IT Security News Daily Summary 2022-02-18

• GSA’s Trump Hotel lease is under scrutiny again

• Vista modernization still a priority at VA, but funding is a question

• CISA posts catalog of free cyber services

• Linux developers patch security holes faster than anyone else, says Google Project Zero

• There’s a New 13-Inch MacBook Pro Coming, Here’s What We Know

• U.S., U.K. say Russia was behind Ukraine DDoS attacks

• Space acquisitions could see more ‘discipline’ from Biden pick

• Zero trust, CX, robotic process automation on deck for 2022

• Key Application Security Metrics Show Few Signs of Improvement

• Google Privacy Sandbox promises to protect user privacy online

• What To Expect With Cyber Surprise

• 2022-02-16 – Files for an ISC diary (Astaroth/Guildma)

• Revamping mobility with a renewed focus on communities

• White House Accuses Russia of Cyberattacks Targeting Ukraine

• How Steganography Allows Attackers to Evade Detection

• Businesses should build an off-line backup system, says fmr. Homeland Security chief Michael Chertoff

• CISA publishes list of free security tools for business protection

• McAfee Enterprise SSE: Named a Leader In 2022 Gartner Magic Quadrant for SSE

• Ukraine DDoS: ‘Cyberattack’ or Not?

• Axiomatics Introduces Orchestrated Authorization

• Free Cybersecurity Tools and Services List Published by CISA

• Why You Need An Adversary-First Approach to Threats in the Cloud

• WTF Is Our Most Critical Cybersecurity Resource? And How Can We Preserve It?

• Adobe warns of second critical security hole in Adobe Commerce, Magento

• The Top SIEM Challenges Modern Security Practitioners Face Today

• NCSC-NZ Releases Advisory on Cyber Threats Related to Russia Ukraine Tensions

• Executive Overview of Russian Aggression Against Ukraine

• Irony alert! PHP fixes security flaw in input validation code

• Oscar Nominated Apple TV+ Movie ‘CODA’ Releasing in Theaters for Free

• MacRumors Giveaway: Win an iPad Folio or Sleeve From Woolnut

• Kanye West’s ‘Donda 2’ Album Not Coming to Apple Music

• Today’s Digital Battlefield Demands Resilience Beyond Infrastructure

• Probation for Medicare Fraudster

• Network Security Automation using Cisco Secure Firewall and HashiCorp’s Consul

• Malware Seller Faces Charges for Peddling WhatsApp Espionage Tools

• SquirrelWaffle Adds a Spin of Fraud to Exchange Server Malspamming

• How to Automate Workflows with Falcon Spotlight

• New Mercedes-AMG F1 W13 E Rises to the Challenge for Formula One 2022

• CISA Creates List of Free Cybersecurity Tools and Services for Defenders

• US Goes After Crypto Criminals

• 5 Best Practices for Succeeding at Developer-First Application Security

• New Critical RCE Bug Found in Adobe Commerce, Magento

• Carpet Bombing Attacks on the Rise

• Justice Department Charges China’s Hytera With Conspiring to Steal Radio Technology

• Trump’s Presidential Records Act Violations: Short- and Long-Term Solutions

• What’s Happening with Afghanistan’s Assets?

• NIST outlines what IoT and software ‘security labels’ could look like

• Croatian Police arrests minor over A1 Telecom data breach & ransom demand

• Report: 2021 hit a record high of security vulnerabilities

• Enterprises Look Beyond Antivirus Software for Remote Workers

• CISA Compiles Free Cybersecurity Services and Tools for Network Defenders

• Fast-Growing Golang-Based ‘Kraken’ Botnet Emerges

• CISA Compiles Free Cybersecurity Services and Tools for Network Defenders

• Russia steals information from US Defense Contractors

• Government Launches Consultation To Ban Huawei From FTTP, 5G

• NIST outlines what IoT and software ‘security labels’ could look like

• Google’s puny pledge to Android privacy leaves iPhone your securest platform

• Ransomware Adds New Wrinkle in Russian Cybercrime Market

• Iran-linked TunnelVision APT is actively exploiting the Log4j vulnerability

• Should we expect to keep communication private in the digital age?

• If the Cloud Is More Secure, Then Why Is Everything Still Broken?

• Severe WordPress Plug-In UpdraftPlus Bug Threatens Backups

• Microsoft Teams Abused for Malware Distribution in Recent Attacks

• UK Government Consults on Plans to Restrict Huawei’s Involvement in Telecoms Networks

• Lawmakers Introduce Bill That Would Require Facebook To Protect Young Users

• The Business of Fraud: Sales of PII and PHI

• Some Apple Store Employees in U.S. Reportedly Working to Unionize

• Attacks against Customers of Top Brands Bank of America and Wells Fargo by Trickbot

• Cybercrime: Dark web carding forum users are getting worried after a string of shutdowns

• Iranian State Broadcaster Clobbered by ‘Clumsy, Buggy’ Code

• What Is Buffer Overflow?

• Tesla, Elon Musk Accuse SEC Of ‘Unrelenting Harassment’

• Patch for Actively Exploited Flaw in Adobe Commerce and Magento Bypassed

• Network Security Automation using Cisco Secure Firewall and Hashicorp’s Consul

• Apple Is ‘Ungodly Well-Managed,’ Billionaire Investor Says

• GitHub Code Scanning Now Detects Additional Security Flaws

• 12 Best 4K Monitor for Video Editing 2022 – 4K Resolutions and High-Level Features

• Microsoft aims to improve anti-phishing MFA for White House ‘zero trust’ push

• Microsoft Warns of ‘Ice Phishing’ Threat on Web3 and Decentralized Networks

• ShadowPad Malware Attacks have been Linked to Chinese Ministry and PLA

• U.S. companies warned to prepare for Russian cyberattacks

• NSA Provides Guidance on Cisco Device Passwords

• New Report by U.K. NCSC Highlights the Impact of Diversity on the Cybersecurity Workforce

• Feds Warn About Critical Infrastructure Ransomware Attacks, Vulnerabilities

• PseudoManuscrypt Malware Spreading the Same Way as CryptBot Targets Koreans

• DSbD’s Four Nations Roadshow Begins

• 10 Common Network Vulnerabilities and How to Prevent Them

• Donald Trump’s ‘Truth Social’ App Emerges For Beta Testing

• VMware NSX Data Center Flaw Can Expose Virtual Systems to Attacks

• French Dad tries to block his kids internet, wipes out town WiFi

• Microsoft offers defense against ‘ice phishing’ crypto scammers

• Vulnerability found in major WordPress plugin

• Major vape vendor hacked

• 5 Fail-Safe Ways to Back Up Your Data

• Red Cross Cyberattack Links Back To A Zoho ManageEngine Vulnerability

• Trickbot Targets 140,000 Victims in 14 Months

• Obscura 3 Camera App Gains Overhauled Interface and New Capture Modes

• High Severity WordPress Plugin Bug Hits Three Million

• Thanks, dad: jammer used to stop kids going online, wipes out a town’s internet by mistake

• FlexBooker Data Leak Impacts Millions of End Customers

• CVE-2021-44731 Linux privilege escalation bug affects Canonical’s Snap Package Manager

• New RCE flaw added to Adobe Commerce, Magento security advisory

• New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager

• Researchers created a PoC exploit for recently disclosed critical Magento CVE-2022-24086 bug

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows ?

• Avast Anti-Phishing Products Outperform Others | Avast

• Metaverse Survey Spurns Facebook | Avast

• Iranian Hackers Targeting VMware Horizon Log4j Flaws to Deploy Ransomware

• New infosec products of the week: February 18, 2022

• When you’re fending off cyber-attackers, it is possible to be just too tooled up

• Ransomware’s savage reign continues as attacks increase 105%

• Hackers targeting aviation industry with sophisticated malware from years

• Revenue for Cybersecurity firms in UK increased by 14 percent

• 4 Cloud Data Security Best Practices All Businesses Should Follow Today

• Even when warned, businesses ignore critical vulnerabilities and hope for the best

• Software supply chain security still a pain point

• New Botnet Dubbed Kraken Deploys Backdoor to Steal Sensitive Information from Windows Hosts

• Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails

• Is higher security a benefit of database migration to the cloud?

