C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F

  1. University of York discloses [third-party] data breach, staff and student records stolen [Charlie Osborne, Zero Day]
  2. ‘Crypto’ Scammers Weren’t the First to Crack Twitter [Mathew J. Schwartz, Information Security Media Group]
    - see also: Twitter Hacking for Profit and the LoLs
  3. Details and PoC for critical SharePoint RCE flaw released [Zeljka Zorz, Help Net Security]
    - see also: SharePoint and Pwn :: Remote Code Execution Against SharePoint Server Abusing DataSet
  4. Critical SIGred Windows DNS bug gets micropatch after PoCs released [Ionut Ilascu, Bleeping Computer]
  5. New ‘Meow’ attack has wiped dozens of unsecured databases [Ionut Ilascu, Bleeping Computer]
  6. Data Leaks in Online Education: Almost 1 Million Records Exposed [Chase Williams, WizCase]
  7. TLS 1.0 and 1.1 deprecation for Office 365 [Microsoft]
  8. OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory [Robert Falcone, Unit 42 / Palo Alto Networks]
  9. Report: No-Log VPNs Exposed Users’ Logs and Personal Details for All to See [vpnMentor]
  10. How to use MITRE ATT&CK [Mark Dufresne, Elastic Security]
  11. Understanding the Benefits of the Capability Maturity Model Integration [Nigel Sampson (guest author) / Tripwire]
  12. Why Cyber Ranges Are Effective To Train Your Teams [Mark Stone, IBM / Security Intelligence]
  13. The InfoSec Barrier to AI [Praful Krishna, Dark Reading]
  14. Europeans Aren’t Really Using COVID-19 Contact-Tracing Apps [Gabriel Geiger, Motherboard / VICE]