IT Security News Daily Summary 2022-04-06

• Forrester names Microsoft a Leader in 2022 Enterprise Detection and Response Wave™ report

• Congressional chair asks Google and Apple to help stop fraud against U.S. taxpayers on Telegram

• Eliminating Passwords: One Way Forward

• Forrester names Microsoft a Leader in 2022 Enterprise Detection and Response Wave™ report

• Hamas-linked cyber-spies ‘target high-ranking Israelis’

• 6 Best Platforms to learn Blockchain in Depth

• US sanctions Garantex for laundering over $100M

• CISA Adds Three Known Exploited Vulnerabilities to Catalog

• Forrester names Microsoft a Leader in 2022 Enterprise Detection and Response Wave™ report

• Hamas-linked cyber-spies target high-ranking Israelis

• Report: Facebook Bug Caused Misinformation To Rise Up News Feeds

• How DevOps Automation Solves Low-Code Security Issues

• Forrester names Microsoft a Leader in 2022 Enterprise Detection and Response Wave™ report

• How Ukraine has defended itself against cyberattacks – lessons for the US

• Hamas-Linked Hackers Using Sexy ‘Catfish’ Lures, New Malware

• Forrester names Microsoft a Leader in 2022 Enterprise Detection and Response Wave™ report

• Feds take down Kremlin-backed Cyclops Blink botnet

• How to block tracking pixels in Apple Mail

• DoJ takes down Russian botnet that targeted WatchGuard and Asus routers

• Hamas-Linked Hackers Using Sexy Facebook ‘Catfish’ Lures, New Malware

• How secure are one-time passwords from attacks?

• The Latest Threat to Independent Online Creators Is the Filter Mandate Bill

• Forrester names Microsoft a Leader in 2022 Enterprise Detection and Response Wave™ report

• USAID Sends Ukraine 5,000 Starlink Terminals From SpaceX

• 10 IoT security challenges and how to overcome them

• Code for America’s CEO on this moment in civic tech

• FBI Disables “Cyclops Blink” Botnet Controlled by Russian Intelligence Agency

• The Original APT: Advanced Persistent Teenagers

• Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

• Forrester names Microsoft a Leader in 2022 Enterprise Detection and Response Wave™ report

• Revolutionary changes in transportation, from electric vehicles to ride sharing, could slow global warming – if they’re done right, IPCC says

• Apple Leaves Big Sur, Catalina Exposed to Critical Flaws: Intego

• US Charges Russian Oligarch, Dismantles Cybercrime Operation

• Forrester names Microsoft a Leader in 2022 Enterprise Detection and Response Wave™ report

• Fake e‑shops on the prowl for banking credentials using Android malware

• Intego: Apple Leaves Big Sur, Catalina Exposed to Critical Flaws

• FBI-Led Operation Disrupts Russian GRU Botnet

• Forrester names Microsoft a Leader in 2022 Enterprise Detection and Response Wave™ report

• Anonymous Affiliate NB65 Breach State-Run Russian Broadcaster; Leak 786GB of Data

• Serious Security: Darkweb drugs market Hydra taken offline by German police

• Attack on Ukraine Telecoms Provider Caused by Compromised Employee Credentials

• Linux Systems Are Becoming Bigger Targets

• Due to New Router Flaws, Beastmode Botnet Has a Greater DDoS Potential

• New Android Spyware Linked to Russia Hacking Group Turla

• Cryptocurrency Network Ronin Suffers Breach, Hackers Steal Millions

• What Concerns Cyber Pros Most About the Invasion of Ukraine

• Healthcare focus:  Need for resilience

• DevSecOps build and test process

• AT&T Cybersecurity earns four Cybersecurity Excellence Awards

• 10 Things cybercriminals love about you

• 1.3 million Iberdrola Customers Hit In Cyberattack

• Crypto Market Integrity Coalition Welcomes 13 New Signatories Including Gemini, Robinhood

• Zimperium and Carahsoft Partner to Provide Mobile Security Protection to the Public Sector

• Open Systems Appoints Chief People Officer to Support Growing Demand for Its Managed Security Services

• Stratodesk Announces Availability of Stratodesk NoTouch Center on VMware Marketplace

• Deep Instinct Announces First-Of-Its-Kind Stratosphere Partner Program

• Amazon Signs Rocket Deal For Project Kuiper Satellite Launches

• Scam and Online Fraud Protection Features in Avast One | Avast

• Day-1 Protection against Java Spring Framework Vulnerability with Check Point CloudGuard Workload Security Container Runtime Protection

• Best VPN for streaming (2022)

• Electric Vehicle Chargers Hacked to Show Porn

• Google Releases Security Updates for Chrome

• Citrix Releases Security Updates for Hypervisor

• Mozilla Releases Security Updates for Firefox and Firefox ESR

• Telegram’s Embrace of Contradiction

• Denonia: First Malware Targeting AWS Lambda

• Cyber Security WEBINAR — How to Ace Your InfoSec Board Deck

• Block Claims Ex-Employee Downloaded Customer Data After Leaving

• This New Malware Targets AWS Lambda Environments

• Bored Ape & Other Major NFT Project Discords Hacked by Fraudsters

• Report: 35% of educational institutions have a SQLi vulnerability

• Worst-case scenario: Almost 13,000 federal facilities could be harmed by flooding

• Block claims ex-employee downloaded customer data after leaving firm

• Tufin Agrees to $570 Million Acquisition With 30-Day ‘Go Shop’ Option

• Ukraine warns of attacks aimed at taking over Telegram accounts

• Cyberweapons Arms Manufacturer FinFisher Shuts Down

• The Quantum Tipping Point

• 4 Ways to Improve Azure Active Directory Security

• Fighting The International Cyber War with Ai

• Enabling Security Resilience in the Face of Unpredictable Change

• Report: 54% of security pros want to quit their jobs

• Texas Department of Insurance Exposed Data of 1.8 Million People

• Google Doubles Rewards for Nest and Fitbit Vulnerabilities

• Why XDR As We Know It Will Fail

• Hackers Distributing Fake Shopping Apps to Steal Banking Data of Malaysian Users

• Block discloses data breach involving Cash App potentially impacting 8.2 million US customers

• Spain Plans $12.4bn Chip Sector Investment

• NFT Security Risks: Old Scams and New Tricks

• Avast One Scam and Online Fraud Protection Features | Avast

• How LightBeam’s new data privacy automation platform uses AI to identify personal data

• This new malware targets AWS Lambda environments

• Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info

• Coro Raises $80 Million for Cybersecurity Platform for Mid-Market Organizations

• What Duo Unix Administrators Need to Know About Pluggable Authentication Modules

• The Wait is Over for Secure Firewall 3100 Series

• First malware targeting AWS Lambda serverless platform disclosed

• These sneaky hackers hid inside their victims’ networks for nine months

• Ransomware: Conti gang is still in business, despite its own massive data leak

• FIN7 Cybercrime Operation Continues to Evolve Despite Arrests

• Turn/River Capital acquires Tufin in a $570 million transaction

• March 2022 Cybersecurity Roundup: War continues in cyberspace, State networks breached, New proposed EU and SEC rules

• Europe Warned About Cyber Threat to Industrial Infrastructure

• Ukraine Warns of Cyber attack Aiming to Hack Users’ Telegram Messenger Accounts

• CashApp Customers Affected by Data Breach

• Russian Darknet Marketplace Hydra Shutdown by The US DOJ

• 10 Best Monitors Under $300 2022 – For Gaming or Office

• Beware Ukraine-themed fundraising scams

• What is Neurodiversity? Understanding Neurodiversity and it’s Prominence in Cybersecurity

• Beware of the new WhatsApp Voice Message Phishing Campaign that Delivers Malware

• Google increases its bug bounty for Fitbit and Nest security flaws

• UK spy agencies sharing bulk personal data with foreign allies was legal, says court

• Meta Tries to Break the End-to-End Encryption Deadlock

• Europe Is Building a Huge International Facial Recognition System

• U.S. Treasury Department sanctions darkweb marketplace Hydra Market

• Germany closes Russian “Hydra” darknet marketplace

• Cash App notifies 8 million customers of data breach

• New Risk-based Application Access Control aims to solve BYOD and Remote Work Security and Productivity Challenges

• VLC Media Player Leveraged by Hackers to Distribute Malware Loader

• Microsoft Windows 11 will have more protection against cyber threats

• Apple iOS 15 fixes a critical zero day vulnerability with update

• Government Sets Out Plan To Recognise Stablecoins

• Fake Android shopping apps steal bank account logins, 2FA codes

• Microsoft asks bug hunters to probe on-premises Exchange, SharePoint servers

• Block Warns Eight Million Customers of Insider Breach

• South African and US Officers Swoop on Fraud Gang

• Almost a Fifth of Global Firms Targeted with Spring4Shell

• Block Admits Data Breach Involving Cash App Data Accessed by Former Employee

• Elon Musk To Join Twitter’s Board Of Directors

• Apple Staff Unhappy At Return-To-Office Memo

• UK spy agencies sharing bulk personal data with foreign allies was legal

• A cyber attack forced the wind turbine manufacturer Nordex Group to shut down some of IT systems

• Malicious crypto miners can make a profit in a few hours

• 42% of developers push vulnerable code once per month

• Apple patched critical flaws in macOS Monterey but not in Big Sur nor Catalina

• U.S. Treasury Department Sanctions Russia-based Hydra Darknet Marketplace

• Germany police shut down Hydra Market dark web marketplace

• Singapore moots bill to slap banks with higher fines for security breach

• Prioritizing cybersecurity training during the onboarding process

• Digital transformation requires security intelligence

• People’s habits around personal and corporate data backup procedures

• 63% of organizations paid the ransom last year

• How often do developers push vulnerable code?

