IT Security News Daily Summary 2022-06-17

• Jit aims to simplify product security for developers

• Friday Squid Blogging: Signature Steamed Giant Squid with Thai Lime Sauce

• Ransomware and Phishing Remain IT’s Biggest Concerns

• Abortion rights: US senators seek ban on sale of health location data

• Judiciary’s zero-trust foundation secures remote access

• Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

• EFF Warns Another Court About the Dangers of Broad Site-Blocking Orders

• International operation takes down Russian RSOCKS botnet

• How to spot malicious spam – Week in security with Tony Anscombe

• WordPress Plug-in Ninja Forms Issues Update for Critical Bug

• UK Approves WikiLeaks Chief Julian Assange’s Extradition to the US

• New MaliBot Android Malware Found Stealing Personal, Banking Data

• Don’t let the next software supply chain attack threaten your mainframe

• Hertzbleed disclosure raises questions for Intel

• Atlassian Confluence Server Bug Under Active Attack to Distribute Ransomware

• DeadBolt Ransomware Actively Targets QNAP NAS Devices — Again

• Copyright “Small Claims” Quasi-Court Opens. Here’s Why Many Defendants Will Opt Out.

• ALPHV squeezes victim with dedicated leak site for employees and customers

• Biometric Authentication: Best Practices

• ALPHV squeezes victim with dedicated leak site for employee and customer data

• Paying ransoms can lead to repeated attacks

• General Dynamics’ $11B DOD ‘Fourth Estate’ IT protest denied

• Our Digital Lives Rest on a Robust, Flexible, and Stable Fair Use Regime

• How To Check for JSON Insecure Deserialization (JID) Attacks With Java

• Can a new data strategy can help the Department of Labor shape a more inclusive economy?

• Microsoft Addresses Wi-Fi Hotspots Issues in Latest Update

• Report: Facebook Fails To Detect Obvious Hate Speech In Ads

• Attackers Exploit Telerik Vulnerabilities to Deploy Cobalt Strike

• (ISC)² Concludes Online Proctored Exams Do Not Meet Exam Security Standards

• Rapidly evolving IoT malware EnemyBot now targeting Content Management System servers and Android devices

• DHS is making ‘significant reforms’ to the employee discipline process

• The Pentagon should keep better tabs on IT cybersecurity, supply chain risks, GAO says

• How to fix the four biggest problems with failed VPN connections

• US Man Sentenced to Nine Years in Prison for Hacking iCloud Accounts and Stealing Nudes

• Panchan Peer-to-Peer Botnet

• 24 Billion Usernames And Passwords Found On The Dark Web

• Interpol arrests 2000 criminals launching social engineering attacks

• Senate panel approves $45B boost to 2023 defense topline

• How math and language can combine to map the globe and create strong passwords, using the power of 3 random words

• Report: Hybrid workforce is making public sector IT management more difficult

• WordPress Updates More Than a Million Sites to Fix Critical Ninja Forms Vulnerability

• Launching Missiles Is Easy, Drug Control Is Hard

• Microsoft Defender goes cross-platform for the masses

• How to back up your Authy app

• Staffing Firm Robert Half Says Hackers Targeted Over 1,000 Customer Accounts

• Dangerous Microsoft Office 365 Functionality That Can Store Ransom Files On SharePoint And OneDrive

• How The Pension Errors Will Increase Risks Of Scams On Most Vulnerable People?

• DOE’s Latest Cyber Strategies Report – Expert Commentary?

