IT Security News Daily Summary 2022-08-04

• Amazon, IBM Move Swiftly on Post-Quantum Cryptographic Algorithms Selected by NIST

• Research Shows the Annual Cost of API Security-related Breaches is Mind-blowing

• Time to Patch VMware Products Against a Critical New Vulnerability

• Ransomware review: July 2022

• How crypto tokens became as unsafe as payment cards once used to be

• Digital forms bring low-cost transparency, accessibility to city programs

• Thousands of GitHub Repositories Cloned in Supply Chain Attack

• HUD offers $2.8B for evidence-based homelessness solutions

• Protect your data and work from anywhere with this docking station

• If Bitcoiners Want Bitcoin To Make It Big, They Need DeFi

• High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover

• New Woody RAT used in attacks aimed at Russian entities

• Security Vulnerability In Dahua IP Cameras Could Allow Device Takeover

• Apple HR Allegedly Mishandled 15 Misconduct Complaints From Women

• 20 World’s Best Free Hacking Books For 2022

• A top Senate Democrat asks the defense watchdog to investigate a new batch of missing Jan. 6 texts

• National Cyber Director’s office sheds light on forthcoming cybersecurity strategy

• Amazon CSO Steve Schmidt talks prescriptive security for AWS

• How Email Security Is Evolving

• Unprotected Snapchat and Amex sites lead to credential harvesting

• Verizon: Mobile attacks up double digits from 2021

• S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]

• Everything You Need to Know About Web Pentesting: A Complete Guide

• How the cyber ambassador in waiting plans to control $1.5 billion for open networks

• One in three organizations now hit by weekly ransomware attacks

• Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

• #ISC2Congress: Piloting Teams While Under Pressure – Carey Lohrenz Will Speak as an (ISC)² Keynote

• The evolution of Zero Trust with AT&T: the ZTNA 2.0 advantage

• Bank Account details of about 280m Indian Citizens exposed on the web

• Disruptive Cyberattacks on NATO Member Albania Linked to Iran

• Report: Facebook Is Profiting Off Ads Featuring Abortion Misinformation

• Who Has Control: The SaaS App Admin Paradox

• How IT and security teams can work together to improve endpoint security

• Druva Touts $10m SaaS Data Protection Guarantee

• Scammers Sent Uber to Take Elderly Lady to the Bank

• F5 Releases Security Updates

• Cisco Releases Security Updates for RV Series Routers

• 2021 Top Malware Strains

• Taiwanese Government Sites Suffered DDoS Attacks Following Nancy Pelosi Visit

• Three XSS Bugs Can Cause Complete System Shutdown

• Cyberbullying vs. trolling: Here’s how to differentiate between them

• Ghost Security reinvents app security with unsupervised machine learning

• How to change Touch ID settings on a MacBook Pro

• Massive China-Linked Disinformation Campaign Taps PR Firm for Help

• F5 Releases Security Updates

• Cisco Releases Security Updates for RV Series Routers

• 2021 Top Malware Strains

• ZTNA: 4 Letters That Can Change the Dynamic of Your Business Landscape

• CREST and OWASP Partner on Verification Standard Program

• CREST membership body announces OWASP Verification Standard programme

• Critical RCE Bug Could Let Hackers Remotely Take Over DrayTek Vigor Routers

• Ransomware Task Force Releases SMB Blueprint For Defense And Mitigation

• North Korea-Backed Hackers Have A Clever Way To Read Your Gmail

• VMWare Urges Users To Patch Critical Authentication Bypass Bug

• Newly Launched Russian Spy Satellite Might Be Stalking A US Satellite

• Chinese Government Website Defaced Welcoming Pelosi To Taiwan

• Sony in-camera forgery proof technology available for Alpha 7 IV camera

• Italy, Intel Close To $5bn Chip Factory Agreement

• Cybersecurity and the Metaverse: Patrolling the New Digital World

• Protect domain-joined computer passwords with Windows’ Local Administrator Password Solution

• SMBs Exposed to Attacks by Critical Vulnerability in DrayTek Vigor Routers

• Gaming Sector Cyber-Attacks Up 167% in Last 12 Months

• Deep Instinct Pioneers Deep-Learning Malware Prevention to Protect Mission-Critical Business Applications at Scale

• The Myth of Protection Online — and What Comes Next

• Ping Identity to Go Private After $2.8B Acquisition

• New Woody RAT Malware Being Used to Target Russian Organizations

• Phishing campaign targets Coinbase wallet holders to steal cryptocurrency in real-time

• Ransomware protection with Malwarebytes EDR: Your FAQs, answered!

• VMware Patched Multiple Vulnerabilities Across Different Products

• UK Parliament Shutters TikTok Account Over Security Fears

• Security misconfigurations leave many enterprises exposed

• Critical Vulnerabilities Allow Hacking of Cisco Small Business Routers

• Cybersecurity Firm ZeroFox Begins Trading on Nasdaq via SPAC Deal

• The Secret to Automation? Eat the Elephant in Chunks.

• Startup Footprint Tackles Identity Verification

• Taiwan Government websites suffered DDoS attacks during the Nancy Pelosi visit

• Seeing the Dots, Connecting the Dots: How Government Can Unify Cybersecurity Efforts

• VMware introduces cloud workload protection for AWS

• Taiwanese military reports DDoS in wake of Pelosi visit

• TSMC Warns It Will Close Operations If China Invades Taiwan

• Hackers Exploited Atlassian Confluence Bug to Deploy Ljl Backdoor for Espionage

• SIKE Broken

• This cybersecurity stock is well-positioned for a recessionary environment, Stephens says

• VirusTotal Data Shows How Malware Distribution Leverages Legitimate Sites, Apps

• Taiwan Govt Websites Attacked During Pelosi Visit

• Cyber Readiness Measurement Firm Axio Raises $23 Million

• Secure Enterprise Browser Startup Talon Raises $100 Million

• Hackers stole $200 million from the Nomad crypto bridge

• Chinese government using phony sites and accounts to push message, new research finds

• Multiple Flaws in Cisco Small Business Routers Allow Remote Attackers to Execute Arbitrary Code

• IDC Survey Shows 70% Experienced Attack: How Secure is your Hybrid Data Center?

• Axio’s solution for quantifying cyber risk raises $22.5 million

• Talon Cyber Security secures remote working with an enterprise browser

• Robinhood Axes 23 Percent Of Jobs, Dismisses Talk Of Sale

• Zero-knowledge proof finds new life in the blockchain

• Initial Access Brokers – Key To Rise In Ransomware Attacks

• Alert! Large-Scale AiTM Attacks Targeting Enterprise Users

• Solana Funds Breached via Unknown Bug

• Don’t get singed by scammers while you’re carrying the torch for Tinder

• Users Still in the Dark Over $5m Theft From Blockchain Firm Solana

• COMMENT: ‘Hi Mum, Hi Dad’ Scams On The Rise – Britons Already Tricked Into Paying £1.5million

• 97% Of Top Universities Can’t Secure Email Domains – Expert Comments

• Solana Cyberattack – More Than 8,000 ‘Hot Wallets’ Drained

• Tom Cruise and the Leap Second – Intego Mac Podcast Episode 251

• Increase in Fake Tickets Being Sold by Cybercriminals on Social Media

• T-Mobile Retailer Found Guilty of $25m Fraud Scheme

• Ukraine Shutters Major Russian Bot Farm

• Experts Warn of Fake Football Ticket Scams

• Three Common Mistakes That May Sabotage Your Security Training

• Businesses lack visibility into run-time threats against mobile apps and APIs

• Cisco addressed critical flaws in Small Business VPN routers

• Do you know what your supply chain is and if it is secure?

• Student crashes Cloudflare beta party, redirects email, bags a bug bounty

• India scraps data protection law in favor of better law coming … sometime

• Cisco Business Routers Found Vulnerable to Critical Remote Hacking Flaws

• China to indulge in data security assessment for cross border data transfers

• Employee of T-Mobile hacks internal systems to unlock and unblock phones

• Another phishing attack that bypasses multi-factor authentication targets Microsoft email users

• UK Parliament bins its TikTok account over China surveillance fears

• 6 ways your cloud data security policies are slowing innovation – and how to avoid that

• The future of email threat detection

• Aviation Safety and Cybersecurity: Learning from Incidents

• Qualys CyberSecurity Asset Management 2.0 with EASM identifies unknown internet-facing assets

• Universities are at risk of email-based impersonation attacks

• A third of organizations experience a ransomware attack once a week

• How can organizations stay ahead of cybersecurity challenges?

