Trending

GPT-3

• GPT-Neo – Building a GPT-3-sized model, open source and free
• Using GPT-3 for plain language incident root cause from logs
• News & Analysis | No. 263
• OpenAI's New AI Model Draws Images From Text
• DALL·E: Creating Images from Text
• CLIP: Connecting Text and Images
• OpenAI GPT-3 Wrote This Article About Webpack
• Organizational Update from OpenAI
• Your Right to a Refund From Microsoft's OpenAI
• OpenAI Licenses GPT-3 Technology to Microsoft

Corona

• COVID-19 Vaccine Themes Persist in Fraud Schemes
• Smartwatches Can Help Detect COVID-19 Days Before Symptoms Appear
• Hackers 'manipulated' stolen COVID-19 vaccine data before leaking it online
• Transparenzbericht November 2020: Unsere Einnahmen und Ausgaben und eine neue Realität
• Community: TikTok-Expertin trotz widriger Umstände
• 35+ COVID-19 cybersecurity statistics: Have threats increased?
• Man found 'living in airport for three months' over Covid fears
• 7% of Americans Have Had Covid-19
• Florida's Whistleblower Covid-19 Data Manager Arrested Today
• Washing Your Hands Online: Applying COVID-19 Lessons to Cybersecurity

Zoom

• 35+ COVID-19 cybersecurity statistics: Have threats increased?
• 5 Simple Strategies To Build Trust in Remote Teams
• Samsung launches new flagship Galaxy S smartphone early, targets remote workers, gamers
• Zoom improvements requested by music schools
• How phishing attacks are evolving and why you should care
• 2021 Threat Predictions Report
• Breach of Trust: How Cyber-Espionage Thrives On Human Nature
• Cloudflare Radar's 2020 Year In Review
• Beyond Platforms: Private Censorship, Parler, and the Stack
• 2021 DC Cyber 9/12 Strategy Challenge

TikTok

• Community: TikTok-Expertin trotz widriger Umstände
• Online Far-Right Movements Fracture, as 'Gullible' QAnon Supporters Criticized
• This fake TikTok service promises free followers but gives you free malware instead
• Deplatforming-Debatte: Trump ist weg vom Fenster. Was nun?
• Andrew Yang Kicks Off NYC Mayoral Run With Basic Income Promise
• CISA tells agencies to consider ad blockers to fend off 'malvertising'
• Report: TikTok Harvested MAC Addresses By Exploiting Android Loophole
• TikTok tightens up privacy controls for young users
• TikTok’s couterstance on being questioned upon its way of handling data of users below 18
• TikTok: All Under-16s' Accounts Made Private

Application Security

Tools

• 4 Tools to Schedule Google My Business Posts
• BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation
• How to Choose a Tool
• Organizations Should Establish ‘Blame-Free Employee Reporting’ of Suspicious Activity, CISA Says
• Migrating from DC/OS to Kubernetes: The Challenges You May Face
• Token-Hunter - Collect OSINT For GitLab Groups And Members And Search The Group And Group Members' Snippets, Issues, And Issue Discussions For Sensitive Data That May Be Included In These Assets
• Creating Comfy FreeBSD Jails Using Standard Tools
• ImHex - A Hex Editor For Reverse Engineers, Programmers And People That Value Their Eye Sight When Working At 3 AM.
• Charting Uniswap Gems For The Next Bull Run: ChartEx Vs. TradingView Vs. Uniswap Vision
• Stop Introducing "Just Any" Software Into Your Business

Vulnerabilities

• Supply Chain Attacks
• 500K+ Records of C-level Individuals Allegedly Leaked on the Darkweb
• BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation
• FBI Warns of Employee Credential Phishing via Phone, Chat
• Expired Domain Allowed Researcher to Hijack Country's TLD
• Uncovering Potential Issues with the Contact Form 7 Vulnerability: More Data Needed
• Organizations Should Establish ‘Blame-Free Employee Reporting’ of Suspicious Activity, CISA Says
• ManiMed: Market Analysis
• Secjuice Squeeze 51
• Exploiting Mixed Binaries [pdf]

Exploits

• BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation
• Secjuice Squeeze 51
• IBM Spectrum LSF 10.1 / 10.2 Hardcoded Eauth Key / Eauth Key Exposure
• Microsoft Spooler Local Privilege Elevation
• OpenStego Free Steganography Solution 0.8.0
• Cisco UCS Manager 2.2(1d) Remote Command Execution
• Inteno IOPSYS 3.16.4 Root Filesystem Access
• Star Names Wordlist
• Ancient Greek Names Wordlist
• Constellation Names Wordlist

