IT Security News Daily Summary 2022-08-03

• How IT Teams Can Use ‘Harm Reduction’ for Better Cybersecurity Outcomes

• Woody RAT: A new feature-rich malware spotted in the wild

• Compliance Automation Startup RegScale Scores $20 Million Investment

• TMF announces over $26 million for three projects

• Averting the next pandemic with real-time health data

• 3G retirement blamed for some delayed Michigan election results

• Mixed reality headset helps measure forests

• Data-driven HR management faces uphill climb

• Critical RCE Bug in DrayTek Routers Opens SMBs to Zero-Click Attacks

• Ex-T-Mobile US store owner phished staff, raked in $25m from unlocking phones

• School Kid Uploads Ransomware Scripts to PyPI Repository as ‘Fun’ Project

• 8,000 Solana Wallets Drained Millions Worth of Crypto in Cyberattack

• Power semiconductor component manufacturer Semikron suffered a ransomware attack

• On the Legality of the Strike that Killed Ayman al-Zawahiri

• Cross-agency group explores where government should go next with identity verification

• NIST, CISA finalizing guidance for identity and access management post-SolarWinds

• Github “Supply Chain” Attack

• Zero-Day Defense: Tips for Defusing the Threat

• Cyberattackers Drain Nearly $6M From Solana Crypto Wallets

• China doesn’t play by the rules when it comes to cyber, says TrustedSec CEO David Kennedy

• Post-quantum cryptography – new algorithm “gone in 60 minutes”

• Manjusaka, a new attack tool similar to Sliver and Cobalt Strike

• Bank fraud scammers trick victims with claims of bogus Zelle transfers

• Sonatype shines light on typosquatting ransomware threat in PyPI

• Cyber Attack related 7 news headlines trending on Google

• Hackers steal almost $200 million from crypto firm Nomad

• Hackers Find Alternatives to Microsoft Office Macros

• The Microsoft Team Racing to Catch Bugs Before They Happen

• NetStandard attack should make Managed Service Providers sit up and take notice

• Tassat CEO Kevin Greene to Speak at the Sixth Annual Fintech Conference Hosted by the Federal Reserve Bank of Philadelphia

• How startup culture is creating a dangerous security gap in new companies

• Proofpoint Warns UK Universities Failing On Email Security

• What Personal Data Do Companies Track?

• How to Delete Old Accounts Containing Personal Information

• How to Stay One Step Ahead of Hackers

• 5 Steps to Removing Your Personal Information From the Internet

• Power Electronics Manufacturer Semikron Targeted in Ransomware Attack

• Robinhood Crypto Penalized $30M for Violating NY Cybersecurity Regulations

• VMware Releases Security Updates

• Single-Core CPU Cracked Post-Quantum Encryption Candidate Algorithm in Just an Hour

• 7 Ways to Keep Your Online Calls Encrypted and Secured

• Pulling security to the left: How to think about security before writing code

• Large-Scale Phishing Attacks Targeting Microsoft Enterprise Email Services

• Druva Introduces the Data Resiliency Guarantee of up to $10 Million

• ShiftLeft Appoints Prevention-First, Cybersecurity Visionary and AI/ML Pioneer Stuart McClure as CEO

• VMware Releases Security Updates

• Google fixed Critical Remote Code Execution flaw in Android

• OSCP Bonus Points Update: Sunsetting PEN-200 Legacy Course Exercises and a New Way to Achieve Points!

• The Three Key Competencies that Optimize Data Security Orchestration

• Microsoft Defender Experts for Hunting proactively hunts threats

• You can’t choose when you’ll be hit by ransomware, but you can choose how you prepare

• Ransomware Hit European Pipeline & Energy Supplier Encevo Linked to BlackCat

• Austrian Firm DSIRF Under Investigation for Allegedly Developing Spyware

• Instagram Head To Relocate To London After Backlash

• How a WAF Could Improve the Security of Your Linux Web Applications

• VMWare Urges Users to Patch Critical Authentication Bypass Bug

• IPFS phishing on the rise, makes campaign takedown more complicated

• CompTIA CEO Outlines Initiative to Create the Pre-eminent Destination to Start, Build and ‘Supercharge’ a Tech Career

