IT Security News Daily Summary 2021-09-25

• Educating the Workforce with Cybersecurity Training

• 5 Steps to Protect Your Organization from the Next Ransomware Attack

• Executives and teams disagree on who is responsible for software security

• Disaster Recovery Software: How Does It Work

• GSS, one of the major European call center providers, suffered a ransomware attack

• Pentera Named a 2021 SINET16 Innovator

• CCSP vs. Professional Cloud Security Manager: How Do They Compare?

• FamousSparrow – New Hackers Group Attack Hotels, Governments by Leveraging MS Exchange Bugs

• Malware Creators Use Malformed Certificates To Trick Windows Validation

• States at Disadvantage in Race to Recruit Cybersecurity Pros

• Even the CIA and NSA Use Ad Blockers to Stay Safe Online

• Top Stories: iPhone 13 Launch, iOS 15 Features, iPhone 14 Pro Rumors, and More

• African Bank Alerts of Data Breach With Personal Details Compromised

• Threat actors are attempting to exploit VMware vCenter CVE-2021-22005 flaw

• Google addressed the eleventh Chrome zero-day flaw this year

• New iPhone 13? Don’t forget to update!

• 3.8 Billion Clubhouse and Facebook User Records are Being Sold Online

• Port of Houston Attacked Employing Zoho Zero-Day Vulnerability

• European Union formally blames Russia for the GhostWriter operation

• Build or Buy your own antivirus product

• Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability

• 64% of CISOs hired from outside, highlighting retention issues

• SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices

• A New APT Hacker Group Spying On Hotels and Governments Worldwide

• National Small Business Week: 10 Best Practices for Small Business Cybersecurity

• Preparing for IT/OT convergence: Best practices

• TeamTNT with new campaign aka “Chimaera”

• SHOP SAFE Is Another Attempt to Fix Big Tech That Will Mostly Harm Small Players and Consumers

• Week in security with Tony Anscombe

• Apple Says Third-Party Apps Can Take Full Advantage of ProMotion With Plist Entry, Core Animation Bug Fix Coming

• 2021-09-23 – Squirrelwaffle Loader with Qakbot and Cobalt Strike

• 2021-09-24 – Squirrelwaffle Loader with Qakbot and Cobalt Strike

• Innodisk introduces PCIe 4.0 SSDs for high temperatures of outdoor and industrial settings

• FBI decision to withhold Kaseya ransomware decryption keys stirs debate

• India, the Quad and AUKUS

• Scott Slipy joins Socure as Chief People Officer

• Bitwarden vs LastPass: Compare Top Password Managers

• VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit

• Secret Double Octopus names Horacio Zambrano as CMO

• Researcher discloses several zero-day iOS, iPadOS vulnerabilities

• VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit

• IT Security News Daily Summary 2021-09-24

• BrandPost: Trust Transformation – Creating a Robust Security Culture Built for Tomorrow’s IT Leaders

• Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk

• How to improve relations between developers and security teams and boost application security

• Cybersecurity leaders back law for critical infrastructure

• CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now!

• Third-Party Apps Can’t Take Full Advantage of iPhone 13 Pro 120Hz ProMotion Displays

• White House orders federal contractors vaccinated by Dec. 8

• Rural Virginia county plugs into Facebook’s long-haul fiber

• iPhone 13 Pro: How to Shoot Macro Photography

• Frustrated dev drops three zero-day vulns affecting Apple iOS 15 after six-month wait

• Consumers Share Security Fears as Risky Behaviors Persist

• What Is the Difference Between Security and Resilience?

• Frustrated dev drops three zero-day vulnerabilities affecting Apple iOS 15 after six-month wait

• Why Businesses Should Ensure the Security of Data on the Cloud

• Are VPNs still the best solution for security?

• Google Releases Security Updates for Chrome

• I Am Not Satoshi Nakamoto

• This Week in Security News – September 24, 1021

• Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords

• Google Releases Security Updates for Chrome

• iPhone 13 and 13 Pro Unboxing and Honest First Impressions

• OSX/ZuRu Mac malware spread through Trojan apps

• MacRumors Giveaway: Win a Magnetic iPad Stand From Lululook

• iFixit Shares Live Teardown of the iPhone 13 and 13 Pro

• New York City’s Newest Apple Store Features Dedicated Pickup Zone

• How to Prevent Zoom Bombing and Secure Your Meetings

• Researcher Says Apple Ignored Three Zero-Day Security Vulnerabilities Still Present in iOS 15

• Florida Yet to Spend $30M Allocated for Cybersecurity

• LG to Acquire Cybellum

• Malicious PowerPoint Documents on the Rise

• Beware! Uber scam lures victims with alert from a real Uber number

• Shutdown looms as House takes up CR and debt limit extension next week

• House passes 2022 defense policy bill

• EU Denounces Alleged Russian Hacking Ahead of German Vote

• CMMC Level 3 readiness

• Chip Shortage Blamed For Looming Job Losses At Vauxhall

• Lithuania wants users to dump Chinese phones citing data collection

• Hackers Launching large-Scale phishing-as-a-service Operation with 300,000 newly created Phishing Domains – Microsoft

• Top Cybersecurity Trends Ruling the Financial Market

• Zero Trust: Remote Security For Now and the Future

• We’re still making terrible choices with passwords, even though we know better

• TangleBot Malware Reaches Deep into Android Device Functions

• iOS 15: How to enable Mail Privacy Protection

• S3 Ep51: OMIGOD a gaping hole, waybill scams, and Face ID hacked [Podcast]

• Complex New SMS Malware Discovered

• TangleBot Campaign Underscores SMS Threat

• Everything New in the iOS 15 Apple Podcasts App

• iPhone 13 Users Experiencing ‘Unable to Communicate with Apple Watch’ Bug With Mask Unlocking

• iPhone 13: How to Shoot Video in Cinematic Mode

• iPhone 13 Pro Max Gets Nearly 10 Hours of Battery Life in Continuous Usage Test

• OWASP Top 10 2021: The most serious web application security risks

• Secure Shell (SSH)

• Open to innovation: Why modular open systems are key to the future of DOD

• App helps responders build real-time flood inundation maps

• FamousSparrow Cyberspies Exploit ProxyLogon in Attacks on Governments, Hotels

• China- and Hong Kong-based bitcoin holders scrambling to protect their crypto assets

• Securing Cloud-Native Applications

• Facebook Oversight Board Wants To Investigate The Company Over Controversial Report

• Researcher released PoC exploit code for 3 iOS zero-day issues

• Apple’s power move to kneecap Facebook advertising is working

• Remotely Exploitable Zero-Day Vulnerability In MacOS Allows Code Execution

• Employees in Retail Industry Most Frequently Targeted by Malicious Emails, New Study Reveals

• The Proliferation of Zero-days

• iPhone 13 Teardowns Reveal Battery Capacities Across All Four Models

• Legal Mechanisms of AUKUS Explained

• 10,000 employees at Stanley Black & Decker go passwordless

• Endpoint Still a Prime Target for Attack

• Our Eye Is on the SPARROW

• Contrast Application Security Platform Scales to Support OWASP Risks

• Examining the Cring Ransomware Techniques

• Critical Cisco Bugs Allow Code Execution on Wireless, SD-WAN

• Supply Chain and Ransomware Threats Drove 60% Increase in Global Cyber Intelligence Sharing Among Financial Firms

• SAIC Appoints Kevin Brown as Chief Information Security Officer

• FamousSparrow APT Group Flocks to Hotels, Governments, Businesses

• Primer: Microsoft Active Directory Security for AD Admins

• Google Spots New Technique to Sneak Malware Past Detection Tools

• iPhone 13: How to Use Photographic Styles in the Camera App

• How Privileged Access Management Fits Into a Layered Security Strategy

• SonicWall Patches Critical Vulnerability in SMA Appliances

• Apple’s New iCloud Private Relay Service Leaks Users’ Real IP Addresses

• Deals: Get a $200 Virtual Gift Card and Free HomePod Mini With Purchase of iPhone 13 at Visible

• iPhone 13 Launch Day Underway With Same-Day Pickup Available at Select Apple Stores

• Water Basilisk Campaign Distributes RATs Through a New Crypter

• US, Canadian Android Mobile Users Targeted by TangleBot Malware

• A Backdoor Was Added by the REvil Ransomware Developers in an Attempt to Cheat Affiliates

• Op-ed: Apple’s power move to kneecap Facebook advertising is working

• Bi. Zone: most of the leaks and hacks in Russian companies are related to old forgotten software

• Google Warns of a New Way Hackers Can Make Malware Undetectable on Windows

• US Commerce Dept Open To Additional Measures Against Huawei – Report

• Epik Data Breach Impacts 15 Million Users | Avast

• LG to Acquire Vehicle Cybersecurity Firm Cybellum

• ‘Anonymous’ Hackers Claim to Hit Website Hosting Firm Popular With Far-Right Groups

• Cisco addresses 3 critical vulnerabilities in IOS XE Software

• CISSPs from Around the Globe: An Interview with AJ Yawn

• CISA Opens IPv6 Guidance to Public Feedback

• Cisco Interop: Discovery of Designated Resolvers Protocol Implemented

• Top 7 Cybersecurity Trends for 2022

• Reminder: Stop reusing passwords!

