IT Security News Daily Summary 2023-01-20

• T-Mobile Breached Again, This Time Exposing 37M Customers’ Data

• Booklist Review of A Hacker’s Mind

• Friday Squid Blogging: Another Giant Squid Captured on Video

• T-Mobile data breach shows API security can’t be ignored

• Facial recognition: Can fake data produce real results?

• AI-enabled robots may increase recycling, workplace safety

• How to select a security analytics platform, plus vendor options

• GPT Emerges as Key AI Tech for Security Vendors

• Compromised Zendesk Employee Credentials Lead to Breach

• Database Malware Strikes Hundreds of Vulnerable WordPress Sites

• Cisco Releases Security Advisory for Unified CM and Unified CM SME

• For Would-Be Censors and the Thin-Skinned, Copyright Law Offers Powerful Tools

• Risk & Repeat: Breaking down the LastPass breach

• 6 cybersecurity buzzwords to know in 2023

• Cisco Releases Security Advisory for Unified CM and Unified CM SME

• How AI and data enrichment can protect the vulnerable during a recession

• Automated vehicles coming to Ohio roads

• The 5 best VPN routers of 2023

• ChatGPT’s Dark Side: An Endless Supply of Polymorphic Malware

• Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”

• Orca Security deploys ChatGPT to secure the cloud with AI

• Keeper vs LastPass (2023): Which password manager is better for you?

• ManageEngine Vulnerability CVE-2022-47966

• Microsoft Innovations for 2023: What to Look Out for This Year

• Defense industry decries possible GOP-led spending cuts

• T-Mobile admits to 37,000,000 customer records stolen by “bad actor”

• What is an IP address and how can you change it with a VPN?

• T-Mobile data breach affects 37M customers

• LATEST CYBERTHREATS AND ADVISORIES – JANUARY 20, 2023

• Malvertiser Makes the Big Bucks on Black Friday

• IT/OT convergence and Cybersecurity best practices

• FAA attributes ground-stop glitch to contractor error

• Tech gig workers love the flexibility, report finds

• Get lifetime access to this powerful backup tool for $59.99

• Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers’ DNS Settings

• Ireland’s data protection watchdog fines WhatsApp €5.5 million

• Critical Manufacturing Sector in the Bull’s-eye

• Taking patch management to the next level with automation

• Right to Repair Advocates Have Had Good Victories. We Have To Keep Fighting.

• AT&T Cybersecurity awarded the Palo Alto Networks 2022 Partner of the Year Award

• T-Mobile Hacked Again: 37 Million Accounts Compromised

• NIST releases potential updates to its cybersecurity framework

• 35,000 PayPal Accounts Hacked

• T-Mobile Data Breach: 37 million customers affected

• Ransomware Payouts in Review: Highest Payments, Trends & Stats

• ISG to Publish Reports Evaluating Cybersecurity Providers

• Hacker steals data of 37 million T Mobile customers

• Sophisticated ‘VastFlux’ Ad Fraud Scheme That Spoofed 1,700 Apps Disrupted

• In-the-Wild Exploitation of Recent ManageEngine Vulnerability Commences

• What Is a Brute Force Attack?

• Hackers Steal Data from  KFC, Pizza Hut, Taco Bell & Habit Burger

• WhatsApp Hit with €5.5m fine for GDPR Violations

• The Evolution of Account Takeover Attacks: Initial Access Brokers for IoT

• The Small but Mighty Danger of Echo Chamber Extremism

• PayPal notifies 34942 users of data breach over credential stuffing attack

• Malicious Android App Incorporates DNS Hijacking

• Pros Blame 3rd Parties For The Increase Of Security Incidents

• New FTX Boss Could Bring Back Bankrupt Crypto Firm

• Criminals Steal Data On 40 Million T-Mobile US Customers

• 37 Million T-Mobile API Data On Customers Stolen in Hack

• Threat from Cyberspace Pushing Data Budgets Up and Delaying Digital Transformation

• Info-stealing Ads Spread by Malvertising

• A Cautionary Tale: What Iran and Cuba Can Teach Us About Designating Russia a State Sponsor of Terrorism

• From Fake News to Fake Views: New Challenges Posed by ChatGPT-Like AI

• The Rise in Cyber-Attacks from Bad International Actors

• Gamaredon Group Launches Cyberattacks Against Ukraine Using Telegram

• Ransomware Revenue Down As More Victims Refuse to Pay

• Major Companies Impacted by Ransomware [2022-2023]

• After a Security Incident, CircleCI Urges Customers to Rotate Secrets

• Lazarus Moves More than $60 Million from Harmony Bridge Hack

• How Much is the U.S. Investing in Cyber (And is it Enough)?

