IT Security News Daily Summary 2021-01-07

• Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws

• F5 to Acquire Volterra in Deal Valued at $500 Million

• Trump Sex Scandal Video Is a RAT

• Even Small Nations Have Jumped into the Cyber Espionage Game

• The Top Cybersecurity Certifications in 2021

• Juspay data breach 35 million customers’ card data sold on dark web

• Chicago launches health analytics platform for COVID-19

• How government can rebuild digital infrastructure and support diversity and inclusion

• How AI helped California’s DMV adapt to COVID closures

• How to position state and local government workers for success in 2021

• 10 fastest-growing cybersecurity skills to learn in 2021

• Homebrew: How to install vulnerability tools on macOS

• All Aboard the Pequod!

• Apple Car Won’t Be Ready for At Least Half a Decade

• Hackers Actively Exploiting Leading VPN

• Security Experts Insight On Nissan Source Code Leaked

• Why Red Team Testing Rules the Cloud

• Volunteer civic techies help states with legacy systems

• Ryuk gang estimated to have made more than $150 million from ransomware attacks

• Fired Healthcare Exec Stalls Critical PPE Shipment for Months

• How to quickly check to see if your Linux server is under a DDoS attack from a single IP address

• Ezuri Memory Loader Abused in Linux Attacks

• Defending against SolarWinds attacks: What can be done?

• How the Shady Zero-Day Sales Game Is Evolving

• Ransomware Victims’ Data Published via DDoSecrets

• XKCD ‘Egg Strategies’

• DEF CON 28 Safe Mode Lock Picking Village – D1dymu5’s ‘Hybrid PhySec Tools’

• CES 2021: OWC Introduces Thunderbolt 4 Dock, New Storage Drives, and More

• Accessory Makers Begin Preparing for AirTags Launch

• Medical Equipment Packaging Company Hacker Sentenced

• Zyxel Backdoor Account Being Abused by SSH Scanners

• Nissan Source Code Leaked After Source Control Misconfiguration Discovered

• BrandPost: How to Create a Security-first Mindset

• Biometrics: Choosing the Right Option for Your Security

• CISA: Hackers access to federal networks without SolarWinds

• Months after this ‘serious’ cyber-attack, stolen data has been leaked online by hackers

• New Year, New Ransomware: Babuk Locker Targets Large Corporations

• Threatpost Poll: Weigh in on Ransomware Security

• Managed Intelligence Firm Nisos Raises $6 Million

• Top 5 SASE use cases balance network connectivity, security

• Army Reserve Gets First Cyber General

• North Korea-linked APT37 targets South with RokRat Trojan

• Satechi Launches New Backlit Keyboards, iPad Stand

• Here’s How the Capitol Mob Violated Federal Criminal Law

• Cybersecurity and the Occupation of the Capitol

• 3 Advanced Ways Cybercriminals Execute Cyberattacks Against the Banking and Financial Sector

• API Security Weekly: Issue #115

• Capitol rioters planned for weeks in plain sight. The police weren’t ready.

• Data stolen in cyber-attack has been leaked online by hackers, says council

• US Jails Cuban Credit Card Skimming Crew

• Security Expert listed the largest data leaks of Russian residents in 2020

• Critical Data Security Controls Every Organization Needs

• WhatsApp/Facebook Data Sharing: Pants On Fire?

• Review: Satechi’s Latest Wireless Charger Has a Magnet, But Isn’t MagSafe

• New Year’s Resolution: Cull Your Notifications – Intego Mac Podcast Episode 169

• How to Uninstall Flash Player

• Hackney Council Hackers Post Stolen Documents

• Fake Trump’s scandle video campaign spreading QNode RAT

• Bridge the Gap between Security and IT in Cloud Workload Protection

• Lacework Banks $525 Million as Cloud Security Market Heats Up

• Perseverance. Pushing Security Operations Forward in 2021

• Data Stolen from London Council Published Online

• New WhatsApp Privacy Policy Will Require Users To Share Data With Facebook

• Adobe Flash Player Reaches End of Life but Will Continue to Challenge Cybersecurity

• Researcher Exposes Telegram’s Location Bug, Company Say It’s a Feature

• Aurora Cannabis Breach Exposes Personal Data of Former, Current Workers

• Google Releases Security Updates for Chrome

• Mozilla Releases Security Updates for Firefox, Firefox for Android, and Firefox ESR

• #CiscoChat Live: Recapture Your Time and Get More Out of Secure Remote Working

• What is the ROI of Checkmarx Application Security Testing (AST)?

