Port 22

~ 27 Jul 2021 ~

Compsci student walks off with $50,000 after bug bounty report blows gaping hole in Shopfiy software repos

Hiding Malware in ML Models

KUKA KR C4

Mitsubishi Electric GOT2000 series and GT SoftGOT2000

Geutebrck G-Cam E2 and G-Code

LCDS LAquis SCADA

Delta Electronics DIAScreen

New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email

It takes intuition and skill to find hidden evidence and hunt for elusive threats

Several Bugs Found in 3 Open-Source Software Used by Several Businesses

Hackers Turning to 'Exotic' Programming Languages for Malware Development

SSD belonging to Euro-cloud Scaleway was stolen from back of a truck, then turned up on YouTube

Apple patches zero-day vulnerability in iOS, iPadOS, macOS under active attack

Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices

~ 26 Jul 2021 ~

You, too, can be a Windows domain controller and do whatever you like, with this one weird WONTFIX trick

PlugwalkJoe Does the Perp Walk

Disrupting Ransomware by Disrupting Bitcoin

Somebody is destined for somewhere hot, and definitely not Coventry

BIMI: A Visual Take on Email Authentication and Security

How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability

DEF CON offers beginner-level Spot the Fed this year: He'll be on stage giving a keynote

Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems

New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains

~ 24 Jul 2021 ~

Porn Showed Upon on Legit News Sites Thanks to Internet Rot

~ 23 Jul 2021 ~

Friday Squid Blogging: The Evolution of Squid

Week in security with Tony Anscombe

Commercial Location Data Used to Out Priest

Hole blasted in Guntrader: UK firearms sales website's CRM database breached, 111,000 users' info spilled online

Protecting the hybrid workplace through Zero Trust security

Tech support scams subside somewhat, but Millennials and Gen Z think they're bulletproof and suffer

BT tries to crack cyber crime, grabs stake in Safe Security

Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software

Wake up! Identify API Vulnerabilities Proactively, From Code Back to Production

Dutch Police Arrest Two Hackers Tied to "Fraud Family" Cybercrime Ring

Kaseya obtains REvil decryptor, starts sharing it with afflicted customers

Never mind the trolls, Discord hosts 'significant volumes of malware' in its CDN

A Visual Summary of SANS DFIR Summit 2021

~ 22 Jul 2021 ~

Cyber-attacks really ramp up after Halloween so why not start preparing now?

Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims

The Kaseya Ransomware Nightmare Is Almost Over

Microsoft has a workaround for 'HiveNightmare' flaw: Nuke your shadow copies from orbit

How to protect your CAD data files with MIP and HALOCAD

Securing the cloud while Windows burns: Microsoft pops CloudKnox in trolley

A guide to balancing external threats and insider risk

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

Popular WiFi routers still using default passwords making them susceptible to attacks

Nasty Printer Driver Vulnerability

Respect in Security initiative aims to build reporting lines for infosec bods suffering harassment at work, conferences and online

Respect in Security initiative aims to build reporting lines for infosec bods suffering harassment at work, conferences and online

Al Jazeera: How Vulnerable are We to Spying Technology?

An Explosive Spyware Report Shows the Limits of iOS Security

7 Hot Cyber Threat Trends to Expect at Black Hat

Thales launches payment card with onboard fingerprint scanner

China pushes back against Exchange attack sponsorship claims

NSO Group 'will no longer be responding to inquiries' about misuse of its software

APT Hackers Distributed Android Trojan via Syrian e-Government Portal

Reduce End-User Password Change Frustrations

US senators warn China's Digital Yuan could compromise Olympic athletes

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws

Another Hacker Arrested for 2020 Twitter Hack and Massive Bitcoin Scam

ICS Threat Hunting - They're Shootin at the Lights! - PART 1

2021 SANS Security Awareness Planning Kit

~ 21 Jul 2021 ~

Spanish cops cuff Brit bloke accused of playing role in 2020 celeb Twitter hijacking

Serial Swatter Who Caused Death Gets Five Years in Prison

Cybercriminals may target 2020 Tokyo Olympics, FBI warns

Google Cloud's Intrusion Detection Service attempts to make security 'invisible' but cost will be the big giveaway

Microsoft acquires CloudKnox Security to offer unified privileged access and cloud entitlement management

The evolution of a matrix: How ATT&CK for Containers was built

Venmo Gets More Privatebut It's Still Not Fully Safe

Managed Detection and Response in Q4 2020

Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers

XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems

Several New Critical Flaws Affect CODESYS Industrial Automation Software

[eBook] A Guide to Stress-Free Cybersecurity for Lean IT Security Teams

Make-me-admin holes found in Windows, Linux kernel

~ 20 Jul 2021 ~

Journo who went to prison for 2 years for breaking US cyber-security law is jailed again

New Windows and Linux Flaws Give Attackers Highest System Privileges

Spam Kingpin Peter Levashov Gets Time Served

NSO Group Hacked

Fortinet's security appliances hit by remote code execution vulnerability

Northern Train's ticketing system out to lunch as ransomware attack shuts down servers

Verified: UK.gov launching plans for yet another digital identity scheme

Some URL shortener services distribute Android malware, including banking or SMS trojans

US legal eagles representing Apple, IBM, and more take 5 months to inform clients of ransomware data breach

Mitsubishi Electric MELSEC-F Series

16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers

This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection

US and Global Allies Accuse China of Massive Microsoft Exchange Attack

~ 19 Jul 2021 ~

Dont Wanna Pay Ransom Gangs? Test Your Backups.

How China's Hacking Entered a Reckless New Phase

Cloudstar IT provider for real estate, finance, insurance worlds downed by ransomware

capa 2.0: Better, Faster, Stronger

capa 2.0: Better, Faster, Stronger

capa 2.0: Better, Faster, Stronger

Law Firm for Ford, Pfizer, Exxon Discloses Ransomware Attack

Candiru: Another Cyberweapons Arms Manufacturer

NSO Group Spyware Used On Journalists & Activists Worldwide

UK and chums call out Chinese Ministry of State Security for Hafnium Microsoft Exchange Server attacks

Researchers Warn of Linux Cryptojacking Attackers Operating from Romania

Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely