13. May 2022

GSA’s new thinking for evaluating Polaris bids

Understanding Data Sources and File Formats

SonicWall urges customers to fix SMA 1000 vulnerabilities

Citrix exec explains why orgs are using DaaS to secure hybrid workspaces

White House joins OpenSSF and the Linux Foundation in securing open-source software

Black Hat Asia: Democracy’s Survival Depends on Taming Technology

CISO Shares Top Strategies to Communicate Security’s Value to the Biz

US Agrees to International Electronic Cybercrime Evidence Swap

Another ex-eBay exec admits cyberstalking web souk critics

The Army’s plan for tactical cloud computing

House Dems urge social media networks not to delete evidence of possible Russian war crimes in Ukraine

How broadband investments can reduce food deserts

Top 5 things about zero-trust security that you need to know

US Sentence Ukrainian to 4 Years for Brute-forcing and Selling Login Credentials

How to spot and avoid a phishing attack – Week in security with Tony Anscombe

Cylance vs CrowdStrike: EDR software comparison

Geofence Warrants and Reverse Keyword Warrants are So Invasive, Even Big Tech Wants to Ban Them

Citrix exec explains why orgs are using DaaS to secure hybrid workspaces: Q&A

The missing link in the cybersecurity market

Linux, OpenSSF Champion Plan to Improve Open Source Security

Anatomy of a Security Update

Red Hat Enterprise Linux 9: Security baked in

Android and Chrome to Generate Virtual Cards to Keep Payment Information Safe

9 Questions You Should Ask About Your Cloud Security

GE Current and Others Select ioXt to Secure Their Network Lighting Controllers

Horizon3.ai Named a Leading Security Visionary in EMA’s Premier Vendor Vision Report Created for the 2022 RSA Conference

Socure Names Security Veteran Chad Kalmes as Chief Information Security Officer

Android 13 promises more on Mobile Security and Privacy

AI compounds discrimination against disabled

Software patching must work like car safety recalls, says US cyber boss

Iran-Linked OilRig APT Caught Using New Backdoor

He cracked passwords for a living – now he’s serving 4 years in prison

Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning

Ransomware Operators Send Their Ransom Note To The Victim’s Printer

Threat Actors Use Telegram To Spread Eternity Malware-As-A-Service

EU Governments, Lawmakers Agree On Tougher Cybersecurity Rules For Key Sectors

German Firms Targeted by Malicious NPM Packages

Texas Social Media Law Restored By US Appeals Court

Start a new career in ethical hacking with these 18 training courses

Hackers Can Make Siemens Building Automation Controllers ‘Unavailable for Days’

Response to Philip Zelikow: Confiscating Russian Assets and the Law

What’s the safest way to permanently erase your laptop’s drive? [Ask ZDNet]

These ransomware attackers sent their ransom note to the victim’s printer

EU Agrees New Cybersecurity Legislation for Critical Services Organizations

Zyxel fixed firewall unauthenticated remote command injection issue

At Least 14 German Automakers Targeted by Malware Campaign

Russia Dubbed as the “Centre” of European-wide Cyber-Attacks

How much will it cost to secure open-source software? OpenSSF says $147.9M

Most organizations hit by ransomware would pay up if hit again

How to Avoid Falling Victim to PayOrGrief’s Next Rebrand

Data Transformation: 3 Sessions to Attend at RSA 2022

Business Email Security Contributes to Business Stability

devOcean Emerges From Stealth With Cloud-Native Security Operations Platform

How to Fight Foreign Hackers With Civil Litigation

‘Peacetime in cyberspace is a chaotic environment’ says senior US advisor

China’s SMIC Warns Of Plummeting Smartphone, PC Demand

Critical Vulnerability Allows Remote Hacking of Zyxel Firewalls

“Eternity Project” Malware Leverages Telegram For Distribution

Elon Musk Puts Twitter Takeover On Hold

Bitter APT Hackers Uses Non-existent Email Account/Domain To Send Weaponized Emails

Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service

Google Created ‘Open-Source Maintenance Crew’ to Help Secure Critical Projects

Cybercriminals Launch a New Malware-as-a-Service: the ‘Eternity Project’

Iran-linked Cobalt Mirage extracts money, info from US orgs – report

Just in time? Bosses are finally waking up to the cybersecurity threat

Delete data! Here’s the safest way to permanently erase your laptop’s drive [Ask ZDNet]

Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)

Microsoft: The Ransomware ware is Changing, Here’s What You Need to Know

What’s a Parent to Do? Closing the Protection Gap between You and Your Children.

Critical Vulnerabilities Provide Root Access to InHand Industrial Routers

‘IceApple’ Post-Exploitation Framework Created for Long-Running Operations

How One Company Helps Keep Russia’s TV Propaganda Machine Online

BPFdoor Has the Capacity to Bypass Firewalls

Secure Your Migration to AWS, Part II: The Road to Success

Ukrainian Sentenced to US Prison for Selling Hacked Credentials

#CYBERUK22: Cyber Trends from the Russia-Ukraine War

WordPress Websites Files and Databases Injected with Malicious JavaScript

Organizations in Europe Targeted With New ‘Nerbian’ RAT

Government’s “Whole of Society” Cyber Strategy Takes Shape

The Countdown Has Started on Secure IoT Compliance

Tips for Implementing HITRUST for Healthcare Providers

Ukrainian Gets Four Years for Brute Forcing Thousands of Credentials

Open Source Community Hands White House 10-Point Security Plan

New Saitama backdoor Targeted Official from Jordan’s Foreign Ministry

Security pros say their mental health has declined

A 10-point plan to improve the security of open source software

The state of mental health in the cybersecurity community

Researchers find 134 flaws in the way Word, PDFs, handle scripts

Iran-linked COBALT MIRAGE group uses ransomware in its operations

Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability

Iranian hacking group caught spreading ransomware

To predict the targets of Chinese malware, look at the target of Chinese laws

Nokia starts a Cybersecurity Testing Lab for 5G Networks

Sandstone CTO shares how to assess cyber risk in the cloud

The SaaS-to-SaaS supply chain is a wild, wild mess

New infosec products of the week: May 13, 2022

To predict the target of new Chinese malware, look at the target of new Chinese laws

Why are DDoS attacks so easy to launch and so hard to defend against?

Anatomy of a campaign to inject JavaScript into compromised WordPress sites

Top tech for enterprise identity governance and security

63% of cybersecurity pros say their stress levels have risen over the past year

Nebulon enables 4-minute ransomware recovery on Lenovo ThinkSystem rack server edge deployments

Keytos EZMonitor prevents breaches and SSL related outages

Arctic Wolf Data Exploration allows organizations to centralize their security telemetry

AwareGO Human Risk Assessment for SMEs improves cybersecurity awareness

iDenfy introduces Business Verification platform to help customers detect bogus companies

Codenotary adds vulnerability scanning to further secure open source supply chains

Catalyst Award winner: Soraya Correa

Government Eagle Award winner: Gundeep Ahluwalia

Industry Eagle Award winner: Casey Coleman

Federal officials caution employers on using AI in hiring

Elastic partners with Tines to help customers respond to security threats

Iranian APT Cobalt Mirage launching ransomware attacks

Transforming SQL Queries Bypasses WAF Security

Aiven Raises $210 million to build more sustainable applications in the cloud

BalkanID raises $5.75 million and launches a solution to provide visibility into risky entitlements

devOcean launches out of stealth and raises $6 million to lead cloud-native security operations

Black Hat Asia: Firmware Supply-Chain Woes Plague Device Security

Mike Sherwood joins Pondurance as VP of Sales

Socure names Chad Kalmes as CISO

CyberArk launches a $30 million investment fund to fuel innovation

Transmit Security expands in Europe to address growing demand for passwordless authentication

CoreStack hires Murli Mohan as MD – Sales for IMEA

A Guide to Using VPNs on Your Smartphone

Acquisition experts ask Congress to address decline in small business awards

10 reasons why we fall for scams

How password fatigue can cost organizations time, money and mental energy

Critical F5 BIG-IP Flaw Actively Exploited by Hackers

How Imperva Data Security Fabric Reduces Splunk Ingestion Costs and Accelerates Incident Management

California Law Enforcement Now Needs Approval for Military-Grade Surveillance Equipment. We’ll Be Watching.

IT Security News Daily Summary 2022-05-12

Google launches ‘open-source maintenance crew’

Report: 44% decrease in average amount paid after ransomware attacks

3 Predictors of Cybersecurity Startup Success

If you’ve got Intel inside, you probably need to get these security patches inside, too

How to counter smart home device breaches


Stories from the SOC – Command and Control

Analysis on recent wiper attacks: examples and how wiper malware works

Next CISO headache: Vendor cyber insurance

Misconfigured ElasticSearch Servers Exposed 579 GB of Users’ Website Activity

Google launches ‘open source maintenance crew’

Maryland Governor Signs Bills to Strengthen Cybersecurity

Egnyte Enhances Program for Managed Service Providers

New Nerbian RAT spreads via malspam campaigns using COVID-19

Heat island mapping program expands

Costa Rica Declares Emergency in Ongoing Cyberattack

3 ways to apply security by design in the cloud

Cloud Firm Appian Awarded $2B in Trade Secret Cyber-Theft Lawsuit

StackHawk Raises $20.7 Million in Series B Funding for Developer-First Application and API Security Testing

Former Facebook Content Moderator Accuses The Company Of Human Trafficking

The Navy needs to do a better job finding the right job for its cyber specialists, officials say

Ransomware: How executives should prepare given the current threat landscape

How to build a cloud security strategy that sells

Jail voting expands in Illinois

BalkanID Raises $6M for Intelligent IGA Technology

Vendors, governments make ransomware decryptors more common

Surveillance by Driverless Car

21M Users’ Personal Data Exposed on Telegram

Zero trust vs. zero-knowledge proof: What’s the difference?

Costa Rica Declares National Emergency Following Conti Cyber-Attack

Oklahoma City Indian Clinic Data Breach Affects 40,000 Individuals

In a Blow to Free Speech, Texas’ Social Media Law Allowed to Proceed Pending Appeal

Cryptocurrency Crash Continues As Ethereum, Luna Plummets

ICE’s ‘surveillance dragnet’ built with DMV photos, report says

Adobe Releases Security Updates for Multiple Products

In a Blow to Free Speech, Texas’ Unconstitutional Social Media Law Allowed to Proceed Pending Appeal

Nerbian RAT Malware Delivered Using Word Documents That Include Malicious Macro Code

Ransomware cyber-attacks in Costa Rica and Peru drives national response

Managed service contracts deserve extra cyber scrutiny, intel agencies advise

Needs Improvement: Scoring Biden’s Cyber Executive Order

Adobe Releases Security Updates for Multiple Products

Analyzing the New Black Basta Ransomware

Russia Pushes Law to Force Taxi Apps to Share Data With Spy Agency

S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast]

Network Footprints of Gamaredon Group

Duo Opens New Data Center in India

Royal Mail Drones To Aid Postal Deliveries To Remote Locations

Vodafone In Merger Talks With Three UK – Report

Virtual credit cards coming to Chrome: What you need to know

Team Cymru’s New Attack Surface Management Solution to Transform the Way Organizations Manage Digital Business Risk

