IT Security News Daily Summary 2020-12-30

• FBI Warn Hackers are Using Hijacked Home Security Devices for ‘Swatting’

• 15 benefits of outsourcing your cybersecurity operations

• Preparing for GIAC Certified Incident Handler certification

• Review 6 phases of incident response for GCIH exam prep

• Cloud Security Specialization Launched

• Hands-On With the AirPods Max Shield Case From WaterField Designs

• The Sunburst hack was massive and devastating – 5 observations from a cybersecurity expert

• 7 on-the-ground big data strategies for 2021

• Change your macOS power settings to prevent disconnecting from VPN/Wi-Fi when the computer is locked

• CISA demands US govt agencies to update SolarWinds Orion software

• Novel Points: Exploit the Heap Overflow Bug *CTF 2019 oob-v8

• The Joy of Tech® ‘The Evolution Of Internet Prayer’

• DEF CON 28 Safe Mode Saturday – Gal Zror’s ‘Don’t Ruck Us Again: The Exploit Returns’

• Israel, Cyberattacks and International Law

• Treasury Asks Financial Sector to Watch Out for COVID Vaccine Scams, Ransomware

• Pranksters Hijack Smart Devices to Live-Stream Swatting Incidents

• The Endgame for SolarWinds Attack Was Victim Cloud Data

• Italy’s Ho-Mobile database with 2.5m accounts allegedly stolen, sold

• CISA updates SolarWinds guidance, tells US govt agencies to update right away

• DEF CON 28 Safe Mode Saturday – James Pavur’s ‘Whispers Among The Stars’

• Apple and Prepear Negotiating a Settlement Over Disputed Pear Logo Trademark

• EFF’s Work in State Legislatures: Year In Review 2020

• Competitive Compatibility: Year in Review 2020

• Insider threat vs. insider risk: What’s the difference?

• Intel Urged to Take ‘Immediate Action’ Amid Threats From Apple Silicon and AMD

• Apple Removes App Promoting Parties During Pandemic

• AppSec Decoded: Threats to IoT devices and the role of government regulation

• Google Docs bug could have allowed hackers to hijack screenshots

• The most enticing cyberattacks of 2020

• Apple looses mobile security battle against Corellium

• Facial Recognition Blamed For False Arrest And Jail Time

• Hackers using smart home devices to live streaming swatting attacks

• Why stateful machine learning could help cybersecurity efforts

• Cybersecurity challenges in 2021 and how to address them

• Apple Loses In Lawsuit Against U.S. Security Bug Startup

• Bitcoin Surges To Record $28,500, Quadrupling In Value This Year

• A New Year, A New Administration: Doors Open In 2021 For Public-Private Cooperation

• FBI: Pranksters Are Hijacking Smart Devices To Live-Stream Swatting

• New Year’s Deals: Shop the Best Year-End Discounts on Apple Accessories From Twelve South, Mophie, Nomad, and More

• An Abridged History of America’s Terrorism Prevention Programs: Opposition Grows, Supporters Adapt

• 20 World’s Best Free Hacking Books For 2021 – Beginners to Advanced Level

• SolarWinds Hackers Aimed to Access Victim Cloud Assets after deploying the Solorigate Backdoor

• Taking a Neighborhood Watch Approach to Retail Cybersecurity

• Mobile Endpoint Security: Still the Crack in the Enterprise’s Cyber Armor

• SolarWinds Attribution: Are We Getting Ahead of Ourselves?

• Study Finds More Than $100 Billion Spent on App Stores in 2020

• Apple Loses Corellium Lawsuit

• Alibaba Faces Antitrust Probe By Chinese Authorities

• Scalable remote access with VMSS enhances Azure security, while working from home

• Shields Up: How to Tackle Supply Chain Risk Hazards

• FBI: Home Surveillance Devices Hacked to Record Swatting Attacks

• DDoS Attacks Spiked, Became More Complex in 2020

• On-Demand, Always-On or Hybrid? Well, It Depends on the Use Case.

• Cloud-Native Threats in 2020

• How to Prove Your Organization’s Cybersecurity Investment is Paying Off

• Facebook Ads Phishing Campaign Stole Facebook Credentials Of 615K Users

• Appliances Giant Whirlpool Suffered Ransomware Attack

• Intel Urged To Consider Strategic Options

• Someone Is Spying On You | Avast

• U.S. Treasury Warns Financial Institutions of COVID-19 Vaccine-Related Cyberattacks, Scams

• The Most Dangerous People on the Internet in 2020

• On the Evolution of Ransomware

• TLS 1.3 is now supported by about 1 in every 5 HTTPS servers, (Wed, Dec 30th)

• AirPods Max Switching to ANC in Only One Cup? Here’s How to Fix It

• How to block malicious JavaScript files in Windows environments

• Apple Pulls App That Promoted Secret Parties During Ongoing Pandemic

• Using Cybersecurity Analytics to Make a Case for Risk Management

• Apple loses copyright infringement claims against security startup Corellium

• Acceso Remoto Seguro: Por que es importante y por que hay que hacerlo bien

• Lessons from Teaching Cybersecurity: Week 13

• The curse of knowing a bit about IT: ‘Could you just…?’ and ‘No I haven’t changed anything‘

• Privacy is at risk when security fails – especially for surveillance cameras

• Looking for adding new detection technologies in your security products?

• Best of 2020: Was This Huawei’s Failed Attempt at a Linux Backdoor?

• The Advantages and Risks of Serverless Computing

• US Treasury warns of ransomware attacks on COVID-19 vaccine research

• 2021 will overburden already stressed infosec teams

• Russian businesses lose $49 billion to Cyber Attacks

• Ransomware Attack on Whirlpool and the Funke Media Group of Germany

• 21 arrested after allegedly using stolen logins to commit fraud

• The head of Group-IB Mr. Sachkov described the portrait of a typical Russian hacker

• Declaring War Against Cyber Negligence

• Server market revenue reached $22.6 billion in 3Q20

• Microsoft Issued a Fix for Zero-Day Six Months Ago but It Didn’t Work

• ISC Stormcast For Wednesday, December 30th 2020 https://isc.sans.edu/podcastdetail.html?id=7310, (Wed, Dec 30th)

• Time is running out for Federal 100 nominations

• ‘Bullet has left the chamber’: Biden will not likely roll back Trump campaign against China tech

• Deadline extended for Federal 100 nominations!

• Happy 11th Birthday, KrebsOnSecurity!

• Zero-Day Spear Phishing Attack Targeting Covid-19 Pharmaceuticals—Likely Nation-State Threat Actors

• Are Trump’s Pardons a Blessing in Disguise?

• Apple Pay Promo Offers 20% Off Grubhub Purchase of $10 or More

• FBI: Pranksters are hijacking smart devices to live-stream swatting incidents

• How to use IoT authentication and authorization for security

• Golden SAML Revisited: The Solorigate Connection

• IT Security News Daily Summary 2020-12-29

• Lawsuit Claims Flawed Facial Recognition Led to Man’s Wrongful Arrest

• Court Sides With Facebook, Finds That It Did Not Violate User Privacy By Collecting Location Data

• Deepfakes are Literally Security Theater

• SolarWinds hackers aimed at access to victims’ cloud assets

• Congress: Don’t Grant Austin a Waiver, but If You Do, Reform the Process

• Trump’s Circumvention of the Justice Department Clemency Process

• Op-ed: What nobody else will say about the new cybersecurity crisis

• 2020-12-29 (Tuesday) – Quick post: Emotet infection with Trickbot and spambot traffic

• How to identify bloatware, then uninstall it

• How to Build a Better Cyber Intelligence Team

• Apple Loses Copyright Suit Against Security Startup

• Top Five Apple Products of 2020

• Editor’s picks: Top cybersecurity articles of 2020

• Reducing the Risk of Third-Party SaaS Apps to Your Organization

• Spanning Blog: The Best of 2020

• DEF CON 28 Safe Mode Demo Labs – Ajin Abraham’s ‘Mobile App Security Testing With MobSF’

• XKCD ‘First Thing’

• DEF CON 28 Safe Mode Saturday – Peleg Hadar’s And Tomer Bar’s ‘After Stuxnet Printing Still The Stairway To Heaven’

• Apple Loses Copyright Claims in Lawsuit Against Corellium

• Detect SolarWinds Orion breach

• Whirlpool Hit with Nefilm Ransomware Attack

• Facebook Scam Ads Led to Phishing, Stealing Over 600,000 Passwords

• New Magecart Attack Affects Multiple Ecommerce Sites

• Multiple Smart Doorbells Found Vulnerable To Cyber Attacks

• CISA’s Sparrow.ps1 tool detects malicious activity on Azure, Microsoft 365

• 2020 Had Its Share Of Memorable Hacks And Breaches

• The History of Adobe Flash Player: From Multimedia to Malware

• Usenet indexer NZBGeek hacked; database stolen

• Apple Researching Keyboards With Adaptive Displays on Each Key

• AirPods Pro 2 Could Come in Two Sizes

• Section 215 Expired: Year in Review 2020

• Student Privacy and the Fight to Keep Spying Out of Schools: Year in Review 2020

• How to Uninstall WebDiscover Browser

• What is Spoofing and How to Prevent a Spoofing Attack

• Vodafone Ends Shareholder Tussle Over 2013 Kabel Acquisition

• 6 Questions Attackers Ask Before Choosing an Asset to Exploit

• Bike Maker Kawasaki Confirms Security Breach, Says Hackers Used Advanced Tech to Erase Their Tracks

