IT Security News Daily Summary 2023-01-19

• Finally, ransomware victims are refusing to pay up

• Privacy Rights Group Accuses Facebook Of Dodging Billions In Fines

• ‘If we can do it, why can’t you?’ local gov tech veteran asks

• Challenges quickly test creative solutions to operational snags

• Secure your email with this top-rated backup service

• Attackers Crafted Custom Malware for Fortinet Zero-Day

• Massive Adware Campaign Shuttered

• Experts released PoC exploit for critical Zoho ManageEngine RCE flaw

• Massive Ad Fraud Scheme Shut Down: 11 Million Phones Targeted

• Heartbleed

• OMB streamlines contracting officer training with certification update

• Fair Use Creep Is A Feature, Not a Bug

• Tech keeps city’s fleet vehicles within speed limits

• How to check if your VPN is working (and what to do if your VPN won’t connect)

• 16 Best Digital Forensics Tools & Software

• Oral Argument Preview: Turkiye Halk Bankasi A.S. v. United States (Halkbank)

• Digital Rights Updates with EFFector 35.1

• ITAR and EAR compliance

• Founder of Bitzlato Exchange Arrested for ransomware, $700 mln Fraud

• Chainguard Trains Spotlight on SBOM Quality Problem

• Chainalysis: Ransomware payments down, fewer victims paying

• Have You Tried Turning It Off and On Again: Rethinking Tech Regulation and Creative Labor

• Making risk work for you

• Cybersecurity in the Metaverse Will Require New Approaches

• Shift Identity Left: Preventing Identity-Based Breaches

• Roaming Mantis Uses DNS Changers to Target Users via Compromised Public Routers

• The 2022 Federal 100

• How Does Ransomware Spread? Here’s What You Need to Know

• Common Browser Security Vulnerabilities Used By Hackers To Take Over Browser

• Roaming Mantis’ Hacking Campaign Adds DNS Changer to Mobile App

• Name That Toon: Poker Hand

• CISA Releases One Industrial Control Systems Advisory

• Synthetic Media Creates New Social Engineering Threats

• New HHS data strategy is coming in ‘weeks,’ CIO says

• IT email templates: Security alerts

• Meta Slapped With 5.5 Million Euro Fine for EU Data Breach

• As Social Engineering Tactics Change, So Must Your Security Training

• CISA Releases One Industrial Control Systems Advisory

• Malicious Office Macros: Detecting Similarity in the Wild

• Open Data and the AI Black Box

• Twitter: Five Changes to the Platform for Users by Elon Musk

• As a cybersecurity blade, ChatGPT can cut both ways

• S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]

• ThreatModeler Makes DevSecOps More Accessible With New Marketplace

• The Media Industry Is the Most Vulnerable to Cyber Attacks, Report Shows

• New Microsoft Azure Vulnerability Uncovered — EmojiDeploy for RCE Attacks

• University of Texas latest US school to ban TikTok

• CyberGRX Leverages MITRE Techniques to Uncover Security Gaps in Third Parties

• [redacted] Taps Adam Flatley to Lead [rTIC Ghost Group

• Independent Research Firm Analysis Found 87% Reduction in Time to Resolve Threats with ExtraHop

• TuxCare Unveils OEM Partner Program for Best-in-Class Vulnerability Patching

• HUMAN Orchestrates Unprecedented Private Takedown, VASTFLUX

• LockBit ransomware – what you need to know

• Critical Microsoft Azure RCE flaw impacted multiple services

• Cross Site Request Forgery Bug Would Facilitate Remote Code Execution In Microsoft Azure Services

• Instagram just got an update that gives you more control over what you see in your feed

• LastPass users should move their crypto funds, experts warn

• Update now! Two critical flaws in Git’s code found, patched

• University of Texas becomes latest US school to ban TikTok

• LATEST CYBERTHREATS AND ADVISORIES – JANUARY 13, 2023

• Improve your AWS security posture, Step 3: Encrypt AWS data in transit and at rest

• Understanding Malware-as-a-Service (MaaS): The future Of cyber attack accessibility

• Ransomware attack on Yum Brands Inc closes 300 restaurants in the UK

• Mailchimp Hit By Another Data Breach Following Employee Hack

• SynSaber Releases ICS Vulnerabilities & CVEs Report Covering Second Half of 2022

• WhatsApp Fined 5.5 Million Euro By Lead EU Privacy Regulator

• Ransomware Attack Severs 1,000 Ships From Their On-Shore Servers

• Bitzlato Crypto Founder Charged With $700m Financial Crimes

• Mailchimp Confesses To Second Digital Burglary In Five Months

• Cybercrime Gangs’ Earnings Slide As Victims Refuse To Pay

• Twitter Plans More Staff Layoffs – Report

• People, Process and Technology: The Incident Response Trifecta

• Credential Leakage Fueling Rise in API Breaches

• B2B Payment Security Firm NsKnox Raises $17 Million

• International Council of E-Commerce Consultants Launches Cybersecurity Essentials Professional Certificate Program on edX

• KnowBe4 to Offer $10,000 Women in Cybersecurity Scholarship and (ISC) 2 Certification Education Package

• SecurityGen Identifies the Cybersecurity Priorities for Mobile Operators in 2023

• Turkiye Halk Bankasi A.S. v. United States, Part 3: The Odd Executive Agreement Preemption Argument

• A Federal Cyber Insurance Backstop Is Premature

• Rhadamanthys: Malware Hidden in Google Ads

• Synthetic Identity Fraud: What Is It?

• New Research From EMA Reveals How Organizations Are Struggling to Develop Secure Software Applications

• Mendix and Software Improvement Group Launch a New Software Application Quality and Security Scanning Solution

• Ethically Exploiting Vulnerabilities: A Play-by-Play

• New Microsoft Azure Vulnerability Uncovered — Experts Warn of RCE Attacks

• Businesses are Furious Following the Royal Mail Export Chaos

• Feds Arrest Russian Founder Of Crypto Exchange Bitzlato

• A Sneaky Ad Scam Tore Through 11 Million Phones

• Android Users Beware: New Hook Malware with RAT Capabilities Emerges

• Ransomware Trends In Q4 2022: Key Findings and Recommendations

• What Is DevSecOps: Definition, Benefits, and Best Practices

• Mailchimp ‘fesses up to second digital burglary in five months

• Donald Trump Petitions Meta To Restore Facebook Account

• Hackers Abuse GitHub Codespaces Feature to Host and Deliver Malware

• 50% of orgs report experiencing data breaches due to exposed API secrets

• Sophos Joins List of Cybersecurity Companies Cutting Staff

• CSRF Vulnerability in Kudu SCM Allowed Code Execution in Azure Services

• International Arrests Over ‘Criminal’ Crypto Exchange

• Cisco Patches High-Severity SQL Injection Vulnerability in Unified CM

• Ransomware Payments Fall by 40% in 2022

• Cybercriminals Target Telecom Provider Networks

• Critical RCE vulnerabilities found in git (CVE-2022-41903, CVE-2022-23251)

• Data Security in Multicloud: Limit Access, Increase Visibility

• New Research Delves into the World of Malicious LNK Files and Hackers Behind Them

• ChatGPT: What AI holds in store for security

• BackdoorDiplomacy Is Going after Iranian Government Entities

• Elon Musk ‘Lied’ With Tesla Privatisation Tweet, Alleges Attorney

• NY Man Admits to Leading Massive Credit Card Scam that Impacted Thousands

• What Programmers Need to Learn About Supply and Demand

• The state of software supply chain security heading into 2023

• Malicious PyPI Packages Drop Malware in New Supply Chain Attack

• Russia Affiliated NoName057(16) Hacktivist Group Puts 2023 Czech Presidential Election on the Spot

• 6 Types of Risk Assessment Methodologies + How to Choose

• Mailchimp discloses a new security breach, the second one in 6 months

• Security Analysis of Threema

• 5 Reasons Why Your Business Needs Penetration Testing

• Policy-Based Access Control (PBAC) – The Complete Know How for Organizations

• MailChimp Suffers Data Breach Due to Social Engineering Attack

• Safe Homes: Security Tech for Remote Workers

• Bitzlato Crypto Exchange Founder Arrested for Aiding Cybercriminals

• Mailchimp Reports Data Breach, Employees Records Exposed

• It’s up to us to determine if generative AI helps or harms our world

• Ransomware attack severs 1,000 ships from their on-shore servers

• FTX: Over $400m Stolen from Bankrupt Exchange

• Over a Third of Recent ICS Bugs Still Have No Vendor Patch

• Bitzlato Crypto Exchange Seized in Major Money Laundering and Ransomware

• Russian Hackers Attack Ukraine’s News Agency with a Data-wiper

• Git Patches Two Vulnerabilities With Critical Security Level

• Crypto-Exchange Used to Launder Ransomware Transactions Dismantled

• FTX: Over $400m Was Stolen from Bankrupt Exchange

• US CISA adds Centos Web Panel RCE CVE-2022-44877 to its Known Exploited Vulnerabilities Catalog

• Q4 2022 Cyber Attacks Statistics

• M2 Chip Boost, New Macs, and the Return of the HomePod – Intego Mac Podcast Episode 275

• 52 Alarming Cyberbullying Statistics and Facts for 2023

• Tech Executives Face Prison For Online Safety Breaches

• Pwned or Bot

• Roaming Mantis implements new DNS changer in its malicious mobile app in 2022

• Hundreds of Malicious Packages Found in npm Registry

• Gen Digital Customers’ Accounts were Breached by Hackers

• Microsoft Confirms It Will Axe 10,000 Jobs

• Do you know what your supply chain is and if it is secure?

• Is My Smartphone Safe? 10 Tips To Enhance Your Mobile Security

• Modern CyberSOC – A Brief Implementation Of Building a Cyber Security Infrastructure

• Modern CyberSOC – A Brief Implementation Of Building a Collaborative Cyber Security Infrastructure

• Microsoft works with partners on Cybercrime Atlas

• CloudSEK offers a search engine to detect malicious apps

• Mailchimp Suffers Another Security Breach Compromising Some Customers’ Information

• EU cyber resilience regulation could translate into millions in fines

• Cyber insurance can offset the risks of potential breaches

• Techniques that attackers use to trick victims into visiting malicious content

• ECS Announces Sponsorship with Old Glory DC for 2023 Major League Rugby Season

• Israeli Mission to the UN, Israel’s National Cyber Directorate and Team8, Host Cyber Security Event at UN

• ERI Opens New State-of-the-Art ITAD & Electronics Recycling Facility in Arizona

• CISSP-ISSAPs – We Need Your Input

• Improve your AWS security posture, Step 2: Avoid direct internet access to AWS resources

• IDrive 360 enhancements enable IT departments to oversee data protection

• Sygnia’s MXDR service helps organizations minimize business disruption

• TD SYNNEX SMB Fraud Defense Click-to-Run reduces risks within cloud environments

• Zyxel Astra prevents unauthorized endpoint access

• What is Business Attack Surface Management?

• 2023-01-16 – IcedID (Bokbot) with Backconnect and VNC and Cobalt Strike

• Period-tracking apps, search engines on notice by draft law

• 2023-01-18 – Google ad –> Fake Libre Office page –> IcedID (Bokbot) –> Cobalt Strike

• Chinese APT Group Vixen Panda Targets Iranian Government Entities

• nsKnox raises $17 million to strengthen B2B payment security

• Abacus Group acquires two cybersecurity consulting companies

• Forter acquires Immue to enhance bot detection capabilities

• Ivanti and Lookout extend partnership to secure the hybrid workforce

• Threat attackers can own your data in just two days

• Bitzlato cryptocurrency exchange founder arrested, charged

• How Would the FTC Rule on Noncompetes Affect Data Security?

• Avast Releases Free Decryptor for BianLian Ransomware

• Thousands of Sophos firewalls still vulnerable out there to hijacking

• CISA hires Navy cyber expert to help oversee vulnerability management

• IT Security News Daily Summary 2023-01-18

• Vulnerable Historian Servers Imperil OT Networks

• FTX Says $415 Million Of Its Crypto Assets Was Hacked

• Not a chance of a recession for IT spending this year, says ServiceNow’s Bill McDermott

• How data sharing amplifies benefits programs

• Facebook Oversight Board Recommends Company Changes Nudity And Sexual Activity Community Standard

• The Case for Designating Wagner Group as a Foreign Terrorist Organization Is Still Compelling

• Period-tracking apps and search engines put on notice by draft law

• Threat Actors Spreading NjRAT in New “Earth Bogle” Campaign

• FDA falls short on IT contract management, watchdog finds

• CISA’s chief of technology strategy stepping down ‘much earlier’ than expected

• Twitter’s new blue checkmark isn’t always blue, and other verification system changes

• States should follow feds in Chinese tech bans

• Two critical flaws discovered in Git source code version control system

• A week in security (January 9—15)

• Rise of cloud-delivered malware poses key security challenges

• Top 10 ICS cybersecurity threats and challenges

• LastPass faces mounting criticism over recent breach

• Palantir CEO tells tech workers who don’t like the company’s military deals, ‘Don’t work here’

• CircleCI: Malware stole GitHub OAuth keys, bypassing 2FA

• Flood forecasts in real-time with block-by-block data could save lives – a new machine learning method makes it possible

• ChatGPT Could Create Polymorphic Malware Wave, Researchers Warn

• Sophos Cuts Jobs to Focus on Cybersecurity Services

• Founder and Majority Owner of Cryptocurrency Exchange Charged With Processing Over $700 Million of Illicit Funds

• Walmart’s ongoing cyber security investment

• Proposed Washington law puts period-tracking apps and search engines on notice

• 3 Tools to Round Out Your Privacy Protection Toolbox

• A Scam in the Family—How a Close Relative Lost $100,000 to an Elder Scam

• KnowBe4 2022 Phishing Test Report Confirms Business-Related Emails Trend

• DoControl Announces SaaS Security Platform Expansion With Shadow Apps Module Launch

• Get lifetime access to award-winning cybersecurity training for just $80

• Over Four Billion People Affected By Internet Censorship in 2022

• ChatGPT Opens New Opportunities for Cybercriminals: 5 Ways for Organizations to Get Ready

• Vulnerability Summary for the Week of January 9, 2023

• CISA Releases Four Industrial Control Systems Advisories

• CISA Updates Best Practices for Mapping to MITRE ATT&CK®

• CISA Adds One Known Exploited Vulnerability to Catalog

• Mozilla Releases Security Updates for Firefox

• Earth Bogle Campaign Unleashes NjRAT Trojan on Middle East and North Africa

• The Case for Designating Wagner Group as a Foreign Terrorist Organization is Still Compelling

• Cybersecurity Under the Ocean: Submarine Cables and US National Security

• Microsoft Quietly Revealed a New Kind of AI

• Don’t Miss Open Source Software (OSS), While Assessing Cloud App Security

• CSI Banking Priorities Executive Report Reveals Bankers Will Deploy Customer-Centric Features for Retention in 2023

• QuSecure Achieves Critical Breakthrough in Post-Quantum Encryption Over Public Internet – Closes Loop for End-to-End Quantum-Safe Data Security

• Latest Cyberthreats and Advisories – December 23, 2022

• nsKnox Raises $17 Million From Link Ventures, Harel Insurance and Existing Investors Including M12 and Viola Ventures to Meet Growing Demand for B2B Payment Security & Compliance Solutions

• The dos and don’ts of ransomware negotiations

• Third-Party Firm Exposes Personal Info for Nissan Customers

• Cloud IAM recovery firm raises $5M to tighten identity access management

• Exploited Control Web Panel Flaw Added to CISA ‘Must-Patch’ List

• Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability

• How to build a cyber-resilience culture in the enterprise

• ICS Confronted by Attackers Armed With New Motives, Tactics, and Malware

• Zendesk – Is It A One Way “Ticket” to Ransomland?

