IT Security News Daily Summary 2021-09-17

• 2021-09-14 – Pcap and malware for an ISC diary (Hancitor with Cobalt Strike)

• Friday Squid Blogging: Ram’s Horn Squid Shells

• $133 million lost in online romance scams in 2021: FBI

• Best VPN for iPhone and iPad 2021

• Attackers Exploit OMIGOD Flaw in Azure Despite Microsoft Fixes

• Apple fixes actively exploited FORCEDENTRY zero-day flaws

• HTML Smuggling: A Resurgent Cause for Concern

• New CIOs: 5 Key Steps in Your First 100 Days

• AI Weekly: UN proposes moratorium on ‘risky’ AI while ICLR solicits blog posts

• Minnesota launches digital vaccination record

• Experts warn that Mirai Botnet starts exploiting OMIGOD flaw

• How California’s Broadband Infrastructure Law Promotes Local Choice

• Humio Recognized as Top 3 Observability Award Winner by EMA

• Shining a Light on DarkOxide

• Gem State University Saves a Small Fortune on TCO With Humio

• Hurricane Ida knocked out key NARA system

• IRS’ plans for cracking cryptocurrency wallets

• Securing Home Employees with Enterprise-Class Solutions

• How to use VPN to access blocked websites?

• How to Protect Against Deepfake Attacks and Extortion

• Recently reported Microsoft zero-day gaining popularity with attackers, Kaspersky says

• Prison for AT&T Phone-Unlocking Fraudster

• More Tribes Given Enhanced Access to US Crime Data

• How not to get caught in law-enforcement geofence requests

• MacRumors Giveaway: Win an iPhone 13 Pro or Pro Max From iMazing

• Biden administration set to ban crypto for ransomware payments

• How To Start a Successful Phishing Simulation Program

• How Ethical Hacking Optimizes Your Cybersecurity

• This Week in Security News – September 17, 2021

• Porn Problem: Adult Ads Persist on US Gov’t, Military Sites

• Have you tried to guess your boss’s password? Lots of workers have, according to a report

• Hackers Alter Cobalt Strike Beacon to Target Linux Environments

• How Agencies Can Refine Threat Intelligence Through Automation

• Apple to Require COVID Testing for Employees Starting Next Month, Still No Vaccine Mandate

• Apple and Belkin Reducing Environmental Impact of Packaging With iPhone 13 Launch

• Google Fixed Two Chrome Zero-Day Bugs Under Attack

• Cybersecurity Risk Management During the Covid-19 Time

• Small businesses need to step up efforts to secure and retain hybrid workers

• Dell study finds most organizations don’t think they can recover from a ransomware attack

• Credit Union’s Legal Battle With Tech Giant Fiserv Rumbles On

• Renewable AppleCare+ Coverage for Mac Now Available in Australia, Canada, France, Germany, Italy, Japan, Spain, and the UK

• Something phishy: Tech recruiters jabbed by fake COVID-19 Passport scam

• Are You the Keymaster?

• Identity in Africa – an existential right for every citizen

• How Estonia Created Trust in Its Digital-Forward Government

• Free REvil Decryptor Launched

• Microsoft MSHTML Flaw Exploited By Ryuk Ransomware Gang

• Tesla To Work With Global Regulators On Data Security

• Telegram Emerges As New Dark Web For Cyber Criminals

• Cryptocurrency Launchpad Hit By $3 Million Supply Chain Attack

• Apple Shares Guided Video Tour of iPhone 13 and 13 Pro

• FireEye CEO discusses the state of cybersecurity

• At Least One iPhone 14 Model Will Reportedly Still Lack 120Hz ProMotion Display

• IronNet shares fall 17% in intraday trading

• US Mulls Sanctions Use In War Against Hacker Cryptocurrency Payments

• AMD Chipset Driver Vulnerability Can Allow Hackers to Obtain Sensitive Data

• Keeping Software Secure – Reflections in Honor of National Coding Week

• email spam

• CISA warns of APT actors exploiting newly identified vulnerability in ManageEngine ADSelfService Plus

• Severe Remote Code Execution Flaws Discovered in Motorola Halo+ Baby Monitors

• First Circuit Expands Due Process Rights of Noncitizens at Immigration Bond Hearings

• Facebook’s own research reveals the harm that Instagram can inflict

• German Election body hit by a cyber attack

• iPhone 13 vs. iPhone 13 Pro Buyer’s Guide

• Some Customers Have Experienced Issues Pre-Ordering the iPhone 13 With an Apple Card

• Deals: Walmart Takes Up to $50 Off Apple’s iPad mini 6 in First Sales

• FBI and CISA warn of APT groups exploiting ADSelfService Plus

• Operator of ‘DownThem’ DDoS Attack Service Convicted

• Deals: Apple’s MagSafe Duo Charger Hits New All-Time Low Price of $96.74 on Verizon ($32 Off)

• A New Malware Uses Windows Subsystem

• Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do

• Pakistani Man Involved in AT&T Hacking Scheme Sentenced to Prison in U.S.

• Apple Starts Offering 0% Financing on iPhones for 24 Months in Canada

• Online Romance Scams Led to $113 Million Financial Loss in 2021, the FBI Reports

• 6 Benefits of Using Privileged Access Management

• AT&T Phone-Unlocking Malware Ring Costs Carrier $200M

• Is it OK to use stolen data? What if it’s scientific research in the public interest?

• Mirai Botnet Starts Exploiting OMIGOD Flaw as Microsoft Issues More Guidance

• Deals: A Look at the iPhone 13 Sales Offered by AT&T, Verizon, T-Mobile, Best Buy, and More

• Google, Apple Pull Alexei Navalny App After Russian Demand

• The M140i project post – Part 15

• Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang

• German Election Authority Confirms Likely Cyber Attack

• Anonymous Hacktivists Leak 180 GB of Data from Web Host Epik

• Lenovo: No Fix for High-Severity Flaw in Legacy IBM System X Servers

• iPhone 13 Pro’s New 1TB Storage Option Already Facing Delivery Times Into October

• Ransomware Groups Reinvest Capital to Improve Attack Methods

• Biometrics and the problem of privacy

• Download Kali Linux 2021.3 with Kali NetHunter on smartwatch, new tools

• U.S. Agencies Warn of APTs Exploiting Recent ADSelfService Plus Zero-Day

• Anonymous Leaked a Bunch of Data From a Right-Wing Web Host

• iPhone 13, iPhone 13 Mini, iPhone 13 Pro, and iPhone 13 Pro Max Now Available for Pre-Order

• Security Expert Re: New OWASP Top 10 List for Application Security Risks

• Microsoft Lets Users Go Passwordless, Experts Weigh In

• Former US Intel Operatives Fined $1.6M For Hacking For A Foreign Govt

• Understanding & Surviving Ransomware

• Sir Clive Sinclair, Computing Pioneer, Dies At 81

• Zero-Click iMessage Exploit

• iPadOS 15 Allows Apps to Use Up to 12GB of RAM on High-End iPad Pro, Up From Just 5GB

• FBI and CISA Warn Regarding a Critical Zoho Bug

• A New App Helps Iranians Hide Messages in Plain Sight

• New Malware Targets Windows Subsystem for Linux to Evade Detection

• Apple Seemingly Adds Russia to List of Countries Where iCloud Private Relay Won’t Be Available

• The Bug Report | September 2021: CVE-2021-40444

• This banking Trojan abuses YouTube to manage remote settings

• Cybersecurity M&A Roundup for September 1-15, 2021

• New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

• Exploitation of the CVE-2021-40444 vulnerability in MSHTML

• MikroTik Shared a Mitigation to Secure Routers From Massive Mēris DDoS Botnet Attack

