IT Security News Daily Summary 2021-01-06

• It’s Not the Trump Sex Tape, It’s a RAT

• post-quantum cryptography

• WhatsApp will share your data with Facebook and its companies

• Apple Launches Annual ‘Back to University’ Promo in Australia, New Zealand, South Korea and Brazil

• Apple Releases Safari Technology Preview 118 With Bug Fixes and Performance Improvements

• United States Congress stormed by armed supporters of defeated president, Biden win confirmation halted

• Feds Issue Recommendations for Maritime Cybersecurity

• ‘Earth Wendigo’ Hackers Exfiltrate Emails Through JavaScript Backdoor

• The SolarWinds attacks: What we know so far

• Friction Affliction: How to Balance Security With User Experience

• DoJ’s Microsoft 365 Email Accounts Compromised in SolarWinds Attacks

• US Capitol Breached By MAGA Idiots With Guns

• SolarWinds fallout: DOJ says hackers accessed its Microsoft O365 email server

• Linux: How to create a new user with admin privileges

• Integrating Fraud Data Into Your Workflow

• Justice Department Says It’s Been Affected by Russian Hack

• Poor Software Quality Costs US $2.08tn

• DEF CON 28 Safe Mode Sunday – Ismail Melih Tas’ And Kubilay Ahmet Kucuk’s ‘Practical VoIPUC Hacking Using Mr SIP’

• Software Supply Chain Attacks: From Formjacking to Third Party Code Changes

• Customer Story | Oregon Youth Corrections Education Program Enables Connected Classrooms in Google for Education

• Next Low-Cost iPad Said to Feature Thinner, Lighter Design

• ElectroRAT Drains Crypto Wallets

• British Airways Plans £3bn Breach Settlement

• Google fixed a critical Remote Code Execution flaw in Android

• Intel Aiming to Bring Face ID-Like Authentication to ATMs, Gates, Door Locks, and More With ‘RealSense ID’

• Physicists observe competition between magnetic orders

• SolarWinds hackers accessed DOJ emails but there’s no indication they reached classified systems

• First New Enterprise Ransomware of 2021 Arrives

• New Phishing Campaign Delivering QRAT

• WhatsApp wants you to accept its new terms or call it quits

• In final days, Trump cracks down on Chinese apps

• Are security and connectivity on your 2021 to do list, yes? Here’s what to do first

• US government fingers Russia for SolarWinds-based cyberattack

• Researchers Warn of New Ransomware Targeting Enterprise Networks

• Zyxel hardcoded admin password found – patch now!

• US Intelligence Task Force Accuses Russia Of Cyber Attack

• Telecommunication Security Use Cases

• Apple Reportedly Reached Agreement to Support Paris Metro Navigo Cards in Wallet

• Review: Jackery’s Explorer 500 Portable Power Station is Useful for Power Outages, Emergencies and Camping

• Samsung’s 2021 Q7 TVs Offer ‘Smart Trainer’ Option That Analyzes Posture in Real Time During Workouts

• Russia Behind SolarWinds Hack – US Intelligence

• Intel launches RealSense ID for on-device facial recognition

• Nissan source code leaked online after Git repo misconfiguration

• Cybercriminals Ramp Up Exploits Against Serious Zyxel Flaw

• Dragos Hires Former PepsiCo Deputy CISO Steve Applegate

• 10 cybersecurity best practices and tips for businesses

• Privacy breaches: Using Microsoft 365 Advanced Audit and Advanced eDiscovery to minimize impact

• Ethical hackers training for Tokyo 2020 Olympics and Paralympic Games

• YouTube Reinstates TalkRadio Channel After Ban Decision

• Proactive Hunting with Intezer

• This new phishing attack uses an odd lure to deliver Windows trojan malware

• Feds Pinpoint Russia as ‘Likely’ Culprit Behind SolarWinds Attack

• SoftMaker Office Vulnerabilities Allow Code Execution via Malicious Documents

• The human firewall’s role in a cybersecurity strategy

• Juspay, the Payment Platform of Leading Online Merchants Amazon and Swiggy Suffers Data Breach

