IT Security News Daily Summary 2022-04-28

• Can your mobile phone get a virus? Yes – and you’ll have to look carefully to see the signs

• Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021

• Cisco Releases Security Updates for Multiple Products

• The Subject Of Trusting ‘Russian’ Applications

• Elon Musk Wants to Make Twitter DMs End-to-End Encrypted

• GSA to study facial recognition tech with equity in mind

• IRS balks at public free-file suggestion from government watchdog

• Microsoft readies a built-in VPN for Edge powered by Cloudflare

• Tips for using a threat profile to prevent nation-state attacks

• Case study: Why it’s difficult to attribute nation-state attacks

• Check Point: Ransomware attacks lasted 9.9 days in 2021

• Lapsus$ targeting SharePoint, VPNs and virtual machines

• Microsoft: Russia Using Cyberattacks in Coordination With Military Invasion of Ukraine

• The Ransomware Crisis Deepens, While Data Recovery Stalls

• Capital One Ventures, Snowflake Ventures, Verizon Ventures, and Wipro Ventures Join Securonix $1B+ Growth Investment as Strategic Investors

• EFF Statement on the Declaration for the Future of the Internet

• Global Nations Sign Declaration For Free, Open Internet

• How enterprises can ensure NVMe security in 2.0

• Cisco Releases Security Updates for Multiple Products

• API Security is Necessary to Stop Threats that WAFs and Bot Protection Cannot

• 2022-04-25 – Emotet epoch4 activity (LNK files)

• The super malicious insider and the rise of insider threats

• File Formats

• US and China Exposed Most Databases Among 308,000 Discovered in 2021

• Europol: Deepfakes Set to Be Used Extensively in Organized Crime

• Harnessing data can help cities reduce homelessness

• Device Privacy Support for Retailers in Today’s Smart Home (Multi-Video)

• Stellar Open XDR Nominated for Three 2022 ‘ASTORS’ Cybersecurity Awards

• Microsoft Warns of ‘Nimbuspwn’ Security Flaws Haunting Linux

• Crypto Trading Fund Partners Accused of Fraud

• Chickens Baked Alive Due to Computer Glitch

• Uber ‘Cough Girl’ Accused of Identity Theft

• Hollywood’s Fight Against VPNs Turns Ugly

• The Chatter Podcast: “The Day After” with Nicholas Meyer

• The Package Analysis Project: Scalable detection of malicious open source packages

• FBI warns food and agriculture to brace for seasonal ransomware attacks

• Quantum Cybersecurity: Addressing the Boogeyman in the Room

• Stories from the SOC – Lateral movement using default accounts

• Online Safety Bill May Pose Risk To Startups, Suggests Regulator Boss

• How data-driven policies can help states and localities

• KB4Con 2022 – Cyber Resilience and the Fourth Industrial Revolution

• KB4Con 2022 – The Latest in Hacking Techniques with the World’s Most Famous Hacker

• CNIL Imposes a Fine of 1.5 million Euros Against Software Publisher Dedalus

• Cloud Security Innovator Sonrai Security Expands Globally into Europe and Asia-Pacific

• SECURE London stokes debate on the future of the cybersecurity workforce

• Nebulon Extends 4-minute Ransomware Recovery to 2-Node Management Clusters on Dell PowerEdge Servers, Reducing Footprint and Related Costs by 33%

• CynergisTek Launches New Continuous Risk Monitoring Program (CRMP) and Signs First Six-Figure Contract With Southeastern Hospital

• Why use a managed services provider for your SASE implementation

• Report: 78% increase in ransomware attacks in last year

• Smallstep increases focus on zero-trust and automated certificates, secures $26M

• 1.2 Million Bad Apps Blocked From Reaching Google Play in 2021

• Cloudflare stomps huge DDoS attack on crypto platform

• Emotet is Evolving with Different Delivery Methods

• Call for Contributors with Knowledge of Linux Firewalls!>

• Synopsys to Acquire White Hat Security in $330M All-Cash Deal

• How Linux Became the New Bullseye for Bad Guys

• MAR-10376640-2.v1 – CaddyWiper

• CISA and FBI Update Advisory on Destructive Malware Targeting Organizations in Ukraine

• MAR-10376640-1.v1 – IsaacWiper and HermeticWizard

• Five Eyes Nations Reveal 2021’s Fifteen Most Exploited Flaws

• Microsoft Details Rampant Russian Invasion Cyber Warfare

• GitHub Repos Breached Using Stolen OAuth Tokens

• Malicious Relays And The Health Of The Tor Network

• Hackers Steal NFTs Worth $3M in Bored Ape Yacht Club Heist

• BT Signals Intent To Adopt EE Brand For UK Consumers

• What Are the Biggest Phishing Trends Today?

• Hackers fool major tech companies into handing over data of women and minors to abuse

• Sender Policy Framework (SPF)

• Cisco Patches 11 High-Severity Vulnerabilities in Security Products

• S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast]

• Explainable AI for Fraud Prevention

• MAR-10376640-2.v1 – CaddyWiper

• MAR-10376640-1.v1 – IsaacWiper and HermeticWizard

• Bumblebee, a new malware loader used by multiple crimeware threat actors

• The Tenet Case: Are Hackers Targeting the Healthcare Industry?

• Call of Duty cheats can expect embarrassment with new anti-cheat feature

• Ransomware payments are marginal when compared to the overall costs

• Meta Pleases Investors After Daily User Number Growth Returns

• Fake USA for UNHCR site wants your Ukraine donations in Bitcoin

• CISA published 2021 Top 15 most exploited software vulnerabilities

• Microsoft Issues Report of Russian Cyberattacks against Ukraine

• Facebook phishers threaten users with Page Recovery Help Support

• Onyx ransomware destroys files, and also the criminal circle of trust

• QNAP customers urged to disable AFP to protect against severe vulnerabilities

• How Tencent is building a global game production system

• Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

• Threat-Hunting Journal April 2022 – Easter Edition

• Cyber Crime Is on The Rise and These Experts Have the Knowledge You Need

• KB4-CON 2022: Awareness, Behavior and Culture: Trip Report

• How Covid-19 Changed Advertising Forever

• Log4j flaw: Thousands of applications are still vulnerable, warn security researchers

• Cyberattacks Rage in Ukraine, Support Military Operations

• National Cybersecurity Agencies List Most Exploited Vulnerabilities of 2021

• Critical Vulnerabilities in Azure PostgreSQL Exposed User Databases

• Governing Platforms Through Apple’s App Store in the U.S. and China

• 4 Ways An AV Integration Company Can Improve Your Business

• Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution

• This is how Elon Musk can securely achieve his mission of authenticating Twitter users

• Celebrating World Autism Awareness Month with educational activities and our Autism@IT mentoring project

• A Peek into Visa’s AI Tools Against Fraud

• How cities are trying to combat the nation’s deadliest weather risk

• Cloudflare Customer Targeted in Record HTTPS DDoS Attack

• Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group

• The More You Know: Job Searching & Interviewing

• Top Exploited Vulnerabilities in 2021 Revealed by Cybersecurity Firms

• Android security: We stopped billions of harmful app downloads, says Google

• Overcoming Cybersecurity Recruiting Challenges

• Everything you need to know to create a Vulnerability Assessment Report

• Ransoms only make up 15% of ransomware costs

• ZecOps Announces Support for Forensics Images Acquired by GrayShift

• Anger As Musk Engages With Tweets Criticising Twitter Execs

• IETF Publishes RFC 9116 for ‘security.txt’ File

• A Chilling Russian Cyber Aim in Ukraine: Digital Dossiers

• Cybercriminals Using New Malware Loader ‘Bumblebee’ in the Wild

• ZecOps Announces Support for Forensics Images Acquired by GreyShift

• Over 300,000 Internet-Exposed Databases Identified in 2021

• Phishing attacks benefiting from shady SEO practices

• Global Security Spending Set to Hit $198bn by 2025

• CloudFlare blocked a record HTTPs DDoS attack peaking at 15 rps

• The Top Exploited Vulnerabilities in 2021 Revealed by Cybersecurity Firms

• Microsoft Discloses True Scale Of Russian Cyberattacks On Ukraine

• Microsoft: Russia Has Launched Hundreds of Cyber Operations in Ukraine

• Twitter’s New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal

• Security Alert as Researchers Discover 400,000 Exposed Databases

• Synopsys Acquires WhiteHat Security to Expand Application Security Software-as-a-Service Capabilities

• New RIG Exploit Kit Campaign Infecting Victims’ PCs with RedLine Stealer

• The 15 most exploited vulnerabilities in 2021

• Top five post-pandemic priorities for cybersecurity leaders

• Get Ready to Repair Your Own iPhone! – Intego Mac Podcast Episode 237

• Money or your business: Ensure your ransomware defense strategy beats off disruptions, extortions

• A Complete Guide to Perform External Penetration Testing on Your Client Network | Step-by-Step Methods

• How to Know If Your Computer Has Virus? How to Protect Your PC?

• U.S Cybersecurity Agency Lists 2021’s Top 15 Most Exploited Software Vulnerabilities

• Modern bank heists: How can they be thwarted?

• How to make DevSecOps a reality

• Remote execution holes in Log4j, Exchange and Confluence lead Five Eyes 2021 exploited CVE list

• CloudFlare Thwarts Record DDoS Attack Peaking at 15 Million Requests Per Second

• Russia-linked threat actors launched hundreds of cyberattacks on Ukraine

• Ransomware is up and victims are paying

• Top 5 security analytics to measure

• Versa Networks Hosting Versatility 2022, Inaugural SASE User Conference Being Held this Week

• Why Are Ransomware Attacks Increasing and How Can We Prevent Them?

• Microsoft releases open-source tool for securing MikroTik routers

• Is Quantum Secured Metro Network the future to Secure Communication

• Ransomware news headlines trending on Google

• QNAP Advises to Mitigate Remote Hacking Flaws Until Patches are Available

• Cybercriminals deliver IRS tax scams and phishing campaigns by mimicking government vendors

• Veza, the Data Security Company Built On The Power of Authorization, Emerges from Stealth and Announces $110 Million in Funding

• Cohesity Named a Major Player in the 2022 IDC MarketScape Worldwide Distributed Scale-Out File System Vendor Assessment

• RackTop Systems Expands Channel Partner Program

• CrowdStrike Introduces Adversary-Focused CNAPP Capabilities Designed to Secure and Protect Cloud Applications from Sophisticated Threats

• Despite its Challenges, Cloud Computing is Still the Way to Go

• How AI can close gaps in cybersecurity tech stacks

• Post-pandemic priorities for security leaders

• Are businesses ready to implement cloud-native development?

• PCI DSS 4.0 and ISO 27001 – the dynamic duo

• GrammaTech CodeSonar 7.0 helps developers find and fix issues while coding

• Fidelis Cybersecurity platform enhancements protect enterprises against advanced threats

• SecurityGen ACE platform improves security posture for the mobile operators

• CyberLink FaceMe Platform allows users to monitor all databases and system services in one place

• Kudelski Security MDR ONE addresses the growing sophistication of threats across hybrid environments

• Google Search removal requests expanded to include personal contact information

• Alkira Cloud Insights allows businesses to optimize their cloud deployments

• Five Eyes nations reveal 2021’s fifteen most-exploited flaws

• Musk’s Plan to Reveal the Twitter Algorithm Won’t Solve Anything

• Russia Is Being Hacked at an Unprecedented Scale

• Mandiant: Attackers’ Median Dwell Time Drops to 3 Weeks

• Threat Detection Software: A Deep Dive

• Keysight Technologies M9484C VXG enables customers to reduce test system setup complexity

• Cynerio collaborates with Securonix to protect healthcare organizations against security threats

• Doppler Takes on Secrets Management

• ARMO raises $30 million to offer a complete open source security solution for the Kubernetes community

• Tenable acquires Bit Discovery to help organizations minimize cyber exposure

• Data I/O partners with NXP Semiconductors and Avnet Silica to enable supply chain integrity

• Best home security camera (2022)

• Titania appoints Claire Clark as VP of Engineering

• Chinese APT Bronze President Mounts Spy Campaign on Russian Military

• Ivanti names Dennis Kozak as COO

• Microsoft points at Linux and shouts: Look, look! Privilege-escalation flaws here, too!

• IT Security News Daily Summary 2022-04-27

• The data states need to improve digital equity

• Russia Coordinating Cyberattacks With Military Strikes in Ukraine: Microsoft

• How to conduct Linux privilege escalations

• The Role IaaS Providers Play in Elevating Security Posture

• Explaining User and Entity Behavior Analytics: Enhanced Cybersecurity Through UEBA

• Cybersecurity, Big Data & Automation Tools: What Marketers Need To Know

• Elon Musk-themed cryptocurrency scam uses fake Medium as the promotion site

• How AI-driven company Oculeus helps telecom service providers better combat fraud

• Synopsys to Acquire WhiteHat Security from NTT

• Time for a U.N. Peace Enforcement Operation in Northern Ukraine?

