InfoSec / Cyber Security Newsthehackernews.comApple Removes macOS Feature That Allowed Apps to Bypass Firewall SecurityWhatsApp Delays Controversial 'Data-Sharing' Privacy Policy Update By 3 MonthsNSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' ResolversJoker's Stash, The Largest Carding Marketplace, Announces ShutdownResearchers Disclose Undocumented Chinese Malware Used in Recent AttacksExperts Uncover Malware Attacks Against Colombian Government and Companiessciencedaily.comPhysicists observe competition between magnetic ordersNew transistor design disguises key computer chip hardware from hackersMisinformation or artifact: A new way to think about machine learningA biochemical random numberComputer scientists launch counteroffensive against video game cheatersResearchers simulate privacy leaks in functional genomics studieswired.comFormer DOD Head: The US Needs a New Plan to Beat China on AIThe FBI Has Made Over 100 Arrests Related to the Capitol RiotThe Race Is On to Identify and Stop Inauguration RiotersBig Tech Can’t Ban Its Way Out of ThisEx-CISA Head Chris Krebs: ‘Impeachment Is the Right Mechanism’Hackers Used Zero-Days to Infect Windows and Android Deviceszerodayinitiative.comLooking Back at the Zero Day Initiative in 2020The January 2021 Security Update ReviewMindShaRE: Analysis of VMware Workstation and ESXi Using Debug Symbols from FlingsCVE-2020-7468: Turning Imprisonment to Advantage in the FreeBSD ftpd chroot JailThe Top 5 Bug Submissions of 2020CVE-2020-27897: Apple macOS Kernel OOB Write Privilege Escalation Vulnerabilitybleepingcomputer.comWindows 10X: A closer look at Microsoft's new operating systemWindows 10 bug crashes your PC when you access this locationPrivacy-focused search engine DuckDuckGo grew by 62% in 2020Pro-Trump 'Enemies of the People' doxing site is still activeStolen credit card shop Joker's Stash closes after making a fortuneThe Week in Ransomware - January 15th 2021 - Locking you upitpro.co.uk2020: Threats in reviewWhat is e-safety?ElectroRAT exploits Bitcoin boom to steal cryptocurrencyUS government blames Russia for SolarWinds hackUK ranked second for value of GDPR fines issued in 2020Email security threat report 2020reddit.com/r/cybersecurityAMA Series - Security AssuranceMentorship MondayWindows Finger command abused by phishing to download malwareNew to cybersecurity; first job and feel really stupid...HELP: I have been tasked with setting up a SOC from nothingHow were penis cages ransomware’d?reddit.com/r/netsecThe /r/netsec Monthly Discussion Thread - January 2021/r/netsec's Q1 2021 Information Security Hiring ThreadSailing Past Security Measures In ADInteger Overflow Attack and PreventionPrelude Operator is a new free/open-source red team platform, built as a desktop C2. It is heavily supported & community-driven. Main goal is to train IT/InfoSec/DevOps/blue teams to conduct their own security assessments. There is even open-source (free) "in person" training...LazyWeb - A Vulnerable Web Applicationreddit.com/r/websecStored, Reflected and DOM-Based XSS, Review the XXSer, XSStrike and Nemesida WAFNemesida WAF: The WAF That DevOps LoveSuspicious Rocket.Chat release?Online OpSecWeb Application Security: From Vulnerabilities to MonitoringDoes anyone know how to protect robots.txt?reddit.com/r/InfoSecNewsSiemens fixed tens of flaws in Siemens Digital Industries Software productsJoker’s Stash, the largest carding site, is shutting downForbes: Time to Retire The Password? What A New Authentication Can Mean For SSOExpert launched Malvuln, a project to report flaws in malwareSuccessful Malware Incidents Rise as Attackers Shift TacticsCAPCOM: 390,000 people impacted in the recent ransomware Attackkrebsonsecurity.comMicrosoft Patch Tuesday, January 2021 EditionSolarWinds: What Hit Us Could Hit OthersUbiquiti: Change Your Password, Enable 2FASealed U.S. Court Records Exposed in SolarWinds BreachAll Aboard the Pequod!Hamas May Be Threat to 8chan, QAnon Onlinedarkreading.comNSA Appoints Rob Joyce as Cyber DirectorSuccessful Malware Incidents Rise as Attackers Shift TacticsName That Toon: Before I Go ...How to Achieve Collaboration Tool ComplianceThese Kids Are All RightShifting Privacy Landscape, Disruptive Technologies Will Test Businessesthreatpost.comTractors, Pod Ice Cream and Lipstick Awarded CES 2021 Worst in ShowMicrosoft Implements Windows Zerologon Flaw ‘Enforcement Mode’Apple Kills MacOS Feature Allowing Apps to Bypass FirewallsGoogle Boots 164 Apps from Play Marketplace for Shady Ad PracticesFacebook: Malicious Chrome Extension Developers Scraped Profile DataFlorida Ethics Officer Charged