IT Security News Daily Summary 2022-06-08

• MakeMoney malvertising campaign adds fake update template

• States try incentive-based cybersecurity

• 0Patch released unofficial security patch for new DogWalk Windows zero-day

• Radio waves for the detection of hardware tampering

• CISA director promotes collaboration and trust at RSAC 2022

• TSP participants bemoan bumpy recordkeeper transition

• Facebook Faces Massive Suit Alleging It Put Users’ Profiles In Sponsored Advertising

• The White House just pulled its nominee to fill the still-vacant job of federal procurement chief

• How one paper just blew up Bitcoin’s claim to anonymity

• Talon Grasps Victory at a Jubilant RSAC Innovation Sandbox

• Momentum and money

• SSNDOB Market domains seized, identity theft “brokerage” shut down

• Black Basta Ransomware Targets ESXi Servers in Active Campaign

• Platform Liability Trends Around the Globe: Moving Forward

• Google has more reasons why it doesn’t like antitrust law that affects Google

• Microsoft Slashes Russia Operations, Axes 400 Staff

• Vendor Security Network Boosted With Whistic Announcing $35m Funding Round

• What TrickBot Tells Us About The Future of Malware

• SideWinder Hackers Have Planted a Bogus Android VPN Program

• Welcoming the Indonesian Government to Have I Been Pwned

• Bitwarden vs 1Password: Password manager comparison

• Snowflake Launches Cybersecurity Workload to Find Threats Across Massive Data Sets

• CISA Reveal Chinese Hackers Tactics Targeting US Telecoms and Network Service Providers

• Summit of the Americas: An Opportunity to Address China’s Growing Influence over Latin America’s Mineral Resources

• ASC X9 Launches Effort To Develop New Standard That Will Enhance QR Code Security Via Cryptography

• Ridge Security Announces Security Validation Hyperautomation Solution at RSAC 2022

• CyberSheath Opens Registration For CMMC CON 2022

• How to create a continuous lifecycle for your IT Policy Management

• Challenges that impact the Cybersecurity talent pipeline

• Google Fixes Critical Vulnerabilities Affecting Android Devices

• Ten Percent Of Twitter Accounts Posting Spam, Says GlobalData

• It Doesn’t Pay to Pay: Study Finds Eighty Percent of Ransomware Victims Attacked Again

• CISA Adds 36 Known Exploited Vulnerabilities to Catalog 

• Feds Raid Dark Web Market Selling Data On 24 Million Americans

• Data For 2 Million Patients Stolen In Largest Healthcare Breach So Far In 2022

• Osmosis Blockchain Taken Offline After Hacker Steals $5m

• Maiar Exchange Taken Offline After Hacker Steals $113m

• Black Basta Ransomware Teams Up With Malware Stalwart Qbot

• Awful 4chan chat bot spouts racial slurs and antisemitic abuse

• Reverse Tunnels and URL Shorteners Employed by Attackers to Launch Phishing Campaign

• CTOs n CISOs quitting jobs because of ransomware fear

• Ofcom Updates Law To Protect Last Remaining Phone Boxes

• Telegram Shared Personal User Data With German Authorities

• MongoDB: From jokes to juggernaut

• CISA Adds 36 Known Exploited Vulnerabilities to Catalog 

• Containers vulnerability risk assessment

• The EU’s New Message-Scanning Regulation Must Be Stopped

• Minimalistic OffSec Scanner – A Powerful TCP and UDP Scanner

• Four Best Practices For Ransomware Protection

• Access Management Firm Opal Launches With $10 Million Series A Investment

• SSNDOB Market servers seized, identity theft “brokerage”” shut down

• Five Ways Cyber Attackers Leverage Bad Bots to Commit Automated Fraud

• Phishing: use of reverse tunnel services to avoid detection and shutdown increases

• Feds raid dark web market selling data on 24 million Americans

• Researchers Warn of Unpatched “DogWalk” Microsoft Windows Vulnerability

• Reinventing Cambridge Analytica One Good Intention at a Time

• Photos: RSA Conference 2022, part 1

• Your Resistance Pauses Axon’s Dangerous Drone Tasers

• IBM Closes Down Russian Operation, Lays Off Staff

• Taming the Digital Asset Tsunami

• Cybercriminals use automated bot to bypass 2FA authentication at wide scale

• CISA Clarifies Criteria for Adding Vulnerabilities to ‘Must Patch’ List

• #RSAC: How the US Government and Industry Work Together to Stop Cyber-Attacks

• How Do We Secure Our Cities From Attack?

• US dismantled and seized SSNDOB cybercrime marketplace

• Router security in 2021

• 5 Linux malware families SMBs should protect themselves against

• Intel offers ‘server on a card’ reference design for network security

• New Security and Privacy Features in macOS Ventura, iOS 16, and iPadOS 16

• Paying Ransomware Paints Bigger Bullseye on Target’s Back

• Data Breach at Shields Health Care Group Impacts 2 Million Patients

• SSNDOB stolen data marketplace shut down by global law enforcement operation

• TSMC Rules Out European Chip Factory For Now

• Fronton Botnet Attacks: Why Enterprises Should Worry

• NSA, FBI warning: Hackers are using these flaws to target VPNs and network devices

• OSINT Authentication Firm 443ID Emerges From Stealth with $8 Million Seed Funding

• Google Ordered To Pay Australian Politician Over Defamatory Youtube Videos

• RSA Conference 2022 video walkthrough

• Tried And Tested Ways To Protect Your Mac Device

• Android security: Google updates fix these five critical vulnerabilities

• Cloud Data Access Firm Immuta Raises $100 Million

• Owl Labs Patches Severe Vulnerability in Video Conferencing Devices

• OffSec Live

• High-Stakes Heists: 7 Films That Do It Right

• Apple’s ‘Passkeys’ Could Lead To Passwordless Future

• Why Shields Health Care Group Suffers Data Breach? Expert Weighs In

• Rogue Actors Slipping Through The Cracks Into Business’ Internal Networks

• Italian City Of Palermo Shuts Down All Systems To Fend Off Cyberattack

• Chinese State-backed Actors Hack Telecom Firms to Steal Data

• How to Recover From a Ransomware Attack

• Black Basta Ransomware Teams Up with Malware Stalwart Qbot

• RSA Conference 2022 – Announcements Summary (Day 2)

• Leaking Military Secrets on Gaming Discussion Boards

• New NHS Digital Materials Aim to Boost Cybersecurity Awareness in Social Care Organisations

• Privilege Escalation in Azure: Keep your enemies close, and your permissions closer

• 443ID launches with OSINT-driven identity and access management solution

• SSNDOB Cybercrime Marketplace Taken Down by Law Enforcement

• Ransomware Pressure Forces UK CISOs to Consider Quitting

• New Report Shows That Smishing Attempts Soared in 2021

• Qrypt collaborates with Vaultree to offer encrypted data processing technology for customers

• Qbot – known channel for ransomware – delivered via phishing and Follina exploit

• Deadbolt Ransomware Uses Multi-Tiered Extortion

• MongoDB grows up

• Whistic Raises $35 Million in Series B Funding for Vendor Security Network

• US and Euro Police Smash Cybercrime Marketplace

• Is Streaming Too Much Harmful or Beneficial to Your Health?

• Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques

• Attacker Dwell Time Surges 36% in 2021

• China-linked threat actors have breached telcos and network service providers

• Italian Municipality of Palermo Suffers Cyberattack

• Onapsis’ product updates strengthen business application security

• NetWitness XDR helps analysts detect known and unknown attacks

• Coffee app in hot water for constant tracking of user location

• Taiwan Bans Most Chip Exports To Russia, Belarus

• Evil Corp Hacker Group Changes Ransomware Tactics After U.S. Sanctions

• Intruder dwell time jumps 36%

• SafeBreach Studio enables security teams to automate and scale red-team exercises

• Best Construction Workforce Management Solutions

• Forcepoint unveils new solutions to simplify connectivity and network security for enterprises

• U.S. Agencies Warn About Chinese Hackers Targeting Telecoms and Network Service Providers

