IT Security News Daily Summary 2022-08-16

• SEC says brokerage accounts hijacked for $1.3m pump-and-dump scam

• ONCD seeks a lead for U.S. defensive cyber planning and operations

• New missile defense tech comes with acquisition risks

• DomainKeys Identified Mail (DKIM)

• For cyber insurance, some technology leads to higher premiums

• DEF CON: A Woman’s First Experience

• Microsoft Disrupts Russian Group’s Multiyear Cyber-Espionage Campaign

• Are ethical hackers the digital security answer?

• Alert! Over 1,900 Signal User Data Exposed

• Clop Ransomware Gang Breaches Water Utility, Just Not the Right One

• The power of no-code to modernize government

• Key agencies are shedding the exact employees they need to spend new infrastructure dollars

• Zero Day Initiative seeing an increase in failed patches

• Name That Toon: Vicious Circle

• Clop gang targeted UK drinking water supplier South Staffordshire Water

• How to protect your industrial facilities from USB-based malware

• Threat Actors Exploiting Multiple Vulnerabilities Against Zimbra Collaboration Suite

• Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite

• Synthetic fraud is on the rise. Here’s how governments can combat it

• Fort Worth expands broadband to 40,000 more residents

• How a spoofed email passed the SPF check and landed in my inbox

• DEF CON – “don’t worry, the elections are safe” edition

• BazarCall attack increasingly used by ransomware threat actors

• When Efforts to Contain a Data Breach Backfire

• Threat Actors Exploiting Multiple Vulnerabilities Against Zimbra Collaboration Suite

• Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite

• 5 tips for building a cybersecurity culture at your company

• US offers reward “up to $10 million” for information about the Conti gang

• Twilio Hack -Over 1,900 Signal Users’ Phone Numbers were Exposed in the Data Breach

• CISA director looking for ‘unlikely’ partnerships in cyber fight

• USDOT awards funding for tech infusion to transit, highway systems

• Former Twitter Employee Guilty of Spying on Behalf of Saudi Arabia

• Critical Vulnerability in Google’s Titan M Chip Earns Researchers $75,000

• The Future of CyberSecurity is Prevention

• Two Additional Malicious Python Libraries Found on PyPI Repository

• With Plunge in Value, Cryptocurrency Crimes Decline in 2022

• Fake Droids: Your New Android Device is Actually an Old Android 6

• Email Threat Report for 2022 via Abnormal Security

• Onapsis Featured on 2022 Inc. 5000 List of Fastest Growing Companies for the Second Consecutive Year

• AuditBoard Launches Third-Party Risk Management Solution, Empowering Enterprises to Tackle IT Vendor Risk at Scale

• Penetration Testing as a Service (PTaaS): the evolution of Penetration Testing at AT&T

• Does it Matter What (if Anything) Trump Declassified?

• Contending With IRGC Plots

• Prince William could steal Loudoun’s title of Data Center Alley. But land use battles are raging.

• Healthcare Provider Issues Warning After Tracking Pixels Leak Patient Data

• Windows Vulnerability Could Crack DC Server Credentials Open

• ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors

• U.K. Water Supplier Hit With Clop Ransomware Attack

• South Staffordshire Water Confirms Cyberattack

• Ransomware & RDDoS, Why They Are Similar but Different

• The most hated people on the internet: Where are they now?

• Scammers are using this sneaky tactic to trick you into handing over bank details and passwords

• How to use Sendinc to encrypt your emails

• Do you know what’s happening on your users’ devices?

• U.K. Water Supplier Hit with Clop Ransomware Attack

• Ransomware Group Claims Access to SCADA in Confusing UK Water Company Hack

• New Attack Weaponizes PLCs to Hack Enterprise and OT Networks

• Acuant collaborates with Ping Identity to provide customers with fraud-fighting technology

• AuditBoard Third-Party Risk Management solution empowers teams to manage their overall IT risk

• How to Remediate a Cross-Site WebSocket Vulnerability

• X-Force 2022 Insights: An Expanding OT Threat Landscape

• Microsoft’s macOS Tamper Protection hits general availability

• #DEFCON: Electrovolt Exploits Against Electron Desktop Apps Exposed

• Facebook Scammers Steal Thousands Posing As Restaurant Supplier Brand

• SEPT. 7-9: Ukraine, Election, AI, Cybercrime, 5G Among Topics Explored by 125+ Speakers at 13th Billington Cybersecurity Summit

