IT Security News Daily Summary 2022-06-16

• Report: 59% of SMEs say cybersecurity is the top IT challenge of the past year

• House Oversight Committee advances legislation encouraging telework at agencies

• Rampant ID theft targets pandemic benefits, watchdogs say

• Voxlens makes interactive data more accessible for screen readers

• Microsoft 365 Function Leaves SharePoint, OneDrive Files Open to Ransomware Attacks

• BlastWave Announces Enhancements to Its Zero-Trust Security Software Solution, BlastShield

• What We Mean When We Talk About Cyber Insurance

• Livestream: Jan. 6 Select Committee Hearing Day Three

• The Chatter Podcast: Freemasonry and Conspiracism with John Dickie

• Hertzbleed – New AMD & Intel CPUs Bug Let Hackers Extract Crypto-Keys From Remote Servers

• House panel passes funding bill with $100M for TMF

• What’s next for EV charging

• Play Store Apps Caught Spreading Android Malware to Millions

• Android Spyware ‘Hermit’ Discovered in Targeted Attacks

• SpaceX Staff Denounce Elon Musk’s Behaviour – Report

• Transgender women found and created community in the 1980s internet

• Cybersecurity Researchers Find Several Google Play Store Apps Stealing Users Data

• Unlocking the Cybersecurity Benefits of Digital Twins

• ‘MaliBot’ Android Malware Steals Financial, Personal Information

• Volexity Blames ‘DriftingCloud’ APT For Sophos Firewall Zero-Day

• How to set up automated log collection with PowerShell

• EU & US Unite to Fight Ransomware

• Offensive Security Hails Passage of Several Cybersecurity Bills in Congress

• Intel and AMD CPU Trageted by the New ‘Hertzbleed’ Remote Side-Channel Attack

• Research finds most orgs have a ‘false sense of security’ about APIs

• House committee advances LGBTQI+ Data Inclusion Act

• S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]

• Office 365 Functionality Could Allow Ransomware to Hold Files Stored on SharePoint and OneDrive

• NakedPages Phishing Toolkit is Now Available on Cybercrime Forums

• RSAC Startup Competition Focuses on Post-Cloud IT Infrastructure

• Cloudflare Prevents One Of The Largest DDoS Attack Recorded

• Microsoft Acquires Cyber Threat Analysis Company To Respond To Cyber Warfare

• 7 Facts About Insider Threats That Should Make you Rethink Data Security

• Cloudflare Mitigates a Record-Breaking DDoS Assault Peaking at 26 Million RPS

• GRIMM CEO Jennifer Tisdale Recognized as One of 25 Leaders Transforming Manufacturing

• API security: 12 essential best practices to keep your data & APIs safe

• New Research: Low IAM Program Maturity is Leaving Companies Vulnerable to Rising Identity-Related Security Incidents

• Security frameworks / attestations and certifications: Which one is the right fit for your organization?

• Intel Firmware updates for Memory Mapped I/O security vulnerabilities

• EU’s ‘Revised’ Disinformation Code Of Practice Backed By Tech Giants

• Hertzbleed exposes computers’ secret whispers

• Customer sues 365 Data Centers for Ransomware Attack

• 5 Skills SecOps Will Need to Effectively Protect Their Organization Going Forward

• ‘Potentially dangerous’ Office 365 flaw discovered

• What is a Cyberattack? Types and Defenses

• Policing and the Siege of the United States Capitol

• Jan. 6 Select Committee Hearing Day Three

• What Do You Think Of Recent Interpol Operation Of Global Fraud Crackdown?

• UK Security Practitioners Lack The Confidence To Stop Attacks

• API Calls Expose 770M Logs With GitHub, AWS, Docker Tokens In Travis CI Logs

• $100 million of TMF funding tagged for customer experience projects

• Microsoft launches Defender for Individuals for Microsoft 365 Personal and Family subscribers

• How hackers use AI and machine learning to target enterprises

• ALPHV/BlackCat ransomware gang starts publishing victims’ data on the clear web

• Interpol arrests thousands of scammers in operation “First Light 2022”

