IT Security News Monthly Summary – September

• IT Security News Daily Summary 2022-08-31

• Twitter and TikTok’s data privacy controversies show the dangers of third-party apps

• NASCIO selects 31 finalists for state IT recognition awards

• Google Fixes 24 Vulnerabilities With New Chrome Update

• Malicious Google Chrome extensions affect 1.4 million users

• CVSS Vulnerability Scores Can Be Misleading: Security Researchers

• Crypto-Crooks Spread Trojanized Google Translate App in Watering-Hole Attack

• Google Fixes 24 Vulnerabilities with New Chrome Update

• Governments have ‘headroom’ to improve CX

• URGENT! Apple quietly slips out zero-day update for older iPhones

• Judge Rules That It’s OK For FBI To Grab User Data From Facebook

• Threat actors breached the network of the Italian oil company ENI

• A Lawfare Hacking and Cybersecurity Course

• CACI-led team wins $5.7B Air Force enterprise IT pact

• International Overdose Awareness Day: The role of data and analytics in educating the public and improving community health

• Cyemptive Returns to Compete in 2022 ‘ASTORS’ Awards Program

• DHS watchdog digs into uneven cyber awareness training, outdated policies

• $4M in city’s federal housing funds stolen through email scam

• Local election offices often are missing on social media – and the information they do post often gets ignored

• (ISC)² Closing the Cybersecurity Workforce Gap

• FTC lawsuit spotlights a major privacy risk: From call records to sensors, your phone reveals more about you than you think

• James Webb Telescope Images Loaded With Malware Are Evading EDR

• Is Blockchain Useful To The Gaming Industry?

• Data privacy truly matters to your customers. It’s time to make it a core business value

• Malicious Google Chrome extensions affect 1.4 millions users

• FBI’s Team to Investigate Massive Cyberattack in Montenegro

• OpenText Goes All-in on Cybersecurity Size and Scale With Micro Focus Purchase

• Rivals Slam Microsoft Over Licence Change

• Hackers spreading malware through images taken by James Webb Space Telescope

• How identity verification infrastructure as a service thwarts identity theft

• Lack of equitable data is harming underserved communities, US chief data scientist says

• (ISC)² Opens Global Enrollment for ‘1 Million Certified in Cybersecurity’ Initiative

• GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

• Ransomware Gang Access Water Supplier’s Control System

• FBI: Crooks Are Using These DeFi Flaws To Steal Your Money

• China-Linked APT40 Gang Targets Wind Farms, Australian Government

• Kiwi Farms Offline Due to Targeted DDoS Attacks

• Harnessing the Power of eSIM: How consumer eSIM technology can unlock massive IoT

• Record Expansion in Existing Customer Base and New Strategic Partnerships Drive SecZetta Q2 Revenue Growth

• How does robust cybersecurity add value to a business?

• Announcing: Code-free API log collection and parser creation

• TikTok for Android Bug Allows Single-Click Account Hijack

• Tackling the Growing and Evolving Digital Attack Surface: 2022 Midyear Cybersecurity Report

• Golang-based Malware Campaign Relies on James Webb Telescope’s Image

• Two New Trends Make Early Breach Detection and Prevention a Security Imperative

• Vulnerability in TikTok Android app could lead to one-click account hijacking

• Nelnet Servicing breach over 2.5 Million Student Loan Data

• 1.4 Million Times Installed Chrome Extensions Steal Browsing Data

• BlackHat USA 2022: Devils Are in the File Descriptors

• XDR vs. MDR: How to pick the right one for your security needs

• Final Thoughts on Ubiquiti

• Evil Corp and Conti Linked to Cisco Data Breach, eSentire Suggests

• Snap To Axe 20 Percent Of Staff – Report

• If the Ethereum Merge Fails, L2s Will Be More Vital Than Ever

• Why MDR Has Become Integral to Modern Cybersecurity Strategies is a new ESG Showcase Report Available Now

• UK Imposes Tough New Cybersecurity Rules for Telecom Providers

• Experts spotted five malicious Google Chrome extensions used by 1.4M users

• High-School Graduation Prank Hack

• Become an (ISC)² Candidate – No Exam, Experience or Fees Required

• Meta To Shutter Facebook Gaming App

• The Inevitability of Cloud Breaches: Tales of Real-World Cloud Attacks

• The Justice Department Indicted Russian National Alexander Ionov. Why Now?

• The Costs of Social Inequality for Military Effectiveness

• Nelnet Data Breach Exposes Millions Of Student Loan Accounts

• UK Government Lays Out Plans To Protect Telecoms Networks Against Cyber Attacks

• 1.4 Million Users Install Chrome Extensions That Inject Code Into eCommerce Sites

• How to take control over your digital legacy

• Intel Selects Check Point Quantum IoT Protect for RISC-V Platform

• SecureAuth Announces General Availability of Arculix, Its Next-Gen Passwordless, Continuous-Authentication Platform

• China-linked APT40 used ScanBox Framework in a long-running espionage campaign

• Scammers Targeting Thousands Of Children As Young As Six, Figures Show

• Agenda, a New Golang Ransomware, Is on the Loose

• Cyber Attacks Are Now the #1 Cause of Data Loss

• Stop Ransomware with Microsoft Security digital event presents threat intelligence in action

• Delayed NASA Artemis 1 Moon Mission Set For Saturday Launch

• Cybercriminals Released Mini Stealer’s Builder & Panel for Free on a Cybercrime Forum

• Student Loan Breach Exposes 2.5M Records

• You’re Not Stringer Bell, but You May Still Need a Burner Phone

• Know Thyself: 10 Ways to Discover Your Work Environment Needs and What It’s Really Like to Work at Cisco

• Google invites bug hunters to scrutinize its open source projects

• How You Can Benefit from a Smart Thermostat?

• Microsoft: Take these three steps to protect your systems from ransomware

• SecurityWeek to Host CISO Forum Virtually September 13-14, 2022: Registration is Open

• WordPress 6.0.2 Patches Vulnerability That Could Impact Millions of Legacy Sites

• Chrome patches 24 security holes, enables “Sanitizer” safety system

• Expert Advise Inlight Of Gloucester Council Cyberattack

• Are virtual collaboration tools a necessary evil for enterprises? How to mitigate the risk

• Government Lays Out Plans To Protect Telecoms Networks Against Cyber Attacks

• The 4 Most Common OWASP API Security Threats

• Cybercriminals Apparently Involved in Russia-Linked Attack on Montenegro Government

• Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users

• 79% of the Companies only Invest in Cybersecurity after Hacking Incidents

• Why Is Web Design Essential To Your Brand’s Online Presence?

• Decisions on health data sharing should not be taken by politicians, citizen juries find

• NHS Ransomware Attacks leading to accumulation of medical records

• Apple Privacy Head Steps Down – Report

• Cost of a Data Breach: Retail Costs, Risks and Prevention Strategies

• VMware must assure APAC customers Broadcom acquisition won’t repeat history

• Apple Fixed a Serious iOS Security Flaw—Have You Updated Yet?

• China was spying on Australian defense servers for months

• Chrome 105 Patches Critical, High-Severity Vulnerabilities

• Companies struggle to govern their new cloud environments

• Elon Musk Seeks Court Delay After Twitter Whistleblower Claims

• Google’s new bug bounty program targets open-source vulnerabilities

• Initiative Aims to Encourage Diverse Talent into Cyber

• Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks

• Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope

• Ukrainian Police Bust Crypto Fraud Call Centers

• ICO Pursues Traffic Accident Data Thieves

• Russian streaming platform Start discloses a data breach impacting 7.5M users

• FBI Alerts of Rise in Attacks Targeting DeFi Platforms

• Cyber Security Management System (CSMS) for the Automotive Industry

• 5 open-source vulnerability assessment tools to try out

• Should ransomware payments be banned? A few considerations

• Organizations security: Highlighting the importance of compliant data

• China-linked APT40 gang targets wind farms, Australian government

• Establishing a mobile device vulnerability management program

• 1 in 3 organizations don’t know if their public cloud data was exfiltrated

• Chinese Hackers Used ScanBox Framework in Recent Cyber Espionage Attacks

• VMware unveils new innovations to improve networking and security for multi-cloud

• Lumen SASE Solutions centralize network and security policy management

• Ransomware gangs’ favorite targets

• Greater App Security with Face Verification

• Chromium browsers can write to the system clipboard without your permission

• British Airways customers targeted in lost luggage Twitter scam

• VMware and IBM strengthen partnership to help clients modernize mission-critical workloads

• Phosphorus collaborates with CyberKnight to expand its presence in the MEA region

• Ardalyst and Mandiant join forces to protect organizations against cyber threats

• Privacy, please! Why a VPN on your smartphone may be a smart move for you.

