API Vulnerabilities News

These are the news items I've curated in my monitoring of the API space that have some relevance to the API definition conversation and I wanted to include in my research. I'm using all of these links to better understand how the space is testing their APIs, going beyond just monitoring and understand the details of each request and response.

Title Source Visit
Why Startups Need an API (2012-04-21) tune.com
St. Louis Federal Reserve Suffers DNS Breach (2015-05-18) krebsonsecurity.com
Tollgrade Smart Grid EMS LightHouse Vulnerabilities (2016-07-12) ics-cert.us-cert.gov
GE Proficy HMI SCADA CIMPLICITY Privilege Management Vulnerability (2016-07-12) ics-cert.us-cert.gov
Schneider Electric Pelco Digital Sentry Video Management System Vulnerability (2016-07-14) ics-cert.us-cert.gov
Schneider Electric SoMachine HVAC Unsafe ActiveX Control Vulnerability (2016-07-14) ics-cert.us-cert.gov
Moxa MGate Authentication Bypass Vulnerability (2016-07-14) ics-cert.us-cert.gov
Philips Xper-IM Connect Vulnerabilities (2016-07-14) ics-cert.us-cert.gov
Apple Releases Multiple Security Updates (2016-07-18) www.us-cert.gov
Drupal Releases Security Advisory (2016-07-18) www.us-cert.gov
Mitigating the HTTPoxy Vulnerability with NGINX (2016-07-18) www.nginx.com
Oracle Releases Security Bulletin (2016-07-19) www.us-cert.gov
Security software that uses code hooking opens the door to hackers (2016-07-19) www.computerworld.com
quot;httpoxyquot; CGI vulnerability response (2016-07-20) blogs.apache.org
Cisco Releases Security Update (2016-07-20) www.us-cert.gov
Oracle issues largest patch bundle ever, fixing 276 security flaws (2016-07-20) www.pcworld.com
Flaws in Oracle file processing SDKs affect major third-party products (2016-07-21) www.pcworld.com
Twitters Vine Source code dump (2016-07-22) avicoder.me
Kimpton Hotel Chain Investigating Possible Payment Card Breach (2016-07-27) www.darkreading.com
HHS Penalizes Philadelphia Healthcare Organization For HIPAA Violation (2016-07-27) www.darkreading.com
Osram Smart Light Bugs Affect Wi-Fi Security (2016-07-27) www.pcmag.com
PPD-41 Stakeholder Message (2016-07-27) ics-cert.us-cert.gov
Multiple SIEM Dilemma ? UDP Forwarding (2016-08-01) www.itsecurityguru.org
Vulnerable PHP Forms Abused for Locky Distribution (2016-08-01) blog.opendns.com
Hackers allegedly take over airport screens to blast insults about the South China Sea (2016-08-01) www.itsecurityguru.org
ACSC Releases Risk Mitigation Strategies Against Malicious Email (2016-08-01) www.us-cert.gov
Crypto Malware: Responding To Machine-Timescale Breaches (2016-08-01) www.darkreading.com
Intel Crosswalk bug invalidates SSL protection (2016-08-01) www.itsecurityguru.org
SwiftKey Stops Cloud Sync Following User Data Leak (2016-08-01) www.itsecurityguru.org
Magnetic stripes vulnerable to hackers, shows researcher (2016-08-02) thehill.com
Security Vulnerabilities in Wireless Keyboards (2016-08-02) www.schneier.com
Talos: Office Macro Attacks Are on the Rise (2016-08-02) continuum.cisco.com
Siemens SINEMA Server Privilege Escalation Vulnerability (2016-08-02) ics-cert.us-cert.gov
Moxa SoftCMS SQL Injection Vulnerability (2016-08-02) ics-cert.us-cert.gov
Anatomy of an Exploit: Get the Binary (2016-08-03) dzone.com
Is YOUR email address and password for sale? Hacker claims 200m Yahoo accounts are listed on a dark web market (2016-08-03) www.itsecurityguru.org
Talos Discovers Zero-Day Vulnerabilities in Hancom Office Suite (2016-08-04) continuum.cisco.com
PC-nuking malware sneakily replaces popular free software on FossHub (2016-08-04) www.pcworld.com
Huge data breach at health system leads to biggest ever settlement (2016-08-05) www.itsecurityguru.org
1 billion computer monitors vulnerable to undetectable firmware attacks (2016-08-06) boingboing.net
Hackers hit Oracles Micros payment systems division (2016-08-08) www.pcworld.com
Quadrooter Bug Puts Android Devices At Risk (2016-08-08) www.pcmag.com
Hackers Breach Hundreds of Thousands of Cash Registers (2016-08-08) www.pcmag.com
Tweet: Breaking, exclusive: Data breach at Oracle compromised usernames/passwords for its MICROS point-of-sale customers https://t.co/Oel0qwPIdV (2016-08-08) twitter.com
Oracle Probes MICROS PoS System Breach (2016-08-09) www.darkreading.com
Russian hackers appear to have infiltrated up to 330,000 computer cash registers sold by Oracle (ORCL) (2016-08-09) www.businessinsider.com
