IT Security News Daily Summary 2022-08-10

• Why managed detection and response (MDR) adoption is growing among small businesses

• Carbon footprint data helps local authorities lower emissions

• Zero Trust Speeds Ransomware Response, Illumio-Bishop Fox Test Finds

• Cisco was hacked by the Yanluowang ransomware gang

• CISA issues cybersecurity toolkit for election officials

• Get Dashlane Premium password manager for 3 mo for $1

• As Black Hat kicks off, the US government is getting the message on hiring security talent

• Hackers have stolen $1.4 billion this year using crypto bridges. Here’s why it’s happening

• Top 5 best backup practices

• Many ZTNA, MFA Tools Offer Little Protection Against Cookie Session Hijacking Attacks

• Former CISA chief wants a new, cross-cutting new agency to lead federal cyber

• Semiconductor bill to fund 20 regional technology hubs

• Ethical hacking: How to conduct a Sticky Keys hack

• Is ethical hacking legal? And more ethical hacking advice

• Mimecast Announces Mimecast X1™ Platform Providing Customers With Email and Collaboration Security

• Rethinking Software in the Organizational Hierarchy

• 2022-08-08 – IcedID (Bokbot) with Cobalt Strike

• Organizations Warned of Critical Vulnerabilities in NetModule Routers

• Mimecast Announces Mimecast X1™ Platform Providing Customers With Email and Collaboration Security

• Palo Alto Networks Releases Security Update for PAN-OS

• How California Reproductive Health Workers Can Protect Information They Submit to the Government

• The Army is hunting for more soldier-connected tech

• Mimecast Announces Mimecast X1™ Platform Providing Customers With Email and Collaboration Security

• A Long-Awaited IoT Reverse Engineering Tool Is Finally Here

• Palo Alto Networks Releases Security Update for PAN-OS

• Intern with Lawfare!

• Maui ransomware linked to North Korean group Andariel

• Improve Threat Detection & Response with OCSF

• More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report

• Beeck Center’s Cori Zarek tapped for deputy post at USDS

• APIC/EPIC! Intel chips leak secrets even the kernel shouldn’t see…

• DeathStalker’s VileRAT Continues to Target Foreign and Crypto Exchanges

• Mimecast Announces Mimecast X1™ Platform Providing Customers With Email and Collaboration Security

• Risky Business: Enterprises Can’t Shake Log4j flaw

• What we know about VMWare CVE-2022–31656 and CVE-2022–31659

• Security vulnerabilities found in Intel and AMD processors

• Download New Kali Linux 2022.3

• Global Scam-as-a-service Operation “Classiscam” Target Users to Steal Payment Data

• Mimecast Announces Mimecast X1™ Platform Providing Customers With Email and Collaboration Security

• CISA Releases Cybersecurity Toolkit to Protect U.S. Elections

• Former Twitter Employee Found Guilty of Spying for Saudi Arabia

• Making Linux Kernel Exploit Cooking Harder

• Are cloud containers a sugar-coated threat?

• Is banning Chinese products in the name of National Security working for countries

• Google Fiber Plans US Network Expansion – Report

• Republicans are pushing back on the Biden administration’s infrastructure-fueled hiring spree

• Top malware of 2021 has been in use for years, CISA warns

• Google’s bug bounty boss: Finding and patching vulns? ‘Totally useless’

• NIST Post-Quantum Algorithm Finalist Cracked Using a Classical PC

• Cloudflare Also Targeted by Hackers Who Breached Twilio

• Cyber-criminals Shift From Macros to Shortcut Files to Hack Business PCs, HP Report

• Bugcrowd Taps Top Hackers for Live Hacking Event with Indeed at 2022 Black Hat Conference

• OPSWAT Presents New Malware Analysis Capabilities for Operational Technology at Black Hat USA 2022

• CISA Releases Cybersecurity Toolkit to Protect U.S. Elections

• Microsoft Patches Dogwalk Zero Day And 17 Critical Flaws

• Cloudflare: Someone Tried To Pull The Twilio Phishing Tactic On Us

• APIC Fail: Intel Sunny Cove Chips With SGX Spill Secrets

• Former Twitter Employee Convicted As Saudi Spy

• Ukrainian Website Threat Landscape Throughout 2022

• In U.S. v. Al-Nashiri the Government Is Rewarding Torture and Incentivizing Torturers

• We’re shifting investment focus towards security, says Akamai co-founder and CEO

• Hackers Breached Accounts of Twilio Users

• Samsung Unveils Two New Folding Smartphones

• Dave Piscitello in the Fight Against Phishing | Avast

• Biden signs semiconductor Bill, spurring hopes for new jobs and manufacturing around the U.S.

• HHS dedicates $90M to community health data modernization

• Cloudflare was the target of a sophisticated phishing attack. Here’s why it didn’t work

• The Security Pros and Cons of Using Email Aliases

• Deepfence ThreatMapper 1.4 Unveils Open Source Threat Graph to Visualize Cloud-Native Threat Landscape

• Experts found 10 malicious packages on PyPI used to steal developers’ data

• Is it Illegal to Scrape a Website for Content?

• Dark Utilities C2 as a service tool leverages IPFS, targets several operating systems

• Implementing security benchmarks with Red Hat Ansible Automation Platform

• Former Twitter Worker Convicted Of Spying For Saudi Arabia

• SASE – The Risk Of Over-rationalising

• A New SolidBit Ransomware Variant Hit Famous Games

• Number of Ransomware Attacks on Industrial Orgs Drops Following Conti Shutdown

• Zero Trust Provider Mesh Security Emerges From Stealth Mode

• How Bot and Fraud Mitigation Can Work Together to Reduce Risk

• Security Firm Finds Flaws in Indian Online Insurance Broker

• The Hacking of Starlink Terminals Has Begun

• Experts Uncover Details on Maui Ransomware Attack by North Korean Hackers

• Three Ransomware Gangs Consecutively Attacked The Same Network

• Cycode’s new software supply chain features identify vulnerabilities in all phases of the SDLC

• NetSPI unveils two open-source tools to assist defence teams in uncovering vulnerable network shares

• Veracode platform enhancements improve developers’ ability to secure software supply chains

• Gurucul’s poly-cloud and multi-cloud offering accelerates security teams’ ability to mitigate threats

• Deepfence ThreatMapper 1.4 empowers organizations to visualize cloud native threat landscape

• Cloudflare: Someone tried to pull the Twilio phishing tactic on us too

• Elon Musk Sells Tesla Shares Worth $6.9 Billion

• Emotet Tops List of July’s Most Widely Used Malware

• Flow Security Launches Next-Gen Data Security Platform Following $10 Million Seed Round

• Compliance Certifications: Worth the Effort?

• Hackers behind Twilio data breach also targeted Cloudflare employees

• Python Packages Discovered On The PyPI Repository

• Chinese Hackers Targeted Dozens Of Industrial Enterprises And Public Institution, Exper Weighs In

• Number Of Firms Unable To Access Cyber-Insurance Set To Double

• North Korea Linked APT: US Sanctions Crypto Mixer Tornado Cash

• UntitledFlow Security Launches Next-Gen Data Security Platform Following $10 Million Seed Round

• Sysdig incorporates machine learning to detect cryptojacking attempts

• Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws

• Dark Reading News Desk: Live at Black Hat USA 2022

• VirusTotal += Google

• Facebook At Centre Of US Teenager Home Abortion Case

• SAP Patches Information Disclosure Vulnerabilities in BusinessObjects

• UnRAR Vulnerability Exploited in the Wild, Likely Against Zimbra Servers

• Cyberattack Victims Often Attacked by Multiple Adversaries: Research

• Intel Patches Severe Vulnerabilities in Firmware, Management Software

• (ISC)² and F5 Examine OWASP’S “Top 10” Report on New Web Application Security Risks

• Security Automation Can Save You $3.05M in a Data Breach

• China calls out US semiconductor bill as anti-competitive

• MIRACL is One Cybersecurity Company to Watch in 2022

• Hackers Behind Twilio Breach Also Targeted Cloudflare Employees

• The Business of Hackers-for-Hire Threat Actors

• Details about the Twitter’s Insider Threat

• Finland Parliament witnesses Cyber Attack

• President Biden Signs $53 Billion US Chips Act

• July 2022’s Most Wanted Malware: Emotet Takes Summer Vacation but Definitely Not ‘Out-of-Office’

• Microsoft’s big Patch Tuesday fixes exploited zero-day flaw and 120 more bugs

• This company didn’t spot the flaw in their network. But three ransomware gangs did

• Predator Pleads Guilty After Targeting Thousands of Girls Online

• CISA adds UnRAR and Windows flaws to Known Exploited Vulnerabilities Catalog

• Top 7 Best Wholesale Liquidation Companies in the Canada

• Businesses should dump Windows for the Linux desktop

• Ransomware, stolen credentials and human error top Verizon’s 2022 data breach report

• AppOmni receives funding from Cisco Investments to expand SaaS coverage

• OPSWAT’s malware analysis capabilities protect ICS/OT environments against cyber threats

• WhatsApp Update To Allow Users To Leave Groups Silently

• Cybercriminals work 24/7  — so should your cybersecurity

• Network misconfigurations cost organizations 9% of annual revenue

• 3 Types of Network Attacks to Watch Out For

• Exploit Activity Surges 150% in Q2 Thanks to Log4Shell

• VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

• Unitree Robot Gun Carrying Dog Disabled by Remote Hacking Tool

• Hackers Use Open Redirect Vulnerabilities in Online Services to Deliver Phishing Content

• Meta Take Action Against Two Cyber Espionage Operations in South Africa

• SecurityScorecard provides a combination of services and platform to help CISOs manage cybersecurity risks

• Lacework strengthens threat detection capabilities to uncover more threats and speed investigation at scale

• Majority of SMBs lack 24/7 security operations to detect threats

• TrustedSite Halo Security help organizations protect data from external attackers

• Surge in CVEs as Microsoft Fixes Exploited Zero Day Bugs

• Benefits of Security Camera Systems

• From zero to hero in blockchain security – A CP workshop at DEF CON 30

• VMware warns of public PoC code for critical auth bypass bug CVE-2022-31656

• Cyber Security Management System (CSMS) for the Automotive Industry

• Microsoft Issues Patches for 121 Flaws, Including Zero-Day Under Active Attack

• CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems

• Keytos EZSmartCard enables organizations to go passwordless

• Back to school: Managing your high schooler’s digital milestones

• The challenges of managing the modern external attack surface

• Identity is the killer context: 4 ways to stay in control

• AWSGoat: Easy to deploy vulnerable AWS infrastructure for pentesters

• Real-world threat response: What are organizations doing wrong?

• Top malware of 2021 has been in use for years, CISA Warns

• SentinelOne Announces Date of Fiscal Second Quarter 2023 Financial Results Conference Call and Participation in Upcoming Investor Conferences

• University of Phoenix Lead Cybersecurity Faculty Stephanie Benoit-Kurtz to Keynote Women in Technology Event

• Kali Linux 2022.3 Released – What’s New !

• Cyber Threats – The New Norm in Data Security

• Jury Finds Ex-Twitter Worker Spied for Saudi Royals

• Software Development Pipelines Offer Cybercriminals ‘Free-Range’ Access to Cloud, On-Prem

• Cymulate improves risk visibility for businesses with new analytics capabilities

• BigID unveils automated end-to-end remediation capabilities for sensitive file access in the cloud

• NETSCOUT Arbor Insight enhances security and operational awareness for network operators

• Anomali platform updates help security teams profile the adversary

• 36% of orgs expose insecure FTP protocol to the internet, and some still use Telnet

• Kali Linux 2022.3 Released With Real-time Chat, Test Lab, and New Tools

• INVISV PGPP allows consumers to control their personal data

• Traceable AI announces enhanced data security capabilities to address more specific types of API attacks

• One of 5G’s Biggest Features Is a Security Minefield

• VERT Threat Alert: August 2022 Patch Tuesday Analysis

• Balbix integrates with ServiceNow to automate and improve cyber risk quantification

• guardDog.ai partners with VMware to protect users and networks from attempted cyberattacks

• Silobreaker and PolySwarm strengthen partnership to provide users with access to enriched data intelligence

