IT Security News Daily Summary 2021-04-10

• CommitStrip ‘The Secret Of A Successful Code Review’

• BSides Philly 2020 – Shail Patel’s ‘How I Pwned The ICS Data During My Internship’

• Chrome Blocks Port 10080 to Prevent Slipstreaming Hacks

• Zoom Security Flaw: Now Hackers Can Take Control Of Your PC, Wait For Patch

• Hackers compromised APKPure client to distribute infected Apps

• Building an IDS Sensor with Suricata & Zeek with Logs to ELK, (Sat, Apr 10th)

• Security News In Review: Could IcedID Be the New Emotet?

• BSides Philly 2020 – Chris Myers’ ‘Home Labs Without Hardware Building In The Cloud’

• CareFirst Data Breach: Sensitive Information of Customers Leaked Online

• The Physical Impact of Manufacturing Cyber Threats

• Crooks abuse website contact forms to deliver IcedID malware

• Oh Look, LinkedIn Also Has a 500M User Data Leak

• Top Stories: ‘Find My’ Expansion, iPhone 13 Pro Mockup, Largest-Ever iMac?

• Homeland Isn’t an American Word

• On #DFIR Analysis, pt II – Describing Artifact Constellations

• This man was planning to kill 70% of Internet in a bomb attack against AWS

• Cryptojacking Spree: Targeting Washington State Educational Institutions

• Microsoft open-sources tool to use AI in simulated attacks

• The User Data of Swarmshop Card Shop has been Leaked Online

• ‘Build’ or ‘Buy’ your own antivirus product

• Maze/Egregor Ransomware Earned over $75 Million

• Hackers Tampered With APKPure Store to Distribute Malware Apps

• Data from 500 million LinkedIn accounts put up for sale

• Week in security with Tony Anscombe

• New Malicious Document Builder Named “EtterSilent” Used by Top Hackers Groups

• Weekly Update 238

• SecDef plans new screening, training to weed out extremism

• New OPM survey heralds rethink of federal job design

• Facebook Had Years to Fix Flaw That Leaked 500M Users’ Data

• 2021-04-09 – IcedID (Bokbot) infection from zipped JS file

• Microsoft open sources tool to use AI in simulated attacks

• Deceptive Checkboxes Should Not Open Our Checkbooks

• 2 scraped LinkedIn databases with 500m and 827m records sold online

• Extremist Charged With Plot to Blow Up Amazon Data Centers

• Don’t Put Off Cybersecurity Incident Response Planning

• 5 consejos para evitar los ciberataques en plataformas de EdTech

• Annual Pwn2Own Contest Reveals No User Interaction Zoom Remote Code Execution

• Battle for the Endpoint

• CISA Launches New Threat Detection Dashboard

• Unofficial Android App Store APKPure Infected With Malware

• Zerodium will pay $300K for WordPress RCE exploits

• Friday Squid Blogging: Jurassic Squid and Prey

• Texan’s alleged Amazon bombing effort fizzles: Militia man wanted to take out ‘about 70 per cent of the internet’

• IT Security News Daily Summary 2021-04-09

• White House preps new requirements for industrial control system security

• Advanced satellites illuminated by computer vision are changing how we see the world

• VR, AR training helps forward observers direct fire support

• DOJ: Creep Coach Finagles Nude Athlete Photos

• Common network vulnerabilities and how to prevent them

• 12 Microsoft Exchange Server security best practices

• 8 Security & Privacy Apps to Share With Family and Friends

• U.S. Senators Urge Apple to Reconsider Decision Not to Testify in Upcoming App Store Hearing

• Technology innovation gives government leverage to drive down emissions fast – here’s how

• Epic’s Case Against Apple in Australia Might Be Over

• Scientists harness chaos to protect devices from hackers

• Duo Network Gateway – Reduce VPN Dependency Using Zero Trust

• Am I FLoCed? A New Site to Test Google’s Invasive Experiment

• EFF Challenges Surreptitious Collection of DNA at Iowa Supreme Court

• Help Your Security Team Sleep Better at Night by Reducing False Positives

• HMD Revamps Budget, Midrange Nokia Handsets

• 623M Payment Cards Stolen from Cybercrime Forum

• Microsoft Open-Sources ‘CyberBattleSim’ Enterprise Environment Simulator

• Consider IoT TPM security to augment existing protection

• Exploring GRC automation benefits and challenges

• Facebook Removes 16k Groups for Trading Fake Reviews

• ATO Severely Harm User Experience and Brand Reputation

• MacRumors Giveaway: Win a Set of Fuse Cable Organizers for Your Apple Devices

• The U.S. Government Needs to Overhaul Cybersecurity. Here’s How.

• Was the recent Ubiquiti data breach catastrophic?

• Biden’s $1.5 trillion 2022 budget plan tilts spending toward civilian agencies

• CISA Releases Tool to Detect Microsoft 365 Compromise

• Report: Facebook Is Still Promoting Violent Groups To Users Despite Ban

• Joy Of Tech® ‘Its Always Listening’

• Cisco will not release updates to fix critical RCE flaw in EoF Business Routers

• Apple Wants to Draw Subscribers to Apple TV+ With More Feature Films

• Gigaset Android smartphones infected with malware after supply chain attack

• Healthcare Benefits Data Stolen During Belden Breach

• REvil / Sodinokibi Updates New Safe Mode Functionality

• Android Malware Infiltrated Huawei’s Official App Store

• Facebook ads dropped malware posing as Clubhouse app for PC

• FCW Insider: April 9, 2021

• Quick Hits

• LifeLabs Launches Vulnerability Disclosure Program

• US Jails Cyber-stalker Who Targeted Attack Survivor

• Man Sentenced To 12 Years For Attempting To Purchase Chemical Weapon On The Dark Web

• BSides Philly 2020 – Sasi Siddharth’s ‘A SAST Story Effectively Adopting Static Analysis For Profit’

• Malicious code in APKPure app

• Justin Timberlake to Star as Game Show Host Doubling as CIA Assassin in Upcoming Apple TV+ Series

• Investigating a unique “form” of email delivery for IcedID malware

• Cring Ransomware spreading because of Fortinet vulnerability

• New Ransomware Threats Are Getting Bolder: How to Rewrite the Script

• Nation-state cyber attacks targeting businesses are on the rise

• Network Detection & Response: The Next Frontier in Fighting the Human Problem

• UK’s National Cyber Security Centre recommends password generation idea suggested by El Reg commenter

• Visa: Hackers Use Web Shells to Compromise Servers and Steal Credit Card Details

• Introducing “Attacker Reachability”: Reduce open-source vulnerability tickets by 90% or more.

• Data From 500M LinkedIn Users Posted For Sale Online

• How Your Phone Can Be Hacked For $16

• Hackers Hit 9 Countries, Expose 623,036 Payment Card Records

• Facebook Says Data From 530M Users Was Obtained By Scraping

• Windows And Linux Devices Are Under Attack By A New Cryptomining Worm

• Apple Music TV Expands to the UK and Canada

• Deals: Save on Anker Charging Accessories, Netgear’s Orbi Mesh Router System, and More

• New normal for automation

• PKI (public key infrastructure)

• Verizon finds companies relaxed mobile security policies to get employees online

• Data from 500M LinkedIn Users Posted for Sale Online

• North Korean Lazarus Group Attacks South African Freight Via New Weapon

• [WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business

• Alert — There’s A New Malware Out There Snatching Users’ Passwords

• Ensuring Security and Compliance for Global Healthcare

• Pwn2Own 2021: participants earned $1,2M of the $1.5M prize pool

• Two-Thirds of iPhone Users Expected to Block Ad Tracking

• Chinese Social Media Cancels Companies Over Xinjiang Cotton Boycott

• Building a Security Conscious Workforce

• Data belonging to over 500 million LinkedIn users sold online to hackers

• Hackers Are Using Web Shells to Steal Credit Card Information

• About Data Encryption Software – And the Dark Side of This Moon

• U.S. blacklists 7 more Chinese supercomputing entities

• NCSC: Large Number of Brits Are Using Easily Guessable Passwords

• Women Are Facing an Economic Crisis & the Cybersecurity Industry Can Help

• How to Run a Security Tabletop Exercise

• Backdoor Added — But Found — in PHP

• New REvil Ransomware Version Automatically Logs Windows into Safe Mode

• Millions of Chrome users quietly added to Google’s FLoC pilot

• How Can I Find My Forgotten Password?

• Can You Get Into a Grad School Without Taking a GRE?

• Secure Access Service Edge (SASE) aka SASSY- Combining Network services with Security as a Service model

• LG Promises Three Years of OS Updates for Premium Android Smartphones

• Security Automation Firm Tines Raises $26 Million at $300 Million Valuation

• Learning from Recent Insider Data Breaches

• CISA releases post-compromise tool Aviary to review Microsoft 365

• 600,000 Stolen Credit Cards Leaked Following the Swarmshop Hack

• 5 Tips to Improve Cyber Security Monitoring of Your Vendors

• Cryptomining containers caught coining cryptocurrency covertly

• Deadline is Extended for 2021(ISC)² Global Achievement Awards Nominations!

• US Blacklists Seven Chinese Supercomputing Entities

• These are the terrible passwords that people are still using. Here’s how to do better

• Pwn2Own 2021 Participants Earn Over $1.2 Million for Their Exploits

• Belgian Police Crack Encrypted Chat App to Seize $1.65 Billion Worth of Cocaine

• Crypto at Risk After Facebook Leak: Here’s how Hackers Can Exploit Data

• Credit Card Hacking Forum Compromised 300,000 User Accounts Due To A Data Breach

• DTEX InTERCEPT Named Gold Winner for Cybersecurity Excellence Awards in Insider Threat Solution Category

• iPhone 12 Mini Missing From Top 5 Best Selling Smartphone List of January 2021

• Advertised Sites May Appear Genuine On First Glance

• Millions Of Brits Still Using Pet’s Names As Passwords Despite Risk

• New Study Highlights 100% Rise In Nation State Cyberattacks In Last Three Years

• Hackers Pretend To Be Your Friend In The Latest WhatsApp Scam.

