Managing the employee risks of SaaS
Software as a Service (SaaS) is everywhere, and its use in work environments presents cybersecurity risks to organizations. Identify the top risks of SaaS and how to manage them to maintain business resilience.
Healthcare employees call for workplace violence legislation
The Workplace Violence Prevention for Health Care and Social Service Workers Act has been introduced in the Senate. The bill would require healthcare organizations to develop a detailed workplace violence prevention plan for their employees.
ISC StormCast for Thursday, May 12th, 2022
TA578 Using Thread-Hijacked Emails to Push ISO Files for Bumblebee Malware
https://isc.sans.edu/forums/diary/TA578+using+threadhijacked+emails+to+push+ISO+files+for+Bumblebee+malware/28636/
Google Drive Emerges as Top App for Malware Downloads
https://www.helpnetsecurity.com/2022/05/11/malicious-pdf-search-engines/
Vanity URL Abuse
https://www.varonis.com/blog/url-spoofing
npm Supply Chain Attack Turns Out to be Part of Penetration Test
https://jfrog.com/blog/npm-supply-chain-attack-targets-german-based-companies/
Former CIA CISO William MacMillan joins SalesForce security team
William MacMillan has joined Salesforce as SVP, Security Product and Program Management, BISO, and Acquisition Integration.
Nation-state attacks are hard to spot. It’s time for a new approach to threat detection
Network detection and response (NDR) solutions are the balance that security teams need to fight nation-state cybersecurity threats and zero-day attacks.
ISC StormCast for Wednesday, May 11th, 2022
Microsoft May 2022 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2022+Patch+Tuesday/28632/
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
npm “foreach” package domain takeover
https://www.theregister.com/2022/05/10/security_npm_email/
Defining workplace violence for security executives
Spend five minutes with Security magazine as we sit down with corporate security executive J.T. Mendoza as he defines workplace violence and what it means to the enterprise.
Wendy Hans named President of RLPSA
Wendy Hans, Director of Fraud and Loss Control for AMC Theatres, has been appointed President of the Restaurant Loss Prevention & Security Association (RLPSA).
ISC StormCast for Tuesday, May 10th, 2022
Octopus Backdoor is Back with a New Embedded Obfuscated Bat File
https://isc.sans.edu/forums/diary/Octopus+Backdoor+is+Back+with+a+New+Embedded+Obfuscated+Bat+File/28628/#comments
CVE-2022-1388 (BIG-IP) Exploits
https://twitter.com/sans_isc/status/1523741896707043328
https://github.com/horizon3ai/CVE-2022-1388
Trend Micro False Positive Aftermath
https://success.trendmicro.com/dcx/s/solution/000290966?language=en_US
Microsoft Azure
https://orca.security/resources/blog/azure-synapse-analytics-security-advisory/
https://msrc-blog.microsoft.com/2022/05/09/vulnerability-mitigated-in-the-third-party-data-connector-used-in-azure-synapse-pipelines-and-azure-data-factory-cve-2022-29972/
