IT Security News Weekly Summary – Week 10

• IT Security News Daily Summary 2021-03-14

• Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 319’

• BSides Huntsville 2021 – David Hunt’s ‘Hack In Your Sleep’

• Upcoming Speaking Engagements

• BSides Huntsville 2021 – Ronnie Watson’s ‘Build Yourself An Elastic Threat Hunting And Monitoring SIEM’

• Fighting Domestic Extremism: Lessons From Germany

• Data Privacy Day: Three ways to keep consumer data secure

• Top IoT predictions for 2021

• ZHtrap, the Latest Malware to Install Honeypots on Devices to Identify More Targets

• Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

• The Foilies 2021

• Security Affairs newsletter Round 305

• Judge Rules Google Must Face Lawsuit Alleging Chrome Tracks Users in Incognito Mode

• Cyber Attacks: Is the ‘Big One’ Coming Soon?

• A Trio of Vulnerabilities in the Linux Kernel Can Give Attackers Root Privileges

• WeLeakInfo’s Customer Records Leaked

• Google releases Spectre PoC code exploit for Chrome browser

• Book Review: Born Digital by Robert Wigley

• Week in review: Keeping serverless architecture secure, trends influencing remote work in 2021

• Multilingual Cybersecurity Awareness Training adapted for your needs

• Penetration testing

• Four innovative payment services using a banking app

• Giving Voice to Digital Identities Worldwide: Lessons and Insights from Around the World

• How can we prevent sophisticated document fraud in 2021?

• How to guarantee patient identification during a pandemic

• How can technology protect and improve the future of sport?

• Application Security for builders and creators

• COVID-19 testing service in US exposes patients’ photos, passports

• IT Security News Daily Summary 2021-03-13

• Exploits on Organizations Worldwide Tripled after Microsoft’s Revelation of Four Zero-days

• BSides Huntsville 2021 – Joanna Burkey’s ‘Keynote – Cybersecurity As An Ecosystem’

• Retrieve Process Run-time Architecture on Apple Silicon Macs On The Command Line with `archinfo`

• Experts found three new 15-year-old bugs in a Linux kernel module

• “Hacker Games” launched to challenge and improve cybersecurity skills

• Pathlock Raises $20 Million to Grow Data Access Control Platform

• Metrolinx Piloting Apple Pay on Toronto’s UP Express, Working to Expand to TTC

• Apple Promotes iPhone 12 ‘Ceramic Shield’ Display In New ‘Cook’ Ad

• Stories from the SOC – Beaconing Activity

• 5 Cybersecurity concerns surrounding the COVID vaccine

• Quantifying CyberRisk- Solving the riddle

• Cybersecurity and online gaming: Don’t be a victim

• What is an incident response plan? Reviewing common IR templates, methodologies

• Security News in Review: Microsoft Exchange Server Hack “Doubling” Every Two Hours; Linux Foundation Creates New Software Signing Service

• Serverless and PaaS Security with CloudPassage Halo

• Russian military-industrial complex announced a ban on the use of WhatsApp and Zoom for work

• Updates on Microsoft Exchange Server Vulnerabilities

• MAR-10329107-1.v1: China Chopper Webshell

• MAR-10329297-1.v1: China Chopper Webshell

• MAR-10329298-1.v1: China Chopper Webshell

• MAR-10329301-1.v1: China Chopper Webshell

• MAR-10329494-1.v1: China Chopper Webshell

• Beverge Manufacturer Molson Coors Targeted in Cyber Attack

• Hackers Accessed Security Cameras Inside Tesla and Beyond

• The fire in the OVH datacenter also impacted APTs and cybercrime groups

• Top Stories: Apple Event Rumored for March 23, iMac Pro and HomePod Discontinued, and More

• How to Export Your Passwords From LastPass

• Despite Hacks, US Not Seeking Widened Domestic Surveillance

• New variant for Mac Malware XCSSET compiled for M1 Chips

• Cutwail Botnet-Led Dridex and Malicious PowerShell Related Attacks, Increase with new Scripts

• CompTIA Security Certification Prep — Lifetime Access for just $30

• ‘Build’ or ‘Buy’ your own antivirus product

• Several Americans Affected by Netgain Ransomware Attack

• Week in security with Tony Anscombe

• Weekly Update 234

• Liker – 465,141 breached accounts

• Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild

• Huawei Listed Anew as Threat to US National Security

• Apple Discontinues Full-Sized HomePod to Focus on HomePod Mini

• What is SIEM? And How Does it Work?

• Apple Discontinuing Full-Sized HomePod to Focus on HomePod Mini

• Anatomy of a Security Super Bowl Dynasty, Part 3: Special Teams and Coaching

• FBI warns deepfakes could be the next major cyber threat

• 2021-03-12 – Quick post: IcedID malware/artifacts

• DearCry ransomware impacting Microsoft Exchange servers

• Friday Squid Blogging: On SQUIDS

• Deals: Brydge Discounting Collection of iPad Keyboards by Up to $70

• Cybersecurity firm warns of potential ransomware attack in the near future

• Protecting on-premises Exchange Servers against recent attacks

• Google’s OSS-Fuzz extends fuzzing to Java apps

• Best antivirus software in 2021

• Netflix’s Password-Sharing Crackdown Has a Silver Lining

• IT Security News Daily Summary 2021-03-12

• New ransomware strain exploits Microsoft Exchange security flaw

• Windows-Only 7-Zip now Available for Linux

• Diving into DevSecOps w/ John Willis

• DARPA developing AI into a mission-critical partner

• DARPA seeks AI assistants to help with complex tasks

• REvil Group Claims Slew of Ransomware Attacks

• Critical Security Hole Can Knock Smart Meters Offline

• US Moves Closer to Retaliation Over Hacking as Cyber Woes Grow

• WSJ: Microsoft Probing Possible PoC Exploit Code Leak

• Contemplating the Coffee Supply Chain: A Horror Story

• Microsoft Exchange Server Attacks: 9 Lessons for Defenders

• Threat Roundup for March 5 to March 12

• Exchange Week 2 – Ransomware Joins The Fray

• Microsoft DHCP Logs Shipped to ELK, (Fri, Mar 12th)

• PC Games ‘Tokyo 42’ and ‘Ancestors Legacy’ Now Available on iOS Through GameClub

• Qualcomm Struggling to Keep Up With Processor Demand and Shortages Could Impact Samsung

• Google emits data-leaking proof-of-concept Spectre exploit for Intel CPUs to really get everyone’s attention

• New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor

• House task force digs into DOD supply chain vulnerabilities

• Europol Credits Sweeping Arrests to Cracked Sky ECC Comms

• Can a Programming Language Reduce Vulnerabilities?

• 10,000+ WeLeakInfo customer records leaked

• Apple Prototyped a Jet Black iPhone X

• Cypersecurity firm Mandiant warns of additional ransomware attacks

• New bill looks to centralize CISA’s role in ICS threat response

• Sewage-testing robots process wastewater faster to predict COVID-19 outbreaks sooner

• OSINT Data Collection: You Still Need Humans, but Automation is Well Worth the Investment

• Don’t Let Data-Stealing Leprechauns Snatch Your Pot of Gold

• Pepsi Docuseries ‘The Jet’ Coming to Apple TV+

• MacRumors Giveaway: Win an Explorer 500 Portable Power Station From Jackery

• Next-Generation Apple Silicon MacBooks Expected to Drive Record-Breaking Mac Shipments This Year

• Adobe Says Photoshop on M1 Runs 50% Faster Than 2019 Intel-Based MacBook

• Upcoming AirPods 3 Redesign Shown Off in New Images

• How Should the U.S. Respond to the SolarWinds and Microsoft Exchange Hacks?