• APIs attacked in 94% of companies in past year

• Bankrupt Celsius Network To Pay CFO $90,000 Per Month – Report

• Microsoft’s latest Windows 11 update improves Defender for Endpoint’s ransomware capabilities

• Missile Maker MBDA Refutes Hacking Allegations

• Netskope Acquires Infiot, Will Deliver Fully Integrated, Single-Vendor SASE Platform

• The Age Of Brain-Computer Interfaces Is On the Horizon

• Nancy Pelosi Ties Chinese Cyber-Attacks To Need For Taiwan Visit

• Hack Drains Over A Million Dollars From Solana Crypto Wallets

• Tonight We’re Gonna Log On Like It’s 1979

• Gootkit Loader: Targets Victims via Flawed SEO Tactics

• How federal agencies can integrate artificial intelligence into records management

• How to use Android’s lockdown mode and why you should

• Thoma Bravo to Acquire Ping Identity for $2.8 Billion

• 5 Ways Chess Can Inspire Strategic Cybersecurity Thinking

• I will take the Red (Hat) SLSA please: Introducing a framework for measuring supply chain security maturity

• Palo Alto Networks Unit 42 helps organizations respond to security alerts and potential threats

• Phishers use custom phishing kit to hijack MFA-protected enterprise Microsoft accounts

• Kimsuky Makes E-Mails Hacking Browser Extensions

• How to configure Dolibarr

• Ransomware Attacks Taking Toll on Security Professionals

• NortonLifeLock, Avast Merger Gains UK Approval

• Cybersecurity Financing Declined in Q2 2022, But Investors Optimistic

• A New Attack Easily Knocked Out a Potential Encryption Algorithm

• On-Demand Webinar: New CISO Survey Reveals Top Challenges for Small Cyber Security Teams

• VirusTotal Reveals Most Impersonated Software in Malware Attacks

• Update now! VMWare patches critical vulnerabilities in several products

• Taiwanese Websites Hit by DDoS Attacks Ahead of Nancy Pelosi’s Visit

• 94% of survey respondents experienced API security incidents in 2021

• How Deep Instinct uses deep-learning to advance malware prevention

• Time to update: Latest Google Chrome browser fixes 27 security flaws

• The Subversive Trilemma in Cyber Conflict and Beyond

• On the Legality of the Strike that Killed Anwar al-Zawahiri

• Why Aren’t More Companies Capitalizing on Packet Capture?

• What Makes A USB Bad – And How Should Organizations Resolve This Risk?

• Technical Support Scams – What to look out for

• Cybersecurity M&A Roundup: 39 Deals Announced in July 2022

• Thoma Bravo to acquire Ping Identity for $2.8 billion

• For months, JusTalk messages were accessible to everyone on the Internet

• #ISC2Congress: From National Security to Cartel Infiltration – Ciaran Martin and Robert Mazur to Keynote

• 94% of organizations experienced API security incidents in 2021

• Drone Deliveries into Prisons

• Twitter Seeks Financial Evidence Against Elon Musk And Subpoenas Banks

• NortonLifeLock and Avast $8.6b deal gets provisional yes from UK regulator

• Hacking Fears Delay UK’s Conservative Leadership Vote

• UK Clears Norton’s $8B Avast Cyber Security Takeover

• Nearly $200 Million Stolen From Cryptocurrency Bridge Nomad

• The Ever-Increasing Issue of Cyber Threats – and the Zero Trust Answer

• Google Paid Out $90,000 for Vulnerabilities Patched by Chrome 104

• Experts Insight On Taiwan Cyber Attacks

• Luxembourg Energy Companies Hit By Cyber Attack With Data Stolen

• Conservative Party Leadership Election Warned of Potentially Malicious Efforts to Alter the Result of Upcoming Election

• Cyber Attack On Taiwan’s Presidential Office, Amid Nancy Pelosi Visit

• Over 3,200 Apps Leak Twitter API Keys, Some Allowing Account Hijacks

• VMware: Patch this critical vulnerability immediately! (CVE-2022-31656)

• Check Point Software’s Mid-Year Security Report Reveals 42% Global Increase in Cyber Attacks with Ransomware the Number One Threat

• T-Mobile Retailer Guilty of $25m Fraud Scheme

• Taiwan Hit By Multiple DDoS Attacks Following Arrival of Pelosi

• Russia Killnet hackers launch a cyber attack on US Lockheed Martin

• Cyber threat to VMware customers

• Consumers benefit from virtual experiences but are concerned about tech fatigue and security

