IT Security News Daily Summary 2022-05-25 | #linux | #linuxsecurity

How Cisco Duo Is Simplifying Secure Access for Organizations Around the World

Secure communication with light particles

Eerie GoodWill ransomware forces victims to publish videos of “good” deeds on social media

In record year for vulnerabilities, Microsoft actually had fewer

Complete Guide to Keylogging in Linux: Part 1

The Verizon 2022 DBIR

Massive increase in XorDDoS Linux malware in last six months

Vehicle owner data exposed in GM credential stuffing attack

PayPal Bug Enables Attackers to Exfiltrate Cash from Users’ Account

Protecting Consumer IoT Devices from Cyberattacks

Ransomware Attack disrupts airlines services of Spice Jet

How to Find a Vulnerability in a Website

Alleged Cybercrime Ringleader Arrested in Nigeria

Manipulating Machine-Learning Systems through the Order of the Training Data

Part 1: Historic To 2022 – The Threat Of Malevolence

Mark Zuckerberg Sued By DC AG Over Cambridge Analytica Scandal

Tidelift Raises $27 Million to Tackle Open Source Supply Chain Security

Tapping Neurodiverse Candidates Can Address Cybersecurity Skills Shortage

Webinar Today: Missing Links for Managing OT Cyber Risk

USB Devices Redux

Microsoft Warned That Hackers Are Using More Advanced Techniques to Steal Credit Card Data

How license plate scanners challenge our data privacy

Data on ransomware attacks is ‘fragmented and incomplete’ warns Senate report

5 reasons why GDPR was a milestone for data protection

Interpol Arrest Leader of SilverTerrier Cybercrime Gang Behind BEC Attacks

When Do We Call Russia’s Atrocities a Genocide?

Supply Chain Risk Management (SCRM) Explained

8 things you need to know about cloud-native applications

Multiple Vulnerabilities In Facebook Could Allow Account Takeover

Top 5 Benefits of Office 365 Advanced Threat Protection

Web scraping: What is it and why is it needed?

How to develop competency in cyber threat intelligence capabilities

WhiteSource Becomes Mend, Adds Automatic Code Remediation

Industry 4.0 Points Up Need for Improved Security for Manufacturers

Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room

Top 6 Awwwards Websites and Tools They Are Built With

New Linux-Based Ransomware ‘Cheerscrypt’ Targets EXSi Devices

Samsung To Create 80,000 New Jobs, Plans $356 Billion Investment

Pro-Iran Group ALtahrea Hits Port of London Website by DDoS Attack

Microsoft research reveals the changing face of skimming campaigns

AMD unveils Epyc confidential computing on Google cloud

Report: Average time to detect and contain a breach is 287 days

Verizon Report: Ransomware, Human Error Among Top Security Risks

Zoom Patches ‘Zero-Click’ RCE Bug

Link Found Connecting Chaos, Onyx and Yashma Ransomware

Is REvil having a resurgence, or is there a copycat hacking group?

Chrome 102 Patches 32 Vulnerabilities

Notorious Vietnamese Hacker Turns Government Cyber Agent

Two Cybersecurity Companies Offering Free Risk Assessments

UK Government Cybersecurity Advisory Board Applications Now Open

Messages Sent Through Zoom Can Expose People to Cyber-Attack

DBIR Makes a Case for Passwordless

‘Tough to Forge’ Digital Driver’s Licenses Are—Yep—Easy to Forge

Learn How Hackers Can Hijack Your Online Accounts Even Before You Create Them

How Secrets Lurking in Source Code Lead to Major Breaches

Revisiting the Session: The Potential for Shared Signals

Chaining Zoom bugs is possible to hack users in a chat by sending them a message

Zoom Patches XMPP Vulnerability Chain That Could Lead To Remote Code Execution

Quad Nations Pledge Deeper Collaboration On Infosec And More

Beijing Needs The Ability To Destroy Starlink, Say Chinese Researchers

Web App Attacks On The Rise In Healthcare

2022 Verizon Data Breach Investigations Report, Cyber Security Experts Reactions

SpiceJet Suffers Ransomware Attack

More and More Companies Are Getting Hit with Ransomware [2021-2022]

How the Saitama backdoor uses DNS tunnelling

Beijing needs the ability to ‘destroy’ Starlink, say Chinese researchers

(ISC)2 Supports Members with Thoughtful Response to SEC Proposed Rule on Cybersecurity Reporting

Cybersecurity for banks – How Global Banks enable the secure remote workforce

Google Discloses Details of Zoom Zero-Click Remote Code Execution Exploit

GoodWill Ransomware Demands People Help the Most Vulnerable

EUS Car Giant General Motors Hit By Credential Stuffing Attack

Privacy focused browser allows Microsoft trackers

Update now! Multiple vulnerabilities patched in Google Chrome

Silicon UK In Focus Podcast: The Future of SaaS

Global Digital Tax Law Not Ready Until 2024, Says OECD

Trend Micro Patches Vulnerability Exploited by Chinese Cyberspies

[Template] Incident Response for Management Presentation

Researchers Find New Malware Attacks Targeting Russian Government Entities

What’s wrong with automotive mobile apps?

