IT Security News Daily Summary 2022-10-11

• Verimatrix Recognized as a Sample Vendor in 2022 Gartner® Hype Cycle™ for Application Security

• RedHat: RHSA-2022-6890:01 Important: OpenShift Virtualization 4.8.7 Images

• New Ubuntu Linux Kernel Security Updates Fix 16 Vulnerabilities, Patch Now

• Service Threat Engineering: Taking a Page From Site Reliability Engineering

• Zero trust is critical as more enterprises sacrifice security for speed

• How investing in sustainable infrastructure drives critical business outcomes

• How to choose the best ZTNA vendor for your organization

• Microsoft Patch Tuesday, October 2022 Edition

• How to enable suspicious message alerts and protect yourself from spam in Android 13

• Australia kicks off investigation into Optus data breach

• The 2020-2022 ATM/PoS malware landscape

• Facebook warns of 400 malicious apps that tried to steal your account credentials

• Microsoft Warns of New Zero-Day; No Fix Yet For Exploited Exchange Server Flaws

• BlackByte ransomware uses new EDR evasion technique

• Microsoft Addresses Zero-Days, but Exchange Server Exploit Chain Remains Unpatched

• #ISC2CONGRESS: Congress Speaker: Effective Cybersecurity Takes Collaboration

• Verimatrix Recognized as a Sample Vendor in 2022 Gartner® Hype Cycle™ for Application Security

• White House plans cyber labeling system for IoT devices

• Intelligent transportation management alleviates congestion

• Unemployment fraud cases highlight ‘perfect storm,’ signal need to modernize

• POLONIUM targets Israel with Creepy malware

• Dependency Management Aims to Make Security Easier

• Critical Open Source vm2 Sandbox Escape Bug Affects Millions

• Vulnerability Summary for the Week of October 3, 2022

• Google’s Pixel 7 and Pixel 7 Pro Pack New Android VPN and Tensor G2, Titan M2 Chips

• Microsoft patches Windows flaw exploited in the wild (CVE-2022-41033)

• #ISC2Congress 2022: Approach Cybersecurity as a Science

• Verimatrix Recognized as a Sample Vendor in 2022 Gartner® Hype Cycle™ for Application Security

• AI and Residual Finger Heat Could Be a Password Cracker’s Latest Tools

• Google’s Pixel 7 and Pixel 7 Pro Pack New Android VPN and Tensor G2, Titan M2 Chips

• Microsoft Releases October 2022 Security Updates

• GCHQ Boss Jeremy Fleming Warns Of China Tech Threat

• Ransomware Group Uses Vulnerability to Bypass EDR Products

• Microsoft Releases October 2022 Security Updates

• Rising premiums, more restricted cyber insurance coverage poses big risk for companies

• Verimatrix Recognized as a Sample Vendor in 2022 Gartner® Hype Cycle™ for Application Security

• Debian LTS: DLA-3147-1: twig security update

• Patch Tuesday: Critical Flaws in ColdFusion, Adobe Commerce

• Critical Fortinet vulnerability under active exploitation

• Intel Processor UEFI Source Code Leaked

• OT Cybersecurity Leader Paul Brager Passes Away

• CISA Has Added One Known Exploited Vulnerability to Catalog

• CISA Has Added One Known Exploited Vulnerability to Catalog

• BazarCall Callback Phishing Attacks Constantly Evolving Its Social Engineering Tactics

• Verimatrix Recognized as a Sample Vendor in 2022 Gartner® Hype Cycle™ for Application Security

• The best Ring & Blink deals for Prime Day October

• Privacy Enhancing Technology Is Crucial for Cybersecurity When Hybrid Working

• Protecting Government Data at The Intersection of Zero Trust and Open Source

• Protecting The Enterprise in The Digital Era

• BlackByte Ransomware Exploits Vulnerable Windows Driver To Escape Detection

• Intel, Google Co-Designed Data Centre E2000 Chip

• How the US Government is Fighting Back Against Ransomware

• How Estonia paved the way for e-government

• My COVID – and a thank you to our scientists and our government

• Move over Patch Tuesday – it’s Ada Lovelace Day!

• Toyota Reveals Data Leak of 300,000 Customers

• It’s Time to Make Security an Innovation Enabler

• Caffeine, a new Phishing-as-a-Service toolkit available in the underground

• Skybox Security Unveils Industry’s First SaaS Solution for Security Policy and Vulnerability Management Across Hybrid Environments

• Sinclair Broadcast Group, ONE Media 3.0, and Bally Sports Executives to Speak at NAB Show, New York

• Appgate and Illumio Announce the Industry’s First Joint Zero Trust Network Access and Zero Trust Segmentation Solution to Reduce Risk Across Hybrid Infrastructure

• As Cloud Becomes the Norm, a New Study from The Hackett Group Quantifies Broad Business Value Beyond Cost, Including Increased Innovation, Faster Time to Market and Enhanced Cybersecurity

• PCI DSS v4.0

• Enhance Cyber Defense with 2022 Cybersecurity Trends

• RedHat: RHSA-2022-6875:01 Important: kpatch-patch security update

• RedHat: RHSA-2022-6872:01 Important: kernel security update

• SUSE: 2022:3563-1 moderate: libgsasl

• SUSE: 2022:3561-1 moderate: libgsasl

• How much are people without high-speed internet willing to pay for it?

• Kata Containers 3’s marriage of virtual machines and containers continues

• LinkedIn scams, fake Instagram accounts hit businesses, execs

• Cybersecurity Survey of State CISOs Identifies Many Positive Trends

• Proposed SEC Disclosure Rules Could Transform Cyber-Incident Response

• Delinea Releases ‘Cloud Server Privilege Management for Dummies’ eBook

• Meta Uncovers 400 Malicious Apps On Android And iOS

• Armis added to Google Cloud Marketplace

• RCE Vulnerability patched in vm2 Sandbox

• Announcing This Year’s (ISC)2 Global Achievement Award Recipients – Part 1

• MetricStream’s GRC Summit 2022 Brings Together Global Experts to Showcase How to Thrive in a Rapidly Changing Risk and Regulatory Environment

• The Evolution of Digital Banking Authentication – Part 2 – The Digital Banking Revolution

• Fortinet Warns Of Critical Flaw In Its Security Appliance OSes, Admin Panels

• iPhones Calling 911 From Owners’ Pockets On Rollercoasters

• Google Makes Major Play For Cloud Security Market

• U.S. Influence Operations: The Military’s Resurrected Digital Campaign for Hearts and Minds

• Talking to our Team about Cybersecurity Careers, on Ada Lovelace Day

• How Ransomware Turned Into the Stuff of Nightmares for Modern Businesses

• 6 Human Errors That Become Windows For Cybersecurity Breaches

• Toyota Discloses Data Breach Impacting Source Code

• IT Bosses Cancel, Delay Projects As Workload Rises, SnapLogic Finds

• SUSE: 2022:3562-1 moderate: libgsasl

• SUSE: 2022:3560-1 important: snakeyaml

• China is using tech to grow its influence, warns UK spy chief

• Automotive Security Threats Are More Critical Than Ever

• Siemens Not Ruling Out Future Attacks Exploiting Global Private Keys for PLC Hacking

• A New Wave of PayPal Invoice Scams Using Crypto Disguise

• High-Value Targets: String of Aussie Telco Breaches Continues

• Stairwell Announces $45M Series B Funding Round

• DigiCert Root CA Approved for Matter Device Attestation by Connectivity Standards Alliance

• Skybox Security Unveils Industry’s First SaaS Solution For Security Policy and Vulnerability Management Across Hybrid Environments

• Why a Resilient Content Delivery Network (CDN) is Key to Website Performance

• China could use Digital Yuan to swerve Russia-style sanctions

• Phishing-as-a-Service Platform Lets Anyone Launch Own Phishing Campaigns

• Thoma Bravo acquires ForgeRock for $2.3 billion

• Everest Gang Puts $200K Price Tag on ESKOM Stolen Data

• US Government Contemplates on Launching Cyber Insurance Program to Help Private Insurance Firms

• Apple Store Staff Down Under Vote To Strike

• LofyGang Cybercrime Group Used 200 Malicious NPM Packages for Supply Chain Attacks

• Oort Raises $15 Million for Identity Threat Detection and Response Platform

• Outpost24 Announces Expansion of Penetration Testing Offerings to North America

• What Can a Secretive Funding Authority Tell Us About the Pentagon’s Use of Force Interpretations?

• Password Managers Can Protect Your Online Security

• KillNet: Pro-Russian Threat Actors Claims Responsiblity for 14 DDoS Attacks on U.S. Airports

• Auth bypass bug in FortiOS, FortiProxy is exploited in the wild (CVE-2022-40684)

• GitLab Cloud Seed lets developers deploy web apps to Google Cloud

• Cohesity founder, new CEO discuss data management strategy

• PC Shipments Declined 15 Percent In Q3, Warns IDC

• SUSE: 2022:2512-1 suse/sle-micro/5.1/toolbox Security Update

• Fedora 35: seamonkey 2022-c170581b99

• Fedora 36: rubygem-pdfkit 2022-3ec8272e72

• How Google Cloud is protecting the software supply chain in its increasing complexity

• Google Cloud rebrands Siemplify to Chronicle Security Operations

• Google is trying to solve the software supply chain security problem

• Fortinet Confirms Zero-Day Vulnerability Exploited in One Attack

• Toyota Discloses Data Breach Impacting Source Code, Customer Email Addresses

• Intel Confirms UEFI Source Code Leak as Security Experts Raise Concerns

• Researchers Warn of New Phishing-as-a-Service Being Used by Cyber Criminals

• The Latest Funding News and What it Means for Cyber Security in 2023

• Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox

• Data Transparency and its Impact on Customer Trust

• Inserting a Backdoor into a Machine-Learning System

• Google Cloud launches Confidential Space to enhance joint data analysis and ML model training

• If you’re wondering why Google blew $5b on Mandiant, this may shed some light

• Google launches new supply chain security offerings

• Major US Airports’ Sites Are Down, Pro-Russian Hackers Claim the Attack

• Fedora 35: rubygem-pdfkit 2022-6da143f1a2

• #ISC2Congress: Cybersecurity Pros Must Prepare for Emerging Deepfake Threats

• This Thermal Attack Can Crack Your Password in Just a Few Seconds

• Three Key Takeaways from Microsoft Ignite

• Check Point Software Welcomes LearnQuest to the ATC Partner Program

• Calls for Better Microsoft Teams Backup as Confidential Info Sent on the Platform

• Experts analyzed the evolution of the Emotet supply chain

• Fortinet warns of critical flaw in its security appliance OSes, admin panels

• Apple iPhone 15 To Feature USB-C, Says Noted Leaker

• SUSE: 2022:2507-1 suse/389-ds Security Update

• SUSE: 2022:2515-1 suse/sle-micro/5.2/toolbox Security Update

• Cloud security is the new battle zone

• Google’s hackers: Inside the cybersecurity red team that keeps Google safe

• Toyota Suffers from Data Leak

• BYOD security rests on personnel accountability management

• IronVest bets on biometric AI to stop identity theft

• Pro-Russian Group KillNet Claims Responsibility for 14 US Airport DDoS Attacks

• Zimbra Collaboration Suite Vulnerable Due to Unpatched RCE Flaw

• RedHat: RHSA-2022-6854:01 Moderate: gnutls and nettle security, bug fix,

• RedHat: RHSA-2022-6856:01 Moderate: rh-ruby27-ruby security, bug fix,

• RedHat: RHSA-2022-6855:01 Moderate: rh-ruby30-ruby security, bug fix,

• SUSE: 2022:2505-1 suse/sle-micro/5.3/toolbox Security Update

• 8 Ways To Improve The Cybersecurity Of Your Business

• Can IAM help save on cyber insurance?

• DeepFakes Are The Cybercriminal Economy’s Latest Business Line

• Meta Published A List of 400+ Malicious Apps that Steal Log-in Information

• Looking for adding new detection technologies in your security products?

• Researchers Detail Malicious Tools Used by Cyber Espionage Group Earth Aughisky

• Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug

• Toyota discloses accidental leak of some customers’ personal information

• DeepFakes Are The Cybercriminal Economy’s Latest Business Line

• Callback Phishing Attack Tactics Evolved – Successful Attack Drops Ransomware

• Russia Killnet Hacking Group disrupts US Air Travel websites

• 2FA is over. Long live 3FA!

• Generational Equity Advises Computers & Networks in its Sale to eResources

• CORRECTING and REPLACING Endeavour Taps Dispersive to Deliver Network Cybersecurity for Sustainable Infrastructure Across North America and Europe

• Cyber Attack news headlines trending on Google

• Debian LTS: DLA-3146-1: isc-dhcp security update

• How government organizations can stay steps ahead of attackers

• Optus data breach prompts pincer movement of twin regulatory probes

• NetWitness Names Tod Ewasko as Chief Product Officer

• Penetration testing is in the eye of the beholder

• NetSPI’s blockchain penetration testing service helps organizations protect blockchain solutions

• An introduction to Kali Linux

• Cybercriminals are having it easy with phishing-as-a-service

• Castle Shield Typhos 3.0 provides users with end-to-end encrypted audio/video capabilities

• EDR is not a silver bullet

• Mystery iPhone update patches against iOS 16 mail crash-attack

• The Seven Main Phishing Lures of Cybercriminals

• UK Spy Chief to Warn of ‘Huge’ China Tech Threat

• RemotePC mobile access allows users to access their remote computers from any iOS or Android device

• That thing to help protect internet traffic from hijacking? Here’s how to break it

• Toyota dev left key to customer info on public GitHub page for five years

• Ubuntu 5669-2: Linux kernel vulnerabilities

• Debian LTS: DLA-3145-1: git security update

• A week in security (October 3 – 9)

• White House unveils Blueprint for an AI Bill of Rights

• Teen talk: What it’s like to grow up online, and the role of parents: Lock and Code S03E21

• Ubuntu 5667-1: Linux kernel vulnerabilities

• Ubuntu 5668-1: Linux kernel vulnerabilities

• Ubuntu 5669-1: Linux kernel vulnerabilities

• Russia-linked Hackers Launch DDoS Attacks on U.S. Airport Websites

• Allurity acquires CSIS Security Group to expand its services into new markets

• ALTR promotes James Beecham to CEO

• #ISC2CONGRESS 2022: Lessons from a Ransomware Attack

• Report: 76% of organizations have had an API security incident in the past year

• Steam account stolen? Here’s how to get it back

• Post Compilation

• IT Security News Daily Summary 2022-10-10

• Zoom Phishing Scam Steals Microsoft Exchange Credentials

• Ubuntu 5665-1: PCRE vulnerabilities

• The best Ring & Blink deals for October Prime Day

• Emotet Rises Again With More Sophistication, Evasion

• Business Owner Says Facebook Unnecessarily Blocking Ads For Charity

• US Airports in Cyberattack Crosshairs for Pro-Russian Group Killnet

• CVE-2022-40684 flaw in Fortinet products is being exploited in the wild

• Debian LTS: DLA-3143-1: strongswan security update

• Debian LTS: DLA-3144-1: connman security update

• Ubuntu 5666-1: OpenSSH vulnerability

• US Airport Websites Hit by Suspected Pro-Russian Cyberattacks

• #ISC2Congress 2022: Empowering the Cyber Community

• Zimbra RCE Bug Under Active Attack

• Cyware Grows Marketing Leadership in North America with Industry Veteran New Hires

• Stellar Cyber Provides Customers with Enhanced Security Operations

• SUSE: 2022:3553-1 important: python

• New macOS Vuln Lets Malicious Apps Bypass Security Checks

• Pro-Putin goons claim responsibility for blowing US airport websites offline

• Endor Labs Joins Race to Secure Software Supply Chain

• Ukraine Enhances Cooperation With EU Cybersecurity Agencies

• Houlihan Lokey Expands its Cybersecurity Coverage Capabilities

• Endor Labs Launches with $25M Seed Financing to Tackle Massive Sprawl of Open Source Software (OSS)

• Hyve Solutions promotes Gina Rugani to Chief Operating Officer

• Castle Shield Holdings, LLC Announces the Addition of Secure End-to-End Encrypted Audio/Video Capabilities to Its Secure Communications App, Typhos

• Endpoint Detection and Response – you need it on mobile devices too

• Debian LTS: DLA-3142-1: dbus security update

• Linus Torvalds’s Faulty Memory (RAM, not wetware) Slows Kernel Development

• Protests In Iran: State-Run Live TV Hacked By Protestors

• It’s 2022 and netizens are only now getting serious about cybersecurity

• Pavel Durov: Users Must Cease Using WhatsApp Since it’s a Spying Tool

• GitHub: Repositories Selling Fake Microsoft Exchange Exploits

• Child Protection Scot Cop Alarmed Parents Towards Online Crimes

• ADATA: RansomHouse Cyberattack Result of a Leak of 2021 Data

• Intel Confirms Source Code Leak

• Intel Alder Lake BIOS code leak may contain vital secrets

• LATEST CYBERTHREATS AND ADVISORIES – SEPTEMBER 23, 2022

• Revation Systems Announces Company Name Change to LinkLive; Reaffirms Commitment to Transform Customer Engagement

• Real Talk with CCSPs: An interview with Jonas Björk, CCSP

• Debian LTS: DLA-3141-1: wordpress security update

• Protecting your assets in the cloud

• Why data loss prevention (DLP) matters in a zero-trust world

• Red Hat backs CNCF project, spills TEE support over Kubernetes

• Security Challenges for your Internet Linked Devices

• Unpatched Zimbra Flaw Lets Hackers Backdoor Servers

• Singtel Confirms Digital Burglary At Dialog Subsidiary

• German Cybersecurity Chief Accused of Russian Contact Faces Sacking

• Multilingual Cybersecurity Awareness Training adapted for your needs

• New Cyber Bill Aims To Fix Open-Source Security in Government

• The Most Important Things you Can do to Quickly Secure Ubuntu Linux

• Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky

• Pro-Russia group KillNet targets US airports

• Pro-Russian KillNet Group Accused of DDoS Attacks on US Airports

• Documents needed to buy a property in St Kitts

• Binance Hit By $570m Crypto Theft

• I’m now a Microsoft Most Valuable Professional!!

• Critical Zimbra RCE Vulnerability Exploited in Attacks

• State Bar of Georgia Confirms Data Breach Following Ransomware Attack

• ThermoSecure: Cracking Passwords Using Finger Heat on Keyboards is Now Possible

• Finding the Sunshine in Cyber – In conversation with Stuart Avery

• Hacktivist Groups Get Involved in Iranian Protests

• Endor Labs offers dependency management platform for open source software

• Threat Modeling Firm IriusRisk Raises $29 Million

• Serious Security: OAuth 2 and why Microsoft is finally forcing you into it

• Top 10 Biggest Gaming Tournaments in the World

• Ways Technology Has Changed the Workplace Environment

• Binance Bridge Hit by $560 Million Hack

• Iran State-Run TV’s Live Transmission Hacked by Edalate Ali Hackers

• What You Should Know About the Honda Key Fob Vulnerability

• 6 Things Every CISO Should Do the First 90 Days on the Job

• New Report Uncovers Emotet’s Delivery and Evasion Techniques Used in Recent Attacks

• Stellantis Signs Deal For EV Battery Nickel, Cobalt

• State CISOs must cooperate more with locals on threats, report says

• Second Australia-Based Singtel Subsidiary Hacked

• Several Horner PLC Software Vulnerabilities Allow Code Execution via Malicious Font Files

