IT Security News Daily Summary 2022-03-25

• Anonymous leaked 28GB of data stolen from the Central Bank of Russia

• DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector

• Indictment of Russian National Offers Glimpse Into Methodical Targeting of Energy Firm

• CISA Adds 66 Known Exploited Vulnerabilities to Catalog

• What trends are driving public sector planning in 2022?

• The Labor Dept. wants to revise a Trump-era policy on handling discrimination claims against contractors

• US indicts Russian nationals for critical infrastructure attacks

• Chrome emergency update fixes actively exploited a zero-day bug

• 100s of Russian Building Controllers Can be Remotely Hacked

• The only winner in the Okta Lapsus$ breach is Microsoft

• World Backup Day reminds us all just how precious our data is

• The Fragile Open Source Ecosystem Isn’t Ready for ‘Protestware’

• Pay to play: Ransom demands averaged $2.2m last year

• The 2022 Cyber Incident Reporting Law: Key Issues to Watch

• Another Tracker Scanning App Highlights the Need for a Better Way to Protect Victims From Digital Stalking

• Fileless Malware on Linux: Anatomy of an Attack>

• 6 types of insider threats and how to prevent them

• How Do I Demonstrate the ROI of My Security Program?

• Review Microsoft Defender for endpoint security pros and cons

• WiCyS Members Now Have access to Cyber Defense Challenge Through Target

• Lawmakers move to protect healthcare infrastructure from potential Russian threat

• Week in security with Tony Anscombe

• US, EU Sign Data Transfer Deal to Ease Privacy Concerns

• Here’s How Fast Ransomware Encrypts Files

• EFF Client Erik Johnson and Proctorio Settle Lawsuit Over Bogus DMCA Claims

• Is the metaverse safe?

• We may never know the full details of Russia’s cyberwar against Ukraine

• Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison

• Senate Committee Questions Pentagon’s Information Restrictions

• Hackers from China’s ‘Mustang Panda’ were Utilizing New ‘Hodur’ Malware

• Florida Sheriff’s Officer Charged with Cyber-Flashing Minor

• Strong Customer Authentication (SCA): what to expect

• Russia preparing to conduct cyberattacks, White House warns

• Chinese Hackers Target Betting Firms in South East Asia

• Modern Gaming Sucks Because of Abundance Fatigue

• Major League Baseball Players’ Personal Data Stolen

• Russia’s Invasion of Ukraine and CISA/FBI’s New Era of Transparency

• FBI Witnesses Rising Russian Hacker Interest in US Energy Firms

• 5 Prevalent digital marketing Cybersecurity concerns to watch out for

• Bots Buy Up Raspberry Pi Products | Avast

• Chinese Hackers Seen Targeting Ukraine Post-Invasion

• Risk & Repeat: Lapsus$ highlights poor breach disclosures

• Cisco Secure Endpoint Strikes Balance for School IT Teams

• What Is FOSS Software? Definition, Usage, and Vulnerabilities

• Atlassian flags Bitbucket and Confluence Data Center flaws

• Threat Protection – How to Be Fully-Protected From Cyber Threats

• MixMode Banks $45 Million in Series B Funding

• Utah Becomes Latest US State to Pass a Data Privacy Law

• Chinese threat actor Scarab targets Ukraine, CERT-UA warns

• Hackers remotely start, unlock Honda Civics with $300 tech

• Russian State-Sponsored Amplification of Bio Lab Disinformation Amid War in Ukraine

• 2021 Third-Party Intelligence Threat Landscape

• US Charges 4 Russian Hackers Over Attacks On Energy Sector

• Russia Hacked Ukrainian Satellite Comms, Officials Believe

• Frosties NFT Operators Arrested Over $1.1 Million Rug Pull Scam

• Social Engineering Attacks Target Morgan Stanley Client Accounts

• Oxford Teenager Arrested In Lapsus$ Crackdown

• Report: 57% of consumers are tired of password authentication questions

• Facial recognition inappropriate for high-risk applications, experts say

• A Honda Vulnerability Allows Hackers to Use a Replay Attack

• How to Know if Someone Has Muted You on Messenger?

