SBS CyberSecurity - In the Wild 269

 

In The Wild - CyberSecurity Newsletter Welcome to the 269th  issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           CYBER INCIDENT REPORTING FOR CRITICAL INFRASTRUCTURE ACT OF 2022 SBS Educational Resources On March 15, 2022, President Biden signed the Consolidated Appropriations Act, 2022, H.R. 2471, which is the fiscal year 2022 omnibus spending bill. Of special interest in the bill is the Cyber Incident Reporting for Critical Infrastructure Act of 2022. Read Here »   Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests” KrebsOnSecurity There is a terrifying and highly effective “method” that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. It involves compromising email accounts and websites tied to police departments and government agencies, and then sending unauthorized demands for subscriber data while claiming the information being requested can’t wait for a court order because it relates to an urgent matter of life and death. Read Here »   Ransomware Payments Hit New Records in 2021 as Dark Web Leaks Climbed, According to New Report from Palo Alto Networks Unit 42 Palo Alto Networks Average ransom demand rose 144% to $2.2 million. Average payment rose 78% percent to $541,010. Posts on name-and-shame Dark Web leak sites climbed 85%. Read Here »   American Express down in outage: users report login and payment issues BleepingComputer Yesterday, American Express users across the world including US, UK, and Europe, experienced widespread outages lasting hours. And, the payment services giant advises that some users may continue to experience issues online or over the phone. Read Here »   Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! » Court denies SolarWinds bid to throw out breach lawsuit SC Media A Texas judge has dismissed claims that former SolarWinds CEO Kevin Thompson was personally liable for deceiving investors about the company’s cybersecurity, but otherwise will allow a class-action lawsuit filed against the company, its executives and investors in the wake of the 2020 Orion breach to proceed. Read Here »   FBI: Ransomware attacks are piling up the pressure on public services ZDNet Cyber criminals are targeting healthcare, emergency services and local government because they know people's everyday lives rely on these critical services. Read Here »   Russian Wiper Malware Likely Behind Recent Cyberattack on Viasat KA-SAT Modems The Hacker News The cyberattack aimed at Viasat that temporarily knocked KA-SAT modems offline on February 24, 2022, the same day Russian military forces invaded Ukraine, is believed to have been the consequence of wiper malware, according to the latest research from SentinelOne. Read Here »   11 Ways Business Leaders Can Approach Practicing Mindfulness Newsweek To help leaders learn how to take it easy, 11 Newsweek Expert Forum members share advice on how one can simply approach practicing mindfulness while also operating a successful business. Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks' worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:      KrebsOnSecurity: Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill      The Hacker News: CISA Warns of Ongoing Cyber Attacks Targeting Internet-Connected UPS Devices      The Hacker News: Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit      DARKReading: What You Need to Know About PCI DSS 4.0's New Requirements      BleepingComputer:The Week in Ransomware - April 1st 2022 - 'I can fight with a keyboard'      BleepingComputer: LockBit victim estimates cost of ransomware attack to be $42 million      Venture Beat: Hive ransomware group claims to steal California health plan patient data      CSO: 5 old social engineering tricks employees still fall for, and 4 new gotchas      The Washington Post: How Ukraine’s Internet still works despite Russian bombs, cyberattacks      ZDNet: Cybersecurity managers with a direct line to executive boards set the tone for investment: Study