IT Security News Daily Summary 2020-11-21

• Liquid Cryptocurrency Exchange Suffered A Security Breach

• Certified Information Systems Auditor (CISA)

• Manchester United football club discloses security breach

• DEF CON 28 Safe Mode Voting Village Village – Michael A. Specter’s ‘The Ballot Is Busted Before The Blockchain’

• XKCD ‘Viral Quiz Identity Theft’

• DEF CON 28 Safe Mode Voting Village Village – Forrest Senti’s & Mattie Gullixson’s ‘Secure The Vote Standards’

• Malware service operators arrested; offered antivirus bypassing tools

• GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

• Black Friday 2020: Best Apple Deals to Plan For

• Network Perimeter Vulnerabilities: The Cyber-Threat Hiding in Plain Sight

• Dutch tech reporter gatecrashes EU defence secret video conference

• ‘Build’ or ‘Buy’ your own antivirus product

• Manchester United working with infosec experts to ‘minimize ongoing IT disruption’ caused by ‘cyber attack’

• Secret Service Investigates 700 Cases of Covid Relief Fraud

• Experts warn of mass-scanning for ENV files left unsecured online

• UK’s National Cyber Force Comes Out Of The Shadows

• Top Stories: Apple M1 Macs and HomePod Mini Launch, iOS 14.2.1 Bug Fixes for iPhone 12, App Store Fee Changes

• What Is E-PDR (Endpoint Prevention, Detection and Response)?

• Capcom Ransomware Attack Update: Vendors Confirmed Compromise Of Data

• Manchester United hit by ‘sophisticated’ cyber attack

• VMware privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005) – https://www.vmware.com/security/advisories/VMSA-2020-0026.html, (Sat, Nov 21st)

• Windows Migration Assistant Updated for macOS Big Sur

• UK reveals new National Cyber Force to improve offensive cyber capabilities

• Botnets have been silently mass-scanning the internet for unsecured ENV files

• 5 takeaways from the 2020 (ISC)2 Cybersecurity Workforce Study

• Week in security with Tony Anscombe

• Updated Apache Drill R JDBC Interface Package {sergeant.caffeinated} With {dbplyr} 2.x Compatibility

• 10 Best WiFi Hacking Apps for Android – 2020 Edition

• Asylum Ruling Halts Restrictions in New Rule

• Quantum computing: A cheat sheet

• Introducing Signal Sciences Terraform Provider

• What Exactly is CUI? (and How to Manage It)

• 2020-11-20 – TA551 (Shathak) Word docs with Japanese template push IcedID

• VA union claims victory in termination case

• Peters calls on White House to protect health care systems from cyber threats

• Why even the best free VPNs are not a risk worth taking

• Threat Roundup for November 13 to November 20

• IT Security News Daily Summary 2020-11-20

• Tech experts call on feds to coordinate benefits solutions

• AI shows where cities need trees the most

• Can private data as a service unlock government data sharing?

• Long-awaited IoT security bill heads to president’s desk

• Long-term telework can expand recruitment pool

• Data protection impact assessment tips and templates

• Facebook Messenger Bug Could Have Let Hackers Listen To Your Conversations

• VMware addresses flaws exploited at recent Tianfu Cup

• Astropad and Luna Display Updated With M1 Mac Support

• In Praise of Chris Krebs

• 2020 Vision: Adapting Security for Office 365 Collaboration

• IBM Power9 processors beset by Cardiac Osprey data-leaking flaw as Spectre still haunts speculative chips

• Election disinformation fears came true for state officials

• Good Heavens! 10M Impacted in Pray.com Data Exposure

• VMware Fixes Critical Flaw in ESXi Hypervisor

• Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns

• How Industrial IoT Security Can Catch Up With OT/IT Convergence

• Facebook Messenger Flaw Enabled Spying on Android Callees

• Deals: Nomad’s Early Black Friday Sale Takes 30% Off Sitewide Through December 2

• Leather Sleeve for iPhone 12 Models Now Available From Apple

• Once Again, Facebook Is Using Privacy As A Sword To Kill Independent Innovation

• Common Malware Families That Lead to Ransomware

• CBP wants to expand facial recognition

• Study finds 31% of third-party vendors could cause significant damage to organizations if breached

• What are the biggest hardware security threats?