• Tech knowledge: Parents believe their children have overtaken them

• TikShock: Don’t get caught out by these 5 TikTok scams

• Find a security hole in Google’s open source and you could bag a $31,337 reward

• Bright Data expands leadership team to advance its strategic goals

• New ODGen Tool Unearths 180 Zero-Days in Node.js Libraries

• How Odessa delivers broadband to homes and businesses at no cost to the city

• IT Security News Daily Summary 2022-08-30

• Audit finds trouble in SSA’s agile software development

• Lawmakers Press Facebook For More Information On Communication With The FBI

• Text to Give v/s Mobile Giving Apps: Which One is Better?

• New Security for a World Where Everyone and Everything Are Connecting

• Commerce watchdog to probe $340M cloud program

• How Odessa delivers broadband to every home and business at no cost to the city

• Don’t Let ‘Perfect’ Be the Enemy of a Good AppSec Program

• Electric school buses are taking students back to school – bringing cleaner air and lower maintenance costs to school districts across the country

• Malicious Chrome Extensions Plague 1.4M Users

• Nitrokod Crypto Miner Hiding in Fake Microsoft and Google Translate Apps

• How new CISOs should take on today’s growing threatscape

• 25 Gbps internet service now available in Chattanooga

• The 9 best Labor Day 2022 security camera deals

• Google’s new bug bounty program targets open source vulnerabilities

• Cyber Insurance: a fast-changing landscape

• 2022-08-30 – Follow-up traffic from Bumblebee infection

• FTC sues location data collector, alleging lax security

• Lax data privacy rules may expose consumer location information

• Akasa Air Confirmed a Data Breach to CERT-In

• White House seeks input on federal evidence agenda for LGBTQI+ equity

• In war on disinformation, a dubious crusader joins the fight — the government

• CrowdStrike is a growth company that’s a dangerous investment, says Joule Financial’s Quint Tatro

• The 3 best free VPNs (and why you get what you pay for)

• JavaScript bugs aplenty in Node.js ecosystem – found automatically

• Chinese Hackers Target Energy Sector in Australia, South China Sea

• Hackers Sell Classified Data of Missile Firm MBDA, NATO Launches Investigation

• New NASA IT contract may consolidate 10 programs

• EFF Calls for Limiting Mandatory Cooperation, Safeguarding Human Rights in International Cybercrime Investigations as Talks Resume for Proposed UN Cybercrime Treaty

• Google Introduces Bug Bounty Program for Open-Source Software

• ModernLoader Delivers Stealers, Cryptominers and RATs Via Fake Amazon Gift Cards

• Security Culture: An OT Survival Story

• A new Google bug bounty program now covers Open Source projects

• Recent grads often don’t consider federal employment, survey says

• CISA Releases 12 Industrial Control Systems Advisories

• 2.5M People Had Their Student Loan Accounts Data Stolen

• CISA Updates its Database With 10 New Actively Exploited Vulnerabilities

• Powering Up the Energy Sector’s Security Posture

• Watering Hole Attacks Push ScanBox Keylogger

• Academics Devise Open Source Tool For Hunting Node.js Security Flaws

• Baker & Taylor’s Systems Remain Offline a Week After Ransomware Attack

• CISA Releases 12 Industrial Control Systems Advisories

• HHS Alerts Healthcare Workers on Karakurt Ransomware Group

• FBI: Crooks are using these DeFi flaws to steal your money

• Cohesity Research Reveals that Reliance on Legacy Technology Is Undermining How Organizations Respond to Ransomware

• Cyber Signals: 3 strategies for protection against ransomware

• Nitrokod Crypto Miner Infected 111K+ Users with Replica of Popular Software

• How Technology Can Think Globally and Act Locally to Inform Global Cyber Policies

• How 1-Time Passcodes Became a Corporate Liability

• Phishing Campaign Targets PyPI Users to Distribute Malicious Code

• Three campaigns delivering multiple malware, including ModernLoader and XMRig miner

• Atlassian Bitbucket Flaw Allows Any Miscreant To Hijack Servers

• Data Company Sued By US Government Amid Fears Of Sensitive Location Tracking

• Have 3rd Party Hacking Groups Lost Interest In The Russia Ukraine Conflict

• Google Play To Ban Android VPN Apps From Interfering With Ads

• ieGeek Vulnerabilities Still Prevalent In 2022

• How to Support Agile Development Through Cybersecurity Best Practices

• Azure private MEC—A thriving partner ecosystem

• Why Do You Need a Bot Protection Solution for Your Business?

• 10 must-have cybersecurity skills for career success in 2022

• 20 free cybersecurity tools you should know about

• Cryptominer Disguised as Google Translate Targeted 11 Countries

• ‘Cyclops Blink’ Shows Why the SEC’s Proposed Cybersecurity Disclosure Rule Could Undermine the Nation’s Cybersecurity

• This sneaky malware hides on your PC for a month before going to work

• Building a Strong SOC Starts With People

• Hands-on Review: Stellar Cyber Security Operations Platform for MSSPs

• Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers

• On Emails, PowerPoints, Sovereign Immunity, and Testimony From Governor Kemp

• New Malware Campaign Disguised as Google Translate Distribute Cryptocurrency Miner

• Google Launches Bug Bounty Program for Open Source Projects

• Chinese Hackers Target Energy Firms in South China Sea

• Cerberus Sentinel Announces Acquisition of CUATROi

• A study on malicious plugins in WordPress Marketplaces

• 3 Cybersecurity Trends for 2022

• US-based CISOs get nearly $1 million per year

• Is It Worth It to Use an IT Recruitment Agency?

• #ISC2Congress: Empower Your Career

• FBI Issues Warning About Increase in Attacks Against DeFi Platforms

• Enabling Global-Scale Digital Trust | Avast

• How and Why Do Teens Become Cyber Criminals?

• Nearly 90% Of Americans Are Afraid Of Falling Victim To Cybercrime

• A Peek Into CISA’s Post-Quantum Cryptography Roadmap

• LinkedIn New Hacking Scam

• NATO Investigates Security Breach

• Dell, Nvidia and VMware partner to boost data center speed

• VMware aims to improve security visibility with new services

• FTC Sues Data Broker

• Announcing Google’s Open Source Software Vulnerability Rewards Program

• What Are the 8 Workflow Stages?

• Google launches vulnerability reward program to secure open-source software

• Pwn2Own Offers $100,000 for Home Office Hacking Scenario

• FBI Warns of Surge in Attacks Targeting DeFi Platforms

• New Go-based Ransomware ‘Agenda’ Delivers Customized Attacks

• Google Launches Major Open Source Bug Bounty Program

• China’s SMIC ‘Has Achieved’ 7nm Chip Breakthrough

• Amazon Shuts Down Amazon Care In ‘Strategic’ Healthcare Move

• Automation is the ultimate cloud security tip

• That ‘clean’ Google Translate app is actually Windows crypto-mining malware

• Cyber Security Managed Services 101

• Everything You Need to Know About CI/CD and Security

• World’s largest distributors of books Baker & Taylor hit by ransomware

• Nearly Half of Breaches During First Half of 2022 Involved Stolen Credentials

• Akasa Air Suffers Data Leak on First Day of Operation

• NASA Cancels Artemis I Moon Rocket Test Launch

• Instagram Says It Never Shares Precise User Location

• Twitter, Musk Subpoena Whistleblower Over Bot, Security Issues

• European Commission ‘Will Not Appeal’ Qualcomm Fine Dismissal

• FBI: Hackers Are Exploiting DeFi Bugs to Steal Funds

• India’s Newest Airline Akasa Air Found Leaking Passengers’ Personal Information

• Privacy Center: How to Take Control of Consumer’s Data?

• DDoS activity launched by patriotic hacktivists is on the rise

• Cryptocurrency Mining Campaign Goes Undetected Since 2019

• UK Spies Fund New Course for Female Coders

• Citizenship By Investment Programs – Why are they becoming increasingly popular?

• Looking for adding new detection technologies in your security products?

• Twitter, Meta Take Down ‘US-Based’ Propaganda Campaign

• How BEC attacks on human capital management systems are increasing

• Can your passwords withstand threat actors’ dirty tricks?

• FBI Warns Investors to Take Precautions with Decentralized Financial Platforms

• Nine cyber-attack news headlines trending on Google

• AI robots are a threat to the HR Department

• Crooks are increasingly targeting DeFi platforms to steal cryptocurrency

• FTC Sues Data Broker Over Selling Location Data for Hundreds of Millions of Phones

• Iranian state-sponsored Actors Exploiting Log4j 2 Flaws in Unpatched Systems

• Outdated infrastructure not up to today’s ransomware challenges

• How automation can solve application development challenges

• Product showcase: The Stellar Cyber Open XDR platform

• START – 7,455,386 breached accounts

• Americans Support Law Enforcement and Oppose Defunding the Police

• FTC Accuses Data Broker of Selling Sensitive Location Data

• Elon Musk Subpoenas Twitter Whistleblower Ahead of Trial

• Cloudentity introduces webhook feature to enhance security for users and businesses

• Google Play to ban Android VPN apps from interfering with ads

• A week in security (August 22 – August 28)

• Twilio data breach turns out to be more elaborate than suspected

• Playing Doom on a John Deere tractor with Sick Codes: Lock and Code S03E18

• Lookout hires Deborah Wolf as CMO

• Pindrop appoints Marc Diouane as President and COO

• NetApp and VMware expand partnership to help customers solve their multi-cloud challenges

• Researchers discover way to impersonate Okta user in popular cloud environments

• Block YouTube On School Devices | Avast

• Millennials and Online Scams | Avast

• Singapore clocks higher ransomware attacks, warns of IoT risks

• Sliver offensive security framework increasingly used by threat actors

• Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users

• IT Security News Daily Summary 2022-08-29

• Control insider threats with data loss prevention and user activity monitoring

• Collaboration, training key to local gov cyber defense, officials say

• corporate governance

• US FTC sued US data broker Kochava for selling sensitive and geolocation data

• Defense Department Finally Prioritizes Civilians in Conflict

• What Can We Learn From The OpenSea Data Breach?

• Password Manager With 25 Million Users Confirms Breach, Expert Weighs In

• Microsoft 365 Business Users Targeted With New DocuSign Phishing Scam

• 64% Of Businesses Suspect They’re Targets Of Nation-State Attacks- Expert Comments

• Facebook Agrees To Settle Cambridge Analytica Data Privacy Lawsuit At The Last Minute

• Content Anarchy: The Lurking Security Risk in A Digital-First World

• Crisis Point

• What Are the Top 10 Android Educational Apps That Collect Most User Data?

• OMB prioritizes CX in budget planning

• Receipt for €8M iOS Zero-Day Sale Pops Up on Dark Web

• +Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users

• HHS dinged on security from all sides

• Digital hygiene, cyber workforce needed to combat ransomware

• Former NY state employee admits to identity theft, abusing IT access

• Security investment, toolchain consolidation emerge as top priorities

• New Golang-based ‘Agenda Ransomware’ Can Be Customized For Each Victim

• Securing identities in the cloud: 2 new studies give us the state of play

• The LastPass breach could have been worse — what CISOs can learn

• What’s going on at NITAAC

• Critical hole in Atlassian Bitbucket allows any miscreant to hijack servers

• Okta Impersonation Technique Could be Utilized by Attackers

• Over-the-Horizon Drones Line Up But Privacy Is Not In Sight

• NHS 111 Cyberattack may Harm Patients Privacy

• Whistleblower Charged Twitter for Cybersecurity Misconduct

• LastPass source code breach – do we still recommend password managers?

• From bits to p-bits: One step closer to probabilistic computing

• Over-the-horizon drones line up but privacy is not in sight

• Karl Mathias settles in at HHS

• 3 Ways No-Code Developers Can Shoot Themselves in the Foot

• Wireless tech monitors soil moisture in real time

• 77% Of Security Leaders Fear We’re In Perpetual Cyberwar Now

• Governments Embrace Internet Shutdowns As A Form Of Control

• You Can Now Play Doom In The Tamagotchi-Like Hacking Device

• Elon Musk Subpoenas Twitter Whistleblower, Seeking Info On Spam, Security

• Politics and Prosecutorial Discretion in the Trump Case

• Evaluating the Jan. 6 Committee’s Evidence

• Over-the-horizon drones lineup but privacy is not in sight

• Crypto miners’ latest techniques

• Cyber-Insurance Firms Limit Payouts, Risk Obsolescence

• Hackers Make Fake Cthulhu Website to Distribute Malware

• Multilingual Cybersecurity Awareness Training adapted for your needs

• Blackhat USA 2022: Return to Sender – Detecting Kernel Exploits with eBPF

• ‘Tape or Chewing Gum:’ Twitter’s Lapses Echo Worldwide

• Okta Says Customer Data Compromised in Twilio Hack

• Galois Open Sources Tools for Finding Vulnerabilities in C, C++ Code

• NATO Investigates Dark Web Leak of Data Stolen from Missile Vendor

• Twilio breach let attackers access Authy two-factor accounts of 93 users

• Kiwi Farms Goes Offline amid DDoS Attack and Hosting Issues

• A Beginner’s Guide to Understanding Encryption Vs Decryption

• Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

• How to protect your privacy on Reddit

• Levels of Assurance for DoD Microelectronics

• Cybersecurity Solution Highlights From Black Hat 2022

• How Cybersecurity Policy Has Changed Since the SolarWinds Attack

• Global Ransomware Damages to Exceed $30bn by 2023

• The 3 Questions CISOs Must Ask to Protect Their Sensitive Data

• US Cyber Command and NSA Partner On Defence Efforts For Midterms Elections

• Nitrokod crypto miner infected systems across 11 countries since 2019

• (ISC)² Certified in Cybersecurity Entry-Level Certification Officially Launches!

• Dell, Ericsson To End All Business In Russia

• What Is Encryption and How Does It Work?

• A CISO’s Ultimate Security Validation Checklist

• Nitrokod Crypto Miner Infected Over 111,000 Users with Copies of Popular Software

• LockBit Malware Group Threatens with Triple Extortion

• Tech Investors Mull Newport Wafer Fab Rescue Bid – Report

• Patch critical flaw in Atlassian Bitbucket Server and Data Center! (CVE-2022-36804)

• Details Disclosed for OPC UA Vulnerabilities Exploited at ICS Hacking Competition

• Malicious Plugins Found on 25,000 WordPress Websites: Study

• The Telegram-Powered News Outlet Waging Guerrilla War on Russia

• Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 22, 2022

• Printers: The underestimated danger inside your company

• COVID-19 data put for sale on the Dark Web

• Meta Settles Cambridge Analytica Lawsuit

• Fired Amazon Union Organiser Alleges Retaliation

• Samsung Germany Tells User To Smash SSD With Hammer

• Threat Actors Moving to Sliver Command-and-Control (C2) to Evade Detection

• Black Hat USA 2022 Continued: Innovation in the NOC

• Black Hat USA 2022: Creating Hacker Summer Camp

• CISA adds 10 new flaws to its Known Exploited Vulnerabilities Catalog

• NetworkManager 1.40 released, features 600 patches

• Jack Dorsey – Biggest Twitter Regret Was Forming Company

• Twilio Breach Also Compromised Authy Two-Factor Accounts of Some Users

• Scammers used a deepfake AI hologram of Binance executive to scam crypto projects

• Resecurity partners with ECOMIL SAS to improve cybersecurity for Colombian organizations

• Software developers, how secure is your software ?

• COVID-19 data put for sale on Dark Web

• CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

• The complexity of modern aircraft cybersecurity

• Data security hinges on clear policies and automated enforcement

• North Korea Kimsuky accurately targets victims with malware

• Cyber Attack news headlines trending on Google

• PyPI Alerts of First-ever Phishing Campaign Against its Users

• Attackers changing targets from large hospitals to specialty clinics

• Creating cyber career opportunities during the talent shortage

• Microsoft 365 Empowers Business Users to Shoot Themselves in the Foot

• Rise in IoT vulnerability disclosures, up 57%

• NATO Probes Hackers Selling Data from Top Missile Firm MBDA

• Key Points from the IBM Cost of a Data Breach Report 2022

• Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit

• IT Security News Weekly Summary – Week 34

• IT Security News Daily Summary 2022-08-28

• How to protect your business from cyberattacks with XDR

• DoorDash Data Breach Linked with Twilio Hackers

• Ransomware Resiliency for Storage & Backup: Trends, Threats & Tips

• USMC Cyberspace Ops Redesignated to Information Maneuver OCCFLD

• Atlassian Bitbucket: Vulnerability Spotted Inside Data Center

• Iran Based MuddyWater Attacks Israel Companies

• Montenegro’s State Infrastructure Struck by Cyber Attack Officials

• Experts warn of the first known phishing attack against PyPI

• Cutting Off Financing for the Next Capitol Insurrection

• How to Prevent High Risk Authentication Coercion Vulnerabilities

• Security Affairs newsletter Round 381

• Week in review: RCE bug in GitLab patched, phishing PyPI users, Escanor malware in MS Office docs

• Penetration testing

• New Agenda Ransomware appears in the threat landscape

• How to reduce your exposure & secure your data in the cloud in 5 quick ways

• 5 Signs your WordPress Site is Hacked (And How to Fix It)

• All the Questions You Were Afraid to Ask About SBOM

• Elastic appoints Ken Exner as CPO

• IT Security News Daily Summary 2022-08-27

• Product Review: NISOS Executive Shield

• Collective Resilience in an Era of Data Traps, Digital Borders, and Techtonic Geopolitical Shifts

• DoorDash Data Breach -Third Party Vendor Blamed Over Phishing Attack

• Facebook Parent Settles Suit in Cambridge Analytica Scandal

• Why owning your cybersecurity strategy is key to a safer work environment

• A spyware Rival Intellexa Challenges NSO Group

• Over 130 Organizations Targeted in Okta Phishing Campaign

• Why your org should plan for deepfake fraud before it happens

• Twilio hackers also breached the food delivery firm DoorDash

• What Did We Learn from the Mar-a-Lago Search Warrant Affidavit?

• LastPass Developer Account Compromised, Data Stolen

• Binance Executive: Scammers Created a ‘Deep Fake Hologram’ of him to Fool Victims

• A US Propaganda Operation Hit Russia and China With Memes

• Montenegro Reports Massive Russian Cyberattack Against Govt

• When Windows Lies

• 10 Guidelines And Best Practices For Exceptional Logo Design

• Unprecedented cyber attack hit State Infrastructure of Montenegro

• 77% of security leaders fear we’re in perpetual cyberwar from now on

• Build or Buy your own antivirus product

• Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus

• Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations

• Most Important Cyber Threat Intelligence Tools For Hackers & Security Professionals 2022

• Latest Cyberthreats and Advisories – August 19, 2022

• Penetration Testing as a Service (PTaaS): the evolution of Penetration Testing at AT&T

• A pragmatic approach to risk management & resilience

• AT&T and Lookout expand partnership with launch of Lookout AlienApp

• Are cloud containers a sugar-coated threat?

• Weekly Update 310

• 4 Ways AI Capabilities Transform Security

• French hospital crippled by cyberattack – Week in security with Tony Anscombe

• Traffic overwhelms student loan sites following Biden’s debt relief announcement

• Adlumin promotes Jim Adams to CRO

• Daon collaborates with Neustar to reduce fraud and mitigate call spoofing

• Scammers Made Deepfake AI Hologram of Binance Executive

• Source code of password manager LastPass stolen by attacker

• Adware found on Google Play — PDF Reader servicing up full screen ads

• How IT leaders in Ukraine continue to innovate despite the war

• Critical flaw impacts Atlassian Bitbucket Server and Data Center

• Top Network Detection & Response (NDR) Solutions

• Michigan expands EV charging network with AI-powered partner

• One state maps out its drone-enabled future

• TechCrunch Launches Lookup Tool to Help Android Users Know if Their Device Was Compromised by a Family of Stalkerware Apps

• IT Security News Daily Summary 2022-08-26

• DHS looks to cyber self-assessments over CMMC model

• Autonomous receiver tracks fish to improve hydropower dam operations

• Cloud modernization requires ‘whole of government’ effort

• Could Your Company Survive a Ransomware Attack?

• Facebook Removes Pro-U.S. Disinformation Campaign

• Why the Twilio Breach Cuts So Deep

• Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center

• APIs and zero trust named as top priorities for CISOs in 2023

• Atlassian Ships Urgent Patch for Critical Bitbucket Vulnerability

• Trans Youths Need Data Sanctuary

• PyPI warns of first-ever phishing campaign against its users

• In the US, a new approach to counting overdoses

• August 2022 Web Server Survey

• Much-hyped effort to help DHS land cyber talent is slow to make hires

• LastPass Suffers Data Breach, Source Code Stolen

• Now Oktapus gets access to some DoorDash customer info via phishing attack

• Microsoft Alert: APT29 is Back With its New Tool MagicWeb

• Firefox 104 is out – no critical bugs, but update anyway

• Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access

• The FTC Ups the Ante for Federal Privacy Legislation

• Call for Nominations: 2022 Mike Lewis Prize for National Security Law Scholarship

• Austria: Google Breached a EU Court Order

• How to use confidential mode in Gmail to protect sensitive information

• Ransomware Attacks are on the Rise

• DoorDash customer info caught up in Oktapus arms

• Plex Breach: Alerts Users Must Reset Their Passwords

• AttackIQ Academy Wins 2022 SC Awards in Excellence for Best IT Security-related Training Program

• Latest Cyberthreats and Advisories – August 26, 2022

• New to Cybersecurity? Use These Career Hacks to Get a Foot in the Door

• LATEST CYBERTHREATS AND ADVISORIES – AUGUST 12, 2022

• Apple flaws put company networks at risk

• LastPass discloses data breach

• ‘Sliver’ Emerges as Cobalt Strike Alternative for Malicious C2

• Lloyd’s excluding nation-state cyber attacks from Cyber Insurance

• Yugabyte’s Fourth Annual Distributed SQL Summit to Feature Sessions Led by Database Experts From Fortune 500 Enterprises

• Iran-Based MuddyWater Targets Log4j 2 Vulnerabilities in SysAid Apps in Israel

• DoorDash Data Compromised Following Twilio Hack

• Twitter, Meta Remove Accounts Linked to US Influence Operations: Report

• The Case for Multi-Vendor Security Integrations

• LastPass Security Breach – Hackers Steal Company’s Source Code

• Embrace change! Chris’s McAfee Journey

• Here’s How to Steer Clear of Bot Accounts on Social Media

• LastPass attackers steal source code, no evidence users’ passwords compromised

• 8 best enterprise accounting software suites

• Cosmetics giant Sephora first to be fined for violating California’s Consumer Privacy Act

• TeamTNT Targeted Cloud Instances and Containerized Environments For Two Years

• LastPass Confirms Security Breach, No User Data Exposed

• Chinese Surveillance Camera Access Is Being Sold

• Nato Investigates Hacker Sale Of Missile Firm Data

• LastPass Source Code, Blueprints Stolen By Intruder

• A Massive Hacking Campaign Stole 10,000 Login Credentials From 130 Different Organizations

• LastPass Developer Account Hacked to Steal the Company’s Source Code

• Infosec4TC Platinum Membership: Cyber Security Training Lifetime Access

• Iranian Government Hackers Exploit Log4Shell in SysAid Apps for Initial Access

• Crypto Firms Say US Sanctions Limit Use of Privacy Software

• Ransomware Operator Abuses Anti-Cheat Driver to Disable Antiviruses

• 0ktapus Phishing Campaign Targets Okta Identity Credentials

• How DevSecOps Empowers Citizen Developers

• ‘No-Party’ Data Architectures Promise More Control, Better Security

• Microsoft: Iranian attackers are using Log4Shell to target organizations in Israel

• Capital One Joins Open Source Security Foundation

• Endpoint Protection / Antivirus Products Tested for Malware Protection

• Massive “0ktapus” Phishing Attack Hits Over 130 Organizations

• LastPass Confirms Hack And Theft Of Source Code

• A Hybrid Approach to Continuous Application Authorization

• Threatening clouds: How can enterprises protect their public cloud data?

