IT Security News Daily Summary 2021-11-05

• BrandPost: Secure Microsoft 365 with Reveal(x) 360 Network Detection and Response

• BrandPost: Wildcard Certificate Risks and the ALPACA TLS Attack

• The 7 Most Expensive Bugs in History

• Cybersecurity: Track data activity before “unusual” becomes dangerous

• Third-party patch roundup for October 2021

• BrandPost: The Cybercrime Crisis: Advanced & Automated DDoS Technology is Essential NOW

• BrandPost: Why Bad Actors Target VPNs, and What Can Be Done to Stop Attacks

• cache poisoning

• 7 ways to protect pharma supply chains from cyber-physical attacks in 2022

• CIS partners with CrowdStrike on cybersecurity platform protecting local governments

• Ohio Schools Get New Cybersecurity Resource

• Friday Squid Blogging: Squid Game Cryptocurrency Was a Scam

• M1 Pro and M1 Max MacBook Pro Owners Complain of Crashes Playing HDR YouTube Videos

• The Top 5 Data Breaches of the Decade and What We Can Learn From Them

• Cloudflare report highlights devastating DDoS attacks on VoIP services and several ‘record-setting HTTP attacks’

• Routers, NAS and phones hacked in Pwn2Own competition

• US Defense Contractor Discloses Data Breach

• Is a Consolidated Approach Better for WAAP Security?

• $500 million for TMF, other tech added to Build Back Better

• Track data activity before “unusual” becomes “dangerous”

• Who’s Minding Your Company’s Crypto Decisions?

• Ransom hits main street

• Intel Alder Lake Chips for Desktops Faster Than M1 Max in Benchmarks, But Use Much More Power

• Reg reader returns Samsung TV after finding giant ads splattered everywhere

• Native Tribal Casinos Taking Millions in Ransomware Losses

• 3 Experts- CISA Requires Agencies To Patch Known Exploited Vulnerabilities

• Lessons Learned From The Years Early Threats (and 5 must do actions)

• Why Safeguarding Endpoint Data In Distributed IT Environments Requires A Different Approach To Storage

• BlackBerry report highlights initial access broker providing entry to StrongPity APT, MountLocker and Phobos ransomware gangs

• Video Comparison: M1 MacBook Pro vs. M1 Pro MacBook Pro

• Will the EU Lose Access to U.S. Data Flows and Software?

• A Drone Tried to Disrupt the Power Grid. It Won’t Be the Last

• “Customer complaint” email scam preys on your fear of getting into trouble at work

• How InfoSec Should Use the Minimum Viable Secure Product Checklist

• Apple Fixes Bug That Bricked Some Intel Macs After macOS Monterey Install

• MacRumors Giveaway: Win an Apple Watch Series 7 and Band From BluShark

• ‘Critical Severity’ Warning: Malware Found in Widely Deployed npm Packages

• Babuk Ransomware Seen Exploiting ProxyShell Vulnerabilities

• Continuous Controls Monitoring: Automatically and Continuously Identify Gaps in Security Controls

• Device Exploits Earn Hackers Over $1 Million at Pwn2Own Austin 2021

• DOD Licenses Data Carver

• Apple Fixes Bug That Caused Some Intel Macs to Fail to Boot After macOS Monterey Install

• Getting to Know the Various Data Security Compliance Laws

• 7 Reasons Why Cybersecurity Is Important to Your Marketing Strategy

• Beyond the Basics: Tips for Building Advanced Ransomware Resiliency

• BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released

• U.S. State Department Puts $10 Million Bounty on DarkSide Ransomware Group

• Meet Roela Santos, Honoree of the 2021 (ISC)² Julie Peeler Franz “Do It for The Children” Volunteer Award

• Starting with strategy – A multi-part series on building a robust cybersecurity program

• FBI: Scams Involving Cryptocurrency ATMs and QR Codes on the Rise

• MVSP: Will Google’s security baseline work?

• Ransomware Attack on Lab in Florida

• To Secure DevOps, Security Teams Must be Agile

• Deals: Take Up to $70 Off Apple’s AirPods Lineup

• What Next for MacBook Pro? Four Upgrades We’re Likely to See

• No day in court: US Foreign Intelligence Surveillance Court rulings will stay a secret

• Ransomware news trending on Google

• Cybersecurity, Data, and Automation: What You Need to Know

• How to Deal With Unpatched Software Vulnerabilities Right Now

• Proofpoint Phish Harvests Microsoft O365, Google Logins

• Google Ads for Faux Cryptowallets Net Scammers At Least $500K

• US government unveils $10 million bounty for DarkSide ransomware gang leaders

• Researchers Release PoC Tool Targeting BrakTooth Bluetooth Vulnerabilities

• Ukraine intelligence doxed 5 FSB Officers that are members of Gamaredon APT Group

• Microsoft Just Expanded Its Malware Protection For Linux Servers

• Mystery Surrounds Labour Party Ransomware Attack

• US Offers $10 Million Bounty For Colonial Pipeline Hackers

• Beijing Fingers Foreign Spies For Data Mischief

• Apple’s Federighi Delivers Dramatic Speech On Dangers Of Sideloading

• Enforcement Provisions in New National Security Reforms Packages

• Voice phishing attack spoofs Amazon to steal credit card information

• One in Three Workers Monitored by Their Employers

• Most Inspiring Women in Cyber 2021: Pat Ryan, Director and Founder of Cyber Girls First

• The US Offers a $10 Million Reward for Crucial Info on DarkSide Ransomware Operators

• Wanted! US offers $10m bounty for ransomware kingpins

• Reward! Uncle Sam promises $10m for info about DarkSide ransomware gang chiefs

• DSE measures and improves DevOps

• Future Apple Silicon Macs Will Reportedly Use 3nm Chips With Up to 40 Cores

• Apple To Drop Mask Requirement For Many US Stores – Report

• Twitter hacker charged in sim swapping, cryptocurrency scheme

• Hungarian Official: Government Bought, Used Pegasus Spyware

• 4 Tips on How Small to Midsize Businesses Can Combat Cyberattacks

• Online safety and end-to-end encryption can co-exist, says data protection watchdog. But how?

• Feds Offer $10 Million Bounty for DarkSide Info

• Industry Reactions to New ‘Trojan Source’ Attack: Feedback Friday

• #SecTorCa: Cyber Expert Wendy Nather Unmasks “Scary Bits” of Infosec in 2021

• Wi-Fi Threat Shield | Avast

• 6 Potential Long-Term Impacts of a Data Breach

• Labour Party supplier ransomware attack: Who holds ex-members’ data and on what legal basis?

• Ukraine Identifies Russian FSB Officers Hacking As Gamaredon Group

• US Government Offers $10m Bounty For Colonial Pipeline Hackers

• Common Spyware Types and How To Detect Them

• Get patching: Cisco warns of these critical product vulnerabilities

• New Tom Hanks Sci-Fi Movie ‘Finch’ Premieres on Apple TV+

• CCSP vs. Microsoft Certified: Azure Administrator Associate — How Does Vendor Focus Factor In?

• Blue Origin Loses NASA Lawsuit After Judge’s Ruling

• Threat actor exploits MS ProxyShell flaws to deploy Babuk ransomware

• SSL certificate research highlights pitfalls for company data, competition

• The IoT is getting a lot bigger, but security is still getting left behind

• Ignore China’s New Data Privacy Law at Your Peril

• Peloton Says Apple’s Privacy Rules Limit Its Ability to Gain Subscribers

• Facebook Wants to Open ‘Welcoming’ Retail Stores Where People Can Experience the ‘Metaverse’

• How to Hide Your Torrenting Activity: A Handy Guide

• What is SOC As A Service?

