Study - Technical - LMS-SFC EN) - Cyber Security - News Archive May 2022
Cyber Security - News Archive
May 2022
31.05.2022
-
News from cyber security.
-
Microsoft releases Workaround
Guidance for MSDT "Follina"
vulnerability. (to
the original material)
-
Zero-day bug exploited by
attackers via macro-less
Office documents
(CVE-2022-30190). (to
the original material)
-
Zero-trust-washing: Why zero
trust architecture is the
framework to follow. (to
the original material)
-
57% of all digital crimes in
2021 were scams. (to
the original material)
-
How effective are
public-private partnerships? (to
the original material)
-
There is no good digital
transformation without
cybersecurity. (to
the original material)
-
HP Wolf Security: A new breed
of endpoint protection. (to
the original material)
-
Hackers steal WhatsApp
accounts using call forwarding
trick. (to
the original material)
-
Windows MSDT zero-day now
exploited by Chinese APT
hackers. (to
the original material)
-
Over 3.6 million MySQL servers
found exposed on the Internet.
(to
the original material)
-
FBI warns of Ukrainian
charities impersonated to
steal donations. (to
the original material)
-
Costa Rica’s public health
agency hit by Hive ransomware.
(to
the original material)
-
New XLoader botnet uses
probability theory to hide its
servers. (to
the original material)
-
Aligning your password policy
enforcement with NIST
Guidelines. (to
the original material)
-
Microsoft shares mitigation
for Office zero-day exploited
in attacks. (to
the original material)
-
Albanese elevates cyber
security with new standalone
minister. (to
the original material)
-
NDIS case management system
provider breached. (to
the original material)
-
VMware, F5, Log4j added to
EnemyBot attack targets. (to
the original material)
30.05.2022
- News
from cyber security.
25.05.2022 - News from cyber security.
21.05.2022 - News from cyber security.
- A new
zero-day vulnerability in Microsoft Word. (to
the original material)
-
Vulnerability summary for the week of May
30, 2022. (to
the original material)
- $39.5
billion lost to phone scams in last year. (to
the original material)
-
Ransomware attacks still the #1 threat to
businesses and organizations. (to
the original material)
- Moving
toward a more adaptable and tech-driven
compliance function. (to
the original material)
- Open
Automation Software plugs holes in
industrial platform. (to
the original material)
-
Mastercard hit with ACCC lawsuit over
payment routing. (to
the original material)
- New MS
Office zero day evades Defender. (to
the original material)
- 50k
customers caught up in Spirit Super phishing
attack. (to
the original material)
-
Researchers identify FIDO2 protocol
vulnerabilities. (to
the original material)
- India
withdraws warning on national biometric ID
after online panic. (to
the original material)
- EnemyBot
malware adds new exploits to target CMS
servers and Android devices. (to
the original material)
- Vodafone
plans carrier-level user tracking for
targeted ads. (to
the original material)
- Italy
warns organizations to brace for incoming
DDoS attacks. (to
the original material)
- Three
Nigerians arrested for malware-assisted
financial crimes. (to
the original material)
- New
Microsoft Office zero-day used in attacks to
execute PowerShell. (to
the original material)
29.05.2022
- News
from cyber security.
- Week in
review: Account pre-hijacking, Sigstore,
ransomware still winning. (to
the original material)
-
EnemyBot malware adds exploits for
critical VMware, F5 BIG-IP flaws. (to
the original material)
- Mobile
trojan detections rise as malware
distribution level declines. (to
the original material)
- New
Yorker imprisoned for role in carding
group behind $568M damages. (to
the original material)
-
Pro-Russian hacker group KillNet plans to
attack Italy on May 30. (to
the original material)
-
Security Affairs newsletter Round 367 by
Pierluigi Paganini. (to
the original material)
- US man
sentenced to 4 years in prison for his
role in Infraud scheme. (to
the original material)
28.05.2022
- News
from cyber security.
- Clop
ransomware gang is back, hits 21 victims
in a single month. (to
the original material)
- New
Windows Subsystem for Linux malware steals
browser auth cookies. (to
the original material)
- Experts
believe that Russian Gamaredon APT could
fuel a new round of DDoS attacks. (to
the original material)
- The
strange link between Industrial Spy and
the Cuba ransomware operation. (to
the original material)
-
Reuters: Russia-linked APT behind Brexit
leak website. (to
the original material)
- GitHub:
Nearly 100,000 NPM Users’ credentials
stolen in the April OAuth token attack. (to
the original material)
-
Potential privacy breach after documents
stolen from abandoned Auckland police
station. (to
the original material)
- Calgary
charity hit by data breach says it
responded appropriately despite client
concerns. (to
the original material)
-
lluminate Education breach included Los
Angeles Unified & Riverside County
Districts, pushing total impacted to over
3M. (to
the original material)
- Martin
University discloses ransomware incident.
(to
the original material)
- North
Orange County Community College District
was hit by ransomware in January. (to
the original material)
-
Compromised US Academic credentials
identified across various public and dark
web forums. (to
the original material)
- Jailed
Israeli private detective hired Indian
hackers in job for Russian oligarchs:
Court filing. (to
the original material)
-
Cyberattack against Regina Public Schools
likely ransomware. (to
the original material)
-
Critical OAS bugs open industrial systems
to takeover. (to
the original material)
27.05.2022
- News
from cyber security.
- Microsoft finds severe bugs in Android apps from large mobile providers. (to the original material)
- New
infosec products of the week: May 27,
2022. (to
the original material)
- What is
keeping automotive software developers up
at night? (to
the original material)
- How to
eliminate the weak link in public
cloud-based multi-party computation. (to
the original material)
- 80% of
consumers prefer ID verification when
selecting online brands. (to
the original material)
- FBI
warns of hackers selling credentials for
U.S. college networks. (to
the original material)
- GitHub:
Attackers stole login details of 100K npm
user accounts. (to
the original material)
- Microsoft finds severe bugs in Android apps from large mobile providers. (to the original material)
-
Microsoft to force better security
defaults for all Azure AD tenants. (to
the original material)
-
BlackCat/ALPHV ransomware asks $5
million to unlock Austrian state. (to
the original material)
-
One-year later, and the Colonial
Pipeline cyberattack continues to loom
large. (to
the original material)
-
Financial sector most likely to address
security risks for incompatible systems.
(to
the original material)
-
Microsoft to roll out security defaults
to millions more worldwide. (to
the original material)
- FBI
warns of education credentials awash on
dark web. (to
the original material)
-
Android pre-installed apps are affected
by high-severity vulnerabilities. (to
the original material)
-
GhostTouch: How to remotely control
touchscreens with EMI. (to
the original material)
- FBI:
Compromised US academic credentials
available on various cybercrime forums.
(to
the original material)
- ERMAC
2.0 Android Banking Trojan targets over
400 apps. (to
the original material)
-
Experts released PoC exploit code for
critical VMware CVE-2022-22972 flaw. (to
the original material)
- CISA
publishes 5G Security Evaluation Process
Plan. (to
the original material)
-
Twitter to pay $150m fine to resolve
data privacy violations. (to
the original material)
-
Russian hackers believed to be behind
leak of Hard Brexit Plans. (to
the original material)
- UK
Government seeks views to bolster the
Nation's Data Security. (to
the original material)
-
Survey evidences leaders lack confidence
in cyber-risk management. (to
the original material)
- NCSC
report reveals phishing lures
increasingly disguised as vaccine
appointments. (to
the original material)
-
Digital Security by Design: A Government
strategy that can’t afford to fail. (to
the original material)
- Space
Force expands cyber defense operations.
(to
the original material)
-
Scammer behind $568M international
cybercrime syndicate gets 4 years. (to
the original material)
- New
Chaos malware variant ditches wiper for
encryption. (to
the original material)
-
ChromeLoader malware hijacks browsers
with ISO files. (to
the original material)
-
Massachusetts' Highest Court upholds
cell tower dump warrant. (to
the original material)
26.05.2022
- News
from cyber security.
-
Cybersecurity News of the Week
(26.05.2022). (to
the original material)
- Press
release: Public-private digital education
campaign "STOP MALWARE - Your online
safety depends on you". (to
the original material)
- Drupal
releases security updates. (to
the original material)
- Citrix
releases security updates for ADC and
Gateway. (to
the original material)
- CISA
and DoD release 5G security evaluation
process investigation study. (to
the original material)
-
Sigstore: Signature verification for
protection against supply chain attacks. (to
the original material)
- GM,
Zola customer accounts compromised through
credential stuffing. (to
the original material)
-
Hijacking of popular ctx and phpass
packages reveals open source security
gaps. (to
the original material)
- Why are
current cybersecurity incident response
efforts failing? (to
the original material)
- Most
organizations do not follow data backup
best practices. (to
the original material)
- How
confident are companies in managing their
current threat exposure? (to
the original material)
- Intuit
warns of QuickBooks phishing threatening
to suspend accounts. (to
the original material)
- Windows
11 KB5014019 breaks Trend Micro ransomware
protection. (to
the original material)
- OAS
platform vulnerable to critical RCE and
API access flaws. (to
the original material)
- Exploit
released for critical VMware auth bypass
bug, patch now. (to
the original material)
-
Microsoft shares mitigation for Windows
KrbRelayUp LPE attacks. (to
the original material)
- Zyxel
warns of flaws impacting firewalls, APs,
and controllers. (to
the original material)
-
Industrial Spy data extortion market gets
into the ransomware game. (to
the original material)
- New
ERMAC 2.0 Android malware steals accounts,
wallets from 467 apps. (to
the original material)
- Student
hacker behind ctx and phpass repo-jacking
steps forward. (to
the original material)
- Limited
reporting hinders government’s ability to
fight ransomware. (to
the original material)
- Nearly
three-quarters of business email
compromises are language-based attacks. (to
the original material)
-
Managing security for hybrid- and
multi-cloud operations a top concern, IT
leaders say. (to
the original material)
- Welcome
to the Digital Cold War. (to
the original material)
- Latest
credential-stuffing breaches underscore
ongoing payments pain. (to
the original material)
- ‘One of
the key issues is a lack of experience’:
Security teams struggle amid shift to
cloud. (to
the original material)
- Three
years after ‘pantsdown’ baseboard
vulnerability, pants are still down. (to
the original material)
-
Exposed: The threat actors who are
poisoning Facebook. (to
the original material)
- Zyxel
addresses four flaws affecting APs, AP
controllers, and firewalls. (to
the original material)
- Experts
warn of a new malvertising campaign
spreading the ChromeLoader. (to
the original material)
- Do not
use Tails OS until a flaw in the bundled
Tor Browser will be fixed. (to
the original material)
- Italy
announced its National Cybersecurity
Strategy 2022/26. (to
the original material)
- Report
explores child’s data safety legislation
across 50 countries. (to
the original material)
- India's
SpiceJet strands planes after being hit by
ransomware attack. (to
the original material)
- 18 Oil
and Gas companies take cyber resilience
pledge. (to
the original material)
-
Editorial: A long and sad goodbye (Q2 2022
Issue). (to
the original material)
-
Multi-Continental operation leads to
arrest of cybercrime gang leader. (to
the original material)
-
Three-quarters of security pros believe
current cybersecurity strategies will
shortly be obsolete. (to
the original material)
- State
of cybersecurity report 2022 names
ransomware and nation-state attacks as
biggest threats. (to
the original material)
- Remote
bricking of Ukrainian tractors raises
agriculture security concerns. (to
the original material)
25.05.2022 - News from cyber security.
- Google
releases security updates for Chrome. (to
the original material)
- CISA
adds 34 known exploited vulnerabilities to
Catalog. (to
the original material)
- Popular
Python and PHP software repo-jacked. (to
the original material)
- Ca:
Data breach at Toronto health network
possibly exposed patient information, OHIP
numbers. (to
the original material)
- Iran
nuclear files Mossad seized in 2018
included stolen IAEA records – WSJ. (to
the original material)
- MO:
Washington University School of Medicine
notifying patients and research
participants of data security incident. (to
the original material)
- I.T.
Specialist charged in cyber intrusion of
suburban Chicago Health Care Company. (to
the original material)
- Ng:
Robbers attack NPC office, steal birth
certificates. (to
the original material)
- Hackers
know where you’ve been driving: General
Motors discloses data breach. (to
the original material)
- UK: Two
more nails in the coffin for opportunistic
data breach claims. (to
the original material)
- Brexit
leak site linked to Russian hackers. (to
the original material)
- CLOP
ransomware activity spiked in April. (to
the original material)
- DDoS
extortion attack flagged as possible REvil
resurgence. (to
the original material)
-
'There's No Ceiling': Ransomware's
alarming growth signals a new era, Verizon
DBIR finds. (to
the original material)
-
Microsoft Elevation-of-Privilege
vulnerabilities spiked again in 2021. (to
the original material)
- New
attack shows weaponized PDF files remain a
threat. (to
the original material)
- New
Mend service auto-detects and fixes code,
app security issues. (to
the original material)
-
Platform liability trends around the
globe: Taxonomy and tools of intermediary
liability. (to
the original material)
-
WhiteSource, renamed Mend, takes on
remediating code issues. (to
the original material)
-
Developing medical device cybersecurity
maturity benchmarks. (to
the original material)
-
Vulnerability Spotlight: Vulnerabilities
in Open Automation Software Platform could
lead to information disclosure, denial of
service. (to
the original material)
-
Business-critical systems going unsecured
and unmonitored. (to
the original material)
-
Identity-based attacks are top threat to
businesses. (to
the original material)
- Website
shadow code represents major risk for
enterprises. (to
the original material)
-
Elevation of Privilege is the #1 Microsoft
vulnerability category. (to
the original material)
- Verizon
2022 DBIR: External attacks and ransomware
reign. (to
the original material)
- How to
navigate GDPR complexity. (to
the original material)
- Can we
trust the cybersecurity of the energy
sector? (to
the original material)
- Keeping
pace with emerging threats: The roundup. (to
the original material)
- New
‘Cheers’ Linux ransomware targets VMware
ESXi servers. (to
the original material)
- New
ChromeLoader malware surge threatens
browsers worldwide. (to
the original material)
- Tails
5.0 Linux users warned against using it
"for sensitive information". (to
the original material)
- Darknet
market Versus shuts down after hacker
leaks security flaw. (to
the original material)
- Is 100%
cybersecurity readiness possible? Medical
device pros weigh in. (to
the original material)
- Hacker
says hijacking libraries, stealing AWS
keys was ethical research. (to
the original material)
-
Interpol arrests alleged leader of the
SilverTerrier BEC gang. (to
the original material)
-
SpiceJet airline passengers stranded after
ransomware attack. (to
the original material)
- BPFDoor
malware uses Solaris vulnerability to get
root privileges. (to
the original material)
- ‘Rhymes
with PolarShins:’ Breach investigations
linked to partners surged last year,
thanks to one event. (to
the original material)
-
Possible Roe v. Wade repeal raises privacy
red flags, and big ask of Google. (to
the original material)
- Remote
work complicates insider-threat challenge,
says ex-Bank of America CIO. (to
the original material)
- As
Ukraine conflict continues, US banks still
face threats from Russian cyberattacks. (to
the original material)
-
Organizations urged to fix 41
vulnerabilities added to CISA’s Catalog of
exploited flaws. (to
the original material)
-
Messages sent through Zoom can expose
people to cyber-attack. (to
the original material)
- UK
Government cybersecurity advisory board
applications now open. (to
the original material)
-
GoodWill ransomware demands people help
the most vulnerable. (to
the original material)
24.05.2022
- News
from cyber security.
-
Vulnerability Summary for the Week of May
16, 2022. (to
the original material)
- The UK
is considering the legality of defensive
cyber attacks. (to
the original material)
- CISA
adds 20 known exploited vulnerabilities to
Catalog. (to
the original material)
- What
does prioritizing cybersecurity at the
leadership level entail? (to
the original material)
- Vishing
cases reach all time high. (to
the original material)
- Taking
the right approach to data extortion. (to
the original material)
- Account
pre-hijacking attacks possible on many
online services. (to
the original material)
-
RansomHouse: Bug bounty hunters gone
rogue? (to
the original material)
- Paying
the ransom is not a good recovery
strategy. (to
the original material)
- How
confident are CISOs about their security
posture? (to
the original material)
- Quad
countries to boost CERT cooperation. (to
the original material)
-
Clearview AI fined £7.5 million by UK
privacy watchdog. (to
the original material)
-
Multiple governments buying android
zero-days for spying: Google. (to
the original material)
-
Malicious Python Repository Package drops
Cobalt Strike on Windows, macOS &
Linux Systems. (to
the original material)
- Podcast
Episode: Securing the Vote. (to
the original material)
- Credit
card stealer targets PsiGate Payment
Gateway Software. (to
the original material)
-
Two-thirds of data breaches at UK legal
firms caused by insiders. (to
the original material)
- Zola
Wedding App ‘Hacked’ - Victims lose BIG
money. (to
the original material)
-
Next-Generation authorization for advanced
access controls. (to
the original material)
- Windows
11 KB5014019 update fixes app crashes,
slow copying. (to
the original material)
-
DuckDuckGo browser allows Microsoft
trackers due to search agreement. (to
the original material)
- Mozilla
fixes Firefox, Thunderbird zero-days
exploited at Pwn2Own. (to
the original material)
- Hackers
target Russian govt with fake Windows
updates pushing RATs. (to
the original material)
-
Microsoft: Credit card stealers are
getting much stealthier. (to
the original material)
- CISA
adds 41 vulnerabilities to list of bugs
used in cyberattacks. (to
the original material)
- US
Senate: Govt’s ransomware fight hindered
by limited reporting. (to
the original material)
-
Screencastify Chrome extension flaws allow
webcam hijacks. (to
the original material)
- Trend
Micro fixes bug Chinese hackers exploited
for espionage. (to
the original material)
-
Researchers to release exploit for new
VMware auth bypass, patch now. (to
the original material)
- Popular
Python and PHP libraries hijacked to steal
AWS keys. (to
the original material)
- Chaos
ransomware builder linked to Onyx and
Yashma variants. (to
the original material)
- How
security leaders can influence without
authority. (to
the original material)
- Why
security teams need to automate DevSecOps
for SAP. (to
the original material)
- Web app
attacks on the rise in healthcare as
insider challenges remain. (to
the original material)
- IBM
expands free cybersecurity expert service
for schools. (to
the original material)
- Trend
Micro addressed a flaw exploited by
China-linked Moshen Dragon APT. (to
the original material)
-
Microsoft warns of new highly evasive web
skimming campaigns. (to
the original material)
-
Nation-state malware could become a
commodity on dark web soon, Interpol
warns. (to
the original material)
- Senate
Report: US Government lacks comprehensive
data on ransomware. (to
the original material)
-
Ransomware attacks increasing at
"Alarming" rate. (to
the original material)
- What
does Zero Trust mean for MSPs (Managed
Service Providers)?
(to
the original material)
- Cabinet
Office reports 800 missing electronic
devices in three years. (to
the original material)
- US car
giant General Motors hit by cyber-attack
exposing car Owners' personal info. (to
the original material)
- ICO
fines Clearview AI £7.5m for collecting UK
citizens’ data. (to
the original material)
- Israeli
Ministry illegally shared biometric images
of millions with unknown agency. (to
the original material)
- Bayonne
Police Sergeant charged with unauthorized
use of law enforcement database. (to
the original material)
- Fake
Windows exploits target infosec community
with Cobalt Strike. (to
the original material)
- Open
source packages with millions of installs
hacked to harvest AWS credentials. (to
the original material)
- FTC
Blog: “The FTC Act creates a de facto
breach disclosure requirement”. (to
the original material)
- K-12
school districts in New Mexico, Ohio
crippled by cyberattacks. (to
the original material)
- The
truth about China’s Uyghur camps Beijing
is trying to hide: Hacked data reveals
thousands of prisoners forced to undergo
‘re-education’… with a shoot-to-kill
policy for anyone who tries to flee. (to
the original material)
- 3
Health data hacks affect 1.4 million
individuals. (to
the original material)
23.05.2022
- News
from cyber security.
- Mozilla
releases security products for multiple
Firefox products. (to
the original material)
- CISA
adds 21 known exploited vulnerabilities to
Catalog. (to
the original material)
-
Ransomware still winning: Average ransom
demand jumped by 45%. (to
the original material)
- 3 key
elements to protect a Kubernetes cluster.
(to
the original material)
- You
should be able to trust organizations that
handle your personal data. (to
the original material)
- By
streamlining compliance, companies can
focus more on security. (to
the original material)
-
Security has become more difficult, IT
leaders say. (to
the original material)
- GM
credential stuffing attack exposed car
owners' personal info. (to
the original material)
- Fake
Windows exploits target infosec community
with Cobalt Strike. (to
the original material)
- Photos
of abused victims used in new ID
verification scam. (to
the original material)
- Hackers
can hack your online accounts before you
even register them. (to
the original material)
- New
RansomHouse group sets up extortion
market, adds first victims. (to
the original material)
- Russian
hackers perform reconnaissance against
Austria, Estonia. (to
the original material)
-
Broadcom’s play to acquire VMware could
strengthen its enterprise focus. (to
the original material)
- A whole
new alert fatigue plagues the infosec
community. (to
the original material)
- Ridding
Twitter of spam bots won’t be as easy as
Musk thinks. (to
the original material)
-
Employees’ email still drives most of the
data loss at organizations. (to
the original material)
- Cyber
feud between Anonymous and Killnet groups
unlikely to affect others. (to
the original material)
- Over
194K patients added to ongoing Eye Care
Leaders breach tally. (to
the original material)
- A
‘whale’ of a threat evolves in the
financial industry to steal sensitive
data. (to
the original material)
-
Russia-linked Turla APT targets Austria,
Estonia, and NATO platform. (to
the original material)
-
Russia-linked Fronton botnet could run
disinformation campaigns. (to
the original material)
- A flaw
in PayPal can allow attackers to steal
money from users’ account. (to
the original material)
-
Cytrox’s Predator spyware used zero-day
exploits in 3 campaigns. (to
the original material)
- Threat
actors target the InfoSec community with
fake PoC exploits. (to
the original material)
- Mark
Zuckerberg sued over Cambridge Analytica
data breach. (to
the original material)
- UK’s
most innovative Cyber SME 2022 finalists
announced. (to
the original material)
-
Interview: Mitigating cyber-threats in the
maritime industry. (to
the original material)
- #HowTo:
Protect your organization from the
increasing threat of ransomware. (to
the original material)
-
Ransomware hackers steal personal data of
500,000 students and staff in Chicago. (to
the original material)
-
Anonymous declares cyber-war on
pro-Russian hacker gang Killnet. (to
the original material)
-
Malaysia: Govt must be transparent,
outcome of alleged data breach probe must
be made public. (to
the original material)
- Another
Texas state agency data breach - this
time, it’s the Department of
Transportation. (to
the original material)
- Linux
trojan XorDdos attacks surge, targeting
Cloud, IoT. (to
the original material)
- Data
protection concerns spike as states get
ready to outlaw abortion. (to
the original material)
- Data
Brokers and true the vote are the real
villains of "2000 Mules" movie. (to
the original material)
- EFF to
Court: California law does not bar content
moderation on social media. (to
the original material)
- EFF
opposes Anti-Fiber, Anti-Affordability
Legislation in California that will raise
prices on middle income users. (to
the original material)
- Escape
from Zoom: EFF's 6th annual tech trivia
night returns to Meatspace! (to
the original material)
- How to
password protect ZIP files (Fast &
Safe). (to
the original material)
- US sets
up multiagency initiatives to curb
ransomware. (to
the original material)
- Proof
of Concept: How can we improve industry
collaboration? (to
the original material)
-
Cyberattack affects Greenland's healthcare
services. (to
the original material)
- Common
NFT scams and how to avoid them. (to
the original material)
- How
secure is your supply chain? (to
the original material)
- Why the
voice network is a blind spot for security
professionals [Q&A]. (to
the original material)
- Don’t
let your business be held for
ransom(ware). (to
the original material)
- Cars in
the Crosshairs: Automakers, Regulators
take on cybersecurity. (to
the original material)
- Flawed
MFA opens doors to ransomware. (to
the original material)
- General
Motors credential stuffing attack exposes
car owners info. (to
the original material)
22.05.2022
- News
from cyber security.
