IT Security News Daily Summary 2023-03-08

• Emotet Resurfaces Yet Again After 3-Month Hiatus

• Edgeless Systems Raises $5M to Advance Confidential Computing

• Monitor Azure Virtual Network Manager changes with event logging

• Authenticate With OpenID Connect and Apache APISIX

• How blockchain can improve digital evidence collection and collaboration

• Broadband equity means access and adoption, not just infrastructure rollouts

• TSA issues cybersecurity amendment for aviation industry

• With tablets, hybrid classes inmates prep for cloud jobs

• TSA Issues Urgent Directive to Make Aviation More Cyber Resilient

• Veeam warns to install patches to fix a bug in its Backup & Replication product

• BlackLotus UEFI bootkit Can Bypass Secure Boot on Windows

• IRS CIO moving to Treasury CTO post

• 40% of Global ICS Systems Attacked With Malware in 2022

• Elon Musk Admits “Massive Decline” In Ad Revenue

• Solving the Enduring Pain of Authorization With Aserto’s Co-Founder and CEO, Omri Gazitt

• The best VPN deals right now: March 2023

• The FBI Just Admitted It Bought US Location Data

• Why Healthcare Cybercrime is the Perfect Storm

• 10 iPhone Privacy Settings You Need to Change for Better Security

• AWS Multi-Account Strategy and Landing Zone

• Phishing Attack Uses UAC Bypass to Drop Remcos RAT Malware

• Can I Code Without My Laptop

• Access management must get stronger in a zero-trust world

• Google One brings VPN feature to more plans, adds dark web monitoring for personal info

• Russian Influence Duo Targets Politicians, CEOs for Embarrassing Video Calls

• Thank you and goodbye to the Chrome Cleanup Tool

• OSV and the Vulnerability Life Cycle

• AI Takes Center Stage: How Artificial Intelligence is Revolutionizing the Marketing Industry

• Despite the Risk of Ransomware Attacks, Businesses Continue to Pay

• CISA still has work to do to fix agency weaknesses revealed by SolarWinds, watchdog says

• AI-Powered ‘BlackMamba’ Keylogging Attack Evades Modern EDR Security

• Microsoft Tells UK It Will Licence Call Of Duty To Sony For A Decade

• NIST renews cyber center partnership, launches small business focus

• US RESTRICT Act Gains Supports, Empowers Biden to Ban Foreign Tech

• The 8 Best Vulnerability Scanner Tools for 2023

• Jenkins Security Alert: New Security Flaws Could Allow Code Execution Attacks

• 4 best-practices to keep your Windows Server estate secure and optimized

• Mistakes by Threat Actors Lead to Disruption, Not Just Better Blocking

• White House cybersecurity plan collides with SecOps reality

• Lazarus Group Targets South Korean Finance Firm Via Zero-Day Flaw

• In the Jan. 6 Lawsuits, the Justice Department Cuts Trump Loose

• State Legislatures Threaten Right to Anonymous Speech

• Voices of Women in Cyber – (ISC)² Candidate Nidhi Kannoujia

• ChatGPT Added To Salesforce’s Slack

• Lawmaker: Schools need federal advocate to negotiate cyber contracts

• SYS01 Stealer Targets Critical Infrastructure With Google Ads

• North Korea-linked Lazarus APT used a 0-day in a recent attack

• New Info Stealer SYS01 Targets Key Government Infrastructure

• Does Antivirus Detect and Remove All Malware?

• Grace Hopper: The Woman Who Changed How We Code and Test

• U.S. DoD Puts CPD At Heart of Its New Cyber Workforce Strategy

• NSA offers tips to safeguard home networks from cyber attacks

• UK Government Introduces New Data Protection Bill

• Intel Seeks $5 Billion More In Subsidies For German Chip Plant – Report

• New Facebook Malware Is Targeting Government Employees, Business Accounts And More

• Lacework Launches Secured by Women Initiative

• The US Air Force Is Moving Fast on AI-Piloted Fighter Jets

• DarkTrace Warns Of Rise In AI-Enhanced Scams Since ChatGPT Release

• TikTok Unveils New European Data Security Regime

• Info Stealer Targets Facebook Business Accounts

• Acer Confirms Server Intrusion After Miscreant Offers 160GB Cache Of Stolen Files

• The West Accuses TikTok of Espionage & Data Mining

• New MOTW Bypass Method Introduced by LockBit

• The Complete Guide to Apple Watch Bands

• Vulnerabilities In TPM 2.0 Could Expose Cryptographic Keys

• ‘Sys01 Stealer’ Malware Targeting Government Employees

• Biden administration raises software liability questions

• Surge in Cloud Adoption Means a Greater Data Attack Surface for Healthcare and Financial Services

• Plagued by slow internet? Try these 11 ways to speed up your connection

• Rising Public Cloud Adoption Is Accelerating Shadow Data Risks

• Asset Tokenization on Blockchain is the Future of Real Estate?

• BrandPost: Protecting the Edge Is More Important Than Ever

• BrandPost: How 3 Tools Can Revitalize Your Security Strategy

• BrandPost: Is Your XDR Strategy Incomplete?

• How CISOs can do more with less in turbulent economic times

• Hard-coded secrets up 67% as secrets sprawl threatens software supply chain

• Finding Your Grit with Deloitte’s Deborah Golden

• Steps To Planning And Implementation Of Application Security

• International Women’s Day: Only One Fifth of Cybersecurity Leadership Roles filled by Women

• Research Reveals ‘Password’ Still the Most Common Term Used by Hackers to Breach Enterprise Networks

• APT41: Cyberespionage Group Targets Asian Materials Industry

• Hackers Using Facebook Ads to Attack Critical Infrastructure Employees

• Modem vs router: What’s the difference?

• Chrome 111 Patches 40 Vulnerabilities

• Virtual Event Today: Ransomware Resilience & Recovery Summit

• FBI & Pentagon Officials Developed “Truly Unconstrained” Facial Recognition

• Tech Giants Go Cloud-Native Shopping

• A New Emotet Campaign Is Ongoing After a Three-month Break

• International Women’s Day: Must-Watch Webinars by Women in Cybersecurity

• Making the most of your time at the RSA 2023 conference

• Has Adoption of ‘Connected Devices’ Outpaced Security?

• How to Stay GDPR Compliant While Sending Cold Emails

• 160 GB of Acer data is now available for sale on the dark web

• Cloud trends 2023: Cost management surpasses security as top priority

• Syxsense Platform: Unified Security and Endpoint Management

• Can You Use Sublimation Ink for Regular Printing?

• How to Check Twitch Chat Logs: A Comprehensive Guide

• Snapchat Vulnerability Could Allow Deleting Users’ Content Spotlight

• Pros & cons of using free VPNs in 2023

• White House Backs Bill That Could Lead To Nationwide Ban Of TikTok

• Hacker Leaks 73M Records from Indian HDFC Bank Subsidiary

• CISA adds three new bugs to Known Exploited Vulnerabilities Catalog

• TSA Requires Aviation Sector to Enhance Cybersecurity Resilience

• Freenom Suspends Domain Registrations After Being Sued by Meta

• Securing Your Supply Chain Through Cyber Risk Management

• BlackLotus Malware Hijacks Windows Secure Boot Process

• China says it’s ‘puzzled’ after report Germany might ban Huawei from parts of 5G mobile network

• The White House Makes a Step Toward Nationwide TikTok Ban

• Musk Apologises After Mocking Fired Twitter Director

• International Women’s Day: Achieving Gender Parity in the C-Suite and Advancing Equity in the Cybersecurity Industry

• Officials Targeted with Romance Scams and Android Trojans

• Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity

• Security 360 Reports Shows That Threat Actors Are Targeting BYOD And Company Devices

• PIM vs PAM vs IAM: What’s The Difference?

• Acer Discloses Data Breach: 160GB of Sensitive Information for Sale

• How IT Consultancy Improves Security?

• Is Uno the first next-generation password manager?

