๐ Cyber Security Roundup for May 2021
๐ก Newskategorie: IT Security Nachrichten
๐ Quelle: blog.itsecurityexpert.co.uk
A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2021.
- Co-ordinated, international diplomatic and law enforcement efforts must proactively prioritize ransomware through a comprehensive, resourced strategy, including using a carrot-and-stick approach to direct nation-states away from providing safe havens to ransomware criminals.
- The United States should lead by example and execute a sustained, aggressive, whole of government, intelligence-driven anti-ransomware campaign, coordinated by the White House. This must include the establishment of 1) an Interagency Working Group led by the National Security Council in coordination with the nascent National Cyber Director; 2) an internal U.S. Government Joint Ransomware Task Force; and 3) a collaborative, private industry-led informal Ransomware Threat Focus Hub.
- Governments should establish Cyber Response and Recovery Funds to support ransomware response and other cybersecurity activities; mandate that organizations report ransom payments; and require organizations to consider alternatives before making payments.
- An internationally coordinated effort should develop a clear, accessible, and broadly adopted framework to help organizations prepare for, and respond to, ransomware attacks. In some under-resourced and more critical sectors, incentives (such as fine relief and funding) or regulation may be required to drive adoption.
- The cryptocurrency sector that enables ransomware crime should be more closely regulated. Governments should require cryptocurrency exchanges, crypto kiosks, and over-the-counter (OTC) trading โdesksโ to comply with existing laws, including Know Your Customer (KYC), Anti-Money Laundering (AML), and Combatting Financing of Terrorism (CFT) laws.
- Which is more Important: Vulnerability Scans Or Penetration Tests?
- Should Doctors Receive a Cybersecurity Education?
- The Future of Service Management in the DevOps Era
- Flexibility and Security, You Can Have it All!
- Adapting Security Awareness to the Post-Pandemic World
- Important Strategies for Aligning Security With Business Objectives
- Building a Security Conscious Workforce
- Cyber Security Roundup for April 2021
- Nation-State Threat Actors used Fake LinkedIn Profiles to Lure 10,000 UK Citizens
- Facebook details of 11 Million UK Users Found on Website for Hackers
- The Scottish Environment Protection Agency Spent nearly ยฃ800,000 on Cyber Attack Response
- Redcar Cyber-Attack: UK Government to Cover ยฃ3.68 Million of the Costs
- Ransomware Gang Babuk claims DCโs Metropolitan Police Attack
- Flubot: Warning over SMS โPackage Deliveryโ Scam Message which Delivers Android Malware
- Ransomware Task Force releases Recommendations
- REvil seeks to Extort Apple and Hits Supplier with $50 Million Ransom
- Hackers Hit Nine Countries, Expose 623,036 Payment Card Recordsย
VULNERABILITIES AND SECURITY UPDATES
- More Critical Patches for Microsoft Exchange Server (Versions 2013, 2016, & 2019)
- Microsoft Warns of Damaging Vulnerabilities in Dozens of IoT Operating Systems
- Criticalย Microsoft Patches 108 Vulnerabilities, 20 Rated as Critical
- Unpatched Fortinet VPN Devices Vulnerable to New Cring Ransomware
- Microsoft SharePoint Vulnerability and China Chopper Web Shell used in Ransomware Attacks
- Hackers Exploit Unpatched Vulnerabilities, Zero Day to Attack Governments and Contractors
- Phishing Scammers imitate Windows logo with HTML Tables to Slip through Email Gateways
- Ransomware Group Targeted SonicWall Vulnerability Pre-Patch
- Malware Operators Leverage TLS in 46% of Detected Communications
- Petsโ Names used as Passwords by Millions, NCSC Study Finds