IT Security News Daily Summary 2022-08-26

• DHS looks to cyber self-assessments over CMMC model

• Autonomous receiver tracks fish to improve hydropower dam operations

• Cloud modernization requires ‘whole of government’ effort

• Could Your Company Survive a Ransomware Attack?

• Facebook Removes Pro-U.S. Disinformation Campaign

• Why the Twilio Breach Cuts So Deep

• Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center

• APIs and zero trust named as top priorities for CISOs in 2023

• Atlassian Ships Urgent Patch for Critical Bitbucket Vulnerability

• Trans Youths Need Data Sanctuary

• PyPI warns of first-ever phishing campaign against its users

• In the US, a new approach to counting overdoses

• August 2022 Web Server Survey

• Much-hyped effort to help DHS land cyber talent is slow to make hires

• LastPass Suffers Data Breach, Source Code Stolen

• Now Oktapus gets access to some DoorDash customer info via phishing attack

• Microsoft Alert: APT29 is Back With its New Tool MagicWeb

• Firefox 104 is out – no critical bugs, but update anyway

• Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access

• The FTC Ups the Ante for Federal Privacy Legislation

• Call for Nominations: 2022 Mike Lewis Prize for National Security Law Scholarship

• Austria: Google Breached a EU Court Order

• How to use confidential mode in Gmail to protect sensitive information

• Ransomware Attacks are on the Rise

• DoorDash customer info caught up in Oktapus arms

• Plex Breach: Alerts Users Must Reset Their Passwords

• AttackIQ Academy Wins 2022 SC Awards in Excellence for Best IT Security-related Training Program

• Latest Cyberthreats and Advisories – August 26, 2022

• New to Cybersecurity? Use These Career Hacks to Get a Foot in the Door

• LATEST CYBERTHREATS AND ADVISORIES – AUGUST 12, 2022

• Apple flaws put company networks at risk

• LastPass discloses data breach

• ‘Sliver’ Emerges as Cobalt Strike Alternative for Malicious C2

• Lloyd’s excluding nation-state cyber attacks from Cyber Insurance

• Yugabyte’s Fourth Annual Distributed SQL Summit to Feature Sessions Led by Database Experts From Fortune 500 Enterprises

• Iran-Based MuddyWater Targets Log4j 2 Vulnerabilities in SysAid Apps in Israel

• DoorDash Data Compromised Following Twilio Hack

• Twitter, Meta Remove Accounts Linked to US Influence Operations: Report

• The Case for Multi-Vendor Security Integrations

• LastPass Security Breach – Hackers Steal Company’s Source Code

• Embrace change! Chris’s McAfee Journey

• Here’s How to Steer Clear of Bot Accounts on Social Media

• LastPass attackers steal source code, no evidence users’ passwords compromised

• 8 best enterprise accounting software suites

• Cosmetics giant Sephora first to be fined for violating California’s Consumer Privacy Act

• TeamTNT Targeted Cloud Instances and Containerized Environments For Two Years

• LastPass Confirms Security Breach, No User Data Exposed

• Chinese Surveillance Camera Access Is Being Sold

• Nato Investigates Hacker Sale Of Missile Firm Data

• LastPass Source Code, Blueprints Stolen By Intruder

• A Massive Hacking Campaign Stole 10,000 Login Credentials From 130 Different Organizations

• LastPass Developer Account Hacked to Steal the Company’s Source Code

• Infosec4TC Platinum Membership: Cyber Security Training Lifetime Access

• Iranian Government Hackers Exploit Log4Shell in SysAid Apps for Initial Access

• Crypto Firms Say US Sanctions Limit Use of Privacy Software

• Ransomware Operator Abuses Anti-Cheat Driver to Disable Antiviruses

• 0ktapus Phishing Campaign Targets Okta Identity Credentials

• How DevSecOps Empowers Citizen Developers

• ‘No-Party’ Data Architectures Promise More Control, Better Security

• Microsoft: Iranian attackers are using Log4Shell to target organizations in Israel

• Capital One Joins Open Source Security Foundation

• Endpoint Protection / Antivirus Products Tested for Malware Protection

• Massive “0ktapus” Phishing Attack Hits Over 130 Organizations

• LastPass Confirms Hack And Theft Of Source Code

• A Hybrid Approach to Continuous Application Authorization

• Threatening clouds: How can enterprises protect their public cloud data?

• CISA: Action required now to prepare for quantum computing cyber threats

• Latest Cyberthreats and Advisories – August 26, 2022

• Twitter Ordered To Hand Over Data To Elon Musk

• CISA Urges Critical Infrastructure to Prepare for Post-Quantum Cryptography

• New ‘Agenda’ Ransomware Customized for Each Victim

• Security and Cheap Complexity

• LastPass breach: Source code, proprietary tech info stolen

• CISA: Vulnerability in ​​Delta Electronics ICS Software Exploited in Attacks

• Their Photos Were Posted Online. Then They Were Bombed

• SpaceX, T-Mobile To Connect Mobile Phones To Satellites

• What Is WBAdmin and How Does It Work?

• In conversation with Jamie Akhtar, CEO and co-founder of CyberSmart

• Cosmetics Giant Sephora to Pay $1m+ Privacy Settlement

• LastPass Reveal Security Incident

• Hackers Breach LastPass Developer System to Steal Source Code

• OpenText acquires Micro Focus for $6 billion in an all cash transaction

• Block Faces Class Action Suit After 2021 Breach

• Silicon In Focus Podcast: Open Source, Open Security?

• LastPass Hackers Stole Source Code

• GoldDragon campaign: North-Korea linked Kimsuky APT adopts victim verification technique

• Gambling sites are losing significant amounts of revenue due to raising DDoS attacks

• Victory! South Carolina Will Not Advance Bill That Banned Speaking About Abortions Online

• The Impact of Technology on Citizenship Governance

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows ?

• Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework

• 0ktapus phishing campaign: Twilio hackers targeted other 136 organizations

• Hackers using AI Hologram to conduct identity theft

• Russian war on Ukraine has made organizations change cybersecurity tactics

• How fast is the financial industry fixing its software security flaws?

• How complicated access management protocols have impacted cloud security

• New infosec products of the week: August 26, 2022

• Randi Zuckerberg says she’s a ‘big proponent of the real world’ when it comes to parenting

• LastPass discloses August 2022 security breach

• Federal Judge: Invasive Online Proctoring “Room Scans” Are Unconstitutional

• THEOplayer Is Latest Video Player to Integrate with Verimatrix Streamkeeper Multi-DRM

• How cloud computing turned security on its head

• Everything you need to know about the new features in VSS & MVP

• Cybersecurity certifications: Part of your cybersecurity journey

• Semperis Adds Community Tool for Cyber Defenders to Its Arsenal, Focused on Defining a Privileged Perimeter Around Tier 0 Assets

• CISA warns critical infrastructure to prepare for mass post-quantum systems migration

• Alteryx Server-FIPS enables users to scale analytics initiatives across public sector agencies

• Hillstone Networks unveils new firewalls to help enterprises defend against advanced threats

• NAVEX enhances RiskRate to simplify third-party self-registration and onboarding processes

• IT leaders struggling to address identity sprawl

• Tenn Emergency Communications Nominated in 2022 ‘ASTORS’ Awards

• What is doxing and how to protect yourself

• A major European logistics company selects IronNet to improve its operational security

• MSP360 adds Object Lock immutability from Backblaze to help users meet their cloud storage needs

• Federal Judge: Invasive Online Proctoring “Room Scans” Are Also Unconstitutional

• Twitter security under scrutiny after former executive turns whistleblower

• Binance chief says a “sophisticated hacking team” turned him into a deepfake hologram

• Update now! GitLab issues critical security release for RCE vulnerability

• Introducing Patch Management for OneView

• Exploits and TrickBot disrupt manufacturing operations

• How to check the Privacy Report for website tracking in Safari

• Lloyd’s refuses to cover nation-state attacks: What it means to enterprises

• Twitter Ordered to Give Musk Additional Bot Account Data

• LastPass data breach: threat actors stole a portion of source code

• Cisco names Sarah Rae Murphy to its board of directors

• Skyflow and Visa strenghten collaboration to make network tokenization the secure payments standard

• Twilio, Cloudflare just two of 135 orgs targeted by Oktapus phishing campaign

• It Is the Player, but Mostly the Game

• Lloyds refuses to cover nation-state attacks: What it means to the enterprise

• Privacy and security issues associated with facial recognition software

• IT Security News Daily Summary 2022-08-25

• Should You Use DNS Data to Drive Better Security Decisions?