• How hackers could use popular virtual reality headsets to steal sensitive information

• Social Media: How to Steer Your Family Clear of Cryptomining Malware

• Apple Shares ‘Life is But a Dream’ Shot on iPhone 13 Pro Film

• Digital payment market to reach $180.4 billion by 2026

• CynergisTek Announces Two Six-Figure, Multi-Year Managed Cybersecurity Service Contracts with a New Client, and an Existing Renewal

• ERI’s John Shegerian Discusses ‘The Insecurity of Everything’ at Reverse Logistics Association Conference & Expo

• ISG to Publish Comprehensive Study on Cybersecurity Products and Services

• Another Critical RCE Discovered in Adobe Commerce and Magento Platforms

• N‑able DNS Filtering helps MSPs protect customers on and off corporate networks

• Hackers are using Microsoft Teams chat to spread malware

• Veriff’s identity verification solution enables healthcare organizations to prevent fraud

• Zenoss updates anomaly detection capabilities to improve predictive precision about anomalous events

• ReliaQuest GreyMatter platform enhancements allow security teams to track security posture

• This Week in Security News – February 18, 2022

• Vulnerability found in WordPress plugin with over 3 million installations

• Napatech 5G UPF offload solution increases user capacity of packet core infrastructure

• The Senate sidesteps obstacles to pass a 3-week shutdown-averting stopgap spending measure

• Lawmakers press for spectrum coordination after 5G squabble

• Apple Supplier BOE Facing iPhone Display Production Issues Due to Chip Shortages

• InQuest and OPSWAT join forces to offer email security solution for enterprises

• AuthenticID partners with 1Kosmos to provide identity proofing and authentication solutions for customers

• Taiwan cracks down on China spying on tech firms

• Multiple vulnerabilities found in Snap-confine function on Linux systems

• Taiwan targets Chinese espionage against tech firms

• The Tripod Foundation of a Database Analytics Solution for Today’s Threat Landscape

• JPMorgan Chase, Toshiba and Ciena build the Quantum Key Distribution network for mission-critical applications

• Comodo appoints Tim Bandos as EVP of SOC Services

• PCI SSC promotes Mike Thompson to Director of Emerging Standards

• Harold Byun joins AppOmni as CPO

• Deep Instinct expands its global team with three channel executives

• Twitter and Facebook Must Speak Out Against Ghana’s Repulsive Anti-LGBTQI+ Bill

• The Army’s top buyer wants to test limits of flexible software spending

• Philadelphia launches digital equity plan

• Democratic senators call for IRS and ID.me to help taxpayers delete selfies

• Want to see how many one-star Uber ratings you have? Here’s how

• Snyk enters cloud security market with Fugue acquisition

• FBI: BEC attacks spreading to virtual meetings

• Neustar Security Services Report Highlights Shifts in Threat Landscape Amid Maturing Cybercrime Economy

• Attackers Hone Their Playbooks, Become More Agile

• Darktrace Artificial Intelligence Stops Cyberattack at Italian Electronics Distributor

• Confluera Cloud Research Finds Cybersecurity Concern as Biggest Obstacle to Cloud and Multicloud Adoption

• NSA Issues Guidance for Selecting Strong Cisco Password Types

• Threat actors leverage Microsoft Teams to spread malware

• Center for Threat-Informed Defense at MITRE Engenuity launches affiliate program

• Chuck Cash joins Spire Global as VP of Federal Sales

• IT Security News Daily Summary 2022-02-17

• Data Privacy Lawsuit Could Cost Meta $90m

• Part of Biden’s $15 contractor minimum wage order was temporarily halted

• Security Teams Expect Attackers to Go After End Users First

• Why data-driven decision making is harder than it looks

• Stocks will go down, but good quality stocks will come back, says Roger Monteforte

• US Agencies Say Russian Hackers Compromised Defense Contractors

• 5 Tips to Get a Cybersecurity Job With No Experience

• DOJ names first director of unit focused on cryptocurrency and crime

• Apple Stops Signing iOS 15.3 Following iOS 15.3.1 Release, Downgrading No Longer Possible

• Hands On: Testing Fortnite on iOS Using GeForce NOW

• Should Judges Defer to Police Expertise?