• Microsoft Dismisses False Reports About End of Patch Tuesday

• Apple Retail Workers In Maryland Begin Union Vote

• OAuth vs JWT (JSON Web Tokens): An In-Depth Comparison

• CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case

• Hardening Virtio for emerging security usecases

• Making the world a safer place with Microsoft Defender for individuals

• ENTRY-LEVEL CYBERSECURITY JOBS KEY TO SOLVING WORKFORCE GAP

• Hacker’s Corner: Complete Guide to Keylogging in Linux – Part 3

• Looking for Cyber Insurance? Know Your Eligibility

• CISOs Gain False Confidence in the Calm After the Storm of the Pandemic

• CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case

• Google Fined $260,000 By Russia Over No Local Data Storage

• Don’t Take the Bait: How to Avoid Phishing Attacks

• API Security Tools: What To Look For

• Cisco Patches Critical Vulnerability in Email Security Appliance

• Are You Hiring Enough Entry-Level Security Pros?

• BlackCat Ransomware Gang Targeting Unpatched Microsoft Exchange Servers

• Interpol’s First Light operation smashes crime on a global scale

• Hackers’s Corner: Complete Guide to Keylogging in Linux – Part 3

• Report: 84% of IT leader say passwords are ‘deceptively weak’ for data security

• Why most enterprises are failing to implement IAM

• ISC2 highlights how hiring practices can fix the cyberskills gap

• This Linux botnet has found a novel way of spreading to new devices

• 2,000 arrests in crackdown on social engineering and business email scams

• 2,000 People Arrested Worldwide for Social Engineering Schemes

• Microsoft Patch Tuesday June Arrives With 55 Security Updates

• Most Cybersecurity Managers Hire Entry- and Junior-level Candidates

• State-Sponsored Phishing Attack Targeted Israeli Military Officials

• Sophisticated Android Spyware ‘Hermit’ Used by Governments

• People: A cornerstone for fostering security resilience

• Ransomware Risk in Healthcare Endangers Patients

• Difference Between Agent-Based and Network-Based Internal Vulnerability Scanning

• A Microsoft Office 365 Feature Could Help Ransomware Hackers Hold Cloud Files Hostage

• Cybercriminals Target Companies with Outdated Cybersecurity Procedures

• This new Android malware bypasses multi-factor authentication to steal your passwords

• Facebook Messenger Scam Duped Millions

• Researchers Discover Way to Attack SharePoint and OneDrive Files With Ransomware

• Police Linked to Hacking Campaign to Frame Indian Activists

• Attacking the Performance of Machine Learning Systems

• Apple Faces £750m Claim Over Battery Slowdown

• Okta’s Matt Raible: How I became a Java hipster

• Hiring entry-level and junior candidates can alleviate the cybersecurity skills shortage

• Using the Defense Readiness Index to Improve Security Team Skills

• Researchers disclosed a remote code execution flaw in Fastjson Library

• Hackers Exploit Old Telerik Flaws to Deploy Cobalt Strike

• How to Increase Sales With Sales Automation Software?

• Microsoft’s Internet Explorer browser is finally gone. But not everyone is a happy about it

• Cyber-Criminals Smuggle Ukrainian Men Across Border

• Microsoft Patch Fixes Follina Bug

• CISA Urges Users To Update Google Chrome Browser To Receive Bug Fixes

• Vodafone Switches On Self-Powered Mobile Phone Mast

• Photos of kids taken from spyware-ridden phones found exposed on the internet

• New Zimbra Bug Allows Data Stealing With No User Interaction

• Global Police Arrest Thousands in Fraud Crackdown

• Cisco fixed a critical Bypass Authentication flaw in Cisco ESA and Secure Email and Web Manager

• Apple’s Planned Obsolescence – Intego Mac Podcast Episode 244

• High-Severity RCE Vulnerability Reported in Popular Fastjson Library

• 66% of organizations store 21%-60% of their sensitive data in the cloud

• Elasticsearch server with no password or encryption leaks a million records

• Apple’s Planned Obsolescence: iOS 16, macOS Ventura Drop Support for Many Models

• Do you know what your supply chain is and if it is secure?

• Panel discussion at Consensus 2022: Is Web 3.0 more hype or reality?

• How Should I Think About Security When Considering Digital Transformation Projects?

• Helping Educational Institutions Align to NCAE-C

• Malicious apps continue to spread through the Google Play Store

• Facebook Says Apple is Too Powerful. They’re Right.

