IT Security News Weekly Summary – Week 38

• IT Security News Daily Summary 2021-09-26

• Online fraud causes confidence gap between customers and retailers, study finds

• The Importance of Adopting a Risk Management Approach to Security and Privacy

• Facebook Shareholders Are Suing Facebook For Protecting Zuckerberg In Data Probe

• SonicWall Patches Critical Flaw in SMA 100 Products

• Exchange/Outlook Autodiscover Bug Exposed $100K Email Passwords

• The Assad Regime’s Business Model for Supporting the Islamic State

• Port of Houston was hit by an alleged state-sponsored attack

• Apple to Fix Issue Preventing iPhone 13 Users From Unlocking With Apple Watch in Upcoming Software Update

• Hackers Discover Technique to Make Malware Undetectable on Windows

• How to Go Passwordless on Your Microsoft Account

• JSC GREC Makeyev and other Russian entities under attack

• Emergency Chrome Update Released to Patch Actively Exploited Zero-Day Bug

• Drinik Malware is Fooling Users to Give in their Mobile Banking Details

• Google TAG spotted actors using new code signing tricks to evade detection

• Security Affairs newsletter Round 333

• Week in review: How to retain best cybersecurity talent, securing Kubernetes, data decay

• Penetration testing

• CISSP – Tales of the Unexpected

• Ajarn – 266,399 breached accounts

• Weekly Update 262

• SAIC appoints Kevin Brown as CISO

• Cequence Security expands its leadership team with two executive hires

• Red Box provides certified compliance recording solution for Microsoft Teams

• IT Security News Daily Summary 2021-09-25

• Educating the Workforce with Cybersecurity Training

• 5 Steps to Protect Your Organization from the Next Ransomware Attack

• Executives and teams disagree on who is responsible for software security

• Disaster Recovery Software: How Does It Work

• GSS, one of the major European call center providers, suffered a ransomware attack

• Pentera Named a 2021 SINET16 Innovator

• CCSP vs. Professional Cloud Security Manager: How Do They Compare?

• FamousSparrow – New Hackers Group Attack Hotels, Governments by Leveraging MS Exchange Bugs

• Malware Creators Use Malformed Certificates To Trick Windows Validation

• States at Disadvantage in Race to Recruit Cybersecurity Pros

• Even the CIA and NSA Use Ad Blockers to Stay Safe Online

• Top Stories: iPhone 13 Launch, iOS 15 Features, iPhone 14 Pro Rumors, and More

• African Bank Alerts of Data Breach With Personal Details Compromised

• Threat actors are attempting to exploit VMware vCenter CVE-2021-22005 flaw

• Google addressed the eleventh Chrome zero-day flaw this year

• New iPhone 13? Don’t forget to update!

• 3.8 Billion Clubhouse and Facebook User Records are Being Sold Online

• Port of Houston Attacked Employing Zoho Zero-Day Vulnerability

• European Union formally blames Russia for the GhostWriter operation

• Build or Buy your own antivirus product

• Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability

• 64% of CISOs hired from outside, highlighting retention issues

• SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices

• A New APT Hacker Group Spying On Hotels and Governments Worldwide

• National Small Business Week: 10 Best Practices for Small Business Cybersecurity

• Preparing for IT/OT convergence: Best practices

• TeamTNT with new campaign aka “Chimaera”

• SHOP SAFE Is Another Attempt to Fix Big Tech That Will Mostly Harm Small Players and Consumers

• Week in security with Tony Anscombe

• Apple Says Third-Party Apps Can Take Full Advantage of ProMotion With Plist Entry, Core Animation Bug Fix Coming

• 2021-09-23 – Squirrelwaffle Loader with Qakbot and Cobalt Strike

• 2021-09-24 – Squirrelwaffle Loader with Qakbot and Cobalt Strike

• Innodisk introduces PCIe 4.0 SSDs for high temperatures of outdoor and industrial settings

• FBI decision to withhold Kaseya ransomware decryption keys stirs debate

• India, the Quad and AUKUS

• Scott Slipy joins Socure as Chief People Officer

• Bitwarden vs LastPass: Compare Top Password Managers

• VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit

• Secret Double Octopus names Horacio Zambrano as CMO

• Researcher discloses several zero-day iOS, iPadOS vulnerabilities

• VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit

• IT Security News Daily Summary 2021-09-24

• BrandPost: Trust Transformation – Creating a Robust Security Culture Built for Tomorrow’s IT Leaders

• Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk

• How to improve relations between developers and security teams and boost application security

• Cybersecurity leaders back law for critical infrastructure

• CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now!

• Third-Party Apps Can’t Take Full Advantage of iPhone 13 Pro 120Hz ProMotion Displays

• White House orders federal contractors vaccinated by Dec. 8

• Rural Virginia county plugs into Facebook’s long-haul fiber

• iPhone 13 Pro: How to Shoot Macro Photography

• Frustrated dev drops three zero-day vulns affecting Apple iOS 15 after six-month wait

• Consumers Share Security Fears as Risky Behaviors Persist

• What Is the Difference Between Security and Resilience?

• Frustrated dev drops three zero-day vulnerabilities affecting Apple iOS 15 after six-month wait

• Why Businesses Should Ensure the Security of Data on the Cloud

• Are VPNs still the best solution for security?

• Google Releases Security Updates for Chrome

• I Am Not Satoshi Nakamoto

• This Week in Security News – September 24, 1021

• Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords

• Google Releases Security Updates for Chrome

• iPhone 13 and 13 Pro Unboxing and Honest First Impressions

• OSX/ZuRu Mac malware spread through Trojan apps

• MacRumors Giveaway: Win a Magnetic iPad Stand From Lululook

• iFixit Shares Live Teardown of the iPhone 13 and 13 Pro

• New York City’s Newest Apple Store Features Dedicated Pickup Zone

• How to Prevent Zoom Bombing and Secure Your Meetings

• Researcher Says Apple Ignored Three Zero-Day Security Vulnerabilities Still Present in iOS 15

• Florida Yet to Spend $30M Allocated for Cybersecurity

• LG to Acquire Cybellum

• Malicious PowerPoint Documents on the Rise

• Beware! Uber scam lures victims with alert from a real Uber number

• Shutdown looms as House takes up CR and debt limit extension next week

• House passes 2022 defense policy bill

• EU Denounces Alleged Russian Hacking Ahead of German Vote

• CMMC Level 3 readiness

• Chip Shortage Blamed For Looming Job Losses At Vauxhall

• Lithuania wants users to dump Chinese phones citing data collection

• Hackers Launching large-Scale phishing-as-a-service Operation with 300,000 newly created Phishing Domains – Microsoft

• Top Cybersecurity Trends Ruling the Financial Market

• Zero Trust: Remote Security For Now and the Future

• We’re still making terrible choices with passwords, even though we know better

• TangleBot Malware Reaches Deep into Android Device Functions

• iOS 15: How to enable Mail Privacy Protection

• S3 Ep51: OMIGOD a gaping hole, waybill scams, and Face ID hacked [Podcast]

• Complex New SMS Malware Discovered

• TangleBot Campaign Underscores SMS Threat

• Everything New in the iOS 15 Apple Podcasts App

• iPhone 13 Users Experiencing ‘Unable to Communicate with Apple Watch’ Bug With Mask Unlocking

• iPhone 13: How to Shoot Video in Cinematic Mode

• iPhone 13 Pro Max Gets Nearly 10 Hours of Battery Life in Continuous Usage Test

• OWASP Top 10 2021: The most serious web application security risks

• Secure Shell (SSH)

• Open to innovation: Why modular open systems are key to the future of DOD

• App helps responders build real-time flood inundation maps

• FamousSparrow Cyberspies Exploit ProxyLogon in Attacks on Governments, Hotels

• China- and Hong Kong-based bitcoin holders scrambling to protect their crypto assets

• Securing Cloud-Native Applications

• Facebook Oversight Board Wants To Investigate The Company Over Controversial Report

• Researcher released PoC exploit code for 3 iOS zero-day issues

• Apple’s power move to kneecap Facebook advertising is working

• Remotely Exploitable Zero-Day Vulnerability In MacOS Allows Code Execution

• Employees in Retail Industry Most Frequently Targeted by Malicious Emails, New Study Reveals

• The Proliferation of Zero-days

• iPhone 13 Teardowns Reveal Battery Capacities Across All Four Models

• Legal Mechanisms of AUKUS Explained

• 10,000 employees at Stanley Black & Decker go passwordless

• Endpoint Still a Prime Target for Attack

• Our Eye Is on the SPARROW

• Contrast Application Security Platform Scales to Support OWASP Risks

• Examining the Cring Ransomware Techniques

• Critical Cisco Bugs Allow Code Execution on Wireless, SD-WAN

• Supply Chain and Ransomware Threats Drove 60% Increase in Global Cyber Intelligence Sharing Among Financial Firms

• SAIC Appoints Kevin Brown as Chief Information Security Officer

• FamousSparrow APT Group Flocks to Hotels, Governments, Businesses

• Primer: Microsoft Active Directory Security for AD Admins

• Google Spots New Technique to Sneak Malware Past Detection Tools

• iPhone 13: How to Use Photographic Styles in the Camera App

• How Privileged Access Management Fits Into a Layered Security Strategy

• SonicWall Patches Critical Vulnerability in SMA Appliances

• Apple’s New iCloud Private Relay Service Leaks Users’ Real IP Addresses

• Deals: Get a $200 Virtual Gift Card and Free HomePod Mini With Purchase of iPhone 13 at Visible

• iPhone 13 Launch Day Underway With Same-Day Pickup Available at Select Apple Stores

• Water Basilisk Campaign Distributes RATs Through a New Crypter

• US, Canadian Android Mobile Users Targeted by TangleBot Malware

• A Backdoor Was Added by the REvil Ransomware Developers in an Attempt to Cheat Affiliates

• Op-ed: Apple’s power move to kneecap Facebook advertising is working

• Bi. Zone: most of the leaks and hacks in Russian companies are related to old forgotten software

• Google Warns of a New Way Hackers Can Make Malware Undetectable on Windows

• US Commerce Dept Open To Additional Measures Against Huawei – Report

• Epik Data Breach Impacts 15 Million Users | Avast

• LG to Acquire Vehicle Cybersecurity Firm Cybellum

• ‘Anonymous’ Hackers Claim to Hit Website Hosting Firm Popular With Far-Right Groups

• Cisco addresses 3 critical vulnerabilities in IOS XE Software

• CISSPs from Around the Globe: An Interview with AJ Yawn

• CISA Opens IPv6 Guidance to Public Feedback

• Cisco Interop: Discovery of Designated Resolvers Protocol Implemented

• Top 7 Cybersecurity Trends for 2022

• Reminder: Stop reusing passwords!

• Bird Attack Forces Google To Suspend Drone Deliveries

• Apple Patches 3 More Zero-Days Under Active Attack

• Port of Houston Target of Suspected Nation-State Hack

• SonicWall warns users to patch critical vulnerability “as soon as possible”

• Driving Automated Threat Prevention & Security Policy Orchestration

• FBI arrests 75-year-old for allegedly placing pipe bombs outside phone, carrier stores

• This ransomware-dropping malware has swapped phishing for a sneaky new attack route

• UnitedHealthcare Offering Insured Members Free Year of Apple Fitness+

• A new zero-day is being exploited to compromise Macs (CVE-2021-30869)

• The real value of continuous security scanning for cloud-based workloads

• F5 to Acquire Threat Stack for $68 Million in Cash

• Rumor Claims iPad Pro With Horizontal Rear Cameras and Landscape Apple Logo in the Works

• FamousSparrow Hacking Group Is Targeting Hotels, Companies, and Governments Everywhere

• Malware Developers Are Working on Tricking Windows Validation

• Parents and teachers believe digital surveillance of kids outweighs risks

• Working Securely From Anywhere With Zero Trust

• The Zero-Day Apple Bug Patched Now by the Company

• Security Recruiter Directory

• FCW Insider: September 24, 2021

• Quick Hits

• Cybersecurity Vulnerability Could Affect Millions of Hikvision Cameras

• EFF Flew a Banner Over Apple Park During Last Apple Event to Protest CSAM Plans

• Cyber Threats Result in 60% Increase in Cyber Intelligence Sharing Among Financial Firms

• Rapid7 InsightIDR Review: Features & Benefits

• Here’s the Best Way to Transfer Data From Your Old iPhone to a New iPhone 13

• Cynet 360 XDR Review: Features & Benefits

• Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software

• 3.8 billion Clubhouse and Facebook user records allegedly scraped and merged, put for sale online

• Check: that Republican audit of Maricopa

• Stop worrying that crims could break the ‘net, say cyber-diplomats – only nations have tried

• Want your endpoint security product in the ‘Microsoft Consumer Antivirus Providers for Windows’ ?

• Pegasus spyware found on 5 French cabinet members’ phones

• A Second Data Breach at the Ministry of Defence has been Discovered

• FBI and CISA issue joint alert on Conti Ransomware

• Cyber Attack news headlines trending on Google

• Implementing risk quantification into an existing GRC program

• New infosec products of the week: September 24, 2021

• New FamousSparrow APT group used ProxyLogon exploits in its attacks

• The evolution of DRaaS

• Apple warns of arbitrary code execution zero-day being actively exploited on Macs

• Policy and patience key in Biden’s cybersecurity battle

• Poll: Cyber Pros Say White House Cybersecurity Summit Is a Step in the Right Direction

• A guide to OWASP’s secure coding

• Thrive today with not just being smart but being cyber smart

• Most IT leaders prioritize cloud migration, yet security concerns remain

• Urgent Apple iOS and macOS Updates Released to Fix Actively Exploited Zero-Days

• SaaS subscriptions bouncing back as enterprises seek innovation

• iPhone 13 Mini Still Limited to Maximum 12W of Peak Power via MagSafe Charger

• Server market size to reach $145.31 billion by 2028

• NS1 DDoS Overage Protection delivers price protection for business resilience

• Qumulo Recover Q addresses and defends data protection on-premises and in the cloud

• Restoring Some iPad 9, iPad mini 6, and Some iPhone 13 Models From Backup Can Cause Widgets to Reset

• Apple Warns That Restoring From Backup Can Cause Apple Music Bug on New iPads and iPhone 13 Models

• FamousSparrow: A suspicious hotel guest

• Bug in macOS Finder allows remote code execution

• Elastic’s enhancements optimize search experiences for customers

• Exchange/Outlook autodiscover bug exposed 100,000+ email passwords

• The pricier 2021 iPad mini is the best one Apple has ever made

• Imposter Syndrome

• Taiwan’s bid to enter CPTPP meets firm opposition from China

• Upcoming 14-Inch and 16-Inch MacBook Pro Display Resolutions Likely Revealed in Latest macOS Monterey Beta

• First Impressions From New iPhone 13 and 13 Pro Owners

• BT Group selects Oracle to optimize its network resources and bring 5G offerings to market

• SCADAfence partners with Keysight Technologies to protect OT environments from security threats

• Apple releases iOS 12.5.5 for older iPhone, iPad, iPod touch devices

• Sanjeev Mohan joins Okera as Strategic Advisor

• Jscrambler raises $15M to augment marketing and sales resources in the U.S. and European markets

• How the Air Force is tackling electronic warfare challenges

• REvil Affiliates Confirm: Leadership Were Cheating Dirtbags

• STILL ALIVE! iOS 12 gets 3 zero-day security patches – update now

• Apple Releases Security Updates

• SafeBase unveils Subscribe feature to deliver periodic reviews of critical vendors for enterprise customers

• StorMagic appoints Danial Beer as CEO

• Digital Rights Updates with EFFector 33.6

• Education sector has improving window of exposure despite lower remediation rates and higher than average time to fix: report

• Hackers hacked the accounts of employees of government agencies in Russia and more than ten other neighboring countries

• Apple Releases Security Updates

• Spammer Abuse of Free Google Services

• Lessons of the Cyber Reskilling Academy

• Cyber officials look to toughen up reporting requirements

• Here’s a fix for open source supply chain attacks

• FBI and CISA Issue Conti Warning

• US Eye-Care Providers Report Data Breaches

• First iPhone 13 and iPad Mini Orders Arriving to Customers in New Zealand and Australia

• IT Security News Daily Summary 2021-09-23

• Apple releases patches for Catalina and iOS 12.5.5 vulnerabilities

• Apple Confirms New Zero-Day Attacks on Older iPhones

• Apple addresses a new zero-day exploited to deploy the NSO Pegasus spyware

• Apple Says Scanner Permission Error Fixed in macOS 11.6

• iOS 15 Breaks Siri AirPods Pro Controls, Fix Coming in iOS 15.1

• Active Directory is Now The Number One Target of Hackers – Learn How to Harden It – Today!

• Apple releases patches for Catalina and iOS 12.5.5 vulnerabilities

• Apple Confirms New Zero-Day Attacks on Older iPhones

• Apple addresses a new zero-day exploited to deploy the NSO Pegasus spyware

• Active Directory is Now The Number One Target of Hackers – Learn How to Harden It – Today!

• What is Web Application Security? A Protective Primer for Security Professionals

• 5 ways to stay ahead of government-targeted ransomware

• How to create Let’s Encrypt SSL certificates with acme.sh on Linux

• Autodiscover flaw in Microsoft Exchange leaking credentials

• Telematics streamlines data collection, analysis for managing state vehicles

• 5 Tips for Achieving Better Cybersecurity Risk Management

• New OffSec Training Library Subscriptions: Learn One and Learn Unlimited

• Apple CEO Tim Cook to Attend Fundraising Dinner Benefiting LGBTQ+ Youth

• BlackBerry now a security software company — CEO explains the new vision

• Apple Not Happy, As Europe Insists On Common Charger

• 100M IoT Devices Exposed By Zero-Day Bug

• A bug in Microsoft Exchange Autodiscover feature leaks +372K of domain credentials

• MagSafe Duo Charger Works With iPhone 13 Pro Cases, Despite Minor Fit Issues

• Colorado Supreme Court Rules Three Months of Warrantless Video Surveillance Violates the Constitution

• Bulk IP Lookup: Integrating IP Geo Data Into Cybersecurity Development

• Improving Security Posture to Lower Insurance Premiums

• Illinois Clarifies Limitations on Data Privacy Claims

• GFI FaxMaker makes it easy for administrators

• sandbox (software testing and security)

• Breached passwords: Popular TV shows don’t make for the best security credentials

• Web Security Provider Jscrambler Raises $15 Million

• How Outlook “autodiscover” could leak your passwords – and how to stop it

• Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials

• Mitigating Dynamic Application Risks with Secure Firewall Application Detectors

• 8 Best Motherboards for Ryzen 7 3700X 2021 – Buying Guide

• Microsoft Exchange Autodiscover flaw reveals users’ passwords

• Apple Watch Series 7 Supports 60.5GHz Wireless Data Transfer, But Likely for Apple’s Internal Use Only

• Hands-On With Apple’s New Find My-Enabled MagSafe Wallet

• cybercrime

• role-based access control (RBAC)

• Apple Releases iOS 12.5.5 Update for Older iPhones

• Is There Really a Shortage in Cloud Security Skills?

• Network traffic analysis using Wireshark

• Cybersecurity first: Business and consumer

• Netgear Patched a Number of Serious Vulnerabilities In Its Smart Switches

• HackerOne Extends Internet Bug Bounty Program To Include Open Source Bugs

• Google Proposes Settlement In EU Digital Advertising Probe

• Hackers hit Russian ministry, rocket center using MSHTML vulnerability

• Better CIO and CISO Collaboration in 3 Steps

• Apple Launches New Mini YouTube Documentary Series ‘The Spark’

• Poland drops Gene Project over Chinese Data Security concerns

• Ransomware detections dropped by almost half, but the threat is only getting worse, says Trend Micro

• How phishing-as-a-service operations pose a threat to organizations

• Australian Bank Slams Apple Pay – Report

• Millions impacted as payment API vulnerabilities exposing transaction keys

• Apple Deprecates Outdated TLS Protocols in iOS, macOS

• Report: Suspected Chinese Hack Targets Indian Media, Gov’t

• VoIP Company Battles Massive Random DDoS Attack

• ExpressVPN Employees Question Company About Exec Working For UAE Spy Unit

• Will Crypto Exchange Sanctions Slow Ransomware?

• FamousSparrow APT Spies On Hotels, Governments

• Apple Discusses How it Created the iPhone 13’s Cinematic Mode

• Deals: Amazon Drops Price of New 64GB Wi-Fi iPad to $299.00 for the First Time ($30 Off)

• How (Not) to Regulate the Internet: Lessons From the Indian Subcontinent

• Facebook CTO Announces Departure

• Critical RCE Flaw in the core Netgear Firmware Let Remote Attackers to Take Control of an Affected System

• Securing Microservices

• New ZE Loader Targets Online Banking Users

• NASA leans into AR to give astronauts more autonomy

• Cisco Releases Security Updates for Multiple Products

• Malicious URLS Slipping Past Security Vendors, Experts Weigh In

• Protecting Online Assets In A Virtual World

• Cloud enabled Network Security as a Service with Check Point Harmony Connect and Harmony Email and Office

• US Government tells firms not to give in to ransomware demands

• FamousSparrow APT Wings in to Spy on Hotels, Governments

• How to secure SSH logins with port knocking

• Cisco Patches Critical Vulnerabilities in IOS XE Software

• Third-Party Risk Management Firm Panorays Raises $42 Million

• Indictment, Lawsuits Revive Trump-Alfa Bank Story

• CISA Releases Guidance: IPv6 Considerations for TIC 3.0

• Cisco Releases Security Updates for Multiple Products

• Millions impacted as payment API vulnerbilities exposing transaction keys

• Get a lifetime of easy, automatic encryption for all of the files on your computer for just $30

• Acronis Offers up to $5,000 to Users Who Spot Bugs in Its Cyber Protection Products

• Google Report Spotlights Uptick in Controversial ‘Geofence Warrants’ by Police

• Russia demanded an explanation from the United States about cyber attacks during the State Duma elections

• New Mac Malware Trick Users By Posing as Legitimate macOS Tool

• BulletProofLink, a large-scale phishing-as-a-service active since 2018

• Wake me up till SAS summit ends

• ROT8000

• New iPad Mini Begins Shipping to Customers

• How to clear your cache

• LTR102 – Teaser

• Domain Brand Monitor: The First Brand Protection Layer by WhoisXML API

• UK Ministry of Defence apologises – again – after another major email blunder in Afghanistan

• VMware vCenter Servers in Hacker Crosshairs After Disclosure of New Flaw

• Deals: Take 20% Off a Bundle of Satechi’s New MagSafe-Compatible and Dual USB-C Car Chargers

• U.S. Targets Crypto-Ransomware Payments with Sanctions, Cybersecurity Experts Weigh In

• APP Fraud Is A Simple Yet Extremely

• MoD Shares Afghanistan Interpreter’s Emails & PII

• 85% Of UK’s Top 20 Universities Putting Staff, Students, And Suppliers At Risk Of Email Fraud

• Google And Facebook For Failing To Tackle Online Fraud

• The RaidForums Data Marketplace Mistakenly Makes Confidential Staff Pages Public

• Hackers Are Scanning for the Vulnerability Found in Vmware

• Windows Logon, Will You Remember Me?

• 1Password hires its first CTO to scale in the enterprise and beyond

• Microsoft Discovered a Massive Phishing-as-a-Service Operation

• Conti Ransomware Attacks on the Rise, FBI, CISA, and NSA Warn

• 5 Things to Include on Your Cloud Cyber Security Audit Checklist

• Italian mafia cybercrime sting leads to 100+ arrests

• Exclusive Resources and Discounts From Your (ISC)² Membership

• Apple Bans Fornite Indefinitely, Amid Ongoing Legal Battle

• Cyber risk management platform provider Panorays nabs $42M

• IoT device security startup Sternum nabs $27M

• Attacks on Russian Government Orgs Exploit Recent Microsoft Office Zero-Day

• Banking Trojan Posing as I-T Refund hits 27 Indian Banks

• A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit

• EU Proposes to Force Apple to Switch iPhone, iPad, and AirPods From Lightning to USB-C

• Nagios XI vulnerabilities open enterprise IT infrastructure to attack

• VoIP company battles massive ransom DDoS attack

• Large-Scale Phishing-as-a-Service Operation Exposed

• Facebook Ad Business Hit by New Apple Privacy Rules

• Thailand’s Data on 106 Million Visitors has been Breached

• He Escaped the Dark Web’s Biggest Bust. Now He’s Back

• Ransomware Isn’t Back. It Never Left

• Why You Should Consider QEMU Live Patching

• First Look Inside iPhone 13 Reveals Revamped TrueDepth System, Smaller Taptic Engine, and Larger Battery

• Apple Announced that TLS 1.0 and 1.1 Has Been Deprecated in iOS 15, iPadOS 15, macOS 12, and More

• VOIP Services hit by DDoS attack

• UK MoD creates an email data breach with CC emails

• U.S. Issues Conti Alert as Second Farming Cooperative Hit by Ransomware

• 85% of UK’s Top Universities at Risk of Email Fraud

• Why Doesn’t Apple Want People to Upgrade to iOS 15? – Intego Mac Podcast Episode 206

• New advanced hacking group targets governments, engineers worldwide

• Ransomware attackers targeted this company. Then defenders discovered something curious

• A Second Farming Cooperative Got Shut Down by Ransomware This Week

• 1-15 August 2021 Cyber Attacks Timeline

• Why doesn’t Apple want people to upgrade to iOS 15?

• Why Does’t Apple Want People to Upgrade to iOS 15? – Intego Mac Podcast Episode 206

• Tech Giants, Car Makers Set For White House Meeting Over Chip Shortage

• FCW Insider: September 23, 2021

• Researchers finger new APT group, FamousSparrow, for hotel attacks

• Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers

• New Android Malware Targeting US, Canadian Users with COVID-19 Lures

• Microsoft Exchange Autodiscover Bug Leads to the Leakage of 100K Windows Credentials

• 10 top API security testing tools

• Breach reporting required for health apps and devices, FTC says

• More Afghan Citizens’ Data Exposed in Second MoD Breach

• ANZ reports a 73% year-on-year increase in scams for the first eight months of 2021

• Crystal Valley hit by ransomware attack, it is the second farming cooperative shut down in a week

• Do you know what your supply chain is and if it is secure?

• CVE-2021-40847 flaw in Netgear SOHO routers could allow remote code execution

• Automation is not here to close the cybersecurity skills shortage gap, but it can help

• U.S. Department of the Treasury announces set of actions to counter ransomware

• Cring Ransomware Gang Exploits 11 Years Old Adobe Bug & Take Over ColdFusion Server Remotely

• Protecting IoT devices requires a DNS-based solution

• LG acquires Israeli automotive cybersecurity startup Cybellum

• Consumers taking action to protect themselves online, though confidence is low

• DDoS attacks increased 11% in 1H 2021, fueling a global security crisis

• What is the impact of software supply chain security challenges?

• Through edtech, society’s cybersecurity ability is heading up a notch

• Detecting Credential Stealing Attacks Through Active In-Network Defense

• Ransomware attack levels soaring, now accounting for 69% of all attacks involving malware

• SaaS applications investment growing despite underutilization of app licenses by employees

• Future of work: Cybersecurity and hybrid working as top two enterprise priorities

• Remotely exploitable “inetloc” zero-day vulnerability hits the Mac

• CIS Control 5: Account Management

• Stairwell Inception helps organizations get ahead of the most sophisticated attackers

• Virtual Event: Google Cloud Next | October 12 – 14

• Kyriba Open API Platform accelerates next generation of fintech innovation

• Nutanix Cloud Platform improves support for mission-critical workloads with AOS 6 software

• Plugging the holes: How to prevent corporate data leaks in the cloud

• 2021-09-21 – Squirrelwaffle Loader with Cobalt Strike

• 2021-09-22 – Squirrelwaffle Loader with Qakbot and Cobalt Strike

• Versa’s 5G WAN Edge Products for Complete SASE Services to the Edge

• Nokia’s fifth generation FP5 routing silicon provides protection against network security threats

• Europol arrested 106 fraudsters, members of a major crime ring

• Druva’s ‘curated recovery’ aimed at faster ransomware incident resolution

• CISA releases advisory on Conti ransomware, notes increase in attacks after more than 400 incidents

• Exein raises €6M to fuel the company’s planned architectural product expansion

• Nutanix partners with Citrix to deliver remote work solutions across private and public clouds

• Infosys collaborates with AWS to develop quantum computing capabilities

• Apple tried to patch this security hole in macOS Finder but didn’t consider upper and lowercase characters

• Zoom’s $15bn merger with Five9 probed by Uncle Sam for national security risks

• Could You Be a Ransomware Target? Here’s What Attackers Look For

• iOS 15 Safari Tips and Tricks Video

• IriusRisk expands its Technical Advisory Board with three new members

• HackerOne updates Internet Bug Bounty program to improve the security of open source software

• Ketch raises $20M to expand its sales and go-to-market teams

• CISA Reports Top Vulnerabilities From Remote Work

• Top 10 Application Security Articles to Read Now

• White House pushes back on efforts to restore program cuts in NDAA

• Crystal Valley Farm Coop Hit with Ransomware

• Lithuanian Agency Warns Against Use of Chinese-made Phones

• US Locks Up Call Center Scammer

• US CISA, FBI, and NSA warn an escalation of Conti ransomware attacks

• iOS 15 Safari Extensions Worth Checking Out

• Melissa Daimler joins Udemy as Chief Learning Officer

• IT Security News Daily Summary 2021-09-22

• What is identity management and why does it matter?

• Google, Microsoft and Oracle generated most vulnerabilities in 2021

• Back to School Cyber Security Tips

• Turla deploying ‘secondary’ backdoor in state-sponsored attacks

• Lithuania tells its citizens to throw Xiaomi mobile devices in the bin

• Disinformation may be the new normal, election officials fear

• Internet users stressed out by cyberattack news: Kaspersky

• Ransomware now accounts for 69% of all attacks that use malware

• Marcus & Millichap hit with possible BlackMatter ransomware

• 106 arrested in a sting against online fraudsters

• Apple Giving Retail Employees Up to a $1,000 One-Time Bonus

• Air Force secretary mulls space acquisitions nominees

• Real-time intelligent software can help the VA save lives

• Netgear SOHO Security Bug Allows RCE, Corporate Attacks

• SCADAfence Partners with Keysight Technologies

• IT expert warned about the danger of pirated files downloaded via torrent

• UK MoD Data Breach Shows Cybersecurity Must Protect Both People and Data

• Review: Aqara’s Roller Shade Driver E1, TVOC Air Quality Monitor, and Hub M1S Are Reliable and Well-Designed HomeKit Accessories

• MSHTML attack targets Russian state rocket centre and interior ministry

• Exchange Autodiscover feature can cause Outlook to leak credentials

• Symantec: Staging activity observed on Exchange servers

• US Execs Tout Retaliation Over Diplomacy

• Deals: Record-Low Prices Hit Apple’s Latest 12.9-Inch iPad Pro Magic Keyboard, Starting at $324.88 for Black

• Your IoT devices may be vulnerable to malware

• Best Backup Solutions for Ransomware Protection

• Freshworks Valued At $12.2 Billion After Nasdaq IPO

• MSPB nominees hope to triage massive backlog of cases

• #IMOS21: Alyssa Miller’s Advice for Building a Successful Infosecurity Career

• Crystal Valley Cooperative becomes latest agriculture business hit with ransomware

• Unpatched Apple Zero-Day in macOS Finder Allows Code Execution

• Netgear Patches Remote Code Execution Flaw in SOHO Routers

• Hikvision cameras could be remotely hacked due to critical flaw

• Microsoft Debuts Magic Keyboard-Like Surface Laptop Studio and Surface Duo 2 Foldable Smartphone

• CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware 

• First iOS 15.1 and iPadOS 15.1 Betas Now Available to Public Testers

• The meaning behind XDR: A beginner’s guide to extended detection and response

• O2 Coverage Advert Banned By ASA

• Facebook Underreporting iOS Ad Results After Apple Privacy Change

• McAfee Enterprise Defender Blog | OMIGOD Vulnerability Opening the Door to Mirai Botnet

• VMware Warns of Ransomware-Friendly Bug in vCenter Server

• How REvil May Have Ripped Off Its Own Affiliates

• Conti Ransomware

• CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware 

• Facebook May Have Paid Off The FTC To Protect Zuckerberg From Cambridge Analytica Scandal

• Photographer Austin Mann’s iPhone 13 Pro Test Looks at Camera Improvements With Macro, Photographic Styles, New Lenses, and More

• Apple Won’t Allow Fortnite Back in the App Store Until Legal Battle Ends Due to Epic’s ‘Duplicitous Conduct’

• Confluence Code Exec Flaw Being Used By Crypto Miners

• TikTok, GitHub, Facebook Join Open Source Bug Bounty

• How The Mafia Is Pivoting To Cybercrime

• 9th-Generation iPad Reviews: An Even Better Value With More Storage and a Better Front Camera

• White House puts sanctions on Russian Cryptocurrency exchange for ransomware payments

• How to Build a Winning Cybersecurity Resume

• Best VPN for Windows PC 2021

• Google Releases Security Updates for Chrome

• Having Confidence in Your Wireless Security

• Distroless Builds Are Now SLSA 2

• New version of Jupyter infostealer delivered through MSI installer

• BlackMatter Ransomware Analysis; The Dark Side Returns

• Mozilla’s latest privacy ranking slaps ‘Privacy Not Included’ tag on Facebook Messenger, WeChat and Houseparty

• TikTok, GitHub, Facebook Join Open-Source Bug Bounty

• Many Hikvision Cameras Exposed to Attacks Due to Critical Vulnerability

• Apple CEO Tim Cook in Leaked Memo: ‘We Are Doing Everything in Our Power’ to Identify Leakers

• iOS 15 Adoption Lower Than iOS 14 Over First Two Days, Says Mixpanel

• Imperva An Eight-Time Magic Quadrant Leader for Web Application and API Protection

• Flaws in Nagios Network Management systems pose risk to companies

• FBI Had the REvil Decryption Key

• Lawfare Live: Benjamin Wittes on the Prosecution of Michael Sussman

• What’s Working and What Isn’t in Researching Influence Operations?

