IT Security News Daily Summary 2022-06-14

• Citrix Releases Security Updates for Application Delivery Management

• WiFiDuck BadUSB Tester

• Infrastructure investments should focus on ‘cyber smart’ projects

• 3 ways governments can regain citizens’ trust

• Citrix Releases Security Updates for Application Delivery Management

• Ransomware Group Debuts Searchable Victim Data

• New botnet and cryptominer Panchan attacking Linux servers

• Man gets two years in prison for selling 200,000 DDoS hits

• How Russian sanctions may be helping US cybersecurity

• Microsoft Releases June 2022 Security Updates

• IRS launched tax credit website without authority to operate, watchdog reports

• Windows Updates Patch Actively Exploited ‘Follina’ Vulnerability

• Microsoft Releases June 2022 Security Updates

• JFK’s Argument Against Imperialism

• Is Russia Exploiting a Gap in the Montreux Convention?

• Microsoft fixes Follina and 55 other CVEs

• Admin of DDoS-For-Hire Service “DownThem” Gets 2 Years Prison Sentence

• Microsoft to acquire foreign cyberthreat analysis vendor Miburo

• Microsoft June 2022 Patch Tuesday: 55 fixes, remote code execution in abundance

• Koverse Launches Zero Trust Data Platform

• Google: SBOMs Effective Only If They Map to Known Vulns

• Incognia Introduces Location-Based Liveness Spoofing Detection Solution

• Admin of DDoS-For-Hire Service “Downthem” Gets 2 Years Prison Sentence

• Chinese Threat Actor Employs Fake Removable Devices as Lures in Cyber Espionage Campaign

• More reality checks could help keep DOD programs on time and on budget, GAO says

• Murder suspect admits she tracked cheating partner with hidden AirTag

• Upcoming Speaking Engagements

• EFF Urges Congress to Strengthen the American Data Privacy and Protection Act

• ICS Patch Tuesday: Siemens, Schneider Electric Address Over 80 Vulnerabilities

• Adobe Plugs 46 Security Flaws on Patch Tuesday

• Creating a patch management policy: Step-by-step guide

• New Syslogk Linux Kernel Rootkit Uses “Magic Packets” to Trigger Remote Backdoor Access

• How Can Security Partnerships Help to Mitigate the Increasing Cyber Threat?

• Gone Ape? How to Protect NFTs from Theft

• Info Stealer Identified in a PyPI Package

• GALLIUM APT Deployed a New PingPull RAT

• New Dashlane Report: The Future of Secure Work

• Journey Into Cybersecurity – Conversations with Cyber Newcomers, Part 2

• The United States Department of Justice Will no Longer Prosecute Ethical Hackers

• (ISC)² Entry-Level Cybersecurity Certification Pilot Exam Reaches 1,000 Exam Milestone

• API Security Tools: What to look For

• New bill sets federal penalties for drone misuse

• Report: L3 Emerges as Suitor for Embattled NSO Group

• ClubCiso Report Shows Material Security Incidents Reduced by 54% Compared to Last Year

• Beware the ‘Secret Agent’ Cloud Middleware

• Optiv MXDR Enhances Detection Coverage With Expanded Cloud Integration

• Researchers: Wi-Fi Probe Requests Leak User Data

• Kaiser Permanente employees targeted by cyber attack and info of 70k staff breached

• Karakurt extortion group: Threat profile

• Bitwarden vs 1Password: Password manager comparison

• Avast: New Linux Rootkit and Backdoor Align Perfectly

• SBOM in Action: finding vulnerabilities with a Software Bill of Materials

• Instagram scam steals your selfies to trick your friends

• The Three Best Tools You Need to Scan Your Linux System for Malware

• Cloud computing means big opportunities – and big threats

• The unrelenting threat of ransomware is pushing cybersecurity workers to quit

• Microsoft: Ransomware gangs are using unpatched Exchange servers to gain access, so get updating

• New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials

• Chinese Hackers Install Backdoors in iOS/Android Web3 Wallets

• HelloXD Ransomware Variants Found Installing Backdoor on Windows and Linux Machines

• What is the Essential Eight (And Why Non-Aussies Should Care)

• Save time and money with Red Hat Insights Compliance reporting

• MLOps Blog Series Part 1: The art of testing machine learning systems using MLOps

• Is Cybersecurity a Top Priority for Politicians? World Politics and Cybersecurity

• Patch Tuesday June 2022 – Microsoft Releases Several Chromium Security Updates

• German Regulator Probes Apple Ad-Tracking Rules

• How to Become World Class at Cyber Hygiene

• Understanding and Mitigating Single Sign-on Risk

• What Expert Thinks Of UK Digital Strategy?