• Lloyds refuses to cover nation-state attacks: What it means to enterprise

• Baltimore police to upgrade cell phone tracking tech

• LastPass source code, blueprints stolen by intruder

• Ransomware defies seasonal trends with increase

• Narrowing the CX gap to deliver the support that today’s public expects

• LastPass Says Source Code Stolen in Data Breach

• Apple expands self-service repair program to M1 MacBooks

• The Family That Mined the Pentagon’s Data for Profit

• Over 80,000 exploitable Hikvision cameras exposed online

• Hackers are using this sneaky exploit to bypass Microsoft’s multi-factor authentication

• Indonesia investigating alleged data breaches at state-owned firms

• How a business email compromise attack exploited Microsoft’s multi-factor authentication

• Mitiga: Attackers evade Microsoft MFA to lurk inside M365

• Bypassing Intel CET with Counterfeit Objects

• Cyber EO One Year Later: Feds Weigh in On Progress, Areas For Improvement

• Cyber Risk Management: The Right Approach Is a Business-Oriented Approach

• Researchers Discover Kimusky Infra Targeting South Korean Politicians and Diplomats

• Tech news you may have missed: August 18 – 25

• Twilio Hackers Scarf 10K Okta Credentials in Sprawling Supply Chain Attack

• StateRAMP exec sees ‘momentum’ for cloud security standardization

• Cybercriminals Are Selling Access to Chinese Surveillance Cameras

• Executive order will guide $52 billion in CHIPS Act funding

• The contractor responsible for the TSP’s troubled recordkeeping transition pledges to improve

• Government electric vehicle efforts requires new charging infrastructure

• Twitter whistleblower report holds security lessons

• SolarWinds Hackers Using New Post-Exploitation Backdoor ‘MagicWeb’

• Technique improves autonomous car navigation in tricky traffic

• Crooks target top execs on Office 365 with MFA-bypass scheme

• How the VA’s adoption of Login.gov is going

• Strange Facebook Bug Spams Users With Celebrity Posts

• Nobelium APT uses new Post-Compromise malware MagicWeb

• Google To Rollout Anti Disinformation Campaign In Eastern Europe

• GitLab Patches Critical RCE in Community and Enterprise Editions

• Upcoming Crimeware is Driven by Cobalt Strike

• ETHERLED – A New Attack Method to Exfiltrate Data from Air-Gapped Devices using LED Indicators

• S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]

• ReasonLabs Launches Free Online Security Tool to Power Secure Web Experience for Millions of Global Users

• Okta Hackers Behind Twilio and Cloudflare Breach Hit Over 130 Organizations

• Third-party Attacks: Hacker’s Exploit Software Networks

• Cisco Talos extends cybersecurity support to Ukraine

• Moderates of the world, unite!

• XIoT Vendors Show Progress on Discovering, Fixing Firmware Vulnerabilities

• Leaked Docs Show Spyware Firm Offering iOS, Android Hacking Services for $8 Million

• Risk & Repeat: Whistleblower spells trouble for Twitter

• More Bang for the Buck: Cross-Platform Ransomware Is the Next Problem

• Cisco Releases Security Updates for Multiple Products

• 0ktapus: Twilio, Cloudflare phishers targeted 130+ organizations

• MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

• Hyperscraper: A New Tool that Iranian Hackers Use for Stealing E-mails

• Huawei Founder Warns Of Painful Decade

• Microsoft Attributes New Post-Compromise Capability to Nobelium

• Wyden Renews Call to Encrypt Twitter DMs, Secure Americans’ Data From Unfriendly Foreign Governments

• Cisco Releases Security Updates for Multiple Products

• Hackers Steal Data For More Than 15 Million Users From Plex

• Hackers Are Breaking Into And Emptying Cash App Accounts

• Websites Can Identify If You’re Using iPhone’s New Lockdown Mode

• Hackers Leaked Data Anyways After Company Pays Ransom

• The Chatter Podcast: The Moon, Mars, and National Security with Fraser Cain

• Article: What Does Zero Trust Mean for Kubernetes?

