32 Security Blogs

Last Updated: 29 Apr 24 16:37 UTC

Blog List | Github

2024-04-29

Malwarebytes
Kaiser health insurance leaked patient data to advertisers

Malwarebytes
A week in security (April 22 – April 28)

Veracode
Your Must-Know AI and Cloud-Native AppSec Insights at RSAC 2024

Cloudflare
Q1 2024 Internet disruption summary

Schneier on Security
Whale Song Code

Auth0
The Backend for Frontend Pattern

SentinelOne
PinnacleOne ExecBrief | Commercial Industry in Contested “Space”

Dark Reading
'Muddling Meerkat' Poses Nation-State DNS Mystery

Dark Reading
Addressing Risk Caused by Innovation

Dark Reading
How to Red Team GenAI: Challenges, Best Practices, and Learnings


2024-04-28

Wired Security
9 Best Password Managers (2024): Features, Pricing, and Tips

Troy Hunt
Weekly Update 397


2024-04-27

Wired Security
School Employee Allegedly Framed a Principal With Racist Deepfake Rant

Wired Security
Russia Vetoed a UN Resolution to Ban Space Nukes

Okta Security
How to Block Residential Proxies using Okta


2024-04-26

Rapid7
Metasploit Weekly Wrap-Up 04/26/24

Bad Security
What is "Closed" AI and Why Would It Be "Safer" For Business Use?

Fastly
5 tips for creating speedier, more sustainable websites with Fastly

Schneier on Security
Friday Squid Blogging: Searching for the Colossal Squid

Schneier on Security
Long Article on GM Spying on Its Cars’ Drivers

Trail of Bits
Announcing two new LMS libraries

Auth0
Be a Devops Hero! Automate Your Identity Infrastructure with Auth0 CLI and Ansible

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 17

Dark Reading
New Research Suggests Africa Is Being Used As a 'Testing Ground' for Nation State Cyber Warfare

Dark Reading
MITRE's Cyber Resiliency Engineering Framework Aligns With DoD Cyber Maturity Model Cert

Dark Reading
Philippines Pummeled by Assortment of Cyberattacks & Misinformation Tied to China

Dark Reading
Jason Haddix Joins Flare As Field CISO

Dark Reading
Thousands of Qlik Sense Servers Open to Cactus Ransomware

Dark Reading
Intel Harnesses Hackathons to Tackle Hardware Vulnerabilities

Dark Reading
Held Back: What Exclusion Looks Like in Cybersecurity

Dark Reading
Palo Alto Updates Remediation for Max-Critical Firewall Bug

Dark Reading
CISO Corner: Evil SBOMs; Zero-Trust Pioneer Slams Cloud Security; MITRE's Ivanti Issue

Dark Reading
Cyberattack Gold: SBOMs Offer an Easy Census of Vulnerable Software

Dark Reading
Minimum Viable Compliance: What You Should Care About and Why

Dark Reading
Military Tank Manual, 2017 Zero-Day Anchor Latest Ukraine Cyberattack

Dark Reading
PCI Launches Payment Card Cybersecurity Effort in the Middle East

HackerOne
Lessons Learned from Over a Decade of On-Call

HackerOne
Kubernetes — A Journey Has Just Begun

HackerOne
On Writing Well as a Software Engineer

Ars Technica Security
Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets

Ars Technica Security
Message-scraping, user-tracking service Spy Pet shut down by Discord


2024-04-25

Malwarebytes
Ring agrees to pay $5.6 million after cameras were used to spy on customers

Schneier on Security
The Rise of Large-Language-Model Optimization

Auth0
Fine-Grained Authorization in your Next.js application using Okta FGA

Dark Reading
Chinese Keyboard Apps Open 1B People to Eavesdropping

Dark Reading
FTC Issues $5.6M in Refunds to Customers After Ring Privacy Settlement

Dark Reading
5 Attack Trends Organizations of All Sizes Should Be Monitoring

Dark Reading
The Biggest 2024 Elections Threat: Kitchen-Sink Attack Chains

Dark Reading
Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries

Dark Reading
Chip Giants Finalize Specs Baking Security Into Silicon

Dark Reading
Digital Blitzkrieg: Unveiling Cyber-Logistics Warfare

Dark Reading
Cisco Zero-Days Anchor 'ArcaneDoor' Cyber-Espionage Campaign

Dark Reading
J&J Spin-Off CISO on Maximizing Cybersecurity

Dark Reading
SolarWinds 2024: Where Do Cyber Disclosures Go From Here?

