IT Security News Daily Summary 2022-09-24

• Avoiding the Risks of Ransomware Strikes in Life Sciences

• Building A Layered Plan for Battling Cybercrime

• UK Teen Arrested Amid Uber and GTA 6 Hacking Saga

• The Web2 problem: How the power to create has gone astray

• The Apple security landscape: Moving into the world of enterprise risk

• Ukraine: SSU dismantled cyber gang that stole 30 million accounts

• Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released

• Angry Developer Leaks LockBit Ransomware Builder

• Vulnerability in OCI Could Have Put the Data of Customers Exposed to the Attacker

• SecurityScorecard Appoints Former U.S. National Intelligence Deputy Director and Cybersecurity Expert Susan M. Gordon to Board of Directors

• Risk counts for Cyber and here is why

• Noberus Ransomware Has Updated Its Methods

• A Match Made in Heaven: systemd Comes to Windows Subsystem for Linux

• Shield your data from a quantum attack: The path to PQC migration

• Scammers Employing Stolen Credit Card Data to Design Fake Websites

• RCE Bug in ZOHO Products Let Hackers Execute Arbitrary Code Remotely

• London Police arrested a teen suspected to be behind Uber, Rockstar Games breaches

• Alert: 15-year-old Python tarfile Flaw Lurks in ‘Over 350,000’ Code Projects

• Child Predators Mine Twitch to Prey on Kids

• SUSE: 2022:3366-1 important: the Linux Kernel (Live Patch 32 for SLE 15 SP1)

• SUSE: 2022:3359-1 important: the Linux Kernel (Live Patch 30 for SLE 15 SP1)

• CircleCI, GitHub Users Targeted in Phishing Campaign

• Weekly Update 314

• London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches

• Build or Buy your own antivirus product

• SUSE: 2022:3362-1 important: the Linux Kernel (Live Patch 32 for SLE 15)

• Morgan Stanley Fined $35 Million For Security Lapses

• Hackers Actively Exploiting New Sophos Firewall RCE Vulnerability

• Steer Clear of the “Pay Yourself Scam” That’s Targeting Online Bank Accounts

• How Often Should You Change Your Passwords?

• Hexnode’s 3rd Global User Conference HexCon22 Wraps Up With Great Success

• What to consider before disposing of personal data – Week in security with Tony Anscombe

• ManageEngine Study Finds Democratization of IT in North America Increased Dramatically Post-COVID

• GrammaTech CodeSentry 4.0 Enables Developers to Identify Security Vulnerabilities Hidden in Third Party Code

• What is Data-as-a-Service (DaaS)? Understanding the benefits, and common use cases

• Critical Magento Vulnerability Let Unauthenticated Attackers to Execute Code

• SUSE: 2022:3360-1 important: the Linux Kernel (Live Patch 28 for SLE 15)

• Check out this Android spyware, says Microsoft, the home of a gazillion Windows flaws

• 15-Year-Old Python Bug Let Hacker Execute Code in 350k Python Projects

• Fedora 35: dokuwiki 2022-8c76e587f7

• Fedora 36: dokuwiki 2022-d048c0dde2

• September 2022 Web Server Survey

• Cyber mandates too costly for water utilities, experts say

• Can smart streetlights kick-start smart city progress? Yes, they can.

• Hey WeLiveSecurity, how does biometric authentication work?

• Malicious npm Package Poses as Tailwind Tool

• Feds Sound Alarm on Rising OT/ICS Threats From APT Groups

• Time to Quell the Alarm Bells Around Post-Quantum Crypto-Cracking

• 2022-09-23 – IcedID (Bokbot) with Cobalt Strike

• BigID provides Snowflake customers with accelerated security controls

• Fedora 37: libofx 2022-cfb44eb79a

• Fedora 37: webkitgtk 2022-0c00617967

• Maak van elke plek een slimme ruimte

• Smart Spaces Experience Guide – Transform Any Place into a Smart Space

• Transformez n’importe quel endroit en un espace intelligent

• Slack’s and Teams’ Lax App Security Raises Alarms

• Welcome to high tech hacking in 2022: Annoying users until they say “yes”

• A first look at the builder for LockBit 3.0 Black

• Malwarebytes recognized as endpoint security leader by G2

• Control System Defense: Know the Opponent

• CISA Releases Three Industrial Control Systems Advisories

• ISC Releases Security Advisories for Multiple Versions of BIND 9

• CISA and NSA Publish Joint Cybersecurity Advisory on Control System Defense

• CISA Has Added One Known Exploited Vulnerability to Catalog 

• Moshe Bar joins AlmaLinux Board of Directors

• SecurityScorecard appoints Susan M. Gordon to Board of Directors

• SUSE: 2022:3353-1 moderate: permissions

• Chainguard releases Wolfi, a Linux ‘undistribution’

• Training the next generation of cybersecurity experts to close the crisis gap

• How Organizational Structure, Personalities and Politics Can Get in the Way of Security

• 15-year-old Python vulnerability poses supply chain threat

• Malicious NPM package discovered in supply chain attack

• Allurity Acquires Spanish Multinational Aiuken Cybersecurity

• The Ungodly Surveillance of Anti-Porn ‘Shameware’ Apps

• CISA Has Added One Known Exploited Vulnerability to Catalog 

• Sophos warns of a new actively exploited flaw in Firewall product

• Malwarebytes Glitch Causes Block To Google & YouTube For Users

• Optus Data Breach Announced, Experts Weigh In

• Uber Is Hiring For Over 80 Cybersecurity Jobs After Being Hacked Last Week

• Netflix-style Ransomware Makes Your Organisation’s Data The Prize In A Dark Subscription Economy

• San Francisco’s Board of Supervisors Grants Police More Surveillance Powers

• IT Security News Daily Summary 2022-09-23

• Chinese Media Allege NSA Tapped Into Telecom Network

• SUSE: 2022:3355-1 important: puppet

• SUSE: 2022:3356-1 important: dpdk

• The software supply chain: New threats call for new security measures

• Report: 90% of orgs believe cybersecurity risk isn’t being addressed

• One city’s proposed e-scooter ultimatum: No sidewalks or no scooting

• Cloud security market forecast to surpass $123 billion by 2032

• Colonial Pipeline ransomware group using new tactics to become more dangerous

• Microsoft focuses on remote security with Windows 11 update

• S3 Ep101: Uber and LastPass breaches – is 2FA all it’s cracked up to be? [Audio + Text]

• Morgan Stanley Fined $35m By SEC For Data Security Lapse

• Optus Hit By Cyber-Attack, Breach Affects Nearly 10 Million Customers

• Where VCs Are Investing in Cybersecurity

• Malicious Apps With Millions of Downloads Found in Apple App Store, Google Play

• Malicious NPM Package Caught Mimicking Material Tailwind CSS Package

• Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs

• Fake Sites Fool Zoom Users Into Downloading Deadly Code

• San Francisco Cops Can Now Use Private Cameras To Monitor Events

• Hack On Optus Exposes Personal Data

• The Chatter Podcast: Josephine Baker, Singer and Spy, with Damien Lewis

• Twitter Failed To Log Users Out Of All Their Devices After They Reset Password

• Intermittent Encryption Analysis

• Malicious OAuth applications abuse cloud email services to spread spam

• Cambodian authorities crack down on cyber slavery amid international pressure

• New vulnerabilities in Dataprobe are Invading The Devices Remotely

• Amazon, Microsoft, Google Face UK Cloud Services Probe

• Tesla Recalls 1.1 Million Vehicles Over Window Closing Issue

• How to Spot Your Biggest Security Threat? Just Look out for the Humans

• The clock is ticking on zero trust

• Bipartisan Senate bill aims to safeguard open source software

• Detroit sues the U.S. Census Bureau over alleged undercounts

• Colorado now accepts crypto for state tax payments

• Learn the cybersecurity skills you need for employment

• Google dork query

• App Developers Increasingly Targeted via Slack, DevOps Tools

• Pro-Ukraine Hacktivists Claim To Have Hacked Notorious Russian Mercenary Group

• AV Used By Millions Blocked All Google Sites By Mistake, Sowing Chaos

• Revealed: US Military Bought Mass Monitoring Tool That Includes Internet Browsing, Email Data

• Organisations Need To Adopt Predictive And Proactive Threat Detection Software To Counter Cyber-attacks

• Quantum Readiness- Key Concern For Top Dogs In Cybersecurity

• BlackCat’s Ransomware Tool Gets an Upgrade

• 2K Games’ Support System Hacked via Notorious Malware

• FDA Issues Cybersecurity Alert on Medtronic Insulin Pumps

• Extended DDoS Attack With 25.3B+ Requests Thwarted

• WhatsApp Message Fraud Dupes Automobile Firm of Rs.1 Crore

• Companies Without Zero Trust Could Lose $1M More During a Data Breach

• How IBM Secured the 2022 US Open

• Does Follina Mean It’s Time to Abandon Microsoft Office?

• Metaverse will move the goal posts for ID verification

• Malicious OAuth applications used to compromise email servers and spread spam

• Corrupting files is easy than spreading Ransomware

• HUMAN Discovers and Disrupts Ad Fraud Scheme Impacting 89 Apps with More Than 13 Million Downloads from Google Play and Apple App Stores

• How To Effectively Scale Your Web Scraping Efforts?

• Silicon In Focus Podcast: TECIS Europe Event Preview

• Tape Archiving Still Needed, Says PoINT Software

• StorPool Touts Software-defined Block Storage For Distributed Data

• Fake Banking Rewards Apps Install Info-stealing RAT on Android Phones

• Hackers Launched Record DDoS Attack with 25.3 Billion Requests in 4 Hours

• SUSE: 2022:3350-1 important: the Linux Kernel (Live Patch 25 for SLE 12 SP5)

• SUSE: 2022:3352-1 important: webkit2gtk3

• SUSE: 2022:3351-1 important: webkit2gtk3

• LLVM 15.0.1 Released With Nearly Three Dozen Fixes

• Business VPNs: Now More Important Than Ever

• Labor Department’s approach to modular UI tech for states evolves

• How one state is clearing hurdles to centralized services delivery

• Versa Networks Scores Big in the 2022 Gartner® SD-WAN Report

• Behavioral Analytics a Top Priority for SOC, New Gurucul Survey Finds

• Programming languages: It’s time to stop using C and C++ for new projects, says Microsoft Azure CTO

• This Windows 11 security feature makes your PC ‘very unattractive’ to password hackers

• Software supply chain security gets its first Linux distro, Wolfi

• 350,000 open source projects at risk from Python vulnerability

• How to create a Bitwarden Vault entry that can be used for AutoFill

• 15-Year-Old Python Vulnerability Present in 350,000 Projects Resurrected

• Oracle Cloud Infrastructure Vulnerability Exposed Sensitive Data

• CISA, FBI Detail Iranian Cyberattacks Targeting Albanian Government

• Malwarebytes Raises $100 Million From Vector Capital

• Twitter Logs Out Some Users Due to Security Issue Related to Password Resets

• Authorized Push Payments Surge to 75% of Banking Fraud

• Russia-Based Hackers FIN11 Impersonate Zoom to Conduct Phishing Campaigns

• Facebook Experimenting With Letting Users Help Write Content Moderation Policies

• Palo Alto Networks 5G-Native Security Now Available on Microsoft Azure Private Multi-Access Edge Compute

• StackHawk Launches Deeper API Security Test Coverage to Improve the Security of APIs

• Twitter’s Whistleblower Allegations Are a Cautionary Tale for All Businesses

• Control System Defense: Know the Opponent

• CISA Releases Three Industrial Control Systems Advisories

• ISC Releases Security Advisories for Multiple Versions of BIND 9

• CISA and NSA Publish Joint Cybersecurity Advisory on Control System Defense

• 15-Year-Old Unpatched Python Vulnerability Potentially Affects Over 350,000 Projects

• Researchers Disclose Critical Vulnerability in Oracle Cloud Infrastructure

• IT Security Takeaways from the Wiseasy Hack

• Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

• A 15-Year-Old Unpatched Python bug potentially impacts over 350,000 projects

• Role-based access control for Red Hat Hybrid Cloud Console

• Connecting to the RHEL web console, part 1: SSH access methods

• Content Moderation Tools to Stop Extremism

• Two Americas: Cross-Border Data Requests Post-Dobbs

• Six Ways to Have Your eCommerce Site Ready for High-Traffic eShopping Days

• Synopsys Finds Significant Increase in Practices to Bolster Software Supply Chain Security

• What Is DNSSEC?

• LockBit Ransomware Builder Leaks Online

• Phishing Campaign Abuses LinkedIn Smart Link

• A New Linux Tool Aims to Guard Against Supply Chain Attacks

• Lawsuit: SMUD and Sacramento Police Violate State Law and Utility Customers’ Privacy by Sharing Data Without a Warrant

• Fake sites fool Zoom users into downloading deadly code

• Iran blocks Whatsapp, Instagram as citizens protest death of Mahsa Amini

• Open up, it’s the IRS. We’re here about the crypto tax you dodged

• YOUR CYBERSECURITY EXPERIENCE IS NEEDED FOR CREATING NEW U.S. FTC REGULATIONS

• New Spam Attack Abusing OAuth Apps to Target Microsoft Exchange Servers

• How Does WebAuthn Work?

• CPR analyzes A 7-year mobile surveillance campaign targeting largest minority in China

• Over $45 billion in unemployment paid to fraudsters during pandemic, watchdog says

• Is Amazon about to ruin Alexa answers with ads?

• Jit and ZAP: Improving programming security

• SentinelOne Announces $100 Million Venture Fund

• 10 security-by-design principles to include in the SDLC

• Risk & Repeat: Uber and Rockstar Games hacked

• Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

• Air Force Upgrades Digital Modernization Strategy to “As a Service” Model

• CISA: Zoho ManageEngine RCE Bug Is Under Active Exploit

• Iran’s Internet Shutdown Hides a Deadly Crackdown

• Slack and Teams’ Lax App Security Raises Alarms

• In the Hunt for the Auto Login Setup Process

• Study of Electronic Monitoring Smartphone Apps Confirms Advocates’ Concerns of Privacy Harms

• Chinese state media claims U.S. NSA infiltrated country’s telecommunications networks

• 7-year Android Malware Campaign Targeted Uyghurs: Report

• Why does preparing for AI attacks need to be your next big agenda?

• Data of millions of users exposed in Australia’s 2nd-largest telecom firm breach

• Significant customer data exposed in attack on Australian telco

• Void Balaur Targets Russian Entities

• Scammers Impersonating European Anti-Fraud Office to Launch Phishing Campaigns

• A 15-Year-Old Bug Affected Over 350,000 Open-Source Projects

• DeFiChain: DeFi Boosts with Decentralized Assets

• Unpatched 15-year Old Python Flaw Allows Code Execution in 350k Projects

• Apple’s New iPhone 14 and Apple Watch Series 8 – Intego Mac Podcast Episode 258

• National Network to End Domestic Violence (NNEDV) Expert to Provide Keynote Address on Intimate Partner Violence in the Digital Age and Strategies to Prevent Abuse at M3AAWG 56th Meeting

• Options Celebrate 10 Microsoft Gold Partner Status Competencies

• How to Prevent Ransomware as a Service (RaaS) Attacks

• Simplify with Network Security as a Service (NSaaS)

• Synthetic DNA: Solution For Mass Data Storage Problem?

• Nodeum Touts Hybrid Data Warehousing Approach

• SUSE: 2022:3347-1 moderate: rubygem-rack

• SUSE: 2022:3346-1 important: the Linux Kernel (Live Patch 29 for SLE 12 SP4)

• SUSE: 2022:3342-1 important: the Linux Kernel (Live Patch 23 for SLE 12 SP4)

• Ubuntu 5635-1: Linux kernel (GKE) vulnerabilities

• Federal cyber mandates for water infrastructure are too costly to implement, experts tell Hill panel

• DISA plans further updates to DEOS support notice

• Cybersecurity is Front and Center in Coast Guard Reauthorization Bill

• Optus security breach compromises customers’ passport details

• 5 tips to help children navigate the internet safely

• New ‘Wolfi’ Linux Distro Focuses on Software Supply Chain Security

• Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks

• Morgan Stanley fined millions for selling off devices full of customer PII

• Iranian Hackers Hid in Albanian Networks for Over a Year

• Twitter Password Reset Bug Exposed User Accounts

• Cyber Mercenary Group Void Balaur Continues Hack-For-Hire Campaigns

• Hackers Deploy Malicious OAuth Apps to Compromise Email Servers, Spread Spam

• How Europe Is Using Regulations to Harden Medical Devices Against Attack

• Cyberattackers Compromise Microsoft Exchange Servers via Malicious OAuth Apps

• Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners

• Unscrambling Cybersecurity Acronyms: The ABCs of EDR and MEDR Security

• A disgruntled developer is the alleged source of the leak of the Lockbit 3.0 builder

• CISA adds Zoho ManageEngine flaw to its Known Exploited Vulnerabilities Catalog

• Anonymous claims to have hacked the website of the Russian Ministry of Defense

• How to integrate Red Hat Advanced Cluster Security for Kubernetes with ServiceNow

• Mobile Ransomware: The Next Step for Cybercriminals

• Best 10 SIEM Tools to Fuel Up Your Threat-Hunting Grind

• Vulnerable children’s identities used in tax fraud scheme

• WEBGAP Launches Remote Browser Isolation Platform for Universities

• LATEST CYBERTHREATS AND ADVISORIES – SEPTEMBER 23, 2022

• Report: 90% of orgs have software security checkpoints in their software development lifecycle (SDLC)

• NSA and CISA: Here’s how hackers are going after critical systems, and what you need to do about it

• LogicGate Risk Cloud: Product review

• CISA Warns of Zoho ManageEngine RCE Vulnerability Exploitation

• “Left and Right of Boom” – Having a Winning Strategy

• BIND Updates Patch High-Severity Vulnerabilities

• August 2022 Cyber Attacks Statistics

• How to Create the Best Resume to Apply for Job Interviews in 2022?

• How DeFiChain gives DeFi a major boost with innovative decentralized assets

• High Severity IDOR Bugs inCNCF ‘Harbor’ Project by VMware

• SUSE: 2022:3341-1 important: dpdk

• Linus Torvalds: Rust will go into Linux 6.1

• Decreasing ad revenue, iOS 14.5 make case for programmatic SEO

• DOT, SBA and others team up to attract new entrants to the federal market

• Investigators tap data, tech, tipsters to root out fraudsters

• Experts: Today’s public health crises are just the beginning

• SecTor 2022: The IoT Hack Lab is Back!

• SEC fines Morgan Stanley Smith Barney $35 million over failure to secure customer data

• European Spyware Investigators Criticize Israel and Poland

• NATO’s Team in Albania to Help on Iran-Alleged Cyberattack

• Data Breach at Australian Telecoms Firm Optus Could Impact Up to 10 Million Customers

• Cybercriminals launching more MFA bypass attacks

• Unpatched Python Library Affects More Than 300,000 Open Source Projects

• Quantify Risk, Calculate ROI

• Wintermute DeFi Platform Offers Hacker a Cut in $160M Crypto-Heist

• Microsoft Releases Out-of-Band Security Update for Microsoft Endpoint Configuration Manager

• Hackers Using Fake CircleCI Notifications to Hack GitHub Accounts

• The U.S. and its allies are joining forces on chips. That could stop China reaching the next level

• Tax refund phish logs keystrokes to swipe personal details

• Scammers send fake ‘Energy Bills Support Scheme’ texts

• 5 things to teach your kids about social media

• San Francisco cops can use private cameras to live-monitor ‘significant events’

• Alert: 15-year-old Python tarfile flaw lurks in ‘over 350,000’ code projects

• HoneyPoC is Dead – Long Live Disinformation

• Details of Over 300,000 Russian Reservists Leaked, Anonymous Claims

• Neglecting Open Source Developers Puts the Internet at Risk

• Researchers Uncover New Metador APT Targeting Telcos, ISPs, and Universities

• Surge in Magento 2 template attacks exploiting the CVE-2022-24086 flaw

• Hackathon Finds Dozens Of Ukrainian Refugees Trafficked Online

• Insider Threats Play A Larger Role In Security Incidents

• Apparently Europol Is Hoarding Personal Data

• Sony Reintroduced A PS4 Bug On PS5 Which Could Have Led To A Jailbreak

• Previously Undisclosed OLC Opinions Illuminate the Growth of Executive Power

• Microsoft Exchange Hack

• SaaS Eliminates Barriers to Applying Security Controls to Your Entire AWS and Azure Data Repository

• Multi-Million Dollar Global Credit Card Scam Exposed

• Ericsson Still Provides Support Services To Russia

• Florida Seeks Supreme Court Ruling On Social Media Law

• Optus Warns Cyberattack Compromised Data Of 10 Million Customers

• Report: 84% of U.S. citizens have experienced social engineering attacks

• New Firmware Vulnerabilities Affecting Millions of Devices Allow Persistent Access

• Mitigating Risk and Communicating Value in Multicloud Environments

• Microsoft Looks to Enable Practical Zero-Trust Security With Windows 11

• Python Vulnerability, Quotes From Tenable

• LATEST CYBERTHREATS AND ADVISORIES – SEPTEMBER 23, 2022

• AttachMe – Oracle Patches “Severe” Vulnerability in its Cloud Infrastructure

• Is This The Crypto Winter or a Huge Discount?

• How To Optimize and Modernize Threat Exposure Management

• Google Debugs, JFrog Jumps Code, Confidential Kubernetes, Meta-PyTorch

• Netiquette: Is it OK to share pictures of someone else’s kids online?

• Senators float plan to authorize local-level federal executive boards

• Dashboard showcases local-level census data

• Pay-per-install services provide access to thousands of compromised computers

• Security Data Lakes Emerge to Address SIEM Limitations

• Sophisticated Hermit Mobile Spyware Heralds Wave of Government Surveillance

• Threat Actor Abuses LinkedIn’s Smart Links Feature to Harvest Credit Cards

• Trump Special Master Review: Enter Dearie

• 2022-09-21 – IcedID (Bokbot) with Cobalt Strike

• Software Supply Chain Security Guidance for Developers

• Australian Telecoms company Optus discloses security breach

• Diving Deeper to Understand the Windows Event logs for Cyber Security Operation Center (SOC)

• How to Secure Your APIs

• Thinking Like a Hacker: Abusing Stolen Private Keys

• GTA 6: Massive footage leak

• Focus on digital equity in broadband push, official urges

• NSA, CISA Explain How Threat Actors Plan and Execute Attacks on ICS/OT

• The Future of Endpoint Management

• Seven-Year Mobile Surveillance Campaign Targets Uyghurs

• Cyber Insurers Clamp Down on Clients’ Self-Attestation of Security Controls

• Hackers Paralyze 911 Operations in Suffolk County, NY

• Iranian State Actors Conduct Cyber Operations Against the Government of Albania

• Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

• Firing Your Entire Cybersecurity Team? Are You Sure?

• Twitter Password Reset Bug Uncovered User Accounts

• Morgan Stanley Sanctioned for Exposing Information of 15 Million Customers

• Crypto Market Maker Wintermute Hacked, $160 Million Stolen

• SUSE: 2022:2340-1 suse/sles/15.4/virt-handler Security Update

• SUSE: 2022:2342-1 suse/sles/15.4/libguestfs-tools Security Update

• Why MFA matters: These attackers cracked admin accounts then used Exchange to send spam

• NSA Reveals “Hackers’ Playbook” for OT Attacks

• Ransomware Groups Turn to Intermittent Encryption to Speed Attack Times

• Data Scientists Dial Back Use of Open Source Code Due to Security Worries

• Fake Indian Banking Rewards Apps Targeting Android Users with Info-stealing Malware

• Void Balaur Hackers-for-Hire Targeting Russian Businesses and Politics Entities

• CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability

• Android Banking Users Targeted With Fake Rewards Phishing Scam

• Critical ManageEngine RCE flaw is being exploited (CVE-2022-35405)

• Optus Falls Victim to Security Breach

• Keeping secrets safe off prem

• Google offers Artificial Intelligence-based Interview Warmup for new job seekers

• Guide to Performing Internal Social Engineering Testing

• openSUSE: 2022:10129-1 important: virtualbox

• SUSE: 2022:2341-1 suse/sles/15.4/virt-launcher Security Update

• SUSE: 2022:2343-1 suse/sles/15.4/virt-operator Security Update

• Android System WebView

• Hackers Using Malicious OAuth Apps to Take Over Email Servers

• Mass email campaign with a pinch of targeted spam

• Finding Out What Russians Think—Without Asking Them

• Microsoft induces several security features into Windows 11

• How “Long-Sightedness” Can Improve Security and Fraud Programs

• Microsoft Upgrades Windows 11 With New Security Features

• Europol “Hackathon” Identifies Scores of Human Trafficking Victims

• TAP Air Portugal – 5,067,990 breached accounts

• Azure Payment HSM achieves PCI PIN certification offering customers secure digital payments solutions in the cloud

• Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows ?

• California legalizes human composting

• Morgan Stanley to Pay $35M Fine for Exposing Information of Millions of Customers

• Multiple Vulnerabilities Discovered in Dataprobe’s iBoot-PDUs

• Don’t Wait for a Mobile WannaCry

• Iranian State Actors Conduct Cyber Operations Against the Government of Albania

• Risk management focus shifts from external to internal exposure

• Tackling the weaknesses of smart buildings’ technology

• The art and science behind Microsoft threat hunting: Part 2

• Russia- Linked Sandworm Enacted Ukrainian Telecoms for Injecting Malicious Code

• Elasticsearch TLS Activation: X-Pack Security

• Math could help crack forensic genetic cases 10x faster

• Privacy watchdog steps up fight against Europol’s hoarding of personal data

• 15-Year-Old Python Flaw Slithers into Software Worldwide

• Email Phishing Attack Revealed by American Airlines

• ChromeLoader: Microsoft, VMware Warns of the New Malware Campaigns

• Your guide to pay and benefits during a shutdown

• SIM Swapper Abducted, Beaten, Held for $200k Ransom

• New infosec products of the week: September 23, 2022

• How to keep public cloud data secure

• 8 blockchain security issues you are likely to encounter

• 6 Necessary Features of SIEM Alternatives

• Elon Musk, Tesla Set To Reveal ‘Optimus’ Robot Prototype

• NCSC: British Retailers Need to Move Beyond Passwords

• 350K Open-Source Projects At Risk of Supply Chain Vulnerability

• Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign

• How does identity crime affect victims?

• Mitigating the cybersecurity crisis for the school year ahead

• SIEM vs Log Management – Definitions, Features, Capabilities, and Deployment

• Malwarebytes blocks Google, YouTube as malware

• HackNotice Releases New Whitepaper Series “The Password is Not Dead (and Will Never Die)”

• Phosphorus Announces New Partnership with Dewpoint to Expand Its xIoT Security Solutions and Platform in US Market

• Orange and Netskope Partner on Carrier-class Connectivity and SSE Services for a Secure, Cloud-smart Platform

• Cyberattack Steals Passenger Data From Portuguese Airline

• Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware

• Linux Log Analysis

• Overheard at the SANS Security Awareness Summit 2022

• Thousands of Users Impacted in Revolut Data Breach

• Hundreds of eCommerce Domains Infected With Google Tag Manager-Based Skimmers

• Cobalt Strike gets emergency patch

• Interested in cybersecurity? Join us for Security SOS Week 2022!

• Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet

• Hackers stole $160 Million from Crypto market maker Wintermute

• Finally, a Better U.S. War Crimes Bill. Now What?

• Rockstar Confirm Data Leak, GTA Footage Stolen

• Platform9 Arlon allows developers to deploy and configure a large number of clusters

• Secure Code Warrior Coding Labs helps developers advance their secure coding skills

• ServiceNow unveils new features in Now Platform Tokyo to increase business resilience for organizations

• Phishing Scams Are Targeting Netflix Users

• Vulnerabilities in the iBoot Power Distribution Unit Let Hackers Remotely Shut Down Devices

• Fedora 36: qemu 2022-f0a2695054

• Fedora 36: thunderbird 2022-feb7bdf6b2

• ServiceNow evolves from ITSM, aims to simplify business processes

• Hackers Steal $160 Million From Crypto Market Maker Wintermute

• Ransomware: The Latest Chapter

• U.S. gov adds more Chinese Telecom firms to the Covered List

• Crypto Biz Wintermute Loses $160 Million In Cyber Heist

• US Considers Two More Chinese Carriers Security Threats

• $35 Million Fine For Morgan Stanley After Unencrypted, Unwiped Harddrives Are Auctioned

• ‘I Don’t Care About Cookies’ extension sold to Avast

• Orange and Netskope partner to protect enterprise customers from data loss

• Phosphorus and Dewpoint collaborate to deliver a new generation of xIoT security solutions

• Regula 4306 empowers forensic experts to detect fake and counterfeit documents

• Tesla Megapack Catches Fire In California

• Third-party risk: What it is and how CISOs can address it

• Why Zero Trust Should be the Foundation of Your Cybersecurity Ecosystem

• Crypto Trading Firm Wintermute Loses $160 Million in Hacking Incident

• Cyber Firms Explain Their Ongoing Hacker Group Name Game

• Fake Zoom Sites Deploying Vidar Malware

• iPhone 14 and 14 Pro review: A picture is worth a thousand dollars

• Hackathon finds dozens of Ukrainian refugees trafficked online

• Facebook users sue Meta for bypassing beefy Apple security to spy on millions

• AI model from OpenAI automatically recognizes speech and translates it to English

• Malwarebytes Gets $100M Weeks After Laying Off 14% of Staff

• VA official has ‘deep concerns’ about agency’s electronic health record project

• Researchers Uncover Mysterious ‘Metador’ Cyber-Espionage Group

• 2K games helpdesk abused to spread RedLine malware

• Morgan Stanley’s years-long “extensive failure” to protect customer data ends in huge fine

• Update Firefox and Thunderbird now! Mozilla patches several high risk vulnerabilities

• Medtronic’s MiniMed 600 series insulin pumps potentially at risk of compromise, says FDA

Generated on 2022-09-24 23:55:55.273751

Liked it? Take a second to support IT Security News on Patreon!