• The head of the Federal Cyber Security Authority (BSI) faces dismissal

• Optus Parent Company Singtel Now Also Confirms Data Breaches

• Why we all Need a Password Manager

• Unpatched Zimbra RCE bug exploited by attackers (CVE-2022-41352)

• Social Engineering Strategies Used in Callback Phishing Attacks Are Evolving

• Want open-source security? Focus on app dependencies

• Windows 11 Now Offers Automatic Phishing Protection

• Rivian Recalls Nearly All Vehicles Over Safety Issue

• Ubuntu 5371-3: nginx vulnerability

• It’s 2022 and consumers are only now getting serious about cybersecurity

• Critical Remote Code Execution Vulnerability Found in vm2 Sandbox Library

• Cybersecurity Re-Launchers: Pivoting into Cybersecurity as a Mid-Career Professional

• When It Comes to M&A, Security Is a Journey

• A critical vulnerability in vm2 Allow a Remote Attacker to Escape The Sandbox

• Amazon To Invest 1bn Euros In Europe Electric Fleet

• Amazon Halts Scout Delivery Robot Trials

• This ‘thermal attack’ can read your password from the heat your fingertips leave behind

• How to Protect Yourself If Your School Uses Surveillance Tech

• Leaked Alder Lake BIOS Source Code, Confirmed Authentic by Intel

• Australian cellphone owners at risk of identity theft

• Blackbyte Ransomware Bypass EDR Security Using Drive Vulnerability

• Intel Confirms Leak of Alder Lake BIOS Source Code

• Complex Impersonation Story

• German Cybersecurity Chief to be Sacked Over Alleged Russia Ties: Sources

• Fortinet Customers Told to Urgently Patch Remotely Exploitable Vulnerability

• Android Security Updates Patch Critical Vulnerabilities

• German Cybersecurity Chief Faces Sacking Over Possible Russia Ties

• Hackers Steal $100 Million Cryptocurrency from Binance Bridge

• The Effect Of Technology On Online Gaming In Hungary

• Singtel confirms digital burglary at Dialog subsidiary

• US Targets China Semiconductor Industry With Raft Of Measures

• Tesla Sales Hit Monthly High In China Amidst Taiwan Criticism

• 91% of Cyber Pros Experience Mental Health Challenges at Work

• Kaspersky Warns Of A New Wave Of Malicious Email Campaign, Spreading The Qbot Malware

• Critical vm2 sandbox escape flaw uncovered, patch ASAP! (CVE-2022-36067)

• Facebook Login Details at Risk as Meta Identifies Over 400 Malicious Apps

• Solana Phantom Targeted by Password-Stealing Malware

• Fake Ransomware Widespreaded by Malicious Adult Websites

• Critical Zero-Day Vulnerability Found In Zimbra Collaboration Suite

• Criminal multitool LilithBot arrives on malware-as-a-service scene

• Security and privacy features in macOS Ventura

• How do you protect your online systems? Cultivate an insider threat

• Dark web carding site BidenCash gives 1.2M payment cards for free

• Software developers, how secure is your software ?

• Mastercard moves to protect ‘risky and frisky’ crypto transactions

• Hackers Target Desperate Homebuyers Using A Dumb Campaign That Works Every Time

• Purpose-based access control: Putting data access requests into context

• Microsoft Teams: A channel for sensitive business information sharing that needs better backup

• Lack of transparency, systemic risks weaken national cybersecurity preparedness

• Increasing network visibility is critical to improving security posture

• Harvard Business Publishing licensee hit by ransomware

• Board members should make CISOs their strategic partners

• Ransomware being distributed through Gaming and Adult Websites

• SingTel confirms another data breach after Optus Cyber Attack

• Latest Cyberthreats and Advisories – September 30, 2022

• Blackpoint Cyber launches product updates to help partners stay ahead of cyberthreats

• Veracode launches Container Security offering to meet the needs of cloud-native DevOps teams

• Exabeam Ranked #23 on Newsweek’s List of the Top 100 Most Loved Workplaces For 2022

• Fedora 37: poppler 2022-fcb3b063a6

Generated on 2022-10-11 23:55:36.314638