IT Security News Daily Summary 2022-05-12

• Google launches ‘open-source maintenance crew’

• Report: 44% decrease in average amount paid after ransomware attacks

• 3 Predictors of Cybersecurity Startup Success

• If you’ve got Intel inside, you probably need to get these security patches inside, too

• How to counter smart home device breaches

• CLOUD: A SHAKESPEAREAN DRAMA?

• Stories from the SOC – Command and Control

• Analysis on recent wiper attacks: examples and how wiper malware works

• Next CISO headache: Vendor cyber insurance

• Misconfigured ElasticSearch Servers Exposed 579 GB of Users’ Website Activity

• Google launches ‘open source maintenance crew’

• Maryland Governor Signs Bills to Strengthen Cybersecurity

• Egnyte Enhances Program for Managed Service Providers

• New Nerbian RAT spreads via malspam campaigns using COVID-19

• Heat island mapping program expands

• Costa Rica Declares Emergency in Ongoing Cyberattack

• 3 ways to apply security by design in the cloud

• Cloud Firm Appian Awarded $2B in Trade Secret Cyber-Theft Lawsuit

• StackHawk Raises $20.7 Million in Series B Funding for Developer-First Application and API Security Testing

• Former Facebook Content Moderator Accuses The Company Of Human Trafficking

• The Navy needs to do a better job finding the right job for its cyber specialists, officials say

• Ransomware: How executives should prepare given the current threat landscape

• How to build a cloud security strategy that sells

• Jail voting expands in Illinois

• BalkanID Raises $6M for Intelligent IGA Technology

• Vendors, governments make ransomware decryptors more common

• Surveillance by Driverless Car

• 21M Users’ Personal Data Exposed on Telegram

• Zero trust vs. zero-knowledge proof: What’s the difference?

• Costa Rica Declares National Emergency Following Conti Cyber-Attack

• Oklahoma City Indian Clinic Data Breach Affects 40,000 Individuals

• In a Blow to Free Speech, Texas’ Social Media Law Allowed to Proceed Pending Appeal

• Cryptocurrency Crash Continues As Ethereum, Luna Plummets

• ICE’s ‘surveillance dragnet’ built with DMV photos, report says

• Adobe Releases Security Updates for Multiple Products

• In a Blow to Free Speech, Texas’ Unconstitutional Social Media Law Allowed to Proceed Pending Appeal

• Nerbian RAT Malware Delivered Using Word Documents That Include Malicious Macro Code

• Ransomware cyber-attacks in Costa Rica and Peru drives national response

• Managed service contracts deserve extra cyber scrutiny, intel agencies advise

• Needs Improvement: Scoring Biden’s Cyber Executive Order

• Adobe Releases Security Updates for Multiple Products

• Analyzing the New Black Basta Ransomware

• Russia Pushes Law to Force Taxi Apps to Share Data With Spy Agency

• S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast]

• Network Footprints of Gamaredon Group

• Duo Opens New Data Center in India

• Royal Mail Drones To Aid Postal Deliveries To Remote Locations

• Vodafone In Merger Talks With Three UK – Report

• Virtual credit cards coming to Chrome: What you need to know

• Team Cymru’s New Attack Surface Management Solution to Transform the Way Organizations Manage Digital Business Risk

• Serious Security: Learning from curl’s latest bug update

• Ransomware The Final Nail In Coffin For Small University

• APT Gang Sidewinder Goes On Two Year Attack Spree Across Asia

• Ukraine War: Don’t Underestimate Russia Cyber Threat, Warns US

• Novel Nerbian Trojan Uses Advanced Anti-Detection Tricks

• Turmoil In Crypto Market As Stablecoin Tether Breaks Dollar Peg

• The Chatter Podcast: The Art of the Security State with Trevor Paglen

• A Legal Approach to the Transfer of Russian Assets to Rebuild Ukraine

• Al-Qahtani Repatriated to Saudi Arabia Following Judge’s Grant of His Motion for a Mixed Medical Commission

• How Imperva DSF Reduces Splunk Ingestion Costs and Accelerates Incident Management

• Clearview AI banned from selling facial recognition data in the US

• Citrix App Protection helps secure remote workers

• NDR vs. Open XDR – What’s the difference?

• XDR: Separating Truth from “We Do That Too”

• How the evolution of ransomware has changed the threat landscape

• Apple No Longer The Most Valuable Company In World

• The stakes ‘could not be any higher’: CISA chief talks about the tech challenges ahead

• Size of Early Stage Cyber Deals Continues to Surge: DataTribe

• What Is RMM Software?

• Ransomware the final nail in coffin for small university

• Dark Web: 31,000 FTSE 100 Logins

• Cyber Threat alert as Russian App as it sends data to Moscow

• 62% of Surveyed Organizations Hit By Supply Chain Attacks in 2021

• Malware Builder Leverages Discord Webhooks

• Iranian Cyberspy Group Launching Ransomware Attacks Against US

• Application Security Firm StackHawk Bags $20.7 Million in Series B Funding

• Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

• How Can Your Business Defend Itself Against Fraud-as-a-Service?

• E.U. Proposes New Rules for Tech Companies to Combat Online Child Sexual Abuse

• Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks

• Massive hacking campaign compromised thousands of WordPress websites

• British Man Charged With Hacking US Bank Computers

• Lincoln College To Close Permanently After Cyberattack – 5 Cyber Experts Comment

• PII Of 21M SuperVPN, GeckoVPN Users Leaked On Telegram

• FBI, CISA, And NSA Warn Of Hackers Increasingly Targeting MSPs

• Man accused of stealing funds from banking firms through fraud

• Top VPN Scams Revealed – Here’s What to Look Out for in 2022

• Zero Trust Firm Xage Security Adds $6 Million ‘Top-up’ to $30 Million Series B Funding

• 5 Years That Altered the Ransomware Landscape

• EU Proposes New Rules for Tech Companies to Combat Online Child Sexual Abuse

• Expert Reaction On Cyber Threats Five Years On From WannaCry

• Cyberattacks on SATCOM networks attributed to Russian threat actors

• How to Write YARA Rules That Minimize False Positives

• StackHawk raises $20.7M for dynamic app testing platform

• Nokia Opens Cybersecurity Testing Lab

• The Hidden Race to Protect the US Bioeconomy From Hacker Threats

• F5 BIG-IP vulnerability is now being used to disable servers

• Government Surveillance Commissioner Warns Of Chinese-made CCTV – Report

• You Can Join the (ISC)² Board of Directors

• The real exchange rate between crypto and freedom

• You Can’t Eliminate Cyberattacks, So Focus on Reducing the Blast Radius

• HP Patches UEFI Vulnerabilities Affecting Over 200 Computers

• On Air With Dark Reading News Desk at Black Hat Asia 2022

• Red TIM Research (RTR) founds 2 bugs affecting F5 Traffix SDC

• South Asian Governments Targeted by Bitter APT Group

• Google Unveils Smartphone, Watch, Tablet, Glasses At I/O Conference

• Life Behind the Screens of Parents, Tweens, and Teens: McAfee’s Connected Family Study

• Hundreds of Thousands of Konica Printers Vulnerable to Hacking via ​​Physical Access

• DEA Investigating Breach of Law Enforcement Data Portal

• The Case for War Crimes Charges Against Russia’s Sandworm Hackers

• Nerbian RAT Malware, New Threat on The Market

• Next Generation Harmony Mobile Introduces the Industry’s First Malicious File Protection

• Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks

• Prepare for What You Wish For: More CISOs on Boards

• 9 questions you should ask about your cloud security

• Intel Patches High-Severity Vulnerabilities in BIOS, Boot Guard

• Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites

• Five Eyes agencies warn of attacks on MSPs

• Hackers Are Going After Managed Security Providers

• College closes down after ransomware attack

• Government Initiative Promises Rapid Blocking of Scam Sites

• NCSC launches free email security check

• Hands-Free Bluetooth Technologies and the Cell Phone Regulation

• Quarter of Security Pros Say Mental Health Has Worsened

• Trustpilot Forced to Delete Millions of Fake Reviews in 2021

• Five Eyes urges organisations to secure supply chains

• Requiem for the iPod – Intego Mac Podcast Episode 239

• Android and Chrome Users Can Soon Generate Virtual Credit Cards to Protect Real Ones

• Secure your CMS-based websites against pervasive attacks

• APT gang ‘Sidewinder’ goes on two-year attack spree across Asia

• New Phishing-as-a-Service Toolkit Discovered

• What Is All The Hype Around NFTs?

