IT Security News Daily Summary 2022-08-12

• Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders

• The Most Relevant Ransomware Statistics and Facts of 2022

• Intel increases its arsenal against physical hardware attacks

• Patch Madness: Vendor Bug Advisories Are Broken, So Broken

• Zoom’s Auto-Update Feature Came With Hidden Risks on Mac

• Mar-a-Lago Raid Warrant Unsealed

• Software Supply Chain Chalks Up a Security Win With New Crypto Effort

• Where’s Rudy? A Fulton County Court Wants to Know

• A Quick Take on the FTC’s Privacy and Security Rulemaking

• Trump’s Lawyers Say He Will Not Oppose Mar-a-Lago Warrant Unsealing

• The Building Blocks of Zero Trust Security Architectures on AWS

• How cross-operational teams can improve security posture

• US reveals ‘Target’ pic of Conti man with $10m reward offer

• Almost 2,000 data breaches reported for the first half of 2022

• Ways That VoIP Technology Is Impacting Marketplaces and How to Adapt

• Back to School: Tech Savvy vs. Cyber Savvy

• A former watchdog has ideas on dealing with poorly performing inspectors general

• Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics

• Killnet Releases ‘Proof’ of its Attack Against Lockheed Martin

• Microsoft trumps Google for 2021-22 bug bounty payouts

• Here’s What Trump’s ‘Nuclear Documents’ Could Be

• The US offers a $10M rewards for info on the Conti ransomware gang’s members

• The truth about quantum risk cryptography and being ‘quantum safe’

• Domain-based Message Authentication, Reporting and Conformance (DMARC)

• FTC contemplates rules to protect against commercial surveillance and lax data privacy

• Meta Tests Encrypted Backups and End-to-End Encryption in Facebook Messenger

• Latest Cyberthreats and Advisories – August 5, 2022

• The dos and don’ts of startup security: How to develop a security plan

• Researchers Found Series of Vulnerabilities in the Software Underlying Microsoft Teams & Other Apps

• Best penetration testing tools: 2022 buyer’s guide

• Ransomware Gang Hacks Cisco

• Zeppelin Ransomware alert issued by FBI

• CRN Honors Arcserve’s CEO Brannon Lacey as an Innovator on its 2022 Top 100 Executives List

• LATEST CYBERTHREATS AND ADVISORIES – AUGUST 12, 2022

• Crucial Cybersecurity Software Features (2022)

• Senators urge DOJ to flex debarment authority

• Novel Ransomware Comes to the Sophisticated SOVA Android Banking Trojan

• Sounding the Alarm on Emergency Alert System Flaws

• Intel ups protection against physical chip attacks in Alder Lake

• CISA, FBI Warn Organizations of Zeppelin Ransomware Attacks

• US Government Shares Photo of Alleged Conti Ransomware Associate

• Xiaomi Smartphone Vulnerabilities Could Lead to Forged Payments

• FTC Kicks Off Potentially Massive New Regulation On Commercial Surveillance

• Google Ordered To Pay $43m By Australian Court

• Safety first: how to tweak the settings on your dating apps

• Black Hat 2022‑ Cyberdefense in a global threats era

• SolidBit Ransomware Group Recruiting New Affiliates on Dark Web

• How to Clear Security Obstacles and Achieve Cloud Nirvana

• Xiaomi Phones with MediaTek Chips Found Vulnerable to Forged Payments

• Twitter Exposes Personal Information for 5.4 Million Accounts

• Hacker Uses New RAT Malware in Cuba Ransomware Attacks

• Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’

• Realtek SDK Vulnerability Exposes Routers From Many Vendors to Remote Attacks

• Microsoft Paid $13.7 Million via Bug Bounty Programs Over Past Year

• Schedule F: An Unwelcome Resurgence

• A Road Map for Tech Policy Experimentation

• Emergency services call-handling provider: Ransomware forced it to pull servers offline

• Hacker Touts Data Sale Of 48.5m Users Of Covid App – Report

• LATEST CYBERTHREATS AND ADVISORIES – AUGUST 12, 2022

• Facebook Tests Default End-to-End Encryption For Messenger

• FTC Looking at Rules to Corral Tech Firms’ Data Collection

• #BHUSA: Bug Bounty Botox – Why You Need a Security Process First

• #BHUSA: Failure to Challenge is a Social Engineering Risk

• U.S. Government Offers $10 Million Reward for Information on Conti Ransomware Gang

• A Taxonomy of Access Control

• UK NHS Hit with Ransomware Attack

• Avoid the worst of the internet with cyber hygiene

• Intel Introduces Protection Against Physical Fault Injection Attacks

• Black Hat USA 2022 – Announcements Summary

• Zero-Day Vulnerability Exploited to Hack Over 1,000 Zimbra Email Servers

• Security Researchers Dig Deep Into Siemens Software Controllers

• FBI, CISA warn over ransomware gang that can make million dollar demands

• #BHUSA: What has Changed in the Post-Stuxnet Era?

• US Unmasks Suspected Conti Ransomware Actor

• Facebook Testing Default End-to-End Encryption and Encrypted Backup in Messenger

• Recovery From NHS Attack Could Take Weeks

• Vulnerabilities on Xiaomi’s mobile payment mechanism which could allow forged transactions : A Check Point Research analysis

• 2022 Threat Report

• Ransomware Prevention and Remediation

• Ransomware attack blamed for closure of all 7-Eleven stores in Denmark

• Zeppelin Ransomware Victims May Need Multiple Decryption Keys

• Fast and Secure VPN on a Budget? Private Internet Access VPN Has You Covered

• Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions

• Recovery From NHS Ransomware Attack May Take a Month

• Malicious PyPI packages drop ransomware, fileless malware

• 25% of employees don’t care enough about cybersecurity to report a security incident

• Online Platforms Should Stop Partnering with Government Agencies to Remove Content

• Why Cyber Security Is Essential For Digital Marketers & PR Specialists?

• Fake Elon Musk TeslaCoin investment scam costs victims at least $250

• Pay with just your palm at Whole Foods

• Industry All-Stars Take Stage at International Cyber Expo’s Global Cyber Summit

• Experts warn of mass exploitation of an RCE flaw in Zimbra Collaboration Suite

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows ?

• Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability

• NHS Ransomware attack to be seriously probed

• Amazon, IBM and Cloudflare joining alliance to thwart Cyber Threats

• Event-Driven Architectures & the Security Implications

• Ex-Twitter Employee Found Guilty of Sharing User’s Private Information to Saudi Arabia

• BazarCall attacks have revolutionized ransomware operations

• How bad actors are utilizing the InterPlanetary File Systems (IPFS)

• New infosec products of the week: August 12, 2022

• The impact of exploitable misconfigurations on network security

• Organizations would like the government to help with ransomware demand costs

• Ransomware is not going anywhere: Attacks are up 24%

• Credential harvesting: Is it too big of an attack or can you fight back?

• Supply Chain Cybersecurity – the importance of everyone

• MiniTool Power Data Recovery 11.3 helps users with various data loss situations

• Tidal Cyber Community Edition platform enables businesses to optimize their cyber defenses

• Dynatrace platform enhancements detect vulnerabilities in runtime environments

• 1. Cracking the Hackers: How to Build a 100% Engaged Human Firewall

• FAANGs failing on keeping user data safe from bug hunters

• ArmorCode integrates with Traceable AI to improve application security posture for organizations

• Update now! Microsoft fixes two zero-days in August’s Patch Tuesday

• Slack flaw exposed users’ hashed passwords

• Krebs: Taiwan, Geopolitical Headwinds Loom Large

• Microsoft: We Don’t Want to Zero-Day Our Customers

• An eighties classic – Zero Trust

• Ken Naumann joins NetWitness as CEO

• Arkose Labs expands leadership team with new appointments

• Mesh Security raises $4.5 million to help companies drive zero trust in the cloud

• Higher risks and premiums are creating critical gap in cyber insurance

• Supply-Chain Security Startup Phylum Wins the First Black Hat Innovation Spotlight

• After Colonial Pipeline, Critical Infrastructure Operators Remain Blind to Cyber-Risks

• Security needs to learn from the aviation biz to avoid crashing

• cloudIT Partners with Versa to Deliver Industry-Leading SASE to Client Base

• Russian invasion has dangerously destabilized cyber security norms

• IT Security News Daily Summary 2022-08-11

• NSF invests $26M for smart city engineering research

• AI-powered cameras to enforce bus lanes

• The 4 best VPN services for iPhone and iPad in 2022

• How credential phishing attacks threaten a host of industries and organizations

• SentinelOne discusses the rise of data-wiping malware

• Cisco hacked by access broker with Lapsus$ ties

• AWS and Splunk partner for faster cyberattack response

• Why diversity should have a critical impact on data privacy

• Farmers can save water with wireless technologies, but there are challenges – like transmitting data through mud

• Cisco reveals cyberattack on its corporate network

• Three UK-based Nigerian BEC Scammers Used Construction Intelligence Service to Target Victims

• Azure PostgreSQL User Databases Were Exposed Due to Critical Vulnerabilities

• NFTS Are Cool but Dangerous

• 4 Reasons MSPs Should Monitor Their GitHub Footprint

• Ex-CIA security boss predicts coming crackdown on spyware

• How to Choose the Right Digital Experience Monitoring Solution

• Twilio and Cisco breaches highlight the dangers of social engineering attacks

• Cyber Safety Review Board staffs up

• Senate chairman presses for details on deleted Jan. 6 texts

• How CI/CD pipelines are putting enterprise networks at risk

• Zero Day Initiative launches new bug disclosure timelines

• Sonatype spots another PyPI package behaving badly

• Defend your network with Microsoft outside-in security services

• 85% of Android users are concerned about privacy

• The US Offers a $10M Bounty for Intel on Conti Ransomware Gang

• CISA Adds Two Known Exploited Vulnerabilities to Catalog 

• Conti Cybercrime Cartel Using ‘BazarCall’ Phishing Attacks as Initial Attack Vector

• Agencies are still wrangling over death data

• OT Security Firm Warns of Safety Risks Posed by Alerton Building System Vulnerabilities

• Cisco Patches High-Severity Vulnerability in Security Solutions

• It Might Be Our Data, But It’s Not Our Breach

• Cyber-Insurance Fail: Most Businesses Lack Ransomware Coverage

• CISA Adds Two Known Exploited Vulnerabilities to Catalog 

• Palo Alto Networks warns of Reflected Amplification DoS issue in PAN-OS

• Photos: Black Hat USA 2022, part 2

• CISA Unveils Cybersecurity Toolkit to Shield US Elections From Hackers

• 4 Flaws, Other Weaknesses Undermine Cisco ASA Firewalls

• Sloppy Software Patches Are a ‘Disturbing Trend’

• Cisco Releases Security Update for Multiple Products

• Keeping the enemy at the gate

• UK’s CMA Begins Probe Of Viasat Acquisition Of Inmarsat

• New Cross-Industry Group Launches Open Cybersecurity Framework

• BrightCloud® Threat Report Mid-Year Update: Reinvention is the Name of the Game