• Darktrace and HackerOne join forces to help organizations close their security gap

• Vicarius vsociety enables peer-to-peer networking and open-source collaboration on vulnerability research

• Twitter data breach affects 5.4M users

• Can your EDR handle a ransomware attack? 6-point checklist for an anti-ransomware EDR

• Twilio breached after social engineering attack on employees

• 5 cybersecurity tips for students going back to school

• Microsoft Releases August 2022 Security Updates

• Microsoft Releases August 2022 Security Updates

• What We Do and Don’t Know about the FBI’s Mar-a-Lago Search

• Internet Society Foundation launches second round of innovation grants to advance internet connectivity

• ComplyAdvantage names Andrew Davies as Head of Regulatory Affairs

• Microsoft Patch Tuesday, August 2022 Edition

• One of 5G’s Biggest Features Is a Security Minefield

• VMware Releases Security Updates

• Adobe Releases Security Updates for Multiple Products

• Ransomware gangs move away from exploiting Microsoft Office macros

• VMware Releases Security Updates

• Adobe Releases Security Updates for Multiple Products

• Many orgs are still failing to address Log4j — here’s why

• How to reset your Windows 10 password when you forget it

• Patch Tuesday: Yet another Microsoft RCE bug under active exploit

• IT Security News Daily Summary 2022-08-09

• The best offense is a strong defense: Improve cloud security with visibility and zero trust segmentation

• How to move a data center

• Microsoft Patch Tuesday for August 2022 fixed actively exploited zero-day

• IRS free file figures into Senate Dems’ reconciliation bill

• Exploit Code Published for Critical VMware Security Flaw

• Microsoft Patches Zero-Day Actively Exploited in the Wild

• Microsoft fixes exploited zero-day in Windows Support Diagnostic Tool (CVE-2022-34713)

• Apache Kafka in Crypto and Finserv for Cybersecurity and Fraud Detection

• Why web apps need to improve secure service access

• VA systems vulnerable to cyber intrusions due to lack of effective oversight, report says

• Blueprint builds a ‘common language’ for ransomware protection

• Halo Security Emerges From Stealth With Full Attack Surface Management Platform

• CISA Adds Two Known Exploited Vulnerabilities to Catalog 

• IT pros weigh COVID-19 risks, safety at tech conferences

• CISA Adds Two Known Exploited Vulnerabilities to Catalog 

• Zero Trust Architecture: Adoption, Benefits, and Best Practices

• The OT Security Conundrum: Vulnerabilities, Skill Gaps, and Operational Silos

• Key parts of US laws are hard for the public to find and read

• Cities can apply for free monitoring of sewage for signs of monkeypox

• Google to add three APAC cloud regions as data demand climbs

• Already Exploited Zero-Day Headlines Microsoft Patch Tuesday

• Security Compliance & Data Privacy Regulations

• Big Takeaways From the FBI’s Mar-a-Lago Raid

• Bipartisan bill aims to use grants to increase drone usage for infrastructure assessment

• Kali Linux 2022.3 released: Packages for test labs, new tools, and a community Discord server

• The Story Behind the Linux Security Quick Reference Guide

• The 2-Minute Test for Kubernetes Pod Security

• VA names functional champion to help streamline embattled EHR rollout

• Virtual Currency Platform ‘Tornado Cash’ Accused of Aiding APTs

• ÆPIC Leak: Architectural Bug in Intel CPUs Exposes Protected Data

• Security Update Guide Notification System News: Create your profile now

• Abusing Kerberos for Local Privilege Escalation

• Researchers Debut Fresh RCE Vector for Common Google API Tool

• Cybrary Unveils Next-Generation Interactive, Hands-On Training Experience to Upskill Cybersecurity Professionals

• Nation-State Hackers Targeted Facebook in Cyber Espionage Attacks – Meta

• Amazon iRobot play takes ambient intelligence efforts to next level

• Microsoft Edge adds a new security layer for browsing ‘unfamiliar’ sites

• APIC fail: Intel ‘Sunny Cove’ chips with SGX spill secrets

• Adobe Patch Tuesday: Code Execution Flaws in Acrobat, Reader

• AMD Processors Expose Sensitive Data to New ‘SQUIP’ Attack

• Netscout Arbor Insight Leverages Patented ASI Technology to Enhance Security and Operational Awareness for Network Operators of Any Scale

• US Oil and Gas Sector at Risk of a Cyberbreach, According to BreachBits Study

• Russia-Ukraine Conflict Holds Cyberwar Lessons

• Domino’s Takes a Methodical Approach to IoT

• Raspberry Robin: Highly Evasive Worm Spreads over External Disks

• Experts linked Maui ransomware to North Korean Andariel APT

• What Is Encryption and Do You Need It?