• Critical Vulnerabilities Patched in OpenText Enterprise Content Management System

• Welcome to the Era of Internet Blackouts

• T-Mobile Hacked – Over 37 Million Customer Data Exposed

• WhatsApp Hit with €5.5 Million Fine for Violating Data Protection Laws

• C++ programming language and safety: Here’s where it goes next

• T-Mobile API Data Breach Affects 37 Million Customers

• Ransomware Profits Declined by 40% in 2022

• Ransomware Revenue Plunged in 2022 as More Victims Refuse to Pay Up: Report

• PayPal Warns 35,000 Users of Credential Stuffing Attacks

• EU’s Breton Warns TikTok CEO: Comply With New Digital Rules

• Real-World Steganography

• What Is a DNS Zone and How to Keep Safe From DNS Zone Transfer Attacks

• OpenAI’s ChatGPT Can Create Polymorphic Malware

• “Workarounds” Helped Royal Mail Resume Shipping After Ransomware Attack

• Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October

• 35k PayPal Accounts Compromised In Credential Stuffing Attack

• Google Delays Potion Of Bonus Payments To Staff

• 12 Ways to make ZTNA deployments effortless

• Drupal Patches Vulnerabilities Leading to Information Disclosure

• Ransomware Shuts Hundreds of Yum Brands Restaurants in UK

• A Change in Mindset: From a Threat-based to Risk-based Approach to Security

• Chinese Hackers Exploited Fortinet VPN Vulnerability as Zero-Day

• Exploring The Dangers of EmojiDeploy: A New Microsoft Azure Vulnerability for RCE Attacks

• What Is Cybersecurity Risk Management: Explaining the Concept And Process

• Phishers Use Blank Images to Disguise Malicious Attachments

• Ransomware Attack Shuts Down KFC and Pizza Hut Brand Owner`s Restaurants

• Russian Hackers Responsible for Attack on Samsung

• T-Mobile Confirms Hacker Stole Data Of 37 Million Customers

• API Attacker Steals Data on 37 Million T-Mobile Customers

• Massive Credential Stuffing Campaign Hits 35,000 PayPal Users

• Crypto Lender Genesis Files For Chapter 11

• Chinese Hackers Exploited Recent Fortinet Flaw as 0-Day to Drop Malware

• A New Era is Emerging in Cybersecurity, but Only the Best Algorithms will Survive

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows?

• TOP 10 Deep Web Search Engine Alternatives for Google and Bing – 2023

• Weekly Update 331

• New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability

• TOP 10 Deep Web Search Engine Alternatives for Google and Bing 2023

• Cyber Attack news headlines trending on Google

• TLS Connection Cryptographic Protocol Vulnerabilities

• 11 robot toys that make great gifts in 2023

• Cisco fixes SQL Injection flaw in Unified CM

• New infosec products of the week: January 20, 2023

• Miscreants sure do love ransacking cloud networks, more so than before

• Enterprises remain vulnerable through compromised API secrets

• The threat of location spoofing and fraud

• Zero trust network access for Desktop as a Service

• New T-Mobile Breach Affects 37 Million Accounts

• New Survey Sheds Light on Why Enterprises Struggle to Thwart API Attacks

• Impact Podcast with John Shegerian Features The Home Depot’s Ron Jarvis

• Are WE the firewall?

• Immuta Detect provides insights into risky user data access behavior

• Arcserve Unified Data Protection 9.0 enhances data resilience

• Tech support scammers are still at it: Here’s what to look out for in 2023

• T-Mobile Says Hackers Used API to Steal Data on 37 Million Accounts

• Crims steal data on 40 million T-Mobile US customers

• Ransomware severs 1,000 ships from on-shore servers

• PayPal says crooks poked around 35,000 accounts in credential stuffing attack

• PayPal Breach Exposed PII of Nearly 35K Accounts

• PayPal says crooks accessed 35,000 customers’ info in credential stuffing attack

• Google sponsored ads lead to rogue imitation sites

• How to find out if an AirTag is tracking you

• T-Mobile reports another data breach, impacting 37 million customers

• Dashlane vs 1Password: Which password manager should you use in 2023?

