IT Security News Daily Summary 2020-11-16

• Use Spring Security and Feature Flags to Test in Production

• Attackers Target Porn Site Goers in ‘Malsmoke’ Zloader Attack

• Data is worth its weight in gold

• 7-step pandemic return-to-work IT infrastructure checklist

• Facebook Will Begin Using AI To Sort Content For Moderation

• DEF CON 28 Safe Mode Voting Village Village – Forrest Senti’s & Caleb Gardner’s ‘Secure The Vote – Hack A Fax’

• State of Software Security v11: How to Use the Findings

• Java Crypto Catchup

• Unprotected database exposed a scam targeting 100K+ Facebook accounts

• First M1 Apple Silicon Macs Now Arriving to Customers

• Apple Silicon M1 MacBook Pro Earns 7508 Multi-Core Score in Cinebench Benchmark

• Computer scientists launch counteroffensive against video game cheaters

• EFF Publishes New Research on Real-Time Crime Centers in the U.S.

• Citrix SD-WAN Bugs Allow Remote Code Execution

• Twitter Taps Mudge

• New Zoom feature can alert room owners of possible Zoombombing disruptions

• Cybersecurity: Top hackers make big money from bug bounties

• VoltPillager: New Hardware-Based Voltage Manipulation Attack Against Intel SGX

• Austria Privacy NGO Takes on Apple Over ‘Tracking Code’

• Zoom Debuts New Tools to Fight Meeting Disruptions

• EFF Urges Universities to Commit to Transparency and Privacy Protections For COVID-19 Tracing Apps

• Street Fighter maker says soz after ransomware hadoukens servers, puts 350,000 folks’ data at risk of theft

• #ISC2CONGRESS 5G Security: Two Sides of One Coin

• Cencosud Infected by Egregor Ransomware

• Citrix Releases Patches for Critical RCE Vulnerabilities in SD-WAN Center

• Lazarus Supply‑Chain Attack in South Korea

• ShinyHunters Target Numerous Firms In A Recent Wave Of Data Breaches

• Mirosoft advises ditching voice, SMS multi-factor authentication

• Hacked Security Software Used in Novel South Korean Supply-Chain Attack

• Healthcare Data Breaches to Triple in 2021

• Vulnerability Summary for the Week of November 9, 2020

• XKCD ‘Final Exam’

• Apple Podcasts Can Now Be Embedded on the Web

• Check, Please! Adding up the Costs of a Financial Data Breach

• Malsmoke operators abandon exploit kits in favor of social engineering scheme

• 5G Security: Two Sides of One Coin

• App helps manage work for remote staff

• Making data analysis accessible across the Army

• Employee surveillance software demand increased as workers transitioned to home working

• How to do cybersecurity – join us online for the Sophos Evolve event

• Naked Security Live – Don’t get hoaxed (pass it on)!

• #ISC2Congress: How 5G is Expanding the Attack Surface

• Teen Wins Peace Prize for Fighting Cyber-Bullying

• WOW64!Hooks: WOW64 Subsystem Internals and Hooking Techniques

• Vertafore Leak: Private Data of 28M Texans

• Crooks use software skimmer that pretends to be a security firm

• HomePod Mini Now Available for In-Store Pickup

• Apple Shares Trailer for Upcoming ‘Earth At Night In Color’ Docuseries

• Internet freedom in Asian countries: an analysis

• Forrester TEI study: Azure Sentinel delivers 201 percent ROI over 3 years and a payback of less than 6 months

• Security Awareness Training Won’t Give CISOs or Employees Peace of Mind

• A week in security (November 9 – November 15)

• #ISC2CONGRESS Opening Keynote Speaker: Policy and Technology Must Work Together

• How AI Can Make Cybersecurity Jobs Less Stressful and More Fulfilling

• 21 Public Sector Innovation award winners

• AF VAULT holds decision-making toolkit

• Cyber-attack disruption could last for months, says council

• Exposed Database Reveals 100K+ Compromised Facebook Accounts

• Meet the hackers who earn millions for saving the web. How bug bounties are changing everything about security

• Lazarus Group Targets South Korea via Supply Chain Attack

• Cyber-criminal Fined $300k for Pipeline Attacks

• IT Leaders Reliant on Data for Threat Insight

• State Actors Attack COVID-19 Research Efforts, Microsoft Says

• R2con 2020 Review

• Mainak Mazumdar, Nielsen’s Chief Data Officer, joins Satori’s Board of Advisors

• Inside the World of Cyber Venture Capital

• Apple Retains Fourth Place for Q3 Notebook PC Shipments, Industry Growth Limited by Supply Constraints

• First Impressions From HomePod Mini Customers: ‘The Sound Quality is Great’

• Demand forces companies to increase salaries of Cybersecurity Professionals

• BrandPost: 5 Tips to Help Security Teams Work Smarter, Not Harder

• BrandPost: How Cybersecurity Became a Business Issue in 2020

• Mozilla Says Intermediate CA Preloading Reduces Connection Errors in Firefox

• How to do cybersecurity – join us online for the Sophos Evolve event!

• The Art of Storytelling in Cybersecurity

• Lazarus malware delivered to South Korean users via supply chain attacks

• On Blockchain Voting

• Hackers Can Use Just-Fixed Intel Bugs To Install Malicious Firmware On PCs

• Scams Ramp Up Ahead Of Black Friday Cyber Criminal Craze

• Up To 350,000 People’s Information Stolen In Capcom Hack

• Microsoft Is Working On The Kerberos Authentication Bug

• Lazarus Malware Strikes South Korean Supply Chains

• On Appeal, House Republicans Press Forward With Legal Challenge to Proxy Voting

• Account Takeover Fraud Is Up 300%. What You Need to Know

• Street Fighter maker says soz after ransomware hadoukens servers leaving 350,000 folks’ data at risk of compromise

• Tom Siebel-Founded AI Start-Up C3.ai Files For Public Offering

• New Jupyter backdoor malware steals Chrome, Firefox data

• A good sign from the new administration about USDS

• Meet the hackers who earn millions for saving the web: How bug bounties are changing cybersecurity

• Hacked Websites, Hate Speech Hit Suburban Chicago Schools

• Cryptocurrency Service Proposes Bug Bounty to Attacker Who Stole $2 Million

• A Call for Change in Physical Security

• The 5 best WordPress security plugins for complete site security

• [Updated 2020] Hacked Email Account: What to Do If It Happens to You or Your Business

• Accelerating Security and the Cloud With Bitglass and AWS Global Accelerator

• Enhancing Visibility with Bitglass and Splunk

• Déjà vu – macOS hits OCSP hurdles

• Gmail users get new controls for data used to personalize Google’s ‘smart’ features

• VMware plots ‘modern network’ strategy with Project Antrea, new features for Tanzu service mesh

• Jupyter trojan: Newly discovered malware stealthily steals usernames and passwords

• David’s guide to surviving Thanksgiving 2020: Stay safe, stay home

• The ransomware landscape is more crowded than you think

• Microsoft hits the brakes on Windows 10 updates in December 2020

• Biotech Company Miltenyi Biotec Discloses Malware Attack

• Cybersecurity Lessons from the Pandemic: Prevention

• Deals: Apple Watch Series 6 and SE Discounted by $50, Starting at $230 for 40mm GPS SE

• M1 Chip Beats GeForce GTX 1050 Ti and Radeon RX 560 for Graphics Performance

• Make It Your Own: Brand Customization With Our Universal Prompt

• Bitcoin Exchanger – Overview, Importance, and More!

• Tackling Data Regulations As A Business for Employees

• Defining data protection standards could be a hot topic in state legislation in 2021

• Lessons from Teaching Cybersecurity: Week 7

• Lazarus Group Used Supply Chain Attack to Target South Korean Users with Malware

• Cybercrime Moves to the Cloud to Accelerate Attacks Amid Data Glut

• macOS Big Sur 11.0.1 Patches 60 Vulnerabilities

• Apple Has Sent Folding iPhones to Foxconn for Testing, According to Chinese Report

• It’s Time to Test Your CISSP Knowledge!

• 6 security shortcomings that COVID-19 exposed

• Windows 10 update problem: We’re fixing Kerberos authentication bug, says Microsoft

• What Is SCM (Security Configuration Management)?

• Privacy Activists in EU File Complaints Over iPhone Tracking

• Crypto Firm Offers $200,000 Bug Bounty to Hacker Who Stole $2m

• Printers Spit Out Egregor Ransom Notes at Cencosud Retail Stores in Latin America

• The North Face Disables Shopper Account Passwords after Credential-Stuffing Attack

• Clothing Brand ‘The North Face’ Hit By Credential Stuffing Attack, Suffers Data Breach

• iFixit’s iPhone 12 Mini Teardown Reveals Apple’s Miniaturized Components

• International Fraud Awareness Week (w/c 16th November) – Expert Commentary

• WEF report that we may need to change our approach to cybersecurity

• DTX Manchester 2020

• Pluto TV suffer a major security breach with users data posted online

• DarkSide placed on restricted list following Iranian hosting announcement

• Pandemic To Redefine Security Landscape Next Year, Researchers Say

• US Offers Reprieve In TikTok Legal Battle

• Google Apologises Over Leaked EU Strategy Document

• Google, Justice Department Clash On Data Protection Order

• Silicon In Focus Podcast: Cornish Lithium

• Facebook Privacy Refresh | Avast

• Lazarus malware strikes South Korean supply chains

• Russian and North Korean Groups Still Targeting #COVID19 Vaccine Firms

• Trojanized Security Software Hits South Korea Users in Supply-Chain Attack

• Privacy Group Files Legal Complaints in Europe Targeting Apple’s Device Identifier Service for Advertisers

• Security Flaw In Smart TVs Grants Hackers Access

• US Mental Health Provider Email Breach; Experts Reaction

• Expert Insight: Info Of 27.7 Million Texas Drivers Exposed In Vertafore Data Breach

• InternetLab’s Report Sets Direction for Telecom Privacy in Brazil

• Your organization doesn’t have time and resources to do research, POCs, evaluations?

