IT Security News Daily Summary 2021-04-06

• Biden taps 18F veteran Robin Carnahan to lead GSA

• Senators seek details on Einstein’s performance and limitations

• The emergency 911 system where callers still don’t always get proper CPR instructions

• Bandwidth issues haunt National Weather Service

• White House taps Robin Carnahan for top GSA spot

• Iowa taps into FirstNet for 911 backup

• Chinese Hackers Selling Intimate Stolen Camera Footage

• Critical Cloud Bug in VMWare Carbon Black Allows Takeover

• Threat Actors Quick to Target (Patched) SAP Vulnerabilities

• 6 ways to prevent insider threats every CISO should know

• Apple’s Revamped Apple Music for Artists Icon Leads to Speculation About iOS 15 Design Plans

• Pre-installed auto installer threat found on Android mobile devices in Germany

• Top cybercrime gangs use targeted fake job offers to deploy stealthy backdoor

• Risk & Repeat: Recapping the Exchange Server attacks

• Aurora campaign: Attacking Azerbaijan using multiple RATs

• IoT Provider Sierra Wireless Hit with Ransomware

• A Company Paid Millions to Get Their Data Back – Then Fell Victim to the Same Attack Again

• New Maldoc Builder EtterSilent Being Used by Top Threat Actors

• Fake LinkedIn Job Offer Delivers More_eggs Backdoor

• BrandPost: Getting a Grip on Basic Cyber Hygiene with the CIS Controls

• BrandPost: How Configuration Assessments Help Improve Cyber Defenses

• Chinese APT group spying on Vietnam military with FoundCore RAT

• McAfee Defender’s Blog: Cuba Ransomware Campaign

• McAfee ATR Threat Report: A Quick Primer on Cuba Ransomware

• Connolly, Hice urge White House to fill MSPB slots

• Okta releases new starter plan for developers with free support for up to 15k monthly users

• SAP Bugs Under Active Cyberattack, Causing Widespread Compromise

• Are You One of the 533M People Who Got Facebooked?

• Australia Considers Social Media ID Requirement

• Parrot Launches Bug Bounty Program

• Florida School District Held to Impossibly High Ransom

• Facebook Data Breach: How To Check If Your Details Were Leaked

• FBI & CISA Warns of Active Attacks on Fortinet FortiOS Servers

• Hackers Send Fake Census Form Alerts to UK Respondents

• The Opportunities—and Obstacles—for Women at NSA and Cyber Command

• Introducing the Veracode Technology Alliance Program

• A Modern SOC Should Not Be Entirely Dependent On Human Operators and Their Personal Experience

• SAP systems are targeted within 72 hours after updates are released

• Malspam with Lokibot vs. Outlook and RFCs, (Tue, Apr 6th)

• All of Google’s Main Apps Now Feature Privacy Labels

• Apple’s Third-Party Find My Accessory Program Gets Closer to Launch With New Test App

• The al-Mawla Tactical Interrogation Report Mixtape

• Water Wars: Philippines ‘No Fool’ about Chinese Maritime Militia, While China Keeps Pressure on Taiwan

• Rust in the Android platform

• Data scraped from 500 million LinkedIn users found for sale online

• Hacked Data Of Over 500 Million Facebook Users Leaked Online

• Activision Warns of Remote-Access Trojans Hidden Within Fake ‘Call of Duty’ Cheat Tools

• California Man Indicted in Shopify Data Breach

• Ryuk’s Rampage Has Lessons for the Enterprise

• Signal Adds a Payments Feature—With Cryptocurrency

• CERIAS – Santiago Torres-Arias’ ‘Practical Software Supply Chain Security And Transparency’

• Cybercriminals Continue to Exploit Human Nature Through Phishing and Spam Attacks

• How Can Security Training Harden Your DevOps Process?

• Cybersecurity lab identifies a surge in watering hole attack

• Newly Discovered “System Update” Android Malware Steals Photos, Videos & GPS Location

• dumpster diving

• IG pushes DOD to update pandemic plans to support telework

• Space Force satcoms contract gets CMMC nod

• Could 2022 see the end of OCO?

• Best bitcoin hardware wallet in 2021

• How poor password habits put your organization at risk

• ThreatQuotient Adds $22.5 Million in Funding

• Solving the opportunity divide: Podcast interview with Dr Christine Izuakor

• Don’t be the weak link in your customers’ supply chain security

• Exclusive Deals: Get 20% Off Sitewide at Nomad This Week

• Bonus Episode of ‘Mythic Quest’ Coming Ahead of Season 2 Premiere

• A battle cry for SMBs to address cybersecurity

• A Ransomware Attack Affected Personal Touch Patients and Employees Across U.S.

• Useful Tips for Choosing an Antivirus Software

• gau (GetAllUrls) Review – A Tool For Discovering URL’s

• Unified storage: The change you need

• Conti ransomware gang demanded $40m from US school district

• Rocke Group Actively Targeting the Cloud: Wants Your SSH Keys

• How To Maintain and Rotate Keys and Tokens With Zero Downtime

• Perimeter 81 launches new Firewall-as-a-Service offering

• SAP and Onapsis detail findings of potential exploits on unprotected SAP apps

• How the quick shift to the cloud has led to more security risks

• The Rise of Industrial IoT and How to Mitigate Risk

• US DoD Launches Vuln Disclosure Program for Contractor Networks

• APT Group Using Voice Changing Software in Spear-Phishing Campaign

• Ransomware Attacks Grew by 485% in 2020

• The data of potential borrowers of Bank Dom.RF are being sold on the Internet

• NFT Thefts Reveal Security Risks in Coupling Private Keys & Digital Assets

• 9 Modern-Day Best Practices for Log Management

• Announcing Zero Trust Authentication for Managed Devices and BYOD

• Veracode Launches Technology Alliance Program

• Venafi Poised for Hypergrowth Amid Rapidly Evolving Security Landscape

• ThreatQuotient Closes $22.5 Million in New Financing to Accelerate Innovation and Execution

• Axis Security Named in the 2021 CRN® Partner Program Guide

• Apple Launches True Crime Podcast to Accompany New Apple TV+ Series ‘The Line’

• Apple’s Search Engine Deal With Google Expected to Drive Services Revenue Growth Through 2022

• Mass Production of A15 Chip for iPhone 13 Set to Begin Ahead of Schedule in Late May

• Hundreds of OnlyFans Creators had Their Adult Content Published Online

• Job-Matching Service Data Compromised by a Security Breach

• Over 200 Bangladesh Organizations Hit by Hafnium Hacker Group

• Catch NVIDIA GTC 21 live right here

• Ex-Akamai CSO will guide security startups on strategy as new YL Ventures partner

• SAP issues advisory on the exploit of old vulnerabilities to target enterprise applications

• Conti Gang Demands $40M Ransom from Florida School District

• Watch Out—That ‘Call of Duty: Warzone’ Cheat Might Be Malware

• Watch Out! Mission Critical SAP Applications Are Under Active Attack

• Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

• SAP Issues Advisory On Old Vulns Being Exploited

• Hands-On With the New Sonos Roam Speaker

• Deals: Get the 40mm (Product)RED Apple Watch Series 6 for New Low Price of $319.99 ($79 Off)

• iOS 14 Adoption Reaches Estimated 90% Less Than Seven Months After Launch

• CNA Financial Fell Victim to a ‘Sophisticated’ Ransomware Cybersecurity Attack

• Their ‘next job could be in cyber’: UK Cyber Security Council launches itself by pointing world+dog to domain it doesn’t own

• Don’t Drown your Security Team in Low-Value WAF Alerts

• Join NetApp at GTC21

• Malicious Cyber Activity Targeting Critical SAP Applications

• Decouple your ShiftLeft AppSec policies with Open Policy Agent

• Top 5 Cyber Risk Questions Board Members Ask Axio

• M1 Mac RAM and SSD Upgrades Found to Be Possible After Purchase

• Review: Nomad Launches New $50 Mount for Housing Your MagSafe Charger

• Imperva’s Comprehensive Data Security Platform for Cloud, Explained

• Fortinet FortiOS vulnerabilities are being exploited, warns FBI

• Apple Mail zero-click vulnerability could allow attackers to take-over victims accounts

• More Data Accessed During Atascadero State Hospital Security Breach

• Why businesses pay off ransomware attackers

• Cyber Risk Quantification Through the Lens of Financial Exposure

• Has Facebook leaked your phone number?

• Threat intelligence platform ThreatQuotient secures $22.5M

• All Eyes on PCAP: The Gold Standard of Traffic Analysis

• AddSecure Acquires Telia Finland’s Alerta Business

• Phone Cloning Scam

• 16-31 March 2021 Cyber Attacks Timeline

• The extortion economy: Inside the shadowy world of Ransomware payouts

• Research claims Google Pixel phones share 20 times more data than iPhones

• Want to Buy a Secondhand iPhone? Here’s How to Check if it was Stolen

• Facebook Says Massive Leak Involves ‘Old’ User Data

• Amazon Apologises For Denying Staff Pee In Bottles

• Cryptocurrency Market Capitalisation Hits $2tn

• Russia Extends Punitive Twitter Slowdown Into May

• Meet Janeleiro: a new banking Trojan striking company, government targets

• Industries critical to COVID-19 response suffer surge in cloud cyberattacks

• Sophos Links Mount Locker to Astro Locker Ransomware

• MITRE Madness: A Guide to Weathering the Upcoming Vendor Positioning Storm

• The Benefits of Conducting Identity Access Reviews

• Experts Insight On Facebook Data Leak

• Brad Hedlund joins Aviatrix as a Principal Solutions Architect

• MITRE names Dana Jackson as senior VP and GM, MITRE National Security

• AT&T evolves FirstNet to help the public safety community stay mission ready

• TP-Link introduces Archer AX5400 Wi-Fi 6 Router to improve network efficiency and bandwidth

• Code42 accelerates insider risk response using automated Slack workflows

• What’s next for encryption if the RSA algorithm is broken?

• Coca-Cola trade secret theft underscores importance of insider threat early detection

• FCW Insider: April 6, 2021

• CISA: Patch These Three Fortinet Bugs Now to Avoid Compromise

• The Less Progressive but Consistent, Cycldek Threat Actors

• The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned

• This service allows checking if your mobile is included in the Facebook leak

• Facebook – 509,458,528 breached accounts

• LG Quits Smartphone Business, Citing Losses

• Google Wins Over Oracle In Decade-Long Case

• LinkedIn Users Targeted by Spear-Phishing Campaign

• Furniture Retailer Vhive’s Data Breach: Customer Information Leaked Online, Under Investigation

• Microsoft To Do App Ends Support for iOS 12, Now Requires iOS 13 or Later

• US Labour Officials Find Amazon Illegally Fired Internal Critics

• FBI, CISA warn Fortinet FortiOS vulnerabilities are being actively exploited

• Hackers Targeting professionals With ‘more_eggs’ Malware via LinkedIn Job Offers

• Hackers From China Target Vietnamese Military and Government

• Smart IAM: The Key to Seamless Sign-Ons

• Experts found critical flaws in Rockwell FactoryTalk AssetCentre

• Experts discovered a privilege escalation issue in popular Umbraco CMS

• WhatsApp Testing Ability to Transfer Chats Between iOS and Android

• What is operations-centric security?

• Application security testing is not just buzzwords

• 533 Million Facebook Users’ Personal Data Leaked Online

• Dutch company booking.com fined €558,000 for serious data breach

• Microsoft collaborates with Argus to bolster cyber security in connected cars

• Third-party security breach compromises data of Singapore job-matching service

• BCPS hit by Conti Ransomware Gang, Hackers Demanded $40 Million Ransom

• Race to Cloud Continues Despite Security Concerns

• Fileless Malware, Endpoint Attacks on the Rise

• Review: Group-IB Threat Hunting Framework

• Zero Trust creator talks about implementation, misconceptions, strategy

• 10 Best Laptop for Adobe Creative Cloud 2021 – Review and Buyer’s Guide

• 533 MILLION Facebook Users Personal Data Leaked That Includes Mark Zuckerberg’s Cell Phone Number

• 58% of IT and security pros concerned about security in the cloud

• MindAPI makes API security research and testing easier

• Industrial IoT Needs to Catch Up to Consumer IoT

• 3 Best Practices for Building Secure Container Images

• ISC Stormcast For Tuesday, April 6th, 2021 https://isc.sans.edu/podcastdetail.html?id=7444, (Tue, Apr 6th)

• The LPWAN market to reach $109.76 billion by 2025

• 99% of security pros concerned about their IoT and IIoT security

• Silicon Valley Revs Up for a ‘Hot Startup’ Summer

• Encryption Has Never Been More Essential—or Threatened

• After a decade of failure, LG officially quits the smartphone market

• 2021 Microsoft Build conference dates confirmed, May 25-27

• ‘Anomalous surge in DNS queries’ knocked Microsoft’s cloud off the web last week

• Upcoming Apple TV Could Support 120Hz Refresh Rate According to tvOS 14.5 Beta Code

• 553,000,000 Reasons Not to Let Facebook Make Decisions About Your Privacy

• Victory for Fair Use: The Supreme Court Reverses the Federal Circuit in Oracle v. Google

• Getting to Know DevSecOps

• What is Third-Party Risk?

• China-Linked ‘Cycldek’ Hackers Target Vietnamese Government, Military

• LinkedIn Phishing Ramps Up With More-Targeted Attacks

• Fake LinkedIn job offers scam spreading More_eggs backdoor

• Army eyes CAC-less physical security

• Stopping ransomware in its tracks

• APT threat exploits Fortinet OS flaws, CISA, FBI warn

• Spy Operations Target Vietnam with Sophisticated RAT

• 533M Facebook Accounts Leaked Online: Check if You Are Exposed

• Ransom Gangs Emailing Victim Customers for Leverage

• Report: UK Government May Force Facebook To Provide Backdoor Access To Private Messages

• Bitdefender 2020 Consumer Threat Landscape Report – Attackers Increasingly Target the Human Layer

• Kaspersky Uncovers New APAC Cyberespionage Campaign

• First Circuit Upholds First Amendment Right to Secretly Audio Record the Police

• Facebook says leak of 533m accounts is old news. But my date of birth, name, etc haven’t changed in years, Zuck

• IT Security News Daily Summary 2021-04-05

• China Smashed World’s Largest Game Cheating Ring – Police Arrested 10, Seized Assets Worth $46 Million

• Data Of 533 Million Facebook Users Leaked On Dark Web For Free

• Google wins decade-old software case against Oracle

• Space Force satellite communications contract gets nod for CMMC

• A renewed push for secure modernization

• Data from 553 Million Facebook Accounts Leaked Online

• Apple Reminds Developers About Upcoming App Tracking Transparency Enforcement in iOS 14.5

• Apple Mail Zero-Click Security Vulnerability Allows Email Snooping

• LinkedIn Spear-Phishing Campaign Targets Job Hunters

• Most applications today are deployed with vulnerabilities, and many are never patched

• Vulnerabilities are high in new applications, expert says

• Can a new DHS cybersecurity strategy help the private sector?

• Lawfare Live: The Continuing Threat of White Extremism

• Hong Kong’s Election Overhaul in Context

• Has Kazakhstan Failed Xinjiang’s Ethnic Kazakhs?

• BrandPost: Four Essential SASE Security Must-haves

• How marketing principles can be used to enhance cybersecurity training

• CISA: APTs exploiting Fortinet FortiOS vulnerabilities

• Pastor Charged with Sharing CSAM

• Cyral Announces On-Call Access Management Trial at Oktane21

• Streamlining Third-Party Risk Management

• Facebook Doesn’t Want to Give Apple Requested Documents in Epic v. Apple Fight

• Microsoft Defender for Endpoint now supports Windows 10 on Arm devices

• Attackers Utilize GitHub’s CI/CD Actions Features

• Ransomware Attacks on Industrial Control Systems Hit 33.4% in H2 2020

• A Malware Incident is Preventing Emissions Checks in Eight US States

• BazarCall Malware Targets Windows Systems While Mimicking Call Centers

• How To Defend the Extended Network Against Web Risks

• Remote work increases demand for zero-trust security

• Data of Half a Billion Facebook Users Leaked

• “Engineering Oversight” Costs ForceDAO $367k

• Ransomware Defense: Three Implementations Every Security Team Needs

• Centrify Brings Privileged Identity Leadership in Support of First-Ever ‘Identity Management Day’ April 13, 2021

