Pre-news

Semgrep Happy Hours NYC (10/3) and OWASP Global AppSec DC

• https://get.semgrep.dev/2023-10-03-NYC-Roadshow_Happy-Hour.html
• https://go.semgrep.dev/havananightsDC

Jeevan @ OWASP Global AppSec DC

• https://sched.co/1OUks

News

Retool - When MFA isn't actually MFA

• https://retool.com/blog/mfa-isnt-mfa/

MGM

• https://www.linkedin.com/feed/update/urn:li:activity:7107777818696052737
• https://www.tiktok.com/t/ZT8jBrfHd/
• https://www.404media.co/inside-mgms-hacked-casinos/
• https://x.com/mattjay/status/1705015380098285812?s=12
• https://x.com/mattjay/status/1705265507878727710?s=12
• https://www.linkedin.com/feed/update/urn:li:activity:7111872432285618176
• https://x.com/lasvegaslocally/status/1707108792935293099?s=12

38TB of data accidentally exposed by Microsoft AI researchers

• https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers

Clorox says last month’s cyberattack is still disrupting production

• https://www.wsj.com/articles/clorox-cyberattack-brings-early-test-of-new-sec-cyber-rules-b320475
• https://www.cnbc.com/2023/09/18/clorox-says-last-months-cyberattack-is-still-disrupting-production.html

California’s Delete Act

• https://www.bytebacklaw.com/2023/09/california-delete-act-passes-legislature/
• https://iapp.org/news/a/california-legislature-passes-delete-act-for-pi-aggregated-by-data-brokers

Discussion topic

Challenges of security engineering at scale

‍