• Hornetsecurity appoints Irvin Shillingford as Regional Manager for Northern Europe

• PayPal says crooks accessed 34,942 customers’ info in credential stuffing attack

• 5 Data Privacy Tips for Small Businesses

• PayPal Notifies 35,000 Users of Data Breach

• Bitwarden vs LastPass (2023): Which password manager is better for you?

• EmojiDeploy Attack Chain Targets Misconfigured Azure Service

• NDAA’s cloud cyber-testing provision marks another hefty DOD compliance lift, analyst says

• IT Security News Daily Summary 2023-01-19

• Finally, ransomware victims are refusing to pay up

• Privacy Rights Group Accuses Facebook Of Dodging Billions In Fines

• ‘If we can do it, why can’t you?’ local gov tech veteran asks

• Challenges quickly test creative solutions to operational snags

• Secure your email with this top-rated backup service

• Attackers Crafted Custom Malware for Fortinet Zero-Day

• Massive Adware Campaign Shuttered

• Experts released PoC exploit for critical Zoho ManageEngine RCE flaw

• Massive Ad Fraud Scheme Shut Down: 11 Million Phones Targeted

• Heartbleed

• OMB streamlines contracting officer training with certification update

• Fair Use Creep Is A Feature, Not a Bug

• Tech keeps city’s fleet vehicles within speed limits

• How to check if your VPN is working (and what to do if your VPN won’t connect)

• 16 Best Digital Forensics Tools & Software

• Oral Argument Preview: Turkiye Halk Bankasi A.S. v. United States (Halkbank)

• Digital Rights Updates with EFFector 35.1

• ITAR and EAR compliance

• Founder of Bitzlato Exchange Arrested for ransomware, $700 mln Fraud

• Chainguard Trains Spotlight on SBOM Quality Problem

• Chainalysis: Ransomware payments down, fewer victims paying

• Have You Tried Turning It Off and On Again: Rethinking Tech Regulation and Creative Labor

• Making risk work for you

• Cybersecurity in the Metaverse Will Require New Approaches

• Shift Identity Left: Preventing Identity-Based Breaches

• Roaming Mantis Uses DNS Changers to Target Users via Compromised Public Routers

• The 2022 Federal 100

• How Does Ransomware Spread? Here’s What You Need to Know

• Common Browser Security Vulnerabilities Used By Hackers To Take Over Browser

• Roaming Mantis’ Hacking Campaign Adds DNS Changer to Mobile App

• Name That Toon: Poker Hand

• CISA Releases One Industrial Control Systems Advisory

• Synthetic Media Creates New Social Engineering Threats

• New HHS data strategy is coming in ‘weeks,’ CIO says

• IT email templates: Security alerts

• Meta Slapped With 5.5 Million Euro Fine for EU Data Breach

• As Social Engineering Tactics Change, So Must Your Security Training

• CISA Releases One Industrial Control Systems Advisory

• Malicious Office Macros: Detecting Similarity in the Wild

• Open Data and the AI Black Box

• Twitter: Five Changes to the Platform for Users by Elon Musk

• As a cybersecurity blade, ChatGPT can cut both ways

• S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]

• ThreatModeler Makes DevSecOps More Accessible With New Marketplace

• The Media Industry Is the Most Vulnerable to Cyber Attacks, Report Shows

• New Microsoft Azure Vulnerability Uncovered — EmojiDeploy for RCE Attacks

• University of Texas latest US school to ban TikTok

• CyberGRX Leverages MITRE Techniques to Uncover Security Gaps in Third Parties

• [redacted] Taps Adam Flatley to Lead [rTIC Ghost Group

• Independent Research Firm Analysis Found 87% Reduction in Time to Resolve Threats with ExtraHop

• TuxCare Unveils OEM Partner Program for Best-in-Class Vulnerability Patching

• HUMAN Orchestrates Unprecedented Private Takedown, VASTFLUX

• LockBit ransomware – what you need to know

• Critical Microsoft Azure RCE flaw impacted multiple services

• Cross Site Request Forgery Bug Would Facilitate Remote Code Execution In Microsoft Azure Services

