InfoSec / Cyber Security Newsthehackernews.comUnsecured Microsoft Bing Server Exposed Users' Search Queries and LocationBritish Hacker Sentenced to 5 Years for Blackmailing U.S. CompaniesA Patient Dies After Ransomware Attack Paralyzes German Hospital SystemsA Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi NetworkResearchers Uncover 6-Year Cyber Espionage Campaign Targeting Iranian DissidentsU.S. Treasury Sanctions Hacking Group Backed by Iranian Intelligencesciencedaily.comHow do people prefer coronavirus contact tracing to be carried out?Revolutionary quantum breakthrough paves way for safer online communicationPredicting computational power of early quantum computersSecurity gap allows eavesdropping on mobile phone callsDigital content on track to equal half 'Earth's mass' by 2245Consumers don't fully trust smart home technologieswired.comThink Twice Before Using Facebook, Google, or Apple to Sign In EverywhereThe Cheating Scandal That Ripped the Poker World ApartThe iOS 14 Privacy and Security Features You Should KnowA Bluetooth Flaw Leaves Billions of Devices VulnerableA Patient Dies After a Ransomware Attack Hits a HospitalGen Z Has a Plan to Save the Election—Starting With the Pollszerodayinitiative.comCVE-2020-9496: RCE in Apache OFBiz XMLRPC via Deserialization of Untrusted DataPerforming SQL Backflips to Achieve Code Execution on Schneider Electric’s EcoStruxure Operator Terminal Expert at Pwn2Own Miami 2020The September 2020 Security Update ReviewCVE-2020-9715: Exploiting a Use-After-Free in Adobe ReaderCVE-2020-7460: FreeBSD Kernel Privilege EscalationIntroducing CWE-1265: A New Way to Understand Vulnerable Reentrant Control Flowsbleepingcomputer.comPopular TikTok profiles promote scammy apps generating $500,000Texas businesses targeted in Department of State Health RFQ phishingRay-Ban owner Luxottica reportedly hit with cyberattackGuard your data with these privacy-focused search engines & browsersStrava app shows your info to nearby users unless this setting is disabledMicrosoft is purchasing ZeniMax Media/Bethesda for $7.5 billionitpro.co.ukPatch management vs vulnerability managementThree ways to protect PDF documentsWhy WPA3 may be no safer than WPA2What is WannaCry?What is phishing?What is a DDoS attack?reddit.com/r/securityAnnouncement: r/security is now closed down and will be re-launched soon. Please use r/cybersecurity for all cybersecurity topics.Detailed audit of Voatz' voting app confirms security flawsOngoing DDoS attacks against ISPs?Cyber threats abusing COVID-19 collected to a database to spread awareness.Firefox to remove support for the FTP protocolCnd vs pnd. Which one is the best for Network security?reddit.com/r/netsecThe /r/netsec Monthly Discussion Thread - September 2020Extracting the decrypted flash data from a fully protected ESP32 chip using chip-level weaknesses, no knowledge of the decryption key and a single glitch (CVE-2020-13629).How really to store your users’ passwords (and API tokens, which are passwords)Remove duplicates from MASSIVE wordlist, without sorting it (for dictionnary-based password cracking)r2-pay: anti-debug, anti-root & anti-frida (part 1) | Romain ThomasUsing QR Codes to Hide C2 Trafficreddit.com/r/websecData Loss Prevention ToolMobile Application SecurityWeb Cache Deception at HacktivityCon2020, HackerOneWapiti – free web-application vulnerability scannerBuilding my website to break it...Expensifyreddit.com/r/InfoSecNewsUS House Passes IoT Cybersecurity Improvement ActFERC, NERC joint report on cyber incident response at electric utilitiesAlleged Activision hack, 500,000 Call Of Duty players impactedNCSC warns of a surge in ransomware attacks on education institutionsChinese Propaganda Video Rips Off Hollywood Movies to Fake Bombing of U.S. BaseMozi Botnet is responsible for most of the IoT Traffickrebsonsecurity.comChinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ AttackTwo Russians Charged in $17M Cryptocurrency Phishing SpreeDue Diligence That Money Can’t BuyMicrosoft Patch Tuesday, Sept. 2020 EditionThe Joys of Owning an ‘OG’ Email AccountSendgrid Under Siege from Hacked Accountsdarkreading.comNearly 70% of IT & Security Pros Hone Their Cyber Skills Outside of WorkRemote Work Exacerbating Data Sprawl'Dark Overlord' Cyber Extortionist Pleads GuiltyPatch by Tonight: CISA Issues Emergency Directive for Critical Netlogon Flaw5 Steps to Greater Cyber ResiliencyHacking Yourself: Marie Moe and Pacemaker Securitythreatpost.comGoogle Cloud Buckets Exposed in Rampant MisconfigurationFileless Malware Tops Critical Endpoint Threats for 1H 2020Unsecured Microsoft Bing Server Leaks Search Queries, Location DataDHS Issues Dire Patch Warning for ‘Zerologon’Firefox