IT Security News Daily Summary 2021-08-07

• XKCD ‘Forest Walk’

• Security BSides Athens 2021 – Talk 12: Mert Coskuner’s ‘Running An AppSec Program In An Agile Environment’

• CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

• Detecting Cobalt Strike: Cybercrime Attacks

• Telegram Bug in Mac Allows User To Save Secret Chats

• Several Critical Flaws Detected in Las Vegas’s Leading Casinos

• Security BSides Athens 2021 – Talk 11: Evangelos Nikolaou’s & Vasilis Sikkis’ ‘Automating Red Team Infrastructure Using Overlord’

• Fewer than 10% of People are Confident about their Data Security on Social Media, According to Survey from PCI Pal

• Versa Networks Named Hot Startup to Watch in 2021 Big50 Startup Report Recognizing the Top Startups in Tech

• aeSolutions Industrial Cybersecurity Division, aeCyberSolutions Acquired by Deloitte

• Altada Technology Solutions Appoints Denis Canty as Chief Technology Officer

• The Role of Culture in Compliance

• When it comes to security, all software is ‘critical’ software

• ¿Qué es el cryptojacking? ¿Cómo evitarlo?

• Anton and The Great XDR Debate, Part 1

• Security News in Review: Zero Trust, The Government, and You

• Microsoft Edge’s ‘Super Duper Secure Mode’ Does What It Says

• Top Stories: Magic Keyboard With Touch ID, New MacBook Pro and Apple Watches Incoming, and More

• Apple’s neuralMatch tool will scan iPhones for child abuse content

• CISA Partners with Leading Technology Providers for New Cybersecurity Initiative

• Inadequate Payment Leads the Affiliate to Leak the Ransomware Gang’s Technical Manual

• New DNS Flaw Enables ‘Nation-State Level Spying’ on Companies

• All the Ways Spotify Tracks You—and How to Stop It

• AI Wrote Better Phishing Emails Than Humans in a Recent Test

• ‘Build’ or ‘Buy’ your own antivirus product

• Weekly Update 255

• SOC Third Defense Phase – Understanding Your Organization Assets

• RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE

• 2021 Gartner®: Market Guide for Cloud Workload Protection Platforms

• Relevance Requires More than Just Paying Attention

• Koo, Indian Twitter Alternative, Found Vulnerable to Critical Worm Attacks

• 2021-07 – Traffic Analysis Exercise – Dualrunning

• Anatomy of native IIS malware

• IIStealer: A server‑side threat to e‑commerce transactions

• Black Hat 2021: Wanted posters for ransomware slingers

• Black Hat 2021: Lessons from a lawyer

• Week in security with Tony Anscombe

• Elastic enables deeper search experience insights with Kibana visualizations

• Code42 Incydr can now differentiate between personal and corporate cloud application uploads

• #DEFCON: Ransomware Moves from Nuisance to Scourge

• (ISC)² recognizes and celebrates annual and lifetime achievements in the field of cybersecurity

• Trend Micro: 80% of global orgs anticipate customer data breach in the next year

• RansomEXX ransomware leaks files stolen from Italian luxury brand Zegna

• Chris Finn joins Forrester as CFO

• Crosspoint invests in ReversingLabs to scale its sales and marketing efforts

• New study examines privacy and security perceptions of online education proctoring services

• WekaIO expands executive team with the appointment of Amit Pandey and Jonathan Martin

• Tech Rights Are Workers’ Rights: Doordash Edition

• Unintended Risks Of Apple Child Protection Features | Avast

• New guidance on vaccines and COVID testing for feds and contractors

• Amazon GDPR fine signals expansion of regulatory focus

• FragAttacks Foil 2 Decades of Wireless Security

• IT Security News Daily Summary 2021-08-06

• XLSM Malware with MacroSheets

• Apple’s search for child abuse imagery raises serious privacy questions

• For improved cybersecurity, cyber hygiene has to start at the endpoint

• Is bitcoin safe? How to secure your bitcoin wallet

• Squid Dog Toy

• Congratulations to the MSRC 2021 Most Valuable Security Researchers!

• This Week in Security News – August 6, 2021

• NYC explores blockchain to reduce deed fraud

• CISA’s launches joint cyber defense effort

• Golang Cryptomining Worm Offers 15% Speed Boost

• Disney Employees Among Those Arrested in Child Abuse Sting

• #DEFCON: A Bad eBook Can Take Over Your Kindle (or Worse)

• Protect Against BlackMatter Ransomware Before It’s Offered

• iOS 15 Privacy Guide: Private Relay, Hide My Email, Mail Privacy Protection, App Reports and More

• People of JumpCloud | Nicole Bushong

• 9 Reasons Why Everyone Should Use a VPN

• Is Blockchain Secure?

• Apple Arcade Surpasses 200 Games

• The Future of Cybersecurity? Just One Word: Automation

• All your DNS were belong to us: AWS and Google Cloud shut down spying vulnerability

• How Email Service Vendors Can Help Individuals Protect Themselves from Phishing Attempts

• Amazon Kindle Vulnerable to Malicious EBooks

• IT Management Solutions protects its clients with Webroot® Business Endpoint Protection

• The Joy of Tech® ‘NYU? No Data For You!’

• Why Cloud storage Has Supplanted Standard Storage Methods

• Security BSides Athens 2021 – Talk 10: Rodolpho Concurde’s ‘Fuzzing: Finding Your Own Bugs And 0days!’

• This Captcha Patent Is An All-American Nightmare

• Why Companies Keep Folding to Copyright Pressure, Even If They Shouldn’t

• Unpatched Bugs in Mitsubishi Safety PLCs Let Hackers Perform Remote Attacks

• US Imprisons Drone Whistleblower

• MacRumors Giveaway: Win a Leather Briefcase and Set of AirTag Holders From Saddleback Leather Co.

• Apple Won’t Have to Pay $309M After Judge Accuses Patent Troll of Abusing System to Fleece Tech Companies

• What to do when your business has been hacked

• Threat Detection Provider ReversingLabs Raises $56 Million

• Apple’s M1 silicon brings new challenges for malware defenders

• Data Breach at University of Kentucky

• Spanish, French and Dutch Languages Added to Security Awareness Training

• Inconsistent job coding may undercut DOD’s cyber workforce efforts

• Ivanti Releases Security Update for Pulse Connect Secure

• Apple Addresses CSAM Detection Concerns, Will Consider Expanding System on Per-Country Basis

• Strategic Command to lead EMS training effort

• Ivanti Releases Security Update for Pulse Connect Secure

• Passwordless Protection: The Next Step in Zero Trust

• Security BSides Athens 2021 – Talk 9: James Spiteri’s ‘Purple Teaming With Elastic Security And Prelude Operator’

• NYC’s $200 Million “Suicide Machine” Closed Again After 4th Tragedy

• Norsk Hyrdo’s hack highlights need for supply chain cybersecurity

• ‘DeadRinger’ Reveals Pervasive Cyber Espionage Campaign

• US Army Veteran Arrested for Being Black While Touring House for Sale

• Why National Security Agencies Must Analyze Climate Risks

• Making the Joint Cyber Defense Collaborative Work

• From basic text to streaming 4K movies: A brief history of the World Wide Web

• 5 Steps to Creating a Cyber Security Roadmap

• Someone pubished Conti ransomware gang’s sensitive insider data online

• White House Executive Order – Improving Detection of Cybersecurity Vulnerabilities

• Critical Cisco Bug in VPN Routers Allows Remote Takeover

• Facebook Updates Its Privacy Settings Yet Again

• Amazon Fined With EUR 746 Million By Luxembourg Over Data Protection

• Security Flaw in AWS S3 Possess Security Threat for Business Organizations

• Crime-as-a-Service Makes Advanced Phishing Attacks Easier For Amateurs

• Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN

• Spotify Pauses Plans to Add AirPlay 2 Support to iOS App for the ‘Foreseeable Future’

• Insider threat to Corporate Networks through LockBit Ransomware

• Spend Wisely (Not Just More) to Become Cyber Resilient

• Developers, DevOps, and cybersecurity: The top tech talent employers are looking for now

