IT Security News Daily Summary 2020-11-14

• Op protected childhood: 113 online child predators arrested

• Feds investigate Zoom-bombings attack against Gonzaga University Black Student Union

• XKCD ‘Set In The Present’

• DEF CON 28 Safe Mode Voting Village Village – Amélie Koran’s ‘Hacking Democracy II: On Securing An Election’

• Akropolis Cryptocurrency Lending Service Lost $2 Million to Hackers In A Cyber Attack

• DEF CON 28 Safe Mode Ham Radio Village – Baloo’s ‘APRS Demo’

• Schneider Electric published a security advisory on Drovorub Linux Malware

• Upcoming Speaking Engagements

• Decentralized Finance (Defi) Protocol Akropolis Hacked For $2 Million In DAI

• iPhone 12 Mini Users Report Lock Screen Touch Sensitivity Issues

• New skimmer attack uses fake credit card form to steal data

• CISA Chief Chris Krebs expects to be fired by the White House

• Top Stories: Apple Silicon Macs, macOS Big Sur, iPhone 12 Mini and 12 Pro Max Launch

• Scams Ramp Up Ahead of Black Friday Cybercriminal Craze

• A Ransomware Gang Bought Facebook Ads to Troll Its Victim

• Schneider Electric Warns Customers of Drovorub Linux Malware

• The OS Big Sur Launch Might Have Slowed Down Macs Everywhere

• Biotech research firm Miltenyi Biotec hit by Mount Locker ransomware

• Traffickers supplying conflict zones with weapons and explosives disarmed in Spain

• Stick a fork in SGX, it’s done: Intel’s cloud-server security defeated by $30 chip and electrical shenanigans

• Cybersecurity careers: Which one is right for you?

• Week in security with Tony Anscombe

• 2020-11-13 – Traffic Analysis Exercise – Quiethub.net

• Weekly Update 217

• New TroubleGrabber malware targets Discord users

• Building digital trust with 5G

• Hands-On With the New iPhone 12 Pro Max and iPhone 12 Mini

• IT Security News Daily Summary 2020-11-13

• A Complete Guide to the Stages of Penetration Testing

• Biden’s GSA transition team brings deep agency ties

• Apple Issues Security Updates

• Hacker stole $2 million worth of Dai cryptocurrency from Akropolis

• Alexander Vindman Joins the Lawfare Team

• Image stock site 123RF hacked; 8.3M user database leaked

• Ransomware Groups Are Using Hacked Facebook Pages To Pressure Their Victims Into Paying

• CISA Director Expects to Be Fired Following Secure Election

• Inrupt’s Solid Announcement

• Deals: Apple’s Smart Keyboard Folio for 12.9-Inch iPad Pro Discounted to New Low of $119.97 [Updated]

• Universal Apps for Apple Silicon Macs: Pixelmator Pro, DaVinci Resolve, Darkroom, Ulysses, BBEdit, and More

• iPhone 12 and 12 Pro Users Complain of Missing SMS Text Messages and Message Notifications

• Ex-missile systems worker jailed for breaching Official Secrets Act after last-second guilty plea

• What To Look For In Your Next SIEM Provider

• 4 steps to DevSecOps in your software supply chain

• GNAP: OAuth the next generation

• Amazon Sues Instagram, TikTok Influencers Over Knockoff Scam

• Microsoft Issues Security Warning on SMS Multi-Factor Authentication

• Antivirus Software Flagging Dell Drivers as Malware

• Risk & Repeat: 2020 election security in review

• Threat Roundup for November 6 to November 13

• MacRumors Giveaway: Win a Luna Display Adapter and Turn Your iPad or Extra Mac Into a Second Screen

• First Impressions From New iPhone 12 mini and iPhone 12 Pro Max Owners

• Deals: Apple’s Smart Keyboard Folio for 12.9-Inch iPad Pro Discounted to New Low of $119.97

• API Security — 3rd-Party Key Manager Support In WSO2 API Manager 3.2.0

• How To Check the Encryption Certificate of an AS2 EDIINT Data

• Strengthen Enterprise Security Through Network Isolation Approach

• Unified Endpoint Management for the New Normal

• Reaching Strategic Outcomes With a Managed Detection and Response Service Provider: Part 2

