Daily Read

• Biden Broadens NSA Oversight of National Security Systems
  January 20, 2022
  New Cybersecurity National Security Memorandum will let the spy agency "identify vulnerabilities, detect malicious threat activity and drive mitigations," agency cybersecurity director says.
• (ISC)² Appoints Jon France, CISSP, as Chief Information Security Officer
  January 20, 2022
  Accomplished cybersecurity leader will advocate globally for best practices in risk management and head up association security operations.
• Researchers Discover Dangerous Firmware-Level Rootkit
  January 20, 2022
  MoonBounce is the latest in a small but growing number of implants found hidden in a computer's Unified Extensible Firmware Interface (UEFI).
• Automating Response Is a Marathon, Not a Sprint
  January 20, 2022
  Organizations should balance process automation and human interaction to meet their unique security requirements.
• Red Cross Hit via Third-Party Cyberattack
  January 20, 2022
  The incident compromised the personal data and confidential information of more than 515,000 "highly vulnerable people," the Red Cross reports.
• Enterprises Are Sailing Into a Perfect Storm of Cloud Risk
  January 20, 2022
  Policy as code and other techniques can help enterprises steer clear of the dangers that have befallen otherwise sophisticated cloud customers.
• 4 Ways to Develop Your Team's Cyber Skills
  January 20, 2022
  Organizations need to invest in professional development — and then actually make time for it.
• Cisco's Kenna Security Research Shows the Relative Likelihood of an Organization Being Exploited
  January 20, 2022
  A record-breaking 20,130 vulnerabilities were reported in 2021. However, only 4% pose a high risk to organizations.
• FireEye & McAfee Enterprise Renamed as Trellix
  January 19, 2022
  Symphony Technology Group announces a name for the newly merged company, which aims to become a leader in extended detection and response (XDR).
• What Happens to My Organization If APIs Are Compromised?
  January 19, 2022
  Once attackers have obtained access, they can compromise other systems or pivot within your networks.

• S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]
  January 20, 2022
  Latest epsiode – listen now!
• Serious Security: Apple Safari leaks private data via database API – what you need to know
  January 18, 2022
  There's a tiny data leakage bug in the WebKit browser engine… but it could act as a "supercookie" identifier for your browsing
• Romance scammer who targeted 670 women gets 28 months in jail
  January 17, 2022
  Found love online? Sending them money? Friends and family warning you it could be a scam? Don't be too quick to dismiss their concerns…
• Serious Security: Linux full-disk encryption bug fixed – patch now!
  January 14, 2022
  Imagine if someone who didn't have your password could sneakily modify data that was encrypted with it.
• REvil ransomware crew allegedly busted in Russia, says FSB
  January 14, 2022
  The Russian Federal Security Bureau has just published a report about the investigation and arrest of the infamous "REvil" ransomware crew.
• S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle [Podcast + Transcript]
  January 13, 2022
  Latest episode -listen to it or read it now!
• Wormable Windows HTTP hole – what you need to know
  January 12, 2022
  One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".
• Home routers with NetUSB support could have critical kernel hole
  January 11, 2022
  Got a router that supports USB access across the network? You might need a kernel update…
• JavaScript developer destroys own projects in supply chain “lesson”
  January 11, 2022
  Two popular open source JavaScript packages recently got "hacked" in a symbolic gesture by the original project creator.
• Honda cars in flashback to 2002 – “Can’t Get You Out Of My Head”
  January 8, 2022
  Where were YOU on the night of 17 May 2002? And what about the day after that?