• Lifting the Fog of War Around Cyber Coverage

• Japanese Kawasaki Heavy Industries discloses security breach

• An Abridged History of America’s Terrorism Prevention Programs: Fits and Starts

• SearchDimension search hijackers: An overview of developments

• CafePress to pay $2 million settlement for 2019 Data Breach

• Looking beyond the year from Dell…to a bright future in 2021 with NetApp

• US To Permit Drone Operations Over Homes, Plus Night Flights

• Japanese Aerospace Firm Kawasaki Warns of Data Breach

• India: A Growing Cybersecurity Threat

• Akamai Prolexic and Equinix Cloud Exchange Unite, Bringing DDoS Defense Closer to the Customer Origin

• Want to know what’s in a folder you don’t have a permission to access? Try asking your AV solution…, (Tue, Dec 29th)

• 9 of Top 10 U.S. Smartphone Activations on Christmas Day 2020 Were iPhones

• AAPL Opened at All-Time High, Shares Have Risen Nearly 150% Since Late March

• Self-Healing Mobile Phone Screens Invented By Scientists

• Early Bird Catches the Worm: New Golang Worm Drops XMRig Miner on Servers

• Attivo Offers Limited-Time Software Use to Combat Privilege Escalation & Lateral Movement

• How companies can use automation to secure cloud data

• Kawasaki Says Data Possibly Stolen in Security Breach

• How to safely add custom code to WordPress websites

• Deals: Get the 64GB iPad Air for $559 on Amazon ($40 Off, Lowest Price)

• Trends in IT-Security and IAM in 2021, the “New Normal” and beyond

• Top Webinars of 2020

• Samsung Display Extends LCD Production In South Korea

• 2020 Work-for-Home Shift: What We Learned

• Top 2020 data backup tips target remote protection, cloud

• Security Pros Reflect on 2020

• Mac Attackers Remain Focused Mainly on Adware, Fooling Users

• Ransomware Is Headed Down a Dire Path

• Hotels, Hookups, Video Conferencing: Top 10 Data Breaches of 2020

• The 10 Most Popular Blogs of 2020

• Security Book Review | Avast

• Apple Reportedly in Talks With Mariah Carey to Make ‘Magical Christmas Special’ Follow-Up

• White House Appeals Judge’s TikTok Ruling

• A Google Docs Bug Could Have Allowed Hackers See Your Private Documents

• CISA releases a PowerShell-based tool to detect malicious activity in Azure, Microsoft 365

• Trump Administration Appeals Latest Court Order Blocking TikTok Ban

• How to choose a CRM software for a real estate company?

• What is malvertising? And how to protect against it

• Hacking Christmas Gifts: Remote Control Cars

• CISA Releases Free Azure, Microsoft 365 Malicious Activity Detection Tool

• FAA approves small drones in the U.S. to fly over people and at night

• A Review of Ransomware in 2020

• Developing Like A Pentester – (And How To Reproduce Any Vulnerability)

• Digital Footprint Intelligence Report

• AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users

• Application security testing is not just buzzwords

• SharePoint Online: Everything You Should Know

• Best of 2020: ‘TikTok is Spyware,’ Warns Reddit CEO. ‘We Don’t Care,’ Say Users

• FTC Warns of text-messaging scam claiming to be from UPS, FedEx

• Transitioning from vulnerability management to vulnerability remediation

• Cyber Attack on Email Accounts of Finland Politicians

• Top Ransomware attacks of 2020

• Data security vs data privacy – they’re not the same thing

• Freedom Finance’s customer data got leaked after employee fell for phishing attack

• Organizations further along the digital transformation maturity spectrum have an advantage

• The need for zero trust security a certainty for an uncertain 2021

• CyberArk Announces Free Breach Assessment for SolarWinds Customers

• White Ops Announces Acquisition by Goldman Sachs Merchant Banking, ClearSky Security, and NightDragon

• SentinelOne Recognized for Outstanding Workplace and Leadership

• TrueFort Named One of the Top 25 Cybersecurity Companies of 2020

• 2020-12-28 (Monday) – Quick post: Emotet activity resumes after Christmas break

• ISC Stormcast For Tuesday, December 29th 2020 https://isc.sans.edu/podcastdetail.html?id=7308, (Tue, Dec 29th)

• Brazilians mostly unaware of data protection regulations

• House votes to override Trump’s NDAA veto

• Dedicated Server Security Tips You Must Know to Protect Your Server

• Threat actor is selling a dump allegedly including 2,5M customers of service provider Ho Mobile

Generated on 2020-12-30 23:55:08.611859