Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267
0

IT Security News Daily Summary 2022-05-05 | #linux | #linuxsecurity | #hacking | #aihp



  • Google, Apple, Microsoft promise end to passwords, courtesy of your mobile phone

  • How to use KDE Plasma’s Konsole SSH plugin

  • CrowdStrike vs FireEye: Compare EDR software

  • Check Point vs Palo Alto: Comparing EDR software

  • How to manage your Alexa voice recordings and privacy

  • Heroku: Cyberattacker Used Stolen OAuth Tokens to Steal Customer Account Credentials

  • CIA Wants Russians to Share Secret Info with the Agency via its Darknet Site

  • HBCUs could be one key to improving equity in federal contracting and technology

  • SentinelOne finds high-severity flaws in Avast, AVG

  • US Cyber Command Team Helps Lithuania Protect Its Networks

  • NIST Issues Guidance for Addressing Software Supply-Chain Risk

  • Google addresses actively exploited Android flaw in the kernel

  • EU Antitrust Head Calls For Global Approach To Tackle Big Tech

  • Senator not sold on Army’s $22 billion bet on IVAS

  • Why rural communities struggle to bring in much-needed federal grants

  • A Third of Americans Use Easy-to-Guess Pet Passwords

  • Microsoft, Apple, Google accelerate push to eliminate passwords

  • Critical Cisco VM-Escape Bug Threatens Host Takeover

  • Cisco Releases Security Updates for Enterprise NFV Infrastructure Software

  • [Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1)

  • Top Cyber Threats to the Telecom Industry

  • NASA chief calls out the ‘plague’ of cost-plus contracts

  • FBI: Bank Losses From BEC Attacks Top $43B

  • Cisco Releases Security Updates for Enterprise NFV Infrastructure Software

  • Demystify the Cybersecurity Risk Management Process

  • India to Collect User Data from VPNs, Data Centers, and Cloud Service Providers

  • Phishing threats attempt to hook new government victims

  • Catalan: Spain Spy Chief Admits Legally Hacking Some Phones

  • Google cloud misconfiguration poses risk to customers

  • GitHub to Enforce Two-Factor Authentication

  • Hunter Biden Laptop Repairman Sues Over Hacker Allegations

  • Magnet Forensics Acquires Cybersecurity Software Firm Comae Technologies

  • Attackers Use Event Logs To Hide Fileless Malware

  • Avast Patches Decades Old Vulnerabilities In Antivirus Product

  • VHD Ransomware Linked To North Korea’s Lazarus Group

  • Stung By 3 Court Losses, ISPs Stop Fighting California’s Net Neutrality Law

  • India to Collect User Data from VPNs, Crypto, Data Centers, and Cloud Service Providers

  • Modern Identity and Access Management Makes a Difference, Especially at a Mega-Scale

  • Cisco Announces Cloud Controls Framework Is Now Available to Public

  • World Password Day: Why we need a password-less future

  • World Password Day: Why are passwords still a problem in 2022?

  • Dutch Watchdog To Investigate Google Play Store Practices

  • Report: Cybersecurity workforce must grow by two-thirds to protect assets

  • It’s World Password Day! Here’s the one simple tip you need to keep your accounts secure online

  • Multichannel Phishing Concerns Cybersecurity Leaders in 2022

  • Safeguarding From Container Attacks Inside the Cloud

  • NHS Email Servers used for Phishing Attacks

  • X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021

  • GitHub Announces Mandatory 2FA for Code Contributors

  • Illuminate Data Breach Impacts More School Districts

  • VPN Providers Threaten to Quit India Over New Data Law

  • The Movement to Ban Government Use of Face Recognition

  • The $43 billion Business Email Compromise threat

  • US VP Kamala Harris To Meet Amazon Labor Union At White House

  • SYN flood attack

  • Cisco adds predictive networking SaaS options to improve uptime and security

  • White House: Quantum computers could crack encryption, so here’s what we need to do

  • FBI: Email fraud keeps getting worse. Here’s how to protect yourself

  • US Gov Issues Security Memo on Quantum Computing Risks

  • 1,000+ Attacks in 2 Years: How the SideWinder APT Sheds Its Skin

  • One Identity Guest Blog – The password checklist

  • Nigerian Tesla: 419 scammer gone malware distributor unmasked

  • Cisco addresses three bugs in Enterprise NFVIS Software

  • Security recommendations for SAP HANA on RHEL

  • The Chatter Podcast: Why We Fight with Christopher Blattman

  • Chinese State-Sponsored APT Naikon Resurfaces with New Tactics, Techniques, and Procedures (TTPs).

  • Google fixes two critical Pixel vulnerabilities: Get your updates when you can!

  • NSA chief: Cyber Command did 9 international missions last year

  • $43 billion stolen through Business Email Compromise since 2016, reports FBI

  • S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms [Podcast]

  • Docker Under Siege: Cybercriminals Compromise Honeypots to Ramp Up Attacks

  • NIST Releases Updated Cybersecurity Guidance for Managing Supply Chain Risks

  • Vendor Email Compromise (VEC) Explained

  • AvosLocker Ransomware Uses Driver Files to Disable Anti-Virus Solutions

  • Android’s May 2022 Security Updates Patch 36 Vulnerabilities

  • Why Security Matters Even More in Online Gaming

  • Google to Add Passwordless Authentication Support to Android and Chrome

  • A couple of 10-Year-Old flaws affect Avast and AVG antivirus

  • Why a Focus on Gender Increases National Security

  • NCSC Warns Of Threats Posed By Malicious Apps

  • Google chases sovereignty market with EU Workspace Data product

  • AutoRABIT Raises $26 Million for Salesforce DevSecOps Platform

  • Forrester Report Reveals the 5 Benefits IT Teams Really Need from API Security Tools

  • Kellogg Community College Closes after Ransomware Attack

  • Car Rental Giant Sixt Hit by Cyberattack, Operations Shut Down

  • Cloudflare Successfully Thwarted One of The Largest DDoS Attacks

  • Data Theorem launches attack surface management product that identifies 3P assets & appsec violations

  • Apple, Microsoft and Google announce plans to enable passwordless authentication for billions of devices

  • Google unveils passwordless log-in plans on World Password Day

  • NSA chief: Cyber Command did 9 cyber defense missions last year

  • How Can Healthcare Keep a Stronger Lock Down on their Cybersecurity

  • F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems

  • CANs Reinvent LANs for an All-Local World

  • Latest Cohort Announced for NCSC For Startups

  • Every ISP in the US Must Block These 3 Pirate Streaming Services

  • UK National Health Service Email Accounts Compromised by Hackers to Steal Microsoft Logins

  • This World Password Day consider ditching passwords altogether

  • 5 Advantages of Fraud Scoring

  • NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service

  • VHD Ransomware Linked to North Korea’s Lazarus Group

  • GitHub to Developers: Turn on 2FA or Lose Access

  • Announcing the public availability of the Cisco Cloud Controls Framework (CCF)

  • Researchers discover ‘dangerous functionality’ in Google Cloud control pane

  • Decade-old bugs discovered in Avast, AVG antivirus software

  • A security researcher told me my passwords and more: How 15 years of digital footprints left me exposed

  • Google, Apple, Microsoft make a new commitment for a “passwordless future”

  • OT Security Firm Network Perception Raises $13 Million

  • The Importance of Defining Secure Code

  • FBI: Losses From BEC Scams Surpass $43 Billion

  • Flaws in Avast, AVG Antiviruses Could Have Facilitated Attacks on Millions of Devices

  • Researchers Disclose 10-Year-Old Vulnerabilities in Avast and AVG Antivirus

  • 15.3 Million Request-Per-Second DDoS Attack

  • Critical F5 BIG-IP flaw allows device takeover, patch ASAP! (CVE-2022-1388)

  • BIG-IP RCE Bug Could Allow Device Takeover

  • April 2022 Cybersecurity Roundup: Funky Pigeon cyber attack, Costa Rica ransomware attack, Mailchimp cybersecurity negligence lawsuit

  • It’s business as usual for REvil ransomware

  • OpenSSF Launches Package Analysis Tool To Detect Malicious Packages

  • What is a Progressive Website Application?

