IT Security News Daily Summary 2023-03-16

• FTX inner circle helped itself to $3.2B, liquidators say

• Use After Free: An IoT Security Issue Modern Workplaces Encounter Unwittingly

• Securing Collaboration at the Speed of Business

• Sell tickets to Fans, Not to Bots.

• Patient’s STD Test Results Posted To Facebook After Privacy Breach

• Leveraging Behavioral Analysis to Catch Living-Off-the-Land Attacks

• Policy as Code vs Compliance as Code

• 3 Ways to Evolve Your Cybersecurity Operations

• The Biden administration may eye CSPs to improve security, but the real caveat emptor? Secure thyself

• Project Zero: Samsung Mobile Chipsets Vulnerable to Baseband Code Execution Exploits

• Government Hasn’t Justified a TikTok Ban

• Over $10bn Lost To Online Frauds – FBI Internet Crimes 2022 Report

• Got Conti? Here’s the ransomware cure to avoid paying up

• How to build a trustworthy election system

• US Marshals Service Data Sold on Russian Hacker Forum

• VA, Oracle are negotiating a five-year option on troubled health record software contract

• FDIC fails to establish effective controls to secure sensitive data, report says

• $3B Crypto-Mixer Money Laundering Operation Seized by Cops

• Microsoft sheds light on a year of Russian hybrid warfare in Ukraine

• A zero-trust roadmap for cybersecurity in manufacturing — from a 98-year-old company

• S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]

• $3B Crypto Laundering Operation Seized by Cops

• Samsung To Spend $228 Billion On South Korean Chip Plant

• Why community digital equity discussions should be in person

• The best VPN deals right now: March 2023

• The best security keys of 2023: Expert tested

• Threat Actors Changing Tactics

• Penetration Testing with Kali Linux 2023 released: New modules, exercises, challenges (PEN-200)

• Civil Society Organizations Urge Ghana’s Parliament to Reject Repressive Anti-LGBTQ+ Bill

• Cybersecurity company SentinelOne beats earnings estimates: ‘a great year for us’

• Critical Microsoft Outlook Bug PoC Shows How Easy It Is To Exploit

• VA, Oracle negotiate five-year option on troubled health record software contract

• ChatGPT could make phishing more sophisticated

• Meta Develops New Kill Chain Thesis

• Senator Warner on the Restrict Act and a US TikTok Ban

• Cybercriminals Devising More Tactics For Phishing Attacks

• Future-Proofing Your Business Against Insider Threats

• February 2023 Cyber Attacks Statistics

• TSMC Founder Backs US Efforts To Slow China’s Chip Sector

• Crypto exchange Fiatusdt leaked trove of users KYC data

• 5 Common Firewall Misconfigurations and How to Address Them

• US Government IIS Server Breached via Telerik Software Flaw

• Change Is Coming to the Network Detection and Response (NDR) Market

• Guild Education controls API abuse with Salt Security

• Can a Barista Become Your Next SOC Analyst?

• Cybersecurity Industry News Review: March 7, 2023

• 2022 Industry Threat Recap: Manufacturing

• New York City tech chief Matt Fraser commands attention

• ChipMixer Crypto Laundromat Shut Down By German, US Authorities

• Polish intelligence dismantled a network of Russian spies

• TikTok Banned From UK Government Phones

• CISA Urgent Warning: Adobe ColdFusion Bug Exploited As A Zero-day in the Wild

• Poland Breaks up Russian Spy Ring

• Mozilla Patches High-Severity Vulnerabilities With Release of Firefox 111

• U.S. federal agency hacked via 3-year-old Telerik UI flaw

• UK Joins US, Canada, Others in Banning TikTok From Government Devices

• BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion

• Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection

• YouTube becomes a heaven to malware stealers

• Rapid7 Acquires Minerva Labs to Extend Leading Managed Detection and Response Service

• New Malware Sample Of Defunct TeamTNT Threat Group Raises Concerns

• Bad Actors Exploited RCE In Progress Telerik To Hack US Agency

• Security Firm Rubrik Is Latest To Felled By GoAnywhere Vulnerability

• UK.gov bans TikTok from its devices as a ‘precaution’ over spying fears

• Enterprise Attack Surface Widening Access Control Gap in Microsoft Active Directory

