InfoSec Feed

This feed is in UTC time. If you do not see the feed please enable JavaScript.

  • Banking on Data Security in a Time of Insecurity
    on June 2, 2020 at 2:00 pm

    How banks can maintain security and data integrity in the middle of a pandemic.

  • Apple Jailbreak Zero-Day Gets a Patch
    on June 2, 2020 at 1:53 pm

    The zero-day vulnerability tracked as CVE-2020-9859 is exploited by the "Uncover" jailbreak tool released last week.

  • Hacker posts database stolen from Dark Net free hosting provider DH
    on June 2, 2020 at 1:26 pm

    Some 7,600 dark-web sites were obliterated in an attack on the most popular provider of .onion free hosting services, Daniel's Hosting.

  • Crime agency turns to Google ads to deter teen DDoS hackers
    on June 2, 2020 at 1:01 pm

    The UK's National Crime Agency has hit on a simple way to stop teens from being sucked into cybercrime – using Google Ads.

  • Podcast: Why Identity Access Management is the New Perimeter
    on June 2, 2020 at 1:00 pm

    DivvyCloud discusses the changing nature of identity access management (IAM) - and what kind of challenges and opportunities that is creating for businesses.

  • Amtrak Announces Data Breach and Potential Leak of Guest Rewards Account Information
    on June 2, 2020 at 11:38 am

    Even with the travel restrictions prompted by the COVID-19 pandemic, the travel industry is once again tainted by a security incident that resulted in the leak of personal identifiable information found in Amtrak’s Guest Rewards service. According to a Notice of Data Breach sent to the Attorney General’s Office of Vermont, The National Railroad Passenger

  • "Sign in with Apple" Vulnerability
    on June 2, 2020 at 11:27 am

    Researcher Bhavuk Jain discovered a vulnerability in the "Sign in with Apple" feature, and received a $100,000 bug bounty from Apple. Basically, forged tokens could gain access to pretty much any account. It is fixed....

  • Hybrid DDoS Protection is Like a Faulty Airbag
    on June 2, 2020 at 11:18 am

    We know that some businesses are the target of constant DDoS attacks, while others face attacks less frequently. If your company falls on the side of less-frequent attacks or having never been attacked at all, you might be wondering, “does the threat still exist?” And “does it exist to the level of risk I’m willing The post Hybrid DDoS Protection is Like a Faulty Airbag appeared first on Blog.

  • Data Breach at Independent Artist Marketplace Affects 5 Million Users
    on June 2, 2020 at 10:46 am

    Minted, a digital marketplace for independent artists, started informing its members last week about a security incident that exposed personal information of 5 million users. Apparently, the notification was sent after the company learned its user account database was being sold on the dark web. “We recently became aware of a report that mentioned Minted

  • Cloud infrastructure operators should quickly patch VMware Cloud Director flaw
    on June 2, 2020 at 10:25 am

    Public and private cloud administrators who are using VMware Cloud Director should immediately apply the patch for a high-risk vulnerability that can be used by hackers to take full control of virtualized cloud infrastructure, security experts warn. VMware released fixes for the command injection flaw last month, but if left unpatched, it can be easily exploited through customer trial accounts.[ Follow these 5 tips for better cloud security. | Get the latest from CSO by signing up for our newsletters. ]To read this article in full, please click here

  • Securonix SIEM as a service has behavior analytics baked in
    on June 2, 2020 at 10:00 am

    Securonix began as a maker of traditional security information and event management (SIEM) devices way back in 2007. Then around 2009, the company started to branch out into user and entity analytics, where it made quite a name for itself. Now, Securonix is combining those two areas of expertise into a cloud SIEM that is offered as a service.To read this article in full, please click here(Insider Story)

  • Critical VMware Cloud Director Flaw Lets Hackers Take Over Corporate Servers
    on June 2, 2020 at 5:37 am

    Cybersecurity researchers today disclosed details for a new vulnerability in VMware's Cloud Director platform that could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure. Tracked as CVE-2020-3956, the code injection flaw stems from an improper input handling that could be abused by an authenticated attacker to

  • ISC StormCast for Tuesday, June 2nd 2020
    on June 2, 2020 at 2:00 am

    Apple Patches Unc0verhttps://support.apple.com/en-us/HT201222 Office 365 Adds Details About Malicious E-Mail Attachmentshttps://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=64570 Impact of Research on Our Datahttps://isc.sans.edu/forums/diary/The+Impact+of+Researchers+on+Our+Data/26182/

  • Data on Indian Mobile Payments App Reportedly Exposed via Open S3 Bucket
    on June 1, 2020 at 9:39 pm

    Over 7 million records exposed, according to vpnMentor, but app maker says there is no sign of malicious use.

