API Evangelist Partners

These are my partners who invest in API Evangelist each month, helping underwrite my research, and making sure I'm able to keep monitoring the API space as I do.


3scale makes it easy to open, secure, distribute, control and monetize APIs, that is built with performance, customer control and excellent time-to-value in mind.


Runscope is a SaaS-based company that provides solutions for API performance testing, monitoring and debugging.


Tyk is an open source API Gateway that is fast, scalable and modern, and offers an API management platform with an API Gateway, API analytics, developer portal and API Management Dashboard.


Restlet is providing the fastest and easiest API-First Platform as a Service that developers and non-developers working on API projects can use.


DreamFactory Software develops and markets a technology that enables developers to connect modern mobile applications to enterprise back-end infrastructure in the cloud.

API Vulnerabilities News

These are the news items I've curated in my monitoring of the API space that have some relevance to the API definition conversation and I wanted to include in my research. I'm using all of these links to better understand how the space is testing their APIs, going beyond just monitoring and understand the details of each request and response.

Title Source Visit
HP Security Bulletin HPESB3P03767 1 (2017-08-04) packetstormsecurity.com
Exploits Available for Siemens Molecular Imaging Vulnerabilities (2017-08-04) kasperskycontenthub.com
Vulnerability Spotlight: Kakadu SDK Vulnerabilities (2017-08-04) blogs.cisco.com
Linux Kernel 4.12 Race Condition (2017-08-04) packetstormsecurity.com
Format Factory 4.1.0 DLL Hijacking (2017-08-04) packetstormsecurity.com
Vulnerability found in solar panels could knock out power grids across Europe (2017-08-04) thenextweb.com
Packet Storm New Exploits For July, 2017 (2017-08-03) packetstormsecurity.com
Kernel Live Patch Security Notice LSN (2017-08-03) packetstormsecurity.com
Axis 2100 Network Camera 2.43 Cross Site Scripting (2017-08-03) packetstormsecurity.com
VirtualBox Windows Process DLL UNC Path Signature Bypass Privilege Escalation (2017-08-03) packetstormsecurity.com
VirtualBox indows Process DLL Signature Bypass Privilege Escalation (2017-08-03) packetstormsecurity.com
DNSTracer 1.9 Buffer Overflow (2017-08-03) packetstormsecurity.com
Premium Servers List Tracker 1.0 SQL Injection (2017-08-03) packetstormsecurity.com
EDUMOD Pro 1.3 SQL Injection (2017-08-03) packetstormsecurity.com
Muviko 1.0 SQL Injection (2017-08-03) packetstormsecurity.com
Ubuntu Security Notice USN (2017-08-03) packetstormsecurity.com
Ubuntu Security Notice USN (2017-08-03) packetstormsecurity.com
Ubuntu Security Notice USN (2017-08-03) packetstormsecurity.com
Ubuntu Security Notice USN (2017-08-03) packetstormsecurity.com
Red Hat Security Advisory 2017 (2017-08-03) packetstormsecurity.com
Cisco Fixes DoS, Authentication Bypass Vulnerabilities, OSPF Bug (2017-08-03) kasperskycontenthub.com
DoJ Launches Framework for Vulnerability Disclosure Programs (2017-08-03) www.darkreading.com
Two Popular IP Cameras Riddled With Vulnerabilities (2017-08-03) kasperskycontenthub.com
TOR Virtual Network Tunneling Tool (2017-08-02) packetstormsecurity.com
Joomla PHP (2017-08-02) packetstormsecurity.com
Joomla SIMGenealogy 2.1.5 SQL Injection (2017-08-02) packetstormsecurity.com
Solarwinds Kiwi Syslog Denial Of Service (2017-08-02) packetstormsecurity.com
Joomla LMS King Professional 3.2.40 SQL Injection (2017-08-02) packetstormsecurity.com
Joomla Event Registration Pro Calendar 4.1.3 SQL Injection (2017-08-02) packetstormsecurity.com
Joomla Ultimate Property Listing 1.0.2 SQL Injection (2017-08-02) packetstormsecurity.com
SMBLoris Denial Of Service (2017-08-02) packetstormsecurity.com
IBM Worklight / MobileFirst Cross Site Scripting (2017-08-02) packetstormsecurity.com
Hashicorp vagrant (2017-08-02) packetstormsecurity.com
Vulnerability Spotlight: EZB Systems UltraISO ISO Parsing Code Execution Vulnerability (2017-08-02) blogs.cisco.com
Wannacry Inpires Worm (2017-07-28) www.darkreading.com
vulnerability (2017-07-25) github.com
