Study - Technical - LMS-SFC EN) - Cyber Security - News Archive April 2022
Cyber Security - News Archive
April 2022
30.04.2022
-
News
from cyber
security.
-
Press release:
DDoS attack on
dnsc.ro. (to
the original
material)
-
Pro-Russian group
Killnet launched
DDoS attacks on
Romanian govt
sites. (to
the original
material)
-
Critical
vulnerabilities
leave some
network-attached
storage devices
open to attack. (to
the original
material)
-
Fake Windows 10
updates infect you
with Magniber
ransomware. (to
the original
material)
-
Microsoft Azure
flaws could allow
accessing
PostgreSQL DBs of
other customers. (to
the original
material)
-
Emotet tests new
attack chain in
low volume
campaigns. (to
the original
material)
-
Cloud Migration is
in full swing: How
to achieve
security at every
stage of adoption.
(to
the original
material)
29.04.2022
-
News
from cyber
security.
-
Press Release:
DDoS attacks
against public and
private websites
in Romania. (to
the original
material)
-
Press release: .ro
sites affected by
a distributed
denial of service
(DDoS) attack. (to
the original
material)
-
Critical
vulnerabilities
open Synology,
QNAP NAS devices
to attack. (to
the original
material)
-
New infosec
products of the
week: April 29,
2022. (to
the original
material)
-
Don’t ignore risks
lurking within
your own network.
(to
the original
material)
-
Leadership and
recruitment
changes needed to
address burnout in
cybersecurity. (to
the original
material)
-
How IIoT (Industrial
Internet of
Things)
solutions can
optimize
industrial supply
chain operations.
(to
the original
material)
-
308,000 exposed
databases
discovered, proper
management is key.
(to
the original
material)
-
Security leaders
relying more
heavily on MSPs (Managed
Service
Provider)
amid talent
crunch. (to
the original
material)
-
Companies poorly
prepared to meet
CCPA, CPRA and
GDPR compliance
requirements. (to
the original
material)
-
The Week in
Ransomware - April
29th 2022 - New
operations emerge.
(to
the original
material)
-
Online library app
Onleihe faces
issues after
cyberattack on
provider. (to
the original
material)
-
Google gives 50%
bonus to Android
13 Beta bug bounty
hunters. (to
the original
material)
-
India to require
cybersecurity
incident reporting
within six hours.
(to
the original
material)
-
Russian
hacktivists launch
DDoS attacks on
Romanian govt
sites. (to
the original
material)
-
Cisco's late April
patch party fixes
11 high-impact
bugs. (to
the original
material)
-
ACCC (Australian
Competition and
Consumer
Commission)
targets algorithm
misuse by online
retail giants. (to
the original
material)
-
Microsoft fixes
Azure PostgreSQL
cross-account
database access
bug. (to
the original
material)
-
Bumblebee malware
emerges as
replacement to
Conti gang’s
BazalLoader. (to
the original
material)
-
Microsoft fixes
vulnerability in
Azure Database for
PostgreSQL
Flexible Server. (to
the original
material)
-
Prepare today for
repeat ransomware
attacks. (to
the original
material)
-
Healthcare cyber
group shares
business
continuity
toolkit, on the
heels of
ransomware alert.
(to
the original
material)
-
What to make of
Onyx, the new
ransomware gang
that plays by
different rules. (to
the original
material)
-
Pandemic relief
programs
introduced new
cyber risks for
SBA (Small
Business
Administration).
(to
the original
material)
-
Audit again deems
HHS (Health
and Human
Services)
security program
‘not effective’. (to
the original
material)
-
Anonymous hacked
Russian PSCB
Commercial Bank
and companies in
the energy sector.
(to
the original
material)
-
Hurry up, disable
AFP on your QNAP
NAS until the
vendor fixes 8
bugs. (to
the original
material)
-
It’s Called BadUSB
for a Reason. (to
the original
material)
-
Ongoing DDoS
attacks from
compromised sites
hit Ukraine. (to
the original
material)
-
Cloudflare flags
largest HTTPS DDoS
attack it's ever
recorded. (to
the original
material)
-
Microsoft patches
pair of dangerous
vulnerabilities in
Azure PostgreSQL.
(to
the original
material)
-
Responding to
risks from the
Russia-Ukraine
war. (to
the original
material)
-
Finnish Hotels'
data compromised.
(to
the original
material)
-
Security for 5G
and the
Intelligent Edge.
(to
the original
material)
-
Secret School
District Crypto
Miner Resigns. (to
the original
material)
-
4 Tips to maximize
your API security.
(to
the original
material)
-
Ransomware fallout
costs seven times
the ransom paid. (to
the original
material)
-
Bumblebee malware
loader has a sting
in the tail. (to
the original
material)
-
Five Eyes Agencies
list top 15 most
exploited bugs of
2021. (to
the original
material)
-
Threat Roundup for
April 22 to April
29. (to
the original
material)
-
TA410 under the
microscope – Week
in security with
Tony Anscombe. (to
the original
material)
-
The changing role
of the CISO
[Q&A]. (to
the original
material)
-
Barracuda:
Continuing the
journey. (to
the original
material)
-
Expanding the
Conti Ransomware
IoCs using WHOIS
and IP Clues. (to
the original
material)
28.04.2022
-
News
from cyber security.
-
Cybersecurity News of the
Week (28.04.2022). (to
the original material)
-
Cisco releases security
updates for multiple
products. (to
the original material)
-
Google releases security
updates for Chrome. (to
the original material)
-
CISA and FBI update advisory
on destructive malware
targeting organizations in
Ukraine. (to
the original material)
-
Patch now against Linux
'Nimbuspwn' root priv-esc
bugs. (to
the original material)
-
South Australian gov to
create bug bounty program. (to
the original material)
-
French police investigate
vandalism behind internet
outage. (to
the original material)
-
Microsoft Exchange Server
bugs top 2021 most-exploited
list. (to
the original material)
-
Telstra on notice after
half-million-dollar billing
error fine. (to
the original material)
-
Russia-linked threat actors
launched hundreds of
cyberattacks on Ukraine. (to
the original material)
-
The 15 most exploited
vulnerabilities in 2021. (to
the original material)
-
How to make DevSecOps a
reality. (to
the original material)
-
Modern bank heists: How can
they be thwarted? (to
the original material)
-
Top 5 security analytics to
measure. (to
the original material)
-
Ransomware is up and victims
are paying. (to
the original material)
-
Cybercriminals deliver IRS
tax scams and phishing
campaigns by mimicking
government vendors. (to
the original material)
-
Post-pandemic priorities for
security leaders. (to
the original material)
-
Are businesses ready to
implement cloud-native
development? (to
the original material)
-
EmoCheck now detects new
64-bit versions of Emotet
malware. (to
the original material)
-
Synology warns of critical
Netatalk bugs in multiple
products. (to
the original material)
-
Microsoft fixes ExtraReplica
Azure bugs that exposed user
databases. (to
the original material)
-
Medical software firm fined
€1.5M for leaking data of
490k patients. (to
the original material)
-
Ukraine targeted by DDoS
attacks from compromised
WordPress sites. (to
the original material)
-
How to attack your own
company's Service Desk to
spot risks. (to
the original material)
-
New Bumblebee malware
replaces Conti's BazarLoader
in cyberattacks. (to
the original material)
-
NPM flaw let attackers add
anyone as maintainer to
malicious packages. (to
the original material)
-
Ransom payment is roughly
15% of the total cost of
ransomware attacks. (to
the original material)
-
Austin Peay State University
resumes after ransomware
cyber attack. (to
the original material)
-
Ransomware attacks struck
two-thirds of organizations
last year. (to
the original material)
-
Vast majority of IT leaders
say Log4Shell was a ‘wake-up
call’ for cloud security. (to
the original material)
-
These 15 vulnerabilities
were the most commonly
exploited in 2021. (to
the original material)
-
Enhance cybersecurity
posture by switching to a
prevention-first approach. (to
the original material)
-
Here are what CISOs named as
their 20 critical priorities
for 2022. (to
the original material)
-
US, dozens of other nations
put forth vision of safe,
secure and open global
internet. (to
the original material)
-
Bumblebee, a new malware
loader used by multiple
crimeware threat actors. (to
the original material)
-
CISA published 2021 Top 15
most exploited software
vulnerabilities. (to
the original material)
-
CloudFlare blocked a record
HTTPs DDoS attack peaking at
15 rps. (to
the original material)
-
Russia-linked threat actors
launched hundreds of
cyberattacks on Ukraine. (to
the original material)
-
EFF Statement on the
Declaration for the Future
of the Internet. (to
the original material)
-
How New Copyright Laws
threaten privacy and Freedom
of Speech. (to
the original material)
-
The Ransomware crisis
deepens, while data recovery
stalls. (to
the original material)
-
Bumblebee malware buzzes
into cyberattack fray. (to
the original material)
-
Microsoft: Russia using
cyberattacks in coordination
with military invasion of
Ukraine. (to
the original material)
-
Chinese APT Bronze President
mounts spy campaign on
Russian military. (to
the original material)
-
Researchers break Azure
PostgreSQL
database-as-a-service
isolation with cross-tenant
attack. (to
the original material)
-
New malware loader Bumblebee
adopted by known ransomware
access brokers. (to
the original material)
-
Anomaly detection through
machine learning. (to
the original material)
-
Ukraine beats Russia in
cyberwarfare - at
‘Unprecedented Scale’. (to
the original material)
-
FBI Director warns of
Chinese espionage threats. (to
the original material)
-
Stormous claims credit for
ransomware attack on
Coca-Cola. (to
the original material)
-
Europol: Deepfakes set to be
used extensively in
organized crime. (to
the original material)
-
Uber ‘Cough Girl’ accused of
identity theft. (to
the original material)
-
Chickens baked alive due to
computer glitch. (to
the original material)
-
Crypto trading fund partners
accused of fraud. (to
the original material)
-
Global security spending set
to hit $198bn by 2025. (to
the original material)
-
Microsoft: Russia has
launched hundreds of cyber
operations in Ukraine. (to
the original material)
-
Security alert as
researchers discover 400,000
exposed databases. (to
the original material)
-
Hacked Website Threat Report
2021. (to
the original material)
-
As attacks surge, it’s time
to layer up email defenses.
(to
the original material)
27.04.2022
-
News
from cyber security.
-
2021 Top routinely exploited
vulnerabilities. (to
the original material)
-
Nimbuspwn bugs allow
attackers to gain root
privileges on some Linux
machines (CVE-2022-29799,
CVE-2022-29800). (to
the original material)
-
The hierarchy of
cybersecurity needs: Why
EASM (External Attack
Surface Management) is
essential to any zero-trust
architecture. (to
the original material)
-
How to deal with security
challenges fueled by
multicloud environments. (to
the original material)
-
eBook: A new breed of
endpoint protection. (to
the original material)
-
Governments under attack
must think defensively. (to
the original material)
-
Keep your digital banking
safe: Tips for consumers and
banks. (to
the original material)
-
Cyber-attack defense: CIS
Benchmarks + CDM + MITRE
ATT&CK. (to
the original material)
-
Multi-vector DDoS attacks on
the rise, attackers
indiscriminate and
persistent. (to
the original material)
-
Siloed technology management
increases operational blind
spots and cyber risk. (to
the original material)
-
Meteoric attack deploys
Quantum ransomware in mere
hours. (to
the original material)
-
Email encryption flexibility
builds customer trust and
business revenue. (to
the original material)
-
PSA: Onyx ransomware
destroys large files instead
of encrypting them. (to
the original material)
-
New Black Basta ransomware
springs into action with a
dozen breaches. (to
the original material)
-
GitHub: How stolen OAuth
tokens helped breach dozens
of orgs. (to
the original material)
-
QNAP warns users to disable
AFP until it fixes critical
bugs. (to
the original material)
-
Microsoft says Russia hit
Ukraine with hundreds of
cyberattacks. (to
the original material)
-
Russian govt impersonators
target telcos in phishing
attacks. (to
the original material)
-
Cybersecurity agencies
reveal top exploited
vulnerabilities of 2021. (to
the original material)
-
RIG Exploit Kit drops
RedLine malware via Internet
Explorer bug. (to
the original material)
-
Chinese state-backed hackers
now target Russian state
officers. (to
the original material)
-
Redis, MongoDB, and Elastic:
2022’s top exposed
databases. (to
the original material)
-
New Nimbuspwn Linux
vulnerability gives hackers
root privileges. (to
the original material)
-
US puts million dollar
bounties on Russian hackers'
heads. (to
the original material)
-
The number of public-facing
databases increased 16% in
second half of 2021. (to
the original material)
-
Note to the US energy
industry: PIPEDREAM was
created to attack energy
companies. (to
the original material)
-
Financial companies rely on
security MSPs to face
mounting regulations. (to
the original material)
-
Microsoft details rampant
cyber warfare corresponding
to Russian invasion. (to
the original material)
-
NIST urged to help small
healthcare providers, add
ransomware to framework. (to
the original material)
-
GSA (General
Services
Administration)
tees up equity study to
explore potential of facial
recognition for Login.gov. (to
the original material)
-
Strategic competition firm
Strider nabs $45 million
Series B. (to
the original material)
-
US Department of State
offers $10M reward for info
to locate six Russian
Sandworm members. (to
the original material)
-
Linux Nimbuspwn flaws could
allow attackers to deploy
sophisticated threats. (to
the original material)
-
Wind Turbine giant Deutsche
Windtechnik hit by a
professional Cyberattack. (to
the original material)
-
Conti ransomware operations
surge despite the recent
leak. (to
the original material)
-
Ransomware demands are
growing, but life is getting
tougher for malware gangs. (to
the original material)
-
Canvas and other online
learning platforms aren't
perfect - Just ask students.
