homethehackernews.comRussian Pleads Guilty to Running 'CardPlanet' to Sell Stolen Credit Cards250 Million Microsoft Customer Support Records Exposed OnlineSaudi Prince Allegedly Hacked World's Richest Man Jeff Bezos Using WhatsAppDownload: The State of Security Breach Protection 2020 Survey ResultsBitDam Study Exposes High Miss Rates of Leading Email Security SystemsCitrix Releases Patches for Critical ADC Vulnerability Under Active Attacksciencedaily.comOrganized cybercrime -- not your average mafiaAlphaZero learns to rule the quantum world'Inconsistent and misleading' password meters could increase risk of cyber attacksScientists correlate photon pairs of different colors generated in separate buildingsHow vulnerable is your car to cyberattacks?Storing data in everyday objectswired.comInside Pwn2Own's High-Stakes Industrial Hacking ContestElections Globally Are Under Threat. Here's How to Protect ThemJeff Bezos’ Hacked Phone, Coronavirus Hits the US, and More NewsEverything We Know About the Jeff Bezos Phone HackFree Press Advocates Decry Cybercrime Charges Against Glenn GreenwaldA Handy Chrome Feature, a Sonos Update Warning, and More Newszerodayinitiative.comPwn2Own Miami 2020 - Schedule and Live ResultsReliably Finding and Exploiting ICS/SCADA BugsThe January 2020 Security Update ReviewPwn2Own Returns to Vancouver for 2020Privilege Escalation Via the Core Shell COM Registrar ObjectRegular Exploitation of a Tesla Model 3 through Chromium RegExpbleepingcomputer.comMicrosoft is Adding Classic ‘Edge Mode’ to New Edge BrowserU.S. Govt Agency Hit with New CARROTBALL Malware DropperSonos Backtracks: Legacy Devices Will Get Updates After MayBipartisan Coalition Bill Introduced to Reform NSA SurveillanceTrickBot Now Steals Windows Active Directory CredentialsBuchbinder Car Renter Exposes Info of Over 3 Million Customersitpro.co.ukLondon Stock Exchange outage investigated as possible cyber attackUS warns of Iran cyber retaliation amid Soleimani falloutWindows 7 ends: what do you do next?Travelex services forced offline by cyber attackWhat is the California Consumer Privacy Act (CCPA)?How to manage a departing employee’s access to ITreddit.com/r/securityBest “Security for the Less Tech/Security Savvy” resourcescybersecurity, security- let's sort this out. Your opinion needed before we make subreddit changes.Mac users are getting bombarded by laughably unsophisticated malwareThey're being totally unprofessional and acting like clownsAmazon Engineer Leaked Private Encryption Keys. Outside Analysts Discovered Them in MinutesRussian Pleads Guilty to Running 'CardPlanet' to Sell Stolen Credit Cardsreddit.com/r/netsecThe /r/netsec Monthly Discussion Thread - January 2020/r/netsec's Q1 2020 Information Security Hiring ThreadA collection of UNIX hacking tips & tricks curated by THCVirusTotal is not an Incident Responder - a tool that aids in analysis should not be a “one-stop-shop” in determining if content is malicious. Attackers can easily manipulate these results.Another WordPress site management plugin (wpCentral) is vulnerable to authentication issues.Created a simple credential finder -- currently uses github, but will add more things like bitbucket, gitlab maybe even google dorks tooreddit.com/r/websecCertificate Authorities That Offer Free SSL CertificatesWpScan Web Interface with Additional FeaturesEasy way to migrate from HTTP to HTTPS...Secure authentication using JWTExploiting TWIG SSTI with WAFHow Does IoT (Internet of Things) Security Relate to Web Security?reddit.com/r/InfoSecNewsFDA warns hospitals about security flaws in some GE medical equipmentCisco fixes critical issue in Cisco Firepower Management CenterTHSuite data leak exposes cannabis users informationDeconstructing Web Cache Deception Attacks: They're Bad; Now What?250 Million Microsoft customer support records and PII exposed onlineThe Fractured Statue Campaign: U.S. Government Targeted in Spear-Phishing Attackskrebsonsecurity.comDoes Your Domain Have a Registry Lock?Apple Addresses iPhone 11 Location Privacy ConcernDDoS Mitigation Firm Founder Admits to DDoSPatch Tuesday, January 2020 EditionCryptic Rumblings Ahead of First 2020 Patch TuesdayPhishing for Apples, Bobbing for Linksdarkreading.comThe Annoying MacOS Threat That Won't Go AwayDHS Warns of Increasing Emotet RiskNSA Offers Guidance on Mitigating Cloud FlawsDeconstructing Web Cache Deception Attacks: They're Bad; Now What?Severe Vulnerabilities Discovered in GE Medical DevicesRyuk Ransomware Hit Multiple Oil & Gas Facilities, ICS Security Expert Saysthreatpost.comNew Bill