• After Hundreds of Penetration Tests, Here are Top 5 Lessons

• Stay Alert Against Messages Like ‘Account Suspended, Update PAN’

• Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up

• Webinar Today: How to Build Resilience Against Emerging Cyber Threats

• CISA Seeks Public Opinion on Cloud Application Security Guidance

• Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration

• U.S. Releases Footage Of Drone Crash With Russian Jet Over Black Sea

• Cybercriminals Exploit SVB’s Downfall for Phishing

• Ring Data Breach: What you Need to Know About the Home Security Company Attack

• 5 Ways to Fight School Ransomware Attacks

• Water Wars: Marcos Vows Philippines ‘Will Not Lose One Inch of Its Territory’ in the South China Sea

• Integrating the Art and Science of Wargaming

• Budget 2023: Industry Reaction To Quantum Investments etc

• What Does a Network Security Engineer Do?

• How the Pentagon mobilized to support tech startups after bank failure

• Data Breach at Independent Living Systems Impacts 4 Million Individuals

• Make Your Picks: Cyber Madness Bracket Challenge Starts Today

• NCSC Calms Fears Over ChatGPT Threat

• US Federal Agency Hacked By Exploiting Telerik Vulnerability in IIS Server

• Australia’s Latitude Financial Hit by Cyberattack, Exposing 328K Client Data

• SASE 101: Understanding the Fundamentals of Secure Access Service Edge

• SECURITY ALERT: Actively Exploited Microsoft Outlook Vulnerability Imperils Microsoft 365 Apps

• Technology Transforming Roulette in 2023: How Hardware and Software are Improving the Game

• Accelerate Your Strategic Decision-Making: 2023 Insurer’s Guide

• UK bans TikTok on government devices following U.S. move

• FBI shuts down 11-year-old NetWire RAT malware

• Container Security: Don’t Let Your Guard Down

• TikTok confirms the U.S. has threatened ban if Chinese parent ByteDance doesn’t sell stake

• Amazon call scams are on the rise — here’s what you need to know

• Cybercriminals, APT Exploited Telerik Vulnerability in Attacks on US Government Agency

• Russia-Linked APT ‘Winter Vivern’ Targeting Governments in Europe, Asia

• Budget 2023: Chancellor Pledges £2.5 Billion For Quantum Computing

• Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency

• Two Young US Men Charged, Hacked Into DEA Portal In 2022

• CISA Warns of Adobe ColdFusion Vulnerability Exploited in the Wild

• For Sale: Data Supposedly Coming from the US Marshals Service Hack

• Autonomy’s Mike Lynch Fights US Extradition Attempt

• Silicon Insights: How to Evolve Your Enterprise’s Digital Marketing: Part 2

• Checkmate: Check Point Research exposes security vulnerabilities on Chess.com

• GigaOm Recognizes CloudGuard AppSec as a Leader in Innovation and Feature Play in its 2023 Radar Report for Application and API Security

• Authorities Shut Down ChipMixer Platform Tied to Crypto Laundering Scheme

• Hornetsecurity VM Backup V9 protects users against ransomware threats

• Russian hacktivist group targets India’s health ministry

• Why red team exercises for AI should be on a CISO’s radar

• When and how to report a breach to the SEC

• Facebook ‘Unlawfully’ Used Dutch Personal Data: Court

• BEC Volumes Double on Phishing Surge

• Rise of Ransomware Attacks Main Focus for SOCs, research finds

• How ChatGPT can become a security expert’s copilot

• Secureworks IR team saw BEC attacks double in 2022

• Phishing Hackers Defeat 2FA via Man-in-the-Middle Attacks

• How Retiring Gas and Coal Plants Affects Grid Stability

• Chinese SilkLoader Malware Sold to Russian Cyber-Criminals

• CISA adds Adobe ColdFusion bug to Known Exploited Vulnerabilities Catalog

• Appian Protect safeguards sensitive and highly regulated data

• Amazon Linux 2023: Create and execute cloud-based applications with enhanced security

• 10 Best Browser Based FPS Games in 2023 – No Downloads No Limits

• Do you know what your supply chain is and if it is secure?

