IT Security News Daily Summary 2023-03-22

• CISA Warns on Unpatched ICS Vulnerabilities Lurking in Critical Infrastructure

• Lightspin Launches Remediation Hub to Identify and Fix Cloud Security Threats

• Bug in Google Markup, Windows Photo-Cropping Tools Exposes Removed Image Data

• Rogue ChatGPT extension FakeGPT hijacked Facebook accounts

• Journalist hurt by exploding USB bomb drive

• IRS Taxpayer Advocate says Congress shortchanged IT modernization efforts

• How a data ecosystem can quell the opioid crisis

• There’s no way you’re still using Consumer Messaging Apps for Business

• Top 5 Questions to Ask When You’re Building a Cloud Security Strategy

• Vulnerability Prioritization is Not a One-Size Fits All Approach

• Why Businesses Need to Leverage the NIST Post Quantum Cryptographic Standards to Fortify Their Cybersecurity Future

• Remaining Proactive at Identifying Risks Keeps You Ahead of Hackers

• XM Cyber Announces Acquisition of Confluera, Adding Run-Time Protection on Cloud Workloads

• Vectra Unifies AI-Driven Behavior-Based Detection and Signature-Based Detection

• Splunk adds new security and observability features

• States recognizing DAOs as they embrace blockchain

• AST Unveils 2022 CHAMPIONS Edition ‘Fully Interactive’ Magazine

• Lawsuit Claims Facebook Turned Blind Eye To Sex Trafficking

• Your Guide to Vulnerability Scanning

• Cachet 2.4: Code Execution via Laravel Configuration Injection

• DOT awards $94 million for innovative transportation tech

• DISA wants a new platform to oversee diverse cloud networks

• UK Watchdog Rules Against Broadcom’s $61bn VMware Buy

• 8 best enterprise accounting software for 2023

• Windows 11 also vulnerable to “aCropalypse” image data leakage

• Experts released PoC exploits for severe flaws in Netgear Orbi routers

• TikTok CEO Says US Data Never Shared With Chinese Government

• ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks

• Backslash Snags $8M Seed Financing for AppSec Tech

• BreachForums Shuts Down After Admin’s Arrest

• GNOME 44 features improved settings panels for Device Security

• Cyber spring cleaning: Organizing your digital home

• Report: Too many enterprises have shadow IT – unlocked doors with no cameras

• New Android Banking Trojan ‘Nexus’ Promoted As MaaS

• Windows 11 Snipping Tool Vulnerability Exposes Sensitive Data

• Analysis: Where Next As Europol Hails Rare DoppelPaymer Ransomware Success

• How CIAM safely orchestrates your customers’ journey and its benefits

• An assessment of ransomware distribution on darknet markets

• Broken Object Level Authorization: API security’s worst enemy

• Virgin Orbit Nears Deal For Emergency Funding, After UK Launch Failure

• Senators request cyber safety analysis of Chinese-owned DJI drones

• CISA and NSA Enhance Security Framework With New IAM Guide

• BreachForums Shuts Down in Wake of Leader’s Arrest

• 10 Vulnerabilities Types to Focus On This Year

• Google Suspends Chinese Shopping App Pinduoduo Over Malware Concerns

• Russia and China intend to become world leaders in IT, Cyber Security and Artificial Intelligence

• OneWeb Gives Up On Recovery Of Russia-Stranded Satellites

• States debate whether to restrict—or invite—crypto mining

• Chrome 111 Update Patches High-Severity Vulnerabilities

• High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian

• Hackers Drain Bitcoin ATMs Of $1.5 Million By Exploiting 0-Day Bug

• Unknown Actors Deploy Malware To Steal Data In Occupied Regions Of Ukraine

• Xi, Putin, Declare Intent To Rule The World Of AI, Infosec

• Now Patched Outlook Zero Day Gains PoC And Growing Concerns

• Report: Wartime Hacking Is Spilling Into The Financial Sector

• Connect, secure, and simplify your network resources with Azure Virtual Network Manager

• Google to Reduce SSL Certificate Lifespan to 90 Days

• Cyber insurance carriers expanding role in incident response

• An Arrested Administrator Shut Down the Notorious Hacking Forum

• Emotet is back: Microsoft OneNote is not a safe place anymore

• ENISA: Ransomware became a prominent threat against the transport sector in 2022

• The Technology Behind Bitcoin Codes: How They Work And Why They Matter

• Cyber Scammers now Experimenting With QR Codes

• Container Drift: Where Age isn’t Just a Number

• How to Keep Incident Response Plans Current

• Google Bans Chinese App Pinduoduo Over Security Concerns

• Vulnerability Management Automation: A Mandate, Not A Choice

• Court Dismisses Gamers Lawsuit Over Microsoft Activision Purchase

• Malware Trends: What’s Old is Still New

• CISA Expands Cybersecurity Committee, Updates Baseline Security Goals

• BreachForums Shut Down Over Law Enforcement Takeover Concerns

• CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems

• Ransomware Gang BianLian Switches to Extortion as its Primary Goal

• Is Your Child in Actual Danger? Wary of Family Emergency Voice-Cloning Frauds

• What is the Purpose of Employee Monitoring Software?

