IT Security News Daily Summary 2022-05-27

• Zoom Flaws Can Be Exploited By Hackers by Sending Specially Crafted Messages

• Space Force Expands Cyber Defense Operations

• Exposed Kubernetes Clusters, Kubelet Ports Can Be Abused in Cyberattacks

• Massachusetts’ Highest Court Upholds Cell Tower Dump Warrant

• This Mental Health Awareness Month, take care of your cybersecurity staff

• DevSecOps glossary: 24 terms security professionals need to know

• New Open-source Security Initiative Aimed at Supply Chain Attacks

• From ITops to NoOps: Automox CEO on why organizations need to rethink the concept of automation

• DevSecOps glossary: 24 terms for security professionals

• Defense against file-based malware

• New York to battle senior loneliness with robot companions

• DevSecOps glossary: Important terms for security professionals

• Cloud security unicorn cuts 20% of staff after raising $1.3b

• What are the security risks of open sourcing the Twitter algorithm?

• Talos names eight deadly sins in widely used industrial software

• Exploitation of VMware Vulnerability Imminent Following Release of PoC

• Microsoft Finds Major Security Flaws in Pre-Installed Android Apps

• CISA Publishes 5G Security Evaluation Process Plan

• Scammer Behind $568M International Cybercrime Syndicate Gets 4 Years

• The Effects of Digital Transnational Repression and the Responsibility of Host States

• Patent Troll Uses Ridiculous “People Finder” Patent to Sue Small Dating Companies

• Roadside objects can trick driverless cars

• New Chaos Malware Variant Ditches Wiper for Encryption

• Personal Data of More than 142 million MGM Hotel Customers Leaked on Telegram

• Millions of Loan Applicant’s Data is Leaked via an Anonymous Server

• Members Worldwide Gather at 55th General Meeting of the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) in London to Address Current and Emerging Issues in Messaging, Malware and Cybersecurity

• Microsoft is rolling out these security settings to protect millions of accounts. Here’s what’s changing

• 12 most in-demand cybersecurity jobs in 2022

• Twitter to Pay $150m Fine to Resolve Data Privacy Violations

• Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel

• Android apps with millions of downloads exposed to high-severity vulnerabilities

• UK populace should know about Ofgem Phishing Attacks

• Russian Hackers Believed to Be Behind Leak of Hard Brexit Plans

• ChromeLoader Malware Hijacks Browsers With ISO Files

• Nearly 100,000 NPM Users’ Credentials Stolen in GitHub OAuth Breach

• Malware Uses PowerShell To Inject Malicious Extension Into Chrome

• GitHub Saved Plaintext Passwords Of npm Users In Log Files, Post Mortem Reveals

• Critical Flaws In Popular ICS Platform Can Trigger RCE

• Surveillance Tech Didn’t Stop The Uvalde Massacre

• Companies need to get rid of legacy security systems, says Zscaler CEO Jay Chaudhry

• Hottest cybersecurity jobs

• How Secure Is Video Conferencing?

• CISA adds 75 actively exploited bugs to its must-patch list in just a week

• GhostTouch: how to remotely control touchscreens with EMI

• Join Our #BetheResource Challenge

• AI and machine learning are improving weather forecasts, but they won’t replace human experts

• ‘Psychological and Emotional War’: The Effects of Digital Transnational Repression and the Responsibility of Host States

• Microsoft Executive Indicates Departmental Hiring Slowdown

• Physical Security Teams’ Impact Is Far-Reaching

• Toward error-free quantum computing

• There are systems ‘guarding’ your data in cyberspace – but who is guarding the guards?

• Critical Microsoft vulnerabilities decreased 47% in 2021

• The Myths of Ransomware Attacks and How To Mitigate Risk

• FBI: Compromised US academic credentials available on various cybercrime forums

• Threat Hunting Journal May 2022 Edition

• Shareholders Sue Twitter, Elon Musk For Stock ‘Manipulation’

• Ownership Of The API Security Lifecycle

• Microsoft is rolling out these security settings to protect millions of accounts. Here’s what’s changing

• What Do Those Pesky ‘Cookie Preferences’ Pop-Ups Really Mean?

• Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely

• What & Who You Know: How to get a job in cybersecurity with no experience

• Black Hat Asia 2022 Continued: Cisco Secure Integrations

• Zyxel Issued a Security Warning

• Twitter fined $150M after using 2FA phone numbers for marketing

• GitHub saved plaintext passwords of npm users in log files, post mortem reveals

• Programming languages: How Google is improving C++ memory safety

• S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]

• Survey Evidences Leaders Lack Confidence in Cyber-Risk Management

• UK Government Seeks Views to Bolster the Nation’s Data Security

• Google Announces New Chrome and Chrome OS Security Features for Enterprises

• FBI: Higher Education Credentials Sold on Cybercrime Forums

• Taking the Danger Out of IT/OT Convergence

• Firefox, Thunderbird, receive patches for critical security issues

• This Windows malware uses PowerShell to inject malicious extension into Chrome

• The IaC Showdown: Terraform vs. Ansible

• Trofi Security Defends U.S. Memorial Museum’s Priceless Assets with Check Point

• Critical Flaws in Popular ICS Platform Can Trigger RCE

• Hundreds Stranded After Ransomware Attack on Indian Airline

• Google Faces Second UK Probe Over Ad Practices

• Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller, and Firewall Devices

• Drones And the Battlefield

• Privileged Access Management as a Key Technology for Critical Environments

• NCSC Report Reveals Phishing Lures Increasingly Disguised as Vaccine Appointments

• ERMAC 2.0 Android Banking Trojan targets over 400 apps

• Ed tech illegally tracked school children during pandemic

• Oil and gas companies take cyber resilience pledge

• TSP preps for its transition to a new service provider

• IT threat evolution in Q1 2022. Non-mobile statistics

• IT threat evolution Q1 2022

• IT threat evolution in Q1 2022. Mobile statistics

• Let’s play everyone’s favorite game: REvil? Or Not REvil?

• Pre-Hijacking Attacks on Social Media Accounts | Avast

• Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller and Firewall Devices

• Singapore touts need for AI transparency in launch of test toolkit

• Ransomware news headlines trending on Google

• Twitter to pay $150m penalty for user data protection failure

• NRO finalizes imagery contract worth ‘billions of dollars’

• Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

• Ed tech wrongfully tracked school children during pandemic: Human Rights Watch

• ESET Research Podcast: UEFI in crosshairs of ESPecter bootkit

• Popular Python and PHP LIbraries Hijacked to Steal AWS Keys

• HHS establishes Advanced Research Projects Agency for Health

• New infosec products of the week: May 27, 2022

• SentinelOne Global Culture Named To Leading Workplaces Lists

• MDT Credit Unions Live with DeepTarget Integration into Jack Henry’s Banno Digital Platform

• Security Compass Releases Report: 2022 Application Security in the Mid-Market

• SCYTHE Names Webster as Director of Federal Research & Development

• OT Network Defenders Experience SynSaber’s ICS Visibility & Detection Software at RSAC

• Meta updates privacy policy with more detail about what data it collects

• How to eliminate the weak link in public cloud-based multi-party computation

• What is keeping automotive software developers up at night?

• China offering ten nations help to run their cyber-defenses and networks

• 80% of consumers prefer ID verification when selecting online brands

• Sungard AS Cyber Incident Recovery strengthens customers’ ability to recover data after a cyberattack

• LiveAction announces long-term behavioral analytics capabilities in its ThreatEye NV platform

• Hunters SOC Platform enhancements enable users to prioritize incidents based on their urgency

• Entrust CloudControl 6.5 improves enterprise security and control for multi-cloud deployments

• Corelight Investigator allows security teams to accelerate their threat hunting and investigations

• Alteryx Designer-FIPS automates analytic insights and operational processes for government agencies

• Uptycs enhances container and Kubernetes capabilities to minimize risk for security teams

• USB Device Redux, with Timelines

• How to reprogram Apple AirTags, play custom sounds

• CyberPeace Institute and Partisia Blockchain protect humanitarian organizations against cyber threats

• Linksys announces new series of WiFi 6 mesh solutions for all at-home needs

• Samsung partners with Red Hat to develop next-generation memory-related software

