IT Security News Daily Summary 2023-03-31

• Treading Water: The Struggle Against Third-Party Vulnerabilities and How True Automation Can Help.

• Dependency Poker for Scrum Teams

• The best travel VPNs of 2023: Expert tested

• Pro-Islam ‘Anonymous Sudan’ Hacktivists Likely a Front for Russia’s Killnet Operation

• Mimecast Report Reveals Nearly 60% of Companies in UAE and Saudi Arabia Need to Increase Cybersecurity Spending

• The FDA’s Medical Device Cybersecurity Overhaul Has Real Teeth, Experts Say

• New Cylance Ransomware Targets Linux and Windows, Warn Researchers

• Space Force is building a virtual training ground for space conflict

• Stupid Patent of the Month: Traxcell Tech Gets Ordered To Pay Attorneys’ Fees

• S4x23 Review Part 4: Cybersecurity for Industrial IoT

• How one state looks to shared cyber services to defend rural areas

• Study: Women in cybersecurity feel excluded, disrespected

• Hackers are actively exploiting a flaw in the Elementor Pro WordPress plugin

• NYPD blues: Cops ignored 93 percent of surveillance law rules

• IG: Social Security isn’t moving fast enough on agile development

• How to Solve IoT’s Identity Problem

• Adaptive Access Technologies Gaining Traction for Security, Agility

• A Machine With First Amendment Rights

• PRODUCT REVIEW: Trend Micro Cloud One

• Report: 39% of VA IT contract awards didn’t have CIO approval

• German Police Raid DDoS-Friendly Host ‘FlyHosting’

• After Students Challenged Proctoring Software, French Court Slaps TestWe App With a Suspension

• The best home security systems of 2023: Expert reviewed

• Glitch in system upgrade identified as cause of delays at Singapore immigration

• Is Decentralized Identity About to Reach an Inflection Point?

• Ukraine Busts Gang for Massive $4.3 Million Phishing Scams

• Chinese Hackers Using KEYPLUG Backdoor to Attack Windows & Linux Systems

• Working in cybersecurity and zero trust with Ericom Software’s David Canellos

• CISA Moving Further Towards Pre-Emptive Stance with Ransomware Attack Alert System

• Latest Cyberthreats and Advisories – March 31, 2023

• Women in Cybersecurity – History to Today

• A new resource to roll out responsible AI

• FDA Announces New Cybersecurity Requirements for Medical Devices

• Italy’s Privacy Watchdog Blocks ChatGPT Amid Privacy Concerns

• The Role of International Assistance in Cyber Incident Response

• FDA Sets New Medical Devices Cybersecurity Standards

• NATO and Diplomats’ Email Portals Targeted by Russian APT Winter Vivern

• NHS IT systems under disruption threat due to cyber attack on Capita

• Modular “AlienFox” Toolkit Used to Steal Cloud Service Credentials

• New Azure Flaw “Super FabriXss” Enables Remote Code Execution Attacks

• Vulkan Playbook Leak Exposes Russia’s Plans for Worldwide Cyberwar

• Apple’s iOS 16.4: Security Updates Are Better Than New Emoji

• Know These Potential Drawbacks Before Joining New Social Media Sites

• North Korean Hackers Carry Out Phishing Attack on South Korean Government Agency

• CISA Warns of Vulnerabilities in Propump and Controls’ Osprey Pump Controller

• Report: Chinese State-Sponsored Hacking Group Highly Active

• PCI DSS 12 requirements

• Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability

• AlienFox Toolset Harvests Credentials From 18 Cloud Services

• Pro-Russia Cyber Gang Winter Vivern Puts US, Euro Lawmakers In Line Of Fire

• Hacking Campaign Exploited Zero Day Tied To Spyware Firm

• ChatGPT Banned In Italy Over Privacy Concerns

• Study Reveals WiFi Protocol Vulnerability Exposing Network Traffic

• Is It Time to Start Hiding Your Work Emails?

