SBS CyberSecurity - In the Wild 271

 

In The Wild - CyberSecurity Newsletter Welcome to the 271st issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Behind the Hack: How Employee Handling of Phishing Emails Can Allow a Hacker Inside Your Network SBS Educational Resources During a recent social engineering assessment, an SBS CyberSecurity network security engineer was able to gain internal network access from a phishing email. Here’s a brief overview of how the issue was identified and controls that could have helped secure the network. Read Here »   Microsoft Patch Tuesday, April 2022 Edition KrebsOnSecurity Microsoft on Tuesday released updates to fix roughly 120 security vulnerabilities in its Windows operating systems and other software. Two of the flaws have been publicly detailed prior to this week, and one is already seeing active exploitation, according to a report from the U.S. National Security Agency (NSA). Read Here »   CISA orders agencies to fix actively exploited VMware, Chrome bugs BleepingComputer The Cybersecurity and Infrastructure Security Agency (CISA) has added nine more security flaws to its list of actively exploited bugs, including a VMware privilege escalation flaw and a Google Chrome zero-day that could be used for remote code execution. Read Here »   Cybercriminals do their homework for latest banking scam The Register What could be safer than sending money to yourself through your own bank? Read Here »   Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! » Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software The Hacker News Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller (WLC) that could be abused by an unauthenticated, remote attacker to take control of an affected system. Read Here »   The high price of free Wi-Fi: Here's why you never connect to an insecure network ZDNet If you work on the go, the last thing you should do is connect to an insecure wireless network. Jack Wallen explains. Read Here »   Hospital robot system gets five critical security holes patched Naked Security Researchers at healthcare cybersecurity company Cynerio just published a report about five cybersecurity holes they found in a hospital robot system called TUG. Read Here »   Leadership Bias: 12 cognitive biases to become a decisive leader EHL Insights This article uncovers 12 types of cognitive leadership biases that will help make your decisions and judgement more accurate and relevant in your place of work. Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks' worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:      KrebsOnSecurity: RaidForums Gets Raided, Alleged Admin Arrested      KrebsOnSecurity: Double-Your-Crypto Scams Share Crypto Scam Host      Bleeping Computer: Karakurt revealed as data extortion arm of Conti cybercrime syndicate      BleepingComputer: Microsoft: Office 2013 will reach end of support in April 2023      ZDNet: Clueless hackers spent months inside a network and nobody noticed. But then a ransomware gang turned up      ZDNet: Terrible cloud security is leaving the door open for hackers. Here's what you're doing wrong      DARK Reading: Creating a Security Culture Where People Can Admit Mistakes      Cyber Scoop: DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii      The Hacker News: U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware      Threat Post: SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts