IT Security News Daily Summary 2022-06-02

• May ransomware attacks strike municipal governments, IT firms

• Cerberus Sentinel Completes Acquisition of Creatrix, Inc.

• Remotely Controlling Touchscreens

• This dangerous botnet has found a new way to infect your endpoints

• New Microsoft Office zero-day used in attacks to execute PowerShell

• CISA Adds 75 Flaws to Known Vulnerability Catalog in 3 Days

• Three Nigerian men arrested in INTERPOL Operation Killer Bee

• Remembering Apple’s Newton, 30 years on

• Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

• With this VPN and 90+ training courses, take cybersecurity to the next level

• Gurucul Launches Cloud-Native SOC Platform Pushing the Boundaries of Next-Gen SIEM and XDR with Identity Threat Detection and Response

• Intel Chipset Firmware Actively Targeted by Conti Group

• Research Reveals 75% of CISOs Are Worried Too Many Application Vulnerabilities Leak Into Production, Despite a Multi-Layered Security Approach

• Cybersecurity is a pillar of strength in this market, and it’s been oversold, says Wedbush’s Ives

• 45% of cybersecurity professionals have considered quitting the industry due to stress, research reveals

• Automated buses will still need skilled human operators

• pfSense vs Netgear router: What are the main differences?

• Cyber threats in gaming—and 3 tips for staying safe

• Majority of CIOs say their software supply chains are vulnerable, execs demand action

• CyberQ Technologies Inc. Launches Managed AI for Splunk UBA Customers

• US Sanctions Force Evil Corp to Change Tactics

• Microsoft Philanthropies Collaborates With WiCyS to Help Close the Cybersecurity Skills Gap

• New Cloud Pricing and Products Proof of RSA’s Transformation

• Phishers Having a Field Day on WhatsApp, Telegraph

• Update on (ISC)² Entry-Level Cybersecurity Certification Pilot

• Improve Azure storage security with access control tutorial

• Microsoft Leads in Exploited Vulnerabilities; Office is Latest Target

• Threat Detection Software: A Deep Dive

• Enhance Network Resiliency with Contingency DDoS Protection

• San Francisco Police Nailed for Violating Public Records Laws Regarding Face Recognition and Fusion Center Documents

• Apple To Shift Some iPad Production To Vietnam – Report

• Webroot managed detection and response (MDR) purpose-built for MSPs

• LockBit ransomware attack impacted production in a Mexican Foxconn plant

• Singapore Ups Investemnt in Quantum Technology, to Stay Ahead of Security Risks

• States must ramp up to administer broadband funding

• Turbulent Cyber Insurance Market Sees Rising Prices and Sinking Coverage

• CISA Updates Advisory on Threat Actors Chaining Unpatched VMware Vulnerabilities

• CISA Releases Security Advisory on Illumina Local Run Manager

• Turns Out It Is Not 85 Percent

• Drone Strikes and Evidence-Based Counterterrorism

• Has the Time for an EU-U.S. Agreement on E-Evidence Come and Gone?

• Cybersecurity is recession resistant, says Truist’s Joel Fishbein

• Introducing EDR for Linux: Remediating and isolating threats on Linux servers

• ExpressVPN Removes VPN Servers in India Rejecting Data Collection Law

• Microsoft: Next version of Exchange Server not until 2025

• Exiled Iran Group Claims Tehran Hacking Attack

• Report: Clipminer Botnet Operators Rake in $1.7 Million

• CISA Updates Advisory on Threat Actors Chaining Unpatched VMware Vulnerabilities

• CISA Releases Security Advisory on Illumina Local Run Manager

• Dear Europe, here again are the reasons why scanning devices for unlawful files is not going to fly

• Conti leaked chats confirm that the gang’s ability to conduct firmware-based attacks

• Introducing Malwarebytes DNS Filtering module: How to block sites and create policy rules

• ‘Clipminer’ Malware Actors Steal $1.7 Million Using Clipboard Hijacking

• Building America’s Cybersecurity Infrastructure

• ABS Consulting Among First Certified as Nozomi Networks MSSP Elite Partner to Provide Advanced OT and ICS Security

• SentinelOne Announces Integration with AWS Security Hub

• The No-code Security Automation Industry’s First Global Partner Program is Launched by Award-Winning Torq

• How to counter smart home device breaches

• Building trust in a Zero-Trust security environment

• Why SMEs Should Worry About Cybersecurity in 2022

• Logging and Security Analytics Firm Devo Banks New $100 Million Investment

• Exposing POLONIUM activity and infrastructure targeting Israeli organizations

• LockBit ransomware strikes Foxconn Electronics of Mexico

• Is your Windows license legal? Should you even care?

• S3 Ep85: Now THAT’S what I call a Microsoft Office exploit! [Podcast]

• Multiple Vulnerabilities Identified in NSW Digital Driver License

• Oracle’s Cerner Purchase Given EU Antitrust Blessing

• Follina abuses Microsoft Office to execute remote code

• Dutch Used Pegasus Spyware on Most-Wanted Criminal: Report

• Millions of Budget Smartphones With UNISOC Chips Vulnerable to Remote DoS Attacks

• ‘Clipminer’ Malware Actors Steal $1.7 Million Using Clipboard Hijackingp

• The Chatter Podcast: The Secrets of Gay Washington with Jamie Kirchick

• Elon Musk Return To Office Demand Opposed By German Union

• Types of Web Hosting and How Much Does It Cost To Host A Website?

• Experts Warn Against Ransomware Hitting Government Organizations

• Hundreds of Poorly Secured Elasticsearch Database Targeted in Ransom Attacks

• Incognia expands focus to combat increased identity fraud

• How to stop spam messages on your iPhone fast

• Yet another zero-day (sort of) in Windows “search URL” handling

• A Ransomware Group Claims to Have Breached the Foxconn Factory

• Toshiba Receives Multiple Proposals, As It Mulls Strategic Options

• Recovering Ransom Payments: Is This the End of Ransomware?

• Cybercriminals Expand Attack Radius and Ransomware Pain Points

• Cloud Data Security Startup Laminar Raises $30 Million

• Fighting Follina: Application Vulnerabilities and Detection Possibilities

• While There Be More Cyber Attacks Due To Ukraine Conflict?

• 57% of All Digital Crimes in 2021 Were Scams Says Group IB

• US Authorities Seize Domains Selling Stolen Data, DDoS Services

• Neutralizing Novel Trickbot Attacks With AI

• Conti Leaks Reveal Ransomware Gang’s Interest in Firmware-based Attacks

• An international police operation dismantled FluBot spyware

• Costa Rica Public Health Service Ransomware Attack

• EnemyBot Malware Adds Exploits For Critical VMware, F5 BIG-IP Flaws, What Do You Think?

• Devo Technology announces $100M in funding to develop ‘autonomous SOC’

• Cloud Security Startup JupiterOne Lands $70 Million at ‘Unicorn’ Valuation

• US Warns Organizations of ‘Karakurt’ Cyber Extortion Group

• Leaks Show Conti Ransomware Group Working on Firmware Exploits

• Healthcare Pays More Ransom Demands, But Get Less Data Back

• Coralogix Raises $142 Million for Data Observability Platform

• Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks

• JupiterOne raises $70M to secure the cloud attack surface

• Scammers Target NFT Discord Channel

• VMware launches ‘threat intelligence cloud’ Contexa

• ExpressVPN Removes Servers in India After Refusing to Comply with Government Order

• Dell’Oro Names Cisco the 2021 Overall SASE Market Share Leader

• SECURITY ALERT:  Zero-Day Microsoft Support Diagnostic Tool Vulnerability CVE-2022-30190 Enables Remote Code Execution

• New RuneScape Phishing Scam Aimed at Stealing Accounts and In-game Item Bank PINs

• The Evolution of Video Slots Technology Over the Last Decade

• Dear Europe, once again here are the reasons why scanning devices for unlawful files is not going to fly

• Here is how to protect Windows PCs from Protocol vulnerabilities

• International Authorities Take Down Flubot Malware Network

• Automation. Where do We Go from Here?

• Why Ransomware Timeline Shrinks By 94%?

• Sheryl Sandberg To Leave Facebook After 14 Years

• Check Point Research unveils vulnerability within UNISOC baseband chipset

• Access Brokers and Ransomware-as-a-Service Gangs Tighten Relationships

• ExpressVPN’s Response To Changing Indian VPN Directive

• How to Find Shippers for Your Produce Business

• Being prepared for adversarial attacks

• Critical flaw found inside the UNISOC smartphone chip

• Cybercriminals Hold 1,200 Unsecured Elasticsearch Databases for Ransom

• 10 Companies Chosen to Test Next-Generation Cybersecurity Technologies

• Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones

• WinDealer dealing on the side

• Microsoft Office apps are vulnerable to IDN homograph attacks

• Microsoft collaborates with Tenable to support federal cybersecurity efforts

• US Conducts Offensive Cyber Operations To Support Ukraine

• 7 Convincing Reasons to Replace Your VPN for ZTNA

• Singapore mandates ‘kill switch’ for banks as safeguard against online scams

• Concentric’s AI technologies simplify and automate data security

• What Is Model Transformation?

• Waiting for WWDC – Intego Mac Podcast Episode 242

• What to do if your Android Phone gets lost

• Europol seizes Flubot malware operations and infrastructure

• SideWinder Hackers Use Fake Android VPN Apps to Target Pakistani Entities

• CIOs and network engineers rank cybersecurity among the biggest risks

• Super-spreader FluBot squashed by Europol

• 3 Ways AI Technology Is Reshaping The Legal Profession

• DOJ Seizes 3 Web Domains Used to Sell Stolen Data and DDoS Services

• How to support women in cybersecurity

• Cyber Risk Management Strategies from Arjo CIO

• A critical RCE flaw in Horde Webmail has yet to be addressed

• ExpressVPN moves servers out of India to escape customer data retention law

• A closer look at the 2022 Microsoft Vulnerabilities Report

• Bitwarden’s username generator now supports SimpleLogin, AnonAddy, and Firefox Relay email alias services

• Talking to children about the internet: A kid’s perspective

• The cyber posture of the U.S. Federal Government

• SentinelOne Announces First Quarter Fiscal Year 2023 Financial Results

• Media Alert: Intel at RSA Conference 2022, BSides SF

• Journey Into Cybersecurity – Conversations with Cyber Newcomers, Part 1

• (ISC)² Advocates for Membership – Shares Opinions on Proposed UK Standards and Pathway

• Challenges that impact the Cybersecurity talent pipeline

• Massive shadow code risk for world’s largest businesses

• HR Manager of Private Company Duped of ₹28 Lakh

• Language-based BEC attacks rising

• Top CVE Trends — And What You Can Do About Them

• Autonomous vehicles can be tricked into erratic driving behavior

• Over 3.6 Million MySQL Servers are Publicly Exposed on The Internet

• Horizon3.ai extends its NodeZero platform to include both internal and external penetration testing

• Semperis Purple Knight Post-Breach accelerates malware-free recovery from Active Directory attacks

• LookingGlass Suite enables organizations to identify relevant cybersecurity issues

• Tufin Orchestration Suite R22-1 increases security and compliance across the hybrid environments

• SecurityMetrics Pulse helps businesses detect and monitor cyber threats

• ESET NetProtect suite protects customer devices connected to Telco and ISP networks

• SecureAuth Arculix strengthens passwordless authentication for enterprises

• US ran offensive cyber ops to support Ukraine, says general

• Kingston Digital launches hardware-encrypted USB drive for data security

• US conducted offensive cyber ops to support Ukraine against Russia, says general

• Ransomware attack turns 2022 into 1977 for Somerset County

• Swimlane partners with NTT DATA to enhance customer’s risk posture with actionable intelligence

• Mandiant collaborates with Interos to advance supply chain cyber risk management for enterprises

• More than a quarter of Americans fell for robocall scam calls in past year

• Netskope acquires WootCloud to help customers protect IoT devices on their networks

• Kroll acquires Crisp to accelerate its digital service capabilities

• Lookout acquires SaferPass to deliver online identity solutions for consumers and businesses

• ReliaQuest to acquire Digital Shadows for $160 million

• LDRA integrates with Microsoft Azure DevOps to improve ‘shift left’ strategy for organizations

• TrustPid is another worrying, imperfect attempt to replace tracking cookies

• New PoC Shows IoT Devices Can Be Hacked to Install Ransomware on OT Networks

• What is Software Supply Chain Security?

