IT Security News Daily Summary 2023-02-23

• Modernization needs partners inside, outside government

• How data gaps feed inequity

• How to expand your search sources beyond Google and Bing

• Hydrochasma Threat Group Bombards Targets With Slew of Commodity Malware, Tools

• Generative AI Changes Everything We Know About Cyberattacks

• Russian Malware Developer Behind NLBrute Extradited to US

• GSA contract vehicle looks to solve the ‘valley of death’ problem

• Meta Is Revamping “Facebook Jail” For Violating Company’s Rules

• Forsage Founders Indicted in $340M DeFi Crypto Scheme

• AUVSI Launches Green UAS Cybersecurity Certification Program For Commercial Drones

• CDC technology office plans roadmap for public health data interoperability

• Dole production plants crippled by ransomware, stores run short

• Cyberattack on Dole Causes Temporary Salad Shortage

• FTX fiasco founder SBF faces further fraud charges

• Report: Stress will drive a quarter of cyber defenders out the door

• Linux Foundation Europe Announces Formation of OpenWallet Foundation

• Top 7 Reasons Why Use Node.js in Your Next Web Development Project

• Anonymous: Russian Radio Stations Hacked with Fake Missile Alerts

• At least one open source vulnerability found in 84% of code bases: Report

• Federal procurement is poised for reform—here’s what to keep in mind

• Unanswered Questions Cloud the Recent Targeting of an Asian Research Org

• Hydrochasma Threat Group Bombards Targets with Slew of Commodity Malware, Tools

• UL Solutions Issues Automotive Cybersecurity Assurance Program Certificate to LG Innotek

• Fortinet FortiNAC CVE-2022-39952 flaw exploited in the wild hours after the release of PoC exploit

• (ISC)² Security Congress 2023 Begins Call for Presentations

• How to delete your Twitter account and protect your data, too

• Sensitive DoD emails exposed by unsecured Azure server

• Wiper Malware Surges Ahead, Spiking 53% in 3 Months

• Valve’s Anti-Cheat Measures in Dota 2 Lead to 40,000 Account Bans

• Auto Remediation of GuardDuty Findings for a Compromised ECS Cluster in AWSVPC Network Mode

• Transcription Security Essentials: How to Protect Your Data in the Digital Age

• Understanding purple teaming benefits and challenges

• Inside the PEIR purple teaming model

• S3 Ep123: Crypto company compromise kerfuffle [Audio + Text]

• Metomic Raises $20 Million to Protect Sensitive Data in SaaS Applications

• Vault Vision Launches One Click Passwordless Logins With Passkey User Authentication

• Cris Thomas: Space Rogue, From L0pht Hacker to IBM Security Influencer

• WinorDLL64 Backdoor Linked to Lazarus Group

• (ISC)² Opens Security Congress 2023 Call for Presentations

• Rezilion Research Discovers Hidden Vulnerabilities in Hundreds of Docker Container Images

• Why Are My Employees Integrating With So Many Unsanctioned SaaS Apps?

• You Can’t Trust App Developers’ Privacy Claims on Google Play

• CISA Releases Three Industrial Control Systems Advisories

• Cisco Releases Security Advisories for Multiple Products

• VMware Releases Security Updates for Carbon Black App Control

• Moving Connected Device Security Standards Forward

• Researchers Develop AI Cyber Defender to Tackle Cyber Actors

• How Does Modern Software Work?

• Advantages of the AWS Security Maturity Model

• CISA Releases Three Industrial Control Systems Advisories

• Cisco Releases Security Advisories for Multiple Products

• VMware Releases Security Updates for Carbon Black App Control

• Hackers Using Trojanized macOS Apps to Deploy Evasive Cryptocurrency Mining Malware

• A Deep Dive into the Evolution of Ransomware Part 2

• Russian Radio Stations Hacked with Fake Missile Alerts

• What will security and threat prevention look like in Web3?

