API Evangelist Partners

These are my partners who invest in API Evangelist each month, helping underwrite my research, and making sure I'm able to keep monitoring the API space as I do.

3Scale

3scale makes it easy to open, secure, distribute, control and monetize APIs, that is built with performance, customer control and excellent time-to-value in mind.

Runscope

Runscope is a SaaS-based company that provides solutions for API performance testing, monitoring and debugging.

Tyk

Tyk is an open source API Gateway that is fast, scalable and modern, and offers an API management platform with an API Gateway, API analytics, developer portal and API Management Dashboard.

Restlet

Restlet is providing the fastest and easiest API-First Platform as a Service that developers and non-developers working on API projects can use.

Dreamfactory

DreamFactory Software develops and markets a technology that enables developers to connect modern mobile applications to enterprise back-end infrastructure in the cloud.

API Vulnerabilities News

These are the news items I've curated in my monitoring of the API space that have some relevance to the API definition conversation and I wanted to include in my research. I'm using all of these links to better understand how the space is testing their APIs, going beyond just monitoring and understand the details of each request and response.

Title Source Visit
Multiple Ransomware Infections Reported (2017-05-12) www.us-cert.gov
Unpatched 0days in Vanilla Forums let Remote Attackers Hack Websites (2017-05-12) www.itsecurityguru.org
Satel Iberia SenNet Data Logger and Electricity Meters (2017-05-11) ics-cert.us-cert.gov
Cisco Releases Security Update (2017-05-10) www.us-cert.gov
Google Researchers Discover Worst Windows Bug (2017-05-10) www.pcmag.com
Cisco Patches Leaked 0day in 300 Of Its Switches (2017-05-10) www.itsecurityguru.org
Microsoft fixes 55 vulnerabilities 3 exploited by Russian cyberspies (2017-05-09) www.pcworld.com
Rockwell Automation Stratix 5900 (2017-05-09) ics-cert.us-cert.gov
Siemens devices using the PROFINET Discovery and Configuration Protocol (2017-05-09) ics-cert.us-cert.gov
Siemens devices using the PROFINET Discovery and Configuration Protocol (2017-05-09) ics-cert.us-cert.gov
Microsoft Releases Critical Security Update (2017-05-08) www.us-cert.gov
Mozilla Releases Security Updates (2017-05-05) www.us-cert.gov
Advantech BB SmartWorx MESR901 (2017-05-02) ics-cert.us-cert.gov
CyberVision Kaa IoT Platform (2017-05-02) ics-cert.us-cert.gov
Schneider Electric Wonderware Historian Client (2017-05-02) ics-cert.us-cert.gov
Google Releases Security Updates for Chrome (2017-05-02) www.us-cert.gov
Intel Firmware Vulnerability (2017-05-01) www.us-cert.gov
GE Multilin SR Protective Relays (2017-04-27) ics-cert.us-cert.gov
Adobe Releases Security Updates for ColdFusion (2017-04-26) www.us-cert.gov
IBM Releases Security Update (2017-04-25) www.us-cert.gov
Fake Delta Airlines Receipt Packs Malware (2017-04-20) www.darkreading.com
Drupal fixes critical access bypass vulnerability (2017-04-20) www.pcworld.com
Google Releases Security Updates for Chrome (2017-04-19) www.us-cert.gov
Mozilla Releases Security Updates (2017-04-19) www.us-cert.gov
Drupal Releases Security Updates (2017-04-19) www.us-cert.gov
Oracle Releases Security Bulletin (2017-04-18) www.us-cert.gov
VMware Releases Security Updates (2017-04-18) www.us-cert.gov
