IT Security News Daily Summary 2023-03-14

• Optiv More Than Doubles Federal Presence With ClearShark Acquisition

• Microsoft Patch Tuesday fix Outlook zero-day actively exploited

• USDS alum Lynn Overmann talks priorities in new role as Beeck Center’s director

• Microsoft Zero-Day Bugs Allow Security Feature Bypass

• Camozzi Group and Radiflow Announce Collaboration on Industrial Systems Cybersecurity

• Digital Rights Updates with EFFector 35.3

• Product Review of SpecOps Password Policy

• CISA launches pilot to spot ransomware vulnerabilities

• The best VPN trials of 2023: Top VPNs to test for free

• Samsung Next Invests in Mitiga, Brings Total Funding to $45M

• Don’t Rely Solely on Privileged Access Management (PAM) To Secure Your Accounts

• Health info exchange streamlines foster care services

• Attack campaign on edge appliance: undetected since 2021 and resists firmware update

• Learn the basics of cybersecurity with this $60 web-based training package

• An assessment of ransomware distribution on darknet markets

• Broken Object Level Authorization: API security’s worst enemy

• Password mismanagement still at the heart of security issues

• How agencies can help constituents find accurate information quicker

• VERT Threat Alert: March 2023 Patch Tuesday Analysis

• Microsoft Patches 80 Security Vulns, Warns of Outlook Zero-Day Exploitation

• Microsoft SmartScreen Zero-Day Exploited to Deliver Magniber Ransomware

• Lawsuit Claims That Mark Zuckerberg Knew About Facebook Addiction Problems

• CISA Trials Ransomware Warning System for Critical Infrastructure Orgs

• LockBit Threatens to Leak Stolen SpaceX Schematics

• Microsoft patches zero-days used by state-sponsored and ransomware threat actors (CVE-2023-23397, CVE-2023-24880)

• A Complete Guide on ERR_SSL_PROTOCOL_ERROR

• CrowdStrike report shows identities under siege, cloud data theft up

• Microsoft squashes Windows bug exploited to inflict ransomware misery

• Why it’s time for a pivot on digital identity

• Adobe fixed ColdFusion flaw listed as under active exploit

• Upcoming Speaking Engagements

• Windows SmartScreen proves to be dumb – zero-day bug fixed after Google alert

• Magniber ransomware actors exploiting Microsoft zero day

• Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day

• information security (infosec)

• Firefox 111 patches 11 holes, but not 1 zero-day among them…

• Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface

• From Power Plants to eWallets: The role of ZTNA in the gig economy

• Beware of Fake Calls! It’s not really your bank calling. Check Point Research draws attention to a new Android Malware

• How to use free satellite data to monitor natural disasters and environmental changes

• YoroTrooper Espionage Campaigns Target CIS, EU Countries

• Who Is Responsible for the NetWire Remote Access Trojan?

• DEV-1101 Updates Open Source Phishing Kit

• How Businesses Can Get Ready for AI-Powered Security Threats

• White House seeks $74 billion for federal civilian IT in 2024

• A new federal program looks to connect smart buildings with smart policy

• CISA Creates New Ransomware Vulnerability Warning Program

• How AI Could Write Our Laws

• ADC’s New Argentina Report Flags How ISPs Can Do More for Users’ Data Privacy

• Microsoft Mitigates Outlook Elevation of Privilege Vulnerability

• AI being used for destruction by China

• Researchers Investigating $197 million heist from Euler Finance

• Hackers Steal $199m From UK Crypto Start-Up Euler Labs

• Ransomware Group Claims Theft of Valuable SpaceX Data From Contractor

• Deepfakes, Synthetic Media: How Digital Propaganda Undermines Trust

• DEV-1101 AiTM phishing kit is fueling large-scale phishing campaigns

• SVB Collapse: An Attackers Paradise you Should Beware of

• Discord Upgraded Their Privacy Policy

• NatWest Adds Crypto Limits As Scams Proliferate

• ALPHV ransomware gang claims it has hacked Amazon’s Ring

• Fake ChatGPT Chrome Extension with Thousands of Installs Steal Facebook Logins

• DevSecOps: The Future of Secure Software Development

• Attackers Turn To AI Generated YouTube Videos To Spread Info Stealers

• Botnet That Knows Your Name And Quotes Your Email Is Back With New Tricks

• LockBit Brags They Will Leak Thousands Of SpaceX Blueprints

• Zoll Medical Says Intruders Had Access To 1M+ Patient, Staff Records

• Employees Are Entering Sensitive Business Data Into ChatGPT

• What Is Cyber Essentials and How Can Heimdal Help Your Organization Achieve CE Compliance?