• Microsoft to expand program that grows economic development in rural areas

• Top Takeaways From CloudNativeSecurityCon 2023

• The European Commission has banned its staff from using TikTok over security concerns

• The Current State of Play in Israel’s Constitutional Showdown

• Stories from the SOC  – The case for human response actions

• NSA says: Do these things to keep your home network safe from cyberattack

• Dozens of Malicious ‘HTTP’ Libraries Found on PyPI

• NPM Repository Flooded With 15,000 Phishing Packages

• Russian Authorities Claim Ukraine Hackers Are Behind Fake Missile Strike Alerts

• Post-Quantum Algorithm Vulnerable To Side Channel Attacks

• Ukraine Suffered More Data-Wiping Malware Than Anywhere, Ever

• New Class Of Apple Bugs Found In iOS, MacOS

• E.U. Bans TikTok From Commission Devices Over Cybersecurity

• Feds push local election officials to boost security ahead of 2024

• What are the pros and cons of digital workers?

• These experts are racing to protect AI from hackers. Time is running out

• Batteries Are Ukraine’s Secret Weapon Against Russia

• Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products

• Users looking for ChatGPT apps get malware instead

• Remember to Clear the Cache on Your iPhone

• Nevada Ransomware Group targets 5000 victims in US and Europe

• Fake ChatGPT apps spread Windows and Android malware

• TikTok Banned From EU Commission Phones Over Cybersecurity

• Cybersecurity VC Funding Topped $18 Billion in 2022: Report

• Stealthy Mac Malware Delivered via Pirated Apps

• Hackers Use S1deload Stealer to Target Facebook, YouTube Users

• The Push to Ban TikTok in the US Isn’t About Privacy

• Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data

• Most Ransomware Attacks in 2022 Took Advantage of Outdated Bugs

• Nearly Half Cybersecurity Leaders Set To Change Jobs, Warns Gartner

• This Will Be the Year of the SBOM, for Better or for Worse

• Proven Techniques for Effective Email Spam Filtering

• NSA Released Checklist To Secure Home Wi-Fi Network

• What is an Incident Response Professional?

• NSA says: Do these things to keep your home network safe from cyber attack

• Vulnerability Summary for the Week of February 13, 2023

• Salt Security Thrives in the Channel

• How to Browse Plenty of Fish (POF) Without Signing Up? – 2023 Dating Guide

• European Commission Suspends TikTok On Corporate Devices

• Russian Accused of Developing NLBrute Malware Extradited to US

• Vulnerability Summary for the Week of February 13, 2023

• Section 230 Won’t Protect ChatGPT

• Vulnerability Summary for the Week of February 13, 2023

• Samsung Enhances Bixby So Users Can Clone Their Voices

• The Secret Vulnerability Finance Execs are Missing

• Google Paid Security Researchers Bug Bounties Of $12 Million

• Cybersecurity layoffs in 2023: What to expect?

• Datacenters in China, Singapore cracked by crims who then targeted tenants

• A Secure Access Service Edge (SASE) Guide for Leaders

• Webinar Today: Building Sustainable OT Cybersecurity Programs

• Warning! New Malware Hijacks YouTube and Facebook Accounts

• Why the US Congress Wants to Ban TikTok

• Lazarus Group Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data

• New Hacking Cluster ‘Clasiopa’ Targeting Materials Research Organizations in Asia

• Cyberwar Lessons from the War in Ukraine

• The Benefits of Playing in an Online Casino Singapore

• Amazon Closes Acquisition Of Healthcare Provider One Medical

• Many cyber operations conducted by Russia are yet to be publicly disclosed, says Dutch intelligence

• Researchers find hidden vulnerabilities in hundreds of Docker containers

• New S1deload Malware Hijacking Users’ Social Media Accounts and Mining Cryptocurrency

• Researchers Warn: Cybercriminals Are Targeting Data Center Providers

• The Best ASIC Mining Equipment: Review on The Market

• Twitter and Two-Factor Authentication – Intego Mac Podcast Episode 280

• Winning Combinations: Check Point 2023 CPX Americas Customer Awards

• Fortinet FortiNAC Vulnerability Exploited in Wild Days After Release of Patch

• Cisco Patches High-Severity Vulnerabilities in ACI Components

• Ransomware Hackers Ask Victims For Cyber Insurance Details

• ICO Calls on Accountants to Improve SME Data Protection

• MyloBot Botnet Spreads Globally, 50,000+ Devices Infected Daily

• Russian Invasion Sparks Global Wiper Malware Surge

• Phishing Sites and Apps Use ChatGPT as Lure

• Nudge Security launches SaaS attack surface management capabilities

• CyberGRX Portfolio Risk Findings enables customers to identify riskiest vendors

• Netwrix Privilege Secure eliminates standing privileged accounts across on-premises databases

• Malwarebytes Application Block restricts access to outdated and unsafe apps

• Lacework releases composite alerts feature to help customers identify and remediate threats

• What Are DNS Records? Types and Role in DNS Attacks Mitigation

• Bitwarden’s desktop app now supports passwordless login for web vault

• Meta Prepping Fresh Round Of Layoffs – Report

• Do you know what your supply chain is and if it is secure?

