SBS CyberSecurity - In The Wild 267

 

In The Wild - CyberSecurity Newsletter Welcome to the 267th  issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Hacker Hour: Top 5 IT Exam Recommendations SBS Educational Resources IT audits or exams are a vital measurement for an organization. They ensure that the company continues to mature and achieve compliance but, more importantly, adopt a proactive security mindset. SBS is fortunate to work with thousands of institutions and we see a wide range of exam/audit findings. This session will cover the top five exam recommendations and open the discussion about what other findings are popping up around the country. Please join us and share your experience with hundreds of other security professionals. Read Here »   Biden signs cyber incident reporting bill into law The Record President Joe Biden on Tuesday signed into law a $1.5 trillion government funding bill that includes legislation mandating critical infrastructure owners report if their organization has been hacked or made a ransomware payment. Read Here »   Facing the Knowledge Gap Jeffer Mangels Butler & Mitchell LLP Complying with privacy mandates, and preparing for and defending against a data breach, requires knowledge – it requires visibility. Read Here »   The Golden Hour of Incident Response The Hacker News As a CSIRT consultant, I cannot overemphasize the importance of effectively managing the first hour in a critical incident. Read Here »   Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! » New Unix rootkit used to steal ATM banking data BleepingComputer Threat analysts following the activity of LightBasin, a financially motivated group of hackers, report the discovery of a previously unknown Unix rootkit that is used to steal ATM banking data and conduct fraudulent transactions Read Here »   CISA and FBI warning: Hackers used these tricks to dodge multi-factor authentication and steal email from NGO ZDNet Russian state-sponsored hackers have used a clever technique to disable multi-factor authentication (MFA) and exploit a Windows 10 printer spooler flaw to compromise networks and high-value domain accounts. The goal? Accessing the victim's cloud and email. Read Here »   Agencies Warn on Satellite Hacks & GPS Jamming Affecting Airplanes, Critical Infrastructure ThreatPost The warning came in tandem with a separate alert from the FBI and the U.S. Cybersecurity Infrastructure and Security Agency (CISA) that hackers could be targeting satellite communications networks in general. Read Here »   How Emotionally Intelligent People Use the 'Blue Dolphin' Rule to Control Negative Thoughts Inc. Psychology's 'ironic process theory' says it's hard to suppress unwanted thoughts. Enter the blue dolphin. Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks' worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:      KrebsOnSecurity:Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware      KrebsOnSecurity: Lawmakers Probe Early Release of Top RU Cybercrook      BleepingComputer: The Week in Ransomware - March 18th 2022 - Targeting the auto industry      BleepingComputer: Hackers claim to breach TransUnion South Africa with 'Password' password      DARKReading: 6 Reasons Not to Pay Ransomware Attackers      Cybersecurity Dive: Kronos ransomware attack raises questions of vendor liability      Cybersecurity and Infrastructure Security Agency: CISA Adds 15 Known Exploited Vulnerability to Catalog      ZDNet: 'Everyone loses': This new ransomware threatens to wipe Windows PCs if its victims don't pay up      The Hacker News: Nearly 34 Ransomware Variants Observed in Hundreds of Cyberattacks in Q4 2021      The Hacker News: FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug