IT Security News Daily Summary 2023-01-18

• Vulnerable Historian Servers Imperil OT Networks

• FTX Says $415 Million Of Its Crypto Assets Was Hacked

• Not a chance of a recession for IT spending this year, says ServiceNow’s Bill McDermott

• How data sharing amplifies benefits programs

• Facebook Oversight Board Recommends Company Changes Nudity And Sexual Activity Community Standard

• The Case for Designating Wagner Group as a Foreign Terrorist Organization Is Still Compelling

• Period-tracking apps and search engines put on notice by draft law

• Threat Actors Spreading NjRAT in New “Earth Bogle” Campaign

• FDA falls short on IT contract management, watchdog finds

• CISA’s chief of technology strategy stepping down ‘much earlier’ than expected

• Twitter’s new blue checkmark isn’t always blue, and other verification system changes

• States should follow feds in Chinese tech bans

• Two critical flaws discovered in Git source code version control system

• A week in security (January 9—15)

• Rise of cloud-delivered malware poses key security challenges

• Top 10 ICS cybersecurity threats and challenges

• LastPass faces mounting criticism over recent breach

• Palantir CEO tells tech workers who don’t like the company’s military deals, ‘Don’t work here’

• CircleCI: Malware stole GitHub OAuth keys, bypassing 2FA

• Flood forecasts in real-time with block-by-block data could save lives – a new machine learning method makes it possible

• ChatGPT Could Create Polymorphic Malware Wave, Researchers Warn

• Sophos Cuts Jobs to Focus on Cybersecurity Services

• Founder and Majority Owner of Cryptocurrency Exchange Charged With Processing Over $700 Million of Illicit Funds

• Walmart’s ongoing cyber security investment

• Proposed Washington law puts period-tracking apps and search engines on notice

• 3 Tools to Round Out Your Privacy Protection Toolbox

• A Scam in the Family—How a Close Relative Lost $100,000 to an Elder Scam

• KnowBe4 2022 Phishing Test Report Confirms Business-Related Emails Trend

• DoControl Announces SaaS Security Platform Expansion With Shadow Apps Module Launch

• Get lifetime access to award-winning cybersecurity training for just $80

• Over Four Billion People Affected By Internet Censorship in 2022

• ChatGPT Opens New Opportunities for Cybercriminals: 5 Ways for Organizations to Get Ready

• Vulnerability Summary for the Week of January 9, 2023

• CISA Releases Four Industrial Control Systems Advisories

• CISA Updates Best Practices for Mapping to MITRE ATT&CK®

• CISA Adds One Known Exploited Vulnerability to Catalog

• Mozilla Releases Security Updates for Firefox

• Earth Bogle Campaign Unleashes NjRAT Trojan on Middle East and North Africa

• The Case for Designating Wagner Group as a Foreign Terrorist Organization is Still Compelling

• Cybersecurity Under the Ocean: Submarine Cables and US National Security

• Microsoft Quietly Revealed a New Kind of AI

• Don’t Miss Open Source Software (OSS), While Assessing Cloud App Security

• CSI Banking Priorities Executive Report Reveals Bankers Will Deploy Customer-Centric Features for Retention in 2023

• QuSecure Achieves Critical Breakthrough in Post-Quantum Encryption Over Public Internet – Closes Loop for End-to-End Quantum-Safe Data Security

• Latest Cyberthreats and Advisories – December 23, 2022

• nsKnox Raises $17 Million From Link Ventures, Harel Insurance and Existing Investors Including M12 and Viola Ventures to Meet Growing Demand for B2B Payment Security & Compliance Solutions

• The dos and don’ts of ransomware negotiations

• Third-Party Firm Exposes Personal Info for Nissan Customers

• Cloud IAM recovery firm raises $5M to tighten identity access management

• Exploited Control Web Panel Flaw Added to CISA ‘Must-Patch’ List

• Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability

• How to build a cyber-resilience culture in the enterprise

• ICS Confronted by Attackers Armed With New Motives, Tactics, and Malware

• Zendesk – Is It A One Way “Ticket” to Ransomland?

• The Lingering Power of Cyber Brandishing

• Ivanti and Lookout Announce Extension on Partnership To Protect Mobile Devices

• Emails are Vulnerable to Cyber Threat

• Telephony fraud and risk mitigation: Understanding this ever-changing threat

• Help Shape the CGRC Exam – Formerly Known As CAP

• Three easy steps to dramatically improve your AWS security posture: Step 1, set up IAM properly

• How do the latest iPhone updates address Cybersecurity issues?