US government lacks ransomware data

Ethical AI – How is AI Redefining the Insurance Industry?

Cybersecurity’s New Frontier: Space

Hacking The Cybersecurity Field: How To Get Into Cyber As A Young Adult

Small Businesses Remain Vulnerable, With Rising Cyberattacks

Running to the Cloud: Why Enterprise Companies Need a Cloud-based Payroll

68% of Legal Sector Data Breaches Caused by Insider Threats

Proton Is Trying to Become Google—Without Your Data

Verizon 2022 DBIR: External attacks and ransomware reign

Goodbye cookies, hello digital fingerprints

Spain Approves $13.1bn To Attract Chip Sector Investment

SpiceJet Suffered a Ransomware Attack

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

How CISOs are adjusting in the wake of two years of pandemic disruption

What is threat hunting?

Quad nations pledge deeper collaboration on infosec, data-sharing, and more

7 ways to protect your network from wardriving attacks

About half of popular websites tested found vulnerable to account pre-hijacking

Indian stock markets given ten day deadline to file infosec report, secure board signoff

Over 380 000 Kubernetes API Servers are Exposed to a Range of Attacks

Oracle bolsters its Cloud Security capabilities

IBM takes initiative to improve Ransomware Protection in Public Schools

Detecting and Responding to a Ransomware Attack

Threat Intelligence: The Key to Higher Security Operation Performance

New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message

Where is attack surface management headed?

How to navigate GDPR complexity

ISACA Helps Enterprises Navigate China’s Personal Information Protection Law in New Resource

How to counter smart home device breaches

How to Prevent Burnout Among Cybersecurity Professionals Before, During and After a Breach

Building trust in a Zero-Trust security environment

Stories from the SOC – Command and Control

Elevation of Privilege is the #1 Microsoft vulnerability category

Can we trust the cybersecurity of the energy sector?

How Can OEMs Reduce Their Risk of Cyberattacks?

Keeping pace with emerging threats: The roundup

HYAS Confront uncovers anomalies hiding in the production network

Zoom patches XMPP vulnerability chain that could lead to remote code execution

XM Cyber announces new capability to detect exposures in Microsoft Active Directory

Zilla Universal Sync allows enterprises to integrate any cloud platform or application without security API support

PIXM Mobile provides real-time protection from phishing attacks on mobile devices

FortiNDR identifies cyberattacks based on anomalous network activity and limits threat exposure

Forescout Frontline helps organizations tackle ransomware and real time threats

F5 NGINX for Microsoft Azure enables enterprises to extend workloads to the cloud

Oracle expands cloud security capabilities to help customers protect their applications and data

Censornet introduces integrated IDaaS to enhance context-based security

SafeGuard Cyber adds email protection for Microsoft 365 to defend customers against sophisticated attacks

Thales Cinterion MV32 modem card enables manufacturers to build high-performance 5G devices

Astadia FastTrack Factory accelerates mainframe migration projects for enterprises

Wendy’s – 52,485 breached accounts

Broadcom Software Shows How the Cyber Defence Centre Will Help in 2022

Predator spyware sold with Chrome, Android zero-day exploits to monitor targets

NightDragon partners with Coalfire to accelerate portfolio compliance and cybersecurity readiness

Arcanna.ai collaborates with MNEMO to drive security operations using AI/ML

Poisoned Python and PHP packages purloin passwords for AWS access

Tidelift raises $27 million to improve open source software supply chain security

Clearwater acquires CynergisTek to address growing cybersecurity and compliance needs

T-Mobile and Ericsson join forces to bring 5G network solutions to enterprises

‘There’s No Ceiling’: Ransomware’s Alarming Growth Signals a New Era, Verizon DBIR Finds

LambdaTest hires Maneesh Sharma as COO

John Vecchi joins Phosphorus Cybersecurity as CMO

PKWARE promotes Matt Zomboracz to CFO

NYC rips out last pay phones

IBM amnnounces multi-million dollar in-kind grants to help schools fight off cyberattacks

Tanium’s free risk assessment provides customers with a complete view of their risk posture

CoreStack appoints Robert Ford as VP of Enterprise Strategy

Kellie Snyder joins Onapsis as Chief Customer Officer

The Navy has saved $150 million by consolidating IT systems, official says

Microsoft Elevation-of-Privilege Vulnerabilities Spiked Again in 2021

Patch now: Zoom chat messages can infect PCs, Macs, phones with malware

IT Security News Daily Summary 2022-05-24

Is it really technology that makes a city smart?

MFA technology is rapidly evolving — are mandates next?

New Attack Shows Weaponized PDF Files Remain a Threat

Get More from Your Cybersecurity Spend When Inflation Rates Climb

Netskope releases new data loss prevention solution

DeFi Is Getting Pummeled by Cybercriminals

OneTrust releases ‘first’ trust intelligence platform for compliance

142 Million MGM Resorts Records Leaked on Telegram for Free Download

New Connecticut Privacy Law Makes Path to Compliance More Complex

Emulating impossible ‘unipolar’ laser pulses paves the way for processing quantum information

Voice phishing attacks reach all-time high

As remote work persists, cities struggle to adapt

Video: Fireside Chat With Shane Huntley, Director at Google’s Threat Analysis Group

XM Cyber Adds New Security Capability for Microsoft Active Directory

Trend Micro addressed a flaw exploited by China-linked Moshen Dragon APT

DOD to debut virtual desktops for certain highly classified programs

Strong Password Policy Isn’t Enough, Study Shows

Safeguarding Android Users From Zero-Day Attacks

Bad Bot Traffic is Significantly Contributing to Rise of Online Scam

PDF Smuggles Microsoft Word Doc to Deliever Snake Keylogger Malware

Swagger UI Library Vulnerability Potentially Affects Multiple Services

2022-05-23 – IcedID infection with DarkVNC traffic

This crafty tool can eavesdrop on 6G wireless signals

Zuckerberg Sued By DC Attorney General Over Cambridge Analytica Data Scandal

GDPR Anniversary, Expert Insight On What Lead To GDPR Fines

Chicago Public Schools Data Breach – Expert Comments

Facial Recognition Company Clearview Ai Fined £7.5m For Illegally Using Images Of Brits Scraped From Online

The 8 Design Principles Of A Zero Trust Network

Why do hackers keep coming back to attack you? Because they can

Organizations are More Susceptible to Known Vulnerabilities in Comparison to Zero-Day Flaw

Ransomware Attacks Increasing at “Alarming” Rate

Senate Report: US Government Lacks Comprehensive Data on Ransomware

New Statistics Confirm the Continuing Decline in the Use of National Surveillance Authorities

Opportunity to Reform the Department of Homeland Security’s Biodefense Operations and Governance

CCSP Exam – Many Changes on the Way!

Morse Code: How did it change communication?

How DNS filtering can help protect your business from Cybersecurity threats

Cybersecurity and resilience: board-level issues

Facebook opens political ad data vaults to researchers

Netskope Expands Data Protection Capabilities to Endpoint Devices and Private Apps

How to Develop Machine Learning Skills for Every Employee in Your Company

Cyber Attack on General Motors exposes customer details

Personal Data of Tens of Millions of Russians and Ukrainians Exposed Online

How to create a Docker secret and use it to deploy a service

Crypto Hacks Aren’t a Niche Concern; They Impact Wider Society

Nisos Announces $15 Million in Series B Funding Round

Popular PyPI Package ‘ctx’ and PHP Library ‘phpass’ Hijacked to Steal AWS Keys

PyPI Served Malicious Version of Popular ‘Ctx’ Python Package

These are the flaws that let hackers attack blockchain and DeFi projects

Semperis Banks $200 Million to Scale Enterprise ID Protection Tech

What Is Ping of Death?

Instagram verification services: What are the dangers?

A favorite of cybercriminals and nation states, ransomware incidents increase again

LimaCharlie Banks $5.45 Million in Seed Funding

Red Access Raises $6 Million for Secure Browsing Tech

BNP Paribas Joins JP Morgan Blockchain Trading Network

How to Analyze Phishing Email Files

Cybersecurity Tips for a Safer Vacation

Fronton IOT Botnet Packs Disinformation Punch

Account pre-hijacking attacks possible on many online services

Tidelift raises $27M to secure open-source supply chain

Hackers Can ‘Pre-Hijack’ Online Accounts Before They Are Created by Users

Microsoft warns of new highly evasive web skimming campaigns

The Incredible Shrinking FISA: CY 2021 Statistics Confirm the Continuing Decline in the Use of National Surveillance Authorities

Introducing Autocomplete for VirusTotal Intelligence queries

SEC Held Off Elon Musk Enforcement ‘Due To Court Fears’