Oracle MICROS payment terminal biz hacked. Payments worldwide at risk (2016-08-09) www.itsecurityguru.org
Disable WPAD now or have your accounts and private data compromised (2016-08-10) www.pcworld.com
Rockwell Automation MicroLogix 1400 SNMP Credentials Vulnerability (2016-08-11) ics-cert.us-cert.gov
New malware campaign spreads backdoors instead of ransomware (2016-08-11) www.itsecurityguru.org
Tweet: Hidden vulnerability in some PHP web-to-email forms (ab)used to email #Locky #ransomware; @brad_anton explains it: https://t.co/GxIk46Zf3j (2016-08-11) twitter.com
Sage software firm hit by data breach (2016-08-14) www.bbc.co.uk
HEI Hotels reports point-of-sale terminals breach (2016-08-14) www.pcworld.com
Android DroidJack Malware Spreading Via Over-The Top Services (2016-08-15) www.darkreading.com
Metapacket analyzes outbound network traffic to flag and block malware (2016-08-15) techcrunch.com
Software Firm Sage Probes Data Breach (2016-08-16) www.darkreading.com
FalseCONNECT sends vendors scrambling to patch proxy MITM bug (2016-08-17) www.itsecurityguru.org
Navis WebAccess SQL Injection Exploitation (2016-08-17) ics-cert.us-cert.gov
Prevent Security Breaches Due to Out-of-Date Flash Vulnerabilities (2016-08-17) duo.com
Navis WebAccess SQL Injection Vulnerability (2016-08-18) ics-cert.us-cert.gov
Cisco Patches Zero-Day Firewall Flaw Exposed In Equation Group Hack (2016-08-18) www.darkreading.com
Researchers spot Nemucod in Brazil spreading banking trojans (2016-08-18) www.scmagazine.com
Malware Infected All Eddie Bauer Stores in U.S., Canada (2016-08-19) www.itsecurityguru.org
New Banking Trojan Uses PowerShell to Alter Internet Explorer Proxy Settings (2016-08-23) www.itsecurityguru.org
Moxa OnCell Vulnerabilities (2016-08-23) ics-cert.us-cert.gov
Cisco starts patching firewall devices against NSA-linked exploit (2016-08-25) www.pcworld.com
HTTPS and OpenVPN face new attack that can decrypt secret cookies (2016-08-25) arstechnica.com
New covert malware uses USB drives to jump airgaps and works on almost every storage device (2016-08-30) www.itsecurityguru.org
OneLogin breached, hacker finds cleartext credential notepads (2016-08-31) www.itsecurityguru.org
Chromes newest version contains 33 security fixes; Cisco patches two critical vulnerabilities (2016-09-02) www.scmagazine.com
Siemens SIPROTEC 4 and SIPROTEC Compact Vulnerabilities (2016-09-06) ics-cert.us-cert.gov
New Report shows 55% of websites have severe vulnerabilities (2016-09-06) www.itsecurityguru.org
Cryptographic Key Reuse Remains Widespread In Embedded Products (2016-09-06) www.darkreading.com
Internet of Sins: Million more devices sharing known private keys for HTTPS, SSH admin (2016-09-07) www.itsecurityguru.org
New Linux Trojan Discovered Coded in Mozilla?s Rust Language (2016-09-09) www.itsecurityguru.org
MySQL zero-day exploit puts some servers at risk of hacking (2016-09-12) www.pcworld.com
Thousands of Seagate NAS boxes host cryptocurrency mining malware (2016-09-12) www.csoonline.com
Tweet: ICS-CERT issued Recommended Practice Improving ICS Cybersecurity with Defense-in-Depth Strategies ICS?CERT web site https://t.co/HN18YdceL5 (2016-09-12) twitter.com
Tweet: ICS-CERT issued alert ICS-ALERT-16-256-01 FENIKS PRO Elnet Energy Meter Vulnerabilities to ICS?CERT web site - https://t.co/ZnDStDG5Oh (2016-09-12) twitter.com
Yokogawa STARDOM Authentication Bypass Vulnerability (2016-09-15) ics-cert.us-cert.gov
How to Easily Protect Against the Trident iOS Vulnerabilities (2016-09-15) duo.com
Trane Tracer SC Sensitive Information Exposure Vulnerability (2016-09-15) ics-cert.us-cert.gov
Rockwell Automation RSLogix 500 AND RSLogix Micro File Parser Buffer Overflow Vulnerability (2016-09-15) ics-cert.us-cert.gov
Sixth Linux DDoS Trojan Discovered in the Last 30 Days (2016-09-15) www.itsecurityguru.org
ABB DataManagerPro Credential Management Vulnerability (2016-09-15) ics-cert.us-cert.gov
Double-dipping malware steals iOS creds and roots Android (2016-09-15) www.itsecurityguru.org
Tweet: ICS-CERT issued ICSA-16-224-02 Rockwell Automation RSLogix 500 amp;amp; RSLogix Micro Buffer Overflow to ICS-CERT web site https://t.co/gJJCNU22xf (2016-09-15) twitter.com
Tweet: ICS-CERT issued advisory ICSA-16-259-02 ABB DataManagerPro Credential Management Vulnerability to ICS-CERT web site https://t.co/KQshyEct7y (2016-09-15) twitter.com