• China-linked APT Sharp Panda targets government entities in Southeast Asia

• Government Claims New UK GDPR Will Save Firms Billions

• The state of stalkerware in 2022

• Steps To Planning And Implementation Of Cloud Security

• Application Security Capability Guide

• Measuring Investment Performance: Common Pitfalls to Avoid

• Securing ways to share workplace passwords

• Cyber-Threat Detections Surge 55% in 2022

• Three Levels of Change: Approval, Purpose, and Careful Monitoring

• What Are Parameter Tampering Attacks?

• Sharp Panda Targets Southeast Asia in Espionage Campaign Expansion

• Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments

• Grace Hopper: The Women Who Changed How We Code and Test

• Why performing security testing on your products and systems is a good idea

• VMware NSX Manager bugs actively exploited in the wild since December

• CISA’s KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems

• How STEM education can solve talent shortages, improve cybersecurity

• Three crucial moments when founding a cybersecurity startup

• Boeing signs off anti-jamming tech that keeps satellites online

• 8 Common Cybersecurity issues when purchasing real estate online: and how to handle them

• An assessment of ransomware distribution on darknet markets

• How to gain data access to accounts of our dead near and dear

• PoC Exploit Released For Critical Microsoft Word RCE Bug

• AI is taking phishing attacks to a whole new level of sophistication

• Attackers exploit APIs faster than ever before

• New Kensington privacy screens protect against visual hacking

• Akamai unveils new service and tools to help users reduce attack surface

• Persona Graph proactively surfaces and blocks hidden fraud rings

• ChatGPT’s API Is Here. Let the AI Gold Rush Begin

• Why do Businesses Need to Focus More on Cybersecurity

• SANS Institute and Google collaborate to launch Cloud Diversity Academy

• Alert: Crims are hijacking these DrayTek routers to attack businesses

• Acer confirms server intrusion after miscreant offers 160GB cache of stolen files

• 4 Things You May Not Know About Performance Analytics Technology

• Section 702’s Unconstitutional Domestic Spying Program Must End

• 2023-03-07 – Emotet infection with spambot traffic

• Warning issued over Royal ransomware

• Play ransomware gang leaks City of Oakland data

• DoppelPaymer ransomware group disrupted by FBI and European police agencies

• These DrayTek routers are under actual attack – and there’s no patch

• 6G mobile internet will launch in 2030, telecom bosses say, even as 5G adoption remains low

• Sued by Meta, Freenom Halts Domain Registrations

• SYS01 stealer targets critical government infrastructure

• Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw

• After Musk’s mass layoffs, one engineer’s mistake “broke the Twitter API”

• Microsoft aims to reduce “tedious” business tasks with new AI tools

• Threat actors are using advanced malware to backdoor business-grade routers

• Threat Hunting with VirusTotal – Episode 2

• Microsoft Found Shein App Copying Clipboard Content on Android Phones

• IT Security News Daily Summary 2023-03-07

• Research shows two-thirds of orgs have had breaches caused by remote working

• FedRAMP, StateRAMP cultivate small biz providers

• Tips for multicloud public health IT operations

• How data breaches lead to fraud risk

• GSA officials misled agencies about Login-dot-gov

• Akamai Technologies Releases New Service and Tools to Stop Advanced Threats and Drive Zero Trust Adoption

• Combating Ransomware: A Roadmap for Progress

• NIH automated biomedical office teases small biz cybersecurity contract

• Hiatus Campaign Infects DrayTek Routers for Cyber Espionage, Proxy Control

• Virtual Event Tomorrow: Ransomware Resilience & Recovery Summit

• Pre-Deepfake Campaign Targets Putin Critics

• Hiatus Campaign Infects DrayTek Gear for Cyber Espionage, Proxy Control

• EFF Tells Supreme Court: Trademark Law Doesn’t Trump the First Amendment

• Dependency Injection and Ways to Inject It Using .NET Core API

• Acer Confirms Data Offered Up for Sale Was Stolen

• What Is Penetration Testing? Complete Guide & Steps

• Hacker Cracks Toyota Customer Search Tool

• Serious DJI Drones Flaws Could Crash Drones Mid-flight

• Acting national cyber director offers new details on upcoming cyber workforce strategy

• The best VPN services for iPhone and iPad in 2023

• Vishing attacks increasing, but AI’s role still unclear

• Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears

• ManageEngine Launches Security and Risk Posture Management in its SIEM Solution

• EFF Comments to NTIA on Privacy and Civil Rights

• Meeting Today’s Complex Data Privacy Challenges

• Serious Security: TPM 2.0 vulns – is your super-secure data at risk?

