IT Security News Daily Summary 2022-09-02

• Why Your Success Depends on Your IAM Capability

• Getting the word out on election security

• Convicted felon busted for 3D printing gun parts

• National Cyber Director’s office elevates key personnel

• Hackers gained access to Samsung customer data

• Crook busted after 3D printing gun parts

• Crook busted for 3D printing gun parts

• Latest Cyberthreats and Advisories – September 2, 2022

• Anonymous hacked Russian Yandex taxi app causing a massive traffic jam

• The Biden administration moves to make unions more accessible to federal contractors

• NIST to launch new guidance on security risks of telehealth and smart home integration

• Will cyber‑insurance pay out? – Week in security with Tony Anscombe

• Dashlane password manager deal: Save 50% on Premium

• Securing Containers With Seccomp Filters

• The Prynt Stealer malware contains a secret backdoor. Crooks steal data from other cybercriminals

• Revealed: US telcos admit to storing, handing over location data

• CFPB warns firms on poor cyber hygiene

• Louisiana becomes first state to receive internet for all grants

• Prynt Stealer Contains a Backdoor to Steal Victims’ Data Stolen by Other Cybercriminals

• Linux Systems Are a More Common Target as the Attack Surface Expands

• IoT Connectivity – Understanding the role of SIM and eSIM in IoT

• Google Chrome Vulnerability Lets Sites Quietly Overwrite Clipboard Contents

• US Police Deployed Obscure Smartphone Tracking Tool With No Warrants

• Our integration with Attivo is going really, really well, says SentinelOne CEO

• French tax office uses AI to find swimming pools

• CISA, NSA, and ODNI Release Part One of Guidance on Securing the Software Supply Chain

• Mozilla Releases Security Update for Thunderbird

• TikTok Android Vulnerability Identified by Microsoft

• Infrastructure Used in Cisco Hack is the same used to Target Workforce Management Solution Firm

• BianLian Ransomware Rising Across Networks

• NSA to developers: We’ve got some software supply chain security tips for you

• Addressing the cybersecurity talent gap: New programs from (ISC)2

• CISA, NSA, and ODNI Release Part One of Guidance on Securing the Software Supply Chain

• Mozilla Releases Security Update for Thunderbird

• Ex-NSA Trio Who Spied On Americans For UAE Now Banned From Arms Exports

• PyPi Supply Chain Attack Actors Have Been Active Since Late 2021

• How Will Meta Treat Personal Data After High Court’s Abortion Ruling?

• Cops Wanted To Keep Mass Surveillance App Secret

• Credential Phishing Attack Targeted 16,000 Emails At Non-Profit Agency

• Imperva Boosts Connectivity with New PoP in Manila

• New method to systematically find optimal quantum operation sequences for quantum computers developed

• Buzzing in the Background: BumbleBee, a New Modular Backdoor Evolved From BookWorm

• What Benefits are 5G Networks Bringing to Companies?

• The 14 best Labor Day 2022 security camera deals

• Warning: PyPI Feature Executes Code Automatically After Python Package Download

• The Ultimate Security Blind Spot You Don’t Know You Have

• JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users

• Indian court directs chat app Telegram to disclose details of copyright infringers

• Enrollment Is Open for Free One Million Certified in Cybersecurity

• FBI Cyber Experts to Examine Attacks on Montenegro Government Infrastructure

• Over 1800 Mobile Apps Found Exposing AWS Credentials

• JuiceLedger Hacker Linked to First Phishing Campaign Targeting PyPI Users

• When remains are found in a suitcase, forensics can learn a lot from the insects trapped within

• TikTok Users Were Vulnerable to a Single-Click Attack

• Another Ransomware For Linux Likely In Development

• Montenegro is the Victim of a Cyberattack

• Platforms Are Testing Self-Regulation in New Zealand. It Needs a Lot of Work.