  • Apple Pays Researcher $100,000 for Critical Vulnerability
    on June 1, 2020 at 9:10 pm

    Apple has fixed a flaw in the "Sign in with Apple" feature that could have enabled attackers to break into user accounts for third-party services.

  • Cyberattacks and hacktivism around Minnesota’s unrest. Amtrak breach. Port scanning. Some lessons from the pandemic.
    on June 1, 2020 at 8:10 pm

    Hacking, and more claims of hacking, surround the unrest in Minnesota. Data breach at Amtrak Guest Rewards. More companies found port scanning. Four cybersecurity lessons from the pandemic. David Dufour from Webroot with an overview of online scams his team is tracking during COVID-19, Our own Rick Howard compares resiliency with business continuity. And a new 5G device is not only holographic, but quantum oscillatin’ too. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/105

  • 26 IoT Flaws Enable Denial-of-Service Attacks, Privilege Escalation
    on June 1, 2020 at 7:35 pm

    Research details vulnerabilities in the Zephyr Real Time Operating Systems and MCUboot, both used in IoT devices and sensors.

  • Connected Experiences at Cisco Live! 2020
    on June 1, 2020 at 7:00 pm

    Cisco Connected Experiences are solutions that bring together the power of Cisco's entire portfolio, and provide the infrastructure needed to drive innovation forward. Join us at Cisco Live to hear about what Cisco Connected Experiences can do for you and your business. The post Connected Experiences at Cisco Live! 2020 appeared first on Cisco Blogs.

  • Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them
    on June 1, 2020 at 5:35 pm

    The Sandworm group -- behind disinformation and election-hacking campaigns and responsible for a 2016 power outage in the Ukraine -- is now targeting e-mail servers.

  • The Advanced Protection Program comes to Google Nest
    on June 1, 2020 at 5:00 pm
  • Apple Pays $100K Bounty for Critical ‘Sign in With Apple’ Flaw
    on June 1, 2020 at 4:07 pm

    Apple has fixed a critical flaw in its Sign in with Apple feature, which could have been abused by attackers to takeover victims' third-party applications.

  • Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack
    on June 1, 2020 at 4:00 pm

    Machine learning (ML) is an increasingly valuable tool in cyber security as adversaries continually evolve their tactics and techniques to evade detection. As machine learning has advanced and sophisticated ML models have been developed to assist security professionals in protecting the cloud, adversaries have been busy developing malware designed to evade ML models. To proactively … Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack Read More » The post Machine Learning Security Evasion Competition 2020 Invites Researchers to Defend and Attack appeared first on Microsoft Security Response Center.

  • Symbiosis
    on June 1, 2020 at 4:00 pm

    For the entirety of human history, we have made tools and those tools have then shaped us. But in the digital age, that ancient feedback loop has become more complicated. We are fully conscious of the impact our tools can have on us, and we have the chance to guide our future symbiotic relationship with out technology, in a way that expands our cognitive capacity, creativity and skills that would make us fulfill our untapped potential as a species. But is that possible when the vast majority of us have become detached from the development of our technology? What happens to the ancient feedback loop when we are being shaped by obscure devices, in an age of digital blackboxes? Aleks Krotoski explores the history of how we have been shaped by tool development, and discovers how we can plug back into the process, and shape out symbiotic future.

  • Minneapolis Police Department Hack Likely Fake, Says Researcher
    on June 1, 2020 at 3:43 pm

    Troy Hunt said that the supposed data breach perpetrated by Anonymous is most likely a hoax.

  • No password required! “Sign in with Apple” account takeover flaw patched
    on June 1, 2020 at 3:19 pm

    A bug bounty hunter found a way to login using "Sign in with Apple"... but without the part where you have to put in a password.

  • What Do the Customers Think?
    on June 1, 2020 at 3:13 pm

    IT Security solution providers know how hard it is to get customers to talk on the record about the solutions they use. Case studies and customer feedback, however, are the only way in which cybersecurity solution providers can tailor their product to the needs of their buyers. They are also a valuable source of insight The post What Do the Customers Think? appeared first on IT Security Guru.

  • Personal Information Stolen In Amtrak Guest Reward Data Breach
    on June 1, 2020 at 2:41 pm

    Amtrak has revealed that some customers may have had their personal information and log-ins stolen after it detected unauthorized access of rewards accounts by a third party. Also known as the National Railroad Passenger Corporation, the state-backed US transportation provider revealed the news in a regulatory filing with the Office of the Vermont Attorney General. The post Personal Information Stolen In Amtrak Guest Reward Data Breach appeared first on IT Security Guru.

