IT Security News Daily Summary 2021-04-26

• New bill would task CISA with infrastructure risk assessments

• How CBII secures DOD networks, improves performance

• Joint advisory warns of Russian operations targeting cloud, email

• Flubot Spyware Spreading Through Android Devices

• Proofpoint to Be Acquired by Thoma Bravo for $12.3B

• Boffins found a bug in Apple AirDrop that could leak users’ personal info

• CAD: .DGN and .MVBA Files, (Mon, Apr 26th)

• Apple’s Clips App Adds Immersive AR Spaces Enabled With LiDAR Scanner

• Thoma Bravo’s $12.3 billion purchase of Proofpoint marks largest private equity cloud deal

• Mining Tech Firm Gyrodata Suffered Ransomware Attack

• The FBI is breaking into corporate computers to remove malicious code – smart cyber defense or government overreach?

• Encryption key management: Best practices for federal agencies

• When artificial intelligence learns to attack us

• Hackers targeting VPN vulnerabilities in ongoing attacks

• HashiCorp reveals exposure of private code-signing key after Codecov compromise

• You Don’t Have to Give Up Your Crown Jewels in Hopes of Better Cloud Security

• Federal employee job satisfaction climbed during pandemic

• Nvidia Warns: Severe Security Bugs in GPU Driver, vGPU Software

• Bitcoin cheat sheet: Everything professionals need to know

• CPDP 2021 – Moderator: Michalina Nadolna Peeters ‘AI & Humanitarian Action: Raising The Standards?’

• XKCD ‘Fully Vaccinated’

• CPDP 2021 – Moderator: Romain Robert ‘International Data Transfers: What Shall We Do To Avoid A Schrems III?’

• U.S. DoD has World’s Largest Honeypot: 6% of Internet Space

• macOS 11.3 Patches Security Vulnerability That Bypassed Built-In Malware Protections

• Apple’s Craig Federighi on App Tracking Transparency: ‘Users Deserve and Need Control’ of Data

• Apple Shares Video Explaining How App Tracking Transparency Works

• iOS 14.5 Features: Everything New in iOS 14.5

• Consortium OTAs suffer from lack of guidance, data, IG finds

• Privacy Fight Escalates Between Facebook And Apple

• Threat Actors are Using YouTube to Lure Users into their Trap

• Cybersecurity and the Way to a Balanced Life

• Apple Releases tvOS 14.5 With New Color Balance Feature, Expanded Controller Support

• Apple Releases watchOS 7.4 With iPhone Unlocking, Apple Fitness+ AirPlay 2 Support

• Apple Releases macOS Big Sur 11.3 With M1 Optimizations, AirTag Integration, Updated Controller Support, Apple Music Updates and More

• Apple Releases iOS 14.5 and iPadOS 14.5 With Apple Watch iPhone Unlocking, Dual-SIM 5G Support, Apple Maps Accident Crowdsourcing and Tons More

• How to Prevent Apps From Tracking You in iOS 14.5

• Zoom deepfaker fools politicians…twice

• Codecov Breach Following Supply-Chain Attack Affected Hundreds Of Networks

• Serious Vulnerability In Facebook Could Allow Deleting Live Videos

• Serious SQL Vulnerability Found In Django Debug Toolbar

• Nintendo Sues Bowser

• Microsoft Targets MacBook Air’s Need for Dongles, Lack of Touchscreen in New Ad

• How to Unlock Your iPhone With Your Apple Watch When Wearing a Mask

• In the Wake of SolarWinds, the U.S. Must Grapple With the Future and Not Just the Past

• Security vendor Proofpoint snapped up by private equity for $12.3bn but still in search of profit

• UnitingCare Australia ransomware attack and stock price collapse

• Types of Cybercrime

• Apple AirDrop users reportedly vulnerable to security flaw

• Thoma Bravo Buys Proofpoint in $12.3 Billion All-Cash Deal

• Oilfield Services Company Gyrodata Discloses Data Breach

• 8 remote access security risks and how to prevent them

• Space Command to Launch Dedicated Cyber Center

• Cyber-attack on NBA Team

• How CISOs Can Impact Security for All

• Malware Party Tricks and Cybersecurity Trends

• Passwordstate Was Hacked in a Supply Chain Attack

• A New Cryptomining Malware Is Building an Army of Bots

• 20 Million BigBasket User Records Got Leaked

• Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT

• Breaking free from the VirusTotal silo: Lock and Code S02E07

• 23 Things You Can Track with Apple’s New AirTags

• New CloudOne TL;DR video series looks inside NetApp IT’s hybrid multicloud platform for DevOps

• Window Snyder Launches IoT Security Company Thistle Technologies

• Naked Security Live – Just how (un)safe is AirDrop?