for Android Bug Allows ‘Epic Rick-Rolling’Android Malware Bypasses 2FA And Targets Telegram, Gmail Passwordsreddit.com/r/pwnedStaples discloses data breach exposing customer infoUS District Court in Louisiana hit by "Conti" ransomware - court data published online, homepage disabledLas Vegas - Employee data possibly exposed in ransomware attack on Clark County, NV School DistrictUkrainian software developer and IT services provider SoftServe suffered a ransomware attack that may have led to the theft of customers' source codeNewhall, CA School District Cancels Classes Tuesday After Ransomware Attackwelivesecurity.comMozilla fixes flaw that let attackers hijack Firefox for Android via Wi‑FiWeek in security with Tony Anscombe5 ways cybercriminals can try to extort youPlugging in a strange USB drive – What could possibly go wrong?Emotet strikes Quebec’s Department of Justice: An ESET AnalysisSports data for ransom – it’s not all just fun and games anymorescmagazine.comThree strategies to defend remote workers from cyberattacksCritical Zerologon bug uses weak cryptography to spoof network usersAmid Iranian hacker crackdown, CISOs should prep for retaliationSecurity teams strain to complete compliance audits under COVIDPolicy compliance: one size does not fit allhelpnetsecurity.comWindows backdoor masquerading as VPN app installerPradeo Security In-App Protection: Neutralizing clones and fake apps to prevent fraudiOS 14: New privacy and security featuresDaaS, BYOD, leasing and buying: Which is better for cybersecurity?Secure data sharing in a world concerned with privacytrendmicro.comThis Week in Security News: AWS Outposts Ready Launches With 32 Validated Partners and Staples Hit by a Data BreachRansom from Home – How to close the cyber front door to remote working ransomware attacksThis Week in Security News: Microsoft Fixes 129 Vulnerabilities for September’s Patch Tuesday and Trend Micro’s XDR Offerings Simplify and Optimize Detection and Response1H 2020 Cyber Security Defined by Covid-19 PandemicThis Week in Security News: First Half of 2020 Led to Nearly 800 Disclosed Vulnerabilities and Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotelysecurityweek.comGlobal Police Sting Nets 179 Dark Web SellersHackerOne Paid Out Over $107 Million in Bug BountiesKognos Emerges From Stealth With Autonomous XDR PlatformGerman Experts See Russian Link in Deadly Hospital HackingMicrosoft Explains How It Processes Vulnerability Reportssiliconrepublic.com‘Cybersecurity is a constant balance between usability and security’Why choose a career in information resilience?Cybercrime in Ireland now double global average with record levels of fraudRansomware attack targets cybersecurity company CygilantHow this researcher’s pursuit of ‘what if?’ led to a career in cybersecuritynakedsecurity.sophos.comNaked Security Live – “The Zerologon hole: are you at risk?”A real-life Maze ransomware attack – “If at first you don’t succeed…”Zerologon – hacking Windows servers with a bunch of zerosNaked Security Live – “Should you worry about your wallpaper?”Serious Security: Hacking Windows passwords via your wallpapercsoonline.com9 top anti-phishing tools and servicesWastedLocker explained: How this targeted ransomware extorts millions from victimsYou're going to be using confidential computing sooner rather than laterRansomware attacks growing in number, severity: Why experts believe it will get worseStretched and stressed: Best practices for protecting security workers' mental health5 persistent challenges security pros facekitploit.comGRAT2 - Command And Control (C2) Project For Learning PurposeVMPDump - A Dynamic VMP Dumper And Import FixerMoriarty-Project - This Tool Gives Information About The Phone Number That You EnteredFrp - A Fast Reverse Proxy To Help You Expose A Local Server Behind A NAT Or Firewall To The InternetCRLFuzz - A Fast Tool To Scan CRLF Vulnerability Written In Gosecurityboulevard.comBarracuda Networks Centralizes Security Across Azure SD-WANResearch Reveals that 75% of AppSec Practitioners See a Growing Cultural Divide Between AppSec and DevelopersResearch Reveals that 75% of AppSec Practitioners See a Growing Cultural Divide Between AppSec and DevelopersThe gap in your CCPA /GDPR compliance strategy is running on your websiteScam Apps Spreading Via TikTok | Avastgrahamcluley.comRansomware attack foiled, but details of 540,000 sports referees still stolen by hackersActivision denies reports 500,000 Call of Duty accounts have been hackedDoes your business have a Well-Known URL for changing passwords? It should!I’m not interested in this Nigerian restaurant’s emails…Free ebook: Aligning cyber skills with the MITRE ATT&CK framework