It's a long one this week, in part due to the constant flood of new breaches and disclosures I discuss. I regularly have disclosure notices forwarded to me by followers who find themselves in new breaches, and it's always fascinating to hear how they're worded. You get a real sense of how much personal ownership a company is taking, how much blame they're putting back on the hackers and increasingly, how much they've been written by lawyers. That last one, in particular, seems to have a knack for diluting all the useful information into high-level generic statements that tell you very little about what's actually happened. See if you can spot those in this week's disclosure notices. Once you see the patterns, you'll be spotting them all over the place in the future.
References
- Sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite
- The JFrog webinar from last night is now available on demand (external dependencies, software bills of materials and AI, among other things)
- I don't like the use of the term "warfare", but there's no doubt are banks are being hammered by criminals (it's business to them, not war)
- Try getting ChatGPT to generate an image with exactly 5 people in it, I dare you! (after I got over the frustration, this was actually kinda fun 😊)
- The state of data breaches, part 2 (hackers, corporate victims and law enforcement)