IT Security News Daily Summary 2022-03-08

• With Mandiant, Google can challenge Microsoft’s security dominance

• How states can streamline broadband grant administration

• Water, power utilities, hospitals get free access to zero-trust tools

• Utah inches closer to becoming fourth state to pass privacy law

• Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday

• SAP Patches Critical Security Flaws in Monitoring Solutions

• Even ‘Perfect’ APIs Can Be Abused

• SAP Releases March 2022 Security Updates

• Google TAG: Russia, Belarus-linked APTs targeted Ukraine

• Access:7 Supply Chain Flaws Impact ATMs, Medical, IoT devices

• Microsoft March 2022 Patch Tuesday: 71 vulnerabilities fixed

• Patch Tuesday: Microsoft Fixes Multiple Code Execution Flaws

• FBI finds Ragnar Locker hit 52 U.S. critical infrastructure targets

• “Dirty Pipe” Linux kernel bug lets anyone write to any file

• What should we do about ‘systemic’ cyber risks? But wait, what even are those

• How to Give Your Apple Devices a Cybersecurity Review

• McAfee Teammates Share How They’ll Help #BreakTheBias this International Women’s Day

• White House reminds agencies to adopt NIST’s software supply chain security framework

• Native American health agencies struggled to access federal data amid pandemic

• Rave Mobile Safety Sees 12th Consecutive Year of Revenue Growth

• What should we do about ‘systemic’ cyber risks? First, what even are those…

• Bitwarden vs 1Password: Compare Top Password Managers

• Security Industry Association Reveals the 2022 Women in Security Forum Power 100 List

• Dark Reading Reflects on International Women’s Day

• Microsoft Releases March 2022 Security Updates

• Access:7 flaws impact +150 device models from over 100 manufacturers

• March 2022 Patch Tuesday: Microsoft fixes RCEs in RDP client, Exchange Server

• What should we do about ‘systemic’ cybersecurity risks? First, what are those…

• Mandiant has ‘more exciting’ future with Google than Microsoft, analyst says

• A new rule aims to boost Biden’s ‘Made in America’ program

• Insurance policies may tighten amid U.S.-Russia tensions, cyber pros warn

• Ermetic Launches New Synergia Global Channel Partner Program

• Within hours of the Log4j flaw being revealed, these hackers were using it

• Chronicles Of Mandiant: Google put a ring on it

• Researchers uncover vulnerabilities in APC Smart-UPS devices

• Google to Buy Mandiant, Aims to Automate Security Response

• FBI Releases Indicators of Compromise for RagnarLocker Ransomware

• Mozilla Releases Security Updates for Firefox and Firefox ESR

• New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices

• CISA urges to fix actively exploited Firefox zero-days by March 21

• The Seizure of A Russian Merchant Vessel Raises Questions About Neutrality

• U.S. Cyber Command’s Annual Legal Conference

• Guidance for CVE-2022-23278 spoofing in Microsoft Defender for Endpoint

• IT security is at crisis point – so what are you going to do about it?

• Cybersleuths probe what makes a cyber risk ‘systemic’

• Rivian Sued By Shareholder, Alleging Misleading IPO Data

• Pactera Edge tackles challenges in digital fraud protection

• More rules for IT radicals

• Adobe Patches ‘Critical’ Security Flaws in Illustrator, After Effects

• “Dirty Pipe” Linux kernel bug lets anyone to write to any file

• Oklahoma Hospital Data Breach Impacts 92,000 People

• Prison for Man Who Scammed US Government to Buy Pokémon Card

• Russia, China May Be Coordinating Cyber Attacks: SaaS Security Firm

• Google to Acquire Mandiant; EDR Acquisition Next?

• CISA Releases Security Advisory on PTC Axeda Agent and Desktop Server

• 2.5 million-plus cybersecurity jobs are open—women can fill them

• Anonymous Hacks Russian State TV Stations

• Intel’s Mobileye Files For IPO

• Similarities and Difference Between Ransomware and DDoS Extortion Attacks

• How Ivanti hopes to redefine cybersecurity with AI

• Best crypto wallet 2022: Secure your cryptocurrency

• What If Trump Were Still the President?

• The Open App Markets Bill Moves Out of the Senate Judiciary Committee

• Google to acquire cybersecurity company Mandiant for $5.4 billion

• DoS Attackers are Employing ‘TCP Middlebox Reflection’ to Knock Websites Offline

• IsaacWiper, The Third Wiper Spotted Since the Beginning of The Russian Invasion

• Coalition Named to Fast Company’s Annual List of the World’s Most Innovative Companies for 2022

• Igniting Adoption of a Secure Software Development Lifecycle – A Guide for Secure Software Champions

• Google to buy security firm Mandiant for $5.4 billion

• Attackers can Exploit Dirty Pipe Linux Vulnerability to Overwrite Data

• security identifier (SID)

• States use road sensors to combat treacherous ‘tire carcasses’

• Okta, Airbnb, Zendesk, Asana and Snap join Whistic in forming cybersecurity consortium

• Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure

• The Uncertain Future of IT Automation

• U.S. State Governments Targeted by Chinese Hackers via Zero-Day in Agriculture Tool

• Webinar Today: Protect the Software Supply Chain, Eliminate Risks in Code

• Medical, IoT Devices From Many Manufacturers Affected by ‘Access:7’ Vulnerabilities

• #DSbD: Embrace Change and Collaboration to Revolutionize Cybersecurity

• Google to Acquire Mandiant

• Chinese Spies Hacked a Livestock App to Breach US State Networks

• Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

• The Media Environment and Domestic Public Opinion in China Toward Russia’s War On Ukraine

• Google buys threat intel giant Mandiant for $5.4bn

• Google WAF Circumvented Via Oversized POST Requests

• Google To Acquire Mandiant For $5.4 Billion

• Why You Need a Diversity and Inclusion Program in Cybersecurity

• Bug in the Linux Kernel Allows Privilege Escalation, Container Escape

• 8 More Women in Security You May Not Know but Should

• 7 Essentials for More Security-Aware Design Automation

• Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks

• AutoWarp: Critical Cross-Account Vulnerability In Microsoft Azure Automation Service

• Phishing Attempts From FancyBear And Ghostwriter Stepping Up

• 7 Vulnerabilities Patched In Axeda IIoT Remote Mgmt Tool

• Russia Mulls Legalizing Software Piracy As It’s Cut Off From Western Tech

• Linux Has Been Bitten By Its Most High Severity Bug In Years

• The Rules Don’t Apply To Me: Addressing The Cultural Aspect Of Cyber Security

• Meet PCI compliance with credit card tokenization

• Google buys threat intel firm Mandiant for $5.4bn

• New RURansom Wiper Targets Russia

• IT professionals plan to adopt passwordless technology, according to ESG report

• Axonius, which brings asset visibility to complex IT environments, raises $200M

• Google to acquire cybersecurity company Mandiant for $5.4B

• The rise of confidential blockchains

• FBI warns: This ransomware group has gone after critical infrastructure firms again and again

• Palo Alto: More than 100,000 infusion pumps vulnerable to 2 vulnerabilities

• Cloud computing: Microsoft fixes Azure flaw that could have allowed access to other accounts

• 1Password review: Pretty close to perfect

• Android’s March 2022 Security Updates Patch 39 Vulnerabilities

• Millions of APC Smart UPS Devices Can Be Remotely Hacked, Damaged

• CISA Urges Organizations to Patch Recent Firefox Zero-Days

• Breaking the Bias for International Women’s Day 2022

• War Is Calling Crypto’s ‘Neutrality’ Into Question

• Samsung Confirms Data Breach After Hackers Leak Galaxy Source Code

• Google Buys Cybersecurity Firm Mandiant for $5.4 Billion

• Why I Joined Cisco

• Experts Reactions On Samsung Data Breach

• Patch Tuesday March 2022 – Microsoft Releases Fixes for 21 Common Vulnerabilities

• The Dilemma of Defense in Depth

• Decade-Old Critical Vulnerabilities Might Affect Infusion Pumps

• Samsung Admits Hackers Stole Source Code

• Ukraine’s CERT-UA warns of phishing attacks against Ukrainian citizens

• Using Radar to Read Body Language

• TLStorm: Armis finds Three Critical Zero-Days in APC Smart-UPS devices that could impact over 7 in 10 organisations worldwide

• Hive Ransomware Gang Impacts Rompetrol Gas Station Network

• Ragnar Locker Ransomware Breached 52 US Critical Infrastructure Organizations

• Axonius Valued at $2.6 Billion After New $200 Million Funding Round

• Google to Acquire Mandiant for $5.4 Billion in Cash

• Widely used UPS devices can be hijacked and destroyed remotely

• Google to acquire Mandiant for $5.4 billion

• Over 25,000 Russian-linked Cryptocurrency Addresses Have Been Blocked by Coinbase

• IBM, Joins Microsoft, Oracle, SAP With Russia Suspension

• 8 Top Git Security Issues & What To Do About Them

• Empowering Women in Cybersecurity with Check Point’s Majority-Female Senior Leadership Team

• IT professionals plan to adopt passwordless technology

• Dirty Pipe Exploit Rings Alarm Bells in the Linux Community

• Coinbase: We’re Blocking 25,000 Russian Accounts

• Critical “Access:7” Supply Chain Vulnerabilities Impact ATMs, Medical and IoT Devices

• 16-28 February 2022 Cyber Attacks Timeline

• When fake dating profiles try the military approach

• PressReader witnesses cyber attack on its IT Infrastructure

• Password characters that neutralize brute force attacks

• Emergency Patch – 2 New Mozilla Firefox 0-Day Bugs Under Active Attack

• The Five Stages of File Integrity Monitoring (FIM)

• 25,000 Russian-linked accounts blocked by Coinbase

• Cyberattack hits PressReader

• Easily exploitable Linux bug gives root access to attackers (CVE-2022-0847)

• Silicon UK Roundtable: International Women’s Day 2022

• Lapsus$ Ransomware Gang – A Malware in Disguise

• Researchers Warn of Linux Kernel ‘Dirty Pipe’ Arbitrary File Overwrite Vulnerability

• The Continuing Threat of Unpatched Security Vulnerabilities

• An attacker’s toolchest: Living off the land

• Dirty Pipe Linux flaw allows gaining root privileges on major distros

• Looking for adding new detection technologies in your security products?

• Increasing security for single page applications (SPAs)

• China’s annual parliament gives tech industry much to ponder

• Microsoft Azure ‘AutoWarp’ Bug Could Have Let Attackers Access Customers’ Accounts

• ICS vulnerability disclosures surge 110% over the last four years

• 5 steps that simplify IoT security for OEMs

• Azure flaw allowed users to control others’ accounts

• Russia, China May Be Coordinating Cyber Attacks: SaaS App Security Firm

• Critical Bugs Expose Hundreds of Thousands of Medical Devices

• Improve your organization’s cyber hygiene with CIS CSAT Pro

• Fraud detection and prevention costs merchants more than fraud itself

• Application security market to reach $22.655 billion by 2026

• 70% of breached passwords are still in use

• Linux distros patch ‘DirtyPipe’ make-me-root kernel bug

• OpenVPN, Inc. Promotes “Operation Information Freedom”

• Intertek Issues First UL 2900-2-1 Certification to Medical Device Manufacturer NuVasive, Inc.

• KnowBe4 Revolutionizes Security Culture Measurement With Industry-First Maturity Model

• What Google, Amazon and Microsoft revealed about Ukraine’s cyber situation

• The Challenge of Asset Tracking in Industrial Environments

• Imperva API Security protects data across legacy and cloud-native applications

• Medigate PROS establishes cyber physical system security service standards for HDOs

• Coinbase blocks 25,000 Russian-linked accounts and promotes crypto over fiat for sanctions

• Conti Ransomware Group Diaries, Part IV: Cryptocrime

• FBI warns of online scammers impersonating government officials, law enforcement

• Google Enters Bidding War for Mandiant: Reports

• Trio of Vendors Offer Free Services to Organizations at Risk of Russian Cyberattacks

• SS8 Networks acquires Creativity Software to help CSPs comply with precise location data requests

• Infosys partners with Telenor Norway to enhance business agility and operational efficiency

• Sherweb collaborates with Trend Micro to provide more security tools for MSPs

• Grading the FITARA scorecard

• Cyber range training for government IT pros, students

• ‘Dirty Pipe’ Linux vulnerability discovered

• Google in Talks to Acquire Mandiant

• UN mulls Russia’s pitch for cybercrime treaty

• Ukraine: We’ve repelled ‘nonstop’ DDoS attacks from Russia

• Access management builds resilience to insider threats

• Report: Facebook Gaming Platform Is Full Of Scams

• Samsung Source Code Compromised in Hack

• ConnectWise Expands Collaboration with Intel to Further Strengthen Cybersecurity for SMBs

• Name That Edge Toon: Animal Instincts

• IT Security News Daily Summary 2022-03-07

• Why You Must Shine a Light on the Data Lurking in the Shadows

• BEST ENDPOINT SECURITY SOLUTIONS FOR 2022

• Anonymous hacked Russian TV and streaming services with Ukraine war footage

• I Can Probably Hack Your Password in MINUTES!