• How to Protect Your Organization’s Digital Footprint

• A Cyber Risk Mentality Shift in the Midst of a Pandemic

• Fake Trump sex video used to spread QNode RAT

• Telegram Triangulation Pinpoints Users’ Exact Locations

• SMS Phishing Is Getting Out Of Control

• US Intelligence Task Force Accuses Russia Of Cyber-Hack

• Ho Mobile To Replace SIM Cards After Massive Data Breach

• Apple Glasses Reportedly Progressing Towards Engineering Verification Stage With Focus on Battery Life and Weight

• Sonnet Announces New eGPU Docks With AMD Radeon RX 5000 Series GPUs and Support for Pro Display XDR

• Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat

• What should you do with an old Android smartphone? And how old is too old?

• U.S. Government Announces ‘Hack the Army 3.0’ Bug Bounty Program

• Secure Chorus Transfers Ownership of Encrypted Messaging App Standards to ETSI

• Vodafone Subsidiary Issues Replacement SIMs for 2.5 Million Customers Amid Major Data Breach

• Ticketmaster Pays Up for Hacking a Rival Company

• A Deep Dive into Lokibot Infection Chain

• What is the cost of poor software quality in the U.S.?

• Scans for Zyxel Backdoors are Commencing., (Wed, Jan 6th)

• Apple Highlights Services in 2020 as App Store Sets Single-Day Spending Record on New Year’s Day

• 14-Inch and 16-Inch MacBook Pro Models Expected to Boost Apple Silicon’s Market Share in Second Half of 2021

• Deals: Get Up to $150 Off iPad Pro and Up to $50 Off iPad Air in New Sales

• The DCH Ransomware Attack: A Teachable Moment in Cyber-History

• Julian Assange Denied Bail, Despite Extradition Halt

• NCSC Releases Consumer Guide for Purchasing or Selling Second-Hand Devices

• Russian experts give tips on how to prevent personal data leakage

• Hackers Using Fake Trump’s Scandal Video to Spread QNode Malware

• Security Outcomes Report: Top Findings from Around the World

• Nucleus Cyber Announces Close of Acquisition by archTIS

• Mandatory WhatsApp Privacy Policy Update Allows User Data to be Shared With Facebook

• Common Vulnerabilities Associated With Remote Access

• President Trump Blacklists Eight Chinese Apps

• Cloud Security vs. Network Security: What’s the Difference?

• Class Action Lawsuit Filed Against SolarWinds Over Hack

• BlueVoyant Enters Strategic Partnership with Third Party Risk Management Consultancy

• India the Internet Blackout Capital of the World

• 6 Open Source Tools for Your Security Team

• Activists Publish a Vast Trove of Ransomware Victims’ Data

• Manage IT on the go with our incredibly effective mobile apps

• Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

• Microsoft Edge History and Tab Sync Features Start Rolling Out

• Cybersecurity Expert Reacted On Banking Trade Body Calls For Increased Contactless Payment Limit

• Russia possibly behind government agency hacks

• New phishing scam impersonates government officials

• Tokyo Olympics train ethical hackers to protect against cyber-attacks

• Google CAPTCHA broken by speech-to-text AI

• unCAPTCHA3 evades Google Audio reCAPTCHA with Speech-to-Text API

• How to prepare for and respond to a SolarWinds-type attack

• SolarWinds hack is a wakeup call for taking cybersecurity action

• Google To Add Privacy Labels To Its iOS App Portfolio

• FBI, CISA, ODNI, and NSA Says Russian Threat Actors Behind SolarWinds Hack

• FCW Insider: Jan. 6

• Cyber criminals are taking aim at online gaming for their next big pay day

• Most Public Sector Victims Refuse to Pay Ransomware Gangs

• Dark Web User Numbers Spiked During #COVID19 Lockdown

• Trump Administration Prohibits Use of Eight Chinese Apps

• NameSouth’s Data Leaked for not Paying Ransom to Cybercriminals

• CKS Certification Study Guide: Minimize Microservice Vulnerabilities

• The Significance of Q in Communications

• Backdoor in Zyxel Firewalls and Gateways

• ‘Minecraft Earth’ Mobile AR Game to Shut Down Later This Year

• iPhone 13 Pro Models to Use Samsung LTPO Technology for 120Hz Display

• A Connection Between Carers And Patients, Requires Connected Technologies

• Expert On US intel Agencies Blame Russia For Massive SolarWinds Hack

• CISA Cites Likely Russian Solar Winds Involvement – Expert Perspective

• Zero Trust Against Nation-State Attacks: Expert Explains What It Is Vital

• Cloud security provider iboss raises $145 million

• Adobe Flash Player reaches end-of-life

• Singapore Admits Police Can Access Contact-Tracing Data

• US: Fewer Than 10 Govt Agencies Hit by SolarWinds Attack

• Trump Signs Executive Order to Ban US Transactions With WeChat Pay and 7 Other Chinese Apps

• WhatsApp Will Delete Your Account If You Don’t Agree Sharing Data With Facebook

• Today Marks the 10th Anniversary of the Mac App Store

• Looking for adding new detection technologies in your security products?

• FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack

• How to Choose the Right SOC 2 Auditor

• Security Analysis: The Rise of Cybercrime Underworld and Hacking Groups

• A Quick Look Into Cloud Access Security Brokers (CASB)

• A Quick Look Into Cloud Workload Protection Platforms (CWPP)

• Why you should make cyber risk a business gain, not a loss

• Cyber Attacks on healthcare sector increased by 45% across the globe

• China APT27 hacking group starts Ransomware campaign

• Stolen employee credentials put leading gaming firms at risk

• The 5G toolbox of defense

• ‘Tis the season for session hijacking – Here’s how to stop it

• ‘Twas the night before InfoSec

• Keeping Your Garage Secure Using a Raspberry Pi

• NIST SP 800-128 – Because Patching May Never Fix Your Hidden Flaws

• Video surveillance trends that will shape 2021

• 60% of companies’ IT modernization programs not ready for the future

• Trump administration bans eight Chinese apps

• Trump Widens US Ban on Chinese Apps as His Term Nears End

• ISC Stormcast For Wednesday, January 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7316, (Wed, Jan 6th)

• Ninth Circuit Says President Trump Can Ban Immigrants Without “Approved” Health Insurance

• Exium launches Secure 5G NaaS powered by a zero-trust Intelligent Cybersecurity Mesh

• ElectroRat crypto-stealing malware hits MacOS, Windows, Linux devices

• Alipay among eight Chinese apps banned in latest Trump executive order

• Caveonix raises $7.3M to continue innovation, market expansion and strategic partnership development

• CommScope releases NVG578LX 2.5G GPON Wi-Fi 6 residential gateway

• Oakland Privacy and the People of Vallejo Prevail in the Fight For Surveillance Accountability

• Has Cyber Risk Increased Due to the Rapid Rise in Telehealth Use?

• SolarWinds Breach is the Rule, Not an Exception

• Google Planning to Update iOS Apps With Privacy Labels Soon

• MTI promotes Mary Jesse to Chief Executive Officer

• Vertiv appoints Stephanie Gill as Chief Legal Counsel and Corporate Secretary

• VPN usage is increasing, says December 2020 survey

• FBI, CISA, ODNI and NSA blames Russia for SolarWinds hack

• Apple to Announce Q1 2021 Earnings on January 27

• Comparison: M1 MacBook Pro vs. Razer Book 13

• Angira Agrawal joins Skylo as COO

• Ah, right on time: Hacker-slammed SolarWinds sued by angry shareholders

• Reshaping Cyberspace: Beyond the Emerging Online Mercenaries and the Aftermath of SolarWinds

• What Are the Connected Assets of Confirmed Fake FBI Domains?

• FedRAMP authorization bill passes House

• RCE ‘Bug’ Found and Disputed in Popular PHP Scripting Framework

• U.S. Releases Cybersecurity Plan for Maritime Sector

• US: Hack of Federal Agencies ‘Likely Russian in Origin’

• China’s APT Groups May Be Looking to Cash In

• Dark Web Forum Activity Surged 44% in Early COVID Months

• NSA Releases Guidance on Eliminating Obsolete TLS Protocol Configurations

• Apple CEO Tim Cook Earned $14.8 Million in 2020, Not Counting Stock Awards

• U.S. feds say Russians likely behind SolarWinds hack that breached government networks

• IT Security News Daily Summary 2021-01-05

• The U.S. Department of Homeland Security tested technology that can recognize masked faces

• Delivering on the DOD Data Strategy with DataOps

• White House task force says Russia likely to blame for SolarWinds hack

• House passes FedRAMP bill

• More visible data helps drive DOD decision-making

• Harnessing the power of machine learning for improved decision-making

• Rip and replace no more

• Broadband access moves up government’s priority list

• US government formally blames Russia for SolarWinds hack

• Cyberattacks on Healthcare Spike 45% Since November

• CIA’s New Recruitment Website Aims to Diversify Spy Agency

• Study: Facebook Messenger Collects A Stunning Amount Of Your Information

• FBI, CISA, NSA & ODNI Cite Russia in Joint Statement on ‘Serious’ SolarWinds Attacks

• SolarWinds Hit With Class-Action Lawsuit Following Orion Breach

• New ElectroRAT employed in a wide-ranging operation targeting cryptocurrency users

• Verizon Again Delays Plans to Shut Down 3G Network

• Apple’s Annual Shareholders Meeting to Take Place Virtually on February 23

• Lawfare Live: Lessons from the 2020 Election With Nate Persily and Charles Stewart

• Counting Ballots and Stealing Elections

• COVID-19 and Surveillance Tech: Year in Review 2020

• Blackberry Cylance’s consumer antivirus product won’t work with macOS Big Sur until end of January

• Implementing One-Time Passwords in Crystal

• PCI DSS: SSL Certificate Management Requirements | Keyfactor

• Iboss raises $145 million as pandemic and WFH push security to the cloud

• COVID, black swans and gray rhinos

• Google Warns of Critical Android Remote Code Execution Bug

• Telegram Triangulation Pinpoints Users’ Exact Locations

• Crypto-Hijacking Campaign Leverages New Golang RAT

• UK Jails Cyber-Voyeur

• Financial Data Security: Deep Dive on SOC Reports

• Summing Up 2020 for Security Operations Pros, Siemplify … and Everyone: A Year Like No Other

• iPhone 12 Mini Sales Lackluster Compared to Other Models

• NTFS Remote Code Execution (CVE-2020-17096) Analysis

• Top 5 Home Apps for a Seamless Home Experience

• 6 Tips On Preventing IT Failures

• Why Cloud Engineers Matter For The Success Of Your Website

• How To Assess Your Business IT Structure

• Singapore police had used COVID-19 contact tracing data in murder probe

• Why you should use SCP to securely transfer files

• Cybercriminals use psychology–cybersecurity pros should, too

• SASE Provider iboss Banks $145 Million Equity Funding

• Hamas May Be Threat to 8chan, QAnon Online

• FBI Warns of Swatting Attacks

• iboss Raises $145m in Funding

• DEF CON 28 Safe Mode Sunday – Christopher Wade’s ‘Beyond Root’

• Citrix Adds NetScaler ADC Setting to Block Recent DDoS Attacks

• Data from 10,000 American Express Cardholders Shared for Free on Criminal Forum

• Backdoor Account Discovered in Zyxel Networking Devices

• 10 of the biggest cyber attacks of 2020

• One month after ransomware attack, Metro Vancouver’s transit system still not up to speed

• DEF CON 28 Safe Mode Sunday – Ayoub Elaassal’s ‘Only Takes A Spark: Popping A Shell On 1000 Nodes’

• XKCD ‘Depth And Breadth’

• Review: Belkin’s 3-in-1 Boost Charge Pro Offers Hassle-Free 15W MagSafe Charging for iPhone 12

• Cybersecurity stocks in focus as businesses face breaches

• How to Make Personalized Marketing Effective With Consumer Identity Programs

• Italian mobile operator offers to replace SIM cards after massive data breach

• How to enable biometric login with Bitwarden

• Data Security Providers Netwrix and Stealthbits Merge

• SolarWinds Attack Update: Russian Hackers Breached 250 US Agencies and Top Companies

• Google Hasn’t Updated Its iOS Apps Since the Day Before Apple’s New Privacy Labels Requirement

• Tile Plans to Introduce Item Trackers With Ultra Wideband Support

• Court Upholds Legal Challenge Under California Statewide Stingray Law

• Bug? No, Telegram exposing its users’ precise location is a feature working as ‘expected’

• YouTube Axes TalkRadio Channel

• SolarWinds supply chain attack affected 250 organizations

• Citrix Releases Updates to Prevent DDoS Attacks Abusing Its Appliances

• Increase Security Policy Accuracy with IPAM Integration

• Netfox Detective: An Alternative Open-Source Packet Analysis Tool , (Tue, Jan 5th)

• Apple Researching Wireless Charging Ecosystem for MacBook, iPad, iPhone, and Apple Watch

• Expert Advise On Expiring Android Versions Leave Individuals Open To Cyber Threats

• 2020 Ends With A Bang

• The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 1

• VPN usage is increasing, says survey

• Amey London hit by a ransomware attack

• Will the real legacy storage vendor please stand up?

• Slack Starts 2021 With Outage

• Most Reliable Hosting Company Sites in December 2020

• CISA updates on SolarWinds compromise

• Hackers target cryptocurrency users with new ElectroRAT malware

• Major Gaming Companies Hit with Ransomware Linked to APT27

• Google Releases January 2021 Security Updates for Android

• 10 must-have cybersecurity skills for career success

• Chrome browser has a New Year’s resolution: HTTPS by default

• Finnish Parliament Was Targeted in Cyberattack in 2020

• Warning: Cross-Platform ElectroRAT Malware Targeting Cryptocurrency Users

• Keeping Emissions in Check During Unprecedented Internet Use

• Securing the Software Supply Chain Goes Beyond Application Development

• Data From August Breach Of Amazon Partner Juspay Dumped Online

• Criminals Are Going To Great Lengths To Steal Bitcoin

• SolarWinds, Top Executives Hit With Class Action Lawsuit Over Orion Software Breach

• Malware Uses WiFi BSSID For Victim Identification

• Apple Reportedly Moving Into ‘Second Phase’ of AR Glasses Development

• Operation ElectroRAT: Attacker Creates Fake Companies to Drain Your Crypto Wallets

• Facebook’s foolish attack on Apple

• ElectroRAT Drains Cryptocurrency Wallet Funds of Thousands

• Hackers Exploiting Recently Disclosed Zyxel Vulnerability

• Ericom Appoints First Ever Chief Strategy Officer

• “Not Amazon” Canadian Website Takes on the Online Giant

• What You Need to Know About California’s New Privacy Rules

• Healthcare organizations faced a 45% increase in attacks since November

• Security Intelligence Handbook Chapter 6: How to Prioritize Patching with Vulnerability Intelligence

• Apple Names Former Newspaper Editor Monica Lozano to Board of Directors

• Ticketmaster Admits To Hacking Rival Company

• Alibaba’s Founder Jack Ma Absence Triggers Concern

• Facebook bug exposed identity of page admin using group doc feature

• Buying a second-hand laptop? Here’s how to stop a bargain becoming a security disaster

• How to lock down your Microsoft account and keep it safe from outside attackers

• Data from August Breach of Amazon Partner Juspay Dumped Online

• Massive Data Dump of 10 Crore Indian Card Holders Leaked on Dark Web

• Introducing: Cisco’s Innovated Transparency Report

• Jump-Start the Cyber Insurance Market to Drive Better OT Security

• Deals: Save Up to $120 on Apple’s 2020 iMac Lineup With Amazon’s Latest Sales

• Microsoft to Replace Outlook for Mac With New Universal Client

• Google Staff Form Company’s First Ever Trade Union

• Print Your Own: The State of 3D Printing

• As coronavirus cases surge, so do cyberattacks against the healthcare sector

• US-Built Center in Cyprus to Offer Region Security Training

• Ransomware Surge Drives 45% Increase in Healthcare Cyber-Attacks

• Top VPN Provider Zyxel Hacked, Here’s a Quick Look into the Security Incident

• Latest on the SVR’s SolarWinds Hack

• Experts Reacted On Payment Processor Juspay Leaks 100 Mil+ Cardholders’ Data

• GDPR Fines Exceeded €170 Million in 2020

• Chinese APT Group Linked to Ransomware Attacks

• Cyberattacks Against K-12 Schools Expected to Rise in 2021, FBI Warns

• PayPal Phishing Scam 2021, Here’s How to Stay Guarded

• Healthcare Industry Witnessed 45% Spike in Cyber Attacks Since Nov 20

• How to Avoid the Phishing Bait in 2021?