• Why Steve Bannon’s Contempt Prosecution Revolves Around His Attorney, Robert J. Costello

• Smarter Homes & Gardens: Smart Speaker Privacy

• State Department taps assessment-based hiring process for data scientists

• Privacy Enhancing Tech Startup Enveil Bags $25 Million Investment

• Data-driven approach boosts efficiency of streetlight repairs

• Emotet is Back From ‘Spring Break’ With New Nasty Tricks

• Coca-Cola Investigates Data-Theft Claims After Ransomware Attack

• CISA: Log4Shell Was the Most-Exploited Vulnerability in 2021

• Looking for the latest insight to ensure cyber security in the long term? It’s right here

• NSA re-awards secret $10 Billion contract to Amazon

• A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity

• Five Eyes reveals 15 most exploited vulnerabilities of 2021

• Illinois Facebook Users Could Get Facebook Privacy Settlement Money Soon

• Zero-Day Vulnerabilities Are on the Rise

• Streaming graph analytics: ThatDot’s open-source framework Quine is gaining interest

• Bernie Sanders wants Amazon debarred from federal contracting

• Canvas and other Online Learning Platforms Aren’t Perfect—Just Ask Students

• Electron Application Attacks: No Vulnerability Required

• Report: 4 cybercrime stats to watch

• How drones document crash scenes

• Top VC Firms in Cybersecurity for 2022

• Feds offer big rewards for info on suspected Russian Sandworm intel officers

• Cyber Skills Gap Linked to Breaches

• Smile Brands Breach Impacts 2.5 Million Individuals

• Millions Of Java Apps Remain Vulnerable To Log4Shell

• Bitcoin Becomes Official Currency In Central African Republic

• Chinese Drone-Maker DJI Suspends Ops In Russia, Ukraine

• 6 Best Data Security Practices You Can Start Today

• Medical Device Cybersecurity: What Next in 2022?

• USDA opens grants to streamline SNAP

• REvil ransomware attacks resume, but operators are unknown

• Apple Opens ‘Self Service Repair’ Online Store

• Most Brits Rely On Memory To Manage Passwords, Says Bitwarden

• NGA will take over Pentagon’s flagship AI program

• Private Investigator Admits Role in Hedge Fund Hack

• Artificial Intelligence and Chemical and Biological Weapons

• Critical Vulnerability Identified in Ever Surf Blockchain Wallet

• Endpoint security and remote work

• Versa Networks Hosting Versatility 2022, Virtual SASE User Conference

• Watch: The Four Stages of Zero Trust Maturity

• Sophos: 66% of organizations hit by ransomware in 2021

• [eBook] Your First 90 Days as MSSP: 10 Steps to Success

• How we fought bad apps and developers in 2021

• How one senior developer brings the startup spirit to Microsoft

• New Data Safety section on Google Play Store

• How to detect phishing images in emails

• Angular + React: Vulnerability Cheatsheet

• April 2022 Web Server Survey

• Strider secures $45M for data intelligence to avert economic espionage

• Transformation and the CX executive order

• Ransomware demands are growing, but life is getting tougher for malware gangs

• Ransomware Survey 2022 – like the Curate’s Egg, “good in parts”

• Quantum Ransomware was Detected in Several Network Attacks

• New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware

• Amazon Won’t Face Federal Action Over Tornado Warehouse Collapse

• Putting Your SOC in the Hot Seat

• CIS Control 17: Incident Response Management

• Fighting Fake EDRs With ‘Credit Ratings’ for Police

• 2021 Top Routinely Exploited Vulnerabilities

• 2021 Top Routinely Exploited Vulnerabilities

• Compliance as Code: Extending compliance automation for process improvement

• Strider secures $45M for data intelligence that helps companies avert economic espionage threats

• The Army wants to re-do how it manages cyber risk

• How Industry Leaders Should Approach Open Source Security

• 2021 Top Routinely Exploited Vulnerabilities

• 2021 Top Routinely Exploited Vulnerabilities

• US Department of State offers $10M reward for info to locate six Russian Sandworm members

• The Nimbuspwn Linux Flaw Allows Root Access

• China turns cyber-espionage eyes to Russia as Ukraine invasion grinds on

• China turns prying eyes to Russia as the Ukraine invasion grinds on

• Risk Intelligence Company Strider Raises $45 Million

• Amidst Invasion of Ukraine, Platforms Continue to Erase Critical War Crimes Documentation

• Guide to Remove Ransomware

• First fully open-source Kubernetes security platform ARMO raises $30M

• Bronze President spies on Russian targets as Ukraine invasion continues

• Can Elon Musk Spur Cybersecurity Innovation at Twitter?

• Internet Outages in French Cities After Cable ‘Attacks’: Operator

• Can Tech Visionary Elon Musk Spur Cybersecurity Innovation at Twitter?

• Explaining Cloud Native Application Security

• Millions of Java Apps Remain Vulnerable to Log4Shell

• Chinese Cyberspies Targeting Russian Military

• Google’s New Safety Section Shows What Data Android Apps Collect About Users

• Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware

• Cisco Duo Security Completes Australia’s Information Security Registered Assessors Program (IRAP) Assessment

• “URGENT BUSINESS PROPOSAL!!!” 419 scammer wants your help to move someone’s inheritance

• (ISC)² Hellenic Chapter Wins Award for Creating Educational Materials

• Alphabet Profit Slides As YouTube Misses Expectations

• Doppler raises $20 million for SecretOps solution to protect developers ‘secrets’

• Coherent raises $75M Series B to enable hybrid-work era development

• CrowdStrike unveils tools to fight threats to cloud-native applications

• ARMO Raises $30 Million for Open Source Kubernetes Security Platform

• Coca-Cola Investigates Hacker Data Theft Allegations

• The U.S. is offering up to $10 million for Identity to Locate Sandworm Hacking Group

• Cracks forming in the ransomware ecosystem

• Chrome 101 Patches 30 Vulnerabilities

• State of Ransomware Report 2022: 66% Organizations Hit in 2021

• Coca-Cola Investigating Hack Claims Made by Pro-Russia Group

• North Koreans Are Jailbreaking Phones to Access Forbidden Media

• Linux Nimbuspwn flaws could allow attackers to deploy sophisticated threats

• APT trends report Q1 2022

• Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)

• Secrets Every Laptop Owner Should Know

• What’s happening in the world of personal cyber insurance?

• “Reject All” cookie consent button is coming to European Google Search and YouTube

• Achieving Sustainable Cybersecurity Through Proper Care and Feeding

• Hackers claim to have breached Coca Cola

• Emotet fixes bug in code, resumes spam campaign

• YouTuber Deliberately Crashed Plane For Views, FAA Rules

• Here’s what to look forward to at CARO Workshop 2022

• Coca-Cola Investigates Data Breach Claim

• Are you making this important TikTok error?

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• US pledges $10m for Sandworm information

• Everything You Can Do with iCloud – The Complete Guide

• UK Schools Can Sign-Up to Free Government-Grade Security

• Nimbuspwn Linux Bugs Could Provide Root Access

• Wind Turbine giant Deutsche Windtechnik hit by a professional Cyberattack

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• Amazon Faces Union Vote At Second State Island Facility

• US Offers $10m for Russian NotPetya Sandworm Team

• U.S. Offers $10 Million Bounty for Information on 6 Russian Military Hackers

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• Attackers remain persistent and indiscriminate as multi-vector DDoS attacks continue to rise

• Chinese drone-maker DJI suspends ops in Russia, Ukraine

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• Conti ransomware operations surge despite the recent leak

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• Should security teams be giving service with a smile?

• How the Emotet botnet flooded inboxes across Japan

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• Study: How Amazon uses Echo smart speaker conversations to target ads

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• How to deal with security challenges fueled by multicloud environments

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• Governments under attack must think defensively

• Russia could have hacked the UK Spy agency says MoD

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• The hierarchy of cybersecurity needs: Why EASM is essential to any zero-trust architecture

• NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• Keep your digital banking safe: Tips for consumers and banks

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• Cyber-attack defense: CIS Benchmarks + CDM + MITRE ATT&CK

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• Multi-vector DDoS attacks on the rise, attackers indiscriminate and persistent

• PCI DSS 4.0 is Here: What you Need to Consider

• Microsoft Discovers New Privilege Escalation Flaws in Linux Operating System

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• Siloed technology management increases operational blind spots and cyber risk

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• Akamai Audience Hijacking Protector defends online businesses against fraud

• Trend Micro One provides visibility and control across the entire attack surface

• eBook: A new breed of endpoint protection

• The trouble with BEC: How to stop the costliest internet scam

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• Chainguard Enforce protects organizations from supply chain threats

• ThreatX expands API visibility and protection capabilities to stop complex threats in real-time

• Datto releases two solutions to empower MSPs with continuity for their SMB clients

• Google begins roll out of Play Store data safety section

• DJI temporarily suspends operations in Russia and Ukraine

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• Log4j Attack Surface Remains Massive

• Synopsys Named AppSec Testing Leader in the 2022 Gartner® Magic Quadrant™

• Equifax partners with Interos to help customers manage potential supply chain disruptions

• Sequitur Labs and Lenovo join forces to secure AI models at the edge

• EFF to European Court: No Intermediary Liability for Social Media Users

Generated on 2022-04-28 23:55:34.612188