General Motors suffers credential stuffing attack

New Chaos Ransomware Builder Variant “Yashma” Discovered in the Wild

SIM-based Authentication Aims to Transform Device Binding Security to End Phishing

Anonymous Declares Cyber-War On Pro-Russian Hacker Gang Killnet

GDPR Anniversay, Expert Insight On What Lead To GDPR Fines

Tidelift raises $27M to secure open source supply chain

Snap Earnings Warning Triggers Tech Sell-Off

Microsoft: Credit card skimmers are switching techniques to hide their attacks

Cabinet Office Reports 800 Missing Electronic Devices in Three Years

Open Source Intelligence May Be Changing Old-School War

Malware Analysis: Trickbot

The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking

The Fault in Our kubelets: Analyzing the Security of Publicly Exposed Kubernetes Clusters

Russian Operator Discounts Smartphones As Sanctions Bite

Twisted Panda: Chinese APT Launch Spy Operation Against Russian Defence Institutes

Cybersecurity Community Warned of Fake PoC Exploits Delivering Malware

Conti Ransomware Operation Shut Down After Splitting into Smaller Groups

RansomHouse: Bug bounty hunters gone rogue?

China lashes out at US-led Asia-Pacific trade framework

This era of big tech exceptionalism has got to end: Australian eSafety Commissioner

IBM is helping these schools build up their ransomware defenses

SolarWinds: Here’s how we’re building everything around this new cybersecurity strategy

Conti Ransomware Gang Shut Down After Splitting into Smaller Groups

Cyberattack on General Motors exposes customer data

It’s 2022 and there are still malware-laden PDFs in emails exploiting bugs from 2017

Clearview AI Fined £7.5m Over Facial Recognition Data

US Car Giant General Motors Hit by Cyber-Attack Exposing Car Owners’ Personal Info

Microsoft Warns of Web Skimmers Mimicking Google Analytics and Meta Pixel Code

Clearview AI fined £7.5m for harvesting data

GM Credential Stuffing Attack Reveals Automobile Owners’ Details

This Malware-spreading PDF Uses a Clever File Name to Fool the Unsuspecting Victims

Zero-day vulnerabilities in Chrome and Android exploited by commercial spyware

ICO Fines Clearview AI £7.5m for Collecting UK Citizens’ Data

The Surveillance State Is Primed for Criminalized Abortion

Nation-state malware could become a commodity on dark web soon, Interpol warns

Pre-hijacking Attacks of user accounts are on the rise

Airbnb To Pull Out Of China Amidst ‘Pandemic Challenges’

Unknown APT group has targeted Russia repeatedly since Ukraine invasion

Crypto Investor Arrested After Visiting Home Of TerraUSD Founder

Since organizations apply more compliance programs, proper planning is essential

Paying ransom doesn’t guarantee data recovery

Tips to defeat social engineering attacks

Can digital identity help with the world refugee crisis?

Podcast Episode: Securing the Vote

Beware of New Campaign that Delivers Sophisticated Malware Through PDF Files

Taking the right approach to data extortion

SirHurt – 90,655 breached accounts

Russia-linked Turla APT targets Austria, Estonia, and NATO platform

What does prioritizing cybersecurity at the leadership level entail?

(ISC)² Advocates for Membership – Shares Opinions on Proposed UK Standards and Pathway

Stories from the SOC – Persistent malware

Cyber Attack news headlines trending on Google

Conti Ransomware to shut down and come rebranded into multiple groups

Biden launches Indo-Pacific economic framework to counter China

Vishing cases reach all time high

How Secure is the Bitcoin Blockchain?

Key findings from the DBIR: The most common paths to enterprise estates

Verizon DBIR: Ransomware dominated threat landscape in 2021

Paying the ransom is not a good recovery strategy

Fanpass – 112,251 breached accounts

How confident are CISOs about their security posture?

CyberCube increases analytical flexibility with Portfolio Manager v4.0

Why it’s hard to sanction ransomware groups

Broadcom’s play to acquire VMware could strengthen its enterprise focus

Fake Windows exploits target infosec community with Cobalt Strike

UK privacy watchdog fines Clearview AI £7.5m and orders UK data to be deleted

DC Sues Zuckerberg Over Cambridge Analytica Privacy Breach

Eseye Infinity empowers customers to scale and evolve their IoT deployment

Kingston Digital releases external SSD with touch-screen and hardware-encryption

UK Businesses ‘Falling Behind Europe’ On AI Adoption

Screencastify fixes bug that would have let rogue websites spy on webcams

Noname Security partners with BlueFort Security to offer proactive API security

YouAttest collaborates with JumpCloud to give users access reviews for identity governance