Trending

GPT-3

• Elon Musk, Others, Criticize Microsoft's Exclusive License for OpenAI's GPT-3
• AI Democratization in the Era of GPT-3
• Microsoft Gets Exclusive License For OpenAI's GPT-3 Language Model
• OpenAI Licenses GPT-3 Technology to Microsoft
• What you Should Know About Chatbots and Cybersecurity
• Will Human Writing and AI Writing Become Indistinguishable?
• 'A Robot Wrote This Article. Are You Scared Yet, Human?'
• AI Writes an Essay On Why Humans Should Not Fear AI
• Unsupervised Learning: No. 245
• Gary Marcus's Kafkaesque critique of GPT-3

Corona

• BSMMU University Covid-19 Tests
• CVE-2020-24721
• In a COVID-19 World, Zero Trust is More Relevant Than Ever
• bits: Huawei oder Nein
• How Security Programs Are Changing After COVID-19: Maximizing Resiliency
• The Exploit Window is Open:
• Pisa-Sonderauswertung: Deutsche Schulen schwächeln bei digitaler Ausstattung
• Singapore touts blockchain use in COVID-19 data management
• Cybercrime: BKA sieht elementare Teile der Gesellschaft gefährdet
• How Tabletop Exercises and Cyber Threats Have Changed Since COVID-19

Zoom

• Employers Are Trying 'Quiet Days' To Dial Back the Time Remote Workers Spend on Meetings
• Introducing Cloudflare Radar
• Judge Excoriates Epic’s Dishonesty in Hearing Regarding Lawsuit Against Apple
• Another RCE vulnerability in KensingtonWorks
• Free, Privacy-First Analytics for a Better Web
• „The Real Facebook Oversight Board“: Facebook-Kritiker:innen gründen ihr eigenes Aufsichtsgremium
• Birthday Week on Cloudflare TV: Announcing 24 Hours of Live Discussions on the Future of the Internet
• Hacking Microsoft Teams vulnerabilities: A step-by-step guide
• In Internet Dead Zones, Rural Schools Struggle With Distanced Learning
• When there is no Google Earth or Street View, what can you do?

TikTok

• How Nonprofits Can Use TikTok for Digital Diplomacy
• China Preparing an Antitrust Investigation Into Google
• bits: Huawei oder Nein
• Cloudflare's Privacy Crusade Continues With a Challenge To Google Analytics
• US-China Fight Spreads To the Chip Factory
• Federal Judge Temporarily Blocks Trump's TikTok Ban
• What to do if you fall for a phishing attack?
• What to do if you fall for a phishing attack?
• TikTok Global – Trump Demanded Full TikTok Ownership
• TikTok Gets Reprieve as Judge Halts Trump Download Ban

Application Security

Tools

• H2Csmuggler - HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)
• ML Essentials: Top 10 Lists Every Data Scientist Should Know
• VB2020 – Advanced Pasta Threat: Mapping Malware Use of Open Source Offensive Security Tools
• Fuzzing introduction: Definition, types and tools for cybersecurity pros
• Make Your Crypto-Business Administration Simpler With Better Invoicing Tools
• Universal Data Tool: New Skeletal/Pose/Landmark Annotation, Dutch, and Convert Options
• Universal Data Tool Introduction: Weekly Update 2
• mapCIDR - Small Utility Program To Perform Multiple Operations For A Given subnet/CIDR Ranges
• Next generation firewall (NGFW) explained: What is a NGFW?
• It's 2020 so not only is your mouse config tool a Node.JS Electron app, it's also pwnable by an evil webpage

Vulnerabilities

• Securing Space 4.0 – One Small Step or a Giant Leap? Part 1
• Securing Space 4.0 – One Small Step or a Giant Leap? Part 2
• Code scanning for security vulnerabilities now available
• Serious Injuries At Amazon Fulfillment Centers Topped 14,000, Despite the Company's Safety Claims
• Ubuntu 4561-1: Rack vulnerabilities>
• TA2552 Uses OAuth Access Token Phishing to Exploit Read-Only Risks
• Red Hat Security Advisory 2020-3841-01
• Exploitability Analysis: Smash the Ref Bug Class
• SAS@Home is back this fall
• Vulnerability Spotlight: Remote code execution bugs in NVIDIA D3D10 driver