• Dashlane: Pricing, features, and how to get started

• What’s Wrong with Manufacturing?

• Analysis: Where Next As Europol Hails Rare DoppelPaymer Ransomware Success

• Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency

• ChatGPT: The real Evil Twin

• How Do Attackers Hijack Old Domains and Subdomains?

• Cyber attribution: Vigilance or distraction?

• How do attackers hijack old domains and subdomains?

• Navigating the future of digital identity

• How two-step phishing attacks evade detection and what you can do about it

• Identity theft of 225,000 customers takes place at Latitude Financial Services

• CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild

• Virtual patching: Cut time to patch from 250 days to

• Rushed cloud migrations result in escalating technical debt

• The Aftermath of Ola Bini’s Unanimous Acquittal by Ecuadorian Court

• Latest Cyberthreats and Advisories – March 10, 2023

• What We Learned from The Royal Mail Ransomware Chat

• A Ransomware Gang Claims to Have Hacked the Security Camera Company Amazon Ring

• NETGEAR launches Nighthawk RS700 WiFi 7 router

• Check Point Research conducts Initial Security Analysis of ChatGPT4, Highlighting Potential Scenarios For Accelerated Cybercrime

• Two US Citizens Charged for Hacking into DEA Portal in 2022

• Russia-linked APT29 abuses EU information exchange systems in recent attacks

• Neurotechnology unveils new biometric recognition algorithms in MegaMatcher 13.0

• ReversingLabs adds secrets detection capabilities to SSCS platform

• Update now! Microsoft fixes two zero-day bugs

• Hands up who DIDN’T exploit this years-old flaw to ransack a US govt web server…

• Rapid7 Buys Anti-Ransomware Firm Minerva Labs for $38 Million

• IT Security News Daily Summary 2023-03-15

• CISA: ‘Multiple threat actors’ used old exploit to access federal agency Servers

• 3 applications driving 5G in public safety

• Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script

• DirectDefense Reports the Top Threats From 2022 and What’s Trending for 2023

• Hornetsecurity Launches VM Backup V9

• YoroTrooper APT group targets CIS countries and embassies

• Tell the UK’s House of Lords: Protect End-to-End Encryption in the Online Safety Bill

• One state’s grant management breakthrough

• Humans are still better at creating phishing emails than AI — for now

• Cyberattackers Continue Assault Against Fortinet Devices

• This Is the New Leader of Russia’s Infamous Sandworm Hacking Unit

• Cancer patient sues hospital after ransomware gang leaks her nude medical photos

• The Importance of Modern-Day Data Security Platforms

• Court Finds Facebook “Unlawfully” Used Personal Data Of Dutch Users

• SecurityScorecard Appoints Former US Congressman John Katko As Senior Advisor

• Cancer patient sues hospital after naked photos stolen and posted online

• Analysts Spot a Wave of SVB-Related Cyber Fraud Striking the Business Sector

• Telerik Bug Exploited to Steal Federal Agency Data, CISA Warns

• How To Use Corporate Cards With Maximum Efficiency For Business

• antivirus software (antivirus program)

• Rubrik discloses data breach, blames Fortra zero-day

• 6 principles for building engaged security governance

• Government employees and defense contractors still have got bad passwords, report says

• Vodafone, Three Near Final Merger Agreement – Report

• TikTok Mulls Split From Beijing-Based ByteDance – Report

• NSA offers new tips on zero trust and identity

• Modernization takes agencies from service providers to service brokers

• Tick APT Group Hacked East Asian DLP Software Firm

• VM-Series Virtual Firewalls Beat Fortinet Fortigate in Miercom Testing

• What’s Next for Prisma SASE with New AI-Powered Innovations

• AI information retrieval: A search engine researcher explains the promise and peril of letting ChatGPT and its cousins search the web for you

• For credentials, these are the new Seven Commandments for zero trust

• NSA Shares Guidance on Maturing ICAM Capabilities for Zero Trust

• “FakeCalls” Android Malware Targets Financial Firms in South Korea

• GoatRAT Android Banking Trojan Targets Mobile Automated Payment System

• Meet Data Privacy Mandates With Cybersecurity Frameworks

• Beyond Identity launches Zero Trust Authentication to align verification with zero-trust principles

