IT Security News Daily Summary 2022-08-25

• Should You Use DNS Data to Drive Better Security Decisions?

• Lloyds refuses to cover nation-state attacks: What it means to enterprise

• Baltimore police to upgrade cell phone tracking tech

• LastPass source code, blueprints stolen by intruder

• Ransomware defies seasonal trends with increase

• Narrowing the CX gap to deliver the support that today’s public expects

• LastPass Says Source Code Stolen in Data Breach

• Apple expands self-service repair program to M1 MacBooks

• The Family That Mined the Pentagon’s Data for Profit

• Over 80,000 exploitable Hikvision cameras exposed online

• Hackers are using this sneaky exploit to bypass Microsoft’s multi-factor authentication

• Indonesia investigating alleged data breaches at state-owned firms

• How a business email compromise attack exploited Microsoft’s multi-factor authentication

• Mitiga: Attackers evade Microsoft MFA to lurk inside M365

• Bypassing Intel CET with Counterfeit Objects

• Cyber EO One Year Later: Feds Weigh in On Progress, Areas For Improvement

• Cyber Risk Management: The Right Approach Is a Business-Oriented Approach

• Researchers Discover Kimusky Infra Targeting South Korean Politicians and Diplomats

• Tech news you may have missed: August 18 – 25

• Twilio Hackers Scarf 10K Okta Credentials in Sprawling Supply Chain Attack

• StateRAMP exec sees ‘momentum’ for cloud security standardization

• Cybercriminals Are Selling Access to Chinese Surveillance Cameras

• Executive order will guide $52 billion in CHIPS Act funding

• The contractor responsible for the TSP’s troubled recordkeeping transition pledges to improve

• Government electric vehicle efforts requires new charging infrastructure

• Twitter whistleblower report holds security lessons

• SolarWinds Hackers Using New Post-Exploitation Backdoor ‘MagicWeb’

• Technique improves autonomous car navigation in tricky traffic

• Crooks target top execs on Office 365 with MFA-bypass scheme

• How the VA’s adoption of Login.gov is going

• Strange Facebook Bug Spams Users With Celebrity Posts

• Nobelium APT uses new Post-Compromise malware MagicWeb

• Google To Rollout Anti Disinformation Campaign In Eastern Europe

• GitLab Patches Critical RCE in Community and Enterprise Editions

• Upcoming Crimeware is Driven by Cobalt Strike

• ETHERLED – A New Attack Method to Exfiltrate Data from Air-Gapped Devices using LED Indicators

• S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]

• ReasonLabs Launches Free Online Security Tool to Power Secure Web Experience for Millions of Global Users

• Okta Hackers Behind Twilio and Cloudflare Breach Hit Over 130 Organizations

• Third-party Attacks: Hacker’s Exploit Software Networks

• Cisco Talos extends cybersecurity support to Ukraine

• Moderates of the world, unite!

• XIoT Vendors Show Progress on Discovering, Fixing Firmware Vulnerabilities

• Leaked Docs Show Spyware Firm Offering iOS, Android Hacking Services for $8 Million

• Risk & Repeat: Whistleblower spells trouble for Twitter

• More Bang for the Buck: Cross-Platform Ransomware Is the Next Problem

• Cisco Releases Security Updates for Multiple Products

• 0ktapus: Twilio, Cloudflare phishers targeted 130+ organizations

• MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

• Hyperscraper: A New Tool that Iranian Hackers Use for Stealing E-mails

• Huawei Founder Warns Of Painful Decade

• Microsoft Attributes New Post-Compromise Capability to Nobelium

• Wyden Renews Call to Encrypt Twitter DMs, Secure Americans’ Data From Unfriendly Foreign Governments

• Cisco Releases Security Updates for Multiple Products

• Hackers Steal Data For More Than 15 Million Users From Plex

• Hackers Are Breaking Into And Emptying Cash App Accounts

• Websites Can Identify If You’re Using iPhone’s New Lockdown Mode

• Hackers Leaked Data Anyways After Company Pays Ransom

• The Chatter Podcast: The Moon, Mars, and National Security with Fraser Cain

• Article: What Does Zero Trust Mean for Kubernetes?