Microsoft says exploits leaked by Shadow Brokers were addressed by prior patches (2017-04-15) techcrunch.com
Microsoft has already patched the NSAs leaked Windows hacks (2017-04-15) www.theverge.com
We Can Calm Down Microsoft Already Patched Most of the Shadow Brokers Exploits (2017-04-15) motherboard.vice.com
Unpatched PHP Flaw in ECommerce Platform Leaves 200000 Sites Vunerable (2017-04-14) continuum.cisco.com
VMware Releases Security Updates (2017-04-14) www.us-cert.gov
Schneider Electric Modicon M221 PLCs and SoMachine Basic (2017-04-13) ics-cert.us-cert.gov
Wecon Technologies LEVI Studio HMI Editor (2017-04-13) ics-cert.us-cert.gov
Apache Software Foundation Releases Security Updates (2017-04-12) www.us-cert.gov
Microsoft Releases April 2017 Security Updates (2017-04-12) www.us-cert.gov
BrickerBot Permanent DenialofService Attack (2017-04-12) ics-cert.us-cert.gov
Schneider Electric Modicon Modbus Protocol (2017-04-11) ics-cert.us-cert.gov
Your phones fingerprint lock has a weakness (2017-04-11) www.futurity.org
That Fingerprint Sensor on Your Phone Is Not as Safe as You Think (2017-04-10) www.nytimes.com
MS Office Zeroday Exploited in Attacks No Enabling of Macros Required (2017-04-10) www.itsecurityguru.org
Android devices can be fatally hacked by malicious WiFi networks (2017-04-07) arstechnica.com
Cisco Releases Security Updates (2017-04-05) www.us-cert.gov
Brute Forcing HS256 Is Possible The Importance of Using Strong Keys in Signing JWTs (2017-04-05) dzone.com
Marel Food Processing Systems (2017-04-04) ics-cert.us-cert.gov
Schneider Electric Interactive Graphical SCADA System Software (2017-04-04) ics-cert.us-cert.gov
Apple Releases Security Update for iTunes (2017-03-24) www.us-cert.gov
Cisco Patches Critical IOX Vulnerability (2017-03-24) www.itsecurityguru.org
Vulnerabilities Identified in Network Time Protocol Daemon ntpd (2017-03-22) www.us-cert.gov
Cisco Releases Security Updates (2017-03-22) www.us-cert.gov
Cisco Releases Security Updates (2017-03-21) www.us-cert.gov
New Vulnerability Revealed in WhatsApp and Telegram Allowed Hackers to Gain Complete Control Over User Accounts (2017-03-21) www.itsecurityguru.org
Cisco Issues Advisory on Flaw in Hundreds of Switches (2017-03-21) www.darkreading.com
Vulnerability Management in 2017 Context is King (2017-03-17) www.bmc.com
WhatsApp Hack Shows That Even Encryption Apps Are Vulnerable in a Browser (2017-03-15) www.wired.com
Drupal Releases Security Update (2017-03-15) www.us-cert.gov
Microsoft fixes record number of flaws some publicly known (2017-03-15) www.pcworld.com
Vulnerabilities in WiFi Cameras (2017-03-14) www.eagleeyenetworks.com
Fatek Automation PLC Ethernet Module (2017-03-14) ics-cert.us-cert.gov
Adobe Releases Security Updates (2017-03-14) www.us-cert.gov
Ursnif Malware (2017-03-14) resources.infosecinstitute.com
Critical Vulnerability Uncovered in JSON Encryption (2017-03-13) blogs.adobe.com
A Challenge to WikiLeaks Disclose Software Vulnerabilities on a Responsible Timeline (2017-03-10) www.carbonblack.com
Google Releases Security Update for Chrome (2017-03-09) www.us-cert.gov
IRS Releases TaxTime Guide (2017-03-09) www.us-cert.gov
Report Governmentheld security vulnerabilities last for years (2017-03-09) thehill.com
Google Discloses Details of an Unpatched Microsoft Vulnerability (2017-03-09) www.schneier.com
Google says its already fixed many exploits from WikiLeaks CIA document dump (2017-03-09) www.theverge.com
Some notes on the RAND 0day report (2017-03-09) blog.erratasec.com