• FCW Insider: November 5, 2021

• Quick Hits

• US Offers $10m Reward to Unmask DarkSide Leaders

• ONS Reports Huge Spike in Cybercrime and Fraud During COVID-19

• Weekly Update 268

• Cisco teams up with Singapore university in $40M research investment

• Get the training you need to switch to a cybersecurity career

• Facial Recognition Firm Could Be Ordered to “Close” in UK, Warn Experts

• U.S. Federal Agencies Ordered to Patch Hundreds of Actively Exploited Flaws

• Twitter on iOS Now Lets You Easily Search For Tweets From Specific Accounts

• Azure security must enable change to effectively support remote employees: Part 1

• Ukraine Unmasks Armageddon Group as FSB Officers

• U.S. Offers $10 Million Reward for Information on DarkSide Ransomware Group

• The CSO guide to top security conferences, 2021

• Update and isolate your Nagios servers now

• npm libraries coa and rc. have been hijacked to deliver password-stealing malware

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows ?

• New infosec products of the week: November 5, 2021

• Facebook Shuts Down Facial Recognition | Avast

• Software development: Why security and constant vigilance are everyone’s responsibilities

• Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access

• Truth behind Amazon stealing financial credentials of customers via Cyber Attack

• Salary given to cybersecurity specialists in UK

• Twitter joins backlash against Australian plan to ID social media users

• 77% of rootkits are used for espionage purposes

• Beijing fingers foreign spies for data mischief, with help from consulting firm

• Organizations seldom prioritize cybersecurity over business outcomes

• 5 Recommendations to Prevent Man in the Middle Attacks (MITMA’s) within the Financial Sector.

• Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

• Trojan Source attack method allows hiding flaws in source code

• The Top 3 Cyber Security Mistakes and How to Avoid Them

• 50% of internet-facing GitLab installations are still affected by a RCE flaw

• Hackers gained access to mySA Gov accounts, including licence and rego details

• Fragmented approach to identity security management creates risk

• Every month should be Cybersecurity Awareness Month!

• Bowser to Pay Nintendo $4.5M Restitution

• DJI Launches New Mavic 3 Drone With Longer Flight Time, Improved Cameras and New Safety Features

• Blocked DDoS events up 75% in the first nine months of 2021

• TrustLogix Data Security Governance Platform helps data scientists modernize their data infrastructure

• Cyble Hawk protects sensitive assets for law enforcement and government agencies

• Fusion Risk Management Dynamic Response Console delivers real-time data responses for organizations

• Senators Push To Study “Unstable” Patent Law, While Patent Trolls Cheer Them On

• Google squashes Android zero‑day bug exploited in targeted attacks

• Quantum Scalar Ransom Block provides data security for cyber-resilient archives

• Infographic: What is the economic impact of a data security platform?

• Top 10 Things Everyone Should be Doing During Development

• US Gov offers a reward of up to $10M for info on DarkSide leading members

• Apple Card Promo Offers $10 Daily Cash for Adding New Family Members

• Ardoq joins Cloud Security Alliance to help improve cloud security

• US offers $10m reward for decisive info on DarkSide ransomware gang

• US Offers $10 Million Bounty in Hunt for DarkSide Ransomware Operators

• Secure Access for Remote Workers: RDP, VPN & VDI

• Brenda Bjerke, Jane Harper, and Diana Kelley join EWF Board of Advisors

• US Gov Offering $10M Reward for Data on DarkSide Ransomware Operators

• CISA recommends vendors to fix BrakTooth issues after the release of PoC tool

• Facial Recognition as a Less-Bad Option

• IT Security News Daily Summary 2021-11-04

• Five Games Worth Firing Up to Show Off Your New MacBook Pro

• US offers $10 million reward for information on DarkSide leaders, $5 million for affiliates

• How Is Zero Trust Different From Traditional Security?