• Researchers Warns of Large-Scale AiTM Attacks Targeting Enterprise Users

• Enterprises face a multitude of barriers to securing diverse cloud environments

• Tory Leadership Voting Delayed Over Security Concerns

• Benefits of Security Camera Systems

• DDoS Attacks Pepper Taiwanese Government Sites

• How to protect yourself and your kids against device theft

• DDoS attacks in Q2 2022

• Cyber Security Management System (CSMS) for the Automotive Industry

• Singapore takes formal step towards setting up cyber defence unit

• Busting the Myths of Hardware Based Security

• Post-quantum crypto cracked in an hour with one core of an ancient Xeon

• Over 3,200 Mobile Apps are Exposing Twitter API Keys that Enable Account Take Overs

• Avast One steps up home network protection, digital safety guidance

• Nvidia releases security update for unsupported Windows 7 and 8.1 systems

• VMware Releases Patches for Several New Flaws Affecting Multiple Products

• Machine learning creates a new attack surface requiring specialized defenses

• CrowdStrike Announces Date of Fiscal Second Quarter 2023 Financial Results Conference Call

• Verizon Mobile Security Index 2022: Report Features Ivanti Insights and Reveals Unprecedented Increase in Mobile Attacks and Losses

• Security risks with using Free Step Tracking apps

• How to spot deep-faked candidates during interviews

• How to minimize your exposure to supply chain attacks

• Auto Industry at Higher Risk of Cyberattacks in 2023

• Traceable AI adds eBPF to its security platform to improve observability and visibility into all API activity

• Claroty xDome strengthens cyber and operational resilience for industrial enterprises

• eBook: Privileged Access Management for Dummies

• 87% of the ransomware found on the dark web has been delivered via malicious macros

• Nancy Pelosi ties Chinese cyber-attacks to need for Taiwan visit

• VIQ Solutions AccessPoint simplifies court recording management and distribution

• VIAVI Observer 18.8 accelerates cloud deployments and extends service visibility

• Scrut Automation Risk Management allows customers to prioritize and manage risks

• Microsoft 365 Backup: Myth‑Busting Session

• BittWare introduces new card and server-level solutions to drive memory improvements

• Shiftleft appoints Stuart McClure as CEO

• Query.AI names Matt Eberhart as CEO

• Netskope acquires Infiot to provide users with optimized connections between any enterprise location

• Accenture acquires Tenbu to expand data and AI capabilities across the cloud continuum

• Comcast Business collaborates with Fortinet to help enterprises protect their distributed workforces

• Tuned Global – 985,586 breached accounts

• VMware patches critical ‘make me admin’ auth bypass bug, plus nine other flaws

• New Linux Malware Surges, Surpassing Android

• How a crypto bridge bug led to a $200m ‘decentralized crowd looting’

• Vulnerability Summary for the Week of July 25, 2022

• Taiwanese President and Top Govt Sites Hit by DDoS Attacks Amid Pelosi visit

• Universities Put Email Users at Cyber Risk

• Thousands of Mobile Apps Leaking Twitter API Keys

• Vulnerability Summary for the Week of July 25, 2022

• Black Kite: Cost of data breach averages $15 million

• Large Language AI Models Have Real Security Benefits

• Bitcoin Fog Case Could Put Cryptocurrency Tracing on Trial

• Troy Leach joins Cloud Security Alliance as Chief Strategy Officer

• Al-Qaeda after al-Zawahiri

• IT Security News Daily Summary 2022-08-02

• Civic engagement takes off with digital survey and respect for community feedback

• Massive New Phishing Campaign Targets Microsoft Email Service Users

• Check Point announces its Azure Virtual WAN security solution

• It’s time for digital self-sovereign identity

• New Microsoft tools aim to protect expanding attack surface

• From Babuk Source Code to Darkside Custom Listings — Exposing a Thriving Ransomware Marketplace on the Dark Web

• Senate passes bill to root out conflicts of interest in federal contracting

• Ukraine Wants Facebook To Stop “Unfair” Blocking Of Posts

• Manufacturing Sector in 2022 Is More Vulnerable to Account Compromise and Supply Chain Attacks in the Cloud than Other Verticals

• CBP’s facial recognition program at airports is expanding but concerns remain

• No SOCKS, No Shoes, No Malware Proxy Services!