- Week in
review: VMware critical fixes, Bluetooth
LE flaw unlocks cars, Kali Linux 2022.2. (to
the original material)
- Elon
Musk deep fakes promote new BitVex
cryptocurrency scam. (to
the original material)
- PDF
smuggles Microsoft Word doc to drop Snake
Keylogger malware. (to
the original material)
- Google:
Predator spyware infected Android devices
using zero-days. (to
the original material)
-
Security Affairs newsletter Round 366 by
Pierluigi Paganini. (to
the original material)
- North
Korea-linked Lazarus APT uses Log4J to
target VMware servers. (to
the original material)
- The
Pwn2Own Vancouver 2022: Trend Micro and
ZDI awarded $1,155,000. (to
the original material)
-
Deepfake attacks can easily trick live
facial recognition systems online. (to
the original material)
- The
current state of intelligent automation
adoption in cybersecurity. (to
the original material)
21.05.2022 - News from cyber security.
-
Ransomware attack exposes data of 500,000
Chicago students. (to
the original material)
-
Malicious PyPI package opens backdoors on
Windows, Linux, and Macs. (to
the original material)
- Windows
11 hacked three more times on last day of
Pwn2Own contest. (to
the original material)
- Asian
media company Nikkei suffered a ransomware
attack. (to
the original material)
-
Russia-linked Sandworm continues to
conduct attacks against Ukraine. (to
the original material)
- Cisco
fixes an IOS XR flaw actively exploited in
the wild. (to
the original material)
- QNAP
warns of a new wave of DeadBolt ransomware
attacks against its NAS devices. (to
the original material)
- Massive
surge in use of Linux XorDDos malware
reported. (to
the original material)
- New
details about Wizard Spider emerge. (to
the original material)
- India
to press ahead with strict cybersecurity
rules despite industry concerns. (to
the original material)
- A year
after report, task force urges U.S. to
keep ransomware on front burner. (to
the original material)
- Conti:
Russian-backed rulers of Costa Rican
hacktocracy? (to
the original material)
-
China-linked Twisted Panda caught spying
on Russian defense R&D. (to
the original material)
- Major
cyber organizations of the Russian
intelligence services. (to
the original material)
-
DisCONTInued: The end of Conti’s brand
marks new chapter for cybercrime
landscape. (to
the original material)
- DOJ’s
new CFAA policy is a good start but does
not go far enough to protect security
researchers. (to
the original material)
-
Decisions by the Personal Data Protection
Commissioner of Singapore. (to
the original material)
-
Phishing attacks for initial access surged
54% in Q1. (to
the original material)
-
Greenland hit by cyber attack, finds its
health service crippled. (to
the original material)
20.05.2022
- News
from cyber security.
- China
spied on Russian defence research
institutes. (to
the original material)
- 'White
hat' hackers no longer risk prosecution by
the US. (to
the original material)
-
Pro-Russian hackers hit critical government
websites in Italy. (to
the original material)
- DoJ:
White Hat hackers will no longer face
prosecution. (to
the original material)
- Modern
"Smart" farm machinery vulnerable to
cyber-attackers. (to
the original material)
- UK
sextortion cases doubled in 2021. (to
the original material)
-
"Alarming" surge in Conti group activity
this year. (to
the original material)
- Chatbot
army deployed in latest DHL shipping phish.
(to
the original material)
- Partial
patching still provides strong protection
against APTs. (to
the original material)
- Microsoft
rushes a fix after May Patch Tuesday breaks
authentication. (to
the original material)
- Deadbolt
ransomware targeting QNAP NAS devices. (to
the original material)
-
Pathlock-Appsian deal combines app
governance, ERP security. (to
the original material)
- What is
behind the increase in crypto fraud? (to
the original material)
- ISMG
Editors: The Case of the 'Dr. Evil' of
ransomware. (to
the original material)
- Feds warn
health sector of top Russia-backed APT
groups. (to
the original material)
- DOJ
revises policy for good-faith security
researchers. (to
the original material)
- Canada
bans Huawei, ZTE to secure telecom systems.
(to
the original material)
- 2 Health
plans report major breaches following
attacks. (to
the original material)
- Threat
Roundup for May 13 to May 20. (to
the original material)
-
Cryptocurrency: secure or not? – Week in
security with Tony Anscombe. (to
the original material)
-
Sandworm uses a new version of
ArguePatch to attack targets in Ukraine.
(to
the original material)
- New
infosec products of the week: May 20,
2022. (to
the original material)
-
Record level of bad bot traffic
contributing to rise of online fraud. (to
the original material)
- Two
business-grade Netgear VPN routers have
security vulnerabilities that can’t be
fixed. (to
the original material)
-
Email is the riskiest channel for data
security. (to
the original material)
- How
to ensure that the smart home doesn’t
jeopardize data privacy? (to
the original material)
- The
Week in Ransomware - May 20th 2022 -
Another one bites the dust. (to
the original material)
-
Cisco urges admins to patch IOS XR
zero-day exploited in attacks. (to
the original material)
-
Backdoor baked into premium school
management plugin for WordPress. (to
the original material)
-
Windows 11 hacked again at Pwn2Own,
Telsa Model 3 also falls. (to
the original material)
-
Russian Sberbank says it’s facing
massive waves of DDoS attacks. (to
the original material)
-
Canada bans Huawei and ZTE from 5G
networks over security concerns. (to
the original material)
-
Canada to ban Huawei and ZTE 5G
equipment, joining Five Eyes allies. (to
the original material)
- IBM
focuses on shortage of AI talent in IT
and security. (to
the original material)
- Few
IT pros say they have ‘mastered’
security in cloud-native environments. (to
the original material)
-
Five tips for proactive Active Directory
disaster recovery. (to
the original material)
-
Security should be funded in contracts
with vendors to bolster medical device
security. (to
the original material)
- The
known unknown: Meager data on ransomware
continues to stifle urgency, progress. (to
the original material)
-
Pwn2Own Vancouver 2022 D2. (to
the original material)
- The
activity of the Linux XorDdos bot
increased by 254% over the last six
months. (to
the original material)
-
Conti ransomware is shutting down
operations, what will happen now? (to
the original material)
- US
Lawmakers seek uniform policy on
nation-state cyberattacks. (to
the original material)
- The
True danger for organizations: Unpatched
vulnerabilities. (to
the original material)
-
Automating threat detection: Three case
studies. (to
the original material)
-
Weaponization of Excel Add-Ins Part 2:
Dridex Infection Chain Case Studies. (to
the original material)
- The
Art of Cyberwarfare [Review]. (to
the original material)
- UK
police force becomes first to deploy new
digital forensics solution. (to
the original material)
19.05.2022
- News
from cyber security.
-
Cybersecurity News of the Week
(19.05.2022). (to
the original material)
- ISC
releases security advisory for BIND. (to
the original material)
- CISA
releases analysis of FY21 risk and
vulnerability assessments. (to
the original material)
- U.S.
DOJ will no longer prosecute good-faith
security researchers under CFAA (Computer
Frauds ans Abuse Act). (to
the original material)
- VMware
issues critical fixes, CISA orders federal
agencies to act immediately
(CVE-2022-22972). (to
the original material)
- Many
security engineers are already one foot
out the door. Why? (to
the original material)
-
Prioritize patching vulnerabilities
associated with ransomware. (to
the original material)
- 46% of
organizations still store passwords in
shared documents. (to
the original material)
- How do
DevSecOps professionals feel about
security becoming an around the clock job?
(to
the original material)
- Conti
ransomware shuts down operation, rebrands
into smaller units. (to
the original material)
- Media
giant Nikkei’s Asian unit hit by
ransomware attack. (to
the original material)
-
Microsoft detects massive surge in Linux
XorDDoS malware activity. (to
the original material)
- U.S.
DOJ will no longer prosecute ethical
hackers under CFAA (Computer Frauds ans
Abuse Act). (to
the original material)
- Lazarus
hackers target VMware servers with
Log4Shell exploits. (to
the original material)
-
Phishing websites now use chatbots to
steal your credentials. (to
the original material)
-
Microsoft Teams, Windows 11 hacked on
first day of Pwn2Own. (to
the original material)
- QNAP
alerts NAS customers of new DeadBolt
ransomware attacks. (to
the original material)
-
Ransomware gangs rely more on weaponizing
vulnerabilities. (to
the original material)
- Careful
you don't unwittingly hire North Korean IT
freelancers. (to
the original material)
-
Australia's ID systems 'deficient', unfit
for online: review. (to
the original material)
- US
orders federal agencies to update or
remove some VMware products. (to
the original material)
- Log4j
heightens security, resources divide
between healthcare and other sectors. (to
the original material)
- DoJ
won’t prosecute ‘good faith’ security
researchers. (to
the original material)
- Strapi
exposed data, password reset to CMS users
lacking proper privilege. (to
the original material)
-
Deadbolt ransomware group targeting QNAP
network storage devices. (to
the original material)
- NIST’s
Cybersecurity Framework has become the
common language for international
cybersecurity. (to
the original material)
- Google
OAuth client library flaw allowed to
deploy of malicious payloads. (to
the original material)
- Pwn2Own
Vancouver 2022 D1: MS Teams exploits
received $450,000. (to
the original material)
-
China-linked Space Pirates APT targets the
Russian aerospace industry. (to
the original material)
- CISA
orders federal agencies to fix VMware
CVE-2022-22972 and CVE-2022-22973 flaws. (to
the original material)
- CISA
issues emergency directive for VMware
vulnerabilities. (to
the original material)
- Actions
Stations, Someone? There aren't enough
specialists to man security tools. (to
the original material)
-
Microsoft President: Cyber space has
become the new domain of warfare. (to
the original material)
- Bad
bots swarm the internet in record numbers
in 2021. (to
the original material)
- Half of
IT leaders store passwords in shared docs.
(to
the original material)
- Ransom
demands surge 45% in 2021. (to
the original material)
-
Pharmacy giant hit by data breach
affecting 3.6 million customers. (to
the original material)
-
Pro-Russian information operations
escalate in Ukraine war. (to
the original material)
- DoJ
won't charge 'Good Faith' security
researchers. (to
the original material)
-
Majority of Kubernetes API servers exposed
to the public internet. (to
the original material)
-
Phishing attacks for initial access surged
54% in Q1. (to
the original material)
- MITRE
creates framework for supply chain
security. (to
the original material)
- Two
account compromise flaws fixed in Strapi
headless CMS. (to
the original material)
-
QuSecure launches end-to-end post-quantum
cybersecurity solution. (to
the original material)
-
WannaCry 5 years on: Still a top threat. (to
the original material)
- DOJ’s
New CFAA Policy is a good start but does
not go far enough to protect security
researchers. (to
the original material)
- Two of
Peru's Top ISPs improve transparency
practices, while two competitors lag
behind, new Hiperderecho's report shows. (to
the original material)
-
Platform liability trends around the
globe: From safe harbors to increased
responsibility. (to
the original material)
-
Ransomware attack vectors: RDP and
phishing still dominate. (to
the original material)
- CISA
advises Federal Agencies to patch VMware
flaws. (to
the original material)
-
Ransomware Ecosystem: Big changes since
Colonial Pipeline. (to
the original material)
- Threat
Source newsletter (May 19, 2022) - Why I'm
missing the days of iPods and LimeWire. (to
the original material)
- The
flip side of the coin: Why crypto is
catnip for criminals. (to
the original material)
-
‘Incompetent’ Tesla lets hackers steal
cars — via Bluetooth. (to
the original material)
- Surge
in malware downloads driven by SEO-based
techniques. (to
the original material)
- Conti
ransomware gang threatens Costa Rica’s
government. (to
the original material)
- Want a
well-paid a career? Have you considered
cybercrime? (to
the original material)
- New
solution aims to address quantum security
threats. (to
the original material)
- DDoS
attacks fell last year but remain above
pre-pandemic levels. (to
the original material)
18.05.2022
- News
from cyber security.
