Weekly Update 164

It's a late, early in the day, hazy, bush-firey Aussie weekly update with a whole bunch of various bits and pieces of interest from throughout the week. The references below will give you a sense of how much I've jammed into this week so I won't repeat it all here in the intro, but I reckon it's a really interesting mix of different things across the industry. Enjoy 😎

Listen on Apple Podcasts
Get it on Google Play
Download via RSS

References

  1. Nord has had a heap of credential stuffing attacks (or at least a heap of Pastebin entries with creds from attacks)
  2. Whilst it sucks for Nord, they do also have some accountability here (the FTC says that "businesses will no longer be able to play the victim-card")
  3. Veritas (DNA testing) had a breach (whilst DNA data wasn't breached, it begs the question - what would the impact be if it was?)
  4. Finally - free SSL on the Azure app service for custom domains! (non-apex domains only at present, but it's still preview for now so hopefully that's only a temporary restriction)
  5. Sectigo - seriously guys, WTF is this garbage about?! (just read it and shake your head...)
  6. LinkedIn now has a security.txt file! (if your site doesn't have one already, do it because it's free and it's awesome)
  7. Do HSTS from top to bottom or GTFO (this week's blog post was a perfect illustration of why you need it everywhere)
  8. Varonis. Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell
Weekly update
Tweet Post Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals