IT Security News Daily Summary 2023-03-24

• 4 Tips for Better AWS Cloud Workload Security

• Prevent Ransomware with Cybersecurity Monitoring

• Pack it Secretly: Earth Preta’s Updated Stealthy Strategies

• Diffusion models can be contaminated with backdoors, study finds

• DevSecOps puts security in the software cycle

• CyberSecure Announces Strategic Alliance

• Online Dating and Privacy: 6 Tips for Protecting Yourself in the Digital Age – 2023 Guide

• Why Tackling Financial Crime Calls for A Privacy-First Approach

• Why You Can’t Have True Zero Trust Without API Security

• Even after armed with defense tools, CISOs say successful cyberattacks are ‘inevitable’: New study

• GitHub’s Private RSA SSH Key Mistakenly Exposed in Public Repository

• Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

• China-linked hackers target telecommunication providers in the Middle East

• Friday Squid Blogging: Creating Batteries Out of Squid Cells

• ChatGPT Bug Exposed Payment Details of Paid Users

• 8 Best User & Entity Behavior Analytics (UEBA) Tools for 2023

• CISA gives ransomware victims a heads-up

• SMS pumping attacks and how to mitigate them

• How hackers outwit facial ID

• Zoom Zoom: ‘Dark Power’ Ransomware Extorts 10 Targets in Less Than a Month

• Yet Another Health Network Is Sued For Sharing Sensitive Patient Data With Facebook

• Malicious ChatGPT Extensions Add to Google Chrome Woes

• City of Toronto is one of the victims hacked by Clop gang using GoAnywhere zero-day

• CISA unleashes Untitled Goose Tool to honk at danger in Microsoft’s cloud

• How to slam the brakes on account takeover fraud

• Senators try again to advance software license bill

• UK’s NCA infiltrates cybercrime market with fake DDoS sites

• LinusTechTips YouTube channels hacked to promote cryptoscams

• New USP 5.0 Can Run 10K Cameras on Single System with Max Uptime

• Tesla Hacked Twice at Pwn2Own Exploit Contest

• Victory at the Ninth Circuit: Twitter’s Content Moderation is Not “State Action”

• Consumer Product Safety Commission failed to complete mandated future of work plan, report says

• WooCommerce Payments plugin for WordPress has an admin-level hole – patch now!

• Google and Microsoft are bringing AI to Word, Excel, Gmail and more. It could boost productivity for us – and cybercriminals

• CISA Unveils Ransomware Notification Initiative

• Food Giant Dole, Victim of a Ransomware Attack [Updated]

• WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites

• Red Teaming at Scale to Uncover Your Big Unknowns

• GitHub publishes RSA SSH host keys by mistake, issues update

• AV-Comparatives Anti-Phishing Test | Avast

• Hacker demonstrates security flaws in GPT-4 just one day after launch

• ManageEngine AD360 New Nominee in 2023 ‘ASTORS’ Awards Program

• CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections

• GitHub Updates Security Protocol For Operations Over SSH

• Journalist Plugs In Unknown USB Drive Mailed To Him – It Exploded In His Face

• Github Publishes RSA SSH Keys By Mistake, Issues Update

• French Parliament Says Oui To AI Surveillance For 2024 Olympics

• Fugitive Cryptocrash Boss Arrested In Montenegro

• House Leaders Don’t Want CISA’s Reach To Exceed Its Grasp

• Rewind brings ChatGPT into your personal life, but at what cost?

• GitHub Replaces Exposed RSA SSH Key To Keep Git Operations

• Myopenmath Answers: Tech Tips And Strategies For Success

• Killnet targeting healthcare apps hosted on Microsoft Azure

• Gambling is a tech industry. Are Nevada regulators up for the challenge?

• Critical WooCommerce Payments Vulnerability Leads to Site Takeover

• 8 cybersecurity conferences to attend in 2023

• three-factor authentication (3FA)

• Critical flaw in WooCommerce Payments plugin allows site takeover

• What Is Quishing: QR Code Phishing Explained

• Splunk Adds New Security Observability Features

• D.C. Circuit Hears Oral Argument in Bahlul v. United States

• Export Control is Not a Magic Bullet for Cyber Mercenaries

• Synopsys discover new vulnerability in Pluck Content Management System

• Cengage Mindtap Answers: A Guide To Improving Your Online Learning Experience

• Bill Gates Says AI is the Biggest Technological Advance in Decades

• Unpatched ICS Flaws in Critical Infrastructure: CISA Issues Alert

• Data Breach: Data of 168 Million Citizens Stolen and Sold, 7 Suspects Arrests

• Malicious ChatGPT Chrome Extension Steal Facebook Accounts

• Apple Supplier Pegatron Explores Second Factory In India – Report

• Journalist Targeted in USB Drive Bombing Attack

• Stop Using Spring Profiles Per Environment

• CISA Gets Proactive With New Pre-Ransomware Alerts

• PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw

• Application Security Requires More Investment in Developer Education

• Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

• CISA releases free tool for detecting malicious activity in Microsoft cloud environments

