Daily Cybersecurity Roundup, April 01, 2022
Patch the bug if not yet! Several sectors are under attack by a Chinese APT abusing Log4Shell to compromise VMware Horizon servers. In other news, the U.S. President extended the national emergency declaration in the wake of increased cyber threats. Furthermore, do check out cyber attack-related alerts and advisories from government agencies in the U.S. and U.K. On that note, let’s check out the key highlights from the past 24 hours.
Top 10 hacking news
Deep Panda APT was found exploiting Log4Shell to deploy the new Fire Chili rootkit in compromised networks of organizations in the travel, finance, and cosmetic industries.
Hackers were discovered exploiting Microsoft Azure Static Web Apps in phishing campaigns to steal Microsoft, Outlook, Office365, and OneDrive credentials from users.
President Joe Biden announced to extend the state of national emergency declared to deal with the growing prevalence of cybersecurity threats to the U.S. national security, foreign policy, and economy.
The NCSC urged the U.K public sector, CNI firms, and other organizations that rely on Russian-controlled tech or services to scrutinize their systems for supply chain risks.
Researchers at Zscaler reported a new information-stealing malware, named BlackGuard. Now available in numerous darknet forums, it was first spotted on Russian-speaking forums in January.
A new Version 4.0 of the PCI Data Security Standard (PCI DSS) was published by the PCI Security Standards Council, the global payment security forum. The current version will remain active for two years until March 31, 2024.
The CISA, along with Claroty, issued two ICS Advisories warning against vulnerabilities in Rockwell Automation products that let an attacker run arbitrary code on targeted systems.
The FBI released an alert to U.S. Government Facilities Sector partners about cybercriminals conducting ransomware attacks on local government agencies and urged them to apply the recommended mitigations.
Arizona's Technology and Research Initiative Fund released nearly $6 million to help boost the university’s nationally renowned cyber operations program in all possible manners.
Antimatter, a provider of data security for SaaS applications, raised $12 million in a Series A round led by NEA with participation from General Catalyst, UNION Labs, and others.