IT Security News Daily Summary 2023-02-08

• Jailbreak Trick Breaks ChatGPT Content Safeguards

• Among the thousands of ESXiArgs ransomware victims? FBI and CISA to the rescue

• ARMO integrates ChatGPT to secure Kubernetes

• ‘Shark Tank’ for state agency IT modernization

• Building Up IAM in a Multicloud World

• Exploit in Dota 2 Video Game Modes Infecting Players

• Analysis: CircleCI attackers stole session cookie to bypass MFA

• Calling All CISSP-ISSMP and CISSP Certification Holders

• Among the thousands of ESXiArgs ransomware victim orgs? FBI and CISA to the rescue

• Incident response: How to implement a communication plan

• ESXiArgs ransomware campaign raises concerns, questions

• Exclu Shutdown Underscores Outsized Role Messaging Apps Play in Cybercrime

• Russian e-commerce giant Elevel exposed buyers’ delivery addresses

• What Is an API Integration Example?

• Anomali ThreatStream: Threat Intelligence Product Overview and Insight

• Leading Energy Companies Tap Fortress to Build and Operate Industry Repository to Identify and Remediate Critical Software Vulnerabilities

• ActZero Unveils Next-Generation MDR Platform

• Legacy Code Refactoring: Tips, Steps, and Best Practices

• State looks to ‘unconventional’ tactics to find talent

• DevSecOps needs to improve to grow adoption rates, maturity

• Skybox Security Appoints Cybersecurity Veteran Mordecai Rosen as CEO

• Researcher compromised the Toyota Supplier Management Network

• Stalkerware Maker Fined $410k and Compelled to Notify Victims

• Essential Team Building for Strong Cloud Security

• What CISOs Should Know About Hacking in 2023

• White House looks to shore up public trust in government websites

• IRS names advisors on possible government-run direct filing system for taxpayers

• CISA and FBI Release ESXiArgs Ransomware Recovery Guidance

• Mass Ransomware Campaign Hits US & EU

• Gigamon Exits NDR Market, Sells ThreatInsight Business to Fortinet

• Almost Half of Executives Expect a Rise in Cyber Events Targeting Accounting and Financial Data in Year Ahead

• Corelight Expands Partnership With CrowdStrike to Provide Network Detection and Response Technology for CrowdStrike Services

• GAO Calls for Action to Protect Cybersecurity of Critical Energy, Communications Networks

• SecuriThings Brings Managed Service Capabilities to Physical Security, With New Managed Service Platform

• ESXiArgs Ransomware Virtual Machine Recovery Guidance

• CISA and FBI Release ESXiArgs Ransomware Recovery Guidance

• New MSRC Blog Site

• 2023-02-07 – OneNote file pushes unidentified malware

• ChatGPT is a data privacy nightmare. If you’ve ever posted online, you ought to be concerned

• Tor Network Under DDoS Pressure for 7 Months

• Toyota Global Supply Chain Portal Flaw Put Hacker in the Driver’s Seat

• Gigamon Exits NDR Market, Sells ThreatINSIGHT Business to Fortinet

• ESXiArgs Ransomware Virtual Machine Recovery Guidance

• NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices

• Participation in the Fediverse

• Clop Ransomware Flaw Permitted Linux Victims to Restore Files for Months

• It Isn’t Time to Worry About Quantum Computing Just Yet

• Honoring our ‘Cybersecurity Defender of the Year’ in EMEA

• Mirai-based Medusa Botnet Is Back with Ransomware Capabilities

• What Are Industrial Control Systems?

• Chinese spy balloon over the US: An aerospace expert explains how the balloons work and what they can see

• Application Security Protection for the Masses

• Chrome 110 Patches 15 Vulnerabilities

• Australian Man Sentenced for Scam Related to Optus Hack

• Spies, Hackers, Informants: How China Snoops on the US

• Skybox Security Raises $50M, Hires New CEO

• How to Use Cloud Access Security Brokers for Data Protection

• Researcher Hacked Toyota’s Global Supplier Portal

• Announcing Check Point Software’s Americas Partner Winners at CPX 360 New York

• UK Politician’s Email Hacked by Suspected Russian Threat Actors

• National Security Roundup for the 2023 State of the Union

• Solving one of NOBELIUM’s most novel attacks: Cyberattack Series

• 9 Ways smart devices can compromise your privacy

• List of Proxy IPs Exposed to Block Killnet’s DDoS Bots

• Biden’s State of the Union highlights semiconductor success and big tech privacy concerns

• A Majority of Security Experts Prioritize Prevention Over Detection

• New Password-sharing Rule from Netflix Can Annoy Users

• Do traffic signals need a fourth light for self-driving cars?

• SOC 3 (System and Organization Controls 3)

• Cybersecurity Analysts Using ChatGPT for Malicious Code Analysis, Predicting Threats

• Unpatched Security Flaws Disclosed in Multiple Document Management Systems

• Russian national pleads guilty to money laundering linked to Ryuk Ransomware operation

• Top Android Phones From China Are Packed With Spyware, Research Finds

• Scammers Steal $4 Million In Crypto During Face-To-Face Meeting

• Suspect In Finnish Psychotherapy Blackmail Hack Arrested

• Mysterious Russian Satellites Are Now Breaking Apart In Low Earth Orbit

• Mysterious Leak Of Booking.com Data Being Used For Scams

• The Proud Boys Jurors: Who Are They and Can They Be Fair?

• Google announces to launch conversational AI to its Search Engine

• How Businesses Benefit from Using Instagram Reels

• Securing the Clouds: An Evaluation of Cloud Security Solutions

• Defending Against Data Breaches: An Overview of Cyber Insurance for MSPs

• Your Go-to Guide to Develop Cryptocurrency Blockchain in Node.Js

• CISA releases ESXiArgs ransomware recovery script

• Dingo Token Charging 99% Fee is a Scam

• Police in Hong Kong and Interpol Discover Phishing Servers and Apps

• Intel Now Seeks $10 Billion State Aid For German Factory – Report

• The cloud’s growing impact on cybersecurity

• Lawmakers Press Facebook Over Risky Data Access In Hostile Countries

• Why ChatGPT Isn’t a Death Sentence for Cyber Defenders

• Sydney Man Sentenced for Blackmailing Optus Customers After Data Breach

• New Graphiron info-stealer used in attacks against Ukraine

• UK Watchdog Finds Microsoft’s Activision Deal Could Hurt Gamers

• What’s Next in Cybersecurity? Join Us at Ignite on Tour!

• Malvertiser “D-Shortiez” abuses WebKit back button hijack in forced-redirect campaign

• Earth Zhulong: Familiar Patterns Target Vietnam

• Russian Admits in US Court to Laundering Money for Ryuk Ransomware Gang

• UN Experts: North Korean Hackers Stole Record Virtual Assets

• Siemens License Manager Vulnerabilities Allow ICS Hacking

• #SOOCon23: UK Government Urges Industry Input on Software Security Policy

• 10 API Security Best Practices To Protect Your Organization

• Scottish MP Admits Hack Of Personal Email, After NCSC Warning

• Scammers steal $4 million in crypto during face-to-face meeting

• Why Some Cloud Services Vulnerabilities Are So Hard to Fix

• Bard: Google Introduces New ChatGPT Rival

• Russian Citizen Accused of Laundering Money from U.S.- targeted Ransomware Attacks

• SYN Flood Explained. How to Prevent this Attack from Taking over your Server

• US Grocery Delivery Platform Weee! Suffers Massive Data Leak

• Analysis: Could NIST’s Cybersecurity Framework 2.0 be the beginning of international best practice?

• Password Manager Dashlane Open-sourced Its Mobile Apps

• Google Chrome 110 arrives – but not all Windows PCs will get it

• The Role of Data Hygiene in the Security of the Energy Industry

• How to Optimize Your Cyber Insurance Coverage

• Ukraine CERT-UA warns of phishing attacks employing Remcos software

• New Abnormal Security Research Shows Employees Open 28% of BEC Attacks, Fail to Report 98% of All Email Attacks

• How the US Can Stop Data Brokers’ Worst Practices—Right Now

• Tax Season has officially arrived and cyber criminals are happy

• Zoom Sheds 15 Percent Of Workforce

• Patient Information Compromised in Data Breach at San Diego Healthcare Provider

• CISA Releases Open Source Recovery Tool for ESXiArgs Ransomware

• A Deep Dive Into the Growing GootLoader Threat

• How to Think Like a Hacker and Stay Ahead of Threats

• Russian Hackers Using Graphiron Malware to Steal Data from Ukraine

• Microsoft Adds AI To Bing Search Engine, Edge Browser

• Check Point 2023 Security Report: Cyberattacks reach an all-time high in response to geo-political conflict, and the rise of ‘disruption and destruction’ malware

• New cybersecurity data reveals persistent social engineering vulnerabilities

• BEC Attacks Surge 81% in 2022

• CERT-UA Warns Ukrainian Authorities On Remcos Cyberattacks

• Top 3 resolutions for security teams

• #SOOCon23: Global Cooperation Needed to Enhance Open Source Software Security

• How Cannabis Cultivators Are Using New Technology to Be More Productive in 2023?

• Picking The Right Password Manager: Five Things To Bear In Mind

• Singapore hit by growing cybercrimes, clocks $501M in losses from scams

• CISA Releases Recovery Tool for VMware Ransomware Victims

• Russian Hacker Pleads Guilty to Money Laundering Linked to Ryuk Ransomware

• US CISA releases a script to recover servers infected with ESXiArgs ransomware

• ARM Boss Committed To Public Listing In 2023

• Regulator Halts AI Chatbot Over GDPR Concerns

• Why performing security testing on your products and systems is a good idea

• Major CrackDown – Police Hacked Exclu ‘secure’ Cybercriminal Message Platform

• Vulnerability Research is a Journey: CVEs Found by KeenLab

• Emerging Defense in Android Kernel

• WindowServer: The privilege chameleon on macOS (Part 1)

• WindowServer: The privilege chameleon on macOS (Part 2)

• Suspect in Finnish psychotherapy center blackmail hack arrested

• CERT-UA Alerts Ukrainian State Authorities of Remcos Software-Fueled Cyber Attacks

• The Journey of a complete OSX privilege escalation with a single vulnerability – Part 1

• Car Hacking Research: Remote Attack Tesla Motors

• A Link to System Privilege

• Racing for everyone: descriptor describes TOCTOU in Apple’s core

• New Car Hacking Research: 2017, Remote Attack Tesla Motors Again

• Global Ransomware attack downs Florida Supreme Court and European Universities

• Cisco’s innovations protect hybrid work and multi-cloud environments

• Everbridge DigitalOps Insights provides visibility into IT service disruptions

• Neustar Security Services UltraPlatform protects enterprises’ digital assets

• Novel face swaps emerge as a major threat to biometric security

• Generative AI: A benefit and a hazard

• Biden’s SOTU: Data Privacy Is Now a Must-Hit US State of the Union Topic

• A bunch of Red Pills: VMware Escapes

• TenSec 2018

• New Vehicle Security Research by KeenLab: Experimental Security Assessment of BMW Cars

• Exploiting iOS 11.0-11.3.1 Multi-path-TCP:A walk through

• Tencent Keen Security Lab: Experimental Security Research of Tesla Autopilot

• Identifying and securing your business’s dark data assets in the cloud

• OpenSSL fixes High Severity data-stealing bug – patch now!

• TenSec 2019

• Exploiting Wi-Fi Stack on Tesla Model S

• Tencent Keen Security Lab joins GENIVI Alliance

• Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars

• Tencent Security Keen Lab: Experimental Security Assessment of Mercedes-Benz Cars

• Biden’s SOTU: Data Privacy Is Now a Must-Hit US State of the Union Topic

• Into the void: Your tech and security in digital darkness

• The 5 best identity theft protection & credit monitoring services in 2023

• VMware Disputes Old Flaws at Root of ESXiArgs Ransomware Attacks

• What Is Browser Sandboxing?

• CISA Releases ESXiArgs Ransomware Recovery Script

• Vulnerability Summary for the Week of January 30, 2023

• New Linux variant of Clop Ransomware uses a flawed encryption algorithm

• Application Mapping: 5 Key Benefits for Software Projects

• NIST researcher calls for further evaluation of the AI impact on humans

• SolarWinds Security Event Manager – SIEM Product Overview and Insight

• CISA Releases ESXiArgs Ransomware Recovery Script

• Vulnerability Summary for the Week of January 30, 2023

• On the 20th Safer Internet Day, what was security like back in 2004?

• Florida hospital takes entire IT systems offline after ‘ransomware attack’

• Introducing Malwarebytes Mobile Security for Business: How to find malware and stop phishing attacks on smartphones and ChromeOS

• Cloud Apps Still Demand Way More Privileges Than They Use

• Cybersecurity Industry News Review: February 7, 2023

• Cisco turns to risk-based authentication to make MFA and zero trust practical

• Fresh, Buggy Clop Ransomware Variant Targets Linux Systems

• ‘Money Lover’ Finance App Exposes User Data

• Labor Secretary set to leave post for NHL players union, reports say

• Fresh (Buggy) Clop Ransomware Variant Targets Linux Systems

• IT Security News Daily Summary 2023-02-07

• IRS not capturing the true cost of its legacy IT footprint, watchdog says

• KrebsOnSecurity in Upcoming Hulu Series on Ashley Madison Breach

• How ‘Sliver’ and ‘BYOVD’ Attacks Are Giving Hackers Backdoor Access to Windows Devices

• OpenSSL Ships Patch for High-Severity Flaws

• Germany Appoints Central Bank IT Chief to Head Cybersecurity

• Shift left critical to app security; Build38 raises €13M for trust development kit

• House panel presses FAA to speed up modernization

• tokenization

• DPRK Using Unpatched Zimbra Devices to Spy on Researchers

• From silos to seamless: How state governments deliver personalized services

• Metaverse adds new dimensions to Web 3.0 cybersecurity

• VMWare user? Worried about “ESXi ransomware”? Check your patches now!

• Fortinet vs Palo Alto: Compare Top Next-Generation Firewalls

• New Banking Trojan Targeting 100M Pix Payment Platform Accounts

• Key Features of Enterprise Browser

• ImageMagick Vulnerabilities Could Allow DoS, Information Leak

• Emergency Patch Released For GoAnywhere MFT Zero-Day Vulnerability

• State details how agencies must apply TikTok ban

• Machine learning maps location of lead pipes

• Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualization Risks

• Industrial Cybersecurity Innovator Opscura Receives $9.4M in Series A Funding as Critical Operations Transform

• Interpol is Determining How to Police the Metaverse

• Backdoor in Dingo Cryptocurrency Allows Creator to Steal (Nearly) Everything

• With TikTok Bans, the Time for Operational Governance Is Now

• Encrypted Messaging App Exclu Used by Criminal Groups Cracked by Joint Law Enforcement

• Attackers are searching for online store backups in public folders. Can they find yours?