• Acronis Advanced DLP protects businesses and MSPs from data leakage

• 82% of CIOs believe their software supply chains are vulnerable

• Black Basta ransomware now supports encrypting VMware ESXi servers

• Arctic Wolf announces cyber insurance readiness tool to help organizations manage their security posture

• Beijing-backed baddies target unpatched networking kit to attack telcos

• Cyber Security Management System (CSMS) for the Automotive Industry

• FakeCrack: Crypto stealing campaign spread via fake cracked software

• US cyber chiefs: Moving to Shields Down isn’t gonna happen

• FBI Seizes ‘SSNDOB’ ID Theft Service for Selling Personal Info of 24 Million People

• Ransomware attacks keeping the educational sector on its toes

• Ukraine’s secret cyber-defense that blunts Russian attacks: excellent backups

• NVIDIA offers Medical Computing Platform with Artificial Intelligence

• Black Basta Ransomware gang partners with QBot malware

• LastPass introduces passwordless Vault access

• Recovery and resilience: CISO insights into the 2022 cybersecurity landscape

• Trellix Partners with Hispanic Alliance for Career Enhancement to Boost Cybersecurity Workforce

• MetricStream and OCEG Survey Shows Businesses are Seeking Connected GRC Systems to Ensure Risk Readiness and Resiliency

• PIXM Named Winner of the Coveted Global InfoSec Awards during RSA Conference 2022

• Spin Technology Named Winner of the Coveted Global InfoSec Awards during RSA Conference 2022

• CMMC 2.0: key changes

• Barely one-third of IT pros can vet code for tampering

• Ransomware: A Beginner’s Guide to Threat Detection

• Pandemic-related identity fraud: How serious is it?

• Bridging the IT/OT gap with Tripwire’s Industrial Solutions

• Now Is the Time to Plan for Post-Quantum Cryptography

• Zero trust segmentation eliminates 5 cyber disasters per year and saves $20+ million annually

• RSA – Spot the real fake

• Elastic Security for Cloud expands visibility and protection of cloud-native environments

• Cyware CTIX 3.0 improves risk planning and defensive posture for security teams

• Trulioo platform update provides enhanced proof of address and anti-money laundering offerings

• Why Phishing Is Still the Top Attack Method

• What TrickBot tells us about the future of

• LastPass allows customers to access their vault with a passwordless login

• Cyber Security Giant Mandiant Denies Hacking Claims By LockBit Ransomware

• How to Quickly Remove Malware in 2022

• Disinfo and Hate Speech Flood TikTok Ahead of Kenya’s Elections

• #RSAC: Schneier Declares AI Hacking Will Favor Defense

• #RSAC: Collective Effort Required to Strengthen National Cybersecurity

• Deepfence partners with Lightstream to enhance security posture for enterprises

• Data for 2 million patients stolen in largest healthcare breach so far of 2022

• Linux version of Black Basta ransomware targets VMware ESXi servers

• Apple’s New MacBook Air Brings Back MagSafe for All

• Apple’s “next generation” of CarPlay plans to take over every screen in your car

• #RSAC: Cryptographers Panel Outlines Perils of Adversarial AI and Blockchain

• Relativity integrates with Box to enable direct data collection for e-discovery

• GoSecure and TPx launch Managed IDR service to protect organizations from advanced email threats

• Expel collaborates with Armis to provide critical coverage of customers’ ecosystems

• An Emerging Threat: Attacking 5G Via Network Slices

• People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices

• People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices

• HackNotice raises $7 million to help companies fight against cyber threats

• Forescout acquires Cysiv to deliver data-powered analytics for 24/7 threat detection and response

• GitHub adds supply chain security tools for Rust language

• DOE shares playbook for energy emergencies

• #RSAC: Cybersecurity Industry Can Provide Soulful Jobs for Technologists Tired of Soulless Social Media Employers

• People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices

• People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices

• GAO tags unemployment insurance as ‘high risk’

• LiveAction appoints Francine Geist as CEO

• Lawmakers grill VA cyber officials over stalled progress cybersecurity

• Ransomware Task Force priorities see progress in first year

• IT Security News Daily Summary 2022-06-07

• AppOmni raises $70M to secure orgs’ SaaS apps

• Smart cameras automate recording, boost police transparency

• Smart edge infrastructure expands capacity, real-time data access

• How to use AI in cybersecurity?