• Managing Extended Software Supply Chain Risks

• Darktrace’s Brianna Leddy on How Ransomware Groups Adapt to New Defenses

• Nucleus Security expands leadership team with new appointments

• Coralogix raises $142 million to expand its offerings into further markets

• Paladin Capital Closes $372 Million Cyber Fund II

• David Lucey joins Biscom as CEO

• Getting ahead of the next pandemic

• New York: Tell Your Assemblymembers to Pass This Landmark Repair Bill

• IT Security News Daily Summary 2022-06-01

• Database for a secure EV battery supply chain

• FluBot Android Malware Operation Disrupted, Infrastructure Seized

• Hunting for Threats Using Network Traffic Flows

• Feds Seize Domains Dealing Stolen Personal Data

• Darktrace’s David Masson on What Attacks on Critical Infrastructure Look Like

• 12K Misconfigured Elasticsearch Buckets Ravaged by Extortionists

• Netenrich Debuts Resolution Intelligence Secure Digital Operations Platform at RSA 2022

• NetSPI’s New Breach and Attack Simulation Enhancements Help Organizations Achieve Behavior-Based Threat Detection

• New XLoader Botnet version uses new techniques to obscure its C2 servers

• Foreign Equities and Informational Restraints on U.S. Prosecutors

• Tell us about your experience with the Public Service Loan Forgiveness program

• NanoLock Combats Cyber Chaos with Device-Level Industrial Cybersecurity

• ReliaQuest to Acquire Digital Shadows

• Netskope Acquires WootCloud, Extending Zero Trust Capabilities to Enterprise IoT

• 3 ways DNS filtering can save SMBs from cyberattacks

• 3 Gmail tools that stop hackers from breaking into your email

• Video: A Civil Discourse on SBOMs

• Why Commerce went against Microsoft on rule to control cyber exploits

• GSA shares specs on governmentwide cloud BPA

• All eyes on the FCC as deadline for 911 overhaul approaches

• Wray: FBI Blocked Planned Cyberattack on Children’s Hospital

• How zero trust unifies network virtualization

• Thoughts on the Michael Sussmann Verdict

• First Amendment Absolutism and Florida’s Social Media Law

• The Emergence of Dynamic Threat Hunting

• INTERPOL Arrests Three Nigerians in Relation with a Global Scam

• Elon Musk Tells Tesla Staff To Return To Work Or Resign

• Feds’ vaccine mandate enforcement could be days away, but agencies are not yet prepping

• Singapore aims to drive digital trust with $36.3M research facility

• Best VPN for streaming (2022)

• Apple Attacks Facebook Over Privacy Practices In New Ad

• Clever — and Exploitable — Windows Zero-Day

• Using Python to unearth a goldmine of threat intelligence from leaked chat logs

• Why edge and endpoint security matter in a zero-trust world

• Experts reveal the average ransomware attack takes just 3 days

• Five Steps to Prepare Data for a Zero-Trust Security Model

• How the Pentagon plans to manage inflation costs in contracts

• What are digital twins? A pair of computer modeling experts explain

• Want to advance your career in tech? Focus on these three areas

• Europol Confirms Takedown of SMS-based FluBot Spyware

• Help Organizations to Mitigate Risk in Microsoft 365 with ‘Vectra Protect’

• Zero Trust Research Reveals Nearly Half of All Security Leaders Do Not Believe They Will Be Breached Despite Increasing Attacks and Adoption of Zero Trust Strategies

• Enhanced Threat Intelligence Portal Provides Consolidated Access to Kaspersky Threat Intelligence Expertise

