IT Security News Daily Summary 2022-05-03

• NIST is building a 5G network to model cybersecurity for operators

• Cloud authorization ecosystem to expand, StateRAMP predicts

• Trend Micro discovers AvosLocker can disable antivirus software

• SolarWinds Attackers Gear Up for Typosquatting Attacks

• Ridiculous Ransomware Kill Switch

• RCE vulnerabilities found in Avaya, Aruba network switches

• Facebook Moderators Beg Company To Let Them Do More About Posts Praising Atrocities In Ukraine

• Unpatched DNS-Poisoning Bug Affects Millions of Devices, Stumps Researchers

• Open-source intelligence: The new frontier of digital investigations

• REvil Revival: Are Ransomware Gangs Ever Really Gone?

• Blockchain interoperability is essential to avoid the flaws of Web2

• Identity management beyond the CAC card

• Cyberespionage Group Targeting M&A, Corporate Transactions Personnel

• April ransomware attacks slam US universities

• New Magniber Ransomware Lures Victims Via Fake Windows 10 Updates

• Syxsense Launches Unified Endpoint Security and Management Platform

• SEC nearly doubles cryptocurrency cop roles in special cyber unit

• Former eBay Exec Pleads Guilty to Cyber Stalking

• Is Leaking a SCOTUS Opinion a Crime? The Law Is Far From Clear

• Google’s Safety Section Will Show What Android Apps Do With the User Data

• Beware of New Phishing Campaign Targeting Facebook Users

• German Finance Watchdog Sees ‘Very Big’ Risk of Cyberattacks

• Cyberespionage group exploiting network and IoT blind spots

• Firefox hits 100*, fixes bugs… but no new zero-days this month

• Third-Party App Access Is the New Executable File

• OFAC, the DPRK and the Tornado of Cash

• Customize your secure VM session experience with native client support on Azure Bastion

• ExtraReplica: Microsoft Patches Cross-Tenant Bug in Azure PostgreSQL

• Security Researchers Find Nearly 400,000 Exposed Databases

• Using Pupil Reflection in Smartphone Camera Selfies

• Automating your Microsoft security suite with D3 XGEN SOAR

• Sevco Security Selected as Top 10 Finalist for RSA Conference 2022 Innovation Sandbox Contest

• How and why you should secure APIs

• DevOps release process

• How to Choose Tech Stack for Mobile App Development

• Zero trust is more than just vendors and products – it requires process

• For Smaller Enterprises Infrastructure Security Starts With Hygiene

• Ransomware Attack Closes Michigan College

• NortonLifeLock Willfully Infringed Malware Patents

• How to Create a Cybersecurity Mentorship Program

• Digital Rights Updates with EFFector 34.3

• Intelligent application protection from edge to cloud with Azure Web Application Firewall

• State-backed hacking group from China is targeting the Russian military

• Storytelling and slide decks

• Trying to Catch the Big Phish

• Driverless vehicles are finally hitting city streets

• Hackers used the Log4j flaw to gain access before moving across a company’s network, say security researchers

• Radware Launches SkyHawk Security, a Spinoff of Its Cloud Native Protector Business

• A DNS flaw impacts a library used by millions of IoT devices

• How to Send Ctrl-Alt-Delete in a Remote Desktop Session?

• Cryptocurrency Usage – What Are the Numerous Uses?

• Elon Musk Said Twitter DMs Should Have End to End Encryption

• The Rise of Cybercrime – An Overview

• Cyberattack Causes Disruptions at Car Rental Giant Sixt

• OccamSec Unveils New Cybersecurity Platform

• Teleport Raises $110 Million Series C at $1.1 Billion Valuation Led by Bessemer Venture Partners

• Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches

• Detecting Targeted Attacks on Public Cloud Services with Cisco Secure Cloud Analytics

• Botnet That Hid For 18 Months Boasted Some Of The Coolest Tradecraft Ever

• Spanish Prime Minister’s Phone Targeted With Pegasus Spyware

• Aruba, Avaya Network Switches Vulnerable To SSL Flaws

• Crypto Hackers Have Stolen More Than $370 Million In April Alone

• Phishers exploit Google’s SMTP Relay service to deliver spoofed emails

• All Organisations Must Report Cybersecurity Beaches Within 6 Hours: CERT-In

• SEC Proposes New Cybersecurity Rules for Financial Services

• Microsoft’s standalone Defender for Business hits GA

• DoD Announces Results of Vulnerability Disclosure Program for Defense Contractors

• Identity-Based Infrastructure Access Firm Teleport Raises $110 Million

• Traceable AI Snags $60M for API Security Tech

• Developing Software? Get Accountability Right First

• SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse

• What Does the 2022 NDS Fact Sheet Imply for the Forthcoming Cyber Strategy?

• US Department of Defence Hit By $23m Phishing Attack

• Fortify Your Infosec Architecture & Zero Trust Strategy with Defense-in-Depth & Endpoint Encryption>

• Craft fair vendors targeted by fake event scammers on Facebook

• Here’s how hackers used the Log4j flaw to gain access before moving across a company’s network

• What’s behind the record‑high number of zero days?

• Hands-on Cybersecurity Skills Training on a Budget: Tips to Get the Most Out of Your Money

• Airdrop phishing: what is it, and how is my cryptocurrency at risk?

• US healthcare billing services group hacked, affecting at least half a million individuals

• CCSP Exam – Many Changes on the Way!

• Germany Warns Of Ukraine Crisis Hacking Risk

• Over 50 countries sign the “Declaration for the Future of the Internet”

• ShiftLeft Raises $29 million for AppSec platform that prioritizes vulnerabilities attackers are most likely to exploit

• Kintent is transforming compliance into a revenue-generating tool

• Teleport raises $110M to help engineers access infrastructure remotely

• Mozilla: Lack of Security Protections in Mental-Health Apps Is ‘Creepy’

• Deepfakes Are a Growing Threat to Cybersecurity and Society: Europol

• Many IoT Devices Exposed to Attacks Due to Unpatched Flaw in uClibc Library

• TLS Flaws Leave Avaya, Aruba Switches Open to Complete Takeover

• Experts Analyze Conti and Hive Ransomware Gangs’ Chats With Their Victims

• RSAC Innovation Sandbox Contest finalists announced

• Experts Analyze Conti and Hive Ransomware Gangs Chats With Their Victims

• Microsoft Plan To Launch Built-In VPN With Edge Browser

• Syxsense launches unified endpoint management and security solution

• Enpass launches first offline password management tool for enterprises

• What to expect when negotiating with Conti and Hive ransomware gangs

• VFunction deploys AI to improve code and fix technical debt

• Open-source security: It’s too easy to upload ‘devastating’ malicious packages, warns Google

• Vulnerabilities in Aruba and Avaya Switches Expose Enterprise Networks to Attacks

• California Man Convicted for Stealing Millions From DoD via Phishing Scheme

• SECURITY ALERT: Active Golang-Written Botnet StealthWorker Infects Thousands of Websites via Distributed Brute-Force Attacks.

• Podcast Episode: Teaching AI to Its Targets

• How To Safeguard Your Cryptocurrency Investments?

• TLStorm 2.0 – Airports, hospitals, hotels and enterprises at risk to new vulnerabilities

• SEC Nearly Doubles Staff Of Crypto Enforcement Group

• China-linked Moshen Dragon abuses security software to sideload malware

• TLStorm 2.0: Critical bugs in widely-used Aruba, Avaya network switches

• Hacking Group Moshen Dragon Targets Asian Telecommunication Companies

• Alibaba Shares Briefly Plunge After Report About ‘Ma’

• Most Reliable Hosting Company Sites in April 2022

• May The Fourth Be with You: Jedi Mind Tricks and Scams

• Russian Cyberspies Target Diplomats With New Malware

• Michigan College Cancels Classes After Ransomware Attack

• Threat Actors Sent Malicious Emails Using Google SMTP Relay Service

• Will Multi-Factor Authentication (MFA) Implementation Protect Countries from Cybercriminals?