• The Chatter Podcast: Lessons from Lincoln with John Avlon

• Chief Marketing Officers should engage in consumer data privacy initiatives

• Vulnerability in Linux program enables local privilege escalation, researchers report

• FBI Warns of BEC Scams Abusing Virtual Meeting Platforms

• Are You Prepared for 2022’s More Destructive Ransomware?

• Intel Software and Firmware Updates Patch 18 High-Severity Vulnerabilities

• Google Introduces ‘Privacy Sandbox’ for ​​Ads on Android

• EFF to Court: Security Research Is a Fair Use

• CrowdStrike Partners with MITRE CTID, Reveals Real-world Insider Threat Techniques

• 5 ways to manage the cybersecurity skills gap

• Interpol: Policing model needs to change with cybercrime

• US Warns Russian Hackers Targetting Defence Contractors

• Democratic senators call for $5B in federal funds for election security

• Interpol: Policing model needs to change with cybercrime’s

• Attivo Wins DoD Contract for Unique Approach to Ransomware Mitigation

• SonicWall: Ransomware attacks increased 105% in 2021

• Apple Announces Special Powerbeats Pro to Celebrate NBA’s 75th Anniversary

• US Government sets forth Zero Trust architecture strategy and requirements

• Snyk cofounder on IPO plans: ‘We’ll pick our time wisely’

• S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript]

• Software-Developer Security Vendor Snyk Buys Cloud Security Company

• Man pleads guilty to selling WhatsApp hacking tool, Signal Jammers & StingRays

• Baby Golang-Based Botnet Already Pulling in $3K/Month for Operators

• Fertility Clinic Hit with Ransomware

• NSA Best Practices for Selecting Cisco Password Types

• 4 best practices to implement a comprehensive Zero Trust security approach

• Firefox and Chrome reaching major versions 100 may break some websites

• Singapore to build quantum-safe network for critical infrastructure trials

• Phishing Top Threat to US Healthcare

• NSA Best Practices for Selecting Cisco Password Types

• Possible Government Surveillance of the Otter.ai Transcription App

• Businessman Admits To Working As Spyware Broker In US / Mexico

• Google Expands Privacy Sandbox To Android

• US Says Russian State Actors Lurked In Defense Contractor Networks For Months

• SonicWall on ransomware 2022: ‘Every good vendor’ was hit

• 6 Best OSINT Tools for Penetration Testing

• Remote Code Execution Bug Found In Apache Cassandra – Patch Now!

• Microsoft Reopening Campuses, Offices As Pandemic Eases

• Drupal Releases Security Updates

• Cisco Releases Security Updates for Email Security Appliance

• Architecting Your Dream Security Automation? Here’s What You Need To Know

• Deals: Nomad’s Outlet Sale Discounting USB-C Cables, Apple Watch Straps, iPhone and AirPods Cases, More

• Edison Mail Updated With Native Support for Apple Silicon Macs

• Attackers use Microsoft Teams as launchpad for malware

• Cambodia cans critics of its snoopy Internet Gateway, says every nation has one

• This Nintendo “insider” fooled thousands of followers with fake predictions

• Weeks after announcing it, Nvidia has gone silent on its flagship RTX 3090 Ti

• Ransomware attacks more than doubled last year – these cybersecurity basics can protect you