(to
the original material)
-
Amidst invasion of Ukraine,
platforms continue to erase
critical war crimes
documentation. (to
the original material)
-
A lookback under the TA410
umbrella: Its cyberespionage
TTPs and activity. (to
the original material)
-
CISA: Log4Shell was the
most-exploited vulnerability
in 2021. (to
the original material)
-
Proficio launches detection
and response service to
tackle identity-based
threats. (to
the original material)
-
Beyond No-Code: Using AI for
guided security automation.
(to
the original material)
-
Security tools fail to stop
significant security
incidents. (to
the original material)
26.04.2022
- News
from cyber security.
-
NSW gov struggles to find its
'cyber army'. (to
the original material)
-
Uber faces $26m penalty for
misleading Australian users. (to
the original material)
-
Google's VirusTotal service
vulnerable for over eight months.
(to
the original material)
-
Iranian hacking group among those
exploiting recently disclosed
VMWare RCE flaw. (to
the original material)
-
North Korean state actors
deploying novel malware to spy on
journalists. (to
the original material)
-
French Hospitals cut internet
connection after data raid. (to
the original material)
-
Bored Ape Yacht Club customers
lose $3m in NFT scam. (to
the original material)
-
MFA: A simple solution to protect
your identity. (to
the original material)
-
Do you need cyber asset attack
surface management (CAASM - Cyber
Asset Attack Surface Management)?
(to
the original material)
-
Download: CISO’s guide to choosing
an automated security
questionnaire platform. (to
the original material)
-
Principles for Kubernetes security
and good hygiene. (to
the original material)
-
Manage and monitor third-party
identities to protect your
organization. (to
the original material)
-
Shadow IT is a top concern related
to SaaS adoption. (to
the original material)
-
Fraudsters answer security
questions better than customers. (to
the original material)
-
Disavowed: Chrome plans to
deprecate ‘document.domain’ lays
the groundwork for shift in
browser security. (to
the original material)
-
Bug bounty platform Intigriti
offers new hourly payment option
for vulnerability researchers. (to
the original material)
-
US offers $10 million reward for
tips on Russian Sandworm hackers.
(to
the original material)
-
Emotet malware now installs via
PowerShell in Windows shortcut
files. (to
the original material)
-
American Dental Association hit by
new Black Basta ransomware. (to
the original material)
-
Coca-Cola investigates hackers'
claims of breach and data theft. (to
the original material)
-
Google Play Store now forces apps
to disclose what data is
collected. (to
the original material)
-
Public interest in Log4Shell fades
but attack surface remains. (to
the original material)
-
David Colombo on Tesla Hacks and
Growing into Hacking. (to
the original material)
-
Hackers exploit critical VMware
RCE flaw to install backdoors. (to
the original material)
-
US offers $10 million for
information on Russians involved
in NotPetya attacks. (to
the original material)
-
Is Emotet trojan testing new email
attack tactics using OneDrive
URLs? (to
the original material)
-
Embrace the five fundamentals of
cloud security. (to
the original material)
-
Should government help manage
cybersecurity for small
businesses? (to
the original material)
-
Breach update shows 2.6M
individuals affected by Smile
Brands data theft. (to
the original material)
-
Tenet Health investigating
cybersecurity incident, IT outage.
(to
the original material)
-
Iran-linked APT Rocket Kitten
exploited VMware bug in recent
attacks. (to
the original material)
-
CISA adds new Microsoft, Linux,
and Jenkins flaws to its Known
Exploited Vulnerabilities Catalog.
(to
the original material)
-
Stormous ransomware gang claims to
have hacked Coca-Cola. (to
the original material)
-
North Korea-linked APT37 targets
journalists with GOLDBACKDOOR. (to
the original material)
-
Anomaly Six, a US surveillance
firm that tracks roughly 3 billion
devices in real-time. (to
the original material)
-
Inside a ransomware incident: How
a single mistake left a door open
for attackers. (to
the original material)
-
EFF to European Court: No
intermediary liability for social
media users. (to
the original material)
-
What low-income people will lose
with a Deadlocked FCC. (to
the original material)
-
DSA Agreement: No Filternet, but
human rights concerns remain. (to
the original material)
-
Quarterly Report: Incident
Response trends in Q1 2022. (to
the original material)
-
The trouble with BEC: How to stop
the costliest internet scam. (to
the original material)
-
Vulnerability Roundup – April
2022. (to
the original material)
-
Learning Machine learning part 2:
Attacking White Box models. (to
the original material)
-
US disrupted Russian GRU’s Hydra
and Sandworm. (to
the original material)
25.04.2022
- News
from cyber security.
-
CISA adds seven known exploited
vulnerabilities to Catalog. (to
the original material)
-
Vulnerability Summary for the Week
of April 18, 2022. (to
the original material)
-
Network attacks increased to a
3-year high. (to
the original material)
-
Prevent HEAT attacks to foil
ransomware incidents. (to
the original material)
-
41% of businesses had an API
security incident last year. (to
the original material)
-
How to avoid compliance leader
burnout. (to
the original material)
-
Is cybersecurity talent shortage a
myth? (to
the original material)
-
Medical device cybersecurity: What
to expect in 2022? (to
the original material)
-
Phishing attacks soar, retail and
wholesale most targeted. (to
the original material)
-
North Korean hackers targeting
journalists with novel malware. (to
the original material)
-
French hospital group disconnects
Internet after hackers steal data.
(to
the original material)
-
New powerful Prynt Stealer malware
sells for just $100 per month. (to
the original material)
-
Quantum ransomware seen deployed
in rapid network attacks. (to
the original material)
-
CISA adds 7 vulnerabilities to
list of bugs exploited in attacks.
(to
the original material)
-
Emotet malware infects users again
after fixing broken installer. (link
material original)
-
RedHat offers new tools to
accelerate development across
multi-cloud environments. (to
the original material)
-
Help people understand the problem
that security solutions solve. (to
the original material)
-
Will the cloud bring a sunset to
ransomware? (to
the original material)
-
Cyberattacks on financial firms
are more damaging, target
sensitive data. (to
the original material)
-
Groups target communications,
pharma risks with new healthcare
resources. (to
the original material)
-
MSPs say healthcare providers must
give more urgency to
cybersecurity. (to
the original material)
-
Energy puts $12 million behind
cybersecurity research projects
for energy grid. (to
the original material)
-
Trend Micro leadership: Unified
platforms are more than shedding
vendors. (to
the original material)
-
Proposed $5M settlement in Solara
Medical lawsuit mandates security
overhaul. (to
the original material)
-
Iran announced to have foiled
massive cyberattacks on public
services. (to
the original material)
-
BlackCat ransomware gang breached
over 60 orgs worldwide. (to
the original material)
-
Experts warn of a surge in
zero-day flaws observed and
exploited in 2021. (to
the original material)
-
Ukraine invasion driving DDoS
attacks to all-time highs. (to
the original material)
-
Plaintiffs Press Appeals Court to
rule that FOSTA violates the first
amendment. (to
the original material)
-
Twitter has a new owner. Here’s
what he should do. (to
the original material)
-
Our fight to prevent patent suits
from being shrouded in secrecy. (to
the original material)
-
‘Crypto Bug of the Year’ fixed -
Update Java now. (to
the original material)
-
Trend Micro Unfurls Risk Intel
Aggregator. (to
the original material)
-
Kansas Hospital discloses data
breach. (to
the original material)
-
Costa Rica refuses to pay cyber
ransom. (to
the original material)
-
CSAM (Child Sexual Abuse Material)
creator imprisoned for life. (to
the original material)
-
Spanish Ombudsman to probe Pegasus
Spyware claims. (to
the original material)
-
FCA: Challenger banks failing to
spot money launderers. (to
the original material)
-
Ransomware attacks cost
universities over £2m. (to
the original material)
-
Researcher Spotlight: Liz Waddell,
CTIR practice lead. (to
the original material)
-
Webcam hacking: How to know if
someone may be spying on you
through your webcam. (to
the original material)
-
Global cyberwar slowly but surely
escalates. (to
the original material)
-
What’s new in Kubernetes version
1.24. (to
the original material)
-
Browser-in-the-browser attack: A
new phishing technique. (to
the original material)
-
Phishing takeaways from the Conti
ransomware leaks – Part 1. (to
the original material)
-
Conti ransomware cripples systems
of electricity manager in Costa
Rican town. (to
the original material)
-
Everscale blockchain wallet
shutters web version after
vulnerability found. (to
the original material)
-
IBM database updates address
critical vulnerabilities in
third-party XML parser. (to
the original material)
-
OT security coalition aims to
bolster industrial cybersecurity.
(to
the original material)
-
FBI: This ransomware written in
the Rust programming language has
hit at least 60 targets. (to
the original material)
24.04.2022
-
News
from cyber security.
-
Week in review: Outdated open
source, the role of the lawyer
in cybersecurity. (to
the original material)
-
Atlassian addresses a critical
Jira authentication bypass flaw.
(to
the original material)
-
Since declaring cyber war on
Russia Anonymous leaked 5.8 TB
of Russian data. (to
the original material)
-
Apr 17 – Apr 23 Ukraine – Russia
the silent cyber conflict. (to
the original material)
-
Security Affairs newsletter
Round 362 by Pierluigi Paganini.
(to
the original material)
-
Google, Mandiant say zero-day
numbers reached all-time highs
in 2021. (to
the original material)
-
How to better manage your
digital attack surface risk. (to
the original material)
-
New partner bit discovery helps
TM with attack surface. (to
the original material)
23.04.2022
-
News
from cyber security.
-
Phishing attacks using
the topic “Azovstal” targets
entities in Ukraine. (to
the original material)
-
T-Mobile confirms Lapsus$ had
access its systems. (to
the original material)
-
Are you using Java 15/16/17 or
18 in production? Patch them
now! (to
the original material)
-
Partnerships Power TrueFort’s
zero-trust application
security. (to
the original material)
22.04.2022
-
News
from cyber security.
-
FBI releases IOCs (Indicators
of Compromise) associated
with BlackCat/ALPHV ransomware.
(to
the original material)
-
Conti ransomware claims
responsibility for the attack
on Costa Rica. (to
the original material)
-
Cyber Insurance and the
changing global risk
environment. (to
the original material)
-
A stored XSS flaw in RainLoop
allows stealing users’ emails.
(to
the original material)
-
QNAP firmware updates fix
Apache HTTP vulnerabilities in
its NAS. (to
the original material)
-
Pwn2Own Miami hacking contest
awarded $400,000 for 26 unique
ICS exploits. (to
the original material)
-
Lemon_Duck cryptomining botnet
targets Docker servers. (to
the original material)
-
Critical bug in decoder used
by popular chipsets exposes
2/3 of Android devices to
hack. (to
the original material)
-
Financial Sector faces
ransomware attacks, now more
than ever. (to
the original material)
-
Emotet Revamp: New payloads
and 64-Bit modules. (to
the original material)
-
Issue in digital COVID-19 test
could have allowed individuals
to falsify results. (to
the original material)
-
New infosec products of the
week: April 22, 2022. (to
the original material)
-
How to improve the efficiency
of enterprise backup. (to
the original material)
-
The Great Resignation meets
the Great Exfiltration: How to
securely offboard security
personnel. (to
the original material)
-
PCI DSS 4.0: Meeting the
evolving security needs of the
payments industry. (to
the original material)
-
Backup is key for cyber
recovery. (to
the original material)
-
New threat groups and malware
families emerging. (to
the original material)
-
'Hack DHS' bug hunters find
122 security flaws in DHS
systems. (to
the original material)
-
Russian hackers are seeking
alternative money-laundering
options. (to
the original material)
-
US govt grants academics $12M
to develop cyberattack defense
tools. (to
the original material)
-
T-Mobile confirms Lapsus$
hackers breached internal
systems. (to
the original material)
-
Chinese hackers behind most
zero-day exploits during 2021.
(to
the original material)
-
Atlassian fixes critical Jira
authentication bypass
vulnerability. (to
the original material)
-
Ubuntu 22.04 LTS released with
performance and security
improvements. (to
the original material)
-
Windows 10 KB5012636
cumulative update fixes
freezing issues. (to
the original material)
-
Threat Roundup for April 15 to
April 22. (to
the original material)
-
Cybersecurity threats to
critical infrastructure – Week
in security with Tony
Anscombe. (to
the original material)
-
Transparency at Kaspersky. (to
the original material)
-
Cybersecurity’s too important
to have a dysfunctional,
poorly performing team. (to
the original material)
-
Agriculture under threat as
ransomware attacks go against
the grain. (to
the original material)
-
LemonDuck bot targets Docker
cloud instances to mine
cryptocurrency on Linux
systems. (to
the original material)
-
Zero-day vulnerabilities more
than doubled in 2021, say
Mandiant and Google. (to
the original material)
-
Four steps for securing a
multi-cloud environment. (to
the original material)
-
Visa takes a more aggressive
stand on cybersecurity. (to
the original material)
-
Healthcare sector risk from
Lapsus$ group prompts HHS
brief on insider threats. (to
the original material)
-
Error in ALPHV/BlackCat
ransomware code may offer some
Linux users a shield. (to
the original material)
-
Hackers ‘DeFi’ threat risk
expectations with new attack
vectors in crypto. (to
the original material)
-
Bluetooth vulnerability in
smart COVID test patched, the
second to do so. (to
the original material)
-
Cisco Umbrella users urged to
close bug. (to
the original material)
-
When AWS fixed Log4Shell, it
created new vulnerabilities. (to
the original material)
-
Sophos buys alert-monitoring
automation vendor. (to
the original material)
-
FBI warns ransomware attacks
on agriculture co-ops could
upend food supply chain. (to
the original material)
-
Early discovery of Pipedream
malware a success story for
industrial security. (to
the original material)
-
Zero-Day exploit use exploded
in 2021. (to
the original material)
-
Victory! Maryland Legislature
says police must now be
trained to recognize
stalkerware. (to
the original material)
-
Wawa Sues Mastercard over data
breach penalties. (to
the original material)
-
YES (Youth
Employment Services)
launches free cybersecurity
training program. (to
the original material)
-
YES launches program to train
Ukrainians & youth in
cyber security. (to
the original material)
-
SuperCare Health faces
lawsuits over data breach. (to
the original material)
-
Infosecurity Europe announces
live training courses for this
year’s event. (to
the original material)
-
FBI warns US farmers of
ransomware surge. (to
the original material)
-
State actors drive record
number of zero-day exploits in
2021. (to
the original material)
-
Crypto-Mining botnet goes
after misconfigured Docker
APIs. (to
the original material)
-
Rio de Janeiro finance
department hit with LockBit
ransomware. (to
the original material)
-
Binance freezes stolen Axie
Infinity crypto after North
Korean hackers move funds. (to
the original material)
-
Conti ransomware attack was
aimed at destabilizing
government transition, Costa
Rican president says. (to
the original material)
-
T-Mobile confirms Lapsus$
breach, says no customer or
government info accessed. (to
the original material)
-
LemonDuck botnet plunders
Docker cloud instances in
cryptocurrency crime wave. (to
the original material)
21.04.2022
-
News
from cyber security.
-
Drupal releases security
updates. (to
the original material)
-
Cisco releases security
updates for multiple
products. (to
the original material)
-
The National Directorate of
Cyber Security
participated in the cyber
exercise Locked Shields
2022. (to
the original material)
-
Cybersecurity News of the
Week (21.04.2022). (to
the original material)
-
AIA Australia adapts, then
adopts Digital iD via
DocuSign. (to
the original material)
-
Cybercriminals deliver IRS
Tax scams & phishing
campaigns by mimicking
Government vendors. (to
the original material)
-
Static SSH host key in Cisco
Umbrella allows stealing
admin credentials. (to
the original material)
-
CVE-2022-20685 flaw in the
Modbus preprocessor of the
Snort makes it unusable. (to
the original material)
-
US, Australia, Canada, New
Zealand, and the UK warn of
Russia-linked threat actors’
attacks. (to
the original material)
-
Russian Gamaredon APT
continues to target Ukraine.
(to
the original material)
-
The state of open-source
software supply chain
security in 2022. (to
the original material)
-
Slow deployment is hampering
fraud prevention. What
gives? (to
the original material)
-
Vulnerabilities that kept
security leaders busy in Q1
2022. (to
the original material)
-
How fast do cybercriminals
capitalize on new security
weaknesses? (to
the original material)
-
Financial leaders grappling
with more aggressive and
sophisticated attack
methods. (to
the original material)
-
Strengthening the ability of
public companies to combat
cybersecurity threats. (to
the original material)
-
60% of BYOD companies face
serious security risks. (to
the original material)
-
Docker servers hacked in
ongoing cryptomining malware
campaign. (to
the original material)
-
Hackers earn $400K for
zero-day ICS exploits demoed
at Pwn2Own. (to
the original material)
-
QNAP asks users to mitigate
critical Apache HTTP Server
bugs. (to
the original material)
-
U.S. Treasury sanctions
Russian cryptocurrency
mining companies. (to
the original material)
-
Critical bug in Android
could allow access to users'
media files. (to
the original material)
-
GitHub restores popular
Python repo hit by bogus
DMCA takedown. (to
the original material)
-
Binance tells Russian users
with over €10k to withdraw
everything. (to
the original material)
-
Cisco Umbrella default SSH
key allows theft of admin
credentials. (to
the original material)
-
FBI: BlackCat ransomware
breached at least 60
entities worldwide. (to
the original material)
-
Threat Source newsletter
(April 21, 2022) -
Sideloading apps is as safe
as you make it. (to
the original material)
-
Beers with Talos, Ep. #120:
How attackers are finding
ways around MFA. (to
the original material)
-
TeamTNT targeting AWS,
Alibaba. (to
the original material)
-
Critical infrastructure:
Under cyberattack for longer
than you might think. (to
the original material)
-
Keeping up with PHP updates.
(to
the original material)
-
Hunting Rootkits with eBPF:
Detecting Linux Syscall
Hooking Using Tracee. (to
the original material)
-
ANTI-FAKE newsletter:
#Democrații Vulnerabile
(#Vulnerable Democrats) in
the face of #Dezinformării
(#Disinformation). (to
the original material)
-
7 factors affecting the
level of industrial
cybersecurity. (to
the original material)
-
New platform aims to stop
weaponization of phishing
domains. (to
the original material)
-
Microsoft brings Autofill
support to Authenticator to
help you create strong
passwords. (to
the original material)
-
Ransomware actors could
disrupt food supply during
planting, harvesting
seasons. (to
the original material)
-
FBI seeks information on
ALPHV ransomware group, aka
BlackCat. (to
the original material)
-
The Secure Service Edge
based on software and the
cloud will win the day as
SD-WANs fade. (to
the original material)
-
Dr. Hacker: With ‘no
carrot,’ healthcare can’t
overcome cybersecurity
failures. (to
the original material)
-
Vertical focus drives more
than $3 billion in sales for
managed service providers. (to
the original material)
-
US, 6 other nations to
develop cross-border privacy
and security standards. (to
the original material)
-
Partnership aims to provide
better financial ID security
with ‘Confidential
Computing’. (to
the original material)
-
Beanstalk DeFi project
robbed of $182 million in
flash loan attack. (to
the original material)
20.04.2022
-
News
from cyber security.
-
Russian State-Sponsored and
criminal cyber threats to
critical infrastructure. (to
the original material)
-
Is your Lenovo laptop
vulnerable to cyberattack? (to
the original material)
-
How can we support young
people in harnessing
technology for progress? (to
the original material)
-
Does your Microsoft 365 need
to be protected? (to
the original material)
- Shadow IT
is top security concern around SaaS
adoption. (to
the original material)
- Fraudsters
better than customers at answering security
questions. (to
the original material)
- Evolving
attack techniques target cloud-native
systems. (to
the original material)
-
Cybercriminals are increasingly targeting
the financial industry. (to
the original material)
- Kaspersky
releases free decryptor for Yanluowang
ransomware. (to
the original material)
- Security
researchers discover serious UEFI firmware
vulnerabilities affecting millions of Lenovo
laptops. (to
the original material)
- What’s a
vCISO and why does your company need one? (to
the original material)
-
Crypto-related phishing and how to avoid it.
(to
the original material)
- The
evolving role of the lawyer in
cybersecurity. (to
the original material)
- Product
Showcase: Keeper Security’s Enterprise
Password Management platform. (to
the original material)
- How ready
are organizations to manage and recover from
a ransomware attack? (to
the original material)
- IT leaders
require deeper security insights to
confidently manage multi-cloud workloads. (to
the original material)
- Challenges
development teams face when building
applications with open source. (to
the original material)
- US and
allies warn of Russian hacking threat to
critical infrastructure. (to
the original material)
- Okta:
Lapsus$ breach lasted only 25 minutes, hit 2
customers. (to
the original material)
- Microsoft
Defender flags Google Chrome updates as
suspicious. (to
the original material)
- Russian
state hackers hit Ukraine with new malware
variants. (to
the original material)
- Amazon Web
Services fixes container escape in Log4Shell
hotfix. (to
the original material)
- CBA
targets DocuSign for all its commercial
loans. (to
the original material)
- Java 15
introduced a cryptographic vulnerability. (to
the original material)
- Encrypted
messages should be kept as gov records,
committee says. (to
the original material)
- Record
number of same-old zero days detected in
2021. (to
the original material)
-
Videoconferencing apps can access muted
mics. (to
the original material)
- US, allies
warn of Russian cyber threats to critical
infrastructure. (to
the original material)
- 7
resources for women looking to become
Kubernetes coders. (to
the original material)
-
Cryptominers still preferred in cloud
attacks, but the use of other malware has
increased. (to
the original material)
- 5G can
transform business only if it’s secure. (to
the original material)
- CMMC
leader hopes for quieter rulemaking process,
floats ‘cybersecurity-as-a-service’. (to
the original material)
- Concerns
raised for DeFi platforms after attack
causes Beanstalk to lose $182 million. (to
the original material)
- Healthcare
vendor accused of ‘concealed’ ransomware,
lengthy service outages. (to
the original material)
- REvil
appears to return after 14 of its members
were arrested in January. (to
the original material)
-
Russia-linked Gamaredon espionage up
‘tenfold’ in Ukraine during war. (to
the original material)
- Inno
Stealer - Fake Windows 11 Upgrade Spreads
Infostealer. (to
the original material)
- BotenaGo's
New Avatar Targets Lilin DVR Devices. (to
the original material)
- Shuckworm:
Espionage Group Continues Intense Campaign
Against Ukraine. (to
the original material)
- Zero-day
exploits found and disclosed hit a record
high in 2021, Google Project Zero says. (to
the original material)
-
Ransomware: This gang is getting a lot
quicker at encrypting networks. (to
the original material)
- Ransomware
plagues finance sector as cyberattacks get
more complex. (to
the original material)
- 2022 Cloud
Native Threat Report: Key trends in cyber
attacks. (to
the original material)
- Anti-Fake
newsletter: Informational detox in the 24/7
news era. (to
the original material)
- Lazarus
backdoor in DeFi wallet. (to
the original material)
- Anonymous
hacked other Russian organizations, some of
the breaches could be severe. (to
the original material)
- CISA adds
Windows Print Spooler to its known exploited
vulnerabilities Catalog. (to
the original material)
- New
BotenaGo variant specifically targets Lilin
security camera DVR devices. (to
the original material)
- QNAP users
are recommended to disable UPnP port
forwarding on routers. (to
the original material)
- REvil's
TOR sites come alive to redirect to new
ransomware operation. (to
the original material)
- Microsoft
Exchange servers hacked to deploy Hive
ransomware. (to
the original material)
- FBI warns
of ransomware attacks targeting US
agriculture sector. (to
the original material)
- Do you
need to backup Microsoft 365? (to
the original material)
19.04.2022
-
News
from cyber security.
-
Oracle releases April 2022
critical patch update. (to
the original material)
-
CISA adds three known
exploited vulnerabilities to
Catalog. (to
the original material)
-
CISA releases Secure Cloud
Business Applications
(SCuBA) guidance documents
for public comment. (to
the original material)
-
Vulnerability Summary for
the Week of April 11, 2022.
(to
the original material)
-
When “secure” isn’t secure
at all: High‑impact UEFI
vulnerabilities discovered
in Lenovo consumer laptops.
(to
the original material)
-
Enterprises poorly protected
against third-party risks. (to
the original material)
-
Good backups are critical to
recovering from ransomware.
(to
the original material)
-
Poodle and Doodle, FUD and
the Sucuri WAF. (to
the original material)
-
Digital ID verification:
Using a mobile device to
prove your identity. (to
the original material)
-
Moving towards defense in
depth under the gray skies
of conflict. (to
the original material)
-
The changing role of the CCO
(Chief Compliance
Officer):
Champion of innovation and
business continuity. (to
the original material)
-
State of Pentesting 2022
report: Interactive event
and open discussion. (to
the original material)
-
81% of codebases contain
known open source
vulnerabilities. (to
the original material)
-
The state of coordinated
vulnerability disclosure
policies in EU. (to
the original material)
-
DaaS (Desktop as a Service)
might be the future of work.
(to
the original material)
-
CISA warns of attackers now
exploiting Windows Print
Spooler bug. (to
the original material)
-
Emotet botnet switches to
64-bit modules, increases
activity. (to
the original material)
-
QNAP urges customers to
disable UPnP port forwarding
on routers. (to
the original material)
-
Microsoft disables SMB1 by
default for Windows 11 Home
Insiders. (to
the original material)
-
Real-time voice concealment
algorithm blocks microphone
spying. (to
the original material)
-
GitHub notifies owners of
private repos stolen using
OAuth tokens. (to
the original material)
-
How to protect your ADFS
from password spraying
attacks. (to
the original material)
-
New stealthy BotenaGo
malware variant targets DVR
devices. (to
the original material)
-
Lenovo UEFI firmware driver
bugs affect over 100 laptop
models. (to
the original material)
-
LinkedIn brand takes lead as
most impersonated in
phishing attacks. (to
the original material)
-
Vulnerabilities in Lenovo
laptops exposes millions of
users to firmware-level
malware. (to
the original material)
-
LinkedIn leads the way as
social networks overtake
other phishing methods. (to
the original material)
-
Forensic Challenges for
Security Professionals. (to
the original material)
-
An inside look at what makes
the CVE Program tick. (to
the original material)
-
5 ways to automate
multi-cloud security. (to
the original material)
-
CISA No. 2: No IT and OT
separation when it comes to
patient safety during cyber
incident. (to
the original material)
-
Hive ransomware group
‘exceptionally aggressive,’
HHS says in warning to
health sector. (to
the original material)
-
North Korea hackers target
blockchain and gaming
companies, posing as job
recruiters. (to
the original material)
-
Cyber innovation is the need
of the hour to help
organizations adopt new
security technologies:
Akshat Jain, CTO &
Co-founder, Cyware. (to
the original material)
-
Spyware was used against
Catalan targets and UK prime
minister and Foreign Office.