Novel Attack Tricks Servers to Cache, Expose Personal Data (2017-07-25) kasperskycontenthub.com
Custom Source Code Accounts for 93% of App Vulnerabilities (2017-07-25) www.darkreading.com
Vulnerability Spotlight: FreeRDP Multiple Vulnerabilities (2017-07-24) blogs.cisco.com
Vulnerability Spotlight: Multiple Vulnerabilities in CorelDRAW X8 (2017-07-20) blogs.cisco.com
gSOAP Flaw Leaves Thousands of IoT Devices Vulnerable to Remote Code Execution (2017-07-19) continuum.cisco.com
Critical Security Vulnerabilities Found in Segway Hoverboards (2017-07-19) www.infosecurity-magazine.com
Bad Code Library Triggers Devil’s Ivy Vulnerability in Millions of IoT Devices (2017-07-19) kasperskycontenthub.com
Oracle Releases Biggest Update Ever: 308 Vulnerabilities Patched (2017-07-18) kasperskycontenthub.com
A security researcher just revealed a huge Myspace security flaw. (And yes you should care.) (2017-07-18) mashable.com
Zero (2017-07-18) www.darkreading.com
Experts in Lather Over ‘gSOAP’ Security Flaw (2017-07-18) krebsonsecurity.com
50,000 Machines Remain Vulnerable to EternalBlue Attacks (2017-07-14) www.darkreading.com
Siemens Patches Authentication Bypass Flaw in SiPass Server (2017-07-14) kasperskycontenthub.com
Scanner Shows EternalBlue Vulnerability Unpatched on Thousands of Machines (2017-07-13) kasperskycontenthub.com
Uber Patches Authentication Bypass Vulnerability on Custom SSO Solution (2017-07-12) kasperskycontenthub.com
New SQL Injection Tool Makes Attacks Possible from a Smartphone (2017-07-12) www.darkreading.com
Adobe, Microsoft Push Critical Security Fixes (2017-07-11) krebsonsecurity.com
Microsoft Patch Tuesday Update Fixes 19 Critical Vulnerabilities (2017-07-11) kasperskycontenthub.com
Microsoft Patch Tuesday – July 2017 (2017-07-11) blogs.cisco.com
Adobe Fixes Six Vulnerabilities in Flash, Connect with July Update (2017-07-11) kasperskycontenthub.com
Vulnerability Spotlight: Iceni Infix PDF Editor Memory Corruption (2017-07-11) blogs.cisco.com
How Code Vulnerabilities Can Lead to Bad Accidents (2017-07-10) www.darkreading.com
Security updates for multiple Jenkins plugins (2017-07-09) jenkins.io
Attack on Critical Infrastructure Leverages Template Injection (2017-07-07) blogs.cisco.com
Vulnerability Spotlight: TALOS (2017-07-07) blogs.cisco.com
Ukranian company that spread Petya could face criminal charges for vulnerability (2017-07-03) www.theverge.com
Vulnerabilities Found in German e (2017-06-30) www.darkreading.com
Another RCE Vulnerability Patched in Microsoft Malware Protection Engine (2017-06-26) kasperskycontenthub.com
Xen Hypervisor Gets Patches for Virtual Machine Escape Flaws (2017-06-23) thenewstack.io
RAT Vulnerabilities Turn Hackers into Victims (2017-06-23) www.darkreading.com
The Diamond in the Rough: Effective Vulnerability Management with OWASP DefectDojo (2017-06-23) developers.redhat.com
Vulnerability Spotlight: Multiple Vulnerabilities in InsideSecure MatrixSSL (2017-06-22) blogs.cisco.com
IT Security Vulnerability vs Threat vs Risk: What’s the Difference? (2017-06-21) www.bmc.com
Microsoft Patches Two Critical Vulnerabilities Under Attack (2017-06-13) kasperskycontenthub.com
Unpatched 0-days in Vanilla Forums let Remote Attackers Hack Websites (2017-05-12) www.itsecurityguru.org
Multiple Ransomware Infections Reported (2017-05-12) www.us-cert.gov
Satel Iberia SenNet Data Logger and Electricity Meters (2017-05-11) ics-cert.us-cert.gov
Cisco Patches Leaked 0-day in 300+ Of Its Switches (2017-05-10) www.itsecurityguru.org
Google Researchers Discover Worst Windows Bug (2017-05-10) www.pcmag.com
Cisco Releases Security Update (2017-05-10) www.us-cert.gov
Microsoft fixes 55 vulnerabilities, 3 exploited by Russian cyberspies (2017-05-09) www.pcworld.com
Siemens devices using the PROFINET Discovery and Configuration Protocol (2017-05-09) ics-cert.us-cert.gov
Siemens devices using the PROFINET Discovery and Configuration Protocol (2017-05-09) ics-cert.us-cert.gov
Rockwell Automation Stratix 5900 (2017-05-09) ics-cert.us-cert.gov
Microsoft Releases Critical Security Update (2017-05-08) www.us-cert.gov
Mozilla Releases Security Updates (2017-05-05) www.us-cert.gov