• Ukrainian DDoS Attacks Should Put US on Notice–Researchers

• Drupal Releases Security Updates

• Cisco Releases Security Updates for Email Security Appliance

• Relevant and Extended Detection with SecureX, Part Four: Secure Cloud Analytics Detections

• Specially crafted emails could crash Cisco ESA devices

• Cyber Reporting Proposals: Assessing Liability Protections and Legal Privileges

• Malicious Excel Files are Now Being Used to Spread Emotet Malware

• DDoS Attacks Hit Ukrainian Government Websites

• Trickbot has Corrupted over 140,000 Devices

• Zoho Vulnerability leads to data breach at International Committee of the Red Cross

• Amazon and Visa Agree Worldwide Truce

• Shane Ryan Talks Workplace Diversity | Avast

• BlackByte Ransomware | Avast

• SASE vs. SSE – What’s the difference?

• 3 really exciting jobs to apply for before the weekend

• 4 Keys to Bridging the Gap Between Security and Developers

• European Data Protection Supervisor call for bans on surveillance spyware like Pegasus

• U.S. government warns that sensitive data is being stolen from defence contractors

• Microsoft Teams Targeted With Takeover Trojans

• iPhone 14 Pro Rumored to Feature 8GB RAM, Matching Galaxy S22

• 3 Common Cybersecurity Mistakes that Can Lead to Identity Theft

• Kill Cloud Risk: Get Everybody to Stop Fighting Over App Security – Podcast

• Malicious Emails Can Crash Cisco Email Security Appliances

• Your Guide to Incognito Mode in 4 Internet Browsers

• Hackers Had Access to Red Cross Network for 70 Days

• Google Bringing Privacy Sandbox to Android to Limit Sharing of User Data

• Record Year For UK Cyber Investment, Expert Weighs In

• “LinkedIn” Phishing Attacks Up 232% In Feb

• Expert Commentary On BlackCat Ransomware Claims Ownership Of Swissport Attack

• Google Almost Doubles Linux Kernel, Kubernetes Zero-day Rewards

• Snyk expands into cloud security with acquisition of Fugue

• Breaking Comments On Red Cross Cyber Attack

• High-Severity RCE Bug Found In Popular Apache Cassandra Database

• Google To Limit Ad Tracking On Android Apps

• Outage Lasting Hours Makes Canada’s Major Banks Go Offline

• Russian Cyberspies Stole U.S. Defense Data in Attacks on Contractors

• If Russia Invades Ukraine, TikTok Will See It Up Close

• GiveSendGo – 89,966 breached accounts

• Latest Crypto Vulnerability Leaks $320 Million: 3 Tips to Boost Your Crypto Confidence

• Microsoft warns of emerging ‘ice phishing’ threat on blockchain, DeFi networks

• Cybersecurity M&A Roundup for February 1-15, 2022

• Trickbot hits top brands, attacks customers

• Twitter Expands ‘Safety Mode’ To Tackle Trolls

• CPX customer awards showcase leaders and innovators in their fight against today’s sophisticated threats

• Trickbot abuses top brands including Bank of America, Wells Fargo in attacks against customers

• New Kraken botnet is allowing operators to earn USD 3,000 every month

• Privacy and computer security are too important to be left to political meddling

• Researchers Block “Largest Ever” Bot Attack

• Over 620 Million Ransomware Attacks Detected in 2021

• UK Cyber Sector Generates Record Investment and Revenue

• Baltimore tricked out of $375k

• Major Canadian banks go offline in unexplained outage

• Apple Vulns, Macro Viruses, and How Encryption Protects You – Intego Mac Podcast Episode 227

• Ukraine Defence Ministry Suffers DDoS Attack

• Top 10 Ways To Secure Containers

• Ransomware attacks surged 2X in 2021, SonicWall reports

• ‘Pathetic’ performance has left U.S. ‘well behind’ China in 5G race, ex-Google CEO Eric Schmidt says

• Vulnerable Exchange Server Hit by Squirrelwaffle Malware Loader

• Businessman admits to working as spyware broker in US and Mexico

• Facebook is one bad Chrome extension away from another Cambridge Analytica scandal

• This New Tool Can Retrieve Pixelated Text from Redacted Documents

• 10 Best Monitors Under $200 2022 – Top for Daily Use and Entertainment

• Do you know what your supply chain is and if it is secure?