• Fake Netflix App Allows Hackers to Hijack WhatsApp

• Cyber-attacks have potential to spark armed conflict

• CyberBattleSim: Microsoft’s open-source Holodeck in which autonomous attackers, defenders duke it out

• “The WAF Is Dead” (and we know who did it)

• Critical Zoom vulnerability triggers remote code execution without user input

• #COVID19 Fraud Surge Threatens to Overwhelm Banks

• LinkedIn Users’ details being sold online

• New Vyveva Malware Used by Lazarus Hacking Group to Attack South African Freight

• Victims Lured with Fake Antivirus Billing Emails by Tech Support Scammers

• WSJ: P&G helped test method to circumvent Apple privacy tools

• How do we stamp out the ransomware business model? Ban insurance payouts for one, says ex-GCHQ director

• Security Recruiter Directory

• 4 steps to better security hygiene and posture management

• Amazon Takes Early Lead In Historic US Vote

• Washington State educational organizations targeted in cryptojacking spree

• Hackers Hacked as Underground Carding Site is Breached

• Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers

• Apple’s Rationale for Not Bringing iMessage to Android Revealed in Legal Documents

• Counterfeit ‘AirPods 3’ Hit the Market Prior to Official Announcement

• Outpost24 mark 20th anniversary by naming Karl Thedéen as new CEO

• Coordinated Cyberattack Targets EU Institutions | Avast

• Collaboration Platforms Increasingly Abused for Malware Distribution, Data Exfiltration

• UK Firms Suffer Record Number of Cyber-Attacks in Q1

• Apple Reportedly Planning Substantial Increase of Shipments for 5G mmWave iPhone Models in 2021

• Cring Ransomware Attacks Exploited Fortinet Flaw

• Gigaset Android Update Server Hacked to Install Malware on Users’ Devices

• Should You Hire a Computer Forensics Specialist?

• No Python Interpreter? This Simple RAT Installs Its Own Copy, (Fri, Apr 9th)

• DigiTimes: iPhone 13 Pro Models to Feature 120Hz ProMotion Refresh Rate and 15-20% Less Power Consumption

• Want your endpoint security product in the ‘Microsoft Consumer Antivirus Providers for Windows’ ?

• Understanding EtterSilent and the Cybercrime Supply Chain

• 330K stolen payment cards and 895K stolen gift cards sold on dark web

• India uses controversial Aadhaar facial biometrics to identify COVID vaccination recipients

• Italian data watchdog probes data breach of LinkedIn 500 million user accounts

• A Cyber Attack probability on Facebook, Instagram and WhatsApp cannot be ruled out

• (Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor

• Does data stolen in a data breach expire?

• Having a cybersecurity training program in place isn’t enough to ensure cyber safety

• New infosec products of the week: April 9, 2021

• April 2021 Patch Tuesday forecast: Security best practices

• India uses controversial Aadhaar facial biometrics to identify COVID vaccination recipeints

• Ransomware Gangs Using a new Method to Collect Ransom Payments from Victims

• Cyber Criminals began to use a new scheme to defraud Russians

• Most organizations have already migrated to a cloud VPN

• Cybersecurity threats and cybercrime trends of 2020

• Digging Into the Third Zero-Day Chrome Flaw of 2021

• ISC Stormcast For Friday, April 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7450, (Fri, Apr 9th)

• How global markets are adopting real-time payments

• Remote work: One of the legacies of the pandemic

• What is Cyber Risk?

• Alation Cloud Service fuels data intelligence across hybrid cloud environments

• Okta Privileged Access improves zero trust security posture for organizations

• ShiftLeft CORE: A unified code security platform

• IDC MaturityScape helps enterprises navigate critical business and IT transitions and transformations

• Privitar’s native pattern for AWS enables customers to protect sensitive data in the cloud

• Unit4 delivers ERPx, a unified cloud platform for mid-market, people-centric organizations

• SAP systems are targeted within 72 hours after updates are released

• US adds seven Chinese supercomputing organisations onto Entity List

• Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge “fully owned”

• Avaya OneCloud CCaaS enhances customer experience and employee engagement worldwide

• Guardicore extends microsegmentation and zero trust security to protect legacy infrastructure and IT

• GrammaTech CodeSonar SAST to help customers ‘shift left’ and develop more secure software

• A Single PAIN of Glass

• The Rise of Telemetry Architecture

• Protecting High-Level Personnel from IMSI Catchers

• Verizon Recalls 2.5 Million Hotspots Due to Fire Risk

• PQShield appoints Ben Marshall as a Cryptography Engineer

• Glassbeam partners with Deloitte to drive rapid change in the healthcare IoT analytics sector

• Accenture partners with SAP to extend asset management solution functionality

• Fujitsu partners with Trend Micro to secure private 5G networks

Generated on 2021-04-10 23:55:08.502111