IT Security News Daily Summary 2022-04-23

• [Video] Exploiting Windows RPC – CVE-2022-26809 Explained | Patch Analysis

• T-Mobile confirms Lapsus$ had access its systems

• Dangerous malware is up 86%: Here’s how AI can help

• Are you using Java 15/16/17 or 18 in production? Patch them now!

• To Reliably Govern Multi-Cloud Workloads, IT Leaders Demand Better Security Insights

• FBI Issues Warning as BlackCat Ransomware Targets More Than 60 Organizations Worldwide

• What Does Volunteering at (ISC)² Mean? Hear From Volunteer Lisa Vaughan

• Critical Chipset Flaws Enable Remote Spying on Millions of Android Devices

• Pwn2Own – Hackers earn $400K for 26 zero-day Exploits

• Veracode Named a Leader in the 2022 Gartner® Magic Quadrant™ for Application Security Testing for Ninth Consecutive Time

• BreachBits Announces BreachRisk, The New Standard in Cyber Risk Scoring

• SOC Prime Appoints Industry Veteran To Grow Worldwide Sales

• Gartner Announces Gartner Security & Risk Management Summit 2022

• What Do You Mean My Email Isn’t Free?

• Cyberattack Causes Chaos in Costa Rica Government Systems

• Phishing attacks using the topic “Azovstal” targets entities in Ukraine

• Now Mandiant says 2021 was a record year for exploited zero-day security bugs

• T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code

• Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability

• Cybersecurity threats to critical infrastructure – Week in security with Tony Anscombe

• D2iQ Kubernetes Platform enhancements accelerate mission-critical production deployments

• Amazon Aurora Serverless v2 removes the complexity of managing database capacity

• Neustar Security Service integrates with Terraform to help customers manage DNS strategy

• How to protect AI from cyberattacks – start with the data

• CertiK raises $60 million to address the growing demand for Web3 security

• Skyflow collaborates with Plaid to enhance fintech ecosystem security

• Many Medical Device Makers Skimp on Security Practices

• Conti ransomware claims responsibility for the attack on Costa Rica

• Top 8 Cyber Insurance Companies for 2022

• Cryptomining Overview for DevOps

• Cybersecurity for a More Sustainable Future

• Michigan, National Park Service to test mobility tech in local national parks

• Get ready for the metaverse

• Defense against the dark arts: CISOs prep for critical infrastructure attacks

• IT Security News Daily Summary 2022-04-22

• Unethical vulnerability disclosures ‘a disgrace to our field’

• An introduction to binary diffing for ethical hackers

• US DOJ probes Google’s $5.4b Mandiant acquisition

• Sophos Buys Alert-Monitoring Automation Vendor

• 5 reasons the U.S. could lose its quantum leadership

• Report: Facebook Posts Casting Doubt On Alleged War Crimes Shared 208,000 times In One Week

• FBI Warns Ransomware Attacks on Agriculture Co-ops Could Upend Food Supply Chain

• Neustar Security Services’ UltraDNS Integrates Terraform for Streamlined, Automated DNS Management

• Best backup software (2022)

• LemonDuck Cryptomining Botnet Hunting for Misconfigured Docker APIs

• GSA plans to publish zero trust playbooks

• AI is already learning from Russia’s war in Ukraine, DOD says

• Early Discovery of Pipedream Malware a Success Story for Industrial Security

• 12 Women in Cybersecurity Who Are Reshaping the Industry

• Report: Orgs spend 3,850 hours annually cleaning up email-based cyberattacks

• GSA plans to publish a zero trust playbooks

• Russian cyberattack could capitalize on election doubts

• China’s NFT Plans Are a Recipe for the Government’s Digital Control

• DISA is gearing up for the ‘technician of the future’

• FBI Releases IOCs Associated with BlackCat/ALPHV Ransomware

• Google Researchers: ‘Zero-Day’ Hacks Hit Record in 2021

• Cyware is Changing the Cybersecurity Landscape

• The push toward climate-friendly grid security and resilience

• Strike Security Scores Funding for ‘Perpetual Pentesting’ for SMBs

• FBI Releases IOCs Associated with BlackCat/ALPHV Ransomware

• ZingoStealer – A Potent Infostealer, CryptoStealer, And Malware Dropper

• Multi-Cluster Kubernetes Management and Access

• Wawa Sues Mastercard Over Data Breach Penalties

• Security software companies are going to be steady if we go into a recession, says ACME’s Hany Nada

• Hive ransomware affiliate zeros in on Exchange servers

• SuperCare Health Faces Lawsuits Over Data Breach

• YES Launches Free Cybersecurity Training Program

• CyberUSA, and Superus Careers Launch Cyber Career Exchange Platform

• PerimeterX Code Defender Extends Capability To Stop Supply Chain Attacks

• Forescout Enhances Continuum Platform With New OT Capabilities

• Contrast Security Introduces Cloud-Native Automation

• Bitdefender Enhances Premium VPN Service With New Privacy Protection Technologies

• Microsoft announces new collaboration with Red Button for attack simulation testing

• In 2021, the UK Government was Plagued by Hundreds of Spam Emails

• Nigeria blocks 73 million mobile numbers for security reasons

• When Attacks Surge, Turn to Data to Strengthen Detection and Response

• QNAP warns of new bugs in its Network Attached Storage devices

• Bolstering Security Standards: How A Consolidated IT Infrastructure Can Arm Businesses Against Cyber-Criminals