• CISA: Action required now to prepare for quantum computing cyber threats

• Latest Cyberthreats and Advisories – August 26, 2022

• Twitter Ordered To Hand Over Data To Elon Musk

• CISA Urges Critical Infrastructure to Prepare for Post-Quantum Cryptography

• New ‘Agenda’ Ransomware Customized for Each Victim

• Security and Cheap Complexity

• LastPass breach: Source code, proprietary tech info stolen

• CISA: Vulnerability in ​​Delta Electronics ICS Software Exploited in Attacks

• Their Photos Were Posted Online. Then They Were Bombed

• SpaceX, T-Mobile To Connect Mobile Phones To Satellites

• What Is WBAdmin and How Does It Work?

• In conversation with Jamie Akhtar, CEO and co-founder of CyberSmart

• Cosmetics Giant Sephora to Pay $1m+ Privacy Settlement

• LastPass Reveal Security Incident

• Hackers Breach LastPass Developer System to Steal Source Code

• OpenText acquires Micro Focus for $6 billion in an all cash transaction

• Block Faces Class Action Suit After 2021 Breach

• Silicon In Focus Podcast: Open Source, Open Security?

• LastPass Hackers Stole Source Code

• GoldDragon campaign: North-Korea linked Kimsuky APT adopts victim verification technique

• Gambling sites are losing significant amounts of revenue due to raising DDoS attacks

• Victory! South Carolina Will Not Advance Bill That Banned Speaking About Abortions Online

• The Impact of Technology on Citizenship Governance

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows ?

• Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework

• 0ktapus phishing campaign: Twilio hackers targeted other 136 organizations

• Hackers using AI Hologram to conduct identity theft

• Russian war on Ukraine has made organizations change cybersecurity tactics

• How fast is the financial industry fixing its software security flaws?

• How complicated access management protocols have impacted cloud security

• New infosec products of the week: August 26, 2022

• Randi Zuckerberg says she’s a ‘big proponent of the real world’ when it comes to parenting

• LastPass discloses August 2022 security breach

• Federal Judge: Invasive Online Proctoring “Room Scans” Are Unconstitutional

• THEOplayer Is Latest Video Player to Integrate with Verimatrix Streamkeeper Multi-DRM

• How cloud computing turned security on its head

• Everything you need to know about the new features in VSS & MVP

• Cybersecurity certifications: Part of your cybersecurity journey

• Semperis Adds Community Tool for Cyber Defenders to Its Arsenal, Focused on Defining a Privileged Perimeter Around Tier 0 Assets

• CISA warns critical infrastructure to prepare for mass post-quantum systems migration

• Alteryx Server-FIPS enables users to scale analytics initiatives across public sector agencies

• Hillstone Networks unveils new firewalls to help enterprises defend against advanced threats

• NAVEX enhances RiskRate to simplify third-party self-registration and onboarding processes

• IT leaders struggling to address identity sprawl

• Tenn Emergency Communications Nominated in 2022 ‘ASTORS’ Awards

• What is doxing and how to protect yourself

• A major European logistics company selects IronNet to improve its operational security

• MSP360 adds Object Lock immutability from Backblaze to help users meet their cloud storage needs

• Federal Judge: Invasive Online Proctoring “Room Scans” Are Also Unconstitutional

• Twitter security under scrutiny after former executive turns whistleblower

• Binance chief says a “sophisticated hacking team” turned him into a deepfake hologram

• Update now! GitLab issues critical security release for RCE vulnerability

• Introducing Patch Management for OneView

• Exploits and TrickBot disrupt manufacturing operations

• How to check the Privacy Report for website tracking in Safari

• Lloyd’s refuses to cover nation-state attacks: What it means to enterprises

• Twitter Ordered to Give Musk Additional Bot Account Data

• LastPass data breach: threat actors stole a portion of source code

• Cisco names Sarah Rae Murphy to its board of directors

• Skyflow and Visa strenghten collaboration to make network tokenization the secure payments standard

• Twilio, Cloudflare just two of 135 orgs targeted by Oktapus phishing campaign

• It Is the Player, but Mostly the Game

• Lloyds refuses to cover nation-state attacks: What it means to the enterprise

• Privacy and security issues associated with facial recognition software

• IT Security News Daily Summary 2022-08-25

• Should You Use DNS Data to Drive Better Security Decisions?

• Lloyds refuses to cover nation-state attacks: What it means to enterprise

• Baltimore police to upgrade cell phone tracking tech

• LastPass source code, blueprints stolen by intruder

• Ransomware defies seasonal trends with increase

• Narrowing the CX gap to deliver the support that today’s public expects

• LastPass Says Source Code Stolen in Data Breach

• Apple expands self-service repair program to M1 MacBooks

• The Family That Mined the Pentagon’s Data for Profit

• Over 80,000 exploitable Hikvision cameras exposed online

• Hackers are using this sneaky exploit to bypass Microsoft’s multi-factor authentication

• Indonesia investigating alleged data breaches at state-owned firms

• How a business email compromise attack exploited Microsoft’s multi-factor authentication

• Mitiga: Attackers evade Microsoft MFA to lurk inside M365

• Bypassing Intel CET with Counterfeit Objects

• Cyber EO One Year Later: Feds Weigh in On Progress, Areas For Improvement

• Cyber Risk Management: The Right Approach Is a Business-Oriented Approach

• Researchers Discover Kimusky Infra Targeting South Korean Politicians and Diplomats

• Tech news you may have missed: August 18 – 25

• Twilio Hackers Scarf 10K Okta Credentials in Sprawling Supply Chain Attack

• StateRAMP exec sees ‘momentum’ for cloud security standardization

• Cybercriminals Are Selling Access to Chinese Surveillance Cameras

• Executive order will guide $52 billion in CHIPS Act funding

• The contractor responsible for the TSP’s troubled recordkeeping transition pledges to improve

• Government electric vehicle efforts requires new charging infrastructure

• Twitter whistleblower report holds security lessons

• SolarWinds Hackers Using New Post-Exploitation Backdoor ‘MagicWeb’

• Technique improves autonomous car navigation in tricky traffic

• Crooks target top execs on Office 365 with MFA-bypass scheme

• How the VA’s adoption of Login.gov is going

• Strange Facebook Bug Spams Users With Celebrity Posts

• Nobelium APT uses new Post-Compromise malware MagicWeb

• Google To Rollout Anti Disinformation Campaign In Eastern Europe

• GitLab Patches Critical RCE in Community and Enterprise Editions

• Upcoming Crimeware is Driven by Cobalt Strike

• ETHERLED – A New Attack Method to Exfiltrate Data from Air-Gapped Devices using LED Indicators

• S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]

• ReasonLabs Launches Free Online Security Tool to Power Secure Web Experience for Millions of Global Users

• Okta Hackers Behind Twilio and Cloudflare Breach Hit Over 130 Organizations

• Third-party Attacks: Hacker’s Exploit Software Networks

• Cisco Talos extends cybersecurity support to Ukraine

• Moderates of the world, unite!

• XIoT Vendors Show Progress on Discovering, Fixing Firmware Vulnerabilities

• Leaked Docs Show Spyware Firm Offering iOS, Android Hacking Services for $8 Million

• Risk & Repeat: Whistleblower spells trouble for Twitter

• More Bang for the Buck: Cross-Platform Ransomware Is the Next Problem

• Cisco Releases Security Updates for Multiple Products

• 0ktapus: Twilio, Cloudflare phishers targeted 130+ organizations

• MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

• Hyperscraper: A New Tool that Iranian Hackers Use for Stealing E-mails

• Huawei Founder Warns Of Painful Decade

• Microsoft Attributes New Post-Compromise Capability to Nobelium

• Wyden Renews Call to Encrypt Twitter DMs, Secure Americans’ Data From Unfriendly Foreign Governments

• Cisco Releases Security Updates for Multiple Products

• Hackers Steal Data For More Than 15 Million Users From Plex

• Hackers Are Breaking Into And Emptying Cash App Accounts

• Websites Can Identify If You’re Using iPhone’s New Lockdown Mode

• Hackers Leaked Data Anyways After Company Pays Ransom

• The Chatter Podcast: The Moon, Mars, and National Security with Fraser Cain

• Article: What Does Zero Trust Mean for Kubernetes?

• VMware Flaw Let Attackers Escalate Privilege in VMware Tools Suite

• 8 Signs It May Be Time for Parental Controls

• 7 Signs Your Phone Has a Virus and What You Can Do

• How to Remove Personal Information From Data Broker Sites

• Twitter, Meta kill hundreds of pro-Western troll accounts

• Talos Renews Cybersecurity Support For Ukraine on Independence Day

• Cyberstarts Closes $60M in Seed Fund III

• Ransomware Attack Forces French Hospital to Transfer Patients to Other Facilities

• How YouTube’s Partnership with London’s Police Force is Censoring UK Drill Music

• Apple To Unveil iPhone 14 At ‘Far Out’ Event On 7 September

• VMware Flaw Let Attackers Escalate Privilege in VMware Tools Suite of Utilities

• Twilio, Cloudflare Attacked in Campaign That Hit Over 130 Organizations

• Cosmetics Giant Sephora Settles Customer Data Privacy Suit

• Google Open Sources ‘Paranoid’ Crypto Testing Library

• BalkanID Adds $2.3M to Seed Funding Round

• Cisco Patches High-Severity Vulnerabilities in Business Switches

• The (Nation) State of Cyber: 64% of Businesses Suspect They’ve Been Targeted or Impacted by Nation-State Attacks

• U.S. Government Spending Billions on Cybersecurity

• Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers

• Ever present danger

• Black Hat SEO: Is Someone Phishing With Your Site Domain?

• Penetration Testing Market Worth $2.7B By 2027: MarketsandMarkets(TM) Report

• What You Need to Know About the Psychology Behind Cyber Resilience

• Jet2 Warns Customers About Covid Test Scam

• Cato Networks SASE Cloud: “leader” and “OutPerformer” in GigaOm SSA Radar

• Caught up in another password breach? Follow these 3 rules to protect yourself online

• How a business email compromise scam spoofed the CFO of a major corporation

• Optiv’s Annual $40K Scholarship for Black, African-American-Identifying STEM Students Now Open for Applicants

• Scans of Students’ Homes During Tests Are Deemed Unconstitutional

• Stay Calm and Proceed With Caution: The Merari Report on Israeli Police’s Pegasus Scandal

• Should Uncle Sam Worry About ‘Foreign’ Open-Source Software? Geographic Known Unknowns and Open-Source Software Security

• Sephora Agrees to $1.2 Million Settlement Of Data Privacy Charges

• Expert Commentary On The Plex Data Breach

• How YouTube’s Partnership with London’s Police Force is Censoring UK’s Drill Music

• Judge Likely To Dismiss Tesla Bid To Dismiss California Race Lawsuit

• Thousands of Organizations Remain at Risk From Critical Zero-Click IP Camera Bug

• New Exterro FTK Update Accelerates Mobile Digital Forensics

• Dominican Republic Quantum Ransomware, Expert Weighs In

• Twitter Whistleblower To Testify Before Senate Panel

• Plex Breach – Streaming Giant Issues Mass Password Reset to Millions

• Another free CA to use via ACME!

• Microsoft: SolarWinds hackers gain powerful ‘MagicWeb’ authentication bypass

• Hackers are attempting to steal millions of dollars from businesses by bypassing multi-factor authentication

• There’s a problem with online ads, and it’s not what you think

• How Economic Changes and Crypto’s Rise Are Fueling the use of “Cyber Mules”

• Mozilla Patches High-Severity Vulnerabilities in Firefox, Thunderbird

• Twilio, Cloudflare Attacked as Part of Campaign That Hit Over 130 Organizations

• Quantum Ransomware Attack Disrupts Government Agency in Dominican Republic

• Man-in-the-Middle Phishing Attack

• Phishing PyPI users: Attackers compromise legitimate projects to push malware

• Researchers Uncover Kimusky Infra Targeting South Korean Politicians and Diplomats

• Microsoft Details New Post-Compromise Malware Used by Russian Cyberspies

• Musk Lawyers Seize on Twitter Whistleblower Revelations

• EU Report Outlines Cyber Response to Ukraine Invasion

• Plex Breach Exposes Account Data, Including Passwords

• Comparing Face ID, Touch ID, and Passcode Security – Intego Mac Podcast Episode 254

• US Firm Pays $16m to Settle Healthcare Fraud Claims

• Which Is More Secure: Face ID, Touch ID, or a Passcode? – Intego Mac Podcast Episode 254

• Webflow Can Make Your Website More Secure – Here’s How

• Network Penetration Testing (Ethical Hacking) From Scratch – Review

• Workplace Stress Worse than Cyber-Attack Fears for Security Pros

• A lack of endpoint security strategy is leaving enterprises open to attack

• Shout-out to whoever went to Black Hat with North Korean malware on their PC

• Plex warns users to change their passwords after a data breach

• Privacy Activists Target Google Over French ‘Spam’ Emails

• Scammers Create ‘AI Hologram’ of C-Suite Crypto Exec

• Which Is More Secure: Face ID, Touch ID, or a Passcode?

• GAIROSCOPE attack allows to exfiltrate data from Air-Gapped systems via ultrasonic tones

• Do you know what your supply chain is and if it is secure?

• Virginia Consumer Data Protection Act: What You Need to Know?

• Threat actors are using the Tox P2P messenger as C2 server

• China could overtake U.S. in space without ‘urgent action,’ warns new Pentagon report

• Dominican Republic’s Institute Agrario Dominicano suffers Quantum Ransomware Attack

• Cyber Attack on American Streaming Media Plex

• PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks

• Ransomware dominates the threat landscape

• How CISOs can safeguard security in CI/CD environments

• How to navigate payment regulations without compromising customer experience

• We need to think about ransomware differently

• Biden named the next Secret Service director ‘at a critical moment’

• Stories from the SOC – Credential compromise and the importance of MFA

• Top tips for securing board-level buy-in for cybersecurity awareness campaigns

• Why Does Medical Imaging Equipment Need Better Cybersecurity?

• ISACA Conference Oceania Spotlights Digital Trust, Emerging Tech and Regional Trends

• 11:11 Systems to Acquire Cloud Management Services Business from Sungard Availability Services

• Splunk Announces Fiscal Second Quarter 2023 Financial Results

• New U.S. Legislation Introduced to Help Small Business Provide Cybersecurity Training

• #ISC2Congress: Empower Your Weekend with Training

• Most Important Web Server Penetration Testing Checklist

• Cyware adopts Traffic Light Protocol 2.0 to enhance threat intelligence sharing capabilities

• Privitar Modern Data Provisioning Platform provides self-service access to data in real time

• DataMotion No-Code Experience delivers secure content exchange to the customers

• Avast Ransomware Shield for businesses prevents unauthorised access

• Organizations changing cyber strategy in response to nation-state attacks

• House Oversight Dems seek data from social media companies about threats to law enforcement

• Is your personal data all over the internet? 7 steps to cleaning up your online presence

• Google Uncovered Tool used by Iranian APT Hackers to Steal Email Data

• Lessons from the Holy Ghost Ransomware Attacks

• Malwarebytes partners with Revelstoke to automate endpoint detection and response

• Unlocking Serverless with AWS Lambda and IAM

• ZTNA vs VPN: Secure Remote Work & Access – SASE Part 2

• Kimsuky’s GoldDragon cluster and its C2 operations

• LockBit ransomware gang blames victim for DDoS attack on its website

• Kudos and Recognition

• The Presidential Records Act and the Mar-a-Lago Documents

• 6 reasons MSPs need a patch management platform

• How to secure a Mac for your kids

• Reset your password now! Plex suffers data breach

• ChromeOS vulnerability found by Microsoft

• Plex discloses data breach and urges password reset

• Cloud Range RightTrak Cyber Aptitude Assessment improves cybersecurity hiring process

• Contrast Security appoints Tom Kellermann as SVP of Cyber Strategy

• 443ID expands leadership team to meet the needs of a growing customer base

• Quivr raises $3.55 million to help people create a secure digital identity

• Block sued after ex-staffer siphons customer data

• 5 top ailments affecting the healthcare data security infrastructure

• The present and future of FedRAMP

• Adversary Quest 2022 Walkthrough, Part 3: Four PROTECTIVE PENGUIN Challenges

• GitOps and Shift Left Security: The Changing Landscape of DevSecOps

• The Anatomy of Wiper Malware, Part 2: Third-Party Drivers

• Possible cyber regs face fragmented, underfunded water sector

• 3 states get $1M to boost small biz cybersecurity

• Texas launches searchable database of economic development agreements

• IT Security News Daily Summary 2022-08-24

• How to stop social engineering tactics

• homomorphic encryption

• California corrections department hit by cyberattack

• CISA: Just-Disclosed Palo Alto Networks Firewall Bug Under Active Exploit

• 80,000 internet-connected cameras still vulnerable after critical patch offered

• PCI DSS v4.0 is coming, here’s how to prepare to comply

• Calculate Splunk Ingestion Costs Savings when Pre-Processing Data Repository Logs with Imperva DSF

• Efficient ‘MagicWeb’ Malware Subverts AD FS Authentication, Microsoft Warns

• Crypto Miners Using Tox P2P Messenger as Command and Control Server

• Researchers: AiTM Attack are Targeting Google G-Suite Enterprise Users

• Ransomware Gang Demands $10M in Attack on French Hospital

• Preparing Critical Infrastructure for Post-Quantum Cryptography

• Major Database Mess Up Leaves Indian Federal Police and Banking Records Exposed

• Elastic automates security with SOAR, practices open security

• Preparing Critical Infrastructure for Post-Quantum Cryptography

• AiTM phishing campaign also targets G Suite users

• How to Bring the Power of Security Guardrails to Your Application Security Program

• How the NIST is moving ‘trustworthy AI’ forward with its AI risk management framework

• Plex Suffers Data Breach, Warns Users to Reset Passwords

• VMware LPE Bug Allows Cyberattackers to Feast on Virtual Machine Data

• Announcing the Open Sourcing of Paranoid’s Library

• MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

• Proxies and Configurations Used for Credential Stuffing Attacks

• How Russia-Ukraine cyberwar is impacting orgs: Two-thirds say they have been targeted

• New Air Gap-Jumping Attack Uses Ultrasonic Tones and Smartphone Gyroscope

• Breaching airgap security: using your phone’s compass as a microphone!

• War in Ukraine Has Pushed Two-Thirds of Businesses to Change Cyber Strategy

• Cisco Talos — Our not-so-secret threat intel advantage

• #LiveFromUkraine: Oleksandra Povoroznik Talks Language Politics and Wartime Culture

• ‘DarkTortilla’ Crypter Produces Targeted Malware

• What citizens want from a Digital ID Wallet

• Announcing: Code-free API log collection and parser creation

• Ransomware news headlines trending on Google

• Interactive overdose map visualizes evolving public health crisis

• How ransomware attacks target specific industries

• Air-Gapped Devices Can Send Covert Morse Signals via Network Card LEDs

• Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks

• Data governance: 5 tips for holistic data protection

• Data of 1.3M Patients of Novant Health was Leaked on Meta

• The (Nation) State of Cyber: 64% of Businesses Suspect They’ve Been Targeted or Impacted by Nation-state Attacks

• Cyber Leaders from Israel, Germany, Canada, UK, Ukraine, and US Discuss Collaboration at 13th Billington CyberSecurity Summit

• Cyware Adopts Traffic Light Protocol (TLP) v2.0 to Advance Threat Advisories and Intelligence Sharing

• Developer Visibility Focus Advances at SmartBear with Senior AI and Observability Hires

• Hillstone Networks Targets Cyberattacks at Network Edge with High-End Next Generation Firewall Offerings

• Former Apple Engineer Pleads Guilty To Stealing Driverless Car Data

• VMware confirms Carbon Black causing BSODs, boot loops on Windows

• Iranian cyberespionage group uses new Hyperscrape tool to extract emails from victims’ mailboxes

• VMware Fixes Privilege Escalation Vulnerabilities in VMware Tools

• Unusual Microsoft 365 Phishing Campaign Spoofs eFax Via Compromised Dynamics Voice Account

• External Attack Surface Management Explained

• Playing This Janet Jackson Song May Crash Your Laptop

• How RavenDB Has Earned the Trust of Hundreds of Companies

• McAfee launches Impact Report: How we’re doing and the opportunities ahead

• A new US data privacy bill aims to give you more control over information collected about you – and make businesses change how they handle data

• Plex Confirms Database Breach, Data Theft

• The Dangers of Expansive Public Health Surveillance

• Preemption of State Cybersecurity Laws: It’s Complicated

• How attackers use and abuse Microsoft MFA

• Glitch Sees Facebook Feeds Flooded With Celebrity Spam

• How Can WAF Prevent OWASP Top 10?

• How to conduct a secure code review

• Acronis’ Midyear Cyberthreats Report Finds Ransomware Is the No. 1 Threat to Organizations, Projects Damages to Exceed $30 Billion by 2023

• Nearly 3 Years Later, SolarWinds CISO Shares 3 Lessons From the Infamous Attack

• Agencies are still wrangling over death data

• Twitter Whistleblower Complaint: The TL;DR Version

• IoT Vulnerability Disclosures Up 57% in Six Months, Claroty Reveals

• Guide: How Service Providers can Deliver vCISO Services at Scale

• Cybersecurity Experts On Facebook Glitch

• Fighting Cyber Attackers Earlier to Reduce Risk

• 4 Ways Technology Will Keep You Safe While Gambling Online

• What Kind Of Computer Do You Need To Trade Stocks?

• Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus

• Apple Expands Self Service Repair To MacBooks

• Vishing 101: What’s vishing and how can I protect myself?

• Oversight chair Maloney loses primary

• Attacker snags account details from streaming service Plex

• Class Action Lawsuit Filed Against Oracle Over Data Collection Practices

• Facebook Bug Causes Users’ Feeds to Be Spammed

• CyberRatings.org Announces New Web Browser Test Results for 2022

• Why Empathy Is the Key to Better Threat Modeling

• A-Level Results 2022 – Tech Industry Experts React

• Experts Reaction To Poor Security At Twitter

• Transatlantic Cyber Security Business Network (TCBN) partners with International Cyber Expo 2022

• Plex breached: Change your passwords now

• Peiter ‘Mudge’ Zatko: CSO-turned-whistleblower says Twitter security was in a shambles

• Cybersecurity Breaches, a Wake-up Call for Businesses

• Meta Settles Facebook Location Tracking Lawsuit

• Over 80,000 Unpatched Hikvision Cameras Exposed to Takeover

• Security Pros Believe Cybersecurity Now Aligned With Cyberwar

• Lloyd’s To Exclude Certain Nation State Attacks From Cyber Insurance Policies

• Old, Inconspicuous Vulnerabilities Commonly Targeted in OT Scanning Activity

• French Hospital Diverts Patients Following Cyberattack

• IBM Patches Severe Vulnerabilities in MQ Messaging Middleware

• Hackers Using Fake DDoS Protection Pages to Distribute Malware

• Poll: Cybersecurity Professionals Want Remote Work Options

• This company paid a ransom demand. Hackers leaked its data anyway

• Mudge Files Whistleblower Complaint against Twitter

• The Privacy Flaw Threatening US Democracy

• Critical RCE bug in GitLab patched, update ASAP! (CVE-2022-2884)

• Is TikTok putting an end to Facebook’s dominance?

• Twitter Whistleblower Warns Platform Vulnerable To Foreign Influence

• The Ransomware Playbook Mistakes That Can Cost You Millions

• Researchers Warn of AiTM Attack Targeting Google G-Suite Enterprise Users

• Free Audi MMI Maps and Speedcams Update 2022/2023

• French Billionaire Allowed To Retain BT Stake After Security Review

• ‘Stay vigilant:’ Agencies issue warnings, take new steps to combat wave of threats against feds

• Ransomware Surges to 1.2 Million Attacks Per Month

• Ransomware updates & 1-day exploits

• Researchers Demonstrate New Browser-Powered Desync Attack

• EU Outlines Critical Cyber Response to Ukraine War

• US Healthcare Sector Breaches 342m+ Records Since 2009

• Indicator Of Attack(IoA’s) And Activities – SOC/SIEM – A Detailed Explanation

• Here’s How Attackers Are Circumventing Microsoft’s Multi-factor Authentication, Expert Weighs In

• Rise Of Fraud In Popular Culture Changes UK Consumers’ Outlook On Crime

• Hackers Steal Session Cookies To Bypass Multi-Factor Authentication. Expert Weighs In

• GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software

• VMware fixed a privilege escalation issue in VMware Tools

• BREAKING EXPERT COMMENT: Whistleblower Hands Musk The Key To Twitter

• COMMENT: FBI Warns Cybercriminals Hijacking Home IP Addresses For Credential Stuffing

• DevSpace 6: Client-only developer tool for cloud-native development with Kubernetes

• Cyber Security Management System (CSMS) for the Automotive Industry

• French Hospital Hit By $10M Ransomware Attack, Sends Patients Elsewhere

• Raas Kits Are Hiding Who The Attackers Really Are – Expert Comments

• Over 80,000 Hikvision Cameras Exposed Online

• Businesses get a new layer of protection with Avast Ransomware Shield

• NCSC Shares Guidance to Help Secure Large Construction Projects

• France hospital Center Hospitalier Sud Francilien suffered ransomware attack

• Lloyd’s to exclude certain nation-state attacks from cyber insurance policies

• Microsoft collaborates with Kaspersky for Cyber Threat Intelligence

• Whistleblower claims faults with Twitter Cybersecurity Defense policies

• Lloyd’s to exclude certain nation-state attacks from cyberinsurance policies

• CISOs see little need for a point solution to cover ransomware risk

• New social engineering tactics discovered in the wild

• Is security becoming a priority for DevOps teams?