• Privacy Expert On Major Privacy Change By Google Coming To Billions Of Android Devices Soon

• NFT’s Have The Potential For Financial Scams

• Lithuania Warns Citizens Over 5G Chinese Phones

• European Telecom Company Expands Its Footprint to Better Protect Users and Customers

• Feds Sanctions SUEX Cryptocurrency Exchange for Laundering Ransomware Payouts

• Study to become a CompTIA security infrastructure expert

• Remote Code Execution Vulnerability Found in AWS WorkSpaces

• Deals: Save Up to 30% on Apple’s MagSafe Charger Accessories for Your iPhone 12 or iPhone 13

• Turla APT Group Employs New TinyTurla Backdoor in Attacks Against Countries Around the World

• “School Should Be Teaching Online Safety” says 80% of Aussie Parents

• Microsoft Autodiscover abused to collect web requests, credentials

• This cryptocurrency miner is exploiting the new Confluence remote code execution bug

• More than 1 in 3 people have tried to guess someone else’s password: 3 in 4 succeed

• Hundreds of Thousands of Credentials Leaked Due to Microsoft Exchange Protocol Flaw

• Anonymous Hacking Group Targets Controversial Web Hoster Epik

• API Keys Exposed – Millions Of Transaction Details At Risk, Experts Weigh In

• A Critical VMware Bug Found in the Default vCenter

• Netflix errors – How to fix them

• The CISO and the C-Suite: How to Achieve Better Working Relations

• Google Working on Improving Memory Safety in Chrome

• pNetwork Suffered Loss In Bitcoins Worth $12 Million

• iPad Mini 6 Unboxing Videos and Reviews Shared Ahead of Friday Launch

• Report: Apple AR Headset With Rumored $2,000+ Price Tag to Enter Mass Production in Second Quarter of 2022

• iPad Mini Reviews: Impressive Upgrade Brings iPad Air Features to Smaller Size

• The Ransomware Dubbed BlackMatter Hits Marketron

• Microsoft Exchange Autodiscover protocol found leaking hundreds of thousands of credentials

• Security tips – How to protect your online trading account

• Osano, a data compliance platform, raises $11M

• Enterprise tech adoption fuels cyber risks

• VMware patch bulletin warns: “This needs your immediate attention.”

• CREST Appoints New President Following Retirement of Ian Glover

• Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation

• Poor Patching Cadence Correlated To Healthcare Ransomware Risk

• Patch now! Insecure Hikvision security cameras can be taken over remotely

• Ensuring Disaster Recovery and Business Continuity in the Cloud

• UK Minister Sorry Over Afghan Interpreters’ Data Breach

• Patch vCenter Server “right now”, VMWare expects CVE-2021-22005 exploitation within minutes of disclosure

• Yes, the FBI held back REvil ransomware keys

• US Treasury Sanctions Cryptocurrency Exchange Suex

• DDoS attacks are becoming more prolific and more powerful, warn cybersecurity researchers

• Some Users Plagued by Incorrect ‘iPhone Storage Almost Full’ Alert After Updating to iOS 15

• Most iPad Mini 6 Shipping Estimates Now Extend into November

• A malicious document could lead to RCE in Apache OpenOffice (CVE-2021-33035)

• US Sanctioned Suex Cryptocurrency Exchange for Allegedly Processing Ransomware Payments

• No, Colonel Gaddafi’s daughter isn’t emailing to give you untold riches

• Aspects and Issues of Automotive Software Development

• US cryptocurrency exchange sanctions over ransomware likely not the last

• Facebook Oversight Board To Examine Free Pass For High-Profile Users

• This phishing-as-a-service operation is responsible for many attacks against businesses, says Microsoft

• Flaws in Nagios Network Management Product Can Pose Risk to Many Companies

• How Cynet’s Response Automation Helps Organizations Mitigate Cyber Threats

• New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures

• US To Target Crypto Ransomware Payments With Sanctions

• Creepy data collection and sharing remain common on popular apps

• A New MacOS Zero-day Vulnerability Was Recently Discovered

• Netgear RCE in SOHO Routers Fixed by the Enterprise

• Google, geofence warrants, and you

• Enterprises Need 27 New IT Hires to Manage Security Debt

• Plug critical VMvare vCenter Server flaw before ransomware gangs start exploiting it (CVE-2021-22005)

• Treasury Sanctions Russian Crypto Exchange

• Half of Web Owners Don’t Know if Their Site Has Been Attacked

• VMware addressed a critical flaw in vCenter Server. Patch it now!

• How to Disable Tab Bar Coloring in Safari 15 on macOS

• The Kaseya ransomware attack: A timeline

• Software cybersecurity labels face practical, cost challenges

• How to mitigate the Microsoft Office zero-day attack

• Documenting Vulnerabilities Abused By Ransomware Gangs | Avast

• Afghan Interpreters’ Data Exposed in MoD Breach

• Russian Electronic Voting System Struck by 19 DDoS Attacks in One Day

• Europol Knock Down 100+ Organized Cybercriminals Who Involved SIM Swapping & Other Online Frauds

• RCE is back: VMware details file upload vulnerability in vCenter Server

• FTC: Health App and Device Makers Should Comply With Health Breach Notification Rule

• Build your own Android security product

• Hidden costs incurred after being targeted by ransomware attacks

• Ukraine hackers spread ransomware to US Healthcare Company

• US Sanctions Cryptocurrency Exchange SUEX for Aiding Ransomware Gangs

• How to protect the corporate network from spyware

• Leveraging AI and automation to identify sensitive data at scale

• We cannot afford for healthcare security to be the “lowest-hanging fruit”

• How do I select a data privacy management solution for my business?

• What is 5G security? Explaining the security benefits and vulnerabilities of 5G architecture

• TeamTNT with new campaign aka “Chimaera”

• Why is AT&T adding Web Application Shielding to its Managed Vulnerability Program?

• Explore and experience cybersecurity from a consulting point of view

• The Gap in Your Zero Trust Implementation

• How digital transformation impacted CIO and CTO roles

• Democracy advocate finds internet freedom has declined globally for 11th consecutive year

• High-Severity RCE Flaw Disclosed in Several Netgear Router Models

• 2 million malicious emails bypassed secure email gateways in 12 months

• Sextortion Scams – How They Persuade and What to Watch for

• VMware Warns of Critical File Upload Vulnerability Affecting vCenter Server

• Whole cloud spending to surpass $1.3 trillion by 2025

• Chrome willing to take performance hit to prevent use-after-free bugs

• McAfee’s online protection service protects information across all online activities

• Malicious PowerPoint Documents on the Rise

• European police dismantle cybercrime ring with ties to Italian Mafia

• White House Blacklists Russian Ransomware Payment ‘Enabler’

• FileCloud 21.2 allows managers and team members to create business workflows without coding

• Zix Secure Large File allows any authorized user to send large attachments via email

• Cyware’s threat intelligence sharing capabilities empower organizations to achieve collective defense

• Yugabyte Cloud delivers distributed SQL without the operational overhead of managing a database

• Druva introduces curated recovery technology for accelerated ransomware recovery

• Zoom’s $14.7 billion deal for Five9 under US national security review

• D2iQ DKP 2.0 enables customers to power applications across any infrastructure

• Break out your emergency change process and patch this ransomware-friendly bug ASAP, says VMware

• The Case for Decryption in Cybersecurity

• 2 million malicious emails bypassed secure email defenses over 12 months

• McAfee collaborates with IBM Security to bring integrated solution for TD SYNNEX customers

• Senet and Helium expand access to public LoRaWAN network for customers deploying IoT applications

• Stellar Cyber partners with ITSDI to bring attack protection and remediation throughout the Philippines

• Database containing personal info on 106m people who traveled to Thailand found open to the internet – report

• VMWare Calls Attention to High-Severity vCenter Server Flaw

• Saviynt raises $130M to accelerate its growth in enterprise identity security market

• IBM partners with Airspan to accelerate the adoption of 5G-enabled Open RAN technology in Europe

• A zero-day flaw allows to run arbitrary commands on macOS systems

• Jennifer N. Harris joins Jumio Board of Directors

• After ransomware attack, company finds 650+ breached credentials from NEW Cooperative CEO, employees

• Cofense appoints Ronnie Tokazowski as Principal Threat Advisor

• That Alfa-Trump Sussman indictment

• Stop Military Surveillance Drones from Coming Home

• 2021-09-21 – Brazil – currículo (resume) themed malspam

• Is hacking back effective, or does it just scratch an evolutionary itch?

• Apple Preparing to Support Digital Car Keys for Genesis Vehicles

• All the iOS 15 Features You Won’t Get Until Later

• IT Security News Daily Summary 2021-09-21

• Ransomware Attacks Jumped Nearly 300% in 2021

• Choosing a web hosting service that’s right for your business

• StateRAMP posts first authorized vendor list

• VMware, Slack announce secure cloud services

• key fob

• US Treasury Dept. sanctions Russian cryptocurrency exchange for work with ransomware groups

• HTTPS Is Actually Everywhere

• Protecting critical infrastructure: All hands on deck

• Treasury Department sanctions cryptocurrency exchange Suex

• Facebook Goes On The Defensive Over Privacy, Data Challenges

• Turla APT group used a new backdoor in attacks against Afghanistan, Germany and the US

• Red Hat Insights and the delivery of a new security recommendation

• iOS 15 Removes Do Not Disturb Option That Silenced Notifications Only When iPhone Was Locked

• Suex to be you: Feds sanction cryptocurrency exchange for handling payments from 8+ ransomware variants

• Microsoft Outlook users report frustrating search, security keys bugs

• Telework is the new normal for Air Force Materiel Command

• Everything New in iOS 15.1 Beta 1

• HomePod 15.1 Beta Adds Lossless Audio and Dolby Atmos Support

• 12 years jail for man who unlocked phones, defrauded AT&T of $200m

• Epik Confirms Hack, Gigabytes of Data on Offer

• 3 Quick Ways to Recover Outlook PST Password Online

• 12 Benefits of Hiring a Certified Ethical Hacker

• NDAA cyber reserve proposal revised with labor in mind

• GSA plans cloud marketplace

• NETGEAR Releases Security Updates for RCE Vulnerability

• Western Sahara, the Biden Administration and Human Rights

• Resetting Passwords (and Saving Time and Money) at the IT Help Desk

• EU Set To Unveil Common Phone Charger Proposal

• Google unveils results of DevOps report, finding increase in public cloud use

• Russia-Linked Turla APT Uses New Backdoor in Latest Attacks

• The benefits of an IT management response

• NETGEAR Releases Security Updates for RCE Vulnerability

• iOS 15.1 Beta Lets Users Add COVID Vaccination Card to Wallet App

• Biden sanctions Suex cryptocurrency exchange to stifle ransomware payments

• National Diversity Awards | Avast

• Hackers Are Going ‘Deep-Sea Phishing,’ So What Can You Do About It?

• Decade-Old Adobe ColdFusion Vulnerabilities Exploited by Ransomware Gang

• Afghan Interpreters’ Data Exposed in MoD Breach

• VMware Releases Security Updates

• Deals: Get the Apple Pencil 2 for $109.99 ($19 Off) and 512GB M1 MacBook Air for $1,099.99 ($149 Off)

• iOS 15.1 Lets Users Add COVID Vaccination Card to Wallet App

• Medical Device Cybersecurity Center Launches in Minnesota

• VMware Releases Security Updates

• Apple Seeds First Beta of tvOS 15.1 to Developers

• Apple Seeds First Beta of watchOS 8.1 to Developers

• Apple Seeds First Betas of iOS 15.1 and iPadOS 15.1 to Developers

• Apple Seeds Seventh Beta of macOS Monterey to Developers

• SharePlay Re-Enabled in iOS 15.1, iPadOS 15.1, and tvOS 15.1 Betas

• An update on Memory Safety in Chrome

• Is Low Code development the biggest cyber threat?

• Top 10 Reasons to Invest in Web Security

• identity theft

• Apple Releases Security Updates for Multiple Products

• Unpatched High-Severity Vulnerability Affects Apple macOS Computers

• Users increasingly willing to abandon digital platforms that demand personal info, stringent passwords and time-consuming forms: study

• iOS 15 includes Face ID fix for security bypass using fake heads

• The iOS 15 Privacy Settings You Should Change Right Now

• Apple Releases Security Updates for Multiple Products

• Apple Will Let iPhone 13 Pro Users Disable Auto Switching to Ultra Wide Lens for Macro Photography Later This Fall

• Why EFF Flew a Plane Over Apple’s Headquarters

• Revolut CEO on newly-offered U.S. stock trading platform

• 3 trends shaping identity as the center of modern security

• Google To Purchase NY Office Building For $2.1 Billion

• Canadian firm VoIP.ms hit by non-stop extortion-based DDoS attacks

• Cybersecurity Solutions to Know in 2021: Open Source and Scaling Up

• White House nominates John Sherman for DOD CIO

• Turla APT Plants Novel Backdoor In Wake of Afghan Unrest

• 3 components to consider when selecting an MDR service

• Hacker Steals $12M from DeFi Platform

• Crowdstrike CEO on the threats the sector is facing, new company offerings

• Internet safety tips for kids and teens: A comprehensive guide for the modern parent

• The Biden administration plans to target exchange supporting ransomware operations with sanctions

• Defeat Ransomware with Immutable Backup Data and Encryption

• Cybersecurity experts’ advice: how to become cyber-resilient [Live Webinar] Sept 23, 2021

• Misconfigurations are the biggest threat to cloud security, period

• Hackers Attack Aviation Industry With AsyncRAT to Steal Login Credentials

• Nutanix announces new features for Cloud Platform

• Pakistani Scammer Sentenced to 12 Years in $200 Million Phone-Fraud Scheme

• 35 yrs Of Imprisonment for the Administrator of 200,000 DDoS Attacks

• Cisco Secure Receives Nutanix Technology Alliances New Partner of the Year Award

• China-Linked Group TAG-28 Targets India’s “The Times Group” and UIDAI (Aadhaar) Government Agency With Winnti Malware

• Nation-State Group Breaches Alaska Department Of Health

• HackerOne Expands To Tackle Open Source Projects

• Siemens Launches AI Solution To Fight Industrial Cybercrime

• $5.9 Million Ransomware Attack On Farming Cooperative May Cause Food Shortage

• Biden on US response to terrorism

• Catching the big fish: Analyzing a large-scale phishing-as-a-service operation

• How to Use iCloud+, with Additional Security and Privacy Features, and More

• BT Pledges To Curb Carbon Emissions By 2030

• “Modern CTO” Features Avast’s Michal Pechoucek | Avast

• Zero trust, EMS top Air Force cyber priorities

• Google, Microsoft and Oracle amassed the most cybersecurity vulnerabilities in the first half of 2021

• U.S. Treasury sanctions cryptocurrency exchange for alleged role in ransomware attacks

• OpenOffice Vulnerability Exposes Users to Code Execution Attacks

• Providing Developers Value-Focused Feedback in Security Software Development

• Deals: Not Upgrading to iPhone 13? Amazon Has Apple’s Official iPhone 11 and iPhone 12 Cases for Up to $30 Off

• What is Doxxing and How to Avoid It (UPDATED 2021)

• Is Extended Detection and Response (XDR) the Ultimate Foundation of Cybersecurity Infrastructure?

• Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage

• Computer vision-powered workplace safety systems could lead to bias and other harms

• iPhone 13 Reviews: Excellent Cameras, Speedy Performance, and Improved Battery Make for Worthy Upgrade

• Apple iOS 15 Update: What Is New?

• Boris Johnson Talks Tax With Amazon’s Jeff Bezos

• Identity Management Beyond the Acronyms: Which Is Best for You?

• BlackMatter Strikes Iowa Farmers Cooperative, Demands $5.9M Ransom

• How privacy and security challenges may cause people to abandon your website

• U.S. companies excel at limiting shadow IT, according to a new report

• Managing change in AI: Don’t forget about your staff’s needs and abilities

• iPhone 13 Pro Reviews: ProMotion and Longer Battery Life Highlight an Iterative Refresh

• EventBuilder Data Exposure: Registrants’ Details in Plain Sight

• Turla hacking group launches new backdoor in attacks against US, Afghanistan

• Four months on from sophisticated cyberattack, Alaska’s health department is still recovering

• Average consumer spending $273 per month on subscription services: report

• HackerOne expands Internet Bug Bounty project to tackle open source bugs

• Multi-party breaches cause 26-times the financial damage of the worst single-party breach: Report

• 46% of On-Prem Databases Globally Contain Vulnerabilities: Is Yours Safe?