• VMware Flaw Let Attackers Escalate Privilege in VMware Tools Suite

• 8 Signs It May Be Time for Parental Controls

• 7 Signs Your Phone Has a Virus and What You Can Do

• How to Remove Personal Information From Data Broker Sites

• Twitter, Meta kill hundreds of pro-Western troll accounts

• Talos Renews Cybersecurity Support For Ukraine on Independence Day

• Cyberstarts Closes $60M in Seed Fund III

• Ransomware Attack Forces French Hospital to Transfer Patients to Other Facilities

• How YouTube’s Partnership with London’s Police Force is Censoring UK Drill Music

• Apple To Unveil iPhone 14 At ‘Far Out’ Event On 7 September

• VMware Flaw Let Attackers Escalate Privilege in VMware Tools Suite of Utilities

• Twilio, Cloudflare Attacked in Campaign That Hit Over 130 Organizations

• Cosmetics Giant Sephora Settles Customer Data Privacy Suit

• Google Open Sources ‘Paranoid’ Crypto Testing Library

• BalkanID Adds $2.3M to Seed Funding Round

• Cisco Patches High-Severity Vulnerabilities in Business Switches

• The (Nation) State of Cyber: 64% of Businesses Suspect They’ve Been Targeted or Impacted by Nation-State Attacks

• U.S. Government Spending Billions on Cybersecurity

• Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers

• Ever present danger

• Black Hat SEO: Is Someone Phishing With Your Site Domain?

• Penetration Testing Market Worth $2.7B By 2027: MarketsandMarkets(TM) Report

• What You Need to Know About the Psychology Behind Cyber Resilience

• Jet2 Warns Customers About Covid Test Scam

• Cato Networks SASE Cloud: “leader” and “OutPerformer” in GigaOm SSA Radar

• Caught up in another password breach? Follow these 3 rules to protect yourself online

• How a business email compromise scam spoofed the CFO of a major corporation

• Optiv’s Annual $40K Scholarship for Black, African-American-Identifying STEM Students Now Open for Applicants

• Scans of Students’ Homes During Tests Are Deemed Unconstitutional

• Stay Calm and Proceed With Caution: The Merari Report on Israeli Police’s Pegasus Scandal

• Should Uncle Sam Worry About ‘Foreign’ Open-Source Software? Geographic Known Unknowns and Open-Source Software Security

• Sephora Agrees to $1.2 Million Settlement Of Data Privacy Charges

• Expert Commentary On The Plex Data Breach

• How YouTube’s Partnership with London’s Police Force is Censoring UK’s Drill Music

• Judge Likely To Dismiss Tesla Bid To Dismiss California Race Lawsuit

• Thousands of Organizations Remain at Risk From Critical Zero-Click IP Camera Bug

• New Exterro FTK Update Accelerates Mobile Digital Forensics

• Dominican Republic Quantum Ransomware, Expert Weighs In

• Twitter Whistleblower To Testify Before Senate Panel

• Plex Breach – Streaming Giant Issues Mass Password Reset to Millions

• Another free CA to use via ACME!

• Microsoft: SolarWinds hackers gain powerful ‘MagicWeb’ authentication bypass

• Hackers are attempting to steal millions of dollars from businesses by bypassing multi-factor authentication

• There’s a problem with online ads, and it’s not what you think

• How Economic Changes and Crypto’s Rise Are Fueling the use of “Cyber Mules”

• Mozilla Patches High-Severity Vulnerabilities in Firefox, Thunderbird

• Twilio, Cloudflare Attacked as Part of Campaign That Hit Over 130 Organizations

• Quantum Ransomware Attack Disrupts Government Agency in Dominican Republic

• Man-in-the-Middle Phishing Attack

• Phishing PyPI users: Attackers compromise legitimate projects to push malware

• Researchers Uncover Kimusky Infra Targeting South Korean Politicians and Diplomats

