IT Security News Daily Summary 2022-04-05

• Cold Wallets, Hot Wallets: The Basics of Storing Your Crypto Securely

• Smarter Homes & Gardens: Protecting the Smart Devices in Your Home

• Avast releases new features to stop phishing and online scams

• US State Department opens cyberspace policy bureau

• 5 quick tips for better Android phone security now (yes, it’s this easy)

• Security equipment rebates aim to boost community safety

• Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

• Lock Down & Level Up: Protect Your Online Gaming from Hackers

• We’re going on Tor

• Germany Shuts Down Darknet Platform Specializing in Drugs

• Germany Shuts Down Russian Darknet Marketplace Hydra

• Shutdown of Russia’s Hydra Market Disrupts a Crypto-Crime ATM

• How to Choose the Best Encryption Methods for Databases

• How to clear Google search cache on Android and why you should do it

• Randomizing the KUSER_SHARED_DATA Structure on Windows

• Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique

• Authorities Fully Behead Hydra Dark Marketplace

• March ransomware attacks strike finance, government targets

• How IP Data Can Help Security Professionals Protect Their Networks

• Mattress Company Hit by a Magecart Attack, Suffers Data Breach

• Biden Prolongs National Emergency Amid Increasing Cyber Threats

• Germany Shuts Down Russian Dark Web Market Hydra; Seizes $25M in BTC

• Online Fraud Up 233% During Pandemic

• Name That Edge Toon: In Deep Water

• Borat Expands RAT Capabilities

• Drone inspects subway tunnels after nearby building collapse

• How federal tax incentives would benefit public power utilities

• What We Can Learn From Lapsus$ Techniques

• New technique offers faster security for non-volatile memory tech

• GitHub tackles leaks by scanning for secrets in pushed code

• 15-Year-old Security Vulnerability In The PEAR PHP Repository Permits Supply Chain Attack

• Symantec: Chinese APT Group Targeting Global MSPs

• Firefox 99 is out – no major bugs, but update anyway!

• GitHub Advanced Security Now Scans For Secrets With Each Push

• FIN7 Hackers Evolve Operations With Ransomware, Novel Backdoor

• Zyxel Patches Critical Hijacking Vulnerability

• Hackers Hijacked Crypto Wallets With Stolen MailChimp Data

• Mandiant Shareholder Sues To Block $5.4B Google Deal

• On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program

• Hackers in Dprk use Trojanized DeFi Wallet App to Steal Bitcoin

• Multi-GPU Systems are Vulnerable to Covert and Side Channel Assaults

• HOW CAN YOU WIN BIG IN VEGAS? – Global Achievement Awards Nominations Open Now

• Cyber threats increasingly target video games – The metaverse is next

• Formulating proper data destruction policies to reduce data breach risks

• 5 Industries that need advanced Cybersecurity measures

• Alphabet’s Wing To Begin Drone Delivery Service In US

• content filtering

• Tabs are coming to Windows 11’s File Explorer. But here’s what’s more interesting

• GitHub prevents leaks by scanning for secrets in pushed code

• Latest MITRE Endpoint Security Results Show Some Familiar Names on Top

• Armis Appoints Tom Gol as CTO for Research

• IBM z16 protects data and systems against current and future threats

• New security features for Windows 11 will help protect hybrid work

• Microsoft announces major new Windows 11 security features for 2022

• Ransomware Gang Leaks Files Stolen From Industrial Giant Parker Hannifin

• CashApp Says Ex-Employee Stole Customer Stock Trading Data

• 44 Vulnerabilities Patched in Android With April 2022 Security Updates

• Conti ransomware deployed in IcedID banking Trojan attack

• Google’s monthly Android updates patch numerous “get root” holes

• FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks

• Microsoft Faces EU Antitrust Questions Over Cloud Business – Report

• The Works has been forced to close some stores because of a cyber attack

• FIN7 hackers evolve operations with ransomware, novel backdoor

• Cooler heads needed in heated E2EE debate, says think tank

• API IAM Security Provider Corsha Raises $12 Million

• Anonymous targets the Russian Military and State Television and Radio propaganda

• Gain Insight into Database Security Vulnerabilities you Didn’t Know you Had

• Apple Neglects to Patch Two Zero-Day, Wild Vulnerabilities for macOS Big Sur, Catalina

• How to Prepare for Cyber Threats During the Russian Invasion of Ukraine

• FIN7 Morphs into a Broader, More Dangerous Cybercrime Group

• It’s 2022: Do You Know Where Your Sensitive Data Is?