• FBI’s Report Shows: Investment Fraud Caused Loses of Over $3 Billion in 2022

• KamikakaBot Malware Used to Attack Southeast Asian Government Agencies

• Patch Tuesday March 2023 – Microsoft Releases Fixes for 23 Vulnerabilities

• LastPass Breach: CISA Warns of Exploited Plex Bug

• Targeting Businesses Globally, the Medusa Ransomware Gang Gains Momentum

• CISA Program Warns Critical Infrastructure Organizations Vulnerable to Ransomware Attacks

• How the Best CISOs Drive Operational Resilience

• Digitizing the Battlefield: Using Social Media to Track U.S. Weapons in Ukraine

• Breaking Down a Cyberattack, One Kill Chain Step at a Time

• ICS Patch Tuesday: Siemens, Schneider Electric Address Over 100 Vulnerabilities

• Cloud Forensics Startup Mitiga Completes $45M Series A

• ChatGPT and the Growing Threat of Bring Your Own AI to the SOC

• Why Healthcare Boards Lag Other Industries in Preparing for Cyberattacks

• ReversingLabs adds new context-based secret detection capabilities

• 1 Million People Affected By Zoll Medical Data Breach

• BYD Rules Out UK EV Plant ‘Because Of Brexit’

• What You Need to Know to Create a Winning Hybrid Workplace

• Stalkerware has grown by 239% worldwide over the past three years

• Orgs Have a Long Way to Go in Securing Remote Workforce

• CISA warns CI operators about vulnerabilities on their networks exploited by ransomware gangs

• Elon Musk, BYD Deny Reported Battery Split

• Fortinet Finds Zero-Day Exploit in Government Attacks After Devices Detect Integrity Breach

• Ring Denies Falling Victim to Ransomware Attack

• The Prolificacy of LockBit Ransomware

• GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks

• Advanced actor targets Fortinet FortiOS in attacks on govt entities

• Artificial Intelligence, Virtual Courts, and Real Harms

• How to Stay Ahead of Device Certificate Expiration

• Cloud incident response nets another $45M with Mitiga’s latest funding

• LastPass not the last password manager? Tips for switching password managers

• Telehealth startup shares your data with tech giants

• India ‘Considers’ Mandatory Smartphone Security Screening

• NetWire Remote Access Trojan Maker Arrested

• What actually is database integrity?

• Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily

• Ubuntu Core now compatible with the Arm SystemReady IR systems specification

• LA Housing Authority Suffers Year-Long Breach

• The Revolutionizing Power of AI In Cybersecurity

• Almost half of IT leaders consider security as an afterthought, research reveals

• $197 Million in Cryptocurrency Stolen in Euler Finance Attack

• 16-28 February 2023 Cyber Attacks Timeline

• Bitcoin Surges 20 Percent After SVB Fiasco

• Report: Hackers leaked over 721 million passwords in 2022

• UK Crypto Firm Loses $200m in Cyber-Attack

• Cybersecurity Industry News Review – March 14, 2023

• Tim Cook ‘Pushed Forward’ Apple VR Headset Launch

• California Court Says Uber, Lyft Workers Are Contractors

• MI5 Launches New Agency to Tackle State-Backed Attacks

• Why Do My Apps Keep Crashing on Android? – Troubleshooting Tips

• Need to improve the detection capabilities in your security products?

• Dissecting the malicious arsenal of the Makop ransomware gang

• UK refreshes national security plan to stop more of China’s secret-stealing cyber-tricks

• Kali Linux 2023.1 Released With Tools for Blue and Purple Teams

• We can’t wait for SBOMs to be demanded by regulation

• Educating girls on how to be their own cyber hero

• Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities

• Cyber Attack news headlines trending on Google

• Security in the cloud with more automation

• Organizations need to re-examine their approach to BEC protection

• The rise of AI threats: Is your business prepared to face ChatGPT?