  • Netflix Sued By Shareholders Over Subscription Disclosure

  • World Password Day: Brushing up on the basics

  • The Age of Zero-day Java Vulnerabilities

  • Check Point Software Outlines Five Must-Haves for Creating a Secure Password

  • There’s no sugarcoating it: That online sugar daddy may be a scammer

  • Thousands of Borrowers’ Data Exposed from ENCollect Debt Collection Service

  • Heroku Forces User Password Resets Following GitHub OAuth Token Theft

  • Cisco Patches Critical VM Escape in NFV Infrastructure Software

  • OWASP patches path traversal flaw

  • 1-15 April 2022 Cyber Attacks Timeline

  • It’s time for Internet Providers to Become Primary Security Providers

  • Industry Groups Drop Challenge To California Net Neutrality Law

  • F5 warns its customers of tens of flaws in its products

  • China stealing intellectual data from Europe and North America

  • Google is protecting Ukraine from State Sponsored Cyber Attacks of Russia

  • FBI warns of new reverse instant payments banking scam

  • South Korea Admitted to NATO Cyber Defense Center

  • 1000s of phishing emails sent from NHS inboxes

  • Multi-factor authentication: Busting a handful of common myths

  • FBI: Thailand and Hong Kong Banks Used Most in BEC

  • NHS Inboxes Hijacked to Send 1000+ Malicious Emails

  • Apple AirTags: One Year On – Intego Mac Podcast Episode 238

  • ID theft tools small businesses should invest in 2022 – Tighten your security

  • Try the Cloud NGFW Free Trial in AWS Marketplace

  • VM escape and root access bugs fixed in Cisco NFV infrastructure software

  • Federal Court finds RI Advice failed to manage cybersecurity risks in landmark decision

  • Phishing operation hits NHS email accounts to harvest Microsoft credentials

  • Biden orders new quantum push to ensure encryption isn’t cracked by rivals

  • How the EPL tackles piracy and stops people going around the wall

  • Beijing-backed gang looted IP around the world for years, claims Cybereason

  • Tackling the threats posed by shadow IT

  • What Does Volunteering at (ISC)² Mean? Hear From Volunteer Lisa Vaughan

  • Passwords are secrets that should never be shared

  • Australian Businesses That Adopt Eagle Eye Networks Cloud Video Surveillance Are Eligible for Tax Break

  • 3 most dangerous types of Android malware

  • GitHub to require two factor authentication for code contributors by late 2023

  • 7 threat detection challenges CISOs face and what they can do about it

  • World Password Day is Dead. Long Live World Password Day!

  • Cisco Issues Patches for 3 New Flaws Affecting Enterprise NFVIS Software

  • How to identify vulnerabilities with NMAP

  • Computer Malfunction Leads to Death of Over 27,000 Chickens

  • F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability

  • Data Theorem Supply Chain Secure identifies third-party vulnerabilities across the application software stack

  • Building on Your Existing DAM Instance is Smart Budget Planning

  • Variscite enhances IoT and edge security with over-the-air software updates

  • BIO-key MobileAuth enhancements safeguard access to critical data

  • Uptycs helps security teams strengthen security posture with CIEM capabilities

  • Noname Security Active Testing allows businesses to stop vulnerabilities before they reach production

  • Veracode Continuous Software Security Platform enables organizations to mitigate their security risk

  • Idaho Needs to Shore Up Cybersecurity, Task Force Says

  • World Password Day – the 1960s just called and gave you your passwords back

  • Syniti Migrate optimizes data migration for enterprise customers

  • Elastic Observability 8.2 provides fine-grain control over data collection and storage

  • Atos partners with VMware to help organizations drive value from data

  • Binarly collaborates with immune to secure modern computer infrastructure

  • Votiro partners with Thales to strengthen zero trust security for enterprises

  • US Cyber Command shored up nine nations’ defenses last year

  • Megaport and Bechtle join forces to accelerate digital and network transformation for companies

  • Report: 75% of companies are focusing on cloud-native apps

  • GitHub to Developers: Turn on 2FA, or Lose Access

  • Brian Stone joins NetAbstraction as CRO

  • Digital Security and Privacy Tips for Those Involved in Abortion Access

  • Workshop: Simplifying Network Security in the Cloud

  • India Forces All VPN Providers to Log and Store User Data

  • China-linked Winnti APT steals intellectual property from companies worldwide

  • Radware launches SkyHawk Security to improve the overall security posture for organizations

  • DocuSign hires Steve Shute as President of Worldwide Field Operations

  • Island appoints Jennifer Park as CPO

  • Tetrate appoints Paul Machle as CFO

  • Traceable AI raises $60 million for unique API security platform

  • IT Security News Daily Summary 2022-05-04

  • 2022-05-03 – Contact Forms campaign –> Bumblebee –> Cobalt Strike

  • Senator calls on Biden to fill OSTP leadership role

  • Space Force to bring data scientists, coders on board this summer

  • City, state cybersecurity programs follow Washington’s lead

  • IRS leader explains why the IRS went to ID.me

  • FirstNet boosts in-building coverage

  • Need help finding broadband grants? Tool helps sift through opportunities

  • EU Hands Police Agency New Powers Over Personal Data

  • Microsoft Releases Defender for SMBs

  • China-Backed Winnti APT Siphons Reams of US Trade Secrets in Sprawling Cyber-Espionage Attack

  • Q&A: How China Is Exporting Tech-Based Authoritarianism Across the World

  • Appwrite launches fund to help sustain open-source software development

  • FBI says Business Email Compromise attacks have cost over $43 billion since 2016

  • Kubernetes 1.24 Stargazer: An exceptional release with two major changes

  • Google Sees More APTs Using Ukraine War-Related Themes

  • Kaspersky Warns of Fileless Malware Hidden in Windows Event Logs

  • Groundbreaking Cybersecurity Book Published

  • F5 Releases Security Advisories Addressing Multiple Vulnerabilities

  • Cisco StarOS Forensic Guide Published

  • Google SMTP Relay Service Exploited for Sending Phishing Emails

  • Cisco Predictive Networks To Recognise Future Network Outages, Issues

  • What Are the Best Ways to Protect Your CAD/CAM Data?

  • How the TMF helps agencies pave the way toward zero trust

  • Wastewater monitoring took off during the COVID-19 pandemic – and here’s how it could help head off future outbreaks

  • Hubble Technology Banks $9 Million for Asset Visibility Platform

  • Mozilla Releases Security Updates for Firefox and Firefox ESR

  • F5 Releases Security Advisories Addressing Multiple Vulnerabilities

  • F5 Informs BIG-IP Customers About 18 Serious Vulnerabilities

  • Court Rules That Facebook Can Turn Over Private Info To Law Enforcement

  • Mozilla Releases Security Updates for Firefox and Firefox ESR

  • Tax Sanctions and Foreign Policy

  • Russia-linked APT29 Targets Diplomatic World Wide

  • China-linked APT Caught Pilfering Treasure Trove of IP

  • Coveware: Double-extortion ransomware attacks fell in Q1

  • New Ransomware Variant Linked to North Korean Cyber Army

  • This World Password Day, Here’s How a Password Manager Can Simplify Your Life

  • China-Linked Winnti APT Group Silently Stole Trade Secrets for Years: Report

  • SIM Fraud Solution Sparks Privacy Fears

  • Security Stuff Happens: What Will the Public Hear When You Say You’ve Been Breached?

  • Anonymous Hacks Russian Energy Companies, Leaking 1Million+ Emails

  • Mental Health Apps Fail Privacy Guidelines Spectacularly, Says Mozilla

  • Bridging the Needs of Security and Development Teams, Veracode Unveils Next-Generation Software Security Platform

  • Microsoft releases open-source tool for securing MikroTik routers

  • What are the Most Common Types of SSL Errors and How to Fix Them?