• Improving SaaS Visibility: How To Provide Guardrails, Not Gates

• 2 Experts: Black Shadow Dumps 290,000 Medical Records & Entire LGTBQ Dating Database

• CISA sets two week window for patching serious vulnerabilities

• NortonLifeLock posts double-digit revenue growth in Q2

• Evaluate the components of Cisco SASE

• 7 best practices to ensure GDPR compliance

• Phishing Attack Blends Spoofed Amazon Order and Fraudulent Customer Service Agents

• US Offers $10M Reward For ID, Location of DarkSide Leadership

• Ripping Off the Blindfold: Illuminating OT Environments

• API Security Issues Hinder Application Delivery

• AT&T and Verizon Delay 5G Expansion to Address Aircraft Interference Concerns

• Fortinet outpaces Wall Street estimates, brings in $867 million revenue for Q3

• Cybersecurity, the pandemic and the 2021 holiday shopping season: A perfect storm

• UK Government Threatens Facebook With Criminal Action For Failing To Protect Users

• MITRE, CISA Reveal Dangerous Hardware & Software Vulnerabilities

• Cisco warns of hard-coded credentials and default SSH key issues in some products

• Cisco Plugs Critical Holes in Catalyst PON Enterprise Switches

• Honoring our ‘Cybersecurity Defender of the Year’

• FBI Warns Ransomware Actors Using Financial Events, Stock Valuation To Target Companies, Experts Weigh In

• Q3 2021 Cyber Attacks Statistics

• Using AI to verify renter eligibility and risk

• OPM rule gives agencies more direct-hire authority for recent college grads

• Call center scammers using Justin Bieber tickets, The Weeknd concerts and fake gun purchases to spread malware: Proofpoint

• Apple Stores to Drop Mask Requirement for Customers in Many U.S. States

• iPhone 13 Screen Replacements Can Break Face ID, a Repair Restriction iFixit Calls ‘Completely Unprecedented’

• Revolutionary identity verification technique offers robust solution to hacking

• 8 Best Hackintosh Motherboard 2021 – Review and Buying Guide

• Ransom fail: Iranian hackers leak trove of Israeli LGBTQ dating app data

• Kali Linux vs Parrot OS: Which One Is the Best?

• You can configure SSH to use a non-standard port with SELinux set to enforcing

• US Indicts Brit Over SIM Swap Crypto Theft

• Expert found a critical remote code execution bug in Linux Kernel

• Google Actively Bidding For Pentagon Cloud Contract

• When containers become a nightmare

• Twelve South Debuts ActionBand for Apple Watch Workouts

• US Blacklists Pegasus Spyware Maker

• S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser flamewars [Podcast]

• Amazon Spoofed in New Attack

• Graylog unites SIEM, AI-based anomaly detection in new security suite

• Automate and Augment Case Management, Threat Intelligence and Enrichment

• US government orders federal agencies to patch 100s of vulnerabilities

• ‘Tis the Season for the Wayward Package Phish

• Cisco Releases Security Updates for Multiple Products

• BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities

• Apple ID Website Gets Design Overhaul

• Why retailers must adopt a Zero Trust approach during this holiday season

• Bill Gates Doubts 1.5 Degree Goal Is Achievable, Praises UK Climate Efforts

• Convergence in Cybersecurity and Cloud Operations: Lessons From NOC and SOC Fusion

• MariaDB Encryption (TDE) Using MariaDB’s File Key Management Encryption Plugin

• Microsoft expands zero-trust security capabilities at Ignite 2021

• DOD revamps controversial CMMC program

• Apple: Side-loading on iOS would open the malware floodgates

• Free Discord Nitro Offer Used to Steal Steam Credentials

• 2022 will be the year of convergence between edge, IoT and networking tech, Forrester predicts

• Linux Foundation Fixes ‘Dangerous’ Code Execution Kernel Bug

• Fake Company Sheds Light on Ransomware Group Tactics

• VB2021 localhost videos available on YouTube

• US Government Takes an Aim at Government Contractors with Poor Cybersecurity Standards

