IT Security News Daily Summary 2022-01-22

• OpenSubtitles Hacked-  Data Breach Affected 7 Million Subscribers

• Pay attention to Log4j attacks, Dutch National Cybersecurity Centre (NCSC) warns

• Crypto.com CEO responds to complaints of login issues after $31 million hack

• How to Detect and Defeat the Log4j2 Vulnerability With Deepfence

• Should We Target Zero False Positives?

• Vulnerability in GitHub Actions Allowed Attackers to Take Control of Victim’s Device

• Acrisure Broadens Platform with Cyber Services Division

• Transmit Security Builds Momentum with Key Appointment of Chris Pick as Chief Marketing Officer

• What Were the Best Cybersecurity Webinars of 2021?

• Multichain hack: Hacker returns $1 million, keeps $150k as bug bounty

• Vulnerabilities in Control Web Panel potentially expose Linux Servers to hack

• The Log4Shell vulnerability: A postmortem

• Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine

• Top Stories: Spring Apple Event Rumors, Apple Opposes Sideloading, and More

• Crypto.com Finally Admits It Lost $30 Million in a Hack

• Log4j Attack Target SolarWinds and ZyXEL

• US Treasury Department sanctions 4 Ukrainian officials for working with Russian intelligence

• Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure

• Cheap Malware Behind Surge in Attacks on Cryptocurrency Wallets

• Build or Buy your own antivirus product

• Weekly Update 279

• APT41 Used the New MoonBounce UEFI Malware in Targeted Attacks

• Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes

• 11:11 Systems Completes Acquisition of iland; Combined Offering to Unlock the Power of Connectivity, Cloud and Security

• To Err Is Human, and That’s What Hackers Are Counting On

• Looking Back at 2021 and Forward to 2022

• 2022-01-20 – Emotet epoch4 and epoch5 infections

• Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks

• Cadence DRAM verification solution optimizes SoC designs for data center and automotive applications

• CISA, Microsoft Warn of Wiper Malware Amid Russia-Ukraine Tensions

• IT Leaders Consider Security Tech a Part of Business Transformation

• Diligent Boards integrates with Microsoft Teams to improve collaboration within board meetings

• Week in security with Tony Anscombe

• Contextualizing Last Week’s Malicious Cyber Activities Against Ukrainian Government Websites and Systems

• Chris Pick joins Transmit Security as CMO

• Codenotary raises $12.5 million to accelerate product development and expand sales

• The U.K. Paid $724,000 For A Creepy Campaign To Convince People That Encryption is Bad. It Won’t Work.

• 2022-01-17 – Astaroth (Guildma) activity

• Noname Security appoints Strategic Advisory Board

• Log4J: Microsoft discovers attackers targeting undisclosed SolarWinds vulnerability

• Better mental health treatments with synthetic patient data

• Prominent Carding Marketplace UniCC announced it’s shutting down

• Looking Ahead: Five Security Trends For 2022

• OT/IT Security – Two Sides of the Same Coin

• Apple preps fix for Safari’s web-history-leaking IndexedDB privacy bug

• IT Security News Daily Summary 2022-01-21

• OPM issues guidance to ensure 67,000 feds make at least $15 per hour

• Can chatbots make reporting suspicious activity easier?

• How to start implementing passwordless authentication today

• A bug in McAfee Agent allows running code with Windows SYSTEM privileges

• Friday Squid Blogging: Piglet Squid

• Rust 1.58.1 fixes dangerous race condition

• Fraud Is On the Rise, and It’s Going to Get Worse

• The Internet’s Most Tempting Targets

• Apple Walks Back UNiDAYS Verification Requirement for U.S. Education Store

• What to expect in 2022?

• DISA preps for a diverse hybrid cloud environment

• 5 infosec predictions for 2022

• Merck Awarded $1.4B Insurance Payout over NotPetya Attack

• REvil Ransomware Gang Arrests Trigger Uncertainty, Concern in Cybercrime Forums

• Malware vaccines can prevent pandemics, yet are rarely used

• What Does the Seditious Conspiracy Indictment Mean For the Oath Keepers?

• Is There a Free Form Builder?

• What is an Online Form Builder and Why Do You Need It?

• What is Form Submission?

• Are you looking for the best WordPress Form Builder?

• Strengthening identity-based security with zero trust

• State efforts to close the K-12 digital divide may come up short

• Homelife of Connecticut Residents Secretly Recorded

• CISA Adds Four Known Exploited Vulnerabilities to Catalog

• McAfee Releases Security Update for McAfee Agent for Windows 

• Data management’s role in sustaining digital transformation

• CISA adds 13 exploited vulnerabilities to list, 9 with Feb. 1 remediation date

• McAfee Releases Security Update for McAfee Agent for Windows 

• Experts warn of anomalous spyware campaigns targeting industrial firms

• Apple Shares Valentine’s Day Gift Ideas

• Deals: Apple’s 24-Inch iMac (7-Core, 256GB) Drops to Low Price of $1,239.92

• Humorous New Ad Highlights Apple TV+’s Biggest Stars… Except Jon Hamm

• Public Sector Compliance at Scale

• Transforming Remote Learning with a Modern Education Experience

• Digital Rights Updates with EFFector 34.1

• ‘Mass demand’ is building for cloud-native security, Aqua CEO says

• 20K WordPress Sites Exposed by Insecure Plugin REST-API

• Arm rages against the insecure chip machine with new Morello architecture

• Better Together: The Power of Managed Cybersecurity Services in the Face of Pressing Global Security Challenges

• Federal court issues nationwide pause on Biden’s federal employee vaccine mandate

• Accelerating Zero Trust Architecture in the Cloud

• Log4J: Attackers continue targeting VMware Horizon servers

• Magecart Attacks Continue to ‘Skim’ Software Supply Chains

• A World Where Threat of Cyberattack is Eliminated: Free Webinar Jan 27th

• McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges

• CISA Releases Final IPv6 Security Guidance for Federal Agencies

• Cloud Security Provider Anitian Raises $55 Million

• Crime Shop Sells Hacked Logins to Other Crime Shops

• Pennsylvania Approves Ransomware Bill

• Deals: Get the 256GB Wi-Fi iPad for Record Low Price of $449 on Amazon

• MacRumors Giveaway: Win a Customized Sonos Roam Speaker From Electronic Finishing Solutions

• Celebrating 20 Years of Trustworthy Computing

• Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft

• Memorial Health System Confirms Data Breach

• DoH Makes It Difficult to Track Botnets: Spamhaus

• Relevant and Extended Detection with SecureX, Part Three: Behaviour-Based Detections with Secure Network Analytics

• China Sharpens Its Vision for the Digital Economy

• Russia ban on Cryptocurrency to curb ransomware spread

• U.S. Lawmakers Could Finally Take Action Against Facebook In 2022

• Two Critical Zero-Day Bugs Identified in Zoom Users and MMR Servers

• EU Wants To Build Its Own DNS Infrastructure With Built-In Filtering Capabilities

• Security: Your Secret Weapon for UX Innovation

• F5 Patches Two Dozen Vulnerabilities in BIG-IP

• Looking Beyond Biden’s Binding Security Directive

• Google Project Zero discloses details of two Zoom zero-day flaws

• Upstox – 111,002 breached accounts

• Open Subtitles – 6,783,158 breached accounts

• Senate Committee Approves Big Tech Antitrust Bill

• What Your Team Can Learn From the DHS Cybersecurity Hiring Program

• Spyware Blitzes Compromise, Cannibalize ICS Networks

• Industry Reactions to Biden Cybersecurity Memo: Feedback Friday

• Apple Floated as Potential Buyer of Peloton

• Stealthy firmware bootkit leveraged by APT in targeted attacks

• ‘Anomalous’ Spyware Targets Industrial Companies

• How Anonybit plans to crack honeypots storing identity data

• Amazon Alexa Recovers After Morning Outage

• Dark Web Chatter: What Other Russian Hackers Are Saying About the REvil Arrests

• High-Severity Vulnerabilities Patched in McAfee Enterprise Product

• A Vulnerability in the WordPress Plugin Can Expose Users of 20k Websites to Phishing Attacks

• CISA calls for urgent action against critical threats

• Microsoft Defender Glitch Allowed Hackers to Evade AV Detection

• UK, Australia Reach Cyber, Critical Tech Agreement

• FBI warning: This new ransomware makes demands of up to $500,000

• Nasty Linux kernel bug found and fixed

• New Laws Proposed To Strengthen The UK’s Resilience From Cyber Attack, Experts Weigh In

• Threat Actors Exploiting Log4j vulnerabilities propagated via SolarWinds Serv-U software

• Insurance and Fintech Firm Acrisure Launches Cyber Services Division

• FBI Warns Organizations of Diavol Ransomware Attacks

• China’s Olympics App Is Horribly Insecure

• Google Drive starts warning users about suspicious files

• Diavol Ransomware Appears to Have Connections with TrickBot

• The 3 Most Critical Cybersecurity Threats in 2022

• 5G is ‘going live’ at Tyndall Air Force Base

• Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks

• MoonBounce UEFI implant spotted in a targeted APT41 attack

• VirusTotal Hacking: Hackers can Access Trove of Stolen Credentials on VirusTotal

