Port 22

~ 20 May 2021 ~

Cost Savings, Better Security Drive Adoption of Emerging Technologies

Bizarro Banking Trojan

UK data regulator fines American Express 0.14p per email after opted-out folk spammed 50 million times

3 Ways Anti-Vaxxers Will Undercut Security With Misinformation

The Full Story of the Stunning RSA Hack Can Finally Be Told

23 Android Apps Expose Over 100,000,000 Users' Personal Data

Is Single Sign-On Enough to Secure Your SaaS Applications?

Watering Hole Attack Was Used to Target Florida Water Utilities

Now Open | SANS 2021 Threat Hunting Survey

~ 19 May 2021 ~

Android Issues Patches for 4 New Zero-Day Bugs Exploited in the Wild

Protecting SAP applications with the new Azure Sentinel SAP threat monitoring solution

Attackers Took 5 Minutes to Start Scanning for Exchange Server Flaws

Forrester names Microsoft a Leader in The Forrester Wave: Cloud Security Gateways, Q2 2021

Recycle Your Phone, Sure, But Maybe Not Your Number

Miscreants started scanning for Exchange Hafnium vulns five minutes after Microsoft told world about zero-days

How to Adapt to Rising Consumer Expectations of Invisible Security

Apple Censorship and Surveillance in China

Im Not a Robot! So Why Wont Captchas Believe Me?

Credential Stuffing Reaches 193 Billion Login Attempts Annually

Uptime funk: Microsoft has lifted availability of Azure Key Vault to 99.99%

How Ransomware Encourages Opportunists to Become Criminals

Colonial Pipeline attack: Hacking the physical world

Australian Police hiring digital evidence retrieval specialists. You need to be a very good boy and have paws to get the gig

DarkSide Ransomware Gang Extorted $90 Million from Several Victims in 9 Months

The Microsoft Authenticator extension in the Chrome store wasn't actually made by Microsoft. Oops, Google

The Microsoft Authenticator extension in the Chrome store wasn't actually made by Microsoft. Oops, Google

Mozilla Begins Rolling Out 'Site Isolation' Security Feature to Firefox Browser

New Zealand hospitals infected by ransomware, cancel some surgeries

A Simple 1-Click Compromised Password Reset Feature Coming to Chrome Browser

~ 18 May 2021 ~

Android 12 Will Let You Fine-Tune Permissions for Apps

Us? Pwn SolarWinds? With our reputation? Russian spy chief makes laughable denial of supply chain attack

How Attackers Weigh the Pros and Cons of BEC Techniques

Business-intelligence-company-turned-Bitcoin-addict MicroStrategy grabs another $10m crypto-coin fix

Scams target families of missing persons, FBI warns

Mitigate OT security threats with these best practices

Adding a Russian Keyboard to Protect against Ransomware

The UK loves cybersecurity so much, it's going to regulate managed service providers' infosec practices in law

Splunk to Acquire TruStar for Data Management

1Password unsheathes Rusty key, hopes to unlock Linux Desktop world

FBI's IC3 Logs 1M Complaints in 14 Months

Researchers Create Covert Channel Over Apple AirTag Network

Emerson Rosemount X-STREAM

Cisco Plans to Create 'Premium' SecureX Offering With Kenna Security Features

Latest phones are great at thwarting Wi-Fi tracking. Other devices, not so much study

How Apple Gave Chinese Government Access to iCloud Data and Censored Apps

Free "vCISO Clinic" offers Resource-Constrained InfoSec Leaders a Helping Hand

Experts Reveal Over 150 Ways to Steal Control of 58 Android Stalkerware Apps

70 European and South American Banks Under Attack By Bizarro Banking Malware

~ 17 May 2021 ~

Eufycam Wi-Fi security cameras streamed video feeds from other people's homes

DarkSide Ransomware Variant Targets Disk Partitions

47% of Criminals Buying Exploits Target Microsoft Products

Ransomware's Dangerous New Trick: Double-Encrypting Your Data

DDoS Attacks Up 31% in Q1 2021: Report

How a positive hybrid work culture can help you to mitigate insider risk

Axa insurance offshoots pwned as Ireland reveals second ransomware hit

Try This One Weird Trick Russian Hackers Hate

Correspondence between the Citizen Lab and NSO Group Regarding The Great iPwn

Take action now FluBot malware may be on its way

Is 85% of US Critical Infrastructure in Private Hands?

We'd love to report on the outcome of the CREST exam cheatsheet probe, but UK infosec body won't publish it

Bizarro banking Trojan expands its attacks to Europe

Android stalkerware threatens victims further and exposes snoopers themselves

Name That Toon: Road Trip

Mammoth grab of GP patient data in the UK set to benefit private-sector market access as rules remain unchanged

Apple sent my data to the FBI, says boss of controversial research paper trove Sci-Hub

Apple's Find My Network Can be Abused to Exfiltrate Data From Nearby Devices

Singapore bolsters Bluetooth contact-tracing as new COVID wave sends students and workers home again

Why Password Hygiene Needs a Reboot

Experts Warn About Ongoing AutoHotkey-Based Malware Attacks

China signals dissatisfaction with gig economy impact on ride-share drivers

SANS SIFT Update Spring 2021

Coming Soon SANS Cyber Solutions Fest 2021

5 Metrics Start Measuring Vulnerability Management Program

U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized

~ 15 May 2021 ~

WhatsApps New Privacy Policy Just Kicked In

~ 14 May 2021 ~

Friday Squid Blogging: Far Side Squid Comic

Verizons 2021 DBIR: Phishing and ransomware threats looming ever larger

Upcoming Speaking Engagements

Rapid7 Source Code Accessed in Supply Chain Attack

Week in security with Tony Anscombe

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Free SANS Cyber Security Summits: Sign up now, learn online, keep your network safe

Tor users, beware: 'Scheme flooding' technique may be used to deanonymize you

Cisco Confirms Plans to Acquire Kenna Security

Hospitals cancel outpatient appointments as Irish health service struck by ransomware

Ransomware Is Getting Ugly

SOC Teams Burdened by Alert Fatigue Explore XDR

The Real Cost of Colonial Pipeline's $5 Million Ransom

Wi-Fi Design, Implementation Flaws Allow a Range of Frag Attacks

NHS-backed org reacted to GitHub leak disclosure with legal threats and police call, complains IT pro

Security Trends to Follow at RSA Conference 2021

Hackers Using Microsoft Build Engine to Deliver Malware Filelessly

Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal

Cloudflare launches campaign to end the madness of CAPTCHAs

Magecart Hackers Now hide PHP-Based Backdoor In Website Favicons

Big Cybersecurity Tips For Remote Workers Who Use Their Own Tech

Introduction to ICS Security

Colonial Pipeline Paid Nearly $5 Million in Ransom to Cybercriminals

Rapid7 Source Code Breached in Codecov Supply-Chain Attack

~ 13 May 2021 ~

Decades-Old Flaws Affect Almost Every Wi-Fi Device