Port 22

~ 17 Sep 2024 ~

Google Cloud Document AI flaw (still) allows data theft despite bounty payout

The Mystery of Hezbollahs Deadly Exploding Pagers

At least nine dead, thousands hurt in Lebanon after Hezbollah pagers explode

Rhysida ransomware gang ships off Port of Seattle data for $6M

Remotely Exploding Pagers

Secure your organization

Predator spyware kingpins added to US sanctions list

Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense

U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation

Yokogawa Dual-redundant Platform for Computer (PC2CKM)

Siemens SIMATIC S7-200 SMART Devices

Millbeck Communications Proroute H685t-w

Meta to Train AI Models Using Public U.K. Facebook and Instagram Posts

Python Developers Targeted with Malware During Fake Job Interviews

How to Investigate ChatGPT activity in Google Workspace

ESET Research Podcast: EvilVideo

Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

China claims Starlink signals can reveal stealth aircraft and what that really means

Chinese national accused by Feds of spear-phishing for NASA, military source code

Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day

~ 16 Sep 2024 ~

Elon Musk Is a National Security Risk

The empire of C++ strikes back with Safe C++ blueprint

Snowflake slams 'more MFA' button again months after Ticketmaster, Santander breaches

Apples New Passwords App May Solve Your Login Nightmares

Legacy Ivanti Cloud Service Appliance Being Exploited

Germanys CDU still struggling to restore data months after June cyberattack

Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution

Prison just got rougher as band of heinously violent cybercrims sentenced to lengthy stints

North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware

From Breach to Recovery: Designing an Identity-Focused Incident Response Playbook

Master Your PCI DSS v4 Compliance with Innovative Smart Approvals

AI security bubble already springing leaks

Chinas quantum* crypto tech may be unhackable, but it's hardly a secret

Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure

Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

23andMe settles class-action breach lawsuit for $30 million

~ 14 Sep 2024 ~

Upcoming Speaking Engagements

Security News This Week: A Creative Trick Makes ChatGPT Spit Out Bomb-Making Instructions

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

~ 13 Sep 2024 ~

Friday Squid Blogging: Squid as a Legislative Negotiating Tactic

Feeld dating app's security too open-minded as private data swings into public view

My TedXBillings Talk

Terrorgram Charges Show US Has Had Tools to Crack Down on Far-Right Terrorism All Along

Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London

The Dark Nexus Between Harm Groups and The Com

TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw

CosmicBeetle joins the ranks of RansomHub affiliates Week in security with Tony Anscombe

New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

Cambodian senator sanctioned by US over alleged forced labor cyber-scam camps

Australias government spent the week boxing Big Tech

Feds pull plug on domains linked to import of Chinese gun conversion devices

Unlocking New Heights in DFIR: The GX-FE Certification Is Here!

Fortinet admits miscreant got hold of customer data in the cloud

'Hadooken' Linux malware targets Oracle WebLogic servers

~ 12 Sep 2024 ~

I stole 20GB of data from Capgemini and now I'm leaking it, says cyber-crook

Mastercard splurges $2.65B on another big cyber purchase Recorded Future

Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing

New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram

Google Chrome gets a mind of its own for some security fixes

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

Microsoft Is Adding New Cryptography Algorithms

Transport for London confirms 5,000 users' bank data exposed, pulls large chunks of IT infra offline

Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide

Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking

EU kicks off an inquiry into Google's AI model

Siemens User Management Component (UMC)

Siemens SINUMERIK ONE, SINUMERIK 840D and SINUMERIK 828D

Siemens SIMATIC SCADA and PCS 7 Systems

Siemens Mendix Runtime

Siemens Industrial Products

Siemens Industrial Edge Management

Rockwell Automation ThinManager

Rockwell Automation FactoryTalk View Site

Rockwell Automation FactoryTalk Batch View

Rockwell Automation AADvance Trusted SIS Workstation

AutomationDirect DirectLogic H2-DM1E

About that Windows Installer 'make me admin' security hole. Here's how it's exploited

Top 3 Threat Report Insights for Q2 2024

Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack

Ireland's Watchdog Launches Inquiry into Google's AI Data Practices in Europe

Apple Vision Pros Eye Tracking Exposed What People Type

Mind your header! There's nothing refreshing about phishers' latest tactic

NIS2, DORA, and Tiber-EU expanding cybersecurity regulation

If HDMI screen rips aren't good enough for you pirates, DeCENC is another way to beat web video DRM

Pokmon GO was an intelligence tool, claims Belarus military official

WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers

Healthcare giant to pay $65M settlement after crooks stole and leaked nude patient pics

~ 11 Sep 2024 ~

Cyber crooks shut down UK, US schools, thousands of kids affected

Apple Intelligence Promises Better AI Privacy. Heres How It Actually Works

Major sales and ops overhaul leads to much more activity ... for Meow ransomware gang

Hunters International claims ransom on Chinese mega-bank's London HQ

Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances

DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

So you paid a ransom demand and now the decryptor doesn't work

Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate

Evaluating the Effectiveness of Reward Modeling of Generative AI Systems