• Researchers Call for ‘CVE’ Approach for Cloud Vulnerabilities

• VMware Patches Severe Vulnerability in Workspace ONE Access, Identity Manager

• New DNS Attack Enables ‘Nation-State Level Spying’ via Domain Registration

• Security Researcher Discovers Serious Flaw in Chromium, Bags $15,000 Reward

• 1-15 July 2021 Cyber Attacks Timeline

• Amazon Delays Office Return Until 2022

• Angry Affiliate Leaks Conti Ransomware Gang Playbook

• Zoom Settlement: An $85M Business Case for Security Investment

• Phishing continues to target big businesses and exploit COVID-19 fears in Q2 2021

• Amazon Kindle flaws could have allowed attackers to control the device

• Black Hat 2021: Microsoft Wins Worst of Pwnie Awards

• Pulse Secure Releases Security Update for Pulse Secure Connect

• Apple to Scan Every Device for Child Abuse Content — But Experts Fear for Privacy

• Deals: Apple’s AirPods With Wireless Charging Case Hit New Low Price of $129.98 ($69 Off)

• Southeast Asian Telecommunications Firms Targeted by APT Attacks

• Edge’s Super Duper Secure Mode benchmarked: How much speed would you trade for security?

• Conti ransomware affiliate goes rogue, leaks “gang data”

• Recap: Black Hat USA 2021

• Deals: Verizon Has New Siri Remote for $49.97 ($9 Off), Apple Pencil 2 for $103.99, and More

• Critical Code Execution Vulnerability Patched in Pulse Connect Secure

• Choosing the Best MFA Approach: Device-Based vs Application-Level Multi-Factor Authentication

• Black Hat: BadAlloc Bugs Expose Millions Of IoT Devices To Hijack

• MacOS Flaw In Telegram Retrieves Deleted Messages

• South Korea To Test Grenade Launching Drones

• Apple Plans To Scan US iPhones For Child Sexual Abuse Images

• StarHub Suffers Data Breach, But Says No System Was Compromised

• DNS vulnerability allows for ‘nation-state level spying’

• Researchers Perform An Analysis on Chinese Malware Used Against Russian Government

• Legacy IT: Saving money by holding onto old tech is costing us all billions

• HTTP/2 Implementation Errors Exposing Websites to Serious Risks

• Apple Suppliers Struggling to Hire Enough Workers Ahead of iPhone 13 Launch

• FTC warns of phishing scams over unemployment benefits

• CISA Launches the Joint Cyber Defense Collaborative (JCDC)

• Prometheus TDS – Underground Service Distributing Several Malware Families

• L’importance de l’analyse comportementale dans la cybersécurité de votre entreprise

• Black Hat USA 2021 Recap:

• New Category of DNS Vulnerabilities Impacts Numerous DNSaaS Platforms

• How to Spot and Prevent Apple ID Phishing Scams

• Apple Intends to Scan U.S. iPhones for Images of Child Abuse

• Critical Vulnerabilities Found in macOS Privacy Protections

• Conti Leak Indicators – What to block, in your SOC….

• Privacy Whistleblower Edward Snowden and EFF Slam Apple’s Plans to Scan Messages and iCloud Images

• Conti Affiliate Leaks the Attack Playbook of the Ransomware Gang

• Cybersecurity Leaders: Think in Business Terms

• Virgin Galactic Prices Spaceflight Tickets at $450,000 Per Seat

• Black Hat: How cybersecurity incidents can become legal minefields

• StarHub suffers data breach, but says no system was compromised

• Black Hat: BadAlloc bugs expose millions of IoT devices to hijack

• Washington D.C. and Singapore top the list for 10 best cities for cybersecurity experts

• Analysis of ICS Exploits Can Help Defenders Prioritize Vulnerability Remediation

• Apple Announces New Machine Learning-led Child Safety Features

• Spanish botnet attacked Russian companies

• Using “Master Faces” to Bypass Face-Recognition Authenticating Systems

• BrandPost: How to Implement Secure Configurations Faster Than Ever

• CISA unveils Joint Cyber Defense Collaborative with tech heavyweights as first private partners

• CISA partners with Amazon, Google, Microsoft and others to fight Ransomware

• Apple To Scan US iPhones For Child Abuse Images

• Amazon Kindle Vulnerabilities could have led Threat Actors to Device Control and Information Theft