• All Batman: Arkham Games in Order of Release Date – A Complete List

• Github publishes RSA SSH host keys by mistake, issues update

• New Attack Targets Online Customer Service Channels

• The right corporate structure is key to balancing risk and user experience

• WooCommerce Payments Plugin Patches Critical Vulnerability

• Chinese Hackers Infiltrate Middle Eastern Telecom Companies

• Find Out What Is a Logic Bomb. Definition, Characteristics, and Protection Measures

• Hacking contest Pwn2Own: Ubuntu, Tesla, macOs and Windows 11 cracked

• Understanding Managed Detection and Response and what to look for in an MDR solution

• Dole confirms employee data was breached following February ransomware attack

• Turning the Unamazing into the Amazing

• Terra Co-Founder Do Kwon Arrested In Montenegro

• TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content

• Watch on Demand: Supply Chain & Third-Party Risk Summit Sessions

• THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps

• Intel vPro platform unveils advanced security measures

• The Most Prevalent Types of Ransomware You Need to Know About

• GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations

• Enhanced Version of the BlackGuard Stealer Spotted in the Wild

• Analysis: Will ChatGPT’s Perfect English Change the Game For Phishing Attacks?

• Is Private 5G the Future of Business Connectivity?

• Pwn2Own Vancouver 2023 Day 2: Microsoft Teams, Oracle VirtualBox, and Tesla hacked

• Exploding USB Sticks

• Silicon In Focus Podcast: The Cybersecurity Skills Gap

• Key Takeaways From TikTok’s CEO Grilling In US Congress

• Reliable SD-WAN Connectivity with Enterprise-Grade Security—The Best of Both Worlds

• Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies

• The City of Toronto, Among This Week’s Victims of GoAnywhere Attacks

• The Importance Of Collaboration: A Look Into The Web Design Agency Process

• City Of Toronto Admits Data Theft, Clop Takes Blame

• Now UK Parliament Bans TikTok from its Network and Devices

• IRS Phishing Emails Used to Distribute Emotet

• Drive-by Download Attack – What It Is and How It Works

• Fifth of Execs Admit Security Flaws Cost Them New Biz

• Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites

• LATEST CYBERTHREATS AND ADVISORIES – MARCH 24, 2023

• Understanding metrics to measure SOC effectiveness

• Top ways attackers are targeting your endpoints

• New infosec products of the week: March 24, 2023

• MITRE’s System of Trust risk model manager improves supply chain resiliency

• Biggest data theft in world history takes place in India

• French parliament says oui to AI surveillance for 2024 Paris Olympics

• Streaming Platform Gaint Lionsgate Exposes Over 37m Users’ Data

• In uncertain times, organizations prioritize tech skills development

• Why organizations shouldn’t fold to cybercriminal requests

• TheGradCafe – 310,975 breached accounts

• Vectra Match helps security teams accelerate threat hunting and investigation workflows

• Zenoss improves security for user credentials with identity management capabilities

• mTLS Everywere

• Do Kwon, Founder of Terraform Labs, Arrested in Montenegro

• Brivo expands mobile credentials by adding employee badge to Apple Wallet

• Kasm collaborates with OCI to offer Workspaces for Oracle

• SecureAuth and HashiCorp join forces to deliver passwordless continuous authentication

• BlackBerry partners with Adobe to deliver secure forms with electronic signatures on mobile

• Uncle Sam reveals it sent cyber-soldiers to Albania to hunt for Iranian threats

• The TikTok Hearing Revealed That Congress Is the Problem

• Converting String to Enum at the Cost of 50 GB: CVE-2020-36620

• Beware: Fake IRS tax email delivers Emotet malware

• BreachForums to be shut down after all for fear of law enforcement infiltration

• Sophos XGS vs Fortinet FortiGate: Top NGFWs Compared

• The D.C. Circuit Gets Weird in the Mar-a-Lago Investigation

• IT Security News Daily Summary 2023-03-23

• How to clear your Google search cache on Android (and why you should)

• Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams

• A million at risk from user data leak at Korean beauty platform PowderRoom

• Critical infrastructure gear is full of flaws, but hey, at least it’s certified

