SBS CyberSecurity - In The Wild 300

 

In The Wild - CyberSecurity Newsletter Welcome to the 300th issue of In The Wild, SBS' weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           LOG4J Status Update SBS Educational Resources Remember Log4j… that December 2021 vulnerability that had us all doing deep dives into our applications to seek out the critical vulnerability? Heading into late 2022 we can rest easy knowing that has been put to rest, right? Well, not really. Read Here »   The Top 4 Mistakes in Security Programs to Avoid DARKReading Overlooking even just a single security threat can severely erode a company’s community and consumer confidence, tarnish reputation and brand, negatively impact corporate valuations, provide competitors with an advantage, and create unwanted scrutiny. Read Here »   US Treasury- Financial institutions reported $1.2 billion in ransomware losses in 2021 The Record In all, the cost of incidents reported last year under the Bank Secrecy Act jumped to $1.2 billion, from $416 million the year before. Read Here »   Phishing-as-a-Service Platform Offers MFA Bypass for $1500 infoRiskToday Phishing-as-a-Service platform Robin Banks is offering a cookie-stealing feature that cybercriminals can purchase as an add-on to the phishing kit in order to bypass multi-factor authentication in attacks. Read Here »   Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! » FBI and CISA: Here's what you need to know about DDoS attacks ZDNet Agencies say guidance will help organizations to understand and respond to DDoS attacks. Read Here »   FTC slams Chegg for chronic, ‘careless security’ Cybersecurity Dive Chegg, which the FTC accused of “careless security,” is the second firm to be held accountable by the federal agency for cybersecurity shortcomings in the last week. Read Here »   New Crimson Kingsnake gang impersonates law firms in BEC attacks BleepingComputer A business email compromise (BEC) group named 'Crimson Kingsnake' has emerged, impersonating well-known international law firms to trick recipients into approving overdue invoice payments. Read Here »   12 Best Foods to Eat for Brain Health CNET Keep your brain healthy and happy with these nutrient-rich foods. Read Here » 10 Other Interesting Links From This Week There were too many fantastic reads from this past weeks' worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:      KrebsonSecurity: LinkedIn Adds Verified Emails, Profile Creation Dates      KrebsonSecurity: Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion      CyberScoop: Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup      CISA: Implementing Phishing-Resistant MFA      CISA: Implementing Number Matching in MFA Applications      Cybersecurity Dive: What is phishing-resistant multifactor authentication? It’s complicated.      Cybersecurity Dive: U.S. Bank data breach impacts 11K customers      DarkReading: Microsoft Warns on Zero-Day Spike as Nation-State Groups Shift Tactics      BleepingComputer: Microsoft rolls out fix for Outlook disabling Teams Meeting add-in      Spiceworks: Managing Data Lifecycle for Financial Services Companies