- SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks
- Despite Heightened Cyber-Risks, Few Security Leaders Report to CEO
- BEC Losses Top $1.8B as Tactics Evolve
- Cryptominers Slither into Python Projects in Supply-Chain Campaign
- Unpatched Critical Flaw Affects 'Pling Store' Platform for Linux
- Transmit Security Announces $543M Series A Funding Round
- Email Bug Allows Message Snooping, Credential Theft
- Chart: Strength in Numbers
- NSA Funds Development & Release of D3FEND Framework
- Identity Eclipses Malware Detection at RSAC Startup Competition
- Majority of Web Apps in 11 Industries Are Vulnerable All the Time
- Kids’ Apps on Google Play Rife with Privacy Violations
- Lexmark Printers Open to Arbitrary Code-Execution Zero-Day
- 7 Powerful Cybersecurity Skills the Energy Sector Needs Most
- Ransomware: What REALLY happens if you pay the crooks?
- Does Your Cyberattack Plan Include a Crisis Communications Strategy? 5 Tips to Get Started
- Six Flags to Pay $36M Over Collection of Fingerprints
- Wormable DarkRadiation Ransomware Targets Linux and Docker Instances
- NVIDIA Jetson Chipsets Found Vulnerable to High-severity Flaws
- 5 Critical Steps to Recover From a Ransomware Attack
- Did Companies Fail to Disclose Being Affected by SolarWinds Breach?
- Software-Container Supply Chain Sees Spike in Attacks
- Wegmans Exposes Customer Data in Misconfigured Databases
- Bugs in NVIDIA’s Jetson Chipset Opens Door to DoS Attacks, Data Theft
- Embryology Data Breach Follows Fertility Clinic Ransomware Hit
- From books to biometrics: Jeff Bezos’ lasting footprint on security
- Could better cyber hygiene have prevented the SolarWinds attack?
- 50% of CISOs say the push for rapid growth and digital transformation stalls cloud security
- Lawsuits filed against Scripps Health following ransomware attack, data theft
- Georgia St. Joseph’s/Candler health system shifts to downtime procedures amid ransomware attack
- Tool lets users supplement Mitre ATT&CK knowledge base with their own threat intel
- Significant increase in USB threats that can cause costly business disruptions
- Prakash Sethuraman takes CISO role at CloudBees
- UCLA implements critical event management platform for emergency response
- All the Ways Amazon Tracks You—and How to Stop It
- Survey finds utilities industry has the highest Window of Exposure
- Are you reporting to the CEO? Most security leaders don't
- Complex supply chain logistics are leaving defense contractors vulnerable
- AI Arms Race: The cat-and-mouse game with no obvious winner
- Complex supply chain logistics are leaving defense contractors vulnerable
- Government-mandated SBOMs to throw light on software supply chain security
- 7 best practices for enterprise attack surface management
- The challenge of mask enforcement amid the pandemic
- How to safeguard and optimize your assets through IoT and AI
- 10 tips for better security, safety and business intelligence
- Finding Trusted Suppliers and Sourcing Products Efficiently: New Innovations for Security Leaders
- 50% of misconfigured containers hit by botnets in under an hour
- Would companies even abide by a ransomware payments ban?
- Millions of medical images, patient data remain exposed via PACS flaws
- Millions of medical images, patient data remain exposed via PACS flaws
- Testing for Differential Privacy Bugs
- Apple Will Offer Onion Routing for iCloud/Safari Users
- Smart thermostats cranked up remotely by Texas energy firms, as consumers swelter in heat wave
- Don’t name your Wi-Fi hotspot this, unless you want to crash your iPhone
- How Cyber Safe is Your Drinking Water Supply?
- No, you’re not talking to Jason Statham
- North Korean hackers exploit VPN bug to gain access to South Korean Atomic Energy Research Institute
- The Future of Machine Learning and Cybersecurity
- Friday Squid Blogging: Video of Giant Squid Hunting Prey
- Repairmen suspected of installing ransomware on customers’ PCs. Arrests in South Korea
- First American Financial Pays Farcical $500K Fine
- Peloton Vulnerability Found and Fixed
- It’s time to get serious about enterprise password management – download this 1Password white paper now
- Fake Ledger devices mailed out in attempt to steal from cryptocurrency fans
- Intentional Flaw in GPRS Encryption Algorithm GEA-1
- CLOP ransomware suspects charged by police in Ukraine
- Paul van Oorschot’s Computer Security and the Internet
- Smashing Security podcast #232: Zoomolympics and language matters
- Ukrainian Police Nab Six Tied to CLOP Ransomware
- The US Cyber Games Launch First-Ever US Cybersecurity Team
- VPNs and Trust
- Vulnerabilities: Everybodys Got One!
- Andrew Appel on New Hampshire’s Election Audit
- How Does One Get Hired by a Top Cybercrime Gang?