Tweet: ICS-CERT issued advisory ICSA-16-259-01 Yokogawa STARDOM Authentication Bypass Vulnerability to ICS?CERT web site https://t.co/InVxgekGNN (2016-09-15) twitter.com
Tweet: ICS-CERT issued advisory ICSA-16-259-03 Trane Tracer SC Sensitive Information Exposure Vuln to ICS?CERT web site https://t.co/dC1xPL4fhM (2016-09-15) twitter.com
Mozilla Firefox Vulnerable To Man-In-The-Middle Attack: Report (2016-09-19) www.cxotoday.com
Apple Releases Security Updates (2016-09-20) www.us-cert.gov
Moxa Active OPC Server Unquoted Service Path Escalation Vulnerability (2016-09-20) ics-cert.us-cert.gov
Mozilla Releases Security Updates (2016-09-20) www.us-cert.gov
Drupal Releases Security Advisory (2016-09-21) www.us-cert.gov
Cisco Releases Security Updates (2016-09-21) www.us-cert.gov
Siemens SCALANCE M-800/S615 Web Vulnerability (2016-09-27) ics-cert.us-cert.gov
ISC Releases Security Updates for BIND (2016-09-27) www.us-cert.gov
Cisco Releases Security Updates (2016-09-28) www.us-cert.gov
American Auto-Matrix Front-End Solutions Vulnerabilities (2016-09-29) ics-cert.us-cert.gov
Homeland Security Warns Certain Huawei Devices Vulnerable To DDoS (2016-10-04) www.itsecurityguru.org
INDAS Web SCADA Path Traversal Vulnerability (2016-10-04) ics-cert.us-cert.gov
Beckhoff Embedded PC Images and TwinCAT Components Vulnerabilities (2016-10-04) ics-cert.us-cert.gov
Cisco Releases Security Updates (2016-10-05) www.us-cert.gov
GE Bently Nevada 3500/22M Improper Authorization Vulnerability (2016-10-06) ics-cert.us-cert.gov
VMware Releases Security Updates (2016-10-07) www.us-cert.gov
NIST Released Special Publication: SP 800-150 (2016-10-11) ics-cert.us-cert.gov
Microsoft Releases Security Updates (2016-10-11) www.us-cert.gov
Adobe Releases Security Updates (2016-10-11) www.us-cert.gov
Eko Malware Targets Facebook Users (2016-10-12) www.itsecurityguru.org
Cisco Releases Security Updates (2016-10-12) www.us-cert.gov
Sierra Wireless Mitigations Against Mirai Malware (2016-10-12) ics-cert.us-cert.gov
Siemens SIMATIC STEP 7 (TIA Portal) Information Disclosure Vulnerabilities (2016-10-13) ics-cert.us-cert.gov
Siemens Automation License Manager Vulnerabilities (2016-10-13) ics-cert.us-cert.gov
Rockwell Automation Stratix Denial-of-Service and Memory Leak Vulnerabilities (2016-10-13) ics-cert.us-cert.gov
Moxa ioLogik E1200 Series Vulnerabilities (2016-10-13) ics-cert.us-cert.gov
Google Releases Security Update for Chrome (2016-10-13) www.us-cert.gov
Kabona AB WDC Vulnerabilities (2016-10-13) ics-cert.us-cert.gov
Fatek Automation Designer Memory Corruption Vulnerabilities (2016-10-13) ics-cert.us-cert.gov
ICS-CERT issued advisory ICSA-16-287-01 OSIsoft PI Web API 2015 R2 Service Acct Permissions Vuln to ICS-CERT (2016-10-13) ics-cert.us-cert.gov
Schneider Electric PowerLogic PM8ECC Hard-coded Password Vulnerability (2016-10-18) ics-cert.us-cert.gov
Oracle Releases Security Bulletin (2016-10-18) www.us-cert.gov
Oracle fixes 100s of vulnerabilities that put enterprise data at risk (2016-10-19) www.pcworld.com
Cisco Releases Security Updates (2016-10-19) www.us-cert.gov
Moxa EDR-810 Industrial Secure Router Privilege Escalation Vulnerability (2016-10-20) ics-cert.us-cert.gov
Mozilla Releases Security Update for Firefox (2016-10-20) www.us-cert.gov
ISC Releases Security Advisory (2016-10-20) www.us-cert.gov
Warnings over Dirty Cow Linux bug (2016-10-21) www.bbc.co.uk
Linux Kernel Vulnerability (2016-10-21) www.us-cert.gov
Government Hacking: Vulnerabilities Equities Process (2016-10-31) cyberlaw.stanford.edu
Disclosing vulnerabilities to protect users (2016-10-31) security.googleblog.com
A look at CMSs from a Vulnerability Researchers View (2016-10-31) www.liquidmatrix.org
Schneider Electric ConneXium Buffer Overflow Vulnerability (2016-11-01) ics-cert.us-cert.gov
NCCIC/ICS-CERT Advanced Analytical Laboratory Malware Trends White Paper (2016-11-01) ics-cert.us-cert.gov
IBHsoftec S7-SoftPLC CPX43 Heap-based Buffer Overflow Vulnerability (2016-11-01) ics-cert.us-cert.gov
Schneider Electric Unity PRO Control Flow Management Vulnerability (2016-11-01) ics-cert.us-cert.gov
ISC Releases Security Updates for BIND (2016-11-01) www.us-cert.gov
Schneider Electric Magelis HMI Resource Consumption Vulnerabilities (2016-11-03) ics-cert.us-cert.gov
Schneider Electric IONXXXX Series Power Meter Vulnerabilities (2016-11-03) ics-cert.us-cert.gov