• Why Do You Need a Malware Sandbox?

• Critical vulnerabilities found in ‘millions of Aruba and Avaya switches’

• Mental Health and Prayer Apps Fail the Privacy Test

• Cyber-espionage group targets Asian telecomms

• Internet scams are a daily reality for the UK

• Google Fires Senior Researcher In Latest AI Row

• Car Rental Giant Sixt Hit by Cyber-Attack

• Spyware discovered on Spanish PM’s phone

• Google Rolls Out Developer Preview of Android Privacy Sandbox

• UNC3524 APT uses IP cameras to deploy backdoors and target Exchange

• 4 Reasons Why Data Science Is One of the Best Fields of Work

• Union Loses Second Amazon Staten Island Vote

• Silicon UK In Focus Podcast: The Impact of SaaS

• Ponzi Scheme Suspect Deported to China After $36m Bust

• CISA’s 2021 Top-15 routinely exploited Vulnerabilities – Check Point customers remain fully protected

• Privacy pathology: It’s time for the users to gather a little data. Evidence

• How to keep your passwords safe online

• Musk ‘In Talks’ With Potential Partners For Twitter Financing

• Some US travel applicants now have to provide their social media account details

• Here’s how self-help apps violate your privacy, sell your information

• Google starts testing fenced frames to guard its Privacy Sandbox

• More transparency from developers is coming to the Google Play Store

• Phylum strengthens mission to defend the software supply chains

• ISE business value and ROI uncovered in Forrester study

• Package Analysis dynamic analyzes packages in open-source repositories

• Dell targets multi-cloud ecosystem with cyber recovery and data analytics

• Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector

• AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection

• Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices

• CMS-based sites under attack: The latest threats and trends

• Pegasus malware installed on Spanish PM Phone

• Microsoft confirms Russian Cyber Attacks on Ukraine coincided with Military Strikes

• New Hacker Group Pursuing Corporate Employees Focused on Mergers and Acquisitions

• How to implement a best-in-class SASE architecture

• Corporate structure and roles in InfoSec

• GitHub Says Recent Attack Involving Stolen OAuth Tokens Was “Highly Targeted”

• Discover your public cloud exposure with Recon.Cloud

• Password tips to keep your accounts safe

• [Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1)

• CACI DarkBlue Intelligence now has access to cryptocurrency data

• CommScope XGS-PON: Accelerating FTTP deployments

• Computer Services to resell FINBOA dispute management software

• C2A Security and Stefanini to bring a robust cybersecurity solution to the automotive industry

• How XDR provides protection against advanced exploits

• Vulnerability Summary for the Week of April 25, 2022

• PagerDuty appoints Katherine Post Calvert as CMO

• Accenture acquires akzente to strengthen sustainability capabilities

• Vulnerability Summary for the Week of April 25, 2022

• Nicole Anasenes elected to the VMware board of directors

• Andrew Hallman joins Peraton as VP, National Security Strategy and Integration

• How to make SSH even easier to use with config files

• Russia to Rent Tech-Savvy Prisoners to Corporate IT?

• Grindr User Data For Sale, Expert Reaction

• Arctic Wolf appoints Duston Williams as CFO

• The Aftermath, Episode 3: Congress Responds

• How Can One Know When To Trust Hardware and Software?