Advisories

• CB-K20/1225 Update 4
• CB-K21/0008 Update 5
• CB-K20/0130 Update 14
• CB-K21/0050
• CB-K19/0391 Update 11
• CB-K19/0080 Update 9
• CB-K20/1167 Update 9
• CB-K20/1097 Update 1
• CB-K20/1189 Update 5
• CB-K20/1096 Update 2

Zero Days

• Lots of zero-day vulnerabilities, and how’s your start of the year?
• ZDI-21-070: Apple macOS CoreGraphics Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
• ZDI-21-069: Apple macOS process_token_BlitLibSetup2D Out-Of-Bounds Write Privilege Escalation Vulnerability
• ZDI-21-072: NETGEAR R7450 SOAP API RecoverAdminPassword Improper Access Control Information Disclosure Vulnerability
• ZDI-21-071: NETGEAR R7450 Password Recovery External Control of Critical State Data Authentication Bypass Vulnerability
• City0day database
• ZDI-21-065: SolarWinds Network Performance Monitor ExecuteVBScript Command Injection Remote Code Execution Vulnerability
• ZDI-21-059: Siemens JT2Go TGA File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
• ZDI-21-060: Siemens JT2Go SGI and RGB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
• ZDI-21-062: Siemens JT2Go CG4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Privacy

Surveillance

• Clearview AI biometric data privacy suit sent back to state court
• With the Death of Cash, Privacy Faces a Deeply Uncertain Future
• Is a U.S. National Privacy Law on the Horizon?
• WhatsApp Clarifies New Privacy Policy Update, Says That Data Sharing With Facebook Will Be Limited To Communication With Businesses
• With the Death of Cash, Privacy Faces a Deeply Uncertain Future
• Venice combats overtourism by tracking visitors
• Tracking down a segfault that suddenly started happening
• Belgium: Digital fingerprints on ID cards – no violation of the right to privacy according to the Belgian Constitutional Court
• Selfie-Snapping Rioters Leave FBI a Trail of Over 140,000 Images, Internet sleuthing explodes, raising concerns
• What’s up with WhatsApp’s privacy policy?

Leaks

• Nitro - 0 breached accounts
• OpenWRT Forum User Data Stolen In Weekend Data Breach
• BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation
• OpenWRT reports data breach after hacker gained access to forum admin account
• OpenWRT Forum user data stolen in weekend data breach
• VPN Providers Compared
• NZ Reserve Bank Governor Says He 'Owns' Breach
• Hackers 'manipulated' stolen COVID-19 vaccine data before leaking it online
• ‘Child’s Play’ – Kids breach and bypass Linux Mint screensaver lock
• 500K+ records of C-level people from Capital Economics leaked online

OSINT

• Joker’s Stash Carding Market to Call it Quits
• Secjuice Squeeze 51
• Lots of zero-day vulnerabilities, and how’s your start of the year?
• Token-Hunter - Collect OSINT For GitLab Groups And Members And Search The Group And Group Members' Snippets, Issues, And Issue Discussions For Sensitive Data That May Be Included In These Assets
• Co: Pitkin County COVID-19 case investigations inadvertently exposed online
• 202-Parler: Privacy, Security, & OSINT
• SolarWinds Supply Chain Hack: Investigation Update
• Unemployment Fraud in the Criminal Underground
• Understanding Police Use of ‘Less Lethal’ Munitions
• How to become a Penetration Tester

GDPR

• 35+ COVID-19 cybersecurity statistics: Have threats increased?
• German laptop retailer fined €10.4m under GDPR for video-monitoring employees
• GDPR: German laptop retailer fined €10.4m for video-monitoring employees
• German laptop retailer fined $12.7M under GDPR for employee surveillance
• Polish DPA fines Virgin Mobile Polska €460,000: Incidental safeguards review is not regular testing of technical measures
• How a VPN can protect your online privacy
• It’s Business As Usual At WhatsApp
• Maze Ransomware is Dead. Or is it?
• Is your data your personal property?
• Cybersecurity Ethics: Establishing a Code for Your SOC

