IT Security News Daily Summary 2020-01-13

• Cryptic Rumblings Ahead of First 2020 Patch Tuesday

• US officials meet UK peers to remark the urgency to ban Huawei 5G tech

• Securing Interactive Kiosks IoTs with the Paradox OS

• Mac Shipments Down in Q4 2019 Amid Overall PC Market Growth

• Microsoft to Officially End Support for Windows 7, Server 2008

• Microsoft to Support the New Edge Browser After Windows 7 EOL

• What Questions Should I Keep in Mind to Improve My Security Metrics?

• Website Collecting Australian Fire Donations Hit by Magecart

• As Windows 7 supports ends, these are your four options

• Microsoft spots malicious npm package stealing data from UNIX systems

• Securing Interactive Kiosks IOTs with the Paradox OS

• Exploits Released for As-Yet Unpatched Critical Citrix Flaw

• Relying on AT&T, Verizon and T-Mob US to protect you from SIM swapping? You better get used to disappointment

• Tracking grants by blockchain

• CISA Releases Test Tool for Citrix ADC CVE-2019-19781 Vulnerability

• Scammers Dupe Texas School District Out of $2.3M

• NortonLifeLock to Sell ID Analytics Business to LexisNexis Risk Solutions

• Migrating NetApp Service Level Manager to Active IQ Unified Manager 9.7

• Why cybersecurity will impact everything in the new decade

• Senate wants to get ahead of IoT

• Macs May Be Getting ‘Pro Mode’ Option to Boost Performance, According to macOS Catalina Beta

• Dreaming of a Lucrative Career in IT? These suggestions Should Top Your List

• Joker Android Malware Snowballs on Google Play

• U.S. Attorney General Asks Apple to Unlock iPhones Used by Florida Mass Shooter

• Someone needs to go back to school: Texas district fleeced for $2.3m after staff fall for devious phishing email

• DEF CON 27, Appsec Village, YanYan Wang’s ‘Automate Pen Testing In Dockerized CI CD Environment’

• DOE launches quantum funding opportunity

• BEC Scammers Use Aging Report Phishing to Find New Targets

• Nemty Ransomware to Start Leaking Non-Paying Victim’s Data

• December’s Most Wanted Malware: Greta Thunberg-themed spam used to spread Emotet

• EFF Asks Supreme Court To Reverse Dangerous Rulings About API Copyrightability and Fair Use

• CES Surveillance Hype Worries Privacy Advocates

• Teradici PcoIP Agents and Clients (Deployed with Amazon Workspaces) – Unquoted Search Path and Potential Abuses (CVE-2019-20362)

• Signal Sciences: Enterprises still overlooking web app security

• Legislative mandates provide direction on data

• FCW Insider: Jan. 13

• CISA Releases Test for Citrix ADC and Gateway Vulnerability

• Multi-tenancy authentication through Kong API Gateway

• New Snort rules protect against recently discovered Citrix vulnerability

• Develop for Safety and Protect User Privacy through Geofencing

• CES 2020: Why HBO wants us to think twice about data privacy

• 7 TCP/IP vulnerabilities and how to prevent them

• Azure is now certified for the ISO/IEC 27701 privacy standard

• Hackers Blackmail Patients of Surgical Company in a Cyber attack

• Sodinokibi Operators Follow Through on Threats

• Silence Targeting Banks in Sub-Saharan Africa

• US, UK Officials Meet as PM Johnson’s Huawei Decision Nears

• Maze Ransomware Operators Continue Release of Victim Data

• Emotet Returns for a New Year of Spam

• Bug Hunter Nets $15K Bounty For Discovering Exposed User Credentials in Paypal

• How to Whitelist or Blacklist apps on Android & iOS

• Is Cybersecurity Getting Too Complex?