• Lessons From the Cybersecurity Trenches

• Vulnerability wholesaler cuts disclosure times over poor-quality patches

• CISOs are taking on more responsibilities—and burning out

• DevSecOps adoption is low but packing a punch in user organizations

• #DEFCON: How US Teen RickRolled His High School District

• Over 8,000 Exposed VNC Ports – Major Threat To Critical Infrastructure

• July 2022 Cyber Attack Statistics

• New U.S. Legislation Introduced to Help Small Business Provide Cybersecurity Training

• Argentina’s Judiciary Of Córdoba Hit By PLAY Ransomware Attack

• Callback Phishing Attacks See Massive 625% Growth Since Q1 2021

• The “Cyber Insurance Gap” Is Threatening Most Companies

• In the Fight Against DDoS Attacks, not all PoPs are Created Equal

• 1,900 Signal users exposed: Twilio attacker ‘explicitly’ looked for certain numbers

• Confused cyber criminals have hacked a water company in a bizarre case of mistaken identity

• Xiaomi Phone Bug Allowed Payment Forgery

• Zoom Patches Serious macOS App Vulnerabilities Disclosed at DEF CON

• Signal Discloses Impact From Twilio Hack

• Remotely Controlling Touchscreens

• South Staffordshire Water Latest Target Of Criminal Cyber Attack

• Google releases Android 13 with improved privacy and security features

• Many Ears from Now: 5 Authentication Modalities that Will Blow Your Mind

• Researchers Hacked SpaceX Operated Starlink Satellite Using $25 Modchip

• Report: Hacking is the top cause of data breaches

• Unified Threat Management: The All-in-One Cybersecurity Solution

• New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks

• Poor sending practices trigger a tidal wave of informational listings

• Two more malicious Python packages in the PyPI

• Cyber Firm Darktrace Shares Surge on Possible Takeover

• DigitalOcean customers affected by Mailchimp “security incident”

• UK Adults Are Sourcing Their News From TikTok

• US Judge Approves Apple Settlement In Retail Class Action Lawsuit

• New US Export Controls Target China Semiconductor Firms

• Hackers are finding ways around multi-factor authentication. Here’s what to watch for

• Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 8, 2022

• Hybrid Vishing Attacks Soar 625% in Q2

• Microsoft Warns About Phishing Attacks by Russia-linked Hackers

• Over 8000 VNC instances left exposed, researchers find

• Reckon Russian spies are lurking in your inbox? Check for these IOCs, Microsoft says

• What Exposed OPA Servers Can Tell You About Your Applications

• Three Nigerian BEC Fraudsters Extradited From UK to US

• Signal Confirms Roughly 1900 Users Affected by Twilio Breach

• Faraday Future Raises Fresh Backing For Electric SUV Debut

• Ola Plans Premium Electric Car For Indian Market

• Microsoft Disrupts Russian Cyber-Espionage Group Seaborgium

• Sharing personal information online: Do young people overdo it?

• Water Company Says Supply Safe After Ransom Group Claims

• Are Cloud Environments Secure Enough for Today’s Threats?

• The Advantages of Breach and Attack Simulation for Data Security

• Snapchat Hits 1 Million Paid Users Amidst Weak Ad Market

• India’s Mahindra Launches Electric SUVs Based On VW Platform

• Russian State Hackers Continue to Attack Ukrainian Entities with Infostealer Malware

• Russia-linked Gamaredon APT continues to target Ukraine

• 1,900 Signal users exposed following Twilio breach

• Threat in your browser: what dangers innocent-looking extensions hold for users

• Looking for adding new detection technologies in your security products?

• BT Looks To Minimise Disruption Ahead Of Fresh Strikes

• General Monitoring is not the Answer to the Problem of Online Harms

• Phone numbers of 1,900 Signal users exposed as a result of Twilio security breach

• Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack

• WikiLeaks Founder Julian Assange sues CIA for data theft

• Play Ransomware attack news and Extortion Attempt on Water utility

• Sealing Technologies wins $168M Marine Corps cyber contract

• Digital Ocean dumps Mailchimp after attack leaked customer email addresses

• ‘Highly classified’ documents recovered from Mar-a-Lago prompt lawmaker calls for assessment

• CACI Showcases Secure Enterprise Technology at AFCEA TechNet Augusta 2022

• Global Healthcare Technology Leader Renews Multiple Contract Extensions Worth Over $300,000

• Hippo Reports Second Quarter 2022 Financial Results

• MPC22 to Explore The Currency of Change with Digital Commerce Leaders

• Stories from the SOC – Credential compromise and the importance of MFA

• Interpreting the Key Points of The 2022 IBM i Marketplace Survey Results

• How aware are organizations of the importance of endpoint management security?

