Security Risks

Insider Threats

• Reports and Statistics
• Internal Theft
• Dark Web
• Working Without Thinking
• Cloud Misconfiguration and Related Errors
• State Actors
• Phishing
• Malware and Viruses
• Mobile Devices
• Amazon
• Apple
• Cisco
• Facebook
• Google
• Intel
• Microsoft
• Smart?
• Twitter
• Instructional

External Risks

• Cloud Outages and Underperformance
• External Attacks and Breaches
• Miscellaneous Security Risks

Insider Threats

Reports and Statistics

• List of data breaches - Wikipedia
• 2019 Data Breaches - The Worst Breaches, So Far
• Top Zero Days, Data Breaches and Security Stories of 2019: News Wrap
• Top 10 IoT Disasters of 2019
• June 2019 data breach report
• Podcast: Insider Attacks May Soon Cost Less Than Malware-based Equivalent
• Most Americans Fail Cybersecurity Quiz
• The Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within
• Employee Security Threats
• The biggest cybersecurity risk to US businesses is employee negligence, study says
• How your employees put your organization at risk
• Insider Threats Are Rising – But They Shouldn’t Be
• ThreatList: Human Error is Behind One Quarter of Data Breaches
• Company insiders behind 1 in 4 data breaches
• Congrats on keeping out the hackers. Now, you've taken care of rogue insiders, right? Hello?
• Decoding: "Insider Threat"

Internal Theft

• Insider threat report
• 75% of insider breaches are accidental
• Insider Threats are Biggest Danger to Data Security
• GitHub - avishayil/caponeme: Repository demonstrating the Capital One breach on your AWS account
• Why Cloud, Collaboration Breed Insider Threats
• Insider threat examples: 7 insiders who breached security
• Egress Inside Threat Report
• Insider Threats: Root Causes and Mitigation Practices
• Insider Data Breach survey 2019 NA
• Trend Micro rogue employee exposes customer data
• Rogue Trend Micro Employee Sold Customer Data for 68K Accounts
• Podcast: Departing Employees Could Mean Departing Data
• Insider Threats Get Mean, Nasty and Very Personal
• Ex-Google engineer charged with stealing company's trade secrets for driverless cars
• Tesla Claims Secret Project Has Fallen Into Chinese Rival's Hands
• Former Tesla employee admits uploading Autopilot source code to his iCloud
• Who needs malware? IBM says most hackers just PowerShell through boxes now, leaving little in the way of footprints
• Former Apple employee charged with stealing Apple's self-driving car secrets
• Winner, Winner, prison dinner: Five years in the clink for NSA leaker
• General Electric engineer charged with stealing trade secrets encrypted in sunset picture
• Key iPhone Source Code Gets Posted Online in 'Biggest Leak in History'
• Leaked NSA Exploits Modified To Attack Every Windows Version Since 2000
• Jaguar Land Rover data leak reveals employee records, upcoming layoffs
• iPhone Baseband source code leaks online
• eBay Source Code
• US Homeland Security breach compromised personal info of 200,000+ staff
• Official Declassifed Congressional Report on malicious software breaches by Edward Snowden (2016) by United States House of Representatives of the 113th Congress
• $21 Trillion Lost: Largest Theft in U.S. History No Politician Wants to Talk About
• Tesla sabotage/data theft scandal becomes even crazier

Dark Web

• Search on dark+web+for+sale
• Here’s How Much Your Personal Information Is Selling for on the Dark Web (6-Dec-2017)
• Dark Web Links | Dark Web Sites | Deep Web Links 2019
• Over 750,000 debit and credit cards for sale found on the deep web
• Dark Web Offers Government Login Credentials for Sale
• Nearly 620 million stolen accounts for sale on dark web
• Halloware Ransomware on Sale on the Dark Web for Only $40
• Your identity is for sale on the dark web for less than $1,200
• Anti Public Combo List with Billions of Accounts Goes on Dark Web for Sale
• 1 Billion Yahoo Accounts are Hacked - Selling on Dark Web for $300
• Netflix, HBO GO, Hulu passwords found for sale on the Dark Web
• 35 million voter records up for sale on the dark web
• 127 million user records from 8 companies put up for sale on the dark web
• Facebook hack: People's accounts appear for sale on dark web
• Healthcare records for sale on Dark Web
• University email credentials for sale on the dark web

Working Without Thinking

• Pornography and Political Control, by E. Michael Jones
• Simple Email Mistakes That Can Cause Serious Data Security Breaches
• Nasty New Malware Waits Until You Visit A Porn Site, Then Starts Recording
• Federal Employee Visited 9,000 Porn Sites in Less Than 7 Months, Auditor Found
• Federal Employee Downloaded 9,000 Pages of Porn, Infecting Network with Russian Malware
• How does Russian malware get onto government computers? Through porn-watching civil servants
• I don't have to save my work, it's in The Cloud. But Microsoft really must fix this files issue