  • Android monthly updates are out – critical bugs found in critical places!

  • CISA Adds Five Known Exploited Vulnerabilities to Catalog

  • How a senior product manager is leading the passwordless movement at Microsoft

  • Unfixed vulnerability in popular library puts IoT products at risk

  • Cyber Attack on Nile Dam foiled by Ethiopian Authorities

  • Yubico Releases MFA Guide in Recognition of World Password(less) Day

  • Araali Networks Selected as Finalist for RSA Conference 2022 Innovation Sandbox Contest

  • German Minister Urges Tougher EU Antitrust Action

  • HHS Information Security Program ‘Not Effective’

  • Can New York court and regulate the crypto industry at the same time?

  • CISA Adds Five Known Exploited Vulnerabilities to Catalog

  • 8 security tips for small businesses

  • Tailscale raises $100M for its zero-trust VPN

  • GitHub launches new 2FA mandates for code developers, contributors

  • Communication around Heroku security incident dubbed ‘train wreck’

  • AI for Cybersecurity Shimmers With Promise, But Challenges Abound

  • Vulnerabilities Allow Hijacking Of Most Ransomware To Prevent File Encryption

  • Bangladesh Cyber Incident Response Team has Issued a Warning About Malware Attacks Around Eid

  • Kubernetes taps Sigstore to thwart open-source software supply chain attacks

  • UK to Place Security Requirements on App Developers and Store Operators

  • Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites

  • The House Should Fine Bannon, Meadows, Navarro and Scavino Now If It Wants Their Testimony

  • BT Opts For AWS As Cloud Provider To Assist In IT Transformation

  • Instagram Hack Results in $1 Million Loss in NFTs

  • Magniber Ransomware Tricking Users via Fake Windows 10 Updates

  • Cisco Issues Fresh Warning Over Counterfeit Switches

  • Webinar Today: Blast Radius & Simulated Attack Paths

  • Uptycs Announces New Cloud Identity and Entitlement Management (CIEM) Capabilities

  • AutoRABIT Secures $26M in Series B Investment from Full In Partners to Expand DevSecOps Platform

  • What Stars Wars Teaches Us About Threats

  • SEC Plans to Hire More Staff in Crypto Enforcement Unit to Fight Frauds

  • US To Impose Sanctions On China’s Hikvision – Report

  • This unpatched DNS bug could put ‘well-known’ IoT devices at risk

  • This sneaky hacking group hid inside networks for 18 months without being detected

  • Attackers Use Event Logs to Hide Fileless Malware

  • SAC Health System Impacted By Security Incident

  • Chinese Hackers Caught Stealing Intellectual Property from Multinational Companies

  • White House Boosting Quantum Technology And Cybersecurity

  • Unpatched DNS Bug Puts Millions Of Routers, IoT Devices At Risk

  • SEC Nearly Doubles Crypto Currency Cop Roles In Special Cyber Unit

  • Cybersecurity firm Cybereason uncovers Chinese espionage campaign

  • Anonymous Leak 82GB of Police Emails Against Australia’s Offshore Detention

  • One Small Error by DevOps, One Giant Opening for Attackers

  • Mosyle raises $196M for its mobile device management platform for Apple devices

  • GitHub to enforce 2FA for all code contributors by the end of 2023

  • Tailscale raises $100 million for its zero-trust VPN

  • Appwrite launches fund to help sustain open source software development

  • Experts linked multiple ransomware strains North Korea-backed APT38 group

  • This Sneaky Hacking Group Hid Inside Networks For 18 Months Without Being Detected

  • The 2022+ Fit-for-Purpose OSINT Toolkit In The Age Of Digital Risk Growth

  • Watch Out! Verified Twitter Accounts Are Targeted in Phishing Attacks

  • Fake Cyberpunk Ape Executives target artists with malware-laden job offer

  • Board, (Dash)board and Bored

  • Critical RCE Bug Reported in dotCMS Content Management Software

  • Application Security Firm ShiftLeft Raises $29 Million

  • Aryaka, Carnegie Mellon’s CyLab to Research New Threat Mitigation Techniques

  • A Step-By-Step Guide on How To Remove Ransomware?

