IT Security News Daily Summary 2021-02-16

• Cybersecurity trends affecting cybersecurity stocks in 2021

• What’s the best cloud for OLTP?

• Understanding the intelligent edge

• How to increase access to supercomputers

• DDoS Attacks Wane in Q4 Amid Cryptomining Resurgence

• Let’s Encrypt Gears Up to Replace 200M Certificates a Day

• Complaint Blasts TikTok’s ‘Misleading’ Privacy Policies

• North Dakota Senate Shoots Down App Store Bill Apple Said Would ‘Destroy the iPhone’

• Apple Says Some iPhone 12 Hardware Issues Will No Longer Require Replacing the Entire Device

• Malvertiser abused WebKit zero-day to redirect iOS & macOS users to shady sites

• Neighbor Revealed as Cyber-Stalker

• Joy Of Tech®’s ‘Facebook’s New Mission: We Need To Inflict Pain On Apple!’

• BSidesSF 2020 – Or Katz’s ‘Creating Threat Intelligence Signals In A “Zero Trust” Environment’

• How Ayn Rand’s Philosophy Inspired Assassination of JFK

• Throwboy Offers Blankets Modeled After Classic Macintosh and Finder Icon

• Parallels 16 for M1 Macs Gets Technical Preview 2 Update With New Features

• SHAREit app for Android said to share way too much: Billion-download code with holes no one wants to fix

• Android app with 1 billion users fails to fix flaws; expose to malware

• Industry presses for tech funding in COVID relief amid Senate opposition

• Microsoft to add ‘Kids Mode’ to Chromium-based Edge browser

• Europeans Unhappy with TikTok’s Child Safety Policy

• Strata Identity Raises $11M in Series A Round

• Secure Workload Protection: Extending Micro Perimeters and Automation to Enterprise IaaS

• Everything New in iOS 14.5 Beta 2: New AirPods Max Emoji, Green Tint Fix, iPad Security and More

• Afternoon Cyber Tea: Evaluating individual and organizational cyber risk in a pandemic

• RDP, the ransomware problem that won’t go away

• ScamClub Malvertising Leveraged Zero-Day Vulnerability in Browsers

• ANSSI Links Attacks Against French Hosting Providers to Russian Military Intelligence Agency

• NPM Package Repository Seeing Flood of Supply Chain Attack Attempts

• VMware Patches Command Injection Vulnerability in vSphere Replication

• BrandPost: Next-generation SIEM for Healthcare: Here’s What to Consider When Considering SIEM

• NordVPN vs. Surfshark: Which VPN is best for you?

• Singapore puts budget focus on transformation, innovation

• The fine line between global COVID-19 protocols and privacy

• WebKit Zero-Day Vulnerability Exploited in Malvertising Operation

• Which? Flags Fake Amazon Reviews

• Under Attack: Hosting & Internet Service Providers

• The NSA Wants Businesses to Use DoH. Here’s What You Need to Know.

• Mandiant Exposes APT1 – One of China’s Cyber Espionage Units &
  Releases 3,000 Indicators

• A Totally Tubular Treatise on TRITON and TriStation

• How to Simplify Onboarding Employees to Their Applications with SCIM

• On Demand Webinar featuring Solid Sands | Safety and Security Critical Software: Start with the End in Mind

• Apple Seeds Second tvOS 14.5 Beta to Developers

• Apple Seeds Second Beta of watchOS 7.4 to Developers

• Apple Seeds Second Betas of iOS 14.5 and iPadOS 14.5 to Developers

• iPadOS 14.5 Beta 2 Mutes Built-In Microphone on iPad When Smart Folio is Closed

• Apple Offering Discounts on Fitness Subscription Apps for Apple Card Users

• Introducing DAIC: A Suggested System for Preventing BEC Fraud

• 7 steps for a network and IT security foundation

• Yandex Email Admin Sold His Inbox Access and Compromised Almost 5,000 Accounts

• More weirdness on TCP port 26, (Tue, Feb 16th)

• LastPass Limiting Free Accounts to Either Computer or Phone

• PSA: App Store Bug Hiding App Update Buttons for Some Users

• How the Federal Government Investigates and Prosecutes Domestic Terrorism

• Egregor ransomware hit by arrests

• Bitcoin Breaches $50,000 Barrier For First Time

• Firewall Services and More: What’s Next for IT?