(to
the original material)
-
Fingerprint: Social
Engineering. (to
the original material)
-
Malware in e-mail on the
rise. (to
the original material)
-
Using emulation against
anti-reverse engineering
techniques. (to
the original material)
-
ESET warns of three flaws
that affect over 100 Lenovo
notebook models. (to
the original material)
-
Kaspersky releases a free
decryptor for Yanluowang
ransomware. (to
the original material)
-
NSO Group Pegasus spyware
leverages new zero-click
iPhone exploit in recent
attacks. (to
the original material)
-
New SolarMarker variant
upgrades evasion abilities
to avoid detection. (to
the original material)
-
Crooks steal $182 million
from Beanstalk DeFi
platform. (to
the original material)
-
Stop Forced Arbitration in
Data Privacy Legislation. (to
the original material)
-
Scraping public websites
(still) isn’t a crime, Court
of Appeals declares. (to
the original material)
-
Cryptocrime to cost the
world $30 billion annually
by 2025. (to
the original material)
-
Security awareness training
market to hit $10 billion
annually by 2027. (to
the original material)
18.04.2022
-
News
from cyber security.
-
North Korean State-Sponsored
APT targets blockchain
companies. (to
the original material)
-
Vulnerability Summary for
the Week of April 11, 2022.
(to
the original material)
-
Outsmarting the new
generation of online
fraudsters [Q&A]. (to
the original material)
-
Pipedream malware bodes ill
for OT security. (to
the original material)
-
4 steps for building an
orchestrated authorization
policy for zero trust. (to
the original material)
-
The price of an accelerated
digital transformation. (to
the original material)
-
US warns of Lazarus hackers
using malicious
cryptocurrency apps. (to
the original material)
-
Free decryptor released for
Yanluowang ransomware
victims. (to
the original material)
-
Newly found zero-click
iPhone exploit used in NSO
spyware attacks. (to
the original material)
-
Hackers steal $655K after
picking MetaMask seed from
iCloud backup. (to
the original material)
-
Unofficial Windows 11
upgrade installs
info-stealing malware. (to
the original material)
-
Beanstalk DeFi platform
loses $182 million in
flash-loan attack. (to
the original material)
-
The secret to security is
accepting you are in sales.
(to
the original material)
-
Seven tips for empowering
employees to take ownership
of enterprise security. (to
the original material)
-
BlueHornet group targeted
organizations, APTs in
Russia and China. (to
the original material)
-
Cybersecurity attack
targeted Unified Government
data centers over Easter
weekend. (to
the original material)
-
Fact checking of the week:
Distorted claims to claim
that the victims of the
March attack on the
maternity ward in Mariupol
are actors. (to
the original material)
-
Decryptor for Yanluowang
malware. (to
the original material)
-
Spyware use on separatists
in Spain 'extensive,'
cybersecurity group says. (to
the original material)
-
Trends in the recent Emotet
maldoc outbreak. (to
the original material)
-
Experts spotted Industrial
Spy, a new stolen data
marketplace. (to
the original material)
-
CISA adds VMware, Chrome
flaws to its known exploited
vulnerabilities Catalog. (to
the original material)
-
Apr 10 – Apr 16 Ukraine –
Russia the silent cyber
conflict. (to
the original material)
-
Mobile MitM: Intercepting
your Android app traffic on
the go. (to
the original material)
-
California may require
low-cost broadband from
subsidized networks. (to
the original material)
-
It takes a village to raise
a hacker. (to
the original material)
17.04.2022
-
News
from cyber security.
-
Week in review: Attackers
exploiting VMware RCE,
Microsoft fixes actively
exploited zero-day. (to
the original material)
-
Enemybot, a new DDoS botnet
appears in the threat
landscape. (to
the original material)
-
Stolen OAuth tokens used to
download data from dozens of
organizations, GitHub warns.
(to
the original material)
-
Security Affairs newsletter
Round 361 by Pierluigi
Paganini. (to
the original material)
-
Interview With Marco DeMello
– PSafe. (to
the original material)
16.04.2022
-
News
from cyber security.
-
New Industrial Spy stolen data
market promoted through cracks,
adware. (to
the original material)
-
GitHub suspends accounts of
Russian devs at sanctioned
companies. (to
the original material)
-
Stolen Heroku and Travis-CI
OAuth tokens used for GitHub
repo hacks. (to
the original material)
-
Google emergency update fixes
Chrome zero-day. (to
the original material)
-
U.S. Gov believes North
Korea-linked Lazarus APT is
behind Ronin Validator cyber
heist. (to
the original material)
-
The unceasing action of
Anonymous against Russia. (to
the original material)
-
Threat actors target the
Ukrainian gov with IcedID
malware. (to
the original material)
15.04.2022
- News
from cyber security.
-
Google releases security updates
for Chrome. (to
the original material)
-
VMware releases security updates
for Cloud Director. (to
the original material)
-
CISA adds nine known exploited
vulnerabilities to Catalog. (to
the original material)
-
Critical Microsoft RPC runtime
bug: No PoC exploit yet, but patch
ASAP! (CVE-2022-26809). (to
the original material)
-
New infosec products of the week:
April 15, 2022. (to
the original material)
-
Confessions of a CTO (Chief
Technology Officers). (to
the original material)
-
Unmanaged and unsecured digital
identities are driving rise in
cybersecurity debt. (to
the original material)
-
Advance your penetration testing
skills by mastering Kali Linux. (to
the original material)
-
Dark data is a pain point for many
security leaders. (to
the original material)
-
Spanish FA report cyber attack to
police after email accounts,
private texts stolen. (to
the original material)
-
U.S. links North Korean hacker
group to Axie Infinity crypto
theft. (to
the original material)
-
GitHub: Attacker breached dozens
of orgs using stolen OAuth tokens.
(to
the original material)
-
The Week in Ransomware - April
15th 2022 - Encrypting Russia. (to
the original material)
-
T-Mobile customers warned of
unblockable SMS phishing attacks.
(to
the original material)
-
Cisco vulnerability lets hackers
craft their own login credentials.
(to
the original material)
-
CISA orders agencies to fix
actively exploited VMware, Chrome
bugs. (to
the original material)
-
Cryptocurrency DeFi platforms are
now more targeted than ever. (to
the original material)
-
'Mute' button in conferencing apps
may not actually mute your mic. (to
the original material)
-
Karakurt revealed as data
extortion arm of Conti cybercrime
syndicate. (to
the original material)
-
Behavioral analytics and why it's
important to threat detection and
response [Q&A]. (to
the original material)
-
GitHub says hackers breached
dozens of organizations using
stolen OAuth Access Tokens. (to
the original material)
-
JekyllBot:5 flaws let attackers
take control of Aethon TUG
Hospital robots. (to
the original material)
-
Haskers gang gives away
ZingoStealer malware to other
cybercriminals for free. (to
the original material)
-
3 Key components to raising the
bar on digital acceleration. (to
the original material)
-
Tearing down red flags: Women in
CyberSecurity’s Lynn Dohm on
tackling the high exit rate of
female infosec pros. (to
the original material)
-
Karakurt ensnares Conti, Diavol
ransomware groups in its web. (to
the original material)
-
Cyber extortion group Karakurt
linked to Conti and Diavol
ransomware groups. (to
the original material)
-
Four strategies for protecting
against a new breed of encrypted
DDoS attacks. (to
the original material)
-
Scammers exploit chaos of tax
season to take advantage of
consumers, deploy trojans. (to
the original material)
-
5 benefits Google Cloud Platform
customers may get from the
Mandiant acquisition. (to
the original material)
-
FDA on medical device security:
‘We’re not waiting for harm’ to
act. (to
the original material)
-
Multiple lawsuits against
SuperCare allege FTC, HIPAA
violations in 2021 breach. (to
the original material)
-
Lazarus targets chemical sector
with 'Dream Jobs,' then trojans. (to
the original material)
-
New malware tools pose 'clear and
present threat' to ICS
environments. (to
the original material)
-
Data scientists, watch out:
Attackers have your number. (to
the original material)
-
Bitdefender enters native XDR (eXtended
Detection and Response)
market with new offering. (to
the original material)
-
Why you should patch the latest
critical Windows RPC vulnerability
right now. (to
the original material)
-
Let's encrypt wins Levchin Prize
for work on internet security. (to
the original material)
-
Understanding SASE and Zero-Trust
to strengthen security. (to
the original material)
-
Gov’t advisory warns of Pipedream
malware aimed at ICS. (to
the original material)
-
Attack on Panasonic Canada shows
Conti is still dangerous. (to
the original material)
-
Ransomcloud: Ransomware's latest
manifestation targets the cloud. (to
the original material)
-
How to design an effective
cybersecurity awareness training
program for SMB employees. (to
the original material)
-
CVE-2022-22966: Critical VMware
cloud director vulnerability. (to
the original material)
-
CVE-2022-1364 Chrome vulnerability
exploited in the wild. (to
the original material)
-
Threat Roundup for April 8 to
April 15. (to
the original material)
-
Threat actors use Zimbra exploits
to target organizations in
Ukraine. (to
the original material)
-
Conti Ransomware Gang claims
responsibility for the Nordex
hack. (to
the original material)
-
ZingoStealer crimeware released
for free in the cybercrime
ecosystem. (to
the original material)
-
Auth bypass flaw in Cisco Wireless
LAN Controller Software allows
device takeover. (to
the original material)
-
Google fixed third zero-day in
Chrome since the start of 2022. (to
the original material)
-
Ways to develop a Cybersecurity
Training Program for employees. (to
the original material)
-
Analysis of the SunnyDay
ransomware. (to
the original material)
-
New Book: Security Awareness For
Dummies. (to
the original material)
14.04.2022
- News
from cyber security.
-
Juniper Networks releases security
updates for multiple products. (to
the original material)
-
Cisco releases security updates for
multiple products. (to
the original material)
-
CISA adds one known exploited
vulnerability to Catalog. (to
the original material)
-
Cybersecurity News Week
(14.04.2022). (to
the original material)
-
APT group has developed custom-made
tools for targeting ICS/SCADA
devices. (to
the original material)
-
Attackers are exploiting VMware RCE
to deliver malware (CVE-2022-22954).
(to
the original material)
-
Top attack techniques for breaching
enterprise and cloud environments. (to
the original material)
-
The two words you should never
forget when you’re securing a cloud.
(to
the original material)
-
New npm flaws let attackers better
target packages for account
takeover. (to
the original material)
- A
robust security strategy starts with
the hardware. (to
the original material)
-
The perils of SaaS
misconfigurations. (to
the original material)
-
Consumers feel data leakage is
inevitable so many have stopped
caring. (to
the original material)
-
2021 average ransoms paid by quarter
was $167K, down 44.2%. (to
the original material)
-
Microsoft increases awards for
high-impact Microsoft 365 bugs. (to
the original material)
-
New ZingoStealer infostealer drops
more malware, cryptominers. (to
the original material)
-
FBI links largest crypto hack ever
to Lazarus state hackers. (to
the original material)
-
Hackers target Ukrainian govt with
IcedID malware, Zimbra exploits. (to
the original material)
-
Hetzner lost customer data and gave
20€ as compensation. (to
the original material)
-
The top 10 password attacks and how
to stop them. (to
the original material)
-
Instagram beyond pics: Sexual
harassers, crypto crooks, ID
thieves. (to
the original material)
-
Flaw in Rarible NFT market allowed
theft of crypto assets. (to
the original material)
-
OldGremlin ransomware gang targets
Russia with new malware. (to
the original material)
-
Wind turbine firm Nordex hit by
Conti ransomware attack. (to
the original material)
-
Critical Windows RPC CVE-2022-26809
flaw raises concerns - Patch now. (to
the original material)
-
FBI: Payment app users targeted in
social engineering attacks. (to
the original material)
-
Google Chrome emergency update fixes
zero-day used in attacks. (to
the original material)
-
Windows 11 tool to add Google Play
secretly installed malware. (to
the original material)
-
Software supply chain security with
Trivy: Generating SBOMs. (to
the original material)
-
Jeffrey Esposito: “I thought it was
a boring industry”. (to
the original material)
-
Over 3.5 million Russian internet
users suffer breached accounts. (to
the original material)
-
Holiday-themed phishing emails most
likely to get clicks. (to
the original material)
-
Cybersecurity firm Trellix releases
report on critical infrastructure
providers' readiness for attacks. (to
the original material)
-
For effective incident response, use
a remediation checklist. (to
the original material)
-
Threat Source newsletter (April 14,
2022) - It's Tax Day, and you know
what that means. (to
the original material)
-
Threat Spotlight: "Haskers Gang"
Introduces New ZingoStealer. (to
the original material)
-
Week in security with Tony Anscombe.
(to
the original material)
-
Digital transformation delivers for
Bank of Queensland. (to
the original material)
-
Cisco offers a bumper haul of
vulnerability fixes. (to
the original material)
-
US says advanced hackers can hijack
critical infrastructure. (to
the original material)
-
Wormable Windows RPC bug warning
issued. (to
the original material)
-
Australia targets tech espionage
with new visa cancellation powers. (to
the original material)
-
CISA issues warning about malicious
tools targeting ICS/SCADA devices. (to
the original material)
-
Campaign similar to Operation Kitty
Phishing found targeting South
Koreans. (to
the original material)
-
Hafnium's new malware hides behind
scheduled tasks. (to
the original material)
-
Lazarus targets chemical sector. (to
the original material)
-
Critical Auth Bypass bug reported in
Cisco Wireless LAN Controller
software. (to
the original material)
-
As State-Backed cyber threats grow,
here's how the world is reacting. (to
the original material)
-
Critical VMware Cloud Director bug
could let hackers takeover entire
cloud infrastructure. (to
the original material)
-
Google releases urgent Chrome update
to patch actively exploited zero-day
flaw. (to
the original material)
-
Ethereum developer jailed 63 months
for helping North Korea evade
sanctions. (to
the original material)
-
Rarible NFT Marketplace flaw
could've let attackers hijack crypto
wallets. (to
the original material)
-
New EnemyBot DDoS botnet borrows
exploit code from Mirai and Gafgyt.