• Transparent Tribe Hackers Disseminate CapraRAT via Trojanized Messaging Apps

• Foxconn To Construct Factory In India – Report

• OWASP Kubernetes Top 10

• Sharp Panda Target Southeast Asia in Espionage Campaign Expansion

• Palo Alto Survey Reveals 90% of Organizations Cannot Resolve Cyberthreats Within an Hour

• 99% of Cybersecurity Leaders Are Stressed About Email Security

• Scams Security Pros Almost Fell For

• Chinese Sharp Panda Group Unleashes SoulSearcher Malware

• Alphabet’s Sundar Pichai Admits Some Google Offices Are Like ‘Ghost Town’

• CrowdStrike: Attackers focusing on cloud exploits, data theft

• Shein App Accessed Clipboard Data on Android Devices

• Ransomware Attack Against Barcelona Hospital Disrupts Operations

• Remcos RAT Spyware Scurries Into Machines via Cloud Servers

• Acer discloses a new data breach, 160 GB of sensitive data available for sale

• Shein App Caught Sending Clipboard Info To External Servers

• HiatusRAT Malware Attack Routers to Gain Remote Access & Download Files

• fuzz testing (fuzzing)

• Criminal justice algorithms still discriminate

• Delinea Adds New features for its Privilege Manager and DevOps Secrets Vault

• XDR vs EDR – A Comparison

• LastPass Releases New Security Incident Disclosure and Recommendations

• New Phishing Scam Targets User’s With Fake ChatGPT Platform

• DDoS attack hits Mastodon, the Twitter rival

• Appointments Cancelled After Ransomware Attack On Barcelona Hospital

• Tesla Cuts US Prices Of Model S, Model X

• Want data security? Concentrate on cybersecurity training, RangeForce raises $20M

• Russia’s Cyber Tactics in Ukraine Shift to Focus on Espionage

• Expert released PoC exploit code for critical Microsoft Word RCE flaw

• Acer’s Sensitive Data Allegedly For Sale On A Hacker Forum

• SOAR, SIEM, SASE and Zero Trust: How They All Fit Together

• Creating responsible AI presents ‘major technical challenges,’ NIST official says

• Acer Confirms Breach After Hacker Offers to Sell Stolen Data

• Vulnerability in Toyota Management Platform Provided Access to Customer Data

• Cyber Security Works to Rebrand As Securin Inc.

• Optiv Launches Full Suite of Operational Technology Services

• Ransomware’s Favorite Target: Critical Infrastructure and Its Industrial Control Systems

• Advanced Malware Being Used To Backdoor Routers

• Stealthy UEFI Malware Bypassing Secure Boot Enabled By Unpatchable Windows Flaw

• Ukraine, Germany Take Down DoppelPaymer Gang

• BidenCash Card Shop Leaks 2 Million Payment Card Records

• SYS01stealer: New Threat Using Facebook Ads to Target Critical Infrastructure Firms

• Gun Control and Statutory Interpretation: Controversy Over the ATF’s Ban on Bump Stocks

• Germany To Ban Huawei, ZTE From 5G Networks – Report

• Secure APIs: Best Practices and Measures

• Getting to Know Francisco Criado, Check Point’s New VP, Global Partner Ecosystem Organization

• Transparent Tribe APT weaponising Android messaging apps to target officials in India and Pakistan with romance scams

• Can a Barista Become Your Next SOC Analyst?

• Exploitation of Bitrix CMS Vulnerability Drives ICS Attack Surge in Russia

• Edgeless Systems Raises $5m for Trustworthy Data Processing

• Talking Cyberinsurance With Munich Re

• Just 10% of Firms Can Resolve Cloud Threats in an Hour

• The Potential Consequences for Africa of an FTO Designation of the Wagner Group

• Silicon In Focus Podcast: International Women’s Day

• The Road to a Role in Tech Begins Early

• Women in CleanTech is Just One Way We’re Dealing with the Climate Challenge

• How Businesses are Putting Gender Equality Back in the Tech Sector

• 5 Ways to Secure a Virtual Machine in Cloud Computing

• Here are the Countries That Have Imposed TikTok Ban

• 7 Essential Tips to Ensure Your Wi-Fi Security and Protect Your Personal Information

• Law Enforcement Using Facebook Chat Logs to Prosecute Abortion Seekers

• Major Twitter Outage Caused By Single Engineer – Report

• How is CIAM different from IAM?

• Prompt Injection Attacks on Large Language Models

• Cloud Security Capability Guide

• Android’s March 2023 Updates Patch Over 50 Vulnerabilities

• Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing

• Brazilian Conglomerate Suffers 3TB Data Breach: Report

• Russian Disinformation Campaign Records High-Profile Individuals on Camera

• How Denmark’s Welfare State Became a Surveillance Nightmare

• Why Healthcare Can’t Afford to Ignore Digital Identity

• Transparent Tribe Hackers Distribute CapraRAT via Trojanized Messaging Apps

• Hospital Clinic de Barcelona Suffered a Ransomware Attack

• Core Members of the DoppelPaymer Ransomware Gang Detained by the Europol

• The Secretive Side of Texting: The Ethics of Sending Anonymous SMS Messages 2023

• Air Fryers are Offered by Scammers as a ‘Free’ Kitchen Gadget

• LastPass hack caused by an unpatched Plex software on an employee’s PC

• Cloud-Native Security Survey: Patterns and Tipping Points in New Report

• Cybersecurity Industry News Review: March 7, 2023

• Meta Planning Thousands More Job Cuts – Report

• “Sharp Panda”: Check Point Research puts a spotlight on Chinese origined espionage attacks against southeast asian government entities

• What to Know About Business Email Compromise (BEC) Scams

• Why API Security is a Growing Concern for UK Companies

• YouTube Videos Not Playing – 6 Ways to Fix

• Ransomware Hits Major Barcelona Hospital, Appointments Canceled

• Find Out More About the New HiatusRAT Router Malware

• AI Image Generators: A Novel Cybersecurity Risk

• Zoom Boss Greg Tomb Fired ‘Without Cause’

• Diving Deeper Into Windows Event logs for Security Operation Center (SOC) – Guide

• Pro-Putin scammers trick politicians and celebrities into low-tech hoax video calls

• Two-Thirds of European Firms Have Started Zero Trust

• Need to improve the detection capabilities in your security products?

• Shein’s Android App Caught Transmitting Clipboard Data to Remote Servers

• LastPass Hack: Engineer’s Failure to Update Plex Software Led to Massive Data Breach

• Podcast Episode: Making the Invisible Visible

• Preventing corporate data breaches starts with remembering that leaks have real victims

• China-aligned APT is exploring new technology stacks for malicious tools

• Vulnerability in DJI drones may reveal pilot’s location

• Ransomware Attack news headlines trending on Google

• Palo Alto Networks enhances cybersecurity capabilities with AI-powered ITDR module

• Advanced Persistent Threat Groups Behind DDoS Attacks on Danish Hospitals

• EPA orders US states to check cyber security of public water supplies

• F5 and Visa join forces to enhance security throughout the customer experience

• Machine Learning Improves Prediction of Exploited Vulnerabilities

• Resecurity appoints Akash Rosen to lead digital forensics practice

• Zero Day Threat Protection for Your Network

• Security Patch Management Strengthens Ransomware Defense

• A week in security (February 27 – March 5)

• 8 cybersecurity tips to keep you safe when travelling

• National Cybersecurity Strategy Document: What you need to know

• Intel CPU vulnerabilities fixed. But should you update?

Generated on 2023-03-08 23:55:29.286740