Tue.Jan 11, 2022

AvosLocker ransomware now targets Linux systems, including ESXi servers

Security Affairs

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported.

MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?

The Last Watchdog

Might it be possible to direct cool digital services at holistically improving the wellbeing of each citizen of planet Earth? Related: Pursuing a biological digital twin. A movement aspiring to do just that is underway — and it’s not being led by a covey of tech-savvy Tibetan monks. This push is coming from the corporate sector.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

Krebs on Security

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems.

Microsoft Kicks Off 2022 With 96 Security Patches

Dark Reading

Nine of the Microsoft patches released today are classified as critical, 89 are Important, and six are publicly known

100 Pipeline Plays: The Modern Sales Playbook

For the first time, we’re sharing the winning plays that took us from scrappy startup to a publicly traded company. Use our proven data-driven plays to grow your pipeline and crush your revenue targets.

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Security Affairs

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems.

More Trending

Microsoft Patch Tuesday fixes critical Office RCE

Security Affairs

Microsoft Patch Tuesday security updates fix a critical Office flaw that can allow remote attackers to execute malicious code on vulnerable systems.

Enterprise Security at CES 2022 Marked by IoT, Biometrics, and PC Chips

Dark Reading

Amid the onslaught of mostly consumer-oriented announcements in Las Vegas, a few key items pertaining to enterprise security emerged

IoT 112

Apple’s Private Relay Is Being Blocked

Schneier on Security

Some European cell phone carriers , and now T-Mobile , are blocking Apple’s Private Relay anonymous browsing feature. This could be an interesting battle to watch. Slashdot thread. Uncategorized anonymity Apple encryption privacy T-Mobile VPN web privacy

Honeywell Adds Deception Tech to Building Automation Systems Security

Dark Reading

New OT security platform directs attackers toward phony assets to deflect threats

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

Cybersecurity Employment in 2022: Solving the Skills Gap

eSecurity Planet

As we enter 2022, the shortage of cybersecurity pros hasn’t gotten better. In fact, it’s gotten worse. There are currently about 435,000 cybersecurity job openings available in the United States, up from approximately 314,000 in 2019.

Cloud Apps Replace Web as Source for Most Malware Downloads

Dark Reading

Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows

Cloud 110

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups.

Why Security Awareness Training Should Begin in the C-Suite

Dark Reading

It's not just the rights and privileges that CXOs have on the network. They can also set an example of what good security hygiene looks like

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS

Threatpost

The malware establishes initial access on targeted machines, then waits for additional code to execute. Malware

Access 113

Businesses Suffered 50% More Cyberattack Attempts per Week in 2021

Dark Reading

The rise — partly due to Log4j — helped boost cyberattack attempts to an all-time high in Q4 2021, new data shows

107
107

Millions of Routers Exposed to RCE by USB Kernel Bug

Threatpost

The high-severity RCE flaw is in the KCodes NetUSB kernel module, used by popular routers from Netgear, TP-Link, DLink, Western Digital, et al. IoT Vulnerabilities Web Security

IoT 113

Kiteworks Acquires Email Encryption Leader totemo

Dark Reading

Further closes intelligence gap inhibiting companies from tracking and controlling private content communications

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

Threatpost

The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score. Cloud Security Critical Infrastructure IoT Vulnerabilities Web Security

IoT 112

Remotely Exploitable NetUSB Flaw Puts Millions of Devices at Risk

Dark Reading

A vulnerability in a third-party component used by many networking firms puts consumer and small business routers at risk for remote exploitation

Risk 99

MacOS Bug Could Let Creeps Snoop On You

Threatpost

The flaw could allow attackers to bypass Privacy preferences, giving apps with no right to access files, microphones or cameras the ability to record you or grab screenshots. Privacy Vulnerabilities

Access 108

Kaspersky Research Uncovers Cybersecurity Budgets, Insurance, and Vendor Expectations for 2022

Dark Reading

Kaspersky commissioned a survey in October 2021 targeting 600 employees based in the US and Canada who are key decision makers for the cybersecurity sector within their company

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

FIN7 Mailing Malicious USB Sticks to Drop Ransomware

Threatpost

The FBI warned that attackers are impersonating Health & Human Services and/or Amazon to mail BadUSB-poisoned USB devices to targets in transportation, insurance & defense. Malware

FBI, NSA & CISA Issue Advisory on Russian Cyber Threat to US Critical Infrastructure

Dark Reading

Advisory explains how to detect, respond to, and mitigate cyberattacks from Russian state-sponsored hacking groups

86

WordPress Bugs Exploded in 2021, Most Exploitable

Threatpost

Record-number WordPress plugin vulnerabilities are wicked exploitable even with low CVSS scores, leaving security teams blind to their risk. News Vulnerabilities

Risk 104

Why the Insider Threat Will Motivate Cyber and Physical Teams to Collaborate More Than Ever in 2022

Dark Reading

It's hard to have a crystal ball in the world of security, but if one were to make a safe prediction, it's this: Organizations will need to further integrate their cybersecurity and physical security functions throughout 2022 and beyond.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Here’s REALLY How to Do Zero-Trust Security

Threatpost

It's not about buying security products! Joseph Carson, chief security scientist from ThycoticCentrify, offers practical steps to start the zero-trust journey. Cloud Security InfoSec Insider Vulnerabilities Web Security

IT 100

5 Things to Know About Next-Generation SIEM

Dark Reading

NG-SIEM is emerging as a cloud- and analytics-driven alternative to legacy SIEMs. Based on new research, Omdia highlights five important new insights for anyone considering a NG-SIEM purchase

Webinar: The RIM / IG Subject Matter Expert You Need To Be on January 11th, 2022 from 11:45am-1pm EST via Greater Chattanooga Area Chapter – ARMA

IG Guru

Check out the post here. The post Webinar: The RIM / IG Subject Matter Expert You Need To Be on January 11th, 2022 from 11:45am-1pm EST via Greater Chattanooga Area Chapter – ARMA appeared first on IG GURU. Information Governance Records Management Webinar