IT Security News Daily Summary 2020-12-22

• iPhone Calendar Events spam is back: Here’s how to get rid of it

• Announcing the General Availability of Container Security in the VMware Carbon Black Cloud

• Biden promises ‘overwhelming focus’ on hack recovery

• Making population data count: The Census Data Lake

• 50 orgs ‘genuinely impacted’ by SolarWinds hack, FireEye chief says

• Robots for kids: STEM kits and more tech gifts for hackers of all ages

• Facebook Will Offer Improved Account Security In 2021

• Building a Non-Functional Requirements Framework – Overview

• Researchers shared the lists of victims of SolarWinds hack

• Elon Musk Claims He Once Reached Out to Tim Cook About Tesla Purchase But Was Refused Meeting

• Video: Testing Windows on an M1 Mac With Parallels 16

• Cybersecurity Trends: Keeping Up With 2020’s ‘New Normal’

• Union lawsuit looks to block Schedule F

• A quiet, steady communications revolution has radically improved response in public safety

• Holiday Puppy Swindle Has Consumers Howling

• Qualys Researchers Identify 7+ Million Vulnerabilities Associated with SolarWinds/FireEye Breach by Analyzing Anonymized Vulnerabilities across Worldwide Customer Base

• Rumors Persist of New Apple TV With Stronger Gaming Focus, Updated Remote, and Faster Chip Next Year

• The New IOT Security Act Shows the Limits of Congressional Policymaking for Cybersecurity

• Does Biden believe the Russia hack is an act of war?

• Two groups might have breached SolarWinds Orion software- Microsoft

• 7 Cybersecurity Tools On Our Holiday Wish List

• UK lawmakers propose law banning retail bots after PS5 fiasco

• UN Rights Expert Urges Trump to Pardon Assange

• Prepare to Fight Upcoming Cyber-Threat Innovations

• 5 Email Threat Predictions for 2021

• Risk Journeys with Lisa Young | Part 2

• The CASE Act Is Just the Beginning of the Next Copyright Battle

• Emotet returns just in time for Christmas

• NCSC Issues Cyber Security Guidance For Farmers

• Phishing Campaign Impersonates New York Department of Labor to Steal Private Information

• U.S. Seizes Domains Used for COVID-19 Vaccine Phishing Attacks

• cybercrime

• IoT cyber law signed amid growing vulnerabilities

• The best gifts for hackers

• Phishers Spoof New York Department of Labor

• New marketing campaign against UK subway by using TrickBot malware

• XKCD ‘Conjunction’

• Developer Successfully Emulates Nintendo Switch Games on M1 Mac

• The CASE Act, Hidden in the Coronavirus Relief Bill, Is Just the Beginning of the Next Copyright Battle

• Israel targets Al Jazeera journalists with spying Malware

• Microsoft and others set up Ransomware Task Force

• US Bill against foreign firms that are Spying

• Facebook to focus more on Mobile Security in 2021

• Dubber acquires Speik to expand its AI call-recording service

• Attesting to the Security of Data-in-Use

• Does a friend “need money urgently”? Check your facts before paying out…

• Shabang Banged to Rights

• NSO ‘Pegasus’ Hacking Tool Targets Journalists Again

• Deals: Apple Updates iTunes Movies With Sales on Holiday Classics, Recent Releases, Franchise Bundles, and More

• This Disastrous Copyright Proposal Goes Straight to Our Naughty List

• Year-End Challenge for Online Rights

• OneTrust’s Alan Dabbiere on government agency cyber attacks

• How to achieve cost savings with cloud management optimisation

• Why do bank account scammers fear icebergs?

• How to enhance access to digital banking with risk management

• ‘Tis the season for session hijacking – Here’s how to stop it

• Microsoft Developing Own ARM-Based Server Chips

• Feds seize VPN service used by hackers in cyber attacks

• Joker’s Stash Carding Site Taken Down

• Tech Giants Lend WhatsApp Support in Spyware Case Against NSO Group

• Tech Giants Show Support for WhatsApp in Lawsuit Against Spyware Firm

• What is SecOps? Everything you need to know

• Police Seize VPN Service Beloved by Cyber-criminals

• Law Enforcement Disrupts VPN Services Enabling Cybercrime

• Cybercriminals’ Favorite Bulletproof VPN Service Shuts Down In Global Action

• Eavesdropping on Phone Taps from Voice Assistants

• Joker’s Stash Carding Site Taken Down, For Now

• Signal: Firm Claims To Have Cracked Chat App’s Encryption

• Law Enforcement Take Down Three Bulletproof VPN Providers

• U.S. House Intel Chair Wants Briefing On Recent Hacking Campaign

• Trump Administration Says Russia Behind SolarWinds Hack. Trump Himself Begs To Differ

• Apple TV+ Show ‘Ted Lasso’ Likely to End After Season 3

• Expert Reaction On Microsoft Says It Identified 40+ Victims Of The SolarWinds Hack

• Experts Reacted On Microsoft Confirming Breached In Recent SolarWinds Supply Chain Hack

• UK firm NOW: Pensions tells some customers a ‘service partner’ leaked their data all over ‘public software forum’

• Trucking And Freight Company Forward Air Suffered Ransomware Attack

• How to secure your business from cyberattacks

• What Is the Safest Backup Option Available to Regular Users

• Is your app modernization strategy ready for the future?

• VPN Service Used by Cybercriminals Disrupted in Global Law Enforcement Operation

• Top 10 cybersecurity online courses for 2021

• Firefox 85 to Bring Full Network Partitioning to Block Most User Tracking Efforts

• The Ministry of Internal Affairs of Russia is creating a cyber police

• Security as Code: How Repeatable Policy-Driven Deployment Improves Security

• Wake on LAN with IP address manager: A holistic approach to remote booting

• 2021 Security Crystal Ball: Trends and Predictions for the Year Ahead

• How the Edge Improves Microservices

• WFCM 1.7.0: new file integrity checks & detailed email notifications

• Bulletproof VPN services took down in a global police operation

• Netatmo Video Doorbell With HomeKit Now Available to Order in U.S. and Canada, Ships Early January

• Reflections on the SolarWinds Breach

• Ask Lawfare: A Special Year-End Edition of the Lawfare Podcast

• The Military Waiver Requirement for Secretary of Defense Shouldn’t Substitute Individuation

• Six Trends Shaping the 2021 Cybersecurity Outlook

• Patching alternative to Solarwinds Orion

• Sen. Wyden: Dozens of Treasury Department email accounts were hacked during cyberattack

• Apple Sets 2024 Deadline For Passenger Vehicle – Report

• How to combat future cyberattacks following the SolarWinds breach

• Crypto Exchange EXMO Says Funds Stolen in Security Incident

• Ministry of Justice Suffers 17 Serious Data Breaches Last Year

• Security Intelligence Handbook Chapter 5: How Security Intelligence Drives Proactive Response

• Beware: not so festive social media scams

• Patrick Wardle on Hackers Leveraging ‘Powerful’ iOS Bugs in High-Level Attacks

• CISA Issues ICS Advisory for New Vulnerabilities in Treck TCP/IP Stack

• Gartner Ranks Radware #1 for API & High Security Use Cases in 2020 Critical Capabilities Report

• Expert Commentary On Crypto Exchange EXMO Hacked

• UK firm NOW: Pensions tells 1.7 million customers a ‘service partner’ leaked their data all over ‘public software forum’

• Cybersecurity Consultant: Are More CISSPs Embracing the Gig Economy?

• Android security: Analysis, advice, and next-level knowledge

• Google, Facebook Team Up To Tackle Antitrust Lawsuit – Report

• Critical Dell Wyse Bugs Let Attackers to Execute Code and Access Files and Credentials

• Farmers get their own security advice as cyberattacks increase

• Law enforcement take down three bulletproof VPN providers

• SolarWinds Claims Execs Unaware of Breach When They Sold Stock

• Cybereason Adopts Oracle Cloud Infrastructure to Enhance its Platform Security

• iPhones of Al Jazeera Journalists Being Snooped On Via Israeli Firm’s Spyware

• How to Build Successful Security Awareness Training Programs in 2021 and Beyond

• $10 Credit Cards, $2 PayPal Accounts + More Findings From VMware Carbon Black – Expert Insight

• UK Unlikely To Hit 5G And Broadband Target

• Google, Facebook Team Up To Tackle Antitrust Lawsuits – Report

• Servers of Carding Site “Joker’s Stash” Seized by Law Enforcement

• Cyberattack Hit Key US Treasury Systems: Senator

• Tech Giants Support Facebook in Case Against Spyware Maker

• Cybercriminals’ favourite VPN taken down in global action

• What can we learn from the SolarWinds Breach?

• Monitoring Microservices on AWS with Thundra: Part I

• Malware Victim Selection Through WiFi Identification, (Tue, Dec 22nd)

• Expert Says SolarWinds Cyber-Attack Serves Important Password Security Reminder

• The 4 Key Security Gaps Every Security Team Needs To Close In 2021

• Expert Insight On Flavors Designer Symrise Ransomware Attack

• 16-30 November 2020 Cyber Attacks Timeline

• How have digital transactions become safer?

• What is Security Orchestration Automation and Response?

• 6 Information security predictions for 2021

• Just released! AT&T Cybersecurity Insights™ Report: 5G and the Journey to the Edge

• What is a managed firewall? Benefits, offerings explained

• 6 board of directors security concerns every CISO should be prepared to address

• STEM Activities For Kids | Avast

• Mobile Disinformation Campaigns | Avast

• Just 8% of Firms Offer Regular Security Training

• NSO Group Spyware Used To ‘Hack’ Al Jazeera Journalists

• December 2020 Web Server Survey

• Microsoft and Google join Facebook’s legal battle against hacking company NSO

• Threat Actors Increasingly Using VBA Purging in Attacks

• Big Tech Joins Up to Ransomware Task Force

• A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says

• Zero Trust: Not Just for Humans, but Also Machines

• Application security testing is not just buzzwords

• Report: 2020 Sees Spikes in Mobility, Fintech Fraud

• VMware and Cisco also impacted by the SolarWinds hack

• Objectives of Nation State Cyber Attackers

• Microsoft and McAfee headline newly-formed ‘Ransomware Task Force’

• Steps IT pros can take to prioritize interpersonal needs

• Cybersecurity Advent calendar: Stay aware, stay safe!

• Trukno: “On A Mission To Deliver Cyber Intelligence, Not Cyber News”

• Worldwide new account fraud declined 23.2% in 2020

• Three reasons why context is key to narrowing your attack surface

• EFF to Ninth Circuit: Don’t Grant Immunity to Notorious Spyware Company

• Three Strikes & You’re in!

• Detecting SUNBURST/Solarigate activity in retrospect with Zeek – a practical example

• CFOs optimistic, expect the economy to improve in 2021

• Operational planning simulation for defense against an attacking drone swarm

• How A Device to Cloud Architecture Defends Against the SolarWinds Supply Chain Compromise

• ISC Stormcast For Tuesday, December 22nd 2020 https://isc.sans.edu/podcastdetail.html?id=7302, (Tue, Dec 22nd)

• You Think You’re Prepared for the Next SolarWinds. You Are Not.

• ColorTokens Partner Program: Content, tools, and training in ColorTokens’ Zero Trust approach

• December 21st, 2020 – Solorigate Resource Center

• NSA Warns of Cloud Attacks on Authentication Mechanisms

• D-Link Layer 3 Stackable 10G Managed Switches offer high scalability, availability, and redundancy

• Tufin Orchestration Suite R20-2: Users can evaluate network access risks and minimize attack surface

• Microsoft, Google, Cisco, and others file amicus brief in support of Facebook’s NSO lawsuit

• Cognizant acquires Inawisdom to help businesses improve business outcomes

• uCloudlink and Vodafone extend partnership on data procurement

• Software factories are new ‘crown jewels,’ Air Force official says

• 5 recommendations for cyber maturity

• OneLogin expands leadership team with the appointment of two new members

• May Mitchell joins iboss as Senior Vice President of Marketing

• Microsoft has discovered yet more SolarWinds malware

• Zero-click iMessage zero-day used to hack the iPhones of 36 journalists

• Security experts warn of long-term risk tied to Energy Department breach

• Apple is allegedly working on a passenger car, breakthrough battery tech

• What we know about the new SARS strain that’s shutting down the UK

• The U.S. Government Is Targeting Cryptocurrency to Expand the Reach of Its Financial Surveillance

• Cybersecurity pros: Are humans really the weakest link?

• Test your network threats and attacks expertise in this quiz

• SolarWinds backdoor infected tech giants, impact unclear

• Advice for an effective network security strategy

• Top network attacks of 2020 that will influence the decade

• Cisco, Intel, Deloitte Among Victims of SolarWinds Breach: Report

• Talos Vulnerability Discovery Year in Review — 2020

• Epic Games and Samsung Send ‘Free Fortnite’ Swag to Influencers With Galaxy Tab S7

• A Massive Fraud Operation Stole Millions From Online Bank Accounts

• The Slow-Motion Tragedy of Ola Bini’s Trial

• Advice for incident responders on recovery from systemic identity compromises

• IT Security News Daily Summary 2020-12-21

• Syrmise Flavor Developer Affected by Clop Ransomware Group

• Magecart Group Makes Mistake That Leaks Victims in RAT Code

• Cyberpunk 2077 Fake Android App Download Leads to Ransomware

• Partial lists of organizations infected with Sunburst malware released online

• Smart Doorbell Disaster: Many Brands Vulnerable to Attack

• Nosy Ex-Partners Armed with Instagram Passwords Pose a Serious Threat

• NSA, CISA Warn of Attacks on Federated Authentication

• SolarWinds/SUNBURST: DGA or DNS Tunneling?

• Dell Wyse ThinOS flaws allow hacking think clients

• Schedule F workforce plan survives funding bill

• Cryptocurrency 101: What every business needs to know

• Defending Against State and State-Sponsored Threat Actors

• Russia Officially Denies Large-scale US Hack

• Look-alike Domain Mitigation: Breaking Down the Steps

• Samsung’s Upcoming Galaxy Buds Pro Copy Apple’s ‘Spatial Audio’ Feature

• Apple Car Production Slated for 2024 With ‘Next Level’ Battery Technology

• Best Practice: Identifying And Mitigating The Impact Of Sunburst

• Zero-Click Apple Zero-Day Uncovered in Pegasus Spy Attack

• The 5 tech skills should you master in 2021

• Top 5 tech skills to master in 2021

• The Best New Antivirus for Android

• Critical Vulnerabilities Expose Dell Wyse Thin Client Devices to Attacks

• Report: Facebook Shopping Scams Are On The Rise

• 7 Infamous Moments in Adobe Flash’s Security History

• Zoom Exec Charged With Tiananmen Square Massacre Censorship

• Predicated Data Classification Trends for 2021

• Zero-Click iOS Zero-Day Vulnerability Found Targeting Al-Jazeera Journalists

• IMF could track your browsing history to determine credit score

• Security vendors: It’s time to come clean about intrusions

• Breakup Plan for Cyber Command and NSA

• BlueHalo Acquires Base2 and Fortego

• JumpCloud Adds Conditional Access Policy Support

• Continue Clean-up of Compromised SolarWinds Software

• SUPERNOVA, a backdoor found while investigating SolarWinds hack

• Include Lawfare in Your End-of-Year Giving

• How to Fix the Vulnerabilities Targeted in the SolarWinds and FireEye Hack

• Grand unification theory of cloud

• Cyber exec: 50 orgs ‘genuinely impacted’ by SolarWinds hack

• Dark Web Pricing Skyrockets for Microsoft RDP Servers, Payment-Card Data

• Simplifying Proactive Defense With Threat Playbooks

• Phishing Campaign Uses New York Department of Labor Logo and Pandemic Aid Info to Steal Private Information

• DEF CON 28 Safe Mode Blockchain Village – Suhyeon Lee’s ‘Blockchain For Cyber Defense’

• Threat Hunting Offsets the Technology Gaps

• UK Energy firm suffers serious data breach

• iVerify: Added security for iPhone and iPad users

• This app will tell you if your iPhone has been hacked

• Hacker Dumps Crypto Wallet Customer Data; Active Attacks Follow

• Critical Bugs in Dell Wyse Thin Clients Allow Code Execution, Client Takeovers

• Dell Wyse Thin Client scores two perfect 10 security flaws

• Email Address of Instagram Users Exposed via Facebook Business Suite

• Differences among WEP, WPA, WPA2 and WPA3 wireless security protocols

• Two Critical Flaws — CVSS Score 10 — Affect Dell Wyse Thin Client Devices

• ColorTokens Launches Global Partner Program

• What’s the deal with openportstats.com?, (Mon, Dec 21st)

• Some Of 2020’s More Interesting Security Stories

• Kazakhstan Spies On Citizens’ HTTPS Traffic

• Al Jazeera Journalists Hacked Via NSO Group Spyware

• A Second Hacking Group Has Targeted SolarWinds Systems

• iPhone 12 Became the World’s Top 5G Smartphone Within Two Weeks of Launch

• The cloud polyglot

• iPhones of 36 Al Jazeera journalists hacked with NSO’s zero-click spyware

• 6 modern data stack trends to look for in 2021

• Google Issues Post Mortem on Gmail, YouTube Outage

• Ransomware Attacks Surge in Q3 as Cyber-Criminals Shift Tactics

• Hacker publishes stolen email and mailing addresses of 270,000 Ledger cryptocurrency wallet users

• We Have a National Cybersecurity Emergency — Here’s How We Can Respond

• Vulnerability Summary for the Week of December 14, 2020

• Secure Network Analytics (Stealthwatch) Then, Now and Beyond – Part 3: Into the Future

• Deals: Get the 256GB 12.9-Inch iPad Pro for $949 ($150 Off, Lowest Price)

• Cramer: Massive cyber attack suggests security systems may be out-of-date

• BrandPost: Your Guide for Digital Safety: Holiday Edition

• Your online search history could make for a better credit score says the IMF

• A second hacking group has targeted SolarWinds systems

• Journalists’ Phones Hacked via iMessage Zero-Day Exploit

• Gallagher Appoints Three New Cybersecurity Specialists

• US Cyberattack: More than 50 Companies Suffer A Massive Breach

• StrikeForce Unveils SafeVchat Delivering First Fully Secure Video Conferencing Platform

• European Commission Proposes Bold Steps on Cybersecurity

• Philips Hue to Introduce Updated Dimmer Switch and ‘Wave Linear’ Outdoor Lighting

• A response to Security Ratings – Love, Loathe or Live With Them

• Modernize Your Intrusion Detection Strategy with an AI-Powered, Open-Source NIDS>

• Top Linux Cloud Threats of 2020

• Deals: Save Up to $60 on Apple Watch Series 6 and Apple Watch SE

• Why Schrems II Might Not Be a Problem for EU-U.S. Data Transfers

• Qualified Immunity and the Plea for Accountability

• Script for detecting vulnerable TCP/IP stacks released

• SolarWinds is the tip of the iceberg

• Cybersecurity Things to Celebrate in 2020

• SolarWinds releases known attack timeline but new data suggests hackers may have done a dummy run last year

• Can I Ask You A Question?

• Ofcom Urges Telecoms Provider Aid For Vulnerable Households

• NCSC Probes UK Fallout Of Massive Hacking Campaign

• Judge Proposes 2023 Trial Date For Google Antitrust Case

• Apple Closes Los Angeles Stores As Covid Cases Spike

• Tech Trends and Predictions 2021

• TAU Threat Analysis: Insights on the SolarWinds Breach

• Leaders and Losers of the SolarWinds Hack

• Your browser history could soon be a part of your credit score

• A Google Cloud Platform Primer with Security Fundamentals

• VMware, Cisco Reveal Impact of SolarWinds Incident

• Naked Security Live – Watch out for Messenger scams

• As COVID-19 Rages, Intel Invests in Health-Check Kiosk Provider

• Zoom With Support for Apple Silicon Set to Launch Today

• A week in security (December 14 – December 20)

• Apple Security 2020: The Year in Review

• Supply-chain Attack Targeting Certification Authority in Southeast Asia

• OneTrust raises $300 million to automate data governance and compliance

• Telemed Poll Uncovers Biggest Risks and Best Practices

• Stolen Card Prices Soar 225% in Two Years

• Thousands of Student Records Remain Unrecoverable after Baltimore County Public Schools Ransomware Attack

• Zero-day exploit used to hack iPhones of Al Jazeera employees

• Adobe Premiere Pro, Premiere Rush, and Audition for Apple Silicon Available in Beta

• Best Practices For Managing Third Party Risk

• ‘Best tech employer of the year’ threatened trainee with £15k penalty fee for quitting to look after his sick mum

• What to expect from 2021?

• CPRA explained: New California privacy law ramps up restrictions on data use

• How to prepare for the next SolarWinds-like threat

• Chinese face-scanning firm CloudMinds rebrands U.S. unit after blacklisting

• Quick Hits

• How do we stop cyber weapons from getting out of control?

• New US Bill Will Punish Foreign Firms’ IP Theft

• Customs thwart illegal cigarette trade in the EU and UK: 17 arrests and 67 million cigarettes seized

• Common Security Misconfigurations and Their Consequences

• Apple Places Supplier Wistron on Probation Following Worker Unrest in India

• Mozilla To Roll Out Network Partitioning With Firefox 85

• US Indicts Former Zoom China Liaison for Doing PRC’s Bidding

• 2021 New Year Resolutions for Web Application Security

• Remote iOS Attacks Targeting Journalists: More Than One Threat Actor?

• Well, on the bright side, the SolarWinds Sunburst attack will spur the cybersecurity field to evolve all over again

• Human Assets are Key to Protecting Your Virtual and Physical Assets

• 6 Significant Cloud Security Threats

• Clop ransomware gang paralyzed flavor and fragrance producer Symrise

• Trying to register your antivirus in Windows Security Center?

• US Adds Dozens Of Chinese Firms To Trade Blacklist

• Shadow IT Adds to Remote Work Security Risks

• Info-stealing Trojan PyMICROPSIA Emerges As New Windows Malware

• FCW Insider: Dec 21

• iPhones of 36 Journalists Hacked Using iMessage Zero-Click Exploit

• Five ways COVID-19 will change cybersecurity

• China hackers target Indian online retail firm Flipkart and its customers

• Russia celebrates 100th anniversary for Cyber Attacks

• SolarWinds/SUNBURST Backdoor, Third-Party and Supply Chain Security

• Disruption in 2020 paves the way for threat actors in 2021 and beyond

• How do I select a data control solution for my business?

• Microsoft Breached in Suspected Russian Hack Using SolarWinds

• The 10 Most Common Website Security Attacks (and How to Protect Yourself)

• #TripwireBookClub – The Ghidra Book

• Iranian Hackers Target Israeli Companies With Pay2Key Ransomware

• Cybereason and Oracle Team Up for Security at Scale from the Endpoint to the Cloud

• Healthcare organizations to increase hybrid cloud deployments

• 5G connections reach 229 million, adoption 4x as fast as LTE

• Trump administration says Russia behind SolarWinds hack. Trump himself begs to differ

• 28 Chrome And Edge Third-Party Extensions Found Infected With Malware

• COVIDSafe Herald update hits app stores as researchers point out unfixed regressions

• ISC Stormcast For Monday, December 21st 2020 https://isc.sans.edu/podcastdetail.html?id=7300, (Mon, Dec 21st)

• Pentagon Plan on Cyber Split Draws Strong Hill Criticism

• Secure-IC makes it easy to use its protection technologies on Cloud platforms

• Court denies Perspecta’s NGEN protest

• AIR-FI Attack Turns RAM In Air-Gapped Systems Into WiFi To Steal Data

• COVID premium pay varies across Veterans Affairs

• Zero-click iOS zero-day found deployed against Al Jazeera employees

• Former Zoom PRC liaison wanted on harassment-related charges over disrupting Tienanmen remembrance calls

• Sketchy Report Says Apple Car is Years Ahead of Schedule, Will Debut Next Year

• Haiyan Song joins F5 Networks as Executive Vice President of Security

• Deep Instinct appoints Ryan Shopp as chief marketing officer

• Trump administration says Russia behind SolarWinds hack.Trump himself begs to differ

Generated on 2020-12-22 23:55:11.256260