• Bitdefender Premium Security Plus detects threats across multiple operating systems

• Xcitium ZeroDwell Containment isolates all unknown or suspect code entering an organization

• The potential pitfalls of open source management

• CISOs struggle with stress and limited resources

• Insider threats must be top-of-mind for organizations facing layoffs

• Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries

• Russian authorities claim Ukraine hackers are behind fake missile strike alerts

• Datacenters in China, Singapore, cracked by crims who then targeted tenants

• Microsoft ChatGPT usage virtually banned by JPMorgan Chase

• A new Workgroup aims to improve smart home data privacy

• Latest Cyberthreats and Advisories – February 17, 2023

• GuLoader – a highly effective and versatile malware that can evade detection

• GKE Cluster Optimization: 14 Tactics for a Smoother K8s Deployment

• Lawyers join forces to fight common enemy: The SEC and its probes into cyber-victims

• Scott Lundgren and John Spiliotis join NetSPI Board of Directors

• Sublime Security raises $9.8 million to boost email security

• DarkLight partners with Resecurity to improve enterprise cybersecurity posture

• HardBit ransomware tailors ransom to fit your cyber insurance payout

• The 5 most dangerous cyberthreats facing businesses this year

• Hackers Advertising New Info-Stealing Malware on Dark Web

• Mobile App Development Trends and Best Practices

• How to conduct incident response tabletop exercises

• Mapping cloud to mission

• The number of devices infected by the MyloBot botnet is rapidly increasing

• IT Security News Daily Summary 2023-02-22

• Inclusive innovation spurs equity, self-sufficiency

• Scammers Mimic ChatGPT to Steal Business Credentials

• UL Solutions Advances Automotive Safety and Security

• GSA not tapping data on unauthorized access attempts at federal facilities, report says

• Public safety data officer wants to break silos, make data more transparent

• Provide Your Feedback on the CISSP-ISSEP Exam Outline

• Cloud compliance automation platform raises $7.5M to address growing cloud risk

• Entitle Brings Fine-Grained Cloud Permissions Management Out of Stealth

• How to Unlock Your iPhone With a Security Key

• How to Remove Duplicate Lines in EmEditor (2023)

• What Is IoT Gateway? Is It Important

• How hackers can abuse ChatGPT to create malware

• Exploitation attempts observed against Fortinet FortiNAC flaw

• 1 in 4 CISOs Wants to Say Sayonara to Security

• Half of Apps Have High-Risk Vulnerabilities Due to Open Source

• IoT network delivers real-time data on parking availability

• Intel Paid Out Over $4.1 Million via Bug Bounty Program Since 2017

• US Military Emails Exposed via Cloud Account

• NPM JavaScript packages abused to create scambait links in bulk

• Hydrochasma Going After The Medical And Shipping Industries

• Open Policy Agent With Kubernetes: Part 2

• How To Pursue Database Encryption

• Google Paid Out $12 Million via Bug Bounty Programs in 2022

• 9 Best Next-Generation Firewall (NGFW) Solutions for 2023

• Google Delivers Record-Breaking $12M in Bug Bounties

• Phishing Fears Ramp Up on Email, Collaboration Platforms

• Attackers Use a Poisoned Google Search to Target Chinese-speaking Individuals

• Employees at Gaming Giant Activision Hit by SMS Phishing Attack

• Open Policy Agent With Kubernetes: Part 1

• Headwinds Don’t Have to Be a Drag on Your Security Effectiveness

• The End of ‘Reasonable’ Governance in Israel?