• 14 Flaws in NicheStack Leave PLCs, OT Controllers Vulnerable

• Dark Web Scanner, the tool that checks if your email has been hacked

• New Amazon Kindle Bug Could’ve Let Attackers Hijack Your eBook Reader

• VMware addresses critical flaws in its products

• Patch bypass flaw in Pulse Secure VPNs can lead to total compromise (CVE-2021-22937)

• Linux Blackmatter Ransomware Variant Poses a Threat to VMware ESXi Servers

• Digital Guardian Delivers Enterprise Data Loss Prevention for Microsoft Teams

• The CSO guide to top security conferences, 2021

• 17 cybersecurity startups to watch

• FCW Insider: Aug. 6, 2021

• ‘Sophisticated Group’ Behind Alaska Cyberattack, Agency Says

• Millions of Senior Citizens’ Personal Data Exposed by Misconfiguration

• First Apple Store in India Delayed Due to Global Health Crisis

• Latest Cobalt Strike Vulnerability Allows Takedown of Hacker Servers

• Chrome 92 Update by Google Patches 10 High Severity Vulnerabilities

• Chinese Webdav-O Virus Attacked Russian Federal Agencies

• Coinbase Users Can Now Buy Crypto Assets Using Apple Pay

• India’s Koo, a Twitter-like Service, Found Vulnerable to Critical Worm Attacks

• Apple TV+ Dark Comedy ‘Physical’ Renewed for Second Season

• Want your endpoint security product in the ‘Microsoft Consumer Antivirus Providers for Windows’ ?

• TenSec 2019

• Exploiting Wi-Fi Stack on Tesla Model S

• Tencent Keen Security Lab joins GENIVI Alliance

• Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars

• Tencent Security Keen Lab: Experimental Security Assessment of Mercedes-Benz Cars

• VMware Issues Patches to Fix Critical Bugs Affecting Multiple Products

• The Human Touch in Identity Verification

• Apple Cash Instant Transfer Now Works With Mastercard Debit Cards

• BlackMatter ransomware also targets VMware ESXi servers

• Deloitte acquires industrial Cybersecurity solution provider aeCyberSolutions

• Conti Ransomware gang plans leaked by hacker

• Chipotle Marketing Emails Hijacked to Spread Malware | Avast

• South Korea to test grenade-launching drones

• Supply Chain Security – Not As Easy As it Looks

• New infosec products of the week: August 6, 2021

• August 2021 Patch Tuesday forecast: Dealing with emergency patching

• Microsoft wonders if disabling just-in-time compilation of JavaScript improves browser security

• Demystifying cybersecurity with a more human-centric approach

• White House backs senators pushing for stricter crypto reporting rules

• Can the public cloud become confidential?

• FireEye Reports Financial Results for Second Quarter 2021

• Spyware: What It Is, How It Works, and How to Prevent It

• How real-time computing can sound the kill chain alarm

• America enlists Big Tech to help it develop and execute cyber security plans

• Increasing speed of vulnerability scans ultimately increases security fixes overall

• How Social Norms Can Be Exploited by Scammers on Social Media

• CyberCops program: ROTC students as future cybersecurity gatekeepers

• USA enlists Big Tech to help it develop and execute cyber security plans

• ThreatX API Catalog enables enterprises to reduce risk and protect critical APIs

• Why cloud security is the key to unlocking value from hybrid working

• Is your personal information being abused?

• IronNet Cybersecurity expands support for detecting cyber attacks in Microsoft Azure

• #BHUSA: DHS Chief: ‘We are Competing for the Future of Cyberspace’

• CISA Launches JCDC, the Joint Cyber Defense Collaborative

• Varada 3.0 delivers elastic scaling without sacrificing the power of indexing

• #BHUSA: Researchers Reveal DBREACH as New Attack Against Databases

• Ransomware 101: How to Keep Your Business Safe From the Latest Trend in Cybercrime

• The August IronNet Threat Intelligence Brief

• Israeli Government Finally Decides To Start Looking Into NSO Group And Its Customers

• US ‘dropped the ball’ on security by going it alone claims Huawei US CSO

• #BHUSA: Windows Hello Passwordless Bypass Revealed

• Black Hat: New CISA Head Woos Crowd With Public-Private Task Force

• Options partners with Packets2Disk to provide monitoring and business analytics solution

Generated on 2021-08-07 23:55:25.994276