IT Security News Daily Summary 2022-09-16

• Local gov keeps project knowledge from walking out the door

• Discover the benefits and challenges of bug bounty programs

• Friday Squid Blogging: Mayfly Squid

• New Research Reveals Network Attacks at Highest Point Over the Last Three Years

• Omnibus Spending Bill Highlights Need for Protecting Critical Infrastructure

• DHS unwraps $1B state and local cybersecurity grant program

• Attacker Apparently Didn’t Have to Breach a Single System to Pwn Uber

• DOJ drops report on cryptocurrency crime efforts

• Tackling Financial Fraud With Machine Learning

• Compliance Automated Standard Solution (COMPASS), Part 2: Trestle SDK

• NJ Courts’ IT modernization streamlines processes for staff, litigants

• Companies need data privacy plan before joining metaverse

• Risk & Repeat: The White House wants secure software

• Bitdefender releases Universal LockerGoga ransomware decryptor

• Once again, lawmakers ask if it’s time to codify the federal CIO role

• Uber investigating security breach of several internal systems

• Keep Today’s Encrypted Data From Becoming Tomorrow’s Treasure

• Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials

• Feds prepare to open new $500M program for transportation tech

• White House looks to government and community data collaboration to promote equity

• Seesaw: Popular elementary school app used to distribute obscene image

• Botched Crypto Mugging Lands Three U.K. Men in Jail

• git-secret: Encrypt and Store Secrets in a Git Repository

• DDoS Attack Against Eastern Europe Target Sets New Record

• Hackers Launching Self-Spreading Malware To Attacks Gamers via YouTube

• Autonomous stores could change the retail game

• Ransomware: 3 ways to protect your business

• Water Tank Management System Used Worldwide Has Unpatched Security Hole

• SOC Infrastructure Firm Cyrebro Raises $40 Million

• North Korea-linked APT spreads tainted versions of PuTTY via WhatsApp

• International ID Day: Shining a spotlight on legal identity

• How to unite security and compliance in 5 simple ways

• Cloud Data Security

• Deliver Secure Digital Workspaces with Citrix Virtual Apps and Desktops on Microsoft Azure

• UBER HAS BEEN HACKED, boasts hacker – how to stop it happening to you

• Zoom Outage Rendered Services Unavailable

• High demand for breached cloud account credentials

• What Are the Effects of a Cyberattack in a Recession?

• Phosphorus and EverSec Group Announce New Partnership to Further Expand xIoT Attack Surface Management and Remediation in the US Market

• Latest Cyberthreats and Advisories – September 16, 2022

• The Importance of Monitoring in Your SecOps Process

• Akamai Mitigated Record-Breaking DDoS Attack Against European Customer

• No browser is perfect. What’s a user to do?

• Uber responds to possible breach following hacker taunts

• Uber hacked, attacker tears through the company’s systems

• Japanese Payment System Attacked By Fake Security App

• Microsoft Teams is storing authentication tokens in cleartext

• Researchers Find Link b/w PrivateLoader and Ruzki Pay-Per-Install Services

• Webworm Hackers Deploy Modified RATs in Espionage Assaults to Target Government Entities

• Notepad++ Plugin Cyberattack Analysis

• Starbucks Singapore Says Customer Database Breached

• Industry Reactions to Govt Requiring Security Guarantees From Software Vendors

• US Agencies Publish Security Guidance on Implementing Open RAN Architecture

• Game Acceleration Module Vulnerability Exposes Netgear Routers to Attacks

• Hacker Pwns Uber Via Compromised Slack Account

• Starbucks Singapore Customer Data Accessed Illegally in Data Leak

• Latest Cyberthreats and Advisories – September 16, 2022

• What is proof-of-stake? A computer scientist explains a new way to make cryptocurrencies, NFTs and metaverse transactions

• Highlights of the 2022 Pwnie Awards

• How to Use a UTM Solution & Win Time, Money and Resources

• North Korean Hackers Spreading Trojanized Versions of PuTTY Client Application

• Massive Data Breach at Uber

• Enhancing application container security and compliance with Podman

• Aggressive DDoS Attack – Over 700 Mpps Attack Traffic to Cripple Target Organization

• The Air Force has a plan to #fixourcomputers and more

• Business Application Compromise & the Evolving Art of Social Engineering

• Uber Investigating Massive Security Breach By Alleged Teen Hacker

• Vulnerability Allows Access To Credentials In Microsoft Teams

• Trojanized Versions Of PuTTY Being Used To Spread Backdoor

• Eastern European Org Hit By Second Record DDoS Attack

• What It Really Means to “Hold Big Tech Accountable”

• What is Managed Detection and Response (MDR)?

• What Is Privileged Identity Management (PIM)?

• Celsius Seeks Permission To Sell Stablecoin Assets

• Uber Hack – Ride-hailing Giant Investigating Large-Scale Data Breach

• What Is Encryption? — 6 Top Types of Encryption Methods + Examples

• Report: Cloud hackers are only 3 steps away from ‘crown jewel’ data

• Uber Investigating Data Breach After Hacker Claims Extensive Compromise

• Akamai Sees Europe’s Biggest DDoS Attack to Date

• Uber investigates ‘cybersecurity incident’ after reports of a hack on the company

• No Concessions From Microsoft, Amid Activision Purchase Concern

• This AI system will completely change your experience at sporting events

• IoT: Europe readies cybersecurity rules for smart devices – with big fines attached

• Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies

• Cost of Living Crisis Impact on Online Activity

• Understanding Insecure Deserialization Vulnerability

• Uber Responding After ‘Cybersecurity Incident’

• Modern Data Security Needs a Modern Solution

• Uber Investigating Data Breach After Hacker Claims of Extensive Compromise

• MIRACL Trust ID Branded ‘an authentication solution that lives up to its name’ by financial services industry analysts Celent

• Zoom Systems Crash Left Users Helpless

• Hive Ransomware Group Hits Bell Canada Subsidiary

• Uber Announces Major Security Breach

• Turbo boost your career in cyber security

• Allies Warn of Iranian Ransom Attacks Using Log4Shell

• Crypto Scams Skyrocket as Domains Surge 335%

• Uber Hacker May Have Compromised Secret Bug Reports

• Starbucks Singapore says customer data illegally accessed in data leak

• Crypto Scams Soar as Domains Surge 335%

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows ?

• Lenovo Several High-Severity BIOS Vulnerabilities Impacts Hundreds of Devices

• Uber hacked, internal systems and confidential documents were allegedly compromised

• SideWalk Backdoor Added New Tool in Arsenal to Target Linux Servers

• Uber security breach ‘looks bad’, potentially compromising all systems

• Ransomware news trending on Google

• Uber Hack 2022 Details

• Eastern European org hit by second record-smashing DDoS attack

• Malware Spreads Through FishPig Distribution Server to Infect Magento-Powered Stores

• How to improve public sector’s security strategy?

• Why shift left is burdening your dev teams

• New infosec products of the week: September 16, 2022

• The Cybersecurity Workforce Climate in Asia

• Shikitega – New stealthy malware targeting Linux

• Comtech Awarded London Police Service Next Generation 9-1-1 Contract

• New Digital Trust Research Reveals Gaps, Benefits and Key Takeaways for Future Digital Transformation

• Enrollment Is Open for Free One Million Certified in Cybersecurity

• China can destroy US space assets, Space Force ops nominee warns

• Uber Says It’s Investigating a Potential Breach of Its Computer Systems

• OneSpan launches Virtual Room to offer bank-grade identity and authentication security

• Most organizations consolidate to improve risk posture

• How serious are organizations about their data sovereignty strategies?

• Uber reels from ‘security incident’ in which cloud systems seemingly hijacked

• Treasury chief: IRS modernization is coming soon

• Uber reels from ‘security incident’ that appears to have exposed data, cloud systems

• Arrcus FlexMCN delivers cloud connectivity as a managed service to enterprises

• Akuity Platform helps DevOps manage and scale Kubernetes application delivery

• Juniper Networks expands its data center operations with Apstra Freeform

• Arista Networks expands and accelerates EOS routing validated for cloud, carrier and enterprise solutions

• ForgeRock enhances its identity platform to provide personalized and secure user experiences

• S3 Ep100: Browser-in-the-Browser – how to spot an attack [Audio + Text]

• Concentric AI joins forces with Snowflake to improve data security posture management for customers

• Kinara and Arcturus Networks partner to provide AI solutions for smart city apps

• Fortanix raises $90M to improve cloud security and privacy for highly regulated industries

• Malvertising on Microsoft Edge’s News Feed pushes tech support scams

• Cyber threat hunting for SMBs: How MDR can help

• Here are the new security and privacy features of iOS 16

• Explained: Fuzzing for security

• School app Seesaw compromised to send shock NSFW image

• Microsoft Teams vulnerability shows danger of collaboration apps

• US senator reveals how US Customs has amassed data from Americans’ devices

• CrowdStrike appoints Jennifer Johnson as CMO

• Lattice Semiconductor appoints Raejeanne Skillern to Board of Directors

• Aliro Quantum names Michael Wood as CMO

• CoreStack and Marlabs collaborate to expand cloud management offerings

• US Charges 3 Iranian Hackers Over Ransomware Attacks

• Secure ‘Virtual Room’ service adds trust to e-signatures and digital agreements

• Report: Digital trust is critical, but many enterprises are not prioritizing it

• Akamai mitigated a new record-breaking DDoS attack against a Europen customer

• Staged Payloads from Kali Linux | PT Phone Home – DNS

• EFF’s DEF CON 30 Puzzle—SOLVED

• IT Security News Daily Summary 2022-09-15

• Crash data analysis gets $1M infusion

• Use shadow IT discovery to find unauthorized devices and apps

• Best Fraud Management Systems & Detection Tools in 2022

• Critical Vulnerabilities Found in Devices That Provide WiFi on Airplanes

• 10 top malware protection solutions: Definition and key features

• NIST, Google announce chip R&D partnership

• Note to Security Vendors — Companies Are Picking Favorites

• Biden adds cyber, data, supply chain risks to CFIUS reviews

• OMB’s ‘learning agenda’ looks to drive government innovation

• The national broadband rollout has a blind spot: Lack of accurate, transparent data about internet access speeds

• Utah readies mobile driver’s license rollout

• Malware on Pirated Content Sites a Major WFH Risk for Enterprises

• Members of Congress Urge FTC to Investigate Fog Data Science

• It’s Time For A Federal Anti-SLAPP Law To Protect Online Speakers

• Adobe Creates Role of Chief Cybersecurity Legal Officer

• Popular IoT Cameras Need Patching to Fend Off Catastrophic Attacks

• Actively Exploited Zero-Day Vulnerability Found In WPGateway WordPress Plugin

• Rule for vendors’ secure software self-attestation in the works

• The Fight to Overturn FOSTA, an Unconstitutional Internet Censorship Law, Continues

• OPAL + OPA VS XACML

• Concerns grow over AI in hiring processes

• US, UK, Canada and Australia Link Iranian Government Agency to Ransomware Attacks

• Rust Gets a Dedicated Security Team

• Webworm Attackers Deploy Modified RATs in Espionage Attacks

• Phishing attacks being launched on the name of Queen Elizabeth II

• Cyber Attack on unpatched medical devices

• Report: Only 10% of orgs had higher budget for cybersecurity, despite increased threat landscape

• S3 Ep100: Imagine you went to the moon – how would you prove it? [Audio + Text]

• Former Facebook Leader Says The Company Prioritizes Profit Over User Safety

• 5 Steps to Strengthening Cyber Resilience

• CISA Releases Eleven Industrial Control Systems Advisories

• A Large Number of Ventures Suffering From Cloud Security Attacks

• Analysis on Agent Tesla’s Successor

• XDR: Why open is better than closed

• Tanium Unveils Groundbreaking Integration with Microsoft Sentinel

• Tesla Sued Over Autopilot, FSD Claims

• FAA launches data visualization dashboard to better inform public about the national airspace

• FBI warns of criminals attacking healthcare payment processors

• How does data governance affect data security and privacy?