• Luke Kingma’s & Lou Patrick-Mackay’s Futurism Cartoons ‘Wandering CPU’

• Tour the RSA Conference 2020 Security Operations Center

• DEF CON 27, Red Team Offensive Village, Casey (3ndG4me) Erdmann’s ‘BadSalt Adversarial DevOps’

• Billions of Medical Images Leaked in Huge Privacy Puzzle

• Six Reasons Why ForgeRock SDKs Make Sense

• 20/20 Vision on 2020’s Network Security Challenges

• DNS threats emerge as IoT sticking point

• An Identity Management Spin on Shaggy’s Hit Song

• Privacy activists beg Google to ban un-removable bloatware from Android

• Microsoft Pulls Plug On Windows 7 Support From Tuesday

• Google Cloud’s Thomas Kurian on the future of cloud and Google

• Emotet Malware Restarts Spam Attacks After Holiday Break

• Facebook Bug Reveals Anonymous Page Administrators

• New Android malware on Play Store disables Play Protect to evade detection

• Report: Chinese hacking group APT40 hides behind network of front companies

• Whirlybird-driving infosec boss fined after ranty Blackpool Airport air traffic control antics

• Threat Intelligence Is the Centerfold

• A week in security (January 6 – 12)

• Android Trojan Steals Your Money to Fund International SMS Attacks

• Tech survey shows surging demand for cloud computing

• Windows 7 Reminder: Get a Free Windows 10 Upgrade While You Can

• US to Axe Drone Fleet Containing Chinese Tech

• 5 major US wireless carriers vulnerable to SIM swapping attacks

• Study: Enterprises Choosing Microsoft Cloud Over Amazon’s AWS

• Major US wireless carriers vulnerable to SIM swapping attacks

• Most Website Consent Mechanisms ‘Illegal’ Under GDPR

• 5 cyber tools your business needs in 2020 to keep safe

• Phishing for Apples, Bobbing for Links

• Will This Be the Year of the Branded Cybercriminal?

• European Lawmakers Want to Force All Smartphones to Have Same Charging Port, Apple Defends Lightning

• #THIREurope: How Target Improved its Threat Hunting Capabilities

• How to secure a router from Cyber Attacks

• ‘Cable Haunt’ Bug Plagues Millions of Home Modems

• Texas School District Loses $2.3M to Phishing Attack

• 2020 Cybersecurity Trends: Increased Demand for Election Security – The Nation’s Biggest Threat to Democracy in 2020 by

• The Jazzy New Active IQ Unified Manager 9.7: Security Focused ONTAP Management

• Federally Funded Unimax Smartphone Preloaded With Malware

• Apple Files Unreleased Mac in Eurasian Database, Perhaps a 13-Inch MacBook Pro With Scissor Keyboard?

• Texas School District Falls For Email Scam, Hands Over $2.3 Million

• New York Airport Paid Ransomware Demand After Suffering Sodinokibi Attack

• Expert Advise On Microsoft To End Update And Patch Distribution For Windows 7

• Why Cloud Security Seems So Hard, and How to Overcome These Challenges

• US ‘Set To Ground Civilian Drone Programme’ Over Spying Risk

• Unpatched Citrix Flaw Now Has PoC Exploits

• Graduation Day: From Cyber Threat Intelligence to Intelligence

• Awareness Advocate On Texas School District Loses $2.3m In Phishing Scam

• Seattle to Host Major New Cybersecurity Event

• Go Ahead, Apply the Federal Rules of Evidence to the Senate Impeachment Trial

• Facebook quickly fixed a bug exploited in attacks that exposed Page Admins info

• Working for a Winning Company

• Artificial Personas and Public Discourse

• Response to IT industry trends analysis 2020

• Cable Haunt vulnerability affects millions of Broadcom cable modems

• CES 2020: Mixed-Reality Glasses Win Praise At Tech Show

• Man who hacked National Lottery for just £5 is jailed for nine months

• Phishing attacks: Watch out for these telltale signs that you’ve been sent to a phoney website

• Whirlybird-driving infosec boss fined after ranty Blackpool Airport antics

• Predict 2020: A Look at What the New Year Will Bring

• Inside the murky world of bots

• Apple Celebrating Chinese New Year With Heartwarming Short Film, Today at Apple Sessions, and Gift Guide

• Hacker that hit UK National Lottery in 2016 was sentenced to prison

• Why I joined Imperva

• Cable Haunt: Unknown millions of Broadcom-based cable modems open to hijacking

• Sodinokibi Hackers Now Use Stolen Data for Blackmail

• Powerful GPG collision attack spells the end for SHA-1

• Multiple Hacking Groups Attempt To Skim Credit Cards From Perricone MD – Experts View

• Network Traffic Analysis for Incident Response: Internet Protocol with Wireshark

• Oski Stealer Targets Browser Data, Crypto Wallets in U.S.

• Weirdest Cybersecurity Stories Of 2019 | Avast

• Account Security: One Healthy New Year’s Resolution You Will Need in 2020

• Avast Team Prepares For Hack Cambridge | Avast

• Experts On News: PayPal Confirms High-severity Password Vulnerability

• Travelex still down two weeks after Sodinokibi ransomware infection

• #THIREurope: APT Groups Now Using Similar Tools in Espionage and Cybercrime Attacks

• ‘The Morning Show’ Actor Billy Crudup Wins 2020 Critics’ Choice Award

• Texas school district falls for email scam, hands over $2.3 million

• National Lottery Hacker Theft £ 5, Land Prison Penalty

• The Ultimate Guide to SSL/TLS Decryption

• Facebook Rushes to Patch Bug Exposing Page Admins

• Arm Chips Vulnerable to PAN Bypass – “We All Know it’s Broken”

• An Accountability Update for Crimes Committed in Syria

• Why are we still talking about email security?

• Texas School District Lost $2.3M to Phishing Email Scam

• Exploits Published for Citrix ADC Vulnerability, Patches Coming Soon

• Snake alert! This ransomware is not a game…

• Two weeks after ransomware attack, Travelex says some systems are now back online

• Exploits for Citrix ADC and Gateway flaw abound, attacks are ongoing

• Personal data of millions of Americans exposed from PC in China

• St Louis Man Jailed for $12m Tax Refund Scam

• VB2019 presentation: Targeted attacks through ISPs

• US Mounts Final Campaign To Bar Huawei From UK 5G Networks

• Moving security operations to the cloud

• Number of 5G connections to reach 1.5 billion globally by 2025

• What is security’s role in digital transformation?

• Australia Bushfire Donation Site Suffered MageCart Attack

• Lawmakers look to spread COPPA out to cover kids up to 16

• Google urged to tame privacy-killing Android bloatware

• U.S. Lawmakers Call on FCC to Step Up Fight on SIM Swapping

• U.S. Healthcare Data Breach Cost $4 Billion in 2019. 2020 Won’t Be Any Better

• ‘Rosegold’ National Lottery hacker steals £5, lands prison sentence

• Reddit bans ‘impersonation,’ but satire and parody are still OK

• ‘Dustman’ disk wiper attacks Bahraini oil company

• Ring Employees Caught Spying on Customers

• Hundreds of Millions of Broadcom Modems “Haunted” by New Bug

• Monday review – the hot 19 stories of the week

• Credit Card Skimming Attack Targets Australia Bushfire Donors

• 47 arrests for smuggling Moroccan citizens to the EU

• TrickBot Added New Stealthy Backdoor for High-Value Targets

• New York Airport Systems attacked by Sodinokibi Ransomware

• Citrix Gateway Vulnerability: Exploits Proliferate, as Experts say Gov’t Agencies Exposed

• School in Texas Lost $2.3 Million in a Phishing Scam

• National Lottery Hacker Jailed for Nine Months

• US troops deploying to the Middle East told to leave personal devices at home

• Welcoming the Danish Government to Have I Been Pwned

• 5G – The Future of Security and Privacy in Smart Cities

• Citrix Admins Urged to Act as PoC Exploits Surface

• 16-31 December 2019 Cyber Attacks Timeline

• Vulnerability Scanning vs. Penetration Testing

• UK data watchdog kicks £280m British Airways and Marriott GDPR fines into legal long grass

• Google Demos Remote Hack of an iPhone Without User Interaction

• Travelex Hit By $6m Ransom Attack

• December 2019’s Most Wanted Malware: Greta Thunberg-themed Spam Used to Spread Emotet Malware

• UK National Lottery Hacker Sentenced to Prison

• A case for establishing a common weakness enumeration for hardware security

• Pending study to examine OPM-GSA merger

• Prevent security misconfigurations in a multi-cloud environment

• Email attack trend predictions for 2020 | Cyber Work Podcast

• Do Midsized Companies Need a CISO?