• World Password Day 2022 – Commentary

• IT Security News Daily Summary 2022-05-02

• Ransomware attacks more frequent, damaging and costly

• Cybersecurity and supply chain essential for building tomorrow’s digital infrastructure

• Google Offers $1.5M Bug Bounty for Android 13 Beta

• New Bumblebee Malware Loader Emerges To Replace IcedID and BazaLoader

• NJ combats vehicle theft with license plate readers

• Do phishing simulations work? Sometimes

• CIA taps its first chief technology officer

• Technology trade groups urge Congress to add $300 million to the TMF

• Tracking Exposed: Demanding That the Gods Explain Themselves

• Using Unsupervised Learning to Combat Cyber Threats

• GAO dismisses final CIO-SP4 protests

• Security is a pain for American Dental Association: Ransomware infection feared

• WinMagic SecureDoc for Linux: Fortify Your Infosec Architecture & Zero Trust Strategy with Defense-in-Depth & Endpoint Encryption>

• Compliance does not equal security: 7 cybersecurity experts share their insights

• Onyx Ransomware Destroys Large Files Instead of Locking Them

• Microsoft announces Microsoft Defender for Business (for SMBs)

• SSE kicks the ‘A’ out of SASE

• Car rental company Sixt hit by a cyberattack that caused temporary disruptions

• Amid Ukraine War, China Announces “Global Security Initiative”

• The EU Digital Markets Act Places New Obligations on “Gatekeeper” Platforms

• Numerous “ExtraReplica” Bugs In Microsoft Azure Exposed Databases

• New Regulations in India Require Orgs to Report Cyber Incidents Within 6 Hours

• The EU Digital Markets Act’s Interoperability Rule Addresses An Important Need, But Raises Difficult Security Problems for Encrypted Messaging

• Microsoft launches Defender for Business to help protect small and medium businesses

• NIST Seeking Feedback for a New Cybersecurity Framework and Supply Chain Guidance

• GitHub Says Recent Attack Was Highly Targeted

• 6 Best Practices to Ensure Kubernetes Security Meets Compliance Regulations

• Latest Phishing Campaign Deploys Malware and Steals Critical Information

• Dell brings data recovery tools to Apex and the cloud

• Spyware Found on Spanish PM’s Phone

• Lapsus$ Targeting SharePoint, VPNs and Virtual Machines

• Attackers Use Stolen OAuth Access Tokens to Breach Dozens of GitHub Repos

• Analysis on recent wiper attacks: examples and how wiper malware works

• Next CISO headache: Vendor cyber insurance

• Indian Government Asked Requiring Organizations to Report Cybersecurity Incidents within Six Hours

• Russia-Ukraine war prompts security best practices refresher

• Name That Edge Toon: Flower Power

• MDT Recognized by NACUSO as 2022 CUSO of the Year

• Drawbridge Rebrands to Highlight its Evolution and Commitment to Client Centricity and Innovation

• SBA looks to promote disadvantage businesses with 2023 budget request

• Spanish PM, defense minister latest Pegasus spyware victims

• Californian Phished $23.5m from DoD

• American Idol Winner Accused of Spying on Ex-girlfriend

• Watch out for these 3 small business cybersecurity mistakes

• 17 Reasons Why You Should Use an iPod touch in 2022

• Meta, Tracking Code, And The Student Financial Aid Website

• Wikimedia Foundation Stops Accepting Cryptocurrency As Donations

• Data-Wiper Malware Surges As Ukraine Battles Ongoing Invasion

• Mozilla Finds Mental Health Apps Fail Spectacularly At User Security, Data Policies

• Announcing new investments to help accelerate your move to Azure

• AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell

• The mystery behind the samples of the new REvil ransomware operation

• Technologies Useful In the Pandemic Are Challenging Privacy Now

• Pentagon Names Chief Digital and Artificial Intelligence Officer (CDAO)

• Smallstep Raises $26 Million for Automated Certificate Management Platform

• Security Stuff Happens: What Do You Do When It Hits the Fan?

