InfoSec / Cyber Security News thehackernews.com Salesforce Release Updates — A Cautionary Tale for Security TeamsA Wide Range of Cyber Attacks Leveraging Prometheus TDS Malware ServiceUnpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote AttacksCisco Issues Critical Security Patches to Fix Small Business VPN Router BugsSeveral Malware Families Targeting IIS Web Servers With Malicious ModulesRussian Federal Agencies Were Attacked With Chinese Webdav-O Virus bleepingcomputer.com New DNS vulnerability allows 'nation-state level spying' on companiesAngry Conti ransomware affiliate leaks gang's attack playbookNew Windows PrintNightmare zero-days get free unofficial patchPrometheus TDS: The $250 service behind recent malware attacksGoogle expects delays in enforcing 2FA for Chrome extension devsTelegram for Mac bug lets you save self-destructing messages forever wired.com Watch a Hacker Hijack a Hotel Room’s Lights, Fans, and BedsCitizen's New Service Helps Paying Users Summon the CopsFrance Cracked Down on Google’s Ad Tech. What’s Next?Hospitals Still Use Pneumatic Tubes—and They Can Be HackedA Guide to RCS, and Why It Makes Texting So Much BetterThe Top 30 Vulnerabilities Include Plenty of Usual Suspects zerodayinitiative.com CVE-2021-27077: Selecting Bitmaps into Mismatched Device ContextsCVE-2021-31969: Underflowing in the CloudsThe July 2021 Security Update ReviewCVE-2021-28474: SharePoint Remote Code Execution via Server-Side Control Interpretation ConflictCVE-2021-26892: An Authorization Bypass on the Microsoft Windows EFI System PartitionCVE-2021-1497: Cisco HyperFlex HX Auth Handling Remote Command Execution itpro.co.uk DuckDuckGo launches email privacy serviceUS has new cyber security rules for pipelinesHackers abuse single bit change in Intel CPU register to evade detectionAWS shuts down NSO Group infrastructureThe pros and cons of facial recognition technologyNorthern ticket machines hit by ransomware krebsonsecurity.com Ransomware Gangs and the Name Game DistractionThe Life Cycle of a Breached DatabasePlugwalkJoe Does the Perp WalkSerial Swatter Who Caused Death Gets Five Years in PrisonSpam Kingpin Peter Levashov Gets Time ServedDon’t Wanna Pay Ransom Gangs? Test Your Backups. reddit.com/r/InfoSecNews Advanced Technology Ventures discloses ransomware attack and data breachCisco fixes critical, high severity vulnerabilities in VPN routersItalian energy company ERG hit by LockBit 2.0 ransomware gangRansomware Gangs and the Name Game DistractionUS CISA and NSA publish guidance to secure Kubernetes deploymentsChina-linked APT31 targets Russia for the first time reddit.com/r/cybersecurity Mentorship MondayThe U.S. Takes an Important Cybersecurity Step—Two Decades LateDas tut mir leid! Germany's ruling party sorry for calling cops on researcher after she outed canvassing app flawsCisco Releases Security UpdatesSharing to raise awareness about unethical unpaid internships, don't work for free 🙏I'd like to propose a new rule for any organization claiming, "Security is our #1 priority," following an incident: reddit.com/r/netsec /r/netsec's Q3 2021 Information Security Hiring ThreadHTTP/2: The Sequel is Always Worse - more HTTP request smuggling attacks from albinowaxAnalysis of Prometheus Traffic Direction System (TDS): an underground service that distributes malicious files and redirects visitors to phishing and malicious sitesGitHub - GhostPack/Certify: Active Directory certificate abuse.Ubuntu's Snapcraft Packages Come With Extra Baggage: CVE-2020-27348GitHub - GhostPack/ForgeCert: "Golden" certificates reddit.com/r/websec [FREE GIFT] SQL Injection Course Giveaway Without Any Catch!Burp Suite CertificationUnion based sql injectionPoC for a SQL Injection in Rapid7 Nexpose[FREE GIFT] Offensive Hacking Unfolded Course Giveaway Without Any CatchPoC for Cisco ASA unauth XSS embracethered.com Automating Microsoft Office to Achieve Red Teaming ObjectivesAirtag hacks - scanning via browser, removing speaker and data exfiltrationSomewhere today a company is breachedGoogle's FLoC - Privacy Red Teaming OpportunitiesSpoofing credential dialogs on macOS, Linux and WindowsBroken NFT standards darkreading.com Researchers Find Significant Vulnerabilities in macOS Privacy ProtectionsA New Approach to Securing Authentication Systems' Core SecretsOrganizations Still Struggle to Hire & Retain Infosec Employees: ReportWhy Supply Chain Attacks Are Destined to EscalateNew Normal Demands New Security Leadership StructureMultiple Zero-Day Flaws Discovered in Popular Hospital Pneumatic Tube System threatpost.com MacOS Flaw in Telegram Retrieves Deleted MessagesBlack