- + Microsoft and Security Incentives—Former senior White House cyber policy director A. J. Grotto talks ab...
- + Using Legitimate GitHub URLs for Malware—Interesting social-engineering attack vector : McAfee released a ...
- + Upcoming Speaking Engagements—This is a current list of where and when I am scheduled to speak: ...
- + Friday Squid Blogging: The Awfulness of Squid Fishing Boats—It’s a pretty awful story . As usual, you can also use this ...
- + Smuggling Gold by Disguising it as Machine Parts—Someone got caught trying to smuggle 322 pounds of gold (that’...
- + Backdoor in XZ Utils That Almost Happened—Last week, the Internet dodged a major nation-state attack that would ...
- show more ...
As of 4/23/24 9:51am. Last new 4/23/24 7:37am. Score: 446
- + Proposed data broker regulations draw industry pushback on anonymized data exceptions, bulk thresholds—html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org...
- + Cybersecurity executive order requirements are nearly complete, GAO says—Cybersecurity executive order requirements are nearly complete, GAO sa...
- show more ...
As of 4/23/24 9:51am. Last new 4/22/24 6:11pm. Score: 434
- + VU#123335: Multiple programming languages fail to escape arguments properly in Microsoft Windows—Overview Various programming languages lack proper validation mechan...
- + VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks—Overview A new cross-privilege Spectre v2 vulnerability that impacts...
- + VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks—Overview HTTP allows messages to include named fields in both header...
- + VU#417980: Implementations of UDP-based application protocols are vulnerable to network loops—Overview A novel traffic-loop vulnerability has been identified agai...
- + VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions—Overview A Speculative Race Condition (SRC) vulnerability that impac...
- + VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file upload attacks—Overview Sciener is a company that develops software and hardware fo...
- + VU#446598: GPU kernel implementations susceptible to memory leak—Overview General-purpose graphics processing unit (GPGPU) platforms ...
- + VU#302671: SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies—Overview A vulnerability has been found in the way that SMTP servers...
- + VU#132380: Vulnerabilities in EDK2 NetworkPkg IP stack implementation.—Overview Multiple vulnerabilities were discovered in the TCP/IP stac...
- + VU#811862: Image files in UEFI can be abused to modify boot behavior—Overview Implementation of Unified Extensible Firmware Interface (UE...
- show more ...
As of 4/23/24 9:51am. Last new 4/22/24 3:38am. Score: 380
- + ISC StormCast for Tuesday, April 23rd, 2024—Number of Industrial Devices Accessible From Internet Up 30 Thousand o...
- + ISC StormCast for Monday, April 22nd, 2024—The CVE's They are A-Changing https://isc.sans.edu/diary/The%20CVE%...
- + ISC StormCast for Friday, April 19th, 2024—Delinea Secret Server Authn Authz Bypass https://straightblast.medi...
- + ISC StormCast for Thursday, April 18th, 2024—Malicious PDF File As Delivery Mechanism https://isc.sans.edu/diary...
- + ISC StormCast for Wednesday, April 17th, 2024—Palo Alto Networks GlobalProtect exploit public and widely exploited C...
- + ISC StormCast for Tuesday, April 16th, 2024—Quick Palo Alto Networks Global Protect Vulnerablity Update CVE-2024-3...
- + ISC StormCast for Sunday, April 14th, 2024—Palo Alto Networks GlobalProtect 0-Day CVE-2024-3400 https://securi...
- + ISC StormCast for Friday, April 12th, 2024—BatBadBut: You can't securely execute commands on Windows https://f...
- + ISC StormCast for Thursday, April 11th, 2024—Rust Command API code execution vulnerability CVE-2024-24576 https:...
- + ISC StormCast for Wednesday, April 10th, 2024—Microsoft Patches https://isc.sans.edu/forums/diary/April%202024%20...
- show more ...
As of 4/23/24 9:51am. Last new 4/23/24 2:41am. Score: 357
- + Microsoft and Security Incentives—Former senior White House cyber policy director A. J. Grotto talks ab...
- + Using Legitimate GitHub URLs for Malware—Interesting social-engineering attack vector : McAfee released a ...
- + Upcoming Speaking Engagements—This is a current list of where and when I am scheduled to speak: ...
