Study - Technical - LMS-SFC EN) - Cyber Security - News Archive March 2022
Cyber Security - News Archive
March 2022
31.03.2022
- News
from cyber security.
- CISA
releases security advisories for
Rockwell Automation products. (to
the original material)
- FBI
releases PIN on ransomware straining
local governments and public services. (to
the original material)
- CISA
adds seven known exploited
vulnerabilities to Catalog. (to
the original material)
-
Cybersecurity News of the Week
(31.03.2022). (to
the original material)
-
Ransomware payments hit new records. (to
the original material)
-
SunCrypt ransomware now comes with
upgraded features. (to
the original material)
-
Russia warns of 'grave consequences'
after U.S. reaffirms threat of sanctions
over Ukraine. (to
the original material)
- Fresh
Phish: Phishers schedule victims on
calendar app. (to
the original material)
-
Government warns on cybersecurity issues
with Philips’ e-Alert MRI monitoring
system. (to
the original material)
- Conti
continues to attack even after recent
code leaks. (to
the original material)
- New
zero-day RCE vulnerability Spring4Shell:
What you should know. (to
the original material)
-
Threat Advisory: Spring4Shell. (to
the original material)
- On
the Radar: Is 2022 the year encryption
is doomed? (to
the original material)
-
Threat Source newsletter (March 31,
2022) — Is "Fortnite" a Metaverse? (to
the original material)
- Over
half of data security incidents caused
by insider threats. (to
the original material)
-
Pressure to fully disclose security
breaches mounts. (to
the original material)
- World
Backup Day – People make mistakes. (to
the original material)
- 57%
of people can’t recall if they ever
backed up their important documents. (to
the original material)
-
Spring4Shell: No need to panic, but
mitigations are advised. (to
the original material)
- The
current state of enterprise backup and
recovery. (to
the original material)
- Where
should companies start when it comes to
device security? (to
the original material)
- Lack
of CLM maturity is putting organizations
at risk. (to
the original material)
- DDoS
attacks becoming larger and more
complex, finance most targeted sector. (to
the original material)
-
Deploying pseudonymization techniques to
protect health data. (to
the original material)
- Why
do organizations need to prioritize
cyber resiliency? (to
the original material)
-
Phishing uses Azure Static Web Pages to
impersonate Microsoft. (to
the original material)
- CISA
orders agencies to patch actively
exploited Sophos firewall bug. (to
the original material)
- New
BlackGuard password-stealing malware
sold on hacker forums. (to
the original material)
- Zyxel
patches critical bug affecting firewall
and VPN devices. (to
the original material)
- Apple
emergency update fixes zero-days used to
hack iPhones, Macs. (to
the original material)
-
Viasat confirms satellite modems were
wiped with AcidRain malware. (to
the original material)
-
Chinese hacking group uses new 'Fire
Chili' Windows rootkit. (to
the original material)
-
Spring patches leaked Spring4Shell
zero-day RCE vulnerability. (to
the original material)
-
LockBit victim estimates cost of
ransomware attack to be $42 million. (to
the original material)
- Palo
Alto Networks error exposed customer
support cases, attachments. (to
the original material)
- DPRK
hackers go after crypto assets using
trojanized DeFi Wallet app. (to
the original material)
-
Calendly actively abused in Microsoft
credentials phishing. (to
the original material)
- Just
35% of security pros say they are ‘very
familiar’ with zero trust. (to
the original material)
-
SentinelOne finds ties between Viasat
hack and Russian actor. (to
the original material)
- Court
denies SolarWinds bid to throw out
breach lawsuit. (to
the original material)
-
Council updates data security standards
for payments industry. (to
the original material)
- Only
30% of the cyber workforce is in the
19-34 age demographic. (to
the original material)
- Orca
Security to offer scoring system for
attack paths on cloud-native apps. (to
the original material)
- FBI
asks public for help finding Lapsus$
extortion group. (to
the original material)
-
Clarity in planning security helps to
complete goals with confidence. (to
the original material)
- Five
ways to protect an organization from a
nation-state attack. (to
the original material)
-
Remote code execution flaws in Spring
and Spring Cloud frameworks put Java
apps at risk. (to
the original material)
-
Colombian ISPs show steady commitments
to user privacy but key transparency
gaps remain. (to
the original material)
- The
'Silver Lining' to ransomware attacks on
businesses in an increasingly hostile
world. (to
the original material)
- CISA
issues UPS warning. (to
the original material)
-
Cyber-Attack on California Healthcare
Organization. (to
the original material)
- New
version of PCI DSS designed to tackle
emerging payment threats. (to
the original material)
- Know
your ransomware enemy: Getting inside
the mind of a hacker. (to
the original material)
-
Interview: Analyzing the hidden costs of
cybercrime. (to
the original material)
-
#WorldBackupDay: 5 Backup tips to retain
critical data following a ransomware
attack. (to
the original material)
- 5
Levers lawmakers can use to tackle
cybercrime. (to
the original material)
-
Viasat: Denial of Service attack
impacted tens of thousands. (to
the original material)
-
Global Police arrest 65 in
multimillion-dollar BEC bust. (to
the original material)
-
Apple, Facebook Doxxed users - via fake
Police EDRs (Emergency Data
Request). (to
the original material)
- The
Sisyphean task of vulnerability
management. (to
the original material)
- Fall
for Phishing? You could get fired. (to
the original material)
-
Nation-State hackers ramp up Ukraine war
- Themed attacks. (to
the original material)
-
Protecting your organization against a
new class of cyber threats: HEAT. (to
the original material)
- 10
high severity vulnerabilities in Google
Chrome. (to
the original material)
-
Attacking rival, Google says Microsoft’s
hold on government security is a
problem. (to
the original material)
-
Spring4Shell: Spring users face new,
zero-day vulnerability. (to
the original material)
-
Critical SQL injection flaw fixed in
Rapid7’s Nexpose vulnerability scanner.
(to
the original material)
- US
healthcare data breach impacts 85,000
law enforcement officers. (to
the original material)
-
Belarusian ‘Ghostwriter’ actor picks up
BitB for Ukraine-related attacks. (to
the original material)
- QNAP
customers adrift, waiting on fix for
OpenSSL bug. (to
the original material)
-
Automaker cybersecurity lagging behind
tech adoption, experts warn. (to
the original material)
-
Cybersecurity debt in financial
services: what happens next? (to
the original material)
- PoC
Code for CVE-2010-1622 puts Spring Core
Framework at risk. (to
the original material)
-
Phishing, Smishing & Vishing: What
you need to know & how to protect
yourself. (to
the original material)
30.03.2022
- News
from cyber security.
- FBI
releases PIN on phishing campaign
against U.S. Election Officials. (to
the original material)
-
Google releases security updates for
Chrome. (to
the original material)
-
ALERT: Malicious cyber campaign with
Trojan Stealer malware via email. (to
the original material)
-
Securing EU Institutions, Bodies and
Agencies. (to
the original material)
-
Mars Stealer malware pushed via Google
Ads and phishing emails. (to
the original material)
-
Web3 and the future of data
portability: Rethinking user
experiences and incentives on the
internet. (to
the original material)
- How
to recruit cybersecurity talent from
atypical backgrounds. (to
the original material)
-
Product showcase: Secure online
authentication “Made in Germany” by
Swissbit. (to
the original material)
-
Design, prioritize, and implement a
cyber defense program with CIS CDM
2.0. (to
the original material)
-
Posts on name-and-shame dark web leak
sites climbed 85% in 2021. (to
the original material)
- The
benefits of implementing continuous
security in the development lifecycle.
(to
the original material)
- How
hard is it to address Apple’s in-app
deletion requirements and implement
privacy compliance? (to
the original material)
- US
national emergency extended due to
elevated malicious cyber activity. (to
the original material)
- New
Spring Java framework zero-day allows
remote code execution. (to
the original material)
-
Globant confirms hack after Lapsus$
leaks 70GB of stolen data. (to
the original material)
-
Google: Russian phishing attacks
target NATO, European military. (to
the original material)
-
QNAP warns severe OpenSSL bug affects
most of its NAS devices. (to
the original material)
- FBI
disrupts BEC cybercrime gangs
targeting victims worldwide. (to
the original material)
-
Hive ransomware uses new 'IPfuscation'
trick to hide payload. (to
the original material)
-
Mazda Infotainment Crash shows how
fragile car security really is. (to
the original material)
-
Viasat shares details on KA-SAT
satellite service cyberattack. (to
the original material)
-
Phishing campaign targets Russian govt
dissidents with Cobalt Strike. (to
the original material)
-
Open ports and ‘risky services’ create
exposure for financial firms. (to
the original material)
-
Globant confirms falling victim to
Lapsus$ extortion group. (to
the original material)
-
Senators want federal cyber pros to
detail how they’re going to modernize
their agencies. (to
the original material)
-
Identity authentication failure can
cost financial firms as much as $42
million. (to
the original material)
-
Google: Russian hackers targeting
NATO, military email accounts. (to
the original material)
-
Critical RCE vulnerability
Spring4Shell found in Spring Cloud
Function. (to
the original material)
-
Ubiquiti seeks $425 million in damages
against industry blogger Brian Krebs.
(to
the original material)
-
Time to lighten the load on our
growing cyber albatross. (to
the original material)
- How
to avoid an identity management crisis
during the M&A process. (to
the original material)
-
Women in tech: Unique insights from a
lifelong pursuit of innovation. (to
the original material)
-
World Backup Day – Ransomware. (to
the original material)
-
e-book: Threat Spotlight: Protecting
your business in 2022. (to
the original material)
- New wave of AnonymousFox cron jobs. (to the original material)
-
Credential phishing continues to be a
major threat. (to
the original material)
-
Microsoft launches new driver blocking
feature to boost security in Windows.
(to
the original material)
- New
wave of Remcos RAT phishing campaign.
(to
the original material)
-
Muhstik Botnet gang targets Redis
exploit within one day of public PoC (Proof-of-Concept)
release. (to
the original material)
-
Crypto stealing malware spreads via
fake wallet apps. (to
the original material)
-
Singapore, US to establish dialogue to
strengthen cooperation in
cybersecurity. (to
the original material)
- New
Milestones for Deep Panda: Log4Shell
and digitally signed Fire Chili
Rootkits. (to
the original material)
- Why
metrics are crucial to proving
cybersecurity programs’ value. (to
the original material)
- The
Evolution of threat detection: From
pentesting to PtaaS. (to
the original material)
-
Anti-Fake Newsletter: Beware of
imposter fact checking! (to
the original material)
-
Fact checking of the week: Distorted
claims about "Z-letter ban" in
Germany. (to
the original material)
-
Anti-Fake Newsletter: We need to
rebuild trust in each other. (to
the original material)
- SQL
injection protections in ImpressCMS
could be bypassed to achieve RCE. (to
the original material)
-
‘Dangerous’ EU web authentication plan
threatens to undercut browser-led
certification system, detractors
claim. (to
the original material)
- An
In-Depth look at ICS vulnerabilities
Part 1. (to
the original material)
29.03.2022
- News
from cyber security.
-
Mitigating attacks against
Uninterruptable Power Supply
devices. (to
the original material)
-
IceID trojan delivered via hijacked
email threads, compromised MS
Exchange servers. (to
the original material)
-
Attackers are exploiting recently
patched RCE in Sophos Firewall
(CVE-2022-1040). (to
the original material)
-
Subdomain takeover attacks on the
rise and harder to monitor. (to
the original material)
-
The security gaps that can be
exposed by cybersecurity asset
management. (to
the original material)
-
The Israeli cybersecurity funding
landscape in the past year. (to
the original material)
-
Product showcase: Specops uReset
SSPR solution. (to
the original material)
-
2021 COVID bounce: Malware has
returned with a vengeance. (to
the original material)
-
Not enough businesses have a formal
ransomware plan in place. (to
the original material)
-
What’s stopping organizations from
becoming data-driven? (to
the original material)
-
Verblecon malware loader used in
stealthy crypto mining attacks. (to
the original material)
-
Zero-Day surge led to more rapid
exploitation of bugs in 2021. (to
the original material)
-
Triton malware still targeting
energy firms. (to
the original material)
-
Vodafone Portugal: The attack on
brand reputations and public
confidence through cybercrime. (to
the original material)
-
Transparent Tribe campaign uses new
bespoke malware to target Indian
government officials. (to
the original material)
-
Europe’s quest for energy
independence - and how cyber‑risks
come into play. (to
the original material)
-
Flaws found in over 80 percent of
public sector applications. (to
the original material)
-
One in four employees lose job after
making cybersecurity mistakes. (to
the original material)
-
Mars Stealer malware pushed via
OpenOffice ads on Google. (to
the original material)
-
$620 million in crypto stolen from
Axie Infinity's Ronin bridge. (to
the original material)
-
Shutterfly discloses data breach
after Conti ransomware attack. (to
the original material)
-
FBI warns election officials of
credential phishing attacks. (to
the original material)
-
Hackers use modified MFA tool
against Indian govt employees. (to
the original material)
-
CISA warns of attacks targeting
Internet-connected UPS devices. (to
the original material)
-
Wyze Cam flaw lets hackers remotely
access your saved videos. (to
the original material)
-
Consistency in password resets helps
block credential theft. (to
the original material)
-
Europol dismantles massive call
center investment scam operation. (to
the original material)
-
Island CEO on how the Enterprise
Browser lets companies manage
security across SaaS, web apps. (to
the original material)
-
FDA, OIG HHS budget requests focus
on improving medical device
security, infrastructure. (to
the original material)
- A
majority of public sector agencies
cite increased concern about
third-party risk. (to
the original material)
-
FBI asks Congress for more money,
people and authorities to match
cyber threats. (to
the original material)
-
Privacy risks loom without
third-party app and API standards,
healthcare groups say. (to
the original material)
-
Vast majority of email employment
fraud schemes target US
universities. (to
the original material)
-
Europe’s quest for energy
independence – and how cyber‑risks
come into play. (to
the original material)
-
World Backup Day – Hardware failure.
(to
the original material)
-
Top 5 Topics to discuss with clients
about website security. (to
the original material)
-
French health insurance data leak:
what to do if you are affected. (to
the original material)
-
Threat Alert: First Python
ransomware attack targeting Jupyter
Notebooks. (to
the original material)
-
Exclusive threat research: Mars
(Stealer) attacks! (to
the original material)
-
Redspice: budget ushers in
Australia’s ‘biggest ever’
cybersecurity spend. (to
the original material)
-
Cyber extortion surges 78% as
'ransomware as a service' spreads. (to
the original material)
-
Lapsus$ and SolarWinds hackers both
use the same old trick to bypass
MFA. (to
the original material)
-
With great 5G power comes great
responsibility. (to
the original material)
-
Ransomware, Malware, Phishing Top
List of IT Security Concerns. (to
the original material)
-
Preach about the breach: CVE and
incident response. (to
the original material)
-
The Windows user security Bible:
Vulnerabilities and patches. (to
the original material)
-
Network cavity blamed for data
breach at Japanese candy maker
Morinaga. (to
the original material)
-
HTML parser bug triggers Chromium
XSS security flaw. (to
the original material)
-
Ukrainian ISP used by military
disrupted by ‘powerful’
cyber-attack. (to
the original material)
-
Why organizations should take
cloud-based cryptocurrency-mining
attacks seriously. (to
the original material)
-
How a few thoughtless words about
privacy led to huge political and
economic headaches for the US and
EU. (to
the original material)
28.03.2022
- News
from cyber security.
-
CISA adds 32 known exploited
vulnerabilities to Catalog. (to
the original material)
-
Google releases security updates
for Chrome. (to
the original material)
-
Vulnerability Summary for the Week
of March 21, 2022. (to
the original material)
-
Cybersecurity Month campaign
reduces Cyber Incidents. (to
the original material)
-
Okta acknowledges 'mistake' in
handling of Lapsus$ attack. (to
the original material)
-
Kaspersky, China Telecom, China
Mobile named 'threats to US
national security'. (to
the original material)
-
Hodur: A new Korplug variant from
Chinese hackers. (to
the original material)
-
Beware of old and new tax-themed
scams and schemes. (to
the original material)
-
Cybercriminals focusing on crypto
donations to Ukraine to trick
victims. (to
the original material)
-
Is next-gen threat modeling even
about threats? (to
the original material)
-
Why low-code and identity must
co-exist. (to
the original material)
-
Extended Threat Intelligence: A
new approach to old school threat
intelligence. (to
the original material)
-
Cybercriminals launched 9.75
million DDoS attacks in 2021. (to
the original material)
-
Cloud-native adoption shifts
security responsibility across
teams. (to
the original material)
-
The importance of data in the
metaverse. (to
the original material)
-
Operational risk management
solution market to reach $3,098.0
million by 2028. (to
the original material)
-
CISA warns orgs to patch actively
exploited Chrome, Redis bugs. (to
the original material)
-
Hacked WordPress sites force
visitors to DDoS Ukrainian
targets. (to
the original material)
-
Critical SonicWall firewall patch
not released for all devices. (to
the original material)
-
SunCrypt ransomware is still alive
and kicking in 2022. (to
the original material)
-
New Windows security feature
blocks vulnerable drivers. (to
the original material)
-
Microsoft Exchange targeted for
IcedID reply-chain hijacking
attacks. (to
the original material)
-
White House calls for 11% bump in
civilian cyber budgets. (to
the original material)
-
Dentist’s response to negative
review among four HIPAA enforcement
actions by OCR (Office for
Civil Rights). (to
the original material)
-
Oklahoma City Indian Clinic reports
network disruptions impacting
pharmacy. (to
the original material)
-
Morgan Stanley Wealth Management
accounts breached in ‘vishing’
attacks. (to
the original material)
-
Senate bill would team up CISA and
HHS to improve health cybersecurity.
(to
the original material)
-
Security's life cycle isn't the
developers' life cycle. (to
the original material)
-
New open-source tool tackles pesky
access denial messages in AWS. (to
the original material)
-
Malware detections surge from "COVID
Bounce". (to
the original material)
-
An EFF Investigation: Mystery GPS
tracker on a supporter’s car. (to
the original material)
-
The Public has a right to know how
DHS is spending millions to spy on
immigrants on social media. (to
the original material)
-
The Pro Codes Act is a wolf in
sheep’s clothing. (to
the original material)
-
EFF Files FOIA Lawsuit against DHS
to shed light on vetting program to
collect and data mine immigrants'
social media. (to
the original material)
-
Under the hood of Wslink’s
multilayered virtual machine. (to
the original material)
-
Faster exploitation of
vulnerabilities poses a major risk
for businesses. (to
the original material)
-
RED-LILI continues to launch NPM
attacks on Azure developers. (to
the original material)
-
World Backup Day – Poor security
practices. (to
the original material)
-
Pentagon seeks $11.2 billion for
cyber in FY23 budget request. (to
the original material)
-
Kaspersky banned by FCC: ‘Threat to
National Security’. (to
the original material)
-
Anonymous claimed data leak to force
Nestlé out of Russia. (to
the original material)
-
CVE-2022-1096 Chromium vulnerability
exploited in the wild. (to
the original material)
-
CVE-2022-0543 used in attacks
against Redis Servers. (to
the original material)
-
Elden Ring players caught in a death
loop due to vulnerability. (to
the original material)
-
Attackers getting faster at latching
onto unpatched vulnerabilities for
stealth hacking campaigns – report.
(to
the original material)
-
ENISA urges data-handling innovation
amid growing tide of healthcare
breaches. (to
the original material)
27.03.2022
-
News
from cyber security.
-
Microsoft and Google release
emergency patches for security
vulnerabilities in Edge and
Chrome. (to
the original material)
-
FCC adds Kaspersky and Chinese
Telecom firms to National
Security Threat List. (to
the original material)
-
In Act of Hacktivism, Open
Source Project maintainer uses
code to wipe Russian and
Belarusian computers. (to
the original material)
-
Keep your mobile safe while
using public Wi-Fi. (to
the original material)
-
Hive ransomware ports its
Linux VMware ESXi encryptor to
Rust. (to
the original material)
-
Critical Sophos Firewall
vulnerability allows remote
code execution. (to
the original material)
-
Okta: "We made a mistake"
delaying the Lapsus$ hack
disclosure. (to
the original material)
26.03.2022
-
News
from cyber security.
-
FCC blacklists Kaspersky for
posing an 'unacceptable risk to
the national security of the
US'. (to
the original material)
-
Google observes North Korean
APTs exploiting Chrome. (to
the original material)
-
20-Year-Olds charged in NFT 'Rug
Pull' scam case. (to
the original material)
-
Estonian ransomware operator
gets 66-month sentence. (to
the original material)
-
Data of 820,000 NYC students
compromised in hack of online
grading system: Education Dept.
(to
the original material)
-
Weekend update: Christie Clinic,
CSI Laboratories report
breaches. (to
the original material)
-
Trial starts next week in case
of law firm sued by insurer for
not disclosing thedarkoverlord
hack. (to
the original material)
-
Mansfield company hacked,
personal information stolen. (to
the original material)
-
Ph: Fines for data privacy
breach capped at P5 million. (to
the original material)
-
BCBS of Kansas subcontractor
offers free protection to
members put at risk by data
breach. (to
the original material)
-
‘Precursor malware’ infection
may be sign you're about to get
ransomware, says startup. (to
the original material)
-
FCC adds Kaspersky and Chinese
Telecom Firms to National
Security Threat List. (to
the original material)
-
Another Chinese hacking group
spotted targeting Ukraine amid
Russia invasion. (to
the original material)
-
CISA adds 66 vulnerabilities to
list of bugs exploited in
attacks. (to
the original material)
-
Western Digital fixes critical
bug giving root on My Cloud NAS
devices. (to
the original material)
25.03.2022
- News
from cyber security.
-
CISA adds 66 known exploited
vulnerabilities to Catalog. (to
the original material)
-
Russian Nationals indicted for
Epic Triton/Trisis and Dragonfly
cyberattacks on energy firms. (to
the original material)
-
New infosec products of the week:
March 25, 2022. (to
the original material)
-
The challenge of planning an IAM
strategy for multi-cloud
environments to avoid risk. (to
the original material)
-
Trends, threats and techniques
that comprised the 2021 threat
landscape. (to
the original material)
-
How the cloud skills gap is
hindering business development. (to
the original material)
-
Data literacy to lead global
workplaces by 2030. (to
the original material)
-
How to unlock a resilient hybrid
work plan. (to
the original material)
-
US says Kaspersky poses
unacceptable risk to national
security. (to
the original material)
-
The Week in Ransomware - March
25th 2022 - Critical
infrastructure. (to
the original material)
-
Emergency Google Chrome update
fixes zero-day used in attacks. (to
the original material)
-
Public Redis exploit used by
malware gang to grow botnet. (to
the original material)
-
Racoon Stealer malware suspends
operations due to war in Ukraine.
(to
the original material)
-
Estonian ransomware operator
sentenced to 66 months in prison.
(to
the original material)
-
HackerOne kicks Kaspersky’s bug
bounty program off its platform. (to
the original material)
-
URL rendering trick enabled
WhatsApp, Signal, iMessage
phishing. (to
the original material)
-
Senate bill would team up CISA and
HHS to improve health
cybersecurity. (to
the original material)
-
Horizon Actuarial Services data
theft impacts MLB (Major
League Baseball)
Players Benefit Plan members. (to
the original material)
-
How Lapsus$ preyed on insiders in
the Okta breach. (to
the original material)
-
Developers, IT decision-makers out
of sync when it comes to who owns
cloud security. (to
the original material)
-
CISA chimes in on DoJ indictment
of Russian nationals for critical
infrastructure cyberattacks. (to
the original material)
-
Honda downplays vulnerability
allowing hackers to lock, unlock
and start Civics. (to
the original material)
-
North Korean hackers target
employees of news outlets,
software vendors and more through
Chrome vulnerability. (to
the original material)
-
‘Mustang Panda’ hacking group
exploiting Ukraine invasion,
COVID-19 to spread malware. (to
the original material)
-
2021 Third-Party Intelligence
Threat Landscape. (to
the original material)
-
Russian State-Sponsored
amplification of bio lab
disinformation amid war in
Ukraine. (to
the original material)
-
IsaacWiper continues trend of
wiper attacks against Ukraine. (to
the original material)
-
These fake crypto wallets want to
steal from iPhone and Android
users. (to
the original material)
-
Europe wants WhatsApp and Apple's
iMessage to open up and work
together. (to
the original material)
-
Google: We stopped these hackers
who were targeting job hunters and
crypto firms. (to
the original material)
-
Fly brains can detect threatening
drones. (to
the original material)
-
Frosties NFT operators arrested
over $1.1 million 'rug pull' scam.
(to
the original material)
-
Mobile threats: who targeted
smartphones in 2021. (to
the original material)
-
Threat Landscape Insights for
CISOs. (to
the original material)
-
DDoS attacks grow in size and
complexity. (to
the original material)
-
The Mystery Admin User. (to
the original material)
-
World Backup Day - What would you
do … (to
the original material)
-
Four Russian government employees
charged over hacking campaigns on
critical infrastructure. (to
the original material)
-
Washington residents’ medical data
exposed by phishing attack on
Spokane Regional Health District.
(to
the original material)
-
HTTP request smuggling bug patched
in mitmproxy. (to
the original material)
-
DoJ indicts Russian gov’t
employees over targeting power
sector. (to
the original material)
-
Google Chrome zero-day bugs
exploited weeks ahead of patch. (to
the original material)
-
Purple Fox uses new arrival vector
and improves malware arsenal. (to
the original material)
-
This Week in Security News - March
25, 2022. (to
the original material)
-
Bitdefender's response to the
invasion of Ukraine. (to
the original material)
-
Conti ransomware group's internal
discussions have been made public
by a security researcher from
Ukraine. (to
the original material)
-
UK Police arrest 7 allegedly tied
to Lapsus$ hacking group. (to
the original material)
-
Malicious crypto apps target
mobile users, mainly in China. (to
the original material)
-
US, EU agree to a new data-sharing
framework. (to
the original material)
-
ISMG Editors: Russia-Ukraine war
cyber escalation fallout? (to
the original material)
-
Bank on seeing more targeted
attacks on financial services. (to
the original material)
-
How H-ISAC is tracking
Russia-Ukraine cyberthreats. (to
the original material)
-
Week in security with Tony
Anscombe. (to
the original material)
-
Threat Roundup for March 18 to
March 25. (to
the original material)
-
TX: Val Verde Regional Medical
Center patient data dumped by
LockBit. (to
the original material)
-
Cybercriminal connected to
multimillion dollar ransomware
attacks sentenced for online fraud
schemes. (to
the original material)
-
The Elusive goal of network
security. (to
the original material)
-
Unit 42: Ransomware demands we're
aware of averaged $2.2m last year.
(to
the original material)
-
Atlassian flags Bitbucket and
Confluence Data Center flaws. (to
the original material)
-
Hackers remotely start, unlock
Honda Civics with $300 tech. (to
the original material)
-
We blocked North Korea's Chrome
exploit, says Google. (to
the original material)
-
Google issues urgent Chrome update
to patch actively exploited
zero-day vulnerability. (to
the original material)
-
U.S. charges 4 Russian Govt.
employees over hacking critical
infrastructure worldwide. (to
the original material)
-
7 Suspected members of LAPSUS$
hacker gang, aged 16 to 21,
arrested in U.K. (to
the original material)
-
Experts uncover campaign stealing
cryptocurrency from Android and
iPhone users. (to
the original material)
-
Russian military behind hack of
satellite communication devices in
Ukraine at war’s outset, U.S.
officials say. (to
the original material)
-
Senate Committee questions
Pentagon’s information
restrictions. (to
the original material)
-
The Best defense is a good
offense: How to beat ransomware. (to
the original material)
-
Florida Sheriff’s Officer charged
with cyber-flashing minor. (to
the original material)
-
Major League Baseball players’
personal data stolen. (to
the original material)
-
Utah becomes latest US State to
pass a Data Privacy Law. (to
the original material)
-
EU and US agree deal to reopen
Seamless Transatlantic data flows.
(to
the original material)
-
The sustainability of business
growth using cloud computing
services. (to
the original material)
-
Why we expect more multi-level
extortion (and what to do about
it). (to
the original material)
24.03.2022
- News
from cyber security.
-
State-Sponsored Russian cyber
actors targeted energy sector from
2011 to 2018. (to
the original material)
-
VMware releases security updates.
(to
the original material)
-
Cybersecurity News of the Week
(24.03.2022). (to
the original material)
-
Taking care of health data. (to
the original material)
-
Okta names contractor involved in
Lapsus$ gang’s attack. (to
the original material)
-
New cyberespionage campaign
targeting ISPs, research entities.
(to
the original material)
-
How will recent risk trends shape
the future of GRC (Governance,
Risk and Compliance).
(to
the original material)
-
Strengthening third-party vendor
programs in times of crisis and
beyond. (to
the original material)
-
The biggest security threats to
today’s businesses. (to
the original material)
-
Enterprises are engaged in a
powerful battle to retain
cybersecurity staff. (to
the original material)
-
The importance of ramping up
digital forensics and incident
response tech investments. (to
the original material)
-
What’s holding back zero trust
implementation for device access?
(to
the original material)
-
Honda bug lets a hacker unlock and
start your car via replay attack.
(to
the original material)
-
Phishing kits constantly evolve to
evade security software. (to
the original material)
-
Morgan Stanley client accounts
breached in social engineering
attacks. (to
the original material)
-
US charges 4 Russian govt
employees with critical
infrastructure hacks. (to
the original material)
-
Western Digital My Cloud OS update
fixes critical vulnerability. (to
the original material)
-
Lapsus$ suspects arrested for
Microsoft, Nvidia, Okta hacks. (to
the original material)
-
Malicious Microsoft Excel add-ins
used to deliver RAT malware. (to
the original material)
-
South Africa wants to fight SIM
swapping with biometric checks. (to
the original material)
-
North Korean hackers exploit
Chrome zero-day weeks before
patch. (to
the original material)
-
A better grasp of cyber attack
tactics can stop criminals faster.
(to
the original material)
-
Federal government earns high
marks for cyber collaboration, but
gaps remain. (to
the original material)
-
Health-ISAC calls for
‘intelligence-led’ security, as
actors continue to target
healthcare. (to
the original material)
-
Google, Mandiant detail
threat from North Korea
cyber groups. (to
the original material)
-
Email phishing scams prey on
tax season, crisis in
Ukraine. (to
the original material)
-
Looking to steal PII, npm
attack targets Azure
developers. (to
the original material)
-
Get better security by
helping people do what they
already want to do. (to
the original material)
-
Governments take steps to
create cyber fortresses
across critical
infrastructure. (to
the original material)
-
Pandemic leaves firms
scrambling for cybersecurity
specialists. (to
the original material)
-
What the Conti ransomware
group data leak tells us. (to
the original material)
-
Ransomware payments, demands
rose dramatically in 2021. (to
the original material)
-
The Kids Online Safety Act
Is a heavy-handed plan to
force platforms to spy on
young people. (to
the original material)
-
Stop Invasive Remote
Proctoring: Pass
California’s student test
taker privacy protection
Act. (to
the original material)
-
Cashio Stablecoin: Not
Stable - CASH Loses
99.99995%. (to
the original material)
-
DoJ unseals indictments of
four Russian gov’t officials
for cyberattacks on energy
companies. (to
the original material)
-
This is how fast a
ransomware attack encrypts
all your files. (to
the original material)
-
Does your organization need
XDR eXtended
Detection and
Response?
(to
the original material)
-
Suspected Okta hackers
arrested by British police.
(to
the original material)
-
Hackers spoof fintech apps
as tax season approaches. (to
the original material)
-
Customer Q&A: Cloud
architect and engineer
Reinout Pennings. (to
the original material)
-
FBI most wanted Russian
national accused of running
dark web marketplace. (to
the original material)
-
Microweber developers
resolve XSS vulnerability in
CMS software. (to
the original material)
-
Flash loan attack on One
Ring protocol nets
crypto-thief $1.4 million. (to
the original material)
-
UK cops collar 7 suspected
Lapsus$ gang members. (to
the original material)
-
Just-Released Dark Souls
game, Elden Ring, includes
killer bug. (to
the original material)
-
Microsoft Azure developers
awash in PII-stealing npm
packages. (to
the original material)
-
HubSpot data breach ripples
through crytocurrency
industry. (to
the original material)
-
Chinese APT combines fresh
Hodur RAT with complex
anti-detection. (to
the original material)
-
Microsoft help files
disguise Vidar malware. (to
the original material)
-
Top 3 attack trends in API
security - Podcast. (to
the original material)
-
Tax-Season scammers spoof
Fintechs, including Stash,
Public. (to
the original material)
-
An investigation of
cryptocurrency scams and
schemes. (to
the original material)
-
In a fake material broadcast
by a TV station attacked by
hackers, President Zelensky
asks Ukraine to surrender. (to
the original material)
-
US indicts Russian behind
popular carding marketplace.
(to
the original material)
-
Ukrainian IT Official:
Russian cyberattacks have
continued. (to
the original material)
-
Russia's Cyberthreat: White
House issues 'Call to
Action'. (to
the original material)
-
HHS OCR Tally Analysis:
Breaches, affected
individuals surge. (to
the original material)
-
Okta says it 'Should have
moved more swiftly' over
breach. (to
the original material)
-
Is a nation‑state digital
deterrent scenario so
far‑fetched? (to
the original material)
-
Crypto malware in patched
wallets targeting Android
and iOS devices. (to
the original material)
-
Threat Source newsletter
(March 24, 2022) - Of course
the deepfake videos are
here. (to
the original material)
-
Threat Advisory: DoubleZero.
(to
the original material)
-
Achieving positive outcomes
with multi-domain cyber and
open source intelligence. (to
the original material)
-
US charges Russian hackers
over infamous Triton, Havex
cyberattacks on energy
sector. (to
the original material)
-
Microsoft Azure developers
targeted by 200-plus
data-stealing npm packages.
(to
the original material)
-
British cops arrest seven in
Lapsus$ crime gang probe. (to
the original material)
-
HP finance manager went on
$5m personal spending spree
with company card. (to
the original material)
-
North Korea Gov hackers
caught sharing Chrome
zero-day. (to
the original material)
-
The Chaos (and Cost) of the
Lapsus$ hacking carnage. (to
the original material)
-
New Vidar Infostealer
campaign hidden in help
file. (to
the original material)
-
Over 100 Building
Controllers in Russia
vulnerable to remote dacker
attacks. (to
the original material)
-
North Korean hackers
exploited Chrome zero-day to
target Fintech, IT, and
Media Firms. (to
the original material)
-
23-Year-Old Russian hacker
wanted by FBI for running
marketplace of stolen
logins. (to
the original material)
-
Chinese APT hackers
targeting betting companies
in Southeast Asia. (to
the original material)
-
How to build a custom
malware Analysis Sandbox. (to
the original material)
-
Researchers trace LAPSUS$
cyber attacks to 16-Year-Old
hacker from England. (to
the original material)
-
Chinese threat actor Scarab
targeting Ukraine. (to
the original material)
-
Surprisingly, the UK has a
biometrics and surveillance
camera Commissioner: He’s
rather good. (to
the original material)
23.03.2022
- News
from cyber security.
-
‘Open banking’ opens the door to
application security concerns. (to
the original material)
-
New financial fraud scoring service
promises to help firms be more
proactive. (to
the original material)
-
All eyes are on ransomware, while
business email compromise (BEC)
remains king of cybercrime. (to
the original material)
-
Scripps Health sued over ongoing
payroll disruption claims, as Kronos
fallout continues. (to
the original material)
-
Financial sector employees less
likely to pose insider threat, but
concerns remain. (to
the original material)
-
House and Senate ‘very close’ on
FISMA, FedRAMP agreement, says
Senate Homeland chairman. (to
the original material)
-
New partnership between AI, data
firms illustrates increased focus on
money laundering. (to
the original material)
-
Exploiting Trust in reCAPTCHA. (to
the original material)
-
Internet crime in 2021: Investment
fraud losses soar. (to
the original material)
-
Microsoft and Okta confirm, detail
impact of Lapsus$ gang’s attacks. (to
the original material)
-
Internet crime in 2021: Investment
fraud losses soar. (to
the original material)
-
Companies should evolve their
cybersecurity strategy in light of
the Great Resignation. (to
the original material)
-
Three steps to secure an
organization during mergers and
acquisitions. (to
the original material)
-
As breaches soar, companies must
turn to cloud-native security
solutions for protection. (to
the original material)
-
Cybersecurity compliance: Start with
proven best practices. (to
the original material)
-
The challenges audit leaders need to
look out for this year. (to
the original material)
-
CIOs’ growing responsibilities going
beyond IT. (to
the original material)
-
FBI adds Russian cybercrime market
owner to most wanted list. (to
the original material)
-
New Mustang Panda hacking campaign
targets diplomats, ISPs. (to
the original material)
-
FBI: Ransomware hit 649 critical
infrastructure orgs in 2021. (to
the original material)
-
Hackers steal from hackers by
pushing fake malware on forums. (to
the original material)
-
Hackers exploit new WPS Office flaw
to breach betting firms. (to
the original material)
-
Microsoft fixes Bluetooth issue
causing Windows blue screens. (to
the original material)
-
Ten notorious ransomware strains put
to the encryption speed test. (to
the original material)
-
Security teams need to investigate
the Okta breach themselves. (to
the original material)
-
Most security pros say complexity
drives need to ‘future-proof’
multi-cloud environments. (to
the original material)
-
ServiceNow’s new automation platform
includes security incident
management. (to
the original material)
-
The shift to ecommerce requires
fighting online fraud. (to
the original material)
-
Okta says 366 customers impacted via
third-party breach. (to
the original material)
-
FBI: Cybercrime victims suffered
losses of over $6.9B in 2021. (to
the original material)
-
IriusRisk launches Open Threat Model
standard to secure software
development lifecycle. (to
the original material)
-
IBM service aims to secure
multicloud operations. (to
the original material)
-
States step up cybersecurity efforts
as threats increase. (to
the original material)
-
Limitless bandwidth is not a panacea
for mission-critical application QoE
(Quality of
Experience). (to
the original material)
-
Ukraine war alters security
landscape for orgs, ERM (Enterprise
Risk Management)
leaders. (to
the original material)
-
Bad actors trying to capitalize on
current events via shameless email
scams. (to
the original material)
-
MS Office files involved again in
recent Emotet trojan campaign – Part
II. (to
the original material)
-
Managing identities between clouds
is the top challenge for businesses.
(to
the original material)
-
Ransomware can encrypt 100,000 files
in under 45 minutes. (to
the original material)
-
Poor security practices still a
challenge for hybrid work. (to
the original material)
-
Leverage cloud resources to minimize
tax-time pain points. (to
the original material)
-
Sophos fixes SQL injection
vulnerability in UTM (Universal
Threat Management)
appliance. (to
the original material)
-
US and Canada reinstate cybercrime
forum to prevent Russian
cyber-attacks. (to
the original material)
-
DeadBolt ransomware resurfaces to
hit QNAP again. (to
the original material)
-
Microsoft: Lapsus$ used employee
account to steal source code. (to
the original material)
-
2 Latest health data hacks
affect over 200,000 individuals.
(to
the original material)
-
Mustang Panda’s Hodur: Old
tricks, new Korplug variant. (to
the original material)
-
Vulnerability Spotlight: Heap
overflow in Sound Exchange
libsox library. (to
the original material)
-
A Sheep in Wolf's Clothing:
Technology alone is a security
facade. (to
the original material)
22.03.2022
- News
from cyber security.
- FBI
and FinCEN release advisory on
AvosLocker ransomware. (to
the original material)
-
Drupal releases security updates. (to
the original material)
-
Binarly coordinates patches for 3
firmware flaws with Dell. (to
the original material)
-
Podcast Episode: Hack to the Future. (to
the original material)
- US
critical infrastructure operators should
prepare for retaliatory cyberattacks. (to
the original material)
-
Lapsus$ gang says it has breached Okta
and Microsoft. (to
the original material)
-
Securing DevOps amid digital
transformation. (to
the original material)
- The
not so scary truth about zero-day
exploits. (to
the original material)
-
Expanding threat landscape:
Cybercriminals attacking from all sides.
(to
the original material)
- HEAT
attacks: A new class of cyber threats
organizations are not prepared for. (to
the original material)
- How
the increase in ransomware has impacted
the cyber insurance market. (to
the original material)
- The
value of running stateful applications
on Kubernetes. (to
the original material)
-
Password management market to reach $2.9
billion by 2027. (to
the original material)
-
Microsoft confirms they were hacked by
Lapsus$ extortion group. (to
the original material)
- White
House shares checklist to counter
Russian cyberattacks. (to
the original material)
- Okta
confirms support engineer's laptop was
hacked in January. (to
the original material)
-
Custom macOS malware of Chinese hackers
‘Storm Cloud’ exposed. (to
the original material)
-
Greece's public postal service offline
due to ransomware attack. (to
the original material)
- The
top 5 things the 2022 Weak Password
Report means for IT security. (to
the original material)
-
Hundreds of HP printer models vulnerable
to remote code execution. (to
the original material)
- Top
Russian meat producer hit with Windows
BitLocker encryption attack. (to
the original material)
- Okta
investigating claims of customer data
breach from Lapsus$ group. (to
the original material)
-
Lapsus$ hackers leak 37GB of Microsoft's
alleged source code. (to
the original material)
- On
the Radar: Securing Web 3.0, the
Metaverse and beyond. (to
the original material)
- 81
percent of organizations have outages
caused by expired certificates. (to
the original material)
- Most
enterprise network assets are
cloud-based but policies aren't keeping
pace. (to
the original material)
- Pen
testing tools increasingly used by
threat actors. (to
the original material)
-
F-Secure creates new corporate security
brand. (to
the original material)
- Half
of security pros say their public clouds
were breached during the pandemic. (to
the original material)
-
Posing as GDPR information, attacker
targets French organizations with
backdoor. (to
the original material)
-
Russian-linked botnet targeting Asus
routers, other devices. (to
the original material)
-
Italian public sector to replace
Kaspersky products. (to
the original material)
- Three
tips for credential stuffing mitigation
from the N.Y. State Attorney General’s
Office. (to
the original material)
- Amid
recovery, Kentucky hospital details
cyberattack discovered in January. (to
the original material)
-
Lapsus$ group claims Okta supply chain
attacks. (to
the original material)
-
Proposed SEC rule offers deeper insight
into new cyber demands facing publicly
traded companies. (to
the original material)
-
Published Zelenskyy deepfake video
demonstrates the modern war is online. (to
the original material)
- SMBs
are 350% more likely to experience
social engineering attacks via phishing.
(to
the original material)
- Biden
issues warning about Russian cyber
attacks. (to
the original material)
-
Details of Conti ransomware affiliate
released. (to
the original material)
-
Revised scope of UK security strategy
reflects digitized society. (to
the original material)
- Okta
‘identifying and contacting’ customers
potentially affected by Lapsus$ breach.
(to
the original material)
-
Ransomware group attacks Scottish mental
health charity. (to
the original material)
-
Microsoft investigating Lapsus$ claims
of Bing, Cortana data theft. (to
the original material)
- U.K.
echoes Biden warning on Russian
cyberattacks. (to
the original material)
-
Ransomware group claims major Okta
breach. (to
the original material)
- New
Chariot Module Nosey Parker Released: An
artificial intelligence based secrets
scanner that out sniffs the competition.
(to
the original material)
-
Bolster cyberresilience against Ukraine
conflict crossfire. (to
the original material)
- What
are the possible consequences of Okta
hack? (to
the original material)
-
Hacktivists, new and veteran, target
Russia with one of cyber’s oldest
tools. (to
the original material)
-
Authentication firm Okta probes
report of digital breach. (to
the original material)
-
The power of segmentation for OT
security. (to
the original material)
-
Okta investigates LAPSUS$ gang’s
compromise claims. (to
the original material)
-
Scottish mental health charity
disrupted by ‘sophisticated’
cyber-attack. (to
the original material)
-
‘Browser in a browser’: Phishing
technique simulates pop-ups to
exploit users. (to
the original material)
-
Lapsus$ data kidnappers claim
snatches from Microsoft, Okta. (to
the original material)
-
Russia lays groundwork for
cyberattacks on US infrastructure -
White House. (to
the original material)
-
FIDO: Here’s another knife to help
murder passwords. (to
the original material)
-
Serpent backdoor slithers into orgs
using Chocolatey installer. (to
the original material)
-
Demystifying Zero Trust. (to
the original material)
-
The Fediverse: Decentralized social
media for human beings. (to
the original material)
21.03.2022
- News
from cyber security.
-
Vulnerability Summary for the Week of
March 14, 2022. (to
the original material)
-
Attackers employ novel methods to
backdoor French organizations. (to
the original material)
-
Qualys platform study: Log4Shell, the
menace continues. (to
the original material)
- Why
machine identities matter (and how to
use them). (to
the original material)
-
Cybersecurity Red Team 101. (to
the original material)
- How
to become a passwordless organization. (to
the original material)
-
Payment fraud attack rate across fintech
ballooned 70% in 2021. (to
the original material)
- What
makes a successful development team? (to
the original material)
-
Hybrid cloud solutions are the long-term
target for most companies. (to
the original material)
-
BitRAT malware now spreading as a
Windows 10 license activator. (to
the original material)
-
Android password-stealing malware
infects 100,000 Google Play users. (to
the original material)
-
Windows zero-day flaw giving admin
rights gets unofficial patch, again. (to
the original material)
-
Serpent malware campaign abuses
Chocolatey Windows package manager. (to
the original material)
-
Microsoft investigating claims of hacked
source code repositories. (to
the original material)
- Will
the biggest clouds win? Lessons from
Google's Mandiant buy. (to
the original material)
-
Crowdsourced efforts get leveraged in
Ukraine conflict. (to
the original material)
- White
House warns of new intel on Russia
mulling cyberattack 'Options' against
US. (to
the original material)
- 4
Critical Capabilities for a SaaS
Security Posture Management (SSPM)
Solution. (to
the original material)
- Name
That Toon: Sleep Like a Baby. (to
the original material)
-
'Unique Attack Chain' drops backdoor in
new phishing campaign. (to
the original material)
-
Ransomware attack led Bridgestone to
halt US tire production for a week. (to
the original material)
- Ban
online behavioral advertising. (to
the original material)
- The
new filter mandate bill is an
unmitigated disaster. (to
the original material)
-
Anti-War hacktivism is leading to
digital xenophobia and a more hostile
internet. (to
the original material)
-
Brazil’s “Remuneration Right”
strengthens Big Tech and Big Media, at
the cost of Free Expression and a Free
Press. (to
the original material)
- To
make Social Media work better, make it
fail better. (to
the original material)
- Bad
Dog - Everyone HATES this FIDO
passwordless idea. (to
the original material)
- New
Mexico appoints cybersecurity advisor. (to
the original material)
- FTC
accuses CafePress of data breach
"Cover-Up". (to
the original material)
-
Dental Care data breach may impact 1
million Texans. (to
the original material)
-
Emotet is back and is deadlier than
ever! A rundown of the Emotet malware. (to
the original material)
-
#HowTo: Get Cyber Essentials certified.
(to
the original material)
-
AvosLocker ransomware striking critical
infrastructure targets. (to
the original material)
- NFT (Non-Fungible
Tokens) fraud in the UK soars 400%
in 2021. (to
the original material)
- Over
40,000 London voters have data leaked to
strangers. (to
the original material)
- New
Browser-in-the-Browser technique makes
phishing indistinguishable. (to
the original material)
-
Researchers observe new CAKETAP Rookit
deployed against ATMs. (to
the original material)
-
Caketap Rootkit by UNC2891 targets banks
customers. (to
the original material)
-
Gh0stCringe targets weakly configured
Microsoft SQL, MySQL Servers. (to
the original material)
-
Attackers targeting unpatched SolarWinds
WHD instances. (to
the original material)
-
GoDaddy managed hosting service targeted
via backdoor infection. (to
the original material)
-
Influx of trojanized apps on Google Play
Store. (to
the original material)
-
Facebook phish claims “Someone tried to
log into your account”. (to
the original material)
-
HubSpot hack leads to data breaches at
BlockFi, Swan Bitcoin, NYDIG and Circle.
(to
the original material)
-
Serpent, No Swiping! New backdoor
targets french entities with unique
attack chain. (to
the original material)
-
Cryptocurrency companies impacted by
HubSpot breach. (to
the original material)
-
Sandworm: A tale of disruption told
anew. (to
the original material)
- What
are the best security testing tools
(Open Source)? (to
the original material)
-
Google’s Community Security Analytics
promises to address the gap in detecting
resources in the cloud. (to
the original material)
-
Should I pay a ransom? A 5-step
decision-making process. (to
the original material)
-
Security hygiene, doing all the little
things right (all the time). (to
the original material)
-
Investing in cybersecurity can
strengthen a company’s financial and
credit ratings. (to
the original material)
- How
to move healthcare cybersecurity posture
through a patient-safety lens? (to
the original material)
- Few
IT pros confident their organizations
can protect data, despite DLP (Data
Loss Prevention) investments. (link
material original)
-
OpenSSL vulnerability can ‘definitely be
weaponized,’ NSA cyber director says. (to
the original material)
- White
House: Intelligence shows Russia is
exploring potential cyberattacks against
US. (to
the original material)
- HHS:
Amid Russian threat, hospitals need 4-6
week business continuity plan. (to
the original material)
-
Scammers eye MetaMask: how can you stay
safe? (to
the original material)
-
Conflict in Ukraine might ultimately
strengthen cybersecurity. (to
the original material)
- NPM
maintainer targets Russian users with
data-wiping ‘protestware’. (to
the original material)
- Rust
patches sneaky ReDoS bug. (to
the original material)
20.03.2022
- News
from cyber security.
-
More Conti ransomware source code
leaked on Twitter out of revenge. (to
the original material)
-
Western Digital app bug gives elevated
privileges in Windows, macOS. (to
the original material)
-
Africa Data Security and Privacy Guide.