• Axis Raises the Bar With Modern-Day ZTNA Service that Boasts Hyper-Intelligence, Simplicity, and 350 Global Edges

• Robinhood’s crypto unit hit with $30m fine over security, anti-crime misses

• Inside Windows Defender System Guard Runtime Monitor

• State and local law enforcement may get drone detection authority

• Zawahiri’s Legacy and the Prospects for an al-Qaeda Revival

• T-Mobile Store Owner Made $25M Using Stolen Employee Credentials

• How cybercrims embrace messaging apps to spread malware, communicate

• Microsoft Launches New External Attack Surface Audit Tool

• Controlling access in today’s digital-first world: Why it really, really matters

• Spanish Research Center Suffers Cyberattack Linked to Russia

• SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant

• Securing Our Nation: How the Infrastructure Investment and Jobs Act Delivers on Cyber Resiliency

• July another down month in ransomware attack disclosures

• Threat groups embrace messaging apps to spread malware, communicate

• Coast Guard wants better internet on its ships, and more recruits

• How to remove and overwrite all data on a hard drive for free in Windows 11

• Microsoft Intros New Attack Surface Management, Threat Intel Tools

• VMware fixed critical authentication bypass vulnerability

• The Past, Present and Future of Endpoint Management Solutions

• NACo guide demystifies GIS for elected leaders

• Cryptocoin “token swapper” Nomad loses $200 million in coding blunder

• Capital One Breach Conviction Exposes Scale of Cloud Entitlement Risk

• The Forensic Technology Behind Your Favourite T.V Detectives

• The dos and don’ts of startup security: How to develop a security plan

• Getting Your Kids Ready for School—And Their Smartphones Too

• Insider risk: Employees are your biggest cyberthreat (and they may not even know it)

• European Missile Maker MBDA Denies Hackers Breached Systems

• VMware Ships Urgent Patch for Authentication Bypass Security Hole

• Chinese Hackers Using New Manjusaka Hacking Framework Similar to Cobalt Strike

• Social Media Used to Target Victims of Investment Scams

• How Leaked Twitter API Keys Can be Used to Build a Bot Army

• Taiwan Presidential Office website comes under Cyber Attack

• Deception at a scale

• Microsoft’s new security tool lets you to see your systems like a hacker would

• The importance of data security in the enterprise

• Data masking vs. data encryption: How do they differ?

• LockBit Ransomware Exploits Windows Defender to Sideload Cobalt Strike Payload

• Incognia Mobile App Study Reveals Low Detection of Location Spoofing in Dating Apps

• VirusTotal: Threat Actors Mimic Legitimate Apps, Use Stolen Certs to Spread Malware

• Security alerts: Not all vulnerabilities are created equal

• BlackCloak Bolsters Malware Protection With QR Code Scanner and Malicious Calendar Detection Features

• Spain Nabs Two For Allegedly Hacking Radiation Alert System

• Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

• Microsoft goes all-in on threat intelligence and launches two new products

• Yubico Expands YubiKey Access in U.S. through the AWS Marketplace

• Start as you mean to go on: the top 10 steps to securing your new computer

• Google Patches Critical Android Bluetooth Flaw in August Security Bulletin

• Didi Fined $1.2 Billion for Violating Data Security Laws

• Bot army risk as 3,000+ apps found spilling Twitter API keys

• LockBit Ransomware Exploits Windows Defender to Load Cobalt Strike Payloads

• Cybrary Raises $25 Million to Tackle Cybersecurity Workforce Training

• Guest blog: The death throes of the password? Key takeaways from the One Identity Infosecurity Europe survey

• Everything You Should Know About Android App Development

• FCC Alerts American Users About Rising Smishing Attacks

• Dark Web Research Suggests 87% of Ransomware brands Exploit Malicious Macros

• CREST Defensible Penetration Test Released

• 5 Steps to Becoming Secure by Design in the Face of Evolving Cyber Threats

• Post-Quantum Encryption Contender Is Taken Out By Single-Core PC And 1 Hour

• CIA Likely Used Ninja Bomb To Kill Terrorist Leader Ayman al-Zawahiri

• U.S. Crypto Firm Nomad Hit By $190 Million Theft

• Lawsuit Claims Facebook Scraping Data From Hospital Sites

• Largest DDoS Attack Ever – 659.6 Million Packets Per Second

• A top senate democrat has asked DOJ to investigate missing Jan. 6 text messages

