Late weekly cyber - leaks non stop

Hi all, here are the key cyber points of the week which you shouldn't have missed.

That's a late one as I had busy days and then went off the grid for camping :) and other stuff.

Anyways, to keep track, this past week :

1 - Dependencies means supply chain, and therefore, supply chain attack risk - Best practices for managing Java dependencies

2 - Cybersecurity Awareness Campaigns: How Effective Are They in Changing Behavior?

3 - Very simple, if you don't patch your vulnerabilities, you'll be hacked - Lorenz ransomware breaches corporate network via phone systems

4 - Cloud is going to be either 70% more expensive for Linux workloads, or unsafe (not even speaking about the energy crisis ahead) - VMware: 70% drop in Linux ESXi VM performance with Retbleed fixes

5 - You can't leave your internet facing devices unprotected ! Thousands of QNAP NAS devices hit by DeadBolt ransomware (CVE-2022-27593)

6 - You can't trust technology, you need controls over controls (overlapping security controls) - High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices

7 - Cisco confirms Yanluowang ransomware leaked stolen company data

8 - Ransomware gangs switching to new intermittent encryption tactic

9 - Apple fixes eighth zero-day used to hack iPhones and Macs this year

10 - Hackers steal Steam accounts in new Browser-in-the-Browser attacks

11 - U-Haul discloses data breach exposing customer driver licenses

12 - There is a strong need to protect critical industrial infrastructure, and overall industrial infrastructure - Identity-Based Connectivity For The Next-Gen Industrial Workforce

13 - connected = hacked and killed, Healthcare cyberattacks led to worse patient care, increased mortality, study finds

14 - Serious Security: Browser-in-the-browser attacks – watch out for windows that aren’t!

15 - Microsoft Quashes Actively Exploited Zero-Day, Wormable Critical Bugs

16 - Cyberattackers Abuse Facebook Ad Manager in Savvy Credential-Harvesting Campaign

17 - Zero-day in WPGateway Wordpress plugin actively exploited in attacks

18 - Criminal Hackers breach software vendor for Magento supply-chain attacks

19 - Trend Micro warns of actively exploited Apex One RCE vulnerability

20 - New PsExec spinoff lets hackers bypass network security defenses

21 - Attackers Can Compromise Most Cloud Data in Just 3 Steps

22 - FBI: Hackers steal millions from healthcare payment processors

23 - Microsoft 365 now auto-updates apps on locked or idle devices

24 - Amazon faces new antitrust lawsuit filed by California AG alleging anticompetitive practices

25 - New Lenovo BIOS updates fix security bugs in hundreds of models

26 - Ridiculous - Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs

27 - Phishing page embeds keylogger to steal passwords as you type

28 - Chinese hackers create Linux version of the SideWalk Windows malware

29 - The cloud is infected - TeamTNT Hits Docker Containers via 150K Malicious Cloud Image Pulls

30 - Thwarting attackers in their favorite new playground: Social media

31 - Your VPN Has Already Been Hacked

32 - Hackers trojanize PuTTY SSH client to backdoor media company

33 - Malware on Pirated Content Sites a Major WFH Risk for Enterprises

34 - Hive ransomware claims cyberattack on Bell Canada subsidiary

35 - Internet of threats- Popular IoT Cameras Need Patching to Fend Off Catastrophic Attacks

36 - Microsoft Edge’s News Feed ads abused for tech support scams

37 - New malware bundle self-spreads through YouTube gaming videos

38 - Six-Year-Old Blind SSRF Vulnerability Risks WordPress Sites To DDoS Attacks

39 - Uber hacked, internal systems (all cloud based) breached and vulnerability reports stolen

40 - GIFShell Attack Through Microsoft Teams: What Is It and How You Can Protect Yourself from It

41 - State of cloud security 2022 - Let me help you with this : state is bad, if not even worse.

42 - Disgusting big tech - Google, Microsoft can get your passwords via web browser's spellcheck

43 - New York ambulance service discloses data breach after ransomware attack

44 - such a joke, so cloud - Hackers Had Access to LastPass's Development Systems for Four Days

45 - Cloud is selling fake security - Real Estate Phish Swallows 1,000s of Microsoft 365 Credentials

46 - DDoS Attack Against Eastern Europe Target Sets New Record

47 - Windows 10 KB5017308 causing issues with Group Policy settings

48 - Hacker sells stolen Starbucks data of 219,000 Singapore customers

49 - Bitdefender releases free decryptor for LockerGoga ransomware

50 - New acronym ! What is SLSA ? SLSA explained in 5 minutes

Have a good week all ! That's a wrap !