Port 22

~ 18 Aug 2021 ~

The T-Mobile Data Breach Is Much Worse Than It Had to Be

Apples NeuralHash Algorithm Has Been Reverse-Engineered

Researchers find high-severity command injection vuln in Fortinet's web app firewall

T-Mobile: Breach Exposed SSN/DOB of 40M+ People

Trend-spotting email techniques: How modern phishing emails hide in plain sight

Migrating content from traditional SIEMs to Azure Sentinel

Health authorities in 40 countries targeted by COVID19 vaccine scammers

Detecting Embedded Content in OOXML Documents

Detecting Embedded Content in OOXML Documents

Apple Engraving Censorship Explained

Engrave Danger: An Analysis of Apple Engraving Censorship across Six Regions

Un-carrier? Definitely Unsecure: T-Mobile US admits 48m customers' details stolen after downplaying reports

Tetris: Chinese Espionage Tool

Critical ThroughTek SDK Bug Could Let Attackers Spy On Millions of IoT Devices

BadAlloc Flaw Affects BlackBerry QNX Used in Millions of Cars and Medical Devices

China orders annual security reviews for all critical information infrastructure operators

Iranian Hackers Target Several Israeli Organizations With Supply-Chain Attacks

Does a VPN Protect You from Hackers?

NK Hackers Deploy Browser Exploits on South Korean Sites to Spread Malware

SEC760 Prep Quiz Answers

Got What It Takes For SEC760? Check Out this Short Quiz (Updated!)

~ 17 Aug 2021 ~

Apple says its CSAM scan code can be verified by researchers. Corellium starts throwing out dollar bills

Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF

Microsoft and NIST collaborate on EO to drive Zero Trust adoption

Nearly 2 million records from terrorist watchlist exposed online

If you haven't updated your ThroughTek DVR since 2018 do so now, warns Mandiant as critical vuln surfaces

The cloud changes the game for cybersecurity incident response heres how to master the new rules

British defence supplier Ultra Electronics to be sold for 2.6bn to US-controlled firm

Millions of Web Camera and Baby Monitor Feeds Are Exposed

Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices

Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices

Blackbaud firm that paid off crooks after 2020 ransomware attack fails to get California privacy law claim dropped

ThroughTek Kalay P2P SDK

Advantech WebAccess/NMS

xArrow SCADA

Dumpster diving is a filthy business

Malicious Ads Target Cryptocurrency Users With Cinobi Banking Trojan

Pakistan's tax office services go dark after migration project goes awry

~ 16 Aug 2021 ~

T-Mobile Investigating Claims of Massive Data Breach

Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices

The T-Mobile Data Breach Is One You Cant Ignore

Remote code execution flaws lurk in countless routers, IoT gear, cameras using Realtek Wi-Fi module SDKs

T-Mobile US probes claims of 100m stolen customer records up for sale on dark web

Dallas cops lost 8TB of criminal case data during bungled migration, says the DA... four months

Apple's iPhone computer vision has the potential to preserve privacy but also break it completely

Attackers Can Weaponize Firewalls and Middleboxes for Amplified DDoS Attacks

Attackers Can Weaponize Firewalls and Middleboxes for Amplified DDoS Attacks

New AdLoad Variant Bypasses Apple's Security Defenses to Target macOS Systems

Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients

Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients

Level Up Your Cyber Career with SANS #LevelUp

Instructor Spotlight: Jean-Franois Maes

New AdLoad Variant Bypasses Apple's Security Defenses to Target macOS Systems

~ 15 Aug 2021 ~

New Glowworm Attack Recovers Device's Sound from Its LED Power Indicator

How to Send Messages That Automatically Disappear

~ 14 Aug 2021 ~

Upcoming Speaking Engagements

Hacker Steals $610M of Cryptocurrencyand Returns Most of It

I was offered $500k as a thank-you bounty for pilfering $600m from Poly Network, says crypto-thief

New Glowworm Attack Recovers Device's Sound from Its LED Power Indicator

Learn Ethical Hacking From Scratch 18 Online Courses for Just $43

Learn Ethical Hacking From Scratch 18 Online Courses for Just $43

Facebook Adds End-to-End Encryption for Audio and Video Calls in Messenger

Facebook Adds End-to-End Encryption for Audio and Video Calls in Messenger

What's New with SANS ICS Security?

~ 13 Aug 2021 ~

Friday Squid Blogging: A Good Year for Squid?

New Anti Anti-Money Laundering Services for Crooks

Fancy joining the SAS's secret hacker squad in Hereford as an electronics engineer for 33k?

Week in security with Tony Anscombe

Before I agree to let your app track me everywhere, I want something 'special' in return (winks)

Using AI to Scale Spear Phishing

United Nations calls for moratorium on sale of surveillance tech like NSO Group's Pegasus

Re-volting: AMD Secure Encrypted Virtualization undone by electrical attack

China stops networked vehicle data going offshore under new infosec rules

FISMA's a fizzer, says Cisco, and calls on Congress to get cyber security policy right pronto

Hackers Spotted Using Morse Code in Phishing Attacks to Evade Detection

Hackers Spotted Using Morse Code in Phishing Attacks to Evade Detection

Why Is There A Surge In Ransomware Attacks?

Why Is There A Surge In Ransomware Attacks?

Hackers Actively Searching for Unpatched Microsoft Exchange Servers

Hackers Actively Searching for Unpatched Microsoft Exchange Servers

Huawei stole our tech and created a 'backdoor' to spy on Pakistan, claims IT biz

Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities

Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities

~ 12 Aug 2021 ~

GitHub picks Friday 13th to kill off password-based Git authentication

US govt scores a point against Assange in run-up to extradition appeal showdown

Think your backups will protect you against ransomware? Theyre top of the target list

How the Far Right Took Over Steam and Discord

Attackers use Morse code, other encryption methods in evasive phishing campaign

Announcing the Eighth Annual Flare-On Challenge

Announcing the Eighth Annual Flare-On Challenge

Announcing the Eighth Annual Flare-On Challenge

Lockbit ransomware attack didn't affect ops, claims Accenture amid lurid payoff rumours

A Simple Software Fix Could Limit Location Data Sharing

COVID-19 cases surge as do sales of fake vaccination cards around $100 for something you could get free

Cognex In-Sight OPC Server

Horner Automation Cscape

IT threat evolution Q2 2021

IT threat evolution in Q2 2021. Mobile statistics