Port 22

~ 22 May 2024 ~

LockBit dethroned as leading ransomware gang for first time post-takedown

The Ultimate SaaS Security Posture Management Checklist, 2025 Edition

Stealers, stealers and more stealers

What happens when AI goes rogue (and how to stop it)

GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack

MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks

GitHub Enterprise Server patches 10-outta-10 critical hole

QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances

Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings

Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass

Understanding the Core of OT: Components, Systems, and Security

OT Threat Hunting: More Critical Than Ever

Uncle Sam to inject $50M into auto-patcher for hospital IT

~ 21 May 2024 ~

Zoom adds 'post-quantum' encryption for video nattering

Critical Fluent Bit bug affects all major cloud providers, say researchers

Why Your Wi-Fi Router Doubles as an Apple AirTag

Critical GitHub Enterprise Server Flaw Allows Authentication Bypass

Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users

SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure

"Linguistic Lumberjack" Vulnerability Discovered in Popular Logging Utility Fluent Bit

LCDS LAquis SCADA

Five Core Tenets Of Highly Effective DevSecOps Practices

Detecting Malicious Trackers

With ransomware whales becoming so dominant, would-be challengers ask 'what's the point?'

Eventbrite Promoted Illegal Opioid Sales to People Searching for Addiction Recovery Help

Achieve security compliance with Wazuh File Integrity Monitoring

Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

Streamlining IT Security Compliance Using the Wazuh FIM Capability

Untangling the hiring dilemma: How security solutions free up HR processes

Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses

NextGen Healthcare Mirth Connect Under Attack - CISA Issues Urgent Warning

Big Tech is not much help when fighting a junta, and FOSS doesn't ride to the rescue

Instructor Spotlight: Rich Greene

Emulating Teaching Hospital Concepts in Cybersecurity Hiring

~ 20 May 2024 ~

OpenSSF sings a Siren song to steer developers away from buggy FOSS

Julian Assange can appeal extradition to the US, London High Court rules

New Windows 11 features strengthen security to address evolving cyberthreat landscape

Google takes shots at Microsoft for shoddy security record with enterprise apps

Can I phone a friend? How cops circumvent face recognition bans

Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel

Researchers call out QNAP for dragging its heels on patch development

DoJ, ByteDance ask court: Hurry up and rule on TikTok ban already

WikiLeaks' Julian Assange Can Appeal His Extradition to the US, British Court Says

Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal

IBM Sells Cybersecurity Group

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

British Library's candid ransomware comms driven by 'emotional intelligence'

Cyber Criminals Exploit GitHub and FileZilla to Deliver Cocktail Malware

Chinese telco gear may become <i>verboten</i> on German networks

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

Nissan infosec in the spotlight again after breach affecting more than 50K US employees

Adapting to Advanced Malware: Insights from the 2024 Cybersecurity Frontlines

~ 19 May 2024 ~

Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

~ 18 May 2024 ~

An attorney says she saw her library reading habits reflected in mobile ads. That's not supposed to happen

Gawd, after that week, we wonder what's next for China and the Western world

US Official Warns a Cell Network Flaw Is Being Exploited for Spying

How two brothers allegedly swiped $25M in a 12-second Ethereum heist

~ 17 May 2024 ~

Aussie cops probe MediSecure's 'large-scale ransomware data breach'

Friday Squid Blogging: Emotional Support Squid

Three cuffed for 'helping North Koreans' secure remote IT jobs in US

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

The who, where, and how of APT attacks Week in security with Tony Anscombe

First LockBit, now BreachForums: Are cops winning the war or just a few battles?

New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs

China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT

FBI Seizes BreachForums Website

Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks

CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch Now

~ 16 May 2024 ~

Crims abusing Microsoft Quick Assist to deploy Black Basta ransomware

New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks

EU probes Meta over its provisions for protecting children

Stifling Beijing in cyberspace is now British intelligences number-one mission

North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign

Siemens Teamcenter Visualization and JT2Go

Siemens Solid Edge

Siemens Simcenter Nastran

Siemens SIMATIC CN 4100 Before V3.0

Siemens SICAM Products

Siemens RUGGEDCOM APE1808

Siemens PS/IGES Parasolid Translator Component

Siemens Parasolid

Siemens Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems

Rockwell Automation FactoryTalk View SE

Zero-Trust DNS

Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines

NCSC CTO: Broken market must be fixed to usher in new tech

Cybercriminals Exploiting Microsofts Quick Assist Feature in Ransomware Attacks

Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability

Tackling Modern Human Risks in Cybersecurity: Insights from the Verizon DBIR 2024

~ 15 May 2024 ~

FBI takes down BreachForums ransomware website and Telegram channel

Crook brags about US Army and $75b defense biz pwnage

FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity

Improving cyber defense with open source SIEM and XDR

Google Launches AI-Powered Theft and Data Protection Features for Android Devices

Android 15 Theft Detection Lock Knows When Your Phone Is Stolen

Android 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious Apps

Threat actors misusing Quick Assist in social engineering attacks leading to ransomware

Turla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic Missions

(Cyber) Risk = Probability of Occurrence x Damage