• Hackers Use XLL Files to Deliver Obfuscated Version of JSSLoader

• EU and US Agree Deal to Reopen Seamless Transatlantic Data Flows

• The Elusive Goal of Network Security

• HR Alone Can’t Solve the Great Resignation

• Frosties NFT operators arrested over $1.1 million ‘rug pull’ scam

• What is ransomware? Everything you need to know about one of the biggest menaces on the web

• These fake crypto wallets want to steal from iPhone and Android users

• UK police arrest seven individuals suspected of being hacking group members

• Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch

• U.S. Charges 4 Russian Govt. Employees Over Hacking Critical Infrastructure Worldwide

• Tips from a CISO: How to Create a Security Program

• Japanese Healthcare Firm ‘Doctors Me’ Exposed Images of 12,000 Patients

• Bandura Cyber relaunches as ThreatBlockr with a new solution to block malicious network traffic

• FBI: 649 Ransomware Attacks Reported on Critical Infrastructure Organizations in 2021

• Modernizing Secure Remote Access for a Hybrid Workforce

• Treasury Secretary Janet Yellen on crypto: I have some skepticism, but there are benefits

• Silicon UK In Focus Podcast: Post-Pandemic Entrepreneurs

• UK police arrested 7 alleged members of Lapsus$ extortion gang

• Most IT Bosses View Skills Gap As ‘Urgent Concern’

• Google: We stopped these hackers who were targeting job hunters and crypto firms

• Avast acquires SecureKey Technologies in authentication, identity management push

• How European Rulings Imperil Flagship Google Product

• 7 Suspected Members of LAPSUS$ Hacker Gang, Aged 16 to 21, Arrested in U.K.

• 1-15 March 2022 Cyber Attacks Timeline

• London DJ Surrenders £214,000 of Music Kit in Money Laundering Case

• Gus Simmons’s Memoir

• Teens arrested amidst Lapsus$ crackdown

• Anonymous Claims Hack Of Russia’s Central Bank

• Cybersecurity for banks – Assuring a secure & compliant cloud migration

• Four Russians Charged with Dragonfly Attacks on Critical Infrastructure

• Honda bug allows hackers to unlock and start your car

• What Is Data Loss Prevention and How You Can Approach DLP Security

• UK Teen Arrested in Lapsus Crackdown

• US accuses four Russian Government Officials for launching Cyber Attacks

• Western Australia to invest AUS $25.5 million to bolster state cyber security services

• Lack of Cybersecurity Preparation in SMBs | Avast

• Selenium vs BDD 2.0 (SDD): Which Is Best for End-to-End Testing?

• Introducing Silicon.eu

• Mitek Acquires HooYu for $129m

• Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users

• US indicted 4 Russian government employees for attacks on critical infrastructure

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows ?

• Data literacy: The most in-demand skill in the future workplace

• The impact of the cloud skills gap on businesses

• The 2021 threat landscape: Trends, threats and techniques

• Most Common Cyber Threats for Businesses

• How AI can fend off supply-chain attacks

• WA government allocates AU$25.5m to expand cybersecurity services

• PJCIS supports passage of second tranche of critical infrastructure cyber laws

• North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT, and Media Firms

• New infosec products of the week: March 25, 2022

• Weekly Update 288

• North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT and Media Firms

• The challenge of planning an IAM strategy for multi-cloud environments to avoid risk

• US DoJ reveals Russian supply chain attack targeting energy sector

• Trends, threats and techniques that comprised the 2021 threat landscape

• The Largest Online Marketplace of Stolen Login Credentials Seized by Law Enforcement

• Morrison wants organisations to prioritise trust over efficiency for data security

• How the cloud skills gap is hindering business development

• This Week in Security News – March 25, 2022

• Data literacy to lead global workplaces by 2030

• How to unlock a resilient hybrid work plan

• Big data as a service market to reach $101 billion by 2028

• Distributor dumps Kaspersky to show solidarity with Ukraine

• CynergisTek Reports Fourth Quarter and Full Year 2021 Financial Results

• Semperis Extends Breach Preparedness and Incident Response Services for Identity-Based Cyberattacks to Broader Customer Set

• Working with MSSPs to optimize XDR

• US Charges Russian Hackers Over Infamous Triton, Havex Cyberattacks on Energy Sector

• TRIMEDX improves medical device cybersecurity with new cloud-based features

• Entrust announces four solutions to help enterprises prepare for the post quantum world

• Tobii Aware enhances privacy and security in the new commercial line of MSI laptops

• DTEX Systems extends scope and protection of Microsoft 365 E5 modules

• Attivo Network enhancements strengthen protection of Active Directory in Azure

• Qumulo CSI driver simplifies Kubernetes workflows on unstructured data

• Cisco accelerates hybrid cloud operations with new innovations

• Ermetic launches open source tool that analyzes AWS CloudTrail AccessDenied events

• Russian Court Bans Facebook And Instagram For “Extremist Activities”

• UK police arrest 7 hacking suspects – have they bust the LAPSUS$ gang?

• We blocked North Korea’s Chrome exploit, says Google

• 5 Tips for a Successful Threat Hunt

• Russian nationals charged for alleged roles in DragonFly and Triton hacks

• EY collaborates with Infosys to accelerate digital transformation for organizations

• DCSA selects C3 AI to improve security clearance processing

• Ping Identity partners with TD SYNNEX to offer identity security solutions to North America

• Feds Allege Destructive Russian Hackers Targeted US Refineries

• Justice Department Charges Four Russian Nationals for Global Hacking Campaign Targeting the Energy Sector

• Bobby Napiltonia joins Okera as President

• Karlsgate raises $4 million to bring zero trust approach to data connectivity

• Mitek acquires HooYu for £98 million to help businesses combat fraud

• Avast acquires SecureKey Technologies to expand its identity product and services portfolio

• Anti-war open-source software developer targets Russians and Belarussians with “protestware”

• Windows Event Log Evasion Review

• Shing Pan and Susan Sumner join VIQ Solutions Board of Directors

• Cowbell Cyber hires Joshua Chan as CTO

• Netskope names Daniel Hartert CxO Advisor in Europe

• UK-Based Teen Suspected of Operating LAPSUS$ Data Extortion Group

• Downloaders Currently the Most Prevalent Android Malware

• Russian Nationals Indicted for Epic Triton/Trisis and Dragonfly Cyberattacks on Energy Firms

• Drawbridge launches Industry Advisory Board

• Microsoft Azure developers targeted by 200-plus data-stealing npm packages

• IT Security News Daily Summary 2022-03-24

• Will Okta recover its cred after Lapsus$ breach? We’ll see

• New bill looks to modernize 50-year-old rulebook for federal-state cooperation

• Experts explained how to hack a building controller widely adopted in Russia

• British cops arrest seven in Lapsus$ crime gang probe

• Health officials see bright future in poop surveillance

• UK Cops Collar 7 Suspected Lapsus$ Gang Members

• State-Sponsored Russian Cyber Actors Targeted Energy Sector from 2011 to 2018

• Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector

• Google Tests Health Monitoring Via Smartphone Sensors

• North Korea Gov Hackers Caught Sharing Chrome Zero-Day

• How to overcome GDPR compliance challenges

• The Kids Online Safety Act Is a Heavy-Handed Plan to Force Platforms to Spy on Young People

• Ukraine war puts US cities, states on cyber alert

• Microsoft Azure Developers Awash in PII-Stealing npm Packages

• Navy CIO says the service is ‘on the cusp’ of CAC-less cloud access

• Ransomware getting ahead of state, local governments, survey finds

• What is Spyware?

• Smart Tips for Staying Safer Online

• Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug

• The Chaos (and Cost) of the Lapsus$ Hacking Carnage

• HP finance manager went on $5m personal spending spree with company card

• Biggest Cyber Trend in 2022

• On The Frontline in The War Against Hackers

• FBI: Ransomware hit 649 critical infrastructure entities in 2021

• API Gateway or not, You Need API Security

• US Court Ends China’s ZTE Probation

• With threats like Lapsus$, security playbooks ‘go out the window’

• Apple Wallet goes live for ID verification at TSA checkpoint

• LAPSUS$ Cyber Crime Spree Nabs Microsoft, Okta, NVIDIA, Samsung

• For MSPs, Next-Gen Email Security Is a Must

• How Casinos Can Prevent Loyalty Incentive and Account Takeover Fraud

• Panel closes in on federal data use recommendations

• GSA announces four-fold increase in contracting opportunity goals for SDBs

• This is how fast a ransomware attack encrypts all your files

• Lawmakers request agency support in broadband rollouts

• Crypto malware in patched wallets targeting Android and iOS devices

• Is a nation‑state digital deterrent scenario so far‑fetched?

• HubSpot Data Breach Ripples Through Crytocurrency Industry

• US Indicts Russian Over “Carding Shop”

• Indian Police Bust Online Helicopter Scam

• VMware Releases Security Updates

• IsaacWiper Continues Trend of Wiper Attacks Against Ukraine

• Stop Invasive Remote Proctoring: Pass California’s Student Test Taker Privacy Protection Act

• Looking to become a tech hub? Level up your local talent in 3 steps

• Okta provides new details on Lapsus$ attack

• APIs & the Software Supply Chain — Evolving Security for Today’s Digital Ecosystem

• Several Dell Systems are Affected by New BIOS Bugs

• BitRAT Malware Spreading Via Unofficial Microsoft Windows Activators

• Mandiant Launches mWISE, Uniting the Global Security Community in the Fight Against Cyber Threats

• Drawbridge Launches Industry Advisory Board to Promote Cybersecurity Innovation and Collaboration Across the Alternative Investment Industry

• A lasting trend: As a Service

• ISO 27002 2013 to 2022 mapping

• Bank Of England Begins To Outline UK’s Crypto Regulatory Approach

• HubSpot Data Breach – Major Cryptocurrency Companies Impacted

• 2022-03-21 – Infection from Brazil malspam

• First Annual Insider Risk Excellence Award Winners Protect Sensitive Company Data and Intellectual Property in Groundbreaking Ways

• Datto MSP Technology Day Addresses Security for SaaS Applications

• SIMBA Chain to Build Blockchain Backed Local Health Supply Chain System, Fueling MxD Medical Marketplace

• YugabyteDB 2.13 Delivers Breakthrough Developer Experience and Performance Improvements

• NetWitness Incident Response Team Urges Enterprises to Prepare for Potential Cyberattacks Related to Russia/Ukraine Conflict

• Lapsus$ Hacking Group Claims to Have Stolen Sensitive Data From Software Gaint Okta Solutions

• New Vidar Infostealer Campaign Hidden in Help File

• Reform or Revolution?

• Job Post: Lawfare Fellowship through Emerging Tech Policy Leaders Program

• The Chatter Podcast: Putin’s People with Catherine Belton

• Private Details of 43,000 London Voters Leaked to Strangers

• Intel CEO: Chip Fabs Are As Strategical Important As Oil

• Everywoman In Tech Awards | Avast

• Getty Images launches first model release supporting biometric data privacy in AI

• Over 100 Building Controllers in Russia Vulnerable to Remote Hacker Attacks

• Anonymous targets western companies still active in Russia, including Auchan, Leroy Merlin e Decathlon

• Clear Skye lands $14M to simplify identity governance on ServiceNow

• These tax season scams aim to steal your passwords and bank details. Here’s what to watch out for

• Enterprise Browser Startup Island Snags Massive Funding Round

• Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection

• S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]

• Apple Co-Founder Slams Facebook For Privacy Flaws

• What the Conti Ransomware Group Data Leak Tells Us

• ExtraHop Adds AI To Bolster Threat Detection For AWS

• Blast From the Past: What the Y2K Bug Reveals About Cybersecurity Today

• Vidar spyware is now hidden in Microsoft help files

• These tax season scams aim to steal your passwords and bank details – here’s what to watch out for

• Microsoft Help Files Disguise Vidar Malware

• Russian Operator of Cybercrime Marketplace Indicted in US

• How to Build a Custom Malware Analysis Sandbox

• Chinese APT Hackers Targeting Betting Companies in Southeast Asia

• 23-Year-Old Russian Hacker Wanted by FBI for Running Marketplace of Stolen Logins

• Report: 80% increase in application-level cyberattacks

• Tax-Season Scammers Spoof Fintechs Stash, Public

• Top 3 Attack Trends in API Security – Podcast

• Many Critical Flaws Patched in Delta Electronics Energy Management System

• Be Aware of What is Out There in Cybersecurity Threats and Protection 2022

• An Investigation of Cryptocurrency Scams and Schemes

• Meta’s Universal Translator Will Not Be the End of Human Translation

• So, what’s the big deal about ISE 3.x?

• Russian Cybercrime Market Owner Added to FBI’s Most Wanted List

• ISPs and Diplomats Targeted by New Mustang Panda Hacking Campaign

• Why I’m Proud to Protect

• Ransomware is scary, but another scam is costing victims much, much more, says FBI

• Mustang Panda hacking group takes advantage of Ukraine crisis in new attacks

• VMware Patches Critical Vulnerabilities in Carbon Black App Control

• Linux Improves Its Random Number Generator

• Elden Ring exploit traps players in infinite death loop

• Achieving Positive Outcomes With Multi-Domain Cyber and Open Source Intelligence

• Researchers trace LAPSUS$ hacks to English teenager

• Ransomware payments peaked in 2021

• Okta names contractor involved in Lapsus$ gang’s attack

• A coordinated nation-state cyber attack is a worst-case scenario, says former U.S. chief technology officer

