Captain's Log, Stardate 2021.06.04

circle
circle

Captain's Log, Stardate is an ongoing series, published every Friday, highlighting interesting cyber news from the past week. To continue the discussion on any of these topics, join us on Slack

J1_Ambassador Hunter @2x

Using Fake Reviews to Find Dangerous Extensions | Krebs on Security
Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Here’s the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data. - Brian Krebs


Nihilistic city builder 'Frostpunk' is free on Epic Games Store | engadget

Nihilistic city builder 'Frostpunk' is free. EpicGames continues offering free game downloads. This month, it's FrostPunk. Previously, I was able to grab Civilization. Definitely worth tracking Epic Games.

Hacker Lexicon: What Is a Supply Chain Attack? | Wired
What if the legitimate hardware and software that makes up your network has been compromised at the source? That insidious and increasingly common form of hacking is known as a "supply chain attack," a technique in which an adversary slips malicious code or even a malicious component into a trusted piece of software or hardware. 


Podcast: OWASP Flagship Projects - Episode 01 | People, Process, Technology Podcast
In this episode of the People | Process | Technology podcast, I speak with Simon Bennetts from the Zap Project, Christian Folini from the ModSecurity Core Rule Set Project, and Steve Springett from the Dependency Track Project. This is part of an ongoing podcast series, highlighting the OWASP Flagship Projects that will be featured at the OWASP 20th Anniversary Celebration in September. I talk with the project leads to hear what they have been working on for the past year, what their plans are for the coming year, and what we can expect to see at the conference in September.

Modern-Visibility-for-Cybersecurity-and-IT-Asset-Management-JupiterOne_thumb-1Modern Visibility for Cybersecurity and IT Asset Management | JupiterOne
The cybersecurity technology landscape is fragmented and niche, and for good reason. Enterprises use specialized infrastructure and security tools each of which has its own definition of asset. Understanding your entire cyber asset landscape is nearly impossible due to the breadth of technologies in play. Identifying a new definition of cyber asset is mandatory to building a successful security program. Learn how to find, monitor, visualize, and govern your cyber assets with deep understanding of cyber asset relationships.

Resources

avatar

Posted By Mark Miller

Mark Miller speaks and writes extensively on DevOps and Security, hosting panel discussions on tools and processes within the DevOps Software Supply Chain. He actively participates in the DevOps/DevSecOps community by building DevSecOps tracks at security conferences such as RSA Conference, InfoSec Europe, CD Summit, AppSec USA and AppSec EU.He is the Senior Storyteller and Senior Director of Community and Content at JupiterOne. As well, Mark is Executive Producer of the DevSecOps Podcast Series (475K+ listens), and the Executive Editor of the LinkedIn DevOps Group (115K+ members).

To hear more from Mark, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.

PREVIOUS ARTICLE

cyber-security 1

Ad Title Placeholder

Lorem ipsum dolor sit amet, consectetur adipiscing elit.