Port 22

~ 24 Jul 2023 ~

AMD Zenbleed chip bug leaks secrets fast and easy

Orgs Face Record $4.5M Per Data Breach Incident

Are AI-Engineered Threats FUD or Reality?

Atlassian RCE Bugs Plague Confluence, Bamboo

KillNet's Kremlin Connection Unclear as the Cybercrime Collective Grows

New Microsoft identity and data security capabilities to accelerate CMMC compliance for the Defense Industrial Base

North Korean Cyberspies Target GitHub Developers

Microsoft Defender Experts for XDR helps triage, investigate, and respond to cyberthreats

Designing a Security Strategy for Defending Multicloud Architectures

Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks

Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol

How to Protect Patients and Their Privacy in Your SaaS Apps

Google Reportedly Disconnecting Employees from the Internet

TETRA Radio Code Encryption Has a Flaw: A Backdoor

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

Zero-Day Vulnerabilities Discovered in Global Emergency Services Communications Protocol

Banking Sector Targeted in Open-Source Software Supply Chain Attacks

How to Put the Sec in DevSecOps

Google half-patches Cloud Build permissions exploit, the rest is on you

What C-Suite Leaders Need to Know About XDR

~ 22 Jul 2023 ~

Chinas Breach of Microsoft Cloud Email May Expose Deeper Problems

Apple Threatens to Pull iMessage and FaceTime from U.K. Amid Surveillance Demands

Microsoft 365 Cloud Log Extraction

~ 21 Jul 2023 ~

Stolen Microsoft key may have opened up a lot more than US govt email inboxes

BGP Software Vulnerabilities Overlooked in Networking Infrastructure

Friday Squid Blogging: Chromatophores

VirusTotal: We're sorry someone fat-fingered and exposed 5,600 users

Banks in Attackers' Crosshairs, via Open Source Software Supply Chain

Few Fortune 100 Firms List Security Pros in Their Executive Ranks

Rootkit Attack Detections Increase at UAE Businesses

CVSS 4.0 Is Here, but Prioritizing Patches Still a Hard Problem

Saudi Arabia's Tuwaiq Academy Opens Cybersecurity Bootcamp

Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps

White House, Big Tech Ink Commitments to Secure AI

Meet the Finalists for the 2023 Pwnie Awards

Azure AD Token Forging Technique in Microsoft Attack Extends Beyond Outlook, Wiz Reports

HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software

The Dark Side of AI

What happens if AI is wrong? Week in security with Tony Anscombe

Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities

Local Governments Targeted for Ransomware How to Prevent Falling Victim

AI and Microdirectives

Lawyer sees almost 1,000 complainants sign up to Capita breach class action

DDoS Botnets Hijacking Zyxel Devices to Launch Devastating Attacks

Citrix NetScaler ADC and Gateway Devices Under Attack: CISA Urges Immediate Action

Cybersecurity Jobs: Media Exploitation Analyst (Japanese)

~ 20 Jul 2023 ~

North Korean Attackers Targeted Crypto Companies in JumpCloud Breach

MOVEit body count closes in on 400 orgs, 20M+ individuals

TrustArc Announces TRUSTe EU-US Data Privacy Framework Verification

Deloitte Global Expands MXDR Cybersecurity SaaS Solution With Operational Technology and Identity Modules

Mallox Ransomware Group Activity Shifts Into High Gear

Kevin Mitnick Died

Critical Infrastructure Workers Better At Spotting Phishing

NYPD Body Cam Data Shows the Scale of Violence Against Protesters

Kevin Mandia Brings the HammerCon

Este Lauder Breached in Twin MOVEit Hacks, by Different Ransom Groups

RIP Kevin Mitnick: Former most-wanted hacker dies at 59

Apache OpenMeetings Wide Open to Account Takeover, Code Execution

Docker Leaks API Secrets & Private Keys, as Cybercriminals Pounce

Should You Be Using a Cybersecurity Careers Framework?

Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks

Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks

Plurilock Announces Generative AI 'Guardrails' Product, PromptGuard

Google Categorizes 6 Real-World AI Attacks to Prepare for Now

Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities

Hacker-Turned-Security-Researcher Kevin Mitnick Dies Aged 59

Enterprise Choices in Measuring Risk

Attackers Exploit Citrix Zero-Day Bug to Pwn NetScaler ADC, Gateway

North Korean State-Sponsored Hackers Suspected in JumpCloud Supply Chain Attack

Under CISA <s>pressure</s> collaboration, Microsoft makes cloud security logs available for free

Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers

Commentary on the Implementation Plan for the 2023 US National Cybersecurity Strategy

Satellites Are Rife With Basic Security Flaws

A Few More Reasons Why RDP is Insecure (Surprise!)

Turla's New DeliveryCheck Backdoor Breaches Ukrainian Defense Sector

8 common work-from-home scams to avoid

Ukraine busts bot farm spreading Russian infowar propaganda and fraud

New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems

Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats

Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability

Microsoft Relents, Offers Free Key Logging to All 365 Customers

Infosec Doesn't Know What AI Tools Orgs Are Using

Black Hat Offers PenTesting Certification Exam

~ 19 Jul 2023 ~

Graylog Acquires Resurface.io's API Security Solution

Cloud Range Appoints Cybersecurity Leader Galina Antova to Board of Directors

Checkmarx Announces CheckAI Plugin for ChatGPT to Detect and Prevent Attacks Against ChatGPT-Generated Code

Netskope Launches Managed Service Provider Program

KnowBe4 Partners With Egress to Enhance Organizations' Inbound and Outbound Email Security Defenses

Netcraft Secures First Funding With Over $100M From Spectrum Equity

HyperSense Fraud Management Now Available on Google Cloud

Study: Africa Cybersecurity Improves But Lacks Cross-Border Frameworks

P2P Self-Replicating Cloud Worm Targets Redis

Tech support scammers go analog, ask victims to mail bundles of cash

SophosEncrypt Ransomware Fools Security Researchers

China's APT41 Linked to WyrmSpy, DragonEgg Mobile Spyware

Seed Group Brings Resecurity Options to UAE Region

Practice Your Security Prompting Skills

3 Ways AI Could Improve Authentication

Reducing Security Debt in the Cloud

Expanding cloud logging to give customers deeper security visibility