- 106 Topics
- 747 Replies
Perhaps this is sensationalized just a bit, but turns out that Colonial Pipeline paid hackers $5 million for a decryptor that was so slow that it relied on backups. Are ransomware payouts now just a way of life, and should orgs be budgeting money for one? Or am I blowing this out of proportion?
I got a ton notifications about the US fuel pipeline attack over the weekend on my phone, which felt unusual for me, even though it was a huge story. Is there more coverage of ransomware attacks? And if so, do you think it’s a good or bad thing?
Apparently we can export our Facebook posts to WordPress.com, Google Docs, and Blogger? Is it just me, or is this a potential security issue? It wasn’t too long ago when a SolarWinds intern accidentally shared some passwords on GitHub, so this has me wondering.
Google Chrome now defaults to HTTPS when it can. What other security concerns do you still have when laypeople like me use the internet
The latest Chrome update now defaults to HTTPS when connecting to a new site. I’ll be honest, I don’t...pay much attention to URLs when they load, so I’m sure I’ve casually perused a site on http without thinking about the difference (I’m sorry). Other than http vs. https, what other common security concerns do you still have when laypeople like me use the internet?
Everyone’s talking about how you can Slack people on their work accounts now. You can disable it of course. But what if you couldn’t? How concerned would you be? And what other potential SaaS features would keep you up at night from a security perspective?
This new app by Norton caught my attention, mostly because it was released by Norton. Supposedly it’s got some neat features like OCR scanning from weird angles and can scan up to 1,000 photos on your phone per second. Would you give it a shot or is this just another app waiting to get buried in my app drawer?
Question, what are your teams using for secure file storage / transfer spicy documents? Like let’s say you needed to transfer legal/financial documents, or wanted to setup a location to drop those. Aside from email (yikes) what other products / workflows do you use?
Hey We’re thinking about allowing our users to reset their Okta and Google Workspace passwords and/or 2FA through some kind of self-service option, currently an admin has to do it manually after “verifying” the user.With most people working remotely these days, it means increased amounts of “we need to video call you, when are you available” type of back and forth, and the company is growing so it kind of doesn’t scale that well Back in the day you could just ask the user to pop in to IT whenever convenient. Is anyone using any setups for this and if so what is it? Trying to figure out a good balance between usability and security. Thanks
With the release Google releasing the Password Checkup feature (https://blog.google/technology/safety-security/password-checkup/) my users are asking if they should use a password manager. Are you for or against password managers? If you are for them which one do you use?
❓ What’s the slickest 2FA reset process you’ve seen? Something that worked seamlessly, and left you impressed with how it was handled & validated. (right balance of security validation & UX)Looking for inspiration examples re: consumer 2FA flows. (Consumer = large variation in tech savvy-ness, and must be simple).Preferably self service as much as possible.Scenario : Consumer has lost 2nd Factor device (eg. mobile phone, with no token backup), and is now locked out of the service, from all devices. Password is known. So it’s only 2FA here.🗨 Link to Slack thread
what are people doing for a sandbox for malware? I have used a few local VMs set up as a stand alone. I’ve used joesandbox, and urlscan.io (watch for public shared scans on these two if you’re unfamiliar). Been testing out Palo Alto’s Wildfire service, but not meeting with great results.🗨 Link to Slack thread
What are the goto services to satisfy as Pen Test / Web Vuln reports (for SaaS native platform) often requested by large enterprises during their DD process? Pref SaaS solution too. --> 🧵🗨 Link to Slack thread
hi folks. does anyone here have recommendations for reputable companies that can provide support for cyber security-related issues, specifically those involving email spoofing? looks like my company might be having an issue in this area, but we don’t have anyone on staff well versed in how to track down the issue and resolve.🗨 Link to Slack thread
x-posting here, as it’s a brilliant talk and 1 of the best (IMHO) simple explanations how scammers ride the ID fraud wave and fly under the radar -->https://youtu.be/2IT2oAzTcvU🗨 Link to Slack thread
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.