IT Security News Daily Summary 2023-03-23

• How to clear your Google search cache on Android (and why you should)

• Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams

• A million at risk from user data leak at Korean beauty platform PowderRoom

• Critical infrastructure gear is full of flaws, but hey, at least it’s certified

• New Android Malware Targets Customers of 450 Financial Institutions Worldwide

• TikTok Paid for Influencers to Attend the Pro-TikTok Rally in DC

• Experts published PoC exploit code for Veeam Backup & Replication bug

• Cryptocurrency Scams: What to Know and How to Avoid Them

• New federal website offers grants info and research to counter domestic terrorism

• City building a talent pipeline for a quantum-enabled workforce

• States want to see some digital ID before you visit that porn site

• The best home security systems of 2023: Expert reviewed

• Fake ChatGPT Extension Hijacks Facebook Accounts

• Industry reps like CISA’s public-private cybersecurity collaborative, but offer tips on how to scale it

• role-based access control (RBAC)

• Why Access Control Should Be a Core Focus for Enterprise Cybersecurity

• Why Continuous Monitoring of AWS Logs Is Critical To Secure Customer and Business-Specific Data

• CISA, NSA Issue Guidance for IAM Administrators

• What Are the Benefits of Java Module With Example

• Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office

• S3 Ep127: When you chop someone out of a photo, but there they are anyway…

• How chat comments can supercharge safety net programs

• Bundestag Bungle: Political Microtargeting of Facebook Users Draws Ire

• Cisco fixed multiple severe vulnerabilities in its IOS and IOS XE software

• Accenture To Cut 19,000 Jobs, After Lowering Forecasts

• Cybersecurity 101: What is Attack Surface Management?

• FTC seeks info on cloud computing market’s influence

• Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy

• China-Aligned “Operation Tainted Love” Targets Middle East Telecom Providers

• New Government Cyber Security Strategy Vital For Healthcare

• 2023-03-22 – Emotet Epoch 4 activity

• SharePoint Phishing Scam Targets 1600 Across US, Europe

• MITRE Rolls Out Supply Chain Security Prototype

• Epidemic of Insecure Storage, Backup Devices Is a Windfall for Cybercriminals

• The Board of Directors Will See You Now

• Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts

• BlackGuard stealer extends its capabilities in new variant

• Government Launches NHS Cyber Security Strategy

• North Korean Hackers Attack Gmail Users With Malicious Chrome Extensions

• What Are the Different Types of API Testing?

• New HUD playbook guides underserved communities in accessing broadband funding

• Stop using your browser’s built-in password manager. Here’s why

• Europe’s transport sector terrorised by ransomware, data theft, and denial-of-service attacks

• 37M Subscribers Streaming Platform Lionsgate Exposes User Data

• Security Observability: How it Transforms Cloud Security

• A Privacy Flaw in Windows 11’s Snipping Tool Exposes Cropped Image Content

• How To Secure Your Twitter Account Without Sms-Based Two-Factor Authentication

• FTX Agrees Deal To Recover $400m From Hedge Fund

• What Is Pen Testing?

• Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform

• New Post-Exploitation Attack Method Found Affecting Okta Passwords

• Fake ChatGPT for Google extension hijacks Facebook accounts

• Threat actor Kimsuky using rogue browser extensions to steal data from users’ Gmail Inboxes

• New Android Botnet Nexus Being Rented Out on Russian Hacker Forum

• Soldiers can now steer robot dogs with brain signals

• Quantum sensing has ‘critical’ potential for electrical grid, official says

• Okta Post-Exploitation Method Exposes User Passwords

• Nexus, an emerging Android banking Trojan targets 450 financial apps

• Bill Gates: OpenAI GPT Most Important Tech Advance Since 1980

• New Android Botnet Nexus Being Rented on Russian Hacker Forum

• March 2023 Web Server Survey

• BreachForums taken down after arrest of alleged owner

• Just 1% of Nonprofit Domains Have Basic DMARC Email Security Protections

• Revising, or Rejecting, ‘Reasonable Prospect of Success’ in Just Wars? Lessons From Ukraine

• Two New Bills on TikTok and Beyond: The DATA Act and RESTRICT Act

• How Technology Is Changing the Real Estate Landscape in Portugal: A Buyer’s Agent Perspective

• Analysts share 8 ChatGPT security predictions for 2023

• Study: Software Vendors Needed A 3rd-Party Monetization Solution. Here’s Their Experience Using Thales’ Sentinel

• CISA, NSA Push Identity And Access Management Framework

• Threat Actor Attempted Email Compromise Attack For $36 Million

• B-List Celebs Including Lindsay Lohan Fined After Crypto Shill Probe

• ChatGPT Bug Leaked Users’ Conversation Histories

• Aloria, Who Made Us All Laugh For Years With Infosec Reactions, Passes Away At 41