• Security Pros Push for More Pervasive Threat Modeling

• DEF CON 28 Safe Mode Voting Village Village – United States Election Assistance Commission Chairman Benjamin Hovland’s Remarks

• MacRumors Giveaway: Win 30W and 65W USB-C Power Adapters From RAVPower

• Chrome for M1 Macs Runs Up to 80% Faster Than Rosetta 2 Version

• Craig Federighi: Native Windows on M1 Macs is ‘Really up to Microsoft’

• Critical Vulnerabilities in VMWare ESXi, Workstation and Fusion Patched

• Mount Locker Ransomware is Now Targeting TurboTax Returns

• Drupal sites vulnerable to double-extension attacks

• Facebook Paid Out $11.7 Million in Bug Bounties Since 2011

• Trend Micro Releases Free Tool to Tackle Misinformation

• Green Beret Passed Secrets to Russia

• Sector financiero, ciberseguridad y gestión de operaciones

• Anker’s eufyCam 2 Pro Camera With HomeKit Secure Video Now Available From Apple

• End to end encryption? In Android’s default messaging app? Don’t worry, nobody else noticed either

• Facebook Messenger bug allowed callers to listen unattended calls

• Database Authentication + Spring Security SAML

• Government-funded scientists laid the groundwork for billion-dollar vaccines

• New Grelos Skimmer Variants Siphon Credit Card Data

• Data Breach at Iowa Hospital

• Managed.com Hosting Provider Hit by REvil Ransomware, $500K Ransom Demand

• A quick look into malwares that installs ransomware : Remove them form your system immediately

• Japanese Orgs Hacked ‘by China’ in Long, Widespread Campaign

• October Mumbai power outage may have been caused by a cyber attack

• How to Apply Elite Intelligence to AWS Security Services

• Apple Lists M1-Based Mac Mini Logic Boards With 10 Gigabit Ethernet in Internal Parts Ordering System

• UK Government, Facebook, Google, Twitter To Tackle Covid Misinformation

• Major Power Outage in India Possibly Caused by Hackers: Reports

• Facebook patches Messenger audio snooping bug – update now!

• FireEye Acquires Respond Software

• Hao Projection: Chinese-Drawn World Map

• Apple Software Chief Craig Federighi Defends App Tracking Transparency Feature

• Europe Has No Strategy on Cyber Sanctions

• It’s Only a Matter of Time Before China Detains U.S. Executives

• Demystifying two common misconceptions with e-commerce security

• Black Friday 2020: How to shop safely online

• Egregor Ransomware locks down retail giant billing machines

• Facebook Messenger Bug Allows Spying on Android Users

• It’s time for banks to rethink how they secure customer information

• Implementing an SDP architecture for added network security

• Convicted SIM Swapper Gets 3 Years in Jail

• #ISSE2020: Focus on 2020’s Crypto Successes Rather than Efforts to Break it

• Bug in Facebook Messenger on Android Let Attackers Start Calls and Listen to Audio

• How Cyberattacks Work

• Within the margin of error

• Five worthy reads: The rise in credential stuffing attacks

• Mitsubishi Electric Corp. was hit by a new cyberattack

• Robot Vacuums Suck Up Sensitive Audio In LidarPhone Hack

• Tech Giants Align To Fight Covid Vaccine Conspiracies

• Dutch Police Investigate Trump Twitter Hack

• Two Romanians Arrested For Running Three Malware Services

• OWC’s Upcoming Thunderbolt Hub Adds More Thunderbolt 3 Ports to Your Mac

• US Regulators Begin Consultation On Self-Driving Car Safety

• Pray.com exposed data of millions after database mess up

• Introducing another free CA as an alternative to Let’s Encrypt

• Security Culture: Putting Digital Literacy First in Your Company

• Microsoft: These are the new privacy steps we’re taking to protect your data

• Two Romanians arrested for running three malware services

• Industry Reactions to Trump Firing CISA Director Chris Krebs: Feedback Friday

• Mercy Iowa City Discloses Highly Sensitive Data Breach Impacting Over 60,000 Iowans

• Cloud Security Alliance, Tiro Security Partner to Offer Complimentary Cloud Certification Exam to Cybersecurity Women, Minorities in nextCISO Program

• Cloud Security Alliance Opens Registration for CloudBytes Connect: From the SOC to the Boardroom

• Apple Reiterates ‘Enormous Potential’ of AR, Hints at ‘Devices That May Exist Tomorrow’