(to
the original material)
-
Indicators of Compromise associated with
AvosLocker ransomware. (to
the original material)
-
BlockFi confirms unauthorized access to
client data hosted on Hubspot. (to
the original material)
-
Standard virtual workspace security is
improving but still not enough. (to
the original material)
-
Iranian hackers leak Mossad chief’s
personal information. (to
the original material)
-
CVE-2021-28372: How a vulnerability in
third-party technology Is leaving many
IP cameras and surveillance systems
vulnerable. (to
the original material)
19.03.2022
- News
from cyber security.
-
Leaked ransomware documents show Conti
helping Putin from the shadows. (to
the original material)
-
Polish SA: record fine of almost $1.2
million imposed on Fortum Marketing and
Sales Polska S.A. for personal data
breach. (to
the original material)
-
Exotic Lily is a business-like access
broker for ransomware gangs. (to
the original material)
- Ca:
Conviction for illegal disclosure of
health information. (to
the original material)
- New
Orleans Woman Sentenced to 15 Months in
Federal Prison for Bank Larceny of Over
$200,000 Using Patient Information
Stolen from Metairie Medical Clinic. (to
the original material)
- A
security lapse exposed India’s CISF
personnel files and health records. (to
the original material)
- New
Phishing toolkit lets anyone create fake
Chrome browser windows. (to
the original material)
- FBI:
Avoslocker ransomware targets US
critical infrastructure. (to
the original material)
-
Developer sabotages own npm module
prompting open-source supply chain
security questions. (to
the original material)
-
Google exposes initial access broker
ties to ransomware. (to
the original material)
-
Vulnerabilities found in popular
open-source projects on GitHub could
impact millions. (to
the original material)
- How
can we avoid false contrasts and not
perpetuate misleading rhetoric? (to
the original material)
-
Russia says it's seen 'unprecedented'
level of cyberattacks. (to
the original material)
-
Japan's SDF (Self-Defence Forces)
launches new cyber-defense unit. (to
the original material)
-
Hackers are targeting your March Madness
Bracket. (to
the original material)
-
BlockFi confirms unauthorized access to
client data hosted on Hubspot. (to
the original material)
-
Ghostwriter in the Shell: Expanding on
Mandiant’s Attribution of UNC1151 to
Belarus. (to
the original material)
18.03.2022
- News
from cyber security.
-
CRI-O security update for
Kubernetes. (to
the original material)
-
How enterprises responded to
Log4Shell. (to
the original material)
-
History Of Hacking: Back to the
future. (to
the original material)
-
30% of Log4j instances still
remain vulnerable, with open
source apps a major hurdle. (to
the original material)
-
South Denver Cardiology
cyberattack, data access impacts
287K patients. (to
the original material)
-
Arkansas AG sues hospital for
leaving patient files unsecured
after closing shop. (to
the original material)
-
Agencies ‘aware’ of hacking
threats to US, allied satellite
networks. (to
the original material)
-
Prioritizing ‘reachable’
vulnerabilities makes for faster,
more secure code development. (to
the original material)
-
Workaround offered for unpatched
HTML-to-PDF rendering
vulnerability. (to
the original material)
-
Apple Safari empowers developers
to mitigate web flaws with WebKit
CSP enhancements. (to
the original material)
-
Agencies warn on satellite hacks
& GPS jamming affecting
airplanes, critical
infrastructure. (to
the original material)
-
DarkHotel APT targets Wynn, Macao
Hotels to rip off guest data. (to
the original material)
-
Sandworm APT hunts for ASUS
routers with Cyclops Blink botnet.
(to
the original material)
-
Google blows lid off Conti, Diavol
ransomware access-broker ops. (to
the original material)
-
Defending the data center: The
time to act is now. (to
the original material)
-
Week in security with Tony
Anscombe. (to
the original material)
-
Threat Roundup for March 11 to
March 18. (to
the original material)
-
1 Million Texans potentially
impacted by dental care data
breach. (to
the original material)
-
Caketap, a new Unix rootkit used
to siphon ATM banking data. (to
the original material)
-
South Africa credit bureau
breached, data reportedly held for
$15M ransom. (to
the original material)
-
Hackers hit Mass. background-check
firm used by state agencies,
universities. (to
the original material)
-
Hackers hit Hood. Dairy shut down
milk production this week after
‘cyber security event’. (to
the original material)
-
Shooting the Whistleblower?
Defamation Suit Claims Nuance
Communications Gave False Info to
FBI, SEC, Retaliated Against
Whistleblower. (to
the original material)
-
The TTPs of Conti’s initial access
broker. (to
the original material)
-
New infosec products of the week:
March 18, 2022. (to
the original material)
-
Why EDR is not sufficient to
protect your organization. (to
the original material)
-
How prepared are organizations to
face a ransomware attack on
Kubernetes? (to
the original material)
-
Top 5 myths businesses believe
about bots. (to
the original material)
-
The problem with multiple cloud
security tools: Alert fatigue and
burnout. (to
the original material)
-
How to build and retain a strong
IT team. (to
the original material)
-
The Week in Ransomware - March
18th 2022 - Targeting the auto
industry. (to
the original material)
-
Free decryptor released for
TrickBot gang's Diavol ransomware.
(to
the original material)
-
Hackers claim to breach TransUnion
South Africa with 'Password'
password. (to
the original material)
-
DarkHotel hacking campaign targets
luxury Macao resorts. (to
the original material)
-
Google: Chinese state hackers
target Ukraine’s government. (to
the original material)
-
Code-Sabotage incident in protest
of Ukraine war exposed open source
risks. (to
the original material)
-
Satellite networks worldwide at
risk of possible cyberattacks, FBI
& CISA warn. (to
the original material)
-
Security teams struggle to get
started with zero trust. (to
the original material)
-
MITRE and partners build insider
threat knowledge base. (to
the original material)
-
Should the West build its own
‘Great Firewall’? (to
the original material)
-
Zero-Trust’s foundation is
identity and access management. (to
the original material)
-
Fighting in Ukraine raises
prospect of US cyberattacks. (to
the original material)
-
Ugandan writers charged with cyber
stalking President. (to
the original material)
-
A Third of malicious logins
originate in Nigeria. (to
the original material)
17.03.2022
- News
from cyber security.
-
WordPress releases security
update. (to
the original material)
-
ISC releases security advisories
for BIND. (to
the original material)
-
Strengthening cybersecurity of
SATCOM network providers and
customers. (to
the original material)
-
OpenSSL releases security updates.
(to
the original material)
-
Drupal releases security updates.
(to
the original material)
-
Cybersecurity News of the Week
(17.03.2022). (to
the original material)
-
Inauguration of new headquarters.
(to
the original material)
-
Trickbot uses compromised MikroTik
routers as C2 communication
proxies. (to
the original material)
-
How to plan for increased security
risks resulting from the Great
Resignation. (to
the original material)
-
Top data governance challenges and
strategies for high-growth
startups. (to
the original material)
-
Four key risks exacerbated by
Russia’s invasion of Ukraine. (to
the original material)
-
Healthcare cybersecurity trends:
Organizations not quite ready to
deal with threats. (to
the original material)
-
Attackers have come to love APIs
as much as developers. (to
the original material)
-
Severity of mobile threats rising,
10+ million mobile endpoints
impacted. (to
the original material)
-
Realizing the importance of data
literacy. (to
the original material)
-
CISA, FBI warn US critical orgs of
threats to SATCOM networks. (to
the original material)
-
New Unix rootkit used to steal ATM
banking data. (to
the original material)
-
Google exposes tactics of a Conti
ransomware access broker. (to
the original material)
-
ASUS warns of Cyclops Blink
malware attacks targeting routers.
(to
the original material)
-
Europe warns of aircraft GPS
outages tied to Russian invasion.
(to
the original material)
-
Microsoft creates tool to scan
MikroTik routers for TrickBot
infections. (to
the original material)
-
BIG sabotage: Famous npm package
deletes files to protest Ukraine
war. (to
the original material)
-
Show leadership where security
works, to get support for where it
doesn’t. (to
the original material)
-
HHS: HIPAA can ‘substantially
mitigate’ most common healthcare
cyberattacks. (to
the original material)
-
Around 34 ransomware variants
detected in Q4 2021. (to
the original material)
-
New botnet targets Linux devices
via Log4J vulnerability. (to
the original material)
-
Kwampirs malware linked with
Shamoon. (to
the original material)
-
New wipers and fake AV updates
target Ukraine. (to
the original material)
-
Sandworm-linked botnet has another
piece of hardware in its sights. (to
the original material)
-
Web application attacks surge as
cybercriminals continue to
professionalize. (to
the original material)
-
The Balancing Act of financial
organizations to compete in a
technology-driven World. (to
the original material)
-
Organizations invest more in site
reliability engineering but
challenges still persist. (to
the original material)
-
Extending detection and response -
why context is needed for
security. (to
the original material)
-
Cybercriminals impersonate Ukraine
aid organizations in crypto
phishing scams. (to
the original material)
-
What happens when ‘protestware’
sabotages open source in response
to current events? (to
the original material)
-
‘Fox guarding the henhouse’ –
Founder of cyber-fraud prevention
company pleads guilty to
defrauding investors. (to
the original material)
-
Downdetector: How the popular site
outage tracker is helping to
improve web security. (to
the original material)
-
Dev sabotages popular NPM package
to protest Russian invasion. (to
the original material)
-
Misconfigured Firebase databases
exposing data in mobile apps. (to
the original material)
-
Reporting mandates to clear up
Feds’ hazy look into threat
landscape - Podcast. (to
the original material)
-
Threat Source newsletter (March
17, 2022) - Channelling productive
worry to help Ukraine. (to
the original material)
-
From BlackMatter to BlackCat:
Analyzing two attacks from one
affiliate. (to
the original material)
-
Alarm raised over ‘trickster’
LokiLocker ransomware. (to
the original material)
-
Russian pipeline company Transneft
hit by data leak dedicated to
Hillary Clinton. (to
the original material)
-
6 Reasons not to pay ransomware
attackers. (to
the original material)
-
ThreatMapper updated with new
scanning tools. (to
the original material)
-
Multiple automotive manufacturers
infected with Emotet. (to
the original material)
-
EFF tells E.U. Commission: Don't
break encryption. (to
the original material)
-
3 Ways to improve your ability to
recover from ransomware. (to
the original material)
-
Gov’t cybersecurity standards not
enough to protect consumers. (to
the original material)
-
Drawing the Line: Are smart cities
compatible with human rights and
privacy? (to
the original material)
16.03.2022
- News
from cyber security.
-
Press release: National
Directorate of Cyber Security
(DNSC) and Bookblog.ro in dialogue
to remedy the problems of the
website. (to
the original material)
-
Standardisation conference
explores EU cybersecurity
legislation. (to
the original material)
-
Beware Gamers! Fake Valorant cheat
spreads RedLine Stealer. (to
the original material)
-
Salesforce sued in attempt to
block release of Capitol riot
info. (to
the original material)
-
The Windows malware on Ukraine
CERT's radar. (to
the original material)
-
China's internet regulator
squeezes famously freewheeling
Reddit-alike. (to
the original material)
-
Biden legitimizes cryptocurrency
with regulatory exploration. (to
the original material)
-
Take a walk on the client side:
The importance of front-end
JavaScript security assessments. (to
the original material)
-
How fast can organizations respond
to a cybersecurity crisis? (to
the original material)
-
(IN)SECURE Magazine issue 71
released. (to
the original material)
-
Attackers using default
credentials to target businesses,
Raspberry Pi and Linux top
targets. (to
the original material)
-
On-demand webinar: Demystifying
zero trust to protect connected
assets in OT. (to
the original material)
-
Why a modern vulnerability
management strategy requires
state-of-the-art solutions. (to
the original material)
-
How to build a security tool that
sells. (to
the original material)
-
Will vacancies create security
voids? (to
the original material)
-
Unsecured Microsoft SQL, MySQL
servers hit by Gh0stCringe
malware. (to
the original material)
-
SolarWinds warns of attacks
targeting Web Help Desk instances.
(to
the original material)
-
Microsoft Defender tags Office
updates as ransomware activity. (to
the original material)
-
Hundreds of GoDaddy-hosted sites
backdoored in a single day. (to
the original material)
-
CISA adds 15 vulnerabilities to
list of flaws exploited in
attacks. (to
the original material)
-
Emotet malware campaign
impersonates the IRS for 2022 tax
season. (to
the original material)
-
OpenSSL cert parsing bug causes
infinite denial of service loop. (to
the original material)
-
Microsoft the No. 1 most-spoofed
brand in phishing attacks. (to
the original material)
-
What the newly signed US
cyber-incident law means for
security. (to
the original material)
-
VPNs give Russians an end run
around censorship. (to
the original material)
-
Russia state-sponsored hackers
used misconfigured MFA to breach
NGO. (to
the original material)
-
New ransomware LokiLocker bundles
destructive wiping component. (to
the original material)
-
Never-Mind the Gap: It isn't
skills we're short of, it's common
sense. (to
the original material)
-
Sioux Falls funds DSU (Dakota
State University) cybersecurity
lab. (to
the original material)
-
Irish Watchdog fines Meta $19m
over data breach. (to
the original material)
-
New SEC cybersecurity reporting
mandates put more pressure on
investment firms. (to
the original material)
-
Financial breaches more efficient
as automated fraud attacks
increase. (to
the original material)
-
Can healthcare tackle IoT, medical
device security challenges? (to
the original material)
-
Cloudflare adds low-cost API
protection, email security and
free, limited WAF (Web
Application Firewall). (to
the original material)
-
Smaller financial firms face big
challenges as cyberattacks increase.
(to
the original material)
-
‘Security issue’ at East Tennessee
Children’s Hospital disrupts
services. (to
the original material)
-
Fraudsters use intelligent bots to
attack financial institutions. (to
the original material)
-
How distributed identities will make
Web3 possible. (to
the original material)
-
Successful DevOps in the Age of
Serverless. (to
the original material)
-
Uncovering Trickbot’s use of IoT
devices in command-and-control
infrastructure. (to
the original material)
-
Spear-phishing report: Social
engineering and growing complexity
of attacks. (to
the original material)
-
Keeping an eye on… EU cyber
security. (to
the original material)
-
Hashtag of the Week: # Foreign
actors manipulate # OurInformation
Environment. (to
the original material)
-
Tehno Impact: Twitter aims to
attract more users. (to
the original material)
-
Psychology of Disinformation: How to
avoid amplifying misleading
information about the War in
Ukraine. (to
the original material)
-
In the wake of the fake: Trend
alert: Misinformation that mimics
legitimate media sources. (to
the original material)
-
Focus: The TikTok War: Between
Documentation and Misinformation. (to
the original material)
-
Anti-Fake Newsletter: What is a fake
flag operation? (to
the original material)
-
Digital Fingerprint: False flag or
misleading operation. (to
the original material)
-
Collateral Damage - on
Cybersecurity. (to
the original material)
-
Emotet spoofs IRS in tax
season-themed phishing campaign. (to
the original material)
-
Chameleon phishing attack brings bad
karma to email users. (to
the original material)
-
Linux and Raspberry Pi machines
become top targets for credential
hacking. (to
the original material)
-
Can you be hacked by visiting a
website? (to
the original material)
-
Unpatched plugins threaten millions
of WordPress websites. (to
the original material)
-
HackerOne lifts ‘sanctions’ against
Ukrainian hackers. (to
the original material)
-
OpenSSL drops update addressing
‘high severity’ denial of service
issue in ubiquitous encryption
library. (to
the original material)
-
‘CryptoRom’ Crypto-Scam is back via
side-loaded apps. (to
the original material)
-
US military vs. Silicon Valley – a
cultural divide. (to
the original material)
-
Letter to Iran, regarding the
regulatory system for cyberspace
services bill. (to
the original material)
15.03.2022
-
News from cyber security.
-
Russian state-sponsored cyber actors
access network misconfigured with
default MFA protocols. (to
the original material)
-
Updated: Kubernetes Hardening Guide.
(to
the original material)
-
CISA adds 15 known exploited
vulnerability to Catalog. (to
the original material)
-
Press release: 'ro' websites are
already used in cyber attacks. (to
the original material)
-
Veeam fixes critical RCEs in backup
solution (CVE-2022-26500,
CVE-2022-26501). (to
the original material)
-
Financially motivated threat actors
willing to go after Russian targets.
(to
the original material)
-
Are you willing to take a calculated
risk? Quantifying your cyber risk
and predicting future threats. (to
the original material)
-
The simple secret to app security?
Time. (to
the original material)
-
The massive impact of
vulnerabilities in critical
infrastructure. (to
the original material)
-
Malicious web application requests
skyrocketing, bad actors stealthier
than ever before. (to
the original material)
-
Top threats for the financial
sector. (to
the original material)
-
Top automotive tech obstacles:
Cybersecurity, software quality and
functional safety. (to
the original material)
-
70% of financial service providers
are implementing API security. (to
the original material)
-
CaddyWiper: New wiper malware
discovered in Ukraine. (to
the original material)
-
Podcast Episode: Watching the
Watchers. (to
the original material)
-
Node.js security: Parse Server
remote code execution vulnerability
resolved. (to
the original material)
-
Israeli government websites
temporarily knocked offline by
‘massive’ cyber-attack. (to
the original material)
-
Most QNAP NAS devices affected by
‘Dirty Pipe’ Linux flaw. (to
the original material)
-
Pandora ransomware hits giant
automotive supplier Denso. (to
the original material)
-
Staff think Conti group is a legit
employer - Podcast. (to
the original material)
-
Cybercrooks’ political in-fighting
threatens the West. (to
the original material)
-
How cloud services become weapons in
Russia-Ukraine cyber conflict. (to
the original material)
-
CaddyWiper: More destructive wiper
malware strikes Ukraine. (to
the original material)
-
FTC Takes action against CafePress
for data breach cover up and poor
security. (to
the original material)
-
East Tennessee Children’s Hospital
statement on security issue. (to
the original material)
-
Comprehensive Health Services pays
false claims act settlement
involving EMR Security. (to
the original material)
-
Ireland’s privacy watchdog sued for
inaction over ‘massive Google data
breach’. (to
the original material)
-
Israeli government websites crash
after ‘massive’ cyberattack,
officials say. (to
the original material)
-
PayTM clarifies RBI bar on new
customers. (to
the original material)
-
State Bar breach exposed thousands
more confidential records than
original estimates, investigation
shows. (to
the original material)
-
The Rising importance of research
communities for industrial
cybersecurity. (to
the original material)
-
Thousands of secret keys found in
leaked Samsung source code. (to
the original material)
-
HackerOne apologizes to Ukrainian
hackers for mistakenly blocking
payouts. (to
the original material)
-
Dozens of ransomware variants used
in 722 attacks over 3 months. (to
the original material)
-
FBI warns of MFA flaw used by state
hackers for lateral movement. (to
the original material)
-
New Linux botnet exploits Log4J,
uses DNS tunneling for comms. (to
the original material)
-
Android trojan persists on the
Google Play Store since January. (to
the original material)
-
FTC to fine CafePress for cover up
of massive data breach. (to
the original material)
-
Massive phishing campaign uses 500+
domains to steal credentials. (to
the original material)
-
German government advises against
using Kaspersky antivirus. (to
the original material)
-
NAS Vendor says several of its
products likely contain Linux 'Dirty
Pipe' flaw. (to
the original material)
-
Mobile App developers leave behind
2,100 open databases. (to
the original material)
-
As Log4j continues to remind us,
what's old is new again. (to
the original material)
-
Traffic interception and MitM
(Man-in-the-Middle) attacks among
security risks of Russian TLS (Transport
Layer Security) certs. (to
the original material)
- UK
blocks Assange's extradition appeal. (to
the original material)
-
Hackers hit Rosneft. (to
the original material)
-
Nearly 300k heart patients’ data
exposed. (to
the original material)
- Top
10: Cybersecurity lessons CISOs should
take from the Russia-Ukraine conflict.
(to
the original material)
- Top
3 Ways hackers get into your
supplier's network to launch a supply
chain attack. (to
the original material)
- Why
the cybersecurity industry needs to
change its siloed perception. (to
the original material)
-
Israeli Government websites taken
offline in large-scale cyber-attack. (to
the original material)
-
Mobile devices see 466% annual
increase in zero-day attacks. (to
the original material)
-
Ukrainian targets hit by another
destructive malware variant. (to
the original material)
-
Clearview AI helping the Ukrainian war
effort. (to
the original material)
-
Raccoon Stealer using Telegram for
hidden communications. (to
the original material)
-
Lampion trojan returns with its old
attack infrastructure. (to
the original material)
-
MuddyWater uses SloughRAT to target
Turkey and Arabian peninsula. (to
the original material)
-
Facebook hit with $18.6 million GDPR
fine over 12 data breaches in 2018. (to
the original material)
-
Nearly 34 ransomware variants observed
in hundreds of cyberattacks in Q4
2021. (to
the original material)
-
CaddyWiper: Yet another data wiping
malware targeting Ukrainian networks.
(to
the original material)
-
Massive DDoS attack knocked Israeli
government websites offline. (to
the original material)
-
Germany advises citizens to uninstall
Kaspersky antivirus. (to
the original material)
-
OpenSSL patches crash-me bug triggered
by rogue certs. (to
the original material)
-
Microsoft Azure DevOps revives TLS
1.0/1.1 with rollback. (to
the original material)
- UK
Supreme Court snubs Assange
anti-extradition bid. (to
the original material)
-
Huge DDoS attack temporarily kicks
Israeli government sites offline. (to
the original material)
-
Russian demand for VPNs skyrockets by
2,692%. (to
the original material)
- UK
criminal defense lawyer hadn't patched
when ransomware hit. (to
the original material)
-
NASA in 'serious jeopardy' due to big
black hole in security. (to
the original material)
-
Russia's invasion of Ukraine tears
open political rift between
cybercriminals. (to
the original material)
-
Threat Advisory: CaddyWiper. (to
the original material)
-
Private Equity Firm snaps up RSA
conference. (to
the original material)
- You
should not trust Russia’s new “Trusted
Root CA”. (to
the original material)
-
Links in conflict: to click or not to
click. (to
the original material)
- A
Brief History of the evolution of
malware. (to
the original material)
-
Hard truths from Ukraine: The
government cannot save us in cyberwar.
(to
the original material)
-
1Password launches new tools to help
developers build secure software. (to
the original material)
-
Ukraine conflict puts organizations’
cyber-resilience to the test. (to
the original material)
-
Cloud security tool sprawl leads to
missed issues, false positives,
burnout and more. (to
the original material)
14.03.2022
-
News from cyber security.
-
Vulnerability Summary for the Week
of March 7, 2022. (to
the original material)
-
Building trust in a zero-trust
environment. (to
the original material)
-
How to contain a privileged access
breach and make sure it doesn’t
happen again. (to
the original material)
-
Women in cybersecurity: How far have
they come? (to
the original material)
-
The importance of building in
security during software
development. (to
the original material)
-
Poor data sanitization practices put
public sector data at risk. (to
the original material)
-
Model contract language for medical
technology cybersecurity published.
(to
the original material)
-
Fake antivirus updates used to
deploy Cobalt Strike in Ukraine. (to
the original material)
-
2021 mobile security: Android more
vulnerabilities, iOS more zero-days.
(to
the original material)
-
New CaddyWiper data wiping malware
hits Ukrainian networks. (to
the original material)
-
QNAP warns severe Linux bug affects
most of its NAS devices. (to
the original material)
-
Automotive giant DENSO hit by new
Pandora ransomware gang. (to
the original material)
-
Beers with Talos, Ep. #118:
Reflecting on the current situation
in Ukraine. (to
the original material)
-
Threat Advisory: Opportunistic cyber
criminals take advantage of Ukraine
invasion. (to
the original material)
- A
first look at threat intelligence
and threat hunting tools. (to
the original material)
-
Mobile threats skyrocket. (to
the original material)
-
Governments should decide who gets
to buy spyware. (to
the original material)
-
Embracing security by design:
Security isn't a pretty picture. (to
the original material)
-
EFF asks Federal Appellate Court to
re-hear important patent
transparency case. (to
the original material)
-
Psychology of misinformation: How to
avoid misleading information about
the war in Ukraine. (to
the original material)
-
Following the footsteps of the fake:
Phrases translated word for word
from Russian and promoted in the
Romanian online space. (to
the original material)
-
Cyberwarfare plays growing role in
the Russia-Ukraine conflict. (to
the original material)
-
Do traditional antivirus solutions
still have a role in the age of AI?
[Q&A]. (to
the original material)
-
Back to basics: Blocking phishing to
prevent ransomware. (to
the original material)
-
Can an HTTPS website be hacked? (to
the original material)
-
CTO Q&A: Monitoring for emerging
cyberthreats during global conflict.
(to
the original material)
-
Debate over cybersecurity reporting
divides CISA and FBI. (to
the original material)
-
US cybersecurity agency concludes
massive exercise. (to
the original material)
-
Majority of IT pros view the hybrid
cloud as a permanent destination. (to
the original material)
-
The unique challenges of companies
born in the cloud. (to
the original material)
-
Researchers discover a fourth
distinct wiper malware used in
Ukraine. (to
the original material)
-
Not another NotPetya: Ukraine
conflict renews calls from CISOs for
healthcare threat sharing. (to
the original material)
-
New narrative forms on
Russia-Ukraine cyberwar as Viasat
outage investigated. (to
the original material)
-
Data breach at US heart disease
treatment center impacts 287,000
individuals. (to
the original material)
-
Prison service for England and Wales
recorded more than 2,000 data
breaches over 12 months. (to
the original material)
-
‘Cybersecurity incident’ at Ubisoft
disrupts operations, forces
company-wide password reset. (to
the original material)
-
Utility Cybersecurity: Situational
awareness cuts risk. (to
the original material)
-
Automotive giant Denso confirms
hack, Pandora ransomware group takes
credit. (to
the original material)
-
Ukraine reportedly adopts Clearview
AI to track Russian invaders. (to
the original material)
-
Ubisoft reveals 'security incident'
forcing company-wide password
refresh. (to
the original material)
-
Russia's War further complicates
cybercrime ransom payments. (to
the original material)
-
LockBit ransomware gang reportedly
to leak Bridgestone data. (to
the original material)
-
Top Cyber Officials say Russians may
yet escalate cyberwar. (to
the original material)
-
Toyota parts supplier Denso confirms
ransomware attack. (to
the original material)
-
Why a Zero Trust Approach in
healthcare Is becoming critical. (to
the original material)
-
CHS pays false claims Act Settlement
involving EMR Security. (to
the original material)
-
Ubisoft reports 'Cyber Security
Incident'. (to
the original material)
-
Sound Off: What's in OMB's (U.S.
Office of Management and Budget)
latest cybersecurity guidance? (to
the original material)
-
Ukrainian hackers say HackerOne is
blocking their bug bounty payouts
(updated). (to
the original material)
- NH:
Litchfield School District employee
wrongdoing created student data
security incident. (to
the original material)
- The
Human factor in data security
breaches. (to
the original material)
-
Ukraine war has insurers worried about
cyber policies. (to
the original material)
-
Discord is plagued by hackers and
users say the company doesn’t care. (to
the original material)
- The
VC View: Incident Response and SOC
Evolution. (to
the original material)
-
RagnarLocker targets critical
infrastructure, sidestepping security.
(to
the original material)
-
Canada Cops arrests teen cyber-attack
suspect. (to
the original material)
- UK
unveils new cyber flashing law. (to
the original material)
- The
Zero Trust Journey: How to mitigate
cyber-risk in the post-pandemic era. (to
the original material)
-
Exclusive: iboss issues School
District cybersecurity warning. (to
the original material)
- Top
10: Cyber-Secure countries. (to
the original material)
-
#HowTo: Build the right skills to
become a CISO. (to
the original material)
- SCA
rules come into force today for
E-commerce transactions. (to
the original material)
-
Critical infrastructure threat as
ransomware groups target 'Enemies of
Russia'. (to
the original material)
-
Legal practice fined £100k after
hacker stole Court info. (to
the original material)
-
FCA: Crypto ATMs are illegal in the
UK. (to
the original material)
-
Kronos ransomware attack raises
questions of vendor liability. (to
the original material)
-
Falcon OverWatch threat hunting
uncovers ongoing NIGHT SPIDER Zloader
campaign. (to
the original material)
-
China thrilled it captured
already-leaked NSA cyber-weapon. (to
the original material)
-
Viasat, Rosneft hit by cyberattacks as
Ukraine war spills online. (to
the original material)
-
China: Attacks from US IP addresses
hit us, moved on to Russia and
Ukraine. (to
the original material)
-
Russia labels Meta an 'extremist'
organization, bans Instagram. (to
the original material)
-
Taiwan rounds up 60 Chinese tech
workers on suspicion of poaching tech
and people. (to
the original material)
13.03.2022
-
News from
cyber security.
-
Fake Valorant
cheats on
YouTube infect
you with
RedLine
stealer. (to
the original
material)
-
Week in
review: Linux
bug gives root
access to
attackers, UPS
devices’
vulns, IoT
security for
OEMs. (to
the original
material)
-
The Foilies
2022
(Recognizing
the year's
worst in
government
transparency).
(to
the original
material)
12.03.2022
-
News
from cyber
security.
-
VPN provider bans
BitTorrent after
getting sued by film
studios. (to
the original
material)
-
Android malware
Escobar steals your
Google Authenticator
MFA codes. (to
the original
material)
-
Ubisoft confirms
'cyber security
incident', resets
staff passwords. (to
the original
material)
-
Attackers created
terabytes of DDoS
attack traffic using a
single packet. (to
the original
material)
-
Building threat
intelligence
capabilities in
wartime. (to
the original
material)
-
Iranian APT: New
methods to target
Turkey, Arabian
Peninsula. (to
the original
material)
-
Fresno lost more than
$600,000 to a phishing
scam in 2020, but we
weren’t supposed to
know - yet. (to
the original
material)
-
Dominican Republic
hackers steal US$2.7M
in welfare cards. (to
the original
material)
-
Another technology
management resources
client reports a data
breach. (to
the original
material)
-
KS: Labette Health
discloses October,
2021 data security
incident. (to
the original
material)
-
NHS Management, LLC
issues updated
statement about
cyberattack in 2021. (to
the original
material)
-
Ubisoft says it
experienced a ‘cyber
security incident’,
LAPSUS$ group claims
credit for attack. (to
the original
material)
11.03.2022
-
News
from cyber
security.
-
Kali Linux on
bare-metal gets
snapshotting
functionality. (to
the original
material)
-
New infosec products
of the week: March 11,
2022. (to
the original
material)
-
What is fueling the
adoption of
passwordless
authentication?. (to
the original
material)
-
Consumers don’t think
they can dodge
identity fraud. (to
the original
material)
-
Organizations need to
evolve their data
management strategy. (to
the original
material)
-
Consumers demand a
digital banking
experience with
security at its
foundation. (to
the original
material)
-
LockBit ransomware
gang claims attack on
Bridgestone Americas.
(to
the original
material)
-
Kali Linux adds
VM-like snapshot
feature to bare-metal
installs. (to
the original
material)
-
Russia bans Instagram,
a week after blocking
Facebook, Twitter. (to
the original
material)
-
DuckDuckGo down-ranks
sites spreading
Russian propaganda. (to
the original
material)
-
New ONE PIECE anime
episodes delayed after
Toei cyberattack. (to
the original
material)
-
Russian defense firm
Rostec shuts down
website after DDoS
attack. (to
the original
material)
-
Threat Roundup for
March 4 to March 11. (to
the original
material)
-
Emergency
Preparedness: How to
protect your personal
technology from
disasters. (to
the original
material)
-
Week in security with
Tony Anscombe. (to
the original
material)
-
ESET Research webinar:
How APT groups have
turned Ukraine into a
cyber‑battlefield. (to
the original
material)
-
Understanding and
managing heightened
cyber risk in a time
of conflict. (to
the original
material)
-
Didi said to halt Hong
Kong listing plan on
cyber security probe.
(to
the original
material)
-
Avast suspends
operations in Russia
and Belarus. (to
the original
material)
-
French Bank denies
access to Russian
workforce. (to
the original
material)
-
Investigate and
recover from
ransomware attacks
with digital
forensics. (to
the original
material)
-
NetWalker suspect
extradited to US. (to
the original
material)
-
Anonymous claims to
have leaked over
360,000 files from
Russian Federal
Agency. (to
the original
material)
-
UK announces
legislation to govern
digital identity
security. (to
the original
material)
-
5 Cybersecurity rules
to protect yourself as
an online financial
trader. (to
the original
material)
-
#DSbD: Cybersecurity
advances must focus on
building trust in
technologies. (to
the original
material)
-
Ukrainian IT Army
hijacked by
info-stealing malware.
(to
the original
material)
-
SEC proposes four-day
breach notification
rules. (to
the original
material)
-
Vodafone and Mercado
Libre likely hit by
ransomware attacks. (to
the original
material)
-
Identity attacks
threaten workloads,
not just humans. (to
the original
material)
-
Ukrainian man arrested
for alleged Role in
ransomware attack on
Kaseya, others. (to
the original
material)
-
How to combat the No.
1 cause of security
breaches: Complexity.
(to
the original
material)
-
Over 40% of Log4j
downloads are
vulnerable versions of
the software. (to
the original
material)
-
Are Ukraine’s drone
capabilities being
throttled in
Russia-Ukraine
conflict? (to
the original
material)
-
Nearly 70% of tested
ServiceNow instances
leaking data. (to
the original
material)
-
Web application
attacks soar as
attackers get more
professional. (to
the original
material)
-
Almost 90 percent of
cyberattacks in March
targeted against
Russia and Ukraine. (to
the original
material)
-
Microsoft fixes
‘AutoWarp’
vulnerability in Azure
Automation inside of
four day. (to
the original
material)
-
SEC proposes new rules
for public companies
to report breaches in
four days. (to
the original
material)
-
Prepare for
third-party
cyberattacks in the
wake of the
Russia-Ukraine
conflict. (to
the original
material)
-
Managed service
providers more often
the targets of
cyberattacks versus
their customers. (to
the original
material)
-
Palo Alto’s Prisma
Cloud aims to lock
down the supply chain.
(to
the original
material)
-
In a first, Ukraine
leaks Russian
intellectual property
as act of war. (to
the original
material)
-
Detectify’s Surface
Monitoring Review -
Security Weekly Labs.
(to
the original
material)
-
Cyberattack on Norwood
Clinic compromises
data tied to 228K
patients. (to
the original
material)
-
Congress approves
cyber incident
reporting for critical
infrastructure. (to
the original
material)
-
Stats widget hacked in
attempt to breach
Russian government
agency websites. (to
the original
material)
-
UK ferry operator
Wightlink flags
potential data breach
after ‘highly
sophisticated’
cyber-attack. (to
the original
material)
-
Microsoft praised for
quickly resolving
Azure Automation cloud
security
vulnerability. (to
the original
material)
-
Anonymous reportedly
hacks Russian
censorship agency. (to
the original
material)
-
US Congress passes
cyber incident
reporting mandate. (to
the original
material)
-
What's in the $1.5
Trillion spending bill
for HHS Agencies? (to
the original
material)
-
Why identity and
access management is
weak in healthcare. (to
the original
material)
-
US Nabs Alleged
Ransomware Operators -
One Tied to Kaseya. (to
the original
material)
-
Cybersecurity picture
inside Russia grows
more complicated. (to
the original
material)
-
ISMG Editors:
Cryptocurrency
Special. (to
the original
material)
-
Russia-Ukraine
Updates: Cybersecurity
news amid conflict. (to
the original
material)
-
Proof of Concept:
What's the reality of
passwordless? (to
the original
material)
-
ISO 27002:2022:
Unpacking the InfoSec
Management Standard. (to
the original
material)
-
Ukraine's 'IT Army'
call-up: Don't try
this at home. (to
the original
material)
10.03.2022
-
News
from cyber security.
-
Dirty Pipe privilege
escalation vulnerability in
Linux. (to
the original material)
-
Cyber Threat Warnings: The ins
and outs of consumer outreach.
(to
the original material)
-
Cybersecurity Week News
(10.03.2022). (to
the original material)
-
Does the future of digital
identity offer us greater
security and convenient
experiences? (to
the original material)
-
War in Ukraine: What type of
cyber attacks can we expect
next? (to
the original material)
-
Organizations need to change
their current password usage
and policies, and do it fast.
(to
the original material)
-
Why are CAPTCHAs still used? (to
the original material)
-
ITOps teams are getting buried
beneath too many disparate
solutions for endpoint
management. (to
the original material)
-
Organizations taking nearly
two months to remediate
critical risk vulnerabilities.
(to
the original material)
-
Businesses under pressure as
consumers exercise their
privacy rights. (to
the original material)
-
Still too many parents don’t
monitor their children’s
online activity. (to
the original material)
-
Facial recognition market to
reach $12.67 billion by 2028.
(to
the original material)
-
Corporate website contact
forms used to spread
BazarBackdoor malware. (to
the original material)
-
Malware disguised as security
tool targets Ukraine's IT
Army. (to
the original material)
-
REvil ransomware member
extradited to U.S. to stand
trial for Kaseya attack. (to
the original material)
-
SEC (Securities Exchange
Commission) wants public
companies to report breaches
within four days. (to
the original material)
-
Russia creates its own TLS
certificate authority to
bypass sanctions. (to
the original material)
-
TR-68 - Best practices in
times of tense geopolitical
situations. (to
the original material)
-
Talos Threat Source newsletter
(March 10, 2022) - Fake social
media posts spread in wake of
Ukraine invasion. (to
the original material)
-
Iranian linked conglomerate
MuddyWater comprised of
regionally focused subgroups.
(to
the original material)
-
True or false? How to spot -
and stop - fake news. (to
the original material)
-
Lessons on tax scams from the
IRS Dirty Dozen over the
years. (to
the original material)
-
Tiger’s stamp of approval is
coming for the early stage. (to
the original material)
-
SecurityScorecard Discovers
new botnet, ‘Zhadnost,’
responsible for Ukraine DDoS
attacks. (to
the original material)
-
Exploiting a use-after-free in
Windows Common Logging File
System (CLFS). (to
the original material)
-
Colorado Elections Clerk
charged with identity theft. (to
the original material)
-
Qakbot debuts new technique. (to
the original material)
-
Alleged Kaseya attacker
extradited to US. (to
the original material)
-
AI Accountability framework
created to guide use of AI in
security. (to
the original material)
-
Defending against
cyber-threats - Think like an
attacker. (to
the original material)
-
90% of MSPs (Managed
Service Provider)
hit by a successful
cyber-attack in the past 18
months. (to
the original material)
-
UK Security Agency issues new
guidance on data center
protection. (to
the original material)
-
Conti group spent $6m on
salaries, tools and services
in a year. (to
the original material)
-
Over 90% of exposed Russian
cloud databases compromised. (to
the original material)
-
Why you should be using CISA's
Catalog of exploited vulns. (to
the original material)
-
Security teams prep too slowly
for cyberattacks. (to
the original material)
-
Ex-Canadian government
employee charged in NetWalker
ransomware attacks. (to
the original material)
-
Log4j and Livestock apps:
APT41 wages persistent
cyberattack campaign on US
government. (to
the original material)
-
Cyber incident reporting
measures approved in the
omnibus spending bill. (to
the original material)
-
Dirty Pipe root Linux
vulnerability can also impact
containers. (to
the original material)
-
How the NTIA (National
Telecommunications and
Administration) can fund
future-proof open access
fiber. (to
the original material)
-
Here’s how ICE illegally
obtained bulk financial
records from Western
Union. (to
the original material)
-
Big Tech pay-outs to
European ISPs would just
concentrate their power.
(to
the original material)
-
Federal Court in
Virginia holds Geofence
Warrant violates
Constitution. (to
the original material)
-
Utah: Urge Governor Cox
to veto this weak sata
privacy bill. (to
the original material)
-
When it comes to
ransomware, don't forget
the basics. (to
the original material)
-
Linux vulnerability
allowed root-level
access. (to
the original material)
-
RagnarLocker ransomware
struck 52 critical
infrastructure entities
within two years - FBI.
(to
the original material)
-
1Password increases bug
bounty reward to $1
million. (to
the original material)
-
Middleboxes now being
used for DDoS attacks in
the wild, Akamai finds.
(to
the original material)
-
Internet experts propose
blocking culpable
Russian sites. (to
the original material)
-
Cryptocurrency executive
order: 'It's a Clarion
call'. (to
the original material)
-
Analysis: President
Biden's tech package
seeks Ukraine aid. (to
the original material)
-
Why application security
needs more attention in
healthcare. (to
the original material)
09.03.2022
-
News
from cyber security.
-
Updated: Conti ransomware. (to
the original material)
-
Data privacy laws are an
opportunity to become more
honest in reaching your
target audience. (to
the original material)
-
Understanding US Defense
Department’s relaxed
cybersecurity protocols
under CMMC 2.0. (to
the original material)
-
Mid-market tackling high
rate of costly attacks,
worsened by complex, siloed
defences and staff burnout.
(to
the original material)
-
Sharp rise in SMB
cyberattacks by Russia and
China. (to
the original material)
-
Consumers fed up with
passwords and KBAs (Knowledge
Based Authentication
Questions), looking
to voice enabled
technology as the future.
(to
the original material)
-
Small business owners
worried about the
cybersecurity of their
commercial vehicles. (to
the original material)
-
Chinese phishing actors
consistently targeting
EU diplomats. (to
the original material)
-
Russian government sites
hacked in supply chain
attack. (to
the original material)
-
Clearview AI fined €20M
for collecting Italians’
biometric data. (to
the original material)
-
US Treasury: Russia may
bypass sanctions using
ransomware payments. (to
the original material)
-
Intel, AMD, Arm warn of
new speculative
execution CPU bugs. (to
the original material)
-
Hackers fork open-source
reverse tunneling tool
for persistence. (to
the original material)
-
Nearly 30% of critical
WordPress plugin bugs
don't get a patch. (to
the original material)
-
CISA updates Conti
ransomware alert with
nearly 100 domain names.
(to
the original material)
-
China hacked at least
six U.S. state
governments, report
says. (to
the original material)
-
New Microsoft Defender
preview now available
for Windows, Android and
iOS. (to
the original material)
-
Beware the three percent
- tiny proportion of
users account for most
malware incidents. (to
the original material)
-
Don't panic! Knowledge,
skill and judgment are
key to cybersecurity
responses. (to
the original material)
-
Demystifying e-commerce
website security. (to
the original material)
-
Forrester: Women
represent 24% of the
cyber workforce
globally. (to
the original material)
-
How ‘buy now, pay later’
services present cyber
risks for consumers. (to
the original material)
-
Symantec tracked down
one developer of
‘China’s most advanced
piece of malware’. (to
the original material)
-
National cyber director
focused on staffing,
promoting safe software
and boosting workforce.
(to
the original material)
-
Fraudsters target
e-commerce as online
transactions become the
‘new normal’. (to
the original material)
-
Threat advisory:
Cybercriminals
compromise users with
malware disguised as
pro-Ukraine cyber tools.
(to
the original material)
-
Securing healthcare: An
IT health check on the
state of the sector. (to
the original material)
-
SEC to vote on new
cybersecurity disclosure
rules as Ukraine crisis
gives them ‘special
relevance’. (to
the original material)
-
Consumers worried about
digital banking
security. (to
the original material)
-
New Zealand identifies
90,000 CSAM (Child
Sexual Abuse
Material)
trading accounts. (to
the original material)
-
Romanian extradited to
US to face cybercrime
charge. (to
the original material)
-
UK announces new rules
to tackle surging online
scam adverts. (to
the original material)
-
#DSbD: UK could face a
“Cyber Disaster” on its
current security
trajectory. (to
the original material)
-
Car Dealership employees
begin legal case
following breach. (to
the original material)
-
Chinese APT41 group
compromises six US
government networks. (to
the original material)
-
Microsoft fixes 71 bugs
including three zero
days. (to
the original material)
-
Prison for man who
scammed US government to
buy Pokémon card. (to
the original material)
-
FBI Alert: Ransomware
attacks hit critical
infrastructure
organizations. (to
the original material)
-
Biden’s cryptocurrency
executive order
addresses illicit
financial risks. (to
the original material)
-
High-impact DDoS attacks
target zero-day exploit
in Mitel systems. (to
the original material)
-
Using your phone in
times of crisis. (to
the original material)
-
Exploit chain allows
security researchers to
compromise Pascom phone
systems. (to
the original material)
-
Government agencies in
Ukraine targeted in
cyber-attacks deploying
MicroBackdoor malware. (to
the original material)
-
Critical Axeda
vulnerabilities pose
takeover risk to
hundreds of IoT devices.
(to
the original material)
-
Former US cyber official
warns of Russian war
repercussions. (to
the original material)
-
2 Healthcare hacking
incidents affect 310,000
patients. (to
the original material)
-
How Lapsus$ uses stolen
source code to disguise
malware. (to
the original material)
-
President Joe Biden
signs executive order on
cryptocurrency. (to
the original material)
-
The Fifth Option in risk
treatment. (to
the original material)
-
The Ultimate privacy
betrayal: Personal DNA
used for undisclosed
purposes, without
permission. (to
the original material)
08.03.2022
-
News
from cyber security.
-
Adobe releases security
updates for multiple
products. (to
the original material)
-
SAP releases March 2022
security updates. (to
the original material)
-
Microsoft releases March
2022 security updates. (to
the original material)
-
March 2022 Patch Tuesday:
Microsoft fixes RCEs in
RDP client, Exchange
Server. (to
the original material)
-
Mozilla releases security
updates for Firefox and
Firefox ESR. (to
the original material)
-
FBI releases Indicators of
Compromise for
RagnarLocker ransomware. (to
the original material)
-
CISA releases security
advisory on PTC Axeda
Agent and Desktop Server.
(to
the original material)
-
ALERT: Using Signal
messaging. (to
the original material)
-
Incidents handling and
cybercrime investigations.
(to
the original material)
-
Widely used UPS devices
can be hijacked and
destroyed remotely. (to
the original material)
-
Easily exploitable Linux
bug gives root access to
attackers (CVE-2022-0847).
(to
the original material)
-
ICS vulnerability
disclosures surge 110%
over the last four years.
(to
the original material)
-
5 steps that simplify IoT
security for OEMs. (to
the original material)
-
Increasing security for
single page applications
(SPAs). (to
the original material)
-
Fraud detection and
prevention costs merchants
more than fraud itself. (to
the original material)
-
Improve your
organization’s cyber
hygiene with CIS CSAT Pro.
(to
the original material)
-
70% of breached passwords
are still in use. (to
the original material)
-
APC UPS zero-day bugs can
remotely burn out devices,
disable power. (to
the original material)
-
Android's March 2022
security updates fix three
critical bugs. (to
the original material)
-
Microsoft March 2022 Patch
Tuesday fixes 71 flaws, 3
zero-days. (to
the original material)
-
HP patches 16 UEFI
firmware bugs allowing
stealthy malware
infections. (to
the original material)
-
Google: Chinese hackers
target Gmail users
affiliated with US govt. (to
the original material)
-
ProtonMail urges Russian
users to renew as payment
options dry up. (to
the original material)
-
Cloudflare to auto-brick
servers that go offline in
Ukraine, Russia. (to
the original material)
-
DDoS attacks now use new
record-breaking
amplification vector. (to
the original material)
-
Emotet growing slowly but
steadily since November
resurgence. (to
the original material)
-
E-commerce giant Mercado
Libre confirms source code
data breach. (to
the original material)
-
Google: Russia, China,
Belarus state hackers
target Ukraine, Europe. (to
the original material)
-
CISA: Patch actively
exploited Firefox
zero-days until March
21st. (to
the original material)
-
Access: 7 vulnerabilities
impact medical and IoT
devices. (to
the original material)
-
Majority of attacks on
SaaS platforms come from
Russia and China. (to
the original material)
-
Bitdefender launches new
password manager for
consumers. (to
the original material)
-
Passwordless technology is
key to reducing risk and
improving user experience.
(to
the original material)
-
Supply chain
vulnerabilities hit
medical and IoT devices. (to
the original material)
-
The next evolution of BEC:
virtual conferencing and
deepfakes. (to
the original material)
-
Google: Nation-state
threat groups targeting
European governments,
organizations. (to
the original material)
-
FBI issues IoCs to help
organizations defend
against RagnarLocker
ransomware. (to
the original material)
-
Crypto exchange Coinbase
says it already blocks
25,000 Russian addresses.
(to
the original material)
-
‘This isn’t your war’: As
frustration breeds
hacktivism for Ukraine,
experts weigh sitting out.
(to
the original material)
-
Why Google’s $5.4 billion
Mandiant deal may be an
‘inflection point’ for
security industry. (to
the original material)
-
FBI pushes for ‘real time’
cyber incident reporting
mandates, liability
protections. (to
the original material)
-
Chinese APT leveraged zero
days - including Log4j -
to compromise US state
governments. (to
the original material)
-
Patched vulnerability in
widely used UPS devices
allows attackers to
control power backup
system. (to
the original material)
-
Microsoft Patch Tuesday
for March 2022 - Snort
rules and prominent
vulnerabilities. (to
the original material)
-
Business continuity
management: The key to
securing your digital
future. (to
the original material)
-
New attack bypasses
hardware defenses for
Spectre flaw in Intel and
ARM CPUs. (to
the original material)
-
Google acquires Mandiant
to enhance Google Cloud
security suite. (to
the original material)
-
Critical flaws in APC
uninterruptible power
supplies poses risks to
mission-critical devices.
(to
the original material)
-
Electronics retailer
Adafruit apologises after
training data containing
real customer info leaks
onto GitHub. (to
the original material)
-
Reports: White House set
to issue executive order
on crypto. (to
the original material)
-
Feds warn of 7 flaws
affecting medical devices,
IoT gear. (to
the original material)
-
Ransomware groups target
global critical
infrastructure. (to
the original material)
-
Modern MDR: Why it's
mission-critical. (to
the original material)
-
Free cybersecurity tools
offered to hospitals and
utilities. (to
the original material)
07.03.2022
-
News
from cyber security.