• Bird Attack Forces Google To Suspend Drone Deliveries

• Apple Patches 3 More Zero-Days Under Active Attack

• Port of Houston Target of Suspected Nation-State Hack

• SonicWall warns users to patch critical vulnerability “as soon as possible”

• Driving Automated Threat Prevention & Security Policy Orchestration

• FBI arrests 75-year-old for allegedly placing pipe bombs outside phone, carrier stores

• This ransomware-dropping malware has swapped phishing for a sneaky new attack route

• UnitedHealthcare Offering Insured Members Free Year of Apple Fitness+

• A new zero-day is being exploited to compromise Macs (CVE-2021-30869)

• The real value of continuous security scanning for cloud-based workloads

• F5 to Acquire Threat Stack for $68 Million in Cash

• Rumor Claims iPad Pro With Horizontal Rear Cameras and Landscape Apple Logo in the Works

• FamousSparrow Hacking Group Is Targeting Hotels, Companies, and Governments Everywhere

• Malware Developers Are Working on Tricking Windows Validation

• Parents and teachers believe digital surveillance of kids outweighs risks

• Working Securely From Anywhere With Zero Trust

• The Zero-Day Apple Bug Patched Now by the Company

• Security Recruiter Directory

• FCW Insider: September 24, 2021

• Quick Hits

• Cybersecurity Vulnerability Could Affect Millions of Hikvision Cameras

• EFF Flew a Banner Over Apple Park During Last Apple Event to Protest CSAM Plans

• Cyber Threats Result in 60% Increase in Cyber Intelligence Sharing Among Financial Firms

• Rapid7 InsightIDR Review: Features & Benefits

• Here’s the Best Way to Transfer Data From Your Old iPhone to a New iPhone 13

• Cynet 360 XDR Review: Features & Benefits

• Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software

• 3.8 billion Clubhouse and Facebook user records allegedly scraped and merged, put for sale online

• Check: that Republican audit of Maricopa

• Stop worrying that crims could break the ‘net, say cyber-diplomats – only nations have tried

• Want your endpoint security product in the ‘Microsoft Consumer Antivirus Providers for Windows’ ?

• Pegasus spyware found on 5 French cabinet members’ phones

• A Second Data Breach at the Ministry of Defence has been Discovered

• FBI and CISA issue joint alert on Conti Ransomware

• Cyber Attack news headlines trending on Google

• Implementing risk quantification into an existing GRC program

• New infosec products of the week: September 24, 2021

• New FamousSparrow APT group used ProxyLogon exploits in its attacks

• The evolution of DRaaS

• Apple warns of arbitrary code execution zero-day being actively exploited on Macs

• Policy and patience key in Biden’s cybersecurity battle

• Poll: Cyber Pros Say White House Cybersecurity Summit Is a Step in the Right Direction

• A guide to OWASP’s secure coding

• Thrive today with not just being smart but being cyber smart

• Most IT leaders prioritize cloud migration, yet security concerns remain

• Urgent Apple iOS and macOS Updates Released to Fix Actively Exploited Zero-Days

• SaaS subscriptions bouncing back as enterprises seek innovation

• iPhone 13 Mini Still Limited to Maximum 12W of Peak Power via MagSafe Charger

• Server market size to reach $145.31 billion by 2028

• NS1 DDoS Overage Protection delivers price protection for business resilience

• Qumulo Recover Q addresses and defends data protection on-premises and in the cloud

• Restoring Some iPad 9, iPad mini 6, and Some iPhone 13 Models From Backup Can Cause Widgets to Reset

• Apple Warns That Restoring From Backup Can Cause Apple Music Bug on New iPads and iPhone 13 Models

• FamousSparrow: A suspicious hotel guest

• Bug in macOS Finder allows remote code execution

• Elastic’s enhancements optimize search experiences for customers

• Exchange/Outlook autodiscover bug exposed 100,000+ email passwords

• The pricier 2021 iPad mini is the best one Apple has ever made

• Imposter Syndrome

• Taiwan’s bid to enter CPTPP meets firm opposition from China

• Upcoming 14-Inch and 16-Inch MacBook Pro Display Resolutions Likely Revealed in Latest macOS Monterey Beta

• First Impressions From New iPhone 13 and 13 Pro Owners

• BT Group selects Oracle to optimize its network resources and bring 5G offerings to market

• SCADAfence partners with Keysight Technologies to protect OT environments from security threats

Generated on 2021-09-25 23:55:31.515691