• Weaveworks integrates with Microsoft to increase developer productivity

• SOOS collaborates with CircleCI to help developers identify and remediate open source vulnerabilities

• ChromeLoader Browser Malware Spreading Via Pirated Games and QR Codes

• Ransomware encrypts files, demands three good deeds to restore data

• Report: Healthcare industry remains top target for cyberattacks

• Michael Orozco joins MorganFranklin Consulting as Managing Director and Advisory Services Leader

• Aviatrix appoints Michael Welts as CMO

• Ravi Kumaraswami joins Riskified as President of Worldwide Field Operations

• Microsoft Unveils Dev Box, a Workstation-as-a-Service

• Broadcom Snaps Up VMware in $61B Deal

• Avocado Systems hires James Sortino as CRO

• U.S. Senate report calls out lack of ransomware reporting

• The Legal Challenges Presented by Seizing Frozen Russian Assets

• IT Security News Daily Summary 2022-05-26

• Best File & Disk Encryption Tools for Linux

• Maryland launches Mobile ID for Apple Wallet

• How GDPR Is Failing

• Why it’s hard to sanction ransomware groups

• Broadcom’s play to acquire VMware could strengthen its enterprise focus

• Fake Windows exploits target infosec community with Cobalt Strike

• UK privacy watchdog fines Clearview AI £7.5m and orders UK data to be deleted

• Cheers ransomware hits VMware ESXi systems

• Crypto Scammers Exploit: Elon Musk Speaks on Cryptocurrency

• Agencies aren’t hitting disconnection targets under EIS

• Third-Party Scripts on Websites Present a ‘Broad & Open’ Attack Vector

• Lacework Announces Layoffs, Restructuring

• Exposed: the threat actors who are poisoning Facebook

• How ‘cultural artifacts’ impede DOD’s ability to go big on AI

• The infrastructure buildout will be paperless

• How to encrypt your email and why you should

• Twitter fined $150M for misusing 2FA data

• Hacktivists Expanding DDoS Attacks as Part of International Cyber Warfare Strategy

• Zyxel addresses four flaws affecting APs, AP controllers, and firewalls

• How to Make Your Phone Impossible to Track: 11 Strategies for Privacy

• UK Begins National Security Probe Of Altice’s Stake In BT

• Wristband tracks firefighters’ chemical exposure

• Enterprise data is like air: Here’s how you can secure it

• Twitter Fined $150M for Security Data Misuse

• Cybercrime Syndicate Leader Behind Phishing and BEC Scams Arrested in Nigeria

• The Influence of VPN on Software Development

• Black Basta Besting Your Network?

• Facebook Updates Its Privacy Policy And Releases New Tools

• Google Urged to Stop Tracking Location Data Ahead of Roe Reversal

• The Chatter Podcast: The Movie “Casablanca” in Myth and Reality with Meredith Hindley

• Retrofitting Temporal Memory Safety on C++

• Cybersecurity is a corporate social responsibility, especially in times of war

• Why government should do more to drive down the cost of prison calls

• 11th Circuit’s Ruling to Uphold Injunction Against Florida’s Social Media Law is a Win Amid a Growing Pack of Bad Online Speech Bills

• Cyber Risk Management Strategies from Arjo CIO

• Elon Musk Raises His Contribution To Twitter Acquisition

• Biden’s executive order on policing could help spur local reforms

• Google is adding these IT security integrations to Chrome

• The FDA’s New Cybersecurity Guidance for Medical Devices Reminds Us That Safety & Security Go Hand in Hand

• California Bill Would Make New Broadband Networks More Expensive

• Ransomware Attack Disrupt the Operations of SpiceJet Flight

• Detecting Phishing Emails with Email Headers, Attachments, and URLs

• Spain to Tighten Control Over Secret Services After Spying Scandal

• India’s SpiceJet Strands Planes After Being Hit By Ransomware Attack

• Report Explores Child’s Data Safety Legislation Across 50 Countries

• Salt Security Helps bpLaunchpad Reimagine energy by Enabling API Based Innovation