• Massive ransomware operation targets VMware ESXi: How to protect from this security threat

• ARMO Integrates ChatGPT to Help Users Secure Kubernetes

• Coalfire Compliance Essentials Optimized for Automated Evidence Collection

• CISA Releases One Industrial Control Systems Advisory

• SpaceX May Attempt Starship Launch In March

• Google Introduces Bard: New ChatGPT Rival

• Agencies seek public input on updates to guiding plan for cyber R&D

• 10 types of security incidents and how to handle them

• Infosec Launches New Office Comedy Themed Security Awareness Training Series

• Intel 471 Announces Powerful and Scalable Attack Surface Protection Solution Suite

• CISA Releases One Industrial Control Systems Advisory

• VMware has no evidence of zero-day exploitation in ESXiArgs ransomware attacks

• Here’s A List Of Proxy IPs To Help Block KillNet’s DDoS Bots

• QNAP Backtracks On Scope Of Critical NAS Bug

• Lawsuit Blast GoodRx, Meta Over Egregious Privacy Practices

• Google Launches ChatGPT Rival Bard

• A Quick Look At The Chinese Spy Balloon Over The US

• AI and Cybersecurity: Some observational implications of the intersection between the two

• How to protect your car dealership from cyber-attacks

• China’s Baidu Prepares ChatGPT-Style Service

• VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks

• DataDome’s Inaugural E-Commerce Holiday Bot & Online Fraud Report Reveals the U.S. as the Top Source of Bot Attacks

• Valtix Survey: 95% of Organizations Say Multi-cloud Is a ‘Strategic Priority’ but Only 58% Have the Security Architecture to Support It

• Financial Institutions Are Suffering From Increasingly Sophisticated Cyberattacks, According to Contrast Security

• How to Get into the Cybersecurity Industry

• How to Set Up the Perfect Workspace at Home

• How to Spot a Nefarious Cryptocurrency Platform

• Cyber Insurance, A Must-Have for Small Businesses

• Interpreting the ‘Twitter Files’: Lessons About External Influence on Content Moderation

• Constructive Ambiguity of the Budapest Memorandum at 28: Making Sense of the Controversial Agreement

• Password security tips to keep data safe from hackers

• Chinese Version Of TikTok To Expand Food Delivery Service

• Cybercriminals Bypass ChatGPT Restrictions to Generate Malicious Content

• Linux Variant of Cl0p Ransomware Emerges

• Patch Released for Actively Exploited GoAnywhere MFT Zero-Day

• Vulnerability Provided Access to Toyota Supplier Management Network

• ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding

• Software Supply Chain Security Firm Lineaje Raises $7 Million

• Optimizing Cybersecurity Investments in a Constrained Spending Environment

• Juggling the Demands of a Multicloud Environment

• Court Approves Lawsuit Against Meta In Kenya

• UK Metal Engineering Firm Vesuvius Hit by Cyber-Attack

• Released: Decryptor for Cl0p ransomware’s Linux variant

• PixPirate Malware Is Actively Stealing Banking Passwords

• Iranian Threat Group Behind Charlie Hebdo Data Breach

• The Quantum Threat: Our Government Knows More Than You Do

• U.S. Nuclear Facilities Witnesses Hacking and Espionage Threats

• Defending Data Breaches Through Cybersecurity

• Everything you can do with the Apple HomePod

• A Cybersecurity Risk Assessment Guide for Leaders

• UK Considers Backing Official ‘Digital Pound’

• Benefits Of Having Video Surveillance In Your Business

• Google expands virtual cards to American Express customers

• Widespread ransomware campaign targets VMware ESXi servers

• 5 Ways to Survive Scam Season — or Rather, Tax Season

• Palo Alto Networks Cortex and IBM Enhance Modern Incident Response

• Cato SASE Cloud Named “Leader” and “Outperformer” in GigaOm Radar Report for SD-WAN

• Exploit Released for GoAnywhere File Transfer Zero-Day Flaw

• Calling custom security awareness training the answer to social engineering, Riot raises $12M

• ARMO shows how ChatGPT can help protect Kubernetes

• Social Networking Without Selling Yourself

• Safer Internet Day 2023: Protecting Your Personal Data

• Tripwire Patch Priority Index for January 2023

• VMware warns of ransomware attacks on unpatched ESXi hypervisors

• Keeping KillNet at Bay: Use the IP Address Blocklist

• Tackling the New Cyber Insurance Requirements: Can Your Organization Comply?

