IT Security News Daily Summary 2022-02-05

• LockBit ransomware gang claims to have stolen data from PayBito crypto exchange

• FBI issued a flash alert on Lockbit ransomware operation

• Walmart Dissects New ‘Sugar’ Ransomware

• Trend Micro Patches Critical Bugs in its Security Products

• Convergint Announces Acquisition of Dramis Communications Solutions Ltd.

• LockBit ransomware gang claims PayBito crypto exchange as new victim

• Tennessee State University was Targeted by a Cyber Attack

• Target Reveals Its Personal Skimming Detection Tool

• A $320 Million Crypto Hack Sends the DeFi World Reeling

• Top Stories: March 8 Apple Event, New iMac Pro Rumors, Universal Control vs. Sidecar, and More

• Fortune 500 service provider says ransomware attack led to leak of more than 500k SSNs

• Emotet’s Uncommon Approach of Masking IP Addresses

• Threat actors are Looking for Ways to Bypass MFA with Evolving Phishing Kits

• Hackers Steal Around $320M+ from Crypto Firm Wormhole

• CISA orders federal agencies to fix actively exploited CVE-2022-21882 Windows flaw

• Build or Buy your own antivirus product

• Microsoft Uncovers New Details of Russian Hacking Campaign Targeting Ukraine

• Durov Suspected WhatsApp of Intentionally Introducing Vulnerabilities

• Critical Flaws in Cisco Small Business Routers let Attackers Execute Arbitrary code

• 2022-02-04 – BazarLoader infection with Cobalt Strike

• Box expands Slack integration to increase security and improve productivity

• ‘Very concerning’: Cisco router vulnerabilities bring broad risks

• Think before you scan: How fraudsters can exploit QR codes to steal money

• Week in security with Tony Anscombe

• Mozilla adds four privacy-centric orgs to Data Futures Lab, awards each with $100,000

• Impinj promotes Hussein Mecklai to COO

• Senate Commerce Committee is Letting Big Telecom Hamstring the FCC

• EFF to Appeals: Apple’s Monopoly Doesn’t Make Users Safer

• Argo CD releases patch for zero-day vulnerability

• IT Security News Daily Summary 2022-02-04

• How to Protect Cloud Workloads from Zero-day Vulnerabilities

• Microsoft discloses new details on Russian hacker group Gamaredon

• As IRS grapples with ID.me, what’s next for Login.gov?

• Argo CD releases patch for 0-day vulnerability

• Friday Squid Blogging: Are Squid from Another Planet?

• What to Expect From Apple’s Upcoming 2022 iPhone SE 5G

• Microsoft Defender for Endpoint now spots unpatched bugs in iOS and Android devices

• Building OAuth 2.0 Authorization Server

• NSA rounds up the year in cyber

• AI-enabled health care: First, do not automate harm

• Microsoft, Symantec Share Notes on Russian Hacks Hitting Ukraine

• The 3 Most Common Causes of Data Breaches in 2021

• Over 500,000 people were impacted by a ransomware attack that hit Morley

• AI Weekly: DeepMind’s AlphaCode, automatic age verification, and a new open language model

• Republican senators demand briefing on IRS decision to require ID.me ‘selfies’

• Suspected Chinese spies break into cloud accounts of News Corp journalists

• 5 Steps to Becoming a Cybersecurity Consultant

• Cryptojacking Attacks Target Alibaba ECS Instances

• Michigan to build nation’s first EV charging public road

• Investment in data privacy in Brazil falls below global average

• Expert Insights: Training the Data Elephant in the AI Room

• New Low-Cost iPhone SE 5G and iPad Air Coming on March 8

• Freeze out hackers during the 2022 Winter Olympic Games

• 4 Top Cyber Threats to the Finance and Insurance Industries

• Ransomware attack hit Swissport International causing delays in flights

• PowerPoint add-on used to spread malicious files: Avanan

• Intuit releases security notices, warns of phishing emails ahead of tax season

• ‘Long Live Log4Shell’: CVE-2021-44228 Not Dead Yet

• Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers

• Nord Security and Surfshark to Merge

• Major Vulnerability Found in Argo CD

• Understanding Identity Detection and Response

• How Criminals Have Migrated Through Identity Theft and Privacy into Cyber Attacks

• ACTINIUM targets Ukrainian organizations

• Software development, implementation and support services

• Wormhole cryptotrading company turns over $340,000,000 to criminals

• Tennessee College Hit with Ransomware

• BlackCat Ransomware Gang Employing Novel Techniques to Target Organizations

• Text Message Scams: How to Recognize, Report and Restrict Them

• Beware of the Attacks of Zombie Botnet

• Government agencies are tapping a facial recognition company to prove you’re you – here’s why that raises concerns about privacy, accuracy and fairness

• The Alpha and Omega of software supply chain security

• News Corp reports January cyberattack targeting Wall Street Journal, New York Post, Dow Jones