  • Nipissing First Nation Locked Down By Ransomware
    on June 1, 2020 at 2:38 pm

    The Nipissing First Nation administration stopped a ransomware attack in its tracks but not soon enough to prevent disruption of communications. The attack was discovered on May 8 and affected all departments of the administration but most of the network remained unaffected. Source: BleepingComputer  The post Nipissing First Nation Locked Down By Ransomware appeared first on IT Security Guru.

  • Open Source Content Management System Joopla Discloses Data Breach
    on June 1, 2020 at 2:37 pm

    The team behind the Joomla open source content management system (CMS) announced a security breach last week. The incident took place after a member of the Joomla Resources Directory (JRD) team left a full backup of the JRD site (resources.joomla.org) on an Amazon Web Services S3 bucket owned by their own company. Source: ZDNet In The post Open Source Content Management System Joopla Discloses Data Breach appeared first on IT Security Guru.

  • Hosting Provider’s Database of Crooked Customers Leaked
    on June 1, 2020 at 2:37 pm

    Database of sensitive info, including emails and passwords, from owners of Daniel’s Hosting portals could be incriminating.

  • What the NHS Test and Trace scheme could learn from banks about stopping scams
    on June 1, 2020 at 2:04 pm

    I’m concerned that fraudsters will disguise themselves as the NHS Test and Trace Service, and trick people into giving over sensitive personal information – and maybe even some money. Maybe something could be learnt from the banks?

  • Using Wi-Fi to Help Manage the Return to the Office
    on June 1, 2020 at 2:00 pm

    Cisco DNA Spaces use Wi-Fi access points to help you track and manage employee density in the workplace. The post Using Wi-Fi to Help Manage the Return to the Office appeared first on Cisco Blogs.

  • How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
    on June 1, 2020 at 2:00 pm

    Without the right tools and with not enough cybersecurity pros to fill the void, the talent gap will continue to widen.

  • How to Create a Culture of Kick-Ass DevSecOps Engineers
    on June 1, 2020 at 12:06 pm

    Much like technology itself, the tools, techniques, and optimum processes for developing code evolve quickly. We humans have an insatiable need for more software, more features, more functionality… and we want it faster than ever before, more qualitative, and on top of that: Secure. With an estimated 68% of organizations experiencing zero-day attacks from undisclosed/unknown vulnerabilities

  • COVID-19: Latest Security News & Commentary
    on June 1, 2020 at 11:40 am

    Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.

  • Joomla Resources Directory (JRD) Portal Suffers Data Breach
    on June 1, 2020 at 11:34 am

    Joomla, one of the most popular Open-source content management systems (CMS), last week announced a new data breach impacting 2,700 users who have an account with its resources directory (JRD) website, i.e., resources.joomla.org. The breach exposed affected users' personal information, such as full names, business addresses, email addresses, phone numbers, and encrypted passwords. The

  • Prioritize alerts and jump-start your investigations with Recorded Future’s free browser extension. Sign up now.
    on June 1, 2020 at 11:11 am

    Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Drowning in alerts from many different sources and systems? Spending too much valuable time researching potential threats and vulnerabilities? You need Recorded Future Express, a new browser extension from the experts at

  • Password Changing After a Breach
    on June 1, 2020 at 11:08 am

    This study shows that most people don't change their passwords after a breach, and if they do they change it to a weaker password. Abstract: To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other accounts. Ideally, affected companies should strongly encourage this behavior and have mechanisms in...

  • Github uncovers malicious scanner targeting developers
    on June 1, 2020 at 10:28 am

    GitHub has uncovered a form of malware that spreads via infected repositories on its system.

  • Github uncovers malicious ‘Octopus Scanner’ targeting developers
    on June 1, 2020 at 10:28 am

    GitHub has uncovered a form of malware that spreads via infected repositories on its system.

  • Facebook to verify identities on accounts that churn out viral posts
    on June 1, 2020 at 10:14 am

    Hopefully it's a COVID-19 version of what it did post-2016 elections, when it required verification of those buying political or issue ads.

  • 8 ways to get more life out of an old SIEM
    on June 1, 2020 at 10:00 am

    As the COVID-19 pandemic drags global economies to a halt, enterprises are having to tighten their belts across the board, including in IT. In May Gartner predicted that worldwide IT spending will decrease by 9% in 2020 compared to last year. According to a Barracuda survey released in May, 40% of companies have cut their cybersecurity budgets as a cost-saving measure to help tackle the COVID-19 crisis.To read this article in full, please click here(Insider Story)

  • Should you deploy a TLS 1.3 middlebox?
    on June 1, 2020 at 10:00 am

    To inspect or not to inspect, that is the question.To read this article in full, please click here(Insider Story)

  • Monday review – the hot 15 stories of the week
    on June 1, 2020 at 9:51 am

    From iPhone jailbreaks to questions about the dark web, and everything in between. It's weekly roundup time!

