IT Security News Daily Summary 2021-07-19

• The Pipeline Attack – Is Log Analysis Enough for Cybersecurity?

• Threat Hunting Frameworks and Methodologies: An Introductory Guide

• Lawmakers balk at cost-overruns, transparency issues with VA’s $21 billion health record program

• Unpatched iPhone Bug Allows Remote Device Takeover

• How to activate virtualization-based security and core isolation in Windows 10

• Balancing the benefits with the risks of emerging technology

• Don’t Wanna Pay Ransom Gangs? Test Your Backups.

• capa 2.0: Better, Faster, Stronger

• Apple Releases Safari 14.1.2 Update for macOS Catalina and macOS Mojave

• DACA Update: A Federal Judge Rules that DACA is Illegal, But Keeps Options Open

• US charges four suspected Chinese spies who coordinated APT40 hackers

• How to Monitor for Cryptomining in the Cloud

• Sharding Kafka for Increased Scale and Reliability

• Shlayer Malvertising Campaigns Still Using Flash Update Disguise

• Senior Software Engineer II Aparna Chaudhari Offers Advice for Women in Tech (and Pointers for Making the Industry More Inclusive)

• Rapid7 acquires threat intelligence platform IntSights for $335M

• Agencies ramp up ransomware defenses

• Connecticut pushes cybersecurity with offers of punitive damage protection

• Rapid7 buys outside-the-perimeter security firm IntSights for $335 million

• US charges members of APT40, Chinese state-sponsored group

• How Gaming Attack Data Aids Defenders Across Industries

• US Accuses China of Using Criminal Hackers in Cyber Espionage Operations

• White House Accuses China of Microsoft Exchange Attack

• US DoJ indicts four members of China-linked APT40 cyberespionage group

• iOS 14.7 Features: Everything New in iOS 14.7

• TurboTax-maker Intuit will leave free tax filing partnership with IRS

• Attivo Earns US DoD Contracts for Active Cyber & Deception Defense

• How China’s Hacking Entered a Reckless New Phase

• Coalition for App Fairness: Apple is Using Subpoenas to Punish Opponents by Prying Into Confidential Communications

• If the recent attack on Microsoft is Chinese Government State Sponsored, isn’t it time for a Cyber Geneva Convention?

• Remcos RAT delivered via Visual Basic

• Edge AI’s benefits bring ‘much higher’ security risks, says McAfee data scientist

• US and allies finger China in Microsoft Exchange hack

• NSO Group Spyware Used On Journalists & Activists Worldwide

• Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 338’

• Executive Order Update: NIST Establishes a Definition for Critical Software and Outlines Scan Requirements for Software Source Code

• BSides Vancouver 2021 – Vivek Ponnada’s ‘Is The Power Grid A Huge Cybersecurity Risk?’

• Cloudstar – IT provider for real estate, finance, insurance worlds – downed by ransomware

• Two (or More) Is Better Than One: Digital Twin Tech for Cybersecurity

• Threat modeling can protect data used by AI assistants

• Ruthless Attackers Target Florida Condo Collapse Victims

• US government formally names China in Exchange Server hack

• iOS 15: How to Create a Focus

• Juniper Patches Critical Third-Party Flaws Across Product Portfolio

• Apple Employees Continue to Fight Return to Campuses and Push for Better Remote Working Options

• 7 Ways to Effectively Secure Your eCommerce Store Today

• Protecting Phones From Pegasus-Like Spyware Attacks

• When Ransomware Comes to (Your) Town

• Experts disclose critical flaws in Advantech router monitoring tool

• Apple Releases iOS 14.7 With MagSafe Battery Support and Apple Card Family Credit Limit Combining

• Apple Music Spatial Audio and Lossless Quality Rolling Out in India

• Apple Seeds Second Release Candidate Version of macOS Big Sur 11.5 to Developers

• Hyper Releases Stackable GaN Chargers With Up to 1600W of Power From a Single Wall Outlet

• Apple Releases HomePod 14.7 Software With Support for Managing Timers From the Home App

• Google Patched Another Actively Exploited Chrome Zero-Day

• Keeping Your System Secure is Easier than Ever with LinuxSecurity Customized Advisories!>

• Singapore goes online in hunt for intelligence officers

• Apple Releases tvOS 14.7 for Apple TV HD and Apple TV 4K

• Apple Releases watchOS 7.6, Bringing ECG and Irregular Heart Rhythm Notifications to 30 New Regions

• Apple Releases iOS and iPadOS 14.7 With MagSafe Battery Support and Apple Card Family Credit Limit Combining

• The Jan. 6 Select Committee Isn’t Just a Formality

• Law firm for Ford, Boeing, Exxon, Marriott, Walgreens and more hacked in ransomware attack

• Cybersecurity Alliance of EU and NATO to Combat Chinese Attacks

• Enhanced BazarBackdoor Poses New Cybersecurity Risks

• Pegasus Scandal Shows Risk of Israel’s Spy-tech Diplomacy: Experts

• Collective Intelligence: Realities and Hardships of Crowdsourced Threat Intel

• The top 7 identity and access management risks

• Introducing Bounty Awards for Teams Mobile Applications Security Research

• FragAttacks: Everything You Need to Know

• $10M for Info on State-Sponsored Attacks on US Critical Infrastructure

• UK and White House blame China for Microsoft Exchange Server hack

• DOJ charges four members of Chinese government hacking group

• MITRE announces first evaluations of cybersecurity tools for industrial control systems

• More Airline Operators are Being Targeted by Cybercriminals

• Israeli Firm Accused of Developing Spyware Software

• Building Digital Trust with Machine Identity Management

• Top 7 Selection Criteria for Automated Bot Prevention Solutions

• The Power in a Good Pretext

• Richtlinienkonforme Authentifizierung durch Verhaltensbiometrie

• Practical solutions for a secure automotive software development process following ISO/SAE 21434

• Apple Adds New Products to Online Store, Including Linksys Velop Wi-Fi 6 Mesh Routers With HomeKit Support

• MITRE Engenuity launches ATT&CK Evaluations for ICS

• China blamed for Ransomware attacks on Microsoft Exchange Servers

• Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infections

• Candiru: Another Cyberweapons Arms Manufacturer

• GlobalFoundries touts U.S. chip manufacturing for supply chain and national security reasons

• Law Firm Campbell Conroy & O’Neil Discloses Ransomware Attack

• Romanian Cryptojacking Gang Target Linux-based Machines to Install Cryptominer Malware

• New Windows Print Spooler Vulnerability – CVE-2021-34481, (Mon, Jul 19th)

• UK And White House Blame China For Microsoft Exchange Server Hack

• Swedish Man Sentenced For Gold-Backed Cryptocurrency Scam

• Hackers Got Past Windows Hello By Tricking A Webcam

• Apple Warns Against Using Hydrogen Peroxide Disinfectants on Products

• Kaseya ransomware attack FAQ: What we know now

• UK, White House blame China for Microsoft Exchange Server hack

• Details Emerge on Iranian Railroad Cyberattack

• Cisco Discloses Details of Critical Advantech Router Tool Vulnerabilities

• Deals: Nomad Kicks Off New ‘Summer Vibes’ 30% Off Sitewide Sale

• Netflix password crackdown: why users should be arguing for stronger measures

• UK and chums call out Chinese Ministry of State Security for Hafnium Microsoft Exchange Server attacks

• Google Researchers Found Zero-Day Bugs In Safari, Chrome, and Internet Explorer

• New Phishing Campaign Spreads BazarBackdoor Malware Via Nested Archives

• Why You Should Always Conduct Application Security Testing

• Threat actor claims to have stolen 1 TB of data belonging to Saudi Aramco

• The new ransomware threat: triple extortion

• Combatting ransomware: a holistic approach

• How to Stop Spam Emails and Save Your Inbox

• Beware, crypto-scammer seeks foreigner with BLOCK CHAIN ACCOUNT

• U.S., Allies Officially Accuse China of Microsoft Exchange Attacks

• Breaking Down the Threat of Going All-In With Microsoft Security

• 7 Ways AI and ML Are Helping and Hurting Cybersecurity

• Photos of Apple’s New MagSafe Battery Pack Provide First Look at Thickness

• It’s time to get ahead of weaponised vulnerabilities

• Preparing for the ever-growing threat of ransomware

• StopRansomware.gov brings together information on stopping and surviving ransomware attacks

• Incedo Inc. Transforms Security Defenses and Becomes a Highly Resilient Organization with Check Point

• Researchers Warn of Linux Cryptojacking Attackers Operating from Romania

• Deals: Get AirPods Pro for $189.99 ($59 Off) and Regular AirPods for $119.99 ($39 Off) in Newest Sales

• iOS and Android Activations Now Split Evenly in the U.S., Research Shows

• “Candiru” Spyware Maker Exploits Patched Windows 0-Days & Selling Spyware to Attack iPhones, Androids, Macs, PCs

• Adopting OIDC Standard For MFA

• OPSWAT Acquires Industrial Cybersecurity Firm Bayshore Networks

• Israeli Firm Assisted Governments Target Journalists & Activists with Zero Days and Spyware

• Ransomware and the C-I-A Triad

• Trending: 4,500+ Cyber Pros Enroll in Free (ISC)2 Ransomware Course in Less Than a Month in Order to Fortify Their Preparedness and Response Skills

• FCW Insider: July 19, 2021

• Quick Hits: July 19, 2021

• UK blames China for Microsoft Exchange Server hack

• U.S. Government Releases Indictment and Several Advisories Detailing Chinese Cyber Threat Activity

• Review: Anker’s PowerWave Go 3-in-1 Stand Charges Your Apple Devices at Home and on the Go

• Amazon Rolled Out End-to-End Encryption For Ring Devices Globally

• Another Windows Print Spooler Bug Arrives After PrintNightmare Flaws

• Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department

• Chinese State-Sponsored Cyber Operations: Observed TTPs

• Pegasus Project – how governments use Pegasus spyware against journalists

• NATO and EU launch a cybersecurity alliance to confront Chinese cyberattacks

• U.S., allies accuse China of malicious cyber activities

• Ireland Joins EU Covid Travel Pass System After Ransomware Attack Delay

• Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely

• HelloKitty Ransomware Is Now Going After Vulnerable SonicWall Devices

• Why 10,000 gas stations may sue after Colonial Pipeline hack

• Ericsson Sees China Revenues Fall As Trade War Bites

• Amazon-Backed Rivian Delays First Electric Vehicles

• Windows 10 security: Here’s how researchers managed to fool Windows Hello

• NSO Group’s Pegasus spyware used against journalists, political activists worldwide: report

• Five Critical Password Security Rules Your Employees Are Ignoring

• There are new unpatched bugs in Windows Print Spooler

• A week in security (July 12 – July 18)

• Exploiting Wi-Fi Stack on Tesla Model S

• Tencent Keen Security Lab joins GENIVI Alliance

• Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars

• Tencent Security Keen Lab: Experimental Security Assessment of Mercedes-Benz Cars

• How long-term hybrid work is changing security strategies

• Cybersecurity salaries: What 8 top security jobs pay

• Silicon UK Podcast: How Much Technical Debt Does Your Business Have?

• US Adds Russian Cybersecurity Firms To Trade Blacklist

• China Launches ‘Reusable’ Sub-Orbital Space Vehicle

• TSMC Founder Warns Semiconductor Plans Could Fail

• With Safari Zero-Day Attacks, Russian SVR Hackers Targeted LinkedIn Users

• Thousands of PS4s Seized, Employed in Mining Cryptocurrency Illegally

• Pegasus Spyware Targets Phones of Journalists, Activists, and Politicians

• RansomEXX Ransomware Impacts Ecuador’s Corporación Nacional de Telecomunicaciones CNT

• Campbell Data Breach Leads to Private Information Exposure

• Israeli spyware used in hacking phones of activists, journalists globally

• Swedish man sentenced for gold-backed cryptocurrency scam

• Facebook fights Biden claim that social media is ‘killing people’ through anti-vax, COVID-19 misinformation spread

• 75% of Companies Spend as Much Time on False Positives as on Real Security Events

• ‘iPhone SE 3’ With A14 Bionic Chip and 5G Expected in First Half of 2022

• Apple TV+ Animated Shows Bag Three Daytime Emmys

• Consumer Data And Privacy | Avast

• Top 5 NCSC Cloud Security Principles for Compliance

• CISO Interview Series: How Aiming for the Sky Can Help Keep Your Organization Secure

• Experts show how to bypass Windows Hello feature to login on Windows 10 PCs

• “Seven or eight” zero-days: The failed race to fix Kaseya VSA, with Victor Gevers, Lock and Code S02E13

• Binance Pulls Digital ‘Stock Tokens’ After Crackdown

• Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability

• Report: Pegasus Spyware Sold to Governments Uses Zero-Click iMessage Exploit to Infect iPhones Running iOS 14.6

• Trying to register your antivirus in Windows Security Center?