• Over 500,000 credentials for tens of gaming firm available in the Dark Web

• App Store Spending Reached $72 Billion in 2020, Says Sensor Tower

• Scotland waves £15m for low-code partner to help with social security overhaul as technical debt mounts

• Egregor ransomware group explained: And how to defend against it

• Julian Assange Extradition To US Denied By UK Judge

• Top 2020 Cybersecurity Lessons for Cryptocurrency

• Attacks targeting healthcare organizations spike globally as COVID-19 cases rise again

• FCW Insider: Jan. 5

• HelpSystems Acquires FileCatalyst to Boost Data Transfer Portfolio

• Google Speech-to-Text API Can Help Attackers Easily Bypass Google reCAPTCHA

• New Lockdown Measures Close All Remaining Apple Stores in the UK

• NYSE U-Turn Means Chinese Telcos Escape Delisting

• How to bypass the Google Audio reCAPTCHA with a new version of unCaptcha2 attack

• 1 Mil Gamers’ Acctounts Compromised By Major Gaming Firms – Expert Perspectives

• Are US And Russia Engaged In Cyber Conflict Or Cyber War? Expert Comments

• Cyber-attacks On Hospitals Spike By 45% Worldwide

• New Phishing Campaign Targets PayPal Users

• How DNS Attack Dynamics Evolved During the Pandemic

• The Top Cybersecurity Certifications in 2021

• Application security testing is not just buzzwords

• Most Advanced CrowdSec IPS v.1.0.x is out: how-to guide

• Think you’re hot stuff when it comes to infosec? Prove it

• Check Point: What to expect from hackers in 2021

• Weak Zero Trust Exposes Enterprises to More Cyber Threats

• The fight to stymie adversarial machine learning is on

• Google Union might put off Pentagon AI Project permanently

• Cyber Attack on Apex Laboratory n ransomware suspected

• PayPal users targeted in new SMS phishing campaign

• Ransomware Attacks Linked to Chinese Cyberspies

• 2021 key risk areas beyond the pandemic

• Review: Code42 Incydr – SaaS data risk detection and response

• Chinese telcos spared delisting as NYSE backtracks on decision

• Everything You Need to Know About CI/CD and Security

• Fighting Cybercrime: We Are Stronger Together than We Are Individually

• Ransomware Gang Collects Data from Blood Testing Lab

• Top five technology trends for the year ahead

• Users can be manipulated to share private information online

• Tech Resume Library: 23 downloadable templates for IT pros

• FBI warns of Swatting Attacks Targeting smart home devices with voice and video Capabilities

• Singapore changes the rules and will now use COVID-19 contact-tracing app data in criminal cases

• ISC Stormcast For Tuesday, January 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7314, (Tue, Jan 5th)

• AutoHotkey-Based Credential Stealer Targets US, Canadian Bank Customers

• EFF to FinCEN: Stop Pushing For More Financial Surveillance

• UK court rejects US extradition of Assange

• Innovation During a Crisis: A story of PIE and Ice Cream

• ePlus acquires System Management and Planning to broaden its technology solution offerings

• Happy New Year: Jan 1, 2021 security cert expiration causes havoc for some Check Point VPN users

• Experts linked ransomware attacks to China-linked APT27

• Substack’s Curious Views on Content Moderation

• Richard Sands joins Cyble as General Manager for the North America region

• Thoma Bravo invests in Venafi to deliver machine identity protection to an expanded customer base

• Happy New Year: Cert expiration causes havoc for Check Point VPN customers

• Microsoft Source Code Exposed: What We Know & What It Means

• Bringing R to Swift on macOS

• 5 Cybersecurity Protocols That Matter

• Expert Advise On PayPal Smishing Campaign

• Banner Bank appoints Janet Brown as Executive Vice President and CIO

Generated on 2021-01-06 23:55:13.237032