IT Security News Daily Summary 2020-11-23

• Azure NetApp Files’ SOC security certification helps customers achieve six secure business goals

• How emerging tech can help the Navy achieve its information superiority vision

• CBP plans broader use of facial recognition

• CIA awards massive cloud contract

• State unemployment agencies can use federal funding to reduce potential fraud

• 3 questions every agency should ask about privileged user access

• GoDaddy Employees Tricked into Compromising Cryptocurrency Sites

• Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending

• Malicious Google Play apps caught masquerading as Minecraft mods

• How to conduct an IoT audit for compliance

• Apple Blasts Facebook For “Disregard Of User Privacy”

• Evidence-Based Trust Gets Black Hat Europe Spotlight

• Cyber News Rundown: REvil Ransomware Strikes

• VMware discloses critical zero-day CVE-2020-4006 in Workspace One

• Misinformation or artifact: A new way to think about machine learning

• Apple’s global security boss accused of bribing cops with 200 free iPads in exchange for concealed gun permits

• Azure Resource Owner Password Credentials Flow

• TA416 APT Rebounds With New PlugX Malware Variant

• 10 tips for building a next-generation SOC

• Chinese APT Group Returns to Target Catholic Church & Diplomatic Groups

• Manchester United Suffers Cyberattack

• Speaking at Conferences, 2020 edition

• DHS veteran Mayorkas tapped to lead agency under Biden administration

• FBI Issues Warning of Hackers Spoofing Its Internet Domain

• VMware Releases Workarounds for CVE-2020-4006

• Congress Passes IoT Security Act, but is it Toothless?

• Palo Alto Networks Surfaces AWS API Vulnerabilities

• “Vote Joe’ Website Defaced by Turkish Hackers

• What Are Different Strategies for Security Testing?

• Spotify Users Hit with Rash of Account Takeovers

• TikTok Awards Nearly $4,000 for Account Takeover Vulnerabilities

• US Police Make Arrest in $1m Airplane Scam

• Sumo Logic Finds Attack Surface Expanding

• Computer Security and Data Privacy, the perfect alliance

• Apple Shutting Down App Store Connect From December 23 to December 27

• Apple Extends Deadline Requiring Apps Offering Virtual Group Events to Use In-App Purchases

• Anker’s Black Friday Sale Begins With Many Discounts on Portable Batteries, USB-C Accessories, and More

• Seven Debunked Myths of Cybersecurity

• Brazilian government recovers from “worst-ever” cyberattack

• Tesla Model X hacked and stolen in minutes using new key fob hack

• Manchester United: IT Systems Disrupted in Cyberattack

• Louisiana Hospitals Report Data Breach

• Vulnerability Summary for the Week of November 16, 2020

• DEF CON 28 Safe Mode Voting Village Village -Steve Newell’s ‘Leveraging Electronic Balloting Options In COVID’

• Researchers show how to steal a Tesla Model X in a few minutes

• IoT security: how Microsoft protects Azure Datacenters

• How Can Someone Can Hack Your Phone Without Touching It?

• A Step-by-Step Guide to Help You Manage Your Employees

• Imminent Threat for US Hospitals and Clinics, RYUK Ransomware Alert (AA20-302A)

• Facebook Messenger Bug Could Allow Spying On Users Via Audio

• Football Club Manchester United Confirms Cyber Attack

• Joe Biden Campaign Subdomain Down After Hacktivist Defacement

• Two Romanians Arrested for Running Malware Encryption Services

• Anonymous Hacks Uganda Police Website

• Axis Security Chosen 2020 Red Herring Top 100 North America Winner

• Cyber is as Much Psychology as it is Technology

• Black Friday Spotlight: Target Begins Week-Long Sale With Deals on iPhone 12, Powerbeats Pro, and More

• iPad Pro Said to Adopt OLED Displays in Late 2021 Following Mini-LED Model in Early 2021

• Experts Insight On Android Users Could Spy On Others Using Facebook Messenger

• Multilingual Cybersecurity Awareness Training adapted for your needs

• Apple iCloud leaks photos of British Athletes without clothes

• Tech Resume Library: 21 downloadable templates for IT pros

• Instagram Privacy Refresh | Avast

• Malware creates scam online stores on top of hacked WordPress sites

• Penetration testing isn’t enough, you need to activate full offensive operations

• New ‘LidarPhone’ Attack Uses Robot Vacuum Cleaners for Eavesdropping

• Attack on Vendor Affects Website of Arizona Court System

• Choosing the Right Threat Intelligence Mix

• 3 Steps CISOs Can Take to Convey Strategy for Budget Presentations

• TikTok fixed security issues that could have led one-click account takeover

• Waze Integration With CarPlay Dashboard in Beta Testing

• India and China Border Briefer: The Shadow of Article 370’s Revocation

• Lock and Code S1Ep20: Tracking the charities that track you online with Chris Boyd

• Remote work and how 2020 changed our lives for good

• BrandPost: Fortinet Connects Military Spouses with Meaningful Careers in Tech

• Shadow IT: Addressing the Risks in Remote Work Environments

• GoDaddy staff fall prey to social engineering scam in cryptocurrency exchange attack wave

• Researchers Show Tesla Model X Can Be Stolen in Minutes

• Naked Security Live – Beat the Threat!

• A Fifth of Consumers Affected by Identity Fraud in 2020

• How Retailers Can Fight Fraud and Abuse This Holiday Season

• Digital Shadows Launches Sensitive Document Alerts With Added Context

• Smart Doorbells Are Easy Targets For Hackers

• TikTok Patches XSS And Account Takeover Exploit

• GitHub Fixes High Severity Security Flaw Spotted By Google

• Attackers Dupe GoDaddy Staff Into Helping Them Take Down Cryptocurrency Services

• Sonos Discounting Speakers, Sound Bars, and More for Black Friday (Up to $200 Off)

• Expert Insights: Faith App Pray.com Exposes Millions Through Cloud Misconfiguration

• CEO Reacted On Europol Reveals That Criminals Are Using Ai For Malicious Purposes, And Not Just For Deep Fakes

• Latest Microsoft MFA Advice Is Not Enough To Protect Organisations

• 8 Resolutions For A More Secure And Rewarding New Year

• Experts Reaction On Verizon Cyber-Espionage Report

• Why Data Recovery Services Are Still In Demand Nowadays

• Windows 10X – What Should You Know About It?

• 7 Ways to Improve Your Web Application Security Against Cybercrime in 2020

• Make the Most of Social Gaming in This Pandemic with Trivia Board Games

• BrandPost: Examining the Top Cyberthreats Plaguing the Pharmaceutical Industry

• Black Friday security tips: Beware of websites that want too much info

• Canada PM Refuses to Commit to Huawei 5G Decision Timetable

• #COVID19 Drives Massive Multi-Cloud Adoption

• 11 Smart Video Doorbells Could Let Hackers Into Your Home

• Experts Reacted On MPs Hit With Nearly 3 Million Malicious Emails Every Month

• Private pictures of female British athletes posted online after cyberattacks

• Korean Retailer suffers Ransomware attack

• Manchester United suffer cyberattack

• FEITIAN + Duo Integration Supports the Broadest Range of MFA Options

• Cisco Webex Vulnerabilities Could Expose Meetings To Ghost Users

• VoltPillager Attack Can Manipulate Intel CPUs’ Secure SGX Enclaves

• Android App GO SMS Pro Exposed Users’ Private Messages Publicly

• The Link Between Text Messaging and Effective Hacking

• Will Privacy Kill the Open Web?

• Online scams: How Safe Are the Websites You Visit?

• Be Prepared for Increased DDoS Attacks Ahead of Black Friday

• TikTok patches reflected XSS bug, one-click account takeover exploit

• Subdomain of Official Joe Biden Campaign Website Defaced by Turkish Hacker

• Manchester United Calls in Experts to Investigate Targeted Cyber-Attack on Its Systems

• 10 Undergraduate Security Degree Programs to Explore

• This Bluetooth Attack Can Steal a Tesla Model X in Minutes

• VMware fixed SD-WAN flaws that could allow hackers to target enterprise networks

• More on the Security of the 2020 US Election

• iPhone Assembler Pegatron Reportedly Readies $150m Investment in India

• US Air Force deploys robot security dogs to guard base but doesn’t go full Terminator

• Do you have a security tools gap?

• Top COVID-19 security statistics

• GitHub fixes ‘high severity’ security flaw spotted by Google

• NCSC Issues Warning About Expected #BlackFriday Scams

• Google Rolls Out End-to-End Encryption for Android Messages

• How Scanners Find Vulnerabilities

• Microsoft & Google Impersonation Attacks Are on the Rise – How to Stay Safe

• Biden’s top tech adviser makes regulation more likely

• FCW Insider: Nov. 23

• Quick Hits

• MPs Bombarded by Nearly Three Million Monthly Email Attacks

• Apple Offering Up to $150 Gift Card With Select Products on Black Friday Through Cyber Monday

• No Xmas office party? Missing infosec pals and colleagues? Want to listen to DJs who also happen to be cyber warriors?

