F1TYM1

An Engineer, His Segway, and the ADA: A Tale of the Open Road

Data Accountability and Transparency Act of 2020 looks beyond consent

In the United States, data privacy is hard work—particularly for the American people. But one US Senator believes it shouldn’t have to be.

Security BSides Athens 2020 – Talk 03 – Yiannis Ioannides’ ‘Orchestrating Resilient Red Team Infrastructure – Protect Yourselves..’

Many thanks to Security BSides Athens for publishing their tremendous Security BSides Athens 2020 Conference Videos. Enjoy!

Podcast-Ep-2.1- ML, Automation & ShiftLeft at CapitalOne — A conversation with Vincent Weafer

Vincent Weafer, SVP Security Engineering at Capital One in a conversation with Alok Shukla, VP Product Management at ShiftLeft and host of this podcast.

Ubuntu Security Notice USN-4449-1

==========================================================================
Ubuntu Security Notice USN-4449-1
August 04, 2020

Ubuntu Security Notice USN-4450-1

==========================================================================
Ubuntu Security Notice USN-4450-1
August 04, 2020

Experiences from Cybersecurity Leaders in Extraordinary Times: Adjustments and Outcomes

The sudden move to telework this year imbued the word “challenge” with new meaning for security executives. Within a matter of days and weeks, many of these leaders had to figure out how they could rework their employers’ security policies in such a way that supported a massive shift to working from home. This period required significant ingenuity and unprecedented forward thinking, not to mention a deep understanding of their employers’ overall security needs.

Researchers uncover vulnerabilities in devices used at industrial facilities

Written by Sean Lyngaas
Aug 5, 2020 | CYBERSCOOP

How to Integrate Automation Responsibly

August 5, 2020 • The Recorded Future Team

Many organizations have fragmented information that is dispersed across legacy and modern databases. Streamlining such data can become laborious, requiring coordination across multiple system owners, while ensuring data quality remains high and error free. In addition, with corporate infrastructure rarely operating on a flat network, the problem is further compounded by complexity. Maintaining a balance between such challenges can be a delicate process.

A Flaw Used by Stuxnet Wasn’t Fully Fixed

Governance & Risk Management , IT Risk Management , Patch Management

Summit Medical Associates Discloses Ransomware Attack; Patient and Affiliate Information Potentially Impacted

Neo-Nazi Terror Group Atomwaffen Division Re-Emerges Under New Name

A screenshot from an early Atomwaffen Division propaganda video.

A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. ZDNet reports: According to a review, the list includes: IP addresses of Pulse Secure VPN servers, Pulse Secure VPN server firmware version, SSH keys for each server, a list of all local users and their password hashes, admin account details, last VPN logins (including usernames and cleartext passwords), and VPN session cookies. Bank Security, a threat intelligence analyst specialized in financial crime […] noted that all the Pulse Secure VPN servers included in the list were running a firmware version vulnerable to the CVE-2019-11510 vulnerability. Bank Security believes that the hacker who compiled this list scanned the entire internet IPv4 address space for Pulse Secure VPN servers, used an exploit for the CVE-2019-11510 vulnerability to gain access to systems, dump server details (including usernames and passwords), and then collected all the information in one central repository.

Making matters worse, the list has been shared on a hacker forum that is frequented by multiple ransomware gangs. For example, the REvil (Sodinokibi), NetWalker, Lockbit, Avaddonm, Makop, and Exorcist ransomware gangs have threads on the same forum, and use it to recruit members (developers) and affiliates (customers). Many of these gangs perform intrusions into corporate networks by leveraging network edge devices like Pulse Secure VPN servers, and then deploy their ransomware payload and demand huge ransom demands. As Bank Security told ZDNet, companies have to patch their Pulse Secure VPNs and change passwords with the utmost urgency.

An Engineer, His Segway, and the ADA: A Tale of the Open Road

Data Accountability and Transparency Act of 2020 looks beyond consent

Security BSides Athens 2020 – Talk 03 – Yiannis Ioannides’ ‘Orchestrating Resilient Red Team Infrastructure – Protect Yourselves..’

Podcast-Ep-2.1- ML, Automation & ShiftLeft at CapitalOne — A conversation with Vincent Weafer

Podcast-Ep-2.1- ML, Automation & ShiftLeft at CapitalOne — A conversation with Vincent Weafer

Ubuntu Security Notice USN-4449-1

Ubuntu Security Notice USN-4450-1

Experiences from Cybersecurity Leaders in Extraordinary Times: Adjustments and Outcomes

Researchers uncover vulnerabilities in devices used at industrial facilities

How to Integrate Automation Responsibly

A Flaw Used by Stuxnet Wasn’t Fully Fixed

Summit Medical Associates Discloses Ransomware Attack; Patient and Affiliate Information Potentially Impacted

Neo-Nazi Terror Group Atomwaffen Division Re-Emerges Under New Name

Instagram Reels launches globally in over 50 countries, including US

BluBracket Adds Stolen and Leaked Code Detection, Remediation to its CodeSecurity Suite

What Alternate Reality Games Teach Us About the Dangerous Appeal of QAnon

Ex-NSA Hacker Finds a Way to Hack Mac Users Via Microsoft Office

Penetration Testing on PostgreSQL (5432)

US and Australian government warn of critical vulnerabilities in Cisco, Microsoft and IBM remote access and perimeter devices

Transatlantic Cable podcast, episode 154

Hacker Leaks Passwords For 900+ Enterprise VPN Servers