IT Security News Daily Summary 2023-02-11

• Uncle Sam wants to strip the IoS out of IoT with light crypto

• Test Data Compliance: How to Rewrite Your Organization’s DNA

• Why passkeys from Apple, Google, Microsoft may soon replace your passwords

• Dynamic Approaches Witnessed in AveMaria’s Distribution Strategy

• Clop ransomware claims the hack of 130 orgs using GoAnywhere MFT flaw

• Why Apple, Google, Microsoft passkeys may soon replace your internet passwords

• Data Breached on Toyota Supplier Portal

• ChatGPT: A Potential Risk to Data Privacy

• Essential Team Building for Strong Cloud Security

• The top 8 Cybersecurity threats facing the automotive industry heading into 2023

• Why Apple, Google, Microsoft passkeys should soon replace your own passwords

• What is Vulnerability Scanning & How Does It Work?

• Unwitting Insider Threats Remain A Challenge As Security Solutions Struggle To Keep Up

• North Korean Hackers Are Attacking US Hospitals

• Cybersecurity and the Cloud in Modern Times

• New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool

• Watch Out for Windows 11, as it Collects Data Even While you are Offline

• Tor And I2P Networks Embraced Multiple DDoS Attacks

• North Korean Hackers Targeting Healthcare to Fund for Malicious Activities

• US Blacklists 6 Chinese Entities Over Balloon Program

• KeePass isn’t as safe as we once thought. Here’s why

• Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users

• CISA adds Fortra MFT, TerraMaster NAS, Intel driver Flaws, to its Known Exploited Vulnerabilities Catalog

• Build or Buy your own antivirus product

• CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws

• Weekly Update 334

• AT&T Cybersecurity awarded the Palo Alto Networks 2022 Partner of the Year Award

• Cybersecurity Industry News Review: February 7, 2023

• Juggling the Demands of a Multicloud Environment

• This week’s Reddit breach shows company’s security is (still) woefully inadequate

• Key findings from the latest ESET Threat Report – Week in security with Tony Anscombe

• AI-powered Bing Chat spills its secrets via prompt injection attack

• Mozilla plans ground-up UI redesign for Thunderbird email client this July

• California Medical Group’s Ransomware Breach Affects 3.3M

• Penang government data leaked online

• My Strange Day With Bing’s New AI Chatbot

• Ransomware crooks steal 3m+ patients’ medical records, personal info

• Austrian ‘mobile concierge’ app Gustaffo leaking 100k customers’ data

• CyberData Pros and Ketch help companies build modern privacy programs

• $800,000 recovered from Business Email Compromise attack

• Beware fake Facebook emails saying “your page has been disabled”

• Reddit breached, here’s what you need to know

• KillNet hits healthcare sector with DDoS attacks

• Ransomware attack hit the City of Oakland

• Digital Rights Updates with EFFector 35.2

• DPRK fund malicious cyber activities with ransomware attacks on critical Infrastructure

• IT Security News Daily Summary 2023-02-10

• How to Use Cloud Access Security Brokers for Data Protection

• 2023-02-07 – OneNote file pushes unidentified malware

• Chinese spy balloon over the US: An aerospace expert explains how the balloons work and what they can see

• ChatGPT is a data privacy nightmare. If you’ve ever posted online, you ought to be concerned

• Toyota Global Supply Chain Portal Flaw Put Hacker in the Driver’s Seat

• It Isn’t Time to Worry About Quantum Computing Just Yet

• ESXiArgs Ransomware Virtual Machine Recovery Guidance

• NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices

• Honoring our ‘Cybersecurity Defender of the Year’ in EMEA

• Friday Squid Blogging: Squid Is a Blockchain Thingy

• Suspect In Finnish Psychotherapy Blackmail Hack Arrested

• North Korea Using Healthcare Ransomware To Fund More Hacking

• Clop Ransomware Flaw Permitted Linux Victims to Restore Files for Months

• Reddit Hack Shows Limits of MFA, Strengths of Security Training

• List of Proxy IPs Exposed to Block Killnet’s DDoS Bots

• Researcher Hacked Toyota’s Global Supplier Portal

• Announcing Check Point Software’s Americas Partner Winners at CPX 360 New York

• Biden’s State of the Union highlights semiconductor success and big tech privacy concerns

• Do traffic signals need a fourth light for self-driving cars?

• How fleet management can boost overall data security and integrity

• SOC 3 (System and Organization Controls 3)

• UK Politician’s Email Hacked by Suspected Russian Threat Actors

• Top 7 Threat Intelligence Platforms

• Unpatched Security Flaws Disclosed in Multiple Document Management Systems

• Russian national pleads guilty to money laundering linked to Ryuk Ransomware operation

• Top Android Phones From China Are Packed With Spyware, Research Finds

• Scammers Steal $4 Million In Crypto During Face-To-Face Meeting

• Mysterious Russian Satellites Are Now Breaking Apart In Low Earth Orbit

• Mysterious Leak Of Booking.com Data Being Used For Scams

• National Security Roundup for the 2023 State of the Union

• Solving one of NOBELIUM’s most novel attacks: Cyberattack Series

• A Majority of Security Experts Prioritize Prevention Over Detection

• New Password-sharing Rule from Netflix Can Annoy Users

• CDC map shows health impact of local environmental burdens

• New ESXi ransomware strain spreads, foils decryption tools

• Cybersecurity Analysts Using ChatGPT for Malicious Code Analysis, Predicting Threats

• UK Watchdog Finds Microsoft’s Activision Deal Could Hurt Gamers

• Intel Now Seeks $10 Billion State Aid For German Factory – Report

• Securing the Clouds: An Evaluation of Cloud Security Solutions

• Defending Against Data Breaches: An Overview of Cyber Insurance for MSPs

• Your Go-to Guide to Develop Cryptocurrency Blockchain in Node.Js

• The cloud’s growing impact on cybersecurity

• What responders really want from their tech

• Internet and email usage policy

• Royal ransomware spreads to Linux and VMware ESXi

• Lawmakers Press Facebook Over Risky Data Access In Hostile Countries

• Why ChatGPT Isn’t a Death Sentence for Cyber Defenders

• Sydney Man Sentenced for Blackmailing Optus Customers After Data Breach

• A Hacker’s Mind Is Now Published

• What’s Next in Cybersecurity? Join Us at Ignite on Tour!

• The Proud Boys Jurors: Who Are They and Can They Be Fair?

• Dingo Token Charging 99% Fee is a Scam

• Police in Hong Kong and Interpol Discover Phishing Servers and Apps

• Malvertiser “D-Shortiez” abuses WebKit back button hijack in forced-redirect campaign

• Geo Targetly URL Shortener Abused in Phishing Scam

• CrowdStrike exec explains why the cloud is a ‘net-positive’ for cybersecurity

• Trickbot Members Sanctioned for Pandemic-Era Ransomware Hits

• Vulnerability Research is a Journey: CVEs Found by KeenLab

• Emerging Defense in Android Kernel

• WindowServer: The privilege chameleon on macOS (Part 1)

• WindowServer: The privilege chameleon on macOS (Part 2)

• Tax Season has officially arrived and cyber criminals are happy

• Password Manager Dashlane Open-sourced Its Mobile Apps

• Zoom Sheds 15 Percent Of Workforce

• Scottish MP Admits Hack Of Personal Email, After NCSC Warning

• Google Chrome 110 arrives – but not all Windows PCs will get it

• Why Some Cloud Services Vulnerabilities Are So Hard to Fix

• How to Optimize Your Cyber Insurance Coverage

• How the US Can Stop Data Brokers’ Worst Practices—Right Now

• The FBI’s Most Controversial Surveillance Tool Is Under Threat

• 10 API Security Best Practices To Protect Your Organization

• Scammers steal $4 million in crypto during face-to-face meeting

• Analysis: Could NIST’s Cybersecurity Framework 2.0 be the beginning of international best practice?

• Why threat modeling can reduce your cybersecurity risk

• The Role of Data Hygiene in the Security of the Energy Industry

• This beginner-friendly ethical hacker training is 97% off

• Reddit admits it was hacked and data stolen, says “Don’t panic”

• MagicWeb Mystery Highlights Nobelium Attacker’s Sophistication

• Integreon Launches Cyber Incident Response Offering with Development of AI-Based Review and Integration of RadarFirst

• The Journey of a complete OSX privilege escalation with a single vulnerability – Part 1

• Car Hacking Research: Remote Attack Tesla Motors

• A Link to System Privilege

• Racing for everyone: descriptor describes TOCTOU in Apple’s core

• New Car Hacking Research: 2017, Remote Attack Tesla Motors Again

• ARM Boss Committed To Public Listing In 2023

• Microsoft Adds AI To Bing Search Engine, Edge Browser

• Major CrackDown – Police Hacked Exclu ‘secure’ Cybercriminal Message Platform

• Check Point 2023 Security Report: Cyberattacks reach an all-time high in response to geo-political conflict, and the rise of ‘disruption and destruction’ malware

• Singapore hit by growing cybercrimes, clocks $501M in losses from scams

• New cybersecurity data reveals persistent social engineering vulnerabilities

• Cisco: Companies are spending on privacy protection, but do customers know it?

• Russian Hacker Pleads Guilty to Money Laundering Linked to Ryuk Ransomware

• How to Think Like a Hacker and Stay Ahead of Threats

• Russian Hackers Using Graphiron Malware to Steal Data from Ukraine

• How Cannabis Cultivators Are Using New Technology to Be More Productive in 2023?

• Picking The Right Password Manager: Five Things To Bear In Mind

• These Top Background Check Services Impacted by a Data Breach

• Which Type of MFA Is Most Secure?

• OIG finds oversight issues with GSA’s performance-based contracts

• How video evidence is presented in court can hold sway in cases like the beating death of Tyre Nichols

• Reddit Hit By Phishing Attack, Source Code Stolen

• Attacker Allure: A Look at the Super Bowl’s Operational Cyber-Risks

• Malicious Game Mods Target Dota 2 Game Users

• CISA Adds Three Known Exploited Vulnerabilities to Catalog

• A bunch of Red Pills: VMware Escapes

• TenSec 2018

• New Vehicle Security Research by KeenLab: Experimental Security Assessment of BMW Cars

• Exploiting iOS 11.0-11.3.1 Multi-path-TCP:A walk through

• Tencent Keen Security Lab: Experimental Security Research of Tesla Autopilot

• Russian hackers are trying to break into ChatGPT, says Check Point

• Twistlock: Prisma Cloud Container Security Overview and Analysis

• Biden’s SOTU: Data Privacy Is Now a Must-Hit US State of the Union Topic

• CISA Adds Three Known Exploited Vulnerabilities to Catalog

• CERT-UA Alerts Ukrainian State Authorities of Remcos Software-Fueled Cyber Attacks

• Researchers Uncover Obfuscated Malicious Code in PyPI Python Packages

• Biden Brings Semiconductors to the Forefront of Americans’ Minds

• Power Struggles: Grid Attacks and Extremism in an Age of Climate Volatility

• Suspect in Finnish psychotherapy center blackmail hack arrested

• Smishing: The elephant in the room

• 5 steps to deal with the inevitable data breaches of 2023

• Inflation, workforce issues challenge defense contractors amid security pivot

• Industry, Congress have eye on Login.gov and the public, private sector role in digital identity

• Microsoft OneNote Abuse for Malware Delivery Surges

• US Warns Critical Sectors Against North Korean Ransomware Attacks

• DPRK Uses Unfixed Zimbra Devices for Spying on Researchers

• Telehealth Companies Monetizing and Sharing Health Data

• TenSec 2019

• Exploiting Wi-Fi Stack on Tesla Model S

• Tencent Keen Security Lab joins GENIVI Alliance

• Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars

• Tencent Security Keen Lab: Experimental Security Assessment of Mercedes-Benz Cars

• LATEST CYBERTHREATS AND ADVISORIES – FEBRUARY 10, 2023

• What Is Browser Sandboxing?

• Congress told HHS to set up a health data network in 2006. The agency still hasn’t.

• The 5 best identity theft protection & credit monitoring services in 2023

• OpenSSL fixes High Severity data-stealing bug – patch now!

• LookingGlass Cyber Solutions: Threat Intelligence Review

• Remote Code Execution vs. Reverse Shell Attacks – Staging, Purpose, and Impact

• US and UK governments issue sanctions on 7 Russians spreading ransomware

• Reddit Hacked After Employee Bites on Phishing Scam

• Hackers Breached Reddit – Stole Source Code & Internal Data

• Securing Admin Access to Apache APISIX

• Zero trust’s creator John Kindervag shares his insights with VentureBeat — Part II

• Malicious Npm Package Uses Typosquatting, Downloads Malware

• LA Hospital Sued For Selling Patient Data To Facebook

• New TA886 group targets companies with custom Screenshotter malware

• How to delete yourself from the internet

• LATEST CYBERTHREATS AND ADVISORIES – FEBRUARY 10, 2023

• Some towns get funding boost from census corrections

• New virtual data fabric to support DoD cyber testing

• Military Organizations in Pakistan Targeted With Sophisticated Espionage Tool

• Security Awareness Training Startup Riot Raises $12 Million

• NIST Picks Ascon Algorithms to Protect Data on IoT, Small Electronic Devices

• Siemens Drives Rise in ICS Vulnerabilities Discovered in 2022: Report

• Australian Government Bans Chinese CCTV Tech

• Novel Phishing Campaign Takes Screenshots Before Payload Delivery

• Musk Seems To Think His Own Employees Are Shadowbanning Him

• Valve Waited 15 Months To Patch High Severity Flaw. A Hacker Pounced.

• Bill Gates thinks A.I. like ChatGPT is the ‘most important’ innovation right now

• The Cryptocurrency Was Stolen by Hackers Last Year to the Tune of $4 Billion.

• 5 Ways to Delete Your Digital Presence

• Should You Use Google Password Manager?

• Six Common Ways That Malware Strains Get Their Names

• Addressing the Elephant in the Room: Getting Developers & Security Teams to Work Together

• Endpoint Security vs. Antivirus: A Comparison

• New Screenshotter Malware Performs Surveillance Before Stealing Data

• Uncle Sow: Dark Caracal in Latin America

• The Cryptocurrency Was Stolen by Hackers Last Year to the Tune of $4 Billion

• Tax-related identity theft: How to protect yourself

• Reddit was hit with a phishing attack. How it responded is a lesson for everyone

• Microsoft Announces New OpenAI-Powered Bing

• GoAnywhere MFT Zero-Day Exploitation Linked to Ransomware Attacks

• US, South Korea: Ransomware Attacks Fund North Korea’s Cyber Operations

• North Korea targets US, South Korean hospitals with ransomware to fund further cyber operations

• February 2023 Patch Tuesday forecast: A Valentine’s date

• Release Management: Is Your Product Ready for Success?

• Canadian Bookstore Indigo Hit By Cyberattack

• What Is An IT Asset?