• A new data-driven model shows that wearing masks saves lives – and the earlier you start, the better

• 2020 Reader Survey: Share Your Feedback to Help Us Improve

• Nation-State Attackers Actively Target COVID-19 Vaccine-Makers

• Botnet Attackers Turn to Vulnerable IoT Devices

• Adults and children should learn cybersecurity and safety practices

• STEM and cybersecurity training are critical for the future

• 6 training trends to watch that “will define the workplace in 2021”

• Under Analytics

• Feature Release 20.6

• Disconnect Your TCL Smart TV From the Internet—NOW

• Apple Seeds First Betas of iOS 14.3 and iPadOS 14.3 to Public Beta Testers

• Decrypting OpenSSH sessions for fun and profit

• Texas Drivers Impacted by Breach of Vertafore

• DarkSide Ransomware Group Makes New Storage System

• North Face Suffers Credential Stuffing Attack

• Attackers Target Gaming as the Latest ‘Always On’ Industry Impacted by Ransomware

• Vertafore data ereach exposes license details of 27.7M Texas drivers

• An AI tool can distinguish between a conspiracy theory and a true conspiracy – it comes down to how easily the story falls apart

• Aegis Secure Key 3NXC a Finalist in 2020 ‘ASTORS’ Awards Program

• Brazilian IT market on the road to recovery in 2021

• Ticketmaster Scores Hefty Fine Over 2018 Data Breach

• How to temporarily mitigate SAD DNS for Linux servers and desktops

• 4 phishing scams to watch out for during the holidays

• How to use the Mitre ATT&CK framework for cloud security

• New Center Supports Rail Cybersecurity

• Ticketmaster Fined £1.25m Over Data Breach

• ICE Operation Arrests 113 Child Predators

• Self-Service Security for Developers Is the DevSecOps Brass Ring

• Three APT groups have targeted at least seven COVID-19 vaccine makers

• Hasan Minhaj Joins the Cast of ‘The Morning Show’ for Season 2

• Apple Shares Teaser for ‘Servant’ Season 2, Premiering January 15

• Announcing our open source security key test suite

• EncroChat hack evidence wasn’t obtained illegally, High Court of England and Wales rules – trial judges will decide whether to admit it

• How to Use Activity Monitor to Troubleshoot Problems on a Mac

• Swedish Regulator To Challenge Court Order On Huawei Ban

• Hacker steals $2 million from cryptocurrency service Akropolis

• Credential-Stuffing Attack Hits The North Face

• Patch Tuesday, November 2020 Edition

• Report: Only 51% Of Facebook Employees Believe The Company Has A Positive Impact On The World

• Insurance Software Company Leaks 28 Million Texas Driver Records by Mistakes

• Apple Releases Security Updates for Multiple Products

• How Nonprofits Can Protect Themselves From Card-Testing Fraud

• Hitchcock’s “Decentering Whiteness”

• Fish Tanks: Defense in Depth for COVID19?

• How Data-Centric Security Enables Cross-Regulatory Compliance

• Apple Joins Industry Group Working Towards 6G

• Assessing International Law on Self-Determination and Extraterritorial Use of Force in Rojava

• CFIUS’s Excepted Foreign States Provision: U.S. Economic Security Policy Gets Longer Arms

• How Did a Trump Loyalist Come to be Named NSA General Counsel—And What Should Biden Do About It?

• Ticketmaster to pay penalty of £1.25m for chat bot Cyber Attack

• Google Address Two More Chrome Zero-Day Vulnerabilities

• PLATYPUS Attack: Novel Power Side-channel Attack Threatening Intel Devices

• Why does reproducibility matter in healthcare AI?