• Product showcase: Permit.io – Application-level permissions with a no-code UI

• Latest Cyberthreats and Advisories – March 10, 2023

• 8 Common Cybersecurity issues when purchasing real estate online: and how to handle them

• This Texas Bill Would Systematically Silence Anyone Who Dares to Talk About Abortion Pills

• Adtran and Satelles offer new levels of security for synchronization network infrastructure

• ZTNA vs VPN: Secure Remote Work and Access

• A week in security (March 6 – 12)

• Breast cancer photos published by ransomware gang

• WhatsApp refuses to weaken encryption, would rather leave UK

• “Brad Pitt,” a still body, ketchup, and a knife, or the best trick ever played on a romance scammer, with Becky Holmes: Lock and Code S04E06

• LockBit brags: We’ll leak thousands of SpaceX blueprints stolen from supplier

• Golang-Based Botnet GoBruteforcer targets web servers

• IT Security News Daily Summary 2023-03-13

• IRS plans to approve use of Login-dot-gov as Tax Day nears

• IRS Plans to approve use of Login-dot-gov as Tax Day nears

• SVB Meltdown: What It Means for Cybersecurity Startups’ Access to Capital

• 200-300% Increase in AI-Generated YouTube Videos to Spread Stealer Malware

• Zoll Medical says intruders had 1M+ patient, staff records at their fingertips

• Long-term digital solutions can offset workforce shortage gaps

• Zoll Medical admits exposing records of 1m+ patients and staff

• CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog

• New Hiatus malware campaign targets routers

• DC Health Link confirms breach, but questions remain

• Police Are Investigating Scam Taylor Swift Tickets On Facebook

• JWT Authentication and Authorization: A Detailed Introduction

• Customize workflows with Wireshark profiles

• How to apply and edit Wireshark display filters

• Hackers Lure Cybersecurity Researchers With Fake LinkedIn Recruiter Profiles

• Brand Names in Finance, Telecom, Tech Lead Successful Phishing Lures

• Kali Linux 2023.1 released – and so is Kali Purple!

• Protecting the data that makes cities smart

• Augmented Software Engineering in an AI Era

• Okay boomers—listen up!

• SYS01 stealer targets Facebook business accounts and browser credentials

• How internet-facing webcams could put your organization at risk

• Is cybersecurity recession-proof?

• Linux gets double-quick double-update to fix kernel Oops!

• Best Bluetooth trackers of 2023: AirTag and alternatives

• Hike in AI-Created YouTube Videos Loaded With Malware

• Microsoft hardens OneNote against Phishing attacks

• How to Engineer Your Technical Debt Response

• Satellite internet can fill broadband gaps

• Dark Pink APT Group Deploys KamiKakaBot Against South Asian Entities

• Remote Code Execution and Camera Access Flaws Found in Smart Intercoms

• How to make sure the reputation of your products and company is good

• Security risks threaten the benefits of the edge

• Infostealers Spread Via AI-Generated YouTube Videos

• Key Points from the US National Cybersecurity Strategy 2023

• AT&T Data Breach Hits Nine Million Customer Accounts

• Change Your Passwords on These Five Platforms Right Away

• Ransomware hackers turn nasty by sharing intimate patient photos

• Insights from an external incident response team: Strategies to reduce the impact of cybersecurity attacks

• Introducing VT4Splunk – The official VirusTotal App for Splunk

• Report: Increased remote work for many governments also raises cyber risks

• Boosting password security! Pwned Passwords, zxcvbn, and more!