Moxa OnCell Security Vulnerabilities (2016-11-03) ics-cert.us-cert.gov
Phoenix Contact ILC PLC Authentication Vulnerabilities (2016-11-08) ics-cert.us-cert.gov
Siemens Industrial Products Local Privilege Escalation Vulnerability (2016-11-08) ics-cert.us-cert.gov
OSIsoft PI System Incomplete Model of Endpoint Features Vulnerability (2016-11-08) ics-cert.us-cert.gov
Microsoft November Security Updates Include Fix For Zero-Day Flaw (2016-11-08) www.darkreading.com
CA Unified Infrastructure Management Directory Traversal Vulnerability (2016-11-10) ics-cert.us-cert.gov
Microsoft Patches Dangerous Backdoor In Skype For Mac OS X (2016-12-13) www.isvoc.com
Siemens SIMATIC WinCC and SIMATIC PCS 7 ActiveX Vulnerability (2016-12-13) ics-cert.us-cert.gov
Microsoft Patches Dangerous Backdoor In Skype For Mac OS X (2016-12-13) www.darkreading.com
Delta Electronics WPLSoft, ISPSoft, and PMSoft Vulnerabilities (2016-12-13) ics-cert.us-cert.gov
Netgear starts patching routers left vulnerable to hacking by a critical flaw (2016-12-13) www.pcworld.com
Microsoft Releases December 2016 Security Bulletin (2016-12-13) www.us-cert.gov
Moxa DACenter Vulnerabilities (2016-12-13) ics-cert.us-cert.gov
Siemens S7-300/400 PLC Vulnerabilities (2016-12-13) ics-cert.us-cert.gov
5-year-old Skype Backdoor Discovered – Mac OS X Users Urged to... (2016-12-14) trueviralnews.com
Vulnerability and Patch Management (2016-12-15) resources.infosecinstitute.com
Fatek Automation PLC WinProladder Stack-Based Buffer Overflow Vulnerability (2016-12-15) ics-cert.us-cert.gov
Microsoft Patches Skype for Mac Backdoor Open for Up to 10 Years (2016-12-15) cyberparse.co.uk
OmniMetrix OmniView Vulnerabilities (2016-12-15) ics-cert.us-cert.gov
0-days hitting Fedora and Ubuntu open desktops to a world of hurt (2016-12-16) arstechnica.com
Mozilla Releases Security Update (2016-12-28) www.us-cert.gov
978 - Kaspersky: SSL interception differentiates certificates with a 32bit hash - project-zero - Monorail (2017-01-03) bugs.chromium.org
Rockwell Automation MicroLogix 1100 and 1400 Vulnerabilities (2017-01-05) ics-cert.us-cert.gov
Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability (2017-01-05) ics-cert.us-cert.gov
New Android Malware Attacks Your Wireless Router Through Your Phone (2017-01-06) www.itsecurityguru.org
Vulnerability of Web-based Applications (2017-01-09) resources.infosecinstitute.com
Google plugs serious Nexus vulnerability in latest security update (2017-01-09) www.pcworld.com
St. Jude [email protected] Transmitter Vulnerability (2017-01-09) ics-cert.us-cert.gov
Security Bulletins posted (2017-01-10) blogs.adobe.com
Adobe Releases Security Updates (2017-01-10) www.us-cert.gov
Hack Exposes Reams of Private Jabber Chats (2017-01-11) motherboard.vice.com
Top security expert: There is no WhatsApp backdoor (FB) (2017-01-13) www.businessinsider.com
A critical flaw (possibly a deliberate backdoor) allows for decryption of Whatsapp messages (2017-01-13) boingboing.net
Encrypted messaging platform WhatsApp denies “backdoor” claim (2017-01-13) techcrunch.com
Silence speaks louder than words when finding malware (2017-01-17) developers.googleblog.com
Decline in two families of malware has researchers stumped (2017-01-17) thehill.com
Oracle Releases Security Bulletin (2017-01-18) www.us-cert.gov
Schneider Electric homeLYnk Controller (2017-01-19) ics-cert.us-cert.gov
Old-School Mac OS Malware Spotted Targeting Biomedical Industry (2017-01-19) www.darkreading.com
Researchers ID Decades-Old Fruitfly Mac Malware (2017-01-20) www.pcmag.com
Tenable Unveils SaaS Platform that Redefines Vulnerability Management for Today’s Elastic IT Environments (2017-01-31) www.itsecurityguru.org
Positive Technologies discovers security vulnerability in data center monitoring system that could allow remote access to unencrypted passwords (2017-01-31) www.itsecurityguru.org
Tenable Brings Vulnerability Management Platform to the Cloud (2017-01-31) shopmatrix.eu
VMware Releases Security Updates (2017-01-31) www.us-cert.gov
BINOM3 Electric Power Quality Meter (2017-01-31) ics-cert.us-cert.gov
Ecava IntegraXor (2017-01-31) ics-cert.us-cert.gov
Cisco Clock Signal Component Failure Advisory (2017-02-06) www.us-cert.gov
IKITTENS: IRANIAN ACTOR RESURFACES WITH MALWARE FOR MAC (2017-02-06) iranthreats.github.io
Devilish New Ransomware is Out on the Street (2017-02-06) cyware.com
