- Pipeline Ransomware Attack Underscores Urgent Need for Risk-Based, Automated Decision Support
- Alleviating ransomware’s legal headaches with Jake Bernstein: Lock and Code S02E08
- Ransomware attack shuts down Colonial Pipeline fuel supply
- A week in security (May 3 – 9)
- CVE-2021-3035 Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution (Severity: MEDIUM)
- PAN-SA-2021-0002 Informational: PAN-OS: NAT slipstreaming v1.0 and v2.0 attacks (Severity: NONE)
- CVE-2020-2038 PAN-OS: OS command injection vulnerability in the management web interface (Severity: HIGH)
- CVE-2021-28041 PAN-OS: Informational: Impact of the OpenSSH vulnerability CVE-2021-28041 (Severity: NONE)
- CVE-2021-3037 PAN-OS: Secrets for scheduled configuration exports are logged in system logs (Severity: LOW)
- CVE-2021-3034 Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs (Severity: MEDIUM)
- CVE-2020-2035 PAN-OS: URL filtering policy is not enforced on TLS handshakes for decrypted HTTPS sessions (Severity: LOW)
- Street cred: increasing trust in passwordless authentication. [CyberWire-X]
- Yatia (Tia) Hopkins: Grit and right place, right time. [Solutions Architecture] [Career Notes]
- SUPERNOVA activity and its possible connection to SPIRAL threat group. [Research Saturday]
- CISA on FiveHands. Connections among cybergangs, Russian intelligence services? Software supply chain security. Scripps Health incident update. Home routers. Ryuk hits research institute.