IT Security News Daily Summary 2022-05-11

• Real win vs. privacy theater: Google’s new personal information removal policy

• How Radiflow helps CISOs secure operational technology environments

• PlainID Debuts Authorization-as-a-Service Platform

• ICE has assembled a ‘surveillance dragnet’ with facial recognition and data, report says

• Ready, IAM, Fire: How Weak IAM Makes You a Target

• Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing Comes

• Going the Extra Mile: What It Takes to Be a Responsible Cyber Power

• US, allies warn of nation-state attacks against MSPs

• Android 13 Tries to Make Privacy and Security a No-Brainer

• Government agencies warn of increase in cyberattacks targeting MSPs

• I/O 2022: Android 13 security and privacy (and more!)

• EFF to Court: Fair Use is a Right Congress Cannot Cast Aside

• CISA, the NSA and the FBI warn about an increase in cyber attacks targeting MSPs

• Google I/O: New security features include virtual credit cards, account safety status

• Orca Security Unveils Context-Aware Shift Left Security to Identify and Prevent Cloud Application Security Issues Earlier

• Microsoft Simplifies Security Patching Process for Exchange Server

• Fraudulent ‘Bot-driven’ College Enrollment up 50%, New Study Finds

• Man Sentenced for Stealing from PayPal Accounts in Wire Fraud Scheme

• Taking on the Next Generation of Phishing Scams

• How to Disable Ad ID Tracking on iOS and Android, and Why You Should Do It Now

• Why you need to add a trust and safety officer to the leadership team

• British Man Charged With Hacking US Bank Computers, Stealing Millions

• Top 6 Security Threats Targeting Remote Workers

• Keeper Security Partners with SHI International for New Fully Managed IT Service (SHI Complete)

• NSA Warns Managed Service Providers Are Now Prime Targets for Cyberattacks

• Multiple Organizations Targeted by Conti Ransomware Worldwide

• MM.Finance, a DeFi platform, Had More Than $2 Million Stolen

• 6 Legal and Free Streaming Services to Consider in 2022

• Measuring the administrative burden of government programs

• Email Security Vendors Score Billion-Dollar Valuations

• MITRE ATT&CK and SIEM Rules: What Should Your Expectations Be?

• Quantum Ransomware Strikes Quickly, How to Prepare and Recover

• Breaking Down the Strengthening American Cybersecurity Act

• Concentric AI Raises Series A Funding Led by Ballistic Ventures to Autonomously Secure Business-Critical Data

• Microsoft Releases May 2022 Security Updates

• Google Releases Security Updates for Chrome

• Cybersecurity and resilience: board-level issues

• Biden Announces Discounted Internet For Low-Income Americans

• 21 Million Records of VPN Users Leaked on Telegram

• Lawmakers balk at possible service changes at launch site of VA’s new health record

• Material Security Reaches $1.1 Billion Valuation for ‘Zero Trust’ Security on Microsoft and Google Email

• Microsoft Releases May 2022 Security Updates

• Google Releases Security Updates for Chrome

• Help Employees and Consumers Avoid Self-inflicted Cybersecurity Mistakes

• Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders

• Chrome 101 Update Patches High-Severity Vulnerabilities

• The Importance of Wellness for Security Teams

• Facebook Turns Off Augmented Reality Filters In Two States Over Privacy Concerns

• SpyCloud Report: Fortune 1000 Employees Pose Elevated Cyber Risk to Companies

• The EU Wants Big Tech to Scan Your Private Chats for Child Abuse

• CISA Adds One Known Exploited Vulnerability to Catalog

• Why the World Needs ZTNA 2.0

• UK National Cyber Security Centre launches Email Security Service

• How to delete your Twitter account and protect your data

• SaaS App Vanity URLs Can Be Spoofed for Phishing, Social Engineering

• CISA Adds One Known Exploited Vulnerability to Catalog

• Fresh Ransomware Samples Indicate REvil Is Back

• Actively Exploited Zero-Day Bug Patched By Microsoft

• Western Governments Accuse Russia Of Hacking US Satellite Internet Provider

• Russia Fails To Recover RuTube Access On Third Day Of Outage

• Lincoln College Shuts Permanently After Ransomware Attack

• Fake WHO Safety Emails on COVID-19 Dropping Nerbian RAT Across Europe

• How to Hash, Salt, and Verify Passwords in NodeJS, Python, Golang, and Java

• Ransomware Attack a Nail in the Coffin as Lincoln College Closes After 157 Years

• It’s a party! Cisco SecureX at RSAC and Cisco Live US 2022

• Update now! Microsoft releases patches, including one for actively exploited zero-day

• Intel announces new security as-a-service to deliver confidential computing

• Intel’s Project Amber provides security for confidential computing

• Cybersecurity has a desperate skills crisis. Rural America could have the answer

• How to delete yourself from internet search results and hide your identity online

• Most Brazilian companies don’t pay to get data back after ransomware attacks

• Ransomware is a national security threat, so please tell us about attacks, says government

• Fresh ransomware samples indicate REvil is back

• Five Eyes Nations Issue New Supply Chain Security Advisory

• ICE Is a Domestic Surveillance Agency

• Chip Shortage Sees BMW Deliver Cars Without Android Auto, Apple CarPlay

• Cohesity delivers a SaaS data isolation and recovery solution

• Opportunity out of crisis: Tapping the Great Resignation to close the cybersecurity skills gap

• The Danger of Online Data Brokers

• Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers

• Hackers are using tech services companies as a ‘launchpad’ for attacks on customers

• CISA adds actively exploited critical F5 BIG-IP bug to its must-patch list

• Cybersecurity has a desperate skills crisis: Rural American could have the answer

• Healthcare Technology Provider Omnicell Discloses Ransomware Attack

• Vanity URLs Could be Spoofed for Social Engineering Attacks

• Researchers uncover URL spoofing flaws on Zoom, Box, Google Docs

• NCSC Confirms Russia Responsible For Viasat Hack

• Concentric AI to autonomously secure business-critical data with $14.5M series A funding

• ServiceNow launches major new features for cloud IT service management

• Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia

• Why Its So Important For Organisations To Put Staff Welfare First When A Cyber-attack Strikes.

• British Man Charged In New York With Hacking Into Bank Computers, Stealing Millions

• Wannacry – 5 Years On, 68% Of Enterprises Are Still At Risk

• 31,000 FTSE 100 Logins Found On Dark Web

• A New Phishing-as-a-Service Toolkit Was Discovered

• Novel Phishing Trick Uses Weird Links to Bypass Spam Filters

• Intel Memory Bug Poses Risk for Hundreds of Products

• Protecting payments in an era of deepfakes and advanced AI

• Webinar Today: Managing IoT/OT Visibility, Protection and Monitoring in a Zero Trust Environment

• ICS Patch Tuesday: Siemens, Schneider Electric Address 43 Vulnerabilities

• Protecting Against Cyber Threats to Managed Service Providers and their Customers

• CISA Joins Partners to Release Advisory on Protecting MSPs and their Customers

• Ivanti and Lookout partner together to help organizations develop their zero trust security posture

• ForgeRock releases AI-driven anti-fraud solution

• Elon Musk says Russian efforts to jam Starlink are ‘ramping up’

• Africa Grapples With Way Forward on Cybercrime

• Protecting Against Cyber Threats to Managed Service Providers and their Customers

• CISA Joins Partners to Release Advisory on Protecting MSPs and their Customers

• New ransomware trends in 2022

• How Traffic Analysis Boosts Ecommerce Profits

• Progress launches Chef Cloud Security to extend DevSecOps to cloud-native assets

• Actively Exploited Zero-Day Bug Patched by Microsoft

• SAP Patches Spring4Shell Vulnerability in More Products

• Thousands of Top Websites See What You Type—Before You Hit Submit

• Next-Generation CMS: Why Advanced Content Management is the Key to Sustained Growth and Profitability