• Microsoft Details New Post-Compromise Malware Used by Russian Cyberspies

• Musk Lawyers Seize on Twitter Whistleblower Revelations

• EU Report Outlines Cyber Response to Ukraine Invasion

• Plex Breach Exposes Account Data, Including Passwords

• Comparing Face ID, Touch ID, and Passcode Security – Intego Mac Podcast Episode 254

• US Firm Pays $16m to Settle Healthcare Fraud Claims

• Which Is More Secure: Face ID, Touch ID, or a Passcode? – Intego Mac Podcast Episode 254

• Webflow Can Make Your Website More Secure – Here’s How

• Network Penetration Testing (Ethical Hacking) From Scratch – Review

• Workplace Stress Worse than Cyber-Attack Fears for Security Pros

• A lack of endpoint security strategy is leaving enterprises open to attack

• Shout-out to whoever went to Black Hat with North Korean malware on their PC

• Plex warns users to change their passwords after a data breach

• Privacy Activists Target Google Over French ‘Spam’ Emails

• Scammers Create ‘AI Hologram’ of C-Suite Crypto Exec

• Which Is More Secure: Face ID, Touch ID, or a Passcode?

• GAIROSCOPE attack allows to exfiltrate data from Air-Gapped systems via ultrasonic tones

• Do you know what your supply chain is and if it is secure?

• Virginia Consumer Data Protection Act: What You Need to Know?

• Threat actors are using the Tox P2P messenger as C2 server

• China could overtake U.S. in space without ‘urgent action,’ warns new Pentagon report

• Dominican Republic’s Institute Agrario Dominicano suffers Quantum Ransomware Attack

• Cyber Attack on American Streaming Media Plex

• PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks

• Ransomware dominates the threat landscape

• How CISOs can safeguard security in CI/CD environments

• How to navigate payment regulations without compromising customer experience

• We need to think about ransomware differently

• Biden named the next Secret Service director ‘at a critical moment’

• Stories from the SOC – Credential compromise and the importance of MFA

• Top tips for securing board-level buy-in for cybersecurity awareness campaigns

• Why Does Medical Imaging Equipment Need Better Cybersecurity?

• ISACA Conference Oceania Spotlights Digital Trust, Emerging Tech and Regional Trends

• 11:11 Systems to Acquire Cloud Management Services Business from Sungard Availability Services

• Splunk Announces Fiscal Second Quarter 2023 Financial Results

• New U.S. Legislation Introduced to Help Small Business Provide Cybersecurity Training

• #ISC2Congress: Empower Your Weekend with Training

• Most Important Web Server Penetration Testing Checklist

• Cyware adopts Traffic Light Protocol 2.0 to enhance threat intelligence sharing capabilities

• Privitar Modern Data Provisioning Platform provides self-service access to data in real time

• DataMotion No-Code Experience delivers secure content exchange to the customers

• Avast Ransomware Shield for businesses prevents unauthorised access

• Organizations changing cyber strategy in response to nation-state attacks

• House Oversight Dems seek data from social media companies about threats to law enforcement

• Is your personal data all over the internet? 7 steps to cleaning up your online presence

• Google Uncovered Tool used by Iranian APT Hackers to Steal Email Data

• Lessons from the Holy Ghost Ransomware Attacks

• Malwarebytes partners with Revelstoke to automate endpoint detection and response

• Unlocking Serverless with AWS Lambda and IAM

• ZTNA vs VPN: Secure Remote Work & Access – SASE Part 2

• Kimsuky’s GoldDragon cluster and its C2 operations

• LockBit ransomware gang blames victim for DDoS attack on its website

• Kudos and Recognition

• The Presidential Records Act and the Mar-a-Lago Documents

• 6 reasons MSPs need a patch management platform

• How to secure a Mac for your kids

• Reset your password now! Plex suffers data breach

• ChromeOS vulnerability found by Microsoft

• Plex discloses data breach and urges password reset

• Cloud Range RightTrak Cyber Aptitude Assessment improves cybersecurity hiring process