• US Websites Targeted by 40% of the Bad Bot Traffic Worldwide

• Armis aims to improve financial services cyber resilience with UK Finance membership

• NorseCorp Interviews Tim Harrison: Top 5 Esports Titles Worth Your Attention

• Microsoft announces new solutions for threat intelligence and attack surface management

• Microsoft goes all in on threat intelligence and launches two new products

• Cybrary confronts the cyberskills gap head on; raises $25M

• Reported ransomware attacks are just the tip of the iceberg. That’s a problem for everyone

• Track adversaries and improve posture with Microsoft threat intelligence solutions

• Google Patches Critical Android Flaw Allowing Remote Code Execution via Bluetooth

• Go-Based Apps Vulnerable to Attacks Due to URL Parsing Issue

• What is ransomware and how can you defend your business from it?

• New ‘ParseThru’ Parameter Smuggling Vulnerability Affects Golang-based Applications

• LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender

• “ParseThru” vulnerability allows unauthorized access to cloud-native applications

• State Policymakers Tackling Cyber Issues Including Ransomware

• How Secure Is the Average Application?

• Google Patches Critical Android Flaw

• Surveillance of Your Car

• Hackers drain nearly $200 million from crypto startup in ‘free-for-all’ attack

• Cybersecurity for banks – Securing bank IoT network & devices against attacks

• Be careful what you download: 17 password-stealing Android apps removed from Google Play

• UK cinema chains trial digital ID age verification

• French Publishers Sue Apple In Latest Case Over App Store Rules

• Alibaba Will ‘Strive’ To Maintain New York Listing

• Tripwire Patch Priority Index for July 2022

• Luxembourg Energy Company Hit by Ransomware

• US Indicts Russian Accused of Promoting California’s Secession

• BlackCat Ransomware Says It’s Behind the Attack on Creos Luxembourg S.A.

• Miscreants aim to cause Discord discord with malicious npm packages

• Ex-Driver Sues Uber Eats Over ‘Racist’ Facial Recognition System

• Zomato Reduces Loss Amidst Investor Gloom Around Food Delivery

• Thousands of Apps Leaking Twitter API Keys

• North Korean Hackers Use Malicious Extensions on Chromium-based Web Browsers to Spy on User Accounts

• 3,200 Mobile Apps Leaking Twitter API Keys – Expert Comments

• BlackCat Ransomware Hits European Gas Pipeline

• Reliance Jio Top Bidder As India 5G Spectrum Auction Concludes

• SEC Charges Founders Of Crypto Group Forsage With Fraud

• UK’s Top 10 Universities Failing on DMARC

• LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload

• CREST Defensible Penetration Test helps service providers and their clients work effectively

• Online payment fraud losses accelerate at an alarming rate

• Austria investigates DSIRF firm for allegedly developing Subzero spyware

• Gootkit AaaS malware is still active and uses updated tactics

• Looking for adding new detection technologies in your security products?

• US Considers Sanctions On Chinese Memory Chip Makers

• 24-Year-Old Australian Hacker Arrested For Creating and Selling Spyware

• Twitter API Keys exposed by over 3000+ mobile applications

• T Mobile to offer data priority services to first responders

• SimpleRisk: Enterprise risk management simplified

• State of cybersecurity funding in the first half of 2022

• How AI and cybersecurity complement each other

• Browser synchronization abuse: Bookmarks as a covert data exfiltration channel

• Mecho Download – 437,928 breached accounts

• Burnout and attrition impact tech teams sustaining modern digital systems

• Exploring ESG Through a GRC Lens

• Android Apps on Google Play Store to Distribute Banking Malware as Document Scanners

• RevBits Secure Email Gateway provides end-to-end email security

• Reflections on the Death of Ayman al-Zawahiri

• Charges filed over $300m ‘textbook pyramid and Ponzi scheme’ crypto startup

• What is Dark Data, and how can we find it?

• Resecurity partners with CFBD to mitigate risk for Peruvian enterprises

Generated on 2022-08-03 23:55:39.559430