- CISA
issues emergency directive and releases
advisory related to VMware
vulnerabilities. (to
the original material)
-
Threat Actors Exploiting F5 BIG IP
CVE-2022-1388. (to
the original material)
- U.S.
warns of North Korean hackers posing as
IT freelancers. (to
the original material)
- Fix
your IT weak spots to guarantee
compliance. (to
the original material)
- 5
critical questions to test your
ransomware preparedness. (to
the original material)
-
Popularity of online payment goes
hand-in-hand with fraud. (to
the original material)
-
Easily migrate to the cloud with CIS
Hardened Images. (to
the original material)
- 65%
of IT help desk teams report
unsustainable levels of stress. (to
the original material)
- CISA
shares guidance to block ongoing F5
BIG-IP attacks. (to
the original material)
- Fake
crypto sites lure wannabe thieves by
spamming login credentials. (to
the original material)
-
Microsoft warns of brute-force attacks
targeting MSSQL servers. (to
the original material)
-
Researchers find APT campaigns share
known vulnerabilities. (to
the original material)
- BLE
‘relay attack’ bad news for Tesla,
digital locks. (to
the original material)
-
Venezuelan doctor charged with selling
ransomware used by Iranian group. (to
the original material)
- Why
ransomware groups are more businesslike
and dangerous than some believe. (to
the original material)
-
Spanish police dismantle phishing gang
that emptied bank accounts. (to
the original material)
-
National bank hit by ransomware trolls
hackers with dick pics. (to
the original material)
- US
recovers $15 million from global Kovter
ad fraud operation. (to
the original material)
- DHS
orders federal agencies to patch VMware
bugs within 5 days. (to
the original material)
-
Chinese ‘Space Pirates’ are hacking
Russian aerospace firms. (to
the original material)
-
VMware patches critical auth bypass flaw
in multiple products. (to
the original material)
- NSW
digital driver's licences 'easily
forgeable'. (to
the original material)
-
‘Voluntary practices’ in healthcare
insufficient for its dependence on
legacy tech. (to
the original material)
- CISA
calls VMWare vulnerabilities
‘unacceptable risk’ in emergency order
to feds. (to
the original material)
-
Northeast Radiology breach lawsuit
dismissed over lack of concrete harm. (to
the original material)
-
Hackers are scraping credit card data
from online checkout pages. (to
the original material)
-
Info-stealing ‘cryware’ targeting
cryptocurrency wallets. (to
the original material)
-
Hacker indicted for brokerage hacks,
fraud. (to
the original material)
- SIEMs
not detecting a huge percentage of MITRE
ATT&CK techniques. (to
the original material)
-
VMware fixed a critical auth bypass
issue in some of its products. (to
the original material)
-
Microsoft warns of attacks targeting
MSSQL servers using the tool sqlps. (to
the original material)
-
Microsoft warns of the rise of cryware
targeting hot wallets. (to
the original material)
- Conti
Ransomware gang threatens to overthrow
the government of Costa Rica. (to
the original material)
-
Experts spotted a new variant of
UpdateAgent macOS malware dropper
written in Swift. (to
the original material)
-
Personal information of nearly two
million Texans exposed. (to
the original material)
- UK
Government: Lack of skills the number
one issue in cybersecurity. (to
the original material)
-
Western allies warn of top cyber-attack
mistakes. (to
the original material)
-
Police warn of £15m courier scams. (to
the original material)
-
Critical VMware bug exploits continue,
as botnet operators jump in. (to
the original material)
-
Open-source standard aims to unify
incompatible cloud identity systems. (to
the original material)
- We
finally have a Federal Fiber Broadband
Plan. (to
the original material)
- New
surveillance transparency report
documents an urgent need for change. (to
the original material)
- How
to unblock Instagram at school. (to
the original material)
-
Victim list in EHR vendor hack grows as
new details emerge. (to
the original material)
- The
BlackByte ransomware group is striking
users all over the globe. (to
the original material)
- Fake
news - why do people believe it? (to
the original material)
-
Cybersecurity in the Boardroom: How to
report risk to leadership. (to
the original material)
-
Anomaly detection using alert groups and
Bayesian Networks. (to
the original material)
-
Botnets, Telegram helped criminals steal
$163B in COVID aid. (to
the original material)
- We're
living in a 'post-breach era' and no
company is safe. (to
the original material)
- Rise
of the bots - 42.3 percent of internet
traffic in 2021 wasn't human. (to
the original material)
-
Ransomware vulnerabilities increase as
Russia-linked activity surges. (to
the original material)
-
Enterprise SIEMs fall short on detecting
attacks. (to
the original material)
- Three
out of five organizations lose data due
to email errors. (to
the original material)
17.05.2022
- News
from cyber security.
- Apple
releases security updates for multiple
products. (to
the original material)
- Weak
security controls and practices
routinely exploited for initial access.
(to
the original material)
- BLE
(Bluetooth Low Energy) vulnerability may
be exploited to unlock cars, smart
locks, building doors, smartphones. (to
the original material)
- Kali
Linux 2022.2 released: Desktop
enhancements, tweaks for the terminal,
new tools, and more! (to
the original material)
-
Mastering microsegmentation for
enterprise applications. (to
the original material)
-
Cardiologist charged for use and sale of
ransomware. (to
the original material)
- Why
cyber security can’t just say “no“. (to
the original material)
-
Emotet is the most common malware. (to
the original material)
-
Remote work hazards: Attackers exploit
weak WiFi, endpoints, and the cloud. (to
the original material)
- Best
practices for healthcare delivery
organizations to manage supply chain
cybersecurity risks. (to
the original material)
- North
Korean devs pose as US freelancers and
aid DRPK govt hackers. (to
the original material)
-
NVIDIA fixes ten vulnerabilities in
Windows GPU display drivers. (to
the original material)
-
Microsoft Defender for Endpoint gets new
troubleshooting mode. (to
the original material)
-
Cybersecurity agencies reveal top
initial access attack vectors. (to
the original material)
-
Hackers can steal your Tesla Model 3, Y
using new Bluetooth attack. (to
the original material)
- What
is ISO 27001 and why it matters for
compliance standards. (to
the original material)
- CISA
warns admins to patch actively exploited
Spring, Zyxel bugs. (to
the original material)
-
Hackers target Tatsu WordPress plugin in
millions of attacks. (to
the original material)
- Apple
patches actively exploited macOS Big Sur
bug. (to
the original material)
-
Apple's "Find My" feature created attack
vector, researchers say. (to
the original material)
- Here
are the most commonly exploited
controls, according to 5 different
countries. (to
the original material)
- Open
Source Burnout: An opening to more
security gaps? (to
the original material)
-
Resorting to force signals the failure
of influence. (to
the original material)
- CISA
pledges half of federal agencies will
have EDR (Endpoint Detection and
Response) by end of fiscal year. (to
the original material)
- North
Koreans pose as citizens from other
countries for IT jobs at US companies. (to
the original material)
-
Venezuelan cardiologist accused of
operating and selling Thanos ransomware.
(to
the original material)
- Over
200 Apps on Play Store were distributing
Facestealer info-stealer. (to
the original material)
- CISA
adds CVE-2022-30525 flaw in Zyxel
Firewalls to its Known Exploited
Vulnerabilities Catalog. (to
the original material)
- A
custom PowerShell RAT uses to target
German users using Ukraine crisis as
bait. (to
the original material)
- Apple
fixes the sixth zero-day since the
beginning of 2022. (to
the original material)
-
Ransomware hits american healthcare
company Omnicell. (to
the original material)
- US
government warns firms to avoid hiring
North Korean IT workers. (to
the original material)
-
(ISC)2 Offers 100,000 free entry-level
certification places. (to
the original material)
- Fifth
of businesses say cyber-attack nearly
broke them. (to
the original material)
- US
and EU move closer on cyber in new trade
pact. (to
the original material)
-
Doctor accused of being prolific
ransomware developer. (to
the original material)
- FBI:
E-Tailers, beware web Injections for
scraping credit-card data, backdoors. (to
the original material)
-
Google Cloud aims to share its vetted
open source ecosystem. (to
the original material)
-
Google to launch repository service with
security-tested versions of open-source
software packages. (to
the original material)
- EFF
to Supreme Court: Put Texas social media
law back on hold. (to
the original material)
-
Podcast Episode: An AI Hammer in search
of a nail. (to
the original material)
-
Vulnerability Spotlight: Multiple memory
corruption vulnerabilities in NVIDIA GPU
driver. (to
the original material)
- It’s
time to put AI to work in security. (to
the original material)
- Red
Flags that your environment is ripe for
a ransomware attack. (to
the original material)
- IT
pros feel the pressure to maintain
organizations' security. (to
the original material)
-
Twitter Facebook LinkedIn Spy. (to
the original material)
- 26
percent still not using strong and
unique passwords for work applications.
(to
the original material)
16.05.2022
- News
from cyber security.
- CISA
adds two known exploited vulnerabilities
to Catalog. (to
the original material)
- Apache
releases security advisory for Tomcat. (to
the original material)
-
Vulnerability Summary for the Week of May
9, 2022. (to
the original material)
- EU’s
NIS 2 Directive to strengthen
cybersecurity requirements for companies.
(to
the original material)
- The
most insecure and easily hackable
passwords. (to
the original material)
-
Recovering from a cybersecurity
earthquake: The lessons organizations must
learn. (to
the original material)
- 79% of
organizations have activated a disaster
recovery response within the past 12
months. (to
the original material)
- Where
do federal agencies stand with zero trust
implementation? (to
the original material)
- EU
governments, lawmakers agree on tougher
cyber security rules for key sectors. (to
the original material)
-
Eternity Project: You can pay $260 for a
stealer and $490 for a ransomware. (to
the original material)
- May 08
– May 14 Ukraine – Russia the silent cyber
conflict. (to
the original material)
- UK sets
out nuclear cybersecurity strategy. (to
the original material)
- Over
20,000 Zyxel firewalls still exposed to
critical bug. (to
the original material)
- Ukraine
supporters in Germany targeted with
PowerShell RAT malware. (to
the original material)
- CISA
warns not to install May Windows updates
on domain controllers. (to
the original material)
- Kali
Linux 2022.2 released with 10 new tools,
WSL improvements, and more. (to
the original material)
-
Engineering firm Parker discloses data
breach after ransomware attack. (to
the original material)
- HTML
attachments remain popular among phishing
actors in 2022. (to
the original material)
-
Third-party web trackers log what you type
before submitting. (to
the original material)
- US
links Thanos and Jigsaw ransomware to
55-year-old doctor. (to
the original material)
- Apple
emergency update fixes zero-day used to
hack Macs, Watches. (to
the original material)
-
OneTrust launches Ethics and Compliance
Cloud to foster ethical work culture. (to
the original material)
- US-EU
expand access to cybersecurity tools for
small businesses. (to
the original material)
- Beware
the ‘Industrial Spy’ within. (to
the original material)
- Experts
show how to run malware on chips of a
turned-off iPhone. (to
the original material)
-
Ukrainian national sentenced to 4 years in
prison for selling access to hacked
servers. (to
the original material)
- US
manufacturing giant Parker hit by Conti
ransomware gang. (to
the original material)
-
Microsoft identifies botnet variant
targeting Windows and Linux systems. (to
the original material)
- 'The
People Hacker' Jenny Radcliffe inducted
into Infosecurity Europe's Hall of Fame. (to
the original material)
- Italian
Police foil pro-Russia attacks on
Eurovision. (to
the original material)
- Open
Source security gets $30M boost from
industry heavy hitters. (to
the original material)
-
Critical Zyxel Firewall bug under active
attack after PoC (Proof-of-Concept)
exploit debut. (to
the original material)
- US
Cyber Director: Forging a cybersecurity
social contract is not optional. (to
the original material)
- British
citizen Alaa Abd El Fattah demands an end
to mistreatment in Egyptian prison. (to
the original material)
- EFF, Al
Sur launch Guide to raise awareness about
deficiencies in cross-border surveillance
Treaty and strategies to mitigate human
rights risks. (to
the original material)
-
Ransomware: How executives should prepare
given the current threat landscape. (to
the original material)
- The
downside of ‘debugging’ ransomware. (to
the original material)
- Do you
want secure supply chains? Show me the
money. (to
the original material)
- Privacy
as enabling technology. (to
the original material)
- CISA,
Int’l cybersecurity bodies issue advisory
to MSPs. (to
the original material)
15.05.2022
- News
from cyber security.
- Week in
review: F5 BIG-IP RCE exploitation, URL
spoofing flaws in Zoom, Google Docs. (to
the original material)
- Hackers
are exploiting critical bug in Zyxel
firewalls and VPNs. (to
the original material)
- Fake
Pixelmon NFT site infects you with
password-stealing malware. (to
the original material)
-
Security Affairs newsletter Round 365 by
Pierluigi Paganini. (to
the original material)
- Ukraine
CERT-UA warns of new attacks launched by
Russia-linked Armageddon APT. (to
the original material)
-
Sysrv-K, a new variant of the Sysrv botnet
includes new exploits. (to
the original material)
14.05.2022
- News
from cyber security.
-
Microsoft fixes new PetitPotam Windows
NTLM Relay attack vector. (to
the original material)
- Angry
IT admin wipes employer’s databases, gets
7 years in prison. (to
the original material)
- Crypto
robber who lured victims via Snapchat and
stole £34,000 jailed. (to
the original material)
- Conti
ransomware gang calls for Costa Rican
citizens to revolt if government doesn’t
pay. (to
the original material)
- The
LEGION collective calls to action to
attack the final of the Eurovision song
contest. (to
the original material)
-
OpRussia update: Anonymous breached other
organizations. (to
the original material)
-
Pro-Russian hacktivists target Italy
government websites. (to
the original material)
-
#MentalHealthAwarenessWeek: Supporting
cyber workers' mental health more crucial
than ever. (to
the original material)
- How to
turn a Coke can into an eavesdropping
device. (to
the original material)
13.05.2022
- News
from cyber security.
- TEAM
EUROPE on the starting blocks for the 1st
International Cybersecurity Challenge! (to
the original material)
- CISA
temporarily removes CVE-2022-26925 from
known exploited vulnerability Catalog. (to
the original material)
-
Critical flaw in Zyxel firewalls grants
access to corporate networks
(CVE-2022-30525). (to
the original material)
- A
10-point plan to improve the security of
open source software. (to
the original material)
- New
infosec products of the week: May 13,
2022. (to
the original material)
- The
SaaS-to-SaaS supply chain is a wild, wild
mess. (to
the original material)
- Why are
DDoS attacks so easy to launch and so hard
to defend against? (to
the original material)
- Top
tech for enterprise identity governance
and security. (to
the original material)
- 63% of
cybersecurity pros say their stress levels
have risen over the past year. (to
the original material)
- Gov
pledges to mandate IoT cyber security
standards. (to
the original material)
-
Microsoft security patches breaking
authentication. (to
the original material)
- Zyxel
firewalls vulnerable to remote code
execution. (to
the original material)
- Cyber
security pros reminded of self-care
importance. (to
the original material)
- The
Week in Ransomware - May 13th 2022 - A
National Emergency. (to
the original material)
- Italian
CERT: Hacktivists hit govt sites in ‘Slow
HTTP’ DDoS attacks. (to
the original material)
-
Microsoft: Sysrv botnet targets Windows,
Linux servers with new exploits. (to
the original material)
- Fake
Binance NFT Mystery Box bots steal
victim's crypto wallets. (to
the original material)
-
SonicWall ‘strongly urges’ admins to patch
SSLVPN SMA1000 bugs. (to
the original material)
- Google
Chrome updates failing on Android devices
in Russia. (to
the original material)
- Zyxel
patches RCE vulnerability in firewalls
following report by Rapid7. (to
the original material)
- How
cloud network security differs from legacy
security in a data center. (to
the original material)
- Fed
survey identifies legacy IT replacement as
top hurdle in zero-trust quest. (to
the original material)
-
Abnormal Security’s CEO Evan Reiser on
cloud email security and the company’s
latest $210 million funding round. (to
the original material)
-
SonicWall urges customers to fix SMA 1000
vulnerabilities. (to
the original material)
- Zyxel
fixed firewall unauthenticated remote
command injection issue. (to
the original material)
-
Iran-linked COBALT MIRAGE group uses
ransomware in its operations. (to
the original material)
- EU
agrees new cybersecurity legislation for
critical services organizations. (to
the original material)
- What
the war in Ukraine means. (to
the original material)
-
#CYBERUK22: Cyber trends from the
Russia-Ukraine war. (to
the original material)
-
Government's "Whole of Society" cyber
strategy takes shape. (to
the original material)
- Open
Source Community hands White House
10-Point Security Plan. (to
the original material)
-
Ukrainian gets four years for brute
forcing thousands of credentials. (to
the original material)
- US
agrees to international electronic
cybercrime evidence swap. (to
the original material)
- CISO
shares top strategies to communicate
security's value to the biz. (to
the original material)
- 5-Year
Vulnerability Trends are both surprising
and sadly predictable. (to
the original material)
- Black
Hat Asia: Democracy's survival depends on
taming technology. (to
the original material)
- Linux,
OpenSSF Champion Plan to improve Open
Source Security. (to
the original material)
-
Log4Shell exploit threatens enterprise
data lakes, AI poisoning. (to
the original material)
-
Transforming SQL queries bypasses WAF
security. (to
the original material)
-
Geofence Warrants and Reverse Keyword
Warrants are so invasive, even big tech
wants to ban them. (to
the original material)
- Mental
health apps are not as private as you
think. (to
the original material)
- How to
spot and avoid a phishing attack – Week in
security with Tony Anscombe. (to
the original material)
12.05.2022
- News
from cyber security.
-
Cybersecurity News of the Week
(12.05.2022). (to
the original material)
-
Threathunt 2030: How to hunt down emerging
& future cyber threats. (to
the original material)
- Adobe
releases security updates for multiple
products. (to
the original material)
-
Shrinking healthcare cybersecurity gaps
between hospitals and manufacturers. (to
the original material)
- How to
avoid headaches when publishing a CVE
(Common Vulnerabilities and Exposures). (to
the original material)
- 10 best
practices to reduce the probability of a
material breach. (to
the original material)
- IBM
sprays Log4j bugs in security products. (to
the original material)
- Google
adds phishing protection to Workspace
apps. (to
the original material)
-
Government initiative promises rapid
blocking of scam sites. (to
the original material)
-
Trustpilot forced to delete millions of
fake reviews in 2021. (to
the original material)
- Quarter
of security pros say mental health has
worsened. (to
the original material)
-
Hospital labor expenses up 37% from
pre-pandemic levels in March. (to
the original material)
- Time to
upgrade your PC? These versions of Windows
10 just got their last ever security
patches. (to
the original material)
- Beware
of state actors stepping up attacks on
managed service providers: Cyber agencies.
(to
the original material)
- White
House cyber executive order still has
unfinished business. (to
the original material)
- Emotet
reemerges as top malware in circulation. (to
the original material)
- Iranian
hackers exposed in a highly targeted
espionage campaign. (to
the original material)
-
Ukrainian imprisoned for selling access to
thousands of PCs. (to
the original material)
-
Eternity malware kit offers stealer,
miner, worm, ransomware tools. (to
the original material)
- Zyxel
fixes firewall flaws that could lead to
hacked networks. (to
the original material)
-
BPFdoor: Stealthy Linux malware bypasses
firewalls for remote access. (to
the original material)
- NVIDIA
has open-sourced its Linux GPU kernel
drivers. (to
the original material)
-
Historic Hotel Stay, Complementary Emotet
Exposure included. (to
the original material)
- Four
tips for developing high-quality, secure,
mobile apps. (to
the original material)
- Coast
Guard wants to model cyber specialist
trainings after agency’s diving program. (to
the original material)
-
Alliance targets healthcare supply chain
cybersecurity risk management in new
guide. (to
the original material)
- New
Nerbian RAT spreads via malspam campaigns
using COVID-19. (to
the original material)
- Red TIM
Research (RTR) founds 2 bugs affecting F5
Traffix SDC. (to
the original material)
- Five
Eyes agencies warn of attacks on MSPs. (to
the original material)
-
Oklahoma City Indian Clinic data breach
affects 40,000 individuals. (to
the original material)
- Costa
Rica declares national emergency following
Conti cyber-attack. (to
the original material)
-
Preparation includes understanding your
battlefield. (to
the original material)
-
California Law Enforcement now needs
approval for military-grade surveillance
equipment. We'll be watching. (to
the original material)
- 10
reasons why we fall for scams. (to
the original material)
11.05.2022
- News
from cyber security.
- Google
releases security updates for Chrome. (to
the original material)
-
Microsoft releases May 2022 security
updates. (to
the original material)
- CISA
adds one known exploited vulnerability to
Catalog. (to
the original material)
- CISA
joins partners to release advisory on
protecting MSPs and their customers. (to
the original material)
-
Vulnerability summary for the Week of May
2, 2022. (to
the original material)
-
Researchers uncover URL spoofing flaws on
Zoom, Box, Google Docs. (to
the original material)
- An
offensive mindset is crucial for effective
cyber defense. (to
the original material)
-
Ransomware works fast, you need to be
faster to counter it. (to
the original material)
- Google
Drive emerges as top app for malware
downloads. (to
the original material)
- Is that
health app safe to use? A new framework
aims to provide an answer. (to
the original material)
-
Download guide: Evaluating third-party
security platforms. (to
the original material)
-
Password reuse is rampant among Fortune
1000 employees. (to
the original material)
- US
charges hacker for breaching brokerage
accounts, securities fraud. (to
the original material)
- HP
fixes bug letting attackers overwrite
firmware in over 200 models. (to
the original material)
- New
stealthy Nerbian RAT malware spotted in
ongoing attacks. (to
the original material)
- CISA
tells federal agencies to fix actively
exploited F5 BIG-IP bug. (to
the original material)
- Our
medical devices' open source problem –
What are the risks? (to
the original material)
- FBI,
CISA, and NSA warn of hackers increasingly
targeting MSPs. (to
the original material)
- Bitter
cyberspies target South Asian govts with
new malware. (to
the original material)
- New
IceApple exploit toolset deployed on
Microsoft Exchange servers. (to
the original material)
- Intel
memory firmware bug hits hundreds of
products. (to
the original material)
- Active
Directory defaults lead to no-fix PrivEsc
vulnerability. (to
the original material)
- MSPs,
customers targeted by malicious cyber
actors, intelligence alliance warns. (to
the original material)
- Novel
‘Nerbian RAT’ uses OS-agnostic Go
programming language to spread across
platforms. (to
the original material)
- Ivanti,
Lookout partner to create cloud-based
‘Everywhere Workplace’. (to
the original material)
- Why
security teams should look for SaaS
options from their 5G communications
service providers. (to
the original material)
- Nine
principles of zero-trust in hardware. (to
the original material)
-
Financial firms need new tactics to get
out of their ‘compromising’ position. (to
the original material)
- Tech
group pushes back against SEC cyber rules,
warns of reporting overload. (to
the original material)
-
Prominent IT security group recommends SEC
reconsider proposed incident reporting
rules. (to
the original material)
- Intel
announces confidential
computing-as-a-service ‘Project Amber’. (to
the original material)
- CISA
adds CVE-2022-1388 flaw in F5 BIG-IP to
its Known Exploited Vulnerabilities
Catalog. (to
the original material)
-
Microsoft Patch Tuesday updates for May
2022 fixes 3 zero-days, 1 under active
attack. (to
the original material)
- EU
condemns Russian cyber operations against
Ukraine. (to
the original material)
-
Microsoft fixed RCE flaw in a driver used
by Azure Synapse and Data Factory. (to
the original material)
- British
man charged with hacking US Bank
computers, stealing millions. (to
the original material)
- Why
relying on AI for automated detection and
response is dangerous. (to
the original material)
- Five
Eyes Nations issue new supply chain
security advisory. (to
the original material)
-
Celebrating a new era for Infosecurity
Europe and cyber house party. (to
the original material)
- NCSC's
free email security check spots domain
issues. (to
the original material)
-
Microsoft: Ransomware relies on the Gig
economy. (to
the original material)
-
Microsoft simplifies security patching
process for Exchange Server. (to
the original material)
- NSA
warns managed service providers are now
prime targets for cyberattacks. (to
the original material)
- Top 6
security threats targeting remote workers.