• VMware Flaw Let Attackers Escalate Privilege in VMware Tools Suite

• 8 Signs It May Be Time for Parental Controls

• 7 Signs Your Phone Has a Virus and What You Can Do

• How to Remove Personal Information From Data Broker Sites

• Twitter, Meta kill hundreds of pro-Western troll accounts

• Talos Renews Cybersecurity Support For Ukraine on Independence Day

• Cyberstarts Closes $60M in Seed Fund III

• Ransomware Attack Forces French Hospital to Transfer Patients to Other Facilities

• How YouTube’s Partnership with London’s Police Force is Censoring UK Drill Music

• Apple To Unveil iPhone 14 At ‘Far Out’ Event On 7 September

• VMware Flaw Let Attackers Escalate Privilege in VMware Tools Suite of Utilities

• Twilio, Cloudflare Attacked in Campaign That Hit Over 130 Organizations

• Cosmetics Giant Sephora Settles Customer Data Privacy Suit

• Google Open Sources ‘Paranoid’ Crypto Testing Library

• BalkanID Adds $2.3M to Seed Funding Round

• Cisco Patches High-Severity Vulnerabilities in Business Switches

• The (Nation) State of Cyber: 64% of Businesses Suspect They’ve Been Targeted or Impacted by Nation-State Attacks

• U.S. Government Spending Billions on Cybersecurity

• Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers

• Ever present danger

• Black Hat SEO: Is Someone Phishing With Your Site Domain?

• Penetration Testing Market Worth $2.7B By 2027: MarketsandMarkets(TM) Report

• What You Need to Know About the Psychology Behind Cyber Resilience

• Jet2 Warns Customers About Covid Test Scam

• Cato Networks SASE Cloud: “leader” and “OutPerformer” in GigaOm SSA Radar

• Caught up in another password breach? Follow these 3 rules to protect yourself online

• How a business email compromise scam spoofed the CFO of a major corporation

• Optiv’s Annual $40K Scholarship for Black, African-American-Identifying STEM Students Now Open for Applicants

• Scans of Students’ Homes During Tests Are Deemed Unconstitutional

• Stay Calm and Proceed With Caution: The Merari Report on Israeli Police’s Pegasus Scandal

• Should Uncle Sam Worry About ‘Foreign’ Open-Source Software? Geographic Known Unknowns and Open-Source Software Security

• Sephora Agrees to $1.2 Million Settlement Of Data Privacy Charges

• Expert Commentary On The Plex Data Breach

• How YouTube’s Partnership with London’s Police Force is Censoring UK’s Drill Music

• Judge Likely To Dismiss Tesla Bid To Dismiss California Race Lawsuit

• Thousands of Organizations Remain at Risk From Critical Zero-Click IP Camera Bug

• New Exterro FTK Update Accelerates Mobile Digital Forensics

• Dominican Republic Quantum Ransomware, Expert Weighs In

• Twitter Whistleblower To Testify Before Senate Panel

• Plex Breach – Streaming Giant Issues Mass Password Reset to Millions

• Another free CA to use via ACME!

• Microsoft: SolarWinds hackers gain powerful ‘MagicWeb’ authentication bypass

• Hackers are attempting to steal millions of dollars from businesses by bypassing multi-factor authentication

• There’s a problem with online ads, and it’s not what you think

• How Economic Changes and Crypto’s Rise Are Fueling the use of “Cyber Mules”

• Mozilla Patches High-Severity Vulnerabilities in Firefox, Thunderbird

• Twilio, Cloudflare Attacked as Part of Campaign That Hit Over 130 Organizations

