IT Security News Daily Summary 2022-05-25

• Graduation dashboard shows how education spending pays off

• Visualizing vulnerability: County maps show areas of greatest need

• App eases public transit for blind riders

• $756M still left in TMF

• Nava looks to APIs to standardize federated benefits programs

• Hearing examines human side of telecom bills

• When self-driving cars crash, who’s responsible? Courts and insurers need to know what’s inside the ‘black box’

• Forescout Launches Forescout Frontline to Help Organizations Tackle Ransomware and Real Time Threats

• Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)

• Interpol’s Massive ‘Operation Delilah’ Nabs BEC Bigwig

• Is Your Data Security Living on the Edge?

• Amazon Drivers Risk Increasing Number Of Injuries

• Seven Tips for Protecting Your Internet-Connected Healthcare Devices

• Advancing our Secure Home Platform with DNS over HTTPS

• Corelight Announces New SaaS Platform for Threat Hunting

• Qualys to Unveil VMDR 2.0 at Qualys Security Conference in San Francisco

• Mastercard Launches Cybersecurity “Experience Centre”

• JFrog Launches Project Pyrsia to Help Prevent Software Supply Chain Attacks

• Is Your Email Security Built to Withstand Determined Intruders?

• Federal call center workers strike over pay, healthcare costs

• Brexit Leak Site Linked to Russian Hackers

• Meet the 10 Finalists in the RSA Conference Innovation Sandbox

• Vishing Attacks Reach All Time High, According to Latest Agari and PhishLabs Report

• Cybersecurity-Focused SYN Ventures Closes $300 Million Fund II

• Eerie GoodWill ransomware forces victims to publish videos of good deeds on social media

• The state of the GDPR in 2022: why so many orgs are still struggling

• Internationa police operation led to the arrest of the SilverTerrier gang leader

• The State of Identity at Work: What IT Leaders Need to Know

• WhiteSource, now Mend, unveils automated remediation to reduce app security burden

• DuckDuckGo Allows Microsoft Trackers Despite No Tracking Policy – Researcher

• IDS & IPS Remain Important Even as Other Tools Add IDPS Features

• Bad Bots and the Commoditization of Online Fraud

• MSSP’s Mitigation Responsibilities Against Ransomware

• Agencies lack data on ransomware payments

• OT Remote Access Firm Xona Raises $7.2 Million in Series A Funding

• Prepare for deepfake phishing attacks in the enterprise

• Verizon DBIR: Stolen credentials led to nearly 50% of attacks

• How Policymakers Can Build a Better Doomsday Clock

• Expert Comment: CISA Adds 41 Vulnerabilities To Catalogue Of Exploited Flaws

• Developers targeted by poisoned Python library

• CLOP Ransomware Activity Spiked in April

• Spring Cleaning Checklist for Keeping Your Devices Safe at Work

• Platform Liability Trends Around the Globe: Taxonomy and Tools of Intermediary Liability

• HOT CYBERSECURITY TECHNOLOGIES

• Veteran Cybersecurity Expert, Michael Orozco Joins MorganFranklin Consulting

• Suspicious behavior: OTX Indicator of Compromise – Detection & response

• What to look for in a vCISO as a service

• Nokia CEO Predicts 2030 Arrival For 6G, But Not On Smartphone

• Biden administration official offers tips for tapping broadband funds

• Organizations Urged to Fix 41 Vulnerabilities Added to CISA’s Catalog of Exploited Flaws

• CISA Adds 34 Known Exploited Vulnerabilities to Catalog

• Google Releases Security Updates for Chrome

• How Cisco Duo Is Simplifying Secure Access for Organizations Around the World

• Secure communication with light particles

• Eerie GoodWill ransomware forces victims to publish videos of “good” deeds on social media

• In record year for vulnerabilities, Microsoft actually had fewer

• Complete Guide to Keylogging in Linux: Part 1

• CISA Adds 34 Known Exploited Vulnerabilities to Catalog

• Google Releases Security Updates for Chrome

• The Verizon 2022 DBIR

• Massive increase in XorDDoS Linux malware in last six months

• Vehicle owner data exposed in GM credential stuffing attack

• PayPal Bug Enables Attackers to Exfiltrate Cash from Users’ Account

• Protecting Consumer IoT Devices from Cyberattacks

• Ransomware Attack disrupts airlines services of Spice Jet

• How to Find a Vulnerability in a Website

• Alleged Cybercrime Ringleader Arrested in Nigeria

• Manipulating Machine-Learning Systems through the Order of the Training Data

• Part 1: Historic To 2022 – The Threat Of Malevolence

• Mark Zuckerberg Sued By DC AG Over Cambridge Analytica Scandal

• Tidelift Raises $27 Million to Tackle Open Source Supply Chain Security

• Tapping Neurodiverse Candidates Can Address Cybersecurity Skills Shortage

• Webinar Today: Missing Links for Managing OT Cyber Risk

• USB Devices Redux

• Microsoft Warned That Hackers Are Using More Advanced Techniques to Steal Credit Card Data

• How license plate scanners challenge our data privacy

• Data on ransomware attacks is ‘fragmented and incomplete’ warns Senate report

• 5 reasons why GDPR was a milestone for data protection

• Interpol Arrest Leader of SilverTerrier Cybercrime Gang Behind BEC Attacks

• When Do We Call Russia’s Atrocities a Genocide?

• Supply Chain Risk Management (SCRM) Explained

• 8 things you need to know about cloud-native applications

• Multiple Vulnerabilities In Facebook Could Allow Account Takeover

• Top 5 Benefits of Office 365 Advanced Threat Protection

• Web scraping: What is it and why is it needed?

• How to develop competency in cyber threat intelligence capabilities

• WhiteSource Becomes Mend, Adds Automatic Code Remediation

• Industry 4.0 Points Up Need for Improved Security for Manufacturers

• Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room

• Top 6 Awwwards Websites and Tools They Are Built With

• New Linux-Based Ransomware ‘Cheerscrypt’ Targets EXSi Devices

• Samsung To Create 80,000 New Jobs, Plans $356 Billion Investment

• Pro-Iran Group ALtahrea Hits Port of London Website by DDoS Attack

• Microsoft research reveals the changing face of skimming campaigns

• AMD unveils Epyc confidential computing on Google cloud

• Report: Average time to detect and contain a breach is 287 days

• Verizon Report: Ransomware, Human Error Among Top Security Risks

• Zoom Patches ‘Zero-Click’ RCE Bug

• Link Found Connecting Chaos, Onyx and Yashma Ransomware

• Is REvil having a resurgence, or is there a copycat hacking group?

• Chrome 102 Patches 32 Vulnerabilities

• Notorious Vietnamese Hacker Turns Government Cyber Agent

• Two Cybersecurity Companies Offering Free Risk Assessments

• UK Government Cybersecurity Advisory Board Applications Now Open

• Messages Sent Through Zoom Can Expose People to Cyber-Attack

• DBIR Makes a Case for Passwordless

• ‘Tough to Forge’ Digital Driver’s Licenses Are—Yep—Easy to Forge

• Learn How Hackers Can Hijack Your Online Accounts Even Before You Create Them

• How Secrets Lurking in Source Code Lead to Major Breaches

• Revisiting the Session: The Potential for Shared Signals

• Chaining Zoom bugs is possible to hack users in a chat by sending them a message

• Zoom Patches XMPP Vulnerability Chain That Could Lead To Remote Code Execution

• Quad Nations Pledge Deeper Collaboration On Infosec And More

• Beijing Needs The Ability To Destroy Starlink, Say Chinese Researchers

• Web App Attacks On The Rise In Healthcare

• 2022 Verizon Data Breach Investigations Report, Cyber Security Experts Reactions

• SpiceJet Suffers Ransomware Attack

• More and More Companies Are Getting Hit with Ransomware [2021-2022]

• How the Saitama backdoor uses DNS tunnelling

• Beijing needs the ability to ‘destroy’ Starlink, say Chinese researchers

• (ISC)2 Supports Members with Thoughtful Response to SEC Proposed Rule on Cybersecurity Reporting

• Cybersecurity for banks – How Global Banks enable the secure remote workforce

• Google Discloses Details of Zoom Zero-Click Remote Code Execution Exploit

• GoodWill Ransomware Demands People Help the Most Vulnerable

• EUS Car Giant General Motors Hit By Credential Stuffing Attack

• Privacy focused browser allows Microsoft trackers

• Update now! Multiple vulnerabilities patched in Google Chrome

• Silicon UK In Focus Podcast: The Future of SaaS

• Global Digital Tax Law Not Ready Until 2024, Says OECD

• Trend Micro Patches Vulnerability Exploited by Chinese Cyberspies

• [Template] Incident Response for Management Presentation

• Researchers Find New Malware Attacks Targeting Russian Government Entities

• What’s wrong with automotive mobile apps?

• US government lacks ransomware data

• Ethical AI – How is AI Redefining the Insurance Industry?