• The Complete Guide to XACML

• Common Security Advisory Framework (CSAF) beta files now available

• The Jan. 6th Committee on Why Oaths Matter

• Cyber Security and Cloud Computing in the New Era of Remote Working

• Using Cyber Risk Quantification to Optimize Your Security Budget

• Biggest Cyber Trend in 2022

• Control the Uncontrollable, The Path to Supply Chain Security

• ONLINE STREAMING- A Harmless Entertainment or a Cybersecurity Hazard

• Zimbra Memcached Injection Bug Patched

• How we describe the metaverse makes a difference – today’s words could shape tomorrow’s reality and who benefits from it

• Check Point vs Palo Alto: Compare EDR software

• 2022 Dark Web prices for cybercriminals services

• Now On Demand: SecurityWeek Cloud Security Summit, Presented by Palo Alto Networks

• X.509 certificate

• Reimagine Hybrid Work: Same CyberSec in Office and at Home

• Researchers Uncover ‘Hermit’ Android Spyware Used in Kazakhstan, Syria, and Italy

• 5 Water-Saving Tips Every Business Should Know

• 3 Tips for Understanding the Steps in the Procure to Pay Process?

• SpaceX Fires At Least Five Staff For Letter Criticising Elon Musk – Report

• Law Enforcement Dismantle Infrastructure of Russian ‘RSOCKS’ Botnet

• Hybrid Networks Require an Integrated On-prem and Cloud Security Strategy

• Can We Make a Global Agreement to Halt Attacks on Our Energy Infrastructure?

• What Is a Threat Intelligence Platform ?

• Wikileaks Julian Assange Extradition To US Approved By Home Secretary

• Meta Bridges 2D And 3D With Crayta | Avast

• China-linked APT Flew Under Radar for Decade

• Tackling 5 Challenges Facing Critical National Infrastructure Today

• Report: 24B usernames and passwords available for sale in cybercriminal marketplaces

• Details of Twice-Patched Windows RDP Vulnerability Disclosed

• Websites Hosting Fake Cracks Spread Updated CopperStealer Malware

• Exploited Vulnerability Patched in WordPress Plugin With Over 1 Million Installations

• Cookie consent crumbles under fresh UK data law proposals

• SECURE North America | Apple Stories: How Technology Has Mediated Technology Through History

• Cybersecurity M&A Deals Surge in First Half of June 2022

• eIDAS 2.0 Amendments | Avast

• Which stolen data are ransomware gangs most likely to disclose?

• New MaliBot Android Malware Mines Cryptocurrency

• What Did Elon Musk Tell Twitter Staff?

• The Cybersecurity Consolidation Conundrum: Why Less is Sometimes More

• How do I get OneDrive under control? [Ask ZDNet]

• Cops Will Be Able to Scan Your Fingerprints With a Phone

• Here’s Why You’re Still Stuck in Robocall Hell

• Chinese Hackers Exploited Critical Security Vulnerability in Sophos Firewall

• Microsoft: BlackCat Ransomware Group Targets Vulnerable Microsoft Exchange Servers

• Costa Rica Chaos a Warning That Ransomware Threat Remains

• New MaliBot Android Banking Malware Poses as Cryptocurrency Mining App

• Beware!! BlackCat Ransomware Gang Attack Unpatched Microsoft Exchange Servers

• Experts Discuss Next Steps in Trust, Privacy and Security

• Chinese Hackers Exploited Sophos Firewall Zero-Day Flaw to Target South Asian Entity

• A New Golang-based (P2P) Botnet “Panchan” Actively Attacking Linux Servers

• Over a Million WordPress Sites Forcibly Updated to Patch a Critical Plugin Vulnerability

• Several Data-Stealing Apps Remain on Google Play Store According to Cybersecurity Researchers

• Russian Disinformation Evolving Across the Globe | Avast

• Digital wellbeing: Do free countries have more of it?

• UK Proposes Post-Brexit Data Laws to Boost Innovation

• CyberArk Endpoint Privilege Manager protects Linux systems by enforcing least privilege policies

• Businesses deal with increasing bot attacks

• Datadog Observability Pipelines empowers organizations to manage telemetry data

• Password recovery from beyond the grave

• Immersive Labs Cyber Team Sim prepares teams for real-life cyber attacks

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows ?

• Portnox unveils new cloud-native tool to help midmarket businesses simplify network security

• DragonForce Group Unleash Hacks Against India

• Elasticsearch Database Mess Up Exposed Login, Leaked Personal Data of 30K Students

• Microsoft issues serious alert about Follina Vulnerability

• Apps on Google Play Store with in-built Adware

• A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould

• Criminal IP analysis report on zero-day vulnerability in Atlassian Confluence

• Microsoft Defender for Android, Apple iOS and macOS, and Windows now available

• New infosec products of the week: June 17, 2022

• How financial institutions are improving customer experience with fraud prevention measures

• Just Released: 2022 (ISC)² Security Congress Agenda!

• AT&T Cybersecurity’s Partner Program and SentinelOne enter managed XDR market with robust alliance

• Suspicious behavior: OTX Indicator of Compromise – Detection & response

• Cyber criminals continue to target and exploit people

• Fraud trends and scam tactics consumers should be aware of

• New Microsoft Defender app works on iOS, macOS, Android, Windows

• Here’s a hidden Android security feature you won’t find on any iPhone

• 2022-06-16 – Files for an ISC diary (Matanbuchus with Cobalt Strike)

• Interpol anti-fraud operation busts call centers behind business email scams

• Guide to Day Three of the Select Committee Hearings

• RSA Conference Recap for Developers

• Security 101: Cloud-native Virtual Patching

• How to configure cPanel and WHM Panel on your VPS

• How Data Landlords Put Their Tenants at Risk

• CISA Releases New Proposed Cloud Security Guidance

• 730K WordPress sites force-updated to patch critical plugin bug

• State of OT Security in 2022: Big Survey Key Insights

• How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security

• Review: System Mechanic Ultimate Defense

• Multi-data center clustering: The evolution of web hosting

• Lawmaker questions community doorbell surveillance

• Mayors endorse emerging technologies at annual conference

• Internet Explorer Now Retired but Still an Attacker Target

• BlackCat Ransomware affiliates target unpatched Microsoft Exchange servers

• RSAC branded a ‘super spreader event’ as attendees share COVID-19 test results

• IT Security News Daily Summary 2022-06-16

• Report: 59% of SMEs say cybersecurity is the top IT challenge of the past year

• House Oversight Committee advances legislation encouraging telework at agencies

• Rampant ID theft targets pandemic benefits, watchdogs say

• Voxlens makes interactive data more accessible for screen readers

• Microsoft 365 Function Leaves SharePoint, OneDrive Files Open to Ransomware Attacks

• BlastWave Announces Enhancements to Its Zero-Trust Security Software Solution, BlastShield

• What We Mean When We Talk About Cyber Insurance

• Livestream: Jan. 6 Select Committee Hearing Day Three

• The Chatter Podcast: Freemasonry and Conspiracism with John Dickie

• Hertzbleed – New AMD & Intel CPUs Bug Let Hackers Extract Crypto-Keys From Remote Servers

• House panel passes funding bill with $100M for TMF

• What’s next for EV charging

• Play Store Apps Caught Spreading Android Malware to Millions

• Android Spyware ‘Hermit’ Discovered in Targeted Attacks

• SpaceX Staff Denounce Elon Musk’s Behaviour – Report

• Transgender women found and created community in the 1980s internet

• Cybersecurity Researchers Find Several Google Play Store Apps Stealing Users Data

• Unlocking the Cybersecurity Benefits of Digital Twins

• ‘MaliBot’ Android Malware Steals Financial, Personal Information

• Volexity Blames ‘DriftingCloud’ APT For Sophos Firewall Zero-Day

• How to set up automated log collection with PowerShell

• EU & US Unite to Fight Ransomware

• Offensive Security Hails Passage of Several Cybersecurity Bills in Congress

• Intel and AMD CPU Trageted by the New ‘Hertzbleed’ Remote Side-Channel Attack

• Research finds most orgs have a ‘false sense of security’ about APIs

• House committee advances LGBTQI+ Data Inclusion Act

• S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]

• Office 365 Functionality Could Allow Ransomware to Hold Files Stored on SharePoint and OneDrive

• NakedPages Phishing Toolkit is Now Available on Cybercrime Forums

• RSAC Startup Competition Focuses on Post-Cloud IT Infrastructure

• Cloudflare Prevents One Of The Largest DDoS Attack Recorded

• Microsoft Acquires Cyber Threat Analysis Company To Respond To Cyber Warfare

• 7 Facts About Insider Threats That Should Make you Rethink Data Security

• Cloudflare Mitigates a Record-Breaking DDoS Assault Peaking at 26 Million RPS

• GRIMM CEO Jennifer Tisdale Recognized as One of 25 Leaders Transforming Manufacturing

• API security: 12 essential best practices to keep your data & APIs safe

• New Research: Low IAM Program Maturity is Leaving Companies Vulnerable to Rising Identity-Related Security Incidents

• Security frameworks / attestations and certifications: Which one is the right fit for your organization?

• Intel Firmware updates for Memory Mapped I/O security vulnerabilities

• EU’s ‘Revised’ Disinformation Code Of Practice Backed By Tech Giants

• Hertzbleed exposes computers’ secret whispers

• Customer sues 365 Data Centers for Ransomware Attack

• 5 Skills SecOps Will Need to Effectively Protect Their Organization Going Forward

• ‘Potentially dangerous’ Office 365 flaw discovered

• What is a Cyberattack? Types and Defenses

• Policing and the Siege of the United States Capitol

• Jan. 6 Select Committee Hearing Day Three

• What Do You Think Of Recent Interpol Operation Of Global Fraud Crackdown?

• UK Security Practitioners Lack The Confidence To Stop Attacks

• API Calls Expose 770M Logs With GitHub, AWS, Docker Tokens In Travis CI Logs

• $100 million of TMF funding tagged for customer experience projects

• Microsoft launches Defender for Individuals for Microsoft 365 Personal and Family subscribers

• How hackers use AI and machine learning to target enterprises

• ALPHV/BlackCat ransomware gang starts publishing victims’ data on the clear web

• Interpol arrests thousands of scammers in operation “First Light 2022”

• Microsoft Dismisses False Reports About End of Patch Tuesday

• Apple Retail Workers In Maryland Begin Union Vote

• OAuth vs JWT (JSON Web Tokens): An In-Depth Comparison

• CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case

• Hardening Virtio for emerging security usecases

• Making the world a safer place with Microsoft Defender for individuals

• ENTRY-LEVEL CYBERSECURITY JOBS KEY TO SOLVING WORKFORCE GAP

• Hacker’s Corner: Complete Guide to Keylogging in Linux – Part 3

• Looking for Cyber Insurance? Know Your Eligibility

• CISOs Gain False Confidence in the Calm After the Storm of the Pandemic

• CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case

• Google Fined $260,000 By Russia Over No Local Data Storage

• Don’t Take the Bait: How to Avoid Phishing Attacks

• API Security Tools: What To Look For

• Cisco Patches Critical Vulnerability in Email Security Appliance

• Are You Hiring Enough Entry-Level Security Pros?

• BlackCat Ransomware Gang Targeting Unpatched Microsoft Exchange Servers

• Interpol’s First Light operation smashes crime on a global scale

• Hackers’s Corner: Complete Guide to Keylogging in Linux – Part 3

• Report: 84% of IT leader say passwords are ‘deceptively weak’ for data security

• Why most enterprises are failing to implement IAM

• ISC2 highlights how hiring practices can fix the cyberskills gap

• This Linux botnet has found a novel way of spreading to new devices

• 2,000 arrests in crackdown on social engineering and business email scams

• 2,000 People Arrested Worldwide for Social Engineering Schemes

• Microsoft Patch Tuesday June Arrives With 55 Security Updates

• Most Cybersecurity Managers Hire Entry- and Junior-level Candidates

• State-Sponsored Phishing Attack Targeted Israeli Military Officials

• Sophisticated Android Spyware ‘Hermit’ Used by Governments

• People: A cornerstone for fostering security resilience

• Ransomware Risk in Healthcare Endangers Patients

• Difference Between Agent-Based and Network-Based Internal Vulnerability Scanning

• A Microsoft Office 365 Feature Could Help Ransomware Hackers Hold Cloud Files Hostage