Cloud Misconfiguration and Related Errors

• Elasticsearch Server Leaks
• Mobile phone data breach could be largest in Canada’s history
• Data of 32 million SKY Brasil customers easily accessible on unprotected ElasticSearch server
• ElasticSearch database leaks 40GB crucial data of Honda Motor Company
• Honda's Security 'Soft Spots' Exposed in Unsecured Database
• Unprotected ElasticSearch server exposes location data of 11,000 Indian buses
• Unsecured Server Leaks PII of Almost 90% of Panama Residents
• Misconfigured ElasticSearch Servers Exposed Private Data of over 82 Million Users.
• Massive Breach at Data Broker Exactis Exposes Millions of Americans
• Incident Of The Week: Millions of Financial Records Exposed by Elasticsearch Database
• Multistage Attack Delivers BillGates/Setag Backdoor to Turn Elasticsearch Servers into DDoS Botnet
• Two Elasticsearch Databases Found Unprotected
• lessons to be learned from the elasticsearch data breach
• ElasticSearch server exposed the personal data of over 57 million US citizens
• An unprotected ElasticSearch server that contained the personal information of nearly 57 million US citizens was left publicly exposed online for almost two weeks. The data was stored on the server without a password.
• 257K Legal Documents Leaked By Unprotected Elasticsearch Server
• Unsecured ElasticSearch Server Exposed Data on 1,133 NFL Players
• Password data for ~2.2 million users of currency and gaming sites dumped online
• Breach affecting 1 million was caught only after hacker maxed out target’s storage
• Data-Enriched Profiles on 1.2B People Exposed in Gigantic Leak
• 7M Adobe Creative Cloud Users Exposed to Hackers
• Securing the Cloud: A Story of Research, Discovery, and Disclosure
• Imperva: Data Breach Caused by Amazon Cloud Misconfiguration
• All Data Breaches in 2019 – An Alarming Timeline
• Scotiabank slammed for 'muppet-grade security' after internal source code and credentials spill onto open internet: Blueprints for mobile apps, databases exposed in public GitHub repos
• Scotiabank source code and login credentials were hacked. Users should contact the bank to secure their money
• Tesco parking app hauled offline after exposing 10s of millions of Automatic Number Plate Recognition images
  Ranger Services goes to ground over unsecured Azure blob
• Capital One data breach: A look at the biggest confirmed breaches ever
• How the FBI caught Paige A. Thompson in Capital One hack ...
• 198 Million Car-Buyer Records Exposed Online for All to See
• Data Leak Impacts Millions of Yves Rocher Cosmetics Company Customers
• Adult Content Site Exposed Personal Data of 1M Users
• Chris Vickery on the Marriott Breach and a Rash of Recent High-Profile Hacks
• Another Day, Another Company Leaving Sensitive User Data Exposed Publicly On The Amazon Cloud
• 7 Most Infamous Cloud Security Breaches
• Cloud Leak: How A Verizon Partner Exposed Millions of Customer Accounts
• iCloud Nude Leaks: 26 Celebrities Affected In The Nude Photo Scandal
• iCloud leaks of celebrity photos
• Why do cloud leaks keep happening? Because no one has a clue how their instances are configured
• Hundreds of exposed Amazon cloud backups found leaking sensitive data
• Cloud Misconfiguration: The Biggest Cloud Security Risk
• Misconfigured Cloud Services Pose High Security Risks for Organizations
• A Technical Analysis of the Capital One Cloud Misconfiguration Breach
• Monetising mistakes: how to tackle cloud misconfiguration
• Cloud misconfiguration breach Archives
• Misconfiguration Leads to Major Health Data Breach
• 99% of misconfiguration incidents in the cloud go unnoticed
• Hunting the Public Cloud for Exposed Hosts and Misconfigurations
• Cloud Security Concerns Loom for 93% of Businesses Adopting Apps and BYOD
• Capital One Breach Casts Shadow Over Cloud Security
• Capital One data breach 2019: Millions affected in new breach
• McAfee says cloud security not as bad as we feared… it's much worse
• Massive Data Leak Could Affect 300 Million Americans
• FedEx Customer Data Exposed on Unsecured S3 Server
• 1.5 BEEELLION sensitive files found exposed online dwarf Panama Papers leak
• Oklahoma gov data leak exposes FBI investigation records, millions of department files
• Millions Of Secret Bank Docs Leak Online After Mishap
• 800+ Million Emails Leaked Online by Email Verification Service
• NSA breach spills over 100GB of top secret data
• Equifax reveals full horror of that monstrous cyber-heist of its servers
• Amazon hit with major data breach days before Black Friday
• 42 Million Dating App Records Exposed Online, Leaking User IP Addresses and Location Data
• First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records
• 540 Mllion Facebook Records Leaked by Public Amazon S3 Buckets
• Salesforce? Salesfarce: Cloud giant in multi-hour meltdown after
  database blunder grants users access to all data
• Top 10 Cloud Risks That Will Keep You Awake at Night (PDF)
• ThreatList: 4.1B Records Exposed in Breaches in First Half of 2019
• Hostinger Data Breach: 14M Customer Passwords, Personal Data at Risk
• USPS, Amazon Data Leaks Showcase API Weaknesses
• Toyota Security Breach Exposes Personal Info of 3.1 Million Clients
• Pyramid Hotel Group Exposed 85GB Of Hotel Security Logs
• Major breach found in biometrics system used by banks, UK police and defence firms
• Data breach of blood testing provider exposes 12 million people's information
• LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach
• Fortune 500 company leaked 264GB in client, payment data
• Data breach of blood testing provider exposes 12 million people's information
• Millions of "private" Theta photos were available online, easily accessible
• First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records
• Almost the Entire Population of Ecuador Had Its Data Leaked
• Quest Diagnostics says nearly 12 million patients may have had data breached
• Hackers breach HealthCare.gov system, get data on 75,000
• Euro bank regulator: Don't follow the crowd. Stay off the cloud
• Nissan Canada Finance informs customers of possible data breach
• Hackers stole income, immigration and tax data in Healthcare.gov breach, government confirms
• Quora reports data breach affecting 100 million users

State Actors

• New Cybersecurity Rules Give Regime Control of Data Outside China
• TikTok Riddled With Security Flaws
• TikTok Banned By U.S. Army Over China Security Concerns
• The Hidden Military Use Of 5G Technology
• Wikileaks Drops 'Vault 8': CIA Wrote Code Impersonating Russian Anti-Virus Giant
• Foreign-Born Researchers at US Agencies Were Secretly Working for China, Senate Report Finds
• Former CIA Officer Sentenced to 19 Years in Prison Over Chinese Espionage Contacts
• SPY: Chinese National Pleads Guilty to Stealing Trade Secrets From US Petroleum Company
• Chinese Government Hacks US Navy
• How much has the US lost from China's intellectual property theft?
• US Charges 2 Chinese Intel Officers with Stealing Aviation Secrets, Tech Data
• DOJ charges Chinese, Taiwanese companies, individuals with alleged scheme to steal trade secrets from American company
• Taiwan Charges 5 BASF Employees for Selling Trade Secrets to China
• Chinese American scientist admits plot to steal GlaxoSmithKline’s secrets for firm in China
• Airbus hit by series of cyber attacks on suppliers
• UPSynergy: Chinese-American Spy vs. Spy Story
• Chinese Hackers May Have Attempted to Steal Airbus Secrets via Contractors: AFP
• China-Linked Hackers Target Tibetan Activists' Smartphones By Spoofing Amnesty International Officials
• Stunning Exposé Offers New Details About China's Infiltration Of 8 Tech Giants
• Chinese-Founded US Tech Firm Found Guilty of IP Theft
• Chinese Security Cameras Banned For Spying Are Nearly Impossible To Identify And Remove
• Chinese Tech Giants Baidu, Alibaba, and Tencent Are De Facto Tools of Chinese Regime: US Official
• China Involved in a Quarter of Significant Cyber Incidents in Past Year, Report Says
• Is Huawei Now Spying in the Cloud?
• For two hours, a large chunk of European mobile traffic was rerouted through China
• China behind massive Australian National University hack, intelligence officials say
• Huawei "Spent All Their Resources Stealing", Stunning New Exposé Shows
• Chinese Hackers Copy NSA Hacking Software, Use It To Attack US Allies
• NSA-style backdoor in Huawei laptops found by Microsoft
• China’s ‘Huawei Strategy’ is to Bypass US Intelligence
• China Hacked IBM And HP, Then Went After Their Clients
• All your pictures, your conversations, everything—could be going to China’s Communist Party
• Chinese company charged with stealing trade secrets from U.S. computer firm
• Ten Chinese Agents Charged with Hacking Aviation Companies
• Companies, Universities Hire Chinese Researchers, Ignore National Security Worries
• China Expands Its Cybersecurity Rulebook, Heightening Foreign Corporate Concerns
• Facebook And Apple Confirm Their Servers Were Hit By Chinese Malware
• The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
• China Spy Chips Report Adds Pressure on Pentagon Cloud Security
• How Communist China Steals American Secrets and Endangers U.S. Security
• China Is Guilty Of Way More Culture Theft Than A Kid In A Prom Dress
• Bombshell WSJ Story Confirms "Systematic And Methodical" Chinese Theft Of US Trade Secrets
• China ‘has taken the gloves off’ in its thefts of U.S. technology secrets
• Time to Fight Back Against China's Massive Intellectual Property Theft
• Huawei cloning Apple parts, rewarding employees for tech theft
• Chinese Telecommunications Device Manufacturer and its U.S. Affiliate Arraigned on Charges of Theft of Trade Secrets, Wire Fraud, and Obstruction of Justice

