IT Security News Daily Summary 2022-05-21

• 5 Casual Games You Can Play on Your Mobile Browser Now

• Pwn2Own 2022: Windows 11, Ubuntu, Firefox, Safari, Tesla and more hacked

• Payment Gateway Firm Razorpay Loses ₹7.3 Crore in Cyber Fraud Incident

• (Saas): What Is It And What Are Its Advantages?

• The Emergence of Physically Mediated Cyberattacks?

• America’s small businesses aren’t ready for a cyberattack

• A Short Guide to Understanding the Exciting Realm of Fintech

• Russia-linked Sandworm continues to conduct attacks against Ukraine

• US Reclaimed $15 Million From an Ad Fraud Operation

• North Korean IT Workers Are Infiltrating Tech Companies

• Cisco fixes an IOS XR flaw actively exploited in the wild

• Conti: Russian-backed rulers of Costa Rican hacktocracy?

• Preventing Ransomware Attacks On Industrial Networks

• Interview with Morten Kjaersgaard, CEO of Heimdal Security on How Cybersecurity Businesses are Tackling the Ukraine Crisis

• True Cybersecurity Requires a Shift to A Data-Centric Philosophy

• SolarWinds ready to move past breach and help customers manage theirs

• Tesla Model 3, Ubuntu Desktop & Windows 11 Hacked – Pwn2Own Day 2

• Researchers Find Backdoor in School Management Plugin for WordPress

• Report: Cybersecurity Skills Gap Creates Vulnerabilities

• Cisco Issues Patch for New IOS XR Zero-Day Vulnerability Exploited in the Wild

• Cisco Issues Patches for New IOS XR Zero-Day Vulnerability Exploited in the Wild

• Microsoft Warns About New Sysrv Botnet Variant Attacks Web Servers

• Impersonate Local Microsoft Users with msImpersonate

• Microchip Precise Time Scale Systems enables traceability to UTC without depending on GNSS

• Avoiding Risks by Using Secure Online Crypto Platform

• Mozilla patches Wednesday’s Pwn2Own double-exploit… on Friday!

• Castellan Solutions announces integrations with leading emergency notification platforms

• PlainID partners with PwC to help enterprises manage authorization policies

• Microsoft patches the Patch Tuesday patch that broke authentication

• Red River appoints Brian Roach as CEO

• Report: 60% of orgs have experienced data loss due to employee mistakes

• Career paths in cybersecurity: Key skills, salary expectations and job description

• The 5 best secure browsers for privacy in 2022

• What is a cybersecurity degree?

• Best Wi-Fi Security & Performance Testing Tools for 2022

• QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

• NTU Singapore and CSA Singapore open security testing centre

• ISACA Risk Starter Kit provides risk management templates and policies

• Amit Serper joins Sternum as Director of Security Research

• Phishing Scam Adds a Chatbot Like Twist to Steal Data

• IT Security News Daily Summary 2022-05-20

• Schools should prep for ransomware with response and comms plans, experts say

• Friday Squid Blogging: Squid Street Art

• Large-Scale Attack Targeting Tatsu Builder WordPress Plugin

• What the U.S. government’s security testing protections mean for enterprises

• SentinelOne vs Palo Alto: Compare EDR software

• Pwn2Own Vancouver 2022 D2

• China-linked Twisted Panda caught spying on Russian defense R&D

• Sandworm deploys new version of ArguePatch malware loader

• Cryptocurrency: secure or not? – Week in security with Tony Anscombe

• Partial Patching Still Provides Strong Protection Against APTs

• Chatbot Army Deployed in Latest DHL Shipping Phish

• The War Over Ukraine—On Wikipedia

• Carbon Black vs. CrowdStrike: EDR software comparison

• Check your privilege: The critical principle for keeping your SaaS data safe

• What the US government’s new CFAA policy means for enterprises

• How XDR can identify and fill the cracks in state and local government’s cybersecurity posture

• Cities that hyped crypto are now contending with the crash

• Quantum Key Distribution for a Post-Quantum World

• What Is DNS Spoofing and How Can You Prevent It?

• The new Air Force Ones are late, so the old planes need more cash, official Says

• Chinese Hackers are Targeting Russian Aerospace Industry

• New DOJ guidance on key hacking law creates carve out for security researchers

• Beware of Fake Windows 11 Downloads Distributing Vidar Malware

• Why you should act like your CEO’s password is “querty”

• Microsoft Rushes a Fix After May Patch Tuesday Breaks Authentication

• Why AI and autonomous response are crucial for cybersecurity (VB On-Demand)

• EPA seeks funding to improve the cybersecurity of America’s water systems

• State and local governments turn to normalizing the ‘new normal’ workplace

• McAfee vs Kaspersky: Compare EDR software

• Pro-Russian Hackers Hit Critical Government Websites in Italy

• All White Hat hackers exempted from US CFAA Prosecution

• Developing Data Security Practices Before, During, and After Cloud Migrations

• USB Devices Redux

• China has signaled easing of its tech crackdown — but don’t expect a policy U-turn

• Energy Department provides $53M for climate change tech

• This app shows you how to make your iPhone more secure better than Apple does

• DoJ: White Hat Hackers Will No Longer Face Prosecution

• Putin Promises To Bolster Russia’s IT Security In Face Of Cyber Attacks

• DOJ Announces It Won’t Prosecute White Hat Security Researchers

• 380K Kubernetes API Servers Exposed To Public Internet

• Strapi Exposed Data, Password Reset To Unprivileged Users

• Global Food Supply Chain At Risk From Malicious Hackers

• The activity of the Linux XorDdos bot increased by 254% over the last six months