HackerOne
Accelerate Find-to-Fix Cycles With Hai

Ars Technica Security
Millions of IPs remain infected by USB worm years after its creators left it for dead

Mend
Quick Guide to the OWASP OSS Risk Top 10


2024-04-24

Malwarebytes
TikTok comes one step closer to a US ban

Wired Security
'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks

Wired Security
5 Best VPN Services (2024): For Routers, PC, iPhone, Android, and More

Wired Security
ShotSpotter Keeps Listening for Gunfire After Contracts Expire

Schneier on Security
Dan Solove on Privacy Regulation

Bugcrowd
Beyond the Hype: Considerations for Rational, Effective, and Ethical AI Regulation

Auth0
What is a Mobile Driver's License (mDL) and How to Start Using Them

Amazon Security
Authorize API Gateway APIs using Amazon Verified Permissions and Amazon Cognito

SentinelOne
Ransomware Evolution | How Cheated Affiliates Are Recycling Victim Data for Profit

Dark Reading
KnowBe4 to Acquire Egress

Dark Reading
Black Girls Do Engineer Signs Education Partnership Agreement With NSA

Dark Reading
Attacker Social-Engineered Backdoor Code Into XZ Utils

Dark Reading
Lights On in Leicester: Streetlights in Disarray After Cyberattack

Dark Reading
North Korea APT Triumvirate Spied on South Korean Defense Industry For Years

Dark Reading
Iran Dupes US Military Contractors, Gov't Agencies in Years-Long Cyber Campaign

Dark Reading
2023: A 'Good' Year for OT Cyberattacks

Dark Reading
Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs

Dark Reading
Fortify AI Training Datasets From Malicious Poisoning

CrowdStrike
Falcon Fund in Focus: Nagomi Helps Customers Maximize Their Cybersecurity Investments

HackerOne
Hack My Career: Meet Frances H

HackerOne
SOC 2 and Pentesting: What You Need to Know

Snyk
360 degrees of application security with Snyk

Ars Technica Security
Nation-state hackers exploit Cisco firewall 0-days to backdoor government networks

Ars Technica Security
Hackers are using developing countries for ransomware practice


2024-04-23

Malwarebytes
Google ad for Facebook redirects to scam

Malwarebytes
“Substantial proportion” of Americans may have had health and personal data stolen in Change Healthcare breach

Wired Security
Change Healthcare Finally Admits It Paid Ransomware Hackers—and Still Faces a Patient Data Leak

Rapid7
USF College of Engineering Presents Rapid7 With 2024 Corporate Impact Award

Rapid7
Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise

Okta Security
Why Cyber-heroes need a Zero Trust CAEP!

Okta Security
Okta Verify Vulnerability Disclosure Report - Response and Remediation

Fastly
Introducing Log Manager & Insights - Now in Beta

Veracode
Enhancing Developer Efficiency With AI-Powered Remediation

Cloudflare
Lessons from building an automated SDK pipeline

Schneier on Security
Microsoft and Security Incentives

Bugcrowd
AI vulnerability deep dive: Prompt injection

Auth0
Proof Key for Code Exchange (PKCE) in Web Applications with Spring Security

Amazon Security
Using Amazon Verified Permissions to manage authorization for AWS IoT smart home applications

Dark Reading
CompTIA Supports Department of Defense Efforts to Strengthen Cyber Knowledge and Skills

Dark Reading
5 Hard Truths About the State of Cloud Security 2024

Dark Reading
Siemens Working on Fix for Device Affected by Palo Alto Firewall Bug

Dark Reading
Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments

Dark Reading
Back from the Brink: UnitedHealth Offers Sobering Post-Attack Update

Dark Reading
Lessons for CISOs From OWASP's LLM Top 10

Dark Reading
US Gov Slaps Visa Restrictions on Spyware Honchos

Dark Reading
Russia's Fancy Bear Pummels Windows Print Spooler Bug

Dark Reading
Teetering on the Edge: VPNs, Firewalls' Nonexistent Telemetry Lures APTs

Dark Reading
Licensed to Bill? Nations Mandate Certification & Licensure of Cybersecurity Pros

Troy Hunt
Weekly Update 396

Google Safety & Security
An update on our child safety efforts and commitments

HackerOne
Human-Powered Security: The Value of Ethical Hackers & Bug Bounty

Snyk
Snyk Code’s autofixing feature, DeepCode AI Fix, just got better

Snyk
DevOpsDays Singapore 2024: Unmasking the security pitfalls in AI-generated code

Ars Technica Security
Hackers infect users of antivirus service that delivered updates over HTTP


2024-04-22

Wired Security
The Next US President Will Have Troubling New Surveillance Powers

Dark Reading
ToddyCat APT Is Stealing Data on 'Industrial Scale'

Dark Reading
Nespresso Domain Serves Up Steamy Cup of Phish, No Cream or Sugar

Dark Reading
MITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti Bugs

Dark Reading
Zero Trust Takes Over: 63% of Orgs Implementing Globally

CrowdStrike
5 Best Practices to Secure AWS Resources

HackerOne
Capital One Teams Up With Top-Tier Ethical Hackers at H1-305

Ars Technica Security
Windows vulnerability reported by the NSA exploited to install Russian malware

Krebs on Security
Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme