IT Security News Daily Summary 2022-04-02

• UK Police charges two teenagers for their alleged role in the Lapsus$ extortion group

• Spring4Shell Zero-Day Vulnerability

• After 17 years, the Zlib Crash-An-App Flaw Has Been Patched

• Pune Police Recover Over Rs. 84 Crore Worth of Bitcoins From Two Cyber Experts

• Cybersecurity, Especially in Critical Infrastructure and State Government, Is A Huge Issue Right Now

• Log4j Showed Us That Public Disclosure Still Helps Attackers.

• Cynet Announces Results in 2022 MITRE Engenuity ATT&CK® Enterprise Evaluations

• Meet the Young Women Tackling Gender Bias in Cybersecurity

• Russia Linked Android Malware Access Camera, Audio & Location

• See How Dell Technologies is Elevating the Hybrid Work Experience

• Beastmode Mirai botnet now includes exploits for Totolink routers

• Crooks use fake emergency data requests to get personal info out of Big Tech – report

• Fake Cops Scammed Apple and Meta to Get User Data

• You Need a Password Manager. Here Are the Best Ones

• Chinese Hackers Are Abusing Log4Shell to Deploy Rootkits on VMware Horizon Servers

• Hive Ransomware Employs New ‘IPfuscation’ Tactic to Conceal Payload

• US Health Provider LEHB Hit by Ransomware Attack, Network Compromised

• Ukraine intelligence leaks names of 620 alleged Russian FSB agents

• Critical CVE-2022-1162 flaw in GitLab allowed threat actors to take over accounts

• Trend Micro fixed high severity flaw in Apex Central product management console

• 15-Year-Old Bug in PEAR PHP Repository Could’ve Enabled Supply Chain Attacks

• GOING FOR (ISC)² CERTIFICATION? GET THE FACTS BEFORE YOU CHOOSE A TRAINING PROVIDER

• Google Meet looks to match Zoom with key security feature

• GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts

• British Police Charge Two Teenagers Linked to LAPSUS$ Hacker Group

• SentinelOne Leads MITRE Engenuity ATT&CK® with 100% Prevention, Detection, and Highest Scores

• Week in security with Tony Anscombe

• Report: Majority of execs believe data is vital to sustain the metaverse

• Congress Invests in National Cyber Resilience but Misses Important Opportunities in the Consolidated Appropriations Act

• Layoffs in China’s Tech Sector Stoke Larger Unemployment Fears

• Data Theorem offers security notifications within AWS Security Hub to prevent data breaches

• California: Speak Up For Biometric and Student Privacy

• Gunjan Aggarwal joins Confluent as CPO

• BeamUP attracts $15M for facilities digital twins

• Apple’s Zero-Day Woes Continue

• X1 appoints Larry Gill as CEO

• Scammers are Exploiting Ukraine Donations

• The pros and cons of Netskope SASE

• New UAC-0056 activity: There’s a Go Elephant in the room

• IT Security News Daily Summary 2022-04-01

• Report: One in four employees who made security mistakes lost their job

• Blockchain can power up government processes, GAO says

• Login.gov plans to scale up without facial recognition tech – for now

• New Subscription: Learn Fundamentals

• Agencies can accelerate AI deployments with ModelOps

• Apple Releases Security Updates

• Apple releases macOS 12.3.1, iOS 15.4.1, watchOS 8.5.1 and more

• How safe are your crypto assets?

• This Week in Security News – April 1, 2022

• New bill takes aim at veterans records backlog

• FBI urges local agencies to prepare for ransomware attacks

• NSA Employee Indicted for Sending Classified Data Outside the Agency

• GitLab issues critical update after hard-coding passwords into accounts

• Spring Releases Security Updates Addressing “Spring4Shell” and Spring Cloud Function Vulnerabilities

• Update now! Apple patches two zero-day vulnerabilities that may have been actively exploited

• Globant suffers network breach due to LAPSUS$ compromise

• Hive ransomware impacts California non-profit health organisation

• Only a transformation of service delivery can rebuild trust in government. Here’s how.