- + Friday Squid Blogging: The Awfulness of Squid Fishing Boats—It’s a pretty awful story . As usual, you can also use this ...
- + Smuggling Gold by Disguising it as Machine Parts—Someone got caught trying to smuggle 322 pounds of gold (that’...
- + Backdoor in XZ Utils That Almost Happened—Last week, the Internet dodged a major nation-state attack that would ...
- show more ...
As of 4/23/24 9:51am. Last new 4/23/24 7:37am. Score: 351
- + Google Public DNS’s approach to fight against cache poisoning attacks—Tianhao Chi and Puneet Sood, Google Public DNS The Domain...
- + Address Sanitizer for Bare-metal Firmware—Posted by Eugene Rodionov and Ivan Lozano, Android Team With stead...
- + Real-time, privacy-preserving URL protection—Posted by Jasika Bawa, Xinghui Lu, Google Chrome Security & Jonath...
- + Vulnerability Reward Program: 2023 Year in Review—Posted by Sarah Jacobus, Vulnerability Rewards Team Last year, we ...
- + Secure by Design: Google’s Perspective on Memory Safety—Alex Rebert, Software Engineer, Christoph Kern, Principal Engineer, Se...
- + Piloting new ways of protecting Android users from financial fraud —Posted by Eugene Liderman, Director of Mobile Security Strategy, Googl...
- + Improving Interoperability Between Rust and C++—Posted by Lars Bergstrom – Director, Android Platform Tools & Libr...
- + UN Cybercrime Treaty Could Endanger Web Security—Royal Hansen, Vice President of Privacy, Safety and Security Engineeri...
- + Scaling security with AI: from detection to solution—Dongge Liu and Oliver Chang, Google Open Source Security Team, Jan Now...
- + Effortlessly upgrade to Passkeys on Pixel phones with Google Password Manager—Posted by Sherif Hanna, Group Product Manager, Pixel Security He...
- show more ...
As of 4/23/24 9:51am. Last new 4/22/24 3:38am. Score: 311
- + More on the PAN-OS CVE-2024-3400—On April 10, 2024 Palo Alto Networks Product Security Incident Respons...
- + Palo Alto Networks Recognized by Gartner as a Leader in SSE Report—Palo Alto Networks Named a Leader in 2024 Gartner® Magic Quadrant™ for...
- + The Evolving Threat of Ransomware — A Call to Action for Cybersecurity—In the ever-evolving landscape of cybersecurity, the specter of ransom...
- + What’s Next in Cortex — XSIAM for Cloud and Other Innovations—Tackling Diverse SecOps Challenges Simultaneously Security operati...
- + Google Cloud and Palo Alto Networks Deliver Cloud-Native NGFW Service—Google Cloud and Palo Alto Networks are excited to announce the genera...
- + Entering the Next Chapter of SASE at InterSECt 2024—Change is a fact of life and digital transformation. It comes with how...
- + Unleash Platform Power with Strata Cloud Manager’s Command Center—Revolutionizing Network Security Every week, we get the privilege o...
- + The Power of AI Assistants and Advanced Threat Detection—Smarter Security ...
- + Palo Alto Networks 2023 ESG Report — Securing Our Digital Future—At Palo Alto Networks, we protect organizations and vital social struc...
- + AI, Cybersecurity and the Rise of Large Language Models—Artificial intelligence (AI) plays a crucial role in both defending ag...
As of 4/23/24 9:51am. Last new 4/22/24 3:38am. Score: 291
- + Webinar: Learn Proactive Supply Chain Threat Hunting Techniques—In the high-stakes world of cybersecurity, the battleground has shifte...
- + Unmasking the True Cost of Cyberattacks: Beyond Ransom and Recovery—Cybersecurity breaches can be devastating for both individuals and bus...
- + Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases—European Police Chiefs said that the complementary partnership between...
- + German Authorities Issue Arrest Warrants for Three Suspected Chinese Spies—German authorities said they have issued arrest warrants against three...
- + U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse—The U.S. Department of State on Monday said it's taking step...
- + Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware—The Russia-linked nation-state threat actor tracked as APT28 ...
- + ToddyCat Hacker Group Uses Advanced Tools for Industrial-Scale Data Theft—The threat actor known as ToddyCat has been observ...
- + Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft—The threat actor known as ToddyCat has been observ...
- + Pentera's 2024 Report Reveals Hundreds of Security Events per Week, Highlighting the Criticality of Continuous Validation—Over the past two years, a shocking 51% of organizations surveyed...
- + MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws—The MITRE Corporation revealed that it was the target of a nation-stat...
- show more ...
As of 4/23/24 9:51am. Last new 4/23/24 8:34am. Score: 262
- + #StopRansomware: Akira Ransomware—SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of...
- + #StopRansomware: Phobos Ransomware—SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part ...
- + SVR Cyber Actors Adapt Tactics for Initial Cloud Access—How SVR-Attributed Actors are Adapting to the Move of Government and C...
- + Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways—SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA)...
- + Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization—SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA)...
- + PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure—SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA)...
- + Known Indicators of Compromise Associated with Androxgh0st Malware—SUMMARY The Federal Bureau of Investigation (FBI) and the Cybersecu...
- + #StopRansomware: ALPHV Blackcat—SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part ...
- + Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment—SUMMARY In January 2023, the Cybersecurity and Infrastructure Secur...
- + #StopRansomware: Play Ransomware—SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part ...
As of 4/23/24 9:51am. Last new 4/22/24 3:38am. Score: 258
- + #StopRansomware: Akira Ransomware—SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of...
- + #StopRansomware: Phobos Ransomware—SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part ...
- + SVR Cyber Actors Adapt Tactics for Initial Cloud Access—How SVR-Attributed Actors are Adapting to the Move of Government and C...
- + Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways—SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA)...
- + Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization—SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA)...
- + PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure—SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA)...
- + Known Indicators of Compromise Associated with Androxgh0st Malware—SUMMARY The Federal Bureau of Investigation (FBI) and the Cybersecu...
- + #StopRansomware: ALPHV Blackcat—SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part ...
- + Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment—SUMMARY In January 2023, the Cybersecurity and Infrastructure Secur...
- + #StopRansomware: Play Ransomware—SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part ...
As of 4/23/24 9:51am. Last new 4/22/24 3:38am. Score: 251
- + MAR-10448362-1.v1 Volt Typhoon—Notification This report is provided "as is" for informational purpo...
- + MAR-10478915-1.v1 Citrix Bleed— Notification This report is provided "as...
- + MAR-10454006.r5.v1 SUBMARINE, SKIPJACK, SEASPRAY, WHIRLPOOL, and SALTWATER Backdoors — Notification This report is provided "...
- + MAR-10430311-1.v1 Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475— Notification This report is provided "as...
- + Infamous Chisel Malware Analysis Report—Infamous Chisel–A collection of components associated with Sandworm de...
- + MAR-10459736.r1.v1 WHIRLPOOL Backdoor— Notification This report is provided "...
- + MAR-10454006.r4.v2 SEASPY and WHIRLPOOL Backdoors— Notification This report is provided "as is" f...
- + MAR-10454006-r3.v1 Exploit Payload Backdoor — Notification This report is provided "as...
- + MAR-10454006-r2.v1 SEASPY Backdoor — Notification This report is provided "as...
- + MAR-10454006-r1.v2 SUBMARINE Backdoor— Notification This report is provided "as is" ...
As of 4/23/24 9:51am. Last new 4/22/24 3:38am. Score: 248
- + Chinese Government Poses 'Bold and Unrelenting' Threat to U.S. Critical Infrastructure: FBI—4/19/24 ...
- + Spyware as Service: What the i-Soon Files Reveal About China’s Targeting of the Tibetan Diaspora—4/19/24 ...
- + Iran versus Israel: Who Has the Military Edge?—4/19/24 ...
- + Vitriolic Reactions to Arouri's Killing Highlight His Importance to the Iranian Regime’s “Axis of Resistance”—4/19/24 ...
- + Israel’s Cybersecurity Market is Maturing, and Just in Time—4/20/24 ...
- + Tennessee Is Ramping Up Penalties for Student Threats. Research Shows That’s Not the Best Way to Keep Schools Safe.—4/20/24 ...
- + In a First, California Cracks Down on Farms Guzzling Groundwater—4/19/24 ...
- + Is the U.S. Ready for Extraterrestrials? Not If They’re Microbes | Outdated ridge Safety Standards | Cyberattacks Caused One Texas Water System to Overflow, and more—4/20/24 ...
- + The Growing Incentive to Go Nuclear | Paris Tests AI Surveillance Ahead of Olympics | Forget About Chips—China Is Coming for Ships, and more—4/20/24 ...
- + Chinese Government Poses 'Bold and Unrelenting' Threat to U.S. Critical Infrastructure: FBI—4/19/24 ...
- show more ...
As of 4/23/24 9:51am. Last new 4/20/24 4:25pm. Score: 245
- + 88% of respondents will focus security investments on cloud security—According to a recent cybersecurity priorities report, security analys...
- + 73% of security professionals failed to act during security alert—Security leaders in small and medium-sized enterprises are overwhelmed...
- + 66% of IT leaders doubt the government can defend against cyberwarfare—In a recent report, two-thirds of IT leaders express a lack of confide...
- + Report finds a near 20% increase in ransomware victims year-over-year—The number of victims experiencing ransomware incidents has risen sinc...
- + Pentesting accounts for an average of 13% of total IT security budgets—A recent report has emphasized the prevalence and importance of pentes...
- + Nevada loses the most money to cybercrime—The widespread financial burden of cybercrime in the U.S. was recently...
- + Report finds that only 5% of businesses have a cyber expert—Although cybersecurity is vital to an organization’s financial success...
- + A vulnerability in Linux distributions may allow unauthorized access —A recently detected vulnerability in many Linux distributions may open...
- + Security leaders weigh in on the White House's order regarding AI—The White House held a press call in regard to the federal government'...
- + 51% of check fraud victims had been targeted two or more times—Almost a third of Americans surveyed (31%) admitted to either not foll...
- show more ...
As of 4/23/24 9:51am. Last new 4/23/24 8:36am. Score: 233
- + Suspected CoralRaider continues to expand victimology using three information stealers—By Joey Chen, Chetan Raghuprasad and Alex Karkins. Cisco Talo...
- + What’s the deal with the massive backlog of vulnerabilities at the NVD?—The National Vulnerability Database is usually the single source of tr...
- + Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?—If you’re a regular reader of this newsletter, you already know...
- + OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal—During a threat-hunting exercise, Cisco Talos discovered documents wit...
- + Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials—Cisco Talos would like to acknowledge Brandon White of Cisco Talos and...
- + The internet is already scary enough without April Fool’s jokes—I feel like over the past several years, the “holiday” t...
- + Vulnerability in some TP-Link routers could lead to factory reset—Cisco Talos’ Vulnerability Research team has disclosed 10 vulne...
- + April’s Patch Tuesday includes 150 vulnerabilities, 60 which could lead to remote code execution—In one of the largest Patch Tuesdays in years, Microsoft disclosed 150...
- + Starry Addax targets human rights defenders in North Africa with new malware—Cisco Talos is disclosing a new threat actor we deemed “Starry ...
- + There are plenty of ways to improve cybersecurity that don’t involve making workers return to a physical office—As my manager knows, I’m not the biggest fan of working in a ph...
- show more ...
As of 4/23/24 9:51am. Last new 4/23/24 9:08am. Score: 226
- + Veritas enhances cyber resilience with AI-powered solutions—Veritas Technologies announced artificial intelligence (AI)-powered ad...
- + Stellar Cyber launches MITRE ATT&CK Coverage Analyzer—Stellar Cyber launched the MITRE ATT&CK Coverage Analyzer, enablin...
- + Veeam acquires Coveware to boost its ransomware protection capabilities—Veeam Software announced the acquisition of Coveware, a provider in cy...
- + CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)—A vulnerability (CVE-2024-4040) in enterprise file transfer solution C...
- + Trellix Email Security for Microsoft Office 365 improves email defense—Trellix announced Trellix Email Security for Microsoft Office 365. Com...
- + Align introduces ransomware prevention feature, powered by Adlumin—Align announces the inclusion of a new ransomware prevention feature t...
- + The rising influence of AI on the 2024 US election—We stand at a crossroads for election misinformation: on one side our ...
- + 10 colleges and universities shaping the future of cybersecurity education—Institutions featured on this list often provide undergraduate and gra...
- + People doubt their own ability to spot AI-generated deepfakes—23% of Americans said they recently came across a political deepfake t...