• German and South Korean Agencies Alerts of Kimsuky’s Attacks

• OpenAI CEO admits a bug allowed some ChatGPT users to see others’ conversation titles

• Alert Organizations About Aveva HMI, SCADA Vulnerabilities

• LockBit Attacks Oakland with Ransomware Twice in as Many Weeks

• The Role of Identity Detection and Response (IDR) in Safeguarding Government Networks

• Six Ways to Secure Your Organization on a Smaller Budget

• Understanding Managed Detection and Response – and what to look for in an MDR solution

• Cisco Patches High-Severity Vulnerabilities in IOS Software

• Are You Talking to a Carbon, Silicon, or Artificial Identity?

• A common user mistake can lead to compromised Okta login credentials

• Computer Turns on but Monitor Says No Signal – 9 Ways to Fix

• Using AI in Business: The Benefits and Challenges

• What Is Nmap and How to Use It to Enhance Network Security

• SEC Charges Celebrities Over Cryptocurrency Endorsements

• Tackling the Challenge of Actionable Intelligence Through Context

• ‘Nexus’ Android Trojan Targets 450 Financial Applications

• Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps

• Dole discloses data breach after February ransomware attack

• Malicious ChatGPT Chrome Extension Targets Facebook Accounts

• 2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacks

• Ferrari Warns Customers Their Personal Data Might Have Been Hijacked

• OpenAI Fixes Bug With ChatGPT That Exposed User Chats

• Trump vows to ‘shatter the deep state,’ revive Schedule F and move more agencies out of D.C.

• Mass Ransomware Attack

• MyCena Improves Customer Data Access Protection in Call Centers and BPOs

• AI Malware, Copilot, & Passkeys – Intego Mac Podcast Episode 284

• Beware of Phishing Scams 3.0- The email you receive might not be from who you think it is

• UK Government Sets Out Vision for NHS Cybersecurity

• Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers

• Half of Britons feel they are victims of ‘Sonic Snooping’

• Dole Says Employee Information Compromised in Ransomware Attack

• IoT Startup OP[4] Launches With Vulnerability Management Platform

• Study: Software Vendors Needed A 3rd-Party Monetization Solution. Here’s Their Experience Using Thales’ Sentinel.

• Pwn2Own Vancouver 2023 Day 1: Windows 11 and Tesla hacked

• Another Fake ChatGPT Extension Found in Google Chrome Store

• Threat Actors Use the MageCart Malware in New Credit Card Data Stealing Campaign

• ITIL For Change Management and Continuous Improvement – Powered by Tripwire

• Irish Food Giant Dole Admits Employee Data Breach

• Malicious ChatGPT Chrome Extension Hijacks Facebook Accounts

• Fortune 500 Company Names Found in Compromised Password Data

• Secure mail

• New Instagram scam uses fake SHEIN gift cards as lure

• Attackers hit Bitcoin ATMs to steal $1.5 million in crypto cash

• How to Fix PS4 Controller Light Is Red? – The Ultimate Fix

• Do you know what your supply chain is and if it is secure?

• Shell DDoS Malware Attacks Poorly Managed Linux SSH Servers

• German and South Korean Agencies Warn of Kimsuky’s Expanding Cyber Attack Tactics

• Developing an incident response playbook

• Bogus ChatGPT extension steals Facebook cookies

• 5 Ways CIAM Ensures a Seamless and Secure Customer Experience

• A closer look at TSA’s new cybersecurity requirements for aviation

• B-List celebs including Lindsay Lohan fined after crypto shill probe

• B-List celebs including Lindsay Lohan fined after shilling crypto

• How to add a backup two-step login provider to Bitwarden

• Path to Leadership with IBM Managing Partner Dr. Shue-Jane Thompson

• Cyber threats to EU transport sector sends urgent call for enhanced cybersecurity

• Best practices to secure digital identities

• What are Passkeys, and how do they work?

• Regula updates IDV products to improve document and biometric verification

• Lightspin Remediation Hub helps users fix the cloud security threats

• Secureworks Security Posture Dashboard enables businesses to understand their cyber readiness