• Why Zero Trust is Least Trust

• Christopher Krebs to Keynote in Live Fireside Chat/Q&A Session at DevOps Connect: DevSecOps at RSA Conference 2021

• Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

• Promotei Botnet Could Fire Up APT-Style Attacks

• Homebrew Fixes Cask Repo GitHub Actions Bug That Would Have Let Anyone Sneak Malicious Code Onto Machines

• Prominent Security Expert Dan Kaminsky Passes Away At 42

• Enterprise Password Manager Hit In Supply Chain Attack

• Deals: Anker Discounts New Assortment of Charging, Audio, and Smart Home Accessories

• Antitrust Complaint Filed in Germany Over Apple’s Incoming App Tracking Transparency Requirement

• Google Ban App Developers And Prevent Malicious Apps

• Ursnif Phishing Campaign Targets Michael Page Agency

• Fake DirectX12 Download Website Installs Crypto-Stealing Malware

• End of An Era: Emotet Malware Uninstalled from All Infected Devices

• Cloud-Native IAM Controls Part 3: Following Cloud Governance Blueprints

• Network security company Proofpoint goes private in $12.3B deal

• This password-stealing Android malware is spreading quickly: Here’s what to watch out for

• University of Minnesota security researchers apologize for deliberately buggy Linux patches

• Uninstall Command Completes Emotet Botnet Cleanup Operation

• E-commerce Fraud to Exceed $20 Billion in 2021

• Shift Left: From Concept to Practice

• FBI-DHS-CISA Joint Advisory on Russian Foreign Intelligence Service Cyber Operations

• Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders

• iOS 14.5 Will Reportedly Be Released Later Today

• Apple Says iCloud Mail is Experiencing an Outage

• Scam victims find same fraudulent ads lurking on Facebook and Google even after flagging them up

• AirTag Explained

• Silicon UK In Focus Podcast: Hybrid Workers

• This password-stealing Android malware is spreading quickly: Here’s watch to watch out for

• Cybersecurity M&A Roundup for April 19-25, 2021

• Minnesota University Apologizes for Contributing Malicious Code to the Linux Project

• Hacker Group Mysteriously Removes Stolen Apple Schematics and Extortion Threat From Ransomware Website

• Leaker Claims 11-inch iPad Pro to Ship on May 22, 12.9-inch on May 21

• Mount Locker Ransomware Thwarts Recovery, May Target Healthcare & Biotech

• Expert Reaction On Stock Market Ransomware Attack

• GCHQ Boss: West Faces Tech ‘Moment Of Reckoning’

• EU Industry Chief To Meet With Intel, TSMC Execs Amidst Chip Crisis

• Hacker dumps sensitive household records of 250M Americans

• IoT Security: Be Aware of What You Connect at Home

• Darktrace slashes valuation price estimate ahead of IPO: report

• Passwordstate Users Told to Reset All Passwords Following Cyberattack

• Outages Blamed on Malware Still Plaguing Budget Airlines

• The New iOS Update Lets You Stop Ads From Tracking You

• Apple AirDrop Bug Could Leak Your Personal Info to Anyone Nearby

• When AIs Start Hacking

• Tim Cook Urged Mark Zuckerberg to Delete User Data From 3rd Party Apps in Private 2019 Meeting

• Apple Announces $430 Billion Investment to Create 20,000 US Jobs Over Next Five Years

• QNAP NAS devices under ransomware attack

• 11-13 year old girls most likely to be targeted by online predators

• These Roles Require Cybersecurity Training

• NFC and RFID Explained For Consumers | Avast

• How to Secure Engineer Access to Cloud Workloads with Zero Trust

• How to Test and Improve Your Domain’s Email Security?

• A week in security (April 19 – 25)

• Hacktivism’s reemergence explained: Data drops and defacements for social justice

• Massive ‘Parcel Delivery’ SMS Scam Campaign Hits UK

• Malware From Google Play Store Infects 700,000 Users

• Windows 10 is about to get a Big Sun Valley update

• The Difference Between Windows Server And Windows | Avast

• FCW Insider: April 26, 2021

• Police just delivered this ‘killswitch’ update to finish off a notorious botnet

• Prominent security expert Dan Kaminsky passes away at 42

• Cyber Ninjas Forges on With Controversial Arizona Election Recount

• Dridex Malware Returns In a New Global QuickBooks Malspam Campaign

• A Ransomware Group Made $260,000 in 5 Days

• Emotet Malware Destroys Itself From All Infected Computers

• Prometei botnet is targeting ProxyLogon Microsoft Exchange flaws

• Apple TV Launch in Mainland China Reportedly Imminent

• Apple Glasses Prototype Reportedly Falls Behind 2021 Testing Schedule

• Cybersecurity and Online Gaming

• Ethics isn’t a county east of London, but it’s the only way to look at security

• Cryptocurrencies Shed $200bn Over US Tax Reform Fears

• Turkish Crypto Exchange Boss Flees Country Amidst $2bn Fraud Probe

• SpaceX Launches Third Crewed Flight Into Orbit

• US Drilling Giant Gyrodata Reveals Employee Data Breach

• BigBasket: Data Breach Leaks 20 Million User Data

• 3.2 Billion Leaked Passwords Contain 1.5 Million Records with Government Emails

• First AirTag Orders Shift to ‘Preparing to Ship’ Ahead of April 30 Launch

• Facebook disables Palestinian APT Group Activities

• Thodex cryptocurrency exchange chief allegedly goes on the run with $2bn in client funds

• Industrial Security: Not Just IT and OT, but Old OT and New OT

• Take a Moment to Hug Your Friends & Family: RIP Dan Kaminsky

• LinkedIn Attacks Show Dangers of Professional Networking

• Zero-Trust at Home: No-Exception Remote Work

• Digital Identity: The Reality of Online Privacy

• GCHQ boss warns China can rewrite ‘the global operating system’ in its own authoritarian image

• Trying to register your antivirus in Windows Security Center?

• Flubot can Spy on Phones and can Gather Online Banking Details

• Instagram Anti-Abuse Tool, Apple Advertiser Restrictions, Terrible Passwords

• What Will Take Emotet’s Place?

• A supply chain attack compromised the update mechanism of Passwordstate Password Manager

• Connected medical devices brought security loopholes mainstream

• bigbasket – 24,500,011 breached accounts

• Secure by default: Take these steps to reduce your attack surface

• Cloud security threats are growing – crucially, is your skills toolkit keeping pace?

• UK sigint boss warns China can re-write the tech industry’s operating system in its own authoritarian image

• The Bitglass Blog

• Phishing towards failed trust

• Sophos to put an end to TLS based Cyber Attacks

• EU to regulate AI based Facial Recognition

• SniperPhish: An all-in-one open-source phishing toolkit

• Push past zero trust barriers to securely connect the distributed workforce

• Emotet malware self-destructs after cops deliver time-bomb DLL to infected Windows PCs

• India orders takedowns of social media posts it claims harm fight against raging COVID-19 outbreak

• ToxicEye RAT Uses Telegram to Steal Data from Victims and Perform Malicious Activities

• Cybercriminals evolving their tactics to exploit collective human interest

• AI industry alarmingly unprepared for real-world attacks

• Homebrew fixes Cask repo GitHub Actions bug that would have let anyone sneak malicious code onto machines

• The Winds of Change – What SolarWinds Teaches Us

• ISC Stormcast For Monday, April 26th, 2021 https://isc.sans.edu/podcastdetail.html?id=7472, (Mon, Apr 26th)

• Consumers embracing biometrics to protect their information

• 61% of organizations impacted by ransomware in 2020

• Signifyd Return Abuse Prevention gives merchants the flexibility to customize their return-abuse response