- + What is multi-factor authentication (MFA), and why is it important?—Setting up MFA can seem daunting for consumers just beginning to clean...
- show more ...
As of 4/23/24 9:51am. Last new 4/23/24 9:08am. Score: 222
- + SentinelOne’s Gregor Stewart on AI in Cybersecurity—Certainly there is massive hype about AI and its potential, and this e...
- + Packetlabs CEO Richard Rogerson on Avoiding Ransomware—See below for a video and podcast version of the interview. I s...
- + AT&T’s Theresa Lanowitz on Cybersecurity in Edge Computing—I spoke with Theresa Lanowitz, Head of Cybersecurity Evangelism at AT...
- + How Veeam Helped New Orleans Fight Ransomware—When faced with a ransomware attack, organizations and government agen...
- + Cohesity and Microsoft Tag Team To Improve Data Protection—Cohesity and Microsoft recently announced they have expanded their par...
- + Fortanix CEO Anand Kashyap on Confidential Computing—I spoke with Anand Kashyap, CEO of Fortanix , about how cloud data se...
- + NVIDIA CSO David Reber on AI and Cybersecurity—I spoke with David Reber, CSO of Nvidia , about how the modern cybers...
- + IBM’s Vision for Security in the Quantum Era—Enterprise technology solutions are predicated on the knowledge that l...
- + DigiCert Rolls Out Trust Lifecycle Manager—DigiCert this week launched a comprehensive digital trust solution t...
- + Tech Predictions for 2023: AI, Cloud, Edge, Cybersecurity, and More—So you think you can predict the course of technology in the year ahea...
As of 4/23/24 9:51am. Last new 4/22/24 3:39am. Score: 205
- + Akira Ransomware—FortiGuard Labs continue to observe detections in the wild related to ...
- + PAN-OS GlobalProtect Command Injection Vulnerability—The attack on PAN-OS GlobalProtect devices identified as CVE-2024-3400...
- + Sunhillo SureLine Command Injection Attack—The attack on Sunhillo SureLine identified as CVE-2021-36380 allows a ...
- + Nice Linear eMerge Command Injection Vulnerability—The vulnerability tracked as CVE-2019-7256 affecting an access control...
- + ConnectWise ScreenConnect Attack—Threat actors including ransomware gangs are seen exploiting newly dis...
- + Ivanti Connect Secure and Policy Secure Attack—Widespread exploitation of zero-day vulnerabilities affecting Ivanti C...
- + Outbreak Alert- Annual Report 2023—FortiGuard Labs published a total of 38 Outbreak Alerts in the year 20...
- + Androxgh0st Malware Attack—FortiGuard Labs continue to observe widespread activity of Androxgh0st...
- + Adobe ColdFusion Access Control Bypass Attack—FortiGuards labs observed extremely widespread exploitation attempts r...
- + Microsoft SharePoint Server Elevation of Privilege Vulnerability—CVE-2023-29357 is an authentication bypass vulnerability, which means ...
- show more ...
As of 4/23/24 9:51am. Last new 4/22/24 9:01pm. Score: 198
- + Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability—Palo Alto Networks firewall vulnerability CVE-2024-3400, exploited as ...
- + Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor—The LockBit ransomware gang leaks data allegedly stolen from governmen...
- + Microsoft DRM Hack Could Allow Movie Downloads From Popular Streaming Services—Microsoft PlayReady vulnerabilities that could allow rogue subscribers...
- + Research Shows How Attackers Can Abuse EDR Security Products—Vulnerabilities in Palo Alto Networks Cortex XDR allowed a security re...
- + Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow—A hack that caused a small Texas town’s water system to overflow in Ja...
- + CrushFTP Patches Exploited Zero-Day Vulnerability—CrushFTP patches a zero-day vulnerability allowing unauthenticated att...
- + Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability —Shadowserver has identified roughly 6,000 internet-accessible Palo Alt...
- + MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days—MITRE R&D network hacked in early January by a state-sponsored thr...
- + Cannes Hospital Cancels Medical Procedures Following Cyberattack—Cannes Hospital Centre – Simone Veil cancels medical procedures after ...
- show more ...
As of 4/23/24 9:51am. Last new 4/23/24 7:37am. Score: 192
- + Debian Security Advisory 5665-1—Debian Linux Security Advisory 5665-1 - Several security vulnerabiliti...