• Which Hole to Plug First? Solving Chronic Vulnerability Patching Overload

• Chinese “Override Panda” Hackers Resurface With New Espionage Attacks

• What Extremism Means to the Federal Government

• Spanish Prime Minister, Defence Minister ‘Hacked With Pegasus’

• CISA points to water sector in seeking $80 million more for FEMA grants

• Pentagon Names Chief Digital and Artificial Intelligence (AI) Officer

• New Black Basta Ransomware Possibly Linked to Conti Group

• 3 Best Practices to Avoid Inevitable Ransomware Attacks

• The Benefits of Hyperautomation

• European Commission Hits Apple Pay With Antitrust Charge

• Bad Actors Are Maximizing Remote Everything

• REvil Ransomware Makes a Comeback

• Deep Dive: Protecting Against Container Threats in the Cloud

• Google Offering Up to $1.5 Million for Android 13 Beta Exploits

• Google offers 50% higher bounties for bugs in Android 13 Beta

• Mental Health and Prayer Apps Do Not Meet Mozilla’s Minimum Security Standards

• UniverSIS Platform Vulnerability Could Allow Manipulating Students’ Grades

• Package Analysis – OpenSSf Tool to Detect Malicious Packages in Popular Open-Source Repositories

• Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia

• Google Calls For Dismissal Of £1.25bn EU Antitrust Fine

• The VC View: The DevSecOps Evolution and Getting “Shift Left” Right

• Cybersecurity M&A Roundup: 37 Deals Announced in April 2022

• Bored Ape Start-Up Raises Millions In Virtual Land Sale

• Check Point’s Quantum IoT Protect Identified Hacked IoT Devices & Protects a Customer from a Cyber-Attack

• Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of April 25, 2022

• New ‘Bumblebee’ Malware Loader Used by Several Cybercrime Groups

• Spain: 2021 Spyware Attack Targeted Prime Minister’s Phone

• Volkswagen In ‘Long-Term Chip Deal’ With Qualcomm

• Amazon Wins Hearing That Could Overturn Union Vote

• Mozilla finds mental health apps fail ‘spectacularly’ at user security, data policies

• A week in security (April 25 – May 1)

• Ransomware Study 2022: attacks are up, ransom payments are increasing

• Snap Releases Pocket-Sized ‘Flying Camera’ For Selfies

• IoT and Cybersecurity: What’s the Future?

• Group-IB CEO remains in prison – the Russian-led company has been ‘blacklisted’ in Italy

• Diversity initiatives needed to set cybersecurity skills shortage right

• 345,000 People are Affected by a Data Breach at ARcare

• Google Releases First Developer Preview of Privacy Sandbox on Android 13

• Russia-linked APT29 targets diplomatic and government organizations

• How is the U.S. government preparing for critical infrastructure attacks?

• PayHere – 1,580,249 breached accounts

• Insider Threat alert as school district employee mines cryptocurrency without permission

• Know more about YO-YO DDoS Attacks

• Here’s a New Tool That Scans Open-Source Repositories for Malicious Packages

• Pentagon still not taking full advantage of rapid acquisition authorities, former official says

• Cybersecurity skills shortage: Could training, certifications and diversity be a solution?

• How to avoid security blind spots when logging and monitoring

• OSINT: The privacy risks of sharing too much information

• Tripwire Patch Priority Index for April 2022

• 55% of people rely on their memory to manage passwords

• Directorate of Enforcement seizes $725 million from Xiaomi India

• Infosec products of the month: April 2022

• 11:11 Managed Security Services protects customers against malicious activities

• Aimware – 305,470 breached accounts

• Nebulon extends 4-minute ransomware recovery for 2-node management clusters on Dell PowerEdge servers

• Robo-debt Royal Commission, eSafety capabilities and anti-trolling laws on the Australian election agenda

• Data Protection as the Foundation of Trust: Celebrating Privacy Awareness Week in APAC

• GitHub Shares Details About The Stolen OAuth User Tokens Breach

• New RIG Exploit Kit Campaign Drops Redline Stealer Malware

• An npm Registry Bug Allowed Adding Random Maintainers To Malicious Packages

• Musk’s Twitter goal of authenticating all users is good for ending bots but bad for humans

• Devil-Torrents.pl – 63,451 breached accounts

Generated on 2022-05-03 23:55:27.992567

Liked it? Take a second to support IT Security News on Patreon!