Apache Software Foundation Releases Security Updates (2017-03-08) www.us-cert.gov
Researchers find major flaws in encrypted chat app popular in WH (2017-03-08) thehill.com
The White Houses favorite secure messaging app is riddled with bugs (2017-03-08) thenextweb.com
Mozilla Releases Security Update (2017-03-07) www.us-cert.gov
WordPress Releases Security Update (2017-03-06) www.us-cert.gov
Siemens SINUMERIK Integrate and SINUMERIK Operate (2017-03-02) ics-cert.us-cert.gov
Schneider Electric Conext ComBox (2017-03-02) ics-cert.us-cert.gov
Eaton xComfort Ethernet Communication Interface (2017-03-02) ics-cert.us-cert.gov
CloudFlare Up What you Need to Know about Ticketbleed (2017-03-02) www.forumsys.com
Cisco Releases Security Update (2017-03-01) www.us-cert.gov
How to secure your data after the Cloudflare leak (2017-02-24) techcrunch.com
Update Regarding the CloudFlare Security Incident (2017-02-24) blog.stocktwits.com
Cloudflare data leakage doesnt reveal 1Password secrets (2017-02-24) www.macworld.com
DigitalOcean Your Data and the Cloudflare Vulnerability (2017-02-24) www.digitalocean.com
Cloudflare Leaked Web Customer Data For Months (2017-02-24) www.darkreading.com
Cloudflare leak Please reset your CCID password (2017-02-24) creativecommons.org
Partners Cloudflare Software Bug Shows Need For Better Business Data Security Measures (2017-02-24) www.crn.com
Popular website service Cloudflare leaked private data (2017-02-24) thehill.com
SHA1 Has Been Compromised In Practice (2017-02-24) auth0.com
Cloudbleed Your Credentials Cached in Search Engines (2017-02-24) hackaday.com
Announcing the first SHA1 collision (2017-02-24) security.googleblog.com
Tweet Incident report on memory leak caused by Cloudflare parser bug httpstcorTZ4bFw3uJ (2017-02-23) twitter.com
Operation BugDrop CyberX Discovers LargeScale CyberReconnaissance Operation Targeting Ukrainian Organizations (2017-02-23) ics-cert.us-cert.gov
Incident report on memory leak caused by Cloudflare parser bug (2017-02-23) blog.cloudflare.com
Schneider Electric Modicon M340 PLC (2017-02-23) ics-cert.us-cert.gov
Red Lion Controls SixnetManaged Industrial Switches AutomationDirect STRIDEManaged Ethernet Switches Vulnerability (2017-02-23) ics-cert.us-cert.gov
Apple Releases Security Update (2017-02-21) www.us-cert.gov
Siemens SIMATIC Authentication Bypass (2017-02-14) ics-cert.us-cert.gov
Geutebrck IP Cameras (2017-02-14) ics-cert.us-cert.gov
Advantech WebAccess (2017-02-14) ics-cert.us-cert.gov
Apple Releases Security Update (2017-02-14) www.us-cert.gov
Adobe Releases Security Updates (2017-02-14) www.us-cert.gov
F5s BigIP leaks little chunks of memory even SSL session Ids (2017-02-09) www.itsecurityguru.org
Hanwha Techwin Smart Security Manager (2017-02-09) ics-cert.us-cert.gov
ISC Releases Security Updates for BIND (2017-02-08) www.us-cert.gov
Bugcrowd Reduces the Cost and Effort of Unifying Vulnerability Data (2017-02-07) worldnews.se
Report Security Flaw Lets Hackers Snoop on 76 iPhone Apps (2017-02-07) www.pcmag.com
BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities (2017-02-07) ics-cert.us-cert.gov
BD Alaris 8000 Insufficiently Protected Credentials Vulnerability (2017-02-07) ics-cert.us-cert.gov
Devilish New Ransomware is Out on the Street (2017-02-06) cyware.com
IKITTENS IRANIAN ACTOR RESURFACES WITH MALWARE FOR MAC (2017-02-06) iranthreats.github.io
Cisco Clock Signal Component Failure Advisory (2017-02-06) www.us-cert.gov