• US Space Force Requests $700M for Cybersecurity Blast Off

• Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M

• Leading Tech Talent Issues Open Letter Warning About AI’s Danger to Human Existence

• Security Copilot: Microsoft Employes GPT-4 to Improve Security Incident Response

• Lumen Technologies Hit by Two Cyberattacks

• Votiro Raises $11.5 Million to Prevent File-Borne Threats

• What CISOs Can Do to Build Trust & Fight Fraud in the Metaverse

• Late Efforts at the International Law Commission to Decriminalize the Crime of Aggression Is Wrong in Law

• Maintaining Data Integrity With Growing Cybersecurity Concerns

• Post-Quantum Satellite Protection Rockets Towards Reality

• Privacy Implications of Web 3.0 and Darknets

• Face Biometric Authentication: Pros and cons

• Ukrainian Authorities Stop a Phishing Scam Worth $4.3 million

• Latest Cyberthreats and Advisories – March 31, 2023

• Leaked Vulkan Files Reveal Kremlin’s Cyberwarfare Tactics

• Top 60 Cybersecurity Startups to Watch

• Deep Dive Into 6 Key Steps to Accelerate Your Incident Response

• Cyber Police of Ukraine Busted Phishing Gang Responsible for $4.33 Million Scam

• Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months

• Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks

• Smart Grid Fragility, a Constant Threat for the European and American Way of Living

• Psst! Infosec bigwigs: Wanna be head of security at HM Treasury for £50k?

• Virgin Orbit Lays Off 85 Percent Of Staff

• 3CX Supply Chain Attack — Here’s What We Know So Far

• Russian APT group Winter Vivern targets email portals of NATO and diplomats

• Ukraine Cyberpolice Dismantles Fraud Ring That Stole $4.3 million

• For Cybersecurity, the Tricks Come More Than Once a Year

• Warning: Threat Actors Compromise 3CX Desktop App in a Supply Chain Attack

• Best Practices for Effective Identity Lifecycle Management (ILM)

• Japan Joins US, Netherlands, In Chip Export Restrictions To China

• NHS Highland ‘reprimanded’ by data watchdog for BCC blunder with HIV patients

• Severe Azure Vulnerability Led to Unauthenticated Remote Code Execution

• UK Regulator: HIV Data Protection Must Improve

• GCHQ Updates Security Guidance for Boards

• Ukrainian Police Bust Multimillion-Dollar Phishing Gang

• Can’t Clear Your Browser History? Here’s How to Fix It

• Using Data and Analytics to Improve Hedge Fund Performance: Strategies and Techniques

• Red Hat Shares – Security automation

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows?

• Pro-Russia cyber gang Winter Vivern puts US, Euro lawmakers in line of fire

• The UK Government Shares New Strategy to Boost NHS Cybersecurity by 2030

• Azure ADを使用するマルチテナント アプリケーションの承認に関する構成ミスの可能性に関するガイダンス

• Gamers playing with real money should be wary of scammers.

• Apple’s iOS 16.4: Security Updates Are Better Than a Goose Emoji

• Overcoming obstacles to introduce zero-trust security in established systems

• New infosec products of the week: March 31, 2023

• Sundry Files – 274,461 breached accounts

• Cloud diversification brings complex data management challenges

• Leveraging network automation to enhance network security

• The foundation of a holistic identity security strategy

• Real Talk with CCSPs: An Interview with Panagiotis Soulos

• BlackGuard stealer extends its capabilities in new variant

• ReasonLabs Dark Web Monitoring identifies malicious online activity

• AttackIQ Ready! gives security teams a clear portrait of their security program performance

• Intruder unveils API scanning to help organizations reduce exposure

• OSC&R open software supply chain attack framework now on GitHub

• authentication factor

• CSR (Certificate Signing Request)

• World Backup Day is here again – 5 tips to keep your precious data safe

• Leaked Reality – 114,907 breached accounts

• Leaked IT contractor files detail Kremlin’s stockpile of cyber-weapons

• 3CX Desktop App Supply Chain Attack Targets Millions – Known Facts and First Expert Comments

• Azure blunder left Bing results editable, MS 365 accounts potentially exposed

• Microsoft adds GPT-4 to its defensive suite in Security Copilot

• Former President Trump Indicted

• Smart home assistants at risk from “NUIT” ultrasound attack

• 3CX desktop app used in a supply chain attack

• “BingBang” flaw enabled altering of Bing search results, account takeover

• Update now! Apple fixes actively exploited vulnerability and introduces new features

• Votiro raises $11.5 million to accelerate global expansion

• IBM partners with Wasabi to power data insights across hybrid cloud environments

• Cynerio and Sodexo join forces to address growing threats to medical IoT devices

• Certa collaborates with ID-Pal to simplify third-party onboarding

• Digital Rights Updates with EFFector 35.4

• Azure flaw left Bing results editable and MS 365 accounts exposed

• CISO’s Guide to Presenting Cybersecurity to Board Directors

• The Human Aspect in Zero Trust Security

• Russian Cyberwarfare Documents Leaked

• Automatic Updates Deliver Malicious 3CX ‘Upgrades’ to Enterprises

• Trump’s Indictment Marks a Historic Reckoning

• Security leaders are finally getting a seat at the table with corporate leadership – make good use of your time there

• As Cyber Attacks Target Large Corporates, Teams Need to Evolve Data Security

• AlienFox malware caught in the cloud hen house

• IT Security News Daily Summary 2023-03-30

• Lessons from the metaverse

• Facebook Will Finally Allow Users To Opt Out Of Data Tracking In Europe

• Super FabriXss vulnerability in Microsoft Azure SFX could lead to RCE

• IRS tax forms W-9 email scam drops Emotet malware

• Compress File Using Mule 4 With AES 256 Encryption

• Every state sees tech workforce gains, report says

• How smaller agencies are working to close their technology talent gaps

• Report: Terrible employee passwords at world’s largest companies

• BEC Fraudsters Expand to Snatch Real-World Goods in Commodities Twist

• Ironing Out The macOS Details Of A Smooth Operator

• Secret Trove Offers Rare Look Into Russian Cyberwar Ambitions

• The new AI boom could increase data breaches, if companies aren’t held responsible

• Singapore bank faces regulatory action over ‘unacceptable’ digital service outage

• 3CX desktop app compromised, abused in supply chain attack

• New AlienFox toolkit harvests credentials for tens of cloud services

• The Future of Fintech Applications

• ChatGPT Ready to Write Ransomware But Failed to Go Deep

• Low-Code and No-Code Are the Future of Work — For IT and Beyond

• Ransomware attacks skyrocket as threat actors double down on U.S., global attacks

• Microsoft Patches ‘Dangerous’ RCE Flaw in Azure Cloud Service

• Court Grants Twitter Subpoena To Identify Source Code Leaker

• The challenges of collective cyber defense

• Anti-Bot Software Firm DataDome Banks $42M Financing

• Supply chain blunder puts 3CX telephone app users at risk

• Vulnerability Enabled Bing.com Takeover, Search Result Manipulation

• DataDome Closes $42M in Series C Funding to Advance the Fight Against Bot-Driven Cyberattacks and Fraud

• Organizations Reassess Cyber Insurance as Self-Insurance Strategies Emerge

• Researchers Detail Severe “Super FabriXss” Vulnerability in Microsoft Azure SFX

• GSA releases new 5G acquisition guidance for agencies

• cardholder data (CD)

• S3 Ep128: So you want to be a cyber­criminal? [Audio + Text]

• Socura Launches Managed SASE (MSASE) Service

• Google Uncovers more Details on Spanish-made Spyware that Targeted UAE Users

• Sam Bankman-Fried Pleads Not Guilty To Additional Charges

• Spyware Vendors Exploit 0-Days On Android and iOS Devices

• Italian agency warns ransomware targets known VMware vulnerability

• 2022 Industry Threat Recap: Finance and Insurance

• Localize this: Public reporting of opioid settlement cash

• Amid AI craze, what will it take for firms to take data security seriously?

• North Korean Hackers Use Trojanized 3CX DesktopApp in Supply Chain Attacks

• Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor

• Afghanistan Requires a Change from Humanitarian Business as Usual

• Supply Chain Attack By Hackers On 3CX Desktop App

• Do you use comms software from 3CX? What to do next after biz hit in supply chain attack

• Clearview: Face Recognition Software Used by US Police

• iCloud Keychain Data and Passwords are at Risk From MacStealer Malware

• Judge Rules Google Deleted Chats In Antitrust Case

• Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks

• S3 Ep128: So you want to be a cybercriminal? [Audio + Text]

• Over 70% of Employees Keep Work Passwords on Personal Devices

• Apple acquires WaveOne that uses AI to compress videos

• Azure vulnerability allowed hackers to manipulate Bing results and take over accounts

• How Digital Twins Can Prevent the Metaverse from Becoming a Fad

• A Clear Road to Net Zero – Tackling Data Centre Sustainability Myths

• PCI DSS merchant levels

• Is your TikTok account hiding enemies of the state? How do you know?

• FDA Protects Medical Devices Against Cyber-Threats With New Measures

• 3CX voice and video conferencing software victim of a supply chain attack

• Ransomware gangs are exploiting IBM Aspera Faspex RCE flaw (CVE-2022-47986)

• US Healthcare Startup Brightline Impacted by Fortra GoAnywhere Assaults

• Why First-Party Data is the Key to Improving the Customer Experience

• Staying Safe in Our New AI World: How Organisations Can Protect Themselves

• The 10 Best Cybersecurity Companies in the UK

• Hackers Used Spyware Made In Spain To Target Users In The UAE

• Pro-Russian Hackers Target Elected US Officials Supporting Ukraine

• FDA Will Refuse New Medical Devices For Cybersecurity Reasons

• Court Orders GitHub To Reveal Who Leaked Twitter’s Source Code

• 6 Malware Removal Tips for Mac

• Can AWS Be Hacked? What You Need to Know

• The Risk and Reward of ChatGPT in Cybersecurity

• Why Leaders Must Embrace Technological Chaos

• X-Force Prevents Zero Day from Going Anywhere

• And Stay Out! Blocking Backdoor Break-Ins

• Azure Pipelines vulnerability spotlights supply chain threats

• Only 10% of workers remember all their cyber security training

• Companies Affected by Ransomware [2022-2023]

• Street Fighter 5 Not Launching? Here are 8 Easy Solutions

• Microsoft uses carrot and stick with Exchange Online admins

• Broadcom’s $61bn VMware Deal Faces Phase 2 CMA Probe

• Stop Blaming the End User for Security Risk

• Popular PABX platform, 3CX Desktop App suffers supply chain attack

• Why Endpoint Resilience Matters

• Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks

• 500k Impacted by Data Breach at Debt Buyer NCB

• New Mélofée Linux malware linked to Chinese APT groups

• How China’s Spies Fooled an America That Wanted to be Fooled

• What Is User Provisioning?

• How to stay safe while using public Wi-Fi

• Securing cloud tech stacks with zero trust will drive growth of confidential computing

• DataDome raises $42M to leverage machine learning for confronting bot attacks

• New Wi-Fi Protocol Security Flaw Affecting Linux, Android and iOS Devices

• US Gives Costa Rica $25M For Eradication Of Conti Ransomware

• NullMixer Campaign: A Threat to Cybersecurity

• New CISSP Exam Registration Process for 2023

• 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component

• Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data

• Cyberstorage: Leveraging the Multi-Cloud to Combat Data Exfiltration

• 3CX customers targeted via trojanized desktop app

• APT43: A New Cyberthreat From North Korea

• Microsoft Rolls Out Security Copilot For Swift Incident Response

• Amazon Opens Sidewalk Mesh Network To Third-Party Devices

• Top Vulnerabilities in 2023 and How to Block Them

• AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services

• Advanced AI Poses Risk To Humanity, Open Letter Warns

• UK Introduces Mass Surveillance With Online Safety Bill

• The U.K. Police Hunts Cybercriminals with Fake DDoS-as-a-service Sites

• Technology Meets Gambling: How to Get The Most Out of Your Live Casino Experience

• Volume of HTTPS Phishing Sites Surges 56% Annually

• Selecting the right MSSP: Guidelines for making an objective decision

• iOS vs. Android – Which Is The More Secure Platform?

• NCA Celebrates Multimillion-Pound Fraud Takedowns

• ChatGPT and copywriting

• The Role of AI in Digital Marketing: Opportunities and Challenges

• The most important email conversation you will ever have

• New Mac Malware, and Stolen Session Cookies – Intego Mac Podcast Episode 285

• Thieves Steal $9m from Crypto Liquidity Pool

• 3CX Desktop App Supply Chain Attack Leaves Millions at Risk – Urgent Update on the Way!

• What Is the Ghost of Tsushima Legends Mode – Everything You Need to Know

• 3CXDesktop App Trojanizes in A Supply Chain Attack: Check Point Customers Remain Protected

• 3CX Desktop App Targeted in Supply Chain Cyber Attack, Affecting Millions of Users

• Do you know what your supply chain is and if it is secure?

• Developing Story: Information on Attacks Involving 3CX Desktop App

• 3CXDesktop App Trojanizes in A Supply Chain Attack: Check Point customers remain protected

• World Backup Day 2023: Five Essential Cyber Hygiene Tips

• US Federal agencies banned from using foreign spyware

• Warning: Your wireless networks may leak data thanks to Wi-Fi spec ambiguity

• Porn ID Laws: Your State or Country May Soon Require Age Verification

• Dangerous misconceptions about emerging cyber threats

• Scan and diagnose your SME’s cybersecurity with expert recommendations from ENISA

• Protect your entire business with the right authentication method

• The rise of biometrics and decentralized identity is a game-changer for identity verification

• alphaMountain has launched a new Cyber Threat analysis platform called “threatYeti”

• Elon Musk says AI Machines could launch their own Cyber Attacks

• Another year, another North Korean malware-spreading, crypto-stealing gang named

• There’s a chronic shortage of talent in cybersecurity, Microsoft says

• BreachLock API Penetration Testing Service prevents exploits of unpatched APIs

• BigID’s privacy suite discovers and classifies all CPRA-related data

• LOKKER Web Privacy Risk Score helps organizations measure and mitigate online privacy threats

• The best defense against cyber threats for lean security teams

• The cost-effective future of mainframe modernization

• Smugglers busted sneaking tech into China

• Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT

• Spera Takes Aim at Identity Security Posture Management

• 8 Proven Ways to Combat End-of-Life Software Risks

• Malware disguised as Tor browser steals $400k in cryptocash

• QuSecure partners with Accenture to conduct multi-orbit data transmission secured with PQC

• Netskope and Zoom collaborate to improve security posture and maintaining compliance

• NanoLock and ISTARI team up to protect OT manufacturing environments

• Data Lakehouses: The Future of Scalable, Agile, and Cost-Effective Data Infrastructure

• Spira Takes Aim at Identity Security Posture Management

• BingBang: How A Simple Developer Mistake Could Have Led To Bing.com Takeover

• The US Is Sending Money to Countries Devastated by Cyberattacks

• ChatGPT happy to write ransomware, just really bad at it

• “Log-out king” Instagram scammer gets accounts taken down, then charges to reinstate them

• GSA makes a case for Login.gov on Capitol Hill following scathing report

Generated on 2023-03-31 23:55:24.844103