• The benefits of digital payments automation for local government

• Google survey suggests government workers dissatisfied with legacy software, concerned over cyberattacks

• House Passes Better Cybercrime Metrics Act

• Public.Resource.Org Can Keep Freeing the Law: Court Allows Posting Public Laws And Regulations Online

• Two teenagers charged in connection with investigation into hacking group, says City of London police

• What You Need to Know About PCI DSS 4.0’s New Requirements

• FBI Warns Election Officials of Credential Phishing Attacks

• Experts Warn Defenders: Don’t Relax on Log4j

• New Spear Phishing Campaign Targets Russian Dissidents

• Log4Shell is Employed in 31% of Malware infections, Lacework Labs Identifies

• 82% Applications in Public Sector Have Security Flaws

• Spring4Shell vulnerability: Should you patch?

• US Cyber Command Partners with APUS

• NSA Employee Accused of Sharing National Defense Secrets

• CERT/CC Releases Information on Spring4Shell Vulnerability

• JupyterLab Web Notebooks Targeted by Unique Python-Based Ransomware

• New AcidRain malware hit Viasat’s modems downing Ukraine’s internet

• Generosity Beware: Protecting Your Organization and Its Members From Cyber Theft

• tru.ID Adds Sorenson Ventures to $9m Seed Round to Scale the Mobile Cybersecurity Platform

• What Concerns Cyber Pros Most About the Invasion of Ukraine

• Zimperium acquired by Liberty Strategic Capital for $525M

• Report: Facebook Has Failed To Label 80 Percent Of Posts Promoting Russian Conspiracy Theory

• Modem-wiping malware was behind Viasat cyberattack

• Best VPN for Windows PC (2022)

• More Charged In UK Lapsus$ Investigation

• Apple Rushes Out Patches For Two Zero Days Threatening Users

• Deep Panda Returns With Log4Shell Exploits, New Fire Chili Rootkit

• Ubiquiti Sues Brian Krebs Alleging Defamation

• Ukraine Accuses Russia Of Using WhatsApp Bot Farm To Ask Military To Surrender

• Report: 84% of enterprises struggle to manage their endpoint security

• Anonymous targets oligarchs’ Russian businesses: Marathon Group hacked

• 5G edge and security deployment evolution, trends and insights

• Viasat’s Satellite Modems Wiped

• FBI Warns of Ransomware Attacks Targeting Local Governments

• More Than Ever, Security Matters

• Russian Wiper Malware Likely Behind Recent Cyberattack on Viasat KA-SAT Modems

• An In-Depth Look at ICS Vulnerabilities Part 1

• Russian Bailiffs Seize $12m From Google – Report

• More charged in UK Lapsus$ investigation

• Russian Wiper Malware Responsible for Recent Cyberattack on Viasat KA-SAT Modems

• AcidRain, a wiper that crippled routers and modems in Europe

• Results overview: 2022 MITRE ATT&CK Evaluation – Wizard Spider and Sandworm edition

• SunVia bets that controlling your own identity will make the metaverse successful

• Chinese hackers Deep Panda return with Log4Shell exploits, new Fire Chili rootkit

• FBI: Ransomware attacks are piling up the pressure on public services

• Cybersecurity survival tips for small businesses: 2022 edition

• Apple Rushes Out Patches for 0-Days in MacOS, iOS

• PCI Data Security Standard v4.0 Released to Address Emerging Threats

• What Is S/MIME?

• BlackGuard, a New Info-Stealer, for Sale on Russian Hacking Forums

• CISA Cautions of Attacks on UPS Devices

• Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code

• Russia Bans Acquisition Of Foreign Software For Critical Infrastructure

• Zyxel urges customers to patch critical firewall bypass vulnerability

• Is it OK to use text messages for 2-factor authentication? [Ask ZDNet]

• New Vulnerabilities Allow Stuxnet-Style Attacks Against Rockwell PLCs

• Russia Inches Toward Its Splinternet Dream

• Bypassing Two-Factor Authentication

• 2022-03-29 – Emotet E4 with Cobalt Strike

• Government workers rely on Microsoft. That could be a security problem, Google claims

• Trend Micro Patches Apex Central Zero-Day Exploited in Targeted Attacks

• Results Overview: 2022 MITRE ATT&CK Evaluation – Wizard Spider and Sandworm Edition

• Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit

• Security Experts On PCI DSS 4.0 Released

• Experts Insight On Spring4Shell Vulnerability

• UK spy chief praises fake news counter cell

• Majority of data security incidents caused by insiders

• Deep Panda Hacking Group Is Targeting VMware Horizon Servers

• JupyterLab’s Web Notebooks Hit Clipped Emergent Python-based Ransomware Strain

• Samsung Begins Self-Repair Program For Galaxy Devices

• The spectre of Stuxnet: CISA issues alert on Rockwell Automation ICS vulnerabilities