• Difference between Cybersecurity and Information Security

• Over 4,000 Internet-facing Sophos Firewalls Vulnerable to Code Injection Attacks

• Texas universities block access to TikTok on campus Wi-Fi networks

• Remote Code Execution Vulnerabilities Found in TP-Link, NetComm Routers

• Critical Git Vulnerabilities Discovered in Source Code Security Audit

• ChatGPT Creates Polymorphic Malware

• 1000 Shipping Vessels Impacted by Ransomware Attack

• Unpatched Zoho ManageEngine Products Open to Possible Attack

• Spy Cams Reveal the Grim Reality of Slaughterhouse Gas Chambers

• More Than 4,400 Sophos Firewall Servers Remain Vulnerable To Critical Exploits

• More Malicious Packages Posted To Online Repository. This Time It’s PyPI

• FTX Says $415 Million In Crypto Was Hacked

• Four Azure Services Vulnerable To SSRF Flaws

• Third-Party Hack Leads To Theft Of Patient Data For Over 251,000

• 1,000 Ships Affected By Ransomware Attack On DNV’s Software

• New Updates for Keeper Connection Manager

• Vulnerable NetComm routers and a public PoC exploit (CVE-2022-4873, CVE-2022-4874)

• Doenerium: When Stealing from Thieves Is Also a Crime

• Five Ways to Keep Endpoint Protection Simple

• Apple Announces M2 Pro & M2 Max Chips, New MacBook Pros, New Mac mini, and New HomePod

• Apple Postpones AR Glasses Launch – Report

• What the New Federal Cybersecurity Act Means for Businesses

• Lares Research Highlights Top 5 Penetration Test Findings From 2022

• Governance in the Cloud Shifts Left

• Cybersecurity and the Myth of Quiet Quitting

• New Coalfire Report Reveals CISOs Rising Influence

• Abacus Group Acquires Gotham Security and GoVanguard to Expand Cybersecurity Service Offerings

• Mozilla Releases Security Updates for Firefox

• A couple of bugs can be chained to hack Netcomm routers

• How to choose the right Mac for your use case in 2023

• A Senior’s Guide to Navigating Tech Issues in 2023

• FTX Claims $415m Crypto Was Hacked

• GitLab Critical Security Flaw Let Attacker Execute Arbitrary Code

• #WEF23: Geopolitical Instability Means a Cyber “Catastrophe” is Imminent

• Encryption is on the Rise!

• Perception Point Launches Advanced Threat Protection and Rapid Remediation for Zendesk Customers

• Avast Provides A Free Decryptor For BianLian Ransomware

• Cost of data breaches to global businesses at five-year high

• Google ads increasingly pointing to malware

• Global instability increases cyber risk, says World Economic Forum

• Data Leaks: How An HR Platform Left Employees’ Private Data Exposed

• CrowdStrike is a buy as it becomes a bigger player in the cybersecurity space, BMO says

• Ransomware decryption: This tool could help some BianLian ransomware victims get files back

• Okta Expands No-Code Offerings for Identity Cloud

• Over 2.5 Billion Google Chrome Users’ Information was Breached

• Russian hacker group took a shot at three American top nuclear labs

• Twitter Revenue Down 40 Percent, As 500 Advertisers Pause Spending

• Oracle’s First Security Update for 2023 Includes 327 New Patches

• Ransomware Attack on DNV Ship Management Software Impacts 1,000 Vessels

• 18k Nissan Customers Affected by Data Breach at Third-Party Software Developer

• Hackers Can Exploit GE Historian Vulnerabilities for ICS Espionage, Disruption

• Almost Half of Critical Manufacturing at Risk of Breach

• Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks

• Myrocket HR platform’s data leak turns into privacy nightmare for employees

• AI and Political Lobbying

• CrowdStrike is a buy as it become a bigger player in the cybersecurity space, BMO says

• Hack the Pentagon 3.0: Groundbreaking Bug Bounty Program Is Back

• Researchers warn of malicious Visual Studio Code extensions

• Guide: How MSSPs and vCISOs can extend their services into compliance readiness without increasing cost

• Varonis strengthens data security with least privilege automation

• Malicious Download Links Impersonating Popular Software Pushed by Hackers Through Google Ads