• Data: A Thorn in the Flesh for Most Multicloud Deployments

• Researcher Discovers Backdoor In Toyota Supplier Management Network

• 1Password plans to become the first password manager without passwords

• SpaceX Test Fires StarShip ‘Super Heavy’ Booster Rocket

• Google Cloud Connects Chronicle to Health ISAC Feed

• Canadian Bookstore Indigo Shuts Down Website After Cyberattack

• How to Secure Your Website in 10 Easy Steps

• North Korean Hackers Targeting Healthcare with Ransomware to Fund its Operations

• Phishing attacks are easy for criminals. This is how expensive they could be for you

• Documents, Code, Business Systems Accessed in Reddit Hack

• Meet the Creator of North Korea’s Favorite Crypto Privacy Service

• Reddit breached: Internal docs, dashboards, systems accessed

• UEBA 101: An Introduction to User and Entity Behavior Analytics

• Google Shares Still Down After Bard AI ChatBot Blunder

• Cyber Security New Innovation – Over 2,000 Applications Filed for Patent

• 3 Overlooked Cybersecurity Breaches

• Announcing the 2023 Federal 100

• Reddit discloses security breach that exposed source code and internal docs

• 10 Free & Open Source Threat-Hunting Tools for 2023

• Yahoo To Layoff 20 Percent Of Workforce

• Fifth of ICS Bugs Have No Patch Available

• U.K. and U.S. Sanction 7 Russians for TrickBot, Ryuk, and Conti Ransomware Attacks

• How do you secure the Big Game?

• 3 reasons not to repatriate cloud-based apps and data sets

• Refund and Invoice Scams Surge in Q4

• Good, Perfect, Best: how the analyst can enhance penetration testing results

• Reddit Hacked In Phishing Attack Against Its Employee

• Reddit Breached: Threat Actors Steal Source Code and Internal Data

• New Threat Group Reviews Screenshots Before Striking

• Smart and Frictionless Zero Trust Access for the Workforce

• (ISC)² Puts Members at the Center of Our Cybersecurity Content in 2023

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows?

• How The UK Is Taking A Stand Against Ransomware Criminals

• How to Send Ctrl-Alt-Delete in a Remote Desktop Session?

• US, UK slap sanctions on Russians linked to Conti, Ryuk, Trickbot malware

• Android mobile devices from top vendors in China have pre-installed malware

• Live Cyber Forensics Analysis with Computer Volatile Memory

• US teases more China tech sanctions, this time to deflate balloon-makers

• Reddit discloses security breach: what you need to know

• An email attack can end up costing you over $1 million

• The dangers of unsupported applications

• New infosec products of the week: February 10, 2023

• ChatGPT is malware makers’ new A.I. partner in crime

• KeePass 2.53.1 password manager resolves vulnerability controversy

• Reddit Suffers Security Breach Exposing Internal Documents and Source Code

• SecuriThings Managed Service Platform secures physical security devices

• ChatGPT and Cyber Attacks

• Australian government gives made-in-China CCTV cams the boot

• Strike Graph integrates assessment and audit capabilities in TrustOperation platform

• Acalvio’s ITDR solution combats identity threats and strengthens zero trust

• SentryBay protects business data at the endpoint with Armored Client for AVD & W365

• N-able Managed EDR accelerates the investigation of threat events

• Endpoint security getting easier, but most organizations lack tool consolidation

• Alexa, who else is listening?

• Romance scammers’ favorite lies cost victims $1.3B last year

• Get Up to Speed With the Latest Cybersecurity Standard for Consumer IoT

• Australian Defense Department to Remove Chinese-Made Cameras

• Reddit reveals security incident that looks more SNAFU than TIFU

• Socure joins FIDO Alliance to improve identity verification industry standards

• Adaptive Shield and Datadog provide users with the ability to visualize SaaS security alerts

• Veza integrates with GitHub to secure customers’ data

• Bard AI Causes Google Losses of $100 Billion

• Integrating DevOps with IT Service Management (ITSM): Best Practices for Effective DevOps-ITSM Integration

• Ryuk ransomware laundering leads to guilty plea

• Introducing Malwarebytes Application Block: How to block unauthorized software from executing on Windows endpoints

• Reddit Breached With Stolen Employee Credentials

Generated on 2023-02-11 23:55:27.022903