• Adding Some Salt to Our Network – Part 2

• Citrix ADC Exploits: Overview of Observed Payloads, (Mon, Jan 13th)

• Maze Ransomware operators leak 14GB of files stolen from Southwire

• Iranian Cyber-Attacks, Ring Class-Action Lawsuit, Preventing Calendar SPAM

• Transact with trust: Improving efficiencies and securing data with APIs

• The U.S. Government Funded Smartphones Comes Pre-installed With Unremovable Malware

• If you haven’t shored up that Citrix hole, you were probably hacked over the weekend: Exploit code now available

• Ransomware attack on Albany Airport on Christmas 2019

• Information Security grabs attention at CES 2020

• CISA on Iran’s Cyber Threat: It’s Time to Review Your Cyber Security Posture!

• Kuo: All 5G iPhones on Track to Launch in Fall 2020, Including Both Sub-6GHz and mmWave Models

• Introducing the New MITRE ATT&CK Framework for Industrial Control Systems

• Robert M. Lee’s & Jeff Haas’ Little Bobby Comics ‘Data Classification Fail’

• Amazon Terminated Employees for Leaking Customers Sensitive Data Such as Email Address & Phone Number

• Semtech’s new AVX chipset offers enhanced performance for AV extension applications

• ISC Stormcast For Monday, January 13th 2020 https://isc.sans.edu/podcastdetail.html?id=6820, (Mon, Jan 13th)

• DEF CON 27, Red Team Offensive Village, Nathan Sweaney’s ‘Casting With The Pros: Tips And Tricks’

• India ordered to review suspension of internet services in Kashmir

• Cable Haunt Vulnerability Haunts Cable Modems Using Broadcom Chips

• CSA SECtember: A new global event dedicated to the intersection of cloud and cybersecurity

• Hampton Products adds indoor and outdoor security cameras to its suite of smart home products

• Zimperium integrates with Microsoft Defender Advanced Threat Protection EDR

• Ping An Technology and Intel to establish a joint laboratory, cooperate on products and technology

• ELK Dashboard and Logstash parser for tcp-honeypot Logs, (Sun, Jan 12th)

• Netskope opens new data center in Johannesburg, South Africa

• European Skin Care Perricone websites Suffer Multiple MageCart Attacks

• IT Security News Weekly Summary – Week 02

• IT Security News Daily Summary 2020-01-12

• New Bill prohibits intelligence sharing with countries using Huawei 5G equipment

• Sodinokibi Ransomware threats Travelex to release data, if ransom not paid.

• One More Threat For Organizations – The Ako Ransomware

• MageCart attack hit Australia bushfire Donors

• DEF CON 27, Red Team Offensive Village, Chris McCoy’s ‘Through The Looking Glass: Own The Data Center’

• Dixons Carphone Hit With £500,000 Fine For Data Breach

• Incels: America’s Newest Domestic Terrorism Threat

• Google Removes Trove of Risky ‘Bread’ Apps From Play Store

• Week in review: Citrix bug under attack, Windows 7 ransomware risk, ATT&CK for ICS

• 2019’S TOP 10 WEBCASTS

• Mozilla Patched Zero-Day Vulnerability With Firefox 72.0.1

• Google removed 1.7K+ Joker Malware infected apps from its Play Store

• 8 Common Types of Small Business Cyber Attacks

• All the Ways Facebook Tracks You—and How to Limit It

• How to Rein In Your Unmanaged Cloud in 4 Steps

• SNAKE Ransomware – A New Threat For Businesses In Town

• Planet Calypso – 62,261 breached accounts

• PoC Exploit Code Released for Citrix ACD and Gateway Remote Code Execution Vulnerability

• Four innovations changing the face of the financial industry

Generated on 2020-01-13 23:55:12.527859