Let's not forget telling developers that the "debug a process" privilege is just something they'll never have again. Again, consider doing work on personal, unsecured and unmanaged computers.
There's a setting regarding outbound RPC connections. The "secure" sounding option prevents Connect-MSOLService from ever authenticating. Solution of course, from now on people will use personal desktops to logon to Azure as an administrator.
There's a Swiftonsecurity thread about messing with security settings doing more harm than good. I have many examples of this. 1) After being forced to implement the CIS benchmarks *exactly*, it was noted that the "Backup files and directories" was now restricted to "Domain Admins" because adding someone was bad. Suddenly a whole backup team were made domain admins in order to do their job.
Today's blog, Abusing Safebrowse to build a list of credentials: https://lolware.net/2019/05/12/abusing-safebrowse.html
Building a web scraper is a terrible experience for someone driven on correctness. You can implement a common algorithm and you can spend a lot of time working to get it 100% accurate. Or you can implement a scraper and know fully that it'll magically break next week when the site you scrape updates.
The original UK NCSC article had much better detail, but I really appreciate this sort of thing hitting mainstream news. It's good seeing stuff you've argued for years getting credibility. https://www.theguardian.com/technology/2019/apr/21/cybercrime-hacking-internet-account-passwords
Can you doubt that 2 + 3 =5 ? http://edwardfeser.blogspot.com/2019/04/can-you-doubt-that-2-3-5.html
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!