• Vumetric PTaaS platform simplifies cybersecurity assessments for organizations

• Top 5 security risks for enterprise storage, backup devices

• South Korea fines McDonald’s for data leak from raw SMB share

• Network Protection: How to Secure a Network

• Verosint partners with Ping Identity to detect and block account fraud

• Google Pixel: Cropped or edited images can be recovered

• New Kritec Magecart skimmer found on Magento stores

• Jason Garoutte joins Veza as CMO

• ShellBot DDoS Malware Targets Linux SSH Servers

• Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

• Lionsgate streaming platform with 37m subscribers leaks user data

• Courts Should Let You Sue Federal Officials Who Violate Your Right to Record

• Cisco kindly reveals proof of concept attacks for flaws in rival Netgear’s kit

• IT Security News Daily Summary 2023-03-22

• CISA Warns on Unpatched ICS Vulnerabilities Lurking in Critical Infrastructure

• Lightspin Launches Remediation Hub to Identify and Fix Cloud Security Threats

• Bug in Google Markup, Windows Photo-Cropping Tools Exposes Removed Image Data

• Rogue ChatGPT extension FakeGPT hijacked Facebook accounts

• Journalist hurt by exploding USB bomb drive

• IRS Taxpayer Advocate says Congress shortchanged IT modernization efforts

• How a data ecosystem can quell the opioid crisis

• There’s no way you’re still using Consumer Messaging Apps for Business

• Top 5 Questions to Ask When You’re Building a Cloud Security Strategy

• Vulnerability Prioritization is Not a One-Size Fits All Approach

• Why Businesses Need to Leverage the NIST Post Quantum Cryptographic Standards to Fortify Their Cybersecurity Future

• Remaining Proactive at Identifying Risks Keeps You Ahead of Hackers

• XM Cyber Announces Acquisition of Confluera, Adding Run-Time Protection on Cloud Workloads

• Vectra Unifies AI-Driven Behavior-Based Detection and Signature-Based Detection

• Splunk adds new security and observability features

• States recognizing DAOs as they embrace blockchain

• AST Unveils 2022 CHAMPIONS Edition ‘Fully Interactive’ Magazine

• Lawsuit Claims Facebook Turned Blind Eye To Sex Trafficking

• Your Guide to Vulnerability Scanning

• Cachet 2.4: Code Execution via Laravel Configuration Injection

• DOT awards $94 million for innovative transportation tech

• DISA wants a new platform to oversee diverse cloud networks

• UK Watchdog Rules Against Broadcom’s $61bn VMware Buy

• 8 best enterprise accounting software for 2023

• Windows 11 also vulnerable to “aCropalypse” image data leakage

• Experts released PoC exploits for severe flaws in Netgear Orbi routers

• TikTok CEO Says US Data Never Shared With Chinese Government

• ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks

• Backslash Snags $8M Seed Financing for AppSec Tech

• BreachForums Shuts Down After Admin’s Arrest

• GNOME 44 features improved settings panels for Device Security

• Cyber spring cleaning: Organizing your digital home

• Report: Too many enterprises have shadow IT – unlocked doors with no cameras

• New Android Banking Trojan ‘Nexus’ Promoted As MaaS

• Windows 11 Snipping Tool Vulnerability Exposes Sensitive Data

• Analysis: Where Next As Europol Hails Rare DoppelPaymer Ransomware Success

• How CIAM safely orchestrates your customers’ journey and its benefits

• An assessment of ransomware distribution on darknet markets

• Broken Object Level Authorization: API security’s worst enemy

• Virgin Orbit Nears Deal For Emergency Funding, After UK Launch Failure

• Senators request cyber safety analysis of Chinese-owned DJI drones

• CISA and NSA Enhance Security Framework With New IAM Guide

• BreachForums Shuts Down in Wake of Leader’s Arrest

• 10 Vulnerabilities Types to Focus On This Year

• Google Suspends Chinese Shopping App Pinduoduo Over Malware Concerns

• Russia and China intend to become world leaders in IT, Cyber Security and Artificial Intelligence

• OneWeb Gives Up On Recovery Of Russia-Stranded Satellites

• States debate whether to restrict—or invite—crypto mining

• Chrome 111 Update Patches High-Severity Vulnerabilities

• High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian

• Hackers Drain Bitcoin ATMs Of $1.5 Million By Exploiting 0-Day Bug

• Unknown Actors Deploy Malware To Steal Data In Occupied Regions Of Ukraine

• Xi, Putin, Declare Intent To Rule The World Of AI, Infosec

• Now Patched Outlook Zero Day Gains PoC And Growing Concerns

• Report: Wartime Hacking Is Spilling Into The Financial Sector

• Connect, secure, and simplify your network resources with Azure Virtual Network Manager

• Google to Reduce SSL Certificate Lifespan to 90 Days

• Cyber insurance carriers expanding role in incident response

• An Arrested Administrator Shut Down the Notorious Hacking Forum

• Emotet is back: Microsoft OneNote is not a safe place anymore

• ENISA: Ransomware became a prominent threat against the transport sector in 2022

• The Technology Behind Bitcoin Codes: How They Work And Why They Matter

• Cyber Scammers now Experimenting With QR Codes

• Container Drift: Where Age isn’t Just a Number

• How to Keep Incident Response Plans Current

• Google Bans Chinese App Pinduoduo Over Security Concerns

• Vulnerability Management Automation: A Mandate, Not A Choice

• Court Dismisses Gamers Lawsuit Over Microsoft Activision Purchase

• Malware Trends: What’s Old is Still New

• CISA Expands Cybersecurity Committee, Updates Baseline Security Goals

• BreachForums Shut Down Over Law Enforcement Takeover Concerns

• CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems

• Ransomware Gang BianLian Switches to Extortion as its Primary Goal

• Is Your Child in Actual Danger? Wary of Family Emergency Voice-Cloning Frauds

• What is the Purpose of Employee Monitoring Software?

