IT Security News Weekly Summary – Week 20

• IT Security News Daily Summary 2022-05-22

• Web Tracker Caught Intercepting Online Forms Even Before Users Hit Submit

• New MITRE Framework For Supply Chain Security

• Global Food Supply Chain Threatened By Hackers

• Evasive Bots Driving Online Fraud: 2022 Report

• Conti Ransomware Shuts Down Operation, Rebrands Into Smaller Units

• Ubuntu Desktop & Windows 11 Hacked – Pwn2Own Day 3

• Security Affairs newsletter Round 366 by Pierluigi Paganini

• Dragos CEO Robert M. Lee to Address Global Audience on Criticality of Industrial Cybersecurity at the World Economic Forum Annual Meeting in Davos, Switzerland

• Evolv Technology Appoints New Chief Financial Officer

• Socure Reports Hypergrowth with 236% Increase in Customers, Rapid Scale Across web3, Online Gaming, FinTech, Marketplaces, and Public Sector

• NATO Must Get Resilience Right to Withstand Russia and China

• North Korea-linked Lazarus APT uses Log4J to target VMware servers

• Even When Switched Off, iPhones are Vulnerable to Attack

• Microsoft Reveals Massive Surge in XorDdos Attacks on Linux Devices

• How to Limit Who Can Contact You on Facebook

• Media giant Nikkei Suffers Ransomware Attack

• Mozilla Releases Firefox 100.0.2 With Critical Security Fixes

• The Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000

• Week in review: VMware critical fixes, Bluetooth LE flaw unlocks cars, Kali Linux 2022.2

• Workato expands leadership team with new appointments

• BigBear.ai names Tony Barrett as President of the Cyber and Engineering Sector

• Asian media company Nikkei suffered a ransomware attack

• CyberSheath launches partner program to help DIB companies achieve CMMC compliance

• IT Security News Daily Summary 2022-05-21

• 5 Casual Games You Can Play on Your Mobile Browser Now

• Pwn2Own 2022: Windows 11, Ubuntu, Firefox, Safari, Tesla and more hacked

• Payment Gateway Firm Razorpay Loses ₹7.3 Crore in Cyber Fraud Incident

• (Saas): What Is It And What Are Its Advantages?

• The Emergence of Physically Mediated Cyberattacks?

• America’s small businesses aren’t ready for a cyberattack

• A Short Guide to Understanding the Exciting Realm of Fintech

• Russia-linked Sandworm continues to conduct attacks against Ukraine

• US Reclaimed $15 Million From an Ad Fraud Operation

• North Korean IT Workers Are Infiltrating Tech Companies

• Cisco fixes an IOS XR flaw actively exploited in the wild

• Conti: Russian-backed rulers of Costa Rican hacktocracy?

• Preventing Ransomware Attacks On Industrial Networks

• Interview with Morten Kjaersgaard, CEO of Heimdal Security on How Cybersecurity Businesses are Tackling the Ukraine Crisis

• True Cybersecurity Requires a Shift to A Data-Centric Philosophy

• SolarWinds ready to move past breach and help customers manage theirs

• Tesla Model 3, Ubuntu Desktop & Windows 11 Hacked – Pwn2Own Day 2

• Researchers Find Backdoor in School Management Plugin for WordPress

• Report: Cybersecurity Skills Gap Creates Vulnerabilities

• Cisco Issues Patch for New IOS XR Zero-Day Vulnerability Exploited in the Wild

• Cisco Issues Patches for New IOS XR Zero-Day Vulnerability Exploited in the Wild

• Microsoft Warns About New Sysrv Botnet Variant Attacks Web Servers

• Impersonate Local Microsoft Users with msImpersonate

• Microchip Precise Time Scale Systems enables traceability to UTC without depending on GNSS

• Avoiding Risks by Using Secure Online Crypto Platform

• Mozilla patches Wednesday’s Pwn2Own double-exploit… on Friday!

• Castellan Solutions announces integrations with leading emergency notification platforms

• PlainID partners with PwC to help enterprises manage authorization policies

• Microsoft patches the Patch Tuesday patch that broke authentication

• Red River appoints Brian Roach as CEO

• Report: 60% of orgs have experienced data loss due to employee mistakes

• Career paths in cybersecurity: Key skills, salary expectations and job description

• The 5 best secure browsers for privacy in 2022

• What is a cybersecurity degree?

• Best Wi-Fi Security & Performance Testing Tools for 2022

• QNAP warns of a new wave of DeadBolt ransomware attacks against its NAS devices

• NTU Singapore and CSA Singapore open security testing centre

• ISACA Risk Starter Kit provides risk management templates and policies

• Amit Serper joins Sternum as Director of Security Research

• Phishing Scam Adds a Chatbot Like Twist to Steal Data

• IT Security News Daily Summary 2022-05-20

• Schools should prep for ransomware with response and comms plans, experts say

• Friday Squid Blogging: Squid Street Art

• Large-Scale Attack Targeting Tatsu Builder WordPress Plugin

• What the U.S. government’s security testing protections mean for enterprises

• SentinelOne vs Palo Alto: Compare EDR software

• Pwn2Own Vancouver 2022 D2

• China-linked Twisted Panda caught spying on Russian defense R&D

• Sandworm deploys new version of ArguePatch malware loader

• Cryptocurrency: secure or not? – Week in security with Tony Anscombe

• Partial Patching Still Provides Strong Protection Against APTs

• Chatbot Army Deployed in Latest DHL Shipping Phish

• The War Over Ukraine—On Wikipedia

• Carbon Black vs. CrowdStrike: EDR software comparison

• Check your privilege: The critical principle for keeping your SaaS data safe

• What the US government’s new CFAA policy means for enterprises

• How XDR can identify and fill the cracks in state and local government’s cybersecurity posture

• Cities that hyped crypto are now contending with the crash

• Quantum Key Distribution for a Post-Quantum World

• What Is DNS Spoofing and How Can You Prevent It?

• The new Air Force Ones are late, so the old planes need more cash, official Says

• Chinese Hackers are Targeting Russian Aerospace Industry

• New DOJ guidance on key hacking law creates carve out for security researchers

• Beware of Fake Windows 11 Downloads Distributing Vidar Malware

• Why you should act like your CEO’s password is “querty”

• Microsoft Rushes a Fix After May Patch Tuesday Breaks Authentication

• Why AI and autonomous response are crucial for cybersecurity (VB On-Demand)

• EPA seeks funding to improve the cybersecurity of America’s water systems

• State and local governments turn to normalizing the ‘new normal’ workplace

• McAfee vs Kaspersky: Compare EDR software

• Pro-Russian Hackers Hit Critical Government Websites in Italy

• All White Hat hackers exempted from US CFAA Prosecution

• Developing Data Security Practices Before, During, and After Cloud Migrations

• USB Devices Redux

• China has signaled easing of its tech crackdown — but don’t expect a policy U-turn

• Energy Department provides $53M for climate change tech

• This app shows you how to make your iPhone more secure better than Apple does

• DoJ: White Hat Hackers Will No Longer Face Prosecution

• Putin Promises To Bolster Russia’s IT Security In Face Of Cyber Attacks

• DOJ Announces It Won’t Prosecute White Hat Security Researchers

• 380K Kubernetes API Servers Exposed To Public Internet

• Strapi Exposed Data, Password Reset To Unprivileged Users

• Global Food Supply Chain At Risk From Malicious Hackers

• The activity of the Linux XorDdos bot increased by 254% over the last six months

• Pwn2Own – Windows 11, Microsoft Teams Hacked & Exploiting 16 Zero-day Bugs

• Microsoft’s out-of-band patch fixes Windows AD authentication failures

• US Government says: Patch VMware right now, or get off our network

• (ISC)² Entry-Level Cybersecurity Certification Pilot Exam Reaches 1,000 Exam Milestone

• Boeing Starliner Launches Successfully, On Route To International Space Station

• Going passwordless: Q&A with Microsoft’s CVP of security, Vasu Jakkal

• Authentication Is Static, Yet Attackers Are Dynamic: Filling the Critical Gap

• Top Technology Trends in Education 2022

• Packaged zero-day vulnerabilities on Android used for cyber surveillance attacks

• Report: Frequency of cyberattacks in 2022 has increased by almost 3M

• Closing the Gap Between Application Security and Observability

• Microsoft patches the patch that broke Windows authentication

• Nikkei Says Customer Data Likely Impacted in Ransomware Attack

• Two business-grade Netgear VPN routers have security vulnerabilities that can’t be fixed

• Nonprogrammers are building more of the world’s software – a computer scientist explains ‘no-code’

• New Brute Force Attacks Against SQL Servers Use PowerShell Wrapper

• New Open Source Project Brings Consistent Identity Access to Multicloud

• Costa Rica’s New Government is Under Attack by a Conti Ransomware Gang

• DoJ Will No Longer Use CFAA to Charge Ethical Hackers

• Introducing new cloud resources page for Cisco Secure Firewall

• Conti Ransomware Shuts Down and Rebrands Itself

• Microsoft Bing censors politically sensitive Chinese terms

• Apple Accused By Union Of Staff Law Violations At NY Store

• Microsoft: This botnet is growing fast and hunting for servers with weak passwords

• Fake domains offer Windows 11 installers – but deliver malware instead

• Does disk encryption slow down your PC? [Ask ZDNet]

• 380K Kubernetes API Servers Exposed to Public Internet

• Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices

• Bluetooth Flaw Allows Remote Unlocking of Digital Locks

• 5 Essential Ways to Improve SDLC Security

• Modern “Smart” Farm Machinery Vulnerable to Cyber-Attackers

• Researchers Uncover Rust Supply-Chain Attack Targeting Cloud CI Pipelines

• Cytrox’s Predator Spyware Target Android Users with Zero-Day Exploits

• Microsoft Bing censors politically sensitive Chinese terms internationally, reports Citizen Lab

• Canada To Join Five Eyes 5G Ban On Huawei/ZTE

• Hackers Exploiting VMware Horizon to Target South Korea with NukeSped Backdoor

• Conti ransomware is shutting down operations, what will happen now?

• Conti ransomware group disbands

• Ransomware Hits Media Giant Nikkei’s Asian Unit

• How To Do A Virus Scan

• From Bitcoin to the Metaverse: The current evolution is a revolution

• 6 Steps for Construction Project Recovery

• UK Sextortion Cases Doubled in 2021

• “Alarming” Surge in Conti Group Activity This Year

• India reaffirms commitment to new cybersecurity rules

• Weekly Update 296

• SSI and FIDO2: Different approaches for a passwordless world

• Protecting data now as the quantum era approaches

• Virtual product placements revealed by streaming platforms

• IT and Security leaders are sharing passwords in shared documents folders

• QNAP storage devices again hit by Deadbolt Ransomware

• Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware

• Canada bans Huawei and ZTE from 5G networks, citing national security risks

• New infosec products of the week: May 20, 2022

• TD SYNNEX Expands Solution Offering with Google Cloud

• LegalShield Partners with NEWITY to Empower, Protect and Equip Small Businesses with Legal Services and Solutions

• Cloud Security Alliance Provides C-level Executives With Best Practices for Deploying Smart Contracts Within an Organization

• (ISC)² Hellenic Chapter Wins Award for Creating Educational Materials

• Endpoint security and remote work

• New DOJ guidance on enforcing hacking laws carves out safe space for security research

• India slightly softens infosec incident reporting and data retention rules

• How to ensure that the smart home doesn’t jeopardize data privacy?

• Email is the riskiest channel for data security

• QNAP Urges Users to Update NAS Devices to Prevent Deadbolt Ransomware Attacks

• Record level of bad bot traffic contributing to rise of online fraud

• The flip side of the coin: Why crypto is catnip for criminals

• Splashtop Enterprise enhancements improve technician and end user communication

• Calix updates its Intelligent Access EDGE platform to secure subscriber-facing network

• QuProtect offers protection against current and future quantum computing threats

• Twitter to hide misleading tweets under new crisis response policy

• Red Hat boosts performance for cloud-native application development with new portfolio updates

• Allegro Network Multimeters 3.5 allows users to analyze TCP down to packet level

• Canada to ban Huawei and ZTE and tell telcos to rip out 5G and 4G equipment

• US won’t prosecute ‘good faith’ security researchers under CFAA

• U.S. Agencies Ordered to Fix Critical VMware Vulnerabilities by Monday

• INKY partners with GoDaddy to enhance email security for businesses

• Cohesity and Palo Alto Networks join forces to improve cyber resilience for organizations

• Living Security and Gradient Cyber deliver awareness training to small businesses and midmarket enterprises

• Intrinsic ID appoints Reed Hinkel as VP of Business Development

• CipherMode Labs raises $6.7 million and launches CipherCore

• Dig emerges from stealth and raises $11 million to secure data in public clouds

• Citrix collaborates with Microsoft to help companies accelerate their digital transformations

• New Bluetooth hack can unlock your Tesla—and all kinds of other devices

• 2 vulnerabilities with 9.8 severity ratings are under exploit. A 3rd looms

• Why you should be using secure DNS on your Chromebook

• Downloading Pwned Passwords Hashes with the HIBP Downloader

• Mitek names Chris Briggs as Head of Product

• Brian Penney joins Blumira as VP of Sales

• Gigamon hires Mark Coates as VP EMEA

• Talon Cyber Security appoints Admiral Mike Rogers to its Board of Advisors

• Mario Espinoza joins Illumio as CPO

• New online hub to help cities apply for federal infrastructure funding

• DOJ’s New CFAA Policy is a Good Start But Does Not Go Far Enough to Protect Security Researchers

• QNAP devices hit by DeadBolt ransomware again

• Deadbolt Ransomware Targeting QNAP NAS Devices

• More Than 1,000 Cybersecurity Career Pursuers Complete the (ISC)² Entry-Level Cybersecurity Certification Pilot Exam

• IT Security News Daily Summary 2022-05-19

• Report: Only 13.6% of tech leaders believe they’ve ‘mastered’ cloud security

• Senators push for $300M boost to TMF

• US Justice Department won’t prosecute white-hat hackers under the CFAA

• Jupiter Plugin Flaws Enable Hackers to Hijack Websites

• Pentagon wants to take the time to get major cloud awards ‘right,’ CIO says

• Two of Peru’s Top ISPs Improve Transparency Practices, While Two Competitors Lag Behind, New Hiperderecho’s Report Shows

• US recovers a record $15m from the 3ve ad-fraud crew

• How a Virginia county wooed Amazon and Boeing

• How to conduct a cyber-war gaming exercise

• Pro-Russian Information Operations Escalate in Ukraine War

• Improved functionality and new features to help enhance the user experience

• The State of Kubernetes Security in 2022

• Red Hat releases open source StackRox to the community

• Pwn2Own 2022 – Windows 11, MS Teams and Firefox Pwned on Day 1

• OPM issues guidance on implementing Trump-era hiring policy

• US Justice Department says it won’t prosecute white-hat hackers under the CFAA

• Small businesses under fire from password stealers

• DoJ Won’t Charge ‘Good Faith’ Security Researchers

• Twitter To Hide Tweets That Share False Information During A Crisis

• PWN2OWN 2022 – Windows 11, MS Teams and Firefox Pwned on Day 1

• Majority of Kubernetes API Servers Exposed to the Public Internet

• Nvidia releases security update for out-of-support GPUs

• Trackers may collect data that you type even before hitting submit

• Miami taps smart tech to verify commercial water use

• Fortinet vs Palo Alto: Comparing EDR software

• Dig Exits Stealth With $11M for Cloud Data Detection and Response Solution

• CrowdStrike vs Sophos: EDR software comparison

• VeeamON 2022: Backup and security union emerges as top trend

• U.S. DOJ will no longer prosecute good-faith security researchers under CFAA

• Boeing Starliner Test Flight Readied For Tonight

• New Robo-Dialing Campaign Lets Users Prank Call Russian Bureaucrats

• Biden says agencies will be ready for hurricane season. But a watchdog is warning of shortfalls

• Researchers Spot Supply Chain Attack Targeting GitLab CI Pipelines

• Pro-Russian Hackers Spread Hoaxes to Divide Ukraine, Allies

• Top SD-WAN Solutions for Enterprise Security

• Google OAuth client library flaw allowed to deploy of malicious payloads

• Legislation promoting cyber collaboration between DHS and states awaits Biden signature

• CISA Issues Emergency Directive for VMware Vulnerabilities

• Private Data of Europeans Shared 376 Times Daily in Ad Sales

• ISG Adds Cybersecurity Pricing Data to ISG ProBenchmark® Platform

• CyberSheath Partner Program Delivers CMMC Compliance Across the Defense Industrial Base

• ServiceNow Named a Leader in Third-Party Risk Management Platforms

• CLOUD: A SHAKESPEAREAN DRAMA?

• How and why you should secure APIs

• New Phishing Attack Targets Windows Systems With Three Infostealers

• New Exploit Emerges For A Previously Patched SharePoint Vulnerability

• Reasons Why Everyone Should Use A VPN

• Serious Command Injection Vulnerability Found In Zyxel Firewalls

• Microsoft Warns of Malware Campaign Targeting SQL Servers Using Brute Force

• How 5G can transform public safety

• Report: Facebook Is Struggling To Remove Videos Of Buffalo Shooting

• Spyware Vendors Target Android With Zero-Day Exploits

• ISC Releases Security Advisory for BIND

• Who is UNC1756 – the hacker threatening Costa Rica?

• Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices

• Cyber Space has become a new domain for warfare, says Microsoft

• ISC Releases Security Advisory for BIND

• New Bluetooth Hack Could Let Attackers Remotely Unlock Smart Locks and Cars

• Hot Glare Of The Spotlight Doesn’t Slow BlackByte Ransomware Gang

• Two Military Satellites Just Communicated Using Space Lasers

• Iran, China-Linked Gangs Join Putin’s Disinformation War Online

• This Russian Botnet Does Far More Than DDoS Attacks – And On A Massive Scale

• Homeland Security Pushes Pause On New Disinformation Board

• September 13 Slated For iPhone 14 Launch – Report

• Twisted Panda: Check Point Research unveils a Chinese APT espionage campaign against Russian state-owned defense institutes

• CISA Releases Analysis of FY21 Risk and Vulnerability Assessments

• Pwn2Own Vancouver 2022 D1: MS Teams exploits received $450,000

• 3 Recommendations to Ensure Your API Security Solution can Drive Data Visibility and Quality

• Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards

• How iPhones can run malware even when they’re off

• Texas Social Media Law Battle Heads To Supreme Court

• See How Dell’s Computer Vision is Reinventing the Fan Experience

• CISA Releases Analysis of FY21 Risk and Vulnerability Assessments

• Powers Trials Commence at Grand Ethiopian Renaissance Dam Despite Stalled Negotiations and Regional Tensions

• Privacy Shield 2.0 —Third Time’s the Charm?

• The Chatter Podcast: “The Man Who Fell to Earth” with Jenny Lumet and Alex Kurtzman

• Israel’s Supreme Court Issues Regressive Judgment on West Bank Deportations

• Can I Trust You? Online Fraud Boom Casts Doubt Over Brands’ Ability To Protect Consumers’ Digital Identities

• Britain Can Legally Launch Cyberattacks Against Hostile States, Experts Reaction

• Texas State Dept. Of Insurance Consumer Data Breach

• Omnicell Suffers Ransomware Attack, Impact To Internal Systems

• Apple Launched a Safety Fix for a Zero-day Flaw

• Automating Alert Triage and Threat Hunting with Intezer + SentinelOne

• Apple spits at Facebook, Google and, oh, the whole internet really

• Cyberattacks and misinformation activity against Ukraine continues say security researchers

• LimaCharlie Banks $5.45 Million in Seed Funding

• QuSecure Lauches Quantum-Resilient Encryption Platform

• Phishers Add Chatbot to the Phishing Lure

• Ransomware Targets Higher Education Institutions

• Iran, China-linked gangs join Putin’s disinformation war online

• Privacy and the 7 Laws of Identity

• Malicious Reconnaissance: What It Is and How To Stop It

• This Russian botnet does far more than DDoS attacks – and on a massive scale

• Threat actors compromising US business online checkout pages to steal credit card information

• S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]

• Microsoft President: Cyber Space Has Become the New Domain of Warfare

• Phishing Attacks for Initial Access Surged 54% in Q1

• 6 Scary Tactics Used in Mobile App Attacks

• How to Decorate a Room With Simple Things

• Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover

• 7 Key Findings from the 2022 SaaS Security Survey Report

• Cardiologist moonlighted as successful ransomware developer

• Apple Loses Senior Executive Over Remote Working Policy – Report

• Report: 80% of cyberattack techniques evade detection by SIEMs

• Cloud Data Security Firm Dig Emerges From Stealth With $11 Million in Funding

• China-linked Space Pirates APT targets the Russian aerospace industry

• VMWare vulnerabilities are actively being exploited, CISA warns

• How Secure is the Bitcoin Blockchain?

• Attackers Can Unlock Tesla Cars and Smart Devices by Exploiting Bluetooth Flaws

• Phishing gang that stole over 400,000 Euros busted in Spain

• QuSecure releases first end-to-end post-quantum solution

• Dig launches cloud data detection and response platform

• Two million Texans have their details exposed

• 10 ways attackers gain access to networks

• Websites that Collect Your Data as You Type

• ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups

• Malicious hackers are finding it too easy to achieve their initial access

• US Recovers $15 Million From Ad Fraud Group

• Specialists Spend a Lot of Time Fixing Security Flaws that Could Have Been Prevented

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Detect Azure AD Hybrid Cloud Vulnerabilities

• UK Can Legally Launch Cyberattacks Against Hostile Nations, Says AG

• The quantum menace: Quantum computing and cryptography

• CISA: Hackers Will Quickly Start Exploiting Newly Patched VMware Vulnerabilities

• Enterprise Data Protection Company Seclore Raises $27 Million

• High-Severity Bug Reported in Google’s OAuth Client Library for Java

• Jupiter Plugin Vulnerabilities Enable Hackers to Hijack Websites

• Data-centric Security: Defense in Depth

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• WFH Unprotected: How Organizations Can Keep Their Employees and Their Business Safer

• A Guide to Identity Theft Statistics for 2022

• Phishing Campaigns featuring Ursnif Trojan on the Rise

• Bad Bots Swarm the Internet in Record Numbers in 2021

• VMware issues critical fixes, CISA orders federal agencies to act immediately (CVE-2022-22972)

• Hot glare of the spotlight doesn’t slow BlackByte ransomware gang

• The Pros and Cons of Sideloading Apps on iOS – Intego Mac Podcast Episode 240

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Patch these vulnerable VMware products or remove them from your network, CISA warns federal agencies

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• LPM hack: Just because an iPhone is powered off doesn’t mean it’s safe

• Microsoft Teams Exploits Earn Hackers $450,000 at Pwn2Own 2022

• Half of IT Leaders Store Passwords in Shared Docs

• What Is a Supply Chain Attack?

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Ransom Demands Surge 45% in 2021

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• The cyber threat isn’t going anywhere, but the fight back starts in London

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Web Trackers Caught Intercepting Online Forms Even Before Users Hit Submit

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws

• Your snoozing iOS 15 iPhone may actually be sleeping with one antenna open

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• VMware Releases Patches for New Vulnerabilities Affecting Multiple Products

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Cyber Attack disrupts core communication systems at Washington Local Schools

• Tesla Chief Elon Musk wants Twitter to eliminate 20% of BOT accounts for cybersecurity reasons

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Many security engineers are already one foot out the door. Why?

• SentinelOne Announces Fiscal First Quarter 2023 Financial Results Conference Call Date and Participation in Upcoming Investor Conference

• CoreStack and Ingram Micro Cloud Come Together to Deliver Next-Gen FinOps and Cloud Governance

• You Can Join the (ISC)² Board of Directors

• What to look for in a vCISO as a service

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• 2022-05-18 – Pcap and malware for ISC diary: EXOTIC LILY –> Bumblebee –> Cobalt Strike

• Prioritize patching vulnerabilities associated with ransomware

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• 46% of organizations still store passwords in shared documents

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• How do DevSecOps professionals feel about security becoming an around the clock job?

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Kali Linux 2022.2 Release With New Hacking Tools & Updates

• Fake news – why do people believe it?

• Deepfence Cloud protects cloud native applications and infrastructure against cybersecurity threats

• Skybox Security unveils cyber risk quantification capabilities to help users prioritize critical threats

• Barracuda Cloud Application Protection enhancements improve web application and API security

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Lacework introduces new features to provide security in Kubernetes environments

• Fusion Risk Management strengthens its offerings for technology and data service providers

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Microchip unveils CEC1736 Trust Shield family to offer protection against rapidly evolving security threats

• Patch your VMware gear now – or yank it out, Uncle Sam tells federal agencies

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Evasive Bots Drive Online Fraud – 2022 Imperva Bad Bot Report

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• SecZetta and Active Cyber help clients optimize their third-party identity governance processes

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• 2022-05-18 – TA578 thread-hijacked emails and ISO example for Bumblebee

• Tenable adds Terrascan to Nessus to enable secure cloud application delivery

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Beth Gaspich joins Forcepoint Board of Directors

• Riskonnect hires David Rockvam as CFO

• Seclore raises $27 million to strengthen enterprise data security

• Imply raises $100 million to address growing need for modern analytics applications

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Armis launches Critical Infrastructure Protection Program

• ThreatX Xcellerate Partner Program enables real-time protection against attacks on APIs and web apps

• Blackpoint Cyber appoints Christine Gassman as Director of Channel Engagement

• Researchers: Tesla Cars, Bluetooth Locks, Vulnerable to Hackers

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• IT Security News Daily Summary 2022-05-18

• Crypto Trading Safety Tips To Keep In Mind

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Report: 88% of business leaders would pay the ransom if hit by a cyberattack

• 5 ways to proactively protect government networks

• Higher education institutions being targeted for ransomware attacks

• Bitdefender vs Kaspersky: EDR software comparison

• Axie Infinity hack highlights DPRK cryptocurrency heists

• CISA to Federal Agencies: Patch VMWare Products Now or Take Them Offline

• MITRE Creates Framework for Supply Chain Security

• VMware fixed a critical auth bypass issue in some of its products

• OGUsers (2021 breach) – 348,302 breached accounts

• BlackBerry Fans – 174,168 breached accounts

• Read Novel (unverified) – 22,424,472 breached accounts

• Meet Wizard Spider, the multimillion-dollar gang behind Conti, Ryuk malware

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• CISA orders agencies to mitigate VMware vulnerabilities under deadline

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• How weaponized ransomware is quickly becoming more lethal

• Why you should install iOS 15.5 now

• CrowdStrike vs McAfee: EDR software comparison

• How Pwn2Own Made Bug Hunting a Real Sport

• This Hacktivist Site Lets You Prank Call Russian Officials

• Microsoft warns of attacks targeting MSSQL servers using the tool sqlps

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• US Warns Firms About North Korean Hackers Posing as IT Workers

• We Finally Have a Federal Fiber Broadband Plan

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Biden administration launches new component to internet expansion

• Sponsored: Helping organizations automate cybersecurity across their digital terrains

• Log4j Vulnerability Puts Enterprise Data Lakes and AI at Risk

• Lacework Integrates Kubernetes Features to Enhance Security Across Multi-Cloud Environments

• CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities

• Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• The cloud continuum: Futureproofing your business for what’s next

• CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities

• Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control

• How these crooks backdoor online shops and siphon victims’ credit card info

• A Reactive Cybersecurity Strategy Is No Strategy at All

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Google Sued For Use Of NHS Data Of 1.6 Million Brits

• Never Again, Again, and Again

• New Surveillance Transparency Report Documents an Urgent Need for Change

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Top Data-Driven Methods for Improving Your Investment Decisions

• Ransomware attacks on hospitals put patients at risk

• Cornami Raises $68 Million for Quantum Secure Computing on Encrypted Data

• CISA: Unpatched F5 BIG-IP Devices Under Active Attack

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• CISA calls out security misconfigurations, common mistakes

• Senators Urge FTC to Probe ID.me Over Selfie Data

• IT Buyers Don’t Take Security Seriously Enough: HP

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Federal CIO: The tech is ‘the easy part’ of improving CX

• Pharmacy Giant Hit By Data Breach Affecting 3.6 Million Customers

• 2022: The Year Zero Trust Becomes Mainstream

• Microsoft Flags Attack Targeting SQL Servers With Novel Approach

• The Industry Must Better Secure Open Source Code From Threat Actors

• HOT CYBERSECURITY TECHNOLOGIES

• Options Appoint Una McLornan to VP, Account Management

• Building trust in a Zero-Trust security environment

• Analysis on recent wiper attacks: examples and how wiper malware works

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Agencies are sharing cyber data with CISA, officials say

• DOJ Says Doctor Is Malware Mastermind

• April VMware Bugs Abused To Deliver Mirai Malware, Exploit Log4Shell

• Hackers Compromise A String Of Discord Channels

• Your Data Is Auctioned Off Up To 987 Times A Day, NGO Reports

• FBI And NSA Say: Stop Doing These 10 Things That Let Hackers In

• Tesla “Phone-as-a-Key” Passive Entry Vulnerable To Relay Attacks – Expert Comments

• So you want to be a CISO: What you should know about data protection

• Facestealer Trojan Identified in More than 200 Apps on Google Play

• Ransomware victims receive threatening phone calls and 9 in 10 firms repay ransom

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Twitter Sees Three More Executive Departures

• New Relic releases new vulnerability management solution

• CISA issues advisory on top-10 attack vectors, finds hackers exploiting poor cyber practices

• Musk Twitter Takeover – Is Digital Identity Broken? Expert Weighs In

• Expert Commentary: Omnicell Hit By Cyber Attack

• Government Advisory – Top Attack Vectors

• NSA: NO Backdoors In New Encryption Standards – Expert Comments

• Credit Card Data scraped From US Business’ Online Checkout Pages

• Why the Internet of Things needs Security of Things

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Code for America unveils first states in Safety Net Innovation Lab cohort

• Now Live: SecurityWeek Threat Intelligence Summit Virtual Event

• US Government Says North Korean IT Workers Enable DPRK Hacking Operations

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Report: Credential access is top risk for ransomware attacks

• DOJ Says Doctor is Malware Mastermind

• Personal Information of Nearly Two Million Texans Exposed

• Microsoft warns of the rise of cryware targeting hot wallets

• Good News…Security Culture is Improving Around the World

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Google’s Russian Unit To File For Bankruptcy

• The Growing Threat of Ransom DDoS Attacks Requires Effective Prevention and Mitigation

• $1.6B Available in DHS Homeland Security Preparedness Grants

• How Threat Actors Are a Click Away From Becoming Quasi-APTs

• How to Protect Your Data When Ransomware Strikes

• Your employees are everywhere. Is your security?

• 10 Best Educational Games for Kids to Improve Focus and Learning

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell

• APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days

• The Vulnerable Maritime Supply Chain – a Threat to the Global Economy

• Threat Actors Exploiting F5 BIG-IP CVE-2022-1388

• Threat Actors Exploiting F5 BIG IP CVE-2022-1388

• Your data’s auctioned off up to 987 times a day, NGO reports

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Apple Delays Staff Mandate For Three Days A Week In Office – Report

• KurayStealer – Tool Sold to Criminals that Have Password Stealing and Screenshot Capabilities

• Pwn2Own hacking schedule released – Windows and Linux are top targets

• Threat Actors Exploiting F5 BIG-IP CVE-2022-1388

• Threat Actors Exploiting F5 BIG IP CVE-2022-1388

• Privileged pod escalations in Kubernetes and GKE

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• National Cybersecurity Agencies Describe Commonly Used Initial Access Techniques

• Sysrv botnet is out to mine Monero on your Windows and Linux servers

• 6 Practices for Node.js Security

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Google: These ‘curated’ open-source packages will improve software supply chain security

• Over 380,000 Kubernetes API Servers Exposed to Internet: Shadowserver

• Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang

• How to Prevent Burnout Among Cybersecurity Professionals Before, During and After a Breach

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• UK Government: Lack of Skills the Number One Issue in Cybersecurity

• iPhone Malware that Operates Even When the Phone Is Turned Off

• U.S. warns of North Korean hackers posing as IT freelancers

• Millions of Cyberattacks Are Targeting Tatsu WordPress Plugin

• The Many Benefits of IT Support: Why Your Business Needs It

• Why Do You Need a Personal Injury Lawyer and How to Get Help Online?

• Foreign-based phone scammer lands in US prison after targeting former FBI director

• Uncovering a Kingminer Botnet Attack Using Trend Micro™ Managed XDR

• Tesla Bluetooth Locks Can Be Hacked, Warns NCC Group

• FBI and NSA say: Stop doing these 10 things that let the hackers in

• Carlyle to Acquire Defense Contractor ManTech in $4.2 Billion Deal

• This Hacktivist Site Lets You Prank-Call Russian Officials

• Top 10 Attack Vectors Most Exploited by Hackers Revealed

• Add security to Azure applications with Azure WAF

• Help meet the cybersecurity demand by getting CompTIA-certified

• NVIDIA Patches Code Execution Vulnerabilities in Graphics Driver

• [eBook] Your 90-Day MSSP Plan: How to Improve Margins and Scale-Up Service Delivery

• Hackers Gain Fileless Persistence on Targeted SQL Servers Using a Built-in Utility

• North Korean devs go undercover to aid DPRK hackers

• Best Free Writing Tools in 2022

• Twitter Board To ‘Enforce’ Elon Musk Merger Agreement

• Check Point Harmony Mobile Introduces Malicious File Protection

• Digital Skimming is Now the Preserve of Non-Magecart Groups

• Conti Ransomware gang threatens to overthrow the government of Costa Rica

• OBRELA secures King Faisal Specialist Hospital and Research Centre

• Omnicell healthcare company hit by ransomware

• Malicious PHP Code Used to Steal Banking Information, FBI Said

• Microsoft warns partners to revoke unused authorizations that drive your software

• RAV Antivirus: Why Endpoint Protection Must Be A Part Of Your Security Plan

• Singapore sets up cybersecurity assessment, certification centre

• Wizard Spider hackers hire cold callers to scare ransomware victims into paying up

• Western Allies Warn of Top Cyber-Attack Mistakes

• U.S. Warns Against North Korean Hackers Posing as IT Freelancers

• Best Tech Gadgets For Students Under $50

• State of internet crime in Q1 2022: Bot traffic on the rise, and more

• Police Warn of £15m Courier Scams

• Silicon UK In Focus Podcast: Is Your Business Ready for Frontend-as-a-Service?

• Large-Scale Attack Targeting Tatsu Builder WordPress Plugin

• Microsoft Warns of “Cryware” Info-Stealing Malware Targeting Crypto Wallets

• Experts spotted a new variant of UpdateAgent macOS malware dropper written in Swift

• Monero-mining botnet targets Windows, Linux web servers

• Three Malware Fileless Phishing Campaigns: AveMariaRAT / BitRAT /PandoraHVNC

• Can Parental Controls Can Help You Create Good Habits?

• Why is everyone getting hacked on Facebook?

• Google Cloud launches services to bolster open-source security, simplify zero-trust rollouts

• WA Health: No breaches of unencrypted COVID data means well managed and secure system

• Russian Conti Ransomware Gang Threatens to Overthrow New Costa Rican Government

• US Government warns against recruiting Information Technology workers from China, North Korea and Russia

• Ransomware Attack on Omnicell

• Some Top 100,000 Websites Placing Keylogger to Collect Everything You Type

• Fix your IT weak spots to guarantee compliance

• ERI is First Electronic Recycling Company to Achieve SOC 2 Type I Compliance Certification

• Board, (Dash)board and Bored

• Stories from the SOC – Command and Control

• 5 critical questions to test your ransomware preparedness

• Popularity of online payment goes hand-in-hand with fraud

• 5 Things to know about the UK’s National Cyber Security Centre (NCSC)

• Your social media account hasn’t been hacked, it’s been cloned!

• Easily migrate to the cloud with CIS Hardened Images

• 65% of IT help desk teams report unsustainable levels of stress

• Rezilion provides real-time visibility to all software components with Dynamic SBOM

• Bitdefender Identity Theft Protection helps prevent criminals from stealing or using personal information

• Qualys Custom Assessment and Remediation empowers security teams to counter threats like zero-day attacks

• Trilio Continuous Restore enhances recovery times for cloud-native applications

• Jetstack launches software supply chain toolkit for development and security teams

• Tromzo Security Guardrails improves security posture for developers

• China has signaled easing of its tech crackdown — but don’t expect a policy U-turn

• NetApp Spot PC allows MSPs and enterprises to manage cloud desktops

• NanoLock’s zero trust security solutions protect ICS devices and industrial machines

• When Your Smart ID Card Reader Comes With Malware

• Cloud Foundry Foundation Korifi resolves Kubernetes complexities for developers

• USB Devices Redux

• Palo Alto Networks Partners with BT to Offer Managed SASE

• Zero Trust and SASE: Better Together for Financial Institutions

• Keyfactor collaborates with Fortanix to improve machine identity protection for organizations

• TorchLight announces its MDR Sentinel service as part of a security partnership with Microsoft

• Nozomi Networks extends partnership with Siemens to bring scalable cybersecurity to industrial automation

• Comcast selects ThreatQuotient to meet its cybersecurity operations needs

• Magnet Forensics and EMCRC increase cyber resilience for small and medium-sized businesses

• NVIDIA fixes ten vulnerabilities in Windows GPU display drivers

• US links Thanos and Jigsaw ransomware to 55-year-old doctor

• Angry IT admin wipes employer’s databases, gets 7 years in prison

• EFF to Supreme Court: Put Texas Social Media Law Back on Hold

• FBI warns of North Korean cyberspies posing as foreign IT workers

• Trend Micro’s One Vision, One Platform

• FBI warns of North Korean cyberspies posing as Western IT workers

• Twilio hires Joyce Kim as CMO

• Cyber Defense Labs appoints Tim Kilcullen as CRO

• Kevin Thompson joins SonarSource Board of Directors

• Pangea raises $25 million to deliver API-based security services for application builders

• Rubrik Launches Rubrik Security Cloud to Secure Data, Wherever it Lives, Across Enterprise, Cloud, and SaaS

• (ISC)² Unveils 100K in the UK Scheme to Expand the UK Cybersecurity Workforce with 100,000 Free Entry-Level Certification Exams and Education Opportunities

• New Venture Capital Fund Focuses on Emerging Cybersecurity Tech

• FBI: E-Tailers, Beware Web Injections for Scraping Credit-Card Data, Backdoors

• Critical VMware Bug Exploits Continue, as Botnet Operators Jump In

• Query.AI appoints Jeremy Fisher as CTO

• Matthew Kirk joins Acrisure as EVP and Head of Insurance Strategy and Execution

• IT Security News Daily Summary 2022-05-17

• Pentagon closing in on ‘ethical’ AI implementation

• How mainframes fit into hybrid environments

• What You Need to Know about the Sysrv-K Cryptomining Botnet in Less than a Minute>

• ISPs offering low-cost wireless broadband get free access to DC rooftops

• Vulnerabilities found in Bluetooth Low Energy gives hackers access to numerous devices

• Car owners warned of another theft-enabling relay attack

• Black Kite Achieves SOC 2 Type II Accreditation

• CCSP Exam – Many Changes on the Way!

• GuidePoint Security Announces Additional GPSEC Conference Dates and Cities

• Challenges that impact the Cybersecurity talent pipeline

• How to counter smart home device breaches

• New Sysrv-k Botnet Infecting Windows and Linux Systems with Cryptominer

• Update now! Apple patches zero-day vulnerability affecting Macs, Apple Watch, and Apple TV

• Security, employee compliance biggest challenges when supporting remote workers

• Cardiologist charged with creating Thanos, Jigsaw ransomware

• Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed

• Postal Service should ‘act swiftly’ to scale up identity services, IG says

• Australian Regulators Call For Stronger Ban On Fraudulent Facebook Advertisements

• Your iPhone Is Vulnerable to a Malware Attack Even When It’s Off

• Venezuelan cardiologist accused of operating and selling Thanos ransomware

• I/O 2022: Android 13 security and privacy (and more!)

• Visa breaks down $9 billion investment in security, fraud initiatives

• Chromebook data sanitization comes to Blancco Drive Eraser

• President Biden’s Policy Changes for Offensive Cyber Operations

• What Might a Congressional Counterpart to the Office of Legal Counsel Look Like?

• Alert! Scam Pixelmon NFT Website Hosts Password-stealing Malware

• Seclore accelerates focus to lead in enterprise data security

• Ask the experts: Mitigating risk in securing cloud environments

• Cybersecurity pros spend hours on issues that should have been prevented

• Cardiologist Charged for Developing Jigsaw v.2 and Thanos Ransomware

• Hackers Exploiting a Critical Vulnerability in Zyxel Firewall & VPN Devices

• Sevco Security delivers continuous asset IT inventory monitoring

• Learn to Use This First: Four Fundamental Tactics to Protect Email Ecosystems

• New Special Interest Group Aims to Enhance ICS/OT Cyber Defenses

• Security in Milliseconds: Visa Invests in Payment Security as E-Commerce Surges

• Easy authentication and authorization in Azure Active Directory with No-Code Datawiza

• Pentester pops open Tesla Model 3 using low-cost Bluetooth module

• Ransomware Hits American Healthcare Company Omnicell

• Apple Releases Security Updates for Multiple Products

• In hot pursuit of ‘cryware’: Defending hot wallets from attacks

• Doctor develops Thanos Ransomware Builder

• man in the browser (MitB)

• Pangea launches API-based cloud security services for application builders

• Google Cloud launches assured open source service and a new zero-trust offering for enterprises

• Personal information of 1.8 million Texans with Department of Insurance claims was exposed for years, audit says

• Google assuring open source code to secure software supply chains

• Apple Releases Security Updates for Multiple Products

• US Government Warns Firms to Avoid Hiring North Korean IT Workers

• Five Eyes Agencies Warn Managed Service Providers of Cyber Attacks

• Software Supply Chain: A Risky Time for Dependencies

• Long lost @ symbol gets new life obscuring malicious URLs

• Who is Responsible for Taking Action During a Site Cyber Attack?

• Access Orchestration Firm Pathlock Announces Several M&As and $200M Funding

• 5 steps to ensure a successful access management strategy

• Weak Security Controls and Practices Routinely Exploited for Initial Access

• Weak Security Controls and Practices Routinely Exploited for Initial Access

• Evaluation of cyber activities and the threat landscape in Ukraine

• AirTag stalking: What is it, and how can I avoid it?

• Uber Eats Offers Two Robo-Delivery Services In California

• SOC Level Up: Threat Hunting and Detection With Sigma

• How Dangerous Is the Cyber Attack Risk to Transportation?

• Sysrv-K Botnet Targets Windows, Linux

• SecurityWeek to Host Threat Intelligence Summit Virtual Event on May 18th

• US Accuses Venezuelan Doctor of Creating and Selling Ransomware

• Weak Security Controls and Practices Routinely Exploited for Initial Access

• Weak Security Controls and Practices Routinely Exploited for Initial Access

• UpdateAgent Returns with New macOS Malware Dropper Written in Swift

• FBI: Hackers used malicious PHP code to grab credit card data

• iPhones Vulnerable to Attack Even When Turned Off

• Are You Investing in Securing Your Data in the Cloud?

• Armis Launches new ‘Critical Infrastructure Protection Program’

• BLE vulnerability may be exploited to unlock cars, smart locks, building doors, smartphones

• Russia ‘Not Planning To Block YouTube’ Says Minister

• Pathlock raises $200M to create a unified GRC platform

• Cornami raises $68M to support quantum encryption

• Pangea Lands $25 Million Investment for API Security Services

• Musk: Doubt About Spam Accounts Could Scuttle Twitter Deal

• Securing Your Migration to the Cloud

• NerbianRAT Trojan Spreads via Emails

• ‘Thanos’ Ransomware Builder Was Designed by a Physician

• (ISC)² Advocates for Membership – Shares Opinions on Proposed UK Standards and Pathway

• US warning: North Korea’s tech workers posing as freelance developers

• Apple Finally Patches Exploited Vulnerabilities in macOS Big Sur, Catalina

• Over 200 Apps on Play Store were distributing Facestealer info-stealer

• Phishing Threat Actors Still Fond of HTML Attachments

• Attacks on Managed Service Providers Expected to Increase

• The State of Kubernetes Security in 2022

• Red Hat releases open source StackRox to the community

• Twitter Fights Back Over Musk Bot Allegations

• Singapore firms see high rate of security incidents, but struggle to respond promptly

• Cybersecurity M&A Roundup for May 1-15, 2022

• (ISC)2 Offers 100,000 Free Entry-Level Certification Places

• Lincoln College To Close Permanently After Cyberattack – 5 Cyber Experts Comment

• “Look what I found here” phish targets Facebook users

• Government App Targets Fake Profiles Used By Foreign Spies

• Facebook to Terminate some Location Tracking Services and Features

• Only DevSecOps can save the metaverse

• Arctic Wolf: No. 17 on this year’s CNBC Disruptor 50 list

• Lacework: No. 25 on this year’s CNBC Disruptor 50 list

• How To Establish SAP Security

• Preventing Ransomware Attacks On Industrial Networks

• Trackers may collect data that you type even before hitting submit

• UK Web Users’ Data ‘Shared 987 Times Per Day’

• Apple patches zero-day kernel hole and much more – update now!

• New Sysrv Botnet Variant Hijacking Windows and Linux with Crypto Miners

• U.S. Charges Venezuelan Doctor for Using and Selling Thanos Ransomware

• Italian police thwart Eurovision cyberattack

• Thanos and Jigsaw ransomware linked to 55 year old doctor

• Is your Internet too slow?

• Half of global CISOs feel their organization is unprepared to deal with cyberattacks

• Fifth of Businesses Say Cyber-Attack Nearly Broke Them

• Over 200 Apps on Play Store Caught Spying on Android Users Using Facestealer

• The Ultimate Outsourcing VS Insourcing Guide for Small Businesses

• US Warns Against Hiring North Korean Hackers

• Doctor Accused of Being Prolific Ransomware Developer

• US and EU Move Closer on Cyber in New Trade Pact

• Tech Jobs Face Pressure Amidst UK Hiring Crunch

• Kali Linux 2022.2 released: Desktop enhancements, tweaks for the terminal, new tools, and more!

• Clop Ransomware: Overview, Operating Mode, Prevention and Removal

• Cardiologist charged for use and sale of ransomware

• Facebook rated least safe e-commerce option in government rankings

• US prosecutors allege Venezuelan doctor is ransomware mastermind

• CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog

• Europe moves closer to stricter cybersecurity standards, reporting regs

• Making a successful transition to a hybrid work schedule

• Iranian Hackers Launch Cyberattack Against US and the UK

• Nvidia releases security update for out-of-support GPUs

• Podcast Episode: An AI Hammer in Search of a Nail

• A custom PowerShell RAT uses to target German users using Ukraine crisis as bait

• Mastering microsegmentation for enterprise applications

• Venezuelan cardiologist charged with designing and selling ransomware

• Malware threat to Low-Power Mode (LPM) in Apple iPhones

• Cyber Attack and Ransomware news headlines trending on Google

• Why cyber security can’t just say “no“

• CynergisTek Files First Quarter 2022 Financial Results

• Esker Proposes New Supervisory Board Member

• Tina Gravel, Jean O’Neill, Tamara Prazak, Jackie Funk and Tara Tomei Named to CRN’s 2022 Women of the Channel List

• Quantum Cybersecurity: Addressing the Boogeyman in the Room

• Cybersecurity and resilience: board-level issues

• Emotet is the most common malware

• Remote work hazards: Attackers exploit weak WiFi, endpoints, and the cloud

• China reveals its top five sources of online fraud

• Adding visibility to the invisible: securing your automated systems

• Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability

• Best practices for healthcare delivery organizations to manage supply chain cybersecurity risks

• Kasten by Veeam K10 V5.0 provides secure backup and recovery for Kubernetes data and applications

• Satori unveils two new features to help companies boost productivity and secure data

• Datadog’s new offerings enhance monitoring and security for Kubernetes users

• Tour the RSA Conference 2022 Security Operations Center

• Researchers devise iPhone malware that runs even when device is turned off

• ONE ZERO Digital Bank selects AU10TIX to power its customer verification system and KYC process

• Zyston adopts Stellar Cyber Open XDR platform to accelerate analyst productivity

• Apple emergency update fixes zero-day used to hack Macs, Watches

• Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

• NSA Swears On The Body Of Ed Snowden It Will Not Backdoor New Encryption Standard

• The Bad Times Are Coming for Startups

• Axellio names Scott Aken as CEO

• US brings first-of-its-kind criminal charges of Bitcoin-based sanctions-busting

• Coast Guard graduates first class of cyber majors

• Building a solid foundation for digital identity

• Kaspersky report identifies new ransomware trends for 2022

• CISA Adds Two Known Exploited Vulnerabilities to Catalog

• Petra Jenner joins Splunk as SVP and GM for EMEA

• Some defense-vetted prototypes could be fast-tracked to civilian agencies under new agreement

• RF Technologies Releases Safe Place Staff Protection for Healthcare Settings

• TorchLight Expands Cybersecurity Services With MDR Sentinel in Partnership With Microsoft

• CISA Adds Two Known Exploited Vulnerabilities to Catalog

• IT Security News Daily Summary 2022-05-16

• Maryland ramps up cybersecurity

• 50% of Orgs Rely on Email to Manage Security

• How cryptocurrencies enable attackers and defenders

• iPhones Open to Attack Even When Off, Researchers Say

• Critical bug in Zyxel firewalls, VPNs exploited in the wild

• Apple fixes the sixth zero-day since the beginning of 2022

• 8 Ways to Avoid CISO Burnout

• Password Authentication. How to Correctly Do It.

• Red Hat Enterprise Linux 8.6: Better security, more options

• New Facebook Photo App Raises Privacy Suspicions

• Good decision, bad outcome

• Open Source Security Gets $150M Boost From Industry Heavy Hitters

• British Citizen Alaa Abd El Fattah Demands An End to Mistreatment in Egyptian Prison

• AV camera footage can aid police investigations

• You Can’t Opt Out of Citizen Development

• SaaS App Vanity URLs Can Be Spoofed for Phishing & Social Engineering

• Attackers can Install Malware on iPhone When it is Powered Off – Research

• The plan to secure open source software

• Hacking the Army’s tech talent problem

• Bitdefender vs McAfee: Compare EDR software

• What to Make of the Subpoenas to House Republicans?

• Introducing Allies: A Podcast Series from Lawfare and Goat Rodeo

• The Ukraine Genocide Debate Reveals the Limits of International Law

• ManTech agrees on $4.2B sale to Carlyle Group

• Microsoft Defender vs CrowdStrike: Compare EDR software

• Delve into cybersecurity with this two-part training bundle

• Researchers Devise New Type of Bluetooth LE Relay Attacks

• Name That Toon: Knives Out

• NSA Cyber Chief Vows ‘No Backdoors’ in Quantum Encryption Standards

• Apache Releases Security Advisory for Tomcat

• EFF, Al Sur Launch Guide to Raise Awareness About Deficiencies in Cross-Border Surveillance Treaty and Strategies to Mitigate Human Rights Risks

• Hackers are after your data. So why are you making it so easy for them?

• Beyond Awareness: How to Cultivate the Human Side of Security

• Crippling AI cyberattacks are inevitable: 4 ways companies can prepare

• Brazilian e-commerce firm Americanas reports multimillion-dollar loss following cyberattack

• Microsoft Defender vs CrowdStrike: EDR software comparison

• Compare zero trust vs. the principle of least privilege

• Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut

• Apache Releases Security Advisory for Tomcat

• Stories from the SOC – Persistent malware

• The front lines of government cybersecurity defense

• Biden administration releases $45B for broadband to states

• Ransomware Gang Threatens to Overthrow Costa Rica Government

• Google offers Open Source Security Maintenance Crew

• Secure Software Supply Chain: Why Every Link Matters

• US Manufacturing Giant Parker Hit by Conti Ransomware Gang

• US Cyber Director: Forging a Cybersecurity Social Contract Is Not Optional

• US Courts Are Coming After Crypto Exchanges That Skirt Sanctions

• Microsoft showcases the future of comprehensive security at RSA 2022

• New Version of ‘Sysrv’ Botnet is Targeting Windows and Linux Servers

• Frustrated IT Admin Gets 7 Years in Prison for Wiping Employer’s Databases

• Hackers Can Abuse Low-Power Mode to Run Malware on Powered-Off iPhones

• Eavesdroppers can hack 6G frequency with DIY metasurface

• Experts show how to run malware on chips of a turned-off iPhone

• Defending the Healthcare Security Landscape in the Age of Connected Devices

• US, EU to Ramp Up Chip Making and Raise Pressure on Russia

• Microsoft Identifies Botnet Variant Targeting Windows and Linux Systems

• Avoiding the Unintended Consequences of Strict Cybersecurity Policies

• Report: Devs say the current model of data observability is broken

• Crippling AI cyberattacks are inevitable: 4 ways security pros can prepare

• Me, My Digital Self, and I: Why Identity Is the Foundation of a Decentralized Future

• San Francisco Police Use Driverless Cars For Surveillance

• Ex-eBay Exec Admits Cyberstalking Critics

• Twitter Turns Its Privacy Policy Into An Old School Video Game

• Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors

• Zyxel Remote Execution Bug Is Being Exploited

• Crypto Executive Says Bitcoin Has ‘No Future’ As Payments Network

• Secure Email Gateway Vs. Integrated Cloud Email Security (SEG Vs. ICES) – What’s the difference, and which should my business use?

