IT Security News Daily Summary 2021-03-20

• A threat actor exploited 11 zero-day flaws in 2020 campaigns

• USENIX Enigma 2021 – Nicole Fern’s ‘Hardware: A Double-Edged Sword For Security’

• XKCD ‘Solar System Cartogram’

• USENIX Enigma 2021 – Kate Starbird’s ‘Online Rumors, Misinformation And Disinformation: The Perfect Storm Of COVID-19’

• USENIX Enigma 2021 – Sanghyun Hong’s ‘A Sound Mind In A Vulnerable Body: Practical Hardware Attacks On Deep Learning’

• Security checklist for using cryptocurrency in online casino transactions

• China Slams US Plan to Expel Phone Carriers in Tech Clash

• Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online

• PRODUCT REVIEW: GreatHorn Cloud Email Security Platform

• Latest F5 BIG-IP Bug Under Active Attack After PoC Exploit Posted Online

• Apple Fined $2 Million in Brazil for Selling iPhones Without Chargers

• Apple Discontinues 512GB and 1TB SSD Configurations of 4K 21.5-inch iMac

• Electronics Giant Acer Hit by $50 MIllion Ransomware Attack

• REvil ransomware gang hacked Acer and is demanding a $50 million ransom

• AT&T Cybersecurity announces 2021 ‘Partners of the Year Awards’ Winners

• A plea to small businesses: Improve your security maturity

• Deepfake cyberthreats – The next evolution

• Top Stories: iPad Pro With Thunderbolt?, Intel Mocks M1 Macs, iMac Pro Officially Discontinued

• Scammers Disguised as Tesco are Stealing Data Via Phone Scam, Warns Police

• A Homecoming Queen Was Arrested for Alleged Vote Hacking

• Some additional words on those SOC robots

• SolarWinds is a Dust Bowl Disaster of Modern Computing

• Descartes on AI: I Think, Therefore I Am… Not a Machine

• Apple Ordered to Pay $309 Million for Infringing DRM Patent

• Resident Evil 8 just the latest game plagued by fake demos and early access scams

• Chinese Hackers Attacking Telecommunications Industry to Steal 5G Secrets

• Lured into street prostitution: 19 arrests in latest hit against human traffickers

• ‘Build’ or ‘Buy’ your own antivirus product

• Insider Trading Threats on Dark Web

• Trust your surveillance? Why hacked cameras are very bad

• 7 steps to staying safe and secure on Twitter

• Week in security with Tony Anscombe

• Apple Partners With Restaurants to Offer Free Pizza in Celebration of ‘Servant’ Season 2 Finale

• Tim Cook, Craig Federighi, Phil Schiller and Scott Forstall to Testify in Epic v. Apple Trial

• A Russian IT expert said that home appliances threaten the security

• Integre o gerenciamento do ciclo de vida do certificado e aumente a segurança do seu ecossistema móvel

• AI Weekly: With RPA on the rise, security challenges remain

• Russian National pleads guilty to conspiracy to plant malware on Tesla systems

• EFF Joins Effort to Restrict Automated License Plate Readers in California

• IT Security News Daily Summary 2021-03-19

• PS5 phishing scam baits gamers with promise of free console

• New Malware Hidden in Apple IDE Targets macOS Developers

• Threat actors are attempting to exploit CVE-2021-22986 in F5 BIG-IP devices in the wild

• Report reveals the staggering scale of Business Email Compromise losses

• With RPA on the rise, security challenges remain

• Agency hacks could accelerate push to zero trust security model

• An ambitious cybersecurity strategy is just a starting point

• Critical F5 BIG-IP Flaw Now Under Active Attack

• Roll out IoT device certificates to boost network security

• A SpaceX Engineer’s Dark Web Insider Trading Sparks SEC First

• Nova vulnerabilidade no Cyberpunk 2077 pode se tornar uma porta de entrada para programas maliciosos

• Why Focusing on Container Runtimes Is the Most Critical Piece of Security for EKS Workloads?

• Apple Teams Up With FaZe Clan for Exclusive Powerbeats Pro

• Apple Stops Signing iOS 14.4 Following Release of iOS 14.4.1

• iMac Pro Officially Discontinued, Removed From Apple’s Site and No Longer Available for Purchase

• Lawfare Live: Qualified Immunity in the Federal Courts

• US charges Swiss hacker behind massive Verkada security camera hack

• 2021-03-19 – IcedID (Bokbot) infection

• Wisconsin gets UI modernization boost from 18F

• Choosing the right code for the job

• Sandia’s QSCOUT now open for business, other quantum news

• Verkada Attacker Charged With Wire Fraud, Conspiracy in US

• Threat Roundup for March 12 to March 19

• Review: Sonnet’s Latest eGPU Breakaway Pucks Give Your Intel Mac a Graphics Boost and Extra Connectivity

• Handy iPhone and iPad Shortcuts You Should Check Out

• VA announces ‘strategic review’ of $16B software program

• Office 365 Phishing Attack Targets Financial Execs

• How to use semanage and avoid disabling SELinux

• US Indicts Software Engineer

• Verkada Attacker Charged with Wire Fraud, Conspiracy in US

• Dirt Cheap DDoS for Hire, via D/TLS Amplification

• MacRumors Giveaway: Win an 11-Inch iPad Pro and Apple Pencil 2 From Amadine

• What could possibly go wrong? Sublet your home broadband to strangers who totally won’t commit crimes

• How Your Business Should Respond to Digital Transformation Cyberwar

• Fintech Giant Fiserv Used Unclaimed Domain

• Gang smuggling migrants via the Balkan route busted in Germany

• Fudo Security Sweeps Gold in the 2021 Cybersecurity Excellence Awards

• Is automated vulnerability scanning the best way to secure smart vehicles?

• What is network segmentation? NS best practices, requirements explained

• Stories from the SOC – DNS recon + exfiltration

• Using Client Certificates Vs Passwords and MFA for Authentication

• For states’ COVID contact tracing apps, privacy tops utility

• Google: Sophisticated APT Group Burned 11 Zero-Days in Mass Spying Operation

• Millions of sites could be hacked due to flaws in popular WordPress plugins

• Cybercrime has cost organisations and individuals over $ 4 billion in 2020

• How can SMEs stay secure into 2021 and beyond

• Cybercrime has cost organisations and individuals over $ 4 billion in 2020 – FBI Reports

• Announcing the winners of the 2020 GCP VRP Prize

• VMware acquires cloud security startup Mesh7

• FBI: Phishing Emails Are Spreading Trickbot Malware

• CopperStealer Malware Steals Google, Apple, Facebook Accounts

• Threat Actors Using Fake App Website to Infect Android Phones With BlackRock Trojan

• Zoom Screen Share Flaw Can Expose Information

• 15-Year-Old Bugs in Linux Kernel Still Vulnerable

• Scanning for Secrets in Source Code

• Bogus Android Clubhouse App Drops Credential-Swiping Malware

• Business email compromise scams proved costly to victims in 2020

• Russian Man Pleads Guilty to Role in Attempt to Plant Malware on Tesla Systems

• Serious Security: Mac “XcodeSpy” backdoor takes aim at Xcode devs

• APT31 Fingered for Cyber-Attack on Finnish Parliament

• Russian Man Pleads Guilty in Thwarted Tesla Hack

• SolarWinds-Linked Attackers Target Microsoft 365 Mailboxes

• Buy SSL Certificates -7 Simple Money-Saving Tips to Secure Your Website

• Expert Hackers Used 11 Zero Days To Infect Windows, iOS, And Android Users

• Swiss Hacker Indicted After Claiming Credit For Breaching Nissan, Intel

• Zoom Screen Sharing Glitch Briefly Leaks Sensitive Data

• Apple Devs Targeted By Malicious Xcode Project

• Deals: Pad & Quill’s Winter Clearance Sale Continues With Up to 50% Off Accessories for iPad, iPhone, and More

• Apple Music Scraps Personalized Artwork for Personal Radio Stations

• iPhone Production May Face Disruptions Due to OLED Display Chip Shortage

• Time for Answers About Those Intelligence Reports DHS Filed About Me

• The Legal Landscape of Ghost Guns and Potential Reforms

• A New Malware Is Stealing Google, Apple, and Facebook Accounts

• Xcode Developers Targeted with EggShell Backdoor by XcodeSpy Malware

• New Malware Targets iOS Developers in Supply-Chain Attack

• VMware Carbon Black Ranks Among Top 10 of 100 Cybersecurity Companies by the University of San Diego

• Does it keep COVID-19 out of buildings? Or is it really a facial recognition tool?