Advantech B+B SmartWorx MESR901 (2017-05-02) ics-cert.us-cert.gov
CyberVision Kaa IoT Platform (2017-05-02) ics-cert.us-cert.gov
Google Releases Security Updates for Chrome (2017-05-02) www.us-cert.gov
Schneider Electric Wonderware Historian Client (2017-05-02) ics-cert.us-cert.gov
Intel Firmware Vulnerability (2017-05-01) www.us-cert.gov
GE Multilin SR Protective Relays (2017-04-27) ics-cert.us-cert.gov
Adobe Releases Security Updates for ColdFusion (2017-04-26) www.us-cert.gov
IBM Releases Security Update (2017-04-25) www.us-cert.gov
Drupal fixes critical access bypass vulnerability (2017-04-20) www.pcworld.com
Fake Delta Airlines Receipt Packs Malware (2017-04-20) www.darkreading.com
Google Releases Security Updates for Chrome (2017-04-19) www.us-cert.gov
Mozilla Releases Security Updates (2017-04-19) www.us-cert.gov
Drupal Releases Security Updates (2017-04-19) www.us-cert.gov
Oracle Releases Security Bulletin (2017-04-18) www.us-cert.gov
VMware Releases Security Updates (2017-04-18) www.us-cert.gov
Microsoft has already patched the NSAs leaked Windows hacks (2017-04-15) www.theverge.com
We Can Calm Down: Microsoft Already Patched Most of the Shadow Brokers Exploits (2017-04-15) motherboard.vice.com
Microsoft says exploits leaked by Shadow Brokers were addressed by prior patches (2017-04-15) techcrunch.com
Unpatched PHP Flaw in E-Commerce Platform Leaves 200,000 Sites Vunerable (2017-04-14) continuum.cisco.com
VMware Releases Security Updates (2017-04-14) www.us-cert.gov
Schneider Electric Modicon M221 PLCs and SoMachine Basic (2017-04-13) ics-cert.us-cert.gov
Wecon Technologies LEVI Studio HMI Editor (2017-04-13) ics-cert.us-cert.gov
Microsoft Releases April 2017 Security Updates (2017-04-12) www.us-cert.gov
Apache Software Foundation Releases Security Updates (2017-04-12) www.us-cert.gov
BrickerBot Permanent Denial-of-Service Attack (2017-04-12) ics-cert.us-cert.gov
Schneider Electric Modicon Modbus Protocol (2017-04-11) ics-cert.us-cert.gov
Your phone’s fingerprint lock has a weakness (2017-04-11) www.futurity.org
MS Office Zero-day Exploited in Attacks – No Enabling of Macros Required! (2017-04-10) www.itsecurityguru.org
That Fingerprint Sensor on Your Phone Is Not as Safe as You Think (2017-04-10) www.nytimes.com
Android devices can be fatally hacked by malicious Wi-Fi networks (2017-04-07) arstechnica.com
Brute Forcing HS256 Is Possible: The Importance of Using Strong Keys in Signing JWTs (2017-04-05) dzone.com
Cisco Releases Security Updates (2017-04-05) www.us-cert.gov
Schneider Electric Interactive Graphical SCADA System Software (2017-04-04) ics-cert.us-cert.gov
Marel Food Processing Systems (2017-04-04) ics-cert.us-cert.gov
Cisco Patches Critical IOX Vulnerability (2017-03-24) www.itsecurityguru.org
Apple Releases Security Update for iTunes (2017-03-24) www.us-cert.gov
Cisco Releases Security Updates (2017-03-22) www.us-cert.gov
Vulnerabilities Identified in Network Time Protocol Daemon (ntpd) (2017-03-22) www.us-cert.gov
Cisco Issues Advisory on Flaw in Hundreds of Switches (2017-03-21) www.darkreading.com
Cisco Releases Security Updates (2017-03-21) www.us-cert.gov
New Vulnerability Revealed in WhatsApp and Telegram, Allowed Hackers to Gain Complete Control Over User Accounts (2017-03-21) www.itsecurityguru.org
Vulnerability Management in 2017: Context is King (2017-03-17) www.bmc.com
WhatsApp Hack Shows That Even Encryption Apps Are Vulnerable in a Browser (2017-03-15) www.wired.com
Microsoft fixes record number of flaws, some publicly known (2017-03-15) www.pcworld.com
Drupal Releases Security Update (2017-03-15) www.us-cert.gov
Vulnerabilities in WiFi Cameras (2017-03-14) www.eagleeyenetworks.com
Fatek Automation PLC Ethernet Module (2017-03-14) ics-cert.us-cert.gov
Ursnif Malware (2017-03-14) resources.infosecinstitute.com
Adobe Releases Security Updates (2017-03-14) www.us-cert.gov
Critical Vulnerability Uncovered in JSON Encryption (2017-03-13) blogs.adobe.com
A Challenge to WikiLeaks: Disclose Software Vulnerabilities on a Responsible Timeline (2017-03-10) www.carbonblack.com
Google Discloses Details of an Unpatched Microsoft Vulnerability (2017-03-09) www.schneier.com
Some notes on the RAND 0day report (2017-03-09) blog.erratasec.com
Google says it’s already fixed many exploits from WikiLeaks’ CIA document dump (2017-03-09) www.theverge.com
IRS Releases Tax-Time Guide (2017-03-09) www.us-cert.gov
Report: Government-held security vulnerabilities last for years (2017-03-09) thehill.com
Google Releases Security Update for Chrome (2017-03-09) www.us-cert.gov
The White House’s favorite ‘secure’ messaging app is riddled with bugs (2017-03-08) thenextweb.com
Apache Software Foundation Releases Security Updates (2017-03-08) www.us-cert.gov
Researchers find major flaws in encrypted chat app popular in WH (2017-03-08) thehill.com
Mozilla Releases Security Update (2017-03-07) www.us-cert.gov
WordPress Releases Security Update (2017-03-06) www.us-cert.gov
Eaton xComfort Ethernet Communication Interface (2017-03-02) ics-cert.us-cert.gov
(Cloud)Flare Up: What you Need to Know about Ticketbleed (2017-03-02) www.forumsys.com
Siemens SINUMERIK Integrate and SINUMERIK Operate (2017-03-02) ics-cert.us-cert.gov
Schneider Electric Conext ComBox (2017-03-02) ics-cert.us-cert.gov
Cisco Releases Security Update (2017-03-01) www.us-cert.gov
Cloudflare data leakage doesn’t reveal 1Password secrets (2017-02-24) www.macworld.com
SHA-1 Has Been Compromised In Practice (2017-02-24) auth0.com
Update Regarding the CloudFlare Security Incident (2017-02-24) blog.stocktwits.com
Popular website service Cloudflare leaked private data (2017-02-24) thehill.com
Cloudflare leak: Please reset your CCID password (2017-02-24) creativecommons.org
Partners: Cloudflare Software Bug Shows Need For Better Business Data Security Measures (2017-02-24) www.crn.com
Cloudbleed — Your Credentials Cached in Search Engines (2017-02-24) hackaday.com
Announcing the first SHA1 collision (2017-02-24) security.googleblog.com
How to secure your data after the Cloudflare leak (2017-02-24) techcrunch.com
Cloudflare Leaked Web Customer Data For Months (2017-02-24) www.darkreading.com
DigitalOcean, Your Data, and the Cloudflare Vulnerability (2017-02-24) www.digitalocean.com
Tweet: Incident report on memory leak caused by Cloudflare parser bug - https://t.co/rTZ4bFw3uJ (2017-02-23) twitter.com
Incident report on memory leak caused by Cloudflare parser bug (2017-02-23) blog.cloudflare.com
Red Lion Controls Sixnet-Managed Industrial Switches, AutomationDirect STRIDE-Managed Ethernet Switches Vulnerability (2017-02-23) ics-cert.us-cert.gov
Schneider Electric Modicon M340 PLC (2017-02-23) ics-cert.us-cert.gov
Operation BugDrop: CyberX Discovers Large-Scale Cyber-Reconnaissance Operation Targeting Ukrainian Organizations (2017-02-23) ics-cert.us-cert.gov
Apple Releases Security Update (2017-02-21) www.us-cert.gov
Advantech WebAccess (2017-02-14) ics-cert.us-cert.gov
Apple Releases Security Update (2017-02-14) www.us-cert.gov
Adobe Releases Security Updates (2017-02-14) www.us-cert.gov
Siemens SIMATIC Authentication Bypass (2017-02-14) ics-cert.us-cert.gov
Geutebrück IP Cameras (2017-02-14) ics-cert.us-cert.gov
Hanwha Techwin Smart Security Manager (2017-02-09) ics-cert.us-cert.gov
F5’s Big-IP leaks little chunks of memory, even SSL session Ids (2017-02-09) www.itsecurityguru.org
ISC Releases Security Updates for BIND (2017-02-08) www.us-cert.gov
Bugcrowd Reduces the Cost and Effort of Unifying Vulnerability Data... (2017-02-07) worldnews.se
Report: Security Flaw Lets Hackers Snoop on 76 iPhone Apps (2017-02-07) www.pcmag.com
BD Alaris 8000 Insufficiently Protected Credentials Vulnerability (2017-02-07) ics-cert.us-cert.gov
BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities (2017-02-07) ics-cert.us-cert.gov
Devilish New Ransomware is Out on the Street (2017-02-06) cyware.com
Cisco Clock Signal Component Failure Advisory (2017-02-06) www.us-cert.gov
BINOM3 Electric Power Quality Meter (2017-01-31) ics-cert.us-cert.gov
VMware Releases Security Updates (2017-01-31) www.us-cert.gov
Ecava IntegraXor (2017-01-31) ics-cert.us-cert.gov
Tenable Brings Vulnerability Management Platform to the Cloud (2017-01-31) shopmatrix.eu
Tenable Unveils SaaS Platform that Redefines Vulnerability Management for Today’s Elastic IT Environments (2017-01-31) www.itsecurityguru.org
