IT Security News Daily Summary 2021-02-27

• Judge Approves $650M Facebook Privacy Lawsuit Settlement

• BSides Calgary 2020 – Greg Foss’ ‘The Future Of Destructive Malware’

• XKCD ‘Post-Pandemic Hat’

• Hotarus Corp gang hacked Ecuador’s Ministry of Finance and Banco Pichincha

• Steris Corporation, The Latest Victim of Ransomware Gang Called ‘Clop’.

• The SolarWinds Body Count Now Includes NASA and the FAA

• HomeKit Essentials Worth Checking Out

• Top Stories: MacBook Pro, iMac, and AirPods Rumors, macOS 11.2.2, MagSafe Wallet Revisited

• To pay, or not to pay? That is the VPN question

• 6 Steps to Help Your Family Restore Digital Balance in Stressful Times

• Why would you ever trust Amazon’s Alexa after this?

• T-Mobile customers were hit with SIM swapping attacks

• Facebook Weighing Up Legality of Facial Recognition in Upcoming Smart Glasses

• Sequoia Capital Discloses Data Breach Following Failed BEC Attack

• SQL Triggers Used by Hackers to Compromise User Database

• CPAC 2021 Open Display of Nazi Symbols

• Five worthy reads: Are we ready for a passwordless future?

• ‘Build’ or ‘Buy’ your own antivirus product

• Malicious Firefox Extension that Allows Attackers to Access and Control Users’ Gmail Accounts

• Unprotected Private Key Allows Remote Hacking of PLCs

• Weekly Update 232

• Modern Identities for the Digital First World

• Review: Perlroth’s book on the cyberarms market

• Championing worthy causes: How ESET gives a helping hand

• Safeguarding children against cyberbullying in the age of COVID‑19

• Oxford University COVID‑19 lab hacked

• Week in security with Tony Anscombe

• Review: Perlroth’s book on the cyberarms market

• AIVD says they face cyber attacks from Russia and China every day

• Pretending to be an Outlook Version Update, (Fri, Feb 26th)

• Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

• Network Threat Hunting Made Easy With the MistNet NDR MITRE ATT&CK™ Engine

• New Ryuk ransomware implements self-spreading capabilities

• Apple Requiring Developers to Return DTK Mac Minis by March 31

• AI compares medical rookies’ biomechanical skills to experts

• RPA turns modernization goals into reality

• How will cybersecurity change with a new US president? Pros identify the biggest needs

• The hidden business costs of working remotely

• The Oversight Board Moment You Should’ve Been Waiting For: Facebook Responds to the First Set of Decisions

• Federal Court Agrees: Prosecutors Can’t Keep Forensic Evidence Secret from Defendants

• IT Security News Daily Summary 2021-02-26

• Announcing the 2021 Federal 100 Award winners

• Lawmakers, contractors look to extend COVID reimbursements to industry

• AI facial analysis is scientifically questionable. Should we be using it for border control?

• Air Force invests in high-speed satellite data

• Can 5G strengthen space-ground communications?

• Stalkerware Volumes Remain Concerningly High, Despite Bans

• Amazon Dismisses Claims Alexa ‘Skills’ Can Bypass Security Vetting Process

• HYAS Raises $16 Million to Hunt Adversary Infrastructure

• Facebook Might Include Facial Recognition Technology In Its Smart Glasses

• NSA Releases Guidance on Zero-Trust Architecture

• Um dia na vida de um analista SOC

• Evolução da cibersegurança: Uma breve linha do tempo

• Sete práticas de segurança cibernética que toda organização deveria implementar

• Review: SwitchEasy’s MagDoka and MagStand Add MagSafe Compatibility to iPhone 11 Models

• Minnesota and Arizona Bills Aim to Let Developers Skirt Apple’s In-App Purchase Rules

• Imperva pretty adamant that security analytics aggregator product Sonar is not ‘one dashboard to rule them all’

• The Edge Pro Tip: Fasten Your Seatbelts

• ‘Nerd’ Humor

• Threat Roundup for February 19 to February 26

• Google to Underwrite Contributors to Linux Security

• Defense in depth with Red Hat Insights

• Threat Groups Are Partnering to Fill Gaps

• Oxford University Covid-19 Research Lab Targeted by Hackers

• Proof-of-Concept for vCenter Vulnerability Released

• Hackers using malicious Firefox extension to phish Gmail credentials

• OPM cautions feds on marijuana use

• Lazarus Targets Defense Companies with ThreatNeedle Malware

• How stalkerware can threaten your safety and privacy, and how to avoid it

• Business travelers are still at home due to employee worries, the slow vaccine rollout and the patchwork of COVID-19 rules

• Meet the Vaccine Appointment Bots, and Their Foes

• BSides Calgary 2020 – David Lindner’s ‘So You Are Comparing A WAF And RASP?’

• XKCD ‘Exposure Models’

• Infrastructure Hygiene: Fixing Vulnerabilities

• MacRumors Giveaway: Win True Wireless Earbuds With Active Noise Cancellation From Aukey

• TikTok pays $92 million to end data theft lawsuit

• Educational Institutions Websites Found Vulnerable to Multiple Threats

• Critical Vulnerability In VMware Servers Being Scanned After PoC Exploit Release – Patch Now!

• FCW Insider: Feb. 26

• Chrome will soon try HTTPS first when you type an incomplete URL

• Chinese Threat Actor Uses Browser Extension to Hack Gmail Accounts

• USA Third Most Affected by Stalkerware

• Attackers Turn Struggling Software Projects Into Trojan Horses

• Securing Super Bowl LV

• Clubhouse’s Security and Privacy Lag Behind Its Huge Growth

• NSA Releases Guidance on Zero Trust Security Model

• Apple Music Launches New ‘Behind the Songs’ Hub Focusing on Songwriters and Producers

• Apple’s ‘Band of Brothers’ Sequel ‘Masters of Air’ to Star Austin Butler and Callum Turner

• Apple Glass may feature 3D Audio and Self-Cleaning in new patent

• Best VPN service in 2021: Safe and fast don’t come free

• Yeezy Fans Face Sneaker-Bot Armies for Boost ‘Sun’ Release

• 6 ways to prevent cybersecurity burnout

• Hackers Tied to Russia’s GRU Targeted the US Grid for Years

• Microsoft releases open-source CodeQL queries to assess Solorigate compromise

• Apple Says iOS 14 Now Installed on 86% of iPhones Introduced in Last Four Years

• Suing Trump Over the Capitol Riot: A Preliminary Assessment

• Former SolarWinds CEO grilled by lawmakers over security breach

• Twitter Confirms ‘Super Follow’ Option, For Paid Content

• 2021 X-Force Threat Intelligence Index Reveals Peril From Linux Malware, Spoofed Brands and COVID-19 Targeting

• Security Automation: The Future of Enterprise Defense

• Berlin resident jailed for threatening to bomb NHS hospital unless Bitcoin ransom was paid

• Malware Gangs Partner Up in Double-Punch Security Threat

• Healthcare security services firms tackle ransomware spike

• 5 steps to conduct network penetration testing

• FBI Investigating Michigan School District Hack

• Atos Acquires Two Cybersecurity Companies

• TAG Cyber Evaluation: Frontline Vulnerability Manager™

• Faster, Better, Safer – With Little Help of Web Application Security Testing Tools

• ‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It

• Deals: Take Up to $70 Off Brydge’s Keyboards for iPad and iPad Pro

• Apple Arcade February 2021 Roundup: ‘Lumen’ and ‘Survival Z’

• Npower shuts down app after hackers steal customer bank info

• Understanding IT Asset Lifecycle Management

• Nutanix makes its Cloud Platform Ransomware free

• Misconfigured Baby Monitors Can Allow Intruders To Spy On Your Baby

• From edge to core to cloud, part 2: What’s the practical application of a fully integrated infrastructure?

• Babuk Ransomware

• Security, Privacy Issues Found in Tens of COVID-19 Contact Tracing Apps

• After a Year of Quantum Advances, the Time to Protect Is Now

• Round Two Coming In Congressional Grilling Over SolarWinds

• Oxford Lab With COVID-19 Research Links Targeted By Hackers

• Old Foe Or New Enemy? Here’s How Researchers Handle APT Attribution

• Go Malware Is Now Common, Having Been Adopted By Both APT And E-Crime Groups

• Alpine’s Latest CarPlay Receiver Has a 9-Inch Display Hovering Over the Dashboard

• The Hidden Dangers in Your Company’s Email: What Is Email Compromise

• Does Sunburst Have Your Confidential Emails and Database Data?

• Airplane manufacturer Bombardier has disclosed a security breach, data leaked online

• Windows 10 ‘Sun Valley’ Promises Major Overhaul

• Kaiji Goes Through Update but Code Reuse Detects It

• The M140i project post – Part 14

• Another Creepy Case of Hackers Watching People in their Homes

• Fastest VPN in 2021

• Go malware is now common, having been adopted by both APTs and e-crime groups

• Protecting Sensitive Cardholder Data in Today’s Hyper-Connected World

• Podcast: Ransomware Attacks Exploded in Q4 2020

• Microsoft Releases Open Source Resources for Solorigate Threat Hunting

• Learning Tree International Named First (ISC)² Global Premier Partner

• Winners of Inaugural SBRC Cyber Community Awards Announced

• UK National Cyber Security Centre Issues Distance Learning Guide For Families

• Google Reveals Details of a Recently Patched Windows Flaw

• Pandemic Cyber Crime, By the Numbers

• Data Breach: Turkish legal advising company exposed over 15,000 clients

• Apple Rolls Out Device Repairability Scores in France

• AirPods Max in Silver Now Available to Ship on Amazon

• NPower Shutsdown App After Hackers Steal Customer Bank Info

• Hackers Break Into ‘Biochemical Systems’ At Oxford Uni Lab Studying Covid-19

• Five Solutions To The Information Security Skills Crisis

• What is XDR? Considering Its Features, Benefits, and Beyond

• Dutch Research Council Goes Offline After a Ransomware Attack

• Software Asset Management (SAM) Revisited – ITAM vs SAM and the Real Cost of High-Velocity Upscaling

• What is an IT Asset Management Tool?

• Quantum systems learn joint computing

• Survey & customers show big ROI from digital faxing

• (VIDEO) Getting Started With Duo – Step 1: Authentication Methods

• From Creativity to Exclusivity: The German Government’s Bad Deal for Article 17

• Survey Says: CISSP and CCSP Among the Most In Demand IT Certifications of 2021

• Oxford University lab with COVID-19 research links targeted by hackers

• TikTok Set for Massive $92m Payout Over Privacy Suit

• Security operations center, Part 2: Life of a SOC analyst

• Hackers are selling access to Biochemical systems at Oxford University Lab

• Twitter Announces Upcoming ‘Super Follow’ Feature to Let Users Charge Followers for Content

• Dutch Antitrust Watchdog Nears Draft Decision in App Store Probe

• IT Salary Survey 2021: The results are in

• Oxford University Confirms Hack Of Biology Lab Studying Covid-19

• February 2021 Web Server Survey

• Cybercrime groups are selling their hacking skills. Some countries are buying

• Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers

• Why your diversity and inclusion efforts should include neurodiverse workers

• Google looks at bypass in Chromium’s ASLR security defense, throws hands up, won’t patch garbage issue

• TikTok owner ByteDance to pay $92M in US privacy Settlement

• Unprotected Private Key Allows Remote Hacking of Rockwell Controllers

• North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

• Bill Gates Says His Preference for Android Over iPhone Comes Down to Pre-Installed Software

• Microsoft failed to fix known problems that could have prevented SolarWinds hack

• Edgescan partners with BSI to deliver safe and secure client solutions

• New US CISO appointments, February 2021

• CloudGuard secures your hybrid-cloud and enables 169% Return on Investment

• GitHub CSO pledges more security tools, features for developers

• Npower Ditches App After Credential Stuffing Attacks

• Chinese Hackers Target Tibetans with Malicious Firefox Extension

• 15,000 Clients Data Leaked Accidently by a Turkish Firm

• iPhone 12 Series Still Strong Despite Weaker Demand, Says JP Morgan Analyst

• Sequoia Capital Discloses Data Breach – Expert Insights

• The Ransomware Group Tactics which Maximise their Profitability

• Hackers break into an Oxford University Covid-19 laboratory

• Energy provider NPower hit by cyberattack

• Dutch Research Council experience ransomware attack

• The Lazarus Group Used Custom Malware to Target Defense Industry

• SCA: Online payments have never been so secure

• Australia Considers Online Safety Bill 2021 | Avast

• Six Alabamans Charged in $7m Virtual Schools Fraud

• David Birch Appointed Honorary President of EEMA

• Turkey Dog Activity Continues to use COVID Lures

• ALERT: Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

• Dutch Research Council (NWO) confirms DoppelPaymer ransomware attack

• Telegram Gains New Auto-Delete Options, Expiring Invite Links, and More

• Half a million stolen French medical records, drowned in feeble excuses

• TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

• Cisco Releases Security Patches for Critical Flaws Affecting its Products

• Understand Your Staff: How Insiders Shape Defenses

• SolarWinds APM Integrated Experience delivers a single platform for navigation across the APM portfolio

• Want your endpoint security product in the ‘Microsoft Consumer Antivirus Providers for Windows’ ?

• Researchers Find a Way to Learn What Users Type in Video Calling

• Security Budgets to See 2021 Increases, Survey Finds

• The state of stalkerware in 2020

• Anatomy of a Security Super Bowl Dynasty, Part 1: The Defense

• The rise of non-English language spear phishing emails

• Closing the data divide: How to create harmony among data scientists and privacy advocates

• Fresh Cyber Attack on Oxford University Laboratory

• Local mafia was behind cyber attacks on French Hospitals

• Attorney-General urged to produce facts on US law enforcement access to COVIDSafe

• Facebook ramps up fight against child abuse content

• One in four people use work passwords for consumer websites

• Massive rise in threats across expanding attack surfaces

• Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

• ENISA Releases Guidelines for Cloud Security for Healthcare Services

• Here’s How North Korean Hackers Stole Data From Isolated Network Segment

• Integrated Risk Management for Your Business

• ICS threat landscape highlights

• Application container market to grow steadily by 2026

• ISC Stormcast For Friday, February 26th, 2021 https://isc.sans.edu/podcastdetail.html?id=7390, (Fri, Feb 26th)

• Korean Report Says Kia Partnership With Apple Still Possible

• DeepCube’s suite of products drives enterprise adoption of deep learning

• Risky Business: Preparedness Lessons Learned from the Florida Water Plant Hack

• The head of Microsoft announced evidence of the involvement of Russian intelligence in the cyber attack

• Prisma SD-WAN: The New Face of CloudGenix

• Prisma Cloud and VM-Series Help Protect Oracle Cloud Infrastructure

• Apple Begins Selling Refurbished M1 Mac Mini

• xMatters simplifies a data-driven DevOps approach to incident resolution

• SentinelOne Singularity XDR Marketplace enables enterprises to ingest and action diverse data

• HPE Open RAN Solution Stack enables deployment of Open RAN in 5G networks

• Seagate LyveTM Cloud SaaS platform enables always-on mass capacity data storage and activation

• India’s demand to identify people on chat apps will ‘break end-to-end encryption’, say digital rights warriors

• So where did those Satori attacks come from?, (Thu, Feb 25th)

• Lunavi launches Azure Adoption Program aligned with the Microsoft Cloud Adoption Framework

• KIOXIA NVMe SSDs available on Supermicro PCIe 4.0 server and storage platforms

• Red Hat OpenShift 4.7 simplifies and accelerates application modernization

• ThreatConnect 6.1 improves collaboration between intelligence analysts and security operations

• No, 1,000 engineers were not needed for SolarWinds

• China-linked TA413 group target Tibetan organizations

• Apple Store at MacArthur Center in Virginia Permanently Closing Following Years of Safety Issues at Shopping Mall

• (ISC)² and Learning Tree expand security education curriculum

• Digital Guardian enhances connection with AWS through key initiatives and achievements

• Virginia’s Weak Privacy Bill Is Just What Big Tech Wants

• The SAFE Tech Act Wouldn’t Make the Internet Safer for Users

• DOL looks to roll back Trump’s exemption for religious orgs in contracting

• SQL Triggers in Website Backdoors

• Lawfare Live: Restoring Federal Government Ethics and the Rule of Law

• Carter Bullard joins CounterFlow AI as CTO

• Cobalt names Eric Brinkman as Chief Product Officer

• Security Compass Advisory Division re-established as a distinct business unit within the company

• AI Infrastructure Alliance brings together top technologists across the AI spectrum

• Interoperability Gains Support at House Hearing on Big Tech Competition

Generated on 2021-02-27 23:55:10.599158