(to
the original material)
-
Microsoft disrupts ZLoader
cybercrime botnet in global
operation. (to
the original material)
-
Critical infrastructure entities on
red alert over ‘exceptionally rare
and dangerous’ ICS malware. (to
the original material)
-
Credit card industry standard
revised to repel card-skimmer
attacks. (to
the original material)
-
Offensive Security creates Global
Partner Program to expand cyber
education. (to
the original material)
-
AppOmni, DoControl focus on managing
security across SaaS apps. (to
the original material)
-
Is your purpose enough to keep
people on your security team? (to
the original material)
-
Follow CISA’s four best practices
for staying safe against potential
Russian cyberattacks. (to
the original material)
-
Warner warns health sector: ‘I
absolutely expect Russia to up its
cyber game soon’. (to
the original material)
-
Email warnings to healthcare
employees after a PHI breach
drastically reduces repeat offenses.
(to
the original material)
-
Insurance companies increasingly
fall prey to cyberattacks. (to
the original material)
-
Microsoft leads operation to disrupt
Zloader botnet. (to
the original material)
-
More than 60% of organizations
suffered a breach in the past 12
months. (to
the original material)
-
Rare and dangerous Incontroller
malware targets ICS operations. (to
the original material)
-
Ballooning growth of digital
identities exposing organizations to
greater cybersecurity risk. (to
the original material)
-
Software supply chain attacks: Clear
and present danger. (to
the original material)
-
Palo Alto Networks report reveals
cloud security challenges. (to
the original material)
-
MetroHealth data breach involved
1700 patients. (to
the original material)
-
Data breach disclosures surge 14% in
Q1 2022. (to
the original material)
-
Microsoft and partners disrupt
prolific ZLoader botnet. (to
the original material)
-
Elementor fixes critical bug in
popular WordPress plugin. (to
the original material)
-
NFT Marketplace Rarible contains a
dangerous design flaw. (to
the original material)
-
Citrix fixes severe CVE-2022-27505
vulnerability in SD-WAN. (to
the original material)
-
US gov agencies e private firms warn
nation-state actors are targeting
ICS & SCADA devices. (to
the original material)
-
CISA adds Windows CLFS Driver
Privilege Escalation flaw to its
Known Exploited Vulnerabilities
Catalog. (to
the original material)
-
Critical VMware Workspace ONE Access
CVE-2022-22954 flaw actively
exploited. (to
the original material)
-
Microsoft has taken legal and
technical action to dismantle the
Zloader botnet. (to
the original material)
13.04.2022
- News
from cyber security.
-
Microsoft releases advisory to
address critical remote code
execution vulnerability
(CVE-2022-26809). (to
the original material)
-
APT actors target ICS/SCADA devices.
(to
the original material)
-
CISA adds 10 known exploited
vulnerabilities to Catalog. (to
the original material)
-
ICSJWG Spring 2022 Virtual Meeting.
(to
the original material)
-
Coordinated Vulnerability Disclosure
policies in the EU. (to
the original material)
-
The state of open source security in
2022. (to
the original material)
-
Independent security audits are
essential for cloud service
providers. Here’s why. (to
the original material)
-
Product showcase: Enclave – using
zero trust network access to
simplify your networks. (to
the original material)
-
Solving challenges and minimizing
risks of remote work. (to
the original material)
-
Cybersecurity is getting harder:
More threats, more complexity, fewer
people. (to
the original material)
-
Lack of data readiness threatens
digital transformation in
healthcare. (to
the original material)
-
CISA warns orgs to patch actively
exploited Windows LPE bug. (to
the original material)
-
African banks heavily targeted in
RemcosRAT malware campaigns. (to
the original material)
-
New Fodcha DDoS botnet targets over
100 victims every day. (to
the original material)
-
Hackers exploit critical VMware
CVE-2022-22954 bug, patch now. (to
the original material)
-
US warns of govt hackers targeting
industrial control systems. (to
the original material)
-
Microsoft disrupts Zloader malware
in global operation. (to
the original material)
- 3
Reasons connected devices are more
vulnerable than ever. (to
the original material)
-
New EnemyBot DDoS botnet recruits
routers and IoTs into its army. (to
the original material)
-
Critical flaw in Elementor WordPress
plugin may affect 500k sites. (to
the original material)
-
Critical Apache Struts RCE
vulnerability wasn't fully fixed,
patch now. (to
the original material)
-
Real-world cyber attacks targeting
data science tools. (to
the original material)
-
Psychology of misinformation: What
do people rely on to evaluate
content when they do not trust
conventional news sources? (to
the original material)
-
Fingerprint: Chronology of cyber
attacks on Ukraine. (to
the original material)
-
Ransomware insurance claims are down
and ransom payments are too. (to
the original material)
-
What Log4Shell still means for the
enterprise [Q&A]. (to
the original material)
-
Microsoft releases KB5012592 update
for Windows 11 with vital security
fixes and easier browser switching.
(to
the original material)
-
Critical RCE Vulnerability in
Elementor WordPress Plugin. (to
the original material)
-
Sucuri WordPress Plugin += Sucuri
WAF. (to
the original material)
-
ESET takes part in global operation
to disrupt Zloader botnets. (to
the original material)
-
Innovation and the Roots of
Progress. (to
the original material)
-
Industroyer2: Industroyer reloaded.
(to
the original material)
-
Atlassian blames outage on
miscommunication and "faulty
script". (to
the original material)
-
Logging query tool exposed AWS
credentials. (to
the original material)
-
Local Gits vulnerable to remote code
execution. (to
the original material)
-
Atlassian says 400 customers hit by
ongoing outage. (to
the original material)
-
US and European partners take down
hacker website RaidForums. (to
the original material)
-
HP patches critical bugs in Teradici
PCoIP software. (to
the original material)
-
FBI Memphis Field Office warns of
increase in sextortion schemes
targeting teenage boys. (to
the original material)
-
DHS investigators say they foiled
cyberattack on undersea internet
cable in Hawaii. (to
the original material)
-
U.S. warns of APT hackers targeting
ICS/SCADA systems with specialized
malware. (to
the original material)
-
Critical VMware Workspace ONE Access
flaw under active exploitation in
the wild. (to
the original material)
-
Webinar: How the right XDR (Extended
Detection and Response) can be
a game-changer for lean security
teams. (to
the original material)
-
Microsoft exposes evasive Chinese
Tarrask malware attacking Windows
computers. (to
the original material)
-
Russian hackers tried attacking
Ukraine's power grid with
Industroyer2 malware. (to
the original material)
-
FBI, Europol seize RaidForums hacker
forum and arrest admin. (to
the original material)
-
Pop Culture Is cybersecurity’s best
recruiter. (to
the original material)
-
Git security vulnerabilities prompt
updates. (to
the original material)
-
African banking sector targeted by
malware-based phishing campaign. (to
the original material)
-
Vast majority of cloud users have
cloud identities that are too
permissive. (to
the original material)
-
Nearly half of small businesses say
they’ve experienced a cyber breach.
(to
the original material)
-
Note to employers: in today’s world,
high pay alone doesn’t mean they’ll
retain a cyber employee. (to
the original material)
-
ZLoader botnet disrupted by
Microsoft, Health-ISAC, FS-ISAC. (to
the original material)
-
Feds, private industry warn of new
malware strain targeting energy
sector. (to
the original material)
-
Five common cloud misconfiguration
errors. (to
the original material)
-
Civil Liberties Groups urge social
media platforms to better protect
free flow of information in crisis
zones. (to
the original material)
-
EFF and partners to ninth circuit
Court of Appeals: Retaliatory
investigation of twitter chills
First Amendment Rights. (to
the original material)
-
Russia tries to kill Ukraine’s power
grid - and fails. (to
the original material)
-
In Case of Crisis: Third-Party risk
across three dimensions. (to
the original material)
-
Wind turbine giant Nordex hit by
cyber-attack. (to
the original material)
-
Ukrainian energy supplier targeted
by new Industroyer malware. (to
the original material)
-
Capitalizing on a Crisis: What
global events mean for
cybersecurity. (to
the original material)
-
Ransomware breach victim numbers
fall by 25% in Q1 2022. (to
the original material)
-
Crypto dev gets five years for
helping North Korea evade sanctions.
(to
the original material)
-
April records first patch Tuesday of
2022 with 100+ CVEs. (to
the original material)
-
CVE-2021-31805 RCE bug in Apache
Struts was finally patched. (to
the original material)
-
China-linked Hafnium APT leverages
Tarrask malware to gain persistence.
(to
the original material)
-
JekyllBot:5 flaws allow hacking TUG
autonomous mobile robots in
hospitals. (to
the original material)
-
EU officials were targeted with
Israeli surveillance software. (to
the original material)
-
How to file taxes online securely in
2022. (to
the original material)
12.04.2022
- News
from cyber security.
-
Apache releases security advisory for
Struts 2. (to
the original material)
-
Citrix releases security updates for
multiple products. (to
the original material)
-
Microsoft releases April 2022 Security
Updates. (to
the original material)
-
Google releases security updates for
Chrome. (to
the original material)
-
Mandatory cyber security incident
reporting now in force. (to
the original material)
-
APNIC moves to block accidental BGP
hijacks. (to
the original material)
-
Senior EU officials were targeted with
Israeli spyware. (to
the original material)
-
Tasmanians to get a single government
identifier. (to
the original material)
-
Former DHS acting IT Chief convicted
in software, database theft scheme. (to
the original material)
- In
Appreciation: Mike Murray. (to
the original material)
-
Podcast Episode: Making Hope, with
Adam Savage. (to
the original material)
-
CISA adds WatchGuard flaw to its known
exploited vulnerabilities Catalog. (to
the original material)
-
Microsoft fixes actively exploited
zero-day reported by the NSA
(CVE-2022-24521). (to
the original material)
-
Sandworm hackers tried (and failed) to
disrupt Ukraine’s power grid. (to
the original material)
-
Data democratization leaves
enterprises at risk. (to
the original material)
-
Cyber defense: Prioritized by
real-world threat data. (to
the original material)
- The
benefits of cyber risk quantification
in the modern cybersecurity landscape.
(to
the original material)
- How
to perform cybersecurity market
analysis. (to
the original material)
-
Open XDR: Balancing risk and
cybersecurity costs through a unified
platform approach. (to
the original material)
-
Ethereum dev imprisoned for helping
North Korea evade sanctions. (to
the original material)
-
Ransom DDoS attacks have dropped to
record lows this year. (to
the original material)
-
Microsoft April 2022 Patch Tuesday
fixes 119 flaws, 2 zero-days. (to
the original material)
-
Microsoft: New malware uses Windows
bug to hide scheduled tasks. (to
the original material)
-
Critical HP Teradici PCoIP flaws
impact 15 million endpoints. (to
the original material)
-
RaidForums hacking forum seized by
police, owner arrested. (to
the original material)
-
LockBit ransomware gang lurked in a
U.S. gov network for months. (to
the original material)
-
Sandworm hackers fail to take down
Ukrainian energy provider. (to
the original material)
-
Enemybot: A Look into Keksec's latest
DDoS botnet. (to
the original material)
-
Certificate outages impact the
majority of organizations. (to
the original material)
-
Cyberattacks increase as security
talent remains scarce. (to
the original material)
-
Cybersecurity takes a back seat to
other digital projects. (to
the original material)
-
'RansomOps' attacks yield record
returns for perpetrators. (to
the original material)
- If
it's the second Tuesday in April it
must be Identity Management Day. (to
the original material)
-
e-book: The new ABCs of application
security. (to
the original material)
-
Microsoft Patch Tuesday includes most
vulnerabilities since Sept. 2020. (to
the original material)
-
Cross-Regional disaster recovery with
Elasticsearch. (to
the original material)
-
Critical LFI (Local File
Inclusion) vulnerability
reported in Hashnode Blogging
Platform. (to
the original material)
-
E.U. Officials reportedly targeted
with Israeli Pegasus spyware. (to
the original material)
-
NGINX shares mitigations for zero-day
bug affecting LDAP (Lightweight
Directory Access Protocol)
implementation. (to
the original material)
-
Finding attack paths in cloud
environments. (to
the original material)
-
Google sues scammer for running 'Puppy
Fraud Scheme' website. (to
the original material)
- Dr
Jay makes cyber simple In 60 seconds.
(to
the original material)
-
Meta wipes out cyberspies, Russian Bot
Farm from Facebook platform. (to
the original material)
-
Internal AWS credentials swiped by
researcher via SQL payload. (to
the original material)
-
OpenSSH 9.0 bakes in post-quantum
cryptography to future proof against
attacks. (to
the original material)
-
TruffleHog v3: API key leak detection
tool adds support for more than 600
types. (to
the original material)
-
CISA’s Shields Up: What it is, how to
use it. (to
the original material)
-
Open XDR strategies combine data from
siloed tools to help security teams
identify and stop attacks. (to
the original material)
-
Ukraine energy facility hit by two
waves of cyberattacks from Russia’s
Sandworm group. (to
the original material)
-
Serious flaws allow the hijacking of
autonomous logistics robots used in
hospitals. (to
the original material)
- NSO
Group spied on European Union - on
French orders? (to
the original material)
-
Purifying water of cybersecurity
threats. (to
the original material)
-
Ethical hacker steals $600,000 worth
of crypto. (to
the original material)
-
RaidForums hacker marketplace shut
down in cross-border law enforcement
operation. (to
the original material)
-
Consumers increasingly numb to data
breach risks. (to
the original material)
-
Microsoft Patch Tuesday for April 2022
fixed 10 critical vulnerabilities. (to
the original material)
-
Operation TOURNIQUET: Authorities shut
down dark web marketplace RaidForums.