• Malicious actors targeting the cloud for cryptocurrency-mining activities

• Keeper Compliance Reports

• Report: U.S. Workers Worry About Cyberattacks

• How is the CISSP-ISSMP Exam Changing?

• Unpacking OMB’s federal strategy for implementing Zero Trust

• An In-Depth Look at ICS Vulnerabilities Part 3

• 2022-04-06 – Files for an ISC diary

• Internal auditors stepping up to become strategic advisors in the fight against fraud

• Automotive cybersecurity market to reach $5.1 billion by 2027

• Legacy systems still in use: making a cybersecurity case for modernisation

• Block admits former employee was behind Cash App US customer data breach

• Forescout Continuum Platform manages the risk posture of all network-connected assets

• Arcserve Backup 19 offers broad platform support and improved performance

• Imperva Data Security Fabric enables organizations to safeguard their sensitive data

• Three Years of Pay Parity: Lessons in Maintaining Equality

• US Justice Department shuts down Russian dark web marketplace Hydra

• Microsoft 365 Defender demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations

• Meet VIDL: Parraid’s New Affordable Emergency Response Com System

• Microsoft’s Response to CVE-2022-22965 Spring Framework

• PopID and Visa launch facial verification payments in the Middle East

• Microsoft Details New Security Features for Windows 11

• Blackline Safety acquires Swift Labs to expand its product development capacity

• Equinix acquires MainOne to accelerate digital transformation throughout the African continent

• SmartBear acquires Pactflow to ensure standardization for APIs and microservices

• Omnispace partners with Microsoft to enhance the performance and reach of mobile wireless networks

• Feds slay dark-web souk Hydra: Servers and $25m in crypto-coins seized

• Report: 33% of devs say data privacy is a big obstacle for the metaverse

• Miguel Traquina joins iProov as CIO

• Trulioo appoints Dawn Crew as CMO

• Liat Dvir joins Ermetic as Chief People Strategy Officer

• NetAbstraction hires Dustin Willis Webber as CSO

• Corsha raises $12 million to help security teams reduce the API attack surface

• Google Fights Dragnet Warrant for Users’ Search Histories Overseas While Continuing to Give Data to Police in the U.S.

• New Mexico positions itself as a quantum computing hub

• IBM launches AI-accelerated, ‘quantum-safe’ mainframe

• Developers Increasingly Prioritize Secure Coding

• Thales opens Cyber Security Operations Center in Morocco to strengthen its cybersecurity services

• Synopsys and Juniper Networks form a new company to provide silicon photonics platform

• L3Harris Technologies forms Agile Development Group to address near-peer threats

• Nutanix names Mandy Dhaliwal as CMO and Shyam Desirazu as Head of Engineering

• Obsidian Security appoints Xinran Wang as EVP of Engineering

• Navy CIO touts NGEN’s promise

• Inglis says he won’t ‘dictate’ cyber workforce policy

• Australia to develop a data security framework

• ‘Human Behavior’ Security Startup Nets $7M in Seed

• US State Department opens cybersecurity policy bureau

• IT Security News Daily Summary 2022-04-05

• Cold Wallets, Hot Wallets: The Basics of Storing Your Crypto Securely

• Smarter Homes & Gardens: Protecting the Smart Devices in Your Home

• Avast releases new features to stop phishing and online scams

• US State Department opens cyberspace policy bureau

• 5 quick tips for better Android phone security now (yes, it’s this easy)