Tenable Brings Vulnerability Management Platform to the Cloud (2017-01-31) shopmatrix.eu
VMware Releases Security Updates (2017-01-31) www.us-cert.gov
Tenable Unveils SaaS Platform that Redefines Vulnerability Management for Todays Elastic IT Environments (2017-01-31) www.itsecurityguru.org
Positive Technologies discovers security vulnerability in data center monitoring system that could allow remote access to unencrypted passwords (2017-01-31) www.itsecurityguru.org
Ecava IntegraXor (2017-01-31) ics-cert.us-cert.gov
BINOM3 Electric Power Quality Meter (2017-01-31) ics-cert.us-cert.gov
Researchers ID DecadesOld Fruitfly Mac Malware (2017-01-20) www.pcmag.com
Schneider Electric homeLYnk Controller (2017-01-19) ics-cert.us-cert.gov
OldSchool Mac OS Malware Spotted Targeting Biomedical Industry (2017-01-19) www.darkreading.com
Oracle Releases Security Bulletin (2017-01-18) www.us-cert.gov
Silence speaks louder than words when finding malware (2017-01-17) developers.googleblog.com
Decline in two families of malware has researchers stumped (2017-01-17) thehill.com
Encrypted messaging platform WhatsApp denies backdoor claim (2017-01-13) techcrunch.com
Top security expert There is no WhatsApp backdoor FB (2017-01-13) www.businessinsider.com
A critical flaw possibly a deliberate backdoor allows for decryption of Whatsapp messages (2017-01-13) boingboing.net
Hack Exposes Reams of Private Jabber Chats (2017-01-11) motherboard.vice.com
Security Bulletins posted (2017-01-10) blogs.adobe.com
Adobe Releases Security Updates (2017-01-10) www.us-cert.gov
St Jude Merlinhome Transmitter Vulnerability (2017-01-09) ics-cert.us-cert.gov
Vulnerability of Webbased Applications (2017-01-09) resources.infosecinstitute.com
Google plugs serious Nexus vulnerability in latest security update (2017-01-09) www.pcworld.com
New Android Malware Attacks Your Wireless Router Through Your Phone (2017-01-06) www.itsecurityguru.org
Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability (2017-01-05) ics-cert.us-cert.gov
Rockwell Automation MicroLogix 1100 and 1400 Vulnerabilities (2017-01-05) ics-cert.us-cert.gov
978 Kaspersky SSL interception differentiates certificates with a 32bit hash projectzero Monorail (2017-01-03) bugs.chromium.org
978 Kaspersky SSL interception differentiates certificates with a 32bit hash projectzero Monorail (2017-01-03) bugs.chromium.org
Mozilla Releases Security Update (2016-12-28) www.us-cert.gov
0days hitting Fedora and Ubuntu open desktops to a world of hurt (2016-12-16) arstechnica.com
Vulnerability and Patch Management (2016-12-15) resources.infosecinstitute.com
OmniMetrix OmniView Vulnerabilities (2016-12-15) ics-cert.us-cert.gov
Fatek Automation PLC WinProladder StackBased Buffer Overflow Vulnerability (2016-12-15) ics-cert.us-cert.gov
Microsoft Patches Skype for Mac Backdoor Open for Up to 10 Years (2016-12-15) cyberparse.co.uk
5yearold Skype Backdoor Discovered Mac OS X Users Urged to (2016-12-14) trueviralnews.com
Netgear starts patching routers left vulnerable to hacking by a critical flaw (2016-12-13) www.pcworld.com
Microsoft Patches Dangerous Backdoor In Skype For Mac OS X (2016-12-13) www.darkreading.com
Siemens S7300400 PLC Vulnerabilities (2016-12-13) ics-cert.us-cert.gov
Siemens SIMATIC WinCC and SIMATIC PCS 7 ActiveX Vulnerability (2016-12-13) ics-cert.us-cert.gov
Delta Electronics WPLSoft ISPSoft and PMSoft Vulnerabilities (2016-12-13) ics-cert.us-cert.gov
Moxa DACenter Vulnerabilities (2016-12-13) ics-cert.us-cert.gov