(to
the original material)
-
Russia-linked Sandworm APT targets
energy facilities in Ukraine with
wipers. (to
the original material)
-
NGINX project maintainers fix flaws in
LDAP Reference Implementation. (to
the original material)
-
CISA adds WatchGuard flaw to its Known
Exploited Vulnerabilities Catalog. (to
the original material)
11.04.2022
- News
from cyber security.
-
CISA adds eight known exploited
vulnerabilities to Catalog. (to
the original material)
-
Vulnerability Summary for the Week of
April 4, 2022. (to
the original material)
-
CISA: Guidance for sharing information
on cyber security incidents. (to
the original material)
- 2
years later: Enterprise hardware
shifts are here to stay. (to
the original material)
-
Fraudsters steal £58m in 2021 via
remote access tools. (to
the original material)
-
Raspberry Pi ditches default logins to
boost security. (to
the original material)
-
FIN7 pen tester gets five years behind
bars. (to
the original material)
-
Windows Autopatch: Managed enterprise
patching for Windows and Office. (to
the original material)
- How
to improve enterprise password
security? (to
the original material)
-
Cybersecurity must be at the forefront
of a blockchain project. (to
the original material)
- How
to achieve better cybersecurity
assurances and improve cyber hygiene.
(to
the original material)
-
More organizations are paying the
ransom. Why? (to
the original material)
-
Organizations must be doing something
good: Payment fraud activity is
declining. (to
the original material)
-
Human activated risk still a pain
point for organizations. (to
the original material)
-
Eavesdropping scam: A new scam call
tactic. (to
the original material)
-
Website security and the overlooked
third-party supply chain risk. (to
the original material)
- How
identity and access management fits
into zero trust. (to
the original material)
-
CISA warns orgs of WatchGuard bug
exploited by Russian state hackers. (to
the original material)
-
Rise in npm protestware: another open
source dev calls Russia out. (to
the original material)
-
Qbot malware switches to new Windows
Installer infection vector. (to
the original material)
-
Luxury fashion house Zegna confirms
August ransomware attack. (to
the original material)
-
Android banking malware intercepts
calls to customer support. (to
the original material)
-
Craig Newmark pledges $50+ million for
‘Cyber Civil Defense’. (to
the original material)
-
Threat actors can exploit Spring4Shell
to launch botnets that target
cloud-based IoT systems. (to
the original material)
- 7
cloud computing certifications and
courses to upskill security teams. (to
the original material)
-
Congress to DoE: You lead cyber for
energy sector, not CISA. (to
the original material)
-
Health insurance exchange didn’t
report 44 data breaches, but were hit
with no security mandates. (to
the original material)
-
Creating a security culture where
people can admit mistakes. (to
the original material)
- 10
Signs of a good security leader. (to
the original material)
-
Going Passwordless? Here are 6 steps
to get started. (to
the original material)
-
With AI RMF (Articifial
Intelligence Risk Management
Framework), NIST addresses
artificial intelligence risks. (to
the original material)
- FBI
active defense measure removes malware
from privately owned firewalls. (to
the original material)
-
Orgs increase focus on automating
Access Control Management. (to
the original material)
-
Fighting back against ransomware
Endpoint threats. (to
the original material)
-
Microsoft takes down Russia’s
Strontium allies attacking Ukraine. (to
the original material)
-
Borat RAT: Funny name, Serious threat.
(to
the original material)
- New
META Infostealer is after your
passwords and crypto wallets. (to
the original material)
-
Cybersecurity Weekly: Zero-Trust
security, Android banking malware and
security nihilism. (to
the original material)
-
Anonymous hacked Russia’s Ministry of
Culture and leaked 446 GB. (to
the original material)
-
FFDroider, a new information-stealing
malware disguised as Telegram app. (to
the original material)
-
SuperCare Health discloses a data
breach that Impacted +300K people. (to
the original material)
-
Microsoft’s Autopatch feature improves
the patch management process. (to
the original material)
-
Dependency Review GitHub Action
prevents adding known flaws in the
code. (to
the original material)
-
Securing Easy Appointments and earning
CVE-2022-0482. (to
the original material)
-
Lessons the military can bring to
cybersecurity [Q&A]. (to
the original material)
-
Survey surfaces security challenges in
age of the cloud. (to
the original material)
-
Over 16,500 sites hacked to distribute
malware via web redirect service. (to
the original material)
-
Researchers warn of FFDroider and
Lightning info-stealers targeting
users in the wild. (to
the original material)
-
Arqit helps prepare the world for
‘Q-Day’. (to
the original material)
- IRS
Tax deadline fraud: ’This is the
season to be wary. (to
the original material)
-
Access control vulnerability in
Easy!Appointments platform exposed
sensitive personal data. (to
the original material)
-
Attackers are abusing Spring4Shell
vulnerability to spread Mirai botnet
malware. (to
the original material)
- Get
Google out of your mobile life with
/e/OS. (to
the original material)
10.04.2022
- News
from cyber security.
-
Microsoft won't give you any more
security updates if you don't upgrade
Windows 10 version 20H2 in the next
month. (to
the original material)
- 'Is
my money gone?' A thriving crypto
community deals with a $600 million
theft. (to
the original material)
-
Ransomware tracker: the latest figures
[April 2022]. (to
the original material)
- War
stirs up cybercrime. (to
the original material)
- TN:
Humphreys County sheriffs arrest two
for forgery, identity theft,
outstanding felony warrants. (to
the original material)
-
Inside the Bitcoin bust that took down
the web’s biggest child abuse site. (to
the original material)
-
Federal Court dismisses data breach
litigation. (to
the original material)
-
Finland hit by cyberattack, airspace
breach. (to
the original material)
- WI:
Black River Falls School District
closed Friday after cyberattack. (to
the original material)
-
Greencore case highlights risk of
employee data breach claims. (to
the original material)
-
Former Maryland inmate sentenced to 5
years for credit card fraud involving
Bitcoin, dark web. (to
the original material)
- New
Meta information stealer distributed
in malspam campaign. (to
the original material)
- Apr
03 – Apr 09 Ukraine – Russia the
silent cyber conflict. (to
the original material)
-
NB65 group targets Russia with a
modified version of Conti’s
ransomware. (to
the original material)
-
Security Affairs newsletter Round 360
by Pierluigi Paganini. (to
the original material)
-
Facebook blocked Russia and Belarus
threat actors’ activity against
Ukraine. (to
the original material)
-
Microsoft's new autopatch feature to
help Businesses keep their systems
up-to-date. (to
the original material)
09.04.2022
- News
from cyber security.
-
Hackers use Conti's leaked ransomware
to attack Russian companies. (to
the original material)
- New
Android banking malware remotely takes
control of your device. (to
the original material)
-
FFDroider slurps browser cookie to get
inside your social media. (to
the original material)
-
Chinese Group expands its attack scope
across the globe. (to
the original material)
-
Ukraine CERT warns of increasing
attacks by Armageddon group. (to
the original material)
-
Google removes dangerous banking
malware from Play Store. (to
the original material)
- A
DDoS attack took down Finnish govt
sites as Ukraine’s President addresses
MPs. (to
the original material)
-
SharkBot Banking Trojan spreads
through fake AV apps on Google Play. (to
the original material)
-
China-linked threat actors target
Indian Power Grid organizations. (to
the original material)
08.04.2022
-
News from cyber security.
-
Cybersecurity Market
Analysis in support of
informed cybersecurity
business decisions. (to
the original material)
-
April 2022 Patch Tuesday
forecast: Spring is in the
air (and vulnerable). (to
the original material)
-
New infosec products of the
week: April 8, 2022. (to
the original material)
-
The importance of
understanding cloud native
security risks. (to
the original material)
-
Network intrusion detections
skyrocketing. (to
the original material)
-
18% of the top 99 insurance
carriers have a high
susceptibility to
ransomware. (to
the original material)
-
Organizations
underestimating the
seriousness of insider
threats. (to
the original material)
-
Steady rise in severe web
vulnerabilities. (to
the original material)
-
Consumer fraud tripled in
the last two years. (to
the original material)
-
Snap-on discloses data
breach claimed by Conti
ransomware gang. (to
the original material)
-
GitHub can now alert of
supply-chain bugs in new
dependencies. (to
the original material)
-
Mirai malware now delivered
using Spring4Shell exploits.
(to
the original material)
-
Raspberry Pi removes default
user to hinder brute-force
attacks. (to
the original material)
-
Microsoft takes down APT28
domains used in attacks
against Ukraine. (to
the original material)
-
HPC (High Performance
Computing) and research
infrastructure need
reworking, says new roadmap.
(to
the original material)
-
Senate inquiry calls for gov
to wind up COVIDSafe app. (to
the original material)
-
French court upholds 150
million euro fine against
Google. (to
the original material)
-
ACMA (Australian
Communications and Media
Authority) clamps down on
SIM-swap frauds. (to
the original material)
-
VMware admins asked to patch
eight vulnerabilities. (to
the original material)
-
Fintech platform
vulnerability could have
exposed millions of bank
accounts. (to
the original material)
-
Microsoft sinkholes GRU
phishing sites targeting
Ukraine, US. (to
the original material)
-
Researchers raise alarms
over Indonesian
phishing-as-a-service group.
(to
the original material)
-
How to get better protection
with less security. (to
the original material)
-
Expect the Ukraine war’s
cyber fallout to spread. (to
the original material)
-
Patient data stolen ahead of
East Tennessee Children’s
Hospital attack, outage. (to
the original material)
-
Lapsus$ breach of Okta
prompts HHS alert for
healthcare organizations. (to
the original material)
-
Microsoft sinkholes Russian
hacking group's domains
targeting Ukraine. (to
the original material)
-
SeeMetrics to help CISOs
measure security success. (to
the original material)
-
BlackCat purveyor shows
ransomware operators have 9
lives. (to
the original material)
-
Threat Roundup for April 1
to April 8. (to
the original material)
-
Week in security with Tony
Anscombe. (to
the original material)
-
The Case for 2FA by default
for WordPress. (to
the original material)
-
70 percent of organizations
use a vulnerability
assessment tool. (to
the original material)
-
Windows 11's upcoming Smart
App Control security feature
has a major issue. (to
the original material)
-
Microsoft rescues
Acronym-Weary CISOs. (to
the original material)
-
Hacker’s love letter to
Hollywood. (to
the original material)
-
Life after cybercrime, one
day at a time. (to
the original material)
-
Powering up the energy
sector’s security posture. (to
the original material)
-
Anti-ransomware strategy. (to
the original material)
-
Fact checking of the week:
Distorted information to
claim that the events in
Bucea were directed. (to
the original material)
-
Microsoft blocks Russian
cyberattacks linked to
Ukraine war. (to
the original material)
-
Russian tech spending
declines as sanctions take
toll. (to
the original material)
-
What 7 experts want included
in Biden's new Title IX
regulation. (to
the original material)
-
Northern Ireland TrustFord
sites hit by ransomware
gang. (to
the original material)
-
Redefining Ransomware – Why
confronting cybercrime
starts with a War of Words.
(to
the original material)
-
Finland Government sites
forced offline by DDoS
attacks. (to
the original material)
-
#ISC2Events: Supply chain
security is a multifaceted
challenge. (to
the original material)
-
National Cybersecurity
Strategies are under
pressure and innovation
remains key to protection. (to
the original material)
-
YouTube fraudsters steal
$1.7m in crypto 'Giveaway'.
(to
the original material)
-
How to escape the
‘Smartphone Duopoly’ of
Apple & Google with
Sailfish OS. (to
the original material)
07.04.2022
-
News from cyber security.
-
Press release:
National Cyber
Security
Directorate
(DNSC) and
S&T
Romania
collaborate in
the project
'Early warning
system and
real-time
information -
RO-SAT'. (to
the original
material)
-
Cybersecurity
News of the
Week
(07.04.2022) (to
the original
material)
-
Guidance on sharing cyber
incident information. (to
the original material)
-
VMware releases security
updates. (to
the original material)
-
First malware targeting AWS
Lambda Serverless Platform
discovered. (to
the original material)
-
Hamas-linked hackers
targeting high-ranking
Israelis using 'Catfish'
lures. (to
the original material)
-
Into the Breach: Breaking
down 3 SaaS app cyber
attacks in 2022. (to
the original material)
-
SharkBot Banking trojan
resurfaces on Google Play
Store hidden behind 7 new
apps. (to
the original material)
-
Researchers uncover how
Colibri malware stays
persistent on hacked
systems. (to
the original material)
-
FBI shut down Russia-linked
"Cyclops Blink" botnet that
infected thousands of
devices. (to
the original material)
-
The Mysterious Borat RAT is
an All-In-One threat. (to
the original material)
-
Zero-Day bugs bug the
Biggies. (to
the original material)
-
New spyware actively targets
Android users. (to
the original material)
-
Beastmode powered with newly
added exploits. (to
the original material)
-
Deep Panda uses Fire Chili
Windows rootkit. (to
the original material)
-
China hackers tried to hit
power grid near Ladakh,
"Unsuccessful": Centre. (to
the original material)
-
Dell ships patch for
vulnerable filesystem. (to
the original material)
-
The Cyclops Blink botnet has
been disrupted. (to
the original material)
-
Cybercriminals on Discord:
Discovering developing
threats. (to
the original material)
-
Paying ransom doesn’t
guarantee data recovery. (to
the original material)
-
86% of developers don’t
prioritize application
security. (to
the original material)
-
Cybercriminals taking
advantage of the Ukraine
crisis to create charity
donation scams. (to
the original material)
-
How many steps does it take
for attackers to compromise
critical assets? (to
the original material)
-
The latest salary trends in
the global DevOps industry.