• How social engineering attacks are evolving beyond email

• Ireland is now a part of the Microsoft Government Security Program (GSP)

• UK ICO to retain millions in fines to meet legal expenses

• Zero trust adoption: Industry-specific challenges and implementation strategies

• Impact Podcast with John Shegerian Features NVIDIA’s Tonie Hansen

• 5 ways to prevent Ransomware attacks

• 72% of middle market companies expect to experience a cyberattack

• MaliBot: A New Android Banking Trojan Spotted in the Wild

• The challenges of managing increased complexity as hybrid IT accelerates

• Critical Flaw in Cisco Secure Email and Web Manager Lets Attackers Bypass Authentication

• The future is passwordless. What’s slowing it down?

• Grooming lies and their function in financial frauds

• Neustar Security Services UltraDNS2 improves resilience of infrastructure and services

• Feroot DomainGuard reduces risk associated with client-side attacks

• Incognia Location-based Liveness Spoofing Detection identifies fraudulent attempts to fake liveness

• Optiv MXDR enhances detection and response with expanded cloud integration

• Nebulon ImmutableBoot allows operations teams to protect their application infrastructure

• Cisco AppDynamics Cloud accelerates detection and resolution of performance issues

• Okera on Snowflake enables organizations to manage and utilize sensitive data

• Infoblox NIOS 8.6.2 provides enhanced multi-cloud integrations for customers

• SnapLogic platform enhancements simplify data preparation tasks for IT and business teams

• SecureKloud CloudEdge accelerates cloud deployment for enterprises

• Stop This California Bill that Bans Affordable Broadband Rules

• Evaluating the Jan. 6 Committee’s Evidence

• PIXM partners with Identity Automation to protect educators and learners from targeted phishing attacks

• Cloudflare Thwarted Largest Ever HTTPS DDoS Attack

• Hertzbleed Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips

• Stellar Cyber expands its management team with two appointments

• Elasticsearch Database Mess Up Exposed Login, PII Data of 30,000 Students

• Inconsistent data reporting thwarts crime analysis

• Cisco’s Ash Devata on the Future of Secure Access

• Intelligent Waves promotes Amy Wood to CFO

• IT Security News Daily Summary 2022-06-15

• Identity and Access: The Game is the Same – It Just Got Fiercer

• Defense topline funding could see a bump, panel chairman says

• ‘Hertzbleed’ Side-Channel Attack Threatens Cryptographic Keys for Servers

• 7 Ways to Bring AI to Cybersecurity

• What is WAAP? – A Quick Walk Through

• Pandemic response watchdogs urge agencies to focus on ID theft

• At Second Trial, Ex-CIA Employee Defends Himself in Big Leak

• Heineken says there’s no free beer, warns of phishing scam

• Elon Musk Appeals Court Refusal To End Tweet Oversight

• Small biz leaders urge Congress to address category management woes

• Microsoft takes months to fix critical Azure Synapse bug

• A critical flaw in Citrix Application Delivery Management allows resetting admin passwords

• Hands on with Pfizer Booster 4.0: My review of anti-malware for carbon-based systems

• Meta Fails To Overturn UK Order To Sell Giphy

• How to reframe the cybersecurity conversation for elected officials

• Legislation sets penalties for drone misuse

• New Bluetooth upgrade could provide a big audio assist for government

• Satellites zoom in on cities’ hottest neighborhoods to help combat the urban heat island effect

• NordPass password manager deal: Get two years for $29

• GreyNoise Attracts Major Investor Interest

• Cloud Native Application Protection Platform: A Utility Knife for Cloud Security Services

• This tiny, encrypted drive can fit on your keyring

• European Union Preparing To Crack Down On Facebook Deepfake Videos

• As Internet-Connected Medical Devices Multiply, So Do Challenges

• Simplify and centralize network security management with Azure Firewall Manager

• New Linux Malware Syslogk has a Clever Approach of Staying Undetected

• Kaiser Permanente Reveals Data Leak of Nearly 70,000 Medical Records

• Update on (ISC)² Entry-Level Cybersecurity Certification Pilot

• Can global recruitment solve the cybersecurity hiring problem?