• Contrast Security appoints Tom Kellermann as SVP of Cyber Strategy

• 443ID expands leadership team to meet the needs of a growing customer base

• Quivr raises $3.55 million to help people create a secure digital identity

• Block sued after ex-staffer siphons customer data

• 5 top ailments affecting the healthcare data security infrastructure

• The present and future of FedRAMP

• Adversary Quest 2022 Walkthrough, Part 3: Four PROTECTIVE PENGUIN Challenges

• GitOps and Shift Left Security: The Changing Landscape of DevSecOps

• The Anatomy of Wiper Malware, Part 2: Third-Party Drivers

• Possible cyber regs face fragmented, underfunded water sector

• 3 states get $1M to boost small biz cybersecurity

• Texas launches searchable database of economic development agreements

• IT Security News Daily Summary 2022-08-24

• How to stop social engineering tactics

• homomorphic encryption

• California corrections department hit by cyberattack

• CISA: Just-Disclosed Palo Alto Networks Firewall Bug Under Active Exploit

• 80,000 internet-connected cameras still vulnerable after critical patch offered

• PCI DSS v4.0 is coming, here’s how to prepare to comply

• Calculate Splunk Ingestion Costs Savings when Pre-Processing Data Repository Logs with Imperva DSF

• Efficient ‘MagicWeb’ Malware Subverts AD FS Authentication, Microsoft Warns

• Crypto Miners Using Tox P2P Messenger as Command and Control Server

• Researchers: AiTM Attack are Targeting Google G-Suite Enterprise Users

• Ransomware Gang Demands $10M in Attack on French Hospital

• Preparing Critical Infrastructure for Post-Quantum Cryptography

• Major Database Mess Up Leaves Indian Federal Police and Banking Records Exposed

• Elastic automates security with SOAR, practices open security

• Preparing Critical Infrastructure for Post-Quantum Cryptography

• AiTM phishing campaign also targets G Suite users

• How to Bring the Power of Security Guardrails to Your Application Security Program

• How the NIST is moving ‘trustworthy AI’ forward with its AI risk management framework

• Plex Suffers Data Breach, Warns Users to Reset Passwords

• VMware LPE Bug Allows Cyberattackers to Feast on Virtual Machine Data

• Announcing the Open Sourcing of Paranoid’s Library

• MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

• Proxies and Configurations Used for Credential Stuffing Attacks

• How Russia-Ukraine cyberwar is impacting orgs: Two-thirds say they have been targeted

• New Air Gap-Jumping Attack Uses Ultrasonic Tones and Smartphone Gyroscope

• Breaching airgap security: using your phone’s compass as a microphone!

• War in Ukraine Has Pushed Two-Thirds of Businesses to Change Cyber Strategy

• Cisco Talos — Our not-so-secret threat intel advantage

• #LiveFromUkraine: Oleksandra Povoroznik Talks Language Politics and Wartime Culture

• ‘DarkTortilla’ Crypter Produces Targeted Malware

• What citizens want from a Digital ID Wallet

• Announcing: Code-free API log collection and parser creation

• Ransomware news headlines trending on Google

• Interactive overdose map visualizes evolving public health crisis

• How ransomware attacks target specific industries

• Air-Gapped Devices Can Send Covert Morse Signals via Network Card LEDs

• Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks

• Data governance: 5 tips for holistic data protection

• Data of 1.3M Patients of Novant Health was Leaked on Meta

• The (Nation) State of Cyber: 64% of Businesses Suspect They’ve Been Targeted or Impacted by Nation-state Attacks

• Cyber Leaders from Israel, Germany, Canada, UK, Ukraine, and US Discuss Collaboration at 13th Billington CyberSecurity Summit

• Cyware Adopts Traffic Light Protocol (TLP) v2.0 to Advance Threat Advisories and Intelligence Sharing

• Developer Visibility Focus Advances at SmartBear with Senior AI and Observability Hires

• Hillstone Networks Targets Cyberattacks at Network Edge with High-End Next Generation Firewall Offerings

• Former Apple Engineer Pleads Guilty To Stealing Driverless Car Data

• VMware confirms Carbon Black causing BSODs, boot loops on Windows

• Iranian cyberespionage group uses new Hyperscrape tool to extract emails from victims’ mailboxes