Phishing

• You've Been Served…with Subpoena-Themed Phishing Emails
• Silent Librarian Retools Phishing Emails to Hook Student Credentials
• Iran-Linked 'Charming Kitten' Touts New Spearphishing Tactics
• Iranian Hackers Launch a New US-Targeted Campaign as Tensions Mount
• Phishing attacks and how to prevent them
• Phishing: Not Just For Criminals
• 5 Critical Steps To Take After Being Phished
• Phishing Users using Evilginx and Bypassing 2FA
• Library-Themed University Phishing Attack Expands to Massive Scale
• Strangest Phishing Lures of 2019: From Divorce Papers to Real Estate Decoys
• Phishing Attacks Enlist Amazon AWS, Microsoft Azure in Ploys

Malware and Viruses

• New JhoneRAT Malware Targets Middle East
• Oski Data-Stealing Malware Emerges to Target North America, China
• Liverpool Voyeur Used IM-RAT to Video Women at Home
• DeathRansom Campaign Linked to Malware Cornucopia
• Magecart Hits Parents and Students via Blue Bear Attack
• Ransomware Attack Topples Telemarketing Firm, Leaving Hundreds Jobless
• Travelex Knocked Offline by System-Wide Malware Attack
• Biggest Malware Threats of 2019
• Smart Krampus-3PC Malware Targets iPhone Users Online
• Elegant sLoad Carries Out Spying, Payload Delivery in BITS
• Smart Krampus-3PC Malware Targets iPhone Users Online
• Snatch Team Steals Data and Hammers Orgs with Ransomware
• Authorities Break Up Imminent Monitor Spyware Organization
• Don't Get Kicked Out! A Tale of Rootkits and Other Backdoors
• Gnip Banking Trojan Shows Ongoing, Aggressive Development
• Ransomware attack at Mexico's Pemex halts work, threatens to cripple computers
• Raccoon Stealer Malware Scurries Past Microsoft Messaging Gateways
• Threat Actor Impersonates USPS to Deliver Backdoor Malware
• Ransomware Attack Downs Hosting Service SmarterASP.NET
• Double Vision: Stealthy Malware Dropper Delivers Dual RATs
• China-Linked Hackers Spy on Texts With MessageTap Malware
• New Adwind Variant Targets Windows, Chromium Credentials
• 15 Years Later, Metasploit Still Manages to be a Menace
• Raccoon Malware Scavenges 100,000+ Devices to Steal Data
• Phorpiex Botnet Shifts Gears From Ransomware to Sextortion
• Pitney Bowes Hit with Ransomware Attack
• Major Airport Malware Attack Shines a Light on OT Security
• Docker Containers Riddled with Graboid Crypto-Worm
• 10 Steps for Ransomware Protection
• .WAVs Hide Malware in Their Depths in Innovative Campaign
• Fake iOS Jailbreak Site Lures in Apple Users
• The City Of Baltimore Blew Off A $76,000 Ransomware Demand Only To Find Out A Bunch Of Its Data Had Never Been Backed Up
• U.S. charges North Korean hacker in Sony, WannaCry cyberattacks
• LookBack Removal Report
• New Reductor Malware Hijacks HTTPS Traffic
• Virus Bulletin 2019: VoIP Espionage Campaign Hits U.S. Utilities Supplier
• Virus Bulletin 2019: Magecart Infestations Saturate the Web
• Ransomware Attacks Leave U.S. Hospitals Turning Away Patients
• Hackers Turn to OpenDocument Format to Avoid AV Detection
• US Govt. plant USB sticks in security study, 60% of subjects take the bait
• Most malspam contains a malicious URL these days, not file attachment
• Hit by ransomware? Victims of these four types of file-encrypting malware can now retrieve their files for free
• Android ransomware is back
• GermanWiper isn't ransomware. It's worse than that
• GonnaCry/ at master · tarcisio-marinho/GonnaCry · GitHub
• 2.1M Android Devices Infected by Malicious Beauty and Photo Apps
• Fake DeepNude Downloads Gives You Malware Instead of Nudes
• New SIM card attack disclosed, similar to Simjacker
• New SIM attacks de-mystified, protection tools now available
• Malware infection disrupts production at defence contractor plants in three countries
• Microsoft: New Nodersok malware has infected thousands of PCs
• Malware operators abuse Windows Narrator software in Asian attack wave
• Hackers looking into injecting card stealing code on routers, rather than websites
• POS Malware Found at 102 Checkers Restaurant Locations
• Forbes Becomes Latest Victim of Magecart Payment Card Skimmer
• Kasper-Spy: Kaspersky Anti-Virus puts users at risk
• Say Cheese: Ransomware-ing a DSLR Camera
• 2019 State of Malware report: Trojans and cryptominers dominate threat landscape - Malwarebytes Labs
• Florida City Pays $462,000 In Ransom After Second Cyberattack Cripples City's Infrastructure

Mobile Devices

• Grindr, Tinder and OkCupid 'are sharing user's personal data including information about sexuality'
• It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool
• App Analysis: Airbnb
• App Analysis: Air Canada
• Twelve Million Phones, One Dataset, Zero Privacy
• Breaking The Encryption on Your Mobile Phone — Without Touching It
• U.N., UNICEF, Red Cross Under Ongoing Mobile Attack
• ThreatList: Sharp Increase in Fake Mobile Apps Impersonating Legit Ones
• Samsung warning: Galaxy S10 and Note 10 owners should remove their screen protectors now
• Samsung Rolls Out Fix For Galaxy S10 Fingerprint Sensor Glitch
• After Jack Hack, Government Starts Taking Wireless 'SIM Hijacking' Seriously
• #SecTorCa: Millions of Phones Leaking Information Via Tor
• Galaxy S10 Fingerprint Sensor Thwarted With Screen Protector: Report
• Stuck In The Machine Zone: Your Sweet Tooth For 'Candy Crush'
• Google Warns of Android Zero-Day Bug Under Active Attack
• WhatsApp Flaw Opens Android Devices to Remote Code Execution
• Zynga data breach affects +200M 'Words With Friends' users
• Snapchat Employees Abused Data Access to Spy on Users
• The /e/ Google-free, pro-privacy Android clone is now available
• Agent Smith Android malware has infected 25 million devices so far
• "Agent Smith”: The New Virus to Hit Mobile Devices
• Heyyo dating app leaked users' personal data, photos, location, more
• 4.9 Million People Affected By DoorDash Data Breach
• Personal info on nearly 5 million DoorDash users, drivers, and merchants exposed
• Chrome's default-on ad blocker - which doesn't block adverts ...
• Malicious Apps Infect 25 Million Android Devices With 'Agent Smith" malware
• Researchers Find Google Play Store Apps Were Actually Government Malware
• Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information (PDF)
• Cellular networks flaws expose 4G & 5G devices to IMSI capturing attacks
• Major vulnerability in 5G means that anyone with $500 worth of gear can spy on a wide area's mobile activity
• Four major dating apps expose precise locations of 10 million users
• 42 Million Dating App Records Exposed Online, Leaking User IP Addresses and Location Data
• Hacker Finds He Can Remotely Kill Car Engines After Breaking Into GPS Tracking Apps
• More than two thirds of all Android antivirus apps are ineffective and many don't even do anything at all
• Triton is the world’s most murderous malware, and it’s spreading
• 'Smart' Car Alarm App Could Allow 3 Million Cars To Be Unlocked Remotely
• Thousands of Android apps permanently record your online activity for ad targeting
• Many popular iPhone apps secretly record your screen without asking
• Your phone indeed has ears that you may not know about
• My devices are sending and receiving data every two seconds, sometimes even when I sleep
• New study claims data harvesting among Android apps is "out of control"
• Samsung Phone "Bug" Secretly Sent Photos To Random Contacts

Amazon

• 4 Ring Employees Fired For Spying on Customers
• Amazon and Ring Hit With Lawsuit After Camera Hacks Confirm Worst Fears of Privacy Advocates
• Report: Amazon 'Alexa' Tells Terrified Mom to Make Sure She Kills Herself by 'Stabbing Herself in the Heart'
• Don’t Buy Ring Or Other Home Surveillance Devices For Anyone, Ever
• We Tested Ring's Security. It's Awful'
• Ring Plagued by Security Issues, Flood of Hacks
• Man hacks Ring security camera in 8-year-old girl's bedroom, watches and taunts her, screams n-word repeatedly
• Amazon's Blink Smart Security Cameras Open to Hijack
• Blink XT2 Camera System Command Injection Flaws
• Ring: Doorbell camera footage can be kept by police forever and shared with whomever they’d like
• Amazon says it’s considered face scanning in Ring doorbells
• Amazon Fixes Ring Video Doorbell Flaw That Leaked Wi-Fi Credentials
• Is AWS Liable in Capital One Breach?
• Smart Spies: Alexa and Google Home expose users to vishing and eavesdropping – Security Research Labs
• Amazon's 'Cloud Cam' Sometimes Shares Users' 'Intimate Moments' With Dozens Of Strangers
• Here's How To Review All The Recordings Alexa Has Of You
• Amazon Echo Loop: Alexa in a discrete smart ring
• Google and Amazon use smart speakers for 'surveillance,' top tech investor says
• Amazon admits it keeps your Alexa transcripts forever
• They are Watching Us -- All the Time
• Amazon Alexa will soon record EVERYTHING you say rather than wait to hear its name first, new patent reveals
• Amazon Is Watching
• Is Alexa Listening? Amazon Employees Can Access Home Addresses
• Busted: Thousands Of Amazon Employees Listening To Alexa Conversations
• Amazon workers listen to Alexa recordings: report
• 'Always Listening' - Amazon's Alexa Stores Everything You Say To It; Here's How To Delete

Apple

• Apple reveals it scans iCloud photos to check for child sexual abuse images
• Every move you make, I’ll be watching you: Privacy implications of the Apple U1 chip and ultra-wideband
• Apple Fixes ‘AirDoS’ Bug That Cripples Nearby iPhones, iPads
• Encrypted Emails on macOS Found Stored in Unprotected Way
• Just-Released Checkra1n iPhone Jailbreak Stirs Security Concerns
• IoT Security Woes Plague Healthcare Industry
• Apple Removes 17 Malicious iOS Apps From App Store
• Apple iTunes Bug Actively Exploited in BitPaymer/iEncrypt Campaign
• ipwndfu: Open-source jailbreaking tool for many iOS devices
• New Checkm8 jailbreak released for all iOS devices running A5 to A11 chips
• Apple Has a Million Dollar Bug Bounty Problem
• iOS Exploit ‘Checkm8’ Could Allow Permanent iPhone Jailbreaks
• Apple to Patch Bug Granting Full Access to 3rd-Party Keyboards
• ThreatList: Apple Adware, Phishing, APT Attacks Threaten macOS Users
• Apple Gave Uber Access to Feature That Allowed Screen Recording
• Malicious websites were used to secretly hack into iPhones for years, says Google
• Siri "Regularly" Listens In On Your Sexual Encounters, Apple Insists "Only For A Few Seconds"
• Apple says Siri will no longer retain audio by default, one-upping Amazon and Google on privacy
• Amazon and Google don't like you calling their smart speakers "surveillance devices"
• It’s the middle of the night. Do you know who your iPhone is talking to?
• iSpy: iPhones Secretly Store Call History on Apple’s Servers
• Suspicious 'back doors' running on every iOS device (PDF)
• Apple is blocking third-party repairs on new Mac computers
• Apple is quietly giving people 'trust scores' based on their iPhone data
• Apple confirms it uses Google cloud for iCloud
• Apple confirms it's a Google Cloud customer — and it's a big victory for Google's cloud boss, Diane Greene
• Apple moves to store iCloud keys in China, raising human rights fears

Cisco

• 3 Critical Bugs Allow Remote Attacks on Cisco NX-OS and Switches
• Cisco Aironet Access Points Plagued By Critical, High-Severity Flaws
• Four words from Cisco to strike fear into the most hardened techies: Guest account as root
• Cisco warning: These routers running IOS have 9.9/10-severity security flaw
• Critical Cisco VM Bug Allows Remote Takeover of Routers
• A Cisco Router Bug Has Massive Global Implications
• Did you hear the one about Cisco routers using strcpy insecurely for login authentication? Makes you go AAAAA-AAAAAAArrg *segfault*