(to
the original material)
-
Cyber-Espionage attack drops post-exploit
malware framework on Microsoft Exchange
Servers. (to
the original material)
- Vanity
URLs could be spoofed for social
engineering attacks. (to
the original material)
- Novel
Nerbian RAT lurks behind faked COVID
safety emails. (to
the original material)
- What to
Patch Now: Actively exploited Windows
zero-day threatens domain controllers. (to
the original material)
- US
pledges to help Ukraine keep the internet
and lights on. (to
the original material)
-
Stealthy Linux implant BPFdoor compromised
organizations globally for years. (to
the original material)
- The EU
Commission’s new proposal would undermine
encryption and scan our messages. (to
the original material)
- EFF to
Court: Fair use is a right Congress cannot
cast aside. (to
the original material)
- How to
disable Ad ID tracking on iOS and Android,
and why you should do it now. (to
the original material)
- Rising
Google searches for procedures suggest
recovering demand, analysts say. (to
the original material)
- How to
delete yourself from internet search
results and hide your identity online. (to
the original material)
-
Cybersecurity has a desperate skills
crisis. Rural America could have the
answer. (to
the original material)
- US,
allies blame Russia for Viasat
cyberattack. (to
the original material)
- The
next level of surveillance: Real-Time AI
detection of emotions in video streams. (to
the original material)
10.05.2022
- News
from cyber security.
- CISA
adds one known exploited vulnerability to
Catalog. (to
the original material)
- U.S.
Government attributes cyberattacks on
SATCOM networks to Russian state-sponsored
malicious cyber actors. (to
the original material)
-
Microsoft releases security advisory for
Azure Data Factory and Azure Synapse
Pipelines. (to
the original material)
- Jocker,
other Fleeceware surges back Into Google
Play. (to
the original material)
- Costa
Rica declares state of emergency under
sustained Conti cyberattacks. (to
the original material)
- Threats
to hardware security are growing. (to
the original material)
- How to
set up a powerful insider threat program.
(to
the original material)
- Welcome
“Frappo” – Resecurity identified a new
Phishing-as-a-Service. (to
the original material)
-
Critical F5 BIG-IP vulnerability exploited
to wipe devices. (to
the original material)
- UK
cybersecurity center sent 33 million
alerts to companies. (to
the original material)
- GitHub
announces enhanced 2FA experience for npm
accounts. (to
the original material)
-
Microsoft fixes new NTLM relay zero-day in
all Windows versions. (to
the original material)
-
Microsoft May 2022 Patch Tuesday fixes 3
zero-days, 75 flaws. (to
the original material)
- FluBot
Android malware targets Finland in new SMS
campaigns. (to
the original material)
- UK govt
releases free tool to check for email
cybersecurity risks. (to
the original material)
- German
automakers targeted in year-long malware
campaign. (to
the original material)
- US, EU
blame Russia for cyberattack on satellite
modems in Ukraine. (to
the original material)
-
Microsoft fixes remote code exec bug in
Azure database connector. (to
the original material)
- Mirai,
STRRAT and Emotet see resurgence in Q1
2022. (to
the original material)
-
Microsoft patches flaw in Azure Data
Factory and Azure Synapse Pipelines. (to
the original material)
- UK, US
and EU attribute Viasat hack against
Ukraine to Russia. (to
the original material)
- Still
recovering, Oklahoma clinic confirms
ransomware attack, data breach. (to
the original material)
-
Interview with Benedict Jones – Traced. (to
the original material)
09.05.2022
- News
from cyber security.
-
Attackers are attempting to exploit
critical F5 BIG-IP RCE. (to
the original material)
- Funding
women-led cybersecurity startups: Where
are we at? (to
the original material)
- The
role of streaming machine learning in
encrypted traffic analysis. (to
the original material)
- Data
centers on steel wheels: Can we trust the
safety of the railway infrastructure? (to
the original material)
- Nvidia
penalized for 'inadequate disclosures'
about cryptomining. (to
the original material)
-
Victorians (Victoria State, Australia)
lost $31.9 million to business email
compromise (BEC) in 2021. (to
the original material)
- Lincoln
College to close after 157 years due
ransomware attack. (to
the original material)
- Hackers
display “blood is on your hands" on
Russian TV, take down RuTube. (to
the original material)
- Dell,
Apple, Netflix face lawsuits for pulling
services out of Russia. (to
the original material)
-
Microsoft releases fixes for Azure flaw
allowing RCE attacks. (to
the original material)
- Ukraine
warns of “chemical attack” phishing
pushing stealer malware. (to
the original material)
- Hackers
exploiting critical F5 BIG-IP bug, public
exploits released. (to
the original material)
- Hackers
are now hiding malware in Windows Event
Logs. (to
the original material)
- Costa
Rica declares national emergency after
Conti ransomware attacks. (to
the original material)
- US
offers reward for information on Conti
ransomware group leadership, conspirators.
(to
the original material)
- Threat
actors reportedly exploiting critical
vulnerability in F5 BIG-IP devices. (to
the original material)
-
Security suffers when we rely on jargon. (to
the original material)
- What to
do about the impending shadow supply
chain. (to
the original material)
-
Business email compromise (BEC) scams
netted $43 billion in losses as new
variations emerge, FBI says. (to
the original material)
-
Healthcare patch priorities: HC3 alerts to
SAP, Microsoft, Android vulnerabilities. (to
the original material)
- US
proposes $1 million fine for Colonial
Pipeline ransomware attack. (to
the original material)
- FDA
user-fee legislation carves out baseline
for medical device cybersecurity. (to
the original material)
- DCRat,
only $5 for a fully working remote access
trojan. (to
the original material)
- CERT-UA
warns of malspam attacks distributing the
Jester info stealer. (to
the original material)
- Experts
developed exploits for CVE-2022-1388 RCE
in F5 BIG-IP products. (to
the original material)
- Experts
uncovered a new wave of attacks conducted
by Mustang Panda. (to
the original material)
- Hackers
replace Russian TV schedules during
'Victory Day' with anti-war messages. (to
the original material)
-
Agricultural manufacturer AGCO hit by
ransomware. (to
the original material)
- #HowTo:
Keep the benefits of Zero Trust. (to
the original material)
-
Treasury sanctions crypto firm after North
Korea’s $620m heist. (to
the original material)
- London
Police warn of crypto muggings – Report. (to
the original material)
- US
Government offers $15m reward for info on
Conti actors. (to
the original material)
- NFTs
emerge as the next enterprise attack
vector. (to
the original material)
- EFF and
other civil society organizations issue
report on danger to digital rights in Ola
Bini Trial. (to
the original material)
- Thomson
Reuters to review human rights impact of
its data collection for ICE. (to
the original material)
-
Exploits created for critical flaw in F5
Networks' BIG-IP. (to
the original material)
- Mass
distribution of self-destructing malware
in Ukraine. (to
the original material)
-
Microsoft unveils services to simplify
threat hunting, XDR. (to
the original material)
-
Preparing for hacktivism tied to US
Supreme Court's Ruling. (to
the original material)
- TLStorm
2.0 flaws leave Aruba, Avaya Switches
vulnerable. (to
the original material)
- Putin’s
‘Victory Parade’ TV show hacked: ‘Blood on
Your Hands’. (to
the original material)
- 5 Top
IoT security challenges and solutions. (to
the original material)
-
DarkAngels: A rebranded version of Babuk?
(to
the original material)
- Emotet
is testing new attack chain. (to
the original material)
-
Critical gems takeover bug reported in
RubyGems Package Manager. (to
the original material)
- Experts
sound alarm on DCRat backdoor being sold
on Russian hacking forums. (to
the original material)
- SHIELDS
UP in bite sized chunks. (to
the original material)
-
Industry pushes back against India's
data security breach reporting
requirements. (to
the original material)
-
Clearview AI promises not to sell
face-recognition database to most US
businesses. (to
the original material)
-
Europe's GDPR coincides with dramatic drop
in Android apps. (to
the original material)
- Biden
signs cybercrime tracking bill into law. (to
the original material)
- It
costs just $7 to rent DCRat to backdoor
your network. (to
the original material)
- Common
LinkedIn scams: Beware of phishing attacks
and fake job offers. (to
the original material)
- DeFi
protocol Fortress announces $3 million
hack ‘draining all funds’. (to
the original material)
- How to
remove yourself from Internet search
results and hide your identity. (to
the original material)
- We’re
back live at Infosecurity Europe 2022. (to
the original material)
-
Low-rent RAT worries researchers. (to
the original material)
- Quantum
leap: Biden administration commits to
ensuring US leadership in emerging tech. (to
the original material)
- BIG-IP:
Proof-of-concept released for RCE
vulnerability in F5 network management
tool. (to
the original material)
-
Majority of Americans fear some form of
cyberwarfare. (to
the original material)
- The
CSO's new seat at the executive table and
how to use it [Q&A]. (to
the original material)
08.05.2022
- News
from cyber security.
- Week in
review: F5 BIG-IP flaw, critical bugs in
Aruba and Avaya network switches, Patch
Tuesday forecast. (to
the original material)
- Check
your gems: RubyGems fixes unauthorized
package takeover bug. (to
the original material)
-
Exploits created for critical F5 BIG-IP
flaw, install patch immediately. (to
the original material)
- Caramel
credit card stealing service is growing in
popularity. (to
the original material)
- Conti
ransomware claims to have hacked Peru MOF
– Dirección General de Inteligencia
(DIGIMIN). (to
the original material)
- May 01
– May 07 Ukraine – Russia the silent cyber
conflict. (to
the original material)
- NIST
published updated guidance for supply
chain risks. (to
the original material)
- US
agricultural machinery manufacturer AGCO
suffered a ransomware attack. (to
the original material)
-
Security Affairs newsletter Round 364 by
Pierluigi Paganini. (to
the original material)
- US DoS
(Department of State) offers a reward of
up to $15M for info on Conti ransomware
gang. (to
the original material)
07.05.2022
- News
from cyber security.
- Fake
crypto giveaways steal millions using Elon
Musk Ark Invest video. (to
the original material)
- UK
sanctions Russian microprocessor makers,
banning them from ARM. (to
the original material)
- Trend
Micro antivirus modified Windows registry
by mistake - How to fix. (to
the original material)
- US
offers $15 million reward for info on
Conti ransomware gang. (to
the original material)
-
Raspberry Robin spreads via removable USB
devices. (to
the original material)
- Malware
campaign hides a shellcode into Windows
event logs. (to
the original material)
- US gov
sanctions cryptocurrency mixer Blender
also used by North Korea-linked Lazarus
APT. (to
the original material)
- How the
thriving fraud industry within Facebook
attacks independent media. (to
the original material)
-
Researchers associate North-Korean APT38
group with more ransomware strains. (to
the original material)
- DLL
Hijacking bug puts a hole in prominent
ransomware families. (to
the original material)
- UNC3524
APT has got backdoors, persistency tactics
under its sleeves. (to
the original material)
- Feds
post $10 million reward for Conti
ransomware actors. (to
the original material)
06.05.2022
-
News from
cyber security.
-
NIST updates
guidance for
cybersecurity
supply chain
risk
management. (to
the original
material)
-
May 2022 Patch
Tuesday
forecast: Look
beyond just
application
and OS
updates. (to
the original
material)
-
New infosec
products of
the week: May
6, 2022. (to
the original
material)
-
Smart
government
agencies are
opting for
multicloud
environments.
(to
the original
material)
-
Nothing
personal:
Training
employees to
identify a
spear phishing
attack. (to
the original
material)
-
Heroku hackers
got account
passwords via
OAuth token
theft. (to
the original
material)
-
Aruba
publishes
patches for 21
security bugs.
(to
the original
material)
-
The Week in
Ransomware -
May 6th 2022 -
An evolving
landscape. (to
the original
material)
-
Ferrari
subdomain
hijacked to
push fake
Ferrari NFT
collection. (to
the original
material)
-
US
agricultural
machinery
maker AGCO hit
by ransomware
attack. (to
the original
material)
-
QNAP fixes
critical QVR
remote command
execution
vulnerability.
(to
the original
material)
-
US sanctions
Bitcoin
laundering
service used
by North
Korean
hackers. (to
the original
material)
-
npm package
with 1.4M
weekly
downloads
ditches
npmjs.com for
own CDN. (to
the original
material)
-
More IT pros
say their
cloud security
posture
improved
post-COVID. (to
the original
material)
-
Another
database
compromise
reported in
GitHub,
Heroku, OAuth
tokens case. (to
the original
material)
-
Pro-Ukrainian
hackers boast
success in
disrupting
Russian
alcohol
industry with
DDoS attacks.