• VMware Fixes Privilege Escalation Vulnerabilities in VMware Tools

• Unusual Microsoft 365 Phishing Campaign Spoofs eFax Via Compromised Dynamics Voice Account

• External Attack Surface Management Explained

• Playing This Janet Jackson Song May Crash Your Laptop

• How RavenDB Has Earned the Trust of Hundreds of Companies

• McAfee launches Impact Report: How we’re doing and the opportunities ahead

• A new US data privacy bill aims to give you more control over information collected about you – and make businesses change how they handle data

• Plex Confirms Database Breach, Data Theft

• The Dangers of Expansive Public Health Surveillance

• Preemption of State Cybersecurity Laws: It’s Complicated

• How attackers use and abuse Microsoft MFA

• Glitch Sees Facebook Feeds Flooded With Celebrity Spam

• How Can WAF Prevent OWASP Top 10?

• How to conduct a secure code review

• Acronis’ Midyear Cyberthreats Report Finds Ransomware Is the No. 1 Threat to Organizations, Projects Damages to Exceed $30 Billion by 2023

• Nearly 3 Years Later, SolarWinds CISO Shares 3 Lessons From the Infamous Attack

• Agencies are still wrangling over death data

• Twitter Whistleblower Complaint: The TL;DR Version

• IoT Vulnerability Disclosures Up 57% in Six Months, Claroty Reveals

• Guide: How Service Providers can Deliver vCISO Services at Scale

• Cybersecurity Experts On Facebook Glitch

• Fighting Cyber Attackers Earlier to Reduce Risk

• 4 Ways Technology Will Keep You Safe While Gambling Online

• What Kind Of Computer Do You Need To Trade Stocks?

• Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus

• Apple Expands Self Service Repair To MacBooks

• Vishing 101: What’s vishing and how can I protect myself?

• Oversight chair Maloney loses primary

• Attacker snags account details from streaming service Plex

• Class Action Lawsuit Filed Against Oracle Over Data Collection Practices

• Facebook Bug Causes Users’ Feeds to Be Spammed

• CyberRatings.org Announces New Web Browser Test Results for 2022

• Why Empathy Is the Key to Better Threat Modeling

• A-Level Results 2022 – Tech Industry Experts React

• Experts Reaction To Poor Security At Twitter

• Transatlantic Cyber Security Business Network (TCBN) partners with International Cyber Expo 2022

• Plex breached: Change your passwords now

• Peiter ‘Mudge’ Zatko: CSO-turned-whistleblower says Twitter security was in a shambles

• Cybersecurity Breaches, a Wake-up Call for Businesses

• Meta Settles Facebook Location Tracking Lawsuit

• Over 80,000 Unpatched Hikvision Cameras Exposed to Takeover

• Security Pros Believe Cybersecurity Now Aligned With Cyberwar

• Lloyd’s To Exclude Certain Nation State Attacks From Cyber Insurance Policies

• Old, Inconspicuous Vulnerabilities Commonly Targeted in OT Scanning Activity

• French Hospital Diverts Patients Following Cyberattack

• IBM Patches Severe Vulnerabilities in MQ Messaging Middleware

• Hackers Using Fake DDoS Protection Pages to Distribute Malware

• Poll: Cybersecurity Professionals Want Remote Work Options

• This company paid a ransom demand. Hackers leaked its data anyway

• Mudge Files Whistleblower Complaint against Twitter

• The Privacy Flaw Threatening US Democracy

• Critical RCE bug in GitLab patched, update ASAP! (CVE-2022-2884)

• Is TikTok putting an end to Facebook’s dominance?