• Best way to write a resume for cybersecurity roles

• Global oil companies take Cyber Resilience Pledge

• Google releases new data controls for Chrome browser and OS

• SYN Ventures Closes $300M Fund for Cybersecurity Bets

• Drupal Releases Security Updates

• Hacker Steals Database Of Hundreds Of Verizon Employees

• Some QCT Servers Vulnerable To Pantsdown Flaw

• Twitter Fined $150m For Handing Users’ Contact Details To Advertisers

• Suspected Phishing Email Crime Boss Cuffed In Nigeria

• Hacker Steals $1.4 Million In NFTs From Collector In One Sweep

• When Blockchain Companies Get Hacked

• Ways to protect your intellectual property in 2022

• Broadcom Confirms VMware Acquisition For $61 Billion

• The Benefits of Bug Bounty Programs

• Cloud Security Firm Lacework Lays Off 20% of Workforce

• Drupal Releases Security Updates

• 8 ways to avoid NFT scams

• Experts warn of a new malvertising campaign spreading the ChromeLoader

• Security Orchestration Automation and Response (SOAR) Basics: Definition, Components, and Best Practices

• Greg Johnson to Take Reins as McAfee CEO

• VMware to Absorb Broadcom Security Solutions Following $61 Billion Deal

• Big Cyber Hits on GM, Chicago Public Schools, & Zola Showcase the Password Problem

• CISA and DoD Release 5G Security Evaluation Process Investigation Study

• Lessons Learned by 2022 Cyberattacks: X-Force Threat Intelligence Report

• Ransomware demands acts of kindness to get your files back

• Campaigners warn of legal challenge against Privacy Shield enhancements

• Old Python package comes back to life and delivers malicious payload

• Quanta Servers Caught With Pantsdown BMC Vulnerability

• Act Now: Leveraging PCI Compliance to Improve Security

• Big Hits on GM, Chicago Public Schools, & Zola Showcase the Password Problem

• CISA and DoD Release 5G Security Evaluation Process Investigation Study

• The Evolving Face of Cyber Conflict and International Law: A Futurespective

• Nuclear Brinkmanship: U.S. Sanctions Against Iran Explained

• Broadcom to acquire VMware for $61 billion in cash and stock

• Tesla Researchers Tout 100 Year Battery Design

• What Is a CSRF Token?

• Some QCT servers vulnerable to ‘Pantsdown’ flaw say security researchers

• How to stop spam messages on your iPhone with this almost-secret hidden switch

• QCT Servers Affected by ‘Pantsdown’ BMC Vulnerability

• Critical ‘Pantsdown’ BMC Vulnerability Affects QCT Servers Used in Data Centers

• Comment: DuckDuckgo Browser Allows Microsoft Trackers Due To Search Agreement

• Microsoft Defender vs Trellix: EDR software comparison

• ‘Pantsdown’ BMC vulnerability still present in Quanta servers

• Who’s watching your webcam? The Screencastify Chrome extension story…

• The 2022 Verizon Data Breach Investigations Report (DBIR) Is Out

• How Software Architects Can Manage Technical Debt in a Microservice Architecture

• Time to update: Google Chrome 102 arrives with 32 security fixes, one critical

• NordLayer makes it easy for businesses to add VPN technology to remote workers

• 18 Oil and Gas Companies Take Cyber Resilience Pledge

• Most Common Threats in DBIR

• Black Hat Asia 2022: Building the Network

• Broadcom to acquire VMware for $61 billion in a cash and stock deal

• ChromeLoader targets Chrome Browser users with malicious ISO files

• Managed detection and response in 2021

• Malware-Infested Smart Card Reader

• Twitter Fined $150 Million For Sharing User Telephone Numbers

• Microsoft: Here’s how to defend Windows against these new privilege escalation attacks

• Critical Vulnerabilities Found in Open Automation Software Platform

• The Mystery of China’s Sudden Warnings About US Hackers

• Experts Warn of Rise in ChromeLoader Malware Hijacking Users’ Browsers

• GM, Zola customer accounts compromised through credential stuffing

• A New Ransomware Variant Dubbed ‘Cheers’ Was Discovered

• Buy these software stocks as cyberattacks climb, Stephens says

• The Difference Between a Vulnerability Assessment and Penetration Testing

• The Added Dangers Privileged Accounts Pose to Your Active Directory

• Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities

• What Are the Benefits of Hiring Professional Essay Writing Help

• Watch out! Tinder and Grinder users targeted by cruel scammers using real abuse photos

• Country Extortion: Ransomware expands business to include the government sector

• Cybergang Claims REvil is Back, Executes DDoS Attacks

• Enjoy greater online freedom with Atlas VPN

• Multi-Continental Operation Leads to Arrest of Cybercrime Gang Leader

• ‘How Are They Weapons? That’s Only a Flashlight!’