• Scammers Expose Facebook Data Haul of 13 Million Records

• Microsoft Warns Of Russia, North Korea Attacks On Vaccine Research

• Security Essential as Electric Vehicles Accelerate

• Targeted Spear-Phishing on the Rise

• New Jupyter information stealer appeared in the threat landscape

• New skimmer attack uses WebSockets to evade detection

• Heartbleed, BlueKeep and other vulnerabilities that didn’t disappear just because we don’t talk about them anymore, (Mon, Nov 16th)

• International infosec rules delivered to make nations and non-state actors behave themselves online

• Healthcare organizations are sitting ducks for attacks and breaches

• How a move to the cloud can improve disaster recovery plans

• Singapore’s pilot data sharing initiative needs to ensure cybersecurity: Minister

• Cyber Attack news headlines trending on Google

• Verizon introduces Mobile Security for Small Businesses

• Blockchain voting risks undetectable nation-scale failures: MIT researchers

• CSIRO and Austrade prescribe digital and R&D to create ‘roaring 2020s’

• This year’s biggest innovators? Hackers and cybercriminals. Again

• Stolen Source Code, Apple Zero-Days, Biden’s Privacy and Cybersecurity Policies

• Managing risk remains a significant challenge

• Researchers break Intel SGX by creating $30 device to control CPU voltage

• ISC Stormcast For Monday, November 16th 2020 https://isc.sans.edu/podcastdetail.html?id=7254, (Mon, Nov 16th)

• Apple Addresses Privacy Concerns Surrounding App Authentication in macOS

• eBook: The security certification healthcare relies on

• Security teams need visibility into the threats targeting remote workers

• Wireless Penetration Testing Checklist – A Detailed Cheat Sheet

• SEC’s Office of Compliance Inspection and Examinations Warns of a Sudden Increase in Credential Stuffing Hack

• 7 Challenges that Stand in the Way of Your Compliance Efforts

• Hackers attacked major Telegram channels via video on Yandex

• McAfee’s open API framework enables orgs to respond faster to threats while reducing cost

• 15 Asia Pacific countries sign world’s largest free trade agreement

• Australia to track Coronavirus encounters with payment card records

• HomePod Mini Begins Arriving to Customers

• Immuta and Starburst help orgs automate data governance, access control, and privacy management

• ENISA: Top 15 Threats: Spam, Phishing, and Malware!

• Making software more than ‘IT thing’

• Apple Silicon M1 Emulating x86 is Still Faster Than Every Other Mac in Single Core Benchmark

• The ENISA Cybersecurity Threat Landscape

• ENISA: Top 15 Threats

• IT Security News Weekly Summary – Week 46

• IT Security News Daily Summary 2020-11-15

• How to address inefficiencies of using multiple cybersecurity systems

• Federal panel sides with VA on union contract

• Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 303’

• DEF CON 28 Safe Mode Voting Village Village – Ben Dubow’s ‘How Influence Warfare Subverts Democracy’

• DEF CON 28 Safe Mode Voting Village Village – Martin Mickos’ ‘See Something, Say Something’

• The Most Common API Vulnerabilities

• Apple Shares New ‘Everyday Experiments’ Shot on iPhone 12 Video

• Code42 Incydr Delivers Evolved Data Protection for Channel Partners

• New Book By Clearwater Founder and Executive Chairman Provides Healthcare Board Members and Executives With Practical Guidance for Overseeing an Enterprise Cyber Risk Management Program

• Tangoe Reveals its 2021 Technology Trends

• AuditBoard Survey: 81% of Audit and Risk Professionals Believe Risk Will Be Unpredictable In 2021

• QuoLab Technologies Announces Partnership with QGroup GmbH

• oledump’s ! Indicator, (Sun, Nov 15th)

• How Politics at Home Shapes Kuwait’s Foreign Policy

• Apple Unveils Security Features in New M1 Chip

• The North Face website suffered a credential stuffing attack

• Security Affairs newsletter Round 289

• macOS Big Sur Update Bricking Some Older MacBook Pro Models

• 7 Simple Tech Tips to Keep Your Family Safe This Holiday

• Chilean-based retail giant Cencosud hit by Egregor Ransomware

• Montana CISO Shares State Security Actions and Priorities

• ShinyHunters hacked Pluto TV service, 3.2M accounts exposed

• Week in review: Cybersecurity workforce gap decreases, new issue of (IN)SECURE

• Who Caused 2018 Power Outages in Russia?

• Cit0day – 226,883,414 breached accounts

• HomePod Mini Begins Shipping to Customers, First Orders Arrive November 16

• Apple Begins Issuing Monthly Credits to Apple TV+ Subscribers Through January

• Reliable Leaker Says Apple Plans to Introduce ‘Christmas Surprise’

• Apple Says Hearing Aid Sound Issues With iPhone 12 Models Will Be Fixed in Future Software Update

• 123RF – 8,661,578 breached accounts

Generated on 2020-11-16 23:55:09.353345

Liked it? Take a second to support IT Security News on Patreon!