Bugcrowd Reduces the Cost and Effort of Unifying Vulnerability Data... (2017-02-07) worldnews.se
BD Alaris 8000 Insufficiently Protected Credentials Vulnerability (2017-02-07) ics-cert.us-cert.gov
BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities (2017-02-07) ics-cert.us-cert.gov
Report: Security Flaw Lets Hackers Snoop on 76 iPhone Apps (2017-02-07) www.pcmag.com
ISC Releases Security Updates for BIND (2017-02-08) www.us-cert.gov
Hanwha Techwin Smart Security Manager (2017-02-09) ics-cert.us-cert.gov
F5’s Big-IP leaks little chunks of memory, even SSL session Ids (2017-02-09) www.itsecurityguru.org
Apple Releases Security Update (2017-02-14) www.us-cert.gov
Geutebrück IP Cameras (2017-02-14) ics-cert.us-cert.gov
Adobe Releases Security Updates (2017-02-14) www.us-cert.gov
Siemens SIMATIC Authentication Bypass (2017-02-14) ics-cert.us-cert.gov
Advantech WebAccess (2017-02-14) ics-cert.us-cert.gov
Apple Releases Security Update (2017-02-21) www.us-cert.gov
Schneider Electric Modicon M340 PLC (2017-02-23) ics-cert.us-cert.gov
Operation BugDrop: CyberX Discovers Large-Scale Cyber-Reconnaissance Operation Targeting Ukrainian Organizations (2017-02-23) ics-cert.us-cert.gov
Incident report on memory leak caused by Cloudflare parser bug (2017-02-23) blog.cloudflare.com
Red Lion Controls Sixnet-Managed Industrial Switches, AutomationDirect STRIDE-Managed Ethernet Switches Vulnerability (2017-02-23) ics-cert.us-cert.gov
Tweet: Incident report on memory leak caused by Cloudflare parser bug - https://t.co/rTZ4bFw3uJ (2017-02-23) twitter.com
How to secure your data after the Cloudflare leak (2017-02-24) techcrunch.com
Cloudflare Leaked Web Customer Data For Months (2017-02-24) www.darkreading.com
Cloudbleed — Your Credentials Cached in Search Engines (2017-02-24) hackaday.com
Announcing the first SHA1 collision (2017-02-24) security.googleblog.com
Partners: Cloudflare Software Bug Shows Need For Better Business Data Security Measures (2017-02-24) www.crn.com
DigitalOcean, Your Data, and the Cloudflare Vulnerability (2017-02-24) www.digitalocean.com
SHA-1 Has Been Compromised In Practice (2017-02-24) auth0.com
Cloudflare data leakage doesn’t reveal 1Password secrets (2017-02-24) www.macworld.com
Cloudflare leak: Please reset your CCID password (2017-02-24) creativecommons.org
Update Regarding the CloudFlare Security Incident (2017-02-24) blog.stocktwits.com
Popular website service Cloudflare leaked private data (2017-02-24) thehill.com
Cisco Releases Security Update (2017-03-01) www.us-cert.gov
Schneider Electric Conext ComBox (2017-03-02) ics-cert.us-cert.gov
Siemens SINUMERIK Integrate and SINUMERIK Operate (2017-03-02) ics-cert.us-cert.gov
(Cloud)Flare Up: What you Need to Know about Ticketbleed (2017-03-02) www.forumsys.com
Eaton xComfort Ethernet Communication Interface (2017-03-02) ics-cert.us-cert.gov
WordPress Releases Security Update (2017-03-06) www.us-cert.gov
Mozilla Releases Security Update (2017-03-07) www.us-cert.gov
Apache Software Foundation Releases Security Updates (2017-03-08) www.us-cert.gov
The White House’s favorite ‘secure’ messaging app is riddled with bugs (2017-03-08) thenextweb.com
Researchers find major flaws in encrypted chat app popular in WH (2017-03-08) thehill.com
IRS Releases Tax-Time Guide (2017-03-09) www.us-cert.gov
Report: Government-held security vulnerabilities last for years (2017-03-09) thehill.com
Google Releases Security Update for Chrome (2017-03-09) www.us-cert.gov
Some notes on the RAND 0day report (2017-03-09) blog.erratasec.com
Google Discloses Details of an Unpatched Microsoft Vulnerability (2017-03-09) www.schneier.com
Google says it’s already fixed many exploits from WikiLeaks’ CIA document dump (2017-03-09) www.theverge.com
A Challenge to WikiLeaks: Disclose Software Vulnerabilities on a Responsible Timeline (2017-03-10) www.carbonblack.com
Critical Vulnerability Uncovered in JSON Encryption (2017-03-13) blogs.adobe.com
Vulnerabilities in WiFi Cameras (2017-03-14) www.eagleeyenetworks.com
Adobe Releases Security Updates (2017-03-14) www.us-cert.gov
Ursnif Malware (2017-03-14) resources.infosecinstitute.com
Fatek Automation PLC Ethernet Module (2017-03-14) ics-cert.us-cert.gov
Drupal Releases Security Update (2017-03-15) www.us-cert.gov
WhatsApp Hack Shows That Even Encryption Apps Are Vulnerable in a Browser (2017-03-15) www.wired.com