• Fix network printing or keep Windows secure? Admins would rather disable PrintNightmare patch

• Details of 100M Visitors to Thailand Exposed Online: Research Firm

• Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug

• iPhone 13 and iPhone 13 Pro Unboxing Videos Shared Ahead of Friday’s Launch

• BlackMatter Ransomware Hits New Cooperative

• 4 Best Practices for Supply Chain Cyber Risk Management

• The Importance of Adopting a Risk Management Approach to Security and Privacy

• Software supply chain management company Cloudsmith raises $15M

• App observability platform DeepFactor raises $15M

• Slack launches new media sharing features and government tier

• Identity Solutions Provider Saviynt Raises $130 Million

• New OffSec Training Library Subscriptions: Learn One and Learn Unlimited

• Zero Trust Architecture – No Longer A ‘Nice To Have’

• Marketron Suffers BlackMatter Attack, Shuts Down All svcs. – 5 Experts Comment

• New Mac malware masquerades as iTerm2, Remote Desktop and other apps

• Twitter Offers $800m To Settle Investor Lawsuit

• DARPA’s vision for satellite communications

• UK Ministry of Defence apologises after Afghan interpreters’ personal data exposed in email blunder

• Ransomware Group Demands Millions From U.S. Farmer Cooperative

• Detection evasion in CLR and tips on how to detect such attacks

• Alaska’s Department of Health and Social Services Hack

• Apple Begins Selling Refurbished iPhones in Canada

• How to mitigate security vulnerabilities automatically with RASP

• Here Are the Free Ransomware Decryption Tools You Need to Use

• OneTrust acquires Tugboat Logic to automate InfoSec assurance and certification

• Expert Comment On ‘Smishing’: The Rising Threat For Businesses

• US agricultural co-op hit by ransomware, expects food supply chain disruption

• GFI FaxMaker makes it easy for administrators

• 8 Best Motherboards for Ryzen 7 3700X 2021 – Buying Guide

• How to Use the Find My App to Locate Friends, Apple Devices, and AirTags

• Malicious Email Surge Predicted for Q4

• New Capoae Malware Infiltrates WordPress Sites and Installs Backdoored Plugin

• US agricultural co-op hit by ransomware, expects supply chain disruption

• Windows IIS Servers Compromised

• iOS 15 lets you spy on apps that might be spying on you

• Siemens launches AI solution to fight industrial cybercrime

• Apple Offering 6-Month Apple Music Subscription Free With AirPods and Beats Purchases

• Apple Researching Ways to Use iPhone Camera to Detect Childhood Autism

• RGA Data Breach: Another Organization Affected by Massive Microsoft Exchange Hacking Campaign

• Quick Hits

• FCW Insider: September 21, 2021

• European Police Bust €10m Mafia Fraud Ring

• CRISC certification: Your ticket to the C-suite?

• The new math of cybersecurity value

• Farming Group Warns of Supply Chain Chaos After Ransomware Attack

• $100 Million Pledged by Google to Groups that Manage Open-Source Projects

• Payment API Flaws Exposed Millions of Users’ Data

• Forgot to Pre-Order Your iPhone 13 or 13 Pro? Apple Store Pickup Remains an Option for Launch Day

• Importance of Access Revocation for SMBs | Avast

• Cybersecurity Priorities in 2021: How Can CISOs Re-Analyze and Shift Focus?

• Looking for adding new detection technologies in your security products?

• F5 acquires Threat Stack to strengthen its cloud security capabilities

• CoSoSys Endpoint Protector 5.4.0.0 enables users to override a DLP policy

• Apache OpenOffice is currently impacted by a remote code execution flaw

• Microsoft Power Apps data exposure: Prioritizing sensitive data with secure configuration settings

• Black Matter gang demanded a $5.9M ransom to NEW Cooperative

• The complexities of vulnerability remediation and proactive patching

• Rules to follow for data destruction on Hard Drives

• F5 to acquire cloud security firm Threat Stack

• Challenges CISOs face in a rapidly evolving cybersecurity landscape

• Mafia works remotely, too, it seems: 100+ people suspected of phishing, SIM swapping, email fraud cuffed

• 77% of execs concerned about security tools gaps in their company

• CISSP – Tales of the Unexpected

• Data of 106 million visitors to Thailand leaked online

• Organizations prioritize strategic security programs, but lack fundamentals

• You’ve trained at the cutting edge, here’s how to keep your DFIR skills razor sharp

• Attacks Targeting OMIGOD Vulnerability Ramping Up

• Office workers unwilling to change their behavior, despite being aware of the cybersecurity challenges

• How to Report a Data Breach per GDPR

• Cybersecurity Maturity Model Certification (CMMC) – A Model for Everyone

• 3-D Secure transactions growth fueled by card-not-present explosion and PSD2

• ProLion ClusterLion for SAP now available on Azure Marketplace

• 2021-09-20 – Squirrelwaffle Loader with Cobalt Strike

• Trend Micro launches first data centre region in Australia

• NordVPN vs. Surfshark: Which VPN is best for you?

• CDS partners with Post-Quantum to provide post-quantum encryption algorithms for super yachts

• Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads

• Apple Card Gains Advanced Fraud Protection in iOS 15

• San Diego steps up cloud, remote support, IT service management

• Does Your Organization Have a Security.txt File?

• The Ultimate iOS 15 Walkthrough: Guides and How Tos for Every New Feature

• IT Security News Daily Summary 2021-09-20

• Europol nabs 106 criminals involved in SIM swapping, money laundering

• Ohio opens smart mobility corridor

• Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate

• 1Password Releases Safari Extension for iOS 15 and iPadOS 15

• Apple Prompts Pre-Order Customers to ‘Get Ready’ for New iPhone 13 With iCloud Syncing and Trade-Ins

• Windows 11 prep: How to convert MBR hard drive partitions to GPT

• European Regulators Flag Privacy Concerns With Facebook Smart Glasses

• Apache OpenOffice can be hijacked by malicious documents, fix still in beta

• iMovie and Clips Apps for iOS Gain Support for iPhone 13 Features

• iOS 15 Features: Our Top 10 Picks

• Iowa farm services provider hit with BlackMatter ransomware and $5.9 million ransom

• Europol Breaks Open Extensive Mafia Cybercrime Ring

• Americans Stressed Out by Cyber-attack Coverage

• France Condemns #Anti2010 Cyber-bullying

• iOS 15 Includes Improved Face ID Anti-Spoofing Models and Other Vulnerability Fixes

• Web-Based iCloud Mail Redesign, Hide My Email, and Custom Domain Features Now Live

• Taking meaningful steps toward stronger security

• Apple Ships iOS 15 with MFA Code Generator

• BrandPost: Keeping Your Hybrid Workforce Secure with Cyber Hygiene Training

• Zero Trust: Follow a Model, Not a Tool

• GSA plans one-stop shop cloud marketplace

• Payment API Bungling Exposes Millions of Users’ Payment Data

• Apple Releases Safari 15 Update for macOS Big Sur and macOS Catalina With New Safari Design, Tab Groups, and More

• Just Install iOS 15? Here’s Where to Start

• On the Special Counsel’s Weird Prosecution of Michael Sussmann

• The Cozy Relationship Between Russian State and Criminal Actors

• These iOS 15 Features Aren’t Available on the iPhone X or Older

• Low-Cost iPad and iPod Touch Are Last iOS Devices With Headphone Jack as iPad Mini 6 Drops Support

• How the pandemic transformed citizen service

• Here’s how to become an in-demand cybersecurity expert

• Cybercriminals Linked to Italian Mafia Arrested by European Police

• Data of 106 Million Visitors to Thailand Breached

• Large phishing campaign targets EMEA and APAC governments

• Ransomware recovery: Start getting back up before you’re even hit

• Apple Releases tvOS 15 With Spatial Audio, Stereo Support Using Two HomePod Minis, Hey Siri Improvements and More

• Apple Releases New HomePod 15 Software With Siri Playback Support, HomePod Mini Stereo Pairs, and More

• Apple Releases iOS 15 and iPadOS 15 With Safari Updates, Focus Mode, Live Text, iCloud+, System-Wide Translate, On-Device Siri and More

• A guide to combatting human-operated ransomware: Part 1

• Introducing the World’s First Free Cloud WAF to Secure Your Web Applications

• Should companies pay ransomware, and is it illegal to?