(to
the original
material)
-
Potential
Russian
cyberattacks
demonstrate
the need for
heightened
security. (to
the original
material)
-
Ransomware
groups keep
healthcare in
sights,
selling access
on the dark
web. (to
the original
material)
-
How the
thriving fraud
industry
within
Facebook
attacks
independent
media. (to
the original
material)
-
QNAP fixes
multiple
flaws,
including a
QVR RCE
vulnerability.
(to
the original
material)
-
Anonymous and
Ukraine IT
Army continue
to target
Russian
entities. (to
the original
material)
-
NetDooka
framework
distributed
via a
pay-per-install
(PPI) malware
service. (to
the original
material)
-
Vulnerable
Docker
installations
are a
playhouse for
malware
attacks. (to
the original
material)
-
Ukraine IT
Army hit EGAIS
portal
impacting
Russia’s
alcohol
distribution.
(to
the original
material)
-
Data breach
discovered at
IKEA Canada
impacts 95,000
Customers. (to
the original
material)
-
NIST updates
supply chain
cybersecurity
guidance. (to
the original
material)
-
Interview:
(ISC)2's CEO
discusses
cybersecurity's
human element.
(to
the original
material)
-
Special Police
Constable used
encrypted chat
to post child
abuse content.
(to
the original
material)
-
Ukrainians
DDoS Russian
vodka supply
chains. (to
the original
material)
-
Microsoft,
Apple and
Google team up
on
passwordless
standard. (to
the original
material)
-
Ikea Canada
breach exposes
95K customer
records. (to
the original
material)
-
Scammer
infects his
own machine
with spyware,
reveals true
identity. (to
the original
material)
-
White House
moves to shore
up US
Post-Quantum
Cryptography
Posture. (to
the original
material)
-
SafeGraph’s
disingenuous
claims about
location data
mask a
dangerous
industry. (to
the original
material)
-
Threat Roundup
for April 29
to May 6. (to
the original
material)
-
Defending
against APT
attacks – Week
in security
with Tony
Anscombe. (to
the original
material)
-
Time to
celebrate
Global MSP
(Managed
Service
Provider) Day
2022. (to
the original
material)
-
Microsoft 365
targeted as
businesses
struggle to
block email
threats. (to
the original
material)
-
Let humans be
humans and AI
be AI. (to
the original
material)
-
Biden revs up
US quantum
plans (because
China). (to
the original
material)
-
Log4j,
ProxyLogon Top
2021
exploitable
vulnerabilities
list. (to
the original
material)
-
NIST updates
guidance for
supply chain
risk
management. (to
the original
material)
-
US passes law
requiring
better
cybercrime
data
collection. (to
the original
material)
-
ISMG Editors:
Zero Trust
Special. (to
the original
material)
-
The evolving
ransomware
trends in the
healthcare
sector. (to
the original
material)
-
Pro-Ukraine
groups exploit
containers to
launch DoS
attacks. (to
the original
material)
-
IT skills
advice from
IDC’s IT
education and
certifications
expert. (to
the original
material)
-
This new
fileless
malware hides
shellcode in
Windows Event
logs. (to
the original
material)
-
Researchers
warn of
'Raspberry
Robin' malware
spreading via
external
drives. (to
the original
material)
-
Hackers using
PrivateLoader
PPI Service to
distribute new
NetDooka
malware. (to
the original
material)
-
WordPress
sites getting
hacked ‘within
seconds’ of
TLS
certificates
being issued.
(to
the original
material)
-
UK government
calls for
tougher
protections
against
malicious
mobile apps. (to
the original
material)
05.05.2022
-
News from
cyber security.
-
Cisco releases
security
updates for
Enterprise NFV
Infrastructure
Software. (to
the original
material)
-
Cybersecurity
News of the
Week
(05.05.2022).
(to
the original
material)
-
Critical F5
BIG-IP flaw
allows device
takeover,
patch ASAP!
(CVE-2022-1388).
(to
the original
material)
-
Tackling the
threats posed
by shadow IT.
(to
the original
material)
-
Passwords are
secrets that
should never
be shared. (to
the original
material)
-
7 threat
detection
challenges
CISOs face and
what they can
do about it. (to
the original
material)
-
How to
identify
vulnerabilities
with NMAP. (to
the original
material)
-
New Raspberry
Robin worm
uses Windows
Installer to
drop malware.
(to
the original
material)
-
White House:
Prepare for
cryptography-cracking
quantum
computers. (to
the original
material)
-
Ukraine’s IT
Army is
disrupting
Russia's
alcohol
distribution.
(to
the original
material)
-
NIST updates
guidance for
defending
against
supply-chain
attacks. (to
the original
material)
-
Microsoft,
Apple, and
Google to
support FIDO
passwordless
logins. (to
the original
material)
-
Google fixes
actively
exploited
Android kernel
vulnerability.
(to
the original
material)
-
New NetDooka
malware
spreads via
poisoned
search
results. (to
the original
material)
-
Tor project
upgrades
network speed
performance
with new
system. (to
the original
material)
-
Heroku admits
that customer
credentials
were stolen in
cyberattack. (to
the original
material)
-
F5 BIG-IP
systems
vulnerable to
remote
takeover. (to
the original
material)
-
Federal Court
puts cyber
security onus
on financial
services
firms. (to
the original
material)
-
Heroku forces
user password
resets. (to
the original
material)
-
Critical bugs
found in Cisco
Enterprise NFV
software. (to
the original
material)
-
TfNSW hit by
second cyber
attack in less
than 18
months. (to
the original
material)
-
Apple, Google
and Microsoft
promise
passwordless
authentication.
(to
the original
material)
-
Cisco makes
public its
Cloud Controls
Framework for
security
requirements.
(to
the original
material)
-
Please stop
giving bad
password
advice. (to
the original
material)
-
DHS board
reignites
debate on
proper role of
feds when
fighting
disinformation.
(to
the original
material)
-
New framework
aims to secure
digital health
apps not
covered by
HIPAA. (to
the original
material)
-
Healthcare
groups renew
call to remove
funding ban on
national
patient
identifier. (to
the original
material)
-
What is XDR (eXtended
Detection and
Response)
and who should
buy in? (to
the original
material)
-
Avast patches
decade-old
vulnerabilities
in antivirus
product. (to
the original
material)
-
Securities and
Exchange
Commission
doubles
enforcement
team for
crypto
markets. (to
the original
material)
-
Google
addresses
actively
exploited
Android flaw
in the kernel.
(to
the original
material)
-
Cisco
addresses
three bugs in
Enterprise
NFVIS
Software. (to
the original
material)
-
A couple of
10-Year-Old
flaws affect
Avast and AVG
antivirus. (to
the original
material)
-
F5 warns its
customers of
tens of flaws
in its
products. (to
the original
material)
-
China-linked
Winnti APT
steals
intellectual
property from
companies
worldwide. (to
the original
material)
-
Hunter Biden
laptop
repairman sues
over hacker
allegations. (to
the original
material)
-
Illuminate
data breach
Impacts more
school
districts. (to
the original
material)
-
Will FIDO
replace OTP
(One Time
Passcodes)
Multi-Factor
Authentication?
(to
the original
material)
-
South Korea
admitted to
NATO Cyber
Defense
Center. (to
the original
material)
-
NHS inboxes
hijacked to
send 1000+
malicious
emails. (to
the original
material)
-
FBI: Thailand
and Hong Kong
Banks used
most in BEC
(Business
Email
Compromise). (to
the original
material)
-
A third of
Americans use
easy-to-guess
pet passwords.
(to
the original
material)
-
Critical Cisco
VM-Escape bug
threatens host
takeover. (to
the original
material)
-
FBI: Bank
losses from
BEC attacks
top $43B. (to
the original
material)
-
Chinese APT
group Mustang
Panda targets
European and
Russian
organizations.
(to
the original
material)
-
The Movement
to ban
Government use
of face
recognition. (to
the original
material)
-
Threat Source
newsletter
(May 5, 2022)
- Emotet is
using up all
of its nine
lives. (to
the original
material)
-
Mustang Panda
deploys a new
wave of
malware
targeting
Europe. (to
the original
material)
-
There’s no
sugarcoating
it: That
online sugar
daddy may be a
scammer. (to
the original
material)
-
Manually
identifying an
X-Cart credit
card skimmer.
(to
the original
material)
-
Below the
Surface:
Destructive
malware and
other threats
to watch. (to
the original
material)
-
Organizations
not equipped
to handle
increasing
third-party
risks. (to
the original
material)
-
GitHub to
introduce 2FA
requirement
for developer
accounts. (to
the original
material)
-
Many of your
'secure'
passwords will
have been
leaked or
compromised -
here's how to
easily check
and change
them. (to
the original
material)
-
World Password
Day helps to
raise security
awareness. (to
the original
material)
-
In the event
of a
cyberattack,
secure your
data first. (to
the original
material)
-
Google, Apple,
Microsoft
commit to
eliminating
passwords. (to
the original
material)
-
Stop naming
vulnerabilities
- Just stop. (to
the original
material)
-
CVE-2022-20777:
Cisco
Vulnerability
Could Allow
Unauthorized
Root-Level
Access. (to
the original
material)
-
Report:
Unsecured AWS
bucket leaked
cancer website
user data. (to
the original
material)
-
Chinese APT
group Winnti
is stealing
intellectual
property. (to
the original
material)
-
Connecticut
becomes 5th US
State to get
data privacy
law. (to
the original
material)
-
Ransomware: Is
the tide
finally
turning
against
criminals? (to
the original
material)
-
The Ransomware
Files, Episode
7: Ryuk's
Rampage. (to
the original
material)
-
Stock
Sell-Off:
Cloudflare,
Rapid7,
SentinelOne
Hardest-Hit. (to
the original
material)
-
Tackling
2022's
emerging
social
engineering
& fraud
scams plaguing
financial
services. (to
the original
material)
-
Ransomware
Payments: Just
46% of victims
now pay a
ransom. (to
the original
material)
-
Can't fight
that REvil
ransomware
feeling
anymore? (to
the original
material)
04.05.2022
-
News from
cyber security.
-
CISA adds five
known
exploited
vulnerabilities
to Catalog. (to
the original
material)
-
Mozilla
releases
security
updates for
Firefox,
Firefox ESR,
and
Thunderbird. (to
the original
material)
-
F5 Releases
security
advisories
addressing
multiple
vulnerabilities.
(to
the original
material)
-
Analysis of
the malicious
application
‘Voicemail.apk’,
propagated by
trap messages
sent by
attackers to
users in
Romania during
the Easter
holidays. (to
the original
material)
-
A checklist to
help
healthcare
organizations
respond to a
serious
cyberattack. (to
the original
material)
-
Stealthy APT
group plunders
very specific
corporate
email
accounts. (to
the original
material)
-
Good end user
passwords
begin with a
well-enforced
password
policy. (to
the original
material)
-
Self-promotion
in
cybersecurity:
Why you should
do it, and
how. (to
the original
material)
-
How to enhance
your cyber
defense
program with
CIS
SecureSuite. (to
the original
material)
-
The 6 steps to
a successful
cyber defense.
(to
the original
material)
-
F5 warns of
critical
BIG-IP RCE bug
allowing
device
takeover. (to
the original
material)
-
Cisco fixes
NFVIS bugs
that help gain
root and
hijack hosts.
(to
the original
material)
-
Pixiv,
DeviantArt
artists hit by
NFT job offers
pushing
malware. (to
the original
material)
-
Attackers
hijack UK NHS
email accounts
to steal
Microsoft
logins. (to
the original
material)
-
Heroku forces
user password
resets but
fails to
explain why. (to
the original
material)
-
FBI says
business email
compromise is
a $43 billion
scam. (to
the original
material)
-
Hackers stole
data
undetected
from US,
European orgs
since 2019. (to
the original
material)
-
GitHub to
require 2FA
from active
developers by
the end of
2023. (to
the original
material)
-
Using
PowerShell to
manage
password
resets in
Windows
domains. (to
the original
material)
-
Pro-Ukraine
hackers use
Docker images
to DDoS
Russian sites.
(to
the original
material)
-
Aruba, Avaya
switches
susceptible to
remote
takeover,
patches on the
way. (to
the original
material)
-
Large amount
of IoT gear
menaced by
unpatched DNS
vulnerability.
