IT Security News Daily Summary 2023-03-02

• National cyber strategy faces major implementation challenges, experts say

• Data warehouse aggregates local homelessness data for statewide analysis

• Tech layoffs have opened the door for IT talent. Now governments must close the deal.

• Vulnerability Management: Definition, Process & Tools

• Biden’s Cybersecurity Strategy Calls for Software Liability, Tighter Critical Infrastructure Security

• Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• White House National Cybersecurity Strategy: Software Firms Liable for Breaches

• IAM Best Practices

• BlackLotus Bookit Found Targeting Windows 11

• Report: ICE and the Secret Service Conducted Illegal Surveillance of Cell Phones

• Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• The Data Security Team’s Guide to Data Security Posture Management (DSPM)

• Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Warzone 2 Cheats and Hacks Can Amplify Your Gameplay

• 1Password is looking to a password-free future. Here’s why

• Google Workspace admins can now use client-side encryption on Gmail and Calendar

• New National Cybersecurity Strategy takes aim at ransomware

• Palo Alto Networks Named a Visionary in 2022 Magic Quadrant for EPP

• Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• GunAuction – 565,470 breached accounts

• Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Intruder alert: WH Smith hit by another cyber attack

• Ransomware attacks ravaged big names in February

• New Report: Inside the High Risk of Third-Party SaaS Apps

• Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets

• Dumb Password Rules

• Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• U.S. DoD Puts CPD At Heart of Its New Cyber Workforce Strategy

• Drone cybersecurity assessment program launches

• Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• How To Handle Secrets in Python

• Is Observability Replacing Testing?

• White House sends anti-fraud wishlist to Congress as stakeholders await identity executive order

• What GoDaddy’s Years-Long Breach Means for Millions of Clients

• Cryptojacking campaign targets insecure deployments of Redis servers

• Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Accurately assessing the success of zero-trust initiatives

• Google Trust Services now offers TLS certificates for Google Domains customers

• Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• CrowdSrike: Cybercriminals Are Choosing Data Extortion Over Ransomware Attacks

• Silicon Insights: How to Evolve Your Enterprise’s Digital Marketing: Part 1

• CloudNativeSecurityCon 2023: A Unique Community Event Focused On the Future of Open Source and Cloud Native Security

• BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems

• API Security Flaw Found in Booking.com Allowed Full Account Takeover

• White House Institutes National Cybersecurity Strategy

• Coded Resistance, the Comic!

• Azure WAF guided investigation Notebook using Microsoft Sentinel for automated false positive tuning

• Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Tech Issues Persist at Minneapolis Public Schools

• Retail Giant WH Smith Cyberattack – Employee Data Stolen

• Microsoft is named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Free MortalKombat Ransomware Decryptor Released

• Dish Network Blames Ransomware for Ongoing Outage

• Advance Your Cybersecurity Career with Toolkits from (ISC)² and BUiLT

• Building blocks for Cyber resilience:  MSSPs can lead the way

• 8 Common Cybersecurity issues when purchasing real estate online: and how to handle them

• New tool to help cities make the case for public safety funding

• S3 Ep124: When so-called security apps go rogue [Audio + Text]

• Hackers Target Young Gamers: How Your Child Can Cause Business Compromise

• Booking.com’s OAuth Implementation Allows Full Account Takeover

• Cisco fixed a critical command injection bug in IP Phone Series

• U.S Marshals Service Suffers Data Breach, Hackers Steal Personal Data

• Creator of WannaCry Hero and Kronos Malware Named Cybrary Fellow

• White House Launches National Cybersecurity Strategy

• New research, tooling, and partnerships for more secure AI and machine learning

• The most effective cybersecurity awareness training is personalized

• Cyber Attack news headlines trending on Google

• Chromium Vulnerability Allowed SameSite Cookie Bypass On Android Devices

• BlackLotus UEFI Bootkit – First Known Malware to Bypass Secure Boot Defenses

• Trezor crypto wallets under attack in SMS phishing campaign

• Critical Vulnerabilities Allowed Booking.com Account Takeover

• Webinar Today: Entering the Cloud Native Security Era

• Advancing Women in Cybersecurity – One CMO’s Journey

• Meta Says $725M Deal Ends All Cambridge Analytica Claims – One State Disagrees

• UK Retailer WH Smith Hit By Another Data Leak

• BlackLotus Can Bypass Secure Boot On Windows Machines

• NSO Group Co-Founder Emerges As New Majority Owner

• Create, Add, and Edit Email Signatures in Outlook – Ultimate Guide 2023

• The Data Security Team’s Guide to Data Security Posture Management (DPSM)

• Dropbox lifts Passwords restrictions for free users

• Intruder alert: UK retailer WH Smith hit by another cyber attack

• On Shaky Ground: Why Dependencies Will Be Your Downfall

• Everybody Wants Least Privilege, So Why Isn’t Anyone Achieving It?

