SecurityWeek.com Briefing

Supply chain attack technique spoofs GitHub commit metadata.

Views expressed in this cybersecurity, cyber crime, and cyber espionage update are those of the reporters and correspondents.

Accessed on 16 July 2022, 2242 UTC.

Content provided by email subscription to "SecurityWeek.com Briefing."

Source: https://mail.google.com/mail/u/0/#inbox/FMfcgzGpGwnkwrmJsdvWvZndCKjHvnNv

Please click link or scroll down to read your selections.

Thanks for joining us today.

Russ Roberts

https://www.hawaiicybersecurityjournal.net

https://paper.li/RussellRoberts (machine learning, artificial intelligence, IoT, and information security)

Visit SecurityWeek.Com | Advertise | Contact

WebcastsRSS Feed 07.16.22

Saturday, July 16, 2022 SecurityWeek’s ICS Cyber Security Conference Join ICS users, ICS vendors, system security providers and government representatives to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions. October 25-27, 2022 Register Now The Pendulum Effect and Security Automation With an approach that is data-driven and flexible, you can get as simple or as advanced as the detection and response demands. Read the Full Column by Marc Solomon As Cybercriminals Recycle Ransomware, They're Getting Faster Organizations can strengthen their security posture by getting detailed information on current attack techniques and keeping their employees’ cyber hygiene training up to date. Read the Full Column by Derek Manky Is an Infrastructure War on the Horizon? The adoption of IoT technology used to connect SCADA systems to the internet either directly or indirectly dramatically increases the risk of a successful exploit. Read the Full Column by Gordon Lawson RSAC22 and Infosecurity Europe, Three Weeks, Two Events It was great to be back in-person at security events, and I enjoyed meeting with people and discussing our solutions face-to-face. Read the Full Column by Laurence Pitt Cyber-Physical Security: Benchmarking to Advance Your Journey Over the last few years, the pandemic and work from home paradigm shift have accelerated the convergence of IT and OT networks and necessitated a consolidated strategy to address cyber risks across cyber-physical systems (CPS). Read the Full Column by Galina Antova SecurityWeek’s ICS Cyber Security Conference Join ICS users, ICS vendors, system security providers and government representatives to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions. October 25-27, 2022 Register Now See All Recent Articles at SecurityWeek.Com Supply Chain Attack Technique Spoofs GitHub Commit Metadata: Checkmarx security researchers say threat actors could spoof GitHub commit metadata to add legitimacy to their malicious code. Read More Critical Infrastructure Operators Implementing Zero Trust in OT Environments: Zero trust is on track to being implemented in many OT environments, particularly in critical infrastructure organizations. Read More Powerful 'Mantis' DDoS Botnet Hits 1,000 Organizations in One Month: Abusing hijacked virtual machines and powerful servers, the Mantis botnet launched a record-breaking 26 million HTTPS requests per second DDoS attack. Read More Microsoft: North Korean Hackers Target SMBs With H0lyGh0st Ransomware: Microsoft warns of a North Korean hacking group using the H0lyGh0st ransomware in attacks targeting small and midsize businesses. Read More Software Vendors Start Patching Retbleed CPU Vulnerabilities: Software vendors are working on updates that address the recently disclosed Retbleed speculative execution attack. Read More Bot Battle: The Tech That Could Decide Twitter's Musk Lawsuit: If Twitter's lawsuit over Elon Musk's $44 billion buyout bid ever reaches trial, the case will likely center on a ubiquitous and often unloved technology: bots. Read More Log4j Software Flaw 'Endemic,' New Cyber Safety Panel Says: The Log4j vulnerability is an “endemic” problem that will pose security risks for potentially a decade or more, according to a new cybersecurity panel created by President Joe Biden. Read More Two Big OT Security Concerns Related to People: Human Error and Staff Shortages: A survey shows that some of the biggest cybersecurity problems related to OT involve people, specifically human error and a significant shortage of staff. Read More Organizations Warned of New Lilith, RedAlert, 0mega Ransomware: Security researchers with threat intelligence firm Cyble have warned organizations about three new ransomware families named Lilith, RedAlert and 0mega. Read More Japanese Video Game Publisher Bandai Namco Confirms Cyberattack: The BlackCat ransomware gang has claimed to have compromised Japanese video game publisher Bandai Namco. Read More Investment in IIoT/OT Security Leads to Reduced Incident Impact: Study: A survey shows that while most organizations with IIoT/OT systems have experienced a security incident, impact is reduced when security projects have been implemented. Read More Microsoft: 10,000 Organizations Targeted in Large-Scale Phishing Campaign: Microsoft warns of a large-scale adversary-in-the-middle (AiTM) phishing campaign that has been targeting 10,000 organizations to perform follow-on business email compromise (BEC). Read More