Exploits

• [webapps] Typesetter CMS 5.1 - 'Site Title' Persistent Cross-Site Scripting
• [webapps] SpinetiX Fusion Digital Signage 3.4.8 - Database Backup Disclosure
• [remote] Sony IPELA Network Camera 1.82.01 - 'ftpclient.cgi' Remote Stack Buffer Overflow
• [webapps] CMS Made Simple 2.2.14 - Persistent Cross-Site Scripting (Authenticated)
• [webapps] WebsiteBaker 2.12.2 - 'display_name' SQL Injection (authenticated)
• [webapps] BrightSign Digital Signage Diagnostic Web Server 8.2.26 - File Delete Path Traversal
• [webapps] SpinetiX Fusion Digital Signage 3.4.8 - Username Enumeration
• [webapps] GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting (Authenticated)
• [webapps] SpinetiX Fusion Digital Signage 3.4.8 - Cross-Site Request Forgery (Add Admin)
• [webapps] BrightSign Digital Signage Diagnostic Web Server 8.2.26 - Server-Side Request Forgery (Unauthenticated)

Advisories

• USN-4562-1: kramdown vulnerability
• CB-K20/0386 Update 2
• CB-K20/0383 Update 3
• CB-K20/0745 Update 2
• CB-K20/0766 Update 2
• CB-K20/0940
• CB-K20/0904 Update 3
• CB-K20/0745 Update 1
• CB-K20/0383 Update 4
• CB-K20/0386 Update 3

Zero Days

• Ttint: 一款通过2个0-day漏洞传播的IoT远控木马
• ZDI-20-1233: Foxit Reader JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
• ZDI-20-1232: Foxit PhantomPDF Update Service Incorrect Permission Assignment Privilege Escalation Vulnerability
• ZDI-20-1235: Foxit PhantomPDF U3DBrowser U3D File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
• ZDI-20-1228: Foxit PhantomPDF GIF File Parsing Use-After-Free Remote Code Execution Vulnerability
• ZDI-20-1231: Foxit Reader Update Service Incorrect Permission Assignment Privilege Escalation Vulnerability
• ZDI-20-1230: Foxit PhantomPDF U3DBrowser U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
• ZDI-20-1229: Foxit PhantomPDF U3DBrowser U3D Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
• ZDI-20-1234: Foxit Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability
• ZDI-20-1227: Trend Micro Maximum Security Race Condition Arbitrary File Deletion Vulnerability

Privacy

Surveillance

• Securing Space 4.0 – One Small Step or a Giant Leap? Part 2
• Data61 and Monash claim quantum-safe and privacy-preserving blockchain protocol
• Dark Cloud: Inside The Pentagon's Leaked Internet Surveillance Archive | UpGuard
• Data61 and Monash claim quantum-safe and privacy-preserving blockchain protocol
• Privacy Roundup #15
• Buying a Domain: What About Privacy Protection?
• ESET catches spyware posing as Telegram, Android messaging apps
• Gartner Projects Major Jump in Data Privacy Regulations; From 10% of the World Covered in 2020 to 65% in 2023
• The High Privacy Cost of a “Free” Website
• Live Webinar | Fortify, Comply and Simplify Sensitive Data Security and Privacy Using a File Centric, Protect First Approach

Leaks

• Diplomats are supposed to be subtle and clever. Australia’s just leaked 1,000 citizens’ email addresses
• Windows XP Leak Confirmed After User Compiles the Leaked Code Into a Working OS
• Cloud Leak: How A Verizon Partner Exposed Millions of Customer Accounts | UpGuard
• LA Confidential: How Leaked Emergency Call Records Exposed LA County's Abuse & Crisis Victims | UpGuard
• Block Buster: How A Private Intelligence Platform Leaked 48 Million Personal Data Records | UpGuard
• Black Box, Red Disk: How Top Secret NSA and Army Data Leaked Online | UpGuard
• Cloud Leak: WSJ Parent Company Dow Jones Exposed Customer Data | UpGuard
• System Shock: How A Cloud Leak Exposed Accenture's Business | UpGuard
• Dark Cloud: Inside The Pentagon's Leaked Internet Surveillance Archive | UpGuard
• Insecure: How A Private Military Contractor's Hiring Files Leaked | UpGuard

OSINT

• China Preparing an Antitrust Investigation Into Google
• Could Coalition Airstrikes Have Hit Medical Facilities in Syria? A Review of Open Source Data
• Who’s Behind Monday’s 14-State 911 Outage?
• Sifter 10_r2
• The SunWalker Incident: Netwalker and SunCrypt Ransomware Double-Double Exploitation
• When there is no Google Earth or Street View, what can you do?
• PwnedPasswordsChecker - Search (Offline) If Your Password (NTLM Or SHA1 Format) Has Been Leaked (HIBP Passwords List V5)
• FL: Martin County website data hacked; investigation launched as county downplays threat
• Who is Tech Investor John Bernard?
• Fake COVID-19 emails from fake German Federal Ministry of Health