Microsoft Patches Dangerous Backdoor In Skype For Mac OS X (2016-12-13) www.isvoc.com
Microsoft Releases December 2016 Security Bulletin (2016-12-13) www.us-cert.gov
CA Unified Infrastructure Management Directory Traversal Vulnerability (2016-11-10) ics-cert.us-cert.gov
Microsoft November Security Updates Include Fix For ZeroDay Flaw (2016-11-08) www.darkreading.com
OSIsoft PI System Incomplete Model of Endpoint Features Vulnerability (2016-11-08) ics-cert.us-cert.gov
Siemens Industrial Products Local Privilege Escalation Vulnerability (2016-11-08) ics-cert.us-cert.gov
Phoenix Contact ILC PLC Authentication Vulnerabilities (2016-11-08) ics-cert.us-cert.gov
Schneider Electric IONXXXX Series Power Meter Vulnerabilities (2016-11-03) ics-cert.us-cert.gov
Schneider Electric Magelis HMI Resource Consumption Vulnerabilities (2016-11-03) ics-cert.us-cert.gov
Moxa OnCell Security Vulnerabilities (2016-11-03) ics-cert.us-cert.gov
ISC Releases Security Updates for BIND (2016-11-01) www.us-cert.gov
Schneider Electric Unity PRO Control Flow Management Vulnerability (2016-11-01) ics-cert.us-cert.gov
IBHsoftec S7SoftPLC CPX43 Heapbased Buffer Overflow Vulnerability (2016-11-01) ics-cert.us-cert.gov
Schneider Electric ConneXium Buffer Overflow Vulnerability (2016-11-01) ics-cert.us-cert.gov
NCCICICSCERT Advanced Analytical Laboratory Malware Trends White Paper (2016-11-01) ics-cert.us-cert.gov
A look at CMSs from a Vulnerability Researchers View (2016-10-31) www.liquidmatrix.org
Disclosing vulnerabilities to protect users (2016-10-31) security.googleblog.com
Government Hacking Vulnerabilities Equities Process (2016-10-31) cyberlaw.stanford.edu
Linux Kernel Vulnerability (2016-10-21) www.us-cert.gov
Warnings over Dirty Cow Linux bug (2016-10-21) www.bbc.co.uk
ISC Releases Security Advisory (2016-10-20) www.us-cert.gov
Mozilla Releases Security Update for Firefox (2016-10-20) www.us-cert.gov
Moxa EDR810 Industrial Secure Router Privilege Escalation Vulnerability (2016-10-20) ics-cert.us-cert.gov
Cisco Releases Security Updates (2016-10-19) www.us-cert.gov
Oracle fixes 100s of vulnerabilities that put enterprise data at risk (2016-10-19) www.pcworld.com
Schneider Electric PowerLogic PM8ECC Hardcoded Password Vulnerability (2016-10-18) ics-cert.us-cert.gov
Oracle Releases Security Bulletin (2016-10-18) www.us-cert.gov
ICSCERT issued advisory ICSA1628701 OSIsoft PI Web API 2015 R2 Service Acct Permissions Vuln to ICSCERT (2016-10-13) ics-cert.us-cert.gov
Google Releases Security Update for Chrome (2016-10-13) www.us-cert.gov
Kabona AB WDC Vulnerabilities (2016-10-13) ics-cert.us-cert.gov
Fatek Automation Designer Memory Corruption Vulnerabilities (2016-10-13) ics-cert.us-cert.gov
Moxa ioLogik E1200 Series Vulnerabilities (2016-10-13) ics-cert.us-cert.gov
Rockwell Automation Stratix DenialofService and Memory Leak Vulnerabilities (2016-10-13) ics-cert.us-cert.gov
Siemens SIMATIC STEP 7 TIA Portal Information Disclosure Vulnerabilities (2016-10-13) ics-cert.us-cert.gov
Siemens Automation License Manager Vulnerabilities (2016-10-13) ics-cert.us-cert.gov
OSIsoft PI Web API 2015 R2 Service Account Permissions Vulnerability (2016-10-13) ics-cert.us-cert.gov
Eko Malware Targets Facebook Users (2016-10-12) www.itsecurityguru.org
Sierra Wireless Mitigations Against Mirai Malware (2016-10-12) ics-cert.us-cert.gov
Cisco Releases Security Updates (2016-10-12) www.us-cert.gov
Adobe Releases Security Updates (2016-10-11) www.us-cert.gov