• Cambridge Data Finds Bitcoin Miners Shifting Away From China

• Ericsson takes a thumping in Mainland China for second quarter

• The Second Wave of a Ransomware Pandemic

• Researcher Uncover Yet Another Unpatched Windows Printer Spooler Vulnerability

• Android users – do this now to protect yourself against hackers

• New Leak Reveals Abuse of Pegasus Spyware to Target Journalists Globally

• Cyber Games Offer Competitive Challenges

• Vaccinate your data: Addressing and adapting to new data risks

• Viral video shows Malaysian police destroying 1,069 bitcoin mining rigs with a steamroller

• Protect your smartphone from radio-based attacks

• SOC Second Defense Phase – Understanding the Cyber Threat Profiles

• Half of organizations are ineffective at countering phishing and ransomware threats

• Mobile Phones of Politicians, Journalists, and members of Royal Families were targeted by Israeli Malware

• Cyber scam targeted at owners of expensive Apple laptops

• Application security tools ineffective against new and growing threats

• How to balance employee IT security policies

• Short Édition – 505,466 breached accounts

• ISC Stormcast For Monday, July 19th, 2021 https://isc.sans.edu/podcastdetail.html?id=7590, (Mon, Jul 19th)

• Worldwide AIOps market size to grow steadily by 2027

• Outsourcing cloud management driven by increasingly complex IT environments

• Amnesty International and French media protection org claim massive misuse of NSO spyware

• Soracom Arc enables multiple IoT connections through a single management platform

• ShiftLeft Educate provides consistent and contextual training for developers of different skill levels

• Cleo Integration Cloud for Manufacturing enables manufacturers to confront market volatility

• 50,000 Phone Numbers Worldwide on List Linked to Israeli Spyware: Reports

• Virginia Tech Says it Was Targeted in 2 Recent Cyberattacks

• S3 Ep41: Crashing iPhones, PrintNightmares, and Code Red memories [Podcast]

• devolo launches three Magic 2 series adapters to boost internet connectivity

• Enea acquires AdaptiveMobile Security to strengthen its 5G network security portfolio

• Andi Mann joins Qumu as CTO

• IT Security News Daily Summary 2021-07-18

• What to expect for cybersecurity investment as we emerge from the pandemic

• White House Pressures Facebook To Remove Misinformation Quicker

• The Joy of Tech® ‘Facebook Is Panicking!’

• NASA Honors the 100th Anniversary of John Glenn’s Birth

• BSides Vancouver 2021 – Norm Chan’s ‘Understanding The Latest Mitre Att&Ck Evaluation Data’

• Israeli spyware used to target phones of journalists and activists, investigation finds

• Mimecast’s new AI tools protect against the sneakiest phishing attacks

• Why Your Security Strategy Needs to Think More About the Browser to stop Ransomware

• Giving Diplomacy a Chance in Yemen

• BSides Vancouver 2021 – Nivedita Murthy’s ‘DevSecOps: The Good, The Bad And The Ugly’

• THORChain Suffers $7.6 Million Loss in Latest DeFi Exploit

• Chinese government issues new vulnerability disclosure regulations

• iPhone 13 May Feature Apple Watch-Inspired Always-On Display

• Gurman: Redesigned MacBook Pros to Launch Between September and November

• Misconfigured AWS bucket exposed 421GB of Artwork Archive data

• Instagram implements ‘Security Checkup’ to help users recover compromised accounts

• Video: CyberChef BASE85 Decoding, (Sun, Jul 18th)

• Facebook says Iranian Hackers Targeted U.S. Military Personnel

• Telegram’s Encryption Protocol Detected with Vulnerabilities

• Security Affairs newsletter Round 323

• HelloKitty ransomware gang targets vulnerable SonicWall devices

• Week in review: 5 popular cybersecurity exploitation techniques, new issue of (IN)SECURE Magazine

• Penetration testing

• Multilingual Cybersecurity Awareness Training adapted for your needs

• By Fooling a Webcam, Hackers were Able to get Past Windows Hello

• NIST Has Come Out With Its Own Ransomware Guidance | #RansomwareWeek

• Experts: the volume of cryptocurrency fraud in the world has reached $1 billion in a year

• HUMAN BotGuard helps enterprise customers protect web and mobile apps from bot attacks

• Syngrafii launches iinked Seal capability for compliant remote online notarization

• Nasuni improves medical cloud file storage workloads by supporting AWS for Health initiative

• Mavenir deploys Open vRAN software in Deutsche Telekom O-RAN Town

• U.S. Army DEVCOM awards Ubiq Security with SBIR contract to improve encryption capabilities

• ID Technologies acquires Attila Security to strengthen its position as CSfC solution provider

Generated on 2021-07-19 23:55:23.252736