• No-Joke Borat RAT Propagates Ransomware, DDoS

• US State Department Launches Cyberspace and Digital Diplomacy Bureau

• Find and $eek! Increased rewards for Google Nest & Fitbit devices

• CISA advises D-Link users to take vulnerable routers offline

• Spring4Shell added to CISA’s list of exploited vulnerabilities

• Corsha aims to develop solution to secure API communications

• These ten hacking groups have been targeting critical infrastructure and energy

• Spring4Shell flaw: Here’s why it matters, and what you should do about it

• Defenders Provided Tools and Information for Dealing With Spring4Shell

• Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload

• Brokenwire – A New Wireless Attack that Halts Charging System for Electric Vehicles

• Associate of (ISC)² Spotlight: Angel Sayani

• New Russian Android Malware Tracks GPS Location and Spies on Victims

• Yokogawa Patches Flaws Allowing Disruption, Manipulation of Physical Processes

• Airgap Networks Raises $13 Million for Ransomware Kill Switch

• Germany Shuts Down Russian Hydra Darknet Market; Seizes $25 Million in Bitcoin

• Nominations for 2022’s European Cybersecurity Blogger Awards NOW OPEN!

• Check Point + Armis Team Up to Protect Critical Vulnerabilities (TLStorm) Found in APC Smart-UPS Devices

• Singapore looks to drive maritime innovation, cybersecurity resilience

• Fake versions of real smartphone apps are being used to spread malware. Here’s how to stay safe

• GitHub now scans for secret leaks in developer workflows

• Germany Shuts Down Russian Hydra DarkNet Market; Seize $25 Million in Bitcoin

• CISA adds Spring4Shell flaw to its Known Exploited Vulnerabilities Catalog

• Hackers Using Fake Police Data Requests against Tech Companies

• The Works closes stores after cyber attack

• CISA adds Spring4Shell to list of exploited vulnerabilities

• 10 Best Lightest Gaming Mouse 2022 – For Heavy-Duty Gaming Experience

• Most Reliable Hosting Company Sites in March 2022

• From SolarWinds to Log4j: The global impact of today’s cybersecurity vulnerabilities

• Academics Devise Side-Channel Attack Targeting Multi-GPU Systems

• Wind Turbine Giant Nordex Shuts Down IT Systems in Response to Cyberattack

• Why Some CISOs Fail

• NFTs Are a Privacy and Security Nightmare

• Info-Stealing Malware Pushed Through WhatsApp Messages

• Twitter Shareholder Elon Musk Polls Users Over Edit Button

• 16% of organizations worldwide impacted by Spring4Shell Zero-day Vulnerability exploitation attempts since outbreak

• Palestinian Lawyer Sues Pegasus Spyware Maker in France

• Retailer The Works Closes Stores After Cyber-Attack

• Is API Security on Your Radar?

• Researchers Trace Widespread Espionage Attacks Back to Chinese ‘Cicada’ Hackers

• Fraudulent Crypto Exchange Thodex Faces 40,000-Year Sentences

• Nordex Cyber Incident Shuts IT Systems

• Crypto Customers Targeted in MailChimp Data Breach

• Beware of this Cadbury Easter Egg cyber fraud

• Ransomware attack on The Works stores of UK

• How can you tell if a shortened link is secure?

