-
50 votes
-
Misogynist hacker who threatened the wrong woman (hacker) and found out
23 votes -
CrowdStrike avoids customer exodus after triggering global IT outage
24 votes -
Craig Newmark, of Craigslist, is giving away $300 million to improve cybersecurity infrastructure
22 votes -
Top US senator calls Salt Typhoon ‘worst telecom hack in our nation’s history’
37 votes -
Bitwarden switches password manager and SDK to GPL3 after FOSS-iness drama
54 votes -
Hackers take control of robot vacuums in multiple US cities, yell racial slurs
37 votes -
Facing scrutiny over global outage, cybersecurity firm CrowdStrike on track for record year of federal lobbying spending
17 votes -
More people than ever are trying to hack the US government--and they love it
11 votes -
Using YouTube to steal your files
40 votes -
Kaspersky deletes itself, installs UltraAV antivirus without warning
22 votes -
The confessions of Marcus Hutchins, the hacker who saved the internet (2020)
38 votes -
Data security help - SOC2ish
Hi Tilderinos, I head up a small startup and we're looking to get some support for our data security. Up until now we've worked with small mom and pops that didn't have any requirements, but a few...
Hi Tilderinos,
I head up a small startup and we're looking to get some support for our data security. Up until now we've worked with small mom and pops that didn't have any requirements, but a few of our new clients have full data security teams and our infrastructure and policies/protocols aren't up to snuff. We reached out to a few consulting firms and they quotes us between $80-100k to get things set up and run us through a full SOC2 review. As a small company we don't really have that type of budget, more like $40-50k. I stumbled upon Vanta and Drata as alternatives and had meetings with their sales folks last week. Both of their offerings from setting up our protocols to monitoring and getting us through a SOC2 were only $16k.
Are platform based companies like Vanta or Drata enough to get us off the ground while we're still getting set up? Has anyone worked with them before and have any feelings one way or the other? Should we be signing on with a security consulting company - be it at a lower rate if we can negotiate it?
This is all quite new to me and any insight folks here can provide would be incredible useful.12 votes -
How CrowdStrike stopped everything. “The failures cascaded as dependent systems crashed, halting operations across multiple sectors."
17 votes -
CrowdStrike estimates the tech meltdown caused by its bungling left a $60 million dent in its sales
37 votes -
Lawsuits against Crowdstrike begin with Delta Airlines and Crowdstrike shareholders filing suit
21 votes -
Chinese government hackers penetrate US internet providers to spy
17 votes -
Microsoft to host security summit after CrowdStrike disaster
16 votes -
“Something has gone seriously wrong,” dual-boot systems warn after Microsoft update
43 votes -
The gigantic and unregulated power plants in the cloud
12 votes -
EFF’s concerns about the UN draft Cybercrime Convention
9 votes -
Signal developer explains why early encrypted messaging tools flopped
35 votes -
Delta CEO says CrowdStrike-Microsoft outage cost the airline $500 million, will seek damages
44 votes -
FrostyGoop malware attack cut off heat in Ukraine during winter
17 votes -
CrowdStrike global outage to cost US Fortune 500 companies $5.4bn
35 votes -
Anyone can access deleted and private repository data on GitHub
46 votes -
A hacker ‘ghost’ network is quietly spreading malware on GitHub
21 votes -
Delta's CrowdStrike related flight delays and cancellations prompt Department of Transportation investigation
19 votes -
CrowdStrike code update bricking Windows machines around the world
143 votes -
Weak security defaults enabled Squarespace Domains hijacks of former Google Domains accounts
19 votes -
AT&T says criminals stole phone records of ‘nearly all’ US customers in new data breach
26 votes -
Patelco makes minor restorations but no end near for crippling credit union cyber attack
21 votes -
Shopping app Temu is “dangerous malware,” spying on your texts, lawsuit claims
45 votes -
Simple ways to find exposed sensitive information
9 votes -
Single point of software failure could hamstring 15K US car dealerships for days
22 votes -
This GitHub profile has a custom background
31 votes -
Four in five CISOs have been told to downplay a potential risk’s severity
9 votes -
The leak of an internal Google database reveals thousands of potential privacy and security issues reported by employees
21 votes -
Significant cyber incidents | Strategic technologies program
1 vote -
Hundreds of thousands of US internet routers destroyed in newly discovered 2023 hack
23 votes -
All Santander staff and 'thirty million' customers in Spain, Chile and Uruguay hacked
22 votes -
Cybercriminals pose as "helpful" Stack Overflow users to push malware
19 votes -
Surveilling the masses with wi-fi-based positioning systems
15 votes -
British Library on why it kept it real in communication about ransomware attack
9 votes -
Cyber security: A pre-war reality check
34 votes -
Cyberattack forces major US health care network to divert ambulances from hospitals
17 votes -
‘TunnelVision’ attack leaves nearly all VPNs vulnerable to spying
40 votes -
London Drugs closes stores until further notice due to cyberattack
22 votes -
US medical providers still grappling with UnitedHealth cyberattack
9 votes -
Help me ditch Chrome's password manager!
I've been trying to reduce my reliance on all things Google, and one of the big ones is password management. I've tried several times to make the jump, but every time I start researching options...
I've been trying to reduce my reliance on all things Google, and one of the big ones is password management. I've tried several times to make the jump, but every time I start researching options I'm overwhelmed by the selection. There are a lot of popular options out there, and I really don't have the time/energy to endure a misstep. So without a clear idea of which manager will check all of my boxes, I end up bailing on the process and keep using chrome's built in option.
So to start, here's what I like about Chrome:
- Automatically offers to store passwords without extra clicks
- Autofills automatically where it can, and gives me an easy choice when it can't
- Works everywhere I need passwords. (basically everywhere I browse the internet since chrome works everywhere)
- Minimal overhead. This is hard to beat since Chrome just includes it, so I'm fine with a little extra setup if necessary.
I used to use keepass portable on a thumb drive (I want to say circa ~2009ish), but it became really inconvenient as my usage shifted more to mobile devices.
I see this as a first step to also reducing my reliance on Chrome so I can start to consider other browsers. Right now I feel locked in to Google's ecosystem, but I know I can break it up if I don't get too bogged down by choice. Much appreciate any help. :)
34 votes