• Layered defenses, segmented networks key in shoring up infrastructure, NSA says

• Trading in your old phone? Here’s how to factory reset it and everything else you need to know

• PressReader service partially returns after cyberattack impacts 7,000+ publications

• Russia bans walkie-talkie app Zello

• Novel Attack Turns Amazon Devices Against Themselves

• Top DevSecOps certifications and trainings

• CISA Adds 11 Known Exploited Vulnerabilities to Catalog 

• CISA’s Zero Trust Guidance for Enterprise Mobility Available for Public Comment

• Coinbase blocked 25,000 crypto addresses linked to Russian individuals and entities

• Mandiant spikes 16% on report Google is in talks to acquire the company

• Mandiant surges after report Google interested in acquisition

• TMF announces two new awards

• Cyber‑readiness in the face of an escalated gray zone conflict

• CISA Adds Eleven Known Exploited Vulnerabilities to Catalog 

• Does Foreign Sovereign Immunity Apply to Sanctions on Central Banks?

• The Role of The CFO In Enterprise Cyber Security

• The Safest Ways for Bitcoin Trading

• Update now! Mozilla patches two actively exploited vulnerabilities

• UN mulls Russia’s own pitch for new cybercrime treaty

• Fake Antivirus Apps on Play Store Loaded with SharkBot Banking Trojan

• The struggle to reduce bug-fixing time is real

• State attorneys general open investigation into TikTok

• PressReader service partially returns after cyberattack causes outages at 7,000+ publications

• Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak

• Samsung breached, Nvidia hackers claim responsibility

• Imperva Ships API Security Providing Continuous API Discovery and Data Classification with Two Deployment Models

• Imperva Suspends Operations in Russia and Belarus

• UN debates Russia’s own pitch for new cybercrime treaty

• PROPHET SPIDER Exploits Citrix ShareFile Remote Code Execution Vulnerability CVE-2021-22941 to Deliver Webshell

• Billionaire-backed group enlists Trump-supporting citizens to hunt for voter fraud using discredited techniques

• Trading in your old phone soon? Here’s how to get it ready

• NVIDIA’s Stolen Code-Signing Certs Used to Sign Malware

• Industrial Systems See More Vulnerabilities, Greater Threat

• Mozilla Releases Security Updates for Multiple Products

• 2021 Brand Intelligence Trends

• Tech Advancements That are Boosting Cybersecurity

• Nmap Firewall Evasion Techniques>

• PressReader Suffers Cyber-Attack

• Nvidia’s Stolen Code-Signing Certs Used to Sign Malware

• U.S. Security Vendors Launch Critical Infrastructure Defense Project

• Samsung Source Codes Stolen

• Weight Management Companies Settle Data Privacy Suit

• The Aftermath, Episode 2: Scattered to the Four Winds

• EFF to European Court: “Right to be Forgotten” Shouldn’t Stop The Public From Reading The News

• ‘If you’re thinking about investments now, I would think cybersecurity companies,’ says John Chambers

• Lapsus$ extortionists dump data online as Samsung admits breach

• ISO 27002 2013 to 2022 mapping

• Things to do as soon as you become a victim to a bank fraudster

• Cyber Frauds raise because of Russia Ukraine War

• Elon Musk warns that Starlink Internet Satellites can be bombed

• Samsung confirms no data breach from Cyber Attack

• Kids Back To School – The Perfect Time to Audit Your Family’s Online Safety

• The Easy Solution for Stopping Modern Attacks

• Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape

• Critical Bugs in TerraMaster TOS Could Open NAS Devices to Remote Hacking

• Mozilla Fixes Two Critical Firefox Flaws That Are Being Actively Exploited

• Massive Meris Botnet Embeds Ransomware Notes From REvil

• Hackers Stoke Pandemonium Amid Russia’s War In Ukraine

• Global Consultancies Quit Russia

• What to Make of Microsoft’s Year in Cybersecurity

• Why GMSAs Present Such A Threat, Expert Insight

• Tesla CEO Musk Issues Warning Regarding the Use of Starlink Terminals in Ukraine

• Multilingual Cybersecurity Awareness Training adapted for your needs

• Aniview Renews Partnership with HUMAN to Continue Safeguarding Its Video Ad Platform From Sophisticated Bot Attacks

• Tech Spend Shifting to Enable Enterprise-Wide Approach to Customer Experience, ISG Says

• Black Kite Named a Customers’ Choice in the 2022 Gartner Peer Insights™ ‘Voice of the Customer’: IT Vendor Risk Management

• Technology Services Company Easy Dynamics to Expand in Fairfax County, Create 61 Jobs

• The Critical Infrastructure Defense Project launches to protect U.S. from retaliatory Russian cyberattacks

• Russia-Ukraine: Threat of Local Cyber Operations Escalating Into Global Cyberwar