• Antimatter Emerges From Stealth Mode With $12M to Secure Customer Data

• Spring4Shell Exploitation Attempts Confirmed as Patches Are Released

• North Korean Hackers Distributing Trojanized DeFi Wallet Apps to Steal Victims’ Crypto

• Apple And Meta Shared Data With Hackers – Experts Reactioins

• Privilege Elevation and Delegation Management Explained: Definition, Benefits and More

• Google: Russian credential thieves target NATO, Eastern European military

• DDoS Protection Tips

• Cyber Threat warning issued to all internet connected UPS devices

• UK Spy Chief Hails Government Cell Tackling Kremlin Fake News

• Zyxel fixes a critical bug in its business firewall and VPN devices

• Over Half of Data Security Incidents Caused by Insiders

• UK Spy Chief Warns Russia Looking for Cyber Targets

• IT Services Giant Admits $42m Fallout from Ransomware Attack

• Tech Mentorships | Avast

• CISA adds Sophos firewall bug to Known Exploited Vulnerabilities Catalog

• New UK Study Shows Just 1/3rd Of Orgs Use MFA Auth, Practice Cyber Compliance

• Organizations need to up their cloud native security strategy

• Modem-wiping malware caused Viasat satellite broadband outage in Europe

• Weekly Update 289

• Spring4Shell: New info and fixes (CVE-2022-22965)

• Modem-wiping malware caused Viasat satellite broadband outage

• Defending the endpoint with AI

• Flaws in Wyze cam devices allow their complete takeover

• National Security Agency employee indicted for ‘leaking top secret info’

• Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices

• Does Cyber Risk Quantification Work? | Avast

• National Security Agency employee indicted for leaking top secret info

• JavaScript security: The importance of prioritizing the client side

• We need an industry-backed, tech-neutral resource to restore trust in voice communications

• New infosec products of the week: April 1, 2022

• Australia’s SkyGuardian drones shot down by spicy cybers

• Cloud native application security is a critical priority, risk perception is worryingly low

• Making security mistakes may come with a high price for employees

• MITRE Engenuity ATT&CK® Evaluations Announces Results from Fourth Round of Enterprise Evaluations

• Deep Instinct Shows a 100% Prevention Score in the 2022 MITRE Engenuity ATT&CK® Evaluations for Enterprise

• New Study Exposes Behaviors of Government Employees That Could Lead to Cybersecurity Breaches

• TD SYNNEX Achieves AWS Cloud Management Tools Competency

• Ransomware Study: 4 out of 5 Organizations Targeted Within The Past 12 Months

• Apple updates macOS, iOS, and iPadOS to fix possibly exploited zero-day flaws

• Is IT ready for the metaverse? If not, it should be

• MITRE ATT&CK® Evaluation results: Malwarebytes’ efficiency, delivered simply, earns high marks

• ASEGURE SUS CONFIGURACIONES CON EL GESTOR DE CONFIGURACIÓN DE TRIPWIRE

• Out of Band (OOB) Data Exfiltration via DNS

• 5G in defense market to reach $8,952.30 million by 2027

• Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices

• ‘Marvel superpower’: Home Affairs wants industry to rely on its cyber powers more often

• Accops BioAuth helps businesses prevent authentication-related attacks

• Absolute announces new products to optimize and secure work-from-anywhere environments

• Obsidian Security’s session hijacking feature prevents attackers from stealing tokens

• SnapAttack Community Edition provides access to a vast library of attack and detection content

• CYTRACOM ControlOne empowers MSPs to secure modern cloud networks

• Anonymous targets Western companies still doing business in Russia

• Increasing Representation of Women in Security Research

• Apple pushes out two emergency 0-day updates – get ’em now!

• PCI Pal collaborates with Five9 to provide secure payments for customers

• Fusion Risk Management partners with UCF to help organizations navigate regulatory requirements

• Palo Alto Networks launches firewall service for AWS to protect enterprises from cyberattacks

• Dream Job Alert: EFF Seeks a Lawyer with Patent and Copyright Experience

Generated on 2022-04-02 23:55:25.020640