• Quantum Ransomware Attack Disrupts Government Agency in Dominican Republic

• Man-in-the-Middle Phishing Attack

• Phishing PyPI users: Attackers compromise legitimate projects to push malware

• Researchers Uncover Kimusky Infra Targeting South Korean Politicians and Diplomats

• Microsoft Details New Post-Compromise Malware Used by Russian Cyberspies

• Musk Lawyers Seize on Twitter Whistleblower Revelations

• EU Report Outlines Cyber Response to Ukraine Invasion

• Plex Breach Exposes Account Data, Including Passwords

• Comparing Face ID, Touch ID, and Passcode Security – Intego Mac Podcast Episode 254

• US Firm Pays $16m to Settle Healthcare Fraud Claims

• Which Is More Secure: Face ID, Touch ID, or a Passcode? – Intego Mac Podcast Episode 254

• Webflow Can Make Your Website More Secure – Here’s How

• Network Penetration Testing (Ethical Hacking) From Scratch – Review

• Workplace Stress Worse than Cyber-Attack Fears for Security Pros

• A lack of endpoint security strategy is leaving enterprises open to attack

• Shout-out to whoever went to Black Hat with North Korean malware on their PC

• Plex warns users to change their passwords after a data breach

• Privacy Activists Target Google Over French ‘Spam’ Emails

• Scammers Create ‘AI Hologram’ of C-Suite Crypto Exec

• Which Is More Secure: Face ID, Touch ID, or a Passcode?

• GAIROSCOPE attack allows to exfiltrate data from Air-Gapped systems via ultrasonic tones

• Do you know what your supply chain is and if it is secure?

• Virginia Consumer Data Protection Act: What You Need to Know?

• Threat actors are using the Tox P2P messenger as C2 server

• China could overtake U.S. in space without ‘urgent action,’ warns new Pentagon report

• Dominican Republic’s Institute Agrario Dominicano suffers Quantum Ransomware Attack

• Cyber Attack on American Streaming Media Plex

• PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks

• Ransomware dominates the threat landscape

• How CISOs can safeguard security in CI/CD environments

• How to navigate payment regulations without compromising customer experience

• We need to think about ransomware differently

• Biden named the next Secret Service director ‘at a critical moment’

• Stories from the SOC – Credential compromise and the importance of MFA

• Top tips for securing board-level buy-in for cybersecurity awareness campaigns

• Why Does Medical Imaging Equipment Need Better Cybersecurity?

• ISACA Conference Oceania Spotlights Digital Trust, Emerging Tech and Regional Trends

• 11:11 Systems to Acquire Cloud Management Services Business from Sungard Availability Services

• Splunk Announces Fiscal Second Quarter 2023 Financial Results

• New U.S. Legislation Introduced to Help Small Business Provide Cybersecurity Training

• #ISC2Congress: Empower Your Weekend with Training

• Most Important Web Server Penetration Testing Checklist

• Cyware adopts Traffic Light Protocol 2.0 to enhance threat intelligence sharing capabilities

• Privitar Modern Data Provisioning Platform provides self-service access to data in real time

• DataMotion No-Code Experience delivers secure content exchange to the customers

• Avast Ransomware Shield for businesses prevents unauthorised access

• Organizations changing cyber strategy in response to nation-state attacks

• House Oversight Dems seek data from social media companies about threats to law enforcement

• Is your personal data all over the internet? 7 steps to cleaning up your online presence

• Google Uncovered Tool used by Iranian APT Hackers to Steal Email Data

• Lessons from the Holy Ghost Ransomware Attacks

• Malwarebytes partners with Revelstoke to automate endpoint detection and response

• Unlocking Serverless with AWS Lambda and IAM

• ZTNA vs VPN: Secure Remote Work & Access – SASE Part 2

• Kimsuky’s GoldDragon cluster and its C2 operations

• LockBit ransomware gang blames victim for DDoS attack on its website

• Kudos and Recognition

• The Presidential Records Act and the Mar-a-Lago Documents

• 6 reasons MSPs need a patch management platform

• How to secure a Mac for your kids

• Reset your password now! Plex suffers data breach

• ChromeOS vulnerability found by Microsoft

Generated on 2022-08-26 23:55:40.292346