• Meta’s security manager targeted by Greek espionage

• Enforcement of Cybersecurity Regulations: Part 1

• Congress Should Reform Section 230 in Light of the Oral Argument in Gonzalez

• German political parties accused of microtargeting voters on Facebook

• Windows 11 and 10’s Snipping Tools Vulnerable to Data Exposure

• ScarCruft’s Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques

• Spain Needs More Transparency Over Pegasus: EU Lawmakers

• Burnout in Cybersecurity – Can it be Prevented?

• Preventing Insider Threats in Your Active Directory

• Real Talk with CCSPs: An Interview with Panagiotis Soulos

• Virgin Media O2 In Talks Over £3bn CityFibre Bid – Report

• The TikTok CEO’s Face-Off With Congress Is Doomed

• ChatGPT Privacy Flaw

• Ferrari Data Breach: The Industry has its say

• Top 5 Zaggle Alternatives and Useful Business Tips

• Types of Cybercrime

• VIN Cybersecurity Exploits and How to Address Them in 2023

• 5 Key Components of Cybersecurity Hardening

• Virtual Event Today: Supply Chain & Third-Party Risk Summit

• Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA

• Security Researchers Spot $36m BEC Attack

• ShellBot DDoS Malware Targets Poorly Managed Linux Servers

• BreachForums current Admin Baphomet shuts down BreachForums

• Just 1% of Dot-Org Domains Are Fully DMARC Protected

• NAPLISTENER: New Malware in REF2924 Group’s Arsenal for Bypassing Detection

• Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware

• Ransomware Attacks Double in Europe’s Transport Sector

• BreachForums Admin Baphomet Closes The Hacking Forum

• These 15 European startups are set to take the cybersecurity world by storm

• New PowerMagic and CommonMagic Malware Used by Threat Actors to Steal Data

• Another GoAnywhere Attack Affects Japanese Giant Hitachi Energy

• Using Artificial Intelligence in Trading: Everything You Need to Know – Guide 2023

• Insights from an external incident response team: Strategies to reduce the impact of cybersecurity attacks

• 8 Common Cybersecurity issues when purchasing real estate online: and how to handle them

• Why performing security testing on your products and systems is a good idea

• Independent Living Systems data breach impacts more than 4M individuals

• New NAPLISTENER Malware Used by REF2924 Group to Evade Network Detection

• Unknown actors deploy malware to steal data in occupied regions of Ukraine

• Bridging the cybersecurity readiness gap in a hybrid world

• Why you should treat ChatGPT like any other vendor service

• Enhance security while lowering IT overhead in times of recession

• BreachForums Administrator Baphomet Shuts Down Infamous Hacking Forum

• Hackers Weaponized and Exploited Over 55 Zero-days in Microsoft, Google, and Apple

• 3 customer experience tips for feds from feds

• How to combat hardware Trojans by detecting microchip manipulations

• Splunk enhances its unified security and observability platform

• AlertEnterprise launches Guardian SOC Insights suite to improve physical security operations

• WALLIX SaaS Remote Access allows organizations to regain control of external remote access

• Verosint SignalPrint identifies potentially malicious accounts

• SailPoint Non-Employee Risk Management reduces third-party risk

• India’s absurd infosec reporting rules get just 15 followers

• Google Suspends Chinese Shopping App Amid Security Concerns

• BreachForums shuts down … but the RaidForums cybercrime universe will likely spawn a trilogy

• Xi, Putin, declare intent to rule the world of AI, infosec

• Observability will transform cloud security

• Aembit emerges from stealth and raises $16.6 million

• CIS expands partnership with Akamai to protect state and local governments

• Stratodesk partners with deviceTRUST to improve security in today’s hybrid work environment

• BreachForums shuts down … but the RaidForums cybercrime universe will likely become a trilogy

• Solving the Kubernetes Security Puzzle

• A look at a Magecart skimmer using the Hunter obfuscator

• The NBA tells fans about data breach

• Malware creator who compromised 10,000 computers arrested

• How You Can Tell the AI Images of Trump’s Arrest Are Deepfakes

• IT Security News Daily Summary 2023-03-21

• DOD partners with GSA to get sustainable products to agencies

• Text alerts could streamline benefits redetermination processes

• New Bad Magic APT used CommonMagic framework in the area of Russo-Ukrainian conflict

• Secure Your Online Privacy: How to Choose the Best VPN in 2023

• ZenGo finds transaction simulation flaw in Coinbase, others

• .NET Devs Targeted With Malicious NuGet Packages

• Cyberpion Rebrands As IONIX

• What is firewall optimization?

• FTC extends deadline by six months for compliance with some changes to financial data security rules

• We’re back! Our grand return to live events

• Renowned Researcher Kelly Lum Passes Away

• Florida city water cyber incident allegedly caused by employee error

• Ransomware gangs’ harassment of victims is increasing

• BlackBerry Announces New Patent Sale Transaction With Patent Monetization Company for Up to $900M

• Research Highlights Cyber Security’s Underestimated Role As a Business and Revenue Enabler

• You just gonna take that AWS? Let Microsoft school your users on cloud security?

• Privacy Rights Group Targets Facebook Political Microtargeting Practice

• BigID’s Data Security Posture Management Solution Integrates With SOAR Platforms

• Normalyze Granted Patent for Data Security Posture Management (DSPM)

• Verosint Launches Account Fraud Detection and Prevention Platform

• Cybersecurity Skills Shortage, Recession Fears Drive ‘Upskilling’ Training Trend

• New ShellBot bot targets poorly managed Linux SSH Servers

• Civil Rights Organizations File Amicus Brief in Support of EFF Lawsuit Against Discriminatory SFPD Surveillance

• Ferrari Discloses Ransomware Attack; Refuses to Pay Ransom

• Google Pixel phones had a serious data leakage bug – here’s what to do!

• Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

• ChatGPT Bug Exposes Conversation History Titles

• 4 key trends from the Gartner IAM Summit 2023

• 13 Cloud Security Best Practices for 2023

• What Is The Microsoft Print Spooler Vulnerability?

• Ferrari In A Spin As Crims Steal A Car-Load Of Customer Data

• Just Eat Cuts 1,700 Jobs As Delivery Growth Slows

• Zoom Paid Out $3.9 Million in Bug Bounties in 2022

• Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager

• Over 2400 Fake Pages Found Targeting Job Seekers in Middle East, Africa

• Ex-Meta Security Staffer Accuses Greece Of Spying On Her Phone

• Nation-State Threat Actors Exploited Zero Days The Most In 2022

• Cybersecurity Industry News Review – March 21, 2023

• US Rules Bar $52bn Chip Funds From Benefiting China

• CommonMagic Targets Entities in Russo-Ukrainian Conflict Zone

• Name That Toon: It’s E-Live!

• How Jan. 6 Committee Staffers Have Filled in the Blanks

• What Is Observability, And Why Is It Crucial To Your Business?

• Is Shoulder Surfing a threat to Cybersecurity

• Google Releases Bard Chatbot To Public

• Breach Forums to Remain Offline Permanently

• Carol Shaw: The groundbreaking career of this video game pioneer

• OneNote, Many Problems? The New Phishing Framework

• A roadmap to zero-trust maturity: 6 key insights from Forrester

• CISA: Election security still under threat at cyber and physical level

• What is the National Cybersecurity Strategy? A cybersecurity expert explains what it is and what the Biden administration has changed

• Key Findings: UK Cybersecurity Breaches Survey 2022

• Ransomware Risk Management: A Cybersecurity Framework Profile

• Learn cybersecurity skills by participating in real projects

• Hackers Use NuGet Packages to Target .NET Developers

• New ‘Bad Magic’ Cyber Threat Disrupt Ukraine’s Key Sectors Amid War

• 2022 Zero-Day exploitation continues at a worrisome pace

• NBA Alerts Fans After Hack Of The Third-Party Service Provider

• Ferrari data breach: Client data exposed

• 2022 witnessed a drop in exploited zero-days

• Adobe launches Firefly generative A.I., which lets users type to edit images

• UK Ranks Fourth In World For Big Tech Data Requests

• Adobe launches Firefly generative A.I. that lets you type to edit images

• Hacker Gang Holds Amazon’s Ring to Ransom

• Home Security: Breaches and Ransomware Making it Impossible to Review Firms and Their Security

• Shoulder Surfing: What is it and how to Protect Yourself?

