- International reactions to US sanctions against Russia (positively reviewed in Europe and the UK, but panned by Russia). Continuing threats to the cold chain. Natanz back in business? Data breach notes.
- CVE-2021-3037 PAN-OS: Secrets for scheduled configuration exports are logged in system logs (Severity: LOW)
- CVE-2021-28041 PAN-OS: Informational: Impact of the OpenSSH vulnerability CVE-2021-28041 (Severity: NONE)
- CVE-2021-3034 Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs (Severity: MEDIUM)
- CVE-2021-3036 PAN-OS: Administrator secrets are logged in web server logs when using the PAN-OS XML API incorrectly (Severity: MEDIUM)
- Shady scam bots trick Omegle users into nonconsensual video sex recordings
- Patch now! NSA, CISA, and FBI warn of Russian intelligence exploiting 5 vulnerabilities
- Deepfakes were going to change everything. And then they didn’t
- 6 SSH best practices to protect networks from attacks
- Companies must train their SOC teams well to prevent breaches
- CVE-2020-2035 PAN-OS: URL filtering policy is not enforced on TLS handshakes for decrypted HTTPS sessions (Severity: LOW)
- CVE-2020-2038 PAN-OS: OS command injection vulnerability in the management web interface (Severity: HIGH)
- PAN-SA-2021-0002 Informational: PAN-OS: NAT slipstreaming v1.0 and v2.0 attacks (Severity: NONE)
- Imposing costs and sending signals (and prominently naming Cozy Bear). More speculation about the Natanz explosion. And a shift in the criminal-to-criminal economy.
- Chrome users, here’s how to opt out of the Google FLoC trial