SecurityWeek Briefing

Chines UEFI Rootkit found on Gigabyte and Asus mother boards.

Views expressed in this cybersecurity, cyber crime, and cyber espionage update are those of the reporters and correspondents.

Accessed on 26 July 2022, 2000 UTC.

Content supplied by "SecurityWeek Briefing."

Source:  https://mail.google.com/mail/u/0/#inbox/FMfcgzGpHHPnccQSdVRRHJbshRhbsNfl

Please click link or scroll down to read your selections.

Thanks for joining us today.

Russ Roberts 

https://www.hawaiicybersecurityjournal.net

https://paper.li/RussellRoberts (machine learning, artificial intelligence, IoT, and information security)

Tuesday, July 26, 2022 Security for the Atomized Network Need to discover and secure your Atomized Network? Netography has pioneered an approach to help you do just that. It’s all in our latest paper. Read Now The Pendulum Effect and Security Automation With an approach that is data-driven and flexible, you can get as simple or as advanced as the detection and response demands. Read the Full Column by Marc Solomon As Cybercriminals Recycle Ransomware, They're Getting Faster Organizations can strengthen their security posture by getting detailed information on current attack techniques and keeping their employees’ cyber hygiene training up to date. Read the Full Column by Derek Manky Is an Infrastructure War on the Horizon? The adoption of IoT technology used to connect SCADA systems to the internet either directly or indirectly dramatically increases the risk of a successful exploit. Read the Full Column by Gordon Lawson RSAC22 and Infosecurity Europe, Three Weeks, Two Events It was great to be back in-person at security events, and I enjoyed meeting with people and discussing our solutions face-to-face. Read the Full Column by Laurence Pitt Cyber-Physical Security: Benchmarking to Advance Your Journey Over the last few years, the pandemic and work from home paradigm shift have accelerated the convergence of IT and OT networks and necessitated a consolidated strategy to address cyber risks across cyber-physical systems (CPS). Read the Full Column by Galina Antova Security for the Atomized Network Need to discover and secure your Atomized Network? Netography has pioneered an approach to help you do just that. It’s all in our latest paper. Read Now See All Recent Articles at SecurityWeek.Com Chinese UEFI Rootkit Found on Gigabyte and Asus Motherboards: The CosmicStrand rootkit is located in the firmware images of motherboards using the H81 chipset. Read More Data Stolen in Breach at Security Company Entrust: Entrust suffered a data breach last month and the security company has confirmed that the attackers have stolen some files. Read More Data Security Firm Sotero Raises $8 Million in Seed Funding: Data-focused security platform provider Sotero has raised $8 million in an extended seed funding round led by OurCrowd. Read More New Ducktail Infostealer Targets Facebook Business Accounts via LinkedIn: Marketing and HR professionals have been targeted with Ducktail malware through LinkedIn spear phishing campaigns to hijack Facebook business accounts. Read More PrestaShop Confirms Zero Day Attacks Hitting eCommerce Servers: A major security vulnerability in the open source PrestaShop software is being exploited in the wild and approximately 300,000 merchant shops are at risk. Read More Senators Introduce Bipartisan Quantum Computing Cybersecurity Bill: US Senators Rob Portman (R-OH) and Maggie Hassan (D-NH) have introduced a bipartisan bill to strengthen defenses against quantum-computing-enabled data breaches. Read More Uber Settles With Federal Investigators Over 2016 Data Breach Coverup: Uber has entered a non-prosecution agreement to resolve a criminal investigation into a 2016 data breach that the company tried to cover up. Read More 1,000 Organizations Exposed to Remote Attacks by FileWave MDM Vulnerabilities: Researchers discovered critical vulnerabilities in the FileWave MDM product that could have been exploited to hack over 1,000 organizations. Read More Updated TSA Pipeline Cybersecurity Requirements Offer More Flexibility: Following complaints from the industry, the TSA has updated its pipeline cybersecurity requirements to provide more flexibility in achieving goals. Read More Atlassian Expects Confluence App Exploitation After Hardcoded Password Leak: Atlassian warns of the potential exploitation of a recent Questions for Confluence vulnerability after a third-party posts a hardcoded password on Twitter. Read More T-Mobile Settles to Pay $350M to Customers in Data Breach: T-Mobile has agreed to pay $350 million to customers affected by a class action lawsuit filed after the company disclosed in August 2021. Read More SonicWall Warns of Critical GMS SQL Injection Vulnerability: SonicWall ships urgent patches for a critical flaw in its Global Management System (GMS) software, warning that the defect exposes businesses to remote hacker attacks. Read More Chrome Flaw Exploited by Israeli Spyware Firm Also Impacts Edge, Safari: The Chrome vulnerability CVE-2022-2294 that has been exploited by an Israeli spyware company also impacts Microsoft’s Edge and Apple’s Safari web browsers. Read More Intezer Documents Powerful 'Lightning Framework' Linux Malware: Researchers at Intezer are documenting the intricacies of Lightning Framework, an undetected Swiss Army Knife-like Linux malware capable of installing rootkits. Read More New Default Account Lockout Policy in Windows 11 Blocks Brute Force Attacks: In the latest Windows 11 insider preview builds, Microsoft has enabled by default an account lockout policy to mitigate RDP and other brute force attacks. Read More