Facebook

• Facebook waited two weeks to tell employees payroll data was stolen
• 29,000 Facebook Employees Have Their Banking Information Compromised by Theft
• 267M Facebook Users’ Phone Numbers Exposed Online
• Facebook Admits You Can't Opt Out of Location Tracking
• Amnesty International: Google & Facebook's "Surveillance-Based" Model Threatens Human Rights
• Facebook gave Tinder and other dating apps special access to user data
• Facebook Bug Activates the iPhone Camera When Users Scroll Their Feed
• Facebook says 100 developers may have improperly accessed user data
• Facebook, WhatsApp Will Have to Share Messages With U.K. Police
• Why is Facebook spying on the AUDIO of its users?
• Facebook Has Been Secretly Transcribing Your Conversations
• Facebook admits that it stored at least 600 million passwords in plain text, with employees having access to the files for years
• 540 Mllion Facebook Records Leaked by Public Amazon S3 Buckets
• Facebook says it left 'hundreds of millions' of user passwords unencrypted
• Facebook won’t let you opt-out of its phone number ‘look up’ setting
• Facebook Lets Anyone View Your Profile Using Your Phone Number
• REPORT: Facebook Allowed Companies to Read, Write, and Delete User Private Messages
• Facebook Illegally Obtained Your Medical Records - Major Lawsuit Underway
• Instagram explores sharing your precise location history with Facebook
• Masters of the Universe: Facebook Admits to Sharing User Data with 61 Companies
• DATA LEAK: FaceBook To Blame For Over 750 Million Emails With PassWord Combinations Being Released.
• Hackers Claim Breach Of 120 Million Facebook Accounts; Put Private Messages Up For Sale

Google

• No More Google
• How to stop Google Maps from tracking and saving your location
• ‘Fleeceware’ Apps Downloaded 600M Times from Google Play
• Why Amazon and Google's Smart Speakers Are So Cheap
• Google collects face data now. Here's what it means and how to opt out
• Google really is listening and recording on apps
• Ex-Google exec Ross LaJeunesse claims company shrugged off human rights in search of profits
• Google Boots Security Camera Maker From Nest Hub After Private Images Go Public
• I Was Google’s Head of International Relations. Here’s Why I Left.
• Google veterans: The company has become 'unrecognizable'
• Google Chrome Affected By Magellan 2.0 Flaws
• Alexa, Google Home Eavesdropping Hack Not Yet Fixed
• Google Chrome update is 'catastrophe' as bug wipes data from Android apps
• Amnesty International: Google & Facebook's "Surveillance-Based" Model Threatens Human Rights
• Popular Apps on Google Play Store Remain Unpatched
• Google Running Orwellian Project to Secretly Hoover Up Health Records of Millions of Americans Across 21 States
• Android Malware Plaguing 45K Devices Remains a Mystery
• Android Keyboard App Could Swindle 40M Users Out of Millions
• Google Discloses Chrome Flaw Exploited in the Wild
• Google Analytics Emerges as a Phishing Tool
• Consumer data privacy breach spells lawsuit for Alphabet's Google in Australia
• ThreatList: Google's Advertising Network Dominates Global Data Collection
• Sinister prankster hacks Nest camera, threatens to kidnap baby
• Dangerous Kubernetes Bugs Allow Authentication Bypass, DoS
• Smart Spies: Alexa and Google Home expose users to vishing and eavesdropping – Security Research Labs
• Google Executive: You Should Warn Guests About Smart Speakers in Your Home
• How to bypass Android certificate pinning and intercept SSL traffic
• Android Security Monthly Recap #9
• Google Play Malicious Apps Racked Up 335M+ Installs In September
Harmful apps on Google Play in September 2019
• Google quietly removed at least 46 apps from the Play store belonging to iHandy, a major Chinese mobile developer
  (I could backtrack only 11, rest of them (35 apps) are not included)
• Two adware apps with 600,000+ installs found on Google Play
• Subscription Scam apps found on Google Play – 15 apps with 20,000,000+ installs
• 29 Hidden Ads trojans with 10,900,000+ installs found on Google Play
• 25 hidden adware found on Google Play with over 2,100,000 installs
• Two hidden ads Trojans found on Google Play with 1,500,000+ installs
• HiddenAd adware with 50,000+ installs found on Google Play
• Android Spy that signs you for SMS premium subscription (€6,71 per week) found in 24 apps on Google Play with 472,000+ installs
• Seven HiddenApp Trojans found on Google Play with 310,000+ installs
• Android banking Trojan – Hydra – found on Google Play with 10,000+ installs
• Stalkerware app with 10,000+ installs found on Google Play
• Fake Antivirus app found on Google Play with 10,000+ installs
Two fake apps with all together 200+ installs requests credit card credentials
• Fake App #1
• Fake App #2
• Fake cryptocurrency exchange app found on Google Play that bypasses SMS 2FA by stealing SMS notifications
• Fake apps spread on iOS App Store and Google Play
• Google Rolls Out "Orwellian Nightmare" Technology To Spy On You In YOUR HOME
• Google's new smart homes device is always listening...and WATCHING: Firm launches $299 Nest Hub Max
• Joker Spyware Found in 24 Google Play Apps
• FunkyBot Malware Intercepts Android Texts, 2FA Codes
• Google and Amazon use smart speakers for 'surveillance,' top tech investor says
• Google Play App With 100 Million Downloads Was A Trojan
• Google confirms that advanced backdoor came preinstalled on Android devices
• Some People Couldn’t Turn On Their A/C When Google Went Down Over the Weekend
• That major Google outage meant some Nest users couldn’t unlock doors or use the AC
• Amazon and Google don't like you calling their smart speakers "surveillance devices"
• Google Home is sending your private recordings to Google workers
• Google responds to eavesdropping reports, admits humans listen to some audio recordings from Google Assistant
• Report: Google's Nest Security Cameras Allowed Previous Owners to Spy on New Users
• Google Parses Your Gmail For Financial Transactions
• Google Has a Creepy Secret Page That Tracks Your Shopping History
• Google tracks EVERY online purchase you've ever made by scanning your emails – how to find the secret list
• Google Tracks Your Location And Shares It With Police, Even When Your Phone Is Off
• How to stop Google from storing your location history
• Google stored some passwords in plain text for fourteen years
• Kids are taking to Google Docs to message each other undetected
• Google Has Quietly Dropped Ban on Personally Identifiable
• Google under fire for using 'research' app similar to Facebook's to snoop on user's phones
• Google Exposed User Data, Then Covered Up the Breach Fearing Repercussions of Disclosing to Public
• 10 years later, Google still has the creepy ability to remotely control a phone
• Tech’s ‘Dirty Secret’: The App Developers Sifting Through Your Gmail
• Every Android Device Since 2012 Impacted by RAMpage Vulnerability
• Google finds bug in Google+ - 52.5 million users affected