• Missouri will not prosecute ‘hacker’ reporter for daring to view state website HTML

• Researchers Warn of a New Golang-based Botnet Under Continuous Development

• Nation-state actors hacked Red Cross exploiting a Zoho bug

• 10 Best Monitors With Built-In Speakers 2022 – Ideal For Gaming And Watching Movies

• 10 Best Phones for League of Legends Mobile 2022 – Game Like a Pro

• UK cybersecurity revenue up 14% on last year to £10.1bn

• Moses Staff Hackers Targeting Israeli Organizations for Cyber Espionage

• Is a focus on tech skills for CISOs holding us back in the boardroom?

• Tackling supply chain security head-on

• How do I select an API security solution for my business?

• Trio of Home Affairs Bills covering cyber, ransomware, telco data enter Parliament

• 28,695 vulnerabilities were disclosed in 2021 – the highest number on record

• Cloud usage by Public Sector to be seriously probed by European Data Protection Board

• Cyber War now excluded from Cyber Insurance

• U.S. Says Russian Hackers Stealing Sensitive Data from Defense Contractors

• Top threat activities this year

• How challenging is corporate data protection?

• Key drivers for the shift to public DNS resolvers

• Prioritizing Cybersecurity Throughout All Web Development Sprints

• How to Take Care of Yourself When Things Go Wrong: Self-Care Tips When Dealing with a Cyber Attack

• Quantum cryptography market to reach $291.9 million by 2026

• IronNet Expands Global Reach in Singapore with Addition of Leading Healthcare and Finance Customers

• Westinghouse, Kozloduy Strengthen Nuclear Cybersecurity

• InQuest Partnership With OPSWAT Enables Customers to Fill Gaps in Their Existing Email Security Stacks

• At-Bay Partners With Cloudflare to Provide Insurance Customers 3 Free Months of Cloudflare Pro

• Four ways technology can improve your Christmas celebrations

• Mandiant Ransomware Defense Validation helps prevent specific ransomware attacks

• Blueshift XDR provides cybersecurity protection for SMB businesses

• New Relic’s infrastructure monitoring empowers teams to proactively identify issues in private and hybrid clouds

• Neuro-ID unveils two identity screening products to enhance fraud detection

• Verimatrix Secure Delivery Platform enables customers to protect their content and devices

• Laminar Cloud Data Security Platform monitors public cloud data

• Bugcrowd PTaaS features deliver real-time visibility into testing progress

• Google expands Privacy Sandbox to Android

• InfluxData announces product enhancements for IoT and IIoT applications

• Nutanix launches simplified cloud solution packages for hybrid cloud infrastructure

• NETSCOUT nGeniusEDGE Server addresses IT visibility gaps in remote work environments

• Russia stole US defense data from IT systems, says CISA

• Artera partners with Deepwatch to advance security operations and protect critical infrastructure

• LogicMonitor collaborates with HBR Consulting to improve security for legal industry

• Keysight Technologies partners with Samsung to accelerate development of 6G technology

• Sysdig collaborates with Snyk to deliver end-to-end container security

• Folding the impossible into the reality of normal life

• Akamai acquires Linode to offer a single cloud-to-edge platform for businesses

• CoreStack and Prodapt join forces to provide multi-cloud governance capabilities for TMT market

• Privacy Experts to Federal and State Agencies: End Use of Facial Verification Services

• Defend Against Ransomware and Malware with Falcon Fusion and Falcon Real Time Response

• Can Madison Cawthorn Be Blocked From the North Carolina Ballot as an Insurrectionist?

• ThreatSwitch appoints Patricia Stokes to Advisory Committee

• Atiq Raza joins CyberSaint Growth Advisory Board

Generated on 2022-02-18 23:55:47.048021