- + Debian Security Advisory 5664-1—Debian Linux Security Advisory 5664-1 - Jetty 9 is a Java based web se...
- + Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference—Elber Wayber Analog/Digital Audio STL version 4.00 suffers from an una...
- + Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass—Elber Wayber Analog/Digital Audio STL version 4.00 suffers from an aut...
- + Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference—Elber ESE DVB-S/S2 Satellite Receiver version 1.5.x suffers from an un...
- + Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass—Elber ESE DVB-S/S2 Satellite Receiver version 1.5.x suffers from an au...
- + Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Insecure Direct Object Reference—Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an un...
- + Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass—Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an au...
- + Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Insecure Direct Object Reference—Elber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers ...
- + Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass—Elber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers ...
- show more ...
As of 4/23/24 9:51am. Last new 4/19/24 5:20am. Score: 165
- + Popular NFT Marketplace Phished for $540M—In March, a North Korean APT siphoned blockchain gaming platform Axie ...
- + ‘CryptoRom’ Crypto-Scam is Back via Side-Loaded Apps—Scammers are bypassing Apple's App Store security, stealing thousands ...
- + Free HermeticRansom Ransomware Decryptor Released—Cruddy cryptography means victims whose files have been encrypted by t...
- + Cybercriminals Target Alibaba Cloud for Cryptomining, Malware—Malicious groups disable features in Alibaba Cloud ECS instances for M...
- + Google Ads for Faux Cryptowallets Net Scammers At Least $500K—Malicious Phantom, MetaMask cryptowallets are on the prowl to drain vi...
- + Squid Game Crypto Scammers Rip Off Investors for Millions—Anti-dumping code kept investors from selling SQUID while fraudsters c...
- + OpenSea ‘Free Gift’ NFTs Drain Cryptowallet Balances—Cybercriminals exploited bugs in the world's largest digital-goods mar...
- + Oops! Compound DeFi Platform Gives Out $90M, Would Like it Back, Please—The Compound cryptocurrency exchange accidentally botched a platform u...
- + Financial Cybercrime: Following Cryptocurrency via Public Ledgers—John Hammond, security researcher with Huntress, discusses a wallet-hi...
- + WhatsApp’s End-to-End Encryption Isn’t Actually Broken—WhatsApp’s moderators sent messages flagged by intended recipients. Re...
As of 4/23/24 9:51am. Last new 4/22/24 3:39am. Score: 164
- + OISF 2023 Videos—OISF 2023 Videos These are the videos from the OISF Anniversary Ev...
- + OISF 2022—OISF 2022 These are the videos from the OISF Anniversary Event . ...
- + Brian Rea (DeviantOllam Deviant) and Lesley Carhart (Hacks4Pancakes) continue their harassment of me—Please notice I left these people alone for a long period of time and ...
- + OSInt, Doxing And Cyberstalking Page Updated—Link: http://www.irongeek.com/i.php?page=security/doxing-footprinting...
- + OISF 2021 Videos—OISF 2021 Videos These are the videos from the OISF Anniversary E...
- + BSides Cleveland 2021 Videos—BSides Cleveland 2021 Videos These are the videos from the Bsides ...
- + Who's Your Hacker —Who's Your Hacker Con Webinar Series Who's Your Hacker Con is putting...
- + BSides Tampa 2020 Videos —Link: http://www.irongeek.com/i.php?page=videos/bsidestampa2020/mainl...
- + Louisville Infosec 2019 Videos—Link: http://www.irongeek.com/i.php?page=videos/louisvilleinfosec2019...
- + BSidesCT 2019 Video —Link: http://www.irongeek.com/i.php?page=videos/bsidesct2019/mainlist...
- show more ...
As of 4/23/24 9:51am. Last new 4/22/24 3:39am. Score: 130
- + 5x5: The Public Safety Innovation Summit—5x5 ― the confirmation of a strong and clear signal ― and the place to...
- + CHIPS R&D National Advanced Packaging Manufacturing Program (NAPMP) Advanced Packaging Summit—The National Advanced Packaging Manufacturing Program (NAPMP) and NASA...
- + A Standard for Quantifying Yohimbe in Dietary Supplements—SRM 3383 Yohimbe-Containing Solid Oral Dosage Form is part of a contin...
