IT Security News Daily Summary 2021-03-13

• Exploits on Organizations Worldwide Tripled after Microsoft’s Revelation of Four Zero-days

• BSides Huntsville 2021 – Joanna Burkey’s ‘Keynote – Cybersecurity As An Ecosystem’

• Retrieve Process Run-time Architecture on Apple Silicon Macs On The Command Line with `archinfo`

• Experts found three new 15-year-old bugs in a Linux kernel module

• “Hacker Games” launched to challenge and improve cybersecurity skills

• Pathlock Raises $20 Million to Grow Data Access Control Platform

• Metrolinx Piloting Apple Pay on Toronto’s UP Express, Working to Expand to TTC

• Apple Promotes iPhone 12 ‘Ceramic Shield’ Display In New ‘Cook’ Ad

• Stories from the SOC – Beaconing Activity

• 5 Cybersecurity concerns surrounding the COVID vaccine

• Quantifying CyberRisk- Solving the riddle

• Cybersecurity and online gaming: Don’t be a victim

• What is an incident response plan? Reviewing common IR templates, methodologies

• Security News in Review: Microsoft Exchange Server Hack “Doubling” Every Two Hours; Linux Foundation Creates New Software Signing Service

• Serverless and PaaS Security with CloudPassage Halo

• Russian military-industrial complex announced a ban on the use of WhatsApp and Zoom for work

• Updates on Microsoft Exchange Server Vulnerabilities

• MAR-10329107-1.v1: China Chopper Webshell

• MAR-10329297-1.v1: China Chopper Webshell

• MAR-10329298-1.v1: China Chopper Webshell

• MAR-10329301-1.v1: China Chopper Webshell

• MAR-10329494-1.v1: China Chopper Webshell

• Beverge Manufacturer Molson Coors Targeted in Cyber Attack

• Hackers Accessed Security Cameras Inside Tesla and Beyond

• The fire in the OVH datacenter also impacted APTs and cybercrime groups

• Top Stories: Apple Event Rumored for March 23, iMac Pro and HomePod Discontinued, and More

• How to Export Your Passwords From LastPass

• Despite Hacks, US Not Seeking Widened Domestic Surveillance

• New variant for Mac Malware XCSSET compiled for M1 Chips

• Cutwail Botnet-Led Dridex and Malicious PowerShell Related Attacks, Increase with new Scripts

• CompTIA Security Certification Prep — Lifetime Access for just $30

• ‘Build’ or ‘Buy’ your own antivirus product

• Several Americans Affected by Netgain Ransomware Attack

• Week in security with Tony Anscombe

• Weekly Update 234

• Liker – 465,141 breached accounts

• Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild

• Huawei Listed Anew as Threat to US National Security

• Apple Discontinues Full-Sized HomePod to Focus on HomePod Mini

• What is SIEM? And How Does it Work?

• Apple Discontinuing Full-Sized HomePod to Focus on HomePod Mini

• Anatomy of a Security Super Bowl Dynasty, Part 3: Special Teams and Coaching

• FBI warns deepfakes could be the next major cyber threat

• 2021-03-12 – Quick post: IcedID malware/artifacts

• DearCry ransomware impacting Microsoft Exchange servers

• Friday Squid Blogging: On SQUIDS

• Deals: Brydge Discounting Collection of iPad Keyboards by Up to $70

• Cybersecurity firm warns of potential ransomware attack in the near future

• Protecting on-premises Exchange Servers against recent attacks

• Google’s OSS-Fuzz extends fuzzing to Java apps

• Best antivirus software in 2021

• Netflix’s Password-Sharing Crackdown Has a Silver Lining

• IT Security News Daily Summary 2021-03-12

• New ransomware strain exploits Microsoft Exchange security flaw

• Windows-Only 7-Zip now Available for Linux

• Diving into DevSecOps w/ John Willis

• DARPA developing AI into a mission-critical partner

• DARPA seeks AI assistants to help with complex tasks

• REvil Group Claims Slew of Ransomware Attacks

• Critical Security Hole Can Knock Smart Meters Offline

• US Moves Closer to Retaliation Over Hacking as Cyber Woes Grow

• WSJ: Microsoft Probing Possible PoC Exploit Code Leak

• Contemplating the Coffee Supply Chain: A Horror Story

• Microsoft Exchange Server Attacks: 9 Lessons for Defenders

• Threat Roundup for March 5 to March 12

• Exchange Week 2 – Ransomware Joins The Fray

• Microsoft DHCP Logs Shipped to ELK, (Fri, Mar 12th)

• PC Games ‘Tokyo 42’ and ‘Ancestors Legacy’ Now Available on iOS Through GameClub

• Qualcomm Struggling to Keep Up With Processor Demand and Shortages Could Impact Samsung

• Google emits data-leaking proof-of-concept Spectre exploit for Intel CPUs to really get everyone’s attention

• New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor

• House task force digs into DOD supply chain vulnerabilities

• Europol Credits Sweeping Arrests to Cracked Sky ECC Comms

• Can a Programming Language Reduce Vulnerabilities?

• 10,000+ WeLeakInfo customer records leaked

• Apple Prototyped a Jet Black iPhone X

• Cypersecurity firm Mandiant warns of additional ransomware attacks

• New bill looks to centralize CISA’s role in ICS threat response

• Sewage-testing robots process wastewater faster to predict COVID-19 outbreaks sooner

• OSINT Data Collection: You Still Need Humans, but Automation is Well Worth the Investment

• Don’t Let Data-Stealing Leprechauns Snatch Your Pot of Gold

• Pepsi Docuseries ‘The Jet’ Coming to Apple TV+

• MacRumors Giveaway: Win an Explorer 500 Portable Power Station From Jackery

• Next-Generation Apple Silicon MacBooks Expected to Drive Record-Breaking Mac Shipments This Year

• Adobe Says Photoshop on M1 Runs 50% Faster Than 2019 Intel-Based MacBook

• Upcoming AirPods 3 Redesign Shown Off in New Images

• How Should the U.S. Respond to the SolarWinds and Microsoft Exchange Hacks?

• No, Florida Can’t Regulate Online Speech

• Seattle and Portland: Say No to Public-Private Surveillance Networks

• Ransomware is targeting vulnerable Microsoft Exchange servers

• DearCry Ransomware Makes its Debut

• CISA Reports That No Federal Civilian Agency Hacked in Exchange Attacks

• Brazil’s National Data Protection Authority (ANPD) Announces Strategy, Begins Investigation to Combat Two Large Data Leaks

• Exploits on Organizations Worldwide Tripled every Two Hours after Microsoft’s Revelation of Four Zero-days

• Biden signs Rescue bill, boosting TMF and adding pandemic leave for feds

• A Bird-Feed Seller Beat a Chess Master. Then It Got Ugly

• Test Post

• Cheaper, Ad-Supported HBO Max Subscription Launching in June

• 150,000 Verkada security cameras hacked—to make a point

• No sign of Exchange-related ransomware hitting UK orgs, claims NCSC as it urges admins to scan for compromises

• Hackers dropping DearCry ransomware using Exchange Server exploit

• Metamorfo Banking Trojan Abuses AutoHotKey to Avoid Detection

• CEOs express strong optimism for global growth this year

• Apple Sues Employee for Stealing Trade Secrets

• Utah Company Stored Passport Scans on Unsecured Server

• Settlement Reached Over Data Breach Impacting 24 Million Americans

• 150,000 Verkada Cams Hacked, but it Gets Worse

• AirPods Max Firmware Update Appears to Fix Smart Case Battery Drain Issues

• 2021 Cybersecurity Outlook: Attackers vs. Defenders

• Microsoft Exchange Exploits Pave a Ransomware Path

• Android: How to quickly block spam SMS

• Mac Malware ‘XCSSET’ Adapted for Devices With M1 Chips

• NCSC: Install Latest Microsoft Exchange Server Updates Urgently

• Understanding Accellion’s FTA Appliance Compromise, DEWMODE, and Its Supply Chain Impact

• iPhone 13 Models Will ‘Likely’ Have Touch ID Under the Display

• West Ham supporters have data leaked by club website

• What Is Email Fraud Protection (EFP)?

