SBS CyberSecurity - In The Wild 276

 

In The Wild - CyberSecurity Newsletter Welcome to the 276th  issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Blog: The Golden Rule Of Email SBS Educational Resources Because of the mass amounts of phishing emails targeting victims every day, it is more important now than ever to remember The Golden Rule of Email. Read Here »   7 Key Findings from the 2022 SaaS Security Survey Report The Hacker News The 2022 SaaS Security Survey Report, in collaboration with CSA, examines the state of SaaS security as seen in the eyes of CISOs and security professionals in today's enterprises. The report gathers anonymous responses from 340 CSA members to examine not only the growing risks in SaaS security but also how different organizations are currently working to secure themselves. Read Here »   Weak Security Controls and Practices Routinely Exploited for Initial Access Cybersecurity & Infrastructure Security Agency (CISA) CISA encourages organizations to review Weak Security Controls and Practices Routinely Exploited for Initial Access and apply the recommended mitigations. Read Here »   Water companies are increasingly uninsurable due to ransomware, industry execs say CyberScoop Insurers are increasingly requiring water utilities to meet stringent cybersecurity requirements to even consider insuring them. Read Here »   Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! » Microsoft emergency updates fix Windows AD authentication issues BleepingComputer Microsoft has released emergency out-of-band (OOB) updates to address Active Directory (AD) authentication issues after installing Windows Updates issued during the May 2022 Patch Tuesday on domain controllers. Read Here »   Phishing Attacks for Initial Access Surged 54% in Q1 DARKReading For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows. Read Here »   Patch these vulnerable VMware products or remove them from your network, CISA warns federal agencies ZDNet Similar VMware flaws came under attack almost immediately last month, warns US security authority - so act fast. Read Here »   5 reasons why focusing on the middle will get you to the top Fast Company Middle managers can help you stem the resignation tide if you focus on these strategies, according to Comcast Cable’s Steve White. Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks' worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:      KrebsOnSecurity: Senators Urge FTC to Probe ID.me Over Selfie Data      KrebsOnSecurity: When Your Smart ID Card Reader Comes With Malware      CISA: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control      CISA: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388      GovInfoSecurity: DOJ Revises Policy for Good-Faith Security Researchers      The Record: Russian government procured powerful botnet to shift social media trending topics      Fedscoop: Pentagon updates timeline for CMMC cybersecurity initiative      BleepingComputer: Conti ransomware shuts down operation, rebrands into smaller units      BleepingComputer: The Week in Ransomware - May 20th 2022 - Another one bites the dust      ZDNet: This phishing attack delivers three forms of malware. And they all want to steal your data