• Data of 18.000 Nissan North America Clients Exposed by a Third-party Breach

• 1,000 Vessels Affected by Ransomware Attack on Marine Software Provider DNV

• Microsoft Azure Services Found Vulnerable to Server-Side Request Forgery Attacks

• “Payzero” Scams and The Evolution of Asset Theft in Web3

• Microsoft To Cut Thousands Of Jobs – Report

• Apple Launches MacBook Pro With Upgraded M2 Chips

• Cybersecurity Crisis Management and Business Continuity

• Data Classification: Your 5 Minute Guide

• FinServ Firms See 81% Surge in Attacks Since Russia-Ukraine War

• Nissan Supplier Leaked Data on Thousands of Customers

• Git Users Urged to Update Software to Prevent Remote Code Execution Attacks

• Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers

• Nissan Data Breach Caused By Vendor-Exposed Database

• How to Safeguard Your Data in the Era of Privacy Violations

• Twitter Auctions Off Office Furniture, Fixtures And Fittings

• European Businesses Admit Major Privacy Skills Gap

• Experts found SSRF flaws in four different Microsoft Azure services

• 5 Best VPN for Warzone 2 Lag 2023? Play Smoothly

• Why performing security testing on your products and systems is a good idea

• Wireless Penetration Testing Checklist – A Detailed Cheat Sheet

• The dark web in 2023: What’s on it?

• CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems

• What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

• Importance of having a Threat Intelligence Platform

• Potential threats and sinister implications of ChatGPT

• Cybersecurity in 2023: Russian escalation, Chinese espionage, Iranian “hacktivism”

• MassChallenge and MITRE Select 10 Startups for the MITRE Social Innovation Mentorship Program

• Veterans Affairs unveils draft for $60B T4NG 2 vehicle

• Top 10 Venmo scams – and how to stay safe

• How data protection is evolving in a digital world

• Trellix Endpoint Scores 100% Detection with Zero False Positives in Latest SE Labs Endpoint Security Test

• ERI Becomes First Electronic Recycler & ITAD Company to Achieve Official Carbon Neutral Status

• Hypori, Inc. Secures Series B to Redefine Zero-Trust BYOD

• Latest Cyberthreats and Advisories – January 6, 2023

• Key to success while implementing IAM- Best practices that every company should implement

• 2023-01-16 – Google ad –> Fake 7-Zip page –> Malicious .msi file

• Thinking of Hiring or Running a Booter Service? Think Again.

• DigiCert Trust Lifecycle Manager unifies CA-agnostic certificate management

• Devo DeepTrace helps security teams investigate alerts and suspicious events

• NS1 DNS Insights empowers network teams to troubleshoot misconfigurations

• Varonis unveils least privilege automation to improve data security

• Been hit by BianLian ransomware? Here’s your get-out-of-jail-free card

• Nearly 300 MSI motherboards will run any old code in Secure Boot, no questions asked

• Russian criminals can’t wait to hop over OpenAI’s fence, use ChatGPT for evil

• Denial of service vulnerability discovered in libraries used by GitHub and others

• Web skimmer found on website of Liquor Control Board of Ontario

• University suffers leaks, shutdowns at the hands of Vice Society

• Update now! Proof of concept code to be released for Zoho ManageEngine vulnerability

• Russian criminals can’t wait to hop over OpenAI fence, use ChatGPT for evil

• IBM: Quantum computing poses an ‘existential threat’ to data encryption

• Communities are rethinking their push for data centers

• SimSpace CEO brings dogfight mentality to terra firma for IT cybersecurity training

• State of data privacy laws in 2023

• Facebook Sues Surveillance Company For Scraping Data Of 600,000 Users

• Secrets Rotation Recommended After CircleCI Security Incident

• Initial Access Broker Market Booms, Posing Growing Threat to Enterprises

• Vulnerability Summary for the Week of January 9, 2023

• Tesla Executive Admits Self-Driving Video Was Staged

• Governor calls for $37M boost in drone funding

• Future-proofing smart cities with open standards

• OPM pushes to rebrand government and capitalize on tech layoffs

• CISA Updates Best Practices for Mapping to MITRE ATT&CK®

• CISA Adds One Known Exploited Vulnerability to Catalog

• 1,000 ships impacted by a ransomware attack on maritime software supplier DNV

• Nearly 300 MSI motherboards will run any code in Secure Boot, no questions asked

• Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

• Lawmakers propose a federal reserve corps for digital talent

• Serious Security: Unravelling the LifeLock “hacked passwords” story

• Unpatched Zoho MangeEngine Products Under Active Cyberattack

• VIPRE Security Group Launches New Endpoint Detection and Response (EDR) Technology Built for SMEs

• Researcher Finds Class Pollution – A Prototype Pollution Variant Affecting Python

• Check Point Research flags a 48% growth in cloud-based networks attacks in 2022, compared to 2021

• Making an apology

• Hackers to get a crack at systems running the Pentagon in new bug bounty

• Microsoft fixes SSRF vulnerabilities found in Azure services

• Vice Society Claims Ransomware Attack Against University of Duisburg-Essen

• Why Businesses Need to Think Like Hackers This Year

• A New Era Is Dawning in Cybersecurity, but Only the Best Algorithms Will Win

• CISA Releases Four Industrial Control Systems Advisories

• US Copyright Term Extensions Have Stopped, But the Public Domain Still Faces Threats

• Veeam Research Finds IT Leaders Feel Increasingly Unprotected from Cyberattacks and Other Disasters

• GrammaTech and T.E.N. Announce Winner of First Annual Product Security Executive of the Year Award

• ProArch Acquires Data Protection Firm Trum & Associates

• TD SYNNEX Unveils New Fraud Defense Solution to Combat Widespread Security Risks

• Cyber Hygiene: How to get buy-in from employees

• Foxconn Replaces Head Of iPhone Assembly – Report

• Britishvolt Calls In Administrators, After Months Of Struggle

• Disruption on High Seas: Shipping Software Hit by Ransomware Attack

• Self-Checkout This Discord C2

• Hinds County electronic system knocked offline, blocking jail, courts and DA communication

• Smart home appliances have long lives, but software support is much shorter

• Researchers Warn Against Zoho ManageEngine Exploit Attacks

• Major Canadian Liquor Distributor’s Website Infected With Skimmer

• It’s important to look at overall macro sentiment, says Palo Alto Networks’ Nikesh Arora

• Secure your business like you secure your home: 5 steps to protect against cybercrime

• Microsoft locks door to default guest authentication in Windows Pro

• Fiber Broadband Association Opens Fiber Connect 2023 Call for Speakers

• Teleion, a Minority-Owned Business, Selected as Best Place to Work for Third Year

• Token Wins Fourth Award for MFA Technology that Stops Phishing and Ransomware

• IT/OT convergence and Cybersecurity best practices

• How to say your webcam on laptop or smartphone has been hacked

• Azure Services SSRF Vulnerabilities Exposed Internal Endpoints, Sensitive Data

• PyPI Users Targeted With ‘Wacatac’ Trojan in New Supply Chain Attack

• Earth Bogle Group Targets Middle East With NjRAT, Geopolitical Lures

• Three-Quarters of UK Schools Have Experienced a Cyber Incident

• Cygna Labs Introduces Entitlement and Security for Active Directory

• How to abuse GitHub Codespaces to deliver malicious content

• More Than Half Of US States Restrict TikTok Access From Govt Devices

• Tencent Fired 100 People For Corruption In 2022

• Crypto Exchanges Freeze Accounts Tied To North Korea’s Notorious Lazarus Group

• Cryptoverse: Bitcoin Is Back With A Bonk

• Huge Network of Fake Cracked Software Distributes Raccoon and Vidar Malware

• Your Guide on How Ransomware Spreads in Company Networks & on the Internet

• Internet Security: How to Defend Yourself Against Hackers

• US Spies Lag Rivals in Gathering Data That is Concealed From Plain Sight

• Watch Out For This AnyDesk Phishing Campaign That Delivers Vidar Info Stealer

• What is the Future of Password Managers?

• How to unlock the Flipper Zero’s true power

• 3 Lessons Learned in Vulnerability Management

• 5 Cybersecurity Tips for Higher Education Institutions

• Microsoft Patches 4 SSRF Flaws in Separate Azure Cloud Services

• Microsoft Azure Services Flaws Could’ve Exposed Cloud Resources to Unauthorized Access

• CloudSEK BeVigil app protects Android users from security risks

• How Vice Society’s Ransomware Attack Impacted University of Duisburg-Essen

• What Is the Best Email App for IOS for 2023?

