SBS CyberSecurity - In The Wild 257

 

In The Wild - CyberSecurity Newsletter Welcome to the 257th  issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Hacker Hour: Critical Responsibilities of an ISO SBS Educational Resources Date: Wednesday, January 26, 2022 Time: 2:00 - 3:00 PM An The past 5-10 years have brought such big changes to the roles and responsibilities of the information security officer (ISO) that many organizations struggle to define the most critical responsibilities. Guidance tells us that management should designate at least one ISO to be responsible and accountable for implementing and monitoring the information security program. But what does that mean? Join SBS as we discuss the most critical responsibilities of the information security officer and share some insight on what organizations can do to fulfill the ISO's most critical responsibilities. Read Here »   Norton 360 Now Comes With a Cryptominer KrebsOnSecurity Norton 360, one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. Read Here »   FTC Threatens Action Against Orgs Failing to Mitigate Log4j BankInfoSecurity The U.S. Federal Trade Commission, the nation's top consumer protection agency, issued notice that organizations failing to mitigate against Apache's Log4j vulnerabilities may face legal action. Read Here »   Breaking the habit: Top 10 bad cybersecurity habits to shed in 2022 WeLiveSecurity Be alert, be proactive and break these 10 bad habits to improve your cyber-hygiene in 2022. Read Here »   Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! » Log4j flaw hunt shows how complicated the software supply chain really is ZDNet A new analysis shows why the Log4j flaw for Java web applications will haunt tech people for years. Read Here »   NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon The Hacker News The digital security team at the U.K. National Health Service (NHS) has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatched VMware Horizon servers by an unknown threat actor to drop malicious web shells and establish persistence on affected networks for follow-on attacks. Read Here »   SonicWall: Y2K22 bug hits Email Security, firewall products BleepingComputer SonicWall has confirmed today that some of its Email Security and firewall products have been hit by the Y2K22 bug, causing message log updates and junk box failures starting with January 1st, 2022. Read Here »   What Does It Take to Keep Your Team Happy? Inc. The key is to focus on how teams work instead of where the work gets done. Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks' worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:      KrebsOnSecurity: 500M Avira Antivirus Users Introduced to Cryptomining      ThreatPost: Cyberattackers Hit Data of 80K Fertility Patients      ThreatPost: Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover      WeLiveSecurity: 5 ways hackers steal passwords (and how to stop them)      CSO: Active Directory security updates-What you need to know      The Hacker News: NIST Cybersecurity Framework- A Quick Guide for SaaS Security Compliance      SecurityIntelligence: The Most Important Security Takeaway from the October Facebook Outage      Gizmodo: Hackers Have Been Sending Malware-Filled USB Sticks to U.S. Companies Disguised as Presents      The Stack: Kronos outage latest-Attackers crippled backup access      ZDNet: JFrog researchers find JNDI vulnerability in H2 database consoles similar to Log4Shell