• How to Use Focus to Limit Notifications in iOS 15 and macOS Monterey

• BSidesSF Call For Papers Announced

• All old Android phones to get the latest mobile security update from Google

• Operation Layover Malware Campaign Targeted Aviation Industry For Five Years

• IoT Security (Internet of Things Security)

• Russian electronic voting system hit by 19 DDoS attacks in one day

• McAfee Enterprise Defender Blog | MSHTML CVE-2021-40444

• A Journey in Organizational Cyber Resilience Part 2: Business Continuity

• Vulnerability Summary for the Week of September 13, 2021

• Police Announce Huge Bust Of Mafia’s Cyber Crime Operations

• Google Announces Major Privacy Change Coming To Android

• Epik Data Breach Affects 15 Million Users, Including Non-Customers

• FBI Says $133 Million Lost In Romance Scams In 2021

• Kuo: iPhone 14 Pro Models to Feature Hole-Punch Display and 48MP Wide Camera

• Kuo: iPhones With Under-Screen Touch ID Now Coming in 2023, Foldable iPhone in 2024

• Multilingual Cybersecurity Awareness Training adapted for your needs

• APT actors exploit flaw in ManageEngine single sign-on solution

• Phishing attacks: Police make 106 arrests as they break up online fraud group

• Cloud security company Threat Stack acquired by F5 for $68 million

• EventBuilder Exposed Information of Over 100,000 Event Registrants

• “Back to basics” as courier scammers skip fake fees and missed deliveries

• Vulnerability Summary for the Week of September 13, 2021

• COBIT

• How to see who is trying to break into your Office 365 and what they’re trying to hack

• iPhone 13 Pro Pre-Orders Off to Promising Start With Strong Early Demand, Says Analyst

• Regulating Online Speech: Ze German Way

• Ransomware Crypto Exchanges Sanctions to Be Implemented by the U.S.

• Let’s Encrypt’s Root Certificate is expiring!

• Post-pandemic IT leadership

• Deals: Amazon Introduces Its First iPad Mini 6 Discount, Get the 64GB Wi-Fi Tablet for $459.99 ($39 Off)

• iPhone 13 vs. iPhone 12 Buyer’s Guide

• $200M Lost in Illegal Phone Unlocking Scheme

• How Cybersecurity Can Affect Your SEO Ranking

• 5 Ways Businesses Can Stay Ahead of Cybersecurity Attacks

• Microsoft Researches Ransomware Attack Targeting App Developers

• Google: This major privacy change is coming to billions of Android devices soon

• Trust, but verify: An in-depth analysis of ExpressVPN’s terrible, horrible, no good, very bad week

• Numando: a Banking Trojan Targeting Brazil Abuses YouTube for Spreading

• Exclusive Deals: Get 40% Off a MagSafe-Compatible Car Mount for Your iPhone 13 and More in Our New Anker Sale

• Popular DJing App Djay Becomes One of First Apps to Integrate Shazam on iOS 15

• How to Protect Yourself from Security Challenges Caused by Video Players

• Health Care Interoperability: What Are the Security Considerations?

• Bring Your APIs Out of the Shadows to Protect Your Business

• Attackers Use Linux Binaries as Loaders for Windows Malware

• Lubbock County Denies Data Leak, Says Data Temporarily Attainable Under New Software System

• Links Detected Between MSHTML Zero-Day Attacks and Ransomware Operations

• Numando: a Banking Trojan Targeting Brazil Abuses YouTube for Spreading

• Europol arrested 106 fraudsters, members of a major crime ring

• Kape Technologies Acquired The Popular ExpressVPN For $936 Million

• Serious RCE Vulnerabilities Found In Motorola Halo+ Baby Monitor

• Google To Roll Out Permissions Auto-Reset For Android Apps Even On Older Devices

• Microsoft Introduced Passwordless Account Logins For Enhanced Safety

• AI-powered disinformation detection platform Blackbird nabs $10M

• Cyberattack on Alaska Health Department Linked to State-Sponsored Hackers

• Microsoft makes a bold move towards a password-less future

• Facebook rebukes WSJ over investigation on the platform’s ability to harm, ‘toxic’ impact

• Google: This major app change is coming to billions of Android devices soon

• CCSP vs. Professional Cloud Security Manager: How Do They Compare?

• Ongoing Phishing Campaign Targets APAC, EMEA Governments

• Europol Busts Major Crime Ring, Arrests Over 100 Online Fraudsters

• Experts Make Out a List of Vulnerabilities Abused by Ransomware Groups

• 8 Best White Motherboards For Your Gaming Build 2021 – Top Picks

• Freedom Hosting operator gets 27 years for hosting Dark Web child abuse sites

• Indonesia Says No Evidence of Alleged Chinese Intel Hack

• Infosecurity Magazine Autumn Online Summit 2021 – Last Chance to Register!

• Mirai botnet exploiting Azure OMIGOD vulnerabilities

• A New Wave of Malware Attack Targeting Organizations in South America

• A week in security (Sept 13 – Sept 19)

• GitLab Files For Initial Public Offering After $6bn Valuation

• ‘Intensifying’ Auto Chip Shortage Hits Daimler Truck Production

• Ireland Privacy Regulator Quizzes Facebook Over Smart Glasses

• US Sanctions ‘Aim To Cut Off Hackers’ Access’ To Cryptocurrency

• Nigerian Threat Actor Targeting Aviation Industry Since 2018

• ‘Ted Lasso’ Makes History as First Streaming Service Show With Emmy Win For Outstanding Comedy Series

• Former IT Exec Pleads Guilty to Insider Trading Conspiracy

• A New Crypto Giveaway Scam Is Promoted Via Email

• Back to School Cyber Security Tips

• 7 unexpected ransomware costs

• 5 observations about XDR

• FCW Insider: September 20, 2021

• Payment API Vulnerabilities Exposed “Millions” of Users

• US Set to Sanction Cryptocurrency Firms Involved in Ransomware

• Everything You Need to Know About Credential Stuffing and How to Prevent It

• OpenSea Employee Resigns Over NFT ‘Insider Trading’ Row

• Teamsters Union Targets Amazon Facilities Across Canada

• Silicon UK In Focus Podcast: Schneider Electric

• 106 arrested in a sting against online fraudsters

• Trying to register your antivirus in Windows Security Center?

• Alphabet X Links Congo Cities With Beams Of Light

• Secrets from Public Repositories Were Exposed Due to Travis CI Flaw

• CIO names stocks that are resilient in the face of tax reform, pandemic and rising rates

• Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme

• How to retain the best talent in a competitive cybersecurity market

• Google to Auto-Reset Unused Android App Permissions for Billions of Devices

• Securing Kubernetes as it becomes mainstream

• Learn dance from Artificial Intelligence AI based Robots

• Serious vulnerability in HP Omen gaming PCs discovered

• Numando: A New Banking Trojan Targeting Latin American Users

• What businesses need to know about data decay

• Zero trust security solutions widely adopted, spurred by surge in ransomware

• Ransomware still a primary threat as cybercriminals evolve tactics

• Apple Highlights Additional iOS 15 Features, Such as Dual-SIM Phone Number Switching in iMessage Conversations

• Tech pros reporting a positive perception of their roles, looking forward to what lies ahead

• Everything You Need to Know about Cyber Crisis Tabletop Exercises

• The Digital Pandemic – Ransomware

• Cloud and online backups increasing in popularity, but tape usage remains

• Apple Says Find My Network Support for AirPods Delayed Until Later This Fall

• How do you measure the impact of security? Find out at SecTalks 2021

• Victoria launches five-year, AU$50 million cyber strategy

• Tick, tick, tick … TikTok China just limited kids to 40 minutes’ use each day

• IT Security News Weekly Summary – Week 37

• IT Security News Daily Summary 2021-09-19

• Epik – 15,003,961 breached accounts

• Here’s When You Can Download iOS 15 and iPadOS 15 in Time Zones Around the World

• Cyber EO and Meeting Cloud Modernization Effort

• iPhone 13 Orders Begin Shipping From Apple Ahead of Friday Launch

• DDoS Attack Service Admin Behind 200,000 Attacks Face 35 Years in Prison

• Numando, a new banking Trojan that abuses YouTube for remote configuration

• Apple Patched FORCEDENTRY Bug That NSO Exploited Against iPhone Users

• Distros and RegRipper

Generated on 2021-09-26 23:59:31.764364

Liked it? Take a second to support IT Security News on Patreon!