• Lawmakers want to know how much bad software costs DOD

• Microsoft flags common pitfalls for cyber insurance

• After the Cawthorn Ruling, Can Trump Be Saved From Section 3 of the 14th Amendment?

• Elastic releases security solution for the cloud

• Zitadel targets developers with open-source identity management platform

• AppOmni Raises $70 Million to secure orgs’ SaaS apps

• What’s the best place for an EV charging station?

• SUSE doubles down on security in its latest SUSE Linux Enterprise 15 release

• EU Agrees Common Mobile Charging Port, In Blow To Apple

• Elastic releases Elastic Security for Cloud

• Ransomware Task Force calls for better incident reporting

• Facebook Whistleblower Believes The Company Can’t Recover Until Zuckerberg Steps Down

• Mandia: Keep ‘Shields Up’ to Survive the Current Escalation of Cyberattacks

• Watchdog finds cyber risks in TVA control systems

• IBM to Acquire Randori for Attack Surface Management Tech

• 8 benefits of DevSecOps automation

• #RSAC: The Growing Relevance and Challenges of Privacy

• A third of organizations hit by ransomware were forced to close temporarily or permanently

• Technical Details Released for Recently Patched Zyxel Firewall Vulnerabilities

• Google Publishes Monthly Android Security Bulletin, Patches Critical Vulnerabilities

• Reverse Tunnelling & URL Shortening Services Used in Evasive Phishing

• Russian Ministry Website Hacked to Display “Glory To Ukraine” Message

• Driverless taxis hit city streets

• Do AI systems really have their own secret language?

• Apple Announces New Security Update Feature in iOS 16, macOS Ventura

• Top Cybersecurity Companies for 2022

• Multilevel Extortion: DeadBolt Ransomware Targets Internet-Facing NAS Devices

• NFTs Worth 200 Ether Were Stolen From the Bored Ape Yacht Club

• Nearly half of organizations hit by ransomware lost business as a result

• SVCReady: A New Loader Gets Ready

• Spanish Judge to Seek Testimony From NSO on Pegasus Spyware

• Using SSH tunneling for good and evil

• RSAC Opens With Message of Transformation

• How the C-Suite Puts Shoulders Into Zero Trust in 2022

• Apple’s Safety Check combats domestic abuse but timing its use is critical

• Humans and identity are constants in the ever-changing world of cybersecurity

• Evil Corp Hacker Group Changes Ransomware Tactics to Evade US Sanctions

• When DRM Comes For Your Wheelchair

• Virtual desktop infrastructure security best practices

• e360 Recognized by CRN® as One of North America’s Top Performing IT Solution Providers