• Pwn2Own – Windows 11, Microsoft Teams Hacked & Exploiting 16 Zero-day Bugs

• Microsoft’s out-of-band patch fixes Windows AD authentication failures

• US Government says: Patch VMware right now, or get off our network

• (ISC)² Entry-Level Cybersecurity Certification Pilot Exam Reaches 1,000 Exam Milestone

• Boeing Starliner Launches Successfully, On Route To International Space Station

• Going passwordless: Q&A with Microsoft’s CVP of security, Vasu Jakkal

• Authentication Is Static, Yet Attackers Are Dynamic: Filling the Critical Gap

• Top Technology Trends in Education 2022

• Packaged zero-day vulnerabilities on Android used for cyber surveillance attacks

• Report: Frequency of cyberattacks in 2022 has increased by almost 3M

• Closing the Gap Between Application Security and Observability

• Microsoft patches the patch that broke Windows authentication

• Nikkei Says Customer Data Likely Impacted in Ransomware Attack

• Two business-grade Netgear VPN routers have security vulnerabilities that can’t be fixed

• Nonprogrammers are building more of the world’s software – a computer scientist explains ‘no-code’

• New Brute Force Attacks Against SQL Servers Use PowerShell Wrapper

• New Open Source Project Brings Consistent Identity Access to Multicloud

• Costa Rica’s New Government is Under Attack by a Conti Ransomware Gang

• DoJ Will No Longer Use CFAA to Charge Ethical Hackers

• Introducing new cloud resources page for Cisco Secure Firewall

• Conti Ransomware Shuts Down and Rebrands Itself

• Microsoft Bing censors politically sensitive Chinese terms

• Apple Accused By Union Of Staff Law Violations At NY Store

• Microsoft: This botnet is growing fast and hunting for servers with weak passwords

• Fake domains offer Windows 11 installers – but deliver malware instead

• Does disk encryption slow down your PC? [Ask ZDNet]

• 380K Kubernetes API Servers Exposed to Public Internet

• Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices

• Bluetooth Flaw Allows Remote Unlocking of Digital Locks

• 5 Essential Ways to Improve SDLC Security

• Modern “Smart” Farm Machinery Vulnerable to Cyber-Attackers

• Researchers Uncover Rust Supply-Chain Attack Targeting Cloud CI Pipelines

• Cytrox’s Predator Spyware Target Android Users with Zero-Day Exploits

• Microsoft Bing censors politically sensitive Chinese terms internationally, reports Citizen Lab

• Canada To Join Five Eyes 5G Ban On Huawei/ZTE

• Hackers Exploiting VMware Horizon to Target South Korea with NukeSped Backdoor

• Conti ransomware is shutting down operations, what will happen now?

• Conti ransomware group disbands

• Ransomware Hits Media Giant Nikkei’s Asian Unit

• How To Do A Virus Scan

• From Bitcoin to the Metaverse: The current evolution is a revolution

• 6 Steps for Construction Project Recovery

• UK Sextortion Cases Doubled in 2021

• “Alarming” Surge in Conti Group Activity This Year

• India reaffirms commitment to new cybersecurity rules

• Weekly Update 296

• SSI and FIDO2: Different approaches for a passwordless world

• Protecting data now as the quantum era approaches

• Virtual product placements revealed by streaming platforms

• IT and Security leaders are sharing passwords in shared documents folders

• QNAP storage devices again hit by Deadbolt Ransomware

• Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware

• Canada bans Huawei and ZTE from 5G networks, citing national security risks

• New infosec products of the week: May 20, 2022

• TD SYNNEX Expands Solution Offering with Google Cloud

• LegalShield Partners with NEWITY to Empower, Protect and Equip Small Businesses with Legal Services and Solutions

• Cloud Security Alliance Provides C-level Executives With Best Practices for Deploying Smart Contracts Within an Organization

• (ISC)² Hellenic Chapter Wins Award for Creating Educational Materials

• Endpoint security and remote work

• New DOJ guidance on enforcing hacking laws carves out safe space for security research

• India slightly softens infosec incident reporting and data retention rules

• How to ensure that the smart home doesn’t jeopardize data privacy?

• Email is the riskiest channel for data security

• QNAP Urges Users to Update NAS Devices to Prevent Deadbolt Ransomware Attacks

• Record level of bad bot traffic contributing to rise of online fraud

• The flip side of the coin: Why crypto is catnip for criminals

• Splashtop Enterprise enhancements improve technician and end user communication

• Calix updates its Intelligent Access EDGE platform to secure subscriber-facing network

• QuProtect offers protection against current and future quantum computing threats

• Twitter to hide misleading tweets under new crisis response policy

• Red Hat boosts performance for cloud-native application development with new portfolio updates

• Allegro Network Multimeters 3.5 allows users to analyze TCP down to packet level

• Canada to ban Huawei and ZTE and tell telcos to rip out 5G and 4G equipment

• US won’t prosecute ‘good faith’ security researchers under CFAA

• U.S. Agencies Ordered to Fix Critical VMware Vulnerabilities by Monday

• INKY partners with GoDaddy to enhance email security for businesses

• Cohesity and Palo Alto Networks join forces to improve cyber resilience for organizations

• Living Security and Gradient Cyber deliver awareness training to small businesses and midmarket enterprises

Generated on 2022-05-21 23:55:22.640268