IT Security News Daily Summary 2020-01-25

• Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks

• Daniel Stori’s ‘To Save The DevOps World’

• DEF CON 27, Voting Village – Kate Trimble’s ‘Ideas Whose Time Has Come: CVD, SBOM And SOTA’

• PayPal, American Express Phishing Kits Added to 16Shop Service

• Internet Explorer Targeted by North Korean Hackers: How to Stay Safe?

• 10% of All Macs Shlayered, Malware Cocktail Served

• The Sneaky Simple Malware That Hits Millions of Macs

• Visibility Gap of Your Security Tools, (Sat, Jan 25th)

• China Locks Down 35M People Over Coronavirus Case

• NYPD Arrests Ninth Methbot Gang Member

• Clearview AI Sued Over Privacy Concerns

• The Chrome Web Store Is Currently Facing A Wave Of Fraudulent Transactions

• Cisco Webex flaw allows unauthenticated remote attackers to join private meetings

• How to achieve out-of-the box global IoT connectivity

• The Report: Impeachment, Day Four

• Lawmakers want probe of spectrum management ‘breakdown’

• Livestream: Senate Impeachment Trial Day 5

• Trump, Johnson Talk Security Ahead of Huawei Decision

• Modified TrickBot Trojan can now Steal Windows Active Directory Credentials

• Google Calls Out Safari for Privacy Flaws

• The Chrome Web Store is currently facing a wave of fraudulent transactions

• Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

• Cisco Webex Vulnerability Exploited to Join Meetings Without a Password

• The Doomsday Clock Moves Closer Than Ever to Midnight

• Scraping the Web Is a Powerful Tool. Clearview AI Abused It

• Teenagers today. Can’t take them anywhere, eh? 18-year-old kid accused of $50m SIM-swap cryptocurrency heist

• For the second time in a few days, Greek Government websites hit by DDoS attacks

• Mozilla has banned nearly 200 malicious Firefox add-ons over the last two weeks

• Weekly Update 175

• Snake Ransomware That Written in Golang Language Removes Backup Shadows Copies & Encrypt Windows Files

• Don’t Fall for This FedEx Text Message Scam

• Tout – 652,683 breached accounts

• UK to develop a system to track cryptocurrencies

• Thales’ Central Issuance award win underlines growing role of Fintech innovation in Chile

• Iran Hacking Group Used Open Source Multi-platform PupyRAT to Attack Energy Sector Organization

• Iran Hacking Group Used Open Source multi-platform PupyRAT to Attack Energy Sector Organization

• Apple to Participate in Meeting Advocating for Better Patient Access to Health Info

• Ryuk Ransomware — Malware of the Month, January 2020

• Synopsys adds world-class security to Finastra’s banking app ecosystem FusionFabric.cloud

• How the North Korean hackers behind WannaCry got away with a stunning crypto-heist

• Experts: Windows Feature Can Be Used as Ransomware

• The Week in Ransomware – January 24th 2020 – Duck for Cover!

• Adult website leaves sex workers’ personal information vulnerable, report says

• 2020-01-24 – Italian malspam pushes Ursnif

• Shlayer malware puts thousands of macOS devices at risk

• LastPass accidentally deleted its own Chrome extension

• Saudi Hack of Bezos’ Phone Shines Bright Light on Security Challenges

• London Police Amp Up Surveillance With Real-Time Facial Recognition

• IT Security News Daily Summary 2020-01-24

• Friday Squid Blogging: More on the Giant Squid’s DNA

• Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

• ‘CardPlanet’ Operator Pleads Guilty in Federal Court

• 7 Steps to IoT Security in 2020

• ThreatList: Ransomware Costs Double in Q4, Sodinokibi Dominates

• New Social Engineering Event to Train Business Pros on Human Hacking

• Victory! Lawsuit Challenging FOSTA Reinstated by Court

• Microsoft To Fix Windows 7 Black Wallpaper Bug for ESU Customers

• Trend Micro antivirus zero-day used in Mitsubishi Electric hack

• Citrix patches vulnerability as ransomware attacks emerge

• Threat Roundup for January 17 to January 24

• Netgear vulnerability exposed TLS certificates to public

• Don’t Write Copyright Law in Secret

• Security Lessons from a Division 1 Football Coach

• Citrix Releases Final Patch as Ransomware Attacks Ramp Up

• Tampa Bay Times hit with Ryuk ransomware attack

• The importance of protecting your devices from cyber attack

• Soleimani and the Tactical Execution of Strategic Self-Defense

• XKCD ‘Solar System Changes’

• DOS Exploit PoC Released for Critical Windows RDP Gateway Bugs

• NK CARROTBALL dropper used in attacks on U.S. Govn Agency

• Protecting Websites from Magecart and Other In-Browser Threats

• Embracing Data Privacy Day

• DEF CON 27, Voting Village – Kimberly Young McLear PhD ‘Organizational Cybernetics: A Key To Resilience’

• Questions Linger Over Investigation Into Jeff Bezos’ Hacking

• New Ryuk Info Stealer Targets Government and Military Secrets

• Forrester Study on the Benefits of Cloud vs. On-Premises AppSec

• DEF CON 27, Voting Village – Marian Schneider’s ‘Voting Systems Are Insecure: Lets Just Vote On Phones’

• Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings

• The best password managers

• Patreon Can’t Solve Its Porn Pirate Problem

• Open Source & Secure Software Development Are Not Mutually Exclusive

• Hackers targeting Arabic-speaking countries with malicious Microsoft Office documents

• Maze Ransomware Operators Leak More Stolen Data

• Patreon Still Has No Answer for the Yiff.Party Porn Pirates

• ProBeat: Why Google is really calling for AI regulation

• Vivin Cryptomining Malware Using Pirated Software to Infect Victim Computers

• Threat Actors Using PupyRAT to Target European Energy Sector

• Apple Seeds Third Beta of Upcoming macOS Catalina 10.15.3 Update to Developers

• Enclaves and SGX: Armor plate against deep-stack attacks

• Kirenaga’s David Scalzo on why one company might be ‘the end of privacy as we know it’

• Public sector workers continue to drive union participation

• New Bill Proposes NSA Surveillance Reforms

• 2020 Rings in a New Era of Cyber Attacks – and it’s Getting Personal

• Greece: Government Websites Hit by Cyberattack

• Jeff Bezos hack: Amazon boss’s phone ‘hacked by Saudi crown prince’

• Class-action lawsuit filed against controversial Clearview AI startup

• Proofpoint: Ransomware payments made in half of U.S. attacks

• ‘Butter Royale’ Debuts on Apple Arcade as Family-Friendly Take on Fortnite

• Does Your Domain Have a Registry Lock?

• Nice Try: 501 (Ransomware) Not Implemented

• 2015-member database floats off through breach in Royal Yachting Association’s hull

• Facebook’s Sir Nick Clegg Criticized Over WhatsApp Security

• Google finds privacy holes in Safari’s ITP anti-tracking system

• Hackers Target Unpatched Citrix Servers To Deploy Ransomware

• How to add a host to Observium

• Cybersecurity Trends to Watch in 2020

• Russian Pleads Guilty to Running Online Criminal Marketplace

• City of Potsdam Servers Offline Following Cyberattack

• How to set up secure credential storage for Docker

• Fake SWAT Calls Hit Tech Execs

• Mac Users Bombarded By Laughably Unsophisticated Malware

• Microsoft Releases Azure Security Benchmark

• FBI breach notice rules lauded by states, but some want more

• US Issues Cybersecurity Warnings Over Flawed Medical Devices

• Bipartisan Bill Aims to Reform NSA Surveillance of Americans

• Privacy Firm Finds Unsecured Cannabis Patient Information

• Citibank Phishing – Expert Comment And Analysis From Lucy Security CEO Colin Bastable

• NETGEAR TLS Certs Exposure – Expert Source

• VirusTotal Graph++

• Ransomware payments and downtime grew in 2019

• Simple Tips to Prevent your WhatsApp Account from Hackers

• 16 members of the United Tribuns Nomads street gang arrested in Spain

• Real Users Discuss How NetApp AFF Improves Performance, TCO, and Tiering

• When Computer Crimes Are Used To Silence Journalists: Why EFF Stands Against the Prosecution of Glenn Greenwald

• The More Authentication Methods, the Merrier

• MOST EMPLOYERS DON’T PAY FULL COST OF CERTIFICATIONS

• SWITCHING FROM OTHER FIELDS TO CYBERSECURITY IS PROFITABLE

• Week in security with Tony Anscombe

• Avast Still Supports Windows 7 | Avast

• The Challenge of Compliance in the Cloud

• London Police Adopt Facial Recognition Technology as Europe Considers Five-Year Ban

• SO YOU HAVE DECIDED TO BECOME CYBER SECURITY CERTIFIED, NOW WHAT?

• Access Misconfiguration for Customer Support Database

• London police deploy real-time facial recognition cameras

• Technical Report of the Bezos Phone Hack

• U.S. Govt Agency Hit with New CARROTBALL Malware Dropper

• 5 Resume Basics for a Budding Cybersecurity Career

• Citrix Releases More Patches for Exploited Flaw, Tool to Detect Compromise

• The Report: Impeachment, Day Three

• UK ‘to Decide on Huawei 5G Next Week’

• McAfee is Cutting Through the Jargon, and Empowering Consumers

• Microsoft is Adding Classic ‘Edge Mode’ to New Edge Browser

• CB Customer Spotlight: Q&A with BraunAbility’s Arlie Hartman

• NSA Releases Guidance on Mitigating Cloud Vulnerabilities

• Why You Should Take Social Media Account Takeover as Seriously as a BEC Attack

• How JSON Web Token (JWT) Secures Your API

• Hackers target unpatched Citrix servers to deploy ransomware

• Spring Boot REST Service Protected Using Keycloak Authorization Services

• Fake Smart Factory Honeypot Highlights New Attack Threats

• Hyperledger vs. Ethereum: Which Will Benefit Your Business?

• What Is a JWT Token?

• Online Employment Scams on the Rise, Says FBI

• How to Get Instant Java Web Security Vulnerability Alerts in GitHub

• BrandPost: Integrating Smart Systems: From Connected Cars to Security

• Privacy worries cited as possible reason for DNA test firm 23andMe’s sales downturn

• Scaling Security in Software Development: The Art of Possible

• 5 key strategies to upskill teams for the cloud

• Cybersecurity Canon Candidate Book Review: Code Girls: The Untold Story of the American Women Code Breakers of World War II

• Jeff Bezos Allegedly Hacked by Saudi Crown Prince | Avast

• Russian National Pleads Guilty to Having Run Cardplanet Marketplace

• #BSidesLeeds: Credential Stuffing Often Seen as “Volume” Cybercrime

• MDhex vulnerabilities open GE Healthcare patient monitoring devices to attackers

• This Week in Security News: Trend Micro Creates Factory Honeypot to Trap Malicious Attackers and Microsoft Leaves 250M Customer Service Records Open to the Web

• Automation pays off

• 2020’s ransomware attacks will be smarter and harder to stop

• New Windows Vulnerabilities Highlight Patch Management Challenges

• Researchers Earn $280,000 for Hacking Industrial Systems at Pwn2Own Miami

• Google: Flaws in Apple’s privacy tool could enable tracking

• Police are about to deploy ‘privacy destroying’ facial recognition cameras across London

• The Doomsday Clock just moved closer to midnight again. Tech is getting some of the blame.

• How Machine Learning Is Changing The Face Of Financial Services

• This simple malware still plagues one in 10 Mac users

• Citrix releases new patches to plug critical server vulnerability

• So, you want to be a CIO?

• VB2019 paper: Spoofing in the reeds with Rietspoof

• TrickBot Steals AD Credentials – Expert Comments

• Never-Before-Seen Malware Downloader In Phishing Emails Targeting US Gov Agencies – Expert Commentary

• #BSidesLeeds: Cyber is Running the World, More Innovation to Come

• Cybersecurity Experts Weigh In On Jan. 28 Data Privacy Day

• Russian operator of Cardplanet carding site pleads guilty in the US

• Protestors petition equity firm over .org buyout

• Tens of Thousands of Legal Cannabis Users from the USA Exposed in a Data Breach

• European Energy Firm Targeted by RAT Linked to Iran

• Owner of stolen data marketplace Cardplanet pleads guilty

• Twitter Demands AI Firm Cease Facial Image Collection

• 36 Years Ago Today, Steve Jobs Unveiled the First Macintosh

• 9th Methbot suspect arrested in massive clickfraud ring

• Lessons from Microsoft’s 250 million data record exposure

• Owner of Dark Web stolen data marketplace Cardplanet pleads guilty

• Ransomware Payments Doubled and Downtime Grew in Q4

• FCW Insider: Jan. 24

• Privacy watchdog throws wider net to protect children online

• Cisco fixes critical issue in Cisco Firepower Management Center

• U.S. Government Agency have been Hit with New Malware Dropper

• Malaysia site blocked under online falsehoods law by Singapore orders

• Moving Network Security to The Cloud

• Over 3 Million Buchbinder Car Renter Customers Information Exposed

• Sonos Boss Apologises For Update Controversy

• Collaboration Makes Smart Cities More Secure

• 250M customer support records exposed by Microsoft database misconfiguration

• Russian Pleads Guilty to Running ‘CardPlanet’ to Sell Stolen Credit Cards

• Experts predicted an increase in the number of DDoS attacks in 2020

• Apple Cautions EU About Common Charger Push

• Sonos Backtracks to Offer Fixes for Legacy Speakers

• German commercial companies in hacker focus – Panda protects you

• Menlo Security Protects Organizations from Iranian Retaliation

• The Biggest Cyber Threats and Trends to Look Out For 2020

• Facebook Will Add Facial Recognition to Messenger App

• Android Malware Removes Bloatware Apps for Its Own Good

• IT Security: Detection Doesn’t Equal Protection

• Amazon Chief’s Phone Hacked by the Saudi Arab Crown Prince

• US Government Planning New Sanctions Against Chinese Tech Giant Huawei

• Why Phishing Remains So Popular?, (Fri, Jan 24th)

• Singapore orders Malaysia site blocked under online falsehoods law

• Low-Intensity Conflict: Cyber, Iran’s Next Move

• Ransomware attack on Tampa Bay Times

• Russian Pleads Guilty in Virginia to Large-Scale Card Fraud

• Safari’s Intelligent Tracking Prevention Fails to Prevent Tracking

• CISOs: Make 2020 the year you focus on third-party cyber risk

• Albany County hit by second Cyber Attack in January 2020

• Over half of organizations were successfully phished in 2019

• Some Hackers Take the Ransom and Run: Researchers

• Update Your Browser to Support TLS 1.2 and WPA2-Enterprise

• More authentication and identity tech needed with fraud expected to increase

• Russian super-crook behind $20m internet fraud den Cardplanet and malware-exchange forum pleads guilty

• Non-removable Android Malware Infects System Process to Remove Pre-Installed Apps & Gain The Root Access

• BigID launches Discovery-In-Depth technology to provide orgs with visibility into PI and sensitive data

• Five key takeaways from European Utility Week 2019

• DOD wants a fast patching inventory management system

• Army’s cloud office slated to be fully operational in March

• Citrix Systems and FireEye introduce new tool for detection of compromise

• ISC Stormcast For Friday, January 24th 2020 https://isc.sans.edu/podcastdetail.html?id=6838, (Fri, Jan 24th)

• Ixia adds new ML features in the Hawkeye active network monitoring platform

• HiveIO updates Hive Fabric with added data protection, backup to the cloud, and app insights

• Bank-Verlag signs up for 3-D Secure authentication solution from Entersekt and Netcetera

• 2020-01-23 – German malspam pushes Ursnif

• Mastercard and The Rockefeller Foundation unveil new platform for data science partnerships

• 5 Straight Years of Delighting Our Customers with Outstanding Customer Support

• DISA awards Intelligent Waves with the global satellite communications contract

• Syniverse and AiRXOS to provide a communications infrastructure that manages drones

• Sonos CEO apologises but will not provide software updates for legacy products

• 2020-01-22 – Quick post: Hancitor infection with Ursnif

• Moody’s acquires RDC to expand its range of data solutions

• STACK INFRASTRUCTURE and Peterson Companies to develop a data center campus in Manassas, VA

• Block Access to Unsanctioned Apps with Microsoft Defender ATP & Cloud App Security

• Mac users are getting bombarded by laughably unsophisticated malware

• Kristen Robinson joins Splunk as Chief People Officer

• Apple says EU push for universal phone charger would ‘stifle innovation’

• DOD plans for security-focused guidance for DevSecOps

• After a decade of drama, Apple is ready to kill Flash in Safari once and for all

• The Key To Fixing Copyright Is Ending Massive, Unpredictable Damages Awards

• Google schedules I/O 2020 for May 12-14 in Mountain View

• Inside the World’s Highest-Stakes Industrial Hacking Contest

• The Annoying MacOS Threat That Won’t Go Away

• Onapsis appoints Dave DeWalt as Vice Chairman to its board of directors

• Microsoft Looms Over the Privacy Debate in Its Home State

Generated on 2020-01-25 23:55:12.483059