• How DNS filtering can help protect your business from Cybersecurity threats

• GrammaTech to Host Cyber Thriller Book Signing at RSA 2022 with Deb Radcliff

• NSO Boss To Be Questioned By Spanish Judge Over Spyware Claim

• Joomla Security in 2022 – Best Practices To Secure Your Website

• Humans still weakest link in cybersecurity

• Know your enemy! Learn how cybercrime adversaries get in…

• Microsoft details zero-trust transition, challenges

• Enterprise Security Around the Dinner Table

• Hackers can take over accounts you haven’t even created yet

• Apple Blocks Millions of Apps and Restricts User Accounts

• New Specops Password Policy Detects and Blocks in User’s Active Directory

• Apple to say goodbye to Passwords with its MacOS Ventura Passkeys

• Apple Just Killed the Password—for Real This Time

• Owl Labs Releases Security Updates for Meeting Owl Pro and Whiteboard Owl

• Boosting your XDR Potential with Device Insights and Kenna Integrations

• Microsoft Seizes 41 Domains Tied To Iranian Phishing Ring

• Microsoft Won’t Say If It Will Patch Critical Windows Vuln Under Exploit

• Attackers Use Public Exploits To Throttle Atlassian Confluence Flaw

• Follina Exploited By State-Sponsored Hackers

• Spanish Court Calls CEO Of Israel’s NSO Group To Testify In Spying Case

• Beware of scams involving jobs, stimulus checks and tax refunds, IRS warns

• Hackers are now hiding inside networks for longer. That’s not a good sign

• DNI Avril Haines: Cybersecurity is getting harder

• KrebsOnSecurity in New Netflix Series on Cybercrime

• Owl Labs Releases Security Updates for Meeting Owl Pro and Whiteboard Owl

• Protect Your Executives’ Personal Digital Lives to Protect Your Company

• AI for Cyber Threat Intelligence – Challenges and Mitigation Approaches

• The Need for Automated Remediation in SaaS Security

• How to Solve a CISO’s Worst Nightmare

• Texas AG Investigates Twitter For ‘Deceptive Practices’ Over Bots

• How to install Maltrail for malicious traffic detection on your network

• Evil Corp gang starts using LockBit Ransomware to evade sanctions

• Getting a list of fixes for a Red Hat product between two dates is easy with daysofrisk.pl

• Rotten apples banned from the App store

• Just Released: 2022 (ISC)² Security Congress Agenda!

• WWDC 2022: Apple ‘All New’ MacBook Air, MacBook Pro

• New Dragos OT-CERT Provides Free Industrial Cybersecurity Resources

• Cybersecurity Industry Leaders Launch Campaign to Close the Cybersecurity Talent Gap

• Akamai Launches New Malware Protection for Uploaded Files

• 7 NFT Scams That Could Be Targeting Your Brand

• BlackBerry launches CylanceGATEWAY ZTNA-as-a-service solution

• Cyber Risk Retainers: Not Another Insurance Policy

• RSA Conference 2022 – Announcements Summary (Day 1)

• Snowflake Debuts Cybersecurity Workload to Aid Visibility, Automation

• CyberRatings.org Announces Test on Cloud Network Firewall

• Forescout Announces Intent to Acquire Cysiv to Deliver Data-Powered Threat Detection and Response

• CISA Challenges Partners and Public to Push for ‘More Than a Password’ in New Social Media Campaign

• A Long-Awaited Defense Against Data Leaks May Have Just Arrived

• Three Reasons Why Unification Drives Modern Data Security Strategy

• Cequence Security Unified API Protection enables security teams to protect their APIs

• Ransomware Gangs Now Employ a New Technique

• How to Create Identity and Access Governance In and Across Clouds

• Cybersecurity awareness training: What is it and what works best?

• Follina Exploited by State-Sponsored Hackers

• Conducting Modern Insider Risk Investigations

• RSA Conference 2022 – Vendor Announcements Summary (Day 1)

• Evil Corp Cybercrime Group Shifts to LockBit Ransomware to Evade Sanctions

• Stamus Networks U38 provides earlier detection of cyber threats for customers

• How do I recover data from an old laptop if I’ve forgotten the password? [Ask ZDNet]

• 4 Ways to Close the OT Cybersecurity Talent Gap

• MITRE System of Trust identifies and quantifies supply chain security risks

• PuTTY SSH Bruteforce Login Script

• Suse bolsters security in Linux Enterprise 15 update

• Cybereason: Paying ransoms leads to more ransomware attacks

• Cybereason Ransomware True Cost To Business Study Reveals Organisations Pay Multiple Ransom Demands

• Apple Blocks Over A Billion Attacks On The App Store

• Apple unveils passkeys for passwordless authentication to apps and websites

• Apple Presents macOS Ventura, iOS 16, iPadOS 16, and New Macs

• Threat Actors Exploit Microsoft ‘Follina’ Bug to Attack Europe and U.S. Entities

• Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw

• Period-Tracking and Fertility Apps Can Put Women Seeking Abortions at Risk

• Microsoft’s Digital Crimes Unit Takes Legal Action Over Spear-Phishing Attacks by Bohrium Hackers