• Vampire Survivors Mobile Port Demonstrates Why Mobile Gaming Is Great

• Some of the Most Beloved Fictional Gamblers

• Microsoft resolves four SSRF vulnerabilities in Azure cloud services

• Batloader Malware Abuses Legitimate Tools, Uses Obfuscated JavaScript Files in Q4 2022 Attacks

• Dutch Minister Queries Compliance Over US Chinese Export Controls

• Over 6000 Internet-Exposed Cacti Servers are Unpatched for Critical Security Vulnerability

• Attackers Can Abuse GitHub Codespaces for Malware Delivery

• Patch your Zoho ManageEngine instance immediately! PoC Exploit for CVE-2022-47966 will be released soon

• Sweden’s Challenging Road to NATO Membership

• Oral Argument Preview: United States v. Turkiye Halk Bankasi S.A. (Halkbank)

• Real Talk with CCSPs An interview with Vanessa Leite, CCSP, CISSP

• What is phishing? Everything you need to know to protect against scam emails – and worse

• Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware

• Odin Intelligence Website Used By Police Wrecked, Data Stolen

• PoC for critical ManageEngine bug to be released, so get patching! (CVE-2022-47966)

• What Are Rainbow Table Attacks and How to Safeguard Against Them?

• Free Decryptors Released for BianLian, MegaCortex Ransomware

• Bill Would Force Period Tracking Apps to Follow Privacy Laws

• The FBI Identified a Tor User

• CISA Warns of Critical Vulnerabilities on Industrial Control Systems

• Bank of England Governor Questions Need For Digital Pound

• The Best Ways to Automate SBOM Creation

• 3 Learnings from the DoDIIS Conference

• The prevalence of RCE exploits and what you should know about RCEs

• Zoho ManageEngine PoC Exploit to be Released Soon – Patch Before It’s Too Late!

• 4 Places to Supercharge Your SOC with Automation

• Fortinet observed three rogue PyPI packages spreading malware

• VIPRE Security Group’s New Endpoint Detection And Response (EDR) Technology Powerfully Built For Small And Mid-sized Enterprises

• Cyber Threat Landscape Study 2023: Outpost24’s Honeypot Findings From Over 42 Million Attacks

• Outpost 24’s honeypots register 42 million attacks

• December 2022 Cyber Attacks Statistics

• Casino Crypto Games: Everything You Need to Know

• Largest European Rare Earth Deposit Found In Sweden

• Google Ads Malware Wipes NFT Influencer’s Crypto Wallet

• GDPR Fines Surge 168% in a Year

• Russia’s Ukraine War Drives 62% Slump in Stolen Cards

• Mass Data Scraping Lawsuit Filed by Meta

• Initial Access Broker Activity Doubles in a Year

• Managing Asset Risks During Healthcare M&As

• Heimdal Cyber-Security & Threat Intelligence Report 2023

• Proof-of-Concept Exploit Code to be Released for Critical Zoho RCE Bug

• CIA’s Hive Attack Kit Has Been Pirated by Hackers

• Need to improve the detection capabilities in your security products?

• Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures

• Policy Brief – U.S. Cyber Threat Intelligence, Part 2: Summary, Recommendations & Challenges

• CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers

• Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

• (ISC)² Top-Ranked Webinars of 2022 by Region

• Crypto exchanges freeze accounts tied to North Korea’s notorious Lazarus Group

• Datadog Changes RPM Signing Key Exposed in CircleCI Hack

• How to succeed in cyber crisis management and avoid a Tower of Babel

• Cyber Attack news headlines trending on Google

• Tencent fired 100 people for corruption during 2022

• Training, endpoint management reduce remote working cybersecurity risks

• Threats that will dominate headlines in 2023

• 5 Updates to Secure Data as Workers Return to Work

• Hybrid commerce: Blurring the lines between business and pleasure

• Is the FSI innovation rush leaving your data and application security controls behind?

• Google to support the use of Rust in Chromium

• Law enforcement app SweepWizard leaks data on crime suspects

• Accountant ordered to pay ex-employer after bossware shows “time theft”

• TikTok dances to the tune of $5.4m cookie fine

• “Untraceable” surveillance firm sued for scraping Facebook and Instagram data

• Fighting technology’s gender gap with TracketPacer: Lock and Code S04E02

Generated on 2023-01-19 00:00:04.704591