• No, Florida Can’t Regulate Online Speech

• Seattle and Portland: Say No to Public-Private Surveillance Networks

• Ransomware is targeting vulnerable Microsoft Exchange servers

• DearCry Ransomware Makes its Debut

• CISA Reports That No Federal Civilian Agency Hacked in Exchange Attacks

• Brazil’s National Data Protection Authority (ANPD) Announces Strategy, Begins Investigation to Combat Two Large Data Leaks

• Exploits on Organizations Worldwide Tripled every Two Hours after Microsoft’s Revelation of Four Zero-days

• Biden signs Rescue bill, boosting TMF and adding pandemic leave for feds

• A Bird-Feed Seller Beat a Chess Master. Then It Got Ugly

• Test Post

• Cheaper, Ad-Supported HBO Max Subscription Launching in June

• 150,000 Verkada security cameras hacked—to make a point

• No sign of Exchange-related ransomware hitting UK orgs, claims NCSC as it urges admins to scan for compromises

• Hackers dropping DearCry ransomware using Exchange Server exploit

• Metamorfo Banking Trojan Abuses AutoHotKey to Avoid Detection

• CEOs express strong optimism for global growth this year

• Apple Sues Employee for Stealing Trade Secrets

• Utah Company Stored Passport Scans on Unsecured Server

• Settlement Reached Over Data Breach Impacting 24 Million Americans

• 150,000 Verkada Cams Hacked, but it Gets Worse

• AirPods Max Firmware Update Appears to Fix Smart Case Battery Drain Issues

• 2021 Cybersecurity Outlook: Attackers vs. Defenders

• Microsoft Exchange Exploits Pave a Ransomware Path

• Android: How to quickly block spam SMS

• Mac Malware ‘XCSSET’ Adapted for Devices With M1 Chips

• NCSC: Install Latest Microsoft Exchange Server Updates Urgently

• Understanding Accellion’s FTA Appliance Compromise, DEWMODE, and Its Supply Chain Impact

• iPhone 13 Models Will ‘Likely’ Have Touch ID Under the Display

• West Ham supporters have data leaked by club website

• What Is Email Fraud Protection (EFP)?

• Microsoft Exchange Servers targeted by DearCry Ransomware

• Cable Modems & Security

• The Cybersecurity Trends Affecting the Market in 2021

• What Companies Are Doing to Up Their Data Security in 2021

• LinearB, which brings contextual metrics to software development project management, raises $16M

• Molson Coors Cracks Open a Cyberattack Investigation

• Power Equipment: A New Cybersecurity Frontier

• Microsoft Reports ‘DearCry’ Ransomware Targeting Exchange Servers

• Cyber News Rundown: Phishing Targets NHS Regulatory Commission

• With Spectre Still Lurking, Google Looks to Protect the Web

• Microsoft Says Ransom Hackers Taking Advantage Of Server Flaws

• Proven Leaker Says New AirPods Ready to Ship, New 12.9-Inch iPad Pro Will Likely Outsell 11-Inch Model

• Deals: Amazon Opens Up New Apple Watch Sale, Starting at $259.00 for 40mm Apple Watch SE ($20 Off)

• Disney World MagicBand Support Coming to iPhone and Apple Watch

• France, Cyber Operations and Sovereignty: The ‘Purist’ Approach to Sovereignty and Contradictory State Practice

• Molson Coors Production Stopped Following a Cyberattack

• Business Email Security Contributes to Business Stability – Find Out Why

• Thousands of Patients Affected by New Hampshire Hospital Data Breach

• The Security Checklist for Designing Asset Management System Architectures

• Microsoft Exchange: Patching Too Late If Already Compromised

• Loose SPF, DKIM, DMARC, and ARC Settings Sabotage Security

• LinearB, which bring contextual metrics to software development project management, raises $16M

• Okta invests in, partners with Immuta to secure cloud analytics

• Ransomware Operators Start Targeting Microsoft Exchange Vulnerabilities

• Netflix Introduces Measures to Prevent Password Sharing

• Securing industrial networks: What is ISA/IEC 62443?

• Internet disruption in Russia coincided with the introduction of restrictions

• Fastway Couriers suffers data breach

• Internet providers aid Home Office in web-spying

• COVID-19 Testing Service Exposes 50,000 Patients’ Personal Info on The Web

• Tsao vs. Captiva: “Risk of Identity Theft” Theory Rejected

• A Spectre proof-of-concept for a Spectre-proof web

• FBI warns deep fakes could be the next big cyber threat

• Sir Tim Berners-Lee Warns Too Many Young People Lack Web Access

• Best security key in 2021

• Breach Exposes Data of 200K Health System Staff, Patients

• Ryuk Ransomware Hits Spain’s Employment Agency

• A Bug in iPhone Call Recording App Exposed Clients Data

• Experts Reaction On Home Office Tests Web-Spying Powers With Help Of UK Internet Firms

• What Are BEC Attacks?

• (VIDEO) Getting Started With Duo – Step 3: Admin Dashboard & Device Insight

• Yseop now tells you what percentage of a financial report can be generated automatically

• FCW Insider: March 12, 2021

• Cyber Insurance Firm Cowbell Raises $20 Million

• SailPoint Appoints Heather Gantt-Evans as New CISO

• You Need a Password Manager. Here Are the Best Ones

• Molson Coors hit by suspected ransomware attack

• What is Mimikatz?

• New Initial Access Tool ‘NimzaLoader’ Spreads via Phishing Emails

• Cybersecurity Predictions for 2021 from the (ISC)² Community of Security Professionals (Part 3)

• Netflix Tests Crackdown On Password Sharing

• The 5 Best and Secure Facial Recognition Tools

• Security Trends And Emerging Technologies That A CISO Should Adopt In 2021

• Uber, Lyft to share data on drivers banned for sexual, physical assault

• Darkside 2.0 Ransomware Promises Fastest Ever Encryption Speeds

• Researchers warn of a surge in cyber attacks against Microsoft Exchange

• Developing a Strong Security Posture in the Era of Remote Work

• Netflix to trial restrictions on password sharing

• University Cyberattacks Justify the Incorporation of Higher Education in Critical Infrastructure Bill

• OVH Hints UPS Cause Of Data Centre Fire

• Netflix wants to stop you sharing your password

• Microsoft Exchange attacks: Watch out for this new ransomware threat to unpatched servers

• The future of data privacy: confidential computing, quantum safe cryptography take center stage

• Microsoft Patch Tuesday, March 2021 Edition

• Molson Coors Suffers Suspected Ransomware Attack

• Encrypted Comms Firm Denies Police Cracked User Messages

• Apple takes serious measures in action against zero-click exploits in iOS

• Google Touts Chrome 89 Memory Savings That ‘Keep Your Mac Cooler’ While Browsing

• This Is How The World Ends – Whistleblowing First So We Understand WHY!

• Fake Icon Delivers NanoCore Trojan – Experts Perspectives

• F5 Urges Customers To Patch Critical Big-IP Pre-auth RCE Bug

• 4 Examples of Data Encryption Software to Consider for Your Enterprise

• BitSight Observations Into HAFNIUM Attacks, Part Two

• Sextortion attacks are on the rise in the UK

• Security Recruiter Directory

• FISMA basics: What federal agencies and contractors need to know

• Hackers Breach Thousands of Security Cameras | Avast

• Microsoft Exchange Server hacks ‘doubling’ every two hours

• Everything you need to know about the Microsoft Exchange Server hack

• “Hacker Games” Launched to Encourage Development of Secure Coding Skills

• Researchers Spotted Malware Written in Nim Programming Language

• Good old malware for the new Apple Silicon platform

• Apple Pay Promo Offers Up to 50% on Meal Plan Delivery Services

• Original Film ‘Cherry’ Out Now on Apple TV+, Starring Tom Holland

• Researchers Found RedXOR Malware Linked to Chinese Hackers

• Exploits on Organizations Worldwide Doubling every Two Hours after Microsoft’s Revelation of Four Zero-days

• Norway Parliament, Storting, Hit by a Microsoft Exchange Cyber Attack

• Hackers Are Targeting Microsoft Exchange Servers With Ransomware

• 4 Security Awareness Training Trends

• Malspam campaign uses icon files to delivers NanoCore RAT

• Want your endpoint security product in the ‘Microsoft Consumer Antivirus Providers for Windows’ ?

• Borderline Unreasonable Electronic Device Searches

• Why SaaS Security Is So Hard

• New Browser Attack Allows Tracking Users Online With JavaScript Disabled

• Two new ways backup can protect enterprise SaaS data

• Cyber secure your Smart Phone by doing so

• Ransomware Cyber Attack on Molson Coors

• Sex in the digital era: How secure are smart sex toys?

• Rise in remote work leads to increase in IT security gaps

• Compromised devices and data protection: Be prepared or else

• Data Privacy Management Firm DataGrail Raises $30 Million

• Most IT pros manage different versions of the same database

• Can private data be recovered from “sanitized” images?