• Instagram just got an update that gives you more control over what you see in your feed

• LastPass users should move their crypto funds, experts warn

• Update now! Two critical flaws in Git’s code found, patched

• University of Texas becomes latest US school to ban TikTok

• LATEST CYBERTHREATS AND ADVISORIES – JANUARY 13, 2023

• Improve your AWS security posture, Step 3: Encrypt AWS data in transit and at rest

• Understanding Malware-as-a-Service (MaaS): The future Of cyber attack accessibility

• Ransomware attack on Yum Brands Inc closes 300 restaurants in the UK

• Mailchimp Hit By Another Data Breach Following Employee Hack

• SynSaber Releases ICS Vulnerabilities & CVEs Report Covering Second Half of 2022

• WhatsApp Fined 5.5 Million Euro By Lead EU Privacy Regulator

• Ransomware Attack Severs 1,000 Ships From Their On-Shore Servers

• Bitzlato Crypto Founder Charged With $700m Financial Crimes

• Mailchimp Confesses To Second Digital Burglary In Five Months

• Cybercrime Gangs’ Earnings Slide As Victims Refuse To Pay

• Twitter Plans More Staff Layoffs – Report

• People, Process and Technology: The Incident Response Trifecta

• Credential Leakage Fueling Rise in API Breaches

• B2B Payment Security Firm NsKnox Raises $17 Million

• International Council of E-Commerce Consultants Launches Cybersecurity Essentials Professional Certificate Program on edX

• KnowBe4 to Offer $10,000 Women in Cybersecurity Scholarship and (ISC) 2 Certification Education Package

• SecurityGen Identifies the Cybersecurity Priorities for Mobile Operators in 2023

• Turkiye Halk Bankasi A.S. v. United States, Part 3: The Odd Executive Agreement Preemption Argument

• A Federal Cyber Insurance Backstop Is Premature

• Rhadamanthys: Malware Hidden in Google Ads

• Synthetic Identity Fraud: What Is It?

• New Research From EMA Reveals How Organizations Are Struggling to Develop Secure Software Applications

• Mendix and Software Improvement Group Launch a New Software Application Quality and Security Scanning Solution

• Ethically Exploiting Vulnerabilities: A Play-by-Play

• New Microsoft Azure Vulnerability Uncovered — Experts Warn of RCE Attacks

• Businesses are Furious Following the Royal Mail Export Chaos

• Feds Arrest Russian Founder Of Crypto Exchange Bitzlato

• A Sneaky Ad Scam Tore Through 11 Million Phones

• Android Users Beware: New Hook Malware with RAT Capabilities Emerges

• Ransomware Trends In Q4 2022: Key Findings and Recommendations

• What Is DevSecOps: Definition, Benefits, and Best Practices

• Mailchimp ‘fesses up to second digital burglary in five months

• Donald Trump Petitions Meta To Restore Facebook Account

• Hackers Abuse GitHub Codespaces Feature to Host and Deliver Malware

• 50% of orgs report experiencing data breaches due to exposed API secrets

• Sophos Joins List of Cybersecurity Companies Cutting Staff

• CSRF Vulnerability in Kudu SCM Allowed Code Execution in Azure Services

• International Arrests Over ‘Criminal’ Crypto Exchange

• Cisco Patches High-Severity SQL Injection Vulnerability in Unified CM

• Ransomware Payments Fall by 40% in 2022

• Cybercriminals Target Telecom Provider Networks

• Critical RCE vulnerabilities found in git (CVE-2022-41903, CVE-2022-23251)

• Data Security in Multicloud: Limit Access, Increase Visibility

• New Research Delves into the World of Malicious LNK Files and Hackers Behind Them

• ChatGPT: What AI holds in store for security

• BackdoorDiplomacy Is Going after Iranian Government Entities

• Elon Musk ‘Lied’ With Tesla Privatisation Tweet, Alleges Attorney

• NY Man Admits to Leading Massive Credit Card Scam that Impacted Thousands

• What Programmers Need to Learn About Supply and Demand

• The state of software supply chain security heading into 2023

• Malicious PyPI Packages Drop Malware in New Supply Chain Attack

• Russia Affiliated NoName057(16) Hacktivist Group Puts 2023 Czech Presidential Election on the Spot