• Trezor Wallet Alerts Of Major Crypto Phishing Campaign

• SpaceX Launches Space Station Crew In NASA Mission

• ProtonVPN launches extensions for Chrome and Firefox browsers

• What is a Blue Teamer, and How Can They Protect Your Data?

• Hackers Exploit Containerized Environments to Steals Proprietary Data and Software

• Unpacking Biden’s Conventional Arms Transfer Policy

• AI Nuclear Weapons Catastrophe Can Be Avoided

• Serious API security flaws now fixed in Booking.com could affect many more websites

• What’s Driving the Demand for GRC Professionals in Critical Infrastructure?

• Cisco Patches Critical Vulnerability in IP Phones

• White House Releases National Cybersecurity Strategy

• Information of European Hotel Chain’s Customers Found on Unprotected Server

• Canadian Bookstore Chain Indigo Says Employee Data Stolen in Ransomware Attack

• Attackers increasingly using transfer.sh to host malicious code

• The Future is Now: How Digitalization is Revolutionizing UK Visa Processes in 2023

• Intruder alert: UK retailer WH Smith hit by another data leak

• Can The US-Led Multinational Counterattack Stop Ransomware’s Gold Rush?

• Cybersecurity Attacks To Come: Here’s How To Prepare

• WH Smith Discloses Cyber-Attack, Company Data Theft

• Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks

• This Hacker Tool Can Pinpoint a DJI Drone Operator’s Exact Location

• Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI

• 2023 Browser Security Report Uncovers Major Browsing Risks and Blind Spots

• New Cryptojacking Campaign Leverages Misconfigured Redis Database Servers

• Rapid7 Report: Attackers are Launching Exploits Faster Than Ever Before

• Are you using a secure password manager? Find out why Bitwarden passed its annual audit with flying colors

• WH Smith Admits Staff Data Accessed In ‘Cyber Incident’

• New CISA Tool ‘Decider’ Maps Attacker Behavior to ATT&CK Framework

• US government puts cybersecurity at forefront with newly announced National Strategy

• The Biggest Data Breaches of 2023

• Fraudsters can Rob your Entire Digital Life Using this iPhone Feature

• Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer

• Poland Blames Russian Hackers For Tax Website Attack

• Pirated Mac Apps Contain Malware, and iMessage Support on Windows (Sort of) – Intego Mac Podcast Episode 281

• Winning Combinations: Check Point Customers and Their Advanced Security Solutions

• 10 Database Security Best Practices You Should Know

• Even the virtual metaverse has a gender gap

• Russian Government Bans Foreign Messaging Apps

• White House aims to shift cybersecurity burden from individuals, small businesses to tech providers

• Tesla To Build Factory In Mexico, Says President

• New White House cyber strategy looks to redistribute risks, responsibilities

• GitHub Secret Scanning Now Generally Available

• ICO Calls for Review into Private Message Use by Ministers

• BlackLotus UEFI bootkit disables Windows security mechanisms

• Major Phishing Campaign Targets Trezor Crypto Wallets

• Threat actors target law firms with GootLoader and SocGholish malware

• Pierce Transit: Bus System In Washington Admits Ransomware Attack

• SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics

• Do you know what your supply chain is and if it is secure?