• Secure Coding Challenges Faced by Every Software Developer in 2021

• ISC Stormcast For Friday, March 12th, 2021 https://isc.sans.edu/podcastdetail.html?id=7410, (Fri, Mar 12th)

• Deep Instinct launches performance guarantee and ransomware insurance up to $3 million

• Avatier for ServiceNow adds unified, passwordless approach to IAM with SSO

• Effectual Managed DevOps Platform optimized for AWS Cloud

• Innodisk InnoBTS SSD integrates blockchain technology into a single storage device

• EclecticIQ expands MSSP offering through ACDS partnership

• CloudLinux KernelCare patching service can be deployed with Microsoft

• Police shut down illegal video streaming app Mobdro with 100M users

• University ‘hacks’ as a justification to include the sector in Critical Infrastructure Bill

• F5 Networks Urges Customers to Update to New Versions of Its App Delivery Tech

• T-Mobile Aiming to Cover 90% of Americans With ‘Ultra Capacity 5G’ By 2023

• Accenture acquires Imaginea to enhance global cloud first capabilities

• Tausight raises $20M to protect clinical workflows

• Hackers compromised Microsoft Exchange servers at the EU Banking Regulator EBA

• UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

• 3 SaaS Backup Rules to Keep Your Data Safer in 2021

• Apple fixes CVE-2021-1844 RCE that affects iOS, macOS, watchOS, and Safari

• Microsoft’s GitHub under fire after disappearing proof-of-concept exploit for critical Microsoft Exchange vuln

• Network Pivots, Patch Bypasses: Exploits Hit Hard in 2020

• Former Employees Explain What Facebook Has to Lose When Apple Implements App Tracking Transparency

• DNSFilter expands leadership team with new appointments

• DataRobot names Dan Wright as CEO

• Retrain.ai raises $13M to help workers reskill and upskill for better jobs

• Critics fume after Github removes exploit code for Exchange vulnerabilities

• VA watchdog cautions on pandemic hires

• Will DOD keep collaborating after CVR?

• ‘We must raise our game’ to counter sophisticated adversaries, CISA warns

• CIAS building risk management tools for state, local agencies

• Surveillance camera hack exposes video from police, prisons, schools

• Molson Coors discloses cyberattack disrupting its brewery operations

• Do a plug-in audit and improve visibility into remote workers’ systems to avoid Gootloader attack

• How to install and configure 2FA on AlmaLinux

• Does XDR Mark the Spot? 6 Questions to Ask

• Molson Coors Beer Operations Halted by Hack

• Review: Cozy’s MagPad Adds Style and Functionality to Apple’s MagSafe Charger

• Netflix May Soon Crack Down on Password Sharing

• IT Security News Daily Summary 2021-03-11

• 2021-03-11 – IcedID (Bokbot) from Excel spreadsheet macro

• All You Need to Know: The Four Zero Days in Microsoft Exchange Servers

• Quick Hits

• CMMC board’s training lead resigns

• States, cities get $325B in direct aid from COVID-19 package

• To address racial inequity, many leaders are starting with a map

• TrickBot Takes Over, After Cops Kneecap Emotet

• Ransomware Attack Strikes Spain’s Employment Agency

• Developer-first security raises Snyk’s tides, among others

• How security teams can prepare for advanced persistent threats

• School Boss Resigns After Porn Found on Computer

• Expert publishes PoC exploit code for Microsoft Exchange flaws

• Apple Releases Safari Technology Preview 122 With Bug Fixes and Performance Improvements

• Continuing to Raise the Bar for Verifiable Security on Pixel

• Finalists announced in second annual Microsoft Security 20/20 awards

• Best password manager in 2021

• Hackers update Gootkit RAT to use Google searches and discussion forums to deliver malware

• After Oldsmar: How vulnerable is US critical infrastructure?

• Apple Accuses Former Employee of Stealing Trade Secrets and Leaking Them to Media

• #ShareTheMicInCyber: Brooke Pearson

• Congress Proposes Bold Plan to End the Digital Divide

• Cyberattack Forces Brewery Shutdown at Molson Coors

• Microsoft Exchange Server Exploit Code Posted to GitHub

• AirPods Max in Pink Now Available to Ship on Amazon

• The US Seizes Phishing Domains Impersonating COVID-19 Vaccine Sites

• Spanish Government Attacked with Ryuk Ransomware

• FIN8 Bolsters Their BADHATCH Backdoor

• Europol ‘Unlocks’ Encrypted Sky ECC Chat Service to Make Arrests

• Microsoft Patch Tuesday March Fixed Exchange Server Bugs Under Attack, IE Zero-Day, And More

• NanoCore RAT Scurries Past Email Defenses with .ZIPX Tactic

• Data Security and Governance Provider Privacera Raises $50 Million

• How confidential are your calls? This iPhone app shared them with everyone

• Actionable Tips for Engaging the Board on Cybersecurity

• Apple Launches All-in-One Web Page With Privacy Labels for Its Own Apps

• Google Maps Gaining Tools for Drawing Missing Roads, Sharing Photo Updates

• Chinese, US Chip Trade Associations Team Up – Report

• Chinese hackers using RedXOR backdoor against Linux systems

• This malware was written in an unusual programming language to stop it from being detected

• Microsoft Exchange Servers Face APT Attack Tsunami

• This Netgear SOHO switch has 15 – count ’em! – vulns, which means you need to upgrade the firmware… now

• Hackers attempt to poison the well, but AI cybersecurity solutions bolster water treatment facility security

• How confidential are your calls? This iPhone app shared them with everyone!

• Another 210,000 Americans Affected by Netgain Ransomware Attack

• Reflections on 2020 security vulnerabilities

• IBM Security and Recorded Future: Better Together

• Have You Taken Our LinuxSecurity User Survey?>

• Dridex Campaign Propelled by Cutwail Botnet and Poisonous PowerShell Scripts

• FIN8 Resurfaces with Revamped Backdoor Malware

• Linux Systems Under Attack By New RedXOR Malware

• A new Linux Foundation open source signing tool could make secure software supply chains universal

• Serious Vulnerabilities Found in Schneider Electric Power Meters

• Cisco found cryptomining activity within 69% of customers

• The Broader Application of Pentesting Skills

• The Biden Administration’s Opportunity to Secure International Mail

• Commission Criticizes Lack of Preparedness; U.S. Likely to Implement Sweeping Rule on Tech-Related Transactions

• What Is Email Fraud Prevention?

• The biggest challenges—and important role—of application security

• Police credit “unlocked” SKY ECC encryption for organized crime bust

• SEPE employment agency of Spain targeted by Ransomware Attack

• GitHub Vulnerability Could Expose Users’ Session Tokens – Bug Fixed

• Organizations thrive on VDI

• Clearview AI Sued In California By Immigrant Groups

• How to stop robocalls

• XDR Firm Cynet Raises $40 Million Series C Funding

• Trans Tracking Plugin Reported to Norwegian Authorities

• Facebook Sued By Russia For Not Deleting Protest Content

• Russian authorities slow access to Twitter over banned content

• 5 Steps for Investigating Phishing Attacks

• ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks

• $20M Raised by AI-powered Cyber Insurance Innovator Cowbell Cyber

• Confluera Joins Forces with SYNNEX Corporation, Continuing Expansion of Reseller Program for its Detection and Response Solution

• Cobalt Announces Launch of Partner Program On Heels of 75% YoY ARR Growth

• Spying on your Exchange Server

• Bounty Hunter Hackers Earn $40m Thanks To Pandemic

• Vexing Mystery Surrounds 0-Day Attacks On Exchange Servers

• This Trojan Malware Is Now Your Biggest Security Headache

• F5, CISA Warn Of Critical BIG-IP And BIG-IQ RCE Bugs

• Deals: Amazon Discounting Apple’s Official iPhone Cases, Including Up to $35 Off iPhone 12 mini Cases

• Apple-Designed 5G Modem Said to Debut in All 2023 iPhone Models

• Norway’s Stortingnet becomes newest victim of Microsoft Exchange malware

• F5 Announces Critical BIG-IP pre-auth RCE bug

• What Is an XSS Attack? Definition, Types, Prevention

• February 2021 Cyber Attacks Statistics

• Ten Hacking Groups Exploiting Microsoft Email Flaw, Warns ESET

• Icon files abused in malspam to spread NanoCore Trojan

• Cowbell Cyber raises $20 million, aims to build out its AI-drive cyber insurance platform

• Criminals arrested after trusting encrypted chat app cracked by police

• F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs

• At Least 10 Threat Actors Targeting Recent Microsoft Exchange Vulnerabilities

• Tausight Raises $20M to Protect Healthcare Data

• Facial Recognition Company Sued by California Activists

• S3 Ep23: Hafnium happenings, I see you, and Pythonic poison [Podcast]

• Fixing the Weakest Link — The Passwords — in Cybersecurity Today

• Hackers stole data from Norway parliament exploiting Microsoft Exchange flaws

• Notability’s New Mac Catalyst App Adds Shape Detection, Apple Pencil Support for Sidecar, and More

• Heimdal™ Releases Vulnerability Data on the Microsoft Exchange Patch

• 5 common VPN myths busted

• ZIPX files that aren’t: Keep a weather eye out for disguised malware in email attachments

• Latest CrowdStrike Global Threat Report Finds Healthcare Orgs in the Social Engineering Crosshairs

• This trojan malware is now your biggest security headache

• The year of living remotely: Let’s swap pandemic stories

• Sumo Logic Agrees Deal to Acquire DFLabs

• After OTP Issues,TRAI Suspends New SMS Rules For 7 Days

• Threat Trends: DNS Security, Part 1

• Panzura Makes Threat Detection Simple, Boosts Security with Release of CloudFS 8 Defend

• Veracode Tackles Cybersecurity Skills Gap with Launch of The Hacker Games

• Cybersecurity Industry’s Most Comprehensive Guarantee and Warranty Announced by Deep Instinct and Backed by the Munich Re Group

• Australia Eyes Consumer Impact of Google’s Default Search Engine Deal With Apple

• Deals: MagSafe Duo Charger Drops to $99.99 at Best Buy ($29 Off, Lowest Price)

• Space Gray HomePod Currently Unavailable From Apple in the United States

• How to Manage Gmail and Google Security and Privacy Settings

• Apple Discontinues iMac Pro All-In-One Computer

• Choose The Best Server for Your Small Business | Avast

• FCW Insider: March 11, 2021

• Ajay Sabhlok Appointed Rubrik’s First Joint CIO and CDO

• With Proof-of-Concept Out, FBI & CISA Urge Organizations to Mitigate Microsoft Exchange Threat ASAP

• Fast Random Bit Generation

• Security Flaw In Popular iPhone App Exposes Call Recordings Of Thousands

• Experts On University Of Lancashire Suffers Cyber Attack

• Spanish employment agency hit by major cyberattack

• Three UK universities hit by cyber-attacks

• Getting your application security program off the ground

• Everything You Need to Know About Batteries – Intego Mac Podcast Episode 178

• What is cryptojacking? How to prevent, detect, and recover from it

• 8 new roles today’s security team needs

• Data Centre Fire Blamed For Russia Google Outage

• Facebook Urges Dismissal Of Lawsuits From US Government, US States

• Beware Of Your Browser Extensions | Avast

• February 2021’s Most Wanted Malware: Trickbot Takes Over Following Emotet Shutdown

• TrustArc launches PrivacyCentral to bring data privacy intelligence to enterprises

• Exchange Server security patch warning: Apply now before more hackers exploit the vulnerabilities

• F5 issues BIG-IP patches to tackle unauthenticated remote code execution, critical flaws

• Smart sex toys: appealing to you, exploitable to hackers

• Employers aren’t training staff to use new tech tools. Employees are paying the price

• Facebook Halts Project for Undersea Data Cable to Hong Kong

• Record Number of Cyber-Incidents Hit US Schools in 2020

• Third of Office Workers Warned After Sharing Data Via Unofficial Apps

• Menlo Security Gateway Now Protects Mobile Devices

• RedXOR, a new powerful Linux backdoor in Winnti APT arsenal

• Apple Could Use Contract Manufacturers Like Foxconn or Magna for Apple Car Assembly

• Wistron Resumes iPhone Production at Violence-Hit India Factory

• Advancements In Invoicing – A Highly Sophisticated Way To Distribute ZLoader

• AT&T Cybersecurity Launches Managed SASE Solution with Fortinet

• Should Security Ratings Require Independent Verification?

• UK to introduce new laws and a code of practice for police wanting to rifle through mobile phone messages

• Report: At least 10 hacking groups are exploiting Microsoft Exchange flaws

• Ransomware “Paralyzes” Spanish Employment Agency

• Illegal mobile application with more than 100 million users taken down in Spain

• Top Seven Cybersecurity Ripple Effects From 2020

• Clast82 Malware Dropper In 9 Utility Apps On Google Play Store

• 85% of workers are looking forward to returning to the office

• Å nei! Norway’s Stortinget struck by Microsoft Exchange malware

• Sky ECC denies police have ‘cracked’ encrypted messaging platform

• GitHub Informed Clients of “Potentially Serious” Security Bug

• Malware WannaCry And Vulnerability EternalBlue Remain at Large

• The Future of Cyberwarfare

• F5 addresses critical vulnerabilities in BIG-IP and BIG-IQ

• (ISC)² establishes Global DEI Task Force to expand cybersecurity workforce

• Want to add antivirus to your existing portfolio?

• India and China’s Conflict Goes Cyber

• Experts Reaction On Verkada Hack Affecting 150,000 Of Its Security Cameras

• Working hard to secure your network perimeter? The cybercrims will be pleased…

• NSW Police to use SMS geo-targeting tool to find ‘high-risk’ missing persons

• Senators concerned ‘hacking’ Bill powers could be used beyond intended scope

• Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP!

• Intel Corp. to Speak at SecurityWeek Supply Chain Security Summit

• HR Strategies to Drive Cybersecurity Culture in the New Normal

• Indian hackers spreading ransomware to retaliate Govt actions on Farmers

• Datto acquires BitDam to boost its cyber threat detection business

• Online health security – when ‘opt out’ isn’t an option

• Exchange servers under siege from at least 10 APT groups

• Piktochart – Phishing with Infographics, (Thu, Mar 11th)

• Alert overload still plagues cybersecurity industry

• Passing a compliance audit in the cloud doesn’t have to be hard

• Malware Dropper Found in 9 Malicious Android Apps on the Official Google Play store

• The impact of the pandemic on digital transformation and data access

• Defending enterprise systems during a pandemic

• Combating Risk Negligence Using Cybersecurity Culture

• Home Assistant, Pwned Passwords and Security Misconceptions

• ISC Stormcast For Thursday, March 11th, 2021 https://isc.sans.edu/podcastdetail.html?id=7408, (Thu, Mar 11th)

• NetApp Astra provides application-aware data management for Kubernetes

• 4 Cybersecurity Best Practices for Your Small Business

• Top 20 Dockerfile Best Practices

• Australia’s answer to thwarting ransomware is good cyber hygiene

• Microsoft Exchange hack: Why so many enterprises still run their own Exchange servers

• Denuvo Anti-Cheat solution available on PlayStation 5

• AWS announces new lower cost One Zone storage classes

• HPE updates GreenLake cloud services portfolio with new capabilities and partnerships

• Now it is F5’s turn to reveal critical security bugs – and the Feds were quick to sound the alarm on these BIG-IP flaws

• Hackers access 150,000+ security cameras in massive Verkada hack

• API Security Weekly: Issue #124

• Attackers Won’t Stop With Exchange Server. You Need a New Playbook

• Ingram Micro Cloud collaborates with AWS to drive cloud innovation for channel partners

• Accedian launches TLS 1.3 decryption capabilities for Skylight platform

• Juniper Networks partners with PBX-Change to increase network speed and visibility

• Clint Poole joins Egress as CMO

• JupiterOne adds several industry leaders to board of investors

• Qumulo announced a full integration with Commvault

• Bridgepointe Technologies adds PacketFabric to its supplier portfolio

• Virtium releases StorFly Series 6 M.2 NVMe line of SSDs

• CyberArk appoints Avril England to its board of directors

• Ric Smith joins SentinelOne as CTO

• iPhone app exposed other people’s call recordings

• Top 10 Cybersecurity Vulnerabilities of 2020

• New House task force focuses on supply chain vulnerabilities

• Travel Oklahoma – 637,279 breached accounts

• IT Security News Daily Summary 2021-03-10

• How to Become a CISO in 5 Steps

• The Most Common Types of Cybercrime

• HASC chair pivots spending debate to acquisition reform

• Florida hack exposes danger to water systems

• NIST tackles video analytics for public safety

• DOD: Counter-drone defense calls for data fusion

• COVID raises the stakes for digitally accessible documents

• Fake Ad Blocker Delivers Hybrid Cryptominer/Ransomware Infection

• SAP Stomps Out Critical RCE Flaw in Manufacturing Software

• How cybercrime groups are exploiting the latest Microsoft Exchange flaws

• European Police Pounce After Cracking Crime Chat Network

• Superstar K-Pop Band’s TikTok Hacked

• Malware Operator Employs New Trick to Upload Its Dropper into Google Play

• Review: 2021 Chrysler Pacifica Shows Off Uconnect 5 With Wireless CarPlay

• Apple Renews Animated Musical Comedy ‘Central Park’ for a Third Season

• Twitter to Make ‘Spaces’ Chat Feature Available to Everyone in April

• Apple More Prominently Highlighting iPhone Trade-In Deals From Carriers

• Jamf move improves enterprise security and compliance for macOS

• Cyberattackers Exploiting Critical WordPress Plugin Bug

• F5 Patches Four Critical Bugs in Big-IP Suite

• Malware Operator Employs New Trick to Upload its Dropper into Google Play

• FBI-CISA Joint Advisory on Compromise of Microsoft Exchange Server

• BrandPost: Implementing Unified Security with an Open Fabric Ecosystem

• House passes Rescue package with TMF funding

• Startup uses NLP and AI to make software security reviews less painful

• Security platform replaces manual risk assessment with on-the-fly analysis during the build process

• WhatsApp Will Let iPhone Users Protect iCloud Backups with a Password

• Romance Fraudster Who Conned Jenifer Lewis Jailed

• Multiple Attack Groups Exploited Microsoft Exchange Flaws Prior to the Patches

• ‘Thousands’ of Verkada Cameras Affected by Hacking Breach

• US Schools Faced Record Number of Security Incidents in 2020

• Does a SIEM make sense for my MSP?

• BSidesSF 2021: Recharge Day 2

• Joy Of Tech® ‘Tweets For Sale’

• How Security Assurance Teams Can Use DevOps Principles to Become More Productive and Happier

• White hat hackers gained access more than 150,000 surveillance cameras

• Deals: Apple’s 512GB M1 MacBook Pro Hits New Low Price of $1,349.99 ($149 Off)

• Don’t Be a Victim of Cyber Extortion

• App Stores Have Kicked Out Some Location Data Brokers. Good, Now Kick Them All Out.

• Leaders warn of U.S. cyber vulnerabilities

• Hacktivists breach Verkada and view 150,000 CCTV cams in hospitals, prisons, a Tesla factory, even Cloudflare HQ

• Linux Foundation Announces Open-Source Software Signing to Combat Supply Chain Attacks

• OVH Datacenter Goes up in Flames

• zoMiner Botnet is Targeting Elasticsearch and Jenkins Servers

• Top sites affected after OVH data center catches disastrous fire

• CISA: No federal agencies compromised by Exchange hack so far

• Cyber criminals targeting hospitals are ‘playing with lives’ and must be stopped, report warns

• 150,000 security cameras allegedly breached in “too much fun” hack

• American Companies Not Taking Cybersecurity Seriously

• New major interventions to block encrypted communications of criminal networks

• Black Hat USA

• How to Protect Vulnerable Seniors From Cybercrime

• Hiding in Plain Sight: Protecting Enterprises from the ‘New’ Shadow IT

• F5 Security Advisory for RCE Vulnerabilities in BIG-IP, BIG-IQ

• Why the BISO May Be the Utility Player Your Org Needs Now

• The Week in Breach News: 03/03/21 – 03/09/21

• What is Secure Boot? It’s Where IoT Security Starts | Keyfactor

• VLANs Streamline Network Connectivity and Increase Security

• Get earlier, actionable vulnerability insights from Black Duck Security Advisories

• If you have an F5, it’s time to patch! Thanks Michele for the link to today’s crop of F5 CVE’s, which include an unauthenticated RCE against the API, and another RCE against “hidden” config pages! https://support.f5.com/csp/article/K02566623, (Wed, Mar 10th)

• See the Unseen in AWS Mirrored Traffic With VM-Series

• Apple Now Able to Repair an iPhone 12 Pro’s Cracked Rear Glass Without Replacing the Entire Device

• Apple TV+ Series ‘Lady in the Lake’ to Star Natalie Portman and Lupita Nyong’o

• How Biden’s Cyber Strategy Echoes Trump’s

• EU Privacy Law and U.S. Surveillance: Solving the Problem of Transatlantic Data Transfers

• The risks of social selling

• Leveraging Automation to Secure Your Remote & Hybrid Workforce

• Fuzzing Java in OSS-Fuzz

• EFF to Supreme Court: Users Must Be Able to Hold Tech Companies Accountable in Lawsuits When Their Data is Mishandled

• OVH cloud datacenter destroyed by fire

• International Women’s Day: Women in Cybersecurity

• Russia Slows Twitter And Threatens Total Ban

• Apple Chooses Munich For Chip Design Centre

• Enabling COOP and COEP reports on Report URI

• 3.6 million websites taken offline after fire at OVH datacenters

• 2020 was a ‘record-breaking’ year in US school hacks, security failures

• Nim-Based Malware Loader Spreads Via Spear-Phishing Emails

• How organizations can combat the security risks of working remotely

• Proposed Bill Would Allow Americans to Sue Foreign Cyber-Actors

• SolarWinds Unlikely to Be an Isolated Event as Attackers Become More Sophisticated

• EU Banking Regulator Suffers Cyberattack in a Microsoft Email Breach

• A Massive Security Breach for the Silicon Valley Start-Up

• University of the Highlands and Islands Deals with a Sudden Cyber Attack

• Threat Actors Ruined the Launch of Wiliams New FW43B Car

• Kremlin concerned about the report of possible US cyber attacks

• Microsoft Releases March 2021 Security Updates

• Researchers Unveil New Linux Malware Linked to Chinese Hackers

• CISO Stories Podcast: Your Job is to Make Cybersecurity Simple

• Linux Foundation Lauches Software Signing Service

• Twitter Testing Full-Sized Image Previews in Timeline on iOS and Android

• What Is IT Asset Inventory Management (ITAM)?

• Azure Defender for Storage powered by Microsoft threat intelligence

• Belgian cops crack down on encrypted phone network Sky ECC in 200 overnight raids as firm denies criminal ties

• Cyber attack on Norway Parliament and Russia Kremlin website down

• Ransomware: Prevention is better than cure

• Apple Cuts iPhone Orders By 20 Percent – Report

• Hackers steal $3.8 million from Defi Protocol DODO

• Cybersecurity in 2021: Stopping the madness

• 6 security risks in software development and how to address them

• What is Secure Boot? It’s Where IoT Security Starts | Keyfactor

• Researchers Show First Side-Channel Attack Against Apple M1 Chips

• Latest Mass Hacks Highlight Challenge for Biden Administration

• Developer Security Firm Snyk Raises $300 Million at $4.7 Billion Valuation

• Exchange Server issues loom over March Patch Tuesday

• ESET: More Than 10 APT Groups Exploiting Recent Microsoft Exchange Vulnerabilities

• Digitally Transforming Trusted Transactions Through Biometrics, ML & AI

• Call Recorder iPhone App Flaw Uncovered

• OVH data centers suffered a fire, many popular sites are offline

• Using Intelligence to Prioritize AWS Guard Duty Alerts

• Deals: Woot Discounts AirPods Pro to $189.99 ($59 Off) [Update: Sold Out]

• Datto acquires BitDam to help shape the security roadmap for MSPs

• Ryuk Ransomware Hits 700 Spanish Government Labor Agency Offices

• GandCrab Ransomware Affiliate Member Was Arrested For Phishing Attacks

• Palo Alto Networks CEO on what we know about the scope of the Microsoft hack

• Everything You Need to Know About Batteries in Your iPhone, iPad, and Mac

• 9 Practical Tips to Take Your Cybersecurity Career to the Next Level

• BrandPost: Hack to the Future: Why Attack Simulations are the Future of Security Control Testing

• New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor

• Capital One Ventures partners with Securonix on cloud-native security analytics in $24M deal

• App security platform provider Pathlock raises $20M

• Microsoft expands AccountGuard ahead of elections, deepens Yubico partnership

• Protect your online data with this decentralized VPN and firewall portable solution

• Breach Exposes Verkada Security Camera Footage at Tesla, Cloudflare

• How your remote employees may be sharing sensitive data

• Lumu Raises $7.5M to Advance Threat Detection

• Snyk Advances Developer-First Security with Series E Investment

• SharpRDP – PSExec without PSExec, PSRemoting without PowerShell, (Wed, Mar 10th)

• CEO Reaction On New Cyber Legislation

• Experts On West Ham Utd Website Leaks Users’ Data

• CEO Fraud Emails – Not Every Money Transfer Request You Receive is Legit

• Internet Advocates Call on ISPs to Commit to Basic User Privacy Protections

• Cybercrime could cost $10.5 trillion dollars by 2025, according to Cybersecurity Ventures

• BitSight Observations Into the HAFNIUM Attacks: Part One

• Belgian cops crack down on encrypted phone network Sky ECC in 200 overnight raids, as firm denies criminal ties

• Hackers steal $2.3 million from Defi Protocol DODO

• Check Point CloudGuard NDR integrates with AWS VPC Traffic Mirroring

• How Snyk targeted developers to become a $4.7B cloud-security giant

• FCW Insider: March 10

• Cyber Insurance Provider Corvus Raises $100 Million

• NHS Regulator Faces Surge in Email Attacks During Vaccine Rollout

• It’s Open Season for Microsoft Exchange Server Hacks

• How to Balance IT Stability and Strong Security

• Deals: Woot Discounts AirPods Pro to $189.99 ($59 Off)

• Experts Insight On Critical Remote Code Execution Flaws, IE Zero-Day Fixed In Microsoft’s March Patch Tuesday

• Verkada security cameras hijacked following breach

• Adobe releases security patches for a number of their apps

• Four IT Applications in Western Australia Are Having Control Weaknesses

• The CARES Grant: Don’t Leave Money on the Table

• The Best Way To Track Your Kids’ Real-Time Location

• Right To Repair Law To Tackle E-Waste Problem

• DataGrail, which helps enterprises manage data privacy requests, raises $30M

• How weak passwords could put your organization at risk

• Aqua Security Achieves Unicorn Status After $135 Million Funding Round

• Hackers Breach Cameras at Banks, Jails, Tesla and More

• Aqua Security Announces $135 Million in Series E Funding at a $1 Billion Valuation

• More on the Chinese Zero-Day Microsoft Exchange Hack

• Expert Views: Microsoft Exchange Is Not The Issue, Email Is

• z0Miner Spreads Using ElasticSearch and Jenkins RCE Vulnerabilities

• Benefits And Risks Of Remote Work For Businesses | Avast

• 2021 Cybersecurity Outlook: Attackers vs. Defenders

• Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…

• Is Your Fate In the Cloud? What Is Security Shared Fate?

• Aqua Security protects containerized apps and infrastructure, raises $135M

• SAP Patches Critical Flaws in MII, NetWeaver Products

• Most Threat Analysts Banned from Sharing Intel with Peers

• It’s Open Season for Microsoft Exchange Hacks

• Leaked Renders Claim to Show Third-Generation AirPods Design

• Researchers discover flaws in Apple’s offline ‘find my device’ feature

• Hackers Breach Security Company Verkada Accessing 150,000 Cameras Inside Tesla, Hospitals, and Jails

• 5 reasons why the cost of ransomware attacks is rising

• Why the Microsoft Exchange Server attack isn’t going away soon

• Tesla Shares Rally After Expensive Share Slide

• Iranian Hackers Uses ScreenConnect Remote Access Tool to Target Government Agencies

• Exposed admin password leads to massive surveillance camera breach at hundreds of businesses

• OVHcloud data centers engulfed in flames

• WaterISAC: 15 Security Fundamentals You Need to Know

• Exposed Password Gave Hackers Access to 150,000 Cameras

• Russia threatens to block Twitter over banned content

• Microsoft Exchange: Patching Too Late If Already Compromised

• Loose SPF, DKIM, DMARC, and ARC Settings Sabotage Security

• Verkada CCTV Breach Exposes Hundreds Of Businesses

• Unpatched Flaws in Netgear Business Switches Expose Organizations to Attacks

• Microsoft Expands Coverage of Exchange Server Patches

• FIN8 Hackers Return With More Powerful Version of BADHATCH PoS Malware

• A flaw in The Plus Addons for Elementor WordPress plugin allows sites takeover

• Ad blocker with miner included

• Adobe Photoshop 22.3 Update Rolling Out With Apple Silicon Support

• US Govt Concern Over A Hack On Microsoft’s Exchange Email Software

• Cybersecurity Expert Insight: SITA Data Breach

• Experts Reaction On Tens Of Thousands Of US Organisations Hit In Ongoing Microsoft Exchange Hack

• Heimdal™ Proactively Protects Its Customers Against Microsoft Exchange Server Exploit

• Brit cybercops issue tender to rip and replace their formerly flaw-ridden CyberAlarm tool

• Microsoft’s March Patch Tuesday fixes 14 Critical flaws

• Apple to Invest Over 1 Billion Euros in Munich Silicon Design Center

• EU Banking Reg. Hit By MS Exchange Attack– Experts Reaction

• REvil ransomware’s calling, and it’s not good news

• Looking for adding new detection technologies in your security products?

• Is Cybersecurity More Difficult Than Going to Mars?

• Missing colleagues in cybersecurity? That’s no surprise – the world is missing 3.5 million

• What Most Enterprises Get Wrong About ZTNA

• How to mitigate security risks as cloud services adoption spikes

• ZecOps Selected to Fast Company’s Most Innovative Companies for 2021

• Hackers breach systems of Cloud based Security Camera company Verkada

• French company sues Apple Inc over Data Privacy

• The Future of Global Cybersecurity in the Manufacturing Industry

• How to Apply Patches to Mule 4.x

• Importance of 2FA in Improving The Security Of Atlassian Products

• Verkada disables accounts after reports its security cameras were breached

• WhatsApp may soon roll out encrypted chat backups

• Microsoft Issues Security Patches for 82 Flaws — IE 0-Day Under Active Attacks

• Protecting Your Data from Cyber Extortion: Lessons from the Latest Mega-hack

• 372% increase in healthcare bot traffic could tamper with booking vaccine dates

• 2021 Hacker Report: Hackers are not just driven by money

• Human rights lawyers ask Australia’s ‘hacking’ Bill be redrafted

• iPhone 12 Mini Faces Production Cut Due to ‘Far Lower’ Demand Than Expected

• Rapid digital transformation makes an application strategy a business imperative

• Most decision makers plan to increase spending on cybersecurity this year

• How FIM Is More Than Just About Maintaining Compliance

• ISC Stormcast For Wednesday, March 10th, 2021 https://isc.sans.edu/podcastdetail.html?id=7406, (Wed, Mar 10th)

• Two New Apple Silicon MacBooks Expected to Enter Mass Production in Second Half of 2021

• Lightspin enhances contextual security for cloud environments

• Free sigstore signing service confirms software origin and authenticity

• FireEye CEO: Reckless Microsoft Hack Unusual for China

• 2021 iPad Pro Case Found at Target as Rumors Swirl About Upcoming Refresh

• Akash MAINNET 2 decentralized open-source cloud now available

• India pauses blockchain-powered SMS spam-scrubber after it swallows people’s one-time login codes

• Microsoft Patch Tuesday, March 2021 Edition

• Sontiq acquires Breach Clarity to lead data breach and financial fraud protection initiatives

• VMware unveils portfolio updates to help customers modernize apps and infrastructure

• Big Breaches: Cybersecurity Lessons for Everyone book released

• Cybercrime could cost $10.5 trillion dollars by 2025

• Combating Evolved Cyber Threats Starts With Knowing Where You Stand

• Privacy in Practice: Securing Your Data in 2021 and Beyond

• Linux Foundation announces new open-source software signing service

• 1Password for Mac Updated With Apple Silicon Support

• The Microsoft Exchange Hack and the Great Email Robbery

• CybelAngel announces new hires and plans for London office

• Mastercard expands Engage platform to provide digital payment experiences for consumers

• Gigamon Hawk integrates with AWS to simplify and secure cloud adoption

• TinyCheck: Stalkerware detection that doesn’t leave a trace

• Pentagon issues cyber tasking order in response to Exchange hack

• WA Auditor-General finds control weaknesses in four state IT applications

• Apple’s Device Location-Tracking System Could Expose User Identities

• Apple Podcasts App Lets Users ‘Follow’ New Content Instead of ‘Subscribe’ in iOS 14.5

• SailPoint appoints Heather Gantt-Evans as CISO

• Ayla Fast Track program helps OEMs quick launch of new connected products

• Microsoft’s big email hack: What happened, who did it, and why it matters

• HASC chair flips spending debate to acquisition reform

• VERT Threat Alert: March 2021 Patch Tuesday Analysis

• Microsoft Patch Tuesday Updates Fix 14 Critical Bugs

• How to enable Android’s Password Checkup feature

• Microsoft Patch Tuesday Fixes 82 CVEs, Internet Explorer Zero-Day

• SAP Releases March 2021 Security Updates

• Beware the IDEs of March: Microsoft’s latest monthly fixes land after frantic Exchange Server updates

• IT Security News Daily Summary 2021-03-09

• Sarbloh ransomware aims at supporting Indian Farmers’ Protest

• Space Force seeks central portal for application development

• A global semiconductor shortage highlights a troubling trend

• Unlocking the mysteries of science with Linux containers

• Hafnium hack poses extended threat

• Agencies on track for data center optimization

• Dark Web Markets for Stolen Data See Banner Sales

• Warning the World of a Ticking Time Bomb

• Phishing, Scam, & Marketing Emails: What’s the Difference?