• Matter protocol: Secure, reliable interoperability for smart home devices

• Why organizations should control Active Directory permissions

• Overcoming the roadblocks to passwordless authentication

• A 5 Step Checklist for Complying with PCI DSS 4.0

• It’s 2022 and there are still thousands of public systems using password-less VNC

• Oh Deere: Farm hardware jailbroken to run Doom

• White Hat Hacker at DefCon Jaikbreaks Tractor to Play Doom

• Donut breach: Lessons from pen-tester Mike Miller: Lock and Code S03E17

• A week in security (August 8 – August 14)

• Court Denies Sen. Lindsey Graham’s Motion to Quash Subpoena

• Lindsey Graham Can’t Ignore a Fulton County Subpoena

• Lawmakers push IRS on backlog and customer service problems

• CISA task force leader calls for increased global cooperation on supply chain risks

• The prevalence of contract workers leaves agencies vulnerable to cyberattacks

• New chief cyber officers take a ‘whole of state approach’ to cybersecurity

• Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

• Three Keys to Turning Data-centric Security Theory into Practice

• IT Security News Daily Summary 2022-08-15

• DEF CON 30: Hackers Come Home to Vibrant Community

• Best SIEM Tools & Software for 2022

• CI/CD Pipeline is Major Software Supply Chain Risk: Black Hat Researchers

• Thoughts on the Mar-a-Lago Search and the President’s Classification and Declassification Authority

• EFF & ACLU Brief: SFPD Violated Surveillance Law by Spying on Protests for Black Lives

• Smart cities grow up

• It’s Time to Rethink Endpoint Security

• Safeguarding Industrial Control Systems Environments

• CIA accused of illegally spying on Americans visiting Assange in embassy

• Black Hat – Windows isn’t the only mass casualty platform anymore

• Black Hat USA 2022: Burnout, a significant issue

• In security, there is no average behavior

• Microsoft Announces Disruption of Russian Espionage APT

• Most Q2 Attacks Targeted Old Microsoft Vulnerabilities

• Transitioning From VPNs to Zero-Trust Access Requires Shoring Up Third-Party Risk Management

• ‘Evil PLC’ Could Turn PLCs Into Attack Vectors

• IoT + Cloud Growth = Greatest Cybersecurity Risk

• Survey: performance, pressure have increased among remote government employees during COVID

• House cyber director: ‘Defense is the new offense’ for cyber

• How to use Dropbox Transfer to securely share files with other people

• Researcher Hacked Space-X Starlink Via A $25 Tool

• Windows, Linux and macOS Users Targeted by Chinese Iron Tiger APT Group

• Improving CX through consistency

• Misinformation ‘harms nearly every element of election administration,’ committee report finds

• Assange Lawyers Sue CIA for Spying on Them

• Credential Theft Is (Still) A Top Attack Method

• VNC instances exposed to Internet pose critical infrastructures at risk

• Announcing Microsoft Dev Box Preview

• Dutch authorities arrest 29-year-old dev with suspected ties to Tornado Cash

• Black Hat 2022 reveals enterprise security trends

• Zoom for Mac patches get-root bug – update now!

• Everything you need to know about the new features in VSS & MVP

• Software Patches Flaw on macOS Could Let Hackers Bypass All Security Levels

• Watch CNBC’s full interview with Guggenheim’s John DiFucci

• Disrupting SEABORGIUM’s ongoing phishing operations

• What is not included in a Cyber Insurance Policy

• XDR Momentum Grows as Industry Calls for Solution to Common Security Challenges

• Open Source OSINT Tools and Techniques

• Authentication and Authorizing for Webservice/ Rest API Calls

• Black Hat 2022: Why machine identities are the most vulnerable

• Luckymouse Uses Compromised MiMi Chat App to Target Windows and Linux Systems

• SOVA Android malware now also encrypts victims’ files

• Black Hat And DEF CON Roundup

• Indian Military Puts Quantum Key Distribution On The Line

• This String Of Emojis Is Actually Malware

• Hacker Conference DEF CON Bans Pro Trump Outlet OAN

• Cisco Confirms Hack: Yanluowang Ransom Gang Claims 2.8GB Of Data

• Six Ways Of Safeguarding Employee Workstations

• Thinking like a cyber-attacker to protect user data

• Guggenheim’s DiFucci reveals what separates good and bad security software companies

• Multilingual Cybersecurity Awareness Training adapted for your needs

• How to become a video game tester

• Black Hat 2022 reveals why machine identities are the most vulnerable

• Thousands of VNC Instances Exposed to Internet as Attacks Increase

• Secure Boot Bypass Flaws Affect Bootloaders of Many Devices Made in Past Decade

• Dutch Authorities Arrest Tornado Cash Developer Following US Sanctions on Crypto Mixer Firm

• $23 Million YouTube Royalties Scam

• America’s Allies and the War in Afghanistan

• Common Smartphone Problems and How to Fix Them Fast

• Prepare for Quantum Encryption Today

• Black Hat and DEF CON Roundup

• How and Why to Apply OSINT to Protect the Enterprise

• Feedzai with Lloyds Banking Group wins Aite-Novarica Fraud Impact Award

• This Android banking malware now also infects your smartphone with ransomware

• Cyble: Over 9,000 VNC Sessions Without a Password Found

• What Is Network-Attached Storage(NAS), and How Does It Work?

• #DEFCON: How Sanctions Impact Internet Operators

• Chinese tech giants share details of their prized algorithms with regulator in unprecedented move

• Cybersecurity Has Never Been More Unstable Than It Is Now

• Google Boosts Bug Bounty Rewards for Linux Kernel Vulnerabilities

• SOVA Android Banking Trojan Returns With New Capabilities and Targets

• IT threat evolution in Q2 2022. Non-mobile statistics

• IT threat evolution in Q2 2022. Mobile statistics

• Software Development: Top Services Affecting Your Business

• Effective Security Using Zero Trust Architecture

• Researchers Noticed a Peak in VNC Attacks – Over 8,000 Servers Exposed Online without a Password

• Space Force takes robot patrol dogs for a walk

• IT threat evolution Q2 2022

• Chinese Cyberspies Use Supply Chain Attack to Deliver Windows, macOS Malware

• Weaponized PLCs Can Hack Engineering Workstations in Attacks on Industrial Orgs

• The State of Quantum Security

• #DEFCON: CISA Director Praises Congress and International Cybersecurity Cooperation

• Disney Brings Ads To Streaming Platform As It Surpasses Netflix

• ESA In Talks With SpaceX Over Launches To Replace Soyuz

• Mercedes-Benz And CATL To Build Massive EV Battery Plant In Hungary

• US Carmakers Warn Over Upcoming Electric Vehicle Incentives

• Russia’s Shuckworm cyber group launching ongoing attacks on Ukraine

• Three Extradited from UK to US on $5m BEC Charges

• Bringing Light to the Dark Web

• Xiaomi Phones’ TEE Vulnerability May Allow Forge Mobile Payments

• Vulnerabilities Found in Xiaomi’s Mobile Payment Software

• Google Fined A$60million in Penalties For Misleading Users on Location Data

• New Study Reveals Serious Cyber Insurance Shortfalls

• Critical Infrastructure at Risk as Thousands of VNC Instances Exposed

• NHS Software Supplier Confirms Ransomware Attack

• Hackers Steal Documents From Defence Companies

• Meta Gathers AI Data As Chatbot Calls Zuckerberg ‘Creepy’

• A new PyPI Package was found delivering fileless Linux Malware

• How Manufacturers Are Adapting to a Post-Covid World?

• What Do QuickTake, iSight, and iBook Have in Common? How Apple Reuses Trademarks

• Software developers, how secure is your software ?

• Comparing Twilio and Slack breach responses

• Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems

• Iron Tiger APT is behind a supply chain attack that employed messaging app MiMi

• Indian military ready to put long-range quantum key distribution on the line

• Russia to end cyber-attacks on Ukraine after talks with the West

• Ransomware news headlines trending on Google

• How to manage the intersection of Java, security and DevOps at a low complexity cost

• Why it’s past time we operationalized cybersecurity

• Oil and Gas Cybersecurity: Recommendations Part 3

• Black Hat and DEF CON visitors differ on physical risk management

• Ransomware is back, healthcare sector most targeted

• Credential phishing attacks skyrocketing, 265 brands impersonated in H1 2022

• Tackling the dangers of internal communications: What can companies do?

• NetWitness Appoints Industry Veteran Ken Naumann as New CEO

• The 5 best identity theft protection and credit monitoring services of 2022

• 5 tips for spotting and avoiding Pig butchering scams

• Zoom’s latest update on Mac includes a fix for a dangerous security flaw

• Employee’s compromised Google credentials led to Cisco breach

• Epson’s bricked printers highlight the industry’s reparability problem

• Samsung heir pardoned due to South Korean economic needs

• Elon Musk wrote article for China’s internet regulator, hinted at aged care robots

Generated on 2022-08-16 23:55:30.174518

Liked it? Take a second to support IT Security News on Patreon!