• Vulnerability Reward Program: 2022 Year in Review

• We pitted ChatGPT against tools for detecting AI-written text, and the results are troubling

• Xcitium Brings ‘Zero Dwell’ Capability to Legacy EDR Platforms

• 18 Best Private Search Engines: Where to Search Without Being Tracked

• Top White House leaders tease forthcoming agency guidance for digital identity

• This Android security risk is often overlooked. Google wants that to change

• How to easily back up your Mac onto a USB drive (and feel like James Bond doing it)

• Open Source Flaws Found in 84% of Codebases

• Hackers Stole Data Center Logins For Apple, Microsoft, And Many More

• GoDaddy Blasted For Breach Response

• Open Source Has Its Perks, But Supply Chain Risks Can’t Be Ignored

• Delicate US Military Emails Spill Online Via Exposed Servers

• Governance of Zero Trust in manufacturing

• Trend Micro Acquires SOC Technology Expert Anlyz

• (ISC)² Research Finds Cybersecurity Professionals to be Least Impacted by Layoffs in 2023

• Hydrochasma Group Targets Asian Medical and Shipping Sectors

• Report: Facebook Shows Children Ads For Gambling, Alcohol And More

• Exploit Code Released for Critical Fortinet RCE Bug

• Experts found a large new class of bugs ‘class’ in Apple devices

• CTOs and CIOs to switch jobs by 2025 due to stress

• Amazon Staff Push Back At Return-To-Office Order

• Apple Privilege Escalation Bug Let Attacker Execute Arbitrary Code

• Npm Packages Used to Distribute Phishing Links

• 4 Tips to Guard Against DDoS Attacks

• When Elections Threaten the Rule of Law: The Good Governance Paradox of Judicial Elections

• Trellix Finds LockBit Ransomware Gang Most Apt To Leak Stolen Data

• Armis appoints Brian Gumbel as President

• First Generation Apple iPhone Fetches $63,000 At Auction

• Android voice chat app with 5m installs leaked user chats

• Event Today: Attack Surface Management Summit

• 7 Tips for Mitigating Cyber-Risks to Your Corporate Social Media

• Internet Users are Inundated With Adware and False Advise Frauds Thanks to Hackers

• How Can Developers Win the Data Security Battle?

• RailYatri Hack: 31M Users Data Impacted On Indian Ticketing Platform

• AT&T Looks To Offload Cybersecurity Division – Report

• Common Challenges in Digital Experience Testing and How to Overcome Them

• Entitle Nabs $15M Seed Funding for Cloud Permissions Management Tech

• Metomic Lands $20 Series A for Data Security Platform

• R1Soft Server Backup Manager Vulnerability Exploited to Deploy Backdoor

• Apple Warns of 3 New Vulnerabilities Affecting iPhone, iPad, and Mac Devices

• Tesla Recalls 362,758 Cars, Warns FSD May Cause Crashes

• How to stop data leaks in Slack and SaaS apps, Metomic raises $20M

• This threat to Android security is often overlooked. Google wants to change that

• A Device to Turn Traffic Lights Green

• Putin Speech Broadcast Temporarily Stopped By DDoS Attack

• Open source software has its perks, but supply chain risks can’t be ignored

• Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever

• VMware patches critical injection flaw in Carbon Black App Control (CVE-2023-20858)

• How Can I Watch The Kentucky Derby Live Stream 2023?

• Chinese President Xi Urges Tech Independence

• MyloBot Botnet Attacks Thousands of Windows Systems and Turns Them as Proxy

• How automation eases the burden of cloud permissions management for security teams

• What Is Kubernetes Observability and Why It’s Critical for Securing Your Clusters

• Public or Private Cloud: Choices to Consider

• HardBit ransomware tells corporate victims to share their cyber insurance details

• Hydrochasma: New Threat Actor Targets Shipping Companies and Medical Labs in Asia

• 3 Steps to Automate Your Third-Party Risk Management Program

• Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links

• CISA adds IBM Aspera Faspex and Mitel MiVoice to Known Exploited Vulnerabilities Catalog

• Digital Transformation EXPO Manchester (DTX)

• Scottish cyber start-up HighGround.io launches to help IT teams to measure, manage & communicate on cybersecurity

• Five Million Downloads OyeTalk Android App Leaks Private User Conversations

• ChatGPT: The Dark Side of Artificial Intelligence Crafting Custom Malware

• How to Turn On Advanced Data Protection for iCloud

• What tools does IRS offer to help you navigate through tax season?