• Microsoft Exchange Servers targeted by DearCry Ransomware

• Cable Modems & Security

• The Cybersecurity Trends Affecting the Market in 2021

• What Companies Are Doing to Up Their Data Security in 2021

• LinearB, which brings contextual metrics to software development project management, raises $16M

• Molson Coors Cracks Open a Cyberattack Investigation

• Power Equipment: A New Cybersecurity Frontier

• Microsoft Reports ‘DearCry’ Ransomware Targeting Exchange Servers

• Cyber News Rundown: Phishing Targets NHS Regulatory Commission

• With Spectre Still Lurking, Google Looks to Protect the Web

• Microsoft Says Ransom Hackers Taking Advantage Of Server Flaws

• Proven Leaker Says New AirPods Ready to Ship, New 12.9-Inch iPad Pro Will Likely Outsell 11-Inch Model

• Deals: Amazon Opens Up New Apple Watch Sale, Starting at $259.00 for 40mm Apple Watch SE ($20 Off)

• Disney World MagicBand Support Coming to iPhone and Apple Watch

• France, Cyber Operations and Sovereignty: The ‘Purist’ Approach to Sovereignty and Contradictory State Practice

• Molson Coors Production Stopped Following a Cyberattack

• Business Email Security Contributes to Business Stability – Find Out Why

• Thousands of Patients Affected by New Hampshire Hospital Data Breach

• The Security Checklist for Designing Asset Management System Architectures

• Microsoft Exchange: Patching Too Late If Already Compromised

• Loose SPF, DKIM, DMARC, and ARC Settings Sabotage Security

• LinearB, which bring contextual metrics to software development project management, raises $16M

• Okta invests in, partners with Immuta to secure cloud analytics

• Ransomware Operators Start Targeting Microsoft Exchange Vulnerabilities

• Netflix Introduces Measures to Prevent Password Sharing

• Securing industrial networks: What is ISA/IEC 62443?

• Internet disruption in Russia coincided with the introduction of restrictions

• Fastway Couriers suffers data breach

• Internet providers aid Home Office in web-spying

• COVID-19 Testing Service Exposes 50,000 Patients’ Personal Info on The Web

• Tsao vs. Captiva: “Risk of Identity Theft” Theory Rejected

• A Spectre proof-of-concept for a Spectre-proof web

• FBI warns deep fakes could be the next big cyber threat

• Sir Tim Berners-Lee Warns Too Many Young People Lack Web Access

• Best security key in 2021

• Breach Exposes Data of 200K Health System Staff, Patients

• Ryuk Ransomware Hits Spain’s Employment Agency

• A Bug in iPhone Call Recording App Exposed Clients Data

• Experts Reaction On Home Office Tests Web-Spying Powers With Help Of UK Internet Firms

• What Are BEC Attacks?

• (VIDEO) Getting Started With Duo – Step 3: Admin Dashboard & Device Insight

• Yseop now tells you what percentage of a financial report can be generated automatically

• FCW Insider: March 12, 2021

• Cyber Insurance Firm Cowbell Raises $20 Million

• SailPoint Appoints Heather Gantt-Evans as New CISO

• You Need a Password Manager. Here Are the Best Ones

• Molson Coors hit by suspected ransomware attack

• What is Mimikatz?

• New Initial Access Tool ‘NimzaLoader’ Spreads via Phishing Emails

• Cybersecurity Predictions for 2021 from the (ISC)² Community of Security Professionals (Part 3)

• Netflix Tests Crackdown On Password Sharing

• The 5 Best and Secure Facial Recognition Tools

• Security Trends And Emerging Technologies That A CISO Should Adopt In 2021

• Uber, Lyft to share data on drivers banned for sexual, physical assault

• Darkside 2.0 Ransomware Promises Fastest Ever Encryption Speeds

• Researchers warn of a surge in cyber attacks against Microsoft Exchange

• Developing a Strong Security Posture in the Era of Remote Work

• Netflix to trial restrictions on password sharing

• University Cyberattacks Justify the Incorporation of Higher Education in Critical Infrastructure Bill

• OVH Hints UPS Cause Of Data Centre Fire

• Netflix wants to stop you sharing your password

• Microsoft Exchange attacks: Watch out for this new ransomware threat to unpatched servers

• The future of data privacy: confidential computing, quantum safe cryptography take center stage

• Microsoft Patch Tuesday, March 2021 Edition

• Molson Coors Suffers Suspected Ransomware Attack

• Encrypted Comms Firm Denies Police Cracked User Messages

• Apple takes serious measures in action against zero-click exploits in iOS

• Google Touts Chrome 89 Memory Savings That ‘Keep Your Mac Cooler’ While Browsing

• This Is How The World Ends – Whistleblowing First So We Understand WHY!

• Fake Icon Delivers NanoCore Trojan – Experts Perspectives

• F5 Urges Customers To Patch Critical Big-IP Pre-auth RCE Bug

• 4 Examples of Data Encryption Software to Consider for Your Enterprise

• BitSight Observations Into HAFNIUM Attacks, Part Two

• Sextortion attacks are on the rise in the UK

• Security Recruiter Directory

• FISMA basics: What federal agencies and contractors need to know

• Hackers Breach Thousands of Security Cameras | Avast

• Microsoft Exchange Server hacks ‘doubling’ every two hours

• Everything you need to know about the Microsoft Exchange Server hack

• “Hacker Games” Launched to Encourage Development of Secure Coding Skills

• Researchers Spotted Malware Written in Nim Programming Language

• Good old malware for the new Apple Silicon platform

• Apple Pay Promo Offers Up to 50% on Meal Plan Delivery Services

• Original Film ‘Cherry’ Out Now on Apple TV+, Starring Tom Holland

• Researchers Found RedXOR Malware Linked to Chinese Hackers

• Exploits on Organizations Worldwide Doubling every Two Hours after Microsoft’s Revelation of Four Zero-days

• Norway Parliament, Storting, Hit by a Microsoft Exchange Cyber Attack

• Hackers Are Targeting Microsoft Exchange Servers With Ransomware

• 4 Security Awareness Training Trends

• Malspam campaign uses icon files to delivers NanoCore RAT

• Want your endpoint security product in the ‘Microsoft Consumer Antivirus Providers for Windows’ ?

• Borderline Unreasonable Electronic Device Searches

• Why SaaS Security Is So Hard

• New Browser Attack Allows Tracking Users Online With JavaScript Disabled

• Two new ways backup can protect enterprise SaaS data

• Cyber secure your Smart Phone by doing so

• Ransomware Cyber Attack on Molson Coors

• Sex in the digital era: How secure are smart sex toys?

• Rise in remote work leads to increase in IT security gaps

• Compromised devices and data protection: Be prepared or else

• Data Privacy Management Firm DataGrail Raises $30 Million

• Most IT pros manage different versions of the same database

• Can private data be recovered from “sanitized” images?

• Secure Coding Challenges Faced by Every Software Developer in 2021

• ISC Stormcast For Friday, March 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7410, (Fri, Mar 12th)

• Deep Instinct launches performance guarantee and ransomware insurance up to $3 million

• Avatier for ServiceNow adds unified, passwordless approach to IAM with SSO

• Effectual Managed DevOps Platform optimized for AWS Cloud

• Innodisk InnoBTS SSD integrates blockchain technology into a single storage device

• EclecticIQ expands MSSP offering through ACDS partnership

• CloudLinux KernelCare patching service can be deployed with Microsoft

• Police shut down illegal video streaming app Mobdro with 100M users

• University ‘hacks’ as a justification to include the sector in Critical Infrastructure Bill

• F5 Networks Urges Customers to Update to New Versions of Its App Delivery Tech

• T-Mobile Aiming to Cover 90% of Americans With ‘Ultra Capacity 5G’ By 2023

• Accenture acquires Imaginea to enhance global cloud first capabilities

• Tausight raises $20M to protect clinical workflows

• Hackers compromised Microsoft Exchange servers at the EU Banking Regulator EBA

• UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

• 3 SaaS Backup Rules to Keep Your Data Safer in 2021

• Apple fixes CVE-2021-1844 RCE that affects iOS, macOS, watchOS, and Safari

• Microsoft’s GitHub under fire after disappearing proof-of-concept exploit for critical Microsoft Exchange vuln

• Network Pivots, Patch Bypasses: Exploits Hit Hard in 2020

• Former Employees Explain What Facebook Has to Lose When Apple Implements App Tracking Transparency

• DNSFilter expands leadership team with new appointments

• DataRobot names Dan Wright as CEO

• Retrain.ai raises $13M to help workers reskill and upskill for better jobs

• Critics fume after Github removes exploit code for Exchange vulnerabilities

Generated on 2021-03-13 23:55:10.128042