• Elon Musk Acquires 9 Percent Of Twitter

• Meta Relaxes Covid Booster Requirement For Staff

• Russia Threatens Wikipedia With Fines Over ‘False Information’

• US judge sentences men for $1.5 million Apple Gift Card scam

• Global APT Groups Use Ukraine War for Phishing Lures

• Russian Software Security And The Risk You Run

• Cyber Security Experts Insight On BORAT RAT

• WhatsApp ‘Voice Message’ Is an Info-Stealing Phishing Attack

• Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams

• New attack method could disrupt electric vehicle charging

• Log4Shell exploitation: Which applications may be targeted next?

• Threats Targeting UPS Units | Avast

• The Differences in How CASB vs. SSPM Secures SaaS Apps

• 49% of small medical practices lack a cyberattack response plan

• Identity fraud losses totaled $52 billion in 2021

• GitLab issues security updates; watch out for hard coded passwords

• CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability

• Testing, testing, testing: Why Red Teaming is a must for every CISO

• What you need to look out for when installing packages from public repositories

• Podcast Episode: Your Tax Dollars At Work

• Hybrid threat model: Watch out for the unhappy employee

• Utilizing biological algorithms to detect cyber attacks

• Bank had no firewall license, intrusion or phishing protection – guess the rest

• MailChimp breached, intruders conducted phishing attacks against crypto customers

• Traditional identity fraud losses soar, totalling $52 billion in 2021

• What Can Flexible Work Conditions Do for Cyber?

• What is undermining ML initiatives?

• 49% of small medical practices don’t have a cyberattack response plan

• Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of March 28, 2022

• Cloud identity access and management market to reach $13.6 billion by 2026

• How Does Cybersecurity Impact Environmental Services and Infrastructure?

• FortiOS 7.2 enables organizations to protect their hybrid networks

• WhiteSource releases free tool to detect and remediate Spring4Shell vulnerability

• F5 BIG-IP CNF solutions help customers accelerate and secure 5G deployment

• SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965

• Mailchimp: Crook stole cryptocurrency clients’ mailing-list subscriber info

• 2022-04-04 – Emotet E5 infecttion with spambot traffic

• Cryptocurrency companies targeted in Mailchimp breach

• State Department Announces Bureau of Cyberspace and Digital Policy

• Appfire acquires Comalatech to solve document management challenges for enterprises

• LAPSUS$ hacks continue despite two hacker suspects in court

• Axiomatics promotes Jim Barkdoll to CEO

• Dragos appoints Dawn Cappelli as Director for OT CERT program

• Citrix® Modernizes Security to Accommodate Hybrid Work

• Qualys Delivers Multi-Vector EDR 2.0 with Enhanced Prioritization to Quickly Surface the Most Critical Incidents

• BlackSky forms a Strategic Advisory Group and appoints three prominent leaders

• Anatomy of an Android Malware Dropper

• SEC Chair Gensler says agency is planning greater oversight of crypto markets to protect investors

• States unclear on what constitutes ‘reasonable’ cybersecurity

• Compromised email behind fake emergency data requests

• LAPSUS$ hacks continue despite two UK hacker suspects in court

• Apple Gift Card Scammers Sentenced for Role in $1.5M Fraud

• CISA Adds Four Known Exploited Vulnerabilities to Catalog

• IT Security News Daily Summary 2022-04-04

• What is Metatrader4?

• Can small businesses keep up with defense cyber requirements?

• Millions of Installations Potentially Vulnerable to Spring Framework Flaw

• The NDO Fairness Act Is an Important Step Towards Transparency

• Just Because You’re Small, Doesn’t Mean You’re Safe – Why SMBs are lucrative targets for cyber adversaries

• Just Scan It with JFScan

• Taking a Proactive Approach to Cybersecurity With Laurie Williams [Podcast]

• State Department announces first Bureau of Cyberspace and Digital Policy

• Ransomware tests local governments

• The census missed some folks. These cities want them counted.