  • Chinese Hackers Abuse Cybersecurity Products for Malware Execution

  • India’s New Super App Has a Privacy Problem

  • New Sophisticated Malware

  • Transport for NSW Suffered a Cyber Incident

  • Cybersecurity for banks – Securing advanced e-Banking services

  • Mosyle raises $200 million for its mobile device management platform for Apple devices

  • Vulnerabilities Allow Hijacking of Most Ransomware to Prevent File Encryption

  • NCSC updates build environment best practices

  • A checklist to help healthcare organizations respond to a serious cyberattack

  • The EU’s Copyright Directive Is Still About Filters, But EU’s Top Court Limits Its Use

  • Chinese ride-hailing giant Didi says U.S. regulator is investigating its $4 billion IPO

  • Apple Store Union Vote To Take Place Next Month

  • Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk

  • A new secret stash for “fileless” malware

  • SEC bolsters cyber and crypto assets team

  • Musk Touts ‘Slight Cost’ For Business Use Of Twitter

  • Healthcare and Education Sectors Most Susceptible to Cyber Incidents

  • An expert shows how to stop popular ransomware samples via DLL hijacking

  • NCSC Updates Code of Practice for Smart Building Security

  • State-Backed Chinese Hackers Target Russia

  • A Tripwire Milestone: ASPL – 1000 is here

  • SEC Doubles Cyber and Crypto Assets Team

  • Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers

  • Is It Easy to Install a Hard Drive on Your Computer – 2022 Guide

  • Chinese Hacker Group Targeting Telecommunication Service Providers

  • DHS manipulated report on Russian election interference during the Trump administration, watchdog says

  • Lnkbomb- Exploit Insecure File Shares

  • Allowing too many exceptions leaves you wide open to infection

  • Transport for NSW struck by cyber attack

  • How I almost fell for an online rental scam

  • Heroku to begin user password reset almost a month after GitHub OAuth token theft

  • Putin threatens supply chains with counter-sanction order

  • Wiper malware threat to the healthcare sector in US and Ukraine

  • Norton to pay Columbia University a penalty for Malware patent infringement

  • Stealthy APT group plunders very specific corporate email accounts

  • AV-Comparatives: Microsoft Defender has a large impact on system performance

  • Self-promotion in cybersecurity: Why you should do it, and how

  • Google TAG sees China PLA group go after multiple Russian defence contractors

  • Chinese hackers perform ‘rarely seen’ Windows mechanism abuse in three-year campaign

  • Winnti threat group rides again with IP theft campaign

  • The 6 steps to a successful cyber defense

  • BigBear.ai to Highlight Artificial Intelligence and Machine Learning Capabilities at Upcoming Industry Events

  • Endpoint security and remote work

  • Good end user passwords begin with a well-enforced password policy

  • How to enhance your cyber defense program with CIS SecureSuite

  • Dell expands its offerings to help customers improve cyber resiliency

  • Enpass Business allows organizations to choose where they store their data

  • N-able Cove Data Protection provides cloud-first backup and disaster recovery for businesses

  • OccamSec Incenter helps security teams uncover complex vulnerabilities

  • SEC nearly doubles size of crypto and cyber enforcement unit

  • Putting It All Together

  • Instagram Credentials Stealer: Disguised as Mod App

  • Cyber-spies target Microsoft Exchange to steal M&A info

  • What Should I Know About Defending IoT Attack Surfaces?

  • WEBGAP partners with Intel to accelerate the adoption of remote browser isolation cybersecurity

  • StorONE and Seagate join forces to solve important storage-related challenges

  • Parfin selects Anjuna Security to protect MPC custody assets against risk and misuse

  • Aryaka partners with Carnegie Mellon University CyLab to develop new threat mitigation techniques

  • Click Here For The Original Source.


    ————————————————————————————-

    National Cyber Security

    FREE
    VIEW