Positive Technologies discovers security vulnerability in data center monitoring system that could allow remote access to unencrypted passwords (2017-01-31) www.itsecurityguru.org
Researchers ID Decades-Old Fruitfly Mac Malware (2017-01-20) www.pcmag.com
Old-School Mac OS Malware Spotted Targeting Biomedical Industry (2017-01-19) www.darkreading.com
Schneider Electric homeLYnk Controller (2017-01-19) ics-cert.us-cert.gov
Oracle Releases Security Bulletin (2017-01-18) www.us-cert.gov
Decline in two families of malware has researchers stumped (2017-01-17) thehill.com
Silence speaks louder than words when finding malware (2017-01-17) developers.googleblog.com
A critical flaw (possibly a deliberate backdoor) allows for decryption of Whatsapp messages (2017-01-13) boingboing.net
Encrypted messaging platform WhatsApp denies “backdoor” claim (2017-01-13) techcrunch.com
Top security expert: There is no WhatsApp backdoor (FB) (2017-01-13) www.businessinsider.com
Hack Exposes Reams of Private Jabber Chats (2017-01-11) motherboard.vice.com
Adobe Releases Security Updates (2017-01-10) www.us-cert.gov
Security Bulletins posted (2017-01-10) blogs.adobe.com
Google plugs serious Nexus vulnerability in latest security update (2017-01-09) www.pcworld.com
Vulnerability of Web-based Applications (2017-01-09) resources.infosecinstitute.com
St. Jude [email protected] Transmitter Vulnerability (2017-01-09) ics-cert.us-cert.gov
New Android Malware Attacks Your Wireless Router Through Your Phone (2017-01-06) www.itsecurityguru.org
Rockwell Automation MicroLogix 1100 and 1400 Vulnerabilities (2017-01-05) ics-cert.us-cert.gov
Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability (2017-01-05) ics-cert.us-cert.gov
978 - Kaspersky: SSL interception differentiates certificates with a 32bit hash - project-zero - Monorail (2017-01-03) bugs.chromium.org
Mozilla Releases Security Update (2016-12-28) www.us-cert.gov
0-days hitting Fedora and Ubuntu open desktops to a world of hurt (2016-12-16) arstechnica.com
Vulnerability and Patch Management (2016-12-15) resources.infosecinstitute.com
OmniMetrix OmniView Vulnerabilities (2016-12-15) ics-cert.us-cert.gov
Microsoft Patches Skype for Mac Backdoor Open for Up to 10 Years (2016-12-15) cyberparse.co.uk
Fatek Automation PLC WinProladder Stack-Based Buffer Overflow Vulnerability (2016-12-15) ics-cert.us-cert.gov
5-year-old Skype Backdoor Discovered – Mac OS X Users Urged to... (2016-12-14) trueviralnews.com
Moxa DACenter Vulnerabilities (2016-12-13) ics-cert.us-cert.gov
Siemens S7-300/400 PLC Vulnerabilities (2016-12-13) ics-cert.us-cert.gov
Microsoft Releases December 2016 Security Bulletin (2016-12-13) www.us-cert.gov
Netgear starts patching routers left vulnerable to hacking by a critical flaw (2016-12-13) www.pcworld.com
Siemens SIMATIC WinCC and SIMATIC PCS 7 ActiveX Vulnerability (2016-12-13) ics-cert.us-cert.gov
Microsoft Patches Dangerous Backdoor In Skype For Mac OS X (2016-12-13) www.darkreading.com
Microsoft Patches Dangerous Backdoor In Skype For Mac OS X (2016-12-13) www.isvoc.com
Delta Electronics WPLSoft, ISPSoft, and PMSoft Vulnerabilities (2016-12-13) ics-cert.us-cert.gov
CA Unified Infrastructure Management Directory Traversal Vulnerability (2016-11-10) ics-cert.us-cert.gov
Microsoft November Security Updates Include Fix For Zero-Day Flaw (2016-11-08) www.darkreading.com
OSIsoft PI System Incomplete Model of Endpoint Features Vulnerability (2016-11-08) ics-cert.us-cert.gov
Phoenix Contact ILC PLC Authentication Vulnerabilities (2016-11-08) ics-cert.us-cert.gov
Siemens Industrial Products Local Privilege Escalation Vulnerability (2016-11-08) ics-cert.us-cert.gov
Schneider Electric IONXXXX Series Power Meter Vulnerabilities (2016-11-03) ics-cert.us-cert.gov
Moxa OnCell Security Vulnerabilities (2016-11-03) ics-cert.us-cert.gov
Schneider Electric Magelis HMI Resource Consumption Vulnerabilities (2016-11-03) ics-cert.us-cert.gov
NCCIC/ICS-CERT Advanced Analytical Laboratory Malware Trends White Paper (2016-11-01) ics-cert.us-cert.gov
Schneider Electric ConneXium Buffer Overflow Vulnerability (2016-11-01) ics-cert.us-cert.gov
Schneider Electric Unity PRO Control Flow Management Vulnerability (2016-11-01) ics-cert.us-cert.gov
