Effort vs. Outcome | Daniel Miessler
Over the years I’ve noticed something a bit peculiar about myself when it comes to striving for outcomes. In short, it seems that I thrive…
Month: April 2025
Adoption of CVSS v4.0 Vulnerability Assessment Calculator
CVSS stands for ‘Common Vulnerability Scoring System’. The CVSS framework is an open cyber security framework owned by a US-based non-profit organization ‘Forum of Incident…
39M API Keys & Credentials Exposed
Over 39 million API keys, credentials, and other sensitive secrets were exposed on GitHub in 2024, raising considerable alarm within the developer community and enterprises…
Bluefin simplifies network tokenization access and management for merchants
Bluefin announced the addition of network tokenization capabilities to its ShieldConex Tokenization as a Service and Orchestration platforms, enabling merchants to directly provision network-issued payment…
Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices
Apr 03, 2025Ravie LakshmananThreat Intelligence / Mobile Security Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be…
How Managers Should Be | Daniel Miessler
This is an excellent collection of 10 beliefs that managers “should” have — or, good ones anyway. I find the list to be quite accurate,…
A Powerful New Tool for Analyzing Golang Malware
Analyzing malware has become increasingly challenging, especially with the growing popularity of programming languages like Golang. Golang, or Go, has captivated developers for its extensive…
Beware fake AutoCAD, SketchUp sites dropping malware
Malware peddlers are saddling users with the TookPS downloader and the Lapmon and TeviRat backdoors via malicious sites that mimic official ones and ostensibly offer…
A Bold Move For EU Security
The European Commission has introduced ProtectEU, a comprehensive European Internal Security Strategy aimed at strengthening the security of EU citizens. The strategy lays out a…
Information Security is Not a Permanent Cashcow
I’ve been saying for years that the time of the mediocre security professional is nearly up. We in information security are a bunch of maggots…
Cisco Smart Licensing Utility Flaws Allowed Attackers to Gain Admin Access
Cisco has disclosed critical vulnerabilities in its Smart Licensing Utility software, identified as CVE-2024-20439 and CVE-2024-20440, which could allow unauthenticated, remote attackers to gain administrative…
My First Metal Album | Daniel Miessler
I’ll never forget the first time I “got” metal. Up until then I was into dance music — the current-day rap, if you will. Run…