• New Android Malware Targets Customers of 450 Financial Institutions Worldwide

• TikTok Paid for Influencers to Attend the Pro-TikTok Rally in DC

• Experts published PoC exploit code for Veeam Backup & Replication bug

• Cryptocurrency Scams: What to Know and How to Avoid Them

• New federal website offers grants info and research to counter domestic terrorism

• City building a talent pipeline for a quantum-enabled workforce

• States want to see some digital ID before you visit that porn site

• The best home security systems of 2023: Expert reviewed

• Fake ChatGPT Extension Hijacks Facebook Accounts

• Industry reps like CISA’s public-private cybersecurity collaborative, but offer tips on how to scale it

• role-based access control (RBAC)

• Why Access Control Should Be a Core Focus for Enterprise Cybersecurity

• Why Continuous Monitoring of AWS Logs Is Critical To Secure Customer and Business-Specific Data

• CISA, NSA Issue Guidance for IAM Administrators

• What Are the Benefits of Java Module With Example

• Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office

• S3 Ep127: When you chop someone out of a photo, but there they are anyway…

• How chat comments can supercharge safety net programs

• Bundestag Bungle: Political Microtargeting of Facebook Users Draws Ire

• Cisco fixed multiple severe vulnerabilities in its IOS and IOS XE software

• Accenture To Cut 19,000 Jobs, After Lowering Forecasts

• Cybersecurity 101: What is Attack Surface Management?

• FTC seeks info on cloud computing market’s influence

• Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy

• China-Aligned “Operation Tainted Love” Targets Middle East Telecom Providers

• New Government Cyber Security Strategy Vital For Healthcare

• 2023-03-22 – Emotet Epoch 4 activity

• SharePoint Phishing Scam Targets 1600 Across US, Europe

• MITRE Rolls Out Supply Chain Security Prototype

• Epidemic of Insecure Storage, Backup Devices Is a Windfall for Cybercriminals

• The Board of Directors Will See You Now

• Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts

• BlackGuard stealer extends its capabilities in new variant

• Government Launches NHS Cyber Security Strategy

• North Korean Hackers Attack Gmail Users With Malicious Chrome Extensions

• What Are the Different Types of API Testing?

• New HUD playbook guides underserved communities in accessing broadband funding

• Stop using your browser’s built-in password manager. Here’s why

• Europe’s transport sector terrorised by ransomware, data theft, and denial-of-service attacks

• 37M Subscribers Streaming Platform Lionsgate Exposes User Data

• Security Observability: How it Transforms Cloud Security

• A Privacy Flaw in Windows 11’s Snipping Tool Exposes Cropped Image Content

• How To Secure Your Twitter Account Without Sms-Based Two-Factor Authentication

• FTX Agrees Deal To Recover $400m From Hedge Fund

• What Is Pen Testing?

• Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform

• New Post-Exploitation Attack Method Found Affecting Okta Passwords

• Fake ChatGPT for Google extension hijacks Facebook accounts

• Threat actor Kimsuky using rogue browser extensions to steal data from users’ Gmail Inboxes

• New Android Botnet Nexus Being Rented Out on Russian Hacker Forum

• Soldiers can now steer robot dogs with brain signals

• Quantum sensing has ‘critical’ potential for electrical grid, official says

• Okta Post-Exploitation Method Exposes User Passwords

• Nexus, an emerging Android banking Trojan targets 450 financial apps

• Bill Gates: OpenAI GPT Most Important Tech Advance Since 1980

• New Android Botnet Nexus Being Rented on Russian Hacker Forum

• March 2023 Web Server Survey

• BreachForums taken down after arrest of alleged owner

• Just 1% of Nonprofit Domains Have Basic DMARC Email Security Protections

• Revising, or Rejecting, ‘Reasonable Prospect of Success’ in Just Wars? Lessons From Ukraine

• Two New Bills on TikTok and Beyond: The DATA Act and RESTRICT Act

• How Technology Is Changing the Real Estate Landscape in Portugal: A Buyer’s Agent Perspective

• Analysts share 8 ChatGPT security predictions for 2023

• Study: Software Vendors Needed A 3rd-Party Monetization Solution. Here’s Their Experience Using Thales’ Sentinel

• CISA, NSA Push Identity And Access Management Framework

• Threat Actor Attempted Email Compromise Attack For $36 Million

• B-List Celebs Including Lindsay Lohan Fined After Crypto Shill Probe

• ChatGPT Bug Leaked Users’ Conversation Histories

• Aloria, Who Made Us All Laugh For Years With Infosec Reactions, Passes Away At 41

• German and South Korean Agencies Alerts of Kimsuky’s Attacks

• OpenAI CEO admits a bug allowed some ChatGPT users to see others’ conversation titles

• Alert Organizations About Aveva HMI, SCADA Vulnerabilities

• LockBit Attacks Oakland with Ransomware Twice in as Many Weeks

• The Role of Identity Detection and Response (IDR) in Safeguarding Government Networks

• Six Ways to Secure Your Organization on a Smaller Budget

• Understanding Managed Detection and Response – and what to look for in an MDR solution

• Cisco Patches High-Severity Vulnerabilities in IOS Software

• Are You Talking to a Carbon, Silicon, or Artificial Identity?

