Port 22

~ 11 May 2021 ~

Microsoft Patch Tuesday: 4 Critical CVEs, 3 Publicly Known, 1 Wormable

A Closer Look at the DarkSide Ransomware Gang

Gartner names Microsoft a Leader in the 2021 Endpoint Protection Platforms Magic Quadrant

UK's Computer Misuse Act to be reviewed, says Home Secretary as she condemns ransomware payoffs

Cartoon Caption Winner: Greetings, Earthlings

NHS App gets go-ahead for vaccine passport use despite protest from privacy groups

NHS App gets go-ahead for UK vaccine passport use despite protest from privacy groups

AI Security Risk Assessment Tool

App Tracking: Apps plead for users to press allow, but 85% of Apple iOS consumers are not opting in

WhatsApp will limit features for users who dont accept new datasharing rules

Omron CX-One

Mitsubishi Electric GOT and Tension Controller

Siemens Linux Based Products

Siemens SINAMICS Medium Voltage Products

Siemens Mendix Database Replication Module

Siemens SNMP Implementation of WinCC Runtime

Siemens SIMATIC NET CP343-1

Siemens Tecnomatix Plant Simulation

Siemens Mendix Excel Importer Module

Siemens SCALANCE XM-400 and XR-500 Devices

Compsci boffin publishes proof-of-concept code for 54-year-old zero-day in Universal Turing Machine

Train operator phlunks phishing test by teasing employees with non-existent COVID bonus

LIVE Webinar The Rabbit Hole of Automation

U.S Intelligence Agencies Warn About 5G Network Weaknesses

Tencent research team scores free powerups for electric cars with Raspberry Pi-powered X-in-the-middle attack

Indian government says 5G doesnt cause COVID-19. Also points out India has no 5G networks

Experts warn of a new Android banking trojan stealing users' credentials

Trend Micro hosted email service is down, inboxes still stuck in cloudy limbo

U.S. Declares Emergency in 17 States Over Fuel Pipeline Cyber Attack

DarkSide Hit Colonial Pipelineand Created an Unholy Mess

~ 10 May 2021 ~

Apple Execs Chose to Keep a Hack of 128 Million iPhones Quiet

Ransomware Shuts Down US Pipeline

Kubecon 2021: A largely dry and corporate affair where the best bits involved a spot of Kubernetes-hacking roleplay

Colonial Pipeline Cyberattack: What Security Pros Need to Know

Four Plead Guilty to RICO Conspiracy Involving Hosting Services for Cybercrime

Fintech Startup Offers $500 for Payroll Passwords

Uncle Sam wants 'ethical hackers' to crack its planetary defenses, but don't expect a pay-day from this bug bounty

Newly Unclassified NSA Document on Cryptography in the 1970s

DDoS attacks in Q1 2021

Namecheap hosted 25%+ of fake UK govt phishing sites last year NCSC report

Over 25% Of Tor Exit Relays Spied On Users' Dark Web Activities

Is it still a good idea to require users to change their passwords?

SANS ICS Site Visit Plan

Cut Through the Noise: Are Password Managers Still Safe and Secure?

Ransomware shuts US oil pipeline that pumps 100 million gallons a day

~ 9 May 2021 ~

Four Plead Guilty to Aiding Cyber Criminals with Bulletproof Hosting

What's Google Floc? And How Does It Affect Your Privacy?

Google Gets Serious About Two-Factor Authentication. Good!

Ransomware Cyber Attack Forced the Largest U.S. Fuel Pipeline to Shut Down

~ 8 May 2021 ~

The Colonial Pipeline Hack Is a New Extreme for Ransomware

Microsoft Will Soon Kill Flash on Windows 10 for Good

ISPs Funded 8.5 Million Fake Comments Opposing Net Neutrality

Facebook Will Limit Your WhatsApp Features For Not Accepting Privacy Policy

Top 11 Security Flaws Russian Spy Hackers Are Exploiting in the Wild

~ 7 May 2021 ~

Friday Squid Blogging: COVID Relief Funds

Twitter's Tip Jar Privacy Fiasco Was Entirely Avoidable

Russian cyber-spies changed tactics after the UK and US outed their techniques so here's a list of those changes

How North Korean APT Kimsuky Is Evolving Its Tactics

Privacy activist Max Schrems on Microsoft's EU data move: It won't keep the NSA away

LibInjection Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)

LibInjection Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)

LibInjection Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)

Week in security with Tony Anscombe

Teaching Cybersecurity to Children

FBI, NSA, CISA & NCSC Issue Joint Advisory on Russian SVR Activity

Investment Scammer John Davies Reinvents Himself?

4 Major Privacy and Security Updates From Google You Should Know About

6 Unpatched Flaws Disclosed in Remote Mouse App for Android and iOS

Cisco HyperFlex web interface has critical flaw that lets attackers get <code>root</code> and execute arbitrary commands

Kids in Hong Kong and other highly surveilled states worry infosec careers are just asking for trouble

New TsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers

Google Play to require privacy labels on apps in 2022, almost two years after Apple

New Stealthy Rootkit Infiltrated Networks of High-Profile Organizations

SANS DFIR Stay Sharp Courses - Same quality, less time, targeted skill training

Google will make you use two-step verification to login

~ 6 May 2021 ~

Popular routers found vulnerable to hacker attacks

Troy Hunt: Organizations Make Security Choices Tough for Users

New Techniques Emerge for Abusing Windows Services to Gain System Control

Vulnerability in Snapdragon 855 SoCs could pwn Android modems, allow baddies to snoop on conversations

CISA Publishes Analysis on New 'FiveHands' Ransomware

Cloud-Native Businesses Struggle with Security

The Story of Colossus

Operation TunnelSnake

Fantastic passwords and where your children can find them

Crane horror <i>Reg</i> reader uses his severed finger to unlock Samsung Galaxy phone

CISO Challenge: Check Your Cybersecurity Skills On This New Competition Site

Chrome on Windows turns on Intel, AMD chip-level defenses against malicious websites

Critical Flaws Hit Cisco SD-WAN vManage and HyperFlex Software

JET engine flaws can crash Microsoft's IIS, SQL Server, say Palo Alto researchers

New Qualcomm Chip Bug Could Let Hackers Spy On Android Devices

New Spectre Flaws in Intel and AMD CPUs Affect Billions of Computers

SANS ICS Hot Take: Cloud Security Transcript

~ 5 May 2021 ~

How a Former Netflix Exec Built a Brazen Bribery Scheme

Attackers Seek New Strategies to Improve Macros' Effectiveness

21 nails in Exim mail server: Vulnerabilities enable 'full remote unauthenticated code execution', millions of boxes at risk

DDoS attack knocks Belgian government websites offline

DoD Lets Researchers Target All Publicly Accessible Info Systems

New Spectre-Like Attacks

Wanted: The (Elusive) Cybersecurity 'All-Star'

East London council blurts thousands of residents' email addresses in To field blunder