• Meta’s security manager targeted by Greek espionage

• Enforcement of Cybersecurity Regulations: Part 1

• Congress Should Reform Section 230 in Light of the Oral Argument in Gonzalez

• German political parties accused of microtargeting voters on Facebook

• Windows 11 and 10’s Snipping Tools Vulnerable to Data Exposure

• ScarCruft’s Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques

• Spain Needs More Transparency Over Pegasus: EU Lawmakers

• Burnout in Cybersecurity – Can it be Prevented?

• Preventing Insider Threats in Your Active Directory

• Real Talk with CCSPs: An Interview with Panagiotis Soulos

• Virgin Media O2 In Talks Over £3bn CityFibre Bid – Report

• The TikTok CEO’s Face-Off With Congress Is Doomed

• ChatGPT Privacy Flaw

• Ferrari Data Breach: The Industry has its say

• Top 5 Zaggle Alternatives and Useful Business Tips

• Types of Cybercrime

• VIN Cybersecurity Exploits and How to Address Them in 2023

• 5 Key Components of Cybersecurity Hardening

• Virtual Event Today: Supply Chain & Third-Party Risk Summit

• Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA

• Security Researchers Spot $36m BEC Attack

• ShellBot DDoS Malware Targets Poorly Managed Linux Servers

• BreachForums current Admin Baphomet shuts down BreachForums

• Just 1% of Dot-Org Domains Are Fully DMARC Protected

• NAPLISTENER: New Malware in REF2924 Group’s Arsenal for Bypassing Detection

• Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware

• Ransomware Attacks Double in Europe’s Transport Sector

• BreachForums Admin Baphomet Closes The Hacking Forum

• These 15 European startups are set to take the cybersecurity world by storm

• New PowerMagic and CommonMagic Malware Used by Threat Actors to Steal Data

• Another GoAnywhere Attack Affects Japanese Giant Hitachi Energy

• Using Artificial Intelligence in Trading: Everything You Need to Know – Guide 2023

• Insights from an external incident response team: Strategies to reduce the impact of cybersecurity attacks

• 8 Common Cybersecurity issues when purchasing real estate online: and how to handle them

• Why performing security testing on your products and systems is a good idea

• Independent Living Systems data breach impacts more than 4M individuals

• New NAPLISTENER Malware Used by REF2924 Group to Evade Network Detection

• Unknown actors deploy malware to steal data in occupied regions of Ukraine

• Bridging the cybersecurity readiness gap in a hybrid world

• Why you should treat ChatGPT like any other vendor service

• Enhance security while lowering IT overhead in times of recession

• BreachForums Administrator Baphomet Shuts Down Infamous Hacking Forum

• Hackers Weaponized and Exploited Over 55 Zero-days in Microsoft, Google, and Apple

• 3 customer experience tips for feds from feds

• How to combat hardware Trojans by detecting microchip manipulations

• Splunk enhances its unified security and observability platform

• AlertEnterprise launches Guardian SOC Insights suite to improve physical security operations

• WALLIX SaaS Remote Access allows organizations to regain control of external remote access

• Verosint SignalPrint identifies potentially malicious accounts

• SailPoint Non-Employee Risk Management reduces third-party risk

• India’s absurd infosec reporting rules get just 15 followers

• Google Suspends Chinese Shopping App Amid Security Concerns

• BreachForums shuts down … but the RaidForums cybercrime universe will likely spawn a trilogy

• Xi, Putin, declare intent to rule the world of AI, infosec

• Observability will transform cloud security

• Aembit emerges from stealth and raises $16.6 million

• CIS expands partnership with Akamai to protect state and local governments

• Stratodesk partners with deviceTRUST to improve security in today’s hybrid work environment

• BreachForums shuts down … but the RaidForums cybercrime universe will likely become a trilogy

• Solving the Kubernetes Security Puzzle

• A look at a Magecart skimmer using the Hunter obfuscator

• The NBA tells fans about data breach

• Malware creator who compromised 10,000 computers arrested

• How You Can Tell the AI Images of Trump’s Arrest Are Deepfakes

Generated on 2023-03-23 23:55:27.120928