Microsoft Releases Security Updates (2016-10-11) www.us-cert.gov
NIST Released Special Publication SP 800150 (2016-10-11) ics-cert.us-cert.gov
VMware Releases Security Updates (2016-10-07) www.us-cert.gov
GE Bently Nevada 350022M Improper Authorization Vulnerability (2016-10-06) ics-cert.us-cert.gov
Cisco Releases Security Updates (2016-10-05) www.us-cert.gov
INDAS Web SCADA Path Traversal Vulnerability (2016-10-04) ics-cert.us-cert.gov
Beckhoff Embedded PC Images and TwinCAT Components Vulnerabilities (2016-10-04) ics-cert.us-cert.gov
Beckhoff Embedded PC Images and TwinCAT Components Vulnerabilities (2016-10-04) ics-cert.us-cert.gov
Beckhoff Embedded PC Images and TwinCAT Components Vulnerabilities (2016-10-04) ics-cert.us-cert.gov
Homeland Security Warns Certain Huawei Devices Vulnerable To DDoS (2016-10-04) www.itsecurityguru.org
American AutoMatrix FrontEnd Solutions Vulnerabilities (2016-09-29) ics-cert.us-cert.gov
Cisco Releases Security Updates (2016-09-28) www.us-cert.gov
ISC Releases Security Updates for BIND (2016-09-27) www.us-cert.gov
Siemens SCALANCE M800S615 Web Vulnerability (2016-09-27) ics-cert.us-cert.gov
Cisco Releases Security Updates (2016-09-21) www.us-cert.gov
Drupal Releases Security Advisory (2016-09-21) www.us-cert.gov
Apple Releases Security Updates (2016-09-20) www.us-cert.gov
Mozilla Releases Security Updates (2016-09-20) www.us-cert.gov
Moxa Active OPC Server Unquoted Service Path Escalation Vulnerability (2016-09-20) ics-cert.us-cert.gov
Mozilla Firefox Vulnerable To ManInTheMiddle Attack Report (2016-09-19) www.cxotoday.com
Tweet ICSCERT issued advisory ICSA1625903 Trane Tracer SC Sensitive Information Exposure Vuln to ICSCERT web site httpstcodC1xPL4fhM (2016-09-15) twitter.com
Tweet ICSCERT issued advisory ICSA1625901 Yokogawa STARDOM Authentication Bypass Vulnerability to ICSCERT web site httpstcoInVxgekGNN (2016-09-15) twitter.com
Tweet ICSCERT issued advisory ICSA1625902 ABB DataManagerPro Credential Management Vulnerability to ICSCERT web site httpstcoKQshyEct7y (2016-09-15) twitter.com
Tweet ICSCERT issued ICSA1622402 Rockwell Automation RSLogix 500 ampamp RSLogix Micro Buffer Overflow to ICSCERT web site httpstcogJJCNU22xf (2016-09-15) twitter.com
Sixth Linux DDoS Trojan Discovered in the Last 30 Days (2016-09-15) www.itsecurityguru.org
Doubledipping malware steals iOS creds and roots Android (2016-09-15) www.itsecurityguru.org
Rockwell Automation RSLogix 500 AND RSLogix Micro File Parser Buffer Overflow Vulnerability (2016-09-15) ics-cert.us-cert.gov
Trane Tracer SC Sensitive Information Exposure Vulnerability (2016-09-15) ics-cert.us-cert.gov
ABB DataManagerPro Credential Management Vulnerability (2016-09-15) ics-cert.us-cert.gov
Yokogawa STARDOM Authentication Bypass Vulnerability (2016-09-15) ics-cert.us-cert.gov
How to Easily Protect Against the Trident iOS Vulnerabilities (2016-09-15) duo.com
Tweet ICSCERT issued alert ICSALERT1625601 FENIKS PRO Elnet Energy Meter Vulnerabilities to ICSCERT web site httpstcoZnDStDG5Oh (2016-09-12) twitter.com
Tweet ICSCERT issued Recommended Practice Improving ICS Cybersecurity with DefenseinDepth Strategies ICSCERT web site httpstcoHN18YdceL5 (2016-09-12) twitter.com
Thousands of Seagate NAS boxes host cryptocurrency mining malware (2016-09-12) www.csoonline.com
MySQL zeroday exploit puts some servers at risk of hacking (2016-09-12) www.pcworld.com
New Linux Trojan Discovered Coded in Mozillas Rust Language (2016-09-09) www.itsecurityguru.org