(to
the original material)
-
Embedded security market to
reach $9 billion by 2027. (to
the original material)
-
Microsoft asks bug hunters
to probe on-premises
Exchange, SharePoint
servers. (to
the original material)
-
Digital transformation
requires security
intelligence. (to
the original material)
-
FIN7 hacking group 'pen
tester' sentenced to 5 years
in prison. (to
the original material)
-
Google boosts Android
security with new set of dev
policy changes. (to
the original material)
-
New malware targets
serverless AWS Lambda with
cryptominers. (to
the original material)
-
Malicious web redirect
service infects 16,500 sites
to push malware. (to
the original material)
-
Bearded Barbie hackers
catfish high ranking Israeli
officials. (to
the original material)
-
Android apps with 45 million
installs used data
harvesting SDK. (to
the original material)
-
FBI Cyclops Blink operation
disinfected thousands of
WatchGuard appliances. (to
the original material)
-
Telstra now blocking scam
texts in the network. (to
the original material)
-
Service NSW shortlists face
matching tech for identity
verification. (to
the original material)
-
Explainable AI pays off for
Microsoft's LinkedIn. (to
the original material)
-
How to develop faster,
better, more secure
software. (to
the original material)
-
DHS, CISA must better
coordinate with stakeholders
to protect critical
infrastructure. (to
the original material)
-
Seeking CISO feedback, FDA
shares draft medical device
cybersecurity guide. (to
the original material)
-
Ransomware negotiations are
taking longer (and that’s a
good thing). (to
the original material)
-
Ukrainian member of
notorious FIN7 cybercrime
group sentenced. (to
the original material)
-
Zoom's bug bounty programs
soar to $1.8M. (to
the original material)
-
Nearly 40% of Macs left
exposed to 2 zero-day
exploits. (to
the original material)
-
CrowdStrike and Mandiant
form strategic partnership
to protect organizations
against cyber threats. (to
the original material)
-
The Catalog of Carceral
Surveillance: Tablet
advertising that can also
issue discipline. (to
the original material)
-
Brighter stars and
persistent gaps mark new
Paraguay’s “Who defends your
data” report. (to
the original material)
-
Threat Source newsletter
(April 7, 2022) - More money
for cybersecurity still
doesn't solve the skills gap
problem. (to
the original material)
-
How secure is your cloud
storage? Mitigating data
security risks in the cloud.
(to
the original material)
-
Why data-centric security is
now a top priority for every
business. (to
the original material)
-
Half of cybersecurity
professionals consider
quitting due to pressure. (to
the original material)
-
Best-of-breed, integrated
security and evolving
threats. (to
the original material)
-
Fortinet Security
Researchers discover
multiple vulnerabilities in
AutoDesk products: DWG
TrueView, Navisworks &
Design Review. (to
the original material)
-
North Carolina A&T hit
with ransomware after ALPHV
attack. (to
the original material)
-
WonderHero game disabled
after hackers steal $320,000
in cryptocurrency. (to
the original material)
-
Meta said it disrupted a
network of fake accounts
targeting Ukrainians with
espionage. (to
the original material)
-
Suspected China-backed
hackers target 7 Indian
electricity grid centers. (to
the original material)
-
Google’s Radar Chip:
Real-Time biometric data
collection. (to
the original material)
06.04.2022
-
News from cyber security.
-
CISA adds three known
exploited vulnerabilities to
Catalog. (to
the original material)
-
Mozilla releases security
updates for Firefox, Firefox
ESR, and Thunderbird. (to
the original material)
-
Citrix releases security
updates for Hypervisor. (to
the original material)
-
Google releases security
updates for Chrome. (to
the original material)
-
Malicious actors targeting the
cloud for
cryptocurrency-mining
activities. (to
the original material)
-
Internal auditors stepping up
to become strategic advisors
in the fight against fraud. (to
the original material)
-
Automotive cybersecurity
market to reach $5.1 billion
by 2027. (to
the original material)
-
VMware releases critical
patches for new
vulnerabilities affecting
multiple products. (to
the original material)
-
Hackers distributing fake
shopping apps to steal banking
data of Malaysian users. (to
the original material)
-
Ukraine warns of cyber attack
aiming to hack users' Telegram
Messenger accounts. (to
the original material)
-
Block admits data breach
involving Cash App data
accessed by former employee. (to
the original material)
-
U.S. Treasury Department
sanctions Russia-based Hydra
Darknet marketplace. (to
the original material)
-
Cyber threats at retail
Endpoints giving way to data
theft. (to
the original material)
-
63% of organizations paid the
ransom last year. (to
the original material)
-
How often do developers push
vulnerable code? (to
the original material)
-
Palo Alto Networks firewalls,
VPNs vulnerable to OpenSSL
bug. (to
the original material)
-
New FFDroider malware steals
Facebook, Instagram, Twitter
accounts. (to
the original material)
-
UK retail chain The Works
shuts down stores after
cyberattack. (to
the original material)
-
VMware warns of critical
vulnerabilities in multiple
products. (to
the original material)
-
US disrupts Russian Cyclops
Blink botnet before being used
in attacks. (to
the original material)
-
U.S. sanctions crypto-exchange
Garantex for aiding Hydra
Market. (to
the original material)
-
Cisco next to turn up
Spring4Shell-vulnerable
products. (to
the original material)
-
Gov (Australia) looks to close
data security 'gaps' with new
action plan. (to
the original material)
-
Tech giants face supervisory
fee under new EU rules. (to
the original material)
-
Microsoft bolsters Windows 11
enterprise Zero Trust
security. (to
the original material)
-
Dell ships patch for
vulnerable filesystem. (to
the original material)
-
ASIC (Australian Securities
and Investments Commission)
sues Macquarie Bank over fraud
monitoring failures. (to
the original material)
-
ACT's Icon Water moves to
outsourced IT environment. (to
the original material)
-
Four ways security teams can
learn from the Okta breach. (to
the original material)
-
As ‘open banking’ blossoms,
application-based security
becomes a concern. (to
the original material)
-
Financial fraud shot up 233%
last year, account takeover on
the rise. (to
the original material)
-
Alleging security failures
caused data breach, patients
sue Montana’s Logan Health. (to
the original material)
-
Vast majority of security and
development pros report
dramatic talent shortages. (to
the original material)
-
First malware targeting AWS
Lambda serverless cloud
environment discovered. (to
the original material)
-
State-backed Chinese APT group
expands activity to more
sectors, countries. (to
the original material)
-
Microsoft details new security
features for Windows 11. (to
the original material)
-
Developers increasingly
prioritize secure coding. (to
the original material)
-
New cryptomining malware
targets AWS Lambda. (to
the original material)
-
New PCI Data Security Standard
v4.0 receives kudos for
flexibility. (to
the original material)
-
Zoom’s bug bounty ROI clear as
program pays $1.8 million to
fix over 400 bugs. (to
the original material)
-
New threat group underscores
mounting concerns over Russian
cyber threats. (to
the original material)
-
The Latest threat to
independent online creators is
the Filter Mandate Bill. (to
the original material)
-
Fake e‑shops on the prowl for
banking credentials using
Android malware. (to
the original material)
-
Talent shortages leave
businesses more exposed to
attacks. (to
the original material)
-
New malware targets AWS Lambda
cloud environment. (to
the original material)
-
Avast One receives a major
makeover to improve
protection. (to
the original material)
-
Employees not fully prepared
for cyberattacks say IT
leaders. (to
the original material)
-
Another RCE vulnerability
disrupts Java applications
community. (to
the original material)
-
The Latest Remcos RAT driven
by phishing campaign. (to
the original material)
-
How to choose an XDR vendor. (to
the original material)
-
Psychology of Disinformation:
What are Strategic Narratives
for Disinformation Purposes? (to
the original material)
-
Newsletter Anti-Fake:
Virtualization of information
gathering. (to
the original material)
-
Fact checking of the week:
Fake image of the bombings in
Ukraine and falsely attributed
to the BBC. (to
the original material)
-
Kubernetes RBAC: How to avoid
privilege escalation via
certificate signing. (to
the original material)
-
Hackers use malicious apps to
target customers of 8
Malaysian banks, researchers
say. (to
the original material)
-
Vevo announces investigation
after YouTube accounts for
Rihanna, Justin Bieber, Taylor
Swift, Kanye and more hacked.
(to
the original material)
-
US disrupts prolific botnet
controlled by Russian
military, DOJ says. (to
the original material)
-
Researcher finds cryptomining
malware targeting AWS Lambda.
(to
the original material)
-
DOJ charges Russian national
with operating world’s
‘largest darknet market’. (to
the original material)
-
Block says former Cash App
employee accessed data from US
customer accounts. (to
the original material)
-
Continued targeting of Indian
power grid assets by Chinese
state-sponsored activity
group. (to
the original material)
-
Securing your accounts Is
difficult. This is what you
should know about Multi-Factor
Authentication. (to
the original material)
05.04.2022
-
News from cyber security.
-
Press release: Appointment of
Mr. Ionuţ-Andrei Iacoboaei as
Deputy Director of the
National Cyber Security
Directorate (DNSC). (to
the original material)
-
CISA adds Spring4Shell to list
of exploited vulnerabilities.
(to
the original material)
-
Log4Shell exploitation: Which
applications may be targeted
next? (to
the original material)
-
What you need to look out for
when installing packages from
public repositories. (to
the original material)
-
Utilizing biological
algorithms to detect cyber
attacks. (to
the original material)
-
Hybrid threat model: Watch out
for the unhappy employee. (to
the original material)
-
Traditional identity fraud
losses soar, totalling $52
billion in 2021. (to
the original material)
-
49% of small medical practices
don’t have a cyberattack
response plan. (to
the original material)
-
What is undermining ML (Machine
Learning) initiatives? (to
the original material)
-
Australia warns of money
recovery phishing luring past
victims. (to
the original material)
-
Cash App notifies 8.2 million
US customers about data
breach. (to
the original material)
-
Chinese hackers abuse VLC
Media Player to launch malware
loader. (to
the original material)
-
SpringShell attacks target
about one in six vulnerable
orgs. (to
the original material)
-
Microsoft detects Spring4Shell
attacks across its cloud
services. (to
the original material)
-
Microsoft adds on-premises
Exchange, SharePoint to bug
bounty program. (to
the original material)
-
Microsoft announces new
Windows 11 security,
encryption features. (to
the original material)
-
Ukraine spots Russian-linked
'Armageddon' phishing attacks.
(to
the original material)
-
Germany takes down Hydra,
world's largest darknet
market. (to
the original material)
-
Threat Spotlight: AsyncRAT
campaigns feature new version
of 3LOSH crypter. (to
the original material)
-
FIN7 hackers leveraging
password reuse and software
supply chain attacks. (to
the original material)
-
Battling Cybersecurity Risk:
How to start somewhere, right
now. (to
the original material)
-
Germany shuts down Russian
Hydra Darknet market; Seizes
$25 million in Bitcoin. (to
the original material)
-
Researchers trace widespread
espionage attacks back to
Chinese 'Cicada' hackers. (to
the original material)
-
Is API Security on your radar?
(to
the original material)
-
Hackers breach Mailchimp email
marketing firm to launch
crypto phishing scams. (to
the original material)
-
CISA warns of active
exploitation of critical
Spring4Shell vulnerability. (to
the original material)
-
IPfuscation is Hive’s new
technique to evade detection.
(to
the original material)
-
Beastmode Botnet adds new
exploits to its arsenal. (to
the original material)
-
VMware sprung by Spring4shell
vulnerability. (to
the original material)
-
Shadow Code: A Third-Party
blind spot. (to
the original material)
-
WhatsApp voicemail phishing
attack targets nearly 28K
organizations. (to
the original material)
-
Only 14% of developers
consider security a top
priority. (to
the original material)
-
FIN7 morphs into a broader,
more dangerous cybercrime
group. (to
the original material)
-
Millions of installations
potentially vulnerable to
Spring Framework flaw. (to
the original material)
-
Spring4Shell patching is going
slow but risk not comparable
to Log4Shell. (to
the original material)
-
Google fights Dragnet Warrant
for users’ search histories
overseas while continuing to
give data to Police in the
U.S. (to
the original material)
-
Podcast Episode: Your tax
dollars at work. (to
the original material)
-
We’re going on Tor. (to
the original material)
-
Financial fraud attempts up
over 200 percent in two years.
(to
the original material)
-
Corporate Spy: I was LinkedIn
before it was invented. (to
the original material)
-
The Hidden card trick of email
security. (to
the original material)
-
World Backup Day: The best
defense against increasing
cyberthreats. (to
the original material)
-
Hackers flood internet with
what they say are Russian
companies' files. (to
the original material)
-
First-class threat protection.
(to
the original material)
-
New npm flaws let attackers
better target packages for
account takeover. (to
the original material)
-
$25 million confiscated by
German authorities in takedown
of Hydra dark web marketplace.
(to
the original material)
04.04.2022
-
News from cyber security.
