Estimated Reading Time: < 1 minute
Curated daily news for February 1, 2021
New post on Chronicles of a CISO: What if Identity Didn’t Exist?
Today’s 12 newsworthy articles include: BEC scammers leveraging Out-Of-Office users in O365, Inside Russia’s APT ecosystem, Apache/Oracle under malware attack, 2020 – the renaissance of the DDoS, and a new supply-chain attack targets millions.
- BEC scammers take advantage of “Out-of-office” Microsoft 365 users
- 2020 Marked a Renaissance in DDoS Attacks
- BSidesSF 2020 – Ari Eitan’s ‘Mapping The Connections Inside Russia’s APT Ecosystem’
- Deep Analysis of More than 60,000 Breach Reports Over Three Years
- New Software Supply‑Chain Attack Targeted Millions With Spyware
- New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers
- FBI Encounters: Reporting an Insider Security Incident to the Feds
- Detecting and Exploiting XXEs: AppSec Simplified
- RDP abused for DDoS attacks
- Can Third-Party Security Programs Prevent the Next SolarWinds?
- Perl.com Domain Stolen, Now Using IP Address of Past Malware Campaigns
- GnuPG crypto library can be pwned during decryption – patch now!
|Tool Of The Day|
|OpenCVE – CVE Alerting Platform: OpenCVE, formerly known as Saucs, is a platform used to locally import the list of CVEs and perform searches on it (by vendors, products, CVSS, CWE…). Users subscribe to vendors or products, and OpenCVE alerts them when a new CVE is created or when an update is done in an existing CVE.
Copyright © 2002-2021 John Masserini. All rights reserved.