• How to Communicate Application Security Success to Your Executive Leadership

• Microsoft 365 Security for Extended Detection and Response

• Using the NIST Database and API to Keep Up with Vulnerabilities and Patches (Part 1 of 3), (Thu, Jan 7th)

• Directly related to today’s main story on CPE/CVEs – Code Exec in Cisco Jabber, all platforms https://nvd.nist.gov/vuln/detail/CVE-2020-26085, (Thu, Jan 7th)

• Trump Locked Out Of All Social Media Accounts As He Threatens The Security Of U.S. Democracy

• Hack The Army Bug Bounty Challenge Invites Hackers

• DoJ Says SolarWinds Hackers Accessed Their Email

• Disgruntled Former VP Hacks Company, Disrupts PPE Supply, Gets Jail

• JetBrains deny SolarWinds involvement

• Hackney Council documents stolen in ransomware attack

• “I have full control of your device”: Sextortion scam rears its ugly head in time for 2021

• What is Solorigate

• And the award goes to…NetApp

• WhatsApp Will Share Data With Facebook, Despite User Wishes

• Cobalt Strike and Metasploit accounted for a quarter of all malware C&C servers in 2020

• NSA Issues Guidance on Replacing Obsolete TLS Versions

• Panaseer Appoints Jonathan Gill as New CEO

• SolarWinds Hack Investigation Now Points to JetBrains as a Possible Weak Link in the Cyber Kill Chain, New York Times Reports

• Cisco Talos Researchers Discovered Multiple Susceptibilities in SoftMaker Office TextMaker

• The 3 Most Common Types of BEC Attacks (And What You Can Do About Them)

• Activists Leak Data Stolen in Ransomware Attacks

• Adversary Infrastructure Report 2020: A Defender’s View

• CES 2021: JBL Introduces New Dolby Atmos Sound Bar With AirPlay 2 Support

• Intel wheels out new face authentication product that works a lot like Apple’s FaceID

• NEC Facial Recognition Works Despite Masks

• What is a Self-Signed Certificate? | Keyfactor

• Quick Hits

• CHERRY on the Future of Work & Society – Gazing into the Crystal Ball

• You should install antivirus on your Android smartphone, but which one?

• Google Pays Out Over $100,000 for Vulnerabilities Patched With Chrome 87 Update

• Deepfake Technologies Set to Become Major Threat to Businesses

• Meet Oski Stealer: An In-depth Analysis of the Popular Credential Stealer

• Multiple flaws in Fortinet FortiWeb WAF could allow corporate networks to hack

• Can Trump Be Stopped?

• 16-31 December 2020 Cyber Attacks Timeline

• Lacework raises $525 million to automate cloud security and compliance

• Apply now to join Transform this July 2021

• Vulnerabilities in Fortinet WAF Can Expose Corporate Networks to Attacks

• S3 Ep14: Money scams, HTTPS by default, and hardcoded passwords [Podcast]

• Kaspersky and Alias Robotics Partner to Secure Robots in OT Infrastructure

• Principal Who Stole Students’ Nudes Fined $3.6 Million

• Threat Actor Posts Credit Card Info of 10,000 Amex Customers for Free on Hacking Forum

• Enhancing Customer Application Security: A Case Study

• Augmenting Legacy GRCs During Cyber Risk Transformation

• US Govt kicked off ‘Hack the Army 3.0’ bug bounty program

• Apple Watch May Display Incorrect Altitude Readings in Unusual Weather Conditions

• Anatomy of an Attack:  Password-Protected Files Attached to Emails

• CISSPs from Around the Globe: An Interview with Angus Macrae

• Nvidia Acquisition Of ARM Faces Competition Probe

• Former VP with an ax to grind hacks company, disrupts PPE supply, earns jail term

• Hack the Army bug bounty challenge asks hackers to find vulnerabilities in military networks

• Facebook’s Mandatory Data-Sharing Rules for WhatsApp Spark Ire

• DoJ: SolarWinds Attackers Hit Thousands of O365 Inboxes

• NSA Issues Guidelines for Eliminating Obsolete TLS Protocols

• Extracting Personal Information from Large Language Models Like GPT-2

• Report: iPhone 12 is 21% More Expensive to Make Than iPhone 11

• British Airways to pay £3bn in breach settlement

• Covid-19 Vaccine Passports | Avast

• North Korean hackers launch RokRat Trojan in campaigns against the South

• Investigation Launched Into Role of JetBrains Product in SolarWinds Hack: Reports

• Social Media Neuters Trump’s Accounts After Fans Storm Capitol

• How and Why You Should Use Amazon Kinesis for Your Data Streams

• DigiTimes: Mini-LED MacBook Air to Launch in 2022

• Service NSW government app down after outage

• Funke Media Group suffers nationwide ransomware attack in Germany

• Twitter, Facebook Block Donald Trump After Four Die In Capitol Siege

• December 2020’s Most Wanted Malware: Emotet Returns as Top Malware Threat

• FCW Insider: Jan. 7

• Over a Third of TMT Firms Hit by Security Breach in 2020

• Creating A Strong Password Policy With Specops and NIST Guidelines

• TikTok Debuts Its First AR Effect to Use LiDAR in iPhone 12 Pro Models

• T-Mobile Got Hacked Again at the End of 2020

• 33 hardware and firmware vulnerabilities: A guide to the threats

• 4 ways attackers exploit hosted services: What admins need to know

• Bug Bounty Program Launched to Discover US Army Vulnerabilities

• What is Web Application Security and Why is it Important?

• The Connection Between GoldenSpy and MEDoc: Reducing the Security Risk of Doing Business

• Comment: Babuk Ransomware Operation – Ransomware Is The New Cybersecurity Fad

• 3 Powerful Ways To Keep Your Remote Workers Cybersafe And Secure

• Is Credit Karma Safe? Need to Know Before Creating Your Account

• WhatsApp Updates – Users Must Agree on New Privacy Policy to Continue Using the App

• Thallium Altered the Installer of a Stock Investment App

• Want to add antivirus to your existing portfolio?

• SolarWinds Hackers Also Accessed U.S. Justice Department’s Email Server

• RDP Attacks on the Rise During COVID-19 Pandemic

• What happens when a Chrome extension with 2m+ users changes hands, raises red flags, doesn’t document updates? Let’s find out

• A hacker’s predictions on enterprise malware risk

• Israel to build a Cybersecurity Headquarters serving manufacturers

• Joe Biden appoints new Cybersecurity chief for White House

• The NYSE ban on three Chinese telcos is back

• Digital transformation taking shape in 2021

• Hospitals under siege: 5 ways to boost cybersecurity as the COVID-19 vaccine rolls out

• JetBrains’ build automation software eyed as possible enabler of SolarWinds hack

• Why application-layer encryption is essential for securing confidential data

• How secured are touchless solutions?

• How have digital transactions become safer?

• Ghidra 101: Slice Highlighting

• JetBrains denies being involved in SolarWinds hack

• Over 500,000 Credentials of two Dozen Leading Gaming Firms Leaked Online

• ISC Stormcast For Thursday, January 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7318, (Thu, Jan 7th)

• JetBrains denies being the origin point of the SolarWinds hack

• Apple Launches Special Edition Ox-Themed AirPods Pro in China for Chinese New Year

• Iridium Edge Solar: A solar-powered remote asset tracking and management device

• SUNBURST Additional Technical Details

• Use el acceso condicional para mejorar la postura de seguridad de su fuerza de trabajo remota