• Apple’s Craig Federighi Warns EU DMA Will Open ‘Pandora’s Box’

• Most Reliable Hosting Company Sites in October 2021

• Non-Traditional Cybersecurity Career Paths – One Experience Informs Another

• “PlugWalkJoe” indicted for $784K SIM swap cryptocurrency theft

• Critical Linux Kernel Bug Allows Remote Takeover

• Ukraine Doxes Russian Government Hackers’ Phone Calls

• Senate Panel Passes Slew Of Cybersecurity Bills

• Remote Code Execution Flaw Patched In Linux Kernel TIPC Module

• US Indicts UK Resident PlugwalkJoe For Cryptocurrency Theft

• Deals: Get Apple’s 512GB 16-Inch MacBook Pro for $2,449.99 ($49 Off)

• Google Play Will Let Developers Use Alternative Billing Systems in South Korea, While Apple Has Yet to Make Changes

• Discover what’s new and gain technical expertise from MISA at Ignite

• Mozilla Rolling Out ‘Site Isolation’ With Release of Firefox 94

• Appsian Security Announces Acquisition of Q Software, a Leader in JD Edwards Security and Compliance

• What Do—and Will—the Criminal Prosecutions of the Jan. 6 Capitol Rioters Tell Us?

• Machine Learning in Cybersecurity 101

• What Is Remote Desktop Protocol (RDP)?

• How iOS Malware Can Spy on Users Silently

• Conducting Digital Forensics Incident Response (DFIR) on an Infected GitLab Server

• RSA algorithm (Rivest-Shamir-Adleman)

• vulnerability disclosure

• White House extends vaccine deadline for contractors

• Engaging Customers on an Uncertain Journey

• Cisco Releases Security Updates for Multiple Products

• BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities

• Hacker allegedly involved in 2020 Twitter hack charged with theft of $784K in crypto

• Most Inspiring Women in Cyber 2021: Sophia McCall, Security Consultant, NCC Group

• How iOS Malware Can Spy on Users Silently?

• Google To Allow Third Party App Payments In South Korea

• Recorded Future Partners With Swimlane For Intelligence-Driven Identity Fraud Prevention

• Data Breach Hits UK Labour Party

• Following Its Shutdown, the BlackMatter Ransomware Gang Transfers Victims to LockBit

• Having Trouble Finding Cybersecurity Talent? You Might Be the Problem

• Technically Speaking series decodes DevSecOps

• Maze Ransomware: Origins, Operating Mode, Attacks

• US indicts UK resident ‘PlugwalkJoe’ for cryptocurrency theft

• Work to earn several highly respected CompTIA certifications with these self-paced courses

• Sketchy Rumor Claims Future iPad Mini to Feature 120Hz ProMotion Display, Which Could Resolve ‘Jelly Scrolling’ Issue

• iPhone X Modded With USB-C Port Listed on eBay With Bids Topping $85,000

• Maritime Cybersecurity: A Rising Tide Lifts all Boats

• Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar

• House Passes Two Bills to Improve Small Business Cybersecurity

• Tens of thousands unpatched GitLab servers under attack via CVE-2021-22205

• How to Choose the Right iPhone for You in 2021

• Biden Administration Orders All Federal Agencies To Patch Systems

• Compliance-as-a-Service Platform Laika Raises $35 Million

• Consumers Warned About Rise in Call Center Threats

• Our journey to API security at Raiffeisen Bank International

• Critical RCE Vulnerability Reported in Linux Kernel’s TIPC Module

• FYI: Code compiled to WebAssembly may lack standard security defenses

• CISSPs from Around the Globe: An Interview with Dr. Christina Izuakor

• Labour Party Member Data Compromised After Breach

• Kyndryl set for IBM spin-off: Can it grow ecosystem, innovation and revenue?

