A word or two about our publishing schedule. My Wednesday premium edition of this newsletter covered a new development of the Bluekeep vulnerability and what it means to your security. You can upgrade your subscription here for $10/month. Also, there will be no newsletter tomorrow due to my travel plans.
I wrote earlier about the government of Kazakhstan with its browser certificates enabling MITM attacks. Here is additional analysis from Censored Planet, a relatively new operation from the University of Michigan. Our news item #5 points out another use of certs by bad actors.
Centrify is introducing an enterprise-grade password management solution for SMBs with a Free Tier Password Vault, available immediately from AWS. Its Privileged Access Service can manage up to 50 registered systems and associated service accounts free of charge. In my reviews of single sign-on tools, Centrify has done well and I would recommend taking a look if cost has been an issue for your smaller business.
Finally, our Throwback Thursday commemorates the first BSides conference, held ten years ago this week in Las Vegas.
-- David Strom