• Hackers Exploit Vulnerabilities in Sunlogin to Deploy Sliver C2 Framework

• All in for Security: Cisco Secure at Cisco Live EMEA 2023

• Critical Baicells Device Vulnerability Could Make Telecom Networks Vulnerable to Spying

• Are your kids talking about Safer Internet Day?

• Hijacking Your Bandwidth: How Proxyware Apps Open You Up to Risk

• Google To Release ChatGPT-Style AI Chatbot

• How IBM’s new supercomputer is making AI foundation models more enterprise-budget friendly

• VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree

• Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Algorithm

• OpenSSH addressed a new pre-auth double free vulnerability

• Malware Delivered through Google Search

• Eurocops Shuts Down Exclu Messaging App, Dozens Arrested

• Amazon S3 to apply security best practices for all new buckets

• LockBit Claims Responsibility For Royal Mail Attack

• This notorious ransomware has now found a new target

• Different Types of Phone Charging Stations – Ultimate Guide 2023

• Ex Uber Employee Made 388 Fake Driver Profiles, Duped Company of Rs 1.17 Crore

• Zero Trust Can Guarantee the Future of Computer Security

• Drugs Labs Busted After Encrypted Chat App Takedown

• Thirteen Teams Win at UK’s CyberFirst Girls Competition

• BlackSprut: Darknet Drug Market Advertises On Billboards In Moscow

• UK second most targeted nation behind America for Ransomware

• Cisco turns to risk-based authentication to make MFA and zero trust practical

• UK Banks Still Failing on Digital Security – Report

• Anonymous leaked 128GB of data stolen from Russian ISP Convex revealing FSB’s warrantless surveillance

• Need to improve the detection capabilities in your security products?

• 5 Best Technologies to Secure Kubernetes – 2023

• Super Bowl ticket scams: Security tips for football fans

• Shift left is critical to app security; Build38 raises €13M for trust development kit

• Web beacons on websites and in e-mail

• Eurocops shut down Exclu encrypted messaging app, arrest dozens

• Safer Internet Day 2023: Empowering Kids and Families for a Safer Internet

• Fortinet launches FortiSP5 to secure distributed network edges

• OPSWAT MetaDefender Kiosk K2100 secures critical networks in challenging environments

• Podcast Episode: When Tech Comes to Town

• Cequence Security API Security Testing uncovers and remediates API vulnerabilities

• ChatGPT’s potential to aid attackers puts IT pros on high alert

• How to scale cybersecurity for your business

• India-China relations will define the IoT landscape in 2023

• Balancing risk and security tradeoffs

• iPhone using parents to get precise location of kids via Apple Watch

• Microsoft attributes Charlie Hebdo attacks to Iranian nation-state threat group

• OPSWAT mobile hardware offers infrastructure security for the air gap

• Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition

• BrandPost: Tackling Cyber Influence Operations: Exploring the Microsoft Digital Defense Report

• Massive ransomware attack targets VMware ESXi servers worldwide

• Transport Layer Security (TLS): Issues & Protocol

• A Fool With a Tool Is Still a Fool: A Cyber Take

• No experience, No Problem – (ISC)² Recruits 140,000 Individuals Interested in a Cybersecurity Career

• 12 ways to improve your website security

• Hackers Actively Exploiting VMware ESXi Servers to Deploy Ransomware

• Following a Breach at ION Group, LockBit Hackers Received a Ransom

• Online safety laws: What’s in store for children’s digital playgrounds?

• Industrial Defender and Nozomi Networks partner to protect critical operational technology

• Why Lists?

• BlueHat 2023: Connecting the security research community with Microsoft

• Cloud-ready and Channel-first

• Data Privacy From a Data Governance Standpoint

• U2opia licenses ORNL technologies for cybersecurity monitoring in real time

• A week in security (January 30 – February 5)

• Two year old vulnerability used in ransomware attack against VMware ESXi

• Embarrassment as US cyber ambassador’s Twitter account is hacked

Generated on 2023-02-08 23:55:27.281325