• A common user mistake can lead to compromised Okta login credentials

• Computer Turns on but Monitor Says No Signal – 9 Ways to Fix

• Using AI in Business: The Benefits and Challenges

• What Is Nmap and How to Use It to Enhance Network Security

• SEC Charges Celebrities Over Cryptocurrency Endorsements

• Tackling the Challenge of Actionable Intelligence Through Context

• ‘Nexus’ Android Trojan Targets 450 Financial Applications

• Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps

• Dole discloses data breach after February ransomware attack

• Malicious ChatGPT Chrome Extension Targets Facebook Accounts

• 2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacks

• Ferrari Warns Customers Their Personal Data Might Have Been Hijacked

• OpenAI Fixes Bug With ChatGPT That Exposed User Chats

• Trump vows to ‘shatter the deep state,’ revive Schedule F and move more agencies out of D.C.

• Mass Ransomware Attack

• MyCena Improves Customer Data Access Protection in Call Centers and BPOs

• AI Malware, Copilot, & Passkeys – Intego Mac Podcast Episode 284

• Beware of Phishing Scams 3.0- The email you receive might not be from who you think it is

• UK Government Sets Out Vision for NHS Cybersecurity

• Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers

• Half of Britons feel they are victims of ‘Sonic Snooping’

• Dole Says Employee Information Compromised in Ransomware Attack

• IoT Startup OP[4] Launches With Vulnerability Management Platform

• Study: Software Vendors Needed A 3rd-Party Monetization Solution. Here’s Their Experience Using Thales’ Sentinel.

• Pwn2Own Vancouver 2023 Day 1: Windows 11 and Tesla hacked

• Another Fake ChatGPT Extension Found in Google Chrome Store

• Threat Actors Use the MageCart Malware in New Credit Card Data Stealing Campaign

• ITIL For Change Management and Continuous Improvement – Powered by Tripwire

• Irish Food Giant Dole Admits Employee Data Breach

• Malicious ChatGPT Chrome Extension Hijacks Facebook Accounts

• Fortune 500 Company Names Found in Compromised Password Data

• Secure mail

• New Instagram scam uses fake SHEIN gift cards as lure

• Attackers hit Bitcoin ATMs to steal $1.5 million in crypto cash

• How to Fix PS4 Controller Light Is Red? – The Ultimate Fix

• Do you know what your supply chain is and if it is secure?

• Shell DDoS Malware Attacks Poorly Managed Linux SSH Servers

• German and South Korean Agencies Warn of Kimsuky’s Expanding Cyber Attack Tactics

• Developing an incident response playbook

• Bogus ChatGPT extension steals Facebook cookies

• 5 Ways CIAM Ensures a Seamless and Secure Customer Experience

• A closer look at TSA’s new cybersecurity requirements for aviation

• B-List celebs including Lindsay Lohan fined after crypto shill probe

• B-List celebs including Lindsay Lohan fined after shilling crypto

• How to add a backup two-step login provider to Bitwarden

• Path to Leadership with IBM Managing Partner Dr. Shue-Jane Thompson

• Cyber threats to EU transport sector sends urgent call for enhanced cybersecurity

• Best practices to secure digital identities

• What are Passkeys, and how do they work?

• Regula updates IDV products to improve document and biometric verification

• Lightspin Remediation Hub helps users fix the cloud security threats

• Secureworks Security Posture Dashboard enables businesses to understand their cyber readiness

• Vumetric PTaaS platform simplifies cybersecurity assessments for organizations

• Top 5 security risks for enterprise storage, backup devices

• South Korea fines McDonald’s for data leak from raw SMB share

• Network Protection: How to Secure a Network

• Verosint partners with Ping Identity to detect and block account fraud

• Google Pixel: Cropped or edited images can be recovered

• New Kritec Magecart skimmer found on Magento stores

• Jason Garoutte joins Veza as CMO

Generated on 2023-03-24 23:55:28.748521