• The Lingering Power of Cyber Brandishing

• Ivanti and Lookout Announce Extension on Partnership To Protect Mobile Devices

• Emails are Vulnerable to Cyber Threat

• Telephony fraud and risk mitigation: Understanding this ever-changing threat

• Help Shape the CGRC Exam – Formerly Known As CAP

• Three easy steps to dramatically improve your AWS security posture: Step 1, set up IAM properly

• How do the latest iPhone updates address Cybersecurity issues?

• Difference between Cybersecurity and Information Security

• Over 4,000 Internet-facing Sophos Firewalls Vulnerable to Code Injection Attacks

• Texas universities block access to TikTok on campus Wi-Fi networks

• Remote Code Execution Vulnerabilities Found in TP-Link, NetComm Routers

• Critical Git Vulnerabilities Discovered in Source Code Security Audit

• ChatGPT Creates Polymorphic Malware

• 1000 Shipping Vessels Impacted by Ransomware Attack

• Unpatched Zoho ManageEngine Products Open to Possible Attack

• Spy Cams Reveal the Grim Reality of Slaughterhouse Gas Chambers

• More Than 4,400 Sophos Firewall Servers Remain Vulnerable To Critical Exploits

• More Malicious Packages Posted To Online Repository. This Time It’s PyPI

• FTX Says $415 Million In Crypto Was Hacked

• Four Azure Services Vulnerable To SSRF Flaws

• Third-Party Hack Leads To Theft Of Patient Data For Over 251,000

• 1,000 Ships Affected By Ransomware Attack On DNV’s Software

• New Updates for Keeper Connection Manager

• Vulnerable NetComm routers and a public PoC exploit (CVE-2022-4873, CVE-2022-4874)

• Doenerium: When Stealing from Thieves Is Also a Crime

• Five Ways to Keep Endpoint Protection Simple

• Apple Announces M2 Pro & M2 Max Chips, New MacBook Pros, New Mac mini, and New HomePod

• Apple Postpones AR Glasses Launch – Report

• What the New Federal Cybersecurity Act Means for Businesses

• Lares Research Highlights Top 5 Penetration Test Findings From 2022

• Governance in the Cloud Shifts Left

• Cybersecurity and the Myth of Quiet Quitting

• New Coalfire Report Reveals CISOs Rising Influence

• Abacus Group Acquires Gotham Security and GoVanguard to Expand Cybersecurity Service Offerings

• Mozilla Releases Security Updates for Firefox

• A couple of bugs can be chained to hack Netcomm routers

• How to choose the right Mac for your use case in 2023

• A Senior’s Guide to Navigating Tech Issues in 2023

• FTX Claims $415m Crypto Was Hacked

• GitLab Critical Security Flaw Let Attacker Execute Arbitrary Code

• #WEF23: Geopolitical Instability Means a Cyber “Catastrophe” is Imminent

• Encryption is on the Rise!

• Perception Point Launches Advanced Threat Protection and Rapid Remediation for Zendesk Customers

• Avast Provides A Free Decryptor For BianLian Ransomware

• Cost of data breaches to global businesses at five-year high

• Google ads increasingly pointing to malware

• Global instability increases cyber risk, says World Economic Forum

• Data Leaks: How An HR Platform Left Employees’ Private Data Exposed

• CrowdStrike is a buy as it becomes a bigger player in the cybersecurity space, BMO says

• Ransomware decryption: This tool could help some BianLian ransomware victims get files back

• Okta Expands No-Code Offerings for Identity Cloud

• Over 2.5 Billion Google Chrome Users’ Information was Breached

• Russian hacker group took a shot at three American top nuclear labs

• Twitter Revenue Down 40 Percent, As 500 Advertisers Pause Spending

• Oracle’s First Security Update for 2023 Includes 327 New Patches

• Ransomware Attack on DNV Ship Management Software Impacts 1,000 Vessels

• 18k Nissan Customers Affected by Data Breach at Third-Party Software Developer

• Hackers Can Exploit GE Historian Vulnerabilities for ICS Espionage, Disruption

• Almost Half of Critical Manufacturing at Risk of Breach

• Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks

• Myrocket HR platform’s data leak turns into privacy nightmare for employees

• AI and Political Lobbying

• CrowdStrike is a buy as it become a bigger player in the cybersecurity space, BMO says