• Forget ChatGPT, the most overhyped security tool is technology itself, Wiz warns

• Appdome ThreatScope Mobile XDR provides threat intelligence for mobile apps

• Europe Leads the Cybersecurity Regulation Dance

• Phishing as a Service Stimulates Cybercrime

• R3NIN Sniffer Malware Stealing Credit Card Data from E-commerce Consumers

• Cyber resilience in focus: EU act to set strict standards

• Don’t be fooled by a pretty icon, malicious apps hide in plain sight

• Moving target defense must keep cyber attackers guessing

• Uncovering the most pressing cybersecurity concerns for SMBs

• Layoffs are set to continue. But workers from this sector may escape

• Law firms facing malware cyber threat

• How to protect your car dealership from cyber-attacks

• Critical Flaw in Cisco IP Phone Series Exposes Users to Command Injection Attack

• Latest Cyberthreats and Advisories – February 24, 2023

• The Top 5 New Social Engineering Attacks in 2023

• Internet Access, Privacy ‘Essential for Freedom’: Proton Chief

• ThreatNG Cloud and SaaS Exposure Module empowers users with a proactive outside-in perspective

• ReasonLabs FamilyKeeper enables parents to monitor social media conversations

• Radiant Logic’s redesigned platform helps organizations improve their overall security posture

• Pliant Observability Solution accelerates device and data onboarding

• Appdome ThreatScope Mobile XDR tracks Android and iOS attacks in real time

• Layoffs are set to continue. But workers from this sector may likely escape

• BidenCash Market Leaks 2M Credit Cards in Birthday Blitz

• HCLSoftware and SolarWinds join forces to build AI-based telecom observability platform

• Axis Communications and Genetec introduce an enterprise-level access control solution

• Otorio partners with Compugen to enhance security for OT operations

• How Cambodia-based scammers made an estimated $3 million in ‘pig butchering’ scheme

• I Asked an Algorithm to Optimize My Life. Here’s What Happened

• Microsoft introduces AI model that can understand image content, pass IQ tests

• Fast-moving Musk makes very slow progress turning Twitter into “everything app”

• 15 Best Practices on API Security for Developers

• Could Bitcoin Be The Future Of DeFi?

• The Unsung Heroes of Open Source: The Dedicated Maintainers Behind Lesser-Known Projects

• LastPass was undone by an attack on a remote employee

• Crushing the two biggest threats to mobile endpoint security in 2023

• AI voice cracks telephone banking voice recognition

• SBOM graph database aims to be cloud security secret sauce

• Wireless Security: WEP, WPA, WPA2 and WPA3 Explained

• Ermetic Adds Kubernetes Security to CNAPP

• InQuest appoints Darren Spruell as Chief Intelligence Officer

• Stop using your 4-digit iPhone passcode in public. Do this instead

• 2 of the Worst Healthcare Data Breaches in US History Happened Last Year

• Octillo Launches Women’s Cybersecurity Scholarship in Partnership With the Center for Cyber Safety and Education

• Canada is going to ban TikTok on government mobile devices

• How to turn on Private DNS Mode on Android (and why you should)

• One State Throws A Wrench In Facebook Privacy Settlement Plans

• Dish Blames Ransomware Attack for Disruptions of Internal Systems, Call Center Services

• Fastly Launches Managed Security Service to Protect Enterprises From Rising Web Application Attacks

• Forescout Addresses Modern SecOps Challenges With Launch of Forescout XDR

• Visibility Is as Vital as Zero Trust for Low-Code/No-Code Security

• DoControl’s 2023 SaaS Security Threat Landscape Report Finds Enterprises and Mid-Market Organizations Have Exposed Public SaaS Assets

• IT Security News Daily Summary 2023-03-01

• Work with what you’ve got: Accelerating zero trust deployments

• It’s official: BlackLotus malware can bypass Secure Boot on Windows machines

• TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

• Main Targets of Ransomware Attacks & What They Look For

• Microsoft Warns of Surge in Token Theft, Bypassing MFA

• BlackLotus is the first bootkit bypassing UEFI Secure Boot on Windows 11

• Offensive Security Is Now OffSec – Refresh Reflects Future of Cybersecurity Learning and Skills Development

• The Impact of AI on Telecoms Fraud Protection Strategies

• Zero Trust Distributed Computing With WebAssembly and WasmCloud

• Why TikTok Is Being Banned on Gov’t Phones in US and Beyond

• Configuring host-level audit logging for AKS VMSS

• Azure Kubernetes Service (AKS) Threat Hunting

• Login Flow With Google Identity Services and Firebase

• Angular vs. React: Which JS Framework Is Better?