• Palo Alto announces new SD-WAN features for IoT security, compliance support

• Cybercriminals target SVB customers with BEC and cryptocurrency scams

• Dell beefs up security portfolio with new threat detection and recovery tools

• BrandPost: Reduce, reuse, recycle: Bad actors practicing the three Rs

• Humans Still More Effective Than ChatGPT at Phishing

• Earn CPE Credits For Reading (ISC)² News and Insights With Our Quiz

• 10 Ways B2B companies can improve mobile security

• Integrating Cybersecurity in UX design

• AT&T Cybersecurity announces 2023 ‘Partner of the Year Award’ winners

• Feds seek input on how to create semiconductor hubs

• Are Encryption and Zero Trust Breaking Key Protections?

• Chinese Cyberspies Hacked DLP Company Serving Military, Government Orgs

• US Charges Two Men Over Use of Hacked Law Enforcement Database for Doxing

• Rubrik Admits Data Theft In GoAnywhere Zero-Day Attack

• Cloudflare Fraud Detection will provide precise tools to detect, categorize fraud

• Cerebral Admits to Revealing Patient Information to Meta, TikTok, and Google

• Microsoft SmartScreen vulnerability delivers Magniber Ransomware

• Amazon Sets 2024 For Launch Of Project Kuiper’s Satellite Service

• Microsoft Patch Tuesday, March 2023 Edition

• CrowdStrike discovered the first-ever Dero cryptocurrency mining campaign

• Using Employment Offers, North Korean Hackers Target Security Researchers

• How Scammers Trap Businesses

• UK Mulls TikTok Ban On Government Devices

• Silicon In Focus Podcast: The State of 5G

• AI-Generated Voice Deepfakes Aren’t Scary Good—Yet

• PEN-200 (PWK): Updated for 2023

• Cookie Clicker Garden Guide to Unlocking Every Seed – Quick Tutorial

• Exploring the impact of Machine Learning on Horse Racing Betting Strategies

• Protect against cyberattacks with the new Azure Firewall Basic

• Meet the 2023 (ISC)² Bylaws Committee

• Psychological Tactics Used by Cybercriminals to Conduct Malicious Activities

• How to View Your Google Chrome Saved Passwords

• (Ab)using Adobe Acrobat Sign to distribute malware

• Forget the hybrid cloud; it’s time for the confidential cloud

• Dero, Monero Cryptojackers Fighting for Same Kubernetes Clusters

• Russian Cyberspies Abuse EU Information Exchange Systems in Government Attacks

• Top 30 incident response interview questions

• YoroTrooper Stealing Credentials and Information from Government and Energy Organizations

• Tesla App Lets Man Accidentally Steal A Model 3 That Wasn’t His

• Dutch Court Finds Facebook Misused Data In Class Action Suit

• Crims Exploit Microsoft, Fortinet Flaws Before Any Patches Exist

• Pair Accused Of Breaking Into US Law Enforcement Database, Posing As Cops

• UK Security Minister Scrutinizes TikTok App Over Security Threats

• Pair accused of breaking into US law enforcement database, posing as cops

• Why Security Practitioners Should Understand Their Business

• Social Media Isn’t a Public Function, but Maybe the Internet Is

• Logistical Lessons From Ukraine—and What It Means for Taiwan

• What is Reverse Tabnabbing and What Can You Do to Stop It?

• SMBs Orgs Want Help, but Cybersecurity Expertise Is Scarce

• MyCena Strengthens Payment Cards Storage And Access Security In Card Processing Businesses To Reduce Fraud

• SnapDragon Monitoring eyes international growth after sharp increase in turnover

• OpenAI Announces ChatGPT Upgrade Called GPT-4

• OpenAI Announces GPT-4, the Successor of ChatGPT

• Dell launches new security offerings for data protection, MDR

• GOBruteforcer: an Active Web Server Harvester

• Singapore businesses stumbling over what security culture entails

• Hawaii Health Department Says Death Records Compromised in Recent Data Breach

• SAP Releases Five ‘Hot News’ Notes on March 2023 Patch Day

• The Rise of the BISO in Contemporary Cybersecurity

• Are We Doing Enough to Protect Our Unstructured Data?