• Everything We Learned From the LAPSUS$ Attacks

• Government Agencies Warn of Increase in Cyberattacks Targeting MSPs

• Europe proposes tackling child abuse by killing privacy, strong encryption

• It’s time to kick China off social media, says tech governance expert

• Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers

• Critical Vulnerability in Azure Synapse Let Attackers Control other Customers’ Workspaces

• Beware of state actors stepping up attacks on managed service providers: Cyber agencies

• Ukraine war a sorting hat for cyber-governance loyalties: Black Hat founder Jeff Moss

• CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability

• Two Ward 8 Small Businesses Raising Capital Through DC Rebuild Bond Program

• What is tokenization, what are the types of tokenization, and what are its benefits for eCommerce businesses?

• Shrinking healthcare cybersecurity gaps between hospitals and manufacturers

• Welcome “Frappo”: Resecurity Discovered a New Phishing-as-a-Service

• S4x22: ICS Security Creates the Future

• How to avoid headaches when publishing a CVE

• CIS Control 18 Penetration Testing

• Multi-Factor Authentication: A Key to Cyber Risk Insurance Coverage

• Critical F5 vulnerability under exploitation in the wild

• 10 best practices to reduce the probability of a material breach

• Cohesity FortKnox helps organizations combat sophisticated attacks and accelerate recovery

• ForgeRock Autonomous Access prevents identity-based cyber attacks and fraud

• Microsoft Patch Tuesday: Fixes for 0-Day and 74 Other Flaws Released

• Progress Chef Cloud Security improves security and compliance outcomes for customers

• Spirent’s new security automation package protects operators from potential security impacts

• Orca Security unveils Shift Left Security capabilities to prevent cloud application issues

• Nasuni Ransomware Protection defends critical business data against ransomware attacks

• Sonatype launches solution to remediate malicious and outdated InnerSource components

• Red Hat announces enhancements across its portfolio of open hybrid cloud solutions

• Platform9 enhancements improve developer productivity and simplify cloud-native operations

• How the evolution of Ransomware changed the threat landscape

• GitProtect.io releases Jira backup to bring data protection in the event of any failure or human error

• FalconStor partners with IBM to accelerate cloud migration for enterprises and MSPs

• Backdoor in public repository used new form of attack to target big firms

• Intel squeezes desktop Alder Lake CPUs into laptops with Core HX-series chips

• Google Maps “immersive view” is the ultimate graphics mode for Google Maps

• ICE Has Assembled a ‘Surveillance Dragnet’ with Facial Recognition and Data, Report Says

• The EU Commission’s New Proposal Would Undermine Encryption And Scan Our Messages

• Ivanti partners with Lookout to help organizations prevent threats in the new hybrid work landscape

• CREST and Hack The Box join forces to boost cyber security skills development

• Palo Alto Unveils Zero Trust 2.0, Says Current Solutions Inadequate

• Material Security raises $100 million to extend the product into new areas and expand internationally

• Concentric raises $14.5 million to autonomously secure business-critical data

• Transcend integrates with Zendesk to automate privacy requests by orchestrating customer data

• ThreatConnect hires Burney Barker as CRO

• Louise Bulman joins Claroty as General Manager of EMEA

• Sunday Security raises $4 million to elevate cyber-risk protection for executive teams

• U.S., allied cybersecurity agencies, advise reviewing contracts with tech vendors

• Why the USAF’s IT chief is ‘bullish’ on open source

• Data-driven decision-making: Easier said than done

• School bus Wi-Fi qualifies for E-Rate, FCC chair says

• eSentire launches e3 partner ecosystem to accelerate digital initiatives requiring modern security

• Unlimited Technology adds three security executives to its leadership team

• David Rushmer joins Blackpoint Cyber as Director of Threat Research

• Blackline Safety appoints Sean Stinson as CGO

• CISA adds CVE-2022-1388 flaw in F5 BIG-IP to its Known Exploited Vulnerabilities Catalog

• Five Eyes turn spotlight on MSPs: Potential weak links in IT supply-chain security

• IT Security News Daily Summary 2022-05-11

• Real win vs. privacy theater: Google’s new personal information removal policy

• How Radiflow helps CISOs secure operational technology environments

• PlainID Debuts Authorization-as-a-Service Platform

• ICE has assembled a ‘surveillance dragnet’ with facial recognition and data, report says

• Ready, IAM, Fire: How Weak IAM Makes You a Target

• Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing Comes

• Going the Extra Mile: What It Takes to Be a Responsible Cyber Power

• US, allies warn of nation-state attacks against MSPs

• Android 13 Tries to Make Privacy and Security a No-Brainer

• Government agencies warn of increase in cyberattacks targeting MSPs

• I/O 2022: Android 13 security and privacy (and more!)

• EFF to Court: Fair Use is a Right Congress Cannot Cast Aside

• CISA, the NSA and the FBI warn about an increase in cyber attacks targeting MSPs

• Google I/O: New security features include virtual credit cards, account safety status

• Orca Security Unveils Context-Aware Shift Left Security to Identify and Prevent Cloud Application Security Issues Earlier

• Microsoft Simplifies Security Patching Process for Exchange Server

• Fraudulent ‘Bot-driven’ College Enrollment up 50%, New Study Finds

• Man Sentenced for Stealing from PayPal Accounts in Wire Fraud Scheme

• Taking on the Next Generation of Phishing Scams

• How to Disable Ad ID Tracking on iOS and Android, and Why You Should Do It Now

• Why you need to add a trust and safety officer to the leadership team

• British Man Charged With Hacking US Bank Computers, Stealing Millions

• Top 6 Security Threats Targeting Remote Workers

• Keeper Security Partners with SHI International for New Fully Managed IT Service (SHI Complete)

• NSA Warns Managed Service Providers Are Now Prime Targets for Cyberattacks

• Multiple Organizations Targeted by Conti Ransomware Worldwide

• MM.Finance, a DeFi platform, Had More Than $2 Million Stolen

• 6 Legal and Free Streaming Services to Consider in 2022

• Measuring the administrative burden of government programs

• Email Security Vendors Score Billion-Dollar Valuations

• MITRE ATT&CK and SIEM Rules: What Should Your Expectations Be?

• Quantum Ransomware Strikes Quickly, How to Prepare and Recover

• Breaking Down the Strengthening American Cybersecurity Act

• Concentric AI Raises Series A Funding Led by Ballistic Ventures to Autonomously Secure Business-Critical Data

• Microsoft Releases May 2022 Security Updates

• Google Releases Security Updates for Chrome

• Cybersecurity and resilience: board-level issues

• Biden Announces Discounted Internet For Low-Income Americans

• 21 Million Records of VPN Users Leaked on Telegram

• Lawmakers balk at possible service changes at launch site of VA’s new health record

• Material Security Reaches $1.1 Billion Valuation for ‘Zero Trust’ Security on Microsoft and Google Email

• Microsoft Releases May 2022 Security Updates

• Google Releases Security Updates for Chrome

• Help Employees and Consumers Avoid Self-inflicted Cybersecurity Mistakes

• Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders

• Chrome 101 Update Patches High-Severity Vulnerabilities

• The Importance of Wellness for Security Teams

• Facebook Turns Off Augmented Reality Filters In Two States Over Privacy Concerns

• SpyCloud Report: Fortune 1000 Employees Pose Elevated Cyber Risk to Companies

• The EU Wants Big Tech to Scan Your Private Chats for Child Abuse

• CISA Adds One Known Exploited Vulnerability to Catalog

• Why the World Needs ZTNA 2.0

• UK National Cyber Security Centre launches Email Security Service

• How to delete your Twitter account and protect your data

• SaaS App Vanity URLs Can Be Spoofed for Phishing, Social Engineering

• CISA Adds One Known Exploited Vulnerability to Catalog

• Fresh Ransomware Samples Indicate REvil Is Back

• Actively Exploited Zero-Day Bug Patched By Microsoft

• Western Governments Accuse Russia Of Hacking US Satellite Internet Provider

• Russia Fails To Recover RuTube Access On Third Day Of Outage

• Lincoln College Shuts Permanently After Ransomware Attack

• Fake WHO Safety Emails on COVID-19 Dropping Nerbian RAT Across Europe

• How to Hash, Salt, and Verify Passwords in NodeJS, Python, Golang, and Java

• Ransomware Attack a Nail in the Coffin as Lincoln College Closes After 157 Years

• It’s a party! Cisco SecureX at RSAC and Cisco Live US 2022

• Update now! Microsoft releases patches, including one for actively exploited zero-day

• Intel announces new security as-a-service to deliver confidential computing

• Intel’s Project Amber provides security for confidential computing

• Cybersecurity has a desperate skills crisis. Rural America could have the answer

• How to delete yourself from internet search results and hide your identity online

• Most Brazilian companies don’t pay to get data back after ransomware attacks

• Ransomware is a national security threat, so please tell us about attacks, says government

• Fresh ransomware samples indicate REvil is back

• Five Eyes Nations Issue New Supply Chain Security Advisory

• ICE Is a Domestic Surveillance Agency

• Chip Shortage Sees BMW Deliver Cars Without Android Auto, Apple CarPlay

• Cohesity delivers a SaaS data isolation and recovery solution

• Opportunity out of crisis: Tapping the Great Resignation to close the cybersecurity skills gap

• The Danger of Online Data Brokers

• Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers

• Hackers are using tech services companies as a ‘launchpad’ for attacks on customers

• CISA adds actively exploited critical F5 BIG-IP bug to its must-patch list

• Cybersecurity has a desperate skills crisis: Rural American could have the answer

• Healthcare Technology Provider Omnicell Discloses Ransomware Attack

• Vanity URLs Could be Spoofed for Social Engineering Attacks

• Researchers uncover URL spoofing flaws on Zoom, Box, Google Docs

• NCSC Confirms Russia Responsible For Viasat Hack

• Concentric AI to autonomously secure business-critical data with $14.5M series A funding

• ServiceNow launches major new features for cloud IT service management

• Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia

• Why Its So Important For Organisations To Put Staff Welfare First When A Cyber-attack Strikes.

• British Man Charged In New York With Hacking Into Bank Computers, Stealing Millions

• Wannacry – 5 Years On, 68% Of Enterprises Are Still At Risk

• 31,000 FTSE 100 Logins Found On Dark Web

• A New Phishing-as-a-Service Toolkit Was Discovered

• Novel Phishing Trick Uses Weird Links to Bypass Spam Filters

• Intel Memory Bug Poses Risk for Hundreds of Products

• Protecting payments in an era of deepfakes and advanced AI

• Webinar Today: Managing IoT/OT Visibility, Protection and Monitoring in a Zero Trust Environment

• ICS Patch Tuesday: Siemens, Schneider Electric Address 43 Vulnerabilities

• Protecting Against Cyber Threats to Managed Service Providers and their Customers

• CISA Joins Partners to Release Advisory on Protecting MSPs and their Customers

• Ivanti and Lookout partner together to help organizations develop their zero trust security posture

• ForgeRock releases AI-driven anti-fraud solution

• Elon Musk says Russian efforts to jam Starlink are ‘ramping up’

• Africa Grapples With Way Forward on Cybercrime

• Protecting Against Cyber Threats to Managed Service Providers and their Customers

• CISA Joins Partners to Release Advisory on Protecting MSPs and their Customers

• New ransomware trends in 2022

• How Traffic Analysis Boosts Ecommerce Profits

• Progress launches Chef Cloud Security to extend DevSecOps to cloud-native assets

• Actively Exploited Zero-Day Bug Patched by Microsoft

• SAP Patches Spring4Shell Vulnerability in More Products

• Thousands of Top Websites See What You Type—Before You Hit Submit

• Next-Generation CMS: Why Advanced Content Management is the Key to Sustained Growth and Profitability

• April 2022’s Most Wanted Malware: A Shake Up in the Index but Emotet is Still on Top

• Ransomware Deals Deathblow to 157-year-old College

• Critical Vulnerability Exploited to ‘Destroy’ BIG-IP Appliances

• Apple To Discontinue The iPod

• Windows Print Spooler Vulnerabilities Increasingly Exploited in Attacks

• Novel Nerbian RAT Lurks Behind Faked COVID Safety Emails

• Researchers Warn of Nerbian RAT Targeting Entities in Italy, Spain, and the U.K

• Windows Print Spooler Exploit: the Path for Threat Actors to Perform 65,000 Cyberattacks

• 5 Key Learnings from Intel’s 2021 Product Security Report

• Defending Your Remote Workforce with Zero Trust Security

• Dell & Apple to Face Lawsuit After the Company Failed to Provide paid-for Services

• Ransomware in numbers: How 2,500 potential targets turns into one actual attack

• Microsoft: Ransomware Relies on the Gig Economy

• NCSC’s Free Email Security Check Spots Domain Issues

• CNI firms see cyberattack surge

• A Complete Guide to Desktop as a Service (DaaS)

• Elon Musk To Reverse ‘Stupid’ Twitter Ban Of Donald Trump

• Malicious NPM Packages Target German Companies in Supply Chain Attack

• How to blur your house on Google Maps and why you should do it now?

• Spain sacks spy chief over Pegasus scandal

• Canon printer owners: Be careful of bogus driver download sites

• Deep-Sea Phishing: How to defend against attacks

• Microsoft Fixes Three Zero-Days in May Patch Tuesday

• Yahoo Japan strives for universal passwordless authentication

• E.U. Blames Russia for Cyberattack on KA-SAT Satellite Network Operated by Viasat

• Which phishing scams are trending in 2022?

• EU condemns Russian cyber operations against Ukraine

• Microsoft Patch Tuesday updates for May 2022 fixes 3 zero-days, 1 under active attack

• Hackers try to cyber scam by posing Chief Executive of Lincoln College

• Ransomware attack shuts down a US College permanently

• Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates

• Ransomware works fast, you need to be faster to counter it

• Adding Guardrails To A Cloud Account After The Fact

• An offensive mindset is crucial for effective cyber defense

• Sarah Fay Appointed Chair of Ziff Davis Board of Directors

• Lattice to Host Virtual Seminar on Cyber Resiliency for Firmware Protections and Supply Chain Security

• Cyber Security Leader guardDog.ai Wins CE Pro/Commercial Integrator 2022 Top New Technology (TNT) Award

• Endpoint security and remote work

• Is that health app safe to use? A new framework aims to provide an answer

• Google Drive emerges as top app for malware downloads

• Password reuse is rampant among Fortune 1000 employees

• Microsoft Patch Tuesday, May 2022 Edition

• HackerOne Attack Resistance Management increases customers’ cyber resilience

• SecureAge CatchPulse safeguards enterprises against complex security threats

• Download guide: Evaluating third-party security platforms

• Elon Musk plans to reverse Donald Trump’s permanent ban on Twitter

• Zerto enhances ransomware recovery capabilities to address a wide range of data protection issues

• Cloud Security Management by Deloitte helps organizations secure their cloud environments

• GlobalSign Ready S/MIME feature enables users to secure email certificates

• Sternum releases live attack simulation platform for IoT devices

• Onapsis Assess Baseline protects mission-critical SAP applications

• Five Eyes pin Russia for pre-Ukraine invasion attack on Viasat

• Microsoft closes Windows LSA hole under active attack

• Hackers Hit Web Hosting Provider Linked to Oregon Elections

• Druva partners with AWS to deliver cloud-first data protection across multiple applications

Generated on 2022-05-12 23:55:34.706189

Liked it? Take a second to support IT Security News on Patreon!