• Do not use Tails OS until a flaw in the bundled Tor Browser will be fixed

• Security pros believe cybersecurity strategies will soon be obsolete

• Verizon: Ransomware sees biggest jump in five years

• Chinese Acquisition Of Newport Wafer Fab Under National Security Review

• Three-quarters of Security Pros Believe Current Cybersecurity Strategies Will Shortly Be Obsolete

• Insider threats caused 68% of legal sector breaches

• If you get an email saying “Item stopped due to unpaid customs fee”, it’s a fake

• Tails OS Users Advised Not to Use Tor Browser Until Critical Firefox Bugs are Patched

• Italy announced its National Cybersecurity Strategy 2022/26

• Microsoft: Credit Card Stealers are Switching Tactics to Conceal the Attack

• Using Blatant Code, a New Nokoyawa Variant Sneaks up on Peers

• Ellie’s Data Auction – Intego Mac Podcast Episode 241

• State of Cybersecurity Report 2022 Names Ransomware and Nation-State Attacks As Biggest Threats

• How is AI Being Put to Good Use in the Gambling Industry

• Smart Locks Provide Security and Enhanced Accessibility in One Package

• Twitter Fined $150 Million for Misusing Users’ Data for Advertising Without Consent

• Hijacking of popular ctx and phpass packages reveals open source security gaps

• When it comes to remote work, 71% of IT leaders say security is the main challenge

• Suspected phishing email crime boss cuffed in Nigeria

• XONA raises $7.2 million to provide secure remote access control systems for critical infrastructure

• Ex-spymaster and fellow Brexiteers’ emails leaked by suspected Russian op

• Sigstore: Signature verification for protection against supply chain attacks

• Russian Ransomware hackers getting frustrated by sanctions

• Samsung introduced Knox Guard for Enterprise Mobile Security

• Encryption: How It Works, Types, and the Quantum Future

• Review: Hornetsecurity 365 Total Protection Enterprise Backup

• Ransomware grounds some flights at Indian budget airline SpiceJet

• Pentera Named ‘Most Promising Unicorn’ Award Finalist by SC Media

• New OneStream Research Finds Economic Disruption Poses Largest Threat to Business in 2022

• You Can Join the (ISC)² Board of Directors

• Why are current cybersecurity incident response efforts failing?

• Most organizations do not follow data backup best practices

• A Problem Like API Security: How Attackers Hack Authentication

• How confident are companies in managing their current threat exposure?

• YouTube remains in Russia to be an independent news source: CEO

• Interpol Arrests Leader of SilverTerrier Cybercrime Gang Behind BEC Attacks

• Onfido Real Identity Platform enhancements optimize user experience for organizations

• Netenrich Resolution Intelligence platform allows analysts to view security status of critical assets

• OneTrust Trust Intelligence Platform enables organizations to build trust in enterprise environments

• Thales releases CipherTrust Tokenization to protect data in numerous SAP applications

• Twitter to Pay $150M Penalty Over Privacy of Users’ Data

• ServiceNow introduces Procurement Service Management to improve procurement processes

• Preen.Me – 236,105 breached accounts

• Food For Files: GoodWill Ransomware demands food for the poor to decrypt locked files

• Oracle selects Palo Alto Networks to protect their cloud applications and data against emerging threats

• BlackBerry partners with NXP Semiconductors to help companies prepare for post-quantum cyber attacks

• Amart Furniture – 108,940 breached accounts

• Millions of people’s info stolen from MGM Resorts dumped on Telegram for free

Generated on 2022-05-27 23:55:32.633041