Port 22

~ 4 Apr 2022 ~

State Department Announces Bureau of Cyberspace and Digital Policy

Qualys Delivers Multi-Vector EDR 2.0 with Enhanced Prioritization to Quickly Surface the Most Critical Incidents

Citrix Modernizes Security to Accommodate Hybrid Work

Apple Gift Card Scammers Sentenced for Role in $1.5M Fraud

Millions of Installations Potentially Vulnerable to Spring Framework Flaw

Mandiant shareholder sues to block $5.4b Google deal

How Do I Decide Whether to Buy or Build in Security?

Beware of These 5 Tax Scams

Welcome to the Age of Zero Trust

Microsoft CRSP shares the ways human behavior affects compromise recovery

Borat RAT: Multiple threat of ransomware, DDoS and spyware

Spring4Shell (CVE-2022-22965): details and mitigations

Cybersecurity Mesh: IT's Answer to Cloud Security

Wyze Camera Vulnerability

How Explosions Actually Kill

Emma Sleep Company admits checkout cyber attack

Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers

Multiple Hacker Groups Capitalizing on Ukraine Conflict for Distributing Malware

Brokenwire Hack Could Let Remote Attackers Disrupt Charging for Electric Vehicles

A Look Into ICS612: ICS Cybersecurity In-Depth: Part 2

Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums

Beastmode DDoS Botnet Exploiting New TOTOLINK Bugs to Enslave More Routers

~ 3 Apr 2022 ~

Blockchains Have a Bridge Problem, and Hackers Know It

~ 2 Apr 2022 ~

Crooks use fake emergency data requests to get personal info out of Big Tech report

Fake Cops Scammed Apple and Meta to Get User Data

~ 1 Apr 2022 ~

A Comprehensive Backup Strategy Includes SaaS Data, Source Code

15-Year-Old Bug in PEAR PHP Repository Could've Enabled Supply Chain Attacks

Apple's Zero-Day Woes Continue

British Police Charge Two Teenagers Linked to LAPSUS$ Hacker Group

Friday Squid Blogging: Squid Migration and Climate Change

GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts

GitLab issues critical update after hard-coding passwords into accounts

NSA Employee Indicted for Sending Classified Data Outside the Agency

Week in security with Tony Anscombe

What You Need to Know About PCI DSS 4.0's New Requirements

More Than Ever, Security Matters

More charged in UK Lapsus$ investigation

Bypassing Two-Factor Authentication

Russia Inches Toward Its Splinternet Dream

Google: Russian credential thieves target NATO, Eastern European military

Cybersecurity survival tips for small businesses: 2022 edition

Modem-wiping malware caused Viasat satellite broadband outage

Defending the endpoint with AI

Russian Wiper Malware Responsible for Recent Cyberattack on Viasat KA-SAT Modems

National Security Agency employee indicted for leaking top secret info

Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code

Results Overview: 2022 MITRE ATT&CK Evaluation Wizard Spider and Sandworm Edition

Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit

North Korean Hackers Distributing Trojanized DeFi Wallet Apps to Steal Victims' Crypto

~ 31 Mar 2022 ~

Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices

Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill

Vulnerabilities in Rockwell Automation PLCs Could Enable Stuxnet-Like Attacks

Spring Fixes Zero-Day Vulnerability in Framework and Spring Boot

Apple emits macOS, iOS, iPadOS patches for 'exploited' security bugs

Ransomware: Should Companies Ever Pay Up?

Companies Going to Greater Lengths to Hire Cybersecurity Staff

Microsoft protects against human-operated ransomware across the full attack chain in the 2022 MITRE Engenuity ATT&CK Evaluations

Global BEC Crackdown Nets 65 Suspects

Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices

U.S. Cyber Command Adds APUS as Member in Newly Formed Academic Network

3 strategies to launch an effective data governance plan

Patch now: RCE Spring4shell hits Java Spring framework

Protecting Your Organization Against a New Class of Cyber Threats: HEAT

Nvidia DGX systems prone to side channel, covert attacks

Nation-State Hackers Ramp Up Ukraine War-Themed Attacks

Lazarus Trojanized DeFi app for delivering malware

Chrome Zero-Day from North Korea

The Last Cell Tower in Mariupol

Schneider Electric SCADAPack Workbench

Hitachi Energy e-mesh EMS

Fuji Electric Alpha5

Mitsubishi Electric FA Products

Rockwell Automation Logix Controllers

General Electric Renewable Energy MDS Radios

Rockwell Automation Studio 5000 Logix Designer

Expect 'long tail of cyber retaliation' from Russia for sanctions, says ExtraHop CEO

Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework

Bugs in Wyze Cams Could Let Attackers Takeover Devices and Access Video Feeds

Cryptomining groups fight fiercely for cloud resources

New Python-based Ransomware Targeting JupyterLab Web Notebooks

Hackers Increasingly Using 'Browser in a Browser' Technique in Ukraine Related Attacks

UK spy boss warns China hopes Russia will help it take over tech standards

Russia, Iran, Saudi Arabia are top sources of online misinformation

Yale finance director ordered $40m in computers to resell on the sly

~ 30 Mar 2022 ~

Zlib crash-an-app bug finally squashed, 17 years later

Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security

Zero-Day Vulnerability Discovered in Java Spring Framework

QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Device

A Sinister Way to Beat Multifactor Authentication Is on the Rise

CISA, DOE Warn of Attacks on Uninterruptible Power Supply (UPS) Devices

Ubiquiti sues Krebs on Security for defamation

Smart Cities: Secure by Design? It Takes a Village

Cybercriminals Fighting Over Cloud Workloads for Cryptomining

Viasat spills on the Russian attack, warns of continued risks

VMware Horizon platform pummeled by Log4j-fueled attacks

Cloud Security Architecture Needs to Be Strategic, Realistic, and Based on Risk

How Security Complexity Is Being Weaponized

Researchers Used a Decommissioned Satellite to Broadcast Hacker TV

Electric Vehicle DC charging tripped by a wireless hack

Stalking with an Apple Watch