
Source: Troy Hunt's Blog
Category: Cyber Security
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor