IT Security News Daily Summary 2021-04-24

• ToxicEye RAT exploits Telegram communications to steal data from victims

• Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux

• We Lost Dan Kaminsky Yesterday

• CPDP 2021 – Moderator: Ivan Szekely ‘Senior Academic Session’

• XKCD ‘Excel Lambda’

• CPDP 2021 – Moderator: Moderator: Frederik Zuiderveen Borgesius ‘Artificial Intelligence And Discrimination Risks In The Health Sector’

• CISOs must help their boards manage cyber risk — here’s how

• Discover Named a 2021 FutureEdge 50 Winner for Platform to Detect Data Anomalies in Real Time

• NTT Research Names Matthew Ireland Chief Information Security Officer

• Digital transformation moves application security to the top of mind list!

• ToxicEye RAT hits Telegram app to spy, steal user data

• Security Researcher Dan Kaminsky Passes Away

• Base64 Hashes Used in Web Scanning, (Sat, Apr 24th)

• ‘Sysrv’ – New Crypto-Mining Botnet is Silently Expanding it’s Reach

• Security News In Review: Ryuk Ransomware Gets a Makeover

• Signal’s Founder Hacked a Notorious Phone-Cracking Device

• Top Stories: Apple Event Recap With New iMac, AirTag, iPad Pro, Apple TV, and More

• Experts have warned of a cyberattack on Facebook Messenger users

• Enterprises need to change passwords following ClickStudios, Passwordstate attack

• ToxicEye: Trojan Abuses Telegram to Steal Data

• Magic Authentication and Authorisation

• Bitcoin Sinks Below the $50,000 Mark

• Ransomware Attack by REvil on Apple, Demands $50 Million

• Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs

• Is AI as Dangerous as Nuclear Tech?

• Elevate SASE Security for Remote Locations With Free Micro-Credentials

• ‘Build’ or ‘Buy’ your own antivirus product

• A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

• Instagram rolls out new features to help prevent cyberbullying

• Week in security with Tony Anscombe

• CORRECTING and REPLACING Axonius Secures Contract to Support DHS CDM for Group F Federal Agencies

• Advanced mobile protection through the AlienApp for MobileIron

• QR Codes Popularity May Abused to Deliver Malware and Banking Heists

• Poetry of #DontDropTheMic

• 2021-04-23 – IcedID (Bokbot) infection from zipped JS file

• Hacker gang “REvil” tries to extort Apple for $50 million after stealing files

• Web Application Pen Testing Steps, Methods, and Tools

• Imperva: Bad bots polluting web traffic pose security risks to websites

• The Account Takeover Threat: A By-the-Numbers Breakdown

• How to Use Apple TV’s iPhone-Based Color Balance Feature

• Canada’s Attempt to Regulate Sexual Content Online Ignores Technical and Historical Realities

• IT Security News Daily Summary 2021-04-23

• Google Argentina domain bought by a random citizen for $5

• AI Weekly: MIT aims to reconcile data sharing with EU AI regulations

• Using AI and data to make decisions faster

• Window Snyder Launches Startup to Fill IoT Security Gaps

• CPDP 2021 – Moderator: Ronald Leenes ‘Academic Session On The Covid-19 Crisis’

• Security Catalyst Office Hours Recap for April 23, 2021

• Application-Aware Protection Vs. Conventional Security Protection

• Apple Began Preparing for AirTag Regulatory Approval Nearly Two Years Ago

• NitroRansomware Demands Gift Codes As Ransom

• VMware Carbon Black Delivers High-Fidelity Insight at Every Step of MITRE Engenuity ATT&CK® Evaluation

• DARPA-funded fabric protects against chemical, biologic threats

• Beacons alert app users of nearby hazards

• Lawmakers consider options for better climate data sharing

• CISA issues warning on exploited VPN flaw

• Oscar-Bait, Literally: Hackers Abuse Nominated Films for Phishing, Malware

• 4 attributes key to network-as-a-service model

• Insider Data Leaks: A Growing Enterprise Threat

• Password Manager Suffers ‘Supply Chain’ Attack

• Cybersecurity Controls Every Organization Needs in 2021

• Prometei botnet uses NSA exploit, hits unpatched MS exchange servers

• Californian Charged with Cyberstalking Teenage Boys

• Apple Launches Employee Program for COVID-19 Vaccinations

• Alibaba Is Fined; Other Tech Companies Are Put on Notice

• Protection Gaps in Public Law Governing Cyberspace: Israel’s High Court’s Decision on Government-Initiated Takedown Requests

• The Biden Administration’s Impending Executive Order on Software Security

• 5 Fundamental But Effective IoT Device Security Controls

• Prometei Botnet Could Fire Up APT-Style Attacks

• Love in a time of quarantine can be costly

• Tor-Based Linux Botnet Abuses IaC Tools to Spread

• Apple AirDrop has “significant privacy leak”, say German researchers

• Palo Alto Networks Tightens Integration with Asset Discovery Tool

• Deals: U.S. Carriers Offer Savings on Apple’s New Purple iPhone 12

• Apple Seeds First Betas of iOS and iPadOS 14.6 to Public Beta Testers

• Axis of REvil: What we know about the hacker collective taunting Apple

• Casey’s General Stores Announces Security and Retail Leader Paul Suarez Joins Company as Chief Information Security Officer

• Cybersecurity Association of Maryland, Inc. Further Strengthens Board of Directors and Advisory Council

• Lessons learned from building an inventory of systems

• Netacea: Stolen identity sales in criminal marketplace up 250% since 2019

• US Cyber Games Launches Cyber Open and Combine

• Here’s a Quick Look at Pros and Cons of ‘Cookies’ in Terms of Browsing Experience

• KnowBe4 Issues IPO to Drive Global Expansion, New Automation Features

• New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

• AirTags Available for Purchase on Amazon, Best Buy and More

• Bugs Opened John Deere Tractor Owners Up To Doxing

• Ready, Set, Go! Rapid Cloud Adoption Risks Leaving Businesses In A Post-whirlwind Slump

• Major Cyber Attacks that took place so far in 2021

• 3 Companies that Help SMBs to Improve Their Cybersecurity

• You Should Be Automating Your Data Flow Map

• 2020 Witnessed a Massive Surge in Healthcare Breaches

• How Zero Trust Can Help Close the Cybersecurity Skills Gap

• Tackling the endpoint security hype: Can endpoints actually self-heal?

• Business and operations leaders are building digital trust through partnerships

• Zoom Is 16th CVE Numbering Authority Appointed in 2021

• GCHQ Director: The UK and Allies Must Counter “Existential Threat” to the Digital Environment

• US: Ireland Is a Target for Cyber-Criminals

• Creating Users Through Automation – Integromat Integration Tutorial

• Trend Micro Transforms Channel Program to Advance Cloud Security and Services

• 7 Types of Phishing: How to Recognize Them & Stay Off the Hook

• China Silently Hacked Gov’t and Defense for a Year or More

• Perception Point Raises $28 Million in Series B Funding to Advance Messaging and Collaboration Protection for Enterprise Users

• Apple TV+ Announces Docuseries ‘1971: The Year That Music Changed Everything’

• Expert Commentary: Prometei Botnet Exploits Exchange Server Bugs to Grow

• QNAP Removes Backdoor Account in NAS Backup

• IPS Solution Quality Guidelines: What to Look for in an IPS Solution

• Zero-Knowledge, Zero Trust for All With Keeper Security and Duo

• EFF and ACLU Ask Supreme Court to Review Case Against Warrantless Searches of International Travelers’ Phones and Laptops

• Axis of REvil: Inside the hacker collective taunting Apple

• BrandPost: A Healthy Boost: Hospital Uses Managed Services to Bolster Security

• BrandPost: How to Properly Vet a Security Service Provider

• Using VMware Tanzu with ONTAP to accelerate your Kubernetes journey

• Health Care Ransomware Strains Have Hospitals in the Crosshairs

• pharming

• stream cipher

• New QNAP NAS Flaws Exploited In Recent Ransomware Attacks – Patch It!

• The Cyber Security Buffs: March 2021 Edition

• Practical Steps for Fixing Flaws and Creating Fewer Vulnerabilities

• Reporting Live From Collision Conference 2021: Part Two!

• MI5 Tries To Change Image By Opening Up Instagram Account

• Ransomware Is Growing At An Alarming Rate, Warns GCHQ Chief

• Taiwan Authorities Look Into Apple Supplier Hack

• Malware Operators Use TLS 46% Of The Time When Detected

• What to Know if You Plan to Travel Abroad With AirTags

• FIDO Alliance IoT Onboarding – Industry Onboarding

• 90-Year-Old Woman falls victim to ‘largest phone scam ever’

• Microsoft Exchange Servers Used To Mine Cryptocurrency

• Signal Exposes Major Cellebrite Vulnerabilities

• SUPERNOVA malware discovered on SolarWinds Orion server

• China could ‘control the global operating system’ of tech, warns UK spy chief

• Ransomware is growing at an alarming rate, warns GCHQ chief

• Files on QNAP NAS Devices Encrypted in Qlocker Ransomware Attacks

• New Initiative to Protect U.S. Electrical Grid From Cyberattacks: Feedback Friday

• Tell Us the Truth: Why Do You LOVE Passwords?

• SOC 2 Attestation Tips for SaaS Companies

• AirTag Shipping Estimates Already Slipping Into May

• New 12.9-inch iPad Pro Not Compatible With Older Magic Keyboard

• A Multilateral Surveillance Accord: Setting the Table

• A Large Majority of IT Pros are Concerned with Teleworking Endpoint Misuse

• Services Australia Fined for Violating the Privacy of a Vulnerable Customer

• Sunsetting CVR but keeping the collaboration

• DISA’s key players

• Can DISA’s CBII make DOD telework more secure?

• A single platform for the Fourth Estate

• The Defense Information Systems Agency: Overview

• REvil’s Big Apple Ransomware Gambit Looks to Pay Off

• Apple AirDrop Flaws Could Let Hackers Grab Users’ Phone Numbers and Email Addresses

• ISC Stormcast For Friday, April 23rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7470, (Fri, Apr 23rd)

• AirTags and Purple iPhone 12 Models Now Available for Purchase

• Deals: All-Time Low Prices Hit Apple’s M1 MacBook Pro and MacBook Air Notebooks (Up to $149 Off)

• Kuo: Apple Still on Track to Release Mixed Reality Headset Next Year

• CISA Identifies SUPERNOVA Malware During Incident Response – Experts Insight

• The skills to propel your team’s cyber security defense

• Patchstack Protects The Web With Community

• China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors

• Damaging Week For Apple, Google In Senate Hearings

• Post Office Slammed After Convictions Overturned

• Google Released Chrome 90 With The Fixes Of Zero-Day Flaw – Update Your Chrome Immediately

• Apple’s Ransomware Mess Is the Future of Online Extortion

• Spotify Set to Rival Apple Podcasts Subscriptions With New Service That Won’t Charge Content Creators

• Researchers Discover AirDrop Security Flaw That Could Expose Personal Data to Strangers

• REvil: What we know about the hacker group that’s holding Apple’s data hostage

• How to choose the best VPN for you

• Artificial Intelligence ban slammed for failing to address “vast abuse potential”

• Secure Software Engineering Habits

• AWS Security Groups Basics

• Don’t Forget: A Checklist for Offboarding Remote Employees Securely

• 3 cloud architecture mistakes we all make, but shouldn’t

• Moving Targets – the Growing Threat to Enterprise Mobiles

• Perception Point Raises $28 Million Grow Collaboration Protection Platform

• Ransomware Qlocker Encrypts QNAP Devices with 7Zip

• Remote Debuggers as an Attack Vector

• Ransomware by the numbers: Reassessing the threat’s global impact

• Tesla ‘Easily Tricked’ Into Driving Without Driver, Consumer Reports Finds

• Understanding OAuth and Web-API Security with Matthias Biehl

• ToxicEye: Trojan abuses Telegram platform to steal your data

• Ransomware’s perfect target: Why one industry needs to improve cybersecurity, before it’s too late

• TLS-Encrypted Malware Volumes Double in Just Months

• Lockdown Hotel Bookings at Risk Due to DMARC Fail

• Last Chance for Forensics Teams Ahead of Emotet Sunday Deadline

• 228 arrests after 70 000 individuals checked across Europe to tackle mobile criminality

• Trend Micro Flaw Being Actively Exploited

• The Future of Service Management in the DevOps Era

• Malware and Ransomware Gangs Use TLS to Cover Their Tracks

• Twitter Sends Out Suspicious Emails

• Best Practices for Securing Modern Applications

• GCHQ: West faces “moment of reckoning”

• TikTok Sued Over Data Collection of Minors | Avast

• Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers

• When a Ripple Becomes a Wave: Cyberattack Fallout

• Darkside Ransomware gang aims at influencing the stock price of their victims

• Evil Maid Attack – Vacuum Hack

• Want your endpoint security product in the ‘Microsoft Consumer Antivirus Providers for Windows’ ?

• Codecov cyber attack could emerge as another Solarwinds Hack

• Britain a Cyber Power and a Big Animal in Digital World

• How to deal with slow internet?

• King Island connectivity upgrade to include 110km radio link across Bass Strait

• AirDrop flaws could leak phone numbers, email addresses

• Logins for 1.3 million Windows Remote Desktop Servers Leaked by UAS

• Weekly Update 240

• Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion

• Ninth Circuit Says Demand for Cyberinsurance Payment not a “Claim”

• Malicious PowerPoint Add-On: “Small Is Beautiful”, (Fri, Apr 23rd)

• Apple’s Online Store Goes Down to Prepare for AirTag and Purple iPhone 12 Orders

• Transitioning to a SASE architecture

• Security research project: The easiest way to get “experience” and land a job in cybersecurity

• ClearVoice Surveys – 15,074,786 breached accounts

• ERI’s David Hirschler Shares Updates and Insights on COVID-19’s Effects on Electronic Recycling with Environmental Council of States

• IBM X-Force: Ransomware Was the Preferred Attack Method in 2020

• Customer Spotlight: Managing Uploads to Non-Traditional Applications

• Twitter accidentally spams users asking them to confirm accounts

• COVID-19 creates a boom in biometric adoption

• What IT leaders are prioritizing in network security investments?

• New infosec products of the week: April 23, 2021

• Deep Instinct Raises $100 Million in Series D Funding Round

• Remote work increasing the growth rate of the EDR market

• Trends and technologies that are helping supply chains respond, recover and thrive during pandemic

• Hacked Android phones mimicked connected TV products for fake ad views

• Tech giants and cops at least agree thwarting terrorist or extremist activity is a joint effort

• Varada helps security teams deliver faster time-to-insights on exabytes of data directly on the data lake

• Zerto data protection offers backup and disaster recovery for hybrid and native AWS deployments

• Options empowers Murex MX.3 through its enterprise-grade SaaS-enabled managed apps platform

• IBM Watson helps businesses develop trustworthy AI and mitigate risk

• Supernova Malware Actors Masqueraded as Remote Workers to Access Breached Network

Generated on 2021-04-24 23:55:10.391918