Port 22

~ 3 Sep 2021 ~

PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers

PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers

A parents guide to smartphone security

This New Malware Family Using CLFS Log Files to Avoid Detection

FIN7 Hackers Using Windows 11 Themed Documents to Drop Javascript Backdoor

Protect Control Systems and Critical Infrastructure with GRID

~ 2 Sep 2021 ~

Cisco Issues Patch for Critical Enterprise NFVIS Flaw PoC Exploit Available

Spring or autumn, your biggest cyber threat could be in the cloud

FTC bans 'brazen' stalkerware maker SpyFone, orders data deletion, alerts to victims

Autodesk was one of the 18,000 firms breached in SolarWinds attack, firm admits

Gift Card Gang Extracts Cash From 100k Inboxes Daily

A deep-dive into the SolarWinds Serv-U SSH vulnerability

Twitter introduces new feature to automatically block abusive behavior

In space, no one can hear cyber security professionals scream

UK VoIP telco receives 'colossal ransom demand', reveals REvil cybercrooks suspected of 'organised' DDoS attacks on UK VoIP companies

Johnson Controls Sensormatic Electronics Illustra

JTEKT TOYOPUC TCC-6353 PC10G-CPU

QakBot technical analysis

Advantech WebAccess

What is AS-REP Roasting attack, really?

New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable

Dissected: A dropper-as-a-service miscreants pay to push their malware onto potentially 1,000s of victims

WhatsApp Photo Filter Bug Could Have Exposed Your Data to Remote Attackers

Is Traffic Mirroring for NDR Worth the Trouble? We Argue It Isn't

Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks

Promociones de Entrenatiento SANS en Cyberseguridad para Latinoamrica

Making 'AutoMagic' Happen in the SOC

~ 1 Sep 2021 ~

Fired credit union employee admits: I wiped 21GB of files from company's shared drive in retaliation

FTC Bans Stalkerware App SpyFone; Orders Company to Erase Secretly Stolen Data

15-Year-Old Malware Proxy Network VIP72 Goes Dark

Relax, says NSA: There's no such thing as a quantum computer that'll crack current encryption algos

NSA: We 'don't know when or even if' a quantum computer will ever be able to break today's public-key encryption

Get free DMARC visibility with Valimail Authenticate and Microsoft Office 365

Too Log; Didn't Read Unknown Actor Using CLFS Log Files for Stealth

Too Log; Didn't Read Unknown Actor Using CLFS Log Files for Stealth

Zero-Click iPhone Exploits

Cybercriminals Abusing Internet-Sharing Services to Monetize Malware Campaigns

Linphone SIP Stack Bug Could Let Attackers Remotely Crash Client Devices

[LIVE WEBINAR] How Lean Security Teams Can Improve Their Time to Response

Indonesian authorities probe million-record leak from national COVID app

Singapore adds a third bug bounty program this time to fortify government digital services

QNAP Working on Patches for OpenSSL Flaws Affecting its NAS Devices

~ 31 Aug 2021 ~

What It'll Take to Get Power Back in New Orleans After Ida

US officials, experts fear China ransacked Exchange servers for data to train AI systems

Flaw in the Quebec vaccine passport: analysis

Faille dans la preuve vaccinale Qubcoise: analyse

Dont use singlefactor authentication, warns CISA

Microsoft a Leader in 2021 Gartner Magic Quadrant for Unified Endpoint Management Tools

Leaked Guntrader firearms data file shared. Worst case scenario? Criminals plot UK gun owners' home addresses in Google Earth

More Military Cryptanalytics, Part III

Sensormatic Electronics KT-1

No Access: LGBTIQ Website Censorship in Six Countries

Tidak Ada Akses: Penyensoran Situs LGBTIQ di Enam Negara

Vaccine passports: Is your personal data in safe hands?

Drowning in cybersecurity info? Make a dash to Security SOS Week 2021

Attackers Can Remotely Disable Fortress Wi-Fi Home Security Alarms

Researchers Propose Machine Learning-based Bluetooth Authentication Scheme

Bangkok Airways hit by LockBit ransomware attack, loses lotsa data after refusing to pay

~ 30 Aug 2021 ~

CISA Adds Single-Factor Authentication to the List of Bad Practices

Boffins find if you torture AMD Zen+, Zen 2 CPUs enough, they are vulnerable to Meltdown-like attack

New Microsoft Exchange 'ProxyToken' Flaw Lets Attackers Reconfigure Mailboxes

Karkinos Beginner Friendly Penetration Testing Tool

Karkinos Beginner Friendly Penetration Testing Tool

Karkinos Beginner Friendly Penetration Testing Tool

How to prepare for CMMC compliance as a defense industrial base supplier using the Microsoft cloud

Excellent Write-up of the SolarWinds Security Breach

How Does MTA-STS Improve Your Email Security?

~ 29 Aug 2021 ~

6 Things You Need to Do to Prevent Getting Hacked

Get Lifetime Access to 24 Professional Cybersecurity Certification Prep Courses

~ 28 Aug 2021 ~

California Man Stole 620,000 iCloud Photos in Search of Nudes

LockFile Ransomware Bypasses Protection Using Intermittent File Encryption

Microsoft Warns of Widespread Phishing Attacks Using Open Redirects

~ 27 Aug 2021 ~

Explosion in Geofence Warrants Threatens Privacy Nationwide

Microsoft warns of widespread open redirection phishing attack which Defender can block, coincidentally

Friday Squid Blogging: Tentacle Doorknob

Slap on wrist for NCC Group over CREST exam-cheating scandal as infosec org agrees to rewrite NDAs and more

Week in security with Tony Anscombe

Details of the Recent T-Mobile Breach

Beyond the pandemic: Why are data breach costs at an alltime high?

Microsoft, Google to Invest $30 Billion in Cybersecurity Over Next 5 Years

Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers

Azure's now-fixed Cosmos DB flaw could have been exploited to read, write any database

Critical Cosmos Database Flaw Affected Thousands of Microsoft Azure Customers

~ 26 Aug 2021 ~

A Bad Solar Storm Could Cause an 'Internet Apocalypse'

Widespread credential phishing campaign abuses open redirector links

Man impersonates Apple support, steals 620,000 photos from iCloud accounts

Interesting Privilege Escalation Vulnerability

Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000

Annke Network Video Recorder

Delta Electronics DIAEnergie

Delta Electronics DOPSoft

Surveillance tech company sues Police Digital Service over 'flawed' scoring of bids on 18m contract

Big tech proud as punch about cameos in Joe Biden's security theatre

Atlassian warns of critical Confluence flaw

The Increased Liability of Local In-home Propagation

F5 Releases Critical Security Patches for BIG-IP and BIG-IQ Devices

Israeli firm Bright Data named as enabler of Philippines government DDOS attacks on opposition groups

New Passwordless Verification API Uses SIM Security for Zero Trust Remote Access

VMware Issues Patches to Fix New Flaws Affecting Multiple Products

~ 25 Aug 2021 ~

Critical Flaw Discovered in Cisco APIC for Switches Patch Released