• Thoma Bravo: Securing digital identities has become a major priority

• University of Technology Sydney Gets Better Support and Security for Oracle Database by Switching to Rimini Street

• OneSpan Wins 2022 SC Award for Best Mobile Security Solution

• LATEST CYBERTHREATS AND ADVISORIES – AUGUST 19, 2022

• Establishing a mobile device vulnerability management program

• How to reduce your exposure & secure your data in the cloud in 5 quick ways

• Grandoreiro Banking Trojan Targeting Automotive, Chemicals Manufacturing Industries

• 5 Things We Learned from The Definitive Guide to Data Loss Prevention (DLP)

• Privacy in Q2 2022: US, Canada, and the UK

• Giant Oak GOST updates empower users to identify money laundering and other illicit activities

• Data Dynamics StorageX9.0 helps customers manage sprawls of unstructured data

• Juniper Networks introduces NaaS capabilities to facilitate adoption of AI-driven networking services

• Lean security 101: 3 tips for building your framework

• 5 Keys To Successful Least Privilege Policy Implementation

• The Most Damning Allegation in the Twitter Whistleblower’s Report

• ImmuniWeb joins Cybersecurity Tech Accord to improve cyber resilience for customers

• Synthesized collaborates with BigID to eliminate the risks of data leakage

• SAS and SingleStore join forces to accelerate data-driven decisions

• SecureAuth prolongs FIDO Alliance membership and commits to FIDO2 certifications standards

• Rippleshot collaborates with Flashpoint to combat card fraud for financial institutions

• Google flags man as sex abuser after he sends photos of child to doctor

• Thousands of Hikvision video cameras remain unpatched and vulnerable to takeover

• National Archives recovered more than 100 classified documents from Trump in January

• Best Open-Source Distributions for Pentesting and Forensics

• The Most Damning Allegation in the Twitter Whistleblower’s Report

• Microsoft publicly discloses details on critical ChromeOS flaw

• HiddenLayer forms a Synaptic Adversarial Intelligence team to explore and uncover ML/AI threats

• Concentric AI names Daniel Emanuele as SVP of Sales

• Billy Evans joins Kivu Consulting as SVP

• Okta appoints Emilie Choi to Board of Directors

• Barmak Meftah joins Stellar Cyber as Board Advisor

• Broadband gains still leave some behind, report says

• The 11 best Labor Day 2022 security camera deals

• Extending broadband from anchor institutions can reduce the homework gap

• Twitter savaged by former security boss Mudge in whistleblower complaint

• DevSecOps Gains Traction — but Security Still Lags

• IT Security News Daily Summary 2022-08-23

• County assessor’s code repository powers transparent government

• 7 guidelines to secure network storage

• DevSecOps Gains Traction — But Security Still Lags

• Mobile app aims to reduce work zone-related crashes

• Thoma Bravo Buying Spree Highlights Hot Investor Interest in IAM Market

• Indonesia’s New Draft Criminal Code Restrains Political Dissent

• Big Technology’s Kantrowitz and Platformer’s Newton on whistleblower claims and the Twitter-Musk deal

• Bill Foster talks digital identity

• DHS commits to better intel sharing with law enforcement, points to mobile app

• VMware Releases Security Update

• ETHERLED and GAIROSCOPE Attacks Allow Data Exfiltration from Air-gapped PC

• 5 Ways to Reset Your Family’s Digital Habits this Summer

• Two tribes receive $50M to boost internet access

• Facebook Reaches $37.5 Million Settlement In Location Tracking Lawsuit

• VMware Releases Security Update

• Apes Gone Phishing

• As The Pandemic Persists, Hospitals Face New Cyber Vulnerabilities

• Escape From D.C.: Analyzing Jan. 6 Venue Transfer Motions

• Researchers Discovered Counterfeit Phones with Backdoor to Hack WhatsApp Accounts

• Privilege Escalation Flaw Haunts VMware Tools

• Guidehouse to acquire Grant Thornton’s public sector arm

• Mudge Blows Whistle on Alleged Twitter Security Nightmare

• The Twitter whistleblower complaint is going to be a key point upcoming litigation, says security expert

• Smartphone gyroscopes threaten air-gapped systems, researcher finds

• Ethernet LEDs Can Be Used to Exfiltrate Data From Air-Gapped Systems

• Ex-Security Chief Accuses Twitter of Cybersecurity Negligence

• GitLab fixed a critical Remote Code Execution (RCE) bug in CE and EE releases

• How to get started with Selenium automation testing

• GitLab Patches Critical Remote Code Execution Vulnerability

• Proofpoint Introduces a Smarter Way to Stay Compliant with New Intelligent Compliance Platform

• Esca RAT Spyware Actively Employed Cybercriminals

• Bogus DDoS Protection Alerts Distribute RATs

• Researcher Uses $25 Custom ModChip to Hack Starlink

• Tesla Loses Challenge Against Race Discrimination Lawsuit By Californian Agency

• Over 80,000 Hikvision cameras can be easily hacked

• CISA Adds Palo Alto Networks’ PAN-OS Vulnerability to Catalog

• Coalfire Federal Among First Authorized to Conduct CMMC Assessments

• One-Third of Popular PyPI Packages Mistakenly Flagged as Malicious

• What Is Mobile Email Management (MEM)?

• Former Twitter security chief files whistleblower complaint, alleges execs misled on spam, security

• Jim Cramer weighs in on new security, spam allegations against Twitter

• Microsoft recognized as a Leader in the 2022 Gartner® Magic Quadrant™ for Unified Endpoint Management Tools

• A multidimensional approach to journalism security

• Ragnar Locker Ransomware targets Greece Gas Company

• Report: Financial Institutions Are Overwhelmed When Facing Growing Firmware Security and Supply Chain Threats

• Crystal Group announces 2022 Innovation Scholarship recipients

• Cohesity Highlights Data Management and Data Security Innovations at VMware Explore

• Financial Services Software Has Fewer Security Flaws Than Most Industries

• 4 Cybersecurity Budget Management Tips

• Bitcoin ATMs leeched by attackers who created fake admin accounts

• Air-Gap Attack Exploits Gyroscope Ultrasonic Covert Channel to Leak Data

• Microsoft recognized as a Leader in the 2022 Gartner® Magic Quadrant™ for Unified Endpoint Management Tools

• Poor healthcare cybersecurity is a threat to public health

• Ex-Security Chief Accuses Twitter of Hiding Major Flaws

• Backdoors Found on Counterfeit Android Phones

• Ransomware Gang Leaks Data Allegedly Stolen From Greek Gas Supplier

• XCSSET Malware Updates with Python 3 to Target macOS Monterey Users

• Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts

• Microsoft recognized as a Leader in the 2022 Gartner® Magic Quadrant™ for Unified Endpoint Management Tools

• Beyond Shadow IT: Expert Advice on How to Secure the Next Great Threat Surface

• SE2 Automates Cloud Security with Check Point CloudGuard Security Posture Management

• Immigration Enforcement Priorities and Presidential Duty

• Escape from D.C.: Analyzing Jan. 6 Venue Transfer Motions

• Microsoft recognized as a Leader in the 2022 Gartner® Magic Quadrant™ for Unified Endpoint Management Tools

• Apple Staff Petition Against Return To Office Order

Generated on 2022-09-01 00:02:23.396124