• BeanVPN leaks 25 million user records

• Why strong security solutions are critical to privacy protection

• Process to remove personal data from the Google Search Engine

• SAP Patches Critical NetWeaver and ABAP Platform Vulnerabilities

• Imperva Introduces New Features to Help Prevent Online Fraud

• Stealthy Symbiote Linux malware is after financial institutions

• Qualcomm Victory After EU Court Annuls 997m Euros Antitrust Fine

• New Linux Rootkit Malware ‘Syslogk’ Triggers Backdoors With Magic Packets

• Complete Guide to Keylogging in Linux: Part 3

• Microsoft continues cyber security spending spree with Miburo buy

• Now LIVE: SecurityWeek Cloud Security Summit, Presented by Palo Alto Networks

• Jit Banks Massive $38.5 Seed Round Funding

• European Security Officials Double Down on Automated Moderation and Client-Side Scanning

• Record breaking HTTPS DDoS attack

• Earn Money with Bug Bounties

• Former DOD cyber official loses bid for Congress despite Trump’s backing

• Lessons for Better Fraud Decision-Making

• US Researchers Spot New Hertzbleed Flaw Affecting AMD and Intel CPUs

• Panchan Golang P2P botnet targeting Linux servers in cryptomining campaign

• Post-quantum cryptography, an introduction

• Threat Intelligence: Cyber and Electromagnetic Activities (CEMA) with Software-Defined Radio (SDR)

• IBM Ordered To Turn Over Ginny Rometty Emails In Age Discrimination Lawsuit

• Lottery scams: Don’t be fooled

• So Long, Internet Explorer. The Browser Retires Today

• Critical Code Execution Vulnerability Patched in Splunk Enterprise

• Critical Atlassian Confluence flaw remains under attack

• directory traversal

• Obrela sponsors open-source Commix project

• Firefox stops advertisers tracking you as you browse, calls itself the most “private and secure major browser”

• In Cybersecurity, What You Can’t See Can Hurt You

• Travel-related Cybercrime Takes Off as Industry Rebounds

• DragonForce Gang Unleash Hacks Against Govt. of India

• Small Botnet Launches Record-Breaking 26 Million RPS DDoS Attack

• Patch Tuesday And Experts Insight

• New Study: Australian Capital Territory Files No. 1 Most Complaints Amid Record $324 Million Online Scam Surge In Australia

• Does Zero Trust Mean Defence In Depth Is Dead?

• Survey Finds IT Leaders Eager to Eliminate Passwords

• Ubuntu Core 22: The secure, application-centric IoT OS is now available

• How One “Crypto Drainer” Template Facilitates Tens Of Millions Of Dollars In Theft

• Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers

• Best New Apps in 2022 Useful for Students

• Update now!  Microsoft patches Follina, and many other security updates

• Report: 14.9 billion users have had personal data breached since 2004

• Don’t use these passwords: These are the most popular log-in details found for sale online

• Got hit by a cyber attack? Hackers will probably come after you again – within a year

• Security resilience: 4 ways to achieve company-wide buy-in

• How can mentorship help the cybersecurity workforce gap?

• Facebook Account Bruteforcer

• Microsoft’s Internet Explorer Retires Today, After 27 Years

• Ubuntu Core 22 brings real-time Linux options to IoT

• New ‘Hertzbleed’ Remote Side-Channel Attack Affects Intel, AMD Processors

• Let’s give a look at the Dark Web Price Index 2022

• Over 2 Million People Have Downloaded Android Malware from the Google Play Store

• Firefox: Our new cookie protection will stop companies tracking you across sites

• M1 Chip Vulnerability

• Ransomware Group Launches Search Site for Stolen Data

• It’s official, today you can say goodbye to Internet Explorer. Or can you?