Microsoft fixes record number of flaws, some publicly known (2017-03-15) www.pcworld.com
Vulnerability Management in 2017: Context is King (2017-03-17) www.bmc.com
New Vulnerability Revealed in WhatsApp and Telegram, Allowed Hackers to Gain Complete Control Over User Accounts (2017-03-21) www.itsecurityguru.org
Cisco Releases Security Updates (2017-03-21) www.us-cert.gov
Cisco Issues Advisory on Flaw in Hundreds of Switches (2017-03-21) www.darkreading.com
Vulnerabilities Identified in Network Time Protocol Daemon (ntpd) (2017-03-22) www.us-cert.gov
Cisco Releases Security Updates (2017-03-22) www.us-cert.gov
Apple Releases Security Update for iTunes (2017-03-24) www.us-cert.gov
Cisco Patches Critical IOX Vulnerability (2017-03-24) www.itsecurityguru.org
Schneider Electric Interactive Graphical SCADA System Software (2017-04-04) ics-cert.us-cert.gov
Marel Food Processing Systems (2017-04-04) ics-cert.us-cert.gov
Cisco Releases Security Updates (2017-04-05) www.us-cert.gov
Brute Forcing HS256 Is Possible: The Importance of Using Strong Keys in Signing JWTs (2017-04-05) dzone.com
Android devices can be fatally hacked by malicious Wi-Fi networks (2017-04-07) arstechnica.com
MS Office Zero-day Exploited in Attacks – No Enabling of Macros Required! (2017-04-10) www.itsecurityguru.org
That Fingerprint Sensor on Your Phone Is Not as Safe as You Think (2017-04-10) www.nytimes.com
Your phone’s fingerprint lock has a weakness (2017-04-11) www.futurity.org
Schneider Electric Modicon Modbus Protocol (2017-04-11) ics-cert.us-cert.gov
BrickerBot Permanent Denial-of-Service Attack (2017-04-12) ics-cert.us-cert.gov
Apache Software Foundation Releases Security Updates (2017-04-12) www.us-cert.gov
Microsoft Releases April 2017 Security Updates (2017-04-12) www.us-cert.gov
Wecon Technologies LEVI Studio HMI Editor (2017-04-13) ics-cert.us-cert.gov
Schneider Electric Modicon M221 PLCs and SoMachine Basic (2017-04-13) ics-cert.us-cert.gov
VMware Releases Security Updates (2017-04-14) www.us-cert.gov
Unpatched PHP Flaw in E-Commerce Platform Leaves 200,000 Sites Vunerable (2017-04-14) continuum.cisco.com
Microsoft says exploits leaked by Shadow Brokers were addressed by prior patches (2017-04-15) techcrunch.com
Microsoft has already patched the NSAs leaked Windows hacks (2017-04-15) www.theverge.com
We Can Calm Down: Microsoft Already Patched Most of the Shadow Brokers Exploits (2017-04-15) motherboard.vice.com
VMware Releases Security Updates (2017-04-18) www.us-cert.gov
Oracle Releases Security Bulletin (2017-04-18) www.us-cert.gov
Drupal Releases Security Updates (2017-04-19) www.us-cert.gov
Mozilla Releases Security Updates (2017-04-19) www.us-cert.gov
Google Releases Security Updates for Chrome (2017-04-19) www.us-cert.gov
Fake Delta Airlines Receipt Packs Malware (2017-04-20) www.darkreading.com
Drupal fixes critical access bypass vulnerability (2017-04-20) www.pcworld.com
IBM Releases Security Update (2017-04-25) www.us-cert.gov
Adobe Releases Security Updates for ColdFusion (2017-04-26) www.us-cert.gov
GE Multilin SR Protective Relays (2017-04-27) ics-cert.us-cert.gov
Intel Firmware Vulnerability (2017-05-01) www.us-cert.gov
Schneider Electric Wonderware Historian Client (2017-05-02) ics-cert.us-cert.gov
CyberVision Kaa IoT Platform (2017-05-02) ics-cert.us-cert.gov
Google Releases Security Updates for Chrome (2017-05-02) www.us-cert.gov
Advantech B+B SmartWorx MESR901 (2017-05-02) ics-cert.us-cert.gov
Mozilla Releases Security Updates (2017-05-05) www.us-cert.gov
Microsoft Releases Critical Security Update (2017-05-08) www.us-cert.gov
Rockwell Automation Stratix 5900 (2017-05-09) ics-cert.us-cert.gov
Microsoft fixes 55 vulnerabilities, 3 exploited by Russian cyberspies (2017-05-09) www.pcworld.com
Siemens devices using the PROFINET Discovery and Configuration Protocol (2017-05-09) ics-cert.us-cert.gov
Siemens devices using the PROFINET Discovery and Configuration Protocol (2017-05-09) ics-cert.us-cert.gov
Cisco Patches Leaked 0-day in 300+ Of Its Switches (2017-05-10) www.itsecurityguru.org
Cisco Releases Security Update (2017-05-10) www.us-cert.gov
Google Researchers Discover Worst Windows Bug (2017-05-10) www.pcmag.com
Satel Iberia SenNet Data Logger and Electricity Meters (2017-05-11) ics-cert.us-cert.gov
Multiple Ransomware Infections Reported (2017-05-12) www.us-cert.gov
Unpatched 0-days in Vanilla Forums let Remote Attackers Hack Websites (2017-05-12) www.itsecurityguru.org