Scams

Phishing

• OpenWRT Forum User Data Stolen In Weekend Data Breach
• BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation
• OpenWRT forum hacked, intruders stole user data
• FBI Warns of Employee Credential Phishing via Phone, Chat
• Organizations Should Establish ‘Blame-Free Employee Reporting’ of Suspicious Activity, CISA Says
• 18th January – Threat Intelligence Report
• COVID-19 Vaccine Themes Persist in Fraud Schemes
• Researchers Estimate Ryuk Ransomware Operations to Be Worth $150 Million
• How Chrome Extensions Became an Attack Vector for Hackers (Part 1) 🔓
• A week in security (January 11 – January 17)

SPAM

• Rewterz Threat Alert – New Variant of Ursnif Using Invoice Malspam
• Rewterz Threat Alert – JavaScript RAT Targeting Asian Government and Financial Sector
• 35+ COVID-19 cybersecurity statistics: Have threats increased?
• How Hackers Use SEO Spamming To Hijack Your Ranking Positions
• Rewterz Threat Alert – Fresh IOCs – Emotet
• Rewterz Threat Alert – LokiBot – Fresh IOCs
• Unemployment Fraud in the Criminal Underground
• Rewterz Threat Alert – Dridex Banking Malware
• How phishing attacks are evolving and why you should care
• FTC Settlement With Ever Orders Data and AIs Deleted After Facial Recognition Pivot

Frauds

• FBI Warns of Employee Credential Phishing via Phone, Chat
• Election Fraud Misinformation Dropped Significantly After Twitter Banned Trump
• COVID-19 Vaccine Themes Persist in Fraud Schemes
• Italian police accuse cryptocurrency exchange boss of huge fraud - Reuters India
• Researchers Estimate Ryuk Ransomware Operations to Be Worth $150 Million
• Underground Carding Marketplace Joker's Stash Announces Shutdown
• How Online Merchants Can Reduce Credit Card Fraud
• 35+ COVID-19 cybersecurity statistics: Have threats increased?
• Online Misinformation Dropped Dramatically After Twitter Banned Trump
• Italian police accuse cryptocurrency exchange boss of huge fraud - Reuters India

Malware

Badware

• Swanky Wentworth golf club hacked, details of 4000 members stolen in ransomware attack
• IObit forums hacked in widespread DeroHE ransomware attack
• Secjuice Squeeze 51
• CHwapi hospital hit by ransomware; operations canceled, and another city hit
• Backdoor.Win32.Mnets Remote Stack Buffer Overflow
• Backdoor.Win32.Whgrx Remote Stack Buffer Overflow
• 18th January – Threat Intelligence Report
• Backdoor.Win32.Latinus.b Remote Buffer Overflow
• Backdoor.Win32.Nucleroot.t MaskPE 1.6 Local Buffer Overflow
• Backdoor.Win32.Nucleroot.bi MaskPE 2.0 Local Buffer Overflow

Antivirus (snakeoil)

• Supply Chain Attacks
• What happens if my phone is stolen?
• Government Data Sharing | Avast
• Private AI Research Institute | Avast
• WhatsApp Data Privacy | Avast
• AUTOBUY | AUTHENTIC SOFTWARE KEYS | NORTON, WINDOWS 10 PRO, OFFICE 365 AND MORE!
• SysWhispers2 - AV/EDR Evasion Via Direct System Calls
• Telegram security and privacy tips
• AI set to replace humans in cybersecurity by 2030, says Trend Micro
• Honoring Martin Luther King Jr.’s Legacy with McAfee’s African Heritage Community

Ransomware

• Swanky Wentworth golf club hacked, details of 4000 members stolen in ransomware attack
• IObit forums hacked in widespread DeroHE ransomware attack
• Secjuice Squeeze 51
• CHwapi hospital hit by ransomware; operations canceled, and another city hit
• 18th January – Threat Intelligence Report
• Lots of zero-day vulnerabilities, and how’s your start of the year?
• Scottish Environment Protection Agency refuses to pay ransomware crooks over 1.2GB of stolen data
• Stolen Employee Credentials Put Leading Gaming Companies at Risk of Severe Cyber Attacks
• Researchers Estimate Ryuk Ransomware Operations to Be Worth $150 Million
• Hackers leverage sophisticated and novel techniques to break into networks

Trojans, RATs

• Backdoor.Win32.Mnets Remote Stack Buffer Overflow
• Backdoor.Win32.Whgrx Remote Stack Buffer Overflow
• Backdoor.Win32.Latinus.b Remote Buffer Overflow
• Backdoor.Win32.Nucleroot.t MaskPE 1.6 Local Buffer Overflow
• Backdoor.Win32.Nucleroot.bi MaskPE 2.0 Local Buffer Overflow
• Rewterz Threat Alert – JavaScript RAT Targeting Asian Government and Financial Sector
• Multiple backdoors and vulnerabilities discovered in FiberHome routers
• Backdoor.Win32.Whgrx / Remote Host Header Stack Buffer Overflow
• Backdoor.Win32.Mnets / Remote Stack Buffer Overflow UDP Proto
• Backdoor.Win32.Mnets / Remote Stack Buffer Overflow (UDP Proto)

Operating systems

Windows

• IObit forums hacked in widespread DeroHE ransomware attack
• Bug in Windows 10: Pfadangabe kann Bluescreen verursachen
• Secjuice Squeeze 51
• 18th January – Threat Intelligence Report
• What are Microsoft Windows Display Drivers? - A Brief Overview
• Lots of zero-day vulnerabilities, and how’s your start of the year?
• CVE-2020-7343
• full db guy4game.com WOW Gold
• A week in security (January 11 – January 17)
• How to manually configure a VPN on Windows 10

Linux

• Debian LTS: DLA-2528-1: gst-plugins-bad1.0 security update>
• Debian: DSA-4833-1: gst-plugins-bad1.0 security update>
• CB-K20/1225 Update 4
• OpenWRT forum hacked, intruders stole user data
• Mastering Kali Linux for Advanced Penetration Testing and more Likely
• RedHat: RHSA-2021-0037:01 Moderate: OpenShift Container Platform 4.6.12 bug>
• RedHat: RHSA-2021-0039:01 Moderate: OpenShift Container Platform 4.6.12>
• RedHat: RHSA-2021-0167:01 Important: postgresql:9.6 security update>
• RedHat: RHSA-2021-0166:01 Important: postgresql:10 security update>
• RedHat: RHSA-2021-0165:01 Important: libpq security update>

Android

• Parler CEO Brings Back Website, Promises Service Will Follow 'Soon'
• CB-K21/0008 Update 5
• Secjuice Squeeze 51
• 18th January – Threat Intelligence Report
• Top 9 TV App Builders To Create OTT TV Apps For Android, IOS, Smart TV's
• Lots of zero-day vulnerabilities, and how’s your start of the year?
• DuckDuckGo Surpasses 100 Million Daily Search Queries For the First Time
• You're using your Android and Mac's fingerprint reader all wrong
• What happens if my phone is stolen?
• President Biden’s Peloton exercise equipment under scrutiny

Apple

• Sosumi Snap – Download and Install macOS in Ubuntu
• Apple’s MLK Quote
• Apple's iPhone 13 Could Ditch the Lightning Port, Feature Next-Gen Vapor Chamber Cooling and In-Screen Fingerprint Sensor
• Smartwatches Can Help Detect COVID-19 Days Before Symptoms Appear
• Popular Podcasts App Pocket Casts Is Up For Sale: Where Did It Go Wrong?
• Apple Pulls the Plug on User-Found Method To Sideload iOS Apps on Mac
• Top 9 TV App Builders To Create OTT TV Apps For Android, IOS, Smart TV's
• Safari 14 Added WebExtensions Support. So Where Are the Extensions?
• ZDI-21-070: Apple macOS CoreGraphics Image Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
• ZDI-21-069: Apple macOS process_token_BlitLibSetup2D Out-Of-Bounds Write Privilege Escalation Vulnerability

BSD

• Creating Comfy FreeBSD Jails Using Standard Tools
• Jamie Zawinski Calls Cinnamon Screensaver Lock-Bypass Bug 'Unconscionable'
• FreeBSD 2020 Q4 Status Report
• BSD Release: GhostBSD 21.01.15
• Exploring Swap on FreeBSD
• Preliminary OpenBSD Support Added to OBS Studio
• Virtualize Your Network on FreeBSD with VNET
• Running BSDs on AMD Ryzen 5000 Series – FreeBSD/Linux Benchmarks
• FreeBSD src repository has transitioned from Subversion to Git
• Cybersecurity errors at Nakatomi

Emacs

• 2021-01-18 Emacs news
• The values of Emacs, the Neovim revolution, and the VSCode gorilla
• Jamie Zawinski Calls Cinnamon Screensaver Lock-Bypass Bug 'Unconscionable'
• Xah Emacs Fun Index
• Emacs: Novel Reading Mode
• Yesterday’s Date
• Xah Emacs Packages
• Emacs: Move Image File
• xah fly keys, setup major mode keys
• Emacs go-mode gofmt diff problem