Intel

• Intel’s SGX coughs up crypto keys when scientists tweak CPU voltage
• Plundervolt: Software-based Fault Injection Attacks against Intel SGX
• Modern Intel CPUs Plagued By Plundervolt Attack
• Exploiting Intel’s Management Engine – Part 1: Understanding PT’s TXE PoC (INTEL-SA-00086)
• Exploiting Intel’s Management Engine – Part 2: Enabling Red JTAG Unlock on Intel ME 11.x (INTEL-SA-00086)
• Gamers Warned of High-Severity Intel, Nvidia Flaws
• CVE-2017-5689 Detail:
  An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs:
  Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM)
• Intel's remote AMT vulnerability
• Intel's Management Engine is a security hazard, and users need a way to disable it
• Disabling Intel ME 11 via undocumented mode
• Researchers Discover Disabling of Intel ME Backdoor Through NSA Hardware Requirement
• Sakaki's EFI Install Guide/Disabling the Intel Management Engine
• Everything You Need to Know About Intel's CPUs Getting Hacked
• Intel Q3’17 ME 11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update
• SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks (PDF)
• SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
  'Leakage ... is visible in all Intel generations starting from first-gen Core CPUs'
• All Intel chips open to new Spoiler non-Spectre attack: Don't expect a quick fix
• Project Zero: Exploiting the DRAM rowhammer bug to gain kernel privileges
• 'Rowhammer' attack flips bits in memory to root Linux
  Ouch! Google crocks capacitors and deviates DRAM to take control of the kernel
• Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack
• New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011
• Intel Side Channel Vulnerability MDS
• RIDL vulnerability hits Intel - new Side Channel Attack potentially is worse than Spectre and Meltdown
• DIY: Disabling Intel ME 'Backdoor' on your Computer
• Google Says Spectre And Meltdown Are Too Difficult To Fix
• Researchers discover seven new Meltdown and Spectre attacks
• Another data-leaking Spectre CPU flaw among Intel's dirty dozen of security bug alerts today
• Why Intel won't patch TLBleed vulnerability, despite serious concerns for cloud users
• Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs

Microsoft

• PoC Exploits Published For Microsoft Crypto Bug
• Podcast: NSA Reports Major Crypto-Spoofing Bug to Microsoft
• Microsoft OAuth Flaw Opens Azure Accounts to Takeover
• ThreatList: Admin Rights for Third Parties is the Norm
• High-Severity Windows UAC Flaw Enables Privilege Escalation
• Microsoft Outlook for Android Bug Opens Door to XSS
• Office 365 Admins Targeted in Ongoing Phishing Scam
• Office for Mac Users Warned of Malicious SYLK Files
• Fake Voicemail/Office 365 Attack Targets Enterprise Execs
• PowerShellRunBox: Analyzing PowerShell Threats Using PowerShell Debugging
• Microsoft employees listen to your conversations on Xbox since 2014
• Microsoft Contractors Listened to Xbox Owners in Their Homes
• Windows 10 Apps Hit by Malicious Ads that Blockers Won't Stop
• Why Windows 10 sucks or Everything Wrong with Microsoft Windows
• Report: Microsoft Edge Browser 'Lets Facebook Run Flash Code Behind Users' Backs'
• Microsoft Edge Secret Whitelist Allows Facebook to Autorun Flash
• Microsoft Has A Software Quality Problem
• Windows 10 telemetry network traffic analysis
• Windows 10 PC's phone home even after privacy hardening
• Windows 10 Worst Secret Spins Out Of Control [Updated]

Smart?

• How to Turn Off Smart TV Snooping Features
• Exploiting Wi-Fi Stack on Tesla Model S
• Car and Driver: Our Tesla Model 3 Suffered 'Catastrophic Failure' - While Parked
• Smart TVs: The Cyberthreat Lurking in Your Living Room, Feds Warn
• Smart Meters – Threats and Attacks to PRIME Meters
• Watch: "Smart"-Summoned Tesla Drives Down Wrong Side Of The Road In Mall Parking Lot
• Pwn2Own Tokyo Roundup: Amazon Echo, Routers and Smart TVs Fall to Hackers
• Smart TVs are data-collecting machines, new study shows
• You Are Being Continuously Tracked By Your Smart TVs: Here's How
• Improper Input Validation on dbell Smart Doorbell Can Lead To Attackers Remotely Unlocking Door
• Smart TVs like Samsung, LG and Roku are tracking everything we watch
• Smart TVs Caught Sending Sensitive User Data To Facebook And Netflix
• Smart Faucets And Toilets Use Alexa To Listen To Your Conversations
• Over two million smart devices are major security risks and should be thrown out, researcher says
• Samsung TVs should be regularly virus-checked, the company says

Twitter

• Twitter Fixes Bug that Enabled Takeover of Android App Accounts
• Cash App Twitter Giveaway a Haven for Stealing Money
• Twitter Uses Phone Numbers, Emails to Sell Ads