• Government Cloud On-Ramping

• Cyber Insurance and the Changing Global Risk Environment

• Proactive 5G Cybersecurity Strategy Enables Sustainable Growth

• New FedRAMP Authorization Secures IoT Devices for Federal Agencies

• MS Exchange Servers Found Deploying Hive Ransomware

• 5 Cybersecurity Trends and Mitigation Strategies for CISOs

• Musk In Talks With Thoma Bravo Over Joint Twitter Bid – Report

• Creating Cyberattack Resilience in Modern Education Environments

• A stored XSS flaw in RainLoop allows stealing users’ emails

• Water Wars: AUKUS Goes Hypersonic

• Apple To Scan Children Messages In UK For Nudity

• XSS Prevention Cheatsheet

• Motorola Launches Cyber Threat Information Sharing Hub for Public Safety

• How Companies Can Protect the Country from Acts Of Cyberwarfare

• Is Microsoft really going to cut off security updates for my “unsupported” Windows 11 PC? [Ask ZDNet]

• Ransomware attacks are hitting universities hard, and they are feeling the pressure

• Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code

• Several Critical Vulnerabilities Affect SmartPPT, SmartICS Industrial Products

• Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries

• International Intelligence Agency Warns Of Russian Cyber Attacks

• Android security: Flaw in an audio codec left two-thirds of smartphones at risk of snooping, say researchers

• Zero-Trust For All: A Practical Guide

• Researcher Releases PoC for Recent Java Cryptographic Vulnerability

• QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS

• Toshiba Says It Will Seek Buyout Offers

• GitLab vs GitHub: Which is right for you?

• Skeletons in the Closet: Security 101 Takes a Backseat to 0-days

• Audio Codec Made by Apple Introduced Serious Vulnerabilities in Millions of Android Phones

• VMware’s Head of Cybersecurity Strategy Discusses Modern Bank Heists

• Unpatched Vulnerability Allows Hackers to Steal Emails of RainLoop Users

• Infosecurity Europe Announces Live Training Courses for this Year’s Event

• A $3 Billion Silk Road Seizure Will Erase Ross Ulbricht’s Debt

• 7 Ransomware Protection Tips to Help You Secure Data in 2022

• LemonDuck botnet plunders Docker cloud instances in cryptocurrency crime wave

• The new Elastic CEO puts cloud front and center

• North Korea funding nuclear program with cyber campaigns

• FBI warns US farmers of ransomware attacks

• Issue in digital COVID-19 test could have allowed individuals to falsify results

• Microsoft Defender’s protective capabilities suffer offline

• FBI Warns US Farmers of Ransomware Surge

• State Actors Drive Record Number of Zero-Day Exploits in 2021

• Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud

• Remote Work Makes it More Important Than Ever to Trust Zero Trust

• Building the CASE for the Vehicle Security Operations Center

• Crypto-Mining Botnet Goes After Misconfigured Docker APIs

• Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

• Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

• Cisco Releases Security Updates for Multiple Products

• Drupal Releases Security Updates

• Hive Ransomware Affiliate Attacking Microsoft Exchange Servers vulnerable to ProxyShell Flaw

• QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities

• Pwn2Own Miami hacking contest awarded $400,000 for 26 unique ICS exploits

• New infosec products of the week: April 22, 2022

• Quantum Cybersecurity: Addressing the Boogeyman in the Room

• JekyllBot:5 Threatens Hospital Robots | Avast

• Weekly Update 292

• Lemon_Duck cryptomining botnet targets Docker servers

• 4 Tips To Boost Your Security Posture

• REvil resurrected? Ransomware crew appears to be back. Keyword: Appears

• FBI issues ransomware alert to the agriculture sector in the United States

• Netflix bans password sharing to cut misuse

• Cisco Releases Security Patches for TelePresence, RoomOS and Umbrella VA

• The Great Resignation meets the Great Exfiltration: How to securely offboard security personnel

• How to improve the efficiency of enterprise backup

• IvySys Technologies Awarded the DoD’s Joint Artificial Intelligence Center’s (JAIC) Data Readiness for Artificial Intelligence (DRAID) Basic Ordering Agreement

• Ciphertex Data Security® Shows Film and TV Industry How To Protect Against Data Piracy At NAB Show In Las Vegas

• Code42 Named a Representative Vendor in 2022 Gartner® Market Guide for Insider Risk Management Solutions Report

• SECURE London stokes debate on the future of the cybersecurity workforce

• Earth Day 2022: Why the Financial Services Sector Should Invest in ESG Initiatives Now

• New threat groups and malware families emerging

• Backup is key for cyber recovery

• PCI DSS 4.0: Meeting the evolving security needs of the payments industry

• Why Broadcom Software is Optimistic About Global Standards in Cyber Security

• What is a VPN and what does data logging by a VPN means?

• Critical infrastructure: Under cyberattack for longer than you might think

• Vicarius Nmap Scan Analysis helps security professionals identify high risk assets

• Marqeta RiskControl protects customers against fraudulent transactions

• ForgeRock Authenticator App reduces the number of steps users must take to authenticate

• Avast USB Protection safeguards company data from unauthorized removable storage devices

• AttackIQ and Vectra join forces to help customers optimize their security control effectiveness

• Teradici and HP announce a solution for secure access to digital workspaces

• Bonifii and Entersekt provide context-aware biometric authentication technology for credit unions

Generated on 2022-04-23 23:55:23.522773