• MetalBallStudios: Size Of The Internet – Bytes In Perspective

• Another French hospital hit by a ransomware attack

• Sonos Unveils Portable $169 Roam Speaker With AirPlay 2, Sound Swap, and More

• Introducing sigstore: Easy Code Signing & Verification for Supply Chain Integrity

• Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates

• Why MITRE ATT&CK Matters?

• Martorana to take over as federal CIO

• Microsoft’s March Patch Tuesday: Critical remote code execution flaws, IE zero-day fixed

• Fastest VPN in 2021

• Adobe releases batch of security fixes for Framemaker, Creative Cloud, Connect

• Adobe Critical Code-Execution Flaws Plague Windows Users

• Microsoft Exchange Server attacks: What we know so far

• Report: Medical Misinformation Has Been Spreading On Facebook For Years Despite Policies

• Linux Foundation Debuts Sigstore Project for Software Signing

• Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities

• Microsoft March 2021 Patch Tuesday, (Tue, Mar 9th)

• EFF to Supreme Court: States Face High Burden to Justify Forcing Groups to Turn Over Donor Names

• Microsoft hack was looking for target whereas SolarWind had a target: Pro

• Microsoft Exchange attacks cause panic as criminals go shell collecting

• Abode launches $35 Abode Cam 2 security camera

• UVMask by UM Systems: COVID-19 protective gear for the present, and future

• Microsoft Ships Massive Security Patch Bundle

• Vodafone Calls for New Cybersecurity Policies to Help SMEs

• Arkansas Bill Addresses “Unfair” Social Media Censorship

• Dark Reading ‘Name That Toon’ Winner: Gather ‘Round the Campfire

• Who’s Hacking You?

• 3 Ransomware Myths Businesses Need to Stop Believing ASAP

• Adobe Releases Security Updates

• XKCD ‘Vaccine Guidance’

• 10 Tips to Strengthen Your Insider Threat Program – Data, Intent and Context [Part 1]

• PerimeterX Named to Fast Company’s List of the World’s Most Innovative Companies for 2021

• Security Vulnerability in ‘Call Recorder’ App Exposed User Conversations

• Disney+ Now Has More Than 100 Million Subscribers

• Apple Releases New ‘3C39’ AirPods Max Firmware

• Here’s Merrick Garland’s Orientation Memo for the Trump-Era Hangover on Press Freedom

• Was SolarWinds a Different Type of Cyber Espionage?

• March 2021 Patch Tuesday: Microsoft fixes yet another actively exploited IE zero-day

• US newspaper’s ‘Biden will hack Russia’ claim: A good way to reassure Putin you’ll leave him alone

• Android users hit by banking trojan in 10 Play Store apps

• Adobe Patches Code Execution Flaws in Connect, Creative Cloud, Framemaker

• Breach Clarity Acquired by Sontiq

• FTC Urged to Enforce Rules that Protects User Health Data Shared with Fertility Apps

• U.S. Department of Justice Warns of Fake Unemployment Benefits Websites Stealing Data

• 48% of Security Pros Prohibited From Intelligence-Sharing

• Huge Fallout from Microsoft Incompetence: Let’s Exchange Exchange

• Octane X GPU Renderer Comes to Mac App Store

• T-Mobile Automatically Opting Customers In to Expanded Data Collection Program for Targeted Ads

• Apple Planning Switch to Randomized Serial Numbers for Future Products Starting in ‘Early 2021’

• Best Mac cleaner: Favorite cleaning and optimization tools

• Top 5 things to know about messaging apps

• Apple Patches Remote Code Execution Bug in WebKit

• Third French Hospital Hit by Cyberattack

• Leaked Development Secrets a Major Issue for Repositories

• COVID-19 Contact-Tracing Apps Signal Broader Mobile App Security Concerns

• Apple Releases Security Updates

• Microsoft releases ProxyLogon patches for unsupported Microsoft Exchange versions

• Should You Buy a Super Cheap Refurbished iPhone From Amazon?

• BitSight Observations Into HAFNIUM: Part One

• Flagstar Bank Suffers Data Breach

• Scammers Are Already Targeting the Next Round of Coronavirus Relief Checks

• New Ransomware Encrypts Files in Support of Indian Farmers

• New free software signing service aims to strengthen open-source ecosystem

• Google Play Harbors Malware-Laced Apps Delivering Spy Trojans

• West Ham Supporters’ Personal Details Leaked on Club Website

• Sunshuttle, the Latest Strain Allegedly Linked to SolarWinds Hackers

• Belkin’s 2-in-1 MagSafe Charger for iPhone and AirPods Now Available for Pre-Order

• Apple Exploring Wider Use of Haptic Feedback on MacBooks

• GitHub Fixed a Bug impacting Authenticated Sessions

• Scholars Under Surveillance: How Campus Police Use High Tech to Spy on Students

• Insurance CEOS warn of rapid cost increases from cyber losses

• Azure LoLBins: Protecting against the dual use of virtual machine extensions

• Symphony Technology to acquire Cybersecurity Firm McAfee for $4 billion

• Best Route Optimization Software in 2021

• NetApp AI open-source software and tools

• Privacera raises $50M to help companies manage compliance and security risk across clouds

• Best VPN service in 2021: Safe and fast don’t come free

• Apple Plugs Severe WebKit Remote Code-Execution Hole

• Vulnerability That Allows Complete WordPress Site Takeover Exploited in the Wild

• Look to Banking as a Model for Stopping Crime-as-a-Service

• Microsoft Pushes Patches for Older Versions of Exchange Server

• Cisco Email Security Expands, Simplified to Detect More Threats, Stop More Attacks

• What is NoSQL Injection Attack and How to Prevent It?

• Reflections on 2020 security vulnerabilities

• Microsoft’s Crazy Huge Hack, Explained

• Emails Show Shadow Structure Behind Encrochat

• Malicious Apps On Google Play Dropped Banking Trojans On User Devices

• Chinese Hackers Targeted SolarWinds Customers In Parallel With Russian Op

• Twitter Executive on Super Follows and Apple’s Subscription Fees: ‘We’re Not in the Business of Getting Around Platform Rules’

• 12.9-Inch iPad Pro With Mini-LED Display Said to Launch as Soon as Late March

• Five Ways Bad Bots Are Threatening Financial Services

• Patch Tuesday, March 2021: Microsoft Releases Several Out-of-Band Patches for Windows Exposures, Including Four Documented Zero-Day Server Exchange Vulnerabilities

• Zero Day Attack 101: What It Is and How to Deal with It

• US Bank and Mortgage Lender Flagstar Victim of a major data breach

• European Banking Authority Reveals Microsoft Exchange Hack

• And the 2021 Cybersecurity Excellence Awards Go To …

• Have You Taken Our LinuxSecurity User Survey?>

• Why the Demand for Application Development Security Skills Is Exploding

• Bug bounties: More hackers are spotting vulnerabilities across web, mobile and IoT

• How the SolarWinds attack may affect your organization’s cybersecurity

• Intel to Speak at SecurityWeek Supply Chain Security Summit on March 10th

• Siemens Releases Several Advisories for Vulnerabilities in Third-Party Components

• Protection and Privacy Pivotal to the UK’s National Data Strategy

• Representative of the Russian Foreign Ministry announced the need for universal regulation of the Internet

• How to Quickly Integrate your SD-WAN with Bitglass

• Is MFA a Security Illusion?