-
CISA adds four known exploited
vulnerabilities to Catalog. (to
the original material)
-
Vulnerability Summary for the
Week of March 28, 2022. (to
the original material)
-
The challenges of consumer data
and PII usage. (to
the original material)
-
The CISO as brand enabler,
customer advocate, and product
visionary. (to
the original material)
-
New and less known cybersecurity
risks you should be aware of. (to
the original material)
-
Security flaws found in 82% of
public sector software
applications. (to
the original material)
-
Mainframe still powering
critical business operations. (to
the original material)
-
Vulnerabilities and cyberattacks
that marked the year 2021. (to
the original material)
-
IT in manufacturing
insufficiently prepared to
support long-term hybrid work. (to
the original material)
-
Application security market to
reach $13.1 billion by 2025. (to
the original material)
-
Infosec products of the month:
March 2022. (to
the original material)
-
WhatsApp voice message phishing
emails push info-stealing
malware. (to
the original material)
-
GitHub can now auto-block
commits containing API keys,
auth tokens. (to
the original material)
-
VMware patches Spring4Shell RCE
flaw in multiple products. (to
the original material)
-
Hackers breach MailChimp's
internal tools to target crypto
customers. (to
the original material)
-
FIN7 hackers evolve toolset,
work with multiple ransomware
gangs. (to
the original material)
-
Cybersecurity Weekly: UPS attack
warning from CISA and DOE,
Lapsus$ hacker group takedown
and a surprising new text scam.
(to
the original material)
-
JANGOW: 1.0.1: CTF walkthrough.
(to
the original material)
-
WordPress overtakes Magento in
credit card skimmers. (to
the original material)
-
Researchers uncover new Android
spyware with C2 Server linked to
Turla hackers. (to
the original material)
-
Multiple hacker groups
capitalizing on Ukraine conflict
for distributing malware. (to
the original material)
-
Brokenwire hack could let remote
attackers disrupt charging for
electric vehicles. (to
the original material)
-
Experts shed light on BlackGuard
Infostealer malware sold on
Russian hacking forums. (to
the original material)
-
Beastmode DDoS botnet exploiting
new TOTOLINK bugs to enslave
more routers. (to
the original material)
-
Debate erupts at news the White
House may scale back DOD
cyber-ops authorities. (to
the original material)
-
Fixing a vulnerability? Make
sure your GitHub isn't showing
too much. (to
the original material)
-
Microsoft's cloud business
targeted by EU antitrust
regulators. (to
the original material)
-
Borat RAT emerges as triple
threat to cyber organizations. (to
the original material)
-
Qualys leverages cloud platform
to help security teams reduce
alert fatigue. (to
the original material)
-
Anatomy of an Android malware
dropper. (to
the original material)
-
The NDO (Non
Disclosure Order) Fairness
Act is an important step towards
transparency. (to
the original material)
-
Day of action for Antitrust: Our
rights are tied to having
choices. (to
the original material)
-
Deepfakes evolve from novelty to
serious cyber threat. (to
the original material)
-
10 Hot ethical hacking companies
to watch in 2022. (to
the original material)
-
10 Hot penetration testing
companies to watch in 2022. (to
the original material)
-
How Pentera became a
cybersecurity unicorn. (to
the original material)
-
Harden your cybersecurity
defenses against Y2Q. (to
the original material)
-
Always update Safari on your
iPhone. (to
the original material)
-
German wind turbine maker shut
down after cyberattack. (to
the original material)
-
Hacker accessed 319 crypto- and
finance-related Mailchimp
accounts, company said. (to
the original material)
-
Clearview AI fined in Italy,
starts scanning dead Russian
soldiers in Ukraine. (to
the original material)
03.04.2022
-
News from cyber security.
-
Supply chain attacks against
open-source software soar. (to
the original material)
-
Week in review: Spring4Shell
vulnerability, attackers
exploiting patched RCE in Sophos
Firewall. (to
the original material)
-
Fake Trezor data breach emails
used to steal cryptocurrency
wallets. (to
the original material)
-
New Borat remote access malware is
no laughing matter. (to
the original material)
-
How to choose and harden your VPN:
Best practices from NSA &
CISA. (to
the original material)
-
SOC integration: Creating a
well-built portfolio vs. a
frankenstack. (to
the original material)
02.04.2022
-
News from cyber security.
-
American Express users locked out
for HOURS: no login, no payments. (to
the original material)
-
UK charges two teenagers linked to
the Lapsus$ hacking group. (to
the original material)
-
Apple's zero-day woes continue. (to
the original material)
-
Hive ransomware evolves to add many
new features. (to
the original material)
-
Anonymous leaked 15 GB of data
allegedly stolen from the Russian
Orthodox Church. (to
the original material)
-
UK Police charges two teenagers for
their alleged role in the Lapsus$
extortion group. (to
the original material)
-
Beastmode Mirai botnet now includes
exploits for Totolink routers. (to
the original material)
-
Ukraine intelligence leaks names of
620 alleged Russian FSB agents. (to
the original material)
-
Critical CVE-2022-1162 flaw in
GitLab allowed threat actors to take
over accounts. (to
the original material)
-
Trend Micro fixed high severity flaw
in Apex Central product management
console. (to
the original material)
-
Ca: Two staff fired for patient
privacy breaches at Campbellford
Memorial Hospital. (to
the original material)
-
China accused of hacking Ukraine
days before Russian invasion. (to
the original material)
-
Rattled by RIPTA breach that
affected 22,000, lawmakers propose
policy changes. (to
the original material)
-
Anonymous claims it hacked Russian
Orthodox Church, leaked 15 GB data
and 57,500 emails. (to
the original material)
-
Cyber espionage actor deploying
malware using Excel. (to
the original material)
-
Lazarus using trojanized DeFi app to
deliver malware. (to
the original material)
-
PCI SSC releases Data Security
Standard version 4.0. (to
the original material)
-
ISMG Editors: Lessons to learn from
Okta's breach response. (to
the original material)
-
Tapping public health research tools
to fight cybercrime. (to
the original material)
-
Can I make six figures working in
tech? Here are the best tech jobs
for 2022. (to
the original material)
01.04.2022
- News
from cyber security.
-
Apple releases security updates. (to
the original material)
-
Spring releases security updates
addressing "Spring4Shell" and Spring
Cloud Function vulnerabilities. (to
the original material)
-
Next wave of Ukraine attacks - DDoS,
malicious tools, and infrastructure
disruptions. (to
the original material)
- New
infosec products of the week: April 1,
2022. (to
the original material)
- We
need an industry-backed, tech-neutral
resource to restore trust in voice
communications. (to
the original material)
-
JavaScript security: The importance of
prioritizing the client side. (to
the original material)
-
Cloud native application security is a
critical priority, risk perception is
worryingly low. (to
the original material)
-
Making security mistakes may come with
a high price for employees. (to
the original material)
- Is
IT ready for the metaverse? If not, it
should be. (to
the original material)
-
Spring fixes zero-day vulnerability in
Framework and Spring Boot. (to
the original material)
-
Vulnerabilities in Rockwell Automation
PLCs could enable Stuxnet-Like
attacks. (to
the original material)
-
Fingerprint: The pattern of
coordinated non-authentic behavior on
social media. (to
the original material)
-
Psychology of Disinformation:
Arguments and counter-arguments: from
denigration to exchange of ideas. (to
the original material)
-
Cybersecurity survival tips for small
businesses: 2022 edition. (to
the original material)
-
Latest web hacking tools – Q2 2022. (to
the original material)
-
Spring4Shell: New info and fixes
(CVE-2022-22965). (to
the original material)
-
Results overview: 2022 MITRE
ATT&CK Evaluation – Wizard Spider
and Sandworm edition. (to
the original material)
- The
Week in Ransomware - April 1st 2022 -
'I can fight with a keyboard'. (to
the original material)
-
Microsoft now lets you enable the
Windows App Installer again, here's
how. (to
the original material)
-
Russian-linked Android malware records
audio, tracks your location. (to
the original material)
-
Beastmode botnet boosts DDoS power
with new router exploits. (to
the original material)
-
Trend Micro fixes actively exploited
remote code execution bug. (to
the original material)
-
Critical GitLab vulnerability lets
attackers take over accounts. (to
the original material)
- EU
draft law adds security checks to all
crypto transactions. (to
the original material)
-
Sitel on Okta breach: "spreadsheet"
did not contain passwords. (to
the original material)
-
Focus on physical threats left
maritime sector short on
cybersecurity, says DHS chief. (to
the original material)
-
California health plan facing network
disruptions after alleged Hive
ransomware attack. (to
the original material)
-
Patch, remediation advice emerges for
Spring4Shell vulnerability. (to
the original material)
-
Attackers can compromise 94% of
critical assets within four steps of
breach point. (to
the original material)
- FBI
warns of ransomware straining local
governments, services. (to
the original material)
-
CISO summer school: three ways to
embrace overlooked security concerns.
(to
the original material)
-
What you need to know about PCI DSS
4.0's new requirements. (to
the original material)
-
More than ever, security matters. (to
the original material)
- NSA
employee indicted for sending
classified data outside the Agency. (to
the original material)
-
Upstart crime site woos Raid Forums
orphans. (to
the original material)
-
Ukraine, Conti, and the law of
unintended consequences. (to
the original material)
-
California: Speak up for biometric and
student privacy. (to
the original material)
-
Public.Resource.Org can keep freeing
the law: Court allows posting public
laws and regulations online. (to
the original material)
-
Google opens new ad-targeting API -
Topics, ‘Privacy Sandbox’ and FLEDGE.
(to
the original material)
-
House passes better Cybercrime Metrics
Act. (to
the original material)
- NSA
employee accused of sharing national
defense secrets. (to
the original material)
- US
Cyber Command partners with APUS (American
Public University System). (to
the original material)
- UK
Spy Chief hails Government cell
tackling Kremlin fake news. (to
the original material)
-
Over half of data security incidents
caused by insiders. (to
the original material)
- IT
services giant admits $42m fallout
from ransomware attack. (to
the original material)
-
AcidRain Modem Wiper (Ukrop) caused
the attack against Viasat satellites.
(to
the original material)
-
CVE-2022-22674 Apple vulnerability
could cause RCE with kernel
privileges. (to
the original material)
-
Anonymous targets oligarchs’ Russian
businesses: Marathon Group hacked. (to
the original material)
-
AcidRain, a wiper that crippled
routers and modems in Europe. (to
the original material)
-
Zyxel fixes a critical bug in its
business firewall and VPN devices. (to
the original material)
-
CISA adds Sophos firewall bug to known
exploited vulnerabilities Catalog. (to
the original material)
-
Flaws in Wyze cam devices allow their
complete takeover. (to
the original material)
-
15-Year-Old bug in PEAR PHP Repository
could've enabled supply chain attacks.
(to
the original material)
-
British Police charge two teenagers
linked to LAPSUS$ hacker group. (to
the original material)
-
GitLab releases patch for critical
vulnerability that could let attackers
hijack accounts. (to
the original material)
-
Russian wiper malware likely behind
recent cyberattack on Viasat KA-SAT
modems. (to
the original material)
-
Critical bugs in Rockwell PLC could
allow hackers to implant malicious
code. (to
the original material)
-
Chinese hackers target VMware Horizon
servers with Log4Shell to deploy
Rootkit. (to
the original material)
-
GitLab issues critical update after
hard-coding passwords into accounts. (to
the original material)
-
More charged in UK Lapsus$
investigation. (to
the original material)
-
Google: Russian credential thieves
target NATO, Eastern European
military. (to
the original material)
-
Modem-wiping malware caused Viasat
satellite broadband outage in Europe.
(to
the original material)
-
National Security Agency employee
indicted for 'leaking top secret
info'. (to
the original material)
- UK
Spy Chief warns Russia looking for
cyber targets. (to
the original material)
-
Lapsus$: Two UK teenagers charged with
hacking for notorious gang. (to
the original material)
-
Charity pays over $8 million to
resolve federal embezzlement, bribery
investigation. (to
the original material)
-
Connecticut’s Bradley Airport website
hit by DDoS; Russia’s Rosaviatsia
suffers significant cyberattack. (to
the original material)
-
Solar Winds can’t dodge investor suit
over massive cyberattack. (to
the original material)
- Ph:
Smartmatic admits ‘data leak’ but not
related to 2022 polls. (to
the original material)
-
AcidRain - A Modem Wiper rains down on
Europe. (to
the original material)
-
Threat Roundup for March 25 to April
1. (to
the original material)
-
Beers with Talos, Ep. #119: If it
walks like a BlackCat, smells like a
BlackCat... (to
the original material)
-
Week in security with Tony Anscombe. (to
the original material)
- Ola
Finance DeFi platform hacked, nearly
$5 million stolen. (to
the original material)
-
Chinese hackers Deep Panda return with
Log4Shell exploits, new Fire Chili
rootkit. (to
the original material)
-
Zyxel urges customers to patch
critical firewall bypass
vulnerability. (to
the original material)
- The
spectre of Stuxnet: CISA issues alert
on Rockwell Automation ICS
vulnerabilities. (to
the original material)
-
This Week in security News - April
1, 2022. (to
the original material)
-
WordPress popunder malware redirects
to scam sites. (to
the original material)
-
Why enterprises need to consolidate
their cybersecurity efforts
[Q&A]. (to
the original material)
-
Log4j continues to be a problem for
enterprises. (to
the original material)
-
Fresh TOTOLINK vulnerabilities
picked up by Beastmode Mirai
campaign. (to
the original material)
-
The complete list of hacker and
cybersecurity movies. (to
the original material)
-
Bug Bounty Radar - The latest bug
bounty programs for April 2022. (to
the original material)
-
GitLab addresses critical account
hijack bug. (to
the original material)
-
PHP bug allows attackers to bypass
domain filters, stage DoS attacks
against servers. (to
the original material)
-
Infosec Skills April Challenge:
Don’t get fooled by these real-world
threats. (to
the original material)
-
Defence cancels SkyGuardian drones
to fund REDSPICE cyber plan. (to
the original material)
-
Second critical infrastructure cyber
security bill passes parliament. (to
the original material)
Archive:
Source:
Note Dorin M.
This site has a double
form, one in HTML and one in Joomla (if you are interested
in the utility behind this effort you can read the "Why
a HTML and a CMS (Joomla)" page).
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
Dorin M - April 30, 2022