• Oops! ChatGPT Shares AI Chat Histories with the Wrong Crowd

• BFSI Sector at the Forefront of Cyberattacks

• Google Pixel Vulnerability Allows Recovery of Cropped Screenshots

• Malicious NuGet Packages Used to Target .NET Developers

• News Analysis: UK Commits $3 Billion to Support National Quantum Strategy

• Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant

• Oleria Scores $8M Seed Funding for ID Authentication Technology

• Passkeys: A Modern Solution For All Your Password Troubles

• ChatGPT Bug Temporarily Exposes AI Chat Histories to Other Users

• China Approves More Imported Games As Crackdown Eases

• Crypto ATM Manufacturer General Bytes Suffers $1.5m Bitcoin Theft

• Controlling Third-Party Data Risk Should Be a Top Cybersecurity Priority

• Decoding the Defense Department’s Updated Directive on Autonomous Weapons

• The DEA Portal Hack was Perpetrated by Two Cybercriminals Last Year

• Ferrari Announces Data Breach. Customers Risk Data Leakage

• Researchers Reveal Insights into CatB Ransomware’s Advanced Evasion Methods

• US Citizen Hacked by Spyware

• IAM Startup Aembit Secures How Workloads Connect to Services

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers

• China Chip Boss Targeted By Anti-Graft Probe

• Oleria raises $8M to make multi-factor authentication adaptive

• The Best Defense Against Cyber Threats for Lean Security Teams

• New ShellBot DDoS Malware Targeting Poorly Managed Linux Servers

• Amazon To Cut 9,000 More Jobs

• Ferrari confirms data breach after receiving a ransom demand from an unnamed extortion group

• Ferrari Reveals Data Breach After Getting Ransom Demand

• Banking Trojan Mispadu Found Responsible for 90,000+ Credentials Stolen

• How Emerging Trends in Virtual Reality Impact Cybersecurity

• The Five Don’ts of Facebook Marketplace

• General Bytes Bitcoin ATMs Hacked to Steal Funds

• NCSC Launches Two New Tools for Small Businesses

• From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022

• Mandiant Zero-Day Exploitation Report 2022

• Building Your Dream Network by Custom Net Development Company

• CASPER Attack Targets Air-Gapped Systems Via Internal Speakers

• Ferrari Reveals Data Breach Ransom Attack

• Bringing observability to cloud security

• Crooks stole more than $1.5M worth of Bitcoin from General Bytes ATMs

• Top 4 Bitcoin Casinos

• How to Make Valorant Account – A Complete Guide

• Ex-Meta security staffer accuses Greece of spying on her phone

• Need to improve the detection capabilities in your security products?

• The Future of Betting: How Technology Is Changing the Game for Bookmakers And Bettors

• Ferrari Hacked – Attackers Gained Access to Company’s IT Systems

• Hackers Steal Over $1.6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flaw

• Bad magic: new APT found in the area of Russo-Ukrainian conflict

• Self-Sovereign Identities, The Next Step in Privacy-First User Experience

• Bitwarden’s unlock with PIN feature is convenient, but also a security risk

• Putin to staffers: Throw out your iPhones, or ‘give it to the kids’

• The Scorched-Earth Tactics of Iran’s Cyber Army

• Details of ransomware attack on Ferrari and NBA

• Data backup, security alerts, and encryption viewed as top security features

• Threat actors are experimenting with QR codes

• The impact of AI on the future of ID verification

• 5 rules to make security user-friendly

• Podcast Episode: So You Think You’re A Critical Thinker

• Google suspends top Chinese shopping app Pinduoduo

• Analysis: Lookalike Confusable Domains Fuel Phishing Attacks

• Third party Cybersecurity risks in securing the supply chain

• 2023-03-17 – Emotet Epoch 5 activity

• Eurotech introduces cybersecurity-certified edge AI solutions

• ForgeRock Enterprise Connect Passwordless reduces the risk of password-based attacks

• Australian FinTech takes itself offline to deal with cyber incident that caused data leak

• OpenVPN With Radius and Multi-Factor Authentication

• Ferrari Says Ransomware Attack Exposed Customer Data

• Ferrari in a spin as crims steal a car-load of customer data

• Technology and Software Redefine Business Operations

• 19 Most Common OpenSSL Commands for 2023

• Mastercard acquires Baffin Bay Networks to improve customer security

• Wipro and Secret Double Octopus provide enterprises with stronger authentication mechanisms

• DotRunpeX: The Malware That Infects Systems with Multiple Families

• A week in security (March 13 – 19)

• “ViLE” members posed as police officers and extorted victims

• Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles

• Treasury’s system tracking federal debt still needs security improvements, GAO says

Generated on 2023-03-22 23:55:23.056178