Security News

Let's stay on the subject of scams, and talk about scammers and rogue callers. DUCK. Well, there are scam calls and there's nuisance calls.

You need a password, but finding one email address and password combination valid at any given Exchange server is probably not too difficult, unfortunately. There are a surprising number of people who switched to the cloud, possibly several years ago, who were running both their on-premises and their cloud service at the same time during the changeover, who never got round to turning off the on-premises Exchange server.

All of it I've never spent more than 10 seconds authorising myself to get into something when multifactor has popped up, and I can spare 10 seconds for the safety and security of not just my company's data, but our employees and our customers data. CHET. Well, the precise law in the United States, the Computer Fraud and Abuse Act, is very specific about the fact that you're breaching that Act when you exceed your authority or you have unauthorised access to a system.

DUCK. Yes, Uber has come out with a follow up report, and it seems that they're suggesting that a hacking group like LAPSUS$ was responsible. Just because you have those that's a security gate, but it's not the end-all and be-all to keeping someone out.

I'm coming to you from Vancouver, I'm downtown, I'm looking out the window, and there's actually an Uber sitting outside the window. At a very high level, the consensus appears to be that there was some social engineering of an Uber employee that allowed someone to get a foothold inside of Uber's network.

If you open something in the current window, then you're significantly limited as to how exciting and "System-like" you can make it look, aren't you? You can't write anything outside the browser window, so you can't sneakily put a window that looks like wallpaper on the desktop, like it's been there all along.

DUCK. I'm doing very, very well, thank you, Douglas! A messy thing that is bugging people is the question of this TikTok thing.

LastPass source code breach - do we still recommend password managers? DOUG. That's important to point out, because a lot of people, I think, who don't understand how password managers work - and I wasn't totally clear on this either as you write in the article, your local machine is doing the heavy lifting, and all the decoding is done *on your local machine*, so LastPass doesn't actually have access to any of the things you're trying to protect anyway.

He's so famous that even his ties - he always wears a tie, beautiful coloured ties - even his ties have a Twitter feed, Doug. There are lots of things you can do, provided that: you know where you should be; you know where you want to be; and you've got some way of differentiating the good behaviour from the bad behaviour.

If you want to understand a little more about it, your Naked Security article explains it incredibly well for people that are not normally acquainted with things like APIC controllers. Do you think, Chester, that they've targeted the Conti gang because they had a little bit of dishonour among thieves, as it were?