Proposes NSA Surveillance ReformsFake Smart Factory Honeypot Highlights New Attack ThreatsCritical, Unpatched ‘MDhex’ Bugs Threaten Hospital DevicesU.S. Gov Agency Targeted With Malware-Laced EmailsShlayer, No. 1 Threat for Mac, Targets YouTube, WikipediaCisco Warns of Critical Network Security Tool Flawwelivesecurity.comWeek in security with Tony AnscombeGoogle: Flaws in Apple’s privacy tool could enable trackingMicrosoft exposed 250 million customer support recordsDating apps share personal data with advertisers, study says3 ways to browse the web anonymouslyNew Internet Explorer zero‑day remains unpatchedscmagazine.comWhy automating network security policies is the missing link to digital transformationPrivacy takes a hit, as storage bucket leaks cannabis dispensary POS dataAlphabet CEO supports EU push to temporarily ban facial recognition in public spacesPupyRAT found sniffing around EU energy concernBest practices for reducing third-party riskhelpnetsecurity.comMDhex vulnerabilities open GE Healthcare patient monitoring devices to attackersLessons from Microsoft’s 250 million data record exposureCISOs: Make 2020 the year you focus on third-party cyber riskOver half of organizations were successfully phished in 2019More authentication and identity tech needed with fraud expected to increasetrendmicro.comThis Week in Security News: Trend Micro Creates Factory Honeypot to Trap Malicious Attackers and Microsoft Leaves 250M Customer Service Records Open to the WebDefend Yourself Now and in the Future Against Mobile MalwareDon’t Let the Vulnera-Bullies Win. Use our free tool to see if you are patched against Vulnerability CVE-2020-0601This Week in Security News: The First Patch Tuesday Update of 2020 and Pwn2Own Vancouver AnnouncedThis Week in Security News: INTERPOL Collaboration Reduces Cryptojacking by 78% and Three Malicious Apps Found on Google Play May be Linked to SideWinder APT Groupsecurityweek.comGreece: Government Websites Hit by Cyberattack2020 Rings in a New Era of Cyber Attacks - and it's Getting PersonalMicrosoft Releases Azure Security BenchmarkBipartisan Bill Aims to Reform NSA Surveillance of AmericansPrivacy Firm Finds Unsecured Cannabis Patient Informationsiliconrepublic.comSeattle is currently testing smartphone voting in a local electionCork cybersecurity firm warns about increase in attacks from IranPrivacy blunder exposes 250m Microsoft customer service recordsWith 600m downloads, ‘fleeceware’ remains an issue on Google Play storeLastPass launches investigation after users report ‘major outage’nakedsecurity.sophos.comGoogle finds privacy holes in Safari’s ITP anti-tracking systemProtestors petition equity firm over .org buyout9th Methbot suspect arrested in massive clickfraud ringPrivacy watchdog throws wider net to protect children onlineLooking for silver linings in the CVE-2020-0601 crypto vulnerabilitycsoonline.comBrandPost: Integrating Smart Systems: From Connected Cars to SecurityInsecure configurations expose GE Healthcare devices to attacksHow the Tour de France secures its broadcast from disruptionWhat is cryptojacking? How to prevent, detect, and recover from itHow to implement Windows 7, Server 2008 security updates after end-of-lifeWhat is a buffer overflow? And how hackers exploit these vulnerabilitieskitploit.comCheck-LocalAdminHash - A PowerShell Tool That Attempts To Authenticate To Multiple Hosts Over Either WMI Or SMB Using A Password Hash To Determine If The Provided Credential Is A Local AdministratorSharpStat - C# Utility That Uses WMI To Run "cmd.exe /c netstat -n", Save The Output To A File, Then Use SMB To Read And Delete The File RemotelyKsDumper - Dumping Processes Using The Power Of Kernel SpaceYARASAFE - Automatic Binary Function Similarity Checks with YaraAlertResponder - Automatic Security Alert Response Framework By AWS Serverless Application Modelsecurityboulevard.comWhy You Should Take Social Media Account Takeover as Seriously as a BEC AttackJeff Bezos Allegedly Hacked by Saudi Crown Prince | AvastWhy Cybersecurity Is Like Fixing a Leaking PipeLiving off the land – EFS RansomwareMenlo Security Protects Organizations from Iranian Retaliationgrahamcluley.comSonos backtracks (a little) over its software updates fustercluckWhoops! LastPass accidentally deleted its browser extension from the Chrome store. But it’s back nowRansomware: The average ransom payment has doubled in just three monthsTraffic jams could be worse than normal, because of the Shitrix vulnerabilityA free tool for detecting Shitrix-related compromises on your business network