• Chinese APT Hackers Target Govt & Defense Orgs Using New Windows Malware

• EaseUS Partition Master: Partition management software review

• New Malicious Python Libraries Found on PyPI Repository

• Twilio Suffers Data Breach After Employees Fall Victim to SMS Phishing Attack

• The Aftermath, Episode 4: A Bipartisan Interlude

• Global Scam Operation “Classiscam” Expanded to Singapore

• Hackers Targeted Facebook in Cyber Espionage Campaigns – Meta

• Privya Emerges From Stealth With Data Privacy Code Scanning Platform

• Top 6 e-signature software providers in 2022

• Lacework Updates Threat Detection To Uncover More Malicious Activity and Speed Investigation at Scale

• North Korean Hackers Target CryptoJob Seekers To Evade Western Countries Against Sections

• Asymmetric vs symmetric encryption: What’s the difference?

• US Treasury Sanctions Virtual Currency Mixer For Connections With Lazarus Group

• Malicious deepfakes used in attacks up 13% from last year, VMware finds

• Hackers Use Malware To Spy on Emails

• Technical support scam still alive and kicking

• Vulnerability scanning vs penetration testing: What’s the difference?

• ICS Patch Tuesday: Siemens, Schneider Electric Fix Only 11 Vulnerabilities

• Microsoft Publishes Office Symbols to Improve Bug Hunting

• Facebook Is Being Sued For $50 Million For Not Taking Down An Imposter Page

• Don’t Take the Cyber Safety Review Board’s Log4j Report at Face Value

• Chinese actors behind attacks on industrial enterprises and public institutions

• China-Linked Spies Used Six Backdoors To Steal Info From Defense, Industrial Enterprise Orgs

• Crypto And The US Government Are Headed For A Decisive Showdown

• Scientists Hid Encryption Key For Wizard Of Oz Text In Plastic Molecules

• Twilio Customer Data Exposed After Its Staffers Got Phished

• Chinese Scams Target Kids With Promise Of Extra Gaming Hours

• Sophos announces eight presentations at Black Hat USA 2022, BSides Las Vegas and DEF CON 30

• Patch Tuesday August 2022 – Microsoft Fixes 21 Vulnerabilities, Including a Zero-Day Bug

• Security for next generation telecommunication networks

• NetSPI rolls out 2 new open-source pen-testing tools at Black Hat

• Report Provides Updates on July’s Maui Ransomware Incident

• Human Threat Hunters Are Essential to Thwarting Zero-Day Attacks

• Will Europe Force a Facebook Blackout?

• The Advantages of Breach and Attack Simulation for Data Security

• The Pentagon’s plan to speed up software buying for weapons systems

• Microsoft’s fix for ‘data damage’ risk hits PC performance

• The Truth About False Positives in Security

• U.S. Sanctions Virtual Currency Mixer Tornado Cash for Alleged Use in Laundering

• Water Wars: Speaker Pelosi’s Taiwan Visit Ignites U.S.-China Tensions

• A Century-and-a-Half Look at the Waves of Global Terrorism

• Email Is The Single Biggest Threat To Businesses, And Here’s What You Can Do About It

• Why Data Security Is No Longer Optional (And How To Start)

• Submit Your Comments to NIST Regarding HIPAA Security

• North Korean Hackers Use Malware To Spy on Emails

• US Blacklists Tornado Cash, GitHub Removes Co-Founder in Response

• Privya develops solution to shift data security left, leaves stealth

• Twilio Suffers Phishing Attack, Compromising Customer Data – Expert Commentary

• Targeted Attacks On Industrial Enterprises And Public Institutions

• LogoKit update: The phishing kit leveraging open redirect vulnerabilities

• Cybersecurity: Why We’re Stronger Together

• Why Physical Security Should Be Part of a Cybersecurity Strategy

• Phishing Scam Exploit’s American Express, Snapchat Open-Redirect Threats

• Forecasting Metaverse Threats: Will it Become Metaworse?

