- University of York discloses [third-party] data breach, staff and student records stolen [Charlie Osborne, Zero Day]
-
‘Crypto’ Scammers Weren’t the First to Crack Twitter [Mathew J. Schwartz, Information Security Media Group]
- see also: Twitter Hacking for Profit and the LoLs -
Details and PoC for critical SharePoint RCE flaw released [Zeljka Zorz, Help Net Security]
- see also: SharePoint and Pwn :: Remote Code Execution Against SharePoint Server Abusing DataSet - Critical SIGred Windows DNS bug gets micropatch after PoCs released [Ionut Ilascu, Bleeping Computer]
- New ‘Meow’ attack has wiped dozens of unsecured databases [Ionut Ilascu, Bleeping Computer]
- Data Leaks in Online Education: Almost 1 Million Records Exposed [Chase Williams, WizCase]
- TLS 1.0 and 1.1 deprecation for Office 365 [Microsoft]
- OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory [Robert Falcone, Unit 42 / Palo Alto Networks]
- Report: No-Log VPNs Exposed Users’ Logs and Personal Details for All to See [vpnMentor]
- How to use MITRE ATT&CK [Mark Dufresne, Elastic Security]
- Understanding the Benefits of the Capability Maturity Model Integration [Nigel Sampson (guest author) / Tripwire]
- Why Cyber Ranges Are Effective To Train Your Teams [Mark Stone, IBM / Security Intelligence]
- The InfoSec Barrier to AI [Praful Krishna, Dark Reading]
- Europeans Aren’t Really Using COVID-19 Contact-Tracing Apps [Gabriel Geiger, Motherboard / VICE]
C410 A2BE CB73 EF77 746E 9682 E2C4 91CE D20D 800F