.png?1649272829)
School shootings and violence prevention
The latest Security podcast features Dr. Marisa Randazzo, Executive Director at the Ontic Center of Excellence, who discusses the rise of school shootings over the years, as well as security lessons learned and strategies for violence prevention.
ISC StormCast for Thursday, April 7th, 2022
Windows MetaStealer Malware
https://isc.sans.edu/forums/diary/Windows+MetaStealer+Malware/28522/
US Justice Depatment Takes Down Cyclops Blink Botnet
https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation
VMWare Bugs
https://www.vmware.com/security/advisories.html
Palo Alto CVE-2022-0778
https://security.paloaltonetworks.com/CVE-2022-0778
Unpatched Apple Bug
https://www.intego.com/mac-security-blog/apple-neglects-to-patch-zero-day-wild-vulnerabilities-for-macos-big-sur-catalina/
ISC StormCast for Wednesday, April 6th, 2022
WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools
https://isc.sans.edu/forums/diary/WebLogic+Crypto+Miner+Malware+Disabling+Alibaba+Cloud+Monitoring+Tools/28520/
Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks
New Security Features for Windows 11
https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/
Fin7 Power Hour: Adversary Archaeology and Evolution of FIN7
https://www.mandiant.com/resources/evolution-of-fin7
April designated Emergency Communications Month
The Cybersecurity and Infrastructure Security Agency (CISA) has designated April as the first-ever Emergency Communications Month to promote emergency preparedness, public safety, risk management and more.
Securing information and communications technology supply chain
During National Supply Chain Integrity Month, how can organizations strengthen the security and resilience of their information and communications technology (ICT) supply chain?
LifePoint Informatics Patient Portal
This advisory contains mitigations for an Authentication Bypass Using Alternate Path or Channel vulnerability in the LifePoint Informatics Patient Portal, a website containing patient health data.
ISC StormCast for Tuesday, April 5th, 2022
Emptying the Phishtank: Are WordPress Sites the Mosquitoes of the Internet
https://isc.sans.edu/forums/diary/Emptying+the+Phishtank+Are+WordPress+sites+the+Mosquitoes+of+the+Internet/28516/
Mailchimp Breach Used to Target Trezor Users
https://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/
Proactively Prevent Secret Leaks With GitHub Advanced Security Secret Scanning
https://github.blog/2022-04-04-push-protection-github-advanced-security/
TruffleHog v3
https://trufflesecurity.com/blog/introducing-trufflehog-v3
Russian Certificates (chinese article)
https://blog.netlab.360.com/review-revoke-russia-ssl-certificates/
Mental health, physical security top concerns in 2022
Security leaders are starting to move on from COVID-related safety measures and are instead focusing on mental health and violence on campus, according to a new Rave report.
Tune in to Practical Solutions for Security Stakeholders videos
Security magazine introduces a new video page with Practical Solutions for Security Stakeholders.