-
CISA’s Zero Trust
Guidance for enterprise
mobility available for
public comment. (to
the original material)
-
CISA adds 11 known
exploited
vulnerabilities to
Catalog. (to
the original material)
-
Mozilla releases
security updates for
multiple products. (to
the original material)
-
Vulnerability Summary
for the Week of February
28, 2022. (to
the original material)
-
Press release: Cyber
security incident at
Rompetrol. (to
the original material)
-
Mozilla fixes Firefox
zero-days exploited in
the wild
(CVE-2022-26485,
CVE-2022-26486). (to
the original material)
-
IT leaders confident in
their ability to manage
a ransomware attack:
They should know better.
(to
the original material)
-
Every business is a
cybersecurity business.
(to
the original material)
-
Solving the problem of
secrets sprawling in
corporate codebases. (to
the original material)
-
How frustrated and
burned out are security
analysts? (to
the original material)
-
BBC targeted with
383,278 spam, phishing
and malware attacks
every day. (to
the original material)
-
Coinbase blocks over
25,000 Russian-linked
crypto addresses. (to
the original material)
-
Dozens of COVID passport
apps put user's privacy
at risk. (to
the original material)
-
FBI: Govt officials
impersonated in
widespread extortion
schemes. (to
the original material)
-
Samsung confirms hackers
stole Galaxy devices
source code. (to
the original material)
-
Piracy OK: Russia to
ease software licensing
rules after sanctions. (to
the original material)
-
Microsoft fixes critical
Azure bug that exposed
customer data. (to
the original material)
-
Rompetrol gas station
network hit by Hive
ransomware. (to
the original material)
-
Industrial systems see
more vulnerabilities,
greater threat. (to
the original material)
-
Researchers find new way
to neutralize
side-channel memory
attacks. (to
the original material)
-
EFF to European Court:
“Right to be Forgotten”
shouldn’t stop the
public from reading the
news. (to
the original material)
-
Lapsus$ strikes again -
190GB Samsung data
release by Nvidia
hackers. (to
the original material)
-
PressReader suffers
cyber-attack. (to
the original material)
-
Weight management
companies settle data
privacy suit. (to
the original material)
-
Samsung source codes
stolen. (to
the original material)
-
A critical component of
a layered approach to
cybersecurity: SIEMaaS
(SIEM-as-a-Service). (to
the original material)
-
Blaming users for
security fails: Oh, yes
we should vs. Oh, no we
shouldn’t. (to
the original material)
-
Cameras, video analytics
and legislation: Top
video privacy trends of
2022. (to
the original material)
-
#HowTo: Prepare for the
future of electronic
identities. (to
the original material)
-
Musk warns Starlink
could attract Russian
bombs. (to
the original material)
-
Counterfeit and pirated
imports surge during
pandemic. (to
the original material)
-
Ukraine set to join NATO
Cyber Hub. (to
the original material)
-
Deep dive:
Vulnerabilities in ZTE
router could lead to
complete attacker
control of the device. (to
the original material)
-
MS Office files involved
again in recent Emotet
trojan campaign - Part
I. (to
the original material)
-
Fake purchase order used
to deliver Agent Tesla.
(to
the original material)
-
Organizations take two
months to patch critical
vulnerabilities. (to
the original material)
-
How to create a website
maintenance schedule. (to
the original material)
-
Time to remove politics
from cybersecurity
research. (to
the original material)
-
Android banking trojan
SharkBot distributed via
Google Play Store. (to
the original material)
-
KnowBe4 asks security
pros for input on its
Security Culture
Maturity Model. (to
the original material)
-
Samsung confirms Galaxy
device source code
leaked after breach. (to
the original material)
-
Fortinet ceases
operations within
Russia. (to
the original material)
-
How to move beyond
cybersecurity compliance
in healthcare? Focus on
clinician workflows. (to
the original material)
-
Draft registration
system gets $6 million
in funding for cyber,
data analysis upgrades.
(to
the original material)
-
Kaseya CISO talks
security through the
lens of law enforcement.
(to
the original material)
-
Fresh flaws in Facebook
Canvas earn bug bounty
hunter a second payday.
(to
the original material)
-
Utah privacy bill places
tighter controls on
consumer data. (to
the original material)
-
Critical Firefox
zero-day bugs allow RCE,
Sandbox escape. (to
the original material)
-
Samsung confirms Lapsus$
ransomware hit, source
code leak. (to
the original material)
-
NVIDIA’s stolen
code-signing certs used
to sign malware. (to
the original material)
-
Ukraine fighting
first-ever 'Hybrid War'
- Cyber Official. (to
the original material)
-
White House requests
billions in tech aid for
Ukraine. (to
the original material)
-
Russia-Ukraine Updates:
Cybersecurity news amid
conflict. (to
the original material)
-
Federal report offers
healthcare cyberattack
trend insights. (to
the original material)
-
Days-long DDoS attack
with embedded ransom
note mitigated. (to
the original material)
-
IsaacWiper and
HermeticWizard: New
wiper and worm malware
targeting Ukraine. (to
the original material)
-
Cyber‑readiness in the
face of an escalated
gray zone conflict. (to
the original material)
-
Cloudflare, CrowdStrike,
and Ping Identity join
forces to strengthen
U.S. cybersecurity in
light of increased cyber
threats. (to
the original material)
-
Long delay before
Cybersecurity NSW
notified of Accellion
hack. (to
the original material)
-
OH: Hilliard City
Schools evaluating
protocols after
releasing 4,200 names of
students in
public-information
request. (to
the original material)
-
CISA informs
organizations of flaws
in unsupported
Industrial Telecontrol
devices. (to
the original material)
-
New Linux bug gives root
on all major distros,
exploit released. (to
the original material)
-
FBI: Ransomware gang
breached 52 US critical
infrastructure orgs. (to
the original material)
-
How to keep customers
safe with the correct
print security strategy.
(to
the original material)
06.03.2022
- News
from cyber security.
- Adafruit
discloses data leak from ex-employee's GitHub
repo. (to
the original material)
- How to keep
customers safe with the correct print security
strategy. (to
the original material)
- Lapsus$
hackers leak Samsung source code and massive
data dump from security breach. (to
the original material)
- 2 New
Mozilla Firefox zero-day bugs under active
attack - Patch your browser ASAP! (to
the original material)
- Mozilla
Firefox 97.0.2 fixes two actively exploited
zero-day bugs. (to
the original material)
- Week in
review: Medical device IP protection, how to
select a CDR solution, Patch Tuesday forecast.
(to
the original material)
05.03.2022
- News
from cyber security.
- Malware now
using stolen NVIDIA code signing certificates.
(to
the original material)
- SharkBot
malware hides as Android antivirus in Google
Play. (to
the original material)
- Russia
shares list of 17,000 IPs allegedly DDoSing
Russian orgs. (to
the original material)
- More than
70% of SOC analysts experiencing burnout. (to
the original material)
- European
officials aiding the Ukrainian refugee
movement are under attack. (to
the original material)
- New
side-channel attack on Homomorphic Encryption.
(to
the original material)
- RuRAT
campaign uses innovative lure to target
potential victims. (to
the original material)
- Conti's
source code now publicly available. (to
the original material)
- New Linux
Kernel cgroups vulnerability could let
attackers escape container. (to
the original material)
- Leaked
stolen Nvidia cert can sign Windows malware. (to
the original material)
- Russia’s
invasion kicks Senate into cybersecurity law
mode. (to
the original material)
- Duncan
Regional Hospital notifies more than 92,000
patients of data security incident. (to
the original material)
- Hackers
leak 190GB of alleged Samsung data, source
code. (to
the original material)
- Hackers
report leaking 190GB of Samsung data, source
code. (to
the original material)
- The 'human
firewall' and the burden of securing your
organization. (to
the original material)
04.03.2022
- News
from cyber security.
- Press release:
Clarifications on DNSC responsibilities in the
context of blocking access to a website. (to
the original material)
- TikTok under
investigation in US over harms to children. (to
the original material)
- Nearly all
cybersecurity companies expose AWS assets -
Report. (to
the original material)
- Over 60% of SOC
analysts are planning to quit next year. (to
the original material)
- How to navigate
the complexity of SaaS management. (to
the original material)
- Russian claims
YouTube "misinformation" to blame for protests. (to
the original material)
- What security
engineers hate about SIEM. (to
the original material)
- Log4j forced a
cybersecurity wake-up call. (to
the original material)
- Attivo Networks
expands Active Directory protection. (to
the original material)
- Social media
phishing attacks are at an all time high. (to
the original material)
- CISA warns
organizations to patch 95 actively exploited bugs.
(to
the original material)
- New infosec
products of the week: March 4, 2022. (to
the original material)
- Perennial
security challenges hampering organizations in
achieving their security objectives. (to
the original material)
- March 2022 Patch
Tuesday forecast: Pressure mounts to resolve
vulnerabilities. (to
the original material)
- What is
Ransomware Protection as a Service? (to
the original material)
- MSPs see
cybersecurity as both a challenge and an
opportunity. (to
the original material)
- What is
challenging malware analysis? (to
the original material)
- The most
impersonated brands in phishing attacks. (to
the original material)
- Amazon:
Charities, aid orgs in Ukraine attacked with
malware. (to
the original material)
- The Week in
Ransomware - March 4th 2022 - The Conti Leaks. (to
the original material)
- Ukraine to join
NATO intel-sharing cyberdefense hub. (to
the original material)
- Hackers leak
190GB of alleged Samsung data, source code. (to
the original material)
- Experts urge EU
not to force insecure certificates in web
browsers. (to
the original material)
- Cisco joins long
list of security companies supporting Ukraine. (to
the original material)
- Russia-Ukraine
war exploited as lure for malware distribution. (to
the original material)
- Most
cybersecurity vendors at risk due to
internet-exposed IT assets. (to
the original material)
- DORA's (Digital
Operational Resilience Act) Global Reach and why
enterprises need to prepare. (to
the original material)
- Nvidia hackers
release code-signing certificates that malware can
abuse. (to
the original material)
- Senate passes
strengthening American Cybersecurity Act. (to
the original material)
- Cyber-Criminals
exploit invasion of Ukraine. (to
the original material)
- Vulnerabilities
in over 100k medical infusion pumps. (to
the original material)
- Ask The Experts:
How to stay on top of cyber-hygiene. (to
the original material)
- BBC points
Russians to the Tor version of itself. (to
the original material)
- NHS Digital's
demise bad for 55 million patients' privacy –
ex-chairman. (to
the original material)
- Week in security
with Tony Anscombe. (to
the original material)
- Emergency
preparedness: How to disaster‑proof your tech. (to
the original material)
- Regulator
announces Border Gateway protocol security review.
(to
the original material)
- ISMG Editors:
Are Hacktivists the new resistance fighters? (to
the original material)
- Template aims to
help add cyber in medical device contracts. (to
the original material)
- These are the
problems that cause headaches for bug bounty
hunters. (to
the original material)
- This Week in
Security News March 4, 2022. (to
the original material)
- Massive Meris
botnet embeds ransomware notes from REvil. (to
the original material)
- Free
HermeticRansom ransomware decryptor released. (to
the original material)
- Japanese beauty
retailer Acro blames third-party hack for breach
of 100k payment cards. (to
the original material)
- RCE
vulnerability in Dynamicweb enterprise software
could allow server compromise. (to
the original material)
- Equifax data
breach: Consumers unlikely to benefit financially
from final settlement. (to
the original material)
- Surfshark
launches free plug-in to help spot fake news. (to
the original material)
- Why we shouldn't
try to kick Russia off the internet. (to
the original material)
- Why Kubernetes
deployment needs a security first mindset
[Q&A]. (to
the original material)
- Hieu Minh Ngo’s
conviction and redemption. (to
the original material)
- 2021 / 2022 UK
Cybersecurity Census Report. (to
the original material)
- The true costs
of identity theft (it’s worse than you think). (to
the original material)
- Only 16% of
organizations have comprehensive DevSecOps in
place. (to
the original material)
- With Ukraine
driving urgency, CISA adds 95 bugs to its catalog
of known exploited vulnerabilities. (to
the original material)
- Role of US
agencies limited in protecting against BGP
hijacks, attacks on internet architecture. (to
the original material)
- New HSCC
insights target cybersecurity contract language
for medical tech. (to
the original material)
- Interview With
Chris Mayers – Citrix. (to
the original material)
03.03.2022
- News
from cyber security.
- NSA releases
network infrastructure security guidance. (to
the original material)
- CISA adds 95
known exploited vulnerabilities to Catalog. (to
the original material)
- Cisco releases
security updates for multiple products. (to
the original material)
- Cybersecurity
News of the Week (03.03.2022). (to
the original material)
- ALERT:
Attempted fraud with false donations for the cause
of Ukraine spread by e-mail. (to
the original material)
- CrowdStrike offers
fully managed
identity-threat-detection-as-a-service. (to
the original material)
- Conti gang members
fretted over Putin's Ukraine invasion. (to
the original material)
- Navigating data
privacy in the higher education ecosystem. (to
the original material)
- Why banks should
incorporate software bill of materials (SBOM) into
their third-party risk programs. (to
the original material)
- Phishing attacks
hit all-time high in December 2021. (to
the original material)
- The biggest threat
to ICS/OT is a lack of prioritization. (to
the original material)
- Look out for
identity theft and fraud crimes as tax season
begins. (to
the original material)
- The Linux
Foundation’s Census of OSS app libraries helps
prioritize security work. (to
the original material)
- NY OAG warns
T-Mobile data breach victims of identity theft
risks. (to
the original material)
- Malware campaign
impersonates VC firm looking to buy sites. (to
the original material)
- NVIDIA data breach
exposed credentials of over 71,000 employees. (to
the original material)
- Ukraine says local
govt sites hacked to push fake capitulation news. (to
the original material)
- Hacktivists,
cybercriminals switch to Telegram after Russian
invasion. (to
the original material)
- Free decryptor
released for HermeticRansom victims in Ukraine. (to
the original material)
- We all have a role
to play in helping find more cybersecurity workers
in education. (to
the original material)
- Beyond sightings,
across the cybersecurity landscape there are attacks
flows. (to
the original material)
- How neutral is
Kaspersky in the Ukraine cyberwar? (to
the original material)
- Attivo expands
Active Directory protection. (to
the original material)
- Malware is being
geared to evade AI-based defenses. (to
the original material)
- Ransomware is top
threat to financial services. (to
the original material)
- Hacker: The
Official Definition. (to
the original material)
- 5 Risks that can
cause your website to get reinfected. (to
the original material)
- Cyber insurance
won’t save you from ransomware. (to
the original material)
- BD discloses
hard-coded flaws impacting some Pyxis, Viper medical
devices. (to
the original material)
- MITRE launches
final first version of Engage deception framework. (to
the original material)
- Medical device
disclosures on the rise, but providers struggle to
patch known flaws. (to
the original material)
- Conti ransomware
gang dismantles infrastructure amid Ukraine row. (to
the original material)
- Facebook,
Microsoft were the top two impersonated brands for
phishing attacks in 2021. (to
the original material)
- API security
incidents affected 95% of organizations in the last
year. (to
the original material)
- Ransomware seen as
No. 1 threat of financial organizations. (to
the original material)
- Google WAF
bypassed via oversized POST requests. (to
the original material)
- Nvidia hackers
allegedly attempting to blackmail company into
open-sourcing GPU drivers. (to
the original material)
- We’re
‘firefighters’ for victims of armed conflict –
Hackers Without Borders co-founder on NGO’s timely
arrival. (to
the original material)
- Phishing
campaign targeted those aiding Ukraine refugees. (to
the original material)
- Russia leaks
data from a thousand cuts – Podcast. (to
the original material)
- Securing
Data With a Frenzied Remote Workforce – Podcast.
(to
the original material)
- Cyberattacks
are prominent in the Russia-Ukraine conflict. (to
the original material)
- US
KleptoCapture force to tackle cryptocurrency use
in Russian sanction avoidance. (to
the original material)
- Cyber
security tips in armed conflict zones. Here's
how Bitdefender helps. (to
the original material)
- 9 Essentials
for global CISOs during Russia's Ukraine war. (to
the original material)
- How the
Senate's Cyber Bill could affect health sector.
(to
the original material)
-
Russia-Ukraine updates: Cybersecurity news amid
conflict. (to
the original material)
- Phishers
target European Nations aiding Ukrainians. (to
the original material)
- Security
gaps in smart infusion pumps risk patient data.
(to
the original material)
- Making sense
of Putin's cyber restraint. (to
the original material)
- Intel touts
security improvements in 12th-gen Core CPUs. (to
the original material)
- Boardroom
does not see ransomware as a priority. (to
the original material)
- Use of
encrypted Telegram platform soars in Ukraine,
Russia. (to
the original material)
- ESET
Research Podcast: Ukraine’s past and present
cyberwar. (to
the original material)
- Cisco stands
on guard with our customers in Ukraine. (to
the original material)
- Current
executive guidance for ongoing cyberattacks in
Ukraine. (to
the original material)
- Consumer
Alert: Consumers impacted by T-Mobile data
breach at risk of potential identity theft. (to
the original material)
- Universities
should prepare for attacks. (to
the original material)
- Hacked
Ukrainian military emails used in attacks on
European Governments. (to
the original material)
- U.S. Gov
issues Stark warning, calling firmware security
a 'Single Point of Failure'. (to
the original material)
- Cisco
patches critical vulnerabilities in Expressway,
TelePresence VCS products. (to
the original material)
- Amazon Alexa
can be hijacked via commands from own speaker. (to
the original material)
- UK
government starts public consultation on telco
security. (to
the original material)
- New security
vulnerability affects thousands of GitLab
instances. (to
the original material)
- Russia
releases list of IPs, domains attacking its
infrastructure with DDoS attacks. (to
the original material)
- Researchers
demonstrate new side-channel attack on
Homomorphic Encryption. (to
the original material)
- Critical
patches issued for Cisco Expressway series,
TelePresence VCS products. (to
the original material)
- How to
automate offboarding to keep your company safe.
(to
the original material)
- Hackers who
broke into NVIDIA's network leak DLSS source
code online. (to
the original material)
- Report:
Nearly 75% of infusion pumps affected by severe
vulnerabilities. (to
the original material)
- U.S. Senate
passes cybersecurity Bill to strengthen critical
infrastructure security. (to
the original material)
- Data wiper
malware wreak havoc on Ukrainian organizations.
(to
the original material)
- Cyber-Attack
on New York Ethics Watchdog. (to
the original material)
- HHS issues
threat warning to US Healthcare sector. (to
the original material)
- Most
disclosed ICS vulnerabilities are low
complexity. (to
the original material)
- Deep
Learning: It's not too good to be true - It's
genuine progress. (to
the original material)
- #CCSE22: Why
are organizations getting zero trust "wrong"? (to
the original material)
- #CCSE22: The
Latest cybersecurity workforce trends. (to
the original material)
-
Vulnerability exploit attempts surge tenfold
against Ukrainian websites. (to
the original material)
- Russia
denies satellite hacking and warns of wider war.
(to
the original material)
- NATO
completes quantum-safe comms test. (to
the original material)
- Epic PsyOp -
Ukrainians leak 120,000 Russian troops’ info. (to
the original material)
- Attivo
Networks extends Microsoft Active Directory
Protection. (to
the original material)
- Cybersecurity
experts urge EU lawmakers to fix website
authentication proposal that puts internet users’
security and privacy at risk. (to
the original material)
- The Campaign to
shut down crucial documentary tool youtube-dl
continues - And so does the fight to save it. (to
the original material)
- Wartime is a
bad time to mess with the Internet. (to
the original material)
- Negotiations
over UN cybercrime treaty under way in New York,
with EFF and partners urging focus on human
rights. (to
the original material)
- Purported
massive leak of Russian soldiers' data could sink
morale, digital security. (to
the original material)
- Accelerated
ransomware attacks pressure targeted companies to
speed response. (to
the original material)
- How to get one
step ahead of mobile attacks. (to
the original material)
- Cybersecurity
mesh architecture: Hope or Hype? (to
the original material)
- 8-Character
passwords can be cracked in less than 60 minutes.
(to
the original material)
02.03.2022
- News
from cyber security.
- Google releases
security updates for Chrome. (to
the original material)
- SDP (Software
Defined Perimeter) solutions are true ZTNA
solutions: They trust no one. (to
the original material)
- How do I select a
CDR (Content Disarm and Reconstruction) solution for
my business? (to
the original material)
- How to keep your
medical device IP safe from cyber attacks. (to
the original material)
- Bad actors are
becoming more successful at evading AI/ML (Artificial
Intelligence/ Machine Learning) technologies.
(to
the original material)
- Security leaders
want legal action for failing to patch for Log4j. (to
the original material)
- How much do
different generations trust their mobile devices’
security? (to
the original material)
- Cyberattacks in
Ukraine soon could spill over to other countries. (to
the original material)
- Salt Security
Survey surfaces API security weaknesses. (to
the original material)
- Cybersecurity’s
evolution through 2022. (to
the original material)
- Ignoring US
cybersecurity vulnerabilities no longer an option. (to
the original material)
- #CCSE22: "Zero
Trust Model is becoming the default cyber posture,"
claims expert. (to
the original material)
- #CCSE22: The Need
to change course in user cybersecurity training. (to
the original material)
- The Rise of VR and
the transformation of the cybersecurity capability.
(to
the original material)
- Ghostwriter group
targets NATO refugee effort. (to
the original material)
- Nvidia admits
hackers stole employee and internal data. (to
the original material)
- Cyber Start-ups:
How to get off the ground and into the stratosphere.
(to
the original material)
- Apple and Google
turn off map features to help Ukraine. (to
the original material)
- Conti ransomware’s
source code Is now public. (to
the original material)
- Xenomorph trojan
spreading via Play Store to target European banks. (to
the original material)
- Hackers try to
target European officials to get info on Ukrainian
refugees, supplies. (to
the original material)
- Hackers begin
weaponizing TCP Middlebox Reflection for amplified
DDoS attacks. (to
the original material)
- Ukrainian sites
saw a 10x increase in attacks when invasion started.
(to
the original material)
- Over 100,000
medical infusion pumps vulnerable to years old
critical bug. (to
the original material)
- Russian space
agency says hacking satellites is an act of war. (to
the original material)
- Attacks abusing
programming APIs grew over 600% in 2021. (to
the original material)
- Log4shell exploits
now used mostly for DDoS botnets, cryptominers. (to
the original material)
- Phishing attacks
target countries aiding Ukrainian refugees. (to
the original material)
- Researchers devise
attack for stealing data during Homomorphic
Encryption. (to
the original material)
- Companies' code
leaking more passwords and secrets. (to
the original material)
- 3 Ways to expand
gender diversity in cybersecurity. (to
the original material)
- 7 Ways to secure
collaboration tools in your organization. (to
the original material)
- Russian-Themed
Phishing Emails Target Microsoft Users. (to
the original material)
- #CCSE22: How to
create a security first culture. (to
the original material)
- #CCSE22:
"Focusing on reducing time to containment is way
to reduce threat risk". (to
the original material)
- Rural Idaho
receives cybersecurity boost. (to
the original material)
- Swiss Bank
requests destruction of documents. (to
the original material)
- HSB survey
finds EV security fears. (to
the original material)
- MuddyWater
rounds up its arsenal with multi-malware sets. (to
the original material)
- Iranian hackers
introduce new malware to target Middle East. (to
the original material)
- TrickBot’s
AnchorDNS is now upgraded to AnchorMail. (to
the original material)
- Intel's
12th-gen Alder Lake processors will not include
Microsoft's Pluton security. (to
the original material)
- Details of
'120,000 Russian soldiers' leaked by Ukrainian
media. (to
the original material)
- Conti
ransomware group’s source code leaked. (to
the original material)
- EU, US close to
replacing defunct Privacy Shield II. (to
the original material)
- The
zero-password future can't come soon enough. (to
the original material)
- The Many faces
of threat intelligence Part 1: Identifying the
problems. (to
the original material)
- Google paid out
over $100,000 for vulnerabilities patched by
Chrome 99. (to
the original material)
- Open Source
Security Foundation now counts 60 members. (to
the original material)
- The Tel Aviv
company paid millions to stop cyber criminals. (to
the original material)
- Monongalia
Health System hacked again? Second incident report
in one year. (to
the original material)
- OT and ICS
vulnerabilities increase in the second half of
2021. (to
the original material)
- API attacks
increase almost 700 percent in the last year. (to
the original material)
- Less than a
quarter of directors see ransomware as a top
priority. (to
the original material)
- The password
hygiene message still isn't getting across to
consumers. (to
the original material)
- CrowdStrike
cracks PartyTicket ransomware targeting Ukraine. (to
the original material)
- Cyber companies
step up support for Ukraine. (to
the original material)
- SunSeed malware
hits those involved in Ukraine refugee relief. (to
the original material)
- ESET - For
companies, current conflict justifies increased
focus on cybersecurity processes and operations. (to
the original material)
- Russia-Ukraine
cryptocurrency scams detected by researchers. (to
the original material)
- US Senate
passes incident reporting, FISMA update Bill. (to
the original material)
- Insurance
broker AON discloses cyberattack. (to
the original material)
- Personal data
of 120,000 Russian soldiers published online. (to
the original material)
- Mon Health
reports breach soon after phishing incident. (to
the original material)
- Cloud Security:
With challenges come solutions. (to
the original material)
- Russia-Ukraine
conflict leverages phishing themes. (to
the original material)
- Prospect of
global cyberwarfare puts security teams on edge. (to
the original material)
- Threat
Spotlight: Attacks on Log4Shell vulnerabilities. (to
the original material)
- Logan Health
cyberattack, server hack leads to data access of
214K people. (to
the original material)
- Watchdog: CISA
must make critical infrastructure threats,
resources a higher priority. (to
the original material)
- What happens
during a ransomware attack: Understanding stages
of targeting and response. (to
the original material)
- Threat groups
with Russian ties, malware used in Ukraine prompts
alert for US health sector. (to
the original material)
- Only 23% of
board members consider ransomware their top
priority. (to
the original material)
- Android banking
trojan TeaBot levels up, spreads to more
countries. (to
the original material)
- Ukraine
invasion: WordPress-hosted university websites
hacked in ‘targeted attacks’. (to
the original material)
- Remote code
execution vulnerability uncovered in Hashnode
blogging platform. (to
the original material)
- Toyota shuts
down production after ‘cyber-attack’ on supplier.
(to
the original material)
- Conti
ransomware decryptor, TrickBot source code leaked.
(to
the original material)
- TeaBot trojan
haunts Google Play Store, again. (to
the original material)
- SMS PVA Part 3:
Countries most impacted by service. (to
the original material)
- Ukraine calls
for corporate support as Oracle suspends Russian
operations. (link
material original)
- TeaBot Android
Banking Trojan continues its global conquest with
new upgrades. (to
the original material)
- Maryland
officials outline package to tighten
cybersecurity. (to
the original material)
- Army of cyber
hackers rise up to back Ukraine. (to
the original material)
- Microsoft
Defender takes aim at Mid-Market. (to
the original material)
- Cyber Incident
Disclosure Bill passes in Senate amid fears of
Russian attacks. (to
the original material)
01.03.2022
- News
from cyber security.
- Toyota halts
production after suspected supply chain attack. (to
the original material)
- Toyota shutters 14
plants after probable cyberattack. (to
the original material)
- China-linked
malware targeted secure networks at 'multiple
governments'. (to
the original material)
- Microsoft: Russia
invasion of Ukraine ‘unlawful, unjustified’. (to
the original material)
- How to empower IT
Sec and Ops teams to anticipate and resolve IT
problems. (to
the original material)
- Apps, devices and
workloads provide an ecosystem cornerstone for zero
trust growth. (to
the original material)
- Lack of visibility
plaguing ICS environments. (to
the original material)
- IoT security is
foundational, not optional. (to
the original material)
- The importance of
balancing security requirements and employee user
experience. (to
the original material)
- Infosec products
of the month: February 2022. (to
the original material)
- Security and
vulnerability management market to reach $15.86
billion by 2030. (to
the original material)
- How businesses
benefited from cloud transformation. (to
the original material)
- Conti ransomware
source code leaked by Ukrainian researcher. (to
the original material)
- Microsoft rolling
out new endpoint security solution for SMBs. (to
the original material)
- TeaBot malware
slips back into Google Play Store to target US
users. (to
the original material)
- NVIDIA confirms
data was stolen in recent cyberattack. (to
the original material)
- Content filtering
devices abused for 65x DDoS amplification. (to
the original material)
- Hundreds of eBike
phishing sites abuse Google Ads to push scams. (to
the original material)
- New worm and data
wiper malware seen hitting Ukrainian networks. (to
the original material)
- 'Help Ukraine'
crypto scams emerge as Ukraine raises over $37
million. (to
the original material)
- Reality Winner's
Twitter account was hacked to target journalists. (to
the original material)
- Beyond the Hype:
AI's future in defensive cybersecurity. (to
the original material)
- CISO checklist for
offboarding security staff. (to
the original material)
- Rash of hacktivism
incidents accompany Russia’s invasion of Ukraine. (to
the original material)
- Revealed: Daxin -
‘China-Linked’ advanced stealth backdoor. (to
the original material)
- Enterprise malware
analysis efforts are lacking. (to
the original material)
- 2022 Cybersecurity
Forecast: The threat landscape & protecting your
organization. (to
the original material)
- NIST seeks
cybersecurity framework feedback. (to
the original material)
- Viasat attributes
outage to "Cyber Event". (to
the original material)
- China-Linked Daxin
backdoor shows unseen advanced capabilities. (to
the original material)
- Asylum Ambuscade:
State actor uses compromised private Ukrainian
military emails to target European governments and
refugee movement. (to
the original material)
- Decryptable
PartyTicket ransomware reportedly targeting
Ukrainian entities. (to
the original material)
- Critical bugs
reported in popular open source PJSIP SIP and Media
Stack. (to
the original material)
- Critical security
bugs uncovered in VoIPmonitor monitoring software. (to
the original material)
- TeaBot Android
banking malware spreads again through Google Play
Store apps. (to
the original material)
- Second new
'IsaacWiper' data wiper targets Ukraine after
Russian invasion. (to
the original material)
- Conti ransomware
gang's internal chats leaked online after siding
with Russia. (to
the original material)
- TrickBot malware
gang upgrades its AnchorDNS backdoor to AnchorMail.
(to
the original material)
- Microsoft finds
FoxBlade malware hit Ukraine hours before Russian
invasion. (to
the original material)
- China-linked Daxin
malware targeted multiple governments in espionage
attacks. (to
the original material)
- Victory! San
Francisco Mayor withdraws harmful measure against
surveillance oversight law. (to
the original material)
- Three ways to
defeat ransomware. (to
the original material)
- AON hit by cyber
attack. (to
the original material)
- Breach
Notification: Poor transparency complicates
response. (to
the original material)
- HC3: Destructive
malware targeting organizations in Ukraine. (to
the original material)
- Hackers interrupt
Catholic charity’s online press conference on
Ukraine. (to
the original material)
- Preparing for
cyberattacks and limiting liability. (to
the original material)
- Airline sues to
stop popular web-scraping service - American
Airlines v. The Points Guy. (to
the original material)
- Crowd-sourced
attacks present new risk of crisis escalation. (to
the original material)
- Feds warn health
sector of Ukraine-Russia conflict threats. (to
the original material)
- HHS OCR outlines
top HIPAA enforcement, rule-making plans. (to
the original material)
- US officials
tracking Russian cyberattack escalation risk. (to
the original material)
- China-Linked APT
actors deploying stealthy Daxin malware. (to
the original material)
- How Lapsus$ data
leak may affect Nvidia and its customers. (to
the original material)
- The OT threat
landscape in 2022. (to
the original material)
- Cybersecurity
Threat Advisory: Malware and ransomware attacks
against Ukrainian organizations continue. (to
the original material)
- SC In Focus: Linux
malware, beyond crypto-ransomware, and stopping more
attacks with high resolution intelligence. (to
the original material)
- Senate approves
cyber incident reporting rule for critical
infrastructure, FISMA reform. (to
the original material)
- Ransomware group
leaks Nvidia information after cyberattack on chip
maker. (to
the original material)
- Supply chain
integration issues costing 38% of companies $500,000
or more a year. (to
the original material)
- Private chat?
Chrome Skype extension with 9m installs found to be
leaking user info. (to
the original material)
- Critical GitLab
vulnerability could allow attackers to steal runner
registration tokens. (to
the original material)
- RCE bugs in hugely
popular VoIP apps: Patch Now! (to
the original material)
- Daxin espionage
backdoor ups the ante on Chinese malware. (to
the original material)
- Ukraine hit with
novel ‘FoxBlade’ trojan hours before invasion. (to
the original material)
- Microsoft accounts
targeted by Russian-themed credential harvesting. (to
the original material)
- Ukraine asks
cryptocurrency firms to block Russian users. (to
the original material)
- Google TAG removes
fraudulent 'influence' operations linked to Belarus,
Moldova, Ukraine. (to
the original material)
Archive:
Source:
Note Dorin M.
This site has a double
form, one in HTML and one in Joomla (if you are interested
in the utility behind this effort you can read the "Why
a HTML and a CMS (Joomla)" page).
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
Dorin M - March 04, 2022