Name: Grasping Logitech Lift, Lenovo Malware, CISA Warns of Print Spooler, & 0-Day Holes – PSW #737
Uploaded: 2022-04-20T00:00:00.000-04:00
Description: Grasping Logitech Lift, Lenovo Malware, CISA Warns of Print Spooler, & 0-Day Holes – PSW #737

Logitech’s Lift is a vertical mouse that’s easier to grasp, CISA warns of attackers now exploiting Windows Print Spooler bug, Google tracked 58,exploited zero-day security holes in 2021, For Russian tech firms, QNAP urges customers to disable UPnP port forwarding on routers Putin’s crackdown ended their global ambitions, & Hackers can infect over 100 Lenovo models with unremovable malware. Are you patched?

Featured image for Grasping Logitech Lift, Lenovo Malware, CISA Warns of Print Spooler, & 0-Day Holes – PSW #737 segment from PPWorks

Don't miss any of your favorite Security Weekly content! Visit <a rel="noopener" target="_blank" href="https://securityweekly.com/subscribe">https://securityweekly.com/subscribe</a> to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media &amp; our streaming platforms!

Subscribe

Don't forget to check out our library of on-demand webcasts &amp; technical trainings at securityweekly.com/ondemand.

Webcasts/Trainings/OnDemand

Hackers can infect >100 Lenovo models with unremovable malware. Are you patched?

The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory (CSA) to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity from Russian state-sponsored cyber actors or Russian-aligned cybercrime groups.

Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

QNAP urges customers to disable UPnP port forwarding on routers

A new marketplace named Industrial Spy that focuses on the sale of stolen data appeared in the threat landscape. 

Once the group's malware is executed, researchers say it creates README.txt files that include a description of the service and a link to the group's Tor site in all folders on the targeted system

Experts spotted Industrial Spy, a new stolen data marketplace

Okta Closes Lapsus$ Breach Probe, Adds New Security Controls

A new DDoS botnet dubbed "Enemybot" has been spotted exploiting known vulnerabilities affecting a variety of web servers and routers in attacks targeting several different architectures that include arm, bsd, x64, and x86, according to researchers.

Enemybot, a new DDoS botnet appears in the threat landscape

CISA warns of attackers now exploiting Windows Print Spooler bug

VMWare issued patches to address a critical code execution vulnerability (CVE-2022-22966) affecting its Cloud Director product that could be exploited by attackers to conduct remote code execution attacks against unpatched systems.

Critical Code Execution Flaw Haunts VMware Cloud Director

Hackers steal $655K after picking MetaMask seed from iCloud backup

Lenovo has released security updates for more than 100 laptop models to fix critical vulnerabilities that make it possible for advanced hackers to surreptitiously install malicious firmware that can be next to impossible to remove or, in some cases, to detect.

For Russian tech firms, Putin’s crackdown ended their global ambitions

Sina Estavi garnered international attention last March when he bought a NFT of the first-ever Tweet. He paid almost $3 million for the NFT, held it for a year and put it up for auction on a popular NFT site.
Estavi started the bidding on OpenSea at $48 million, but after nine days, no bid has reached even a fraction of that figure. The highest bid as of Friday was 4.2 ether, or roughly $12,600.

Why an NFT auction of the first tweet flopped

Elon Musk’s talks of a Twitter takeover mask Tesla’s troubles in China

Google tracked 58 exploited zero-day security holes in 2021

Windows 11 is within touching distance of Windows XP

Immersion-cooled colocation is coming to Ohio

Logitech’s Lift is a vertical mouse that’s easier to grasp

Paul's Security Weekly

If you&#8217;re looking for a bunch of us security nerds to get together and talk shop, then Paul’s Security Weekly is for you. This show features interviews with folks in the security community; technical segments, which are just that, very technical; and security news, which is an open discussion forum for the hosts to express their opinions about the latest security headlines, breaches, new exploits and vulnerabilities, “not” politics, “cyber” policies and more. The topics vary greatly and the atmosphere is relaxed and very conversational. This is a longer show, typically 2+ hours, for those with a long commute.

Grasping Logitech Lift, Lenovo Malware, CISA Warns of Print Spooler, & 0-Day Holes – PSW #737

Announcements

Hosts

Related

Surprise Cam Nudes, Staples, Turtle, Apple, 23andme, P2Pinfect, Gmail, Jason Woods – SWN #346

Chimera, Aliquippa, FNF, Lazarus, DARPA, Namedrop, Google, Aaran Leyland, and More – SWN #344

Cashwarp vs. Reptar, Rackspace, BlackCat, Bots, Aaran Leyland and More – SWN #343