• Romance Scammers Make $133m in First Half of 2021

• iPhone 13 Batteries Positively Excel at Video Streaming Compared to iPhone 12

• Top cybersecurity M&A deals for 2021

• Cyberattacks against the aviation industry linked to Nigerian threat actor

• Experts Concerned Over New Digital Secretary’s Lack of Cyber Knowledge

• Section 889: the US Regulation that extends far beyond the US

• Government Use Of Biometric Data | Avast

• CISA: Patch Zoho Bug Being Exploited by APT Groups

• Now You Can log in to your Microsoft Account Without a Password

• Facebook Releases Video Capture Glasses | Avast

• What is the Dark Web? The Dark Web explained

• Years-Long Attack by Chinese-Linked APT Groups Discovered by McAfee

• Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years

• A new Win malware uses Windows Subsystem for Linux (WSL) to evade detection

• Want your endpoint security product in the ‘Microsoft Consumer Antivirus Providers for Windows’ ?

• China formally applies to join CPTPP trade pact

• No more Password based logins for Microsoft users

• Telegram becomes a hub for hackers buying stolen data

• Securing AWS Infrastructure with Trend Micro Workshop

• Integrate Serverless Security for Runtime Apps

• New infosec products of the week: September 17, 2021

• Open source cyberattacks increasing by 650%, popular projects more vulnerable

• The digital identity imperative

• Apple Online Store Down Ahead of iPhone 13 and 13 Pro Pre-Orders

• Highest paying IT certifications in 2021

• WTF? Microsoft makes fixing deadly OMIGOD flaws on Azure your job

• NAVEX Global Named a Leader in Gartner® 2021 Magic Quadrant™ for IT Risk Management

• Cloud Security Alliance Releases New Guidance for Healthcare Delivery Organizations That Provides Measurable Approach to Detecting and Defending Against Ransomware Attacks

• Poll: Cyber Pros Say White House Cybersecurity Summit Is a Step in the Right Direction

• ‘Numberless’ bank cards could be the future: here’s why

• How surveillance capitalism will totally transform the domain name system

• Australia, UK, and US Announce Security Partnership

• US Imprisons World’s Largest Facilitator of CSAM

• Modern security strategies key to support remote workforce demands

• Data and AI professionals prioritize learning new skills amid labor shortage

• How to Help Seniors Spot Online Job Scams

• NSW to trial geolocation and facial recognition app for home-based quarantine

• 5G trends accelerating, all major regions pursuing 5G Core testing and deployments

• Safe Systems CloudInsight M365 Security Basics provides visibility into Microsoft security settings

• Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

• Sentry’s capabilities enable enterprise teams to reduce risk and management overhead

• Push Technology Diffusion 6.7 secures personalized data delivery to individual clients

• Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions

• FTC: Health Apps Must Notify Consumers of Data Breaches

• DDN and Tintri announces IntelliFlash N6000 series to enhance latency and throughput for file services

• Versa Networks offers 5G WAN Edge products to deliver SASE services to the network edge

• Google and Microsoft had the most vulnerabilities in the first half of 2021

• OWASP Names a New Top Vulnerability for First Time in Years

• No, Tech Monopolies Don’t Serve National Security

• New Ops for Managing Risk Driven by Internal & External Security Threats

• Internet Society introduces MANRS initiative to improve the resilience and security of the routing infrastructure

• Beazley names Raf Sanchez as Global Head of Cyber Services

• FBI, CISA, and CGCYBER warn of nation-state actors exploiting CVE-2021-40539 Zoho bug

• Wells Fargo launches digital infrastructure strategy for its customers and employees

• What’s Up with WhatsApp Encrypted Backups

• AFGE looks to block Cyber Command reserve program in NDAA

• White House nominates John Sherman for DOD CIO

• IT Security News Daily Summary 2021-09-16

• CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug

• Apple Releases Safari Technology Preview 132 With Bug Fixes and Performance Improvements

• 14 Types of Hackers to Watch Out For

• Popular slot machine chain Dotty’s reveals data breach exposing SSNs, financial account numbers, biometric data, medical records and more

• Aviation-themed phishing campaign pushed off-the-shelf RATs into inboxes for 5 years

• 3 questions state and local governments must answer about identity security

• States’ smartphone exposure notification apps get mixed reviews

• Google Helps OSTIF Boost Security of Open Source Projects

• Endpoint Security Platform Kolide Banks $17 Million Investment

• McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

• shadow password file

• House reconciliation bill includes nearly $800 million for CISA

• Bitdefender releases universal decryptor for REvil/Sodinokibi victims hit before July 13

• Bitdefender releases REvil universal ransomware decryptor

• No Drone At Gatwick, Claims Former Drone Executive

• How DevSecOps Can Secure Your CI/CD Pipeline

• Kaspersky Received 105 Government, Law Enforcement Requests in H1 2021

• ACSC Releases Annual Cyber Threat Report

• Airline Credential-Theft Takes Off in Widening Campaign

• ACSC Releases Annual Cyber Threat Report

• When You Can Pre-Order the iPhone 13 mini, iPhone 13, iPhone 13 Pro, and iPhone 13 Pro Max in Every Time Zone

• Hack yourself before someone else does it for you

• Apple Watch SE Now Comes With a USB-C Charging Cable

• Universal decryptor key for Sodinokibi, REvil ransomware released

• It’s time enterprise businesses place their complete trust in open source

• ExpressVPN stands behind CIO named in UAE hacking scandal

• FBI-CISA-CGCYBER Advisory on APT Exploitation of ManageEngine ADSelfService Plus Vulnerability

• APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus

• Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug

• Review: Classicbot’s Latest iBoy Accessory is a Wearable iPhone Pouch

• 7 tips for building a strong security culture

• FBI-CISA-CGCYBER Advisory on APT Exploitation of ManageEngine ADSelfService Plus Vulnerability

• APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus

• Microsoft Patch Tuesday Expert Commentary

• Mastering Identity and Access Management in the Cloud

• What is 5G shared responsibility and how would it work?

• Wikipedia Bans Seven Chinese Users Citing ‘Infiltration’

• How To Write a Good Cybersecurity Resume

• What are computer cookies?

• OMIGOD, an exploitable hole in Microsoft open source code!

• A security architect’s POV on a mature data-centric security program, Part 1

• ForgeRock CEO on IPO debut

• British schools to get free cybersecurity accessing tool

• To Detect or Not to Detect, Is that the Question?

• Bitdefender offers free decryptor for REvil ransomware victims

• Microsoft Releases Security Update for Azure Linux Open Management Infrastructure

• Google Is Backing Security Reviews Of These Key Open Source Projects

• Why Government Sites Are Hosting Porn And Viagra Ads

• New iPad Mini Has Downclocked A15 Chip Compared to iPhone 13

• Apple deals with iPhone security flaw

• Microsoft Looks Beyond Password Protection For Accounts

• Bootstrap Security in Kubernetes Deployments

• Aruba partners with MLS franchise for digitized stadium in Cincinnati

• Attackers Use Cryptomining Malware to Target Organizations

• Microsoft Releases Security Update for Azure Linux Open Management Infrastructure

• Building a Custom SecureX Orchestration Workflow for Umbrella

• Applying DevSecOps practices to Kubernetes: security analysis and remediation

• Why African Governments are Accepting Afghan Refugees

• Ransomware-hit law firm secures High Court judgment against unknown criminals

• Bitdefender released free REvil ransomware decryptor that works for past victims

• Exclusive Deal: Take 30% Off Satechi’s Aluminum Bluetooth Keyboard for Mac

• Security Serious: Organizers aim to set new Guinness World Records® title for Viewership of an Online Security Lesson

• CVE-2021-40444 exploitation: Researchers find connections to previous attacks

• Google Releases more Updated Features for Workspace to Facilitate Hybrid Work

• Apple Security Fix: Urging Immediate iOS Update for iPhones & iPads

• Partnerships – The Key to Navigating the Industrial Security Landscape

• UN Urges Moratorium on AI Tech That Threatens Rights

• Drupal Releases Multiple Security Updates

• How to Protect and Support a Remote Workforce

• Partnerships –The Key to Navigating the Industrial Security Landscape

• Researchers Create Toolkit for Hardware Security Tests on Apple’s Mobile Processors