• Cybersecurity’s New Frontier: Space

• Hacking The Cybersecurity Field: How To Get Into Cyber As A Young Adult

• Small Businesses Remain Vulnerable, With Rising Cyberattacks

• Running to the Cloud: Why Enterprise Companies Need a Cloud-based Payroll

• 68% of Legal Sector Data Breaches Caused by Insider Threats

• Proton Is Trying to Become Google—Without Your Data

• Verizon 2022 DBIR: External attacks and ransomware reign

• Goodbye cookies, hello digital fingerprints

• Spain Approves $13.1bn To Attract Chip Sector Investment

• SpiceJet Suffered a Ransomware Attack

• CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

• How CISOs are adjusting in the wake of two years of pandemic disruption

• What is threat hunting?

• Quad nations pledge deeper collaboration on infosec, data-sharing, and more

• 7 ways to protect your network from wardriving attacks

• About half of popular websites tested found vulnerable to account pre-hijacking

• Indian stock markets given ten day deadline to file infosec report, secure board signoff

• Over 380 000 Kubernetes API Servers are Exposed to a Range of Attacks

• Oracle bolsters its Cloud Security capabilities

• IBM takes initiative to improve Ransomware Protection in Public Schools

• Detecting and Responding to a Ransomware Attack

• Threat Intelligence: The Key to Higher Security Operation Performance

• New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message

• Where is attack surface management headed?

• How to navigate GDPR complexity

• ISACA Helps Enterprises Navigate China’s Personal Information Protection Law in New Resource

• How to counter smart home device breaches

• How to Prevent Burnout Among Cybersecurity Professionals Before, During and After a Breach

• Building trust in a Zero-Trust security environment

• Stories from the SOC – Command and Control

• Elevation of Privilege is the #1 Microsoft vulnerability category

• Can we trust the cybersecurity of the energy sector?

• How Can OEMs Reduce Their Risk of Cyberattacks?

• Keeping pace with emerging threats: The roundup

• HYAS Confront uncovers anomalies hiding in the production network

• Zoom patches XMPP vulnerability chain that could lead to remote code execution

• XM Cyber announces new capability to detect exposures in Microsoft Active Directory

• Zilla Universal Sync allows enterprises to integrate any cloud platform or application without security API support

• PIXM Mobile provides real-time protection from phishing attacks on mobile devices

• FortiNDR identifies cyberattacks based on anomalous network activity and limits threat exposure

• Forescout Frontline helps organizations tackle ransomware and real time threats

• F5 NGINX for Microsoft Azure enables enterprises to extend workloads to the cloud

• Oracle expands cloud security capabilities to help customers protect their applications and data

• Censornet introduces integrated IDaaS to enhance context-based security

• SafeGuard Cyber adds email protection for Microsoft 365 to defend customers against sophisticated attacks

• Thales Cinterion MV32 modem card enables manufacturers to build high-performance 5G devices

• Astadia FastTrack Factory accelerates mainframe migration projects for enterprises

• Wendy’s – 52,485 breached accounts

• Broadcom Software Shows How the Cyber Defence Centre Will Help in 2022

• Predator spyware sold with Chrome, Android zero-day exploits to monitor targets

• NightDragon partners with Coalfire to accelerate portfolio compliance and cybersecurity readiness

• Arcanna.ai collaborates with MNEMO to drive security operations using AI/ML

• Poisoned Python and PHP packages purloin passwords for AWS access

• Tidelift raises $27 million to improve open source software supply chain security

• Clearwater acquires CynergisTek to address growing cybersecurity and compliance needs

• T-Mobile and Ericsson join forces to bring 5G network solutions to enterprises

• ‘There’s No Ceiling’: Ransomware’s Alarming Growth Signals a New Era, Verizon DBIR Finds

• LambdaTest hires Maneesh Sharma as COO

• John Vecchi joins Phosphorus Cybersecurity as CMO

• PKWARE promotes Matt Zomboracz to CFO

• NYC rips out last pay phones

• IBM amnnounces multi-million dollar in-kind grants to help schools fight off cyberattacks

• Tanium’s free risk assessment provides customers with a complete view of their risk posture

• CoreStack appoints Robert Ford as VP of Enterprise Strategy

• Kellie Snyder joins Onapsis as Chief Customer Officer

• The Navy has saved $150 million by consolidating IT systems, official says

• Microsoft Elevation-of-Privilege Vulnerabilities Spiked Again in 2021

• Patch now: Zoom chat messages can infect PCs, Macs, phones with malware

• IT Security News Daily Summary 2022-05-24

• Is it really technology that makes a city smart?

• MFA technology is rapidly evolving — are mandates next?