Serious Security: Learning from curl’s latest bug update

Ransomware The Final Nail In Coffin For Small University

APT Gang Sidewinder Goes On Two Year Attack Spree Across Asia

Ukraine War: Don’t Underestimate Russia Cyber Threat, Warns US

Novel Nerbian Trojan Uses Advanced Anti-Detection Tricks

Turmoil In Crypto Market As Stablecoin Tether Breaks Dollar Peg

The Chatter Podcast: The Art of the Security State with Trevor Paglen

A Legal Approach to the Transfer of Russian Assets to Rebuild Ukraine

Al-Qahtani Repatriated to Saudi Arabia Following Judge’s Grant of His Motion for a Mixed Medical Commission

How Imperva DSF Reduces Splunk Ingestion Costs and Accelerates Incident Management

Clearview AI banned from selling facial recognition data in the US

Citrix App Protection helps secure remote workers

NDR vs. Open XDR – What’s the difference?

XDR: Separating Truth from “We Do That Too”

How the evolution of ransomware has changed the threat landscape

Apple No Longer The Most Valuable Company In World

The stakes ‘could not be any higher’: CISA chief talks about the tech challenges ahead

Size of Early Stage Cyber Deals Continues to Surge: DataTribe

What Is RMM Software?

Ransomware the final nail in coffin for small university

Dark Web: 31,000 FTSE 100 Logins

Cyber Threat alert as Russian App as it sends data to Moscow

62% of Surveyed Organizations Hit By Supply Chain Attacks in 2021

Malware Builder Leverages Discord Webhooks

Iranian Cyberspy Group Launching Ransomware Attacks Against US

Application Security Firm StackHawk Bags $20.7 Million in Series B Funding

Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

How Can Your Business Defend Itself Against Fraud-as-a-Service?

E.U. Proposes New Rules for Tech Companies to Combat Online Child Sexual Abuse

Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks

Massive hacking campaign compromised thousands of WordPress websites

British Man Charged With Hacking US Bank Computers

Lincoln College To Close Permanently After Cyberattack – 5 Cyber Experts Comment

PII Of 21M SuperVPN, GeckoVPN Users Leaked On Telegram

FBI, CISA, And NSA Warn Of Hackers Increasingly Targeting MSPs

Man accused of stealing funds from banking firms through fraud

Top VPN Scams Revealed – Here’s What to Look Out for in 2022

Zero Trust Firm Xage Security Adds $6 Million ‘Top-up’ to $30 Million Series B Funding

5 Years That Altered the Ransomware Landscape

EU Proposes New Rules for Tech Companies to Combat Online Child Sexual Abuse

Expert Reaction On Cyber Threats Five Years On From WannaCry

Cyberattacks on SATCOM networks attributed to Russian threat actors

How to Write YARA Rules That Minimize False Positives

StackHawk raises $20.7M for dynamic app testing platform

Nokia Opens Cybersecurity Testing Lab

The Hidden Race to Protect the US Bioeconomy From Hacker Threats

F5 BIG-IP vulnerability is now being used to disable servers

Government Surveillance Commissioner Warns Of Chinese-made CCTV – Report

You Can Join the (ISC)² Board of Directors

The real exchange rate between crypto and freedom

You Can’t Eliminate Cyberattacks, So Focus on Reducing the Blast Radius

HP Patches UEFI Vulnerabilities Affecting Over 200 Computers

On Air With Dark Reading News Desk at Black Hat Asia 2022

Red TIM Research (RTR) founds 2 bugs affecting F5 Traffix SDC

South Asian Governments Targeted by Bitter APT Group

Google Unveils Smartphone, Watch, Tablet, Glasses At I/O Conference

Life Behind the Screens of Parents, Tweens, and Teens: McAfee’s Connected Family Study

Hundreds of Thousands of Konica Printers Vulnerable to Hacking via ​​Physical Access

DEA Investigating Breach of Law Enforcement Data Portal

The Case for War Crimes Charges Against Russia’s Sandworm Hackers

Nerbian RAT Malware, New Threat on The Market

Next Generation Harmony Mobile Introduces the Industry’s First Malicious File Protection

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks

Prepare for What You Wish For: More CISOs on Boards

9 questions you should ask about your cloud security

Intel Patches High-Severity Vulnerabilities in BIOS, Boot Guard

Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites

Five Eyes agencies warn of attacks on MSPs

Hackers Are Going After Managed Security Providers

College closes down after ransomware attack

Government Initiative Promises Rapid Blocking of Scam Sites

NCSC launches free email security check

Hands-Free Bluetooth Technologies and the Cell Phone Regulation

Quarter of Security Pros Say Mental Health Has Worsened

Trustpilot Forced to Delete Millions of Fake Reviews in 2021

Five Eyes urges organisations to secure supply chains

Requiem for the iPod – Intego Mac Podcast Episode 239

Android and Chrome Users Can Soon Generate Virtual Credit Cards to Protect Real Ones

Secure your CMS-based websites against pervasive attacks

APT gang ‘Sidewinder’ goes on two-year attack spree across Asia

New Phishing-as-a-Service Toolkit Discovered

What Is All The Hype Around NFTs?

Everything We Learned From the LAPSUS$ Attacks

Government Agencies Warn of Increase in Cyberattacks Targeting MSPs

Europe proposes tackling child abuse by killing privacy, strong encryption

It’s time to kick China off social media, says tech governance expert

Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers

Critical Vulnerability in Azure Synapse Let Attackers Control other Customers’ Workspaces

Beware of state actors stepping up attacks on managed service providers: Cyber agencies

Ukraine war a sorting hat for cyber-governance loyalties: Black Hat founder Jeff Moss

CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability

Two Ward 8 Small Businesses Raising Capital Through DC Rebuild Bond Program

What is tokenization, what are the types of tokenization, and what are its benefits for eCommerce businesses?

Shrinking healthcare cybersecurity gaps between hospitals and manufacturers

Welcome “Frappo”: Resecurity Discovered a New Phishing-as-a-Service

S4x22: ICS Security Creates the Future

How to avoid headaches when publishing a CVE

CIS Control 18 Penetration Testing

Multi-Factor Authentication: A Key to Cyber Risk Insurance Coverage

Critical F5 vulnerability under exploitation in the wild

10 best practices to reduce the probability of a material breach

Cohesity FortKnox helps organizations combat sophisticated attacks and accelerate recovery

ForgeRock Autonomous Access prevents identity-based cyber attacks and fraud

Microsoft Patch Tuesday: Fixes for 0-Day and 74 Other Flaws Released

Progress Chef Cloud Security improves security and compliance outcomes for customers

Spirent’s new security automation package protects operators from potential security impacts

Orca Security unveils Shift Left Security capabilities to prevent cloud application issues

Nasuni Ransomware Protection defends critical business data against ransomware attacks

Sonatype launches solution to remediate malicious and outdated InnerSource components

Red Hat announces enhancements across its portfolio of open hybrid cloud solutions

Platform9 enhancements improve developer productivity and simplify cloud-native operations

How the evolution of Ransomware changed the threat landscape

GitProtect.io releases Jira backup to bring data protection in the event of any failure or human error

FalconStor partners with IBM to accelerate cloud migration for enterprises and MSPs

Backdoor in public repository used new form of attack to target big firms

Intel squeezes desktop Alder Lake CPUs into laptops with Core HX-series chips

Google Maps “immersive view” is the ultimate graphics mode for Google Maps

ICE Has Assembled a ‘Surveillance Dragnet’ with Facial Recognition and Data, Report Says

The EU Commission’s New Proposal Would Undermine Encryption And Scan Our Messages

Ivanti partners with Lookout to help organizations prevent threats in the new hybrid work landscape

CREST and Hack The Box join forces to boost cyber security skills development

Generated on 2022-05-13 23:55:33.840740