• Akamai: Web application attacks are up against gamers by 167%

• Multiple Vulnerabilities on VMware Let Attackers Gain Admin Privileges

• Solana, Phantom blame Slope after millions in crypto-coins stolen from 8,000 wallets

• New Startup Footprint Tackles Identity Verification

• Avast One updates boost home network protection and digital safety guidance across platforms

• Fortinet announces FortiGate 4800F to improve security for hyperscale data centers and 5G networks

• Appdome ThreatScope brings attack and threat intelligence into the mobile DevOps CI/CD pipeline

• Rimini Protect provides zero-day security protection against known and unknown vulnerabilities

• Cyberbit Crisis Simulator enables organizations to prepare for cyber crisis scenarios

• GitHub blighted by “researcher” who created thousands of malicious projects

• Whistic collaborates with Cobalt to reduce risks that come from onboarding third-party applications

• Endace partners with Vectra to defend customers against advanced cyber threats

• CyberRes joins forces with Google Cloud to address data privacy regulations

• Sparrow’s new solutions and features help users identify vulnerabilities in source code and web applications

• Cost of a Data Breach: Banking and Finance

• Cobalt Strike Inspires Next-generation Crimeware

• Sending Spammers to Password Purgatory with Microsoft Power Automate and Cloudflare Workers KV

• Lessons from the Russian Cyber Warfare Attacks

• VirusTotal Reveals Apps Most Exploited by Hackers to Spread Malware

• Lawmakers push Biden for an order to root out dark money from federal contractors

• Amazon CSO Steve Schmidt preaches fungible resources, MFA

• Microsoft widens enterprise access to its threat intelligence pool

• IT Security News Daily Summary 2022-08-03

• How IT Teams Can Use ‘Harm Reduction’ for Better Cybersecurity Outcomes

• Woody RAT: A new feature-rich malware spotted in the wild

• Compliance Automation Startup RegScale Scores $20 Million Investment

• TMF announces over $26 million for three projects

• Averting the next pandemic with real-time health data

• 3G retirement blamed for some delayed Michigan election results

• Mixed reality headset helps measure forests

• Data-driven HR management faces uphill climb

• Critical RCE Bug in DrayTek Routers Opens SMBs to Zero-Click Attacks

• Ex-T-Mobile US store owner phished staff, raked in $25m from unlocking phones

• School Kid Uploads Ransomware Scripts to PyPI Repository as ‘Fun’ Project

• 8,000 Solana Wallets Drained Millions Worth of Crypto in Cyberattack

• Power semiconductor component manufacturer Semikron suffered a ransomware attack

• On the Legality of the Strike that Killed Ayman al-Zawahiri

• Cross-agency group explores where government should go next with identity verification

• NIST, CISA finalizing guidance for identity and access management post-SolarWinds

• Github “Supply Chain” Attack

• Zero-Day Defense: Tips for Defusing the Threat

• Cyberattackers Drain Nearly $6M From Solana Crypto Wallets

• China doesn’t play by the rules when it comes to cyber, says TrustedSec CEO David Kennedy

• Post-quantum cryptography – new algorithm “gone in 60 minutes”

• Manjusaka, a new attack tool similar to Sliver and Cobalt Strike

• Bank fraud scammers trick victims with claims of bogus Zelle transfers

• Sonatype shines light on typosquatting ransomware threat in PyPI

• Cyber Attack related 7 news headlines trending on Google

• Hackers steal almost $200 million from crypto firm Nomad

• Hackers Find Alternatives to Microsoft Office Macros

• The Microsoft Team Racing to Catch Bugs Before They Happen

• NetStandard attack should make Managed Service Providers sit up and take notice

• Tassat CEO Kevin Greene to Speak at the Sixth Annual Fintech Conference Hosted by the Federal Reserve Bank of Philadelphia

• How startup culture is creating a dangerous security gap in new companies

• Proofpoint Warns UK Universities Failing On Email Security

• What Personal Data Do Companies Track?