GDPR

• Alleged data leak exposed PII records of 27.6 million users in China
• Gartner Projects Major Jump in Data Privacy Regulations; From 10% of the World Covered in 2020 to 65% in 2023
• Agari Fall ‘ 20 Release Boosts CISO Confidence in Enterprise DMARC deployment
• GDPR Compliance Used as Phishing Lure
• Self-Sovereign Identity: A Distant Dream or an Immediate Possibility?
• This Week in Security News: Cybercriminals Distribute Backdoor with VPN Installer and New ‘Alien’ Malware can Steal Passwords from 226 Android Apps
• [Podcast] How Entrepreneur Christian Wentz Takes On Identity Authentication and Data Integrity One Line of Code at a Time
• YouTube Faces $3.2 Billion UK Lawsuit Over Children’s Privacy Violations
• Why is your personal health information worth 350 dollars on the black market?
• Rushed test and trace services put consumer privacy and health at risk

Scams

Phishing

• North Korea APT group targeted tens of UN Security Council officials
• Securing Space 4.0 – One Small Step or a Giant Leap? Part 2
• Phish Found in Proofpoint-Protected Environments – Week Ending September 27, 2020
• North Korea Has Tried To Hack 11 Officials of the UN Security Council
• Proofpoint, Microsoft, Cisco, Mimecast, Symantec – All Evaded
• Detecting Microsoft 365 and Azure Active Directory Backdoors
• OAuth Consent Phishing Ramps Up with Microsoft Office 365 Attacks
• TA2552 Uses OAuth Access Token Phishing to Exploit Read-Only Risks
• Houston-area health organization says patients targeted in phishing incident
• Anthem to pay $39.5 million to states in latest settlement over 2015 hack

SPAM

• North Korea APT group targeted tens of UN Security Council officials
• 2020-09-23 - Spambot activity from Qakbot-infected host
• 2020-09-23 – Spambot activity from Qakbot-infected host
• Legendary Dr.Web Anti-virus gives way to Dr.Web Security Space
• Rewterz Threat Alert – LokiBot Malware – IOCs
• What is Tor and how does it work?
• YouTube Celebrates Deaf Awareness Week By Killing Crowd-Sourced Captions
• Rewterz Threat Alert – Emotet – IoCs
• Feds warn foreign disinformation will be spamming US voters well after the November election to sow discord and doubt
• SideWinder APT Targets with futuristic Tactics and Techniques

Frauds

• Anthem to pay $39.5 million to states in latest settlement over 2015 hack
• ESET catches spyware posing as Telegram, Android messaging apps
• Watch out: New Android spyware records your calls covertly
• More than 12 Data Points are Publicly Available on 60% of Internet Users
• Arthur J. Gallagher Insurance Brokerage Reports Cyberattack
• Yevgeniy Nikulin sentenced to 88 months for hacks of LinkedIn, Dropbox, and Formspring
• Caught in the payment fraud net: when, not if?
• Caught in the payment fraud net: when, not if?
• Fighting Card Fraud in a New Environment
• Microsoft Advanced Compliance Solutions in Zero Trust Architecture

Malware

Badware

• Linux and macOS Versions of Commercial ‘Malware’ FinSpy Found Online by Amnesty International
• Smashing Security podcast #198: Chucky the coffee maker
• APT‑C‑23 group evolves its Android spyware
• Securing Space 4.0 – One Small Step or a Giant Leap? Part 1
• 2020-09-23 - Spambot activity from Qakbot-infected host
• Proofpoint, Microsoft, Cisco, Mimecast, Symantec – All Evaded
• Introducing VideoBytes, by Malwarebytes Labs
• Detecting Microsoft 365 and Azure Active Directory Backdoors
• 2020-09-30 - Emotet infection with Trickbot
• SunCrypt ransomware group swears off medical entities, sets sights on cybersecurity firms

Antivirus (snakeoil)

• Proofpoint, Microsoft, Cisco, Mimecast, Symantec – All Evaded
• ESET catches spyware posing as Telegram, Android messaging apps
• Teachers Talk Distance Learning | Avast
• Zerologon Windows Server Vulnerability | Avast
• Cyber security firm McAfee files for U.S. IPO - Reuters
• Endpoints are the new cybersecurity front lines of defense
• DNS Firewalls for Dummies
• Cyber security firm McAfee files for U.S. IPO - Reuters
• The business value of CompTIA CySA+ employee certification
• Answer these questions to find out how safe your social media profiles are

Ransomware

• Smashing Security podcast #198: Chucky the coffee maker
• Securing Space 4.0 – One Small Step or a Giant Leap? Part 1
• Introducing VideoBytes, by Malwarebytes Labs
• SunCrypt ransomware group swears off medical entities, sets sights on cybersecurity firms
• Introducing VideoBytes, by Malwarebytes Labs
• CVE-2020-26053
• The Exploit Window is Open:
• What to Expect at Predict 2020
• Arthur J. Gallagher Insurance Brokerage Reports Cyberattack
• QNAP warns customers of recent wave of ransomware attacks