• New Attack Shows Weaponized PDF Files Remain a Threat

• Get More from Your Cybersecurity Spend When Inflation Rates Climb

• Netskope releases new data loss prevention solution

• DeFi Is Getting Pummeled by Cybercriminals

• OneTrust releases ‘first’ trust intelligence platform for compliance

• 142 Million MGM Resorts Records Leaked on Telegram for Free Download

• New Connecticut Privacy Law Makes Path to Compliance More Complex

• Emulating impossible ‘unipolar’ laser pulses paves the way for processing quantum information

• Voice phishing attacks reach all-time high

• As remote work persists, cities struggle to adapt

• Video: Fireside Chat With Shane Huntley, Director at Google’s Threat Analysis Group

• XM Cyber Adds New Security Capability for Microsoft Active Directory

• Trend Micro addressed a flaw exploited by China-linked Moshen Dragon APT

• DOD to debut virtual desktops for certain highly classified programs

• Strong Password Policy Isn’t Enough, Study Shows

• Safeguarding Android Users From Zero-Day Attacks

• Bad Bot Traffic is Significantly Contributing to Rise of Online Scam

• PDF Smuggles Microsoft Word Doc to Deliever Snake Keylogger Malware

• Swagger UI Library Vulnerability Potentially Affects Multiple Services

• 2022-05-23 – IcedID infection with DarkVNC traffic

• This crafty tool can eavesdrop on 6G wireless signals

• Zuckerberg Sued By DC Attorney General Over Cambridge Analytica Data Scandal

• GDPR Anniversary, Expert Insight On What Lead To GDPR Fines

• Chicago Public Schools Data Breach – Expert Comments

• Facial Recognition Company Clearview Ai Fined £7.5m For Illegally Using Images Of Brits Scraped From Online

• The 8 Design Principles Of A Zero Trust Network

• Why do hackers keep coming back to attack you? Because they can

• Organizations are More Susceptible to Known Vulnerabilities in Comparison to Zero-Day Flaw

• Ransomware Attacks Increasing at “Alarming” Rate

• Senate Report: US Government Lacks Comprehensive Data on Ransomware

• New Statistics Confirm the Continuing Decline in the Use of National Surveillance Authorities

• Opportunity to Reform the Department of Homeland Security’s Biodefense Operations and Governance

• CCSP Exam – Many Changes on the Way!

• Morse Code: How did it change communication?

• How DNS filtering can help protect your business from Cybersecurity threats

• Cybersecurity and resilience: board-level issues

• Facebook opens political ad data vaults to researchers

• Netskope Expands Data Protection Capabilities to Endpoint Devices and Private Apps

• How to Develop Machine Learning Skills for Every Employee in Your Company

• Cyber Attack on General Motors exposes customer details

• Personal Data of Tens of Millions of Russians and Ukrainians Exposed Online

• How to create a Docker secret and use it to deploy a service

• Crypto Hacks Aren’t a Niche Concern; They Impact Wider Society

• Nisos Announces $15 Million in Series B Funding Round

• CISA Adds 20 Known Exploited Vulnerabilities to Catalog

• Popular PyPI Package ‘ctx’ and PHP Library ‘phpass’ Hijacked to Steal AWS Keys

• PyPI Served Malicious Version of Popular ‘Ctx’ Python Package

• CISA Adds 20 Known Exploited Vulnerabilities to Catalog

• These are the flaws that let hackers attack blockchain and DeFi projects

• Semperis Banks $200 Million to Scale Enterprise ID Protection Tech

• What Is Ping of Death?

• Instagram verification services: What are the dangers?

• A favorite of cybercriminals and nation states, ransomware incidents increase again

• LimaCharlie Banks $5.45 Million in Seed Funding

• Red Access Raises $6 Million for Secure Browsing Tech

• BNP Paribas Joins JP Morgan Blockchain Trading Network

• How to Analyze Phishing Email Files

• Cybersecurity Tips for a Safer Vacation

• Fronton IOT Botnet Packs Disinformation Punch

• Account pre-hijacking attacks possible on many online services

• Tidelift raises $27M to secure open-source supply chain

• Hackers Can ‘Pre-Hijack’ Online Accounts Before They Are Created by Users

• Microsoft warns of new highly evasive web skimming campaigns

• The Incredible Shrinking FISA: CY 2021 Statistics Confirm the Continuing Decline in the Use of National Surveillance Authorities

• Introducing Autocomplete for VirusTotal Intelligence queries

• SEC Held Off Elon Musk Enforcement ‘Due To Court Fears’

• General Motors suffers credential stuffing attack

• New Chaos Ransomware Builder Variant “Yashma” Discovered in the Wild

• SIM-based Authentication Aims to Transform Device Binding Security to End Phishing