• Openreach Engineer Stabbed Five Times Amid 5G Violence

• Barracuda Acquires Zero Trust Solution Provider Fyde

• The Best Gifts For Hackers

• Ticketmaster Fined £1.25m Over Payment Data Breach

• Microsoft: North Korean, Russian Hackers Target COVID-19 Researchers

• Manufacturing Becomes Major Target For Ransomware Attacks

• People Could Be Asked To Prove They’ve Had Covid Vaccine To Get Into Sports Events And Concerts

• Ransomware-as-a-Service gang DarkSide creates server for data leaks

• Ticketmaster cops £1.25m ICO fine for 2018 Magecart breach, blames someone else and vows to appeal

• ICO Hits Ticketmaster With £1.2m Data Breach Fine

• The best gifts for hackers

• Microsoft says three APTs have targeted seven COVID-19 vaccine makers

• Microsoft: Russian, North Korean Hackers Target Vaccine Work

• A female wannabe martyr for the so-called Islamic State arrested in Spain

• The Sameness of Every Day: How to Change Up Audit Fatigue

• A Hacker’s Holiday: How Retailers Can Avoid Black Friday Cyber Threats

• RangeForce Becomes Crest Approved Training Provider

• As Screen Time Skyrockets, So Does Threat of Fake Apps

• What Expert Says On Chrome Adding Anti-hijacking Feature

• Experts Reacted On The North Face Credential Stuffing Attack

• Microsoft Advises To Stop Using Phone-Based 2FA – Security Expert Reaction

• Is Uber Safe? All Your Questions Answered

• This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs

• Hackers-for-hire APT group found targeting businesses globally

• Manufacturing Sector Targeted by Five ICS-Focused Threat Groups: Report

• FBI Investigating Hack Involving Black Students at Gonzaga

• Cyber News Rundown: Flood of Phony IRS Emails

• Deals: Woot Discounts Large Collection of Open Box iPads and MacBooks Today Only

• iPhone 12 Upgrade Program Now Available in Scotland, Wales, and Northern Ireland

• Cloud-based Multi-factor Authentication: The Starting Point For Security, Compliance And User Experience

• 10 Best Vulnerability Scanning Tools For Penetration Testing – 2020

• The M140i project post – Part 11

• DHS rejects Trump’s fraud claims: ‘Election was most secure in US history’

• Manufacturing is becoming a major target for ransomware attacks

• Report: CISA Chief Expects White House to Fire Him

• DHS Says Voting Systems Not Compromised, Amid Departures at CISA

• Data Breach Hits 30 Million Texan Drivers

• Shutterstock Adds Single Sign-On Integration to its Platform

• Tick-Tock: Black Friday 2020 Could Turn into a Cybercriminal Medley as Retailers Adjust to Social-Distancing During COVID-19

• Finland Drafting New Legislation Following Cyber-Attack on Psychotherapy Center

• Government in Australia issues Clop Ransomware warning to Healthcare Organizations

• The iOS Covid App Ecosystem Has Become a Privacy Minefield

• 5 key benefits of using an IP scanner

• Successful Ransomware Attacks on Education Sector Grew 388% in Q3 2020

• New Zealand Election Fraud

• New ‘Vanish Mode’ in Messenger and Instagram Enables Disappearing Chats

• Virtual Engagement Activities at #ISC2Congress

• 5 open source intrusion detection systems for SMBs

• The North Face resets passwords after credential-stuffing attack

• Credential Stuffers Scaled The North Face to Access Accounts

• The Scammer Who Wanted to Save His Country

• Kuo: Mini-LED iPad and AirPods 3 Coming First Half of 2021

• Major retailers in the EU and US at risk to web attacks

• Inaccurate Predictions about Cybersecurity is Dangerous

• Quick Hits

• FCW Insider: Nov. 13

• Amazon files lawsuit against Instagram, TikTok influencers over ‘dupe’ sales scam

• Chainalysis launches program to manage cryptocurrency seized by law enforcement

• CISA’s Krebs Set to be Fired in Blow for Security Community

• 18 arrested and €4 million seized in large money-laundering bust in France

• Vertafore data breach exposed data of 27.7 million Texas drivers

• Menu Bar Controller App for Sonos Speakers Updated for macOS 11

• Experts Insight On Steelcase Suffers Ransomware Attack, Forces 2-week Shut Down Of Global Operations And Production

• Animal Jam Kids’ Virtual World Hit By Data Breach, Impacting 46m Accounts: Expert Commentary