• Cloud Entitlements Are the New Security Perimeter: Wipro State of the Cybersecurity Report 2020

• Apple fixes CVE-2021-1844 RCE that affects iOS, macOS, watchOS, and Safari

• The Broader Application of Pentesting Skills

• Apple Highlights Women’s Health Study Data to Help ‘Destigmatize Menstruation’

• Deals: Save Up to $150 on Apple’s 2020 iMac Lineup, Including Lowest Prices on 21.5- and 27-Inch Models

• Expert Insight On Indian state government website exposed COVID-19 lab test results

• More Than 1m Small Businesses ‘At Risk Of Collapse’ Due To Cyber Threats

• Unpatched QNAP NAS Devices Targeted by UnityMiner in Cryptocurrency Mining Campaign

• iPhone, iPad and Mac security: Apple releases fixes for bug that could allow code execution via malicious web content

• European Banking Authority restores email service in wake of Microsoft Exchange hack

• Huge Rise in Hackers Submitting Vulnerabilities During #COVID19

• Experts On Elara Caring Discloses Data Breach

• February 2021 Cyber Attacks Statistics

• Secure Access to Your Google Chrome Enterprise With Duo

• 6 Tips to Integrate Security into Agile Application Development

• New Crypto-Miner Campaign Targets QNAP NAS Devices via the Unauthorized RCE Vulnerability

• GitGuardian data reveals 20% rise in ‘secrets’ hidden in public GitHub repos

• GitHub Informs Users of ‘Potentially Serious’ Authentication Bug

• Serious Security: Webshells explained in the aftermath of HAFNIUM attacks

• Veriff Appoints Duncan Steblyna as New VP of Product

• Guardian: Truecaller Fixes Location Vulnerabilty In Its New App

• Spying on your Exchange Server

• TrendForce: Apple Overtook Samsung to Become World’s Largest Smartphone Maker in Fourth Quarter

• Apple Set to Begin iPhone 12 Production in India

• QNAP storage devices hijacked by UnityMiner cryptocurrency malware

• GitHub bug invalidated users’ sessions and logged them out of their accounts

• EU Aims To Boost High-End Semiconductor Production

• Analyst: Apple AR Headset Could Arrive ‘Next Year’

• Microsoft Exchange attacks: Now Microsoft rushes out a patch for older versions of Exchange

• Microsoft Exchange server hack: Banking agency on ‘heightened alert’ after cyberattack

• Malicious apps on Google Play dropped banking Trojans on user devices

• 10 Google Play Apps Found Containing Banking Malware

• 9 Android Apps On Google Play Caught Distributing AlienBot Banker and MRAT Malware

• Microsoft Exchange Server Hack

• Sarbloh ransomware supports Indian Farmers

• How to patch Exchange Server for the Hafnium zero-day attack

• Deliveroo To Hand Some Riders £10,000 Bonuses

• Tesla Share Slide Wipes £200bn Off Market Capitalisation

• Data Privacy Legislation Update | Avast

• Dangerous Malware Dropper Found in 9 Utility Apps on Google’s Play Store

• FCW Insider: March 9

• Quick Hits

• Microsoft Exchange attacks: Now Microsoft rushes out a patch for these unsupported Exchange servers, too

• So it appears some of you really don’t want us to use the word ‘hacker’ when we really mean ‘criminal’

• DARPA Ramps-Up FHE Encryption Project with Intel

• The Microsoft Exchange Server mega-hack – what you need to know

• Seizure of €14 million worth of contraband cigarette leads to 13 arrests in Danish-Dutch sting

• Cybersecurity Webinar — SolarWinds Sunburst: The Big Picture

• Migrating Spring Boot Applications to AWS Lambda with No Code Change

• Don’t run that code

• Apple’s Personalized Ads System Targeted in Privacy Complaint to French Data Regulator

• (ISC)² 2021 Security Congress to focus on cybersecurity challenges across regions

• Google ‘Recommended Therapy’ Following Racism Complaints

• Isle Of Wight Drone Medical Delivery Trials Set To Continue

• UnityMiner cryptocurrency malware hijacks QNAP storage devices

• Flaws in Apple Location Tracking System Could Lead to User Identification

• NCSC: Don’t Fall for Mother’s Day Scams This Week

• SolarWinds Hack — New Evidence Suggests Potential Links to Chinese Hackers

• European Banking Authority Compromised By Exchange Hackers

• SITA Data Breach Exposes Numerous Airlines

• Google reCAPTCHA used by Phishing Attackers

• Microsoft Exchange Hackers Also Breached European Banking Authority

• Secure Offboarding Best Practices

• SUPERNOVA backdoor that emerged after SolarWinds hack is likely linked to Chinese actors

• Imperva recognized for Performance in The Forrester Wave™: DDoS Mitigation Solutions, Q1 2021 Report

• Application security testing is not just buzzwords

• U.S. issues warning after Microsoft says China hacked its mail server program

• Apple Issues Patch for Remote Hacking Bug Affecting Billions of its Devices

• Stop Password Reuse by Going Passwordless

• Kuo: 2023 iPhones to Feature ‘Periscopic’ Telephoto Lens

• Keeping your serverless architecture secure

• GitHub bug briefly gave valid authenticated session cookies to wrong users

• Bitglass achieves FedRamp Cloud Security compliance through StackArmor

• Biden to launch cyber attack task force against adversaries

• Intel joins DARPA in search of encryption ‘holy grail’

• Going dark: Service disruptions at stock exchanges and brokerages

• Women in cybersecurity: Gender gap narrows but not enough

• Azure flings out free virtual trusted platform module for cloudy VMs

• Kuo: Apple’s Upcoming Mixed Reality Headset to Feature 15 Camera Modules

• 49% of female cybersecurity pros say the pandemic had a positive impact on their career

• A great deal of employees have inappropriate access to sensitive data

• Compliance – The Invisible Hand of Cybersecurity

• Ghidra 101: Loading Windows Symbols (PDB files)

• Microsoft Server Hack Has Victims Hustling to Stop Intruders

• New Side-Channel Attack Targets Intel CPU Ring Interconnect

• 451 Research Shows Security is #1 Challenge to Cloud Adoption

• 5G slicing will generate $20 billion in revenue

• Only 12% of enterprises have fully embraced SASE

• ISC Stormcast For Tuesday, March 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7404, (Tue, Mar 9th)

• McAfee sells its Enterprise business for $4 billion

• eBook: Protecting Active Directory

• Avaya announces devices designed to improve workstream collaboration

• Intel partners with DARPA to perform in Data Protection in Virtual Environments program

• Hafnium hack poses new long-term threat for already overtaxed cyber workers

• Intel Corp. to Speak at SecurityWeek Supply Chain Security Summit

• Microsoft supports Paysafe’s move to cloud-based services

• Airspan enters into agreement with NBA to expand 5G market

• Apple emits patches for iOS, macOS, Safari, etc to stop dodgy websites hijacking people’s gadgets

• What Is It Like to Be an Ethical Hacker?

• CISA Strongly Urges All Organizations to Immediately Address Microsoft Exchange Vulnerabilities

• How to Disable Tab Previews in Safari on Mac

• BMW CFO on Apple Car: ‘Competition is a Wonderful Thing’

• Bitglass receives FedRAMP Moderate ATO for their Total Cloud Security Platform

• AMS partners with Revature enabling organizations to compete in the future of work

• A contractor calls for hiring more techies in-house

• TMF set to receive $1B infusion in COVID relief bill

• Microsoft Exchange Server attack hits local governments

• McAfee to Sell Enterprise Business to Equity Firm STG for $4B

• KnowBe4 Buys Competitor MediaPRO

• iMac Pro Now Listed as ‘Currently Unavailable’ in U.S. and Canada [Update: Back in Stock]

• Apple TV+ Show ‘Ted Lasso’ Nominated for Additional Awards

• Marianna Tessel joins Cisco board of directors

• EFF, ACLU and EPIC File Amicus Brief Challenging Warrantless Cell Phone Search, Retention, and Subsequent Search

• Google engineer urges web devs to step up and secure their code in this data-spilling Spectre-haunted world

• 2021-03-08 – Spelevo Exploit Kit (EK) pushes ZLoader malware

• Feeding Frenzy as criminal groups stake their claim on Outlook Web Access servers

• Vague contract language hampers cybersecurity for weapons systems, GAO says

• Achieving air-tight cybersecurity with KVM

• DARPA picks teams to bring homomorphic encryption to life

• Ezviz C3X outdoor security camera review: Simple setup, superb features

• Security chaos engineering helps you find holes in your cyber defenses before hackers do

• Facebook Is Grilled About The Role Of Weapons Ads In Jan. 6 Riot

• Intel, Microsoft Aim for Breakthrough in DARPA Encryption Project

• Microsoft Exchange Server Attack Escalation Prompts Patching Panic

• ‘Retaliation’ for Russia’s SolarWinds Spying Isn’t the Answer

• How Europe’s Intelligence Services Aim to Avoid the EU’s Highest Court—and What It Means for the United States

• Lawfare Live: War Powers in the Biden Administration

• IT Security News Daily Summary 2021-03-08

• European Banking Authority victim in Microsoft Exchange Server hack

• TAU Threat Advisory: Microsoft Exchange Servers Targeted with Four Zero-day Exploits

• Crypto-Miner Campaign Targets Unpatched QNAP NAS Devices

• Newest Intel Side-Channel Attack Sniffs Out Sensitive Data

• How the Microsoft Exchange hack could impact your organization

• McAfee Sheds Enterprise Business in $4 Billion Deal

• Microsoft releases tools as Exchange Server attacks increase

• HAFNIUM and SolarWinds Attacks Highlight Lack of Accountability

• iMac Pro Now Listed as ‘Currently Unavailable’ in U.S. and Canada

Generated on 2021-03-14 23:58:25.983751