• Russian hacker confirmed the resurrection of the most famous Russian hacker group REvil

• Drupal Releases Multiple Security Updates

• Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects

• Deals: Walmart Discounts Apple’s New 64GB Wi-Fi iPad to Low Price of $299.00 ($30 Off)

• What Went Wrong: Apple Watch Series 7 Rumors Edition

• Deloitte Poll: C-suite Expects Ransomware Uptick But Orgs. Aren’t Trained – 5 Cyber Experts Respond

• Microsoft Fixes Critical Vulnerabilities in Linux App

• El Salvador Protests Erupt Amid Bitcoin Crash

• Top 10 COVID-19 Scams: How to Stay Protected

• browser hijacker (browser hijacking)

• Get 3 Years of powerful, super-fast VPN Protection from HotSpot Shield for just $89

• New Go malware Capoae targets WordPress installs, Linux systems

• Financial Cybercrime: Following Cryptocurrency via Public Ledgers

• How Threat Response is Evolving

• Kolide, a ‘transparency-first’ endpoint security platform, raises $17M

• DDoS Attacks: A Flourishing Business for Cybercrooks – Podcast

• REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out

• PSA: Apple’s iPhone 13 Pre-Order Setup Process Is Sending ‘Expired Pre-Order’ Messages to Some Users, But It’s Likely Just a Glitch [Update: Fixed]

• Mēris Botnet Mitigation Measures Shared by MikroTik

• What’s the Buzz on Passwordless?

• 3 security lessons from an MSP that survived the Kaseya VSA attack

• AUKUS Security Alliance Will Include Cybersecurity, AI, Quantum

• Implement Passwordless Verification Using Mobile Number and SIM

• Health apps ‘playing fast and loose’ with user data, warns FTC chief

• Ransomware attackers targeted app developers with malicious Office docs, says Microsoft

• Several Access Bypass, CSRF Vulnerabilities Patched in Drupal

• Report: Facebook Is Aware Of How Harmful It Can Be For Young Users

• 16.17 GB of User Data Stored in Fitness Bands, Exposed

• Why Cyber Risk Aggregation is Important to Your Organization’s Security

• Computer and data scientists should be as highly regarded as ‘warriors’ says top UK cybergeneral

• Is There Really a Shortage in Cloud Security Skills?

• Fake TeamViewer download ads distributing new ZLoader variant

• Azure Zero-Day Flaws Highlight Lurking Supply-Chain Risk

• HP Omen Hub Exposes Millions of Gamers to Cyberattack

• Mass Personal Data Theft From Paris Covid Tests: Hospitals

• Armenia and Europol sign agreement to combat cross-border serious organised crime

• Summer 2021: Friday Night Funkin’, Måneskin and pop it

• Neosec Emerges From Stealth With $20.7 Million in Funding

• Former U.S. Intelligence Operatives Will Have to Pay $1.6M

• Midyear 2021 Cybersecurity Landscape Review: Attacks From All Angles Abound

• First All-Civilian Crew Launch To Orbit On SpaceX Rocket

• APT Attacks: What are Fancy Bear, Charming Kitten, and Double Dragon?

• Links Found Between MSHTML Zero-Day Attacks and Ransomware Operations

• PSA: Apple’s iPhone 13 Pre-Order Setup Process Is Sending ‘Expired Pre-Order’ Messages to Some Users, But It’s Likely Just a Glitch

• South Africa Ransomware Attacks Go On with One More Hit: the Whole Network of the Department of Justice Affected

• Ransomware scammers target artists with fake Krita revenue deals

• HP OMEN users, update your driver now!