• LastPass making changes free service

• NordVPN vs. ExpressVPN: Which VPN is best for you?

• Microsoft Pulls Bad Windows Update After Patch Tuesday Headaches

• Misconfigured Baby Monitors Allow Unauthorized Viewing

• Palo Alto Networks Buys Bridgecrew in ‘Shift Left’ Cloud Security Push

• Security Firm Sues Facebook For Banning Lookalike Domains Used For Phishing Tests

• Palo Alto Networks Plans to Acquire Cloud Security Firm

• Don’t let AppSec tool overload slow down your development

• Security Intelligence Handbook Chapter 9: Manage Third-Party Risk in Real Time

• Hyper Introduces MagSafe-Compatible Charging Stand for iPhone 12 and AirPods

• Cyber Attack news headlines trending on Google

• One sticker could have exposed your Telegram secret chats

• This cybersecurity threat costs business millions. And it’s the one they often forget about

• Facebook Announces Payout Guidelines for Bug Bounty Program

• Romance scams at all-time high: here’s what you need to know

• Black History Month 2021: Time to Talk Diversity and Cybersecurity

• Fighting Fileless Malware, Part 3: Mitigations

• Hackers abusing the Ngrok platform phishing attacks

• Inside the Cyber Fusion Center

• Mercedes Recalls Millions Of Cars Over Software Bug

• New Feature: Get More Context for your Analysis with TTPs

• Solving 5 Challenges of Contact Tracing Apps

• Pure Storage’s Purity software update includes ransomware recovery tools

• Unpatched Android App with 1 Billion Downloads Threatens Spying, Malware

• State of malware: 3 key findings in the latest Malwarebytes report

• Top 5 security risks to connected cars, according to Trend Micro

• French Firm Centreon Denies ‘Damaging’ Hacking Claims

• Strata Raises $11 Million to Tackle Multi-Cloud Identity Management

• Threat Actors Targeting British Users in a Facebook Phishing Campaign

• Strata Identity Raises $11M in Series A Funding Led by Menlo Ventures for Technology that Revolutionizes Multi-Cloud Identity

• VigiTrust Launches Foundational Risk Assessment on VigiOne Platform

• North Korea Accused Of Hacking Pfizer For Covid-19 Vaccine Data

• Obvious Supply Chain Attack Hits Dozens Of Companies

• Cybercrooks Rake In $304M In Romance Scams

• Unpatched Android App With 1 Billion Downloads Threatens Spying, Malware

• Apple Launches Entrepreneur Camp for Black Founders and Developers

• Apple Wins Patent for iPhone Display With Variable Refresh Rates Up to 240Hz

• Deals: Get Up to $100 Off Apple’s iPad Pro and iPad Air in Latest Sales

• IT Asset Management Best Practices: An Overview

• Extortion, precision malware, and ruthless scams. Read the State of Malware 2021 report

• Malvertiser “ScamClub” Bypasses Iframe Sandboxing With postMessage() Shenanigans [CVE-2021–1801]

• How Big Data Is Transforming the Education

• Member Profile: My Expedition Through nmap Lab How to get through the NMAP room in Tryhackme >

• Strata Identity raises $11 million to unify identity management in a multi-cloud world

• Several Vulnerabilities Found in Popular File Sharing App SHAREit

• #DTX Tech Predictions Mini Summit: Focus on Security When Expanding Digital Presence

• How to Avoid Phishing Emails and Scams

• Unpatched ShareIT Android App Flaw Could Let Hackers Inject Malware

• Learn How to Manage and Secure Active Directory Service Accounts

• Democratizing Threat Hunting: How to Make it Happen for Everyone

• ZeroNorth’s New Advanced AppSec Analytics Empower Organizations to Make Informed Strategic Risk and Operational Decisions

• Palo Alto Networks Updates Remote Security Platform

• Apple May Launch 7-Inch Foldable iPhone With Apple Pencil Support in 2023

• Hackers exploited Centreon monitoring software to compromise IT providers

• How Do I Advance My Career in the Cybersecurity Field?

• Google, Microsoft, Qualcomm Object To Nvidia Acquisition Of ARM

• Apple patches severe macOS Big Sur data loss bug

• Supply chain attacks are on the rise: Check your software build pipeline security

• Industry Leaders Javvad Malik and Wendy Nather to Headline Infosecurity Magazine Online Summit

• 124 Million Rows of Customer Data Exposed Through Leaky Adorcam Database

• Palo Alto Next Generation Firewall Detected With Four Vulnerabilities

• 2034, Part IV: The Spratly Islands Ambush

• Managed Service Provider? Watch This Video to Learn about Autonomous XDR

• First Smartphone Enabled COVID-19 Rapid Antigen Test Awaits FDA Approval

• Doppler Music Player to Gain Siri Support, Spotlight Integration, and CarPlay App

• Expert Reaction On Voice Call Exploitation Study

• Volkswagen Blames Chip Makers For Silicon Shortage

• North Korea ‘Tried to Hack’ Pfizer for Vaccine Info – South’s Spies: Reports

• Police Target Irish Family in €4m Money Laundering Probe

• Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

• Employee Security Training Proven Not Enough

• Mac Malware Detections Dropped 38% in 2020, Most Still Adware

• Vivid Money Neobank Now Supports Apple Pay in France

• TikTok Faces Consumer Law and Child Safety Complaints Across EU

• What is DLP Security? Definition, Benefits, and More

• Diversity in security: How 3 organizations are making a difference—one relationship at a time

• CSO’s guide to the worst and most notable ransomware

• Parler App Back Online Using ‘Independent’ Tech

• Why You Can’t See The App For The Microservices

• Emerging Mobile Threats and How to Prevent Them

• Quick Hits

• FCW Insider: Feb. 16

• Most Europeans Don’t Know How to Report Cybercrime

• Vulnerability Scanning Tools – Why Not Open-Source?

• Expert Advise To New Phishing Campaign Using Bazar Trojan

• Keeping The COVID-19 Supply Chain Secure

• Google Has Not Updated Its iOS Apps For Two Months

• FDA Medical Device Cybersecurity | Avast

• Myanmar’s proposed cybersecurity bill draws wide condemnation

• Microsoft: 1000+ Hackers Worked on SolarWinds Campaign

• Popular SHAREit app is affected by severe flaws yet to be fixed

• DDoS attacks in Q4 2020

• Controlling Smart Lights Using Dumb Switches with Shelly and Home Assistant

• A new Bluetooth overlay skimmer block chip-based transactions

• France’s cyber-agency says Centreon IT management software sabotaged by Russian Sandworm

• Application security testing is not just buzzwords

• US court sentenced Ukrainian to seven years in prison for electronic fraud

• Yandex Suffers Data Breach, Exposes Email Accounts

• Measuring Security Risk vs. Success

• Cloud Security Remains Elusive in Public Sector

• Overcoming Privacy Inertia to Protect Data

• Top 10 most used MITRE ATT&CK tactics and techniques

• Indonesia’s Proposed Online Intermediary Regulation May be the Most Repressive Yet

• Turkey’s Free Speech Clampdown Hits Twitter, Clubhouse — But Most of All, The Turkish People

• Hackers targeted IT monitoring company Centreon to breach organizations over 3 year period

• Losses to romance scams reached a record $304 million in 2020

• Enable secure remote workspaces without trashing your entire IT infrastructure

• Ge.tt – 2,481,121 breached accounts

• Ransomware news trending on Google

• Keep your e-wallets safe from Cyber Attacks says Kaspersky

• Record‑breaking number of vulnerabilities reported in 2020

• Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities

• Microsoft’s Unified Office App for Mobile Now Compatible With iPad

• The cybersecurity issues of seismic monitoring devices

• Why contextual machine learning is the fix that zero-trust email security needs

• CISOs report that ransomware is now the biggest cybersecurity concern in 2021

• Operators Behind Egregor Ransomware Arrested by Ukrainian, French Police

• How Joining a Professional Community Can Supercharge Your Career and More

• Cybersecurity Challenges for the European Railways

• A Sticker Sent On Telegram Could Have Exposed Your Secret Chats

• White Paper – How Behavioral Biometrics Prevents Fraud While Ensuring Positive Customer Experiences

• Cybersecurity spending for critical infrastructure to reach $105.99 billion in 2021

• Consumers not protecting data online despite having privacy concerns

• Yandex Data Breach – Employee Caught Selling Access to User Accounts

• Automating scam call blocking sees Telstra prevent up to 500,000 calls a day

• ISC Stormcast For Tuesday, February 16th, 2021 https://isc.sans.edu/podcastdetail.html?id=7374, (Tue, Feb 16th)

• Cyber Underground General Intelligence Requirements Handbook

• How one man silently infiltrated dozens of high-tech networks

• Actiphy launches next-gen ActiveVisor, a management solution for ActiveImage Protector backup clients

• Belkin unveils Secure KVMs portfolio designed for NIAP protection Profile 4.0 compliance

• Uplevel your SOC with one tool and the insights behind it- Part 2

• Twitter deems Australia’s account takeover warrant as antithetical to democratic law

• Security bugs left unpatched in Android app with one billion downloads

• Researchers want Australia’s digital ID system thrown out and redesigned from scratch

• bp joins IBM Quantum Network to advance the use of quantum computing in the energy industry

• Tyto Athene and Tellabson launch ACUITY LAN to bring network readiness in a two person carry form-factor

• IQM Quantum project consortium to accelerate Europe’s Quantum leadership efforts

• Cisco and Japan collaborate on mass-scale digitization to support inclusive pandemic recovery

• Top 100 Cybersecurity Books

• Top 100 Cybersecurity News Sites

• uCloudlink partners with Cello to accelerate global expansion plans in North America

• Bluetooth Overlay Skimmer That Blocks Chip

• VMware fixes command injection issue in vSphere Replication

• IT Security News Daily Summary 2021-02-15

• Experts Believe Facebook Isn’t Doing Enough To Fight Vaccine Misinformation

• France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers

• Revised macOS Big Sur 11.2.1 Update Properly Checks Free Available Space to Prevent Installation Errors

• Cybercrooks Rake in $304M in Romance Scams

• France Ties Russia’s Sandworm to a Multiyear Hacking Spree

• BSidesSF 2020 – Bryan Zimmer’s ‘So You’re The First Security Hire’

• US Cyber Command Valentine’s Day Cryptography Puzzles

• Celebrating Black History Month on Insta

• Vulnerability Patching: Why Does It Fall Short So Often?

• Brave New World: Safari Content Blocking

• MSSP Visionary Takes Bold Step into the Future

• Google Meet is getting an important new security feature

• Sandworm Hackers Hit French Monitoring Software Vendor Centreon

• UK’s Top Cyber Schools Revealed

• Apple Offering Free Repairs for Apple Watch Series 5 and SE Models With Power Reserve Issue Not Fixed by watchOS 7.3.1

• French Hospital Hit with Egregor Ransomware

• Egregor Ransomware Members Arrested by Ukrainian, French Police

• Canadian Rental Car Company Targeted by DarkSide Ransomware

• Scammers Target U.S. Tax Professionals

• Court docs show FBI can unlock iPhones, access Signal messages

• Unleash the Power of MITRE for a More Mature SOC

• 270 addresses are responsible for 55% of all cryptocurrency money laundering

• Microsoft Azure and Canonical Ubuntu Linux have a user privacy problem

• France: Russian state hackers targeted Centreon servers in years-long campaign

• Linux 101: How to remove legacy communication services

• Mercedes Issues eCall Recall

• IRS Warns of EFIN Scam

• OSINT: Mapping Threat Actor Social Media Accounts

• BSidesSF 2020 – Amol Sarwate’s ‘Real Time Vulnerability Alerting’

