RSS Feeds: News and Views

KrebsOnSecurity

• Apple AirTag Bug Enables ‘Good Samaritan’ Attack
• Indictment, Lawsuits Revive Trump-Alfa Bank Story
• Does Your Organization Have a Security.txt File?
• Trial Ends in Guilty Verdict for DDoS-for-Hire Boss
• Customer Care Giant TTEC Hit By Ransomware

Internet Security Alliance

• Legal Structures are a Barrier to Fighting Cybercrime
• DISORGANIZED LAW ENFORCEMENT AT THE CAPITOL: JUST LIKE CYBER
• THE FEDS SHOULD LEARN FROM THE PRIVATE SECTOR IN FIGHTING CYBER CRIME
• PUBLIC-PRIVATE PARTNERSHIP: PARENT-CHILD OR MARRIGE?
• Defining success and mapping the road ahead for public-private partnership and critical infrastructure cybersecurity

Schneier on Security

• Check What Information Your Browser Leaks
• Tracking Stolen Cryptocurrencies
• Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk
• I Am Not Satoshi Nakamoto
• The Proliferation of Zero-days

JMBM Cybersecurity Lawyer Forum

• One Big Thing – Data Minimization
• Cybersecurity Guide for Hospitality Industry Now Available through NIST
• New CCPA Developments
• Sensitivity Training – Sensitive Personal Information under the California Privacy Rights Enforcement Act of 2020
• Michael A. Gold named one of California’s Top Cyber Lawyers by the Daily Journal

Steptoe Cyberblog

• Episode 376: AI Dystopia: Only the Elite Will Escape the Algorithm
• Episode 375: China, U.S. Tech Policy: “Let Thousand Hands Throw Sand in the Gears.”
• Episode 374: What’s the Opposite of Facial Recognition? Ask Your “Smart Toilet.”
• Episode 373: We Can’t Run a Twelfth-Century Regime Without WhatsApp!
• Episode 372: Blockchain and Cryptocurrency Regulatory Roundup

Bank Info Security

• US Commerce Officials Seek Comment on IaaS Executive Order
• Live Webinar | 3rd Party Risk: 'You've Been Breached – How Can I Trust You?'
• Karma Seeks Free Publicity to Fulfill Ransomware Destiny
• REvil Ransomware Group's Latest Victim: Its Own Affiliates
• Ransomware Patch or Perish: Attackers Exploit ColdFusion

CPO Magazine

Error: Feed has an error or is not valid.

Omnistruct

• MSP News – September 24, 2021
• Small Business Entrepreneur Cybersecurity News – September 24, 2021
• Regulations, Frameworks, and Controls – September 24, 2021
• Enterprise Leadership News – September 24, 2021
• Enterprise Technical Security That Matters – September 24, 2021

WeLiveSecurity by eset

• Google releases emergency fix to plug zero‑day hole in Chrome
• Week in security with Tony Anscombe
• Bug in macOS Finder allows remote code execution
• FamousSparrow: A suspicious hotel guest
• Plugging the holes: How to prevent corporate data leaks in the cloud

Security Intelligence by IBM

• What Is Customer Identity Access Management (CIAM)?
• What Is SASE and How Does it Connect to Zero Trust?
• What Is a Botnet Attack? A Guide for Security Professionals
• A Journey in Organizational Cyber Resilience Part 3: Disaster Recovery
• DevSecOps: How Engineers Benefit From Cybersecurity Education

Naked Security by Sophos

• Serious Security: Let’s Encrypt gets ready to go it alone (in a good way!)
• S3 Ep51: OMIGOD a gaping hole, waybill scams, and Face ID hacked [Podcast]
• STILL ALIVE! iOS 12 gets 3 zero-day security patches – update now
• How Outlook “autodiscover” could leak your passwords – and how to stop it
• VMware patch bulletin warns: “This needs your immediate attention.”

Threatpost

• SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever
• Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw
• SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor
• Credential Spear-Phishing Uses Spoofed Zix Encrypted Email
• 5 Steps to Securing Your Network Perimeter

Dark Reading

• US Extradites CardPlanet Operator Back to Russia
• Notorious Spyware Tool Found Hiding Beneath Four Layers of Obfuscation
• Modern Security Breaches Demand Diligent Planning and Executive Support
• Master Lock Introduces New Bluetooth ProSeries Padlocks
• Washington's New Cyber Focus Raises the Bar for IT Pros Across Supply Chains

Ars Technica

• GM’s BrightDrop starts production of its EV600 electric delivery van
• New Azure Active Directory password brute-forcing flaw has no fix
• Ford picks Kentucky and Tennessee for $11.4 billion EV investment
• Researchers use Starlink satellites to pinpoint location, similar to GPS
• Film studios sue “no logs” VPN provider for $10 million

Tech Republic

• Don't let cybercriminals ruin your merger or acquisition
• Deepwatch announces managed detection and response solution for SMBs
• New Chrome feature can tell sites and webapps when you're idle
• 3 tips to protect your users against credential phishing attacks
• OWASP updates top 10 list with decades old security risk in #1 spot

CSHub

• IOTW: T-Mobile under investigation following fourth data infringement in three y…
• IOTW: Medical data of more than 73,000 patients shared in Singapore breach
• Three US state laws are providing safe harbor against breaches
• IOTW: Ransomware thieves publish major airlines’ passenger information
• An Update on Recent Major Breaches

The Record

• US extradites highly-prized hacker back to Russia
• Suspected Chinese state-linked threat actors infiltrated major Afghan telecom provider
• US arrests 33 BEC scammers linked to Nigerian crime syndicate
• Microsoft adds novel feature to Exchange servers to allow it to deploy emergency temporary fixes
• EFF to deprecate HTTPS Everywhere extension as HTTPS is becoming ubiquitous