ISC Releases Security Updates for BIND (2016-11-01) www.us-cert.gov
IBHsoftec S7-SoftPLC CPX43 Heap-based Buffer Overflow Vulnerability (2016-11-01) ics-cert.us-cert.gov
A look at CMSs from a Vulnerability Researchers View (2016-10-31) www.liquidmatrix.org
Disclosing vulnerabilities to protect users (2016-10-31) security.googleblog.com
Government Hacking: Vulnerabilities Equities Process (2016-10-31) cyberlaw.stanford.edu
Linux Kernel Vulnerability (2016-10-21) www.us-cert.gov
Warnings over Dirty Cow Linux bug (2016-10-21) www.bbc.co.uk
Moxa EDR-810 Industrial Secure Router Privilege Escalation Vulnerability (2016-10-20) ics-cert.us-cert.gov
Mozilla Releases Security Update for Firefox (2016-10-20) www.us-cert.gov
ISC Releases Security Advisory (2016-10-20) www.us-cert.gov
Cisco Releases Security Updates (2016-10-19) www.us-cert.gov
Oracle fixes 100s of vulnerabilities that put enterprise data at risk (2016-10-19) www.pcworld.com
Oracle Releases Security Bulletin (2016-10-18) www.us-cert.gov
Schneider Electric PowerLogic PM8ECC Hard-coded Password Vulnerability (2016-10-18) ics-cert.us-cert.gov
ICS-CERT issued advisory ICSA-16-287-01 OSIsoft PI Web API 2015 R2 Service Acct Permissions Vuln to ICS-CERT (2016-10-13) ics-cert.us-cert.gov
Kabona AB WDC Vulnerabilities (2016-10-13) ics-cert.us-cert.gov
Rockwell Automation Stratix Denial-of-Service and Memory Leak Vulnerabilities (2016-10-13) ics-cert.us-cert.gov
Fatek Automation Designer Memory Corruption Vulnerabilities (2016-10-13) ics-cert.us-cert.gov
Siemens Automation License Manager Vulnerabilities (2016-10-13) ics-cert.us-cert.gov
Siemens SIMATIC STEP 7 (TIA Portal) Information Disclosure Vulnerabilities (2016-10-13) ics-cert.us-cert.gov
Google Releases Security Update for Chrome (2016-10-13) www.us-cert.gov
Moxa ioLogik E1200 Series Vulnerabilities (2016-10-13) ics-cert.us-cert.gov
Eko Malware Targets Facebook Users (2016-10-12) www.itsecurityguru.org
Sierra Wireless Mitigations Against Mirai Malware (2016-10-12) ics-cert.us-cert.gov
Cisco Releases Security Updates (2016-10-12) www.us-cert.gov
Adobe Releases Security Updates (2016-10-11) www.us-cert.gov
NIST Released Special Publication: SP 800-150 (2016-10-11) ics-cert.us-cert.gov
Microsoft Releases Security Updates (2016-10-11) www.us-cert.gov
VMware Releases Security Updates (2016-10-07) www.us-cert.gov
GE Bently Nevada 3500/22M Improper Authorization Vulnerability (2016-10-06) ics-cert.us-cert.gov
Cisco Releases Security Updates (2016-10-05) www.us-cert.gov
Beckhoff Embedded PC Images and TwinCAT Components Vulnerabilities (2016-10-04) ics-cert.us-cert.gov
Homeland Security Warns Certain Huawei Devices Vulnerable To DDoS (2016-10-04) www.itsecurityguru.org
INDAS Web SCADA Path Traversal Vulnerability (2016-10-04) ics-cert.us-cert.gov
American Auto-Matrix Front-End Solutions Vulnerabilities (2016-09-29) ics-cert.us-cert.gov
Cisco Releases Security Updates (2016-09-28) www.us-cert.gov
ISC Releases Security Updates for BIND (2016-09-27) www.us-cert.gov
Siemens SCALANCE M-800/S615 Web Vulnerability (2016-09-27) ics-cert.us-cert.gov
Cisco Releases Security Updates (2016-09-21) www.us-cert.gov
Drupal Releases Security Advisory (2016-09-21) www.us-cert.gov
Apple Releases Security Updates (2016-09-20) www.us-cert.gov
Mozilla Releases Security Updates (2016-09-20) www.us-cert.gov
Moxa Active OPC Server Unquoted Service Path Escalation Vulnerability (2016-09-20) ics-cert.us-cert.gov
Mozilla Firefox Vulnerable To Man-In-The-Middle Attack: Report (2016-09-19) www.cxotoday.com
Tweet: ICS-CERT issued advisory ICSA-16-259-03 Trane Tracer SC Sensitive Information Exposure Vuln to ICS?CERT web site https://t.co/dC1xPL4fhM (2016-09-15) twitter.com
Tweet: ICS-CERT issued advisory ICSA-16-259-01 Yokogawa STARDOM Authentication Bypass Vulnerability to ICS?CERT web site https://t.co/InVxgekGNN (2016-09-15) twitter.com
Tweet: ICS-CERT issued advisory ICSA-16-259-02 ABB DataManagerPro Credential Management Vulnerability to ICS-CERT web site https://t.co/KQshyEct7y (2016-09-15) twitter.com
Tweet: ICS-CERT issued ICSA-16-224-02 Rockwell Automation RSLogix 500 amp;amp; RSLogix Micro Buffer Overflow to ICS-CERT web site https://t.co/gJJCNU22xf (2016-09-15) twitter.com