Instructional

• A Practical Guide to Zero-Trust Security
• Three Areas to Consider, to Focus Your Cyber-Plan
• GSM Traffic and Encryption: A5/1 Stream Cipher
• Cloud Network Security 101: AWS VPC Endpoints
• Cloud Network Security 101: AWS Security Groups vs NACLs
• Configuration Guide: EC2 Security Strategy
• Ahh shhgit! Watches real-time stream to GitHub and pulls out any accidentally committed secrets
• Execs Could Face Jail Time For Privacy Violations
• How to Use the Tor Browser for Privacy Online [Guide + Review]
• A Deepfake Deep Dive into the Murky World of Digital Imitation
• Revisiting Email Spoofing
• HacktheBox — Ghoul - InfoSec Write-ups
• 3 Ways Criminals Will Trick You Out Of Your Data
• 9 Effective Social Engineering Techniques
• So You Want To Learn [Red] Teaming?
• Smoke and Mirrors: Red Teaming with Physical Penetration Testing and Social Engineering
• How to Monitor GitHub for Secrets
• Shhgit finds secrets and sensitive files across GitHub code and Gists committed in near real time by listening to the GitHub Events API
• 5 Easy Router Protection Techniques - includes Attack and Packet Analysis
• Hack Breaks PDF Encryption, Opens Content to Attackers
• How to break PDF Encryption (September 2019)
• Frederik Braun : Remote Code Execution in Firefox beyond memory corruptions
• How to Break into a Jeep When You Don't Have A Knife
• A brief analysis of data compression security issues
• Preventing the Capital One breach
• A Technical Analysis of the Capital One Cloud Misconfiguration Breach
• The Capital One Breach & “cloud_breach_s3” CloudGoat Scenario
• How to Build Your Own Penetration Testing Dropbox Using a Raspberry Pi 4
• Subdomain takeover - Chapter one: Methodology
• Subdomain takeover - Chapter two: Azure Services
• Generating Personalized Wordlists with NLP For Password Guessing Attacks
• If you’re not using SSH certificates you’re doing SSH wrong
• Sniffle: A Sniffer for Bluetooth 5
• No right to be forgotten? Here's how to remove yourself from the Internet and hide your identity
• Underscoring the “private” in private key
• Command Injection with USB Peripherals
• How to grant or get Elevated Privileges in Windows 10/8/7
• Autorun Anything Off of a Usb Key: 4 Steps
• How to Use Bluetooth to Transfer Files between a Computer and an Android Tablet
• Hack Like a Pro: How to Remotely Install a Keylogger onto Your Girlfriend's Computer
• Hack Like a Pro: How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely
• Steganography: The Art of Hiding Data
• 4 Steps to a Better Insider Threat Awareness Training Program
• 4 Steps to Building a Security Awareness Program - Threat Stack
• 5 Best Practices to Prevent Insider Threat - SEI Insights
• Annual DoD Cyber Awareness Challenge Training - 2019 ...
• Insider Threat 2018 Report (PDF)
• Awareness & Training - CDSE
• Building Insider Threat Awareness into Security Awareness ...
• Common Sense Guide to Mitigating Insider Threats, Sixth Edition
• Education, Awareness at the Center of U.S.' First Insider Threat Month
• How penetration testing can prevent insider threats
• How to create awareness of the insider threat
• How to create awareness of the insider threat
• Insider Threat - A cyber security risk that cannot be outsourced
• Insider Threat - Training & Awareness
• Insider threat - Wikipedia
• Insider Threat - YouTube
• Insider Threat 2015 Info Graphic Examples
• Insider Threat Awareness - allqsecure.com
• Insider Threat Awareness - Security Awareness Hub
• Insider Threat Awareness and Training - YouTube
• Insider Threat Awareness Flashcards
• Insider Threat Awareness Month: What You Need to Know
• Insider Threat Awareness Training
• Insider Threat Awareness: Do You Recognize ... - FairWarning
• Insider Threat Gets Its Own National Awareness Month
• Insider Threat Toolkit - CDSE
• Insider Threat Trailer and Video
• Insider Threats in Cyber Security: What Are They? Risks ...
• It's Time to Start Thinking Like a Threat Hunter
• Malicious insiders are the heroes of their own warped story
• Managing insider threat - ey.com
• McKinsey on Risk
• National Insider Threat Task Force (NITTF) - dni.gov
• NATIONAL INSIDER THREAT TASK FORCE MISSION FACT SHEET
• Report indicates insider threats leading cause of data breaches in last 12 months
• Security Awareness in Action: A Case Study
• SEI Training
• September is Insider Threat Awareness Month > Defense ...
• September Is National Insider Threat Awareness Month
• Tackle Insider Threat by Creating a Culture of Security Awareness
• Talking insider threats at the CSO40 Security Confab and Awards
• The future of risk management in the digital era
• The Insider Threat: Are You at Risk? - Security Intelligence
• The Reg takes the US government's insider threat training program
• The Science of Detecting Insider Threats in the Cloud ...
• Understanding of insider threat far from complete
• Why Bayesian models excel at finding rogue insiders
• Why Creating a Culture of Security Awareness is Crucial in ...
• Why Insider Threats Are Inevitable - cioinsight.com
• You Are An Insider Threat: Here's What You Can Do About It ...

External Risks

Cloud Outages and Underperformance

• The 10 worst cloud outages (and what we can learn from them)
• Google’s Cloud outage is resolved, but it reveals the holes in cloud computing’s atmosphere
• What is a Cloud Outage? Cloud Outages Explained
• A Google Cloud outage knocked huge portions of the internet offline
• Google cloud outage knocks out Gmail, Discord and Snapchat (updated)
• Many iCloud services affected by major Google Cloud outage this afternoon
• Microsoft Azure data deleted because of DNS outage
• Azure Active Directory outage & RCA for Azure Cloud hicups
• Another massive outage takes down many of the internet’s biggest sites and service
• Major websites and services across the internet went down Tuesday because of a cloud network outage
• Salesforce's Major Outage Reinforces Pitfalls of Cloud Software World
• Shopify Outage Sunday June 2, 2019
• Details of the Cloudflare outage on July 2, 2019
• String of July Outages Fuels Datacenter Cloud Anxiety
• Office 365 Suffers Multiple Outages for Start of 2019
• IBM Cloud TITSUP: Techies investigate troubling storage underperformance