• Anonymous Declares Cyber-War On Pro-Russian Hacker Gang Killnet

• GDPR Anniversay, Expert Insight On What Lead To GDPR Fines

• Tidelift raises $27M to secure open source supply chain

• Snap Earnings Warning Triggers Tech Sell-Off

• Microsoft: Credit card skimmers are switching techniques to hide their attacks

• Cabinet Office Reports 800 Missing Electronic Devices in Three Years

• Open Source Intelligence May Be Changing Old-School War

• Malware Analysis: Trickbot

• The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking

• The Fault in Our kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters

• Russian Operator Discounts Smartphones As Sanctions Bite

• Twisted Panda: Chinese APT Launch Spy Operation Against Russian Defence Institutes

• Cybersecurity Community Warned of Fake PoC Exploits Delivering Malware

• Conti Ransomware Operation Shut Down After Splitting into Smaller Groups

• RansomHouse: Bug bounty hunters gone rogue?

• China lashes out at US-led Asia-Pacific trade framework

• This era of big tech exceptionalism has got to end: Australian eSafety Commissioner

• IBM is helping these schools build up their ransomware defenses

• SolarWinds: Here’s how we’re building everything around this new cybersecurity strategy

• Conti Ransomware Gang Shut Down After Splitting into Smaller Groups

• Cyberattack on General Motors exposes customer data

• It’s 2022 and there are still malware-laden PDFs in emails exploiting bugs from 2017

• Clearview AI Fined £7.5m Over Facial Recognition Data

• US Car Giant General Motors Hit by Cyber-Attack Exposing Car Owners’ Personal Info

• Microsoft Warns of Web Skimmers Mimicking Google Analytics and Meta Pixel Code

• Clearview AI fined £7.5m for harvesting data

• GM Credential Stuffing Attack Reveals Automobile Owners’ Details

• This Malware-spreading PDF Uses a Clever File Name to Fool the Unsuspecting Victims

• Zero-day vulnerabilities in Chrome and Android exploited by commercial spyware

• ICO Fines Clearview AI £7.5m for Collecting UK Citizens’ Data

• The Surveillance State Is Primed for Criminalized Abortion

• Nation-state malware could become a commodity on dark web soon, Interpol warns

• Pre-hijacking Attacks of user accounts are on the rise

• Airbnb To Pull Out Of China Amidst ‘Pandemic Challenges’

• Unknown APT group has targeted Russia repeatedly since Ukraine invasion

• Crypto Investor Arrested After Visiting Home Of TerraUSD Founder

• Since organizations apply more compliance programs, proper planning is essential

• Paying ransom doesn’t guarantee data recovery

• Tips to defeat social engineering attacks

• Can digital identity help with the world refugee crisis?

• Podcast Episode: Securing the Vote

• Beware of New Campaign that Delivers Sophisticated Malware Through PDF Files

• Taking the right approach to data extortion

• SirHurt – 90,655 breached accounts

• Russia-linked Turla APT targets Austria, Estonia, and NATO platform

• What does prioritizing cybersecurity at the leadership level entail?

• (ISC)² Advocates for Membership – Shares Opinions on Proposed UK Standards and Pathway

• Stories from the SOC – Persistent malware

• Cyber Attack news headlines trending on Google

• Conti Ransomware to shut down and come rebranded into multiple groups

• Biden launches Indo-Pacific economic framework to counter China

• Vishing cases reach all time high

• How Secure is the Bitcoin Blockchain?

• Key findings from the DBIR: The most common paths to enterprise estates

• Verizon DBIR: Ransomware dominated threat landscape in 2021

• Paying the ransom is not a good recovery strategy

• Fanpass – 112,251 breached accounts

• How confident are CISOs about their security posture?

• CyberCube increases analytical flexibility with Portfolio Manager v4.0

• Why it’s hard to sanction ransomware groups

• Broadcom’s play to acquire VMware could strengthen its enterprise focus

• Fake Windows exploits target infosec community with Cobalt Strike

• UK privacy watchdog fines Clearview AI £7.5m and orders UK data to be deleted

• DC Sues Zuckerberg Over Cambridge Analytica Privacy Breach

• Eseye Infinity empowers customers to scale and evolve their IoT deployment

• Kingston Digital releases external SSD with touch-screen and hardware-encryption

• UK Businesses ‘Falling Behind Europe’ On AI Adoption

• Screencastify fixes bug that would have let rogue websites spy on webcams

• Noname Security partners with BlueFort Security to offer proactive API security

• YouAttest collaborates with JumpCloud to give users access reviews for identity governance

Generated on 2022-05-25 23:55:35.436248