• Airport services firm Swissport reports ransomware incident

• Singapore urges shared responsibility in preventing online scams as it readies liability framework

• #Enigma2022: Security’s Role in Helping HealthTech Find Its Way

• Low Detection Phishing Kits Increasingly Bypass MFA

• Airport Services Firm Swissport Reports Ransomware Incident

• Nintendo Wants Admitted Team Xecuter Pirate Jailed For Five Years

• Ransomware Wants You To Like Or Subscribe, Or Else

• Apple’s $1.1 Billion Patent Dispute With Caltech Granted New Damages Trial

• New iPad Air and iPhone SE Models With A15 Chip, 5G, and More Reportedly Enter Production

• Apple Music Reduces Free Trial Period to One Month

• MacRumors Giveaway: Win a Tech Folio and Tech Pocket From WaterField Designs

• China-Linked Group Attacked Taiwanese Financial Firms for 18 Months

• Russia-Ukraine escalation of tensions: FBI calls for reports of uptick in cyber activit

• Ransomware gangs and supply chain vulnerabilities: Nozomi Networks Labs reports on the current threat landscape

• Live XSS Flaw Exists in DMCA-dot-com

• IT Personnel Equally Susceptible to Phishing Attempts as the General Population

• Cloud Threats: What Business Executives Need To Know Right Now

• BotenaGo strikes again – malware source code uploaded to GitHub

• Aqua Security CNAPP is first to combine frictionless cloud workload visibility with active protection across the application lifecycle

• China linked Cyber Attack on News Corp

• Business Services Firm Morley Discloses Data Breach Affecting 500,000 People

• CISA Adds One Known Exploited Vulnerability to Catalog

• Threat actor steals email with Zimbra zero-day

• Cynomi raises $3.5M for virtual CISO platform

• CISA Adds One Known Exploited Vulnerability to Catalog

• The EARN IT Act Is Back

• Impacts from a new reality drive the need for an enhanced digital identity framework

• Lost In Translation: Language Gaps in Social Media Labels

• As Part of Electoral Count Act Reform, Liberals Should Learn to Love Bush v. Gore

• Detect Log4j Vulnerability Using ACS

• Strong authentication protects against phishing. So why aren’t more people using it?

• Meet Nord Security: The company behind NordVPN wants to be your one-stop privacy suite

• Media Giant News Corp Targeted in China-Linked Cyberattack

• Want to Be an Ethical Hacker? Here’s Where to Begin

• A nation-state actor hacked media and publishing giant News Corp

• New iPad Air and iPhone SE Production Reportedly Underway

• Edgescan partners with Manicode to revolutionise secure coding courses

• How to Prevent Ransomware?

• Open-source Kubernetes tool Argo CD has a high-severity path traversal flaw: Patch now

• Glasswall Solutions

• UK Bosses Rethink Physical Office Spaces, Slack Finds

• Best Internet Security Suites & Software for 2022

• ISO 27002 and Threat Intelligence: The New Security Standard

• OpenSSF Announces The Alpha-Omega Project To Improve Software Supply Chain Security For 10,000 OSS Projects

• Iranian Charming Kitten Adds PowerShell Back Door

• Creating Coherence out of Chaos

• Elephants Must Learn to Street Dance: The Chinese Communist Party’s Appeal to Youth in Overseas Propaganda

• Best Free and Public DNS Servers

• European Oil And Port Facilities Suffer Cyberattacks

• Russian APT Primitive Bear attacks Western gov’t department in Ukraine through job hunt

• More companies are using multi-factor authentication. Hackers are looking for a way to beat it

• Just-in-Time Access Explained. What It Means, Benefits and Best Practices of JIT

• 5 Reasons to Choose Duo Over Free Multi-Factor Authentication

• 9 Best Gaming Mouse Under $50 2022 – For Fortnite, CS:GO

• Attackers Target Intuit Users by Threatening to Cancel Tax Accounts

• The White House Memo on Adopting a Zero Trust Architecture: Top Four Tips

• Retail giant Target open sources Merry Maker e-skimmer detection tool

• Software Asset Management (SAM) – How It Can Benefit Your Company

• FBI issues cybersecurity warnings to athletes at Winter Olympics in Beijing

• Investment scams are on the rise

• FBI warns of bogus job postings on recruitment sites

• CMA Fines Meta A Second Time Over Giphy Order

• US Accuses Russia of Disinformation Plot to Justify Invasion of Ukraine

• File Taxes Safely And Securely | Avast

• Tech salaries, developer skills, cybersecurity, and more: ZDNet’s research roundup

• Operation EmailThief: Zero-day XSS vulnerability in Zimbra email platform revealed

