IT Security News Daily Summary 2022-05-13

• GSA’s new thinking for evaluating Polaris bids

• Understanding Data Sources and File Formats

• SonicWall urges customers to fix SMA 1000 vulnerabilities

• Citrix exec explains why orgs are using DaaS to secure hybrid workspaces

• White House joins OpenSSF and the Linux Foundation in securing open-source software

• Black Hat Asia: Democracy’s Survival Depends on Taming Technology

• CISO Shares Top Strategies to Communicate Security’s Value to the Biz

• US Agrees to International Electronic Cybercrime Evidence Swap

• Another ex-eBay exec admits cyberstalking web souk critics

• The Army’s plan for tactical cloud computing

• House Dems urge social media networks not to delete evidence of possible Russian war crimes in Ukraine

• How broadband investments can reduce food deserts

• Top 5 things about zero-trust security that you need to know

• US Sentence Ukrainian to 4 Years for Brute-forcing and Selling Login Credentials

• How to spot and avoid a phishing attack – Week in security with Tony Anscombe

• Cylance vs CrowdStrike: EDR software comparison

• Geofence Warrants and Reverse Keyword Warrants are So Invasive, Even Big Tech Wants to Ban Them

• Citrix exec explains why orgs are using DaaS to secure hybrid workspaces: Q&A

• The missing link in the cybersecurity market

• Linux, OpenSSF Champion Plan to Improve Open Source Security

• Anatomy of a Security Update

• Red Hat Enterprise Linux 9: Security baked in

• Android and Chrome to Generate Virtual Cards to Keep Payment Information Safe

• 9 Questions You Should Ask About Your Cloud Security

• GE Current and Others Select ioXt to Secure Their Network Lighting Controllers

• Horizon3.ai Named a Leading Security Visionary in EMA’s Premier Vendor Vision Report Created for the 2022 RSA Conference

• Socure Names Security Veteran Chad Kalmes as Chief Information Security Officer

• Android 13 promises more on Mobile Security and Privacy

• AI compounds discrimination against disabled

• Software patching must work like car safety recalls, says US cyber boss

• Iran-Linked OilRig APT Caught Using New Backdoor

• He cracked passwords for a living – now he’s serving 4 years in prison

• Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning

• Ransomware Operators Send Their Ransom Note To The Victim’s Printer

• Threat Actors Use Telegram To Spread Eternity Malware-As-A-Service

• EU Governments, Lawmakers Agree On Tougher Cybersecurity Rules For Key Sectors

• German Firms Targeted by Malicious NPM Packages

• Texas Social Media Law Restored By US Appeals Court

• Start a new career in ethical hacking with these 18 training courses

• Hackers Can Make Siemens Building Automation Controllers ‘Unavailable for Days’

• Response to Philip Zelikow: Confiscating Russian Assets and the Law

• What’s the safest way to permanently erase your laptop’s drive? [Ask ZDNet]

• These ransomware attackers sent their ransom note to the victim’s printer

• EU Agrees New Cybersecurity Legislation for Critical Services Organizations

• Zyxel fixed firewall unauthenticated remote command injection issue

• At Least 14 German Automakers Targeted by Malware Campaign

• Russia Dubbed as the “Centre” of European-wide Cyber-Attacks

• How much will it cost to secure open-source software? OpenSSF says $147.9M

• Most organizations hit by ransomware would pay up if hit again

• How to Avoid Falling Victim to PayOrGrief’s Next Rebrand

• Data Transformation: 3 Sessions to Attend at RSA 2022

• Business Email Security Contributes to Business Stability

• devOcean Emerges From Stealth With Cloud-Native Security Operations Platform

• How to Fight Foreign Hackers With Civil Litigation

• ‘Peacetime in cyberspace is a chaotic environment’ says senior US advisor

• China’s SMIC Warns Of Plummeting Smartphone, PC Demand

• Critical Vulnerability Allows Remote Hacking of Zyxel Firewalls

• “Eternity Project” Malware Leverages Telegram For Distribution

• Elon Musk Puts Twitter Takeover On Hold

• Bitter APT Hackers Uses Non-existent Email Account/Domain To Send Weaponized Emails

• Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service

• Google Created ‘Open-Source Maintenance Crew’ to Help Secure Critical Projects

• Cybercriminals Launch a New Malware-as-a-Service: the ‘Eternity Project’

• Iran-linked Cobalt Mirage extracts money, info from US orgs – report

• Just in time? Bosses are finally waking up to the cybersecurity threat

• Delete data! Here’s the safest way to permanently erase your laptop’s drive [Ask ZDNet]

• Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)

• Microsoft: The Ransomware ware is Changing, Here’s What You Need to Know

• What’s a Parent to Do? Closing the Protection Gap between You and Your Children.

• Critical Vulnerabilities Provide Root Access to InHand Industrial Routers

• ‘IceApple’ Post-Exploitation Framework Created for Long-Running Operations

• How One Company Helps Keep Russia’s TV Propaganda Machine Online

• BPFdoor Has the Capacity to Bypass Firewalls

• Secure Your Migration to AWS, Part II: The Road to Success

• Ukrainian Sentenced to US Prison for Selling Hacked Credentials

• #CYBERUK22: Cyber Trends from the Russia-Ukraine War

• WordPress Websites Files and Databases Injected with Malicious JavaScript

• Organizations in Europe Targeted With New ‘Nerbian’ RAT

• Government’s “Whole of Society” Cyber Strategy Takes Shape

• The Countdown Has Started on Secure IoT Compliance

• Tips for Implementing HITRUST for Healthcare Providers

• Ukrainian Gets Four Years for Brute Forcing Thousands of Credentials

• Open Source Community Hands White House 10-Point Security Plan

• New Saitama backdoor Targeted Official from Jordan’s Foreign Ministry

• Security pros say their mental health has declined

• A 10-point plan to improve the security of open source software

• The state of mental health in the cybersecurity community

• Researchers find 134 flaws in the way Word, PDFs, handle scripts

• Iran-linked COBALT MIRAGE group uses ransomware in its operations

• Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability

• Iranian hacking group caught spreading ransomware

• To predict the targets of Chinese malware, look at the target of Chinese laws

• Nokia starts a Cybersecurity Testing Lab for 5G Networks

• Sandstone CTO shares how to assess cyber risk in the cloud

• The SaaS-to-SaaS supply chain is a wild, wild mess

• New infosec products of the week: May 13, 2022

• To predict the target of new Chinese malware, look at the target of new Chinese laws

• Why are DDoS attacks so easy to launch and so hard to defend against?

• Anatomy of a campaign to inject JavaScript into compromised WordPress sites

• Top tech for enterprise identity governance and security

• 63% of cybersecurity pros say their stress levels have risen over the past year

• Nebulon enables 4-minute ransomware recovery on Lenovo ThinkSystem rack server edge deployments

• Keytos EZMonitor prevents breaches and SSL related outages

• Arctic Wolf Data Exploration allows organizations to centralize their security telemetry

• AwareGO Human Risk Assessment for SMEs improves cybersecurity awareness

• iDenfy introduces Business Verification platform to help customers detect bogus companies

• Codenotary adds vulnerability scanning to further secure open source supply chains

• Catalyst Award winner: Soraya Correa

• Government Eagle Award winner: Gundeep Ahluwalia

• Industry Eagle Award winner: Casey Coleman

• Federal officials caution employers on using AI in hiring

• Elastic partners with Tines to help customers respond to security threats

• Iranian APT Cobalt Mirage launching ransomware attacks

• Transforming SQL Queries Bypasses WAF Security

• Aiven Raises $210 million to build more sustainable applications in the cloud

• BalkanID raises $5.75 million and launches a solution to provide visibility into risky entitlements

• devOcean launches out of stealth and raises $6 million to lead cloud-native security operations

• Black Hat Asia: Firmware Supply-Chain Woes Plague Device Security

• Mike Sherwood joins Pondurance as VP of Sales

• Socure names Chad Kalmes as CISO

• CyberArk launches a $30 million investment fund to fuel innovation

• Transmit Security expands in Europe to address growing demand for passwordless authentication

• CoreStack hires Murli Mohan as MD – Sales for IMEA

• A Guide to Using VPNs on Your Smartphone

• Acquisition experts ask Congress to address decline in small business awards

• 10 reasons why we fall for scams

• How password fatigue can cost organizations time, money and mental energy

• Critical F5 BIG-IP Flaw Actively Exploited by Hackers

• How Imperva Data Security Fabric Reduces Splunk Ingestion Costs and Accelerates Incident Management

• California Law Enforcement Now Needs Approval for Military-Grade Surveillance Equipment. We’ll Be Watching.

• IT Security News Daily Summary 2022-05-12

• Google launches ‘open-source maintenance crew’

• Report: 44% decrease in average amount paid after ransomware attacks

• 3 Predictors of Cybersecurity Startup Success

• If you’ve got Intel inside, you probably need to get these security patches inside, too

• How to counter smart home device breaches

• CLOUD: A SHAKESPEAREAN DRAMA?

• Stories from the SOC – Command and Control

• Analysis on recent wiper attacks: examples and how wiper malware works

• Next CISO headache: Vendor cyber insurance

• Misconfigured ElasticSearch Servers Exposed 579 GB of Users’ Website Activity

• Google launches ‘open source maintenance crew’

• Maryland Governor Signs Bills to Strengthen Cybersecurity

• Egnyte Enhances Program for Managed Service Providers

• New Nerbian RAT spreads via malspam campaigns using COVID-19

• Heat island mapping program expands

• Costa Rica Declares Emergency in Ongoing Cyberattack

• 3 ways to apply security by design in the cloud

• Cloud Firm Appian Awarded $2B in Trade Secret Cyber-Theft Lawsuit

• StackHawk Raises $20.7 Million in Series B Funding for Developer-First Application and API Security Testing

• Former Facebook Content Moderator Accuses The Company Of Human Trafficking

• The Navy needs to do a better job finding the right job for its cyber specialists, officials say

• Ransomware: How executives should prepare given the current threat landscape

• How to build a cloud security strategy that sells

• Jail voting expands in Illinois

• BalkanID Raises $6M for Intelligent IGA Technology

• Vendors, governments make ransomware decryptors more common

• Surveillance by Driverless Car

• 21M Users’ Personal Data Exposed on Telegram

• Zero trust vs. zero-knowledge proof: What’s the difference?

• Costa Rica Declares National Emergency Following Conti Cyber-Attack

• Oklahoma City Indian Clinic Data Breach Affects 40,000 Individuals

• In a Blow to Free Speech, Texas’ Social Media Law Allowed to Proceed Pending Appeal

• Cryptocurrency Crash Continues As Ethereum, Luna Plummets

• ICE’s ‘surveillance dragnet’ built with DMV photos, report says

• Adobe Releases Security Updates for Multiple Products

• In a Blow to Free Speech, Texas’ Unconstitutional Social Media Law Allowed to Proceed Pending Appeal

• Nerbian RAT Malware Delivered Using Word Documents That Include Malicious Macro Code

• Ransomware cyber-attacks in Costa Rica and Peru drives national response

• Managed service contracts deserve extra cyber scrutiny, intel agencies advise

• Needs Improvement: Scoring Biden’s Cyber Executive Order

• Adobe Releases Security Updates for Multiple Products

• Analyzing the New Black Basta Ransomware

• Russia Pushes Law to Force Taxi Apps to Share Data With Spy Agency

• S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast]

• Network Footprints of Gamaredon Group

• Duo Opens New Data Center in India

• Royal Mail Drones To Aid Postal Deliveries To Remote Locations

• Vodafone In Merger Talks With Three UK – Report

• Virtual credit cards coming to Chrome: What you need to know

• Team Cymru’s New Attack Surface Management Solution to Transform the Way Organizations Manage Digital Business Risk

• Serious Security: Learning from curl’s latest bug update

• Ransomware The Final Nail In Coffin For Small University

• APT Gang Sidewinder Goes On Two Year Attack Spree Across Asia

• Ukraine War: Don’t Underestimate Russia Cyber Threat, Warns US

• Novel Nerbian Trojan Uses Advanced Anti-Detection Tricks

• Turmoil In Crypto Market As Stablecoin Tether Breaks Dollar Peg

• The Chatter Podcast: The Art of the Security State with Trevor Paglen

• A Legal Approach to the Transfer of Russian Assets to Rebuild Ukraine

• Al-Qahtani Repatriated to Saudi Arabia Following Judge’s Grant of His Motion for a Mixed Medical Commission

• How Imperva DSF Reduces Splunk Ingestion Costs and Accelerates Incident Management

• Clearview AI banned from selling facial recognition data in the US

• Citrix App Protection helps secure remote workers

• NDR vs. Open XDR – What’s the difference?

• XDR: Separating Truth from “We Do That Too”

• How the evolution of ransomware has changed the threat landscape

• Apple No Longer The Most Valuable Company In World

• The stakes ‘could not be any higher’: CISA chief talks about the tech challenges ahead

• Size of Early Stage Cyber Deals Continues to Surge: DataTribe

• What Is RMM Software?

• Ransomware the final nail in coffin for small university

• Dark Web: 31,000 FTSE 100 Logins

• Cyber Threat alert as Russian App as it sends data to Moscow

• 62% of Surveyed Organizations Hit By Supply Chain Attacks in 2021

• Malware Builder Leverages Discord Webhooks

• Iranian Cyberspy Group Launching Ransomware Attacks Against US

• Application Security Firm StackHawk Bags $20.7 Million in Series B Funding

• Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

• How Can Your Business Defend Itself Against Fraud-as-a-Service?

• E.U. Proposes New Rules for Tech Companies to Combat Online Child Sexual Abuse

• Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks

• Massive hacking campaign compromised thousands of WordPress websites

• British Man Charged With Hacking US Bank Computers

• Lincoln College To Close Permanently After Cyberattack – 5 Cyber Experts Comment

• PII Of 21M SuperVPN, GeckoVPN Users Leaked On Telegram

• FBI, CISA, And NSA Warn Of Hackers Increasingly Targeting MSPs

• Man accused of stealing funds from banking firms through fraud

• Top VPN Scams Revealed – Here’s What to Look Out for in 2022

• Zero Trust Firm Xage Security Adds $6 Million ‘Top-up’ to $30 Million Series B Funding

• 5 Years That Altered the Ransomware Landscape

• EU Proposes New Rules for Tech Companies to Combat Online Child Sexual Abuse

• Expert Reaction On Cyber Threats Five Years On From WannaCry

• Cyberattacks on SATCOM networks attributed to Russian threat actors

• How to Write YARA Rules That Minimize False Positives

• StackHawk raises $20.7M for dynamic app testing platform

• Nokia Opens Cybersecurity Testing Lab

• The Hidden Race to Protect the US Bioeconomy From Hacker Threats

• F5 BIG-IP vulnerability is now being used to disable servers

• Government Surveillance Commissioner Warns Of Chinese-made CCTV – Report

• You Can Join the (ISC)² Board of Directors

• The real exchange rate between crypto and freedom

• You Can’t Eliminate Cyberattacks, So Focus on Reducing the Blast Radius

• HP Patches UEFI Vulnerabilities Affecting Over 200 Computers

• On Air With Dark Reading News Desk at Black Hat Asia 2022

• Red TIM Research (RTR) founds 2 bugs affecting F5 Traffix SDC

• South Asian Governments Targeted by Bitter APT Group

• Google Unveils Smartphone, Watch, Tablet, Glasses At I/O Conference

• Life Behind the Screens of Parents, Tweens, and Teens: McAfee’s Connected Family Study

• Hundreds of Thousands of Konica Printers Vulnerable to Hacking via ​​Physical Access

• DEA Investigating Breach of Law Enforcement Data Portal

• The Case for War Crimes Charges Against Russia’s Sandworm Hackers

• Nerbian RAT Malware, New Threat on The Market

• Next Generation Harmony Mobile Introduces the Industry’s First Malicious File Protection

• Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks

• Prepare for What You Wish For: More CISOs on Boards

• 9 questions you should ask about your cloud security

• Intel Patches High-Severity Vulnerabilities in BIOS, Boot Guard

• Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites

• Five Eyes agencies warn of attacks on MSPs

• Hackers Are Going After Managed Security Providers

• College closes down after ransomware attack

• Government Initiative Promises Rapid Blocking of Scam Sites

• NCSC launches free email security check

• Hands-Free Bluetooth Technologies and the Cell Phone Regulation

• Quarter of Security Pros Say Mental Health Has Worsened

• Trustpilot Forced to Delete Millions of Fake Reviews in 2021

• Five Eyes urges organisations to secure supply chains

• Requiem for the iPod – Intego Mac Podcast Episode 239

• Android and Chrome Users Can Soon Generate Virtual Credit Cards to Protect Real Ones

• Secure your CMS-based websites against pervasive attacks

• APT gang ‘Sidewinder’ goes on two-year attack spree across Asia

• New Phishing-as-a-Service Toolkit Discovered

• What Is All The Hype Around NFTs?

• Everything We Learned From the LAPSUS$ Attacks

• Government Agencies Warn of Increase in Cyberattacks Targeting MSPs

• Europe proposes tackling child abuse by killing privacy, strong encryption

• It’s time to kick China off social media, says tech governance expert

• Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers

• Critical Vulnerability in Azure Synapse Let Attackers Control other Customers’ Workspaces

• Beware of state actors stepping up attacks on managed service providers: Cyber agencies

• Ukraine war a sorting hat for cyber-governance loyalties: Black Hat founder Jeff Moss

• CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability

• Two Ward 8 Small Businesses Raising Capital Through DC Rebuild Bond Program

• What is tokenization, what are the types of tokenization, and what are its benefits for eCommerce businesses?

• Shrinking healthcare cybersecurity gaps between hospitals and manufacturers

• Welcome “Frappo”: Resecurity Discovered a New Phishing-as-a-Service

• S4x22: ICS Security Creates the Future

• How to avoid headaches when publishing a CVE

• CIS Control 18 Penetration Testing

• Multi-Factor Authentication: A Key to Cyber Risk Insurance Coverage

• Critical F5 vulnerability under exploitation in the wild

• 10 best practices to reduce the probability of a material breach

• Cohesity FortKnox helps organizations combat sophisticated attacks and accelerate recovery

• ForgeRock Autonomous Access prevents identity-based cyber attacks and fraud

• Microsoft Patch Tuesday: Fixes for 0-Day and 74 Other Flaws Released

• Progress Chef Cloud Security improves security and compliance outcomes for customers

• Spirent’s new security automation package protects operators from potential security impacts

• Orca Security unveils Shift Left Security capabilities to prevent cloud application issues

• Nasuni Ransomware Protection defends critical business data against ransomware attacks

• Sonatype launches solution to remediate malicious and outdated InnerSource components

• Red Hat announces enhancements across its portfolio of open hybrid cloud solutions

• Platform9 enhancements improve developer productivity and simplify cloud-native operations

• How the evolution of Ransomware changed the threat landscape

• GitProtect.io releases Jira backup to bring data protection in the event of any failure or human error

• FalconStor partners with IBM to accelerate cloud migration for enterprises and MSPs

• Backdoor in public repository used new form of attack to target big firms

• Intel squeezes desktop Alder Lake CPUs into laptops with Core HX-series chips

• Google Maps “immersive view” is the ultimate graphics mode for Google Maps

• ICE Has Assembled a ‘Surveillance Dragnet’ with Facial Recognition and Data, Report Says

• The EU Commission’s New Proposal Would Undermine Encryption And Scan Our Messages

• Ivanti partners with Lookout to help organizations prevent threats in the new hybrid work landscape

• CREST and Hack The Box join forces to boost cyber security skills development

Generated on 2022-05-13 23:55:33.840740