• Security equipment rebates aim to boost community safety

• Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

• Lock Down & Level Up: Protect Your Online Gaming from Hackers

• We’re going on Tor

• Germany Shuts Down Darknet Platform Specializing in Drugs

• Germany Shuts Down Russian Darknet Marketplace Hydra

• Shutdown of Russia’s Hydra Market Disrupts a Crypto-Crime ATM

• How to Choose the Best Encryption Methods for Databases

• How to clear Google search cache on Android and why you should do it

• Randomizing the KUSER_SHARED_DATA Structure on Windows

• Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique

• Authorities Fully Behead Hydra Dark Marketplace

• March ransomware attacks strike finance, government targets

• How IP Data Can Help Security Professionals Protect Their Networks

• Mattress Company Hit by a Magecart Attack, Suffers Data Breach

• Biden Prolongs National Emergency Amid Increasing Cyber Threats

• Germany Shuts Down Russian Dark Web Market Hydra; Seizes $25M in BTC

• Online Fraud Up 233% During Pandemic

• Name That Edge Toon: In Deep Water

• Borat Expands RAT Capabilities

• Drone inspects subway tunnels after nearby building collapse

• How federal tax incentives would benefit public power utilities

• What We Can Learn From Lapsus$ Techniques

• New technique offers faster security for non-volatile memory tech

• GitHub tackles leaks by scanning for secrets in pushed code

• 15-Year-old Security Vulnerability In The PEAR PHP Repository Permits Supply Chain Attack

• Symantec: Chinese APT Group Targeting Global MSPs

• Firefox 99 is out – no major bugs, but update anyway!

• GitHub Advanced Security Now Scans For Secrets With Each Push

• FIN7 Hackers Evolve Operations With Ransomware, Novel Backdoor

• Zyxel Patches Critical Hijacking Vulnerability

• Hackers Hijacked Crypto Wallets With Stolen MailChimp Data

• Mandiant Shareholder Sues To Block $5.4B Google Deal

• On-Premises Servers Products are Here! Introducing the Applications and On-Premises Servers Bug Bounty Program

• Hackers in Dprk use Trojanized DeFi Wallet App to Steal Bitcoin

• Multi-GPU Systems are Vulnerable to Covert and Side Channel Assaults

• HOW CAN YOU WIN BIG IN VEGAS? – Global Achievement Awards Nominations Open Now

• Cyber threats increasingly target video games – The metaverse is next

• Formulating proper data destruction policies to reduce data breach risks

• 5 Industries that need advanced Cybersecurity measures

• Alphabet’s Wing To Begin Drone Delivery Service In US

• content filtering

• Tabs are coming to Windows 11’s File Explorer. But here’s what’s more interesting

• GitHub prevents leaks by scanning for secrets in pushed code

• Latest MITRE Endpoint Security Results Show Some Familiar Names on Top

• Armis Appoints Tom Gol as CTO for Research

• IBM z16 protects data and systems against current and future threats

• New security features for Windows 11 will help protect hybrid work

• Microsoft announces major new Windows 11 security features for 2022

• Ransomware Gang Leaks Files Stolen From Industrial Giant Parker Hannifin

• CashApp Says Ex-Employee Stole Customer Stock Trading Data

• 44 Vulnerabilities Patched in Android With April 2022 Security Updates

• Conti ransomware deployed in IcedID banking Trojan attack

• Google’s monthly Android updates patch numerous “get root” holes

• FIN7 Hackers Leveraging Password Reuse and Software Supply Chain Attacks

• Microsoft Faces EU Antitrust Questions Over Cloud Business – Report

• The Works has been forced to close some stores because of a cyber attack

• FIN7 hackers evolve operations with ransomware, novel backdoor

• Cooler heads needed in heated E2EE debate, says think tank

• API IAM Security Provider Corsha Raises $12 Million

• Anonymous targets the Russian Military and State Television and Radio propaganda

• Gain Insight into Database Security Vulnerabilities you Didn’t Know you Had

• Apple Neglects to Patch Two Zero-Day, Wild Vulnerabilities for macOS Big Sur, Catalina

• How to Prepare for Cyber Threats During the Russian Invasion of Ukraine

• FIN7 Morphs into a Broader, More Dangerous Cybercrime Group

• It’s 2022: Do You Know Where Your Sensitive Data Is?

• No-Joke Borat RAT Propagates Ransomware, DDoS

• US State Department Launches Cyberspace and Digital Diplomacy Bureau

• Find and $eek! Increased rewards for Google Nest & Fitbit devices

• CISA advises D-Link users to take vulnerable routers offline

• Spring4Shell added to CISA’s list of exploited vulnerabilities

• Corsha aims to develop solution to secure API communications

• These ten hacking groups have been targeting critical infrastructure and energy

• Spring4Shell flaw: Here’s why it matters, and what you should do about it

• Defenders Provided Tools and Information for Dealing With Spring4Shell

• Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload

• Brokenwire – A New Wireless Attack that Halts Charging System for Electric Vehicles

• Associate of (ISC)² Spotlight: Angel Sayani

• New Russian Android Malware Tracks GPS Location and Spies on Victims

• Yokogawa Patches Flaws Allowing Disruption, Manipulation of Physical Processes

• Airgap Networks Raises $13 Million for Ransomware Kill Switch

• Germany Shuts Down Russian Hydra Darknet Market; Seizes $25 Million in Bitcoin

• Nominations for 2022’s European Cybersecurity Blogger Awards NOW OPEN!

• Check Point + Armis Team Up to Protect Critical Vulnerabilities (TLStorm) Found in APC Smart-UPS Devices

• Singapore looks to drive maritime innovation, cybersecurity resilience

• Fake versions of real smartphone apps are being used to spread malware. Here’s how to stay safe

• GitHub now scans for secret leaks in developer workflows

• Germany Shuts Down Russian Hydra DarkNet Market; Seize $25 Million in Bitcoin

• CISA adds Spring4Shell flaw to its Known Exploited Vulnerabilities Catalog

• Hackers Using Fake Police Data Requests against Tech Companies

• The Works closes stores after cyber attack

• CISA adds Spring4Shell to list of exploited vulnerabilities

• 10 Best Lightest Gaming Mouse 2022 – For Heavy-Duty Gaming Experience

• Most Reliable Hosting Company Sites in March 2022

• From SolarWinds to Log4j: The global impact of today’s cybersecurity vulnerabilities

• Academics Devise Side-Channel Attack Targeting Multi-GPU Systems

• Wind Turbine Giant Nordex Shuts Down IT Systems in Response to Cyberattack

• Why Some CISOs Fail

• NFTs Are a Privacy and Security Nightmare

• Info-Stealing Malware Pushed Through WhatsApp Messages

• Twitter Shareholder Elon Musk Polls Users Over Edit Button

• 16% of organizations worldwide impacted by Spring4Shell Zero-day Vulnerability exploitation attempts since outbreak

• Palestinian Lawyer Sues Pegasus Spyware Maker in France

• Retailer The Works Closes Stores After Cyber-Attack

• Is API Security on Your Radar?

• Researchers Trace Widespread Espionage Attacks Back to Chinese ‘Cicada’ Hackers

• Fraudulent Crypto Exchange Thodex Faces 40,000-Year Sentences

• Nordex Cyber Incident Shuts IT Systems

• Crypto Customers Targeted in MailChimp Data Breach

• Beware of this Cadbury Easter Egg cyber fraud

• Ransomware attack on The Works stores of UK

• How can you tell if a shortened link is secure?

• Elon Musk Acquires 9 Percent Of Twitter

• Meta Relaxes Covid Booster Requirement For Staff

• Russia Threatens Wikipedia With Fines Over ‘False Information’

• US judge sentences men for $1.5 million Apple Gift Card scam

• Global APT Groups Use Ukraine War for Phishing Lures

• Russian Software Security And The Risk You Run

• Cyber Security Experts Insight On BORAT RAT

• WhatsApp ‘Voice Message’ Is an Info-Stealing Phishing Attack

• Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams

• New attack method could disrupt electric vehicle charging

• Log4Shell exploitation: Which applications may be targeted next?

• Threats Targeting UPS Units | Avast

• The Differences in How CASB vs. SSPM Secures SaaS Apps

• 49% of small medical practices lack a cyberattack response plan

• Identity fraud losses totaled $52 billion in 2021

• GitLab issues security updates; watch out for hard coded passwords

• CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability

• Testing, testing, testing: Why Red Teaming is a must for every CISO

• What you need to look out for when installing packages from public repositories

• Podcast Episode: Your Tax Dollars At Work

• Hybrid threat model: Watch out for the unhappy employee

• Utilizing biological algorithms to detect cyber attacks

• Bank had no firewall license, intrusion or phishing protection – guess the rest

• MailChimp breached, intruders conducted phishing attacks against crypto customers

• Traditional identity fraud losses soar, totalling $52 billion in 2021

• What Can Flexible Work Conditions Do for Cyber?

• What is undermining ML initiatives?

• 49% of small medical practices don’t have a cyberattack response plan

• Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of March 28, 2022

• Cloud identity access and management market to reach $13.6 billion by 2026

• How Does Cybersecurity Impact Environmental Services and Infrastructure?

• FortiOS 7.2 enables organizations to protect their hybrid networks

• WhiteSource releases free tool to detect and remediate Spring4Shell vulnerability

• F5 BIG-IP CNF solutions help customers accelerate and secure 5G deployment

• SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965

• Mailchimp: Crook stole cryptocurrency clients’ mailing-list subscriber info

• 2022-04-04 – Emotet E5 infecttion with spambot traffic

Generated on 2022-04-06 23:55:32.690232