• DHS Connects Government, Private Sector in New Cyber Safety Review Board

• Twitter Expands Downvote Button Test Worldwide

• Top 9 Best Laptop for Adobe Creative Cloud 2022 – Photoshop, Illustrator

• Target Open Sources Web Skimmer Detection Tool

• Another Israeli Firm, QuaDream, Caught Weaponizing iPhone Bug for Spyware

• Russia-linked Gamaredon APT targeted a western government entity in Ukraine

• Phishing kits that bypass MFA protection are growing in popularity

• NFT Wash Trading Made Scammers at Least $9m in 2021

• Apple to Collect 27% Commission on Third-Party App Payment Systems in the Netherlands

• Pharma employee credentials exposed

• Zimbra zero-day vulnerability exploited to steal emails

• CISA issues advisory warning of critical vulnerabilities in Airspan Networks Mimosa

• Trustpilot Set to Sue Firms That Solicit Fake Reviews

• Cyber-Attacks Hobble Some of Europe’s Largest Ports

• US Federal government creates cybersecurity incident review board

• National Games of China Systems Attack Analysis | Avast

• Amazon Set to Increase Prime Membership Fee By 17% for US Customers

• Chinese Hackers Target Financial Institutions in Taiwan With Custom Backdoor

• U.S. Authorities Charge 6 Indian Call Centers Scamming Thousands of Americans

• Zimbra zero-day vulnerability actively exploited by an alleged Chinese threat actor

• BATLOADER and Atera Agent are Being Distributed Through an SEO Poisoning Campaign

• Civicom Data Breach Disclosed 8TB of Files

• The Cat and Mouse Chase of Account Takeovers

• Russian Gamaredon Hackers Targeted ‘Western Government Entity’ in Ukraine

• US Authorities Charge 6 Indian Call Centers Scamming Thousands of Americans

• Cynet Log4Shell Webinar: A Thorough – And Clear – Explanation

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows ?

• ESET Antivirus Flaw Let Attackers to Escalate Privileges & Execute Arbitrary Code

• “Modern CTO” Podcast Features Avast CISO Jaya Baloo | Avast

• Microsoft blocked tens of billions of brute-force and phishing attacks in 2021

• White Hat Hacker Accesses Teslas | Avast

• February 2022 Patch Tuesday forecast: A rough start for 2022

• New infosec products of the week: February 4, 2022

• How threat actors are using npm to launch attacks

• Cyber Attack on Europe’s major Oil terminal

• US hacker claims to have downed the internet of North Korea

• Trio of RCE CVSS 10 vulnerabilities among 15 CVEs in Cisco small business routers

• CISA Warns of Critical Vulnerabilities Discovered in Airspan Networks Mimosa

• Apple Says Pro Display XDR and 2021 MacBook Pro Can Experience Limited Brightness in High Temperatures

• Exposed corporate credentials threatening the pharma sector

• Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users

• Bank executives mostly concerned about cybercrime

• Code review: How satisfied are development teams?

• Piracy is alive and well, demand reaching 3.7 billion unlicensed streams and downloads

• New Cloud Security Alliance Survey Finds Uneven Adoption of Emerging Technologies

• Security Awareness Training and Human Risk Management Company AwareGO Achieves Year of Outstanding Growth

• Lattice to Host Virtual Seminar on Anti-Fragile Security and Post-Quantum Cryptography in FPGAs

• AT&T Cybersecurity Insights Report: Securing the Edge – Available today

• Privacy in 2021: A Year Worth Reviewing

• Database security market to reach $16,273.8 million by 2028

• Major vulnerability found in open source dev tool for Kubernetes

• G-71 launches a new version of LeaksID to offer intellectual property protection

• What Does an Internal Attack Resulting in a Data Breach Look Like in Today’s Threat Landscape?

• HUMAN Bot Insights Services protects businesses from sophisticated bot attacks

• Outseer Emerging Payments detects and prevents fraud in installment transactions

• Tenable.cs updates enable organizations to detect and fix cloud infrastructure misconfigurations

• JumpCloud expands cloud directory platform with patch management to improve device security

• Aqua Security CNAPP features help security teams assess their cloud native security risk

• FortiGate 3000F increases security and networking convergence across hybrid IT architectures

• Teradata partners with Microsoft to modernize complex data analytics environments

• Dialpad expands partnership with Google Cloud to centralize business communications

• Axio joins with Cyber Risk Institute to improve cybersecurity resilience for financial institutions

• That’s a signature move: How $320m in Ether was stolen from crypto biz Wormhole

• CMMC gets a new home in the Pentagon

• Xerox acquires Powerland to strengthen IT services offerings in North America

• Yellowbrick Data collaborates with NI+C to unlock data value for enterprises

• Suzanne McBride joins Skyworks Solutions Board of Directors

• Dialpad appoints Jim Nystrom and Kent Venook to key sales leadership roles

• ColorTokens announces strategic hires across EMEA

• John A. Wheeler joins CyberSaint Growth Advisory Board

Generated on 2022-02-05 23:55:29.090029