• Cisco Releases Security Update for Multiple Products

• Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards

• New York City’s IT czar answers to monkeypox website failures

• Google wants to make Linux kernel flaws harder to exploit

• Google researchers dissect Android spyware, zero days

• Zimbra RCE Vulnerability Exploited Without Admin Privileges

• Cisco Confirms It’s Been Hacked by Yanluowang Ransomware Gang

• Photos: Black Hat USA 2022

• Cisco Confirms Cyberattack

• Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study

• Don’t be surprised if your organization suffers multiple cyberattacks

• #ISC2Congress Theme: EMPOWER

• How to reduce your exposure & secure your data in the cloud in 5 quick ways

• AT&T Cybersecurity Insights Report: A Focus on Manufacturing

• Starlink Successfully Hacked Using $25 Modchip

• Android Banking Trojan SOVA Comes Back With New Features Including Ransomware

• #StopRansomware: Zeppelin Ransomware

• #StopRansomware: Zeppelin Ransomware

• Sneak Peek: Hive’s RaaS Techniques

• Cisco Admits ‘Security Incident’ After Breach Of Corporate Network

• New Hacker Forum Takes Pro-Ukraine Stance

• Researchers Find Stolen Algorithms in Commercial Cybersecurity Products

• #StopRansomware: Zeppelin Ransomware

• #StopRansomware: Zeppelin Ransomware

• Researchers Use Invisible Finger To Remotely Control Touchscreens

• Meta’s Chatbot Says The Company Exploits People

• NHS IT Supplier Held To Ransom By Hackers

• The Chatter Podcast: Journalism as Fodder for Fiction with Mary Louise Kelly

• From Defending the Open Internet to Confronting the Reality of a Fragmented Cyberspace: Reflecting Upon Two CFR Reports on U.S. Goals in Cyberspace

• Photos: Black Hat USA 2022 Arsenal

• Cisco has been hacked by a ransomware gang

• S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]

• Google Seeks To Shame Apple Over RCS Refusal

• Security Considerations for Data Lakes

• Cybersecurity and PR: Making Data Protection Public

• 7 New Technologies That Made Riding Motorcycles Safer

• Facebook testing encrypted chat backups

• Incident Response for Health Care IT: Differences and Drivers

• Facebook Turns Over Private User Data To Police In Abortion Case

• The Time Is Now for IoT Security Standards

• Facebook testing new encrypted backups for Messenger chat app

• Cisco Was Hacked by Yanluowang Ransomware Operators to Stole Internal Data

• #BHUSA: The Cyber Safety Review Board Outlines Log4j Lessons

• Meta Just Happens to Expand Messenger’s End-to-End Encryption

• Hacking Starlink

• Elon Musk Wants Staff Names Of Twitter’s Bot Counters

• Cisco Confirms Network Breach Via Hacked Employee Google Account

• Palo Alto Networks Firewalls Targeted for Reflected, Amplified DDoS Attacks

• Critical Vulnerabilities Found in Device42 Asset Management Platform

• New Open Source Tools Launched for Adversary Simulation

• CopperStealer Distributes Malicious Chromium-based Browser Extension to Steal Cryptocurrencies

• New HTTP Request Smuggling Attacks Target Web Browsers

• How Cisco Get Hacked With 2.8GB From Corporate Network, Experts Weigh In

• “Hi Mum” Phishing Scam Swindles Unsuspecting Parents

• Establishing Trust In An Online World With Digital Identity

• NetWitness Platform XDR 12 offers visibility into all key data planes across an organization

• Checkmarx API Security identifies shadow and zombie APIs during software development

• #ISC2Congress: Empower Your Weekend with Training

• Cybercriminals Breached Cisco Systems and Stole Data

• Palo Alto Networks Firewalls Targeted for Reflected, Amplified DDoS Attack

• #BHUSA: Russia’s Wiper Attacks Against Ukraine Detailed

• 120K Priority Health Members Impacted By Third-Party Data Breach

• 6 Tech Tips: How To Use Instagram To Promote Your Brand

• Making the cloud a safer place with SANS

• #BHUSA: Chris Krebs Explains How Cybersecurity Can Improve

• #BHUSA: New Open Source Group Set to Streamline Threat Detection

• This Anti-Tracking Tool Checks If You’re Being Followed

• Meta Just Happens to Expand Messenger’s End-to-End Encryption

• What the Zola Hack Can Teach Us About Password Security

• Hackers Behind Cuba Ransomware Attacks Using New RAT Malware

• Hackers are still using these old security flaws in Microsoft Office. Make sure you’ve patched them

• New Identity Verification Feature Boosts Google Workspace Protections

• Ransomware Data Theft Epidemic Fuelling BEC Attacks

• Critical Flaws Disclosed in Device42 IT Asset Management Software

• Campaign Launched to Stop People From Becoming Money Mules

• Concentric releases AI-based solution to protect data shared across business messaging platforms

• Syxsense Zero Trust enables security teams to build access policies and remediation workflows

• Code42 collaborates with Nullafi to prevent data exfiltration by high-risk and departing employees

• NIST’s Post-Quantum Cryptography Standards

• Former Twitter Executive Convicted Of Spying For Saudi Arabia

• Suspected $3m Romance Scammer Extradited to Japan

• Which malware delivery techniques are currently favored by attackers?

• Google Begs Apple to Replace iMessage with RCS – Intego Mac Podcast Episode 252

• OpenTIP, command line edition

• Meta Raises $10 Billion In Bond Offering

• Stolen credentials are the most common attack vector companies face

• Do you know what your supply chain is and if it is secure?

• GitHub Dependabot Now Alerts Developers On Vulnerable GitHub Actions

• Sophos warns about simultaneous Cyber Attacks

• Yanluowang Ransomware Attack on Cisco confirmed

• Digital milestones for elementary schoolers

• Cisco admits corporate network compromised by gang with links to Lapsus$

• Cisco fixed a flaw in ASA, FTD devices that can give access to RSA private key

• Ex Twitter employee found guilty of spying for Saudi Arabian government

• SquarePhish: Advanced phishing tool combines QR codes and OAuth 2.0 device code flow

• Implementing zero trust for a secure hybrid working enterprise

• Forescout Announces the Appointment of Rik Ferguson to VP of Security Intelligence

• SentinelOne Unveils XDR Ingest to Transform Data-Defined Cybersecurity

• MetLife Doubles Down on Technology Hiring in North Carolina

• SSCP Exam – Changes on the Way!

• The lifecycle of a software vulnerability

• Convergence and adoption of AI and ML countering the cyber threat

• Podcast: Inside the Hackers’ Toolkit

• Pentera Credential Exposure reveals compromised identity threats to internal and external attack surface

• As the cost of cyber insurance rises, the number of organizations who can’t afford it is set to double

• Why SAP systems need to be brought into the cybersecurity fold

• Cloudflare Users Targeted by Hackers that Breached into Twilio

• Cracking the Hackers: How to Build a 100% Engaged Human Firewall

• Top 7 Best Endpoint Detection & Response Products With Sandboxing Solutions – 2022

• 5 Steps to Rethink High Severity to Save Developer Productivity

• Key Highlights from the New NIST SSDF

• How to Compromise a Modern-Day Network

• IRONSCALES Security Awareness Training educates users about phishing attacks

• ActZero Ransomware Readiness Assessment strenghtens ransomware defense for SMEs

• Meta privacy red team lead: Does your business know its privacy adversaries?

• Researching the Windows Registry

• Kajeet and Samsung join forces to deliver 5G private network solutions

• Mirantis collaborates with Nuaware to eliminate Kubernetes complexity for developers

• Department of Defense selects Torch.AI for new cyber and insider threat system

• Open Cybersecurity Schema Framework project helps organizations detect and defend from cyberattacks

• Spirent “Send Us Your Device” service opens new routes for Wi-Fi equipment testing

• ‘Boring is best’: Citi says it’s a bear market rally and shares how to beat the volatility

• Boffins rate npm and PyPI package security and it’s not good

Generated on 2022-08-12 23:55:28.904011