(to
the original
material)
-
Security is
the top
challenge to
cloud-native
development,
IT pros say. (to
the original
material)
-
GitHub
requires all
coders to use
2FA by end of
2023. (to
the original
material)
-
The cloud
presents some
risk, but
there are ways
to prevent
against
cloud-based
supply chain
attacks. (to
the original
material)
-
Cloud data
platforms have
become the
secret weapon
in the
cybersecurity
arms race. (to
the original
material)
-
White House
rolls out new
timelines,
mandates for
‘post quantum’
encryption
replacement. (to
the original
material)
-
New security
realities
emerge as
financial
firms move
into the
cloud. (to
the original
material)
-
Stakeholder
coordination
still needs
improvement a
year after
Colonial
Pipeline
attack. (to
the original
material)
-
Pro-Ukraine
attackers
compromise
Docker images
to launch DDoS
attacks on
Russian sites.
(to
the original
material)
-
Experts linked
multiple
ransomware
strains North
Korea-backed
APT38 group. (to
the original
material)
-
An expert
shows how to
stop popular
ransomware
samples via
DLL hijacking.
(to
the original
material)
-
Groundbreaking
Cybersecurity
Book
Published. (to
the original
material)
-
SIM fraud
solution
sparks privacy
fears. (to
the original
material)
-
HHS
Information
Security
Program 'Not
Effective'. (to
the original
material)
-
UK to place
security
requirements
on app
developers and
store
operators. (to
the original
material)
-
Healthcare and
Education
sectors most
susceptible to
cyber
incidents. (to
the original
material)
-
NCSC updates
code of
practice for
smart building
security. (to
the original
material)
-
State-Backed
Chinese
hackers target
Russia. (to
the original
material)
-
SEC doubles
cyber and
crypto assets
team. (to
the original
material)
-
Chinese APT
group Winnti
stole trade
secrets in
years-long
undetected
campaign. (to
the original
material)
-
Digital
Security and
Privacy tips
for those
involved in
abortion
access. (to
the original
material)
-
The EU's
Copyright
Directive is
still about
filters, but
EU’s top court
limits its
use. (to
the original
material)
-
3 most
dangerous
types of
Android
malware. (to
the original
material)
-
Why do web
application
firewalls
appear so
complex? (to
the original
material)
-
Three-quarters
of companies
focus
development on
cloud-native
applications.
(to
the original
material)
-
How much does
security
software
really slow
down your PC?
(to
the original
material)
-
Cybereason
discloses
attack vector
used by
Chinese
cybergang to
steal IP. (to
the original
material)
-
Learning
Machine
Learning Part
3: Attacking
Black Box
Models. (to
the original
material)
-
Black Basta:
New ransomware
on the rise. (to
the original
material)
-
Security
researcher
discovers
vulnerabilities
in popular
ransomware
families. (to
the original
material)
03.05.2022
-
News from
cyber security.
-
Introduction to
DoS and DDoS. (to
the original
material)
-
ENISA & ETSI
Joint Workshop
tackles challenges
of European
Identity Proofing.
(to
the original
material)
-
Phishers exploit
Google’s SMTP
Relay service to
deliver spoofed
emails. (to
the original
material)
-
RSAC Innovation
Sandbox Contest
finalists
announced. (to
the original
material)
-
TLStorm 2.0:
Critical bugs in
widely-used Aruba,
Avaya network
switches. (to
the original
material)
-
CMS-based sites
under attack: The
latest threats and
trends. (to
the original
material)
-
How to implement a
best-in-class SASE
architecture. (to
the original
material)
-
Discover your
public cloud
exposure with
Recon.Cloud. (to
the original
material)
-
Password tips to
keep your accounts
safe. (to
the original
material)
-
Unpatched DNS bug
affects millions
of routers and IoT
devices. (to
the original
material)
-
Aruba and Avaya
network switches
are vulnerable to
RCE attacks. (to
the original
material)
-
Chinese
cyber-espionage
group Moshen
Dragon targets
Asian telcos. (to
the original
material)
-
Password
vulnerability
fixed in Dell
storage firmware.
(to
the original
material)
-
Five common
security mistakes
that development
teams make every
day. (to
the original
material)
-
Aruba, Avaya
network switches
vulnerable to SSL
implementation
flaws. (to
the original
material)
-
A DNS flaw impacts
a library used by
millions of IoT
devices. (to
the original
material)
-
China-linked
Moshen Dragon
abuses security
software to
sideload malware.
(to
the original
material)
-
UNC3524 APT uses
IP cameras to
deploy backdoors
and target
Exchange. (to
the original
material)
-
Package Analysis
dynamic analyzes
packages in
open-source
repositories. (to
the original
material)
-
NortonLifeLock
willfully
infringed malware
patents. (to
the original
material)
-
Ransomware attack
closes Michigan
College. (to
the original
material)
-
I'm
@InfosecEditor...Get
Me Out of Here! (to
the original
material)
-
Mental Health and
Prayer apps fail
the privacy test.
(to
the original
material)
-
Car rental giant
Sixt hit by
cyber-attack. (to
the original
material)
-
Roundtable:
Experts discuss
current cyber
threat trends and
challenges. (to
the original
material)
-
Ponzi scheme
suspect deported
to China after
$36m bust. (to
the original
material)
-
How to create a
cybersecurity
Mentorship
program. (to
the original
material)
-
TLS flaws leave
Avaya, Aruba
Switches open to
complete takeover.
(to
the original
material)
-
Digital rights
updates with
EFFector 34.3. (to
the original
material)
-
Podcast Episode:
Teaching AI to its
targets. (to
the original
material)
-
WooCommerce credit
card skimmers
concealed in fake
images. (to
the original
material)
-
Alert identifies
top 15 most common
vulnerabilities. (to
the original
material)
-
Conti and Hive
ransomware
operations: What
we learned from
these groups'
victim chats. (to
the original
material)
-
Brits have more
online accounts
but stick with the
same old
passwords. (to
the original
material)
-
New endpoint
solution delivers
real-time
protection against
vulnerabilities. (to
the original
material)
-
Security
professionals say
attackers are
better at using AI
than defenders. (to
the original
material)
-
Microsoft's SMB
security tool,
Microsoft Defender
for Business, hits
general
availability. (to
the original
material)
-
What’s behind the
record‑high number
of zero days? (to
the original
material)
-
Bitdefender Mobile
Security receives
a new level of
education for the
Scam Alert
function. (to
the original
material)
-
New ransomware
strains linked to
North Korean govt
hackers. (to
the original
material)
-
Conti, REvil,
LockBit ransomware
bugs exploited to
block encryption.
(to
the original
material)
-
New phishing
warns: Your
verified Twitter
account may be at
risk. (to
the original
material)
-
SEC ramps up fight
on cryptocurrency
fraud by doubling
cyber unit. (to
the original
material)
-
Google: Chinese
state hackers keep
targeting Russian
govt agencies. (to
the original
material)
-
DNS bug found in C
standard library
used in popular
IoT products. (to
the original
material)
-
Former eBay Exec
pleads guilty to
cyber stalking. (to
the original
material)
-
NSA warns of
increased threat
of state-sponsored
IT/OT
cyberattacks. (to
the original
material)
-
Spanish govt.
hacked by NSO
Pegasus Spyware
(or was it?). (to
the original
material)
-
How to build a
threat detection
playbook in 15
minutes or less. (to
the original
material)
-
Five security
lessons from the
Lapsus$ attacks. (to
the original
material)
-
Motorola creates
Hub for sharing
cyberthreat
intelligence. (to
the original
material)
-
Google’s SMTP
service exploited
in phishing
attacks. (to
the original
material)
02.05.2022
-
News from
cyber security.
-
Romania under
combined cyber
attack. (to
the original
material)
-
Vulnerability
Summary for the
Week of April 25,
2022. (to
the original
material)
-
Recommendations
for handling DDoS
attacks. (to
the original
material)
-
Google offers 50%
higher bounties
for bugs in
Android 13 Beta. (to
the original
material)
-
How is the U.S.
government
preparing for
critical
infrastructure
attacks? (to
the original
material)
-
How to avoid
security blind
spots when logging
and monitoring. (to
the original
material)
-
Cybersecurity
skills shortage:
Could training,
certifications and
diversity be a
solution? (to
the original
material)
-
55% of people rely
on their memory to
manage passwords.
(to
the original
material)
-
Infosec products
of the month:
April 2022. (to
the original
material)
-
Car rental giant
Sixt facing
disruptions due to
a cyberattack. (to
the original
material)
-
U.S. DoD tricked
into paying $23.5
million to
phishing actor. (to
the original
material)
-
India mandates
data breach
notification
within six hours.
(to
the original
material)
-
The mystery behind
the samples of the
new REvil
ransomware
operation. (to
the original
material)
-
Group-IB CEO
remains in prison
– the Russian-led
company has been
‘blacklisted’ in
Italy. (to
the original
material)
-
IoT and
Cybersecurity:
What’s the Future?
(to
the original
material)
-
Russia-linked
APT29 targets
diplomatic and
government
organizations. (to
the original
material)
-
Synology and QNAP
warn of critical
Netatalk flaws in
some of their
products. (to
the original
material)
-
American Idol
winner accused of
spying on
ex-girlfriend. (to
the original
material)
-
Californian
Phished $23.5m
from DoD. (to
the original
material)
-
#HowTo: Solve the
machine identity
crisis. (to
the original
material)
-
New OWASP Top 10:
Beware of Poor
Security
Practices. (to
the original
material)
-
Microsoft Defender
for Business
stand-alone now
generally
available. (to
the original
material)
-
Google SMTP relay
service abused for
sending phishing
emails. (to
the original
material)
-
Cyberspies use IP
cameras to deploy
backdoors, steal
Exchange emails. (to
the original
material)
-
Cybersecurity
skills gap
contributes to
breaches, security
pros say. (to
the original
material)
-
Connect security
with the business
by asking better
questions. (to
the original
material)
-
US critical
infrastructure
companies stay on
high alert for
Russian
cyberattacks as
the war in Ukraine
continues. (to
the original
material)
-
Audit finds SSRF
vulnerability in
VMware Workspace
One UEM. (to
the original
material)
-
Congress wants to
study the
cybersecurity of
satellites after
Viasat hack. (to
the original
material)
-
Car rental company
Sixt hit by a
cyberattack that
caused temporary
disruptions. (to
the original
material)
-
Spyware found on
Spanish PM's
phone. (to
the original
material)
-
Tracking Exposed:
Demanding that the
gods explain
themselves. (to
the original
material)
-
The EU Digital
Markets Act places
new obligations on
“Gatekeeper”
platforms. (to
the original
material)
-
The EU Digital
Markets Act’s
Interoperability
Rule addresses an
important need,
but raises
difficult security
problems for
encrypted
messaging. (to
the original
material)
-
Vulnerability
Spotlight: Two
vulnerabilities in
Accusoft ImageGear
could lead to DoS,
arbitrary free. (to
the original
material)
-
3 Spring cleaning
tips for improving
cybersecurity
hygiene. (to
the original
material)
-
Spring4Shell marks
the end of ‘Snooze
Button’ security.
(to
the original
material)
01.05.2022
-
News from
cyber security.
-
Press release:
Phishing and
spear-phishing
attacks spread via
email or messaging
platforms. (to
the original
material)
-
Week in review:
Quantum Locker
ransomware, most
exploited
vulnerabilities in
2021. (to
the original
material)
-
Apr 24 – Apr 30
Ukraine – Russia
the silent cyber
conflict. (to
the original
material)
-
Security Affairs
newsletter Round
363 by Pierluigi
Paganini. (to
the original
material)
-
REvil ransomware
returns: New
malware sample
confirms gang is
back. (to
the original
material)
-
Open source
'Package Analysis'
tool finds
malicious npm,
PyPI packages. (to
the original
material)
-
Russian hackers
compromise embassy
emails to target
governments. (to
the original
material)
-
A YouTuber is
promoting DDoS
attacks on Russia
- how legal is
this? (to
the original
material)
-
Hackers stole +80M
from DeFi
platforms Rari
Capital and Fei
Protocol. (to
the original
material)
Archive:
Source:
Note Dorin M.
This site has a double
form, one in HTML and one in Joomla (if you are interested
in the utility behind this effort you can read the "Why
a HTML and a CMS (Joomla)" page).
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
Dorin M - May 31, 2022