• Twitter Hacker Charged Over Theft of $784,000 in Cryptocurrency

• CISA shares a catalog of 306 actively exploited vulnerabilities

• US Blacklists NSO Group

• Remote code execution flaw patched in Linux Kernel TIPC module

• Break into the cybersecurity field by learning the NIST risk management framework

• Parents Built a School App. Then the City Called the Cops

• Squid Game Cryptocurrency $SQUID Crashed on Monday in an Apparent Scam, Investors Lose Millions of Dollars

• The Mekotio Banking Trojan Is Apparently Back in Business

• CISA releases directive to remediate dangerous vulnerabilities across civilian agencies

• Scammers used Google Ads to Steal ~ $500k Worth of Cryptocurrency

• Iranian Hacking Group Leaks Patient and LGBTQ Info

• Threat Actor Claims ‘Groove’ Ransomware Gang Was Hoax

• The importance of user names in WordPress

• Apple’s Poor Patching Policies – Intego Mac Podcast Episode 212

• Spain busts migrant smugglers active along the Balkan route

• CERT-FR warns of Lockean ransomware attacks against French companies

• Facebook outage a prime example of insider threat by machine

• SolarWinds CISO: Know your adversary, what they want, watch everything

• NSO Group Blacklisted by US for Trade in Spyware

• Cybersicherheit – Zahl der Woche: Jeder Zweite hält Banken für besonders gefährdet

• Do you know what your supply chain is and if it is secure?

• Lean security: How small cybersecurity teams perform at Fortune 2000 levels

• US Sanctions Pegasus-maker NSO Group and 3 Others For Selling Spyware

• How to ease password pains while maintaining security

• Cyber Attack on Labour Party UK leaks sensitive data

• Rooting malware menace hits Google Play Store users

• Top 10 ways attackers are increasing pressure on their ransomware victims to pay

• Surge in cyber attacks confirms the need for zero trust security

• Organizations can save $1.9 million using workforce passwordless authentication

• CISSP: The Time is Now

• MEET THE RECIPIENTS OF THE 2021 (ISC)² GOVERNMENT PROFESSIONAL AWARD

• Trends in connected homes in 2021 – Improved security and connectivity

• Introducing AT&T Managed Extended Detection and Response (XDR)

• How the UK Cyber Security Council Careers Route Map addresses workforce shortages

• Ten CIO agenda predictions that will impact IT pros by 2026

• Firefox 94 adds plenty of new features, closes over a dozen security holes

• CIA director brings up Russian hackers at talks in Moscow

• Hack In The Box + CyberWeek brought back to Abu Dhabi by DisruptAD

• FCW Insider: November 4, 2021

• Reciprocity Risk Intellect enables compliance-driven cyber risk management

• The ultimate SaaS Security Posture Management (SSPM) checklist

• GuidePoint Security’s penetration testing offering combines automated and traditional reporting

• ExtraHop expands decryption support for Microsoft authentication and application protocols

• Devo unveils platform functionality to empower analysts to detect advanced cyberthreats

• CIS Control 11: Data Recovery

• SentinelOne launches App for Azure Active Directory to advance zero trust architecture

• Securing data transfers with relativity

• What’s it like to work as a malware researcher? 10 questions answered

• Win one for privacy – Swiss providers don’t have to talk

• Beijing lashes USA’s China Telecom ban – but quite gently

• US Puts New Controls on Israeli Spyware Company NSO Group

• How to Avoid Another Let’s Encrypt-Like Meltdown

• Telstra partners with Equinix to offer enhanced network connectivity for financial organizations

• Veritas collaborates with Microsoft to provide data protection solutions to enterprise customers

• Jony Ive’s LoveFrom Designs Award for Companies With Sustainable Practices

• SecureAuth acquires Acceptto to deliver identity security and access control architecture for enterprises

• Report: 93% of U.S. orgs experienced employee misuse of web apps

• Holiday Shopping Season is Upon Us: The State of Security Within eCommerce in 2021

• Nutanix names Dominick Delfino as CRO

Generated on 2021-11-05 23:55:24.345777