• Update now! Many HP printers affected by three critical security vulnerabilities

• Arizona To Accept Digital Driver’s Licences On iPhones

• UK Ministry of Defence takes recruitment system offline, confirms data leak

• Ransomware Payments Hit Record Highs in 2021

• ISACA: Two-Thirds of Cybersecurity Teams Are Understaffed

• Phishing-kit market: what’s inside “off-the-shelf” phishing packages

• Fake android app fraudulently helps harvests Facebook credentials

• A 16-old teenager suspected behind Lapsus$ ransomware attack

• Malicious npm packages target Azure developers to steal personal data

• Investment Fraud Surges as Cybercrime Losses Hit $7bn in 2021

• Okta CSO: Lapsus Incident Was “Embarrassing”

• The Jargon Episode, Part II – Intego Mac Podcast Episode 232

• Serious Vulnerability Exploited at Hacking Contest Impacts Over 200 HP Printers

• Anonymous claims to have hacked the Central Bank of Russia

• New cyberespionage campaign targeting ISPs, research entities

• ADB Commands: A Beginner’s Guide

• ¿QUÉ ES FIM (FILE INTEGRITY MONITORING)?

• IT outage at Scotland’s Heriot-Watt University enters second week

• Researchers Trace LAPSUS$ Cyber Attacks to 16-Year-Old Hacker from England

• Zero trust implementation for device access falling behind

• Security threats today’s businesses need to look out for

• Do you know what your supply chain is and if it is secure?

• 10GB of Data Belonging to Nestlé Exposed [Updated]

• Hundreds of HP Printer Models Affected by Critical Remote Code Execution

• Most Singapore IT leaders cannot identify fake messages, but only half concerned about phishing risks

• Over 200 Malicious NPM Packages Caught Targeting Azure Developers

• How will recent risk trends shape the future of GRC

• Avast Invests in Digital Trust with SecureKey Acquisition

• Okta says 375 customers impacted by the hack, but Lapsus$ gang says it is lying

• The biggest security threats to today’s businesses

• Strengthening third-party vendor programs in times of crisis and beyond

• Check Point spreading AI goodness throughout its security portfolio

• Enterprises are engaged in a powerful battle to retain cybersecurity staff

• The importance of ramping up digital forensics and incident response tech investments

• What’s holding back zero trust implementation for device access?

• ​​​​​​​Staying safe online when you live off-grid

• Data center networking market to reach $40 billion by 2028

• IronNet to Announce Fourth Quarter and Fiscal Year 2022 Results on April 6, 2022

• State of the Cybersecurity Workforce: New ISACA Research Shows Highest Retention Difficulties in Years

• VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control

• Checkmarx Supply Chain Security identifies potentially malicious open source packages

• Ninja Ticketing updates provide additional context and increase efficiency for IT teams

• MailStore 22.1 boosts compliance and security for administrators

• ExtraHop Reveal(x) 360 for AWS detects malicious activity across workloads

• Perle Systems IRG7440 5G Router & Gateway enables secure communications to multiple back-end systems

• F-Secure spins out new enterprise security business: WithSecure

• 4 Challenges of Using Anonymous User Data for UEBA

• Hawk AI and Weavr join forces to deliver contextual risk management for embedded finance

• Endace partners with Cubro to eliminate network blind spots and accelerate event investigation

• MixMode raises $45 million to automate cyberattack detection for organizations

• Nexthink collaborates with Qualtrics to improve employee experience in hybrid work environments

• Dialpad partners with MIA Distribution to expand its reach throughout Australia

• Secure Code Warrior collaborates with GitLab to enhance real-time secure coding guidance

• Sophos appoints Rob Lalumondier as VP of Federal Business

• Island raises $115 million to enable innovation on Enterprise Browser

• Spectro Cloud raises $40 million to accelerate growth and expand its go-to-market plan

• Theta Lake raises $50 million to help organizations manage complex security and compliance issues

• Nucleus Security raises $20 million to boost product development and enhance customer experience

• Report: Cloud automation is key to future-proofing cybersecurity

• Some developers are fouling up open-source software

• Guidewire opens new EMEA headquarters in Dublin

• F-Secure rebrands its corporate security business under the new name

• IriusRisk launches Open Threat Model Standard to simplify the generation of threat models

• Katya Gozias joins Guidepost Solutions as Managing Director in Los Angeles

• Uptake appoints Linda Bartman as President

Generated on 2022-03-25 23:55:31.013127