  • Researcher Reports Zero-Day ‘Sign in with Apple’ Bug that Could Allow Full Account Takeover
    on June 1, 2020 at 9:26 am

    Infosec researcher Bhavuk Jain has pocketed a handsome $100,000 from Apple’s bug bounty program after reporting a critical flaw that could have allowed malicious actors to bypass authentication and take over a user’s account. Released to much fanfare at the annual Worldwide Developers Conference (WWDC) in 2019, ‘Sign in with Apple’ enables users to log

  • Analysing the (Alleged) Minneapolis Police Department "Hack"
    on June 1, 2020 at 9:18 am

    Presently sponsored by: NordVPN, the leading VPN provider. 5000+ servers in 59 countries. Use on 6 devices at the same time, on every major platform.The situation in Minneapolis at the moment (and many other places in the US) following George Floyd's death is, I think it's fair to say, extremely volatile. I wouldn't even know where to begin commentary on that, but what I do have a voice on is data breaches which prompted

  • Apparently Coronavirus-tracing scammers won’t sound professional… (Yeah, right!)
    on June 1, 2020 at 8:51 am

    Some members of the UK public will soon start receiving text messages and emails claiming to come from the NHS Test and Trace Service, as part of the country’s fight against the Coronavirus pandemic. The problem is that many of them won’t know if the communication is genuine, or from a scammer. And the UK Government’s advice isn’t helping.

  • ISC StormCast for Monday, June 1st 2020
    on June 1, 2020 at 2:00 am

    Sectigo AddTrust CA Expiredhttps://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020 Critical Sign In With Apple Flawhttps://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/ DABANGG: Refined Flush Based Cache Attackshttps://www.cse.iitk.ac.in/users/biswap/DABANGG.pdf New Website Explaining FIDOhttps://loginwithfido.com/

  • 3 Ways CISOs and DPOs Can Work Better Together
    on June 1, 2020 at 12:00 am

    3 Ways CISOs and DPOs Can Work Better TogetherWith Data Privacy Officer (DPO) positions on the rise, Chief Information Security Officers (CISOs) should lean on existing business mechanisms to define roles and swim lanes

  • Extending security tools to the at home workforce during the pandemic.
    on May 31, 2020 at 11:00 am

    In this episode of CyberWire-X, Rick Howard, the CyberWire’s Chief Analyst, interviews security thought leaders on the strategy and tactics to extend the security controls we’ve typically used to protect our handful of remote employees in the past to today, during the pandemic, that requires us to deploy flexible but equivalent controls at scale to everybody in the organization. Joining us is Bob Turner, CISO of the University of Wisconsin at Madison. Later in the program, we will hear from Mounir Hahad, the head of Threat Labs, and Mike Spanbauer, a security evangelist, at Juniper Networks, the sponsor of the show.   Thanks to our sponsor, Juniper Networks. 

Feed sources:

  • https://www.schneier.com/blog/atom.xml
  • https://nakedsecurity.sophos.com/feed/
  • https://krebsonsecurity.com/feed/
  • http://feeds.feedburner.com/GoogleOnlineSecurityBlog
  • https://www.darknet.org.uk/feed/
  • https://www.darkreading.com/rss_simple.asp
  • https://www.imperva.com/blog/feed/
  • https://www.csoonline.com/index.rss
  • http://feeds.feedburner.com/TheHackersNews
  • https://taosecurity.blogspot.com/feeds/posts/default
  • https://technet.microsoft.com/en-us/security/rss/advisory
  • https://podcasts.files.bbci.co.uk/b01n7094.rss
  • https://labsblog.f-secure.com/feed/
  • https://dfirblog.wordpress.com/feed/
  • https://www.us-cert.gov/ncas/alerts.xml
  • https://threatpost.com/feed/
  • https://www.fireeye.com/blog/threat-research/_jcr_content.feed
  • https://feeds.feedburner.com/CiscoBlogThePlatform
  • http://feeds.feedburner.com/GrahamCluleysBlog
  • http://feeds.feedburner.com/TroyHunt
  • http://blogs.securiteam.com/index.php/feed
  • https://www.secureworks.com/rss?feed=blog
  • https://hotforsecurity.bitdefender.com/feed
  • http://www.itsecurityguru.org/feed/
  • https://blogs.technet.microsoft.com/msrc/feed/
  • https://blogs.technet.microsoft.com/mmpc/feed/

Have more RSS feeds to add to the list? Contact me. Thanks!