• LogMeIn appoints Jamie Domenici as Chief Marketing Officer

• SolarWinds hackers had access to roughly 3% of US DOJ O365 mailboxes

• Greg Nicastro joins SmartBear as EVP/GM of Products and Technology

• 2021-01-06 (Wednesday) – Remcos RAT infection

• DOJ says it was hit by SolarWinds hackers

• NSA Urges SysAdmins to Replace Obsolete TLS Protocols

• Customizing your sudo password prompt

• How to customize your sudo password prompt

• Nissan Source Code Leaked via Misconfigured Git Server

• Healthcare Organizations Bear the Brunt of Cyberattacks Amid Pandemic

• CISA Updates Emergency Directive 21-01 Supplemental Guidance and Activity Alert on SolarWinds Orion Compromise

• United States Congress stormed by violent followers of defeated president, Biden win confirmation halted

• IT Security News Daily Summary 2021-01-06

• It’s Not the Trump Sex Tape, It’s a RAT

• post-quantum cryptography

• WhatsApp will share your data with Facebook and its companies

• Apple Launches Annual ‘Back to University’ Promo in Australia, New Zealand, South Korea and Brazil

• Apple Releases Safari Technology Preview 118 With Bug Fixes and Performance Improvements

• United States Congress stormed by armed supporters of defeated president, Biden win confirmation halted

• Feds Issue Recommendations for Maritime Cybersecurity

• ‘Earth Wendigo’ Hackers Exfiltrate Emails Through JavaScript Backdoor

• The SolarWinds attacks: What we know so far

• Friction Affliction: How to Balance Security With User Experience

• DoJ’s Microsoft 365 Email Accounts Compromised in SolarWinds Attacks

• US Capitol Breached By MAGA Idiots With Guns

• SolarWinds fallout: DOJ says hackers accessed its Microsoft O365 email server

• Linux: How to create a new user with admin privileges

• Integrating Fraud Data Into Your Workflow

• Justice Department Says It’s Been Affected by Russian Hack

• Poor Software Quality Costs US $2.08tn

• DEF CON 28 Safe Mode Sunday – Ismail Melih Tas’ And Kubilay Ahmet Kucuk’s ‘Practical VoIPUC Hacking Using Mr SIP’

• Software Supply Chain Attacks: From Formjacking to Third Party Code Changes

• Customer Story | Oregon Youth Corrections Education Program Enables Connected Classrooms in Google for Education

• Next Low-Cost iPad Said to Feature Thinner, Lighter Design

• ElectroRAT Drains Crypto Wallets

• British Airways Plans £3bn Breach Settlement

• Google fixed a critical Remote Code Execution flaw in Android

• Intel Aiming to Bring Face ID-Like Authentication to ATMs, Gates, Door Locks, and More With ‘RealSense ID’

• Physicists observe competition between magnetic orders

• SolarWinds hackers accessed DOJ emails but there’s no indication they reached classified systems

• First New Enterprise Ransomware of 2021 Arrives

• New Phishing Campaign Delivering QRAT

• WhatsApp wants you to accept its new terms or call it quits

• In final days, Trump cracks down on Chinese apps

• Are security and connectivity on your 2021 to do list, yes? Here’s what to do first

• US government fingers Russia for SolarWinds-based cyberattack

• Researchers Warn of New Ransomware Targeting Enterprise Networks

• Zyxel hardcoded admin password found – patch now!

• US Intelligence Task Force Accuses Russia Of Cyber Attack

• Telecommunication Security Use Cases

• Apple Reportedly Reached Agreement to Support Paris Metro Navigo Cards in Wallet

• Review: Jackery’s Explorer 500 Portable Power Station is Useful for Power Outages, Emergencies and Camping

• Samsung’s 2021 Q7 TVs Offer ‘Smart Trainer’ Option That Analyzes Posture in Real Time During Workouts

• Russia Behind SolarWinds Hack – US Intelligence

• Intel launches RealSense ID for on-device facial recognition

• Nissan source code leaked online after Git repo misconfiguration

• Cybercriminals Ramp Up Exploits Against Serious Zyxel Flaw

• Dragos Hires Former PepsiCo Deputy CISO Steve Applegate

• 10 cybersecurity best practices and tips for businesses

• Privacy breaches: Using Microsoft 365 Advanced Audit and Advanced eDiscovery to minimize impact