• SIMS Software Named a Premier Sponsor in the 2022 ‘ASTORS’ Awards

• CISA ‘temporarily’ removes Windows vulnerability from its must-patch list

• Are period tracking apps safe?

• The downside of ‘debugging’ ransomware

• Fake Clickjacking Bug Bounty Reports: The Key Facts

• Researchers Find Potential Way to Run Malware on iPhone Even When it’s OFF

• Everything You Need to Know About HIPAA

• Why MRG-Effitas matters to SMBs

• Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys

• TerraUSD Organisers ‘Spent $2bn’ In Bitcoin To Maintain Value

• ‘Sysrv’ Botnet Targeting Recent Spring Cloud Gateway Vulnerability

• 4 Tips to Implement Online Cybersecurity Training for Your Information Technology and Security Teams

• EU’s NIS 2 Directive to strengthen cybersecurity requirements for companies

• Palo Alto Networks and Deloitte announce joint managed security service

• This phishing attack delivers three forms of malware. And they all want to steal your data

• SonicWall Patches Unauthorized Access Vulnerability in SMA Appliances

• Global Snack Manufacturer Becomes Cyber Resilient While Cutting Production Costs

• How COVID-19 fuelled a surge in malware

• Report: Cybersecurity Skills Gap Creates Vulnerabilities

• High-Severity BIOS Vulnerability Found In Multiple HP Product Models

• Microsoft Patch Tuesday May Fixed 75 Bugs Including Three Zero-Day Flaws

• Multiple Vulnerabilities Found In Icinga IT Monitoring System

• Researchers Explain How Exploit Vanity URLs Could Allow Phishing Attacks

• Google: Here comes our ‘Open Source Maintenance Crew’

• Microsoft warns: This botnet has new tricks to target Linux and Windows systems

• Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors

• The NSA Says that There are No Known Flaws in NIST’s Quantum-Resistant Algorithms

• Serious Flaw in Firewalls and VPNs Manufactured by Zyxel Exploited

• Fake reCAPTCHA forms dupe users via compromised WordPress sites

• Iran’s COBALT MIRAGE Threat Group Behind Ransomware Attacks in US

• CISA Removes Windows Vulnerability From ‘Must-Patch’ List Due to Buggy Update

• New Cybersecurity Directive Agreed between the European Parliament and EU Member States

• Bitcoin Slide Continues As Regulators Weigh In

• ‘The People Hacker’ Jenny Radcliffe Inducted into Infosecurity Europe’s Hall of Fame

• Researchers Find Way to Run Malware on iPhone Even When It’s OFF

• Ukrainian national sentenced to 4 years in prison for selling access to hacked servers

• San Francisco police use driverless cars for surveillance

• Shanghai Plans To Ease Lockdown Amidst Supply Chain Disruption

• More money for open source security won’t work

• Researchers warn of APTs, data leaks as serious threats against UK financial sector

• Zyxel Firewall Vulnerability Exploitation Attempts Seen One Day After Disclosure

• Kaspersky: 9 Of 10 Orgs Previously Hit With Ransomware Would Pay If Targeted Again

• Cornwall Council Data Breach

• UK announces nuclear cybersecurity strategy

• Tesla Recalls China Vehicles Over Touchscreen Issue

• A week in security (May 9 – 15)

• Italian Police Foil Pro-Russia Attacks on Eurovision

• Researchers Warn of “Eternity Project” Malware Service Being Sold via Telegram

• Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis

• Musk Criticises Twitter Feed Algorithm, Checks For Bots

• UK Sets Out Nuclear Cybersecurity Strategy

• EU announces provisional cybersecurity directive

• Users’ Crypto Wallets are Stolen by Fake Binance NFT Mystery Box Bots

• Over 20,000 Zyxel Firewalls Still Exposed to Critical Bug

• Read Novel (unverified) – 22,424,472 breached accounts

• EU, US Look To Avoid Semiconductor ‘Subsidy Race’

• 2022 Q1 Privacy Update — A new year sparks new initiatives

• HTML attachments in phishing e-mails

• Wannacry – 5 Years On, 68% Of Enterprises Are Still At Risk

• Kasten by Veeam releases new Kubernetes data management platform

• Sysdig releases new Kubernetes troubleshooting tool

• How to Know If Your Computer Has Virus? How to Protect Your PC?

• Google announces new security and privacy improvements at Google I/O

• SonicWall Urges Admins to Fix SSLVPN SMA1000 Flaws

• Eternity Project: You can pay $260 for a stealer and $490 for a ransomware

• Google to use Apple iPhones and Android devices to block Phishing Attacks

• Russia launched multiple cyber attacks on Eurovision Song Contest

• Iranian Hackers Using BitLocker & DiskCryptor to Conduct Ransomware Attacks in U.S.

• Adlumin Announces New U.S. Distribution Relationship with Ingram Micro’s Emerging Business Group

• Recovering from a cybersecurity earthquake: The lessons organizations must learn

• The most insecure and easily hackable passwords

• Nasty Zyxel remote execution bug is being exploited

• Ukrainian Hacker Jailed for 4-Years in U.S. for Selling Access to Hacked Servers

• Europe Agrees to Adopt New NIS2 Directive Aimed at Hardening Cybersecurity

• Where do federal agencies stand with zero trust implementation?

• 79% of organizations have activated a disaster recovery response within the past 12 months

• Progress MOVEit 2022 allows users to secure and control all file transfer activity

• BlackBerry Fans – 174,168 breached accounts

• OGUsers (2021 breach) – 348,302 breached accounts

• China has been quietly building a blockchain platform. Here’s what we know

• Some top 100,000 websites collect everything you type—before you hit submit

• Musk says Twitter deal “on hold” over concern about number of spam accounts

• Bill Gates Is So Over This Pandemic

• Italy prevents pro-Russian hacker attacks during Eurovision contest

• Firefox out-of-band update to 100.0.1 – just in time for Pwn2Own?

• IT Security News Weekly Summary – Week 19

• IT Security News Daily Summary 2022-05-15

• Car hack attacks: It’s about data theft, not demolition

• How to spot the signs of a virtual kidnap scam

• May 08 – May 14 Ukraine – Russia the silent cyber conflict

• Nearly 15 Million People Impacted by ElasticSearch Misconfiguration

• Praetorian Named to Inc. Magazine’s Best Workplaces List 2022

• How Education Decreases the Fear of Terrorism

• Security Affairs newsletter Round 365 by Pierluigi Paganini

• Ukraine CERT-UA warns of new attacks launched by Russia-linked Armageddon APT

• Sysrv-K, a new variant of the Sysrv botnet includes new exploits

• Does Best Buy tackle crime differently from Apple? I had to ask

• Why Access Control Is Critical in The Path to Cyber Insurance Readiness

• Week in review: F5 BIG-IP RCE exploitation, URL spoofing flaws in Zoom, Google Docs

• HP Fixes UEFI Flaws Affecting 200+ Computers

• Singapore launches safety rating scheme for e-commerce sites

• Ana Pinczuk Appointed to SentinelOne Board of Directors

• Weekly Update 295

Generated on 2022-05-22 23:59:29.911978