with Cyberstalkingreddit.com/r/pwnedeHealth cyberattack affected millions of files, was one of Sask.'s worst breaches ever: privacy commissioner | CBC News70TB of Parler users' data leaked by "security researchers"Ubiquiti / Third Party Vendor Data BreachNew Zealand Reserve Bank suffers data breach via compromised 3rd-party storage partnerUnited Nations data breach exposed over 100k UNEP staff recordswelivesecurity.comWeek in security with Tony AnscombeWhat’s your attitude to parental controls?CES 2021: Car spying – your insurance company is watching youHackers leak stolen COVID‑19 vaccine documentsCES 2021: Router swarms invade your home (and know where you are)Operation Spalax: Targeted malware attacks in Colombiascmagazine.comFIN11 e-crime group shifted to clop ransomware and big game huntingBiden to invest in cyber workforce, but without plan to overcome lingering staffing hurdlesNSA urges use of enterprise resolvers to protect DNS traffic on corporate networksSurge in remotely hosted phish images? Some say it’s business as usualIntel unveils ransomware-fighting CPUshelpnetsecurity.comPort53 launches SOC-as-a-Service, offering 24/7 monitoring, detection, and responseBaffle DPS on AWS simplifies tokenization and encryption of data stored in Amazon RDSProsperoware adds data protection features for Office 365, supports Azure for storageVulnerability management isn’t working for cloud security: Here’s how to do it rightHow do I select a fraud detection solution for my business?trendmicro.comThis Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical BugsThis Week in Security News: US Cyber Command Exposes New Russian Malware and REvil Ransomware Gang ‘Acquires’ KPOT MalwareThis Week in Security News: Trend Micro Researcher Uncover Two Espionage Backdoors Associated with Operation Earth Kitsune and Trickbot and Ransomware Attackers Plan Big Hit on U.S. HospitalsTrend Micro HouseCall for Home Networks: Giving You a Free Hand in Home Network Securitysecurityweek.comEU Regulator: Hackers ‘Manipulated’ Stolen Vaccine DocumentsTens of Vulnerabilities in Siemens PLM Products Allow Code ExecutionData Security Startup Qohash Raises $6 MillionMicrosoft Reminds Organizations of Upcoming Phase in Patching Zerologon VulnerabilityFacebook Takes Legal Action Against Data Scraperssiliconrepublic.com‘To compete in today’s market, companies must utilise data-driven insights’Accenture acquires Brazilian infosec companyBT’s Dónal Munnelly: Ransomware attacks will rise in 2021‘How much digital transformation remains once Covid passes is yet to be seen’Sysnet raises $65m in debt funding and clinches another acquisitionnakedsecurity.sophos.comEuropol announces bust of “world’s biggest” dark web marketplaceS3 Ep15: Titan keys, Mimecast certs and Solarwinds [Podcast]Home schooling – how to stay secureNaked Security Live – HTTPS: do we REALLY need it?Google Titan security keys hacked by French researcherscsoonline.comBrandPost: Creating a Zero Trust FoundationThe biggest data breach fines, penalties and settlements so farSecurity Recruiter Directory5 things to look for in an XDR solution17 types of Trojans and how to defend against themBrandPost: Public Agencies Uncover Numerous Opportunities With Fortinet’s Fabric Management Centerkitploit.comImHex - A Hex Editor For Reverse Engineers, Programmers And People That Value Their Eye Sight When Working At 3 AM.MyJWT - A Cli For Cracking, Testing Vulnerabilities On Json Web Token (JWT)SysWhispers2 - AV/EDR Evasion Via Direct System CallsByteDance-HIDS - A Cloud-Native Host-Based Intrusion Detection Solution Project To Provide Next-Generation Threat Detection And Behavior Audition With Modern ArchitectureSsh-Mitm - Ssh Mitm Server For Security Audits Supporting Public Key Authentication, Session Hijacking And File Manipulationsecurityboulevard.comManaging Identities and Entitlements to Secure the Public Cloud Hackers Calling Fair Game on Healthcare InstitutionsThe Changing Dynamics of Cyber InsuranceDEF CON 28 Safe Mode IoT Village – Deral Heiland’s ‘Getting Started Building An IoT Hardware Hacking Lab’Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 312’grahamcluley.comCybercriminals are bypassing multi-factor authentication to access organisation’s cloud servicesOrca Security public cloud security report reveals how most large cloud breaches happenSmashing Security podcast #210: DC rioters ID’d, Energydots, and ransomware gets you in a pickleMicrosoft patches anti-virus bug that allowed boobytrapped files to run malicious code when scannedUbiquiti users told to change their passwords following security breach