• IBM Patches High-Severity Vulnerabilities in Cloud, Voice, Security Products

• Black Hat 2022: Ten Presentations Worth Your Time and Attention

• Zuckerberg Unveils New WhatsApp Privacy Features, Experts Weigh In

• Why Cybersecurity Needs to be a Part of Your ESG

• Twilio confirms data breach after its employees got phished

• Three ransomware gangs consecutively attacked the same network

• 16-31 July 2022 Cyber Attacks Timeline

• Spin Technology zeros-in on SaaS app security, raises $16M

• 10 Credential Stealing Python Libraries Found on PyPI Repository

• Controlling the Source: Abusing Source Code Management Systems

• 7-Eleven Stores in Denmark Close After Cyberattack

• 7 Different Ways Technology Has Changed the Way We Cook

• 7 Impressive Technological Storage Ideas to Organize Your Room

• US Lawmakers Kick Off Push For Federal Autonomous Vehicle Laws

• Information Commissioner To Investigate Targeted Gambling Ads

• Check Point Research: Education sector experiencing more than double monthly attacks, compared to other industries

• How to check if your PC has been hacked, and what to do next

• Health Adviser Fined After Illegally Accessing Medical Records

• US sanctioned crypto mixer Tornado Cash used by North Korea-linked APT

• Twilio Suffers Phishing Based Data Breach

• Twilio confirmes data breach after its employees got phished

• A Cyberattack Forced the Shutdown of 7-Eleven Stores in Denmark

• Beware of New Malware that Distributed through Compromised YouTube Accounts

• Andariel deploys DTrack and Maui ransomware

• Qualcomm Adds $4.2bn To GlobalFoundries Semiconductor Deal

• Nvidia Warns Of 44 Percent Drop In Gaming Sales

• Malicious file analysis – Example 01

• Why is device protection for kids valuable?

• Smishing Attack Led to Major Twilio Breach

• NHS Works To Restore 111 System After Cyber-Attack Causes Delays

• SoftBank Sells Off Uber Stake, Cuts Vision Fund Staff

• Number of Firms Unable to Access Cyber-Insurance Set to Double

• Chinese Hackers Targeted Dozens of Industrial Enterprises and Public Institutions

• Enterprises are actively consolidating security vendors and integrating technologies

• Cyber syndicates are working with amateur attackers to target businesses

• Looking for adding new detection technologies in your security products?

• BT Completes Carrier Aggregation Trial In Europe 5G First

• Phishing attack adds pressure with countdown clock

• Critical Vulnerability in Emergency Alert Systems of United States

• deBridge Finance confirms Lazarus hacking group behind Cyber Attack

• Understanding your attack surface is key to recognizing what you are defending

• Masscan – World’s Fastest Scanner – Scan the Entire Internet in Under 6 Minutes

• Introducing the book: If It’s Smart, It’s Vulnerable

• Dissecting Google’s Titan M chip: Vulnerability research challenges

• NetRise Platform provides continuous monitoring of XIoT firmware vulnerabilities

• HYAS Confront gives DevSecOps teams complete visibility into their production environment

• 5 key things we learned from CISOs of smaller enterprises survey

• Application Security Report 2022: Key Trends and Challenges

• US Sanctions Crypto ‘Laundering’ Service Tornado

• Chinese scammers target kids with promise of extra gaming hours

• Tata Communications enhances InstaCC platform to help users connect across varied channels

• 10 Malicious Code Packages Slither into PyPI Registry

• China-linked spies used six backdoors to steal info from defense, industrial enterprise orgs

• Hackers Compromise Employee Accounts to Access Twilio Internal Systems

• Auth0 (Okta) vs. Cognito

• A week in security (August 1 – August 7)

• KMSpico explained: No, KMS is not “kill Microsoft”

Generated on 2022-08-10 23:55:29.304708