• Russia, Ukraine and the Danger of a Global Cyberwar

• SharkBot, the new generation banking Trojan distributed via Play Store

• Hackers Expose 190GB of Alleged Samsung Data

• Uber Raises Earnings Forecast Amidst Ride-Hailing Surge

• Samsung confirms data breach as Lapsus$ hackers leak its source code

• Helping Mom & Dad: Online Banking

• Data Fabric: What It Is and How It Impacts Cybersecurity

• Lapsus$ ransomware gang uses stolen source code to disguise malware files as trustworthy. Check Point customers remain protected

• Mozilla fixes two critical Firefox flaws that are being actively exploited

• AppSec Firm Cider Security Emerges From Stealth With $38 Million in Funding

• Adafruit suffers GitHub data breach – don’t let this happen to you

• Why the World Needs a Global Collective Cyber Defense

• SharkBot Malware Poses as Android Antivirus

• 10 Best Tablets Under $200 to Buy 2022 – Top Affordable Gadgets

• Samsung says hackers breached company data and source code for Galaxy smartphones

• Disclosure of Vulnerability in Azure Automation Managed Identity Tokens

• Cyberattack Logan Health and Server Intrusion

• Ukrainian CERT Warns Citizens of Phishing Attacks Using Compromised Accounts

• Understanding How Hackers Recon

• SASE and SSE: what you need to know

• Ukraine will join NATO cyber hub

• NVIDIA Code Signing Certificates Leveraged to Sign Malware

• 10 Best Monitors for Xbox One X Gaming 2022 – Amazing Features and Specs

• Third-Generation iPhone SE 5G Expected This Week

• Ransom DDoS Attack that Reached a Rate of 2.5 Million Requests per Second

• Major Microsoft Azure cross-tenant vulnerability caught by Orca Security

• Samsung confirms Galaxy source code breach but says no customer information was stolen

• Google Fights Phishing With Updated Workspace Notifications

• How Police Abuse Phone Data to Persecute LGBTQ People

• Hacking Alexa through Alexa’s Speech

• A Student Mentor’s EXP-312 and OSMR Learning Experience

• 190GB of Samsung Data Leaked

• Ukrainian Government Websites Shut Down due to Cyberattack

• How to increase the overall performance of your PC?

• After NVIDIA, Samsung Are The Next Victims Of Data Theft

• Microsoft Adds Azure Cloud Data Centres In India, China

• CISA Informs Organizations of Flaws in Unsupported Industrial Telecontrol Devices

• Emergency Firefox Update Patches Two Actively Exploited Zero-Day Vulnerabilities

• Musk Warns Starlink Could Attract Russian Bombs

• The ‘Revelations’ Chapter 2 – Waking Up To CyberWar And Conflict

• London Has The Highest Cybercrime Rate In The United Kingdom With Over 5,000 Incidents In 2021

• Mozilla fixes Firefox zero-days exploited in the wild (CVE-2022-26485, CVE-2022-26486)

• A week in security (February 28 – March 6)

• Ukraine To Issue NFTs To Fund War Effort

• Ukraine Set to Join NATO Cyber Hub

• Counterfeit and Pirated Imports Surge During Pandemic

• Prevent hackers by getting into their heads. Here’s how.

• Ukraine Calls Invasion First ‘Hybrid’ War Fought In Cyberspace

• Facebook Blocked In Russia Over ‘Discrimination’

• Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of February 28, 2022

• Firefox patches two actively exploited zero-day holes: update now!

• Anonymous hacked Russian streaming services to broadcast war footage

• TikTok, Netflix Latest To Limit Russian Services

• Trying to register your antivirus in Windows Security Center?

• SharkBot Banking Malware Spreading via Fake Android Antivirus App on Google Play Store

• Mozilla addresses two actively exploited zero-day flaws in Firefox

• Stop hackers getting into your systems – by getting into their heads. Here’s how

• IT leaders confident in their ability to manage a ransomware attack: They should know better

• Every business is a cybersecurity business

• Global consultancies quit Russia

• How frustrated and burned out are security analysts?

• Solving the problem of secrets sprawling in corporate codebases

• A Complete Guide to Perform External Penetration Testing on Your Client Network | Step-by-Step Methods

• Winning the war for cyber – and cyber talent

• OT Cybersecurity Concerns Are Increasing Across the Globe

• What Is CPS 234 and Who Needs to Comply with It?

• 2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!

• BBC targeted with 383,278 spam, phishing and malware attacks every day

• Cynamics MSSPs offering optimizes network security for customers

• CDR market to reach $500 million by 2026

• RASP: The World Cup’s Last Line of Cyber Defense

• Australia launches federal election disinformation register to fight mistruths

• Anonymous offers $52,000 worth of Bitcoin to Russian troops for surrendered tank. Is it fake news?

Generated on 2022-03-08 23:55:39.613204