• Notepad++ Plugins Allow Attackers to Infiltrate Systems, Achieve Persistence

• CISA Releases Eleven Industrial Control Systems Advisories

• Test your team’s security readiness with the Gone Phishing Tournament

• Hackers Group in China Creates Linux Version of Sidewalk Windows

• Attackers Abuse Facebook Ad Manager in Credential-Harvesting Campaign

• D-Wave Demonstrates Large-Scale Coherent Quantum Annealing

• U.S. Public Sector Updates Security for New Cloud Reality

• (ISC)² and Venafi Explore The Strange New World of Machine Identity Management

• APIs: Risks and security solutions

• Six-Year-Old Blind SSRF Vulnerability Risks WordPress Sites To DDoS Attacks

• Deep Insert – An ATM Skimmer Let Hackers Clone ATM Card & Steal 4-Digit PIN

• How to use the handy SSH management tool in Chrome OS

• Transparency, disclosure key to fighting ransomware

• YouTube Users Targeted By RedLine Self-Spreading Stealer

• Researchers Warn of Self-Spreading Malware Targeting Gamers via YouTube

• Experts warn of self-spreading malware targeting gamers looking for cheats on YouTube

• (ISC)² CEO Clar Rosso Honored by SC Media’s Women in IT Security Program

• Ex-Broadcom engineer asks for house arrest over IP theft

• FBI Warns of Cyberattacks Targeting Healthcare Payment Processors

• OneLayer Raises $6.5 Million From Koch’s VC Arm

• EU Wants to Toughen Cybersecurity Rules for Smart Devices

• 2022 CISO Forum: All Sessions on Demand

• Data Security Firm Fortanix Raises $90M Series C

• Telos Corporation to Help Enterprises Operationalize Cybersecurity Compliance and Regulatory Risks with IBM Security

• Unflagging Iranian Threat Activity Spurs Warnings, Indictments From US Government

• Relay Attack against Teslas

• The art and science of secure open source software development

• New Report Reveals AWS Cloud Security Challenges

• The Benefits Of Blockchain In The Travel Industry

• Deep Insert – An ATM Skimmer Let Hackers Clone ATM Card & Steal 4-digit PIN

• Webworm retools old RATs for new cyberespionage threat

• Sanctions as a Surgical Tool Against Online Foreign Influence

• Breaking Down the U.N.’s Report on Xinjiang

• New York tax Fraudster Sentenced to 12 years in Prison for Child Data Theft Ring

• ‘Explosion’ At VR Lab At US University Injures Staff Member – Report

• Fortanix Raises $90M in Series C Funding Led by Goldman Sachs Asset Management

• 5 Best Practices for Building Your Data Loss Prevention Strategy

• This Hacker Is Trying To Close The Gender Pay Gap In Cybersecurity

• A Quarter Of Cloud Breaches Caused By Unpatched Vulnerabilities

• Ethereum Cryptocurrency Completes Move To Cut CO2 Output By 99%

• EU Proposes Rules Targeting Smart Devices With Cybersecurity Risks

• US School App Accounts Hacked To Send Explicit Image

• The Global DDoS Threat Landscape – September 2022

• Millions of Dollars Stolen by Hackers from Healthcare Payment Processors

• The Heimdal® Threat Prevention Suite Advances Its DNS Security Capabilities with a World-First, Ground-Breaking New Feature

• ARM Launches New Chip Design For Data Centre, Cloud

• A Response Guide for New NSA and CISA Vulnerabilities

• Fortanix Raises $90M in Series C Funding Led by Goldman Sachs Asset Management to Accelerate Leadership in the Data Security Market

• 5 Ways to Mitigate Your New Insider Threats in the Great Resignation

• Russian Gamaredon Hackers Target Ukrainian Government Using Info-Stealing Malware

• Russia-linked Gamaredon APT target Ukraine with a new info-stealer

• Coalition Cyber Insurance – Small Businesses Prime Targets

• Undermining Microsoft Teams Security By Mining Tokens

• 5 Fun Games You Can Install On Your Windows PC

• Building the barricades against identity-based attacks

• Report: Endpoint protection missing from nearly 1 in 5 enterprise Windows servers

• US Government Wants Security Guarantees From Software Vendors

• Chrome 105 Update Patches High-Severity Vulnerabilities

• Dope.security Emerges From Stealth With New Approach to Secure Web Gateways

• U.S. Charges 3 Iranian Hackers And Sanctions Several Others Over Ransomware Attacks

• Microsoft Patch Tuesday September Arrives With 80+ Bug Fixes

• US DoJ Charges Three Iranians With Hack, Extortion Scheme

• Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish

• Unpatched And Outdated Medical Devices Provide Cyber Attack Opportunities

• Ransomware Group Have Threatened To Leak Over 1m Medical Records

• Experts Reaction On White House Releases Post-SolarWinds Federal Software Security Requirements

• San Francisco Police Must End Irresponsible Relationship with the Northern California Fusion Center

• Iran steps up its cybercrime game and Uncle Sam punches back

• US government software suppliers must attest their solutions are secure

• SparklingGoblin deploys new Linux backdoor – Week in security, special edition

• Third‑party cookies: How they work and how to stop them from tracking you across the web

• Fortanix: Confidential computing can secure data-in-use

• SAP Patches High-Severity Flaws in Business One, BusinessObjects, GRC

• When It Comes to Security, Don’t Overlook Your Linux Systems

• The Shaky Future of a Post-Roe Federal Privacy Law

• Indonesian Government Pressures Private Sector to Implement Better Cybersecurity Measures

• The mobile malware landscape in 2022 – Of Spyware, Zero-Click attacks, Smishing and Store Security

• Webworm Hackers Using Modified RATs in Latest Cyber Espionage Attacks

• Linux variant of the SideWalk backdoor discovered

• Jefferies says buy Okta, an attractive cyber leader poised to rally nearly 50%

• South Korea Issues Arrest Warrant For TerraUSD’s Do Kwon

• Ethereum ‘Merge’ Power-Saving Upgrade Completed

• User Alert as Phishing Campaigns Exploit Queen’s Passing

• Cybercrime Forum Admins Steal from Site Users

• Vulnerabilities Found in Airplane WiFi Devices

• Fake App Store pages are the new fake Flash Player alerts

• Hello, iOS 16! – Intego Mac Podcast Episode 257

• Agent Tesla’s Successor OriginLogger Keylogger Malware Steals Credentials, Takes Screenshots

• FBI: Millions in Losses resulted from attacks against Healthcare payment processors

• Organizations lack visibility into unauthorized public cloud data access

• Cybercrime Fears for Children as Cost-of-Living Bites

• ISACA: Ensuring Digital Trust Key to Digital Transformation Success

• Self-spreading stealer attacks gamers via YouTube

• Do you know what your supply chain is and if it is secure?

• U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks

• Weekly Update 313

• Questions to Ask Yourself Before Sending Sexy Photo | Avast

• Crooks are using lures related to Her Majesty Queen Elizabeth II in phishing attacks

• Strong Authentication Considerations for Digital, Cloud-First Businesses

• SMBs are hardest-hit by ransomware

• 6 key challenges technologists are facing today

• Q-Day doesn’t equal doomsday: Enacting an enterprise quantum security strategy

• Assigning Tasks to Less-Experienced Cybersecurity Hires Depends on Company Needs

• (ISC)² Closing the Cybersecurity Workforce Gap

• Why does preparing for AI attacks need to be your next big agenda?

• Pros and cons of cybersecurity automation

• Crypto miners’ latest techniques

• Defense firms sound inflation alarm as Congress mulls 2023 budget

• NetSupport Manager 14 protects data in the hybrid work environment

• Google leverages open-source fully homomorphic encryption library

• Avetta Business Risk helps customers reduce risk and liability in the supply chain

• Netskope enhances Netskope Cloud Firewall capabilities of its SASE platform

• Backlogs larger than 100K+ vulnerabilities but too time-consuming to address

• WordPress-powered sites backdoored after FishPig suffers supply chain attack

• South Korea Fines Google, Meta Over Privacy Violations

• Rocket Support for Zowe enables developers to modernize and accelerate mainframe app development

• Weave GitOps 2022.09 simplifies application deployment into any Kubernetes environment

• NETSCOUT and Palo Alto Networks provide enterprise security operation teams with end-to-end visibility

• AlertEnterprise collaborates with Sentry to offer cyber-physical IAM

• Google Cloud and C3 AI expand partnership to develop new AI-powered services

• Adaptive Shield and Tenable joint solution helps organizations protect their SaaS stack

• SandboxAQ acquires Cryptosense to accelerate the deployment of PQC solutions to organizations

• Red Teaming to Reduce Cyber Risk

• Fake Security App Found Abuses Japanese Payment System

• New Linux Malware Shikitega Can Take Full Control of Devices

• How to help your child manage their online reputation

• WPGateway WordPress plugin vulnerability could allow full site takeover

• Update now! Microsoft patches two zero-days

• The privacy concerns of tying SIM cards to real identities

• 5 technologies that help prevent cyberattacks for SMBs

Generated on 2022-09-16 23:55:28.588239