• 10 No-BS Tips for Building a Diverse and Dynamic Security Team

• Security at the Edge: Why It’s Complicated

• Bad News: The Cybersecurity Skills Crisis Is About To Get Even Worse

• Microsoft Releases Workaround For 1-Click 0-Day Under Active Attack

• Industrial IoT Ransomware Attacks Control Systems Directly

• EnemyBot Malware Adds Enterprise Flaws To Exploit Arsenal

• Tim Horton’s App Tracked Movement In Violation Of Privacy Laws

• FAQ: Mitigating Microsoft Office’s ‘Follina’ zero-day

• Phishing mail claims a 3D Secure upgrade is required

• U.S. Citizens Lost $39.5 Billion to Phone Frauds Alone Over the Past Year

• Report: Cybersecurity Skills Gap Creates Vulnerabilities

• CMMC 2.0: key changes

• Unofficial Micropatch for Follina Released as Chinese Hackers Exploit the 0-day

• Pentagon issues guidance on inflation costs for contracting officers

• How to improve cyber attack detection using social media

• How ransomware kill chains help detect attacks

• StorCentric Launches Nexsan EZ-NAS -Network-Attached Storage for SMBs and Enterprise Edge Deployments

• Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

• Microsoft Now Permits IT Administrators to Evaluate and Deactivate Inactive Azure AD users

• Industrial Open Automation Software filled with vulnerabilities

• ChromeLoader – A New Browser Hijacking Malware Spreading Globally

• Amazon Hits Out At US Congress Antitrust Bill

• USDA launches outreach project for key nutrition program

• Microsoft sets multi-factor authentication as default for all Azure AD customers

• ReliaQuest to Buy Digital Shadows for $160 Million

• Connecticut Becomes Fifth US State to Enact Consumer Privacy Law

• Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

• Is SASE the Solution for Third-Party Risk?

• Why cloud security matters and why you can’t ignore it

• Don’t let your cloud cybersecurity choices leave the door open for hackers

• Cloud computing security: Where it is, where it’s going

• Cloud computing security: Five things you are probably doing wrong

• Cloud computing dominates. But security is now the biggest challenge

• Karakurt Data Extortion Group

• Karakurt Data Extortion Group

• SecureX and Secure Firewall: Integration and Automation to Simplify Security

• The Law of Armed Conflict in 2040? A New Volume

• Community Activists Reach Settlement with Marin County Sheriff for Unlawfully Sharing Drivers’ Locations with Out-Of-State and Federal Agencies

• Hearing Wednesday: EFF Testifies Against SFPD for Violating Transparency Laws

• TomTom Confirms Hundreds Of Job Losses

• Ordr Raises $40 Million to Secure Connected Devices

• Unpatched Vulnerability Exposes Horde Webmail Servers to Attacks

• Firefox 101 is out, this time with no 0-day scares (but update anyway!)

• Karakurt Data Extortion Group

• Karakurt Data Extortion Group

• New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email

• North Orange County Community College District Suffered Ransomware Attack

• IBM X-Force Finds New Ransomware Group Black Basta

• CISOs say ransomware is the least concerning threat to enterprises

• Implementing wireless security in the enterprise

• How to design architecture for enterprise wireless security

• FluBot Android Spyware Taken Down in Global Law Enforcement Operation

• Distinguishing AI Hype From Reality in SecOps

• FluBot Android Spyware Taken Down by Global Law Enforcement Operation

• SafeBreach Expands Global Reach with Launch in EMEA

• Berkshire Bank Selects Salt Security for API Security as its Business Operations Scale

• YODA Tool Found ~47,000 Malicious WordPress Plugins Installed in Over 24,000 Sites

• Experts uncovered over 3.6M accessible MySQL servers worldwide

• WhatsApp accounts hijacked by call forwarding

• Apple To Make Many Changes To iPhone, iPad Operating Systems – Report

• Coralogix raises $142M for lightweight full-stack observability platform

• Ordr raises $40M for IoT monitoring tool

• Best Software Development Tools

• Twice as Many Healthcare Organizations Now Pay Ransom

• The United States Department of Justice Will no Longer Prosecute Ethical Hackers