• QBot Now Attacks Using Black Basta Ransomware

• WWDC 2022: Apple Unveils Powerful M2 Chip

• 4 Tips for an Airtight Kubernetes Security Policy

• Security Awareness Firm CybSafe Bags $28 Million in Series B Funding

• Ukrainian Officials’ Phones Targeted by Russian Hackers

• SimSpace platform enhancements help security teams validate their incident response operations

• Google Patches Critical Android Vulnerabilities With June 2022 Updates

• Hacking Scenarios: How Hackers Choose Their Victims

• Motorola’s Unisoc Chips Found to Contain Vulnerability

• WWDC 2022: Apple Announces New iPhone, iPad Operating System

• Smishing and Vishing Attempts Surged in 2021

• Gloucester Council IT Systems Still Affected Six Months After Cyber-Attack

• Social Care Organizations Get Cybersecurity Boost

• Researchers Warn of Spam Campaign Targeting Victims with SVCReady Malware

• IBM acquires Randori to strengthen its portfolio of AI-powered cybersecurity products and services

• This Is the Noteworthy Commitment of Quantum Signing Up: a Million Qubits and Screw Up Correction During 10 Years

• How to Pick the Gathering That Best Watches Out for Your Tech Association?

• NERC CIP Audits: Top 8 Dos and Don’ts

• Cyber-Attack Surface “Spiralling Out of Control”

• Black Basta ransomware operators leverage QBot for lateral movements

• Cisco announces innovations for end-to-end security across hybrid multi-cloud environments

• What It’s Like to Progress Forward During a Period Including an IPhone 13 Pro After Years as an Android Client

• Optiv CRS protects mission-critical assets and enhances recovery

• Looking for adding new detection technologies in your security products?

• Tenable closes acquisition of Bit Discovery and announces new solution to reduce cyber risk

• Authorities Taken Down WeLeakInfo and other Domains Providing DDoS Service

• Apple’s New Feature Will Install Security Updates Automatically Without Full OS Update

• Uptycs unveils functionality for CNAPP use cases to help organizations detect new cloud-based risks

• Does Windows 10 or 11 Need Antivirus Software?

• Attackers aren’t slowing down, here’s what researchers are seeing

• Why you should worry about medical ID theft

• How to create awareness and mitigate data loss incidents

• Bots compromise Jersey Computers to use them for Cyber Attacks

• Motorola mobiles suffering from stack overflow vulnerability

• Trellix Showcases Security’s Soulful Work and Award-Winning Tech at RSA® Conference

• IronNet Wins Award for Advanced Persistent Threat Detection

• Rapidly evolving IoT malware EnemyBot now targeting Content Management System servers and Android devices

• How to stay ahead of the Cybersecurity labor crisis and keep growing your business

• Stories from the SOC – Persistent malware

• Turning the tables on cyber attackers

• Ransomware attacks setting new records

• Boards, CEOs demand software supply chain security improvements

• Personal Data of 30,000+ Students Disclosed in Unsecured Database

• Cynet Automated Response Playbooks empowers security teams to reduce their alert investigation

• Business fit report: Echoworx Email Encryption

• Pindrop platform enhancements monitor fraudulent attempts to pass voice verification

• Deepwatch launches MXDR service to improve threat detection for enterprises

• BigID unveils SmallID to help customers improve security posture across the cloud

• FortiRecon gives enterprises adversary’s perspective of their attack surface

• Akamai Malware Protection blocks malicious files uploaded to web apps and APIs

• Chinese ride-hailing giant Didi surged 24% after report that regulators are ending probes

• #RSAC: The Changing Work of the Cyber-Threat Intelligence Community

• Juniper Networks expands its SASE offering with CASB and DLP capabilities

• IBM buys Randori to address multicloud security messes

• Top Secure Access Service Edge (SASE) Providers

• Musk Threatens to Walk Away From Twitter Deal

• DOD recommends NIST align frameworks for cybersecurity risk management

• Microsoft seizes 41 domains tied to ‘Iranian phishing ring’

• Thales collaborates with Palo Alto Networks to deliver new security integrations for businesses

• Absolute partners with leading ISVs to boost resiliency of their endpoint applications

Generated on 2022-06-08 23:55:32.461290