How to Easily Protect Against the Trident iOS Vulnerabilities (2016-09-15) duo.com
Trane Tracer SC Sensitive Information Exposure Vulnerability (2016-09-15) ics-cert.us-cert.gov
Double-dipping malware steals iOS creds and roots Android (2016-09-15) www.itsecurityguru.org
Sixth Linux DDoS Trojan Discovered in the Last 30 Days (2016-09-15) www.itsecurityguru.org
Rockwell Automation RSLogix 500 AND RSLogix Micro File Parser Buffer Overflow Vulnerability (2016-09-15) ics-cert.us-cert.gov
ABB DataManagerPro Credential Management Vulnerability (2016-09-15) ics-cert.us-cert.gov
Yokogawa STARDOM Authentication Bypass Vulnerability (2016-09-15) ics-cert.us-cert.gov
Tweet: ICS-CERT issued alert ICS-ALERT-16-256-01 FENIKS PRO Elnet Energy Meter Vulnerabilities to ICS?CERT web site - https://t.co/ZnDStDG5Oh (2016-09-12) twitter.com
Tweet: ICS-CERT issued Recommended Practice Improving ICS Cybersecurity with Defense-in-Depth Strategies ICS?CERT web site https://t.co/HN18YdceL5 (2016-09-12) twitter.com
Thousands of Seagate NAS boxes host cryptocurrency mining malware (2016-09-12) www.csoonline.com
MySQL zero-day exploit puts some servers at risk of hacking (2016-09-12) www.pcworld.com
New Linux Trojan Discovered Coded in Mozilla?s Rust Language (2016-09-09) www.itsecurityguru.org
Internet of Sins: Million more devices sharing known private keys for HTTPS, SSH admin (2016-09-07) www.itsecurityguru.org
Cryptographic Key Reuse Remains Widespread In Embedded Products (2016-09-06) www.darkreading.com
New Report shows 55% of websites have severe vulnerabilities (2016-09-06) www.itsecurityguru.org
Siemens SIPROTEC 4 and SIPROTEC Compact Vulnerabilities (2016-09-06) ics-cert.us-cert.gov
Chromes newest version contains 33 security fixes; Cisco patches two critical vulnerabilities (2016-09-02) www.scmagazine.com
OneLogin breached, hacker finds cleartext credential notepads (2016-08-31) www.itsecurityguru.org
New covert malware uses USB drives to jump airgaps and works on almost every storage device (2016-08-30) www.itsecurityguru.org
HTTPS and OpenVPN face new attack that can decrypt secret cookies (2016-08-25) arstechnica.com
Cisco starts patching firewall devices against NSA-linked exploit (2016-08-25) www.pcworld.com
Moxa OnCell Vulnerabilities (2016-08-23) ics-cert.us-cert.gov
New Banking Trojan Uses PowerShell to Alter Internet Explorer Proxy Settings (2016-08-23) www.itsecurityguru.org
Malware Infected All Eddie Bauer Stores in U.S., Canada (2016-08-19) www.itsecurityguru.org
Researchers spot Nemucod in Brazil spreading banking trojans (2016-08-18) www.scmagazine.com
Cisco Patches Zero-Day Firewall Flaw Exposed In Equation Group Hack (2016-08-18) www.darkreading.com
Navis WebAccess SQL Injection Vulnerability (2016-08-18) ics-cert.us-cert.gov
Prevent Security Breaches Due to Out-of-Date Flash Vulnerabilities (2016-08-17) duo.com
Navis WebAccess SQL Injection Exploitation (2016-08-17) ics-cert.us-cert.gov
FalseCONNECT sends vendors scrambling to patch proxy MITM bug (2016-08-17) www.itsecurityguru.org
Software Firm Sage Probes Data Breach (2016-08-16) www.darkreading.com
Android DroidJack Malware Spreading Via Over-The Top Services (2016-08-15) www.darkreading.com
Metapacket analyzes outbound network traffic to flag and block malware (2016-08-15) techcrunch.com
HEI Hotels reports point-of-sale terminals breach (2016-08-14) www.pcworld.com
Sage software firm hit by data breach (2016-08-14) www.bbc.co.uk
Tweet: Hidden vulnerability in some PHP web-to-email forms (ab)used to email #Locky #ransomware; @brad_anton explains it: https://t.co/GxIk46Zf3j (2016-08-11) twitter.com
New malware campaign spreads backdoors instead of ransomware (2016-08-11) www.itsecurityguru.org
Rockwell Automation MicroLogix 1400 SNMP Credentials Vulnerability (2016-08-11) ics-cert.us-cert.gov
Disable WPAD now or have your accounts and private data compromised (2016-08-10) www.pcworld.com
Oracle MICROS payment terminal biz hacked. Payments worldwide at risk (2016-08-09) www.itsecurityguru.org
Oracle Probes MICROS PoS System Breach (2016-08-09) www.darkreading.com