• AI-Generated Voice Deep Fakes Aren’t Scary Good—Yet

• Data loss prevention company hacked by Tick cyberespionage group

• How Mirel Sehic relies on simplicity to focus on product security

• Fans of Last Of Us warned of rising phishing and malware scams

• Most Common Remote Work Security Risks

• SAP Fixes Five Critical Vulnerabilities With Newly Released Security Update

• LockBit Ransomware Claims to Have Stolen SpaceX Data from One of Its Contractors

• The Future of VIN Decoding: How AI and Machine Learning are Transforming the Automotive Industry

• Security Firm Rubrik breached by Clop gang through GoAnywhere Zero-Day exploitation

• Meta To Layoff Another 10,000 Staff

• Can your SASE solution block these top malware?

• User forgetfulness drives preference for biometrics over passwords

• Data Security Firm Rubrik Targeted With GoAnywhere Zero-Day Exploit

• The World’s Real ‘Cybercrime’ Problem

• A Spy Wants to Connect With You on LinkedIn

• YoroTrooper Cyberspies Aims At EU Embassies, CIS Energy Orgs

• Security Organization Rubrik Affected by the GoAnywhere Zero-day Attacks

• UK Bank Limits Crypto Payments to Smother Fraud

• The Different Methods and Stages of Penetration Testing

• New Cryptojacking Operation Targeting Kubernetes Clusters for Dero Mining

• Get 3 years of rock-solid protection with Surfshark VPN for $83.99

• Phishing Campaigns Use SVB Collapse to Harvest Crypto

• Business on the dark web: deals and regulatory mechanisms

• Wanna Make Your Smartphone Last Longer? Here’s What To Do

• Threat Actors Deliver Malware Using AI-Generated Youtube Videos

• What are Rootkits? How to prevent them

• What is CSAF (Common Security Advisory Framework)?

• Microsoft Patches Two Zero Days This Month

• Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company

• Key aerospace player Safran Group leaks sensitive data

• What You Can Learn from the World’s Biggest Ransomware Attacks

• Tailscale: Fast and easy VPNs for developers

• Why performing security testing on your products and systems is a good idea

• Respecting Privacy and Data Protection: World Consumer Rights Day

• India to use Artificial Intelligence to curb power thefts and check usage

• Latest Cyberthreats and Advisories – March 3, 2023

• Guiding publications for US strategy on Quantum Information Science (QIS)

• How to switch from LastPass to RoboForm password manager

• So, you want to deploy air-gapped Kubernetes, huh?

• Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack

• SVB collapse’s mix of money, urgency and uncertainty makes it irresistible to scammers

• Best practices for securing the software application supply chain

• Exfiltration malware takes center stage in cybersecurity concerns

• Webinar: Tips from MSSPs to MSSPs – starting a vCISO practice

• Top 50 most impersonated brands by phishing URLs

• Startpage enhances search features to make privacy accessible to anyone

• Tanium expands XEM platform with enhanced device and policy management

• Motorola Solutions releases new Avigilon security suite to improve enterprise security

• Concentric AI’s DSPM solution detects sensitive or business critical content

• China sought control of submarine cables to spy, says Micronesia

• Still using authenticators for MFA? Software for sale can hack you anyway

• Two U.S. Men Charged in 2022 Hacking of DEA Portal

• Beyond Price Point: Analyzing Differences in Cloud Storage Options

• Canonical collaborates with MediaTek to optimize Ubuntu for IoT innovations

• Cloudflare integrates with Atlassian, Microsoft, and Sumo Logic to boost zero trust security

• Microsoft fixes two 0-days on Patch Tuesday – update now!

• What is Network Security? Definition, Threats & Protections

• How Patch Tuesday Keeps the Beat After 20 Years

• LockBit Ransomware gang claims to have stolen SpaceX confidential data from Maximum Industries

• Crims exploit Microsoft, Fortinet flaws before any patches exist

• How To Use Artificial Intelligence to Ensure Better Security

• “Just awful” experiment points suicidal teens at chatbot

• Clop ransomware is victimizing GoAnywhere MFT customers

• Crims find Microsoft and Fortinet flaws before the vendors issue fixes

Generated on 2023-03-16 23:55:28.423563