May 29, 2022

• DHS CISA Updated Emergency Directive 22-03 to Add Two New VMware Bugs

• Broadcom Announces Plan to Buy VMware

• Microsoft Rolling out New Security Settings to Millions of Accounts

• Feds Fine Twitter $150 Million for Privacy Violations

• Spain Vows to Tighten Control Over Their Spy Agencies

• Spain Vows to Tighten Control Over Their Spy Agencies

• Chicago Public Schools Blames Breach on Battelle
• Canadian Healthcare Organization Compromised Data Back to 1996
• Hacker Leaks Massive Dump from XinJiang Concentration Camps
• Millions of MGM Customers’ Data Dumped Again – This Time for Free

Security News Bites for the Week Ending May 27th, 2022
This week’s news bites: yet another Russian military asset catches fire, GM hit by credential
stuffing attack, Quad nations pledge to collaborate more on cybersecurity, more ransomware
move to extortion and CISA adds 75 more bugs to the actively exploited/must patch list.

Read the newsletter here

May 22, 2022

• When is Your iPhone Really Off?

• SF Police Use Autonomous Cars for Surveillance

• Two Business Grade Netgear Routers are Vulnerable and Can’t Be Fixed

• Home Title Fraud Monitoring

• And Now We Have Five – Zero-Days for Apple So Far This Year

• Microsoft End-of-Life’s Windows Server 20H2

• Judge Okays First Cryptocurrency Sanctions Case
• Google Plans to Share Vetted Open Source Software
• Costa Rica Ransomware Problem Grows
• Space Pirates
• Texas Department of Insurance Leaks Data on Two Million Texans

This week’s news bites: flaw in uclibc allows DNS poisoning attacks, cyberattack on Hawaii
undersea cable thwarted, will the Mickey Mouse protection law go up in flames, feds write
memo that says they pinky promise not to charge security researchers under CFAA and
sanctions have some effect on Russian tech sector

Read the newsletter here

May 15, 2022

• College Closes After 157 Years After Ransomware Attack

• A Really Bad Idea!

• Ya Can’t Tell the Players Without a Scorecard

• Microsoft to Offer Human-Based Security Services

• Microsoft to Offer Human-Based Security Services

• NIST Plans to Ask for Comments on Updates to Controlled Unclassified Information Publications

• UK Sanctions Russian Chip Makers
• Prince Charles Announces UK Data Reform Bill – Setting Up Fight With EU
• Colorado AG Releases Data Security Best Practices
• I am guessing Putin isn’t happy over this breach
• This Qualifies as an Embarrassing Breach – Federal Law Enforcement Portal
• Costa Rica Declares Emergency After Cyberattack

Security News Bites for the Week Ending May 13th, 2022
This week’s news bites: Chinese sponsored Operation Cuckoobees active for many years,
Spain’s spy chief fired after news she hacked Spanish politicians, EU proposes to kill child
abuse by killing privacy, Colorado’s CBI warns of fraudulent real estate transactions and
Mandiant says hackers are dwelling inside for fewer days.

Read the newsletter here

May 8, 2022

• White House Releases Orders to Deploy Quantum Computing Resistant Encryption

• CISA Releases Secure Cloud Business Applications (SCBA) Technical Reference Architecture

• And Now There Are Five – Connecticut Passes Privacy Law

• Dark Patterns – Continued

• SEC Doubles the Size of its Cryptocurrency Fraud Unit

• NIST Guide to Enterprise Patch Management Planning
• International Car Rental Company Sixt Hit by Cyberattack
• Respiratory Care Provider SuperCare Health Loses Data on 300,000

This week’s news bites: jury finds Norton infringed on two Columbia University patents, data
broker stops selling location data of Planned Parenthood visitors after being outed,
cryptocurrency projects are as secure as a screen door, Ukrainians figure out how to beat
Russia, Spain admits they hacked some of their politician’s phones, and treasury sanctions
cryptocurrency mixer BLENDER.

Read the newsletter here