IT Security News Daily Summary 2020-12-18

• Securely managing the IT workload: In-house or outsource?

• T-Mobile: Massive BYOD growth raises huge enterprise security risks

• Apple, Google, Microsoft, and Mozilla ban Kazakhstan’s MitM HTTPS certificate

• VERT Alert: SolarWinds Supply Chain Attack

• Cloud is King: 9 Software Security Trends to Watch in 2021

• COVID-19 has not slowed global zero trust implementations

• DEF CON 28 Safe Mode Hack The Seas Village – Gary Kessler’s Build An AIS Receiver With A Raspberry Pi’

• Contrast Labs: Apache Struts CVE-2020-17530

• Hackers target COVID-19 vaccine supply chain and sell the vaccine in Darkweb

• Experts Insight On People’s Energy Data Breach

• Switzerland Charges Credit Suisse In Money Laundering Case – Comments From Specialist Financial Crime Lawyer

• Facebook’s Laughable Campaign Against Apple Is Really Against Users and Small Businesses

• Lawmakers press Trump to sign NDAA in the wake of massive hack

• Microsoft Confirms Its Network Was Breached With Tainted SolarWinds Updates

• FBI Warns of DoppelPaymer Attacks on Critical Infrastructure

• Instagram Supports Uploading ProRAW Photos Taken With iPhone 12 Pro

• Victory! Federal Appeals Court Confirms FOIA Requests Requiring a Database Query are Allowed Under the Law

• Research: Stealing data from air-gapped PC by turning RAM into Wi-Fi Card

• Authentication Bypass Vulnerability Patched in Bouncy Castle Library

• MacRumors Giveaway: Win an Apple-Themed Pillow From Throwboy

• Apple’s A14 Outperforms New Snapdragon 888 Chip Coming in Future Android Phones

• The Strategic Implications of SolarWinds

• Why the Flynn Pardon Matters

• The nation has to act as one team, there is too much secrecy and privacy around these hacks: Intel expert

• WordPress Plugin Installed 5 Million Times Has Critical Upload Vulnerability

• Iranian Nation-state actors linked to Pay2Key Ransomware

• NSA warns of Federated Login Abuse in Advisory

• BrandPost: 5 reasons the security of your endpoints could be at risk

• BrandPost: Securely managing the IT workload: In-house or outsource?

• BrandPost: Securely empowering today’s anytime-anywhere workforce

• Chinese drone developer DJI added to Commerce Department ‘Entity List’

• Sunburst’s C2 Secrets Reveal Second-Stage SolarWinds Victims

• Beware of cybercriminals: Keep your guard up during the last-minute shopping frenzy

• SolarWinds-related cyberattacks pose grave risk to government and private sector, says CISA

• Good and bad news for cybersecurity in 2021

• Predicting 2021 in cybersecurity: DDoS attacks, 5G speed, AI security, and more

• US Blacklists Chinese Companies Including Chip Giant SMIC

• Industrial Control Systems Ripe Targets for Ransomware

• SolarWinds Likely Hacked at Least One Year Before Breach Discovery

• VMware Flaw a Vector in SolarWinds Breach?

• JIBC Launches Cybercrime Analysis Certification

• New ISAC for K–12 Schools Names National Director

• Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise
  Multiple Global Victims With SUNBURST Backdoor

• How X.509 Certificates Were Involved in SolarWinds Attack | Keyfactor

• Why 2020 will be a bumper Christmas for cybercriminals – and what retailers can do about it

• What Does Risk-Based Cybersecurity Reporting Look Like?