• Climate Justice and Loss and Damage in the Pakistan Flood Crisis

• Sephora fined for violating CCPA — what it means for data protection

• NSA to developers: We’ve got some software supply chain security tips for you

• New Ransomware Group BianLian Activity Exploding

• Experts link Raspberry Robin Malware to Evil Corp cybercrime gang

• SpaceX Wins $1.4 Billion Contract For Five More NASA Launches

• Cloud Computing and Cybersecurity: Risk Factor and Prevailing Trends

• Report: SaaS app spending up, but security lags behind

• Amazon Loses Attempt To Overturn Staten Island Union Election

• A Windows 11 Automation Tool Can Easily Be Hijacked

• Sharkbot is back in Google Play

• GM’s Cruise Recalls Self-Driving Software After Crash

• Google Chrome issue allows overwriting the clipboard content

• TikTok Vulnerability Discovered on Android

• Back to school cyber security tips

• 3 multicloud lessons for cloud architects

• DESFA Suffer Another Cyberattack

• UK Government Releases New AI Security Guidance

• CISA, NSA and npm Release Software Supply Chain Guidance

• Government Releases New AI Security Guidance

• New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers

• Chile and Montenegro Floored by Ransomware

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows ?

• Google Chrome Bug Lets Sites Write to Clipboard Without Asking

• Attack infrastructure used in Cisco hack linked to Evil Corp affiliate

• Google Chrome Bug Lets Sites Silently Overwrite System Clipboard Content

• Best practices for Kubernetes security in the enterprise market

• Malicious DNS traffic targets corporate and personal devices

• WatchGuard Firewall Exploit Threatens Appliance Takeover

• Twitter Edit button can allow hackers to manipulate Tweets

• These are the general myths about Ransomware

• HelpSystems Acquires Outflank, Further Empowering Customers to Thwart Cyberattacks with Advanced Adversary Simulation Services, Offensive Security Tooling, and Training Services

• ERI Senior Operations Director Justin LeDoux Named to i-SIGMA Certification Review Board

• Latest Cyberthreats and Advisories – August 26, 2022

• Deploying a Modern Card Program – Card Issuing Platform

• AT&T and Lookout expand partnership with launch of Lookout AlienApp

• Styra Repo Scan lets customers shift their security policy left

• CIOs find it most difficult to solve cybersecurity challenges

• Companies underestimate number of SaaS applications in their environment

• The Army wants smarter sensors to ease soldiers’ ‘cognitive burden’

• VerSprite adopts Stellar Cyber’s Open XDR platform to boost its managed security service offering

• Ex-NSA trio who spied on Americans for UAE now banned from arms exports

• A Mar-a-Lago Showdown in Federal Court

• Kim Anstett joins Trellix as CIO

• Unit4 appoints Jean de Villiers as Chief Customer Officer

• Controversial Kids’ Code aims to keep children safe online

• Data broker sued for allegedly selling individuals’ sensitive location data

• What is a keylogger?

• TikTok vulnerability could have allowed hijackers to take over accounts

• Apple releases security update for iPhones and iPads to address vulnerability

• Housing agency didn’t complete cyber orders from DHS, report says

• Smartphone Alternatives: Ease Your Way into Your Child’s First Phone

• NSA, CISA and ODNI release new software supply chain guidelines for developers

• Feds to update standards on race and ethnicity data collection

• Tired of being tracked online? DuckDuckGo’s Email Protection can help

• California Passes New Bill Protecting Children’s Privacy On Facebook

• Researchers analyzed a new JavaScript skimmer used by Magecart threat actors

• Why ‘erasure’ could be key to practical quantum computing

• IT Security News Daily Summary 2022-09-01

• State, local agencies to test geographic accuracy of emergency alerts

• Traffers threat: The invisible thieves

• Threat Actor Phishing PyPI Users Identified

• Neopets Hackers Had Network Access for 18 Months

• The Chatter Podcast: Leadership, Sports, and Intelligence Innovation with Sue Gordon, from the Chatter Archive

• Top Cybersecurity Startups to Watch in 2022

• Skyrocketing IoT Bug Disclosures Put Pressure on Security Teams

• Why diversification leads to a better financial return and better encryption

• New Guidelines Spell Out How to Test IoT Security Products

• Hollywood’s Insistence on New Draconian Copyright Rules Is Not About Protecting Artists

• Big Banks vs. Big Tech: Who Is Liable For Online Fraud?