• Unpatched, known vulnerabilities still key driver of cyberattacks

• Linux Support Expands Cyber Spy Group’s Arsenal

• CISA advisory details red team attack on critical infrastructure organization

• Cyber criminals are increasingly exploiting cloud environments, report finds

• Dig into feedback on digital services, experts advise

• So You Want to Launch 5G — Is Your 5G Security Strategy Ready?

• Webinar Tomorrow: Entering the Cloud Native Security Era

• What Happened in That Cyberattack? With Some Cloud Services, You May Never Know

• Cybercriminals Targets Law Firms With GootLoader & FakeUpdates

• Google Workspace Adds Client-Side Encryption to Gmail and Calendar

• The Future of Cybersecurity and How Artificial Intelligence Is Changing the Way

• The Importance of Recession-Proofing Security Operations

• Cisco to Acquire Valtix for Cloud Network Security Tech

• Top 10 Security, Operational Risks From Open Source Code

• 8 ways to secure Chrome browser for Google Workspace users

• Lazarus’s Latest Weapons: Wslink Loader and WinorDLL64 Backdoor

• GoDaddy, a Web Hosting Provider Hit Multiple Times by the Same Group

• SEC cyber risk management rule—a security and compliance opportunity

• The Significance of Key Risk Indicators in Organisations

• Could the Pentagon use a little ChatGPT?

• DHS tests show facial recognition tech has varied results, but gaining ground

• Report: Smarter wildfire fighting demands better data quality and sharing

• Two Hacking Groups Seen Targeting Materials Sector in Asia

• Ransomware Attacks: Don’t Let Your Guard Down

• CISA Shares Advice to Improve Networks’ Monitoring and Hardening

• Cyberattackers Double Down on Bypassing MFA

• (ISC)² Security Congress 2023 Begins Call for Presentations

• Third party Cybersecurity risks in securing the supply chain

• Stories from the SOC  – The case for human response actions

• GuLoader – a highly effective and versatile malware that can evade detection

• Belgium admits China hackers behind the attack on European Government MP

• CISA: ZK Java Framework RCE Flaw Under Active Exploit

• The Microsoft Intune Suite fuels cyber safety and IT efficiency

• Upgrading from API v2 to v3: What You Need to Know

• The Digital World is Changing Fast: Data Discovery Can Help

• Creating secure customer experiences with zero trust

• Public SaaS Assets Are a Major Risk For Medium, Large Firms

• Satellite TV giant Dish admitted that the recent outage was caused by a ransomware attack

• Experience the Refreshed OffSec

• Visualize change with an out-of-the-box configuration report

• Google Cloud Platform allows data exfiltration without a (forensic) trace

• US Officials Make Case for Renewing FISA Surveillance Powers

• Several Law Firms Targeted in Malware Attacks

• Without FIDO2, MFA Falls Short

• PlugX RAT Masquerades As Legit Windows Debugger To Slip Past Security

• Investors Pull Around $6 Billion Out Of Binance’s Stablecoin

• TikTok Answers Three Big Cybersecurity Fears About The App

• Dish Network Confirms Cyberattack

• Business and Human Rights Requirements Are on the Rise in 2023

• The Digitalization of the Casino Industry: How Small Online Casinos are Adapting?

• Here is How Toronto-area Police Force Helped Take Down a Russian-linked Hacking Group

• Top 10 open source software risks for 2023

• Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware

• Perception Point Recognized in 2023 Gartner® Market Guide for Email Security for Fourth Year in a Row

• (ISC)² Members Reveal Deep Skepticism About Artificial Intelligence and Machine Learning

• Cybercriminals Use ChatGPT to Ease Their Operations

• Future of the Cloud is Plagued by Security Issues

• The Ukraine Invasion Blew up Russian Cybercrime Alliances

• Google is expanding this ‘next level’ encryption to more Gmail users

• Social Engineering: Definition & 6 Attack Types

• AI-Powered SASE Is Center Stage at Virtual SASE Launch Event

• Google: Client-Side Encryption Added To Gmail And Calendar

• A Stronger European Defense Requires Resetting Cooperation Between the U.K. and Europe

• Microsoft Rolls Out Bing AI To Windows 11

• South American Cyberspies Impersonate Colombian Government in Recent Campaign

• CISO Conversations: Code42, BreachQuest Leaders Discuss Combining CISO and CIO Roles