• Cybercriminals Target Companies with Outdated Cybersecurity Procedures

• This new Android malware bypasses multi-factor authentication to steal your passwords

• Facebook Messenger Scam Duped Millions

• Researchers Discover Way to Attack SharePoint and OneDrive Files With Ransomware

• Police Linked to Hacking Campaign to Frame Indian Activists

• Attacking the Performance of Machine Learning Systems

• Apple Faces £750m Claim Over Battery Slowdown

• Okta’s Matt Raible: How I became a Java hipster

• Hiring entry-level and junior candidates can alleviate the cybersecurity skills shortage

• Using the Defense Readiness Index to Improve Security Team Skills

• Researchers disclosed a remote code execution flaw in Fastjson Library

• Hackers Exploit Old Telerik Flaws to Deploy Cobalt Strike

• How to Increase Sales With Sales Automation Software?

• Microsoft’s Internet Explorer browser is finally gone. But not everyone is a happy about it

• Cyber-Criminals Smuggle Ukrainian Men Across Border

• Microsoft Patch Fixes Follina Bug

• CISA Urges Users To Update Google Chrome Browser To Receive Bug Fixes

• Vodafone Switches On Self-Powered Mobile Phone Mast

• Photos of kids taken from spyware-ridden phones found exposed on the internet

• New Zimbra Bug Allows Data Stealing With No User Interaction

• Global Police Arrest Thousands in Fraud Crackdown

• Cisco fixed a critical Bypass Authentication flaw in Cisco ESA and Secure Email and Web Manager

• Apple’s Planned Obsolescence – Intego Mac Podcast Episode 244

• High-Severity RCE Vulnerability Reported in Popular Fastjson Library

• 66% of organizations store 21%-60% of their sensitive data in the cloud

• Elasticsearch server with no password or encryption leaks a million records

• Apple’s Planned Obsolescence: iOS 16, macOS Ventura Drop Support for Many Models

• Do you know what your supply chain is and if it is secure?

• Panel discussion at Consensus 2022: Is Web 3.0 more hype or reality?

• How Should I Think About Security When Considering Digital Transformation Projects?

• Helping Educational Institutions Align to NCAE-C

• Malicious apps continue to spread through the Google Play Store

• Facebook Says Apple is Too Powerful. They’re Right.

• How social engineering attacks are evolving beyond email

• Ireland is now a part of the Microsoft Government Security Program (GSP)

• UK ICO to retain millions in fines to meet legal expenses

• Zero trust adoption: Industry-specific challenges and implementation strategies

• Impact Podcast with John Shegerian Features NVIDIA’s Tonie Hansen

• 5 ways to prevent Ransomware attacks

• 72% of middle market companies expect to experience a cyberattack

• MaliBot: A New Android Banking Trojan Spotted in the Wild

• The challenges of managing increased complexity as hybrid IT accelerates

• Critical Flaw in Cisco Secure Email and Web Manager Lets Attackers Bypass Authentication

• The future is passwordless. What’s slowing it down?

• Grooming lies and their function in financial frauds

• Neustar Security Services UltraDNS2 improves resilience of infrastructure and services

• Feroot DomainGuard reduces risk associated with client-side attacks

• Incognia Location-based Liveness Spoofing Detection identifies fraudulent attempts to fake liveness

• Optiv MXDR enhances detection and response with expanded cloud integration

• Nebulon ImmutableBoot allows operations teams to protect their application infrastructure

• Cisco AppDynamics Cloud accelerates detection and resolution of performance issues

• Okera on Snowflake enables organizations to manage and utilize sensitive data

• Infoblox NIOS 8.6.2 provides enhanced multi-cloud integrations for customers

• SnapLogic platform enhancements simplify data preparation tasks for IT and business teams

• SecureKloud CloudEdge accelerates cloud deployment for enterprises

• Stop This California Bill that Bans Affordable Broadband Rules

Generated on 2022-06-17 23:55:27.289920

Liked it? Take a second to support IT Security News on Patreon!