Monday, January 24, 2022

Court Awards Merck $1.4B Insurance Claim Over NotPetya Cyberattack

New Jersey court delivers summary judgment against insurance company’s refusal to pay based on war exclusion clause read more

Microsoft Restricts Excel 4.0 Macros by Default

Microsoft has announced improved security for the users of its flagship Office productivity suite, courtesy of Excel 4.0 (XLM) macros now being restricted by default. read more

Facebook Trumpets Massive New Supercomputer

Facebook's parent company Meta announced on Monday it was launching one of the world's most powerful supercomputers to boost its capacity to process data, despite persistent disputes over privacy and disinformation. read more

CWP Flaws That Expose Servers to Remote Attacks Possibly Exploited in the Wild

Researchers discovered that the Control Web Panel (CWP) web hosting panel is affected by two serious vulnerabilities that can allow attackers to remotely hack servers, and it’s possible that they may have already been exploited in the wild. read more

Hacked AccessPress Site Served Backdoored WordPress Plugins, Themes

Unknown threat actors implanted backdoor code into multiple WordPress themes and plugins after compromising the website of their developer, Automattic’s Jatpack security research team reports. read more

GDPR Fines Surged Sevenfold to $1.25 Billion in 2021: Study

Fines issued for GDPR non-compliance increased sevenfold from 2020 to 2021, analysis shows read more

Assange Wins First Stage in Effort to Appeal US Extradition

WikiLeaks founder Julian Assange on Monday won the first stage of his effort to overturn a U.K. ruling that opened the door for his extradition to U.S. to stand trial on espionage charges. read more

Ukraine Attack: Hackers Had Access for Months Before Causing Damage

In the recent attack aimed at the Ukrainian government, the attackers likely had access to the targeted network for months before causing damage, according to Cisco’s Talos threat intelligence and research unit. read more

Russian Authorities Arrest Head of International Cybercrime Group

Four individuals believed to be members of the international cyber theft ring known as the “Infraud Organization” were arrested in Russia, news agency TASS reports. read more

Cloud Security Provider Anitian Raises $55 Million

Cloud security and compliance automation startup Anitian this week closed a $55 million Series B funding round led by Sageview Capital. The new investment brings the total raised by Anitian $71 million and provides fresh capital to fuel ambitious expansion...

CISA Releases Final IPv6 Security Guidance for Federal Agencies

The U.S. government's Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released the final version of its IPv6 security guidance for federal agencies. read more

DoH Makes It Difficult to Track Botnets: Spamhaus

The use of DNS over HTTPS (DoH) for command and control communications is making it more difficult to track botnets, according to anti-spam nonprofit Spamhaus. read more

F5 Patches Two Dozen Vulnerabilities in BIG-IP

Cloud security and application delivery solutions provider F5 this week announced patches for 25 vulnerabilities affecting its BIG-IP, BIG-IQ, and NGINX products. A total of 23 security flaws were addressed in the BIG-IP application delivery controller (ADC), including 13 high-severity...

Industry Reactions to Biden Cybersecurity Memo: Feedback Friday

U.S. President Joe Biden this week signed a memorandum on boosting the cybersecurity of National Security, Department of Defense, and Intelligence Community Systems. read more

High-Severity Vulnerabilities Patched in McAfee Enterprise Product

Two high-severity vulnerabilities that can be exploited for privilege escalation have been patched in a McAfee enterprise product component. read more

Dark Web Chatter: What Other Russian Hackers Are Saying About the REvil Arrests

The takedown of the REvil ransomware gang by the Russian FSB on January 14, 2022, took the world by surprise. Before this, the unwritten rule was that hackers would be safe in Russia provided they did not attack Russia. read...

FBI Warns Organizations of Diavol Ransomware Attacks

The Federal Bureau of Investigation (FBI) this week shared a series of indicators of compromise (IoCs) associated with the Diavol ransomware family. read more

Nigerian Authorities Arrest 11 Members of Prolific BEC Fraud Group

Nigerian authorities have arrested 11 individuals believed to be members of the business email compromise (BEC) crime ring tracked as SilverTerrier. The 11 suspects were arrested as part of a 10-day operation (December 13-22, 2021) in which the Nigerian Police...

Security Scanners Across Europe Tied to China Govt, Military

At some of the world’s most sensitive spots, authorities have installed security screening devices made by a single Chinese company with deep ties to China’s military and the highest levels of the ruling Communist Party. read more

Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now Open

New certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.
Security Affairs

A flaw in Rust Programming language could allow to delete files and directories

The maintainers of the Rust programming language fixed a high-severity flaw that could allow attackers to delete files and directories from a vulnerable system. The maintainers of the Rust programming language have released a security update for a high-severity...

MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists

State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.

DHS Sounds Alarm on Potential for Major Russian Cyberattacks on US

Latest bulletin out of DHS advises state and local governments, critical infrastructure operators to be on alert.

The Case for Backing Up Source Code

As enterprise data security concerns grow, security experts urge businesses to back up their GitLab, GitHub, and BitBucket repositories.