• Google Workspace Client-Side Encryption Now Generally Available in Gmail, Calendar

• UK sees 35% increase in mobile phishing exposures – Global State of Mobile Phishing Report

• DNS abuse: Advice for incident responders

• U.S. Marshals Service Hacked – Sensitive Information Leaked

• Record Number of Mobile Phishing Attacks in 2022

• Parallax RAT used in attacks aimed at cryptocurrency entities

• Fooling a Voice Authentication System with an AI-Generated Voice

• CISOs Are Stressed Out and It’s Putting Companies at Risk

• BlackLotus Becomes First UEFI Bootkit Malware to Bypass Secure Boot on Windows 11

• What Printer Can I Use for Sublimation?

• Are New Technologies Revolutionizing the Gambling Industry? The Future of Casino

• Bitwarden passes annual security audit with flying colors

• China Warns Elon Musk Over Wuhan Lab Leak Tweet

• Dish Network Says Outage Caused by Ransomware Attack

• Keylogger on Employee Home PC Led to LastPass 2022 Breach

• Bitwarden passes third annual security audit with flying colors

• How To Reduce Security Risks Posed by Cloud Identities?

• Key tips for helping secure your digital life

• Social Engineering: Definition & 5 Attack Types

• Dish Network Confirms Outage Was Due To Ransomware Attack

• 5 Best Video Editing SDKs for iOS

• Critical Vulnerabilities Patched in ThingWorx, Kepware IIoT Products

• Attacker Breakout Time Drops to Just 84 Minutes

• 3 Reasons for Securing Your Company with Passwordless Login

• Dish Network Confirms Ransomware Outage

• Gmail and Google Calendar Now Support Client-Side Encryption (CSE) to Boost Data Privacy

• Researchers Release MortalKombat Ransomware Decryptor

• 3 Key Takeaways from the 2023 Gartner Market Guide for Email Security

• Bitdefender Releases New Decryptor For MortalKombat Ransomware

• Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting

• Intel Offers Quantum SDK For Developers

• Why performing security testing on your products and systems is a good idea

• Former FTX Engineer Pleads Guilty To Fraud Charges

• Elon Musk Overstated Tesla Autopilot New Lawsuit Alleges

• Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques

• PlugX RAT masquerades as legit Windows debugger to slip past security

• Google Gmail client-side encryption is available globally

• 5 open source Burp Suite penetration testing extensions you should check out

• Developers can make a great extension of your security team

• Provide Your Feedback on the CISSP-ISSEP Exam Outline

• Governance of Zero Trust in manufacturing

• RADIUS server authentication: Old but still relevant

• LastPass becomes a cyber attack victim for the second time from the first time

• Alarming Rise in Mobile Banking Malware – Over 200,000 New Installers Discovered

• Dormant accounts are a low-hanging fruit for attackers

• Covert cyberattacks on the rise as attackers shift tactics for maximum impact

• A modern-day look at AppSec testing tools

• Google Adds Client-Side Encryption to Gmail, Calendar

• AlertEnterprise reveals Guardian AI Chatbot powered by OpenAI ChatGPT

• CIS Hardened Images List

• Infosec products of the month: February 2023

• U.S. Marshals Service hacked in ‘major incident’

• VMware extends SD-WAN to OT with new software client offering

• Veeam Backup for Microsoft 365 v7 strengthens data protection

• How to Choose the Right Data Masking Tool for Your Organization

• Huawei launches ‘world’s best’ ransomware detection system

• Google: You get crypto, you get crypto, almost everyone gets email crypto!

• Optimize Mac Storage can make your files go poof. Ask me how I know

• CISOs Share Their 3 Top Challenges for Cybersecurity Management

• Google adds client-side encryption to Gmail and Calendar. Should you care?

• Video Marketing Software Animker Leaking Trove of User Data

• Keep Your Application Secrets Secret

• Thales and Qualcomm join forces to launch GSMA certified iSIM

• US government sets a 30-day deadline for wiping TikTok from feds’ phones

• How to Use Input Sanitization to Prevent Web Attacks

• Cyolo unveils partner program to accelerate adoption of zero-trust access

• iPhone users targeted in phone AND data theft campaign

• US Marshals Service hit by ransomware and data breach

Generated on 2023-03-02 23:55:31.888998