• SolarWinds Orion Breach — BitSight Analysis Part 1

• The Services You Need To Hire To Build A Quality E-Commerce Website

• Improving Workplace Security in 7 Easy Steps

• Building an App: 6 Things to Consider

• Weighing the Pros and Cons of Static Application Security Testing

• Goontact Spyware Targets Smartphone Users Via Fake Messaging Apps

• Linux containers can minimize cross-domain security headaches

• GAO tracks diversity in the intelligence community

• FBI & Interpol disrupt Joker’s Stash, the internet’s largest carding marketplace

• Practice vs Process Maturity: Strengthening Your Cyber Compliance & Risk Program

• NSA Warns Of Federated Login Abuse For Local-To-Cloud Attacks

• Five Russian Hacks That Transformed US Cybersecurity

• Add Microsoft To The List Of SolarWinds Victims

• GitHub Plans To Eradicate Password Usage Next Year

• Review: Activity Awards Bring Your Apple Watch Fitness Achievements to Life

• Apple Shares Manual on How to Lock Down Devices When Personal Safety is at Risk

• iPhone 12 Demand Helps Boost Qualcomm’s 5G Modem Revenue, But Apple Working on Own ‘High-End’ Modem

• Steve Wozniak Schematics for Prototype Apple II Computer Sell for $630k at Auction, Apple-1 goes for $737k

• Palo Alto Networks CEO: All companies must ensure they weren’t hit in suspected Russian cyberattack

• Why Microsoft is Morgan Stanley’s top software pick for 2021

• Google Hit With Third Antitrust Lawsuit

• How to lock down your Microsoft Account and keep it safe from outside attackers

• Best VPN services for 2021: Safe and fast don’t come for free

• Cyberpunk 2077 Headaches Grow: New Spyware Found in Fake Android Download

• Microsoft Caught Up in SolarWinds Spy Effort, Joining Federal Agencies

• Cybersecurity can use some help from AI and ML

• AI, ML can bolster cybersecurity, and vice versa, professor says

• 5 Key Takeaways From the SolarWinds Breach

• NSA on Authentication Hacks (Related to SolarWinds Breach)

• Deals: Get the M1 13-Inch MacBook Pro for $1,199.99 on Amazon ($99 Off)

• Barclays: iPad With OLED Display Unlikely to Launch Until 2022 at Earliest

• Cyber Events that Rocked 2020

• Channel updates: One Identity extends channel momentum as demand for identity-centric security accelerates

• Bracing for the shopping surge: retailers ramp up security measures for 2020 holiday season

• Former NSA executive on suspected Russian cyberattack on U.S. agencies

• Here’s what it will take to determine what suspected Russians hacked from U.S. agencies

• Why the SolarWinds cyberattack isn’t over

• CipherCloud Chronicles 8: CipherCloud DRM (Handing The Right Keys To The Right Person)

• Mitigating Cloud Supply-chain Risk: Office 365 and Azure Exploited in Massive U.S. Government Hack

• Ransomware payments doubled in 2020

• BrandPost: Protecting Online Holiday Shopping this Season

• ‘The Croods: A New Age’ same family, even bigger data demands

• Russian hackers targeted 40 agencies including US Nuclear Agency

• Insider Threats: What Are They, Really?

• 5G standalone networks may have more vulnerabilities than you think

• Mad About Malware: Hot Spots and Trends in 2020

• Alibaba Facial Recognition Tech Picks Out Uyghur Minorities

• 2021 Cybersecurity Predictions: The Intergalactic Battle Begins

• 5 Key Takeaways from the SolarWinds Breach

• Bugcrowd Report Shows Marked Increase in Crowdsourced Security

• SCAP Security Guide: helping you to achieve security policy compliance

• iPhone 13 Lineup May Support Game-Changing Wi-Fi 6E, Larger iPhone SE Unlikely in Early 2021

• Suspected Russian cyber attack looks like a ‘dream’ attack for hackers, says Palo Alto CEO

• Full interview with Palo Alto Networks CEO Nikesh Arora on massive cyber attack

• Unsecured Azure blob exposed 500,000+ highly confidential docs from UK firm’s CRM customers

• UK Energy Startup ‘People’s Energy’ Discloses Data Breach

• Spotify Hit by Yet Another Data Leak

• Remedying Shell Shock Part 2: The Power of PowerShell

• The SolarWinds Breach Is a Failure of U.S. Cyber Strategy

• How to Not Fall for a Charity Scam This Holiday Season

• Microsoft: 2020 was the year we almost said goodbye to passwords

• NSA warns of federated login abuse for local-to-cloud attacks

• Ransomware Gangs Use ‘SystemBC’ Tor Backdoor in Attacks

• How to address the skills gap of security and IT personnel

• Will the US Move to a Federal Privacy Law in 2021?

• Ransomware attackers are making threatening phone calls to their victims, warns FBI

• SonarSource now provides high-precision SAST tooling for developers, enabling them to own Code Security

• Absolute Zero

• Microsoft Finds Malicious Code In Its Systems After SolarWinds Compromise

• Ethical Hacking – Where And How Does It Fail?

• How Polypoly wants to reinvent the data economy

• Continuous Updates: Everything You Need to Know About the SolarWinds Attack

• Microsoft, Energy Department and Others Named as Victims of SolarWinds Attack

• Cyber News Rundown: Trickbot Spreads Via Subway Emails

• All-source intelligence: reshaping an old tool for future challenges

• Sunburst: connecting the dots in the DNS requests

• Apple Stops Offering Standalone Update Packages in macOS Big Sur

• Massive Fraud Operation Facilitated By Evil Mobile Emulator Steals Millions From Banks

• Fake Cyberpunk 2077 game installs malware

• US nuclear agency hit by cyberattack

• This Year in Ransomware Payouts (2020 Edition)

• Suspected Russian hack is much worse than first feared: Here’s what you need to know

• How Social Media Is Contributing to The Popularity of Bitcoin

• Investors Are Choosing Bitcoin Over Gold as The Better Hedge Against Inflation

• Top 5 online maps to track cyberattacks worldwide

• How To Choose A Laptop For Ethical Hacking

• People’s Energy Data Breach Impacts 270,000 Customers

• Senate passes NDAA but veto threat looms

• NSC invokes 2016 directive to respond to SolarWinds hack

• Telework gets Air Force IT seal of approval

• UK Energy Firm Suffers Data Breach Impacting Entire Customer Database

• Decade-Long Data Silo to Address Google-Fitbit Privacy Concerns

• €6 million in illegal profit of fraudulent organic pistachio sales

• TikTok Promotion Offers Users Four Free Months of Apple Music

• Microsoft identified over 40 SolarWinds hack victims

• COVID-19 vaccines for sale on the dark web

• Serious File Upload Vulnerability In Contact Form 7 Threatened Millions Of Websites

• Security Recruiter Directory

• What is typosquatting? A simple but effective attack technique

• FTC Questions Big Tech About User Data | Avast

• 10 Must-have Cyber Security Resources as You Plan for 2021

• Microsoft found malicious SolarWinds software in its systems

• FCW Insider: Dec. 18

• Bouncy Castle Bug Puts Bcrypt Passwords at Risk

• Massive Cyberattack On US Government Exposes Shortcomings, Russia Named Top Suspect

• Acunetix update introduces support for macOS Big Sur, support for ShadowRoot, improved CSRF token handling, and new vulnerability checks

• Microsoft confirms breach in SolarWinds hack, but denies its clients were affected

• Apple Clarifies Behavior of AirPods Max Low Power Mode When Not in Use

• Microsoft was also a victim of the SolarWinds supply chain hack

• ‘Long-standing vulns’ in 5G protocols open the door for attacks on smartphone users

• 5 essential steps needed to set up a secure e-commerce website

• Google Extends Support Period for Android Devices

• Microsoft and 40+ Customers Hit in Russian Espionage Attack

• The future of cyberconflicts

• A slightly optimistic tale of how patching went for CVE-2019-19781, (Fri, Dec 18th)

• Europol and the European Commission inaugurate new decryption platform to tackle the challenge of encrypted material for law enforcement investigations

• Putin: the US State Department and the US intelligence agencies come up with fake about Russian hackers

• Manufacturers Take the Initiative in Home IoT Security

• Fake mobile version of Cyberpunk 2077 spreads ransomware

• Want your endpoint security product in the ‘Microsoft Consumer Antivirus Providers for Windows’ ?

• How to avoid seven types of tweets and posts that can get you jailed or fired?

• Cybercrime Expected to Rise At an Unprecedented Rate in 2021

• The SolarWinds Supply Chain Hack: What You Need to Know

• 5 reasons IT should consider client virtualization

• Service NSW not effectively handling private information: NSW Auditor-General

• Operation SignSight: Supply‑chain attack against a certification authority in Southeast Asia

• Imagining a professional life without passwords

• 2020 broke cybersecurity records, here’s what’s to come in the new year

• Britons be aware of the new Cyber Scam before Christmas

• Mobile Security Threat to US Mobile Phones from China

• Microsoft says it identified 40+ victims of the SolarWinds hack

• Millions of Users Downloaded 28 Malicious Chrome and Edge Extensions

• Microsoft Says Its Systems Were Also Breached in Massive SolarWinds Hack

• If You Don’t Hire Robots to Attack Your Networks, You’re Not Doing Security Right

• Could Universities’ Use of Surveillance Software Be Putting Students at Risk?

• Cloud ITSM market size to grow to $12.2 billion by 2025

• Expedited shifts to hybrid infrastructure and remote work challenges

• SAP’s Conlon discusses ways for safe and effective Covid vaccine distribution

• ASPI warns Canberra about security risk with current data centre procurement approach

• Sberbank predicts an outflow of up to ₽4 trillion from banks to the digital ruble

• NSA Releases Cybersecurity Advisory on Detecting Abuse of Authentication Mechanisms

• 
”Amazon” invoice that asks to call 1-866-335-0659 “to cancel” an order that you never made is (obviously) a #scam, (Thu, Dec 17th)

• ISC Stormcast For Friday, December 18th 2020 https://isc.sans.edu/podcastdetail.html?id=7298, (Fri, Dec 18th)

• Sectigo helps OEMs and enterprises secure their connected devices and products

• Offensive Security announces bounty program for user generated content

• Anomali automates and speeds essential tasks performed by threat intelligence

• SolarWinds Sunburst Attack: What Do You Need to Know and How Can You Remain Protected

• Microsoft confirms it was also breached in recent SolarWinds supply chain hack

• Palo Alto Networks Rapid Response: Navigating the SolarStorm Attack

• Innodisk InnoAGE provides full recovery to IoT edge devices

• Inseego launches four 5G fixed wireless solutions for home cord-cutters and business premises

• HITRUST MyCSF streamlines regulatory compliance reporting

• Proact Hybrid updates offer customers flexibility in moving data between different platforms

• IBM Security allows companies to experiment with fully homomorphic encryption

• Russian hack against the U.S. government ‘will take years to overcome,’ former national intelligence official says

• Additional Analysis into the SUNBURST Backdoor

• Group rates states’ IT modernization work

• US nuke agency hacked by suspected Russian SolarWinds spies, Microsoft also installed backdoor

• “Is it you in the video?” – don’t fall for this Messenger scam

• CloudPassage adds Google Cloud Platform support for Halo Cloud Secure

• Entrust Certificate Manager now available in the ServiceNow Store

• nOps brings API integration with AWS Well-Architected Tool to support AWS Well-Architected Reviews

• “Amazon” invoice that asks to call 1-866-335-0659 “to cancel” an order that you never made is (obviously) a #scam, (Thu, Dec 17th)

• Tim Cook and Craig Federighi to Testify in Apple vs. Epic Battle

• iFixit Starts Tearing Down AirPods Max

• Datadog Compliance Monitoring integrates with the AWS Well-Architected Tool

• Cyberbit partners with Optiv to bring simulation-based SOC Team training to clients in North America

• The U.S. government is under the ‘hack of a decade’ after massive cyberattack grows

• This hack is bad for national security, and bad for leadership: Sue Gordon

• Microsoft was also breached in recent SolarWinds supply chain hack, report

• 5M WordPress Sites Running ‘Contact Form 7’ Plugin Open to Attack

• Nuclear Weapons Agency Hacked in Widening Cyberattack – Report

• How to Increase Your Security Posture with Fewer Resources

• ‘SocGholish’ Attack Framework Powers Surge in Drive-By Attacks

• Malicious Browser Extensions for Social Media Infect Millions of Systems

• Easy Tips To Guard Your Files From Most Types Of Hacking

• 5 Perks of VPN

• The Ultimate Guide to Bypassing Geo-restrictions While Streaming

• How did the pandemic change Esports landscape?

• Silo busting strategies for sharing intergovernmental data

• State CIOs face tighter budgets next year

• AWS again challenges JEDI award

• 5M WordPress Sites Running the Contact Form 7 Plugin are Open to Attack

• CISA: SolarWinds backdoor attacks are ‘ongoing’

• IT Security News Daily Summary 2020-12-17

• Streamlining AI workflows with the NetApp Data Science Toolkit

• Three Upcoming Security Regulations Automotive Companies Need to Know

• How using tactical literacy makes it harder for cybercriminals to fool end users

• Facebook Again Slams Apple Over Privacy Concerns

• 5 million WordPress sites potentially impacted by a Contact Form 7 flaw

• A Decade After the Arab Spring, Platforms Have Turned Their Backs on Critical Voices in the Middle East and North Africa

• A “quick wins” approach to securing Azure Active Directory and Office 365 and improving your security posture

• Collaborative innovation on display in Microsoft’s insider risk management strategy

• Ethical power supplier People’s Energy hacked, 250,000 customers’ personal info accessed

• CISA: SolarWinds’ Orion may not be only entry point for hackers

• How to quickly encrypt text for Apple Mail

• Microsoft, FireEye create kill switch for SolarWinds backdoor

• Syntax Ends 2020 with New Cybersecurity and Business Analytics Solutions, Expanded Leadership Team and Notable Amazon Web Services Designation

• More on the SolarWinds Breach

• Tim Cook and Craig Federighi Ordered to Testify in Apple vs. Epic Battle

• VideoBytes: Brute force attacks increase due to more open RDP ports

• Malware infected browser extensions stealing Chrome, Edge user data

• GSA preps launch of OASIS replacement

• Navy’s aquatic drone plan faces operational hurdles

• Russia’s Federal Cyber Attack on U.S.? What Are the Feds Doing?

• RubyGems Packages Laced with Bitcoin-Stealing Malware

• Air-Gap Attack Turns Memory Modules into Wi-Fi Radios

• Police Vouch for Hacker Who Guessed Trump’s Twitter Password

• Healthcare.gov Data Thief Jailed

• Disinformation Spreaders Predicted by AI

• CISA: SolarWinds Not the Only Initial Attack Vector in Massive Breach

• XDR 101: What’s the Big Deal About Extended Detection & Response?

• Top 10 Open Source Vulnerabilities In 2020

• Cybersecurity Evolves Beyond Antivirus With Morphisec Guard 5.0

• What Geopolitical Intelligence Means

• OffSec 2020 Recap

• AirPods Max Battery Drains Only Slightly Faster Outside of Case

• Apple Seeds First Beta of macOS Big Sur 11.2 to Public Beta Testers

• Technical Difficulties of Contact Tracing

• A breakthrough year for passwordless technology

• Mitigating Cloud Supply-chain Risk: Office 365 and Azure Exploited in Massive U.S Government Hack

• Google, Qualcomm team up to make long-term Android updates easier on Snapdragon

• FBI says DoppelPaymer Ransomware Gang is Harassing Victims Who Refuse to Pay

• Malicious RubyGem Package Steals Cryptocurrency

• Three Million People Installed 28 Different Malicious Web Extensions

• IRS Impersonated In Yet Another Tax-Related Scam

• 2020-12-15 – Qakbot (Qbot) infection with Cobalt Strike (Beacon)

• The worst bugs in the top programming languages

• Supply Chain Attack: CISA Warns of New Initial Attack Vectors Posing ‘Grave Risk’

• Indian Police Bust Illegal Call Center

• Rising to the Challenge: Perspectives from Security Leaders on 2020 and Beyond

• Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations

• Shadowserver Partnership Interview | Avast

• Samuel L. Jackson Starring in Apple TV+ Series ‘The Last Days of Ptolemy Grey’

• Apple Seeds First Betas of iOS 14.4 and iPadOS 14.4 to Public Beta Testers

• Parallels 16 for M1 Macs Now Available Through Technical Preview Program

• Understanding Apple’s New App Privacy Information

• Understanding Apple’s App Privacy Information – Intego Mac Podcast Episode 166

• Non-traditional small IT contractors: ‘A well-established niche that is here to stay’

• 3M Users Targeted by Malicious Facebook, Insta Browser Add-Ons

• Cryptologists Crack Zodiac Killer’s 340 Cipher

• 51% of WFH Parents Say Children Have Accessed Work Accounts

• DEF CON 28 Safe Mode Hack The Seas Village – Gary Kessler’s ‘Hacker Challenge Single Point Prediction’

• 3 Million Chrome Users Infected via Extensions—Here We Go Again

• DoppelPaymer ransomware gang now cold-calling victims, FBI warns

• Review: Belkin’s Car Vent Mount PRO Offers Easy MagSafe Mounting

• Google Wins EU Approval For Fitbit Deal

• Ad-blocker AdGuard deploys world’s first DNS-over-QUIC resolver

• Code42 Incydr Series: Bringing Shadow IT into the light with Code42 Incydr

• FBI, CISA, ODNI Describe Response to SolarWinds Attack

• The Why of AI and ML

• 4 Security Strategies to Keep Your Data Safe During the Holidays

• Federal Incentives for Cybersecurity Maturity

• How Suspected Russian Hackers Outed Their Massive Cyberattack

• People’s Energy Data Breach Affects All 270,000 Customers

• Irish Data Regulator Defends Order To Halt Facebook Data Flow

• Evil Mobile Emulator Farms Used To Steal Millions From Banks

• Apple Prototyped Hundreds of AirPods Max Designs, Says Smart Case is Designed for Storage Efficiency

• Deals: Holiday Sales Hit Apple’s iMac, MacBook Pro, and Mac mini (Up to $400 Off)

• Vulnerabilities in the Next Generation of 5G Could Allow Attackers to Steal Credentials and Falsify Subscriber Authentication

• Becoming resilient by understanding cybersecurity risks: Part 2

• Brexit erupts new data privacy fears among Facebook and Google users

• Google Staff Seek Removal Of VP Involved In Timnit Gebru ‘Firing’

• How to protect your organization following the SolarWinds compromise

• Increase In Attack: SocGholish

• Cobalt Finishes 2020 with Record Growth, Poised to Continue Disruption of Multibillion Dollar Pentesting Market

• Kaspersky Security Bulletin 2020. Statistics

• Eve Update Brings its HomeKit App to the Mac

• How Biden Can Take the High Road on Misinformation

• Face Verification And Multi-user SMS 2FA Options Added To SingPass – Expert Reaction

• Developing A Unified Crypto Strategy to Get Ahead Of Tomorrow’s Security Threats

• 3 Powerful Ways To Keep Your Remote Workers Cybersafe And Secure

• Taking An Automated Approach To Defending The Public Sector

• EU’s Digital Services Act And Digital Markets Act – Experts’ Perspectives

• 50% of U.S. tech execs say state-sponsored cyber warfare their biggest threat: CNBC survey

• One In Four UK Homes Can Access Gigabyte Broadband, Ofcom Says

• Phone scammers were able to get 270% more personal information in 2020 than in 2019

• Trend Micro Patches Serious Flaws in Product Used by Companies, Governments

• Little-Known SolarWinds Gets Scrutiny Over Hack, Stock Sales

• FBI Warns of DoppelPaymer Ransomware Targeting Critical Infrastructure

• 5 tools to help improve IoT visibility, device security

• S3 Ep11: DIY phishes, sandwich scams and vaccine hacking [Podcast]

• Two-Thirds of Orgs Expect Increase in #COVID19 Phishing Attacks Next Year

• 19 arrests for smuggling irregular migrants from Morocco to the Spanish Canary Islands

• VPNs, MFA & the Realities of Remote Work

• Talos Tools of the Trade

• Apple Adjusts Trade-In Prices for Apple Watch, iPad, and Mac

• Apple TV+ Shares Trailer for Original Film ‘Palmer’ Starring Justin Timberlake, Debuts January 29

• Third-Party Browser Extensions For Instagram, Facebook Infected With Malware

• Should You Use End-to-End Encryption for Your Email?

• 2020-12-14 – Quick post: Hancitor infection with Cobalt Strike and Ficker Stealer

• This ‘off the shelf’ Tor backdoor malware is now a firm favorite with ransomware operators

• Hybrid Networks Are a Business Reality – and Most Security Can’t Keep Up

• Experts spotted browser malicious extensions for Instagram, Facebook and others

• SolarWinds’ codebase hacked to inject backdoor

• DoppelPaymer ransomware gang is harassing victims who don’t pay

• Egregor and Ryuk ransomware leverages SystemBC backdoor

• Why Are More Industries Switching From SMS 2FA to Push?

• Smart toy security: How to keep your kids safe this Christmas

• A Recipe for Avoiding Software Failures

• Facebook Slams Apple Advertising Changes

• SolarWinds Sunburst Attack: What do you need to know and how can you remain protected

• Agency challenges in wake of SolarWinds hack

• Two Malware-Laced Gems Found in RubyGems Repository

• When zombie malware leads to big-money ransomware attacks

• Ransomware and Cyber-Extortion Payments Double in 2020

• FireEye Hack Turns into a Global Supply Chain Attack

• Which Third-Party Pods Do You Need in Your K8s Cluster?

• Facebook Temporarily Disables Some Messenger and Instagram Features in Europe to Comply With EU Data Rules

• Why Cyber Security Should Be at the Top of Your Christmas List

• Phobos Ransomware: Everything You Need to Know and More

• Whistleblowers have come to us alleging spy agency wrongdoing, says UK auditor IPCO

• CISO playbook: 3 steps to breaking in a new boss

• Google Sued By 10 US States For Alleged Facebook Collusion

• Adrozek Adware Dangers | Avast

• IBM launches experimental homomorphic data encryption environment for the enterprise

• EU Unveils Revamp of Cybersecurity Rules Days After Hack

• Killswitch Found for Malware Used in SolarWinds Hack

• Experts Urge Users to Ignore Facebook Christmas Bonus Scam

• Dutch Hacker Who Allegedly Broke into Trump’s Twitter Account Walks Free

• Malicious Browser Extensions | Avast

• Microsoft Edge Browser Now Available With Native Support for M1 Macs

• Business are tracking customers and not telling them

• How cyber-attackers are coming after you in 2021

• GLBA explained: What the Graham-Leach-Bailey Act means for privacy and IT security

• Fully Homomorphic Encryption: Unlocking the Value of Sensitive Data While Preserving Privacy

• FCW Insider: Dec. 17

• Quick Hits

• Malicious Chrome and Edge Extensions Affect Millions of Users

• Software Supply-Chain Attack Hits Vietnam Government Certification Authority

• How to Use Password Length to Set Best Password Expiration Policy

• Launched OSSISNa, the Observatory for the Protection of the National Strategic Industrial System

• WhatsApp Testing Voice and Video Call Features for Mac Desktop Client

• United States Federal Government’s Shift to Identity-Centric Security

• Was Google hacked?

• Facebook Criticizes Apple Privacy Policy in Newspaper Ads

• Analysis of 5G Network Security Reveals Attack Possibilities

• BEC Hits Double Digits as COVID-19 Scams Abound

• Spain dismantles top Russian-speaking organised crime network that had infiltrated public institutions

• How secure are smart contracts?