- + An SRM for Measuring Arsenic in Shellfish—NIST has developed many environmentally relevant Standard Reference Ma...
- + John W. Lyons, Who Led NIST in Times of Great Change, Dies at 93—Lyons served as director of NIST from 1990 to 1993 and guided the orga...
- + CHIPS R&D Digital Twin Data Interoperability Standards Workshop—The CHIPS Research and Development Office’s Digital Twin Data Interope...
- + CHIPS R&D Semiconductor Supply Chain Trust and Assurance Data Standards Workshop—The CHIPS Research and Development Office’s Semiconductor Supply Chain...
- + Bullseye! NIST Devises a Method to Accurately Center Quantum Dots Within Photonic Chips—Devices that capture the brilliant light from millions of quantum dots...
- + Spotlight: Test Instrument Puts Materials Under Forces at High Speeds to Mimic Many Instantaneous Situations in the Real World—This elongated test instrument, the first of its kind in the world, pu...
- + Balloting of IEEE 3388 Standard for the Performance Assessment of Industrial Wireless Systems—The IEEE draft standard, P3388 , titled “Standard for the Performance ...
- show more ...
As of 4/23/24 9:51am. Last new 4/22/24 3:39am. Score: 127
- + NIST Workshop on the Requirements for an Accordion Cipher Mode 2024—FULL WORKSHOP DETAILS NIST will host a workshop on the development of ...
- + 2024 Iris Experts Group (IEG) Meeting—The Iris Experts Group (IEG) will hold their annual meeting on Thursda...
- + NICE Webinar: Empowering Refugee Communities in Cybersecurity Roles—Speakers: To be announced. Synopsis: Join us for an insightful webinar...
- + NICE Webinar: Equity Strategies in Youth Apprenticeship Programs and Partnerships—Speakers: To be announced. Synopsis: Youth apprenticeship delivers pai...
- + NICE Webinar: Reintegrating Justice-Involved Individuals into Cybersecurity Careers—Speakers: To be announced. Synopsis: Join us during Second Chance Mont...
- + Applicant’s Webinar: 2024 NICE RAMPS Funding Opportunity—The recording of this webinar will be available soon. The presentation...
- + The 35th Quest for Excellence® Conference—April 7–10, 2024 Gaylord National Harbor | #BaldrigeQuest COME. LEARN....
- + NIST Awards $3.6 Million for Community-Based Cybersecurity Workforce Development—The grants of roughly $200,000 each will go to 18 education and commun...
- + Enhancing Security of Devices and Components Across the Supply Chain—FULL WORKSHOP DETAILS NIST is hosting an in-person all-day workshop on...
- + NIST Releases Version 2.0 of Landmark Cybersecurity Framework—The agency has finalized the framework’s first major update since its ...
- show more ...
As of 4/23/24 9:51am. Last new 4/22/24 3:39am. Score: 115
- + KB5036534: Latest Windows hardening guidance and key dates - Microsoft Support
- + “An operating system wasn’t found” error when booting Windows - Microsoft Support—When trying to boot Windows, you receive the error: An operating syste...
- + Use Snipping Tool to capture screenshots - Microsoft Support—Learn how to use Snipping Tool to capture a screenshot, or snip, of an...
- + Supported mobile operators for the Mobile Plans app in Windows - Microsoft Support—Find out what mobile operators offer cellular data plans through the M...
- + Save or forget passwords in Microsoft Edge - Microsoft Support—Use Microsoft Edge settings to save user name and password information...
- + KB4073119: Windows client guidance for IT Pros to protect against silicon-based microarchitectural and speculative execution side-channel vulnerabilities - Microsoft Support—Provides Windows client guidance for IT Pros to protect against specul...
- + Older versions of BattlEye software may not be compatible with Windows 10, version 1903 - Microsoft Support—There is a compatability issue with older versions of BattlEye softwar...
- + April 9, 2024—KB5036896 (OS Build 17763.5696) - Microsoft Support
- + April 9, 2024—KB5036899 (OS Build 14393.6897) - Microsoft Support
- + Create a recovery drive - Microsoft Support—Create a recovery drive so you can reinstall Windows 10 or Windows 11 ...
- show more ...
As of 4/23/24 9:52am. Last new 4/22/24 3:39am. Score: 56