• How to Delete Old Accounts Containing Personal Information

• How to Stay One Step Ahead of Hackers

• 5 Steps to Removing Your Personal Information From the Internet

• Power Electronics Manufacturer Semikron Targeted in Ransomware Attack

• Robinhood Crypto Penalized $30M for Violating NY Cybersecurity Regulations

• VMware Releases Security Updates

• Single-Core CPU Cracked Post-Quantum Encryption Candidate Algorithm in Just an Hour

• 7 Ways to Keep Your Online Calls Encrypted and Secured

• Pulling security to the left: How to think about security before writing code

• Large-Scale Phishing Attacks Targeting Microsoft Enterprise Email Services

• Druva Introduces the Data Resiliency Guarantee of up to $10 Million

• ShiftLeft Appoints Prevention-First, Cybersecurity Visionary and AI/ML Pioneer Stuart McClure as CEO

• VMware Releases Security Updates

• Google fixed Critical Remote Code Execution flaw in Android

• OSCP Bonus Points Update: Sunsetting PEN-200 Legacy Course Exercises and a New Way to Achieve Points!

• The Three Key Competencies that Optimize Data Security Orchestration

• Microsoft Defender Experts for Hunting proactively hunts threats

• You can’t choose when you’ll be hit by ransomware, but you can choose how you prepare

• Ransomware Hit European Pipeline & Energy Supplier Encevo Linked to BlackCat

• Austrian Firm DSIRF Under Investigation for Allegedly Developing Spyware

• Instagram Head To Relocate To London After Backlash

• How a WAF Could Improve the Security of Your Linux Web Applications

• VMWare Urges Users to Patch Critical Authentication Bypass Bug

• IPFS phishing on the rise, makes campaign takedown more complicated

• CompTIA CEO Outlines Initiative to Create the Pre-eminent Destination to Start, Build and ‘Supercharge’ a Tech Career

• APIs attacked in 94% of companies in past year

• Bankrupt Celsius Network To Pay CFO $90,000 Per Month – Report

• Microsoft’s latest Windows 11 update improves Defender for Endpoint’s ransomware capabilities

• Missile Maker MBDA Refutes Hacking Allegations

• Netskope Acquires Infiot, Will Deliver Fully Integrated, Single-Vendor SASE Platform

• The Age Of Brain-Computer Interfaces Is On the Horizon

• Nancy Pelosi Ties Chinese Cyber-Attacks To Need For Taiwan Visit

• Hack Drains Over A Million Dollars From Solana Crypto Wallets

• Tonight We’re Gonna Log On Like It’s 1979

• Gootkit Loader: Targets Victims via Flawed SEO Tactics

• How federal agencies can integrate artificial intelligence into records management

• How to use Android’s lockdown mode and why you should

• Thoma Bravo to Acquire Ping Identity for $2.8 Billion

• 5 Ways Chess Can Inspire Strategic Cybersecurity Thinking

• I will take the Red (Hat) SLSA please: Introducing a framework for measuring supply chain security maturity

• Palo Alto Networks Unit 42 helps organizations respond to security alerts and potential threats

• Phishers use custom phishing kit to hijack MFA-protected enterprise Microsoft accounts

• Kimsuky Makes E-Mails Hacking Browser Extensions

• How to configure Dolibarr

• Ransomware Attacks Taking Toll on Security Professionals

• NortonLifeLock, Avast Merger Gains UK Approval

• Cybersecurity Financing Declined in Q2 2022, But Investors Optimistic

• A New Attack Easily Knocked Out a Potential Encryption Algorithm

• On-Demand Webinar: New CISO Survey Reveals Top Challenges for Small Cyber Security Teams

• VirusTotal Reveals Most Impersonated Software in Malware Attacks

• Update now! VMWare patches critical vulnerabilities in several products

• Taiwanese Websites Hit by DDoS Attacks Ahead of Nancy Pelosi’s Visit

• 94% of survey respondents experienced API security incidents in 2021

• How Deep Instinct uses deep-learning to advance malware prevention

• Time to update: Latest Google Chrome browser fixes 27 security flaws

• The Subversive Trilemma in Cyber Conflict and Beyond

• On the Legality of the Strike that Killed Anwar al-Zawahiri

• Why Aren’t More Companies Capitalizing on Packet Capture?

• What Makes A USB Bad – And How Should Organizations Resolve This Risk?