• How to boost your browser’s privacy with DuckDuckGo Privacy Essentials

• How to create and add an SPF record for email authentication

• Credential stuffing cyber attacks targeting home IP addresses

• Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects

• EVERYONE is Part of the Security Team and Solution

• Source Code Protection Market

• Google Aims to Expand Bug Bounties to its Open Source Projects

• Wildfire maps underscore risks — and costs — of climate change

• How one state bakes cyber into disaster response planning

• Tech Tool Offers Police ‘Mass Surveillance on a Budget’

• S3 Ep98: The LastPass saga – should we stop using password managers? [Audio + Text]

• CISA releases two Industrial Control Systems Advisories

• Apple Releases Security Updates for Multiple Products

• UK Watchdog Deepens Probe Into Microsoft’s $69bn Activision Purchase

• Raspberry Robin and Dridex: Two Birds of a Feather

• Researcher unveils smart lock hack for fingerprint theft

• Source Code of Over 1800 Android and iOS Apps Gives Access to AWS Credentials

• CISA releases two Industrial Control Systems Advisories

• Apple Releases Security Updates for Multiple Products

• Old iPhones And iPads Stuck On iOS 12 Get A Patch For A Serious Security Hole

• US Chip Makers Hit By New China Export Rule

• DoD Grants Fund Security Research For Maritime Industry

• Hacker Discovers How To Remotely Pwn A Game Boy Using Pokemon Crystal After 22 Years

• Hackers Target Politicians With Fake News Website

• Over A Third Of Parents Do Not Know What Online Accounts Their Children Use

• 4 Critical Factors In Software Due Diligence Audits For Mergers & Acquisitions (M&A)

• Finland To Offer Businesses Cybersec Vouchers In Wake Of Nato-related Attacks – 4 Experts Offer Perspective

• ECS Wins $53M Recompete Supporting US Transportation Command’s (USTRANSCOM) Global Air Transportation Execution System (GATES)

• Pros and cons of cybersecurity automation

• XDR: Why open is better than closed

• Cybersecurity certifications: Part of your cybersecurity journey

• A pragmatic approach to risk management & resilience

• Arm Sues Qualcomm And Nuvia Unit For Licence Infringement

• Snake Keylogger Returns with New Malspam Campaign Targeting IT Firms

• Amazon-Microsoft rivalry now turns to $1B NGA contract

• VMware looks to tap growing APAC need for multi-cloud management

• Ragnar Locker Ransomware Targets Energy Sector, Cybereason Suggests

• Malicious Chrome Extensions Siphoning Data from 1.4 million Users

• Chrome Bug Allows Webpages to Replace Clipboard Contents

• Hardcoded AWS Credentials in 1,800 Mobile Apps Highlight Supply Chain Issues

• Deep Dive Into Ragnar Locker Ransomware Targeting Critical Industries

• Cyber Safety for Summer Vacation

• Microsoft discloses ‘high-severity’ TikTok vulnerability

• Apple Quietly Releases Another Patch for Zero-Day RCE Bug

• Stop Worrying About Passwords Forever

• Ragnar Locker ransomware gang claims to have stolen data from TAP Air Portugal

• Are you getting the most out of your security platform investment?

• Vulnerability Fixed in Azure Synapse Spark

• Hacker’s Spread ModernLoader, XMRig Miner Malware

• Chinese Hackers Target Energy Firms Across The Globe

• Breaking Down e-commerce Fraud – The Five Pillars of Fraud

• How a LinkedIn Job Ad Led to the World’s Largest Cryptocurrency Heist

• Twitter Trials Edit Tweet Function

• What is a parental control app and what are your options

• FBI issues warning after crypto-crooks steal $1.3 billion in just three months

• Apple Releases Update for iOS 12 to Patch Exploited Vulnerability

• A Return to the Classification Status of Trump’s Mar-a-Lago Documents

• An in-Depth Guide to Lateral Movement in Cybersecurity

• Trump’s Truth Social Remains Barred On Google Play Store

• Chinese Hackers ScanBox Framework To Deploy Malware on Selected Targets

• (ISC)(2) Launches ‘Certified in Cybersecurity’ Entry-Level Certification to Address Global Workforce Gap

• What Should Customers Ask Managed Service Providers?