• Open bus data makes transit schedules more reliable

• Mandiant shareholder sues to block $5.4b Google deal

• Just Because You’re Small, Doesn’t Mean You’re Safe – Why SMBs are lucrative targets for cyber adversaries

• Taking a Proactive Approach to Cybersecurity With Laurie Williams [Podcast]

• State Department announces first Bureau of Cyberspace and Digital Policy

• The census missed some folks. These cities want them counted.

• Open bus data makes transit schedules more reliable

• How Do I Decide Whether to Buy or Build in Security?

• Mandiant shareholder sues to block $5.4b Google deal

• VMware released updates to fix the Spring4Shell vulnerability in multiple products

• Just Scan It with JFScan

• Ransomware tests local governments

• Beware of These 5 Tax Scams

• Here’s What Electoral Count Act Reform Should Look Like

• TOTOLINK Routers, Other Device Exploits Added to Beastmode Botnet

• Report: Facebook Gave User Data Away To Hackers

• NCSC Suggests to Reconsider Russian Supply Chain Risks

• How to use OpenID Connect for authentication

• How to implement OpenID Connect for single-page applications

• Anonymous Wages a Cyber War Against Russia, Targets Oligarchs

• British Police Charge Teenagers in LAPSUS$ Gang Connection

• Cyberattacks have yet to play a significant role in Russia’s battlefield operations in Ukraine – cyberwarfare experts explain the likely reasons

• Soaring ransomware payments, consistent infections, deceptive URLs and more in this year’s 2022 BrightCloud® Threat Report

• BlackGuard Password Stealing Malware Being Sold on Russian Hacking Forums

• Microsoft CRSP shares the ways human behavior affects compromise recovery

• Welcome to the Age of Zero Trust

• 5 ways to spring clean your security

• Cadbury Warns of Easter Egg Scam

• Jail Releases 300 Suspects Due to Computer “Glitch”

• Day of Action for Antitrust: Our Rights Are Tied to Having Choices

• Two Teenagers of Lapsus$ Hacking Group Charged

• Borat RAT: Multiple threat of ransomware, DDoS and spyware

• JavaScript supply chain issues

• Luhn algorithm (modulus 10)

• Performance measurement is alive and well

• Activist Admits Shutting Down California County’s Website

• Darkweb researcher warns of possible cyberattack against Indonesian energy company Perushaan Gas Negare

• Data on stolen Apple iPhones to be made more secure now

• Code Injection Vulnerability Found In Spring Cloud Framework

• Experts spotted a new Android malware while investigating by Russia-linked Turla APT

• Spring4Shell (CVE-2022-22965): details and mitigations

• Ola Finance: Attackers Stole $4.7M in ‘Re-Entrancy’ Exploit

• Threat Actors Abuse Calendly App to Steal Account Credentials

• Risks And Trends In Cybersecurity

• Half of Organizations Have Experienced a Cyber Attack on Their Critical IT Assets

• MITRE Engenuity ATT&CK® Evaluations Results Highlight Check Point’s leadership in Endpoint Security with a 100% Detection Across all Attack Steps

• Borat RAT malware: A ‘unique’ triple threat that is far from funny

• China Accused Of Cyber Attacks On Ukraine Before Russian Invasion

• Borat RAT Malware: A Unique Triple Threat That Is Far From Funny

• Emma Sleep Company Admits Checkout Cyber Attack

• A Hacker Gang’s Members Are In Jail. It’s Still Stealing Data.

• Elephant Framework Delivered in Phishing Attacks Against Ukrainian Organizations

• Endpoint Security: Why It’s Essential Now More Than Ever

• New Android Spyware Uses Turla-Linked Infrastructure

• Cybersecurity Mesh: IT’s Answer to Cloud Security

• Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers

• Brokenwire attack, how hackers can disrupt charging for electric vehicles

• Lawmakers move to ‘crack down’ on dark web-based opioid trafficking

• Cybersecurity M&A Roundup: 39 Deals Announced in March 2022

• What the Pandemic Has Taught Us

• Announcing General Availability of Remote Desktop Protocol Support for Duo Network Gateway