• Ethical hackers training for Tokyo 2020 Olympics and Paralympic Games

• YouTube Reinstates TalkRadio Channel After Ban Decision

• Proactive Hunting with Intezer

• This new phishing attack uses an odd lure to deliver Windows trojan malware

• Feds Pinpoint Russia as ‘Likely’ Culprit Behind SolarWinds Attack

• SoftMaker Office Vulnerabilities Allow Code Execution via Malicious Documents

• The human firewall’s role in a cybersecurity strategy

• Juspay, the Payment Platform of Leading Online Merchants Amazon and Swiggy Suffers Data Breach

• How to Protect Your Organization’s Digital Footprint

• A Cyber Risk Mentality Shift in the Midst of a Pandemic

• Fake Trump sex video used to spread QNode RAT

• Telegram Triangulation Pinpoints Users’ Exact Locations

• SMS Phishing Is Getting Out Of Control

• US Intelligence Task Force Accuses Russia Of Cyber-Hack

• Ho Mobile To Replace SIM Cards After Massive Data Breach

• Apple Glasses Reportedly Progressing Towards Engineering Verification Stage With Focus on Battery Life and Weight

• Sonnet Announces New eGPU Docks With AMD Radeon RX 5000 Series GPUs and Support for Pro Display XDR

• Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat

• What should you do with an old Android smartphone? And how old is too old?

• U.S. Government Announces ‘Hack the Army 3.0’ Bug Bounty Program

• Secure Chorus Transfers Ownership of Encrypted Messaging App Standards to ETSI

• Vodafone Subsidiary Issues Replacement SIMs for 2.5 Million Customers Amid Major Data Breach

• Ticketmaster Pays Up for Hacking a Rival Company

• A Deep Dive into Lokibot Infection Chain

• What is the cost of poor software quality in the U.S.?

• Scans for Zyxel Backdoors are Commencing., (Wed, Jan 6th)

• Apple Highlights Services in 2020 as App Store Sets Single-Day Spending Record on New Year’s Day

• 14-Inch and 16-Inch MacBook Pro Models Expected to Boost Apple Silicon’s Market Share in Second Half of 2021

• Deals: Get Up to $150 Off iPad Pro and Up to $50 Off iPad Air in New Sales

• The DCH Ransomware Attack: A Teachable Moment in Cyber-History

• Julian Assange Denied Bail, Despite Extradition Halt

• NCSC Releases Consumer Guide for Purchasing or Selling Second-Hand Devices

• Russian experts give tips on how to prevent personal data leakage

• Hackers Using Fake Trump’s Scandal Video to Spread QNode Malware

• Security Outcomes Report: Top Findings from Around the World

• Nucleus Cyber Announces Close of Acquisition by archTIS

• Mandatory WhatsApp Privacy Policy Update Allows User Data to be Shared With Facebook

• Common Vulnerabilities Associated With Remote Access

• President Trump Blacklists Eight Chinese Apps

• Cloud Security vs. Network Security: What’s the Difference?

• Class Action Lawsuit Filed Against SolarWinds Over Hack

• BlueVoyant Enters Strategic Partnership with Third Party Risk Management Consultancy

• India the Internet Blackout Capital of the World

• 6 Open Source Tools for Your Security Team

• Activists Publish a Vast Trove of Ransomware Victims’ Data

• Manage IT on the go with our incredibly effective mobile apps

• Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

• Microsoft Edge History and Tab Sync Features Start Rolling Out

• Cybersecurity Expert Reacted On Banking Trade Body Calls For Increased Contactless Payment Limit

• Russia possibly behind government agency hacks

• New phishing scam impersonates government officials

• Tokyo Olympics train ethical hackers to protect against cyber-attacks

• Google CAPTCHA broken by speech-to-text AI

• unCAPTCHA3 evades Google Audio reCAPTCHA with Speech-to-Text API

• How to prepare for and respond to a SolarWinds-type attack

• SolarWinds hack is a wakeup call for taking cybersecurity action

• Google To Add Privacy Labels To Its iOS App Portfolio

• FBI, CISA, ODNI, and NSA Says Russian Threat Actors Behind SolarWinds Hack

• FCW Insider: Jan. 6

• Cyber criminals are taking aim at online gaming for their next big pay day

• Most Public Sector Victims Refuse to Pay Ransomware Gangs

• Dark Web User Numbers Spiked During #COVID19 Lockdown

• Trump Administration Prohibits Use of Eight Chinese Apps

• NameSouth’s Data Leaked for not Paying Ransom to Cybercriminals

• CKS Certification Study Guide: Minimize Microservice Vulnerabilities

• The Significance of Q in Communications

• Backdoor in Zyxel Firewalls and Gateways

• ‘Minecraft Earth’ Mobile AR Game to Shut Down Later This Year

• iPhone 13 Pro Models to Use Samsung LTPO Technology for 120Hz Display

• A Connection Between Carers And Patients, Requires Connected Technologies

• Expert On US intel Agencies Blame Russia For Massive SolarWinds Hack

• CISA Cites Likely Russian Solar Winds Involvement – Expert Perspective

• Zero Trust Against Nation-State Attacks: Expert Explains What It Is Vital

• Cloud security provider iboss raises $145 million

• Adobe Flash Player reaches end-of-life

• Singapore Admits Police Can Access Contact-Tracing Data

• US: Fewer Than 10 Govt Agencies Hit by SolarWinds Attack

• Trump Signs Executive Order to Ban US Transactions With WeChat Pay and 7 Other Chinese Apps

• WhatsApp Will Delete Your Account If You Don’t Agree Sharing Data With Facebook

• Today Marks the 10th Anniversary of the Mac App Store

• Looking for adding new detection technologies in your security products?

• FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack

• How to Choose the Right SOC 2 Auditor

• Security Analysis: The Rise of Cybercrime Underworld and Hacking Groups

• A Quick Look Into Cloud Access Security Brokers (CASB)

• A Quick Look Into Cloud Workload Protection Platforms (CWPP)

• Why you should make cyber risk a business gain, not a loss

• Cyber Attacks on healthcare sector increased by 45% across the globe

• China APT27 hacking group starts Ransomware campaign

• Stolen employee credentials put leading gaming firms at risk

• The 5G toolbox of defense

• ‘Tis the season for session hijacking – Here’s how to stop it

• ‘Twas the night before InfoSec

• Keeping Your Garage Secure Using a Raspberry Pi

• NIST SP 800-128 – Because Patching May Never Fix Your Hidden Flaws

• Video surveillance trends that will shape 2021

• 60% of companies’ IT modernization programs not ready for the future

• Trump administration bans eight Chinese apps

• Trump Widens US Ban on Chinese Apps as His Term Nears End

• ISC Stormcast For Wednesday, January 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7316, (Wed, Jan 6th)

• Ninth Circuit Says President Trump Can Ban Immigrants Without “Approved” Health Insurance

• Exium launches Secure 5G NaaS powered by a zero-trust Intelligent Cybersecurity Mesh

• ElectroRat crypto-stealing malware hits MacOS, Windows, Linux devices

• Alipay among eight Chinese apps banned in latest Trump executive order

• Caveonix raises $7.3M to continue innovation, market expansion and strategic partnership development

• CommScope releases NVG578LX 2.5G GPON Wi-Fi 6 residential gateway

• Oakland Privacy and the People of Vallejo Prevail in the Fight For Surveillance Accountability

• Has Cyber Risk Increased Due to the Rapid Rise in Telehealth Use?

• SolarWinds Breach is the Rule, Not an Exception

• Google Planning to Update iOS Apps With Privacy Labels Soon

• MTI promotes Mary Jesse to Chief Executive Officer

• Vertiv appoints Stephanie Gill as Chief Legal Counsel and Corporate Secretary

• VPN usage is increasing, says December 2020 survey

• FBI, CISA, ODNI and NSA blames Russia for SolarWinds hack

• Apple to Announce Q1 2021 Earnings on January 27

• Comparison: M1 MacBook Pro vs. Razer Book 13

• Angira Agrawal joins Skylo as COO

• Ah, right on time: Hacker-slammed SolarWinds sued by angry shareholders

Generated on 2021-01-07 23:55:12.274216