• Stock photo service 123RD suffered major data breach

• Possible ransomware attack warnings from the Australian government

• Stressed employees behind data breaches survey finds

• Fraudulent Transactions a Bigger Worry for Online Retailers During #COVID19

• macOS Big Sur: Quick Start Video Plus 50 Tips and Tricks

• Group-IB opens HQ in Amsterdam as a central hub for research into the European threat landscape

• U.S. Election Misinformation Continues to Spread | Avast

• Avast Business Remote Control Announcement | Avast

• Live Webinar: Reducing Complexity by Increasing Consolidation for SMEs

• Why Linux Should Factor Into Your Security Strategy

• Security flaws in Schneider Electric PLCs allow full take over

• Old Worm But New Obfuscation Technique, (Fri, Nov 13th)

• SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks

• 2020’s biggest innovators? Hackers and cyber-criminals, again, says Darktrace

• Info of 27.7 million Texas drivers exposed in Vertafore data breach

• Making history: The pandemic, disaster recovery and data protection

• Apple plans new data privacy guidelines to app developers

• US Cybersecurity Officials to be fired after elections

• How IoT insecurity impacts global organizations

• Enterprises embrace Kubernetes, but lack security tools to mitigate risk

• Swiss Spies Benefitted From Secret CIA Encryption Firm: Probe

• ML tool identifies domains created to promote fake news

• Malware activity spikes 128%, Office document phishing skyrockets

• Hungry for data, ModPipe backdoor hits POS software used in hospitality sector

• Google patches two new zero‑day flaws in Chrome

• DEF CON 28 Safe Mode Ham Radio Village – Typer Gardner’s ‘Single Board Computers In Amateur Radio’

• How to Choose an MDR Provider

• De SLA a XLA: de servicios a experiencias

• Keep Your Site Safe with the OWASP Top 10 List

• [CTO Interview] The Enterprise Movement to PKI as-a-Service

• ISC Stormcast For Friday, November 13th 2020 https://isc.sans.edu/podcastdetail.html?id=7252, (Fri, Nov 13th)

• Infosys delivers cloud-powered, cognitive-first managed services for IT operations

• Home Chef – 8,815,692 breached accounts

• Fantastical Updated for macOS Big Sur With New Design, Widgets, Native Support for Apple Silicon, and More

• Elastic enables customers to cost-effectively store and search data for deeper insights with no constraints

• Secure Code Warrior Missions: Interactive coding simulations of real-world applications

• AWS Glue DataBrew: Enabling customers to clean and normalize data without writing code

• Election security fears doused with reality: Top officials say Nov 3 ‘was the most secure in American history.’ The end

• “Nope, Go Phish” – How Organizations Can Finally Put a Stop to The Oldest Hacking Trick

• An Investigative Analysis of the Silent Librarian IoCs

• Apple Updates iWork, iMovie, and GarageBand With Refreshed Icons and Designs for macOS Big Sur

• Uptycs enhances detection and investigation for on-premises and cloud workloads

• SonicWall adds high-performance, low-TCO firewalls to its Capture Cloud Platform

• Resilience provides insurance coverage and patented cybersecurity tools for the mid-market

• 10 Common Digital Threats to Businesses

• Australian government warns of possible ransomware attacks on health sector

• Code in iOS 14.3 Adds Support for Third-Party Bluetooth Trackers With Find My Integration

• First iPhone 12 Mini and iPhone 12 Pro Max Orders Arriving to Customers in New Zealand and Australia

• Apple Updates iWork and GarageBand With Refreshed Icons and Designs for macOS Big Sur

• SentinelOne raises $267 million to accelerate growth driven by demand for its Singularity XDR Platform

• Syniverse and NodeWeaver partnership delivers wireless services and enables the intelligent edge

• 2020-11-10 – Pcap and malware for an ICS diary (traffic analysis quiz)

• 2020-11-12 – Dridex activity

• OPM veterans on the Biden-Harris transition team

• DHS panel says 2020 vote was ‘most secure in American history’

• Manufacturing Sees Rising Ransomware Threat

• What’s New in iOS 14.3: ProRAW Support for iPhone 12 Pro, PS5 Controller Support and More

• iOS 14.3 Icon Hints at AirPods Studio Design

Generated on 2020-11-14 23:55:09.094975