• Japanese Confectionary Morinaga Disclosed Data Breach

• CISA Warns Internet-Connected UPS Users To Be Wary Of Cyberattacks

• Wyze Cam Vulnerabilities Expose Saved Videos To Hackers

• ImpressCMS Vulnerabilities Could Allow RCE Attacks

• Zyxel Warns Firewall Users of Authentication Bypass Vulnerability

• “Free easter chocolate basket” is a social media scam after your personal details

• AI’s growing enterprise gaps explain why AWS SageMaker is growing

• Borat RAT malware: a ‘unique’ triple threat that is far from funny

• Harnessing Neurodiversity Within Cybersecurity Teams

• Intelligent alert management

• WINNING TACTICS FOR SECURITY AWARENESS INNOVATIONS via EXPERIENCE (1 of 2)

• To Mimic Microsoft, Phishing Employs Azure Static Web Pages

• Spanish energy giant hit by data breach

• A Fake Data Breach Used Emails to Steal Cryptocurrency Wallets

• Watch Out Electric Vehicle Owners – Brokenwire Attack Remotely Disrupts Charging

• PCI DSS 4.0; It’s time to get serious on Magecart

• Turkey seeks 40,000-year sentences for alleged cryptocurrency exit scammers

• How Explosions Actually Kill

• Multiple Hacker Groups Capitalizing on Ukraine Conflict for Distributing Malware

• Russian intelligence food habits leaked from food delivery app data breach

• North Korea hackers sending Corona Vaccine related phishing emails

• Once Again, Check Point Software Positions as a Leader across Multiple G2 Leadership Quadrants

• Vendors Assessing Impact of Spring4Shell Vulnerability

• GitLab Patches Critical Account Takeover Vulnerability

• Brokenwire Hack Could Let Remote Attackers Disrupt Charging for Electric Vehicles

• Trezor customers phished following MailChimp breach

• New RAT Dubbed Borat Emerging on the Cyberthreat Landscape

• India Launches Probe After E-Scooter Fires

• Emma Sleep Company admits checkout cyber attack

• A week in security (March 28 – April 3)

• Update now! Zyxel patches critical firewall bypass vulnerability

• Scammers are lurking on dating apps

• Trezor Customers Phished After MailChimp Compromise

• WeChat Disables Accounts Linked To NFTs

• Consulting Company Responds Over Facebook ‘Smear’ Report

• UK Charges Alleged Lapsus$ Gang Members With Hacking

• Scottish Power Parent Company Hit by Data Breach

• UK Teens Charged With Hacking After Lapsus$ Arrests

• Bitcoin Mining Start-Up To Make Nasdaq Debut

• Lapsus Teen Suspects Have their Day in Court

• 82% of public sector software apps have security flaws

• Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums

• An In-Depth Look at ICS Vulnerabilities Part 2

• Amazon Staten Island Warehouse Votes To Unionise In ‘Historic’ Move

• British Robot Artist To Hold Solo Show In Venice

• Beastmode DDoS Botnet Exploiting New TOTOLINK Bugs to Enslave More Routers

• The challenges of consumer data and PII usage

• The CISO as brand enabler, customer advocate, and product visionary

• Experts discovered 15-Year-Old vulnerabilities in the PEAR PHP repository

• Borat RAT, a new RAT that performs ransomware and DDoS attacks

• New and less known cybersecurity risks you should be aware of

• Security flaws found in 82% of public sector software applications

• Mainframe still powering critical business operations

• Vulnerabilities and cyberattacks that marked the year 2021

• IT in manufacturing insufficiently prepared to support long-term hybrid work

• Infosec products of the month: March 2022

• Application security market to reach $13.1 billion by 2025

• Orca Security adds attack path analysis capability to improve the effectiveness of security teams

• OpenNMS Meridian 2022 helps enterprises reduce potential security risks

• How Internet Censorship Affects You – Pros and Cons

Generated on 2022-04-05 23:55:34.073254