• Russian Hackers Employ Malicious Traffic Direction Systems to Spread Malware

• (ISC)2 Appoints its First CISO

• Google Begins AR Headset Development to Compete With Apple and Meta

• Apple to Stop Including EarPods With Every iPhone Sold in France From Next Week

• 2022 Security Report: Software Vendors saw 146% Increase in Cyber Attacks in 2021, marking Largest Year-on-Year Growth

• Chinese APT deploys MoonBounce implant in UEFI firmware

• Two-Fifths of Ransomware Victims Still Paying Up

• Experts Named the Most Popular Passwords of Russians

• #COVID19 Phishing Emails Surge 500% on Omicron Concerns

• Internet Faxing: 6 Ways To Make Sure Files Are Safe And Secure

• Nigerian Authorities Arrest 11 Members of Prolific BEC Fraud Group

• Merck Wins $1.4bn NotPetya Payout from Insurer

• U.S. Sanctions 4 Ukrainians for Working with Russia to Destabilize Ukraine

• Amazon fake crypto token investment scam steals Bitcoin from victims

• Zero-Click Zoom Flaws Now Patched | Avast

• A Phishing Attack Impersonates the US DoL in Order to Steal Account Credentials

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows ?

• Why should I pay for that security option? Hijacking only happens to planes

• UK, Australia, to build ‘network of liberty that will deter cyber attacks before they happen’

• Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware

• New infosec products of the week: January 21, 2022

• Japan’s Supreme Court rules cryptojacking scripts are not malware

• Apple fixes security vulnerability that allowed websites read browser data

• Biden signs a new Cyber Security Memorandum for National Security

• Commercial surveillance the more immediate problem for citizens: Home Affairs chief

• Crypto.com confirms 483 users hit in attack that saw over $31m in coins withdrawn

• Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software

• Conti ransomware gang started leaking files stolen from Bank Indonesia

• How do IT leaders plan to overcome remote work security challenges?

• The importance of securing machine-to-machine and human-to-machine interaction

• Prometheus Hacker Group Uses Traffic Direction System to Deliver Malware Binaries to Targets

• Cybersecurity industry trends from 2021 bound to shape this year’s threat landscape

• Exposed records exceeded 40 billion in 2021

• Social Security workers to return to offices possibly by the end of March

• Russia’s Putin out the idea of a broad cryptocurrency ban

• What is opening EV charging stations to cyberattacks?

• Cloudastructure: 2021 – Year to Date Review

• Software Supply Chain Security Specialist Codenotary Raises $12.5 Million in Series B Round

• ERI’s “The Insecurity of Everything” Book Climbs to #1 Best Seller Spot on Amazon

• New Opportunity: Join (ISC)² Regional Event Committees

• Introducing next-generation firewall from Palo Alto Networks to support 5G-enabled IoT, OT and IT use cases

• Cybersecurity market to reach $346 billion by 2027

• MXDR by Deloitte helps organizations against emerging cyber threats

• Axonius SaaS Management identifies misconfigurations and data security risks

• Cloud Security Survey: Better Security Drives Better Business Outcomes

• Cortex XDR Scores 100% Overall Active Prevention in AV-Comparative EPR

• Neustar Email Intelligence provides insights on email deliverability

• Daon expands digital identity verification and proofing solution to help businesses reduce fraud

• NordPass for MSP offers password management services for online security

• Arcserve updates ShadowXafe and OneXafe Solo to protect evolving data workloads

• Confluent Q1 ‘22 enhances elasticity for real-time business demands

• Apple Releases Safari Technology Preview 138 With Bug Fixes and Performance Improvements

• The Risks of Using Online Video Converter

• How to Transfer Your Data between iPhone and Computer Safely

• OpenSea confirms outage after platforms report issues with displaying NFTs

• Apple Highlights iPhone 13 Battery Life and Durability in New Ads

• Veriff partners with Starship to deliver verification requirements for age-restricted transactions

• BT selects VMware SASE to address networking and security challenges

• Keysight Technologies collaborates with Qualcomm to demonstrate 3.5 Gbps uplink throughput

• Protegrity partners with Google Cloud to accelerate secure data analytics

• Deloitte chooses Exabeam to help operationalize MXDR capabilities

• How to know if your email has been hacked

• Apple Watch Charging Bug Fixed in watchOS 8.4 Release Candidate

• Four Belarusian Officials Charged With Conspiracy to Commit Aircraft Piracy

• What COVID Reminded Me About Compliance

• Anitian raises $55 million to fuel growth and product investment

• Datto acquires Infocyte to extend its security offerings for MSPs

• Fileless Malware on Linux: Anatomy of an Attack>

• Datadog appoints Sean Walters as CRO and Kerry Acocella as General Counsel

• Cyberwrite hires Tim Olson as CRO

• Egress appoints Laura Probert as CPO

Generated on 2022-01-22 23:55:28.580813