• Google sponsors OSTIF security reviews of critical open source software

• Massachusetts is Investigating the Massive T-Mobile Data Breach

• Microsoft announces passwordless authentication option for consumers

• Third Critical Bug Affects Netgear Smart Switches — Details and PoC Released

• Social engineering explained: How criminals exploit human behavior

• HP CISO Joanna Burkey: Securing remote workers requires a collaborative approach

• How CISOs and CIOs should share cybersecurity ownership

• How APTs become long-term lurkers: Tools and techniques of a targeted attack

• FCW Insider: September 16, 2021

• Misconfigured APIs Account for Two-Thirds of Cloud Breaches

• Household Names Hit with £500K Fine for Spamming Consumers

• WooCommerce Multi Currency Bug Allows Customers to Modify the Cost of Items on Online Stores

• Apple’s Consistent Iteration – Intego Mac Podcast Episode 205

• Banks Slammed for Low Fraud Reimbursement Rates

• Cellular iPad Mini Doesn’t Feature mmWave 5G Support, Unlike iPad Pro

• De-identify, re-identify: Anonymised data’s dirty little secret

• Do you know what your supply chain is and if it is secure?

• Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks

• Ragnar Locker Ransomware targets TTEC Company

• UK ICO slaps £200,000 penalty for sending spam mails and messages

• Protecting Digital Freedom For Everyone | Avast

• You Can Now Sign-in to Your Microsoft Accounts Without a Password

• Apple Quietly Removes 256GB iPhone SE Model From Online Store

• Introducing Avast One | Avast

• 2021 Digital Citizenship Report | Avast

• Authentic Brands Build On Fundamental Truths | Avast

• It’s time to delete that hunter2 password from your Microsoft account, says IT giant

• Keys to the cloud: Unlocking digital transformation to enhance national security

• It’s time to delete your hunter2 password from your Microsoft account, says IT giant

• Bot attack volumes growing 41% year over year, human-initiated attacks down 29%

• What is the impact of software supply chain security challenges?

• Why digital issuance is the perfect recipe for modern financial services

• Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs

• CPaaS market value to exceed $10 billion in 2022

• The long-term impacts of the pandemic on internal audit teams

• MSPs that cannot modernize will find themselves and their clients falling behind

• CIS Control 4: Secure Configuration of Enterprise Assets and Software

• This is AUKUS for China – US, UK, Australia reveal defence tech-sharing pact

• Firms embracing hybrid working, but must ensure teams have the modern skills to stay productive

• This is AUKUS for China – USA, UK, Australia reveal defence tech-sharing pact

• Quick Hits

• Additional Benchmarks Reveal A15 Bionic Performance Improvements in iPhone 13 and iPhone 13 Pro

• When data privacy and protection are rights, don’t get it wrong

• The 5 Ws for building a strong cybersecurity plan

• Code42 Instructor gives security teams the ability to correct risky behaviors

• Microsoft Patch Tuesday fixes actively exploited zero‑day and 85 other flaws

• Only one-in-ten Russian organizations are aware of the danger of vulnerabilities in web applications

• Cardknox supports 3DS2 technology to decrease online fraud and reduce chargebacks

• Embroker launches two standalone digital insurance products for privately held SMBs

• Snowflake helps financial services organizations leverage data to drive business growth

• Beyond Identity’s solution secures the software supply chain against insider threats and malicious attacks

• Hillstone virtual Web Application Firewall detects and defends against treats in web applications

• DataStax Astra DB offers replication across multiple regions and clouds

• Juniper Networks enables customers to scale and simplify the rollout of their campus networks

• The Catalog of Carceral Surveillance: Patents Aren’t Products (Yet)

• How Intel is securing patient data through its pandemic response initiative

• Australia, UK, and US form trilateral pact focused on security in Indo-Pacific

• Microsoft Expands Passwordless Sign-on to All Accounts

• Samsung Begins Mass Production of 14-Inch and 16-Inch OLED Displays That Apple Might Use for 2022 MacBook Pro

• Industrial Defender partners with Diverse Solutions Engineering to elevate OT cybersecurity

• Accenture partners with IonQ to accelerate quantum computing business experimentation

• Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability

Generated on 2021-09-17 23:55:47.809045