• Panda Security teams up with Peter Andre to promote child safety online

• Hackers Target Manchester United: Club

• Ransomware Suspected in Man United Attack

• FBI issued an alert on Ragnar Locker ransomware activity

• Quick Tip: Cobalt Strike Beacon Analysis, (Mon, Nov 23rd)

• Twitter Bug Lets Fleets Be Viewed and Downloaded Long After Expiration

• Drupal-based sites open to attack via double extension files (CVE-2020-13671)

• IoT Unravelled Part 1: It’s a Mess… But Then There’s Home Assistant

• Why Replace Traditional Web Application Firewall (WAF) With New Age WAF?

• New Study Says Cyber Security Technology Isn’t as Effective As It Should Be

• Now’s the Time to Revisit WFH Cybersecurity

• Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware

• Safari Translation Feature Reportedly Working in Additional Countries

• Want to certify your security software with an internationally recognized testing organization?

• Four easy steps for organizations to hand over data control

• Head thumping, heart racing? Here’s how not to panic when you’re under cyber attack

• Cyber Attack on Football Club Manchester United

• CISA Director Chris Krebs Fired, Common Sense and Section 230

• Even the world’s freest countries aren’t safe from internet censorship

• Companies rely on crowdsourced security to boost security efforts

• Google Cloud adds new Network Security features

• OAIC has fielded zero complaints and received no reported COVIDSafe breaches

• From Alan Turing to Future Artificial Intelligences – Reading Security Signals

• Apple-Notarized Malware: What It Is and How It Affects Mac Users

• What is the future of working professional education?

• Organizations plan to use AI and ML to tackle unknown attacks faster

• Learning The [Defence] Ropes 101 – Splunk Setup & Config

• Facebook Messenger Bug Let Android Users Spy On Each Other

• Monash University and The Alfred to develop AI-based superbug detection system

• eBook: Secure Software Development

• ISC Stormcast For Monday, November 23rd 2020 https://isc.sans.edu/podcastdetail.html?id=7264, (Mon, Nov 23rd)

• CynergisTek API Sentry: Helping healthcare organizations manage API-related risks

• Election Cyber Threats in the Asia-Pacific Region

• The State Laws Governing Trump’s Power Grab in Michigan

• ScaleMP improves infrastructure efficiency and reduces TCO for Cloud and Data Center customers

• Experian acquires Tapad to enhance digital offerings for advertisers, agencies and publishers

• Accenture acquires Arca to help clients unlock the full potential of 5G

• Living with COVID-19 creates a privacy dilemma for us all

• Quick Tip: Extracting all VBA Code from a Maldoc – JSON Format, (Sun, Nov 22nd)

• Black Friday Week Kicks Off With Up to $150 Savings on 2020 iPad Pro

• Apple Provides Instructions to Fix macOS Reinstallation Errors on M1 Macs

• (ISC)² appoints Lisa Young to its Board of Directors

• ICANN Can Stand Against Censorship (And Avoid Another .ORG Debacle) by Keeping Content Regulation and Other Dangerous Policies Out of Its Registry Contracts

• IT Security News Weekly Summary – Week 47

• IT Security News Daily Summary 2020-11-22

• DEF CON 28 Safe Mode Voting Village Village -Jody Westby’s ‘Policy Approach To Resolving Cybersecurity Problems’

• DEF CON 28 Safe Mode Voting Village Village – Stark Xie’s ‘Testing Can’t Tell If Ballot Devices Alter Elections’

• Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 304’

• Threat actor shared a list of 49,577 IPs vulnerable Fortinet VPNs

• Rumor Claims iOS 15 to Drop Support for iPhone 6s and Original iPhone SE

• No Shortcuts to Negotiating With al-Shabaab

• A biochemical random number

• Manchester United Hit By a Cyber Attack on their Systems

• WhatsApp’s ‘disappearing messages’ now available for Indian users; here’s how you can enable disappearing messages on your WhatsApp

• Google Is Testing End-to-End Encryption in Android Messages

• Hundreds of female sports stars and celebrities have their naked photos and videos leaked online

• NIST Updates Control Baselines, Integrates Privacy

• Securing Beats at Scale

• Security Affairs newsletter Round 290

• Romanians arrested for running underground malware services

• A cyberattack crippled the IT infrastructure of the City of Saint John

• Universal Electronics Offers Alternative Apple TV Remote to Cable Companies

• iFixit Shares iPhone 12 Pro Max Teardown Revealing L-Shaped Battery and Bigger Camera Module

• Week in review: Kali Linux 2020.4, AWS Network Firewall, speeding up malware analysis

Generated on 2020-11-23 23:55:07.289053