• New ‘GoBruteforcer’ Botnet Targets Web Servers

• Euler Loses Nearly $200 Million to Flash Loan Attack

• CISA Warns of Plex Vulnerability Linked to LastPass Hack

• Cybercrime Losses Exceeded $10 Billion in 2022: FBI

• Unlocking the Benefits and Trade-Offs of Agentless Cloud Security

• Large-scale Cyber Attack Hijacks East Asian Websites for Adult Content Redirects

• Dark Pink APT targets Govt entities in South Asia

• Tim Cook ‘Pushed For Apple Headset Launch’ This Year

• Cryptocurrencies Rise After US Authorities Rescue SVB Depositors

• IMF ‘Warned G20’ Of Crypto Banking Risks

• New CASPER Attack Steals Data from Air-gapped Computers Using Internal Speakers

• The UK’s Bad Encryption Law Can’t Withstand Global Contempt

• North Korean Hackers Target Security Researchers With A New Backdoor

• Emotet Attempts To Sell Access After Infiltrating High Value Networks

• GitHub To Roll Out 2FA For All Contributors March 13

• Explore A Deluxe Home Vintage Computer Den

• Nine In 10 £5m+ Businesses Hit By Cyber Attacks

• The Dark Side of Eurovision 2023: How Scammers Are Targeting Fans

• ChatGPT’s most lauded capability also brings big risk to businesses

• 5 Lessons Learned From Hundreds of Penetration Tests

• Building From the 2023 National Cybersecurity Strategy: Reshaping the Terrain of Cyberspace

• Justice and the Confiscation of Russian State Assets

• Here’s all you Need to Know About Snake Keylogger

• Korean University Disclosed a Potential Covert Channel Attack

• Numerous Lexmark Printers affected by critical security issues

• Reciprocity remains as key clearance issue

• AT&T Alerts Millions About Data Breach That Exposed Sensitive Information

• Using Blockchain Tech to Optimize the Supply Chain

• CISA joins forces with Women in CyberSecurity to break up the boy’s club

• Counting ICS Vulnerabilities: Examining Variations in Numbers Reported by Security Firms

• Zoll Medical Data Breach Impacts 1 Million Individuals

• NMFTA Appoints Cybersecurity Director to Help Protect Trucking Industry

• Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware

• How to Apply NIST Principles to SaaS in 2023

• Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising

• The changing face of ransomware attacks

• New Meta Layoffs ‘Could Match Those of Last Year’

• Guarding Against Threats: Examining the Strengths and Applications of Modern Security Models

• Cyberthreat on New Email By Exotic Lily

• Meta Considering Twitter-Like Social Network

• Elon Musk Apologises To Sacked Twitter Worker

• Data Security With Cloud Compliance: Meeting Regulations & Standards

• Check Point Software Technologies Earns Top Spots in 19 G2 Leadership Grids

• Most lauded ChatGPT capability also brings big risk to businesses

• Final Three Sentenced in £70m Money Laundering Case

• Ransomware Attacks Have Entered a ‘Heinous’ New Phase

• Air-Gapped Computers Vulnerable to Data Stealing Through Internal Speakers

• Fake Job Proposals Used to Deploy Malware – Security Researchers Targeted

• The UK’s bad encryption law can’t withstand global contempt

• 5 signs you’ve fallen for a scam – and what to do next

• ISO27001 Updates: Change is afoot

• GRC: The Ultimate Guide To Governance, Risk, And Compliance

• The SVB demise is a fraudster’s paradise, so take precautions

• How to Find HP Printer WiFi Password – Step by Step Guide

• Failed Silicon Valley Bank UK Arm Sold To HSBC For £1

• Investment Fraud is Now Biggest Cybercrime Earner

• Blackbaud Settles $3m Charge Over Ransomware Attack

• How To Improve Your Agile Team’s Velocity?

• Cutting complexity

• Software developers, how secure is your software?

• Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom

• KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets

• The risk of pasting confidential company data into ChatGPT

• TSA issues additional cybersecurity rules for the aviation sector

• Unpatched Akuvox Smart Intercom Flaws Can Be Exploited for Spying

• Microsoft to release GPT-4 for AI-Generated Videos

• New Version of Xenomorph Android Malware Attacks 400 Banks Customers

• Understanding password behavior key to developing stronger cybersecurity protocols

• Fighting financial fraud through fusion centers

• S4x23 Review Part 2: Evolving Energy Cybersecurity

• Building neurodiverse tech teams

• Multifactor authentication: Keeping employee data secure through digital ID management

• IRS watchdog seeks crackdown on feds who owe back taxes

Generated on 2023-03-14 23:55:23.923361