• Twitter Whistleblower Warns Platform Vulnerable To Foreign Influence

• The Ransomware Playbook Mistakes That Can Cost You Millions

• Researchers Warn of AiTM Attack Targeting Google G-Suite Enterprise Users

• Free Audi MMI Maps and Speedcams Update 2022/2023

• French Billionaire Allowed To Retain BT Stake After Security Review

• ‘Stay vigilant:’ Agencies issue warnings, take new steps to combat wave of threats against feds

• Ransomware Surges to 1.2 Million Attacks Per Month

• Ransomware updates & 1-day exploits

• Researchers Demonstrate New Browser-Powered Desync Attack

• EU Outlines Critical Cyber Response to Ukraine War

• US Healthcare Sector Breaches 342m+ Records Since 2009

• Indicator Of Attack(IoA’s) And Activities – SOC/SIEM – A Detailed Explanation

• Here’s How Attackers Are Circumventing Microsoft’s Multi-factor Authentication, Expert Weighs In

• Rise Of Fraud In Popular Culture Changes UK Consumers’ Outlook On Crime

• Hackers Steal Session Cookies To Bypass Multi-Factor Authentication. Expert Weighs In

• GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software

• VMware fixed a privilege escalation issue in VMware Tools

• BREAKING EXPERT COMMENT: Whistleblower Hands Musk The Key To Twitter

• COMMENT: FBI Warns Cybercriminals Hijacking Home IP Addresses For Credential Stuffing

• DevSpace 6: Client-only developer tool for cloud-native development with Kubernetes

• Cyber Security Management System (CSMS) for the Automotive Industry

• French Hospital Hit By $10M Ransomware Attack, Sends Patients Elsewhere

• Raas Kits Are Hiding Who The Attackers Really Are – Expert Comments

• Over 80,000 Hikvision Cameras Exposed Online

• Businesses get a new layer of protection with Avast Ransomware Shield

• NCSC Shares Guidance to Help Secure Large Construction Projects

• France hospital Center Hospitalier Sud Francilien suffered ransomware attack

• Lloyd’s to exclude certain nation-state attacks from cyber insurance policies

• Microsoft collaborates with Kaspersky for Cyber Threat Intelligence

• Whistleblower claims faults with Twitter Cybersecurity Defense policies

• Lloyd’s to exclude certain nation-state attacks from cyberinsurance policies

• CISOs see little need for a point solution to cover ransomware risk

• New social engineering tactics discovered in the wild

• Is security becoming a priority for DevOps teams?

• Thoma Bravo: Securing digital identities has become a major priority

• University of Technology Sydney Gets Better Support and Security for Oracle Database by Switching to Rimini Street

• OneSpan Wins 2022 SC Award for Best Mobile Security Solution

• LATEST CYBERTHREATS AND ADVISORIES – AUGUST 19, 2022

• Establishing a mobile device vulnerability management program

• How to reduce your exposure & secure your data in the cloud in 5 quick ways

• Grandoreiro Banking Trojan Targeting Automotive, Chemicals Manufacturing Industries

• 5 Things We Learned from The Definitive Guide to Data Loss Prevention (DLP)

• Privacy in Q2 2022: US, Canada, and the UK

• Giant Oak GOST updates empower users to identify money laundering and other illicit activities

• Data Dynamics StorageX9.0 helps customers manage sprawls of unstructured data

• Juniper Networks introduces NaaS capabilities to facilitate adoption of AI-driven networking services

• Lean security 101: 3 tips for building your framework

• 5 Keys To Successful Least Privilege Policy Implementation

• The Most Damning Allegation in the Twitter Whistleblower’s Report

• ImmuniWeb joins Cybersecurity Tech Accord to improve cyber resilience for customers

• Synthesized collaborates with BigID to eliminate the risks of data leakage

• SAS and SingleStore join forces to accelerate data-driven decisions

• SecureAuth prolongs FIDO Alliance membership and commits to FIDO2 certifications standards

• Rippleshot collaborates with Flashpoint to combat card fraud for financial institutions

• Google flags man as sex abuser after he sends photos of child to doctor

• Thousands of Hikvision video cameras remain unpatched and vulnerable to takeover

• National Archives recovered more than 100 classified documents from Trump in January

• Best Open-Source Distributions for Pentesting and Forensics

• The Most Damning Allegation in the Twitter Whistleblower’s Report

Generated on 2022-08-25 23:55:28.906292