• Hack the Pentagon 3.0: Groundbreaking Bug Bounty Program Is Back

• Researchers warn of malicious Visual Studio Code extensions

• Guide: How MSSPs and vCISOs can extend their services into compliance readiness without increasing cost

• Varonis strengthens data security with least privilege automation

• Malicious Download Links Impersonating Popular Software Pushed by Hackers Through Google Ads

• Data of 18.000 Nissan North America Clients Exposed by a Third-party Breach

• 1,000 Vessels Affected by Ransomware Attack on Marine Software Provider DNV

• Microsoft Azure Services Found Vulnerable to Server-Side Request Forgery Attacks

• “Payzero” Scams and The Evolution of Asset Theft in Web3

• Microsoft To Cut Thousands Of Jobs – Report

• Apple Launches MacBook Pro With Upgraded M2 Chips

• Cybersecurity Crisis Management and Business Continuity

• Data Classification: Your 5 Minute Guide

• FinServ Firms See 81% Surge in Attacks Since Russia-Ukraine War

• Nissan Supplier Leaked Data on Thousands of Customers

• Git Users Urged to Update Software to Prevent Remote Code Execution Attacks

• Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers

• Nissan Data Breach Caused By Vendor-Exposed Database

• How to Safeguard Your Data in the Era of Privacy Violations

• Twitter Auctions Off Office Furniture, Fixtures And Fittings

• European Businesses Admit Major Privacy Skills Gap

• Experts found SSRF flaws in four different Microsoft Azure services

• 5 Best VPN for Warzone 2 Lag 2023? Play Smoothly

• Why performing security testing on your products and systems is a good idea

• Wireless Penetration Testing Checklist – A Detailed Cheat Sheet

• The dark web in 2023: What’s on it?

• CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems

• What threatens corporations in 2023: media blackmail, fake leaks and cloud attacks

• Importance of having a Threat Intelligence Platform

• Potential threats and sinister implications of ChatGPT

• Cybersecurity in 2023: Russian escalation, Chinese espionage, Iranian “hacktivism”

• MassChallenge and MITRE Select 10 Startups for the MITRE Social Innovation Mentorship Program

• Veterans Affairs unveils draft for $60B T4NG 2 vehicle

• Top 10 Venmo scams – and how to stay safe

• How data protection is evolving in a digital world

• Trellix Endpoint Scores 100% Detection with Zero False Positives in Latest SE Labs Endpoint Security Test

• ERI Becomes First Electronic Recycler & ITAD Company to Achieve Official Carbon Neutral Status

• Hypori, Inc. Secures Series B to Redefine Zero-Trust BYOD

• Latest Cyberthreats and Advisories – January 6, 2023

• Key to success while implementing IAM- Best practices that every company should implement

• 2023-01-16 – Google ad –> Fake 7-Zip page –> Malicious .msi file

• Thinking of Hiring or Running a Booter Service? Think Again.

• DigiCert Trust Lifecycle Manager unifies CA-agnostic certificate management

• Devo DeepTrace helps security teams investigate alerts and suspicious events

• NS1 DNS Insights empowers network teams to troubleshoot misconfigurations

• Varonis unveils least privilege automation to improve data security

• Been hit by BianLian ransomware? Here’s your get-out-of-jail-free card

• Nearly 300 MSI motherboards will run any old code in Secure Boot, no questions asked

• Russian criminals can’t wait to hop over OpenAI’s fence, use ChatGPT for evil

• Denial of service vulnerability discovered in libraries used by GitHub and others

• Web skimmer found on website of Liquor Control Board of Ontario

• University suffers leaks, shutdowns at the hands of Vice Society

• Update now! Proof of concept code to be released for Zoho ManageEngine vulnerability

• Russian criminals can’t wait to hop over OpenAI fence, use ChatGPT for evil

Generated on 2023-01-19 23:55:31.872281