Trojans, RATs

• APT‑C‑23 group evolves its Android spyware
• Detecting Microsoft 365 and Azure Active Directory Backdoors
• ESET catches spyware posing as Telegram, Android messaging apps
• Watch out: New Android spyware records your calls covertly
• Android Spyware Variant Snoops on WhatsApp, Telegram Messages
• Linkury adware caught distributing full-blown malware
• Linkury adware caught distributing full-blown malware
• Detecting Microsoft 365 and Azure Active Directory Backdoors
• FYI: If you're running HP Device Manager, anyone on your network can get admin on your server via backdoor
• HP Device Manager has a dangerous backdoor

Operating systems

Windows

• IPStorm botnet expands from Windows to Android, Mac, and Linux
• Diagnosing an abnormal startup: what that screen means
• Securing Space 4.0 – One Small Step or a Giant Leap? Part 1
• Securing Space 4.0 – One Small Step or a Giant Leap? Part 2
• Overview of Content Published in September
• Windows XP Leak Confirmed After User Compiles the Leaked Code Into a Working OS
• Detecting Microsoft 365 and Azure Active Directory Backdoors
• Developer successfully compiled leaked source code for MS Windows XP and Windows Server 2003 OSs
• Kerberoasting – Threat Hunting for Active Directory Attacks
• Windows XP leak confirmed after user compiles the leaked code into a working OS

Linux

• IPStorm botnet expands from Windows to Android, Mac, and Linux
• Linux and macOS Versions of Commercial ‘Malware’ FinSpy Found Online by Amnesty International
• Securing Space 4.0 – One Small Step or a Giant Leap? Part 2
• Fedora 32: xen 2020-f668e579be>
• Fedora 33: chromium 2020-2d994b986d>
• Fedora 33: edk2 2020-14257cb04d>
• RedHat: RHSA-2020-3842:01 Moderate: OpenShift Container Platform 4.5.13>
• Fedora 33: community-mysql 2020-77b95c868f>
• [$] LWN.net Weekly Edition for October 1, 2020
• [$] OpenWrt and SELinux

Android

• IPStorm botnet expands from Windows to Android, Mac, and Linux
• APT‑C‑23 group evolves its Android spyware
• Securing Space 4.0 – One Small Step or a Giant Leap? Part 2
• Google's Chromecast with Google TV is Its First Real Streaming Contender
• Google Announces the Pixel 5 for $699
• An Indicator From Twitter Brings The Donot Android Espionage Group Back Into Focus
• Alleged data leak exposed PII records of 27.6 million users in China
• How to Set up Custom Domain Names for AppSync
• China Preparing an Antitrust Investigation Into Google
• CVE-2020-24721

Apple

• Linux and macOS Versions of Commercial ‘Malware’ FinSpy Found Online by Amnesty International
• Diagnosing an abnormal startup: what that screen means
• Chrome 86 for iOS fixes orientation bug that broke web page layouts
• Developers Try Again To Upstream Motorola 68000 Series Support In LLVM
• How to Disable Screenshots and Recording in iOS Apps
• Big Tech Faces Ban From Favoring Own Services Under EU Rules
• CVE-2020-24721
• Go Passwordless with FIDO2 and Web Authentication
• Amnesty entdeckt bislang unbekannte FinSpy-Spionagesoftware für Linux und macOS
• Speeding up HTTPS and HTTP/3 negotiation with... DNS

BSD

• OpenBSD on the Desktop (Part I)
• Default window manager switched to CTWM in NetBSD-current
• Development Release: FreeBSD 12.2-BETA3
• DistroWatch Weekly, Issue 884
• Basic Printing on OpenBSD
• NICER Protocol Deep Dive: Internet Exposure of SMB
• CB-K20/0903
• FreeBSD -- bhyve SVM guest escape
• FreeBSD -- ftpd privilege escalation via ftpchroot feature
• FreeBSD -- bhyve privilege escalation via VMCS access

Emacs

• Gnus and Gmail
• Emacs: Show Image Thumbnails
• Emacs: Xah JavaScript Mode
• An Org Template for Meeting Minutes
• 2020-09-28 Emacs news
• The Org Agenda
• Document Preparation with Org, LaTeX, and Docker
• Emacs Developers (Including Richard Stallman) Discuss How to Build a More 'Modern' Emacs
• James Gosling: Java, JVM, Emacs, and Computing History [video]
• Toward a “modern” Emacs