InfoSec / Cyber Security Newsthehackernews.comReplacing EDR/NGAV with Autonomous XDR Makes a Big Difference for Small Security TeamsA $50,000 Bug Could've Allowed Hackers Access Any Microsoft AccountURGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft ExchangeNew Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP!Researchers Unearth Links Between SunCrypt and QNAPCrypt RansomwareNew 'unc0ver' Tool Can Jailbreak All iPhone Models Running iOS 11.0 - 14.3bleepingcomputer.comMicrosoft fixes actively exploited Exchange zero-day bugs, patch nowGoogle fixes second actively exploited Chrome zero-day bug this yearPayroll giant PrismHR outage likely caused by ransomware attackMalaysia Airlines discloses a nine-year-long data breachSolarWinds reports $3.5 million in expenses from supply-chain attackOxfam Australia confirms data breach after stolen info sold onlinewired.comTwitch's First Transparency Report Is Here—and Long OverdueMicrosoft's Dream of Decentralized IDs Enters the Real World2034, Part VI: Crossing the Red LineWhat Did I Just Read? A Conversation With the Authors of '2034'What Life Is Like Under Myanmar's Internet ShutdownFar-Right Platform Gab Has Been Hacked—Including Private Datazerodayinitiative.comCVE-2020-3992 & CVE-2021-21974: Pre-Auth Remote Code Execution in VMware ESXiCVE-2020-8625: A Fifteen-Year-Old RCE Bug Returns in ISC BIND ServerZDI-21-171: Getting Information Disclosure in Adobe Reader Through the ID TagThree More Bugs in Orion’s BeltThe February 2021 Security Update ReviewZDI-CAN-12671: Windows Kernel DoS/Privilege Escalation via a NULL Pointer Derefitpro.co.ukHTTP vs HTTPS: What difference does it make to security?MacOS users warned of new EvilQuest malwareIT Pro News In Review: 1,000 engineers hack SolarWinds, IBM climate plan & macOS update wreaks havocWhatsApp presses ahead with privacy changes despite backlashWhat is identity management?Kia Motors allegedly suffers a ransomware attackkrebsonsecurity.comMicrosoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder EmailsPayroll/HR Giant PrismHR Hit by Ransomware?Is Your Browser Extension a Botnet Backdoor?How $100M in Jobless Claims Went to InmatesCheckout Skimmers Powered by Chip CardsMexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gangreddit.com/r/cybersecurityMentorship MondayA New Approach to Finding Malware Cross-Correlates Threat Intelligence Feeds to Reduce Detection TimeAll your Cyber Resume Questions Answered - (Direct Links Provided)For anyone interested in studying the CompTIA Security+New Exchange 2010, 2016 and 2019 CVE - CVSS score of 9.1Interesting job openingsreddit.com/r/netsecThe /r/netsec Monthly Discussion Thread - January 2021/r/netsec's Q1 2021 Information Security Hiring ThreadXerox legal threat reportedly silences researcher at Infiltrate security conferenceThe Hafnium Threat Group is targeting Exchange Servers with 0-day exploits. Detection commands to search for potential exploitation are included in the article (Immediately update exchange servers).New OWASP Project: Application Gateway. Still in early development.Anatomy of an Exploit: RCE with CVE-2020-1350 SIGRedreddit.com/r/websecDoes your WAF have False Positive?Digest authentication with ha1 generated by SHA256Hex on https - is there any known issues with this?Attacking npm by using Abandoned Resources [LIVE]Attack-Aware Web Applications ResearchStored, Reflected and DOM-Based XSS, Review the XXSer, XSStrike and Nemesida WAFNemesida WAF: The WAF That DevOps Lovereddit.com/r/InfoSecNewsAlleged China-linked APT41 group targets Indian critical infrastructuresFast Flux 101: How Cybercriminals Improve the Resilience of Their Infrastructure to Evade Detection and Law Enforcement TakedownsPayroll/HR Giant PrismHR Hit by Ransomware?French multinational dairy Lactalis hit by a cyber attackDistributor of Asian food JFC International hit by RansomwareIs Your Browser Extension a Botnet Backdoor?darkreading.comPolicy Group Calls for Public-Private Cyber-Defense ProgramMicrosoft Ignite Brings Security & Compliance Updates'ObliqueRAT' Now Hides Behind Images on Compromised WebsitesMicrosoft Fixes Exchange Server Zero-Days Exploited in Active AttacksThycotic and Centrify to Merge In $1.4B DealGoogle Partners With Insurers to Create Risk Protection Programthreatpost.comPost-Cyberattack, Universal Health Services Faces $67M in LossesJailbreak Tool Works on iPhones Up to iOS 14.3Compromised Website Images Camouflage ObliqueRAT MalwareRyuk Ransomware: Now with Worming Self-PropagationMobile Adware Booms, Online Banks Become Prime Target for AttacksMalware Loader Abuses Google SEO to Expand Payload Deliveryreddit.com/r/pwnedCD Projekt Red 'EPICALLY pwned': Cyberpunk 2077 dev publishes ransom note after company systems encryptedBrazilian electric utility company COPEL hit by cyberattack; >1TB private data exfiltratedFlorida city of Oldsmar's municipal water supply was almost poisoned during cyberattack, Sheriff says. A plant operator witnessed mouse movement on-screen and reverted the changeMajor Brazilian electric utility company Eletrobras hit by ransomwareENEL, Italian multinational manufacturer and distributor of electricity and gas with international customers, affected by data disclosure - 300,000 customers personal data leakedwelivesecurity.comNot all cybercriminals are sophisticatedPopular password manager in the spotlight over web trackersWeek in security with Tony AnscombeOxford University COVID‑19 lab hackedSafeguarding children against cyberbullying in the age of COVID‑19Championing worthy causes: How ESET gives a helping handscmagazine.comFill security ops gaps with context-driven threat analysisSolarWinds blaming intern for leaked password is symptom of ‘security failures’Google Cloud boosts customers’ insurance with a new, optional data toolNightDragon’s Dave DeWalt: ‘This is the highest threat environment we’ve ever had, bar none’DoS vulnerability found in Eclipse Jettyhelpnetsecurity.comProliferation of sneakerbots across industries: The long tail of DIY bot operators10 strategies small security teams can use for effective cybersecurity managementEnterprises observing uptick in risky behaviors since shift to remote workHow to tackle modern agriculture security challengesMore than 30% of the world’s countries now have 5G availabilitytrendmicro.comThis Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical BugsThis Week in Security News: US Cyber Command Exposes New Russian Malware and REvil Ransomware Gang ‘Acquires’ KPOT MalwareThis Week in Security News: Trend Micro Researcher Uncover Two Espionage Backdoors Associated with Operation Earth Kitsune and Trickbot and Ransomware Attackers Plan Big Hit on U.S. HospitalsTrend Micro HouseCall for Home Networks: Giving You a Free Hand in Home Network Securitysecurityweek.comThe Different Flavors of Cyber ResilienceMicrosoft Expands Secured-core to Servers, IoT DevicesMicrosoft: Multiple Exchange Server Zero-Days Under Attack by Chinese Hacking GroupHackers Control Perl.com Domain Months Before HijackGoogle Patches Critical Remote Code Execution Vulnerability in Androidsiliconrepublic.comRansomware attacks in manufacturing tripled in 20205 cybersecurity tips every business needs right nowConsultancy firm MHR to invest €1.5m in data centres and new hiresThreatLocker to open European HQ in Ireland, creating 50 jobsSmarttech247 to hire 30 staff at its Cork basenakedsecurity.sophos.comI see you: your home-working photos reveal more than you think!Search crimes – how the Gootkit gang poisons Google searchesNaked Security Live – Beware copyright scamsS3 Ep21: Cryptomining clampdown, the 100-ton man, and ScamClub ads [Podcast]Keybase secure messaging fixes photo-leaking bug – patch now!csoonline.comGootkit malware creators expand their distribution platformHow to protect Windows Remote Desktop deploymentsBrandPost: 5 Threat Hunting Techniques to Proactively Improve Your Security PostureBrandPost: Charting New Education Pathways to Fill the Cybersecurity Skills GapDependency confusion explained: Another risk when using open-source repositoriesCISO job search: What to look (and look out) forkitploit.comFake-Sms - A Simple Command Line Tool Using Which You Can Skip Phone Number Based SMS Verification By Using A Temporary Phone Number That Acts Like A ProxyOWASP ASST (Automated Software Security Toolkit) - A Novel Open Source Web Security ScannerHalogen - Automatically Create YARA Rules From Malicious DocumentsStandIn - A Small .NET35/45 AD Post-Exploitation ToolkitWdToggle - A Beacon Object File (BOF) For Cobalt Strike Which Uses Direct System Calls To Enable WDigest Credential Cachingsecurityboulevard.comBreach Clarity Data Breach Report: Week of March 1Best practices for Securing Office 365 against pervasive cloud collaboration risksHow Threat Modeling Enabled Election SecuritySelf-Serviceable ADC Automation Empowers Digital Businesses with High Application AvailabilityGoogle Voice Outage: Expired TLS Certificate Brings Down Yet Another Giantgrahamcluley.comCrypto firm Tether says it won’t pay $24 million ransom after being threatened with document leak“Mentally ill demon hackers” blamed for massive Gab data leakGizmodo gives poor password adviceNpower scraps app, and urges customers to change passwords, after data breachRecorded Future’s free Cyber Daily newsletter brings trending threat insights straight to your inbox