Option 5: log off and pretend you didn’t see anything, threat actor will probably clean up session logs anyway Option 6: contact the lawyers Option 7: contact NCSC Incident Management with no useful info, only “pls halp” in the subject line

I like the idea of this, but I wonder how much still is about visibility. Still too much "we didn't detect" in post-breach PR spin. Don't want to know or don't how know to know? Didn't keep logs or do but didn't look? Direct link lacework.com/resource/sec-m…

I'd love to use AwardWallet.com but always feels icky giving systems your passwords. Anyone use it? Anyone have any understanding of security practices and how credentials are stored?

"a destruction of cats" accurate.

Special relationship indeed. How does valentines work between NCSC UK CISA Cyber Communications Security Establishment Canada Australian Cyber Security Centre and NCSC-NZ?

Does your organisation conduct phishing simulations, or do you sell products to them? Have a read. ncsc.gov.uk/guidance/phish… "More practically, blaming users for clicking on links doesn’t work." - NCSC UK Louder.

With iOS 17.4, iMessage introduces support for PQ3, bringing greater post-quantum security than any other messaging platform security.apple.com/blog/imessage-…

Nobody outside of the Password Reset industry seems to care about World Password Day? Makes sense.

> There is no evidence that the [phishing] tests result in fewer incidences of successful phishing campaigns... Louder. security.googleblog.com/2024/05/on-fir… #CyberSecurity #Phishing

Thread of photographers who patiently waited to capture the shot of a lifetime 🧵 1. Leonardo Sens (3 years)

Frens. I remember someone having a Trello board setup for wedding planning etc. Do you have one? Can I have a copy please? 🙏 cc/ Dafydd Vaughan @annkempster if memory serves!

I wonder if UPS UK 's call agents are motivated by KPI to answer but not say anything (you can hear them breathe) so that the caller hangs up but that tracks as a resolved call for them. 3 times in a row.

I don't usually feel bad for Microsoft Windows but getting the heat for CrowdStrike 's booboo must be quite frustrating

Amused cybersecurityexpo.co.uk asks participants to indicate their UK government national security vetting level as part of free event registration. *screams*

I'd argue its a different scope of problem - supply chain. I can't think of anyone (including me) who would've looked at CrowdStrike and asked enough questions that would have highlighted CrowdStrike has a code pipeline release issues. No one has that kind of time.