Thursday, March 4, 2021

Security News Roundup - March 4

An alternate take on why the Solarwinds hack happened (Note: I read and enjoyed the article by Matt Stoller that is linked in the piece): https://www.nytimes.com/2021/02/23/opinion/solarwinds-hack.html?referringSource=articleShare

Top 10 Web Hacking Techniques of 2020 (Must read for anyone in the web application security field): https://portswigger.net/research/top-10-web-hacking-techniques-of-2020

Interesting development in cyber insurance field, led by Google: https://cloud.google.com/blog/products/identity-security/google-cloud-risk-protection-program-now-in-preview

Short post on bots plaguing the online limited-edition sneaker industry: https://threatpost.com/yeezy-sneaker-bots-boost-sun/164312/

Ransomware threat landscape in 2020 and 2021: https://securityaffairs.co/wordpress/115268/cyber-crime/ransomware-landscape-2020.html

Post from Troy Hunt about a password breach (while it is about a political site, it contains the usual details and in-depth analysis that characterize his posts): https://www.troyhunt.com/gab-has-been-breached/

Exchange Zero Days patched by Microsoft: https://krebsonsecurity.com/2021/03/microsoft-chinese-cyberspies-used-4-exchange-server-flaws-to-plunder-emails/