• Ransomware Gang Claims Customer Data Stolen in TAP Air Portugal Hack

• Real-World Cloud Attacks: The True Tasks of Cloud Ransomware Mitigation

• 1,859 Android and iOS apps were containing hard-coded Amazon AWS credentials

• Linux devices ‘increasingly’ under attack from hackers, warn security researchers

• Apple just delivered an important security patch for these older iPhones

• Microsoft: This bug in TikTok’s Android app could have allowed one-click account hijack

• Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks

• In Defense of the Global, Open Internet

• A New Cyberattack on TAP Air Portugal

• Sephora Fined $1.2 Million for Breaching CCPA and Selling User Data

• Clever Phishing Scam Uses Legitimate PayPal Messages

• Does Blockchain really offer Better Digital Security?

• Ransomware Attacks Target Government Agencies in Latin America

• IT and Employees Don’t Always See Eye to Eye on Cybersecurity

• The Cybersecurity Workforce Climate in Asia

• US Instructs AMD, Nvidia To Halt AI Shipments To China

• Cuba Ransomware Hackers Claim Montenegro Government Attack

• Two-Factor Authentication Evaluation Guide

• The US May Soon Learn What a ‘Kid-Friendly’ Internet Looks Like

• Infra Used in Cisco Hack Also Targeted Workforce Management Solution

• Over 1,800 Android and iOS Apps Found Leaking Hard-Coded AWS Credentials

• Why Cyber Security is Creating a Competitive Advantage

• iOS 12 Update for Older iPhones Patches Exploited Vulnerability

• Careless Errors in Hundreds of Apps Could Expose Troves of Data

• Security Serious Unsung Heroes Awards 2022 Seeking Nominations for Extraordinary People in Cybersecurity

• Intro to blockchain consensus mechanisms

• Here’s how 5 mobile banking apps put 300,000 users’ digital fingerprints at risk

• Standards Body Publishes Guidelines for IoT Security Testing

• FBI is helping Montenegro in investigating the ongoing cyberattack

• Detected Cyber-Threats Surge 52% in 1H 2022

• Over a Third of Parents Do Not Know What Online Accounts Their Children Use

• How Digital Receipts Will Drive Customer Engagement

• Metaverse Broadband Infrastructure Security

• Microsoft Finds Account Takeover Bug in TikTok

• Development of secure software now an imperative for global DevOps teams

• Which Is Better: Apple’s Hide My Email or DuckDuckGo Email Protection?

• Why Using DNS for Protection Should Be Your First Line of Defense

• Apple released patches for recently disclosed WebKit zero-day in older iPhones and iPads

• Microsoft Discover Severe ‘One-Click’ Exploit for TikTok Android App

• START Confirms Data Breach

• That ‘Clean’ Google Translate App is Actually Windows Crypto-mining Malware

• Do you know what your supply chain is and if it is secure?

• Oh no, that James Webb Space Telescope snap might actually contain malware

• Dealing with cyber threats in the energy sector: Are we on the right path?

• Inside Fog Data Science, the Secretive Company Selling Mass Surveillance to Local Police

• How Law Enforcement Around the Country Buys Cell Phone Location Data Wholesale

• What is Fog Data Science? Why is the Surveillance Company so Dangerous?

• Fog Revealed: A Guided Tour of How Cops Can Browse Your Location Data

• How Ad Tech Became Cop Spy Tech

• Apple to provide secure satellite internet to iPhone 14 users

• UK amends cybersecurity rules for Telecom Service Providers

• How Just-in-Time privilege elevation prevents data breaches and lateral movement

• 7 metrics to measure the effectiveness of your security operations

• Defense and Development: Key points from The Complete Guide to Application Security for PCI-DSS

• Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability

• Infosec products of the month: August 2022

• Does your cybercrime prevention program work?

• LabMD gets another shot at defamation claim against ‘extortionate’ infosec biz

• It’s official: Biden formalizes average 4.6% pay raise plan for feds in 2023

• iMobie AnyUnlock 2.0 enables users to solve iOS password issues

• Palo Alto Networks unveils innovations in Prisma SASE to improve security posture for customers

• FBI: Look out, crooks stole $1.3b in cryptocurrency in just three months this year

• A Justice Department Show of Force in the Mar-a-Lago Case

• European Spyware Vendor Offering Android and iOS Device Exploits

• Final Fantasy 14 players targeted by QR code phishing

• How to set up an iPhone for your kids

• James Webb telescope images used to hide malware

• Malwarebytes receives highest rankings in recent third-party tests

• Secureworks partners with Netskope and SCADAfence to protect users against threats

Generated on 2022-09-02 23:55:24.815852