• Xbox Series X Controller Support Coming to Apple Devices

• IAM-Driven Biometrics: The Security Issues with Biometric Identity and Access Management

• Google is adding end-to-end encryption to its Android Messages app

• GO SMS Pro Exposes Messages of Millions of Users

• Hacker Closing Out Prison Sentence in Chicago Halfway House

• Industry Reactions to Trump Firing CISA Director: Feedback Friday

• CybExer Tasked With Enhancing Luxembourg’s Cyber-Defense Capabilities

• Ransomware Attack Takes Down Massive Food-Supply Chain Providing Distribution of Temperature-Sensitive COVID-19 Vaccines

• $799 M1 MacBook Air With 128GB Storage for Education Institutions Spotted Online

• Deals: Get Up to $100 Off Apple’s 2020 iPad Pro Lineup

• 10 Cross Platforms for App Development

• New Jupyter Malware Is A Blend of Infostealer And Backdoor

• Web Hosting Provider Managed.com Suffered REvil Ransomware Attack

• World’s Worse Passwords Revealed By NordPass

• Artificial intelligence could be used to hack connected cars, drones warn security experts

• Google is adding end-to-end encryption to Android Messages app

• New Mount Locker Ransomware Version Targeting TurboTax Files

• VMware Patches Vulnerabilities Exploited at Chinese Hacking Contest

• Faith App Pray.com Exposes Millions Through Cloud Misconfig

• Symantec Reports on Cicada APT Attacks against Japan

• First HomePod Jailbreak Stokes Speculation About Smart Speaker’s Hacking Potential

• REvil claim attack on televangelist Kenneth Copeland

• Android users could spy on others using the Facebook Messenger

• Nozomi Networks partners with Honeywell to strengthen OT cybersecurity

• Robot vacuums can allow bad actors into your home

• Security Recruiter Directory

• 10 biggest cybersecurity M&A deals in 2020

• Facebook Pays $60,000 for Vulnerability in Messenger for Android

• Microsoft Announces Pluton Processor for Better Hardware Security

• Critical Webex Bugs Let ‘Ghost’ Users Spy on Meetings

• Winners announced of Europol’s 2020 Photo Competition

• Over 2 000 participants from 132 countries logged on for the 4th Global Conference on Criminal Finances and Cryptocurrencies

• A flaw in Facebook Messenger could have allowed spying on users

• QakBot Big Game Hunting continues: the operators drop ProLock ransomware for Egregor

• Today at Apple Launches ‘Make Your Holiday’ Project Book and Virtual Creative Sessions

• Experts On New Grelos Skimmer Variant Reveals Overlap in Magecart Activities

• 2020 Black Friday/Cyber Monday – Likely Magecart Attack Increase Due To Plug-in Vulns – Experts Perspective

• VMware patches serious vulnerabilities in ESXi hypervisor, SD-WAN Orchestrator

• 1-15 October 2020 Cyber Attacks Timeline

• NCSC’s London HQ was chosen because GCHQ spies panicked at the prospect of grubby Shoreditch offices

• Check Point Software Partners with (ISC)² to Further Develop C level executives Key Cyber Security Skills

• FCW Insider: Nov. 20

• US Senate Approves New Deepfake Bill

• IT threat evolution Q3 2020 Mobile statistics

• IT threat evolution Q3 2020. Non-mobile statistics

• Apps for Customizing iOS 14 Home Screens Installed on 15% of US iPhones

• Why test data does not need to be protected

• Kali Linux 2020.4 Released with New Tools, ZSH Shell & Updates for NetHunter

• Apple to Press Ahead on Mobile Privacy, Despite Facebook Protests

• Black Friday Alert as E-Commerce Attacks Surge in 2020

• Twitter Names Hacker Mudge Head of Security | Avast

• IT threat evolution Q3 2020

• UK reveals new ‘National Cyber Force’, announces Space Command and mysterious AI agency

• Romanian duo arrested for running malware encryption service to bypass antivirus software

• Facebook Messenger Bug Lets Hackers Listen to You Before You Pick Up the Call

• Maintaining Governance and Security in Multi-Tool Environments

• Malicious Python Code and LittleSnitch Detection, (Fri, Nov 20th)

• Unprotected S3 Buckets Results In Over 80,000 ID Cards And Fingerprint Scans

• Experts Reacted On Android Chat App With 100 Million Installs Exposes Private Messages

• Holidays Are Coming – the State of Security for E-commerce in 2020

• Looking for adding new detection technologies in your security products?

• Cyber Security Jobs with Growing Demand in India – Here an Exclusive Cyber Security Job Portal

• Singapore investigating claims Muslim app developer sold user data to US military

• Weekly Update 218

• Cyber Security Predictions 2021: Experts’ Responses

• You can protect the company from hackers, but can you protect the company from the CEO?

• UK reveals new ‘National Cyber Force’, announces Space Command and mysterious AI agency

• The malware that usually installs ransomware and you need to remove right away

• New infosec products of the week: November 20, 2020

• Ransomware attacks on one in four SaaS providers

• Verizon Cyber Espionage Report

• Attacks on biotech and pharmaceutical industry escalate

• 56% of organizations faced a ransomware attack, many paid the ransom

• VMware SD-WAN Vulnerabilities Expose Enterprise Networks to Attacks

• Microsoft Boosts Security of 365 Priority Accounts

• The Ministry of Digital Development of the Russian Federation developing monitoring application to combat COVID-19

• OSINT, 3D Modeling, Geolocation & Forensic Architecture: Analysis Of The Beirut Port Explosion

• The Role of Access Control in Information Security

• CVE-2020-27995: Zoho ManageEngine RCE

• Healthcare Orgs: What You Need to Know About TrickBot and Ryuk

• Protecting Against Election Interference in 2024

• Financial services lead when it comes to fixing open source flaws

• Consumer behaviors and cyber risks of holiday shopping in 2020

• VMware reveals critical hypervisor bugs found at Chinese white hat hacking comp. One lets guests run code on hosts

• Holiday Shoppers Beware: Tips on Protecting Brand Owners and Consumers from Domain Security Threats

• Business Email Compromise Attacks: The Big Phishing Scam That’s Easily Missed

• The worst passwords of 2020: Is it time to change yours?

• ISC Stormcast For Friday, November 20th 2020 https://isc.sans.edu/podcastdetail.html?id=7262, (Fri, Nov 20th)

• Open Raven Cloud-Native Data Protection Platform: Automating security and privacy operations

• FireEye Acquires Respond Software, Gets $400 Million Investment Led by Blackstone

• Apple Offers Instructions on What to Do if macOS Big Sur Causes Installation Errors on 2013 and 2014 MacBook Pro

• Entrust CryptoCoE: Enabling enterprises to take command of their crypto instances

• McAfee MVISION CNAPP enhances cloud-native security by integrating with AWS

• Red River delivers simplified WAN management with Managed SD-WAN solution

• DigiCert Enterprise PKI Manager supports security for remote workforces

• In 2016 Australia’s online census failed. Preparations for the 2021 edition have been rated ‘partly effective’

• Telco carrier to tech firm: BT Global Services CEO on reshaping the company

• Aerospike unveils XDR expressions in Aerospike Database 5

• FileCloud 20.2: Protecting, tracking and controlling sensitive documents after distribution

• FireEye surges as investment firm Blackstone takes $400 million investment, board seat

• Iowa Hospital Alerts 60K Individuals Affected by June Data Breach

• Telos Goes Public

• Enzoic partners with OneLogin to eliminate the risk of compromised credentials

• PCI Pal and Oracle collaborate to add security and compliance options for CNP payments

• RepRisk and Apex partner to provide ESG risk data to private markets

• Tufin and AWS Network Firewall deploy network protections for Amazon Virtual Private Clouds

• BrandPost: Discover the Correlation Between Cybersecurity and Positive Business and Security Outcomes

• DOD, Coast Guard resume MHS Genesis deployment

• Cybercriminals Get Creative With Google Services

• ISP Security: Do We Expect Too Much?

• A flaw in GO SMS Pro App allows accessing media messages

• Apple Black Friday 2020: Deals on Macs, iPhones, iPads, and Apple Watches

• iFixit Teardown: M1 MacBook Pro and MacBook Air Internals Nearly Identical to Intel Models

• Watch Apple’s M1 MacBook Pro Obliterate 2020 Intel MacBook Pro in Speed Tests

• Abnormal Security raises $50M to double the size of its machine learning and data science teams

• Druva acquires sfApex to offer data protection with sandbox management and data governance

Generated on 2020-11-21 23:55:10.278337