Original release date: May 16, 2022CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors a…
This is a current list of where and when I am scheduled to speak:
The Squidmobile.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Original release date: May 10, 2022<br/><p>CISA and the Federal Bureau of Investigation (FBI) have updated the joint cybersecurity advisory, <a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-076a">Strengthening Cybersecu…
Video of oval squid (Sepioteuthis lessoniana) changing color in reaction to their background. The research paper claims this is the first time this has been documented.
As usual, you can also use this squid post to talk about the security stories in th…
Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies.
When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts called it a fundamentally unfixable problem. But don’t tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests — in part by assigning trustworthiness or “credit ratings” to law enforcement authorities worldwide.
Eva is an Information Security Professional with over 20 years of expertise in Information Security and compliance, including standards such as FedRAMP, ISO 27001/2, PCI, HIPAA, NIST, SOC 1/2, and GDPR. Eva has an enormous amount of experience in creating formal documentation, including company programs, policies, and individual procedures, used to educate internal users and […]
New research on the changing migration of the Doryteuthis opalescens as a result of climate change.
News article:
Stanford researchers have solved a mystery about why a species of squid native to California has been found thriving in the Gulf of Alaska…
North Korean hackers have been exploiting a zero-day in Chrome.
The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for the express purpose of serving attack code on unsuspecting visitors. One group was dubbed Operation Dream Job, and it targeted more than 250 people working for 10 different companies. The other group, known as AppleJeus, targeted 85 users.
The attackers made use of an exploit kit that contained multiple stages and components in order to exploit targeted users. The attackers placed links to the exploit kit within hidden iframes, which they embedded on both websites they owned as well as some websites they compromised…