Internet of Sins Million more devices sharing known private keys for HTTPS SSH admin (2016-09-07) www.itsecurityguru.org
Cryptographic Key Reuse Remains Widespread In Embedded Products (2016-09-06) www.darkreading.com
Siemens SIPROTEC 4 and SIPROTEC Compact Vulnerabilities (2016-09-06) ics-cert.us-cert.gov
New Report shows 55 of websites have severe vulnerabilities (2016-09-06) www.itsecurityguru.org
Chromes newest version contains 33 security fixes Cisco patches two critical vulnerabilities (2016-09-02) www.scmagazine.com
OneLogin breached hacker finds cleartext credential notepads (2016-08-31) www.itsecurityguru.org
New covert malware uses USB drives to jump airgaps and works on almost every storage device (2016-08-30) www.itsecurityguru.org
HTTPS and OpenVPN face new attack that can decrypt secret cookies (2016-08-25) arstechnica.com
Cisco starts patching firewall devices against NSAlinked exploit (2016-08-25) www.pcworld.com
New Banking Trojan Uses PowerShell to Alter Internet Explorer Proxy Settings (2016-08-23) www.itsecurityguru.org
Moxa OnCell Vulnerabilities (2016-08-23) ics-cert.us-cert.gov
Malware Infected All Eddie Bauer Stores in US Canada (2016-08-19) www.itsecurityguru.org
Researchers spot Nemucod in Brazil spreading banking trojans (2016-08-18) www.scmagazine.com
Navis WebAccess SQL Injection Vulnerability (2016-08-18) ics-cert.us-cert.gov
Cisco Patches ZeroDay Firewall Flaw Exposed In Equation Group Hack (2016-08-18) www.darkreading.com
Navis WebAccess SQL Injection Exploitation (2016-08-17) ics-cert.us-cert.gov
Prevent Security Breaches Due to OutofDate Flash Vulnerabilities (2016-08-17) duo.com
FalseCONNECT sends vendors scrambling to patch proxy MITM bug (2016-08-17) www.itsecurityguru.org
Software Firm Sage Probes Data Breach (2016-08-16) www.darkreading.com
Metapacket analyzes outbound network traffic to flag and block malware (2016-08-15) techcrunch.com
Android DroidJack Malware Spreading Via OverThe Top Services (2016-08-15) www.darkreading.com
HEI Hotels reports pointofsale terminals breach (2016-08-14) www.pcworld.com
Sage software firm hit by data breach (2016-08-14) www.bbc.co.uk
Tweet Hidden vulnerability in some PHP webtoemail forms abused to email Locky ransomware bradanton explains it httpstcoGxIk46Zf3j (2016-08-11) twitter.com
Rockwell Automation MicroLogix 1400 SNMP Credentials Vulnerability (2016-08-11) ics-cert.us-cert.gov
New malware campaign spreads backdoors instead of ransomware (2016-08-11) www.itsecurityguru.org
Disable WPAD now or have your accounts and private data compromised (2016-08-10) www.pcworld.com
Oracle MICROS payment terminal biz hacked Payments worldwide at risk (2016-08-09) www.itsecurityguru.org
Oracle Probes MICROS PoS System Breach (2016-08-09) www.darkreading.com
Russian hackers appear to have infiltrated up to 330000 computer cash registers sold by Oracle ORCL (2016-08-09) www.businessinsider.com
Tweet Breaking exclusive Data breach at Oracle compromised usernamespasswords for its MICROS pointofsale customers httpstcoOel0qwPIdV (2016-08-08) twitter.com
Hackers Breach Hundreds of Thousands of Cash Registers (2016-08-08) www.pcmag.com
Hackers hit Oracles Micros payment systems division (2016-08-08) www.pcworld.com
Quadrooter Bug Puts Android Devices At Risk (2016-08-08) www.pcmag.com
1 billion computer monitors vulnerable to undetectable firmware attacks (2016-08-06) boingboing.net