- TikTok Can Now Collect Biometric Data
- Strategies, tools, and frameworks for building an effective threat intelligence team
- [webapps] Responsive Tourism Website 3.1 - Remote Code Execution (RCE) (Unauthenticated)
- [local] ASUS DisplayWidget Software 3.4.0.036 - 'ASUSDisplayWidgetService' Unquoted Service Path
- [webapps] Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference (IDOR)
- [webapps] OpenEMR 5.0.1.7 - 'fileName' Path Traversal (Authenticated)
- [local] iFunbox 4.2 - 'Apple Mobile Device Service' Unquoted Service Path
- [remote] Solaris SunSSH 11.0 x86 - libpam Remote Root (3)
- [local] Wise Care 365 5.6.7.568 - 'WiseBootAssistant' Unquoted Service Path
- [local] Lexmark Printer Software G2 Installation Package 1.8.0.0 - 'LM__bdsvc' Unquoted Service Path
- [webapps] Websvn 2.6.0 - Remote Code Execution (Unauthenticated)
- [webapps] Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery (CSRF)
- [webapps] Simple CRM 3.0 - 'name' Stored Cross site scripting (XSS)
- [webapps] Customer Relationship Management System (CRM) 1.0 - Remote Code Execution
- [local] Remote Mouse GUI 3.008 - Local Privilege Escalation
- Microsoft announces recipients of academic grants for AI research on combating phishing
- [webapps] ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery (CSRF)
- [remote] Dlink DSL2750U - 'Reboot' Command Injection
- [webapps] Node.JS - 'node-serialize' Remote Code Execution (3)
- [webapps] ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation
- [webapps] ICE Hrm 29.0.0.OS - 'xml upload' Stored Cross-Site Scripting (XSS)
- Improve your threat detection and response with Microsoft and Wortell
- [webapps] Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration
- [webapps] Online Shopping Portal 3.1 - Remote Code Execution (Unauthenticated)
- Afternoon Cyber Tea: Microsoft’s cybersecurity response to COVID-19
- Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign
- Bugtraq: On Second Thought...
- Bugtraq: Re: BugTraq Shutdown
- Bugtraq: Re: [SECURITY] [DSA 4628-1] php7.0 security update
- Bugtraq: BugTraq Shutdown
- Bugtraq: Local information disclosure in OpenSMTPD (CVE-2020-8793)
- Bugtraq: Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)
- Bugtraq: [SECURITY] [DSA 4633-1] curl security update
- Bugtraq: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)
- Bugtraq: [TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass
- Bugtraq: [TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP)
- Bugtraq: [slackware-security] proftpd (SSA:2020-051-01)
- Bugtraq: [SECURITY] [DSA 4629-1] python-django security update
- Bugtraq: [SECURITY] [DSA 4628-1] php7.0 security update
- Bugtraq: [TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP)
- More rss feeds from SecurityFocus
- Vuln: Jenkins Credentials Binding Plugin CVE-2019-1010241 Information Disclosure Vulnerability
- Vuln: Qualcomm Components CVE-2019-2307 Integer Underflow Vulnerability
- Vuln: LibreOffice Remote Code Execution and Unauthorized Access Vulnerabilities
- Vuln: KDE KAuth CVE-2017-8422 Local Privilege Escalation Vulnerability
- Cloud enhancement
- WikiLeaks created a map showing where Amazon’s data centers are located
- Get started with Terraform automated cloud deployment - two projects: Cloudblock (Pihole+Wireguard) & Cloudoffice (Nextcloud+Onlyoffice). Your choice of six major cloud providers with text and video guides for deploying from scratch.
- Oracle VM - Abuse warning
- Do Cloud Service Companies pay or compensate for mistakes, like Security Breach, not responding servers, and lost data?
- !!!*IMP: Conftest Integration with AWS or Other*!!!!
- About the bandwidth of Alibaba, Tencent, and Huawei. Am I missing something?
- Aws or azure?
- Cloud performance benchmarks
- I nede a server to run my simulations, should I look for a VPS?
- Why aws use fastly instead of its own cdn service?
- Xen Security Advisories (XSA-372, 373, 374, 375, and 377)
- runC Security Issue (CVE-2021-30465)
- How questDB achieved write speeds of 1.4 million rows per second
- Can someone explain Multitenant Architecture in simple words with examples?
- Recommend Books on Cloud Computing
- A roadmap for cloud security by Marco Lancini
- Where are the best (free)resources to start learning cloud computing?
- Looking to learn the basics
- Where/how to run cheap parallel processes?
- Monitor cloud instances across multi-cloud / accounts
- The cheapest way to run a docker image for a hobby project?
- Azure gains 100th compliance offering—protecting data with EU Cloud Code of Conduct
- Resolved: Application Load Balancer Session Ticket Issue
- Strengthen and optimize compliance in Azure Security Center
- Installing Mobile Apps
- Dark Web
- Use Caution Opening Email Attachments
- Phone Call Attacks
- Ransomware
- Got Backups?
- Kids and Family Members
- Fake News
- Securing Your Wi-Fi Access Point
- Scamming You Through Social Media
- Careers in Cybersecurity
- CEO Fraud
- Forwarding Emails
- Unique Passwords
- Personalized Scams
- Identity Theft
- You Are a Target
- Virtual Private Networks
- Anti-Virus
- Two-Step Verification
- Privacy and Mobile Device Apps
- Best Practices for Securing Election Systems
- Protecting Against Ransomware
- Questions Every CEO Should Ask About Cyber Risks
- Website Security