• How cybersecurity readiness prevents small and medium businesses (SMBs) from fuelling supply chain attacks

• Attackers Can Exploit Critical Citrix ADM Vulnerability to Reset Admin Passwords

• Russia Is Taking Over Ukraine’s Internet

• New Iranian Spear-Phishing Campaign Hijacks Email Conversations

• PrivacyTests reveals how your web browser does privacy-wise

• Kubernetes users struggle with security, Red Hat survey says

• SAP Patches High-Severity NetWeaver Vulnerabilities

• FDNY Building Digital Firewall to Protect Emergency Workers From Cyber Attacks

• Ransomware gang publishes stolen victim data on the public Internet

• Email compromise leads to healthcare data breach at Kaiser Permanente

• Researcher Demonstrated How Tesla Key Card Feature Can be Exploited to Steal Cars

• NSO Group In Talks To Offload Pegasus Spyware – Report

• Tripwire Products: Quick Reference Guide

• BNPL Fraud Alert as Account Takeovers Surge

• Comprehensive, Easy Cybersecurity for Lean IT Security Teams Starts with XDR

• New Hertzbleed Side-Channel Attack Affects All Modern AMD and Intel CPUs

• How much does access to corporate infrastructure cost?

• Ransomware Gang Develops New Website That Allows Victims To Search For Their Data

• Avera Health Data Breach Affects 700 Patients

• The State of 3D Printing: TCT 3Sixty 2022

• A tiny botnet launched the largest DDoS attack on record

• Microsoft to Acquire Cyber Threat Analysis Company Miburo

• Privacy Watchdog Boosts Legal Funds by Keeping Millions in Fines

• New cybersecurity bill to require mandatory reporting of ransomware, other attacks

• ChromeLoader a simple vessel for more sinister threats

• Microsoft’s Final Patch Tuesday Fixes Follina Bug

• VERT Threat Alert: June 2022 Patch Tuesday Analysis

• 45% of infosec pros admit that they have considered quitting the industry

• Cyber Security Management System (CSMS) for the Automotive Industry

• Let’s give a look at the Dark Web Price Index 2021

• Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second

• Microsoft acquires cyber threat detecting firm Miburo

• Most of the cyber attacks in Canada are ransomware genre

• McAfee’s Digital Wellness Delivers Online Protection As An Employee Benefit

• Microsoft Patch Tuesday, June 2022 Edition

• Mind the gap: How to ensure your vulnerability detection methods are up to scratch

• A closer look at the SEC Cybersecurity Disclosure rule

• Malaysia-linked DragonForce hacktivists attack Indian targets

• PriSec Boot Camp Helps Privacy and Security Officers Prevent Information Losses and Cyberattacks

• Intelligent Waves Promotes Amy Wood to Chief Financial Officer

• Hexnode recognized as a Leader in the IDC MarketScape: Worldwide Unified Endpoint Management Software for Apple Devices 2022 Vendor Assessment

• Snowflake Launches New Unistore Workload to Drive Next Phase of Innovation With Transactional and Analytical Data Together in the Data Cloud

• Journey Into Cybersecurity – Conversations with Cyber Newcomers, Part 1

• GALLIUM APT Hackers Using New Hacking Tool “PingPull” To Attack on Telecom & Government Sectors

• Cloud computing top concerns: The focus is shifting

• Patch Tuesday: Microsoft Issues Fix for Actively Exploited ‘Follina’ Vulnerability

• How confident are IT pros in the security of their organization’s supply chain?

• Unpatched Exchange server, stolen RDP logins… How miscreants get BlackCat ransomware on your network

• Phishing reaches all-time high in early 2022

• Microsoft fixes under-attack Windows zero-day Follina

• How 3D Printing Has Become a Global Trend With Time

• Black Kite FocusTags allows users to track high-profile cyber events

• Koverse Data Platform 4.0 empowers organizations to enforce zero trust for data management

• Splunk announces platform updates to address the complexities of multi-cloud and hybrid environments

• Trend Micro VicOne strengthens connected vehicle cybersecurity

• Adobe Releases Security Updates for Multiple Products

• Follina gets fixed – but it’s not listed in the Patch Tuesday patches!

• Adobe Releases Security Updates for Multiple Products

• Former US state agency CIO, IT exec plead guilty to bribery and extortion scheme

• SAP Releases June 2022 Security Updates

• Some Cybersecurity Startups Still Attract Funding Despite Headwinds

• SAP Releases June 2022 Security Updates

• QuSecure partners with DataBridge Sites to help organizations protect against quantum attacks

• Alert Logic and TD SYNNEX join forces to improve security posture for their customers

• Cloudflare says it thwarted record-breaking HTTPS DDoS flood

Generated on 2022-06-16 23:55:35.589466