• 10 Reasons Check-the-Box Compliance Puts Your Organization at Risk

• CommitStrip ‘Experts’

• DisplayLink Manager Updated With Native Support for M1 Macs and More

• Apple Releases watchOS 7.3.1 With Fix for Apple Watch Series 5 and SE Charging Issue

• Nuclei- A Fast and Customizable Vulnerability Scanner

• Members of the infamous Egregor ransomware arrested in Ukraine

• Naked Security Live – When is a bug bounty not a bug bounty?

• Apple Launches ‘For All Mankind’ Companion Podcast

• Talking Emotet’s takedown with Adam Kujawa: Lock and Code S02E01

• Network Segmentation Series: What is It?

• 270 addreses are responsible for 55% of all cryptocurrency money laundering

• Many SolarWinds Customers Failed to Secure Systems Following Hack

• Internal Leak of 4,887 Users: Yandex Employee Fate Unknown

• The malicious code in SolarWinds attack was the work of 1,000+ developers

• A Secure Environment Where People Can Be Their Whole Selves

• Millions of Email based Cyber Attacks missed by organizations

• Tech Resume Library: 24 downloadable templates for IT pros

• Wine and tech: Making it better

• Microsoft: SolarWinds attack took more than 1,000 engineers to create

• Post Office Announces New Digital ID Solutions

• Malware Exploits Security Teams’ Greatest Weakness: Poor Relationships With Employees

• Vulnerability Summary for the Week of February 8, 2021

• Securing and Optimizing Networks: Using pfSense Traffic Shaper Limiters to Combat Bufferbloat, (Mon, Feb 15th)

• France Pushes to Widen EU Regulations on Big Tech Companies

• Cyber security companies miss million of email attacks

• U.S Internal Revenue Service warns of phishing scam

• UK watchdog fines two firms £270k for cold-calling 531,000 people who had opted out

• Singtel Suffered Third-Party Breach In The Wake Of Accellion FTA Zero-Day Attack

• Vulnerability In Telegram for macOS Retained Self-Destruct Messages On Devices

• Vendor Ships Unofficial Patch for IE Zero-Day Vulnerability

• Egregor ransomware criminals allegedly busted in Ukraine

• RansomExx Gang Target French Health Insurance Company in a Ransomware Attack

• French and Ukrainian police arrested Egregor ransomware members

• 3.2 billion emails and passwords leaked in data breach

• Disruptors: How Businesses are Using Technology to Radically Change

• Open-Source Kernel Security Technologies>

• This phishing email promises you a bonus – but actually delivers this Windows trojan malware

• Cybersecurity M&A Roundup for Week of Feb. 8, 2021

• SBRC Adds Ransomware Scenario to Security Training Program

• COVID-19 chiefs of police working group meets to talk pandemic and fighting crime threats

• How to Submit a Column to Dark Reading

• 100+ Financial Services Firms Targeted in Ransom DDoS Attacks in 2020

• On Vulnerability-Adjacent Vulnerabilities

• Threat Alert: Zoom Impersonated for Phishing Attacks

• Apple Music ‘Replay 2021’ Playlist Now Available

• Microsoft Begins Testing xCloud Game Streaming Service in Browser for iOS and iPadOS

• Virginia Poised To Pass Major Data Privacy Law

• My Phone Is Listening To Me, Say 60% Of People – Expert Reaction

• Experts On 223 Vulnerabilities Used In Recent Ransomware Attacks

• Security Expert Reaction On U.S CBP Uses Facial Recognition To Verify Travelers

• How Healthcare Organizations Can Protect Themselves Against IoT Ransomware

• Gang arrested for SIM-swapping celebrities, stealing $100 million

• Vulnerability in VMware vSphere Replication Can Facilitate Attacks on Enterprises