• April 2022’s Most Wanted Malware: A Shake Up in the Index but Emotet is Still on Top

• Ransomware Deals Deathblow to 157-year-old College

• Critical Vulnerability Exploited to ‘Destroy’ BIG-IP Appliances

• Apple To Discontinue The iPod

• Windows Print Spooler Vulnerabilities Increasingly Exploited in Attacks

• Novel Nerbian RAT Lurks Behind Faked COVID Safety Emails

• Researchers Warn of Nerbian RAT Targeting Entities in Italy, Spain, and the U.K

• Windows Print Spooler Exploit: the Path for Threat Actors to Perform 65,000 Cyberattacks

• 5 Key Learnings from Intel’s 2021 Product Security Report

• Defending Your Remote Workforce with Zero Trust Security

• Dell & Apple to Face Lawsuit After the Company Failed to Provide paid-for Services

• Ransomware in numbers: How 2,500 potential targets turns into one actual attack

• Microsoft: Ransomware Relies on the Gig Economy

• NCSC’s Free Email Security Check Spots Domain Issues

• CNI firms see cyberattack surge

• A Complete Guide to Desktop as a Service (DaaS)

• Elon Musk To Reverse ‘Stupid’ Twitter Ban Of Donald Trump

• Malicious NPM Packages Target German Companies in Supply Chain Attack

• How to blur your house on Google Maps and why you should do it now?

• Spain sacks spy chief over Pegasus scandal

• Canon printer owners: Be careful of bogus driver download sites

• Deep-Sea Phishing: How to defend against attacks

• Microsoft Fixes Three Zero-Days in May Patch Tuesday

• Yahoo Japan strives for universal passwordless authentication

• E.U. Blames Russia for Cyberattack on KA-SAT Satellite Network Operated by Viasat

• Which phishing scams are trending in 2022?

• EU condemns Russian cyber operations against Ukraine

• Microsoft Patch Tuesday updates for May 2022 fixes 3 zero-days, 1 under active attack

• Hackers try to cyber scam by posing Chief Executive of Lincoln College

• Ransomware attack shuts down a US College permanently

• Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates

• Ransomware works fast, you need to be faster to counter it

• Adding Guardrails To A Cloud Account After The Fact

• An offensive mindset is crucial for effective cyber defense

• Sarah Fay Appointed Chair of Ziff Davis Board of Directors

• Lattice to Host Virtual Seminar on Cyber Resiliency for Firmware Protections and Supply Chain Security

• Cyber Security Leader guardDog.ai Wins CE Pro/Commercial Integrator 2022 Top New Technology (TNT) Award

• Endpoint security and remote work

• Is that health app safe to use? A new framework aims to provide an answer

• Google Drive emerges as top app for malware downloads

• Password reuse is rampant among Fortune 1000 employees

• Microsoft Patch Tuesday, May 2022 Edition

• HackerOne Attack Resistance Management increases customers’ cyber resilience

• SecureAge CatchPulse safeguards enterprises against complex security threats

• Download guide: Evaluating third-party security platforms

• Elon Musk plans to reverse Donald Trump’s permanent ban on Twitter

• Zerto enhances ransomware recovery capabilities to address a wide range of data protection issues

• Cloud Security Management by Deloitte helps organizations secure their cloud environments

• GlobalSign Ready S/MIME feature enables users to secure email certificates

• Sternum releases live attack simulation platform for IoT devices

• Onapsis Assess Baseline protects mission-critical SAP applications

• Five Eyes pin Russia for pre-Ukraine invasion attack on Viasat

• Microsoft closes Windows LSA hole under active attack

• Hackers Hit Web Hosting Provider Linked to Oregon Elections

• Druva partners with AWS to deliver cloud-first data protection across multiple applications

• Confronting Misinformation in the Age of Cheap Speech

• YL Ventures announces $400 million fund to boost Israeli cybersecurity innovation

• Abnormal Security raises $200 million to provide email security solutions for businesses

• What to Patch Now: Actively Exploited Windows Zero-Day Threatens Domain Controllers

• Susan Walker joins Jumio as CFO

• Email domain for NPM lib with 6m downloads a week grabbed by expert to make a point

• County completes 5-year telecom modernization

• How moving HR, finance to the cloud raised city efficiency, security

• GuidePoint Security University helps develop and advance cybersecurity skills

• Arctic Wolf launches a new research-focused division to help customers stay ahead of threat actors

• OpenSSF announces 15 new members to tackle supply chain security challenges

• Onapsis appoints Simon Naylor as VP, Asia Pacific

• US Pledges to Help Ukraine Keep the Internet and Lights On

• What Companies Can Do Now to Protect Digital Rights In A Post-Roe World

• IT Security News Daily Summary 2022-05-10

• Federal CIO talks customer experience

• Signals along ‘Smart Spines’ optimize traffic flow

• VERT Threat Alert: May 2022 Patch Tuesday Analysis

• US, Europe formally blame Russia for data wiper attacks against Ukraine, Viasat

• As important as bulletproof vests: Yubico sends 20,000 keys to Ukrainian government and energy agencies

• APT34 targets Jordan Government using new Saitama backdoor

• Senate bill to update 1960s-era cooperation rules wins support from leading state and local groups

• Docker Desktop for Linux finally arrives

• Hackers have carried out over 65,000 attacks through Windows’ Print Spooler exploit

• US, EU attribute Viasat hack to Russia

• Case study: Scaling DevSecOps at Comcast

• Cyber assistance ranks high on National Guard requested services, chief says

• What are some tips for storage of sensitive data?

• Hackers Are Now Exploiting Windows Event Logs

• AMD Gave Google Cloud Rare Access to Its Tech to Hunt Chip Flaws

• CISA Adds One Known Exploited Vulnerability to Catalog

• Microsoft patches Windows LSA spoofing zero-day under active attack (CVE-2022-26925)

• Security Above and Beyond CNAPPs

• It’s time for startups to get proactive and prioritize security

• Data collection featured in new bill targeting equity at FEMA

• Red Hat Enterprise Linux 9: Security baked in

• CISA Adds One Known Exploited Vulnerability to Catalog

• Reproductive Privacy Requires Data Privacy

• Caramel Credit Card Theft is Proliferating Day by Day

• Survey: 93% of Americans fear cyber warfare against U.S.

• Internet service essentially free for millions under new Biden program

• New Malware Samples Indicate Return of REvil Ransomware

• Patch Tuesday: Microsoft Warns of New Zero-Day Being Exploited

• Semiconductor Investments Won’t Pay Off If Congress Doesn’t Fix the Talent Bottleneck

• Personal details of 21M SuperVPN, GeckoVPN users leaked on Telegram

• Microsoft Azure Vulnerability Allowed Code Execution, Data Theft

• Lincoln College Set to Close After Crippling Cyberattack

• FirstNet, NIST launch immersive emergency response training lab

• Colonial Pipeline facing $1,000,000 fine for poor recovery plans

• Electric eels inspired the first battery two centuries ago and now point a way to future battery technologies

• Adobe Warns of ‘Critical’ Security Flaws in Enterprise Products

• Podcast Episode: The Philosopher King

• A Token of Thanks for a Brighter Future

• SoftServe Opens Delivery Center in Bucharest, Romania to Expand Regional Capabilities

• Consilio Announces Launch of Complete Enterprise to Drive Evolution for Legal Operations with Proven Technology and People Solutions

• What to look for in a vCISO as a service

• How and why you should secure APIs

• DevOps release process

• Spain’s Spy Chief Sacked Over Pegasus Scandal

• Cybercriminals Are Increasingly Exploiting Vulnerabilities in Windows Print Spooler

• Microsoft Releases Security Advisory for Azure Data Factory and Azure Synapse Pipelines

• U.S. Government Attributes Cyberattacks on SATCOM Networks to Russian State-Sponsored Malicious Cyber Actors

• Microsoft security experts outline next steps after compromise recovery

• Fake Crypto Giveaways Use Elon Musk Ark Invest Video to Steal Millions of Dollars

• South Korea Joins NATO’s Cyber Research Centre, Becomes First Asian Member

• Watch out for these signs to know whether your phone is hacked

• Ransomware has gone down because sanctions against Russia are making life harder for attackers

• Many security executives say they’re unprepared for the threats that lie ahead

• Credit card skimming services make it easy for low-level cybercriminals to join the game

• Onapsis Announces New Offering to Jumpstart Security for SAP Customers

• 5-Buck DCRat Malware Foretells a Worrying Cyber Future

• Arctic Wolf Launches Arctic Wolf Labs Focused on Security Operations Research and Intelligence Reporting

• Microsoft Releases Security Advisory for Azure Data Factory and Azure Synapse Pipelines

• U.S. Government Attributes Cyberattacks on SATCOM Networks to Russian State-Sponsored Malicious Cyber Actors

• Patch Tuesday

• Best Business Continuity Software in 2022

• Malware goes regional as attackers change tactics

• Microsoft: The ransomware world is changing, here’s what you need to know

• Microsoft fixed RCE flaw in a driver used by Azure Synapse and Data Factory

• More and More Companies Are Getting Hit with Ransomware [2021-2022]

• What Do Financial Institutions Need to Know About the SEC’s Proposed Cybersecurity Rules?

• Western Intelligence Blames Russia for Europe-Wide Cyber-Attack

• Mastering the New CISO Playbook

• Fostering a culture that normalizes mental health discussions

• The Business Case for Modernizing On-Premises and Cloud-Based Database Security

• IBM ‘Unsure’ How Long It Can Keep Paying Russian Staff

• This AI Can Generate Unique and Free Bored Ape NFTs

• Lincoln College Closed its Doors after 157 Due to Recent Cyber Attack

• New REvil Samples Indicate Ransomware Gang is Back After Months of Inactivity

• Mental Health Awareness Week: How Does Cybercrime Affect Victims’ Mental Wellbeing?

• Horizon3ai Publishes Root Cause Of CVE-2022-1388, F5’s BIG-IP iControl REST Endpoint Critical Vulnerability

• Client side scanning may cost more than it delivers

• Vulnerabilities That Allow Hijacking of Most Ransomware to Prevent File Encryption

• Meta Criticises ‘Clearly Flawed’ German Decision In Court

• Abnormal Security Raises $200 million to thwart phishing emails

• Red Hat Enterprise Linux 9 offers new solution to verify the integrity of OS’s

• Government hackers made hundreds of thousands of stolen credit cards ‘worthless’ to crooks

• Hackers Actively Exploit F5 BIG-IP Bug

• SANS 2022 Cloud Security Survey

• 2022 Cyber Defenders Playbook

• Webinar Optimizing Your Azure Sentinel Platform

• A Complete Guide to Modernizing Your Security Operations Center

• Email Security Firm Abnormal Security Raises $210 Million at $4 Billion Valuation

• YL Ventures Closes $400 Million Cybersecurity Investment Fund

• How to Check If Your F5 BIG-IP Device Is Vulnerable

• Experts Detail Saintstealer and Prynt Stealer Info-Stealing Malware Families

• What Does The Future Hold For Blockchain Within Third-Party Risk Management?

• Response To Queen’s Speech Data Reform Bill “Government And Business Must Approach Privacy And Innovation As Partners”

• Patch Tuesday May 2022 – Microsoft Pledges Fixes and Improvements for Azure Synapse Pipeline and Azure Data Factory

• DarkCrystal RAT Offers Many Capabilities for Very Low Price

• Managing Red Hat Enterprise Linux at the edge

• “Chemical attack” email warnings deliver Jester Stealer malware

• Conti Ransomware Attack Spurs State of Emergency in Costa Rica

• Technical Details, IoCs Available for Actively Exploited BIG-IP Vulnerability

• Spain’s Spy Chief Sacked Over Phone Hacking Scandal

• EU Blames Russia for Satellite Hack Ahead of Ukraine Invasion

• #CYBERUK22: Jeremy Fleming Argues Offensive Capabilities Required to Be Global Cyber Power

• Cisco Partner Story: Security Resilience is a Journey, Not a Destination

• Don’t Underestimate the DCRat Malware!

• Funding Round Values Cryptocurrency Exchange KuCoin At $10bn

• Crypto romance scams steal victims’ life savings

• Cloud computing security: New guidance aims to keep your data safe from cyberattacks and breaches

• Ransomware attack and COVID woes force this 150-year-old college to shut down

• India Demands VPNs, VPS, And Crypto Exchanges To Log User Data

• New malware attack stores payloads in the Windows event log

• QNAP Patches Critical Vulnerability in Network Surveillance Products

• Critical F5 BIG-IP Vulnerability Exploited by Hackers

• Examining the Black Basta Ransomware’s Infection Routine

• Former Meta Content Moderator Sues Company In Kenya

• Info-stealer Campaign targets German Car Dealerships and Manufacturers

• 7 Steps to Start Reducing Risk to Your Critical Infrastructure Quickly

• Microsoft Flexes Security Vendor Muscles With Managed Services

• Lincoln College to Close

• Sony Plans To Sell 18 Million PlayStation 5 Consoles This Year

• Scammer posed as cybersecurity chief in phishing email

• Microsoft Mitigates RCE Vulnerability Affecting Azure Synapse and Data Factory

• NCSC shut down 2.7 million scams in 2021

• Cyberattacks lead to US college closure

• A New Regulation Seeks to Secure Non-HIPAA Digital Health Apps

• Critical Infrastructure Firms See Cyber-Attacks Surge

• Research finds over 31,000 stolen credentials from the FTSE 100 on the Dark Web

• Tesla ‘Halts Most Production’ At Shanghai Plant

• UK Government Security Experts Take Down 2.7 Million Scams

• Researchers Find 31,000 FTSE 100 Logins on Dark Web

• U.S. Proposes $1 Million Fine on Colonial Pipeline for Safety Violations After Cyberattack

• Musk Lays Out Twitter Plans In Leaked Document

• Multiple QNAP Flaws Let attackers to Access and Read Sensitive Data

• Top 7 Speech-to-Text Apps for Students: Free and Paid

• Clearview AI agrees to restrict sales of facial recognition technology

• Threat actors are actively exploiting CVE-2022-1388 RCE in F5 BIG-IP

• Hacktivists hacked Russian TV schedules during Victory Day and displayed anti-war messages

• Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

• Russian TV hacked on Victory Day Military Parade

• China to discard 50 million computers because of software security concerns from US tech war

• Critical Gems Takeover Bug Reported in RubyGems Package Manager

• Clearwater AI agrees to restrict sales of facial recognition technology

• Five Arctic Wolf Leaders Recognized by CRN as 2022 Women of the Channel

• Celebrating Service and Diversity – Nominate a Colleague Today!

• Analysis on recent wiper attacks: examples and how wiper malware works

• Next CISO headache: Vendor cyber insurance

• Threats to hardware security are growing

• Researchers discover hackers using SEO to rank malicious PDFs on search engines

• How to set up a powerful insider threat program

• Building a Strong Business Case for Security and Compliance

• Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

• Industry pushes back against India’s data security breach reporting requirements

• Codenotary adds observability for Kubernetes and VMware environments

• ADVA OSA SoftSync brings PTP timing technology to server-hosted applications and virtual machines

• Low-rent RAT Worries Researchers

• Settlement Curbs Firm’s Facial Recognition Database in US

• How to Check if Your F5 BIG-IP Device Is Vulnerable

• Stellar Cyber collaborates with NGBPS LIMITED to bring Open XDR to India

• Avaya partners with Microsoft to help customers accelerate their cloud migration

• Kroll and Armis join forces to strengthen cyber resilience for critical systems

Generated on 2022-05-11 23:55:35.214368