• Code42 Expedites Insider Risk Response Using Automated Slack Workflows

• Jumio Collaborates With Microsoft to Deliver on Its Vision of Decentralized Digital Identity

• Apple Fiddles While App Store Burns: $1M Bitcoin Scam FAIL

• Microsoft Pits Surface Pro 7 Against iPad Pro, Says Surface is ‘Still the Better Choice’

• More Money, Less Problems: XDR Investment Can Protect the Financial Services Industry

• CISA, FBI Warn of Attacks Targeting Fortinet FortiOS

• Hackers Exploit Windows BITS Feature To Launch Malware Attack

• How to Simplify and Secure On-Call Access Management

• Streamlining Third Party Risk Management

• A week in security (March 29 – April 4)

• Some newly found details about Chinese Hacking Group APT41

• Hackers exploiting critical vulnerabilities in Fortinet VPN – FBI-CISA

• 15 Cybersecurity Pitfalls and Fixes for SMBs

• University of California Victim of Nationwide Hack Attack

• VMware Patches Critical Flaw in Carbon Black Cloud Workload

• Vulnerability Summary for the Week of March 29, 2021

• The Mission of Supporting Healthcare Providers Continues…

• Active Content: What It Is & How It Becomes Malicious

• 2,5M+ users can check whether their data were exposed in Facebook data leak

• The Cesspool Of The Internet Is To Be Found In A Village In North Holland

• Review: Capra Leather’s AirPods Max Case is a Premium Alternative to the Apple Smart Case

• Expert Insight: Arup’s Data Breach

• Ransomware Is Quickly Becoming The Most Common Form Of Harmful “Ware” Attacks Levied By Threat Actors.

• Cisco Goes Passwordless

• Cisco Goes Passwordlesspatient PHIInadvertently Added To GitHub Artic Code Vault – Expert Perspective

• Expert Reaction On Broward District Attacker Demanded $40Mil Ransom

• GitHub Infrastructure Used to Mine Cryptocurrency

• Brown University Was Recently Hit by A Cyberattack

• Asset Management System Frequently Asked Questions and More

• Asteelflash Hit by REvil Ransomware Attack

• Protect your business from email phishing with multi-factor authentication

• XSS Vulnerability In Ivory Search WordPress Plugin Risked Over 60K Sites

• Italian Menswear Brand Boggi Milano Suffered Ransomware Attack

• HTTPX – A Tool to Fingerprint a Web Server

• Operationalize your AI workloads at the edge with NetApp and Lenovo for inferencing

• 8 Steps For Securing Your Linux Server | Avast

• cyber hijacking

• Linux 101: The different types of sudo and su

• US Lawmakers Press Online Ad Auctioneers Over User Data

• North Korean-Backed Group Sets Up Fake Security Company, Google Says

• Child Tweets Gibberish from US Nuclear Agency Account

• 7 Ways to Reduce Cyber Threats From Remote Workers

• How the Work-From-Home Shift Impacts SaaS Security

• Certifications, Audits and Compliance Made Easy

• Technology Could Make Fighting COVID Less Restrictive But Privacy Will Take A Hit

• Facebook Data For Over 500M Users Reportedly Leaks Online

• Ubiquiti Accused of Covering Up a ‘Catastrophic’ Data Breach

• Rust Programming Language Raises Privacy Concerns

• How Deliveroo Scared Customers into Believing They Had Been Scammed

• Data Breach at Facebook Leaks Information of 533 Million Users

• Molson Coors “Cyberattack Incident” Could Cost Company $140 Million

• 33.4% of ICS computers hit by a cyber attack in H2 2020

• Facebook Pay Introduces Personalized QR Codes for Person-to-Person Payments

• What Is Enable DEP in Windows?