• Technical Support Scams – What to look out for

• Cybersecurity M&A Roundup: 39 Deals Announced in July 2022

• Thoma Bravo to acquire Ping Identity for $2.8 billion

• For months, JusTalk messages were accessible to everyone on the Internet

• #ISC2Congress: From National Security to Cartel Infiltration – Ciaran Martin and Robert Mazur to Keynote

• 94% of organizations experienced API security incidents in 2021

• Drone Deliveries into Prisons

• Twitter Seeks Financial Evidence Against Elon Musk And Subpoenas Banks

• NortonLifeLock and Avast $8.6b deal gets provisional yes from UK regulator

• Hacking Fears Delay UK’s Conservative Leadership Vote

• UK Clears Norton’s $8B Avast Cyber Security Takeover

• Nearly $200 Million Stolen From Cryptocurrency Bridge Nomad

• The Ever-Increasing Issue of Cyber Threats – and the Zero Trust Answer

• Google Paid Out $90,000 for Vulnerabilities Patched by Chrome 104

• Experts Insight On Taiwan Cyber Attacks

• Luxembourg Energy Companies Hit By Cyber Attack With Data Stolen

• Conservative Party Leadership Election Warned of Potentially Malicious Efforts to Alter the Result of Upcoming Election

• Cyber Attack On Taiwan’s Presidential Office, Amid Nancy Pelosi Visit

• Over 3,200 Apps Leak Twitter API Keys, Some Allowing Account Hijacks

• VMware: Patch this critical vulnerability immediately! (CVE-2022-31656)

• Check Point Software’s Mid-Year Security Report Reveals 42% Global Increase in Cyber Attacks with Ransomware the Number One Threat

• T-Mobile Retailer Guilty of $25m Fraud Scheme

• Taiwan Hit By Multiple DDoS Attacks Following Arrival of Pelosi

• Russia Killnet hackers launch a cyber attack on US Lockheed Martin

• Cyber threat to VMware customers

• Consumers benefit from virtual experiences but are concerned about tech fatigue and security

• Researchers Warns of Large-Scale AiTM Attacks Targeting Enterprise Users

• Enterprises face a multitude of barriers to securing diverse cloud environments

• Tory Leadership Voting Delayed Over Security Concerns

• Benefits of Security Camera Systems

• DDoS Attacks Pepper Taiwanese Government Sites

• How to protect yourself and your kids against device theft

• DDoS attacks in Q2 2022

• Cyber Security Management System (CSMS) for the Automotive Industry

• Singapore takes formal step towards setting up cyber defence unit

• Busting the Myths of Hardware Based Security

• Post-quantum crypto cracked in an hour with one core of an ancient Xeon

• Over 3,200 Mobile Apps are Exposing Twitter API Keys that Enable Account Take Overs

• Avast One steps up home network protection, digital safety guidance

• Nvidia releases security update for unsupported Windows 7 and 8.1 systems

• VMware Releases Patches for Several New Flaws Affecting Multiple Products

• Machine learning creates a new attack surface requiring specialized defenses

• CrowdStrike Announces Date of Fiscal Second Quarter 2023 Financial Results Conference Call

• Verizon Mobile Security Index 2022: Report Features Ivanti Insights and Reveals Unprecedented Increase in Mobile Attacks and Losses

• Security risks with using Free Step Tracking apps

• How to spot deep-faked candidates during interviews

• How to minimize your exposure to supply chain attacks

• Auto Industry at Higher Risk of Cyberattacks in 2023

• Traceable AI adds eBPF to its security platform to improve observability and visibility into all API activity

• Claroty xDome strengthens cyber and operational resilience for industrial enterprises

• eBook: Privileged Access Management for Dummies

• 87% of the ransomware found on the dark web has been delivered via malicious macros

• Nancy Pelosi ties Chinese cyber-attacks to need for Taiwan visit

• VIQ Solutions AccessPoint simplifies court recording management and distribution

• VIAVI Observer 18.8 accelerates cloud deployments and extends service visibility

• Scrut Automation Risk Management allows customers to prioritize and manage risks

• Microsoft 365 Backup: Myth‑Busting Session

• BittWare introduces new card and server-level solutions to drive memory improvements

• Shiftleft appoints Stuart McClure as CEO

• Query.AI names Matt Eberhart as CEO

• Netskope acquires Infiot to provide users with optimized connections between any enterprise location

• Accenture acquires Tenbu to expand data and AI capabilities across the cloud continuum

• Comcast Business collaborates with Fortinet to help enterprises protect their distributed workforces

• Tuned Global – 985,586 breached accounts

• VMware patches critical ‘make me admin’ auth bypass bug, plus nine other flaws

• New Linux Malware Surges, Surpassing Android

• How a crypto bridge bug led to a $200m ‘decentralized crowd looting’

Generated on 2022-08-04 23:55:41.666926