Russian hackers appear to have infiltrated up to 330,000 computer cash registers sold by Oracle (ORCL) (2016-08-09) www.businessinsider.com
Tweet: Breaking, exclusive: Data breach at Oracle compromised usernames/passwords for its MICROS point-of-sale customers https://t.co/Oel0qwPIdV (2016-08-08) twitter.com
Quadrooter Bug Puts Android Devices At Risk (2016-08-08) www.pcmag.com
Hackers hit Oracles Micros payment systems division (2016-08-08) www.pcworld.com
Hackers Breach Hundreds of Thousands of Cash Registers (2016-08-08) www.pcmag.com
1 billion computer monitors vulnerable to undetectable firmware attacks (2016-08-06) boingboing.net
Huge data breach at health system leads to biggest ever settlement (2016-08-05) www.itsecurityguru.org
PC-nuking malware sneakily replaces popular free software on FossHub (2016-08-04) www.pcworld.com
Talos Discovers Zero-Day Vulnerabilities in Hancom Office Suite (2016-08-04) continuum.cisco.com
Is YOUR email address and password for sale? Hacker claims 200m Yahoo accounts are listed on a dark web market (2016-08-03) www.itsecurityguru.org
Anatomy of an Exploit: Get the Binary (2016-08-03) dzone.com
Security Vulnerabilities in Wireless Keyboards (2016-08-02) www.schneier.com
Talos: Office Macro Attacks Are on the Rise (2016-08-02) continuum.cisco.com
Moxa SoftCMS SQL Injection Vulnerability (2016-08-02) ics-cert.us-cert.gov
Siemens SINEMA Server Privilege Escalation Vulnerability (2016-08-02) ics-cert.us-cert.gov
Magnetic stripes vulnerable to hackers, shows researcher (2016-08-02) thehill.com
ACSC Releases Risk Mitigation Strategies Against Malicious Email (2016-08-01) www.us-cert.gov
Intel Crosswalk bug invalidates SSL protection (2016-08-01) www.itsecurityguru.org
SwiftKey Stops Cloud Sync Following User Data Leak (2016-08-01) www.itsecurityguru.org
Crypto Malware: Responding To Machine-Timescale Breaches (2016-08-01) www.darkreading.com
Vulnerable PHP Forms Abused for Locky Distribution (2016-08-01) blog.opendns.com
Multiple SIEM Dilemma ? UDP Forwarding (2016-08-01) www.itsecurityguru.org
Hackers allegedly take over airport screens to blast insults about the South China Sea (2016-08-01) www.itsecurityguru.org
PPD-41 Stakeholder Message (2016-07-27) ics-cert.us-cert.gov
Osram Smart Light Bugs Affect Wi-Fi Security (2016-07-27) www.pcmag.com
Kimpton Hotel Chain Investigating Possible Payment Card Breach (2016-07-27) www.darkreading.com
HHS Penalizes Philadelphia Healthcare Organization For HIPAA Violation (2016-07-27) www.darkreading.com
Twitters Vine Source code dump (2016-07-22) avicoder.me
Flaws in Oracle file processing SDKs affect major third-party products (2016-07-21) www.pcworld.com
Oracle issues largest patch bundle ever, fixing 276 security flaws (2016-07-20) www.pcworld.com
Cisco Releases Security Update (2016-07-20) www.us-cert.gov
quot;httpoxyquot; CGI vulnerability response (2016-07-20) blogs.apache.org
Security software that uses code hooking opens the door to hackers (2016-07-19) www.computerworld.com
Oracle Releases Security Bulletin (2016-07-19) www.us-cert.gov
Mitigating the HTTPoxy Vulnerability with NGINX (2016-07-18) www.nginx.com
Drupal Releases Security Advisory (2016-07-18) www.us-cert.gov
Apple Releases Multiple Security Updates (2016-07-18) www.us-cert.gov
Moxa MGate Authentication Bypass Vulnerability (2016-07-14) ics-cert.us-cert.gov
Philips Xper-IM Connect Vulnerabilities (2016-07-14) ics-cert.us-cert.gov
Schneider Electric SoMachine HVAC Unsafe ActiveX Control Vulnerability (2016-07-14) ics-cert.us-cert.gov
Schneider Electric Pelco Digital Sentry Video Management System Vulnerability (2016-07-14) ics-cert.us-cert.gov
GE Proficy HMI SCADA CIMPLICITY Privilege Management Vulnerability (2016-07-12) ics-cert.us-cert.gov
Tollgrade Smart Grid EMS LightHouse Vulnerabilities (2016-07-12) ics-cert.us-cert.gov
St. Louis Federal Reserve Suffers DNS Breach (2015-05-18) krebsonsecurity.com
Why Startups Need an API (2012-04-21) tune.com

If you think there is a link I should have listed here feel free to tweet it at me, or submit as a Github issue. Even though I do this full time, I'm still a one person show, and I miss quite a bit, and depend on my network to help me know what is going on.