Hat: Microsoft’s Patch for Windows Hello Bypass Bug is Faulty, Researchers SayBlack Hat: Charming Kitten Leaves More Paw Prints‘I’m Calling About Your Car Warranty’, aka PII HijinxBlack Hat: Security Bugs Allow Takeover of Capsule Hotel RoomsBlack Hat: Let’s All Help Cyber-Immunize Each Other reddit.com/r/pwned Geico data breach exposed customers' driver's license numbersCodecov.io: "Unauthorized access and alterations to our Bash Uploader since Jan 31, 2021, which enabled them to potentially export information stored in our users' continuous integration (CI) environments"Mobikwik (India) KYC data leaked$5.7 Million Crypto Stolen Due To A Security Breach at Cryptocurrency platform RollAmerican Armed Forces Mutual Aid Association hack impacted more than 161,000 welivesecurity.com Black Hat 2021 – non‑virtual editionOn course for a good hackingWeek in security with Tony AnscombeWatch out for these scams targeting Amazon customersLeading cybersecurity agencies reveal list of most exploited vulnerabilities of the past 2 yearsTackling the insider threat to the new hybrid workplace scmagazine.com RSS Error: A feed could not be found at `https://www.scmagazine.com/feed`; the status code is `200` and content-type is `text/html; charset=utf-8` helpnetsecurity.com SentinelOne Storyline Active Response enables SOC teams to be proactive and efficientSatori Data Security Policy Engine streamlines data security for enterprisesThe destructive power of supply chain attacks and how to secure your codeRIP guest access, long live shared channels!How to build a zero-trust cloud data architecture trendmicro.com 3 Major Benefits of Cloud Migration: AutomationSupply Chain Attacks from a Managed Detection and Response PerspectiveCurb Your Cyber RiskHomeland Security Releases New Cybersecurity Rules securityweek.com Tech Titans Join US Cyber Team to Fight RansomwareU.S. Infrastructure Bill Allocates $2 Billion to CybersecurityMicrosoft Launches JIT-Free 'Super Duper Secure Mode' Edge Browser ExperimentIran-Linked Hackers Expand Arsenal With New Android BackdoorCisco Patches Critical Vulnerability in Small Business VPN Routers siliconrepublic.com Cork’s Smarttech247 plans London listing with £33m reverse takeoverWhy cybersecurity must be baked into every business decisionPegasus spyware: How it works and how to detect itIBM report finds data breach costs are at a ‘record high’IBAT College to offer unemployed people a free cybersecurity course nakedsecurity.sophos.com “Cobalt Strike” network attack tool patches crashtastic server bugBazarCaller – the malware gang that talks you into infecting yourselfS3 Ep43: Apple 0-day, pygmy hippos, hive nightmares and Twitter hacker bust [Podcast]Microsoft researcher found Apple 0-day in March, didn’t report itApple emergency zero-day fix for iPhones and Macs – get it now! insights.infosec-jobs.com Share your salary and see what everyone else is making in InfoSec / the Cyber Security spaceThe 10 most in-demand roles in the Information Security domain2021 so far – A few UpdatesWe launched “jobmarks”We now have “Dark Mode”Employer Interview – The Questionnaire csoonline.com NSA, CISA release Kubernetes hardening guidance following Colonial Pipeline, other attacks4 things you should know about cybersecurity prosCISOs: Do you know what's in your company’s products?BrandPost: Top 3 Metrics for Evaluating PasswordlessBrandPost: Why and How to Get Started with SASEBrandPost: How to Make Your Next Cybersecurity Compliance Audit a Breeze kitploit.com Elpscrk - An Intelligent Common User-Password Profiler Based On Permutations And StatisticsUchihash - A Small Utility To Deal With Malware Embedded HashesSharpLAPS - Retrieve LAPS Password From LDAPDoldrums - A Flutter/Dart Reverse Engineering ToolRz-Ghidra - Deep Ghidra Decompiler And Sleigh Disassembler Integration For Rizin securityboulevard.com 30th Anniversary of the World Wide Web | AvastCyber Diplomacy: Examining the Nation-State Threat to European BusinessesSecurity BSides Athens 2021 – Talk 8: Leonidas Tsaousis’ ‘Click Here For Free TV! Chaining Bugs To Takeover Wind Vision Account’Make Cyberattacks Like Hafnium IrrelevantXKCD ‘Logic Gates’ grahamcluley.com Security tips from the experts – sign up to 1Password’s free Security Summer School todayRansomware via a call centre? BazaCall means no email attachment or link required for infectionInstagram influencer Hushpuppi admits his part in scams that stole more than $24 millionBlackMatter rises from the ashes of notorious cybercrime gangs to pose new ransomware threatSmashing Security podcast #238: Fashion captain, fraud family, and DEF CON. D’oh!