• CopperStealer Malware Targets Facebook and Instagram Business Accounts

• Microsoft Defender Antivirus Now Protects Users Against Ongoing Exchange Attacks

• Serious Security: Mac “supply chain” backdoor takes aim at Xcode devs

• Iranian Hacking Group Targets Several Middle East Companies Via Malicious Campaign

• How Us Shady Geeks Put Others Off Security

• CISO Talk: Healthcare and Cyber in a COVID-19 World

• iMac Pro is Out of Stock Again in U.S. After Being Discontinued

• iOS app developers targeted with trojanized Xcode project

• Ministry of Defence tells contractors not to answer certain UK census questions over security fears

• Europe Looks To Ease Red Tape For Start-Ups

• Protective Intelligence Honors Launched

• Insider Trading Threats on Dark Web and Underground Sources

• Phishing campaign masquerading Excel template in the html attachment

• Mozilla Pressures FCC To Restore Net Neutrality Rules

• SEC charges co-founders of bankrupt uBiome medical testing startup with operating $60m fraud

• Here’s How Security Flaws in GE Relays Could Be Exploited in Real World Attacks

• Facebook Paid Out $50K for Vulnerabilities Allowing Access to Internal Systems

• ESET Exposes Malware Disguised as Clubhouse App

• BEC Is 62 Times More Profitable than Ransomware, IC3 Finds

• Accurate and Reliable Threat Detection for your Security Program

• CISA and FBI warn of ongoing TrickBot attacks

• Automatically mitigate ProxyLogon, detect IoCs associated with SolarWinds attackers’ activities

• Facial recognition ID with a twist: Smiles, winks and other facial movements for access

• (VIDEO) Getting Started With Duo – Step 4: Setting Up an Application

• Multiple Travel Apps Found Exposing User Data Publicly

• Government’s ‘Project Gigabit’ Reveals First Rural Fibre Locations

• Burnt by SolarWinds attack? US releases tool for post-compromise detection

• Fraudsters jump on Clubhouse hype to push malicious Android app

• Here’s How Recently Patched GE Relay Flaws Could Be Exploited in Real World Attacks

• Russian Man Pleads Guilty in Tesla Extortion Plot

• Tesla Ransomware Hacker Pleads Guilty; Swiss Hacktivist Charged for Fraud

• Easy SMS Hijacking

• Facebook Is Developing a Version of Instagram for Children Under 13

• RAT Targets US Taxpayers – Experts Insight

• Secure Remote Monitoring – Why It Is Key In Fending Off Cyber-attacks

• Experts Reacted On Facebook Introduces Security Key Support On iOS And Android

• Application Security: Why Prevention Beats Remediation

• Want to be an ethical hacker? Take these cybersecurity courses

• Website Builders Take Hands-Off Approach to Fake News

• To share or not to share? Secrets behind the popular “share” button

• Tim Cook Calls for a ‘Durable and Hopeful Future For All’ in Wall Street Journal Op-Ed

• Job Seekers Turn To Hacking Forums

• For Achieving Solid Digital Identity

• Response Comment: Romance Scams Are Up From $475m In 2019 To $600m In 2020

• Cybercrime to cost over $10 Trillion by 2025

• The CSO guide to top security conferences, 2020

• Ryuk ransomware explained: A targeted, devastatingly effective attack

• Virtual Spaces: The Future of Events

• Netflix Warns Users About Password Sharing | Avast

• Microsoft Defender Antivirus now automatically mitigates Exchange Server vulnerabilities

• UK’s CEOs Commit to Cyber Spending After Pandemic

• New infosec products of the week: March 19, 2021

• In just $16, Hackers May Steal User Data Via SMS Attack

• Pastebin.com Used As a Simple C2 Channel, (Fri, Mar 19th)

• From Maidenhead to Morocco: In a change to the scheduled programming, we bring you The On Call of Dreams

• Want your endpoint security product in the ‘Microsoft Consumer Antivirus Providers for Windows’ ?

• Pentagon needs AI on each leadership level, panel says

• House task force digs into DOD supply chain vulnerabilities

• What cyber risks will Biden’s supply chain EO uncover?

• CMMC board preps for staff changes

• How JADC2, competition with China could spur DOD budget reform

• Hackers Infecting Apple App Developers With Trojanized Xcode Projects

• Post-Privacy Shield Guidance From French Court

• 3 Cybersecurity Goals for CISOs

• Millions of People Can Lose Sensitive Data through Travel Apps, Privacysavvy reports

• Encrypted phones biz Sky Global shuts up shop after CEO indictment, police raids on users in Europe

• New Cyber Insurance Guidelines for New York businesses

• Google Cloud announces $300,000+ prize money to winners

• Beware Android trojan posing as Clubhouse app

• FBI: Cybercrime losses topped US$4.2 billion in 2020

• New Zoom Screen-Sharing Bug Lets Other Users Access Restricted Apps

• Is Misinformation Slowing SASE Adoption?

• The benefits and challenges of passwordless authentication

• Crims with ties to Tesla and SpaceX cuffed for computerized conspiracies

• 5 Web Application Security Threats and 7 Measures to Protect Against Them

• ANAO finds two government departments inaccurately self-reported cyber compliance

• What are Smishing Attacks? How to Prevent Them?

• 3 in 4 companies have experienced account takeover attacks in the last year

• The democratization of the workplace through edge computing

• How can we prevent sophisticated document fraud in 2021?

• How to guarantee patient identification during a pandemic

• What is a security operations center (SOC)? Explaining the SOC framework

• Enterprise-Grade Mobility takes another step forward with new mobile security offers

• What is managed detection and response?

• Swiss security provocateur who leaked Intel secrets indicted by US authorities

• Cloud computing could prevent the emission of 1 billion metric tons of CO2

• New phishing campaign targets taxpayer credentials

• US Charges Swiss ‘Hacktivist’ for Data Theft and Leaks

• Kuo: Apple’s Mixed Reality Headset to Feature Eye Tracking System, Iris Recognition a Possibility

• ElcomSoft iOS Forensic Toolkit extracts data from Apple devices without a jailbreak

• Taliware launches Biombeat, an identity-management software developer toolkit

• Australian law enforcement used encryption laws 11 times last year

• ISC Stormcast For Friday, March 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7420, (Fri, Mar 19th)

• Stellar unveils enhanced mailbox database repair software for Microsoft Exchange Server

• Avaya Spaces: AI-enhanced meetings and simpler, integrated voice and video calling

• CyberGRX Auto Validation allows users to gain immediate insight into validation results

• Digital Guardian releases DLP policy packs for business communications and collaboration apps

• New macOS malware XcodeSpy found sneaking into spy on victims

• Crypto is what keeps your critical data secure. Governance is what makes it effective.

• Webee and Semtech simplify LoRaWAN connectivity for growing low-power IoT app market

• Synopsys launches IP solution for PCI Express 6.0

• Okera adds the ability to delegate data access policy management to the Okera Dynamic Access Platform

• 2021-03-17 – TA551 (Shathak) Italian template Word docs push Ursnif/Gozi/ISFB

• 2021-03-18 – Hancitor (Chanitor) activity (MAN1/Moskalvzapoe/TA511)

• FiVerity raises $2M to expand its cyber fraud detection and threat intelligence platform

• Cylera raises $10M to protect organizations against cyberattacks on IoT devices

• BlockApps partners with AWS to accelerate TraceHarvest network scalability

• Entrust and SYNNEX offer Entrust nShield HSMs and cybersececurity solutions across the US and Canada

• Top 20 Dockerfile Best Practices

• VMware acquires Mesh7 for cloud-native application security

• Tech Vendors’ Lack of Security Transparency Worries Firms

• Joy Of Tech® ‘A Chip Crisis’

• XcodeSpy Mac malware targets Xcode Developers with a backdoor

• Zuckerberg Now Claims Apple’s App Tracking Transparency Rules Could Benefit Facebook

• Virsec appoints Jim Routh as Chief Security Advisor

• Mark Potter joins Backblaze as CISO

• Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus

Generated on 2021-03-20 23:55:10.513858