• Digging the recently leaked Chinese Communist Party database

• Facebook Runs Second Full-Page Ad Criticizing Apple, Says Opt-In Tracking Will Make the Internet Worse

• Twitter Kills Quote Tweet Prompt, Returns Retweet Action to Original Behavior

• UK Home Office chucks US firm Leidos £30m for help snooping on comms data

• How to Ensure Mobile App Security: Key Risks & Top Practises

• Passwords begone: GitHub will ban them next year for authenticating Git operations

• Want to add antivirus to your existing portfolio?

• Phobos launches Orbital, a tool for finding attack pathways and entry points into your network

• Visual Notes : SolarWinds Supply Chain compromise using SUNBURST backdoor (detected by FireEye)

• Enterprises Increase Security Spending but not Efficacy

• Identity Verification: Protecting Customer Data Across Borders

• Dutch officials say Donald Trump really did protect his Twitter account with MAGA2020! password

• Stress levels are rising, but that doesn’t have to mean more security incidents

• Apple launches Privacy Labels for increased Mobile Security

• China steals data from Google Servers

• Cybersecurity Advent calendar: Stay close to one another… Safely!

• Upcoming HomePod 14.4 Software Update to Add New HomePod Mini U1 Features

• Migration delays prevent AD-centric zero trust security framework adoption

• How employees view and manage company security

• API Security Weekly: Issue #114

• Vulnerabilities in Standalone 5G Networks Expose Users to Attacks

• 5 Key Security Challenges Facing Critical National Infrastructure (CNI)

• A new approach to scanning social media helps combat misinformation

• Cost savings and security are key drivers of MSP adoption

• Data Visibility and Management When Selecting or Working with an MSSP

• Facebook Shuts Down Fake Accounts Associated With Russia and French Military

• ISC Stormcast For Thursday, December 17th 2020 https://isc.sans.edu/podcastdetail.html?id=7296, (Thu, Dec 17th)

• CodeZero ZERO BrandCard: Enabling a secure and contactless digital identity exchange

• Proposed OPM rule would elevate the role of performance in layoff decisions

• Three million users installed 28 malicious Chrome or Edge extensions

• CloudKnox extends support for serverless functions on AWS, Azure, and Google Cloud

• WekaIO and Rancher Labs team up to help enterprises run containers and Kubernetes in production

• NETSCOUT extends its Smart Perimeter Protection to AWS

• Okera launches adaptive security plane with nScale elasticity

• Russian Hackers Breached US govt, FireEye in a Supply Chain Attack

• The Growing Importance of Endpoint Security

• Russia’s Hacking Frenzy Is a Reckoning

• DNS Logs in Public Clouds, (Wed, Dec 16th)

• Open Group and University of York join €4.5M EU TYPHON project to address hybrid big data challenges

• Twitter chooses AWS to provide global cloud infrastructure

• Semtech integrates LoRaWAN protocol on the Network Server with AWS IoT Core

• Asigra announces Cloud Backup with Deep MFA integration with Microsoft Office 365

• Russia’s Hacking Frenzy Is a Reckoning

• Focus of OT and IoT Cybersecurity in Australia’s Critical Infrastructure

• Solarwinds Vulnerabilty: Address the Basics First

• Welcome to the new JumpCloud brand!

• FireEye, GoDaddy, and Microsoft created a kill switch for SolarWinds backdoor

• Apple Responds to Facebook’s Anti-Tracking Criticism, Says Users Deserve Control and Transparency

• NS1 appoints David Coffey as chief product officer

• LogicGate secures $8.75M in growth capital to fuel international expansion and new product offerings

• Cloudhouse acquires UpGuard Core to provide instant visibility of an entire IT infrastructure

• Tufin SecureCloud now supports the Google Cloud Platform

• Top 9 Web Security Tools to Secure Your App/System

• Update on Widespread Supply-Chain Compromise

• SolarWinds’ shares drop 22 per cent. But what’s this? $286m in stock sales just before hack announced?

• Apple Maps Look Around Feature Expands to Denver, Detroit, Miami and More

• EfficientIP expands leadership team with two new senior appointments

• CUBE appoints Pedro Pereiro and Steve Pool to the executive leadership team

• Jim Pflaging joins Cloudentity board of directors

Generated on 2020-12-18 23:55:12.947409