For providers

I spotted new Njrat[ 1] samples that (ab)use the Microsoft dev tunnels[ 2] service to connect to their C2 servers. This is a service that allows developers to expose local services to the Internet securely for testing, debugging, and collaboration. It provides temporary, public, or private URLs that will enable remote access to a development environment without deploying code to production. Dev tunnels create a secure, temporary URL that maps to a local service running on your machine, they work across firewalls and NAT, and their access can be restricted. This is a service similar to the good old ngrok[ 3].

Remote tools allow data exfiltration without leaving a footprint or recognizable malware payload.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

OSPS Baseline provides a starting point for project owners and adopters to understand an open source project's security posture by outlining all the controls that have been applied.

Feds reverse order and reinstate FDA staff critical to medical device safety less than a week after firing them.

The flaws in Microsoft Partner Center and Synacor Zimbra Collaboration Suite were added to the KEV catalog.