External Attacks and Breaches

• Critical Remote Code-Execution Bugs Threaten Global Power Plants
• TP-Link Routers Give Cyberattackers an Open Door to Business Networks
• Critical Citrix Bug Puts 80,000 Corporate LANs at Risk
• IoT vendor Wyze confirms server leak
• Data Breach Affects 63 Landry's Restaurants
• Cloud Hopper cyberattack hit IBM, HPE - WSJ - International Business Machines Corporation (NYSE:IBM)
• Birth Certificate Data Laid Bare on the Web in Multiple States
• Wawa CEO Announces Massive Data Breach Affecting 'Potentially All' Locations
• Honda Leaks Data of 26K North American Customers
• LifeLabs Pays Hackers Who Accessed 15M Customers’ Lab Test Results
• Cyberattack Downs Pensacola's City Systems
• GE, Dunkin’, Forever 21 Caught Up in Broad Internal Document Leak
• AT&T, Verizon Subscribers Exposed as Mobile Bills Turn Up on the Open Web
• Ultimate' MiTM Attack Steals $1M from Israeli Startup
• Insecure Database Exposes Millions of Private SMS Messages
• ID Thieves Turn to Snail Mail as Juicy Target for Financial Crimes
• Linux Webmin Servers Under Attack by Roboto P2P Botnet
• ThreatList: Data Breaches Batter Stock Prices at Public Companies, For Months
• A misconfigured website development tool exposed hundreds of email servers to takeover, including President Donald Trump’s official campaign website
• Equifax used 'admin' as username and password for sensitive data: lawsuit
• 27 Countries Sign Cybersecurity Pledge
• Rash of Exploits Targets Critical vBulletin RCE Bug
• vBulletin Flaw Exploited in Dutch Sex-Work Forum Breach
• Important Security Notice About Comodo Forums Accounts (vBulletin)
• One Misconfig (JIRA) to Leak Them All- Including NASA and Hundreds of Fortune 500 Companies!
• CafePress data breach impacts 23 million users
• Livejournal.com data breach impacts 33 million users with plaintext passwords
• Fortune 500 company leaked 264GB in client, payment data
• LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach
• Quest Diagnostics says nearly 12 million patients may have had data breached
• 2.3 billion files exposed across online file storage technologies
• First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records
• Australian tech unicorn Canva suffers security breach
• Exposed JIRA server leaks NASA staff and project data!
• Troy Hunt: The 773 Million Record "Collection #1" Data Breach
• Quora data breach affects 100 million accounts
• City of London bombarded with one million cyber-attacks every month
• 68% of Overwhelmed IT Managers Say They Can't Keep Up with Cyberattacks
• Hackers Breach Dunkin’ Donuts Accounts in Credential Stuffing Attack
• Dell Warns of Attempted Breach on Network
• Imperva Firewall Breach Exposes Customer API Keys, SSL Certificates'
• Black Hat 2019: Microsoft Protocol Flaw Leaves Azure Users Open to Attack
• Millions Of Biometric Records Collected By Companies And Governments Left Exposed On The Web
• "The Most Destructive Breach In History": Hackers Use NSA Code To Grind Baltimore To A Halt
• Bulgaria's Revenue Agency Falls Victim To Biggest Cyber Heist In History
• Russia's Secret Intelligence Agency Hacked: 'Largest Data Breach In Its History'
• Hackers Steal Thousands Of Files From M&A Giant Evercore
• Hackers Claim Breach Of 120 Million Facebook Accounts; Put Private Messages Up For Sale
• BGP Route Leak Causes Cloudflare and Amazon AWS Problems
• Serious SSH bug lets crooks log in just by asking nicely
• The Unusual Case of Open Redirection to AWS Security Credentials Compromise
• PGP Ecosystem Targeted in ‘Poisoning’ Attacks
• Telnet Backdoor Opens More Than 1M IoT Radios to Hijack
• Thousands of IoT Devices Bricked By Silex Malware
• RCMP link Ontario man to LeakedSource.com, home of 3 billion hacked accounts
• Chegg to reset passwords for 40 million users after April 2018 hack
• 'Largest-Ever' Security Breach Hits Aussie Government As Media Dumps Top-Secret Files
• World’s Biggest Breaches
• Expedia's Orbitz says 880,000 payment cards hit in breach
• Fin7: The Billion-Dollar Hacking Group Behind a String of Big Breaches
• Over 770 million email addresses shared online in largest data breach in history
• Hackers Steal Thousands Of Files From M&A Giant Evercore
• Password Cracking Crew Cracks 11M Ashley Madison Passwords (Sept-2015)

Miscellaneous Security Risks

• Exploit Fully Breaks SHA-1, Lowers the Attack Bar
• I Got Access to My Secret Consumer Score. Now You Can Get Yours, Too.
• Decrypting config.bin files for TP-Link WR841N, WA855RE, and probably more…
• Alert Alarm SMS exploit
• Cybercriminals Fill Up on Gas Pump Transaction Scams Ahead of Oct. Deadline
• The Scammer Force is Strong with Star Wars: The Rise of Skywalker
• Critical Bug in WordPress Plugins Open Sites to Hacker Takeovers
• FIN8 Targets Card Data at Fuel Pumps
• DHS Rolls Back Facial-Recognition Expansion Plan
• Linux Bug Opens Most VPNs to Hijacking
• California DMV Rakes In $50 Million Per Year Selling Personal Information
• Cable Haunt' Bug Plagues Millions of Home Modems
• Critical WordPress Bug Leaves 320,000 Sites Open to Attack
• PGP: 'Serious' flaw found in secure email tech
• News Wrap: Amazon Ring Risks, Stalkerware, and D-Link Router Flaws
• Critical Flaws in VNC Threaten Industrial Environments
• DDoS Attacks Target Amazon, SoftLayer and Telecom Infrastructure
• Health Websites Share Sensitive Personal Data with Advertisers Without Required Consent: Report
• As auto technology advances, so does risk for hacking
• Holiday Shoppers Beware: 100K Malicious Sites Found Posing as Well-Known Retailers
• Design flaw could open Bluetooth devices to hacking
• Don't use public USB charging ports
• The Unhappiest Subscribers on Earth? Disney+ Accounts Hacked & Hijacked
• Pipka Card Skimmer Removes Itself After Infecting eCommerce Sites
• Tianfu Cup Round-Up: Safari, Chrome, D-Link Routers and Office 365 Successfully Hacked
• ICS Attackers Set To Inflict More Damage With Evolving Tactics
• Joker's Stash Drops Largest-Ever Credit Card Cache on Dark Web
• Cybercriminals Impersonate Russian APT ‘Fancy Bear’ to Launch DDoS Attacks
• Magecart Gang Targets Skin Care Site Visitors For 5+ Months
• Fujitsu Wireless Keyboard Plagued By Unpatched Flaws
• Bedside Hotel Robot Hacked to Stream In-Room Video
• Critical Firefox Bugs Allow Arbitrary Code-Execution
• A Tale of Exploitation in Spreadsheet File Conversions
• Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise
• Hobbyists can plant hidden spy chips on motherboards for $200
• Your Computer Printer Has Been Silently Tracking You For Ages
• Software, Supply-Chain Dangers Top List of 5G Cyber Risks
• HP Touchpoint Analytics Opens PCs to Code Execution Attack
• D-Link Home Routers Open to Remote Takeover Will Remain Unpatched
• APT Groups Exploiting Flaws in Unpatched VPNs, Officials Warn
• Foxit PDF Reader Vulnerable to 8 High-Severity Flaws
• SQL injection to RCE - InfoSec Write-ups
• Huge Survey of Firmware Finds No Security Gains in 15 Years
• AT&T Employees Took Bribes To Plant Malware On Company's Network
• AWS issues are causing erratic cryptocurrency market data in Asia
• New Method Simplifies Cracking WPA/WPA2 Passwords on 802.11 Networks
• 'Plane Hacker' Roberts: I put a network sniffer on my truck to see what it was sharing. Holy crap
• Asus, Lenovo and Other Routers Riddled with Remotely Exploitable Bugs
• D-Link Cloud Camera Flaw Gives Hackers Access to Video Stream
• Fern Wifi cracker – Password Cracking Tool to Enoy Free Internet
• Reading/Writing Disk Sectors (Absolute Disk Read/Write)
• Retrieving Digital Evidence - Methods, Techniques and Issues (PDF)
• Mass router hack exposes millions of devices to potent NSA exploit
• The CPU catastrophe will hit hardest in the cloud
• Visualizing Meltdown on AWS
• NSA ‘Systematically Moving’ All Its Data to The Cloud
• The Cloud exposes your private IP cameras – Security Research Labs
• ‘Unhackable’ Blockchains Increasingly Vulnerable to Theft - Report