• Volunteer-run pirate Manga website attacked, loses hashed passwords, has ‘nobody’ to fix the mess

• Australian man sentenced for running stolen subscription credential service

• CrowdStrike Security Cloud integrates with NDR and NTA solutions to defend against any threats

• NFC Forum specifications offer cryptology security for NFC application development

• InMobi UnifID enables quick integration with identity providers

• Trend Micro program drives increases in partner profits and customer success through service expansion

• Ermetic platform detects suspicious activity and prevents security threats in multicloud environments

• Lacework expands native security support across AWS to protect cloud changes and workloads

• Backblaze partners with Jamf to offer step change in ease for the IT administrators

• Stop using your work laptop or phone for personal stuff, because I know you are

• Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 326’

• CPDP 2021 – Moderator: Merve Hickok ‘Ai Regulation In Europe & Fundamental Rights’

• Dan Kaminsky

• RSA announces key executive hires to the Fraud & Risk Intelligence executive team

• NTT Research names Matthew Ireland as CISO

• PasswordState password manager’s update hijacked to drop malware

• MangaDex – 2,987,329 breached accounts

• IT Security News Weekly Summary – Week 16

• IT Security News Daily Summary 2021-04-25

• Biden’s Asia-Pacific Rebalancing Push

• CISA warns of credential theft via SolarWinds and PulseSecure VPN

• Take A Moment To Hug Your Friends & Family, RIP Dan Kaminsky

• Here’s When You Can Likely Download iOS 14.5

• Self-Assessment: How Can You Improve Financial Services Cybersecurity?

• Here’s a Quick Look at the Role of ‘Covalent BlockChain Data API’ in Terms of Data Gathering

• CPDP 2021 – Moderator: Théodore Christakis ‘Government Access To Data After Schrems Ii, Brexit And The Cloud Act’

• Hackers are targeting Soliton FileZen file-sharing servers

• Certificates for Internal Servers

• Rajant Recognized by ‘Philadelphia Inquirer’ as Best Employer

• CYBER THREATS: THE FINANCIAL SYSTEM’S TOP RISK

• THE DELICATE BALANCE OF SECURITY VERSUS USABILITY

• BUILDING CYBER RESILIENCE IN A CLOUDY WORLD

• Security Affairs newsletter Round 311

• 10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

• Train at your own pace to become a master ethical hacker for $43

• 3 Zero-Day in SonicWall Enterprise Email Security Appliances actively exploited

• VPN Hacks Are a Slow-Motion Disaster

• Wireshark 3.4.5 Released, (Sun, Apr 25th)

• Sysinternals: Procmon and Sysmon update, (Sun, Apr 25th)

• Web Application Attacks – Types, Impact & Mitigation – Part-1

• Web Application Attacks – Types, Impact & Mitigation – Part-2

• Web Application Attacks – Types, Impact & Mitigation – Part-3

• Web Application Attacks – Types, Impact & Mitigation – Part-4

• Apple Moving Forward on App Privacy, Despite Pushback

• Hackers Demand $50 Million Ransom From Apple

• ClickStudios told Clients to Change Passwords After a Cyberattack

• Concerns Raised as Postal Service of America Monitors Social Media Accounts of the Natives

• Week in review: Pulse Secure zero-day actively exploited, how to select an IAM solution

• Penetration testing

• Multilingual Cybersecurity Awareness Training adapted for your needs

• ShopBack – 20,529,819 breached accounts

• CrowdStrike Security Cloud Integrates with Network Detection and Response Solutions For Comprehensive Platform Responses to Threats

• Introducing AT&T’s Managed Endpoint Security with SentinelOne

• Shodan and Censys: Finding Hidden Parts On the Internet With Special Search Engines

• Russian hackers reportedly stole secret device blueprints from Apple

• Another killer woodpecker

• Computer security world in mourning over death of Dan Kaminsky, aged 42

• The Big Pentagon Internet Mystery Now Partially Solved

• Making macOS Universal Apps in Swift with Universal Golang Static Libraries

Generated on 2021-04-26 23:55:10.453019