Huge data breach at health system leads to biggest ever settlement (2016-08-05) www.itsecurityguru.org
Talos Discovers ZeroDay Vulnerabilities in Hancom Office Suite (2016-08-04) continuum.cisco.com
PCnuking malware sneakily replaces popular free software on FossHub (2016-08-04) www.pcworld.com
Anatomy of an Exploit Get the Binary (2016-08-03) dzone.com
Is YOUR email address and password for sale Hacker claims 200m Yahoo accounts are listed on a dark web market (2016-08-03) www.itsecurityguru.org
Talos Office Macro Attacks Are on the Rise (2016-08-02) continuum.cisco.com
Magnetic stripes vulnerable to hackers shows researcher (2016-08-02) thehill.com
Siemens SINEMA Server Privilege Escalation Vulnerability (2016-08-02) ics-cert.us-cert.gov
Moxa SoftCMS SQL Injection Vulnerability (2016-08-02) ics-cert.us-cert.gov
Security Vulnerabilities in Wireless Keyboards (2016-08-02) www.schneier.com
Vulnerable PHP Forms Abused for Locky Distribution (2016-08-01) blog.opendns.com
ACSC Releases Risk Mitigation Strategies Against Malicious Email (2016-08-01) www.us-cert.gov
Multiple SIEM Dilemma UDP Forwarding (2016-08-01) www.itsecurityguru.org
Hackers allegedly take over airport screens to blast insults about the South China Sea (2016-08-01) www.itsecurityguru.org
Intel Crosswalk bug invalidates SSL protection (2016-08-01) www.itsecurityguru.org
SwiftKey Stops Cloud Sync Following User Data Leak (2016-08-01) www.itsecurityguru.org
Crypto Malware Responding To MachineTimescale Breaches (2016-08-01) www.darkreading.com
PPD41 Stakeholder Message (2016-07-27) ics-cert.us-cert.gov
Osram Smart Light Bugs Affect WiFi Security (2016-07-27) www.pcmag.com
HHS Penalizes Philadelphia Healthcare Organization For HIPAA Violation (2016-07-27) www.darkreading.com
Kimpton Hotel Chain Investigating Possible Payment Card Breach (2016-07-27) www.darkreading.com
Twitters Vine Source code dump (2016-07-22) avicoder.me
Flaws in Oracle file processing SDKs affect major thirdparty products (2016-07-21) www.pcworld.com
Oracle issues largest patch bundle ever fixing 276 security flaws (2016-07-20) www.pcworld.com
Cisco Releases Security Update (2016-07-20) www.us-cert.gov
quothttpoxyquot CGI vulnerability response (2016-07-20) blogs.apache.org
Security software that uses code hooking opens the door to hackers (2016-07-19) www.computerworld.com
Oracle Releases Security Bulletin (2016-07-19) www.us-cert.gov
Apple Releases Multiple Security Updates (2016-07-18) www.us-cert.gov
Drupal Releases Security Advisory (2016-07-18) www.us-cert.gov
Mitigating the HTTPoxy Vulnerability with NGINX (2016-07-18) www.nginx.com
Philips XperIM Connect Vulnerabilities (2016-07-14) ics-cert.us-cert.gov
Schneider Electric SoMachine HVAC Unsafe ActiveX Control Vulnerability (2016-07-14) ics-cert.us-cert.gov
Moxa MGate Authentication Bypass Vulnerability (2016-07-14) ics-cert.us-cert.gov
Schneider Electric Pelco Digital Sentry Video Management System Vulnerability (2016-07-14) ics-cert.us-cert.gov
GE Proficy HMI SCADA CIMPLICITY Privilege Management Vulnerability (2016-07-12) ics-cert.us-cert.gov
Tollgrade Smart Grid EMS LightHouse Vulnerabilities (2016-07-12) ics-cert.us-cert.gov
St Louis Federal Reserve Suffers DNS Breach (2015-05-18) krebsonsecurity.com

If you think there is a link I should have listed here feel free to tweet it at me, or submit as a Github issue. Even though I do this full time, I'm still a one person show, and I miss quite a bit, and depend on my network to help me know what is going on.