• Samsung Launches Message Guard To Prevent Zero-Click Attacks

• No US Help Over ITC’s Apple Watch Import Ban Ruling

• CISA Warns of Two Mitel Vulnerabilities Exploited in Wild

• Putin Speech Interrupted by DDoS Attack

• Time Taken to Deploy Ransomware Drops 94%

• USDA to issue regulations to modernize, streamline the WIC program

• Call of Duty Developer Confirms Phishing Attempt but Not Breach

• RailYatri Data Breach Leaves Over 30 Million Users Exposed

• From Backup to Backdoor: Exploitation of CVE-2022-36537 in R1Soft Server Backup Manager

• DNA testing biz vows to improve infosec after criminals break into database it didn’t know it had

• Global threats fuel cyber defence training

• Managing Privileges is Essential Security Strategy

• Beware, new infostealing Stealc malware emerges

• VMware addressed a critical bug in Carbon Black App Control

• Succession Wealth Fails to Keep Cyber Attackers at Bay

• Meta Verified: New Paid Verification Service Launched for Instagram and Facebook

• Why performing security testing on your products and systems is a good idea

• Gcore Thwarts Massive 650 Gbps DDoS Attack on Free Plan Client

• Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks

• Best Practices for IT Service Providers | Avast

• Are your IoT devices at risk? Cybersecurity concerns for 2023

• U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog

• Thales High Speed Encryptors – Delivering on the Promise of 5G

• Google confirms Russian cyber-attacks on Ukraine

• VMware Patches Critical Vulnerability in Carbon Black App Control Product

• The top security threats to GraphQL APIs and how to address them

• SN1PER – Most Advanced Automated Penetration Testing Tool – 2023

• IBM: Most ransomware blocked last year, but cyberattacks are moving faster

• IBM: Ransomware defenders showing signs of improvement

• How a hub and spoke model can future-proof your cloud deployment

• Most vulnerabilities associated with ransomware are old

• Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

• Analysis: White House Cybersecurity Policy Maker – Secure Open Source Software Even If It Benefits ‘Adversaries’ We Should Do It Anyway

• RADIUS server authentication: Old but still relevant

• How to Stop Attackers That Target Healthcare Imaging Data

• Apple Bug Could Allow Attackers Access to Photos and Messages

• Apple Bug Allowed Photos and Messges Access to Remote Attackers

• Red Team vs Blue Team vs Purple Team: Differences Explained

• Thwarting the Theft of Resource Credentials

• Down the Cloudflare / Stripe / OWASP Rabbit Hole: A Tale of 6 Rabbits Deep 🐰 🐰 🐰 🐰 🐰 🐰

• No More Legal ‘Gatekeepers’? Plans to Downgrade the Status of Government Legal Advisers in Israel

• CloudCasa and Ondat bring bundled offering for Kubernetes storage and data protection

• Perimeter 81 and TD SYNNEX provide secure network access for the modern workforce

• Palo Alto CEO Nikesh Arora on the data defender’s big beat

• Reducing Security Incidents: Implementing Docker Image Security Scanner

• Scrut Automation Raises Funding of $7.5M, Led by MassMutual Ventures, Lightspeed, and Endiya Partners

• Down the Cloudflare / Stripe / OWASP Rabbit Hole: A Tale of 6 Rabbits Deep 🐰 🐰 🐰 🐰 🐰 🐰

• Why Low-Code AI Is Needed Now More Than Ever

• SMB Cyber Insurance: The End of Innocence

• Why Power Matters in Cyber Protection

• GoDaddy says it’s a victim of multi-year cyberattack campaign

• Twitter and two-factor authentication: What’s changing?

• How to set up two-factor authentication on Twitter using an app

• How to set up two-factor authentication on Twitter using a hardware key

• Multilingual skimmer fingerprints ‘secret shoppers’ via Cloudflare endpoint API

• CREST Calls for Greater Equity, Inclusion and Diversity As Part of National Cyber Security Strategy

• Black Hat to Launch Official Certification Program

• Down the Cloudflare / Stripe / OWASP Rabbit Hole: A Tale of 6 Rabbits Deep 🐰 🐰 🐰 🐰 🐰 🐰

Generated on 2023-02-23 23:55:34.446923