• iPhone 13 Mini Still Expected Despite Lackluster iPhone 12 Mini Sales

• New WatchGuard Cloud Platform Capabilities Usher in the Era of Simplified Security Management for MSPs

• Apple Proxies User Traffic From Safari When Using Safe Browsing Feature

• Miami Votes To Explore Offering Bitcoin Transactions

• Canada Approves Breakthrough Bitcoin Exchange Fund

• UK Holders Of .EU Domains Get Three-Month Reprieve

• Clubhouse Security and Privacy | Avast

• Duo Charged with Multimillion-Dollar Dark Web Drugs Scheme

• IRS Warns Tax Professionals of Phishing Campaign Targeting EFINs

• Apple will proxy Safe Browsing requests to hide iOS users’ IP from Google

• Let’s Encrypt completes huge upgrade, can now rip and replace 200 million security certs in ‘worst case scenario’

• Okta CEO: Here’s where cloud identity management is headed

• How ransomware negotiations work

• Yandex Insider Breach Hits Nearly 5000 Inboxes

• FBI Warns About Using TeamViewer and Windows 7

• PayPal Suffered Cross-Site Scripting -XSS Vulnerability

• Employment Questionnaire Filled in By Steve Jobs Going Up for Auction

• iPhone 13 Rumored to Include Always-On Display With 120Hz ProMotion, Astrophotography Capabilities, Stronger MagSafe, and More

• Google To Pay £55m To French Publishers Under Copyright Deal

• Facebook ‘Working On Smartwatch’ With Messaging, Health Features

• File Taxes Safely And Securely | Avast

• Accellion to Retire File Transfer Service Targeted in Attacks

• Police Reportedly Arrest Egregor Ransomware Members

• French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine

• Spam and phishing in 2020

• The weirdest hacking techniques you’ve never heard of

• Dating App Bumble Sees Shares Soar On Debut

• Network Security: 5 Fundamentals for 2021

• Nissan Denies Reports of Apple Car Partnership Discussions

• Trying to register your antivirus in Windows Security Center?

• Zerologon Vulnerability: What You Need to Know

• AWS asks new Australian computer warrant provide immunity for account takeovers

• Commonwealth Bank proposes industry self-regulation for Australia-wide digital ID

• How do I select a DRM solution for my business?

• Have we put too much emphasis on protecting the network?

• Microsoft warns Australia for complicating Cyber Attack response

• Scotland girls excel in UK Cybersecurity Competition

• Quantum computing and encryption: Key to achieving resilience, technological sovereignty and leadership

• Nearly 40% of consumers lost money to phone scams in 2020

• Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack

• ThreatSwitch Study Finds Security Budgets Increasing in 2021, Driven by COVID-19 and the Cybersecurity Maturity Model Certification (CMMC)

• Scams Starting on Social Media and Targeting Your Business

• Common Criteria Certification: What Is It, and What Does It Mean for Tripwire Enterprise?

• CFOs are becoming catalysts of digital strategy

• Rampant password reuse puts companies and customers at risk

• Russian explained why hackers steal personal data of CD Projekt RED employees

• ASD says cyber attack intervention will be ‘rare’ under critical infrastructure Bill

• 
Video: tshark & Malware Analysis, (Sun, Feb 14th)

• ISC Stormcast For Monday, February 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7372, (Mon, Feb 15th)

• SpyCloud adds a password filter feature to Active Directory Guardian

• [SKP’s Novel Concept #01] Information Engineering Principles for the Internet

• Bitglass reveals additional technical integrations between its platform and SD-WAN providers

• Denim Group and NowSecure create a clear path toward scalable vulnerability remediation

• Ivanti appoints Erik Randles as SVP of global channels and alliances

• Google Cloud partners with Sigfox to scale its cloud infrastructure and extend its IoT services portfolio

• Microsoft asks government to stay out of its cyber attack response in Australia

• The kingpin behind Joker’s Stash retires with a billionaire exit

• SurePoint Technologies names Steve Crossman as Chief Revenue Officer

Generated on 2021-02-16 23:55:28.025165