AWS Cyber
CISA Advisories
- Authorize API Gateway APIs using Amazon Verified Permissions and Amazon Cognito
- Using Amazon Verified Permissions to manage authorization for AWS IoT smart home applications
- 2023 ISO 27001 certificate available in Spanish and French, and 2023 ISO 22301 certificate available in Spanish
- Integrate Kubernetes policy-as-code solutions into Security Hub
- How the unique culture of security at AWS makes a difference
- Winter 2023 SOC 1 report now available in Japanese, Korean, and Spanish
- Accelerate security automation using Amazon CodeWhisperer
- The curious case of faster AWS KMS symmetric key rotation
- Detecting and remediating inactive user accounts with Amazon Cognito
- TLS inspection configuration for encrypted egress traffic and AWS Network Firewall
- CISA Releases Eight Industrial Control Systems Advisories
- Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC
- Hitachi Energy MACH SCM
- Multiple Vulnerabilities in Hitachi Energy RTU500 Series
- Siemens RUGGEDCOM APE1808 Devices Configured with Palo Alto Networks Virtual NGFW
- CISA Adds Three Known Exploited Vulnerabilities to Catalog
- Cisco Releases Security Updates Addressing ArcaneDoor, Vulnerabilities in Cisco Firewall Platforms
- CISA Releases Two Industrial Control Systems Advisories
- CISA Adds One Known Exploited Vulnerability to Catalog
- Cisco Releases Security Advisories for Cisco Integrated Management Controller
Cloud Security Alliance
Krebs
- DevSecOps Tools
- AI Hallucinations: The Emerging Market for Insuring Against Generative AI's Costly Blunders
- Why Business Risk Should be Your Guiding North Star for Remediation
- Upselling Cybersecurity: Why Baseline Security Features Shouldn’t Be a Commodity
- Breach Debrief: The Fake Slackbot
- Understanding the Nuances: Privacy and Confidentiality
- What’s in a Name? Defining Zero Trust for Leaders
- Are You Ready for Microsoft Copilot?
- Implementing a Data-Centric Approach to Security
- Cloud Security Alliance (CSA) AI Summit at RSAC to Deliver Critical Tools to Help Meet Rapidly Evolving Demands of AI
- Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme
- Who Stole 3.6M Tax Records from South Carolina?
- Crickets from Chirp Systems in Smart Lock Key Leak
- Why CISA is Warning CISOs About a Breach at Sisense
- Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers
- April’s Patch Tuesday Brings Record Number of Fixes
- Fake Lawsuit Threat Exposes Privnote Phishing Sites
- ‘The Manipulaters’ Improve Phishing, Still Fail at Opsec
- Thread Hijacking: Phishes That Prey on Your Curiosity
- Recent ‘MFA Bombing’ Attacks Targeting Apple Users
Reddit Cyber
Risky Cyber
- Automating API Vulnerabilities Using Postman Workflows
- GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining - Avast Threat Labs
- Exploiting the NT Kernel in 24H2: New Bugs in Old Code & Side Channels Against KASLR
- Seeking research study participants! SOC analysts and managers that experienced SolarWinds, Log4Shell or both.
- Dependency Confusion Vulnerability Found in an Archived Apache Project
- Postman users are exposing Thousands of live Passwords/API keys
- CVE-2024-29417: a security software vulnerability allows for privilege escalation or auth bypass, even when Windows is locked.
- Coverage Guided Fuzzing - Extending Instrumentation to Hunt Down Bugs Faster! - Include Security Research Blog
- Moriarty v1.2 has been released!
- Exploring Vulnerabilities in Embedded Devices: A Case Study of an IP Phone
- Risky Biz News: Cisco zero-day fun time is here!
- Srsly Risky Biz: Sandworm an inspiration for hostile actors
- Risky Biz News: First US spyware visa ban hammer falls on 13 individuals
- Sponsored: Pushing back the frontiers of vulnerability research
- Risky Biz News: File transfer system hacking spree continues with a CrushFTP zero-day
- Risky Biz News: Authorities take down LabHost PhaaS
- Srsly Risky Biz: Why the compromise of open source projects is inevitable
- Risky Biz News: PuTTY crypto bug exposes private keys
- Between Two Nerds: 0days in 2023
- Risky Biz News: Palo Alto Networks scrambles to push zero-day RCE patch
Cyber Express
- Researches Discovers New Android Banking Trojan ‘Brokewell’ Disguised as Chrome Update
- Hackers Exploit WP-Automatic Plugin Vulnerability, Threatening WordPress Site Security
- Future-Proofing the Workforce: How Skilling is Cultivating Next-gen Tech Talent
- 2024 Is The Year of Elections… And Disinformation
- TCE Cyberwatch: From Ransomware to Deepfakes, This Week’s Top Cybersecurity Threats
- Russian State Hackers Biggest Cyber Threat to US, UK and EU Elections
- CISA Warns of High-Risk Flaws in Honeywell Products
- Thoma Bravo Acquires UK Cybersecurity Leader Darktrace in $5.3 Billion Deal
- Avoid Using Unregistered Cryptocurrency Transfer Services, FBI Warned
- Multi-Year Cyberattack: Chinese Hackers Suspected in Breaching Volkswagen