Port 22

~ 26 Jul 2023 ~

Russia throws founder of infosec biz Group-IB in the clink for treason

ETSI Dismisses Claims of 'Backdoor' Vulnerabilities in TETRA Standard

Former NSA-er Harry Coker Nominated National Cyber Director

Russia Sends Cybersecurity CEO to Jail for 14 Years

Peloton Bugs Expose Enterprise Networks to IoT Attacks

Kubernetes and the Software Supply Chain

:

Not OK on VK: An Analysis of In-Platform Censorship on Russias VKontakte

Threat Intelligence Is Growing Here's How SOCs Can Keep Up

Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks

Thales Agrees to Buy App Security Vendor Imperva in $3.6B Deal

Backdoor in TETRA Police Radios

Twitter Scammers Stole $1,000 From My FriendSo I Hunted Them Down

The Alarming Rise of Infostealers: How to Detect this Silent Threat

Fenix Cybercrime Group Poses as Tax Authorities to Target Latin American Users

Gathering dust and data: How robotic vacuums can spy on you

New AI Tool 'FraudGPT' Emerges, Tailored for Sophisticated Attacks

Ambulance patient records system hauled offline for cyber-attack probe

Sneaky Python package security fixes help no one except miscreants

Rust-based Realst Infostealer Targeting Apple macOS Users' Cryptocurrency Wallets

Ivanti plugs critical bug but not before it was used against Norwegian government

Critical MikroTik RouterOS Vulnerability Exposes Over Half a Million Devices to Hacking

The Role of Mentorship in Cyber Threat Intelligence (Part 1)

~ 25 Jul 2023 ~

Apple patches exploited bugs in iPhones plus other holes

Who and What is Behind the Malware Proxy Service SocksEscort?

Why Computer Security Advice Is More Confusing Than It Should Be

50% of Zero Trust Programs Risk Failure According to PlainID Survey

KnowBe4 Phishing Test Results Reveal Half of Top Malicious Email Subjects Are HR Related

Decoy Dog Gets an Upgrade With New Persistence Features

ChatGPT, Other Generative AI Apps Prone to Compromise, Manipulation

Ivanti Zero-Day Exploit Disrupts Norway's Government Services

Cybercrime as a Public Health Crisis

Cryptojacking: Understanding and defending against cloud compute resource abuse

Patch Now: Up to 900K MikroTik Routers Vulnerable to Total Takeover

'FraudGPT' Malicious Chatbot Now for Sale on Dark Web

10 Free Purple Team Security Tools to Check Out

How to build stronger security teams

Actively Exploited Apple Zero-Day Affects iPhone Kernel

North Korean Nation-State Actors Exposed in JumpCloud Hack After OPSEC Blunder

Beyond ChatGPT: Organizations Must Protect Themselves Against the Power of AI

Casbaneiro Banking Malware Goes Under the Radar with UAC Bypass Technique

Rockwell Automation ThinManager ThinServer

Johnson Controls IQ Wifi 6

Emerson ROC800 Series RTU and DL8000 Preset Controller

AXIS A1001

macOS Under Attack: Examining the Growing Threat and User Perspectives

New York Using AI to Detect Subway Fare Evasion

ChatGPT Plugins Pose Security Risks

TETRA:BURST 5 New Vulnerabilities Exposed in Widely Used Radio Communication System

How MDR Helps Solve the Cybersecurity Talent Gap

Zenbleed: New Flaw in AMD Zen 2 Processors Puts Encryption Keys and Passwords at Risk

Dear all, What are some common subject lines in phishing emails?

Atlassian Releases Patches for Critical Flaws in Confluence and Bamboo

Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation

Apple Rolls Out Urgent Patches for Zero-Day Flaws Impacting iPhones, iPads and Macs

SANS 2023 Security Awareness Report: Managing Human Risk

~ 24 Jul 2023 ~

TETRA radio comms used by emergency heroes easily cracked, say experts

TETRA radio comms used by emergency heroes easily cracked, say experts

Managing Human Risk: Discoveries From SANS 2023 Security Awareness Report

Global Security Assurance Market to Reach $13B by 2030

CISOs Connect Launches the 2023 CISO Choice Awards

OneTrust Secures $150M Investment Led by Generation Investment Management

TARA Partners With Plante Moran to Deliver Risk-Based Vulnerability Management

China Propaganda Spreads via US News Sites, Freelancers, Times Square

AMD Zenbleed chip bug leaks secrets fast and easy

Orgs Face Record $4.5M Per Data Breach Incident

Are AI-Engineered Threats FUD or Reality?

Atlassian RCE Bugs Plague Confluence, Bamboo

KillNet's Kremlin Connection Unclear as the Cybercrime Collective Grows

New Microsoft identity and data security capabilities to accelerate CMMC compliance for the Defense Industrial Base

North Korean Cyberspies Target GitHub Developers

Microsoft Defender Experts for XDR helps triage, investigate, and respond to cyberthreats

Designing a Security Strategy for Defending Multicloud Architectures

Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks

Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol

How to Protect Patients and Their Privacy in Your SaaS Apps

Google Reportedly Disconnecting Employees from the Internet

TETRA Radio Code Encryption Has a Flaw: A Backdoor

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

Zero-Day Vulnerabilities Discovered in Global Emergency Services Communications Protocol

Banking Sector Targeted in Open-Source Software Supply Chain Attacks

How to Put the Sec in DevSecOps

Google half-patches Cloud Build permissions exploit, the rest is on you

What C-Suite Leaders Need to Know About XDR

~ 22 Jul 2023 ~

Chinas Breach of Microsoft Cloud Email May Expose Deeper Problems

Apple Threatens to Pull iMessage and FaceTime from U.K. Amid Surveillance Demands

Microsoft 365 Cloud Log Extraction

~ 21 Jul 2023 ~

Stolen Microsoft key may have opened up a lot more than US govt email inboxes

BGP Software Vulnerabilities Overlooked in Networking Infrastructure

Friday Squid Blogging: Chromatophores

VirusTotal: We're sorry someone fat-fingered and exposed 5,600 users

Banks in Attackers' Crosshairs, via Open Source Software Supply Chain

Few Fortune 100 Firms List Security Pros in Their Executive Ranks

Rootkit Attack Detections Increase at UAE Businesses

CVSS 4.0 Is Here, but Prioritizing Patches Still a Hard Problem

Saudi Arabia's Tuwaiq Academy Opens Cybersecurity Bootcamp

Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps

White House, Big Tech Ink Commitments to Secure AI

Meet the Finalists for the 2023 Pwnie Awards

Azure AD Token Forging Technique in Microsoft Attack Extends Beyond Outlook, Wiz Reports