• 6 Types of Risk Assessment Methodologies + How to Choose

• Mailchimp discloses a new security breach, the second one in 6 months

• Security Analysis of Threema

• 5 Reasons Why Your Business Needs Penetration Testing

• Policy-Based Access Control (PBAC) – The Complete Know How for Organizations

• MailChimp Suffers Data Breach Due to Social Engineering Attack

• Safe Homes: Security Tech for Remote Workers

• Bitzlato Crypto Exchange Founder Arrested for Aiding Cybercriminals

• Mailchimp Reports Data Breach, Employees Records Exposed

• It’s up to us to determine if generative AI helps or harms our world

• Ransomware attack severs 1,000 ships from their on-shore servers

• FTX: Over $400m Stolen from Bankrupt Exchange

• Over a Third of Recent ICS Bugs Still Have No Vendor Patch

• Bitzlato Crypto Exchange Seized in Major Money Laundering and Ransomware

• Russian Hackers Attack Ukraine’s News Agency with a Data-wiper

• Git Patches Two Vulnerabilities With Critical Security Level

• Crypto-Exchange Used to Launder Ransomware Transactions Dismantled

• FTX: Over $400m Was Stolen from Bankrupt Exchange

• US CISA adds Centos Web Panel RCE CVE-2022-44877 to its Known Exploited Vulnerabilities Catalog

• Q4 2022 Cyber Attacks Statistics

• M2 Chip Boost, New Macs, and the Return of the HomePod – Intego Mac Podcast Episode 275

• 52 Alarming Cyberbullying Statistics and Facts for 2023

• Tech Executives Face Prison For Online Safety Breaches

• Pwned or Bot

• Roaming Mantis implements new DNS changer in its malicious mobile app in 2022

• Hundreds of Malicious Packages Found in npm Registry

• Gen Digital Customers’ Accounts were Breached by Hackers

• Microsoft Confirms It Will Axe 10,000 Jobs

• Do you know what your supply chain is and if it is secure?

• Is My Smartphone Safe? 10 Tips To Enhance Your Mobile Security

• Modern CyberSOC – A Brief Implementation Of Building a Cyber Security Infrastructure

• Modern CyberSOC – A Brief Implementation Of Building a Collaborative Cyber Security Infrastructure

• Microsoft works with partners on Cybercrime Atlas

• CloudSEK offers a search engine to detect malicious apps

• Mailchimp Suffers Another Security Breach Compromising Some Customers’ Information

• EU cyber resilience regulation could translate into millions in fines

• Cyber insurance can offset the risks of potential breaches

• Techniques that attackers use to trick victims into visiting malicious content

• ECS Announces Sponsorship with Old Glory DC for 2023 Major League Rugby Season

• Israeli Mission to the UN, Israel’s National Cyber Directorate and Team8, Host Cyber Security Event at UN

• ERI Opens New State-of-the-Art ITAD & Electronics Recycling Facility in Arizona

• CISSP-ISSAPs – We Need Your Input

• Improve your AWS security posture, Step 2: Avoid direct internet access to AWS resources

• IDrive 360 enhancements enable IT departments to oversee data protection

• Sygnia’s MXDR service helps organizations minimize business disruption

• TD SYNNEX SMB Fraud Defense Click-to-Run reduces risks within cloud environments

• Zyxel Astra prevents unauthorized endpoint access

• What is Business Attack Surface Management?

• 2023-01-16 – IcedID (Bokbot) with Backconnect and VNC and Cobalt Strike

• Period-tracking apps, search engines on notice by draft law

• 2023-01-18 – Google ad –> Fake Libre Office page –> IcedID (Bokbot) –> Cobalt Strike

• Chinese APT Group Vixen Panda Targets Iranian Government Entities

• nsKnox raises $17 million to strengthen B2B payment security

• Abacus Group acquires two cybersecurity consulting companies

• Forter acquires Immue to enhance bot detection capabilities

• Ivanti and Lookout extend partnership to secure the hybrid workforce

• Threat attackers can own your data in just two days

• Bitzlato cryptocurrency exchange founder arrested, charged

• How Would the FTC Rule on Noncompetes Affect Data Security?

Generated on 2023-01-20 23:55:37.073105