Microsoft Patches Two Critical Vulnerabilities Under Attack (2017-06-13) kasperskycontenthub.com
IT Security Vulnerability vs Threat vs Risk: What’s the Difference? (2017-06-21) www.bmc.com
Vulnerability Spotlight: Multiple Vulnerabilities in InsideSecure MatrixSSL (2017-06-22) blogs.cisco.com
The Diamond in the Rough: Effective Vulnerability Management with OWASP DefectDojo (2017-06-23) developers.redhat.com
RAT Vulnerabilities Turn Hackers into Victims (2017-06-23) www.darkreading.com
Xen Hypervisor Gets Patches for Virtual Machine Escape Flaws (2017-06-23) thenewstack.io
Another RCE Vulnerability Patched in Microsoft Malware Protection Engine (2017-06-26) kasperskycontenthub.com
Vulnerabilities Found in German e (2017-06-30) www.darkreading.com
Ukranian company that spread Petya could face criminal charges for vulnerability (2017-07-03) www.theverge.com
Vulnerability Spotlight: TALOS (2017-07-07) blogs.cisco.com
Attack on Critical Infrastructure Leverages Template Injection (2017-07-07) blogs.cisco.com
Security updates for multiple Jenkins plugins (2017-07-09) jenkins.io
How Code Vulnerabilities Can Lead to Bad Accidents (2017-07-10) www.darkreading.com
Vulnerability Spotlight: Iceni Infix PDF Editor Memory Corruption (2017-07-11) blogs.cisco.com
Adobe Fixes Six Vulnerabilities in Flash, Connect with July Update (2017-07-11) kasperskycontenthub.com
Microsoft Patch Tuesday – July 2017 (2017-07-11) blogs.cisco.com
Microsoft Patch Tuesday Update Fixes 19 Critical Vulnerabilities (2017-07-11) kasperskycontenthub.com
Adobe, Microsoft Push Critical Security Fixes (2017-07-11) krebsonsecurity.com
New SQL Injection Tool Makes Attacks Possible from a Smartphone (2017-07-12) www.darkreading.com
Uber Patches Authentication Bypass Vulnerability on Custom SSO Solution (2017-07-12) kasperskycontenthub.com
Scanner Shows EternalBlue Vulnerability Unpatched on Thousands of Machines (2017-07-13) kasperskycontenthub.com
Siemens Patches Authentication Bypass Flaw in SiPass Server (2017-07-14) kasperskycontenthub.com
50,000 Machines Remain Vulnerable to EternalBlue Attacks (2017-07-14) www.darkreading.com
Experts in Lather Over ‘gSOAP’ Security Flaw (2017-07-18) krebsonsecurity.com
Zero (2017-07-18) www.darkreading.com
A security researcher just revealed a huge Myspace security flaw. (And yes you should care.) (2017-07-18) mashable.com
Oracle Releases Biggest Update Ever: 308 Vulnerabilities Patched (2017-07-18) kasperskycontenthub.com
Bad Code Library Triggers Devil’s Ivy Vulnerability in Millions of IoT Devices (2017-07-19) kasperskycontenthub.com
Critical Security Vulnerabilities Found in Segway Hoverboards (2017-07-19) www.infosecurity-magazine.com
gSOAP Flaw Leaves Thousands of IoT Devices Vulnerable to Remote Code Execution (2017-07-19) continuum.cisco.com
Vulnerability Spotlight: Multiple Vulnerabilities in CorelDRAW X8 (2017-07-20) blogs.cisco.com
Vulnerability Spotlight: FreeRDP Multiple Vulnerabilities (2017-07-24) blogs.cisco.com
Custom Source Code Accounts for 93% of App Vulnerabilities (2017-07-25) www.darkreading.com
Novel Attack Tricks Servers to Cache, Expose Personal Data (2017-07-25) kasperskycontenthub.com
vulnerability (2017-07-25) github.com
Wannacry Inpires Worm (2017-07-28) www.darkreading.com
Vulnerability Spotlight: EZB Systems UltraISO ISO Parsing Code Execution Vulnerability (2017-08-02) blogs.cisco.com
Hashicorp vagrant (2017-08-02) packetstormsecurity.com
IBM Worklight / MobileFirst Cross Site Scripting (2017-08-02) packetstormsecurity.com
SMBLoris Denial Of Service (2017-08-02) packetstormsecurity.com
Joomla Ultimate Property Listing 1.0.2 SQL Injection (2017-08-02) packetstormsecurity.com
Joomla Event Registration Pro Calendar 4.1.3 SQL Injection (2017-08-02) packetstormsecurity.com
Joomla LMS King Professional 3.2.40 SQL Injection (2017-08-02) packetstormsecurity.com
Solarwinds Kiwi Syslog 9.6.1.6 Denial Of Service (2017-08-02) packetstormsecurity.com
Joomla SIMGenealogy 2.1.5 SQL Injection (2017-08-02) packetstormsecurity.com
Joomla PHP (2017-08-02) packetstormsecurity.com
TOR Virtual Network Tunneling Tool 0.3.0.10 (2017-08-02) packetstormsecurity.com
Two Popular IP Cameras Riddled With Vulnerabilities (2017-08-03) kasperskycontenthub.com
DoJ Launches Framework for Vulnerability Disclosure Programs (2017-08-03) www.darkreading.com
Cisco Fixes DoS, Authentication Bypass Vulnerabilities, OSPF Bug (2017-08-03) kasperskycontenthub.com
Red Hat Security Advisory 2017 (2017-08-03) packetstormsecurity.com
Ubuntu Security Notice USN (2017-08-03) packetstormsecurity.com
Ubuntu Security Notice USN (2017-08-03) packetstormsecurity.com
Ubuntu Security Notice USN (2017-08-03) packetstormsecurity.com
Ubuntu Security Notice USN (2017-08-03) packetstormsecurity.com
Muviko 1.0 SQL Injection (2017-08-03) packetstormsecurity.com
EDUMOD Pro 1.3 SQL Injection (2017-08-03) packetstormsecurity.com
Premium Servers List Tracker 1.0 SQL Injection (2017-08-03) packetstormsecurity.com
DNSTracer 1.9 Buffer Overflow (2017-08-03) packetstormsecurity.com
VirtualBox indows Process DLL Signature Bypass Privilege Escalation (2017-08-03) packetstormsecurity.com
VirtualBox Windows Process DLL UNC Path Signature Bypass Privilege Escalation (2017-08-03) packetstormsecurity.com
Axis 2100 Network Camera 2.43 Cross Site Scripting (2017-08-03) packetstormsecurity.com
Kernel Live Patch Security Notice LSN (2017-08-03) packetstormsecurity.com
Packet Storm New Exploits For July, 2017 (2017-08-03) packetstormsecurity.com
Vulnerability found in solar panels could knock out power grids across Europe (2017-08-04) thenextweb.com
Format Factory 4.1.0 DLL Hijacking (2017-08-04) packetstormsecurity.com
Linux Kernel 4.12 Race Condition (2017-08-04) packetstormsecurity.com
Vulnerability Spotlight: Kakadu SDK Vulnerabilities (2017-08-04) blogs.cisco.com
Exploits Available for Siemens Molecular Imaging Vulnerabilities (2017-08-04) kasperskycontenthub.com
HP Security Bulletin HPESB3P03767 1 (2017-08-04) packetstormsecurity.com
A2billing 2.1.1 SQL Injection (2017-09-04) packetstormsecurity.com
A2billing 2.x Backup Disclosure / Code Execution / SQL Injection (2017-09-04) packetstormsecurity.com
Ubuntu Security Notice USN (2017-09-05) packetstormsecurity.com
Gentoo Linux Security Advisory 201709 (2017-09-05) packetstormsecurity.com
Red Hat Security Advisory 2017 (2017-09-05) packetstormsecurity.com
Red Hat Security Advisory 2017 (2017-09-05) packetstormsecurity.com
Red Hat Security Advisory 2017 (2017-09-05) packetstormsecurity.com
Red Hat Security Advisory 2017 (2017-09-05) packetstormsecurity.com
Debian Security Advisory 3961 (2017-09-05) packetstormsecurity.com
Debian Security Advisory 3962 (2017-09-05) packetstormsecurity.com
Debian Security Advisory 3963 (2017-09-05) packetstormsecurity.com
Alexa and Siri are vulnerable to 'silent,' nefarious commands (2017-09-06) www.engadget.com
Red Hat Security Advisory 2017 (2017-09-06) packetstormsecurity.com
Red Hat Security Advisory 2017 (2017-09-06) packetstormsecurity.com
Red Hat Security Advisory 2017 (2017-09-06) packetstormsecurity.com
Red Hat Security Advisory 2017 (2017-09-06) packetstormsecurity.com
Red Hat Security Advisory 2017 (2017-09-06) packetstormsecurity.com
Vulnerability Spotlight: Content Security Policy bypass in Microsoft Edge, Google Chrome and Apple Safari (2017-09-06) blogs.cisco.com
Brutus FTP Attack Tool 0.3 (2017-09-06) packetstormsecurity.com
Subrion CMS 4.1.5 Cross Site Scripting (2017-09-06) packetstormsecurity.com
WordPress Cool Flickr Slideshow 1.0 Cross Site Scripting (2017-09-06) packetstormsecurity.com
WordPress Contact Form 7 International SMS Integration 1.2 XSS (2017-09-06) packetstormsecurity.com
Advertiz PHP Script 0.2 Cross Site Request Forgery (2017-09-06) packetstormsecurity.com
Cory Support SQL Injection (2017-09-06) packetstormsecurity.com
Gh0st Client Buffer Overflow (2017-09-07) packetstormsecurity.com
PlugX Controller Stack Overflow (2017-09-07) packetstormsecurity.com
HP Security Bulletin HPESBUX03772 1 (2017-09-07) packetstormsecurity.com
Debian Security Advisory 3965 (2017-09-07) packetstormsecurity.com
Apache Struts 2 REST Plugin XStream Remote Code Execution (2017-09-07) packetstormsecurity.com
SourceTree Remote Code Execution (2017-09-07) packetstormsecurity.com
IWEBSOUL CMS 1.0 Cross Site Scripting (2017-09-07) packetstormsecurity.com
IWEBSOUL CMS 1.0 SQL Injection (2017-09-07) packetstormsecurity.com
Tor Linux Sandbox Breakout Via X11 (2017-09-07) packetstormsecurity.com

If you think there is a link I should have listed here feel free to tweet it at me, or submit as a Github issue. Even though I do this full time, I'm still a one person show, and I miss quite a bit, and depend on my network to help me know what is going on.