• Broward County Public Schools Hit with $40 Million Ransom by Conti Ransomware Gang

• APT Groups Are Targeting Fortinet FortiOS Servers, FBI and CISA Warn

• 10 Best Laptops for Adobe Creative Cloud 2021 – Review and Buyer’s Guide

• Growth Strategies for China Must Prioritize WeChat Security

• Protecting Human Rights in The Era of Cyber Information Warfare

• How To Remove Ransomware From Android Phone Easily?

• Supply chain attacks: what we know about the SolarWinds ‘Sunburst’ exploit, and why it still matters

• Ransomware: A company paid millions to get their data back, but forgot to do one thing. So the hackers came back again

• Name That Edge Toon: Rough Patch?

• Test Automation for Application Security

• Constella Intelligence Signs Onto the World Wide Web Foundation’s Initiative for a Better Internet

• Deals: Apple’s 512GB M1 MacBook Pro Drops to $1,349.99 ($150 Off)

• RSA Conference 2021: Resilience

• 5 factors to consider when selecting a POS system

• Nzyme Project – An Inclusive WiFi Defense System To Detect Bandits

• Sideloading Apps Would ‘Break’ the Security and Privacy of iPhone, Says Tim Cook

• CISSPs from Around the Globe: An Interview with Mari Aoba

• Mobile gaming addiction is on the rise

• What is homomorphic encryption, and why should you care?

• Tencent’s Timi Studios ‘Made $10bn’ In 2020

• Lawyers In Huawei Extradition Case Argue Against US ‘Power Grab’

• Snapchat Owner ‘Explored Ways’ Of Violating Apple’s Privacy Rules

• Deliveroo Flop Raises Questions For London Tech IPOs

• Attackers Disclose Personal Data of Students in Massive Cyberattack

• Top 5 skills a SOC analyst needs

• The SolarWinds hack timeline: Who knew what, and when?

• FCW Insider: April 5, 2021

• Ubiquiti Shares Fall After Reportedly Downplaying ‘Catastrophic’ Data Breach

• The leap of a Cycldek-related threat actor

• Facebook Data for Over 535 Million Users Leaked on Hacker Website

• Jason Sudeikis Wins SAG Award for Outstanding Performance in Apple TV+ Series ‘Ted Lasso’

• What Is Registry Management and Why Is It Important?

• Call of Duty: Warzone Cheating Gamers Scammed

• Uber Ordered To Pay $1.1m To Disabled Passenger

• Apple’s Siri No Longer Uses Female Voice By Default

• Tesla Posts Record Deliveries, Beating Expectations

• How to Use AWS IAM Role on AWS EKS PODs

• Firmware attacks, a grey area in cybersecurity of organizations

• Apple Adjusts Trade-In Value of iPad Pro, iPhone 11, and Select Mac Models

• Multi-Factor Authentication in Anypoint Platform

• More Businesses are Accepting Bitcoin

• Black Kingdom Ransomware Jumps on the Exchange Express

• Securing Dev Environments is Security Leaders’ Top Concern

• LG to Shut Down Smartphone Business

• Trying to register your antivirus in Windows Security Center?

• Network Monitoring: The Forgotten Cybersecurity Tool

• IBM announces new FHE encryption standard for better data security

• Half a billion user data accessed by hackers in Facebook data leak 2021

• Encryption is either secure or it’s not – there is no middle ground

• One-Third of Organizations Take No Action After Detecting a Cyber Attack

• The impact of the CCPA on companies’ privacy practices

• We must crush digital misinformation before it destroys society

• ISC Stormcast For Monday, April 5th, 2021 https://isc.sans.edu/podcastdetail.html?id=7442, (Mon, Apr 5th)

• As online fraud rises, 72% of retail brands expect to grow fraud teams

• Number of eSIMs installed in connected devices to reach 3.4B in 2025

• North Korean Hackers Use Exploits to Plant Malware on Researcher’s Computers

• Celonis, IBM and Red Hat partnership drives flexibility and speed for enterprise digital transformation

• BMC helps modernize and streamline mainframe application development and delivery

• Technology could make fighting COVID less restrictive but privacy will take a hit

• Cobwebs’ geospatial data and spatial analysis enable orgs to get location intelligence

• Mitsubishi integrates MEPPI and MEHITS to offer solutions and services for data center apps

Generated on 2021-04-06 23:55:12.013061