Sat.Apr 09, 2022 - Fri.Apr 15, 2022

Microsoft Patch Tuesday, April 2022 Edition

Krebs on Security

Microsoft on Tuesday released updates to fix roughly 120 security vulnerabilities in its Windows operating systems and other software. Two of the flaws have been publicly detailed prior to this week, and one is already seeing active exploitation, according to a report from the U.S.

Russia-Ukraine Crisis: What's the Threat to Energy Sector?

Data Breach Today

The latest edition of the ISMG Security Report analyzes the latest cyberthreats to the energy sector as Russia's invasion of Ukraine continues. It also examines best practices for Customer Identity and Access Management and how healthcare institutions can sharpen their defense strategies

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Systems

WIRED Threat Level

The malware toolkit, known as Pipedream, is perhaps the most versatile tool ever made to target critical infrastructure like power grids and oil refineries. Security / Cyberattacks and Hacks Security / National Security

BEST PRACTICES: Blunting ‘BEC’ capers that continue to target, devastate SMBs and enterprises

The Last Watchdog

It’s no secret that cyberattacks can happen to any business, and we should all be suspicious of messages from unfamiliar senders appearing in our email inboxes. Related: Deploying human sensors. But surely, we can feel confident in email communications and requests from our organization’s executives and fellow coworkers, right? The short answer: Not always. The reason is the rise in business email compromise (BEC) schemes.

Cyber Security, Change Management and Enterprise Risk Management: Scaling Operations for Growth

Speaker: William Hord, Vice President of Risk Management and Compliance

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

RaidForums Gets Raided, Alleged Admin Arrested

Krebs on Security

The U.S. Department of Justice (DOJ) said today it seized the website and user database for RaidForums , an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world’s largest data breaches since 2015.

More Trending

Operation TOURNIQUET: Authorities shut down dark web marketplace RaidForums

Security Affairs

The dark web marketplace RaidForums has been shut down and its infrastructure seized as a result of Operation TOURNIQUET.

Sales 114

GUEST ESSAY: Defending ransomware boils down to this: make it very costly for cybercriminals

The Last Watchdog

From financial institutions to meat producers, it seems every industry has been impacted by ransomware in the past year — maybe even the past week. The world’s largest enterprises to the smallest mom-and-pop shops have been devastated by cybercriminals who are looking to hold assets hostage for a big pay day. Related: Tech solutions alone can’t stop ransomware. Why the stark increase? Put simply, ransomware attacks are on the rise because of profits.

Double-Your-Crypto Scams Share Crypto Scam Host

Krebs on Security

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers.

Feds Disrupt Cyberattack Aimed at Pacific Communications

Data Breach Today

Target Was Submarine Cable Servers Covering 95% of Regional Telecommunications A branch of the U.S. Department of Homeland Security says that it stopped an international hacking group from launching a major cyberattack on an underground cable system's servers.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Google Emergency Update Fixes Chrome Zero-Day

Dark Reading

Google patches a critical flaw in its Chrome browser, bringing its count of zero-day vulnerabilities fixed in 2022 to four

IT 113

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

Cyberattacks preceded Russia’s invasion of Ukraine, and these attacks continue today as the war unfolds. As the United States and other nations condemn Russia’s actions, the odds of Russian cyber actors targeting the U.S., allied countries, and businesses steadily increases. Related: Cyber espionage is in a Golden Age.

Russia Is Leaking Data Like a Sieve

WIRED Threat Level

Ukraine claims to have doxed Russian troops and spies, while hacktivists are regularly leaking private information from Russian organizations. Security Security / Privacy

Strategies to Modernize Ransomware Response

Data Breach Today

Accenture's Robert Boyce on Adopting an Effective Communications Plan Accenture's new ransomware report reveals key challenges in executing an effective communications plan.

The 5 Stages of Account-Based Marketing — and How to Win Them All

Successfully complete the five stages of ABM: define, identify, engage, convert, and connect. We’ll show you how to create a unified system with your sales team to help them land more qualified opportunities and connect with prospects like never before.

Data Scientists, Watch Out: Attackers Have Your Number

Dark Reading

Researchers should take extra care in deploying data-science applications to the cloud, as cybercriminals are already targeting popular data-science tools such as Jupyter Notebook

CVE-2021-31805 RCE bug in Apache Struts was finally patched

Security Affairs

Apache addressed a critical flaw in Apache Struts RCE that was linked to a previous issue that was not properly fixed. Apache Struts is an open-source web application framework for developing Java EE web applications.

Business Email Compromise (BEC): the Costliest Cybercrime

KnowBe4

Organizations in the US lost $2.4 billion to business email compromise (BEC) scams (also known as CEO fraud ) last year, according to Alan Suderman at Fortune. Phishing CEO Fraud

Premium Hikes Spur Improved US Cyber Insurance Loss Ratios

Data Breach Today

Declining Loss Ratios Means Insurance Premium Increases Might Moderate in Late 2022 A surprising improvement in loss ratios for cyber insurance providers in 2021 means the rapid rise in premiums might at last subside later this year.

Understanding Cadence Workflow for Developers and Architects

Explore the basics of Cadence and understand the benefits it can provide to your organization. This whitepaper will dive into a brief history of Cadence, how workflows can be put into practice, and how you can apply Cadence to your data infrastructure.

Microsoft Patches Windows Flaw Under Attack and Reported by NSA

Dark Reading

"Go patch your systems before" the exploit spreads more widely, ZDI warns

113
113

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Security Affairs

Researchers discovered five vulnerabilities that can be exploited to remotely hack hospital Aethon’s TUG autonomous mobile robots.

IoT 110

Russian Cyberattack against Ukrainian Power Grid Prevented

Schneier on Security

A Russian cyberweapon, similar to the one used in 2016, was detected and removed before it could be used.

Report: Zero-Day Flaws Pose Attack Risks to Hospital Robots

Data Breach Today

5 Critical Vulnerabilities Could Allow Hackers to Tamper with Certain Gear Researchers say five critical vulnerabilities in certain mobile hospital robots - if exploited - could allow hackers to interfere with delivery of medication and supplies, elevator operation and patient privacy.

Risk 219

Detect and Respond to Threats Across Your Applications, Networks, and Infrastructure

Understand how to solve cloud complexity challenges with threat detection tools, analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework with Datadog Security Monitoring.

How Do I Conduct a Resilience Review?

Dark Reading

As the first step, make sure that all business-critical data across your organization is protected

110
110

Russia-linked Sandworm APT targets energy facilities in Ukraine with wipers

Security Affairs

Russia-linked Sandworm APT group targeted energy facilities in Ukraine with INDUSTROYER2 and CADDYWIPER wipers. Russia-linked Sandworm threat actors targeted energy facilities in Ukraine with a new strain of the Industroyer ICS malware (INDUSTROYER2) and a new version of the CaddyWiper wiper.

Welcoming the North Macedonian Government to Have I Been Pwned

Troy Hunt

In my ongoing bid to make more useful information on data breaches available to impacted national governments , today I'm very happy to welcome the 32nd national CERT to Have I Been Pwned, the Republic of North Macedonia!

Patch Tues: Microsoft Releases Fixes for 145 Vulnerabilities

Data Breach Today

The Ultimate Guide to Executive Recruiting

Sourcing the right executive candidates and filling key managerial roles in an organization can be difficult, even in the best of times. Download this eBook to level up your discovery process, talent sourcing, and strategies for reaching your best-fit candidates.

More Than 60% of Organizations Suffered a Breach in the Past 12 Months

Dark Reading

Firms focus too narrowly on external attackers when it's insiders, third parties, and stolen assets that cause many breaches, new study shows

IT 109

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

The US government agencies warned of threat actors that are targeting ICS and SCADA systems from various vendors.

Elon Musk Is Right About Twitter

WIRED Threat Level

It really is the closest thing we have to an online public square—and that's terrible for democracy. Let his takeover bid be a wakeup call. Security

IT 99