SBS CyberSecurity - In The Wild 277

 

In The Wild - CyberSecurity Newsletter Welcome to the 277th  issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           {DOWNLOAD} SECURITY AWARENESS TOOLKIT SBS Educational Resources We have assembled a variety of ideas in this guide for easy access to grab and go security awareness resources! Read Here »   Exploit released for critical VMware auth bypass bug, patch now BleepingComputer Proof-of-concept exploit code is now available online for a critical authentication bypass vulnerability in multiple VMware products that allows attackers to gain admin privileges. Read Here »   CISA adds 75 actively exploited bugs to its must-patch list in just a week ZDNet Patch these security flaws if the software is still running on your systems, the US cybersecurity authority has warned. Read Here »   'There's No Ceiling': Ransomware's Alarming Growth Signals a New Era, Verizon DBIR Finds DARKReading Ransomware has become so efficient, and the underground economy so professional, that traditional monetization of stolen data may be on its way out. Read Here »   Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! » How Secrets Lurking in Source Code Lead to Major Breaches The Hacker News Secrets-in-code remains one of the most overlooked vulnerabilities in the application security space, despite being a priority target in hackers' playbooks Read Here »   Liveness tests used by banks to verify ID are ‘extremely vulnerable’ to deepfake attacks The Verge Automated “liveness tests” used by banks and other institutions to help verify users’ identity can be easily fooled by deepfakes, demonstrates a new report. Read Here »   Critical Zoom vulnerabilities fixed last week required no user interaction Ars Technica If your machine failed to get them automatically, you're not alone. Read Here »   Yale Research: Having This 1 Trait Makes Leaders 4X More Effective Inc. A simple one-question evaluation can tell you if you have this all-important quality for leadership success. Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks' worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:      Forbes: Netgear Says It Can’t Fix Multiple Vulnerabilities On Two Of Its Routers For Homeworkers      The Hacker News: Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room      Gizmodo: Hackers Know Where You’ve Been Driving: General Motors Discloses Data Breach      The Register: Ransomware encrypts files, demands three good deeds to restore data      CNBC: Military-made cyberweapons could soon become available on the dark web, Interpol warns      CNN: Virtual learning apps tracked and shared kids' data and online activities with advertisers, report says      Tech Radar: DuckDuckGo in hot water over hidden tracking agreement with Microsoft      9to5 Mac: State privacy laws are being written by tech companies to minimize protections      BleepingComputer: EnemyBot malware adds exploits for critical VMware, F5 BIG-IP flaws      ZDNet: Microsoft is rolling out these security settings to protect millions of accounts. Here's what's changing