• IRS “Dirty Dozen” Warns Tax Pros And Businesses Of Spear Phishing

• Azure issues not adequately fixed for months, complain bug hunters

• Half of IT leaders say passwords too weak for security purposes

• Operator of ‘DownThem’ DDoS Service Sentenced to 24 Months in Prison

• SecurityWeek to Host Cloud Security Summit, Presented by Palo Alto Networks, on June 15th

• Technical Details Released for ‘SynLapse’ RCE Vulnerability Reported in Microsoft Azure

• Why Log4j Is Still The Problem When The Patch Is Released 6 Months Ago?

• Report Reveals $1.7 Billion Hacked From Top 10 Centralised Crypto Exchanges Over The Last Decade

• Searchlight Security appoints Cylance and Blackberry’s Eric Milam to lead its dark web intelligence product strategy

• Amazon To Begin Drone Deliveries In Californian Town

• Introducing Malwarebytes Vulnerability Assessment for OneView: How to check for Common Vulnerabilities and Exposures (CVEs)

• “Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft

• Cloud computing rush means big opportunities and big threats ahead

• Chinese Cyberespionage Group Starts Using New ‘PingPull’ Malware

• U.S. State and Federal Funding for Cybersecurity is on the Rise

• cSploit – A Network Analyzer on Android

• (IN)SECURE Magazine: RSAC 2022 special issue released

• Instagram Brings Parental Controls To UK

• Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach

• Malware’s Destruction Trajectory and How to Defeat It

• Schneider Electric, Claroty Launch Cybersecurity Solution for Buildings

• Atos Shares Plunge Amidst Reorganisation, CEO Exit

• Can I transfer my Windows upgrade license from an old PC to a new one? [Ask ZDNet]

• This new Linux malware has a sneaky way of staying hidden

• Linux Malware Deemed ‘Nearly Impossible’ to Detect

• Poll Shows That More Than 40 Million UK Consumers Have Been Targeted by Digital Fraudsters So Far This Year

• Apple’s Planned Obsolescence

• Detect cloud native security threats with Tracee

• Kaiser Permanente Discloses Data Breach at WA Health Plan, 69K Impacted

• Is your organization ready for Internet Explorer retirement?

• An In-Depth Look at Software-Defined Perimeters

• UK health privacy watchdog still in talks over who is accessing country’s COVID data store

• Iranian Spear Phishing Operation Targets Former Israeli Foreign Minister, Former US Ambassador to Israel, Former Israeli Army General and Three other High-Profile Executives

• Iran Spear-Phishers Hijack Email Conversations in New Campaign

• Don’t panic! “Unpatchable” Mac vulnerability discovered

• Elon Musk To Meet With Twitter Staff

• Over Three-Quarters of UK Adults Hit by Online Scams

• Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens

• Two Convicted in Major Drugs Bust Discovered by Police on EncroChat

• Google Engineer Claims AI Has ‘Feelings’

• New Syslogk Linux Rootkit Lets Attackers Remotely Command It Using “Magic Packets”

• Google Engineer Suspended After Claiming AI Became Sentient

• Once is never enough: The need for continuous penetration testing

• Attack on Kaiser Permanente Exposes Data on 70,000 Customers

• Researchers Detail PureCrypter Loader Cyber Criminals Using to Distribute Malware

• Stronger detection and automation pave the way for real-time response

• UK Digital Strategy Takes Aim At Cyber-Security, Skills Gap

• What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4.

• Looking for adding new detection technologies in your security products?

• Inside the RSAC expo: Buzzword bingo and the bear in the room

• SeaFlower campaign distributes backdoored versions of Web3 wallets to steal seed phrases

• API Security Best Practices

• Chinese-sponsored gang Gallium upgrades to sneaky PingPull RAT

• BlackCat Ransomware is being induced into Microsoft Exchange Servers

• Cybersecurity for the FIFA World Cup in Qatar bolstered

• Using compliance to create value for your organization

• Saas security: How to avoid “death by 1000 apps”

• Only 10% of vulnerabilities are remediated each month

• Why do organizations need to prioritize ransomware preparedness?

• Strong passwords still a priority strategy for enterprises

• 2022-06-13 – TA578 thread-hijacked emails push Bumblebee or IcedID

• Experts spotted Syslogk, a Linux rootkit under development

• DivX SubTitles – 783,058 breached accounts

• HelloXD Ransomware Targeting Multiple Windows and Linux Systems

• “Downthem” DDoS-for-Hire Boss Gets 2 Years in Prison

• Zyxel WiFi 6E APs enable organizations to reduce network interference

• Say goodbye to browser ads and malware with this $30 tool

• Getting Started With the Metasploit Framework: A Pentesting Tutorial

• Network Perception joins OT Cyber Coalition to strengthen national security

• How the Federal Government Buys Our Cell Phone Location Data

• Addressing Cyber Risk with a Unified Platform

• API Security Weekly: Issue 164

• Corel Acquires Awingu

• OneSpan appoints Lara Mataac as General Counsel and CCO

• Fidelma Russo and Jeetu Patel join Equinix Board of Directors

• How the federal government buys our cell phone location data

• CISA Recommends Organizations Update to the Latest Version of Google Chrome

• Maureen Kaplan joins SilverSky as CRO

• EFF’s Flagship Jewel v. NSA Dragnet Spying Case Rejected by the Supreme Court

• Lack of Space National Guard could hurt training, recruiting

• Data tools help root out social services fraud

• Cybersecurity is Job 1 for city, county IT leaders

• NYFD calls for help with doxing

• IT Security News Daily Summary 2022-06-13

• The intelligent way to detect fraud

• Industroyer: A cyber‑weapon that brought down a power grid

• Inglis says infrastructure outlays should focus on ‘cyber smart’ investments

• Kaiser Permanente Breach Exposes Data on 70K Patients

• Everything you need to know about zero-trust architecture

• A Getting-Started Guide to Improving Security with Open-Source Static & Dynamic Security Scanners

• malware

• Tenable slams Microsoft over Azure vulnerabilities

• Report: Facebook Gives Gun Sellers 10 Strikes Before Kicking Them Off The Platform

• Exposed Travis CI API Leaves All Free-Tier Users Open to Attack

• Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

• 11 open source automated penetration testing tools

• How AI and bots strengthen endpoint security

• In Security, Less Is More

• Scoop: Uganda Security Exchange Caught Leaking 32GB of Sensitive Data

• Drupal Patches ‘High-Risk’ Third-Party Library Flaws

• Russia-linked APT targets Ukraine by exploiting the Follina RCE vulnerability

• Tony Jarvis on Shifting Security Gears as We Move to the Cloud

• Taking down the IP2Scam tech support campaign

• HelloXD ransomware bulked up with better encryption, nastier payload

• (ISC)² Concludes Online Proctored Exams Do Not Meet Exam Security Standards

• Corel adds zero trust tech to its strength with Awingu acquisition

• TMF methods can drive larger modernization impact, report states

• Drupal Releases Security Updates

• Secure your data like James Bond with the Kingston IronKey Vault Privacy 80

• HYCU Raises $53 Million for Data Backup Technology

• Drupal Releases Security Updates

• Network Perception Joins Operational Technology Cybersecurity Coalition to Aid with Strengthening National Security

• Vincent Cirel Joins Gannett as Chief Technology Officer

• First Open XDR Summit Is a Resounding Success

• Dispersive Holdings Named Winner of Global InfoSec Award for Best Cloud Obfuscation during RSA Conference 2022

• DevSecOps deploy and operate processes

• Water sector wants greater cybersecurity for its infrastructure

• You’re invited! Join us for a live walkthrough of the “Follina” story…

• Apple CEO Tim Cook Pushes Senate For Privacy Legislation

• API Security: Best Tools and Resources

• Backdoor Installed by HelloXD Ransomware , Directed Windows and Linux Devices

• New Data-Stealing Malware Impersonates Cracked CCleaner App In Recent Campaigns

• Two Online Gun Stores Admit Data Breaches Following Web Skimming Attacks

• Stealthy Symbiote Malware Wreaks Havoc On Linux Systems

• Emotet Malware Evolves To Steal Data From Chrome Browser

• Fujitsu Cloud Storage Vulnerabilities Could Expose Backups To Attackers

• FDNY Calls for Digital Firewall to Protect Rescue Workers From Cyber-Attacks

• How to Reduce the Risk of Buy Now, Pay Later Fraud

• The many lives of BlackCat ransomware

• Multilingual Cybersecurity Awareness Training adapted for your needs

• Open Source Security: Key Benefits & Drawbacks You Should Know

• Skyhigh Security CEO, VP talk life after McAfee

• Livestream: Jan. 6 Select Committee Hearing Day Two

• 5 ways to connect with Microsoft Security at Identiverse 2022

• Iranian Attackers are Employing a New DNS Hijacking Malware to Target Organizations

• AWS IAM Security Best Practices

• Corel adds zero trust tech  to its strength with Awingu acquisition

• State-sponsored Chinese threat actors compromise telecom and network service providers

• GALLIUM APT used a new PingPull RAT in recent campaigns

• The Impotence of the Fourth Amendment in a Post-Roe World

• Poor Identity Management Amplifies Ransomware

• Prevent Browser-In-The-Browser Phishing Attacks by Removing Human Input Error

• Seven tech security trends heading your way now

• Researchers: Wi-Fi Probe Requests Expose User Data

• #RSAC: The Cybersecurity Maturity Model Certification Program is Coming

• #RSAC: World Economic Forum Cybercrime Atlas Effort Advances

• Update Chrome now: Four high risk vulnerabilities found

• Cryptocurrencies Plunge After Celsius Pauses Withdrawals

• Smaller Firms Support US Tech Competition Bill As Giants Resist

• How to Make Business Practices That Support Cybersecurity Response

• State-sponsored Chinese threat actors compromise telecommunications and network services providers

• 3 Big Takeaways From the Verizon DBIR 2022

• Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users

• Vulnerabilities in Industrial Control Systems Lets Attackers Remotely Unlock Doors

• Facilitating Convergence of Physical Security and Cyber Security With Open Source Intelligence

• Chinese Hackers Adding Backdoor to iOS, Android Web3 Wallets in ‘SeaFlower’ Campaign

• Chinese ‘Gallium’ Hackers Using New PingPull Malware in Cyberespionage Attacks

• HelloXD Ransomware operators install MicroBackdoor on target systems

• 1-15 May 2022 Cyber Attacks Timeline

• How to Combat Ransomware Attacks with Zero Trust

• Building HIPAA Compliant APIs

• Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 06, 2022

• Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers

• Google Chrome Built-in Phishing Detection, Expert Reaction

• New Emotet Variant Stealing Users’ Credit Card Information From Google Chrome

• What Are Top Threats To The Cloud Computing?

• Security Leaders Discuss Industry Drivers at Dark Reading’s News Desk at RSAC 2022

• A compelling story

• The Road To Valhalla – The Urgency For Cyber Change

• How Microsoft Forgot To Renew The Certificate For Its Windows Insider Subdomain

• Metasploit 6.2.0 comes with 138 new modules, 148 enhancements and features

• Serious vulnerabilities found in ITarian software, patches available for SaaS products

• Time to update: Google patches seven Chrome browser bugs, four rated ‘high’ risk

• Academics Devise New Speculative Execution Attack Against Apple M1 Chips

• Travel tips and how to stay safe while on the go this summer

• SpaceX Starship Orbital Launch Faces NASA Challenge

• Cybercriminals, State-Sponsored Threat Actors Exploiting Confluence Server Vulnerability

• Shanghai’s Censors Can’t Hide Stories of the Dead

• Russia Reportedly Warns of “Direct Military Clash” if Cyber-Attacks on its Infrastructure Continue

• Ferrari ‘Plans Plant Expansion’ Amidst Electric Push

• Stronger Together: 4 things to do at Infosecurity Europe 2022

• Researcher Shows How Tesla Key Card Feature Can Be Abused to Steal Cars

• Quick and Simple: BPFDoor Explained

• Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses

• Large Numbers of Extortion Emails Blocked Daily

• ActZero MDR for Mobile solution protects businesses against advanced threats

• Government Pushes NHS Data Sharing Amidst Controversy

• Second Version of Hello XD Ransomware Drops Backdoor While Encrypting

• Microsoft helps prevent lateral movement from compromised unmanaged devices

• A week in security (June 6 – June 12)

• Aoquin Dragon from China hacking Australian Government Servers

• Government Pushes Ahead With NHS Data Sharing

• Googler Suspended After Claiming AI Became Sentient

• Organisations in Australia and Southeast Asia Targeted by Aoqin Dragon For Over 10 Years

• Eight Zero Days Could Open Doors for Hackers

• Two Convicted in Major Drugs Bust After Cops Read Encrypted Chats

• Sky Backs £100m Fund For Climate Tech

• Hello XD Ransomware Installing Backdoor on Targeted Windows and Linux Systems

• How To Protect Your Personal Data From Breaches

• Vulnerability Management: How Can the Infosec Team Reach an Agreement With the IT Department?

• Ransomware Viruses Are Not Going Away

• UK Tech Start-Ups See Record Quarterly Investment

• 83% of IT pros are using either hybrid or multi-cloud

• Using WiFi connection probe requests to track users

• Software developers, how secure is your software ?

• Cyber attacks on Indian Government websites due to comments on Prophet Muhammad

• AI Demon scares Google Employee

• How organizations can protect themselves in the emerging risk landscape

• API security warrants its own specific solution

• Businesses are leaving bot attacks unchallenged for almost four months

• Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks

• Increased cloud complexity needs stronger cybersecurity

• The State of Security: Ransomware

• 45% of cybersecurity pros are considering quitting the industry due to stress

• The United Nations’ List of ‘Not Listed’ Terrorist Entities

Generated on 2022-06-14 23:55:27.215961