• Ransomware Group Claims to Have Breached Foxconn Factory

• Europol Announces Takedown of FluBot Mobile Spyware

• FluBot takedown: Law enforcement takes control of Android spyware’s infrastructure

• Coralogix Raises $142M for lightweight full-stack observability platform

• Researchers Devise Attack Using IoT and IT to Deliver Ransomware Against OT

• Vendor Refuses to Remove Backdoor Account That Can Facilitate Attacks on Industrial Firms

• The Race to Hide Your Voice

• Can iPhone be hacked when turned off?

• Countdown to Ransomware: Analysis of Ransomware Attack Timelines

• Lookout acquires password management company SaferPass

• Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack

• April 2022 Cyber Attacks Statistics

• Tech Firms Urged By Ofcom To Do More To Protect Women Online

• Chinese Threat Actors Exploiting ‘Follina’ Vulnerability

• New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers

• China-linked TA413 group actively exploits Microsoft Follina zero-day flaw

• Watch out for phishing emails that inject spyware trio

• CTV Ad Fraud: Everything You Need to Know

• Multiple Vulnerabilities Found In Open Automation Software (OAS) Platform

• SecureAuth launches continuous passwordless authentication solution

• Turkish airline suffers 6.5TB data leak

• Darknet Market ‘Versus’ Shutting Down After Critical Exploit Leak

• US Supreme Court Blocks Controversial Texas Social Media Law

• How to Apply the Risk Management Framework (RMF)

• Nearly Three-Quarters of Firms Suffer Downtime from DNS Attacks

• SMSFactory Android Trojan producing high costs for victims

• Using Wi-Fi 6 to Power Hyper-Aware Healthcare Facilities

• Scanning Finds Over 3.6 Million Internet-Accessible MySQL Servers

• 7 Fascinating Gender-Related Emojis That You Should Know

• 7 Best Music Streaming Services That You May Enjoy Using

• Euro Cops Bust $47m Money Laundering Operation

• Scams account for most of all financially motivated cybercrime

• Hospitals are for healing humans. But protecting and healing hospitals needs machines

• Hive ransomware gang hit Costa Rica public health service

• What if ransomware evolved to hit IoT in the enterprise?

• Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability

• Amazon to mimic Walmart in AI drone delivery

• Ransomware news trending on Google

• Paving your path to SASE: 4 tips for achieving connectivity and security

• How cybercriminals are targeting executives at home and their families

• Trellix Finds Workforce Shortage Impacts 85% of Organizations’ Cybersecurity Posture

• Xiologix Wins an Award for Top Emerging Managed Security Services Company for 2022 by Cyber Security Review

• NTT DATA Selects Swimlane to Deliver Low-Code Security Automation in EMEA

• (ISC)² Entry-Level Cybersecurity Certification Pilot Exam Reaches 1,000 Exam Milestone

• The 3 Biggest DDoS Attacks Imperva Has Mitigated

• DDoS threats growing in sophistication, size, and frequency

• Forescout proof-of-concept ransomware attack affects IoT, OT

• Contactless is reigning: Consumers can’t even remember their PIN

• EnemyBot malware adds enterprise flaws to exploit arsenal

• Almost half of Australians are back in the office and don’t want to be there: RMIT Online

• Building a More Secure Cloud: 5 Strategies for 2022

• Infosec products of the month: May 2022

• Vulnerabilities in Open Automation Software Platform Let Attackers Execute Remote Code

• Australian National Disability Insurance Scheme provider breached and treating its database as compromised

• Cyber Agency: Voting Software Vulnerable in Some States

• DDN improves data security and performance with AI software enhancements

• Orange Business Services launches Service Manage-Watch to enhance global IT performance supervision

• Costa Rica Public Health System Targeted by Ransomware

• PQShield collaborates with Microchip Technology to address quantum threat

• CyberCube and Kroll launch a new cyber incident response service for clients

• Armis partners with Torq to offer a module for security automation and threat response workflows

Generated on 2022-06-02 23:55:32.358970