IT Security News Daily Summary 2023-04-26

• Maine Gets Another (Necessary) Opportunity to Defund Its Local Intelligence Fusion Center

• Et esse laboriosam At consequatur nemo eum quibusdam voluptatum?

• Accelerated FAA modernization will suffer under stopgap funding, says agency head

• Urban-rural collaborations help eliminate transit deserts and improve mobility equity

• Microsoft probes complaints of Edge leaking URLs to Bing

• BigID and Thales Collaborate to Deliver Comprehensive Data Protection and Privacy Compliance

• Security Leaders Are Finally Getting a Seat at The Table with Corporate Leadership – Make Good Use of Your Time There.

• Greenpeace Stands Up Against SLAPPs And Wins

• President’s AI advisory committee says the government needs clearer leadership on the technology

• Generative AI helps spot malicious open-source code

• AFRL wants white papers for $500M quantum information science solicitation

• Find high-paying cybersecurity and IT support jobs in these U.S. cities

• CrowdStrike details new MFA bypass, credential theft attack

• Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling

• A US Bill Would Ban Kids Under 13 From Joining Social Media

• High-Severity SLP Flaw Can Amplify DDoS Attacks up to 2,200 Times

• DoJ, Treasury accuses 3 men of laundering crypto for North Korea

• TrickBot malware

• Google leaking 2FA secrets – researchers advise against new “account sync” feature for now

• RCE Attacks Against Thousands Of Apache Superset Servers

• The Cybersecurity Talent Gap – Where do We Go from Here?

• US Bill To Require Parental Consent For Kids Use Of Social Media

• CyberGRX Announces Winners of the Inaugural Cyber Risk Nation Awards

• A component in Huawei network appliances could be used to take down Germany’s telecoms networks

• ASML Boss Warns Of Chip Supply Uncertainty

• Evasive Panda’s Backdoor MgBot Delivered Via Chinese Software Updates

• #RSAC: ISACA’s New Ransomware Incident Checklist to Aid Cyber Pros

• Forcepoint Data Security Everywhere simplifies DLP management

• Graylog 5.1 optimizes threat detection and response

• Cybersecurity leaders introduced open-source information sharing to help OT community

• Application Programming Interface (API) testing for PCI DSS compliance

• Critical Flaw Patched in VMware Workstation and Fusion

• Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks

• Alphabet Beats Expectations, Announces $70 Billion Share Buyback

• NIST releases draft post-quantum encryption document

• #RSAC: Google Cloud Introduces Generative AI to Security Tools as LLMs Reach Critical Mass

• Celebrating SLSA v1.0: securing the software supply chain for everyone

• Cloud Storage: Is Stored Data Secure ?

• Decoy Dog Malware Toolkit: A New Cybersecurity Threat

• Healthy security habits to fight credential breaches: Cyberattack Series

• F-Secure to acquire Lookout Mobile Security

• UK’s CMA Blocks Microsoft’s $69bn Acquisition Of Activision Blizzard

• Benefits of Manual Penetration Testing

• Cybersecurity Futurism for Beginners

• RSAC panel warns AI poses unintended security consequences

• Alloy Taurus Hackers Update PingPull Malware to Target Linux Systems

• Facebook Glitch Charged Users Hundreds Of Thousands For Ads

• Metaverse Version of the Dark Web Could be Nearly Impenetrable

• IMA Financial Group Targeted in Cyberattack. Confidential Consumer Data Spilled

• Be Wary Because Cybercriminals Are Getting More Ingenious

• Google Delivers Bumblebee Malware

• Google’s New Two-Factor Authentication Isn’t End-To-End Encrypted

• How AI Subverts Democracy And How To Fight Back

• US Charges North Korean In Crypto Laundering Conspiracies

• Apache Superset: A Story Of Insecure Default Keys, Thousands Of Vulnerable Systems, Few Paying Attention

• Evilflare: Circumventing Cloudflare’s Protection

• Photos: RSA Conference 2023, part 2

• Eclypsium launches Supply Chain Security Platform with SBOM capability

• How AIoT Will Reshape the Security Industry in 2023

• How to lock an Apple Note to keep prying eyes out of your ideas

• Challenges of Implementing AI With “Democratic Values”: Lessons From Algorithmic Transparency

• A New Approach to Prosecuting Border Militias

• Cynet announces platform updates to help organizations protect their systems and infrastructure

• Common insecure configuration opens Apache Superset servers to compromise

• Uptycs unveils cloud security early warning system

• 3 reasons why Motorola’s $699 ThinkPhone is a dream phone for business power users

• RSA Conference 2023 – Announcements Summary (Day 2)

• SLP Vulnerability Allows DoS Attacks With Amplification Factor of 2,200

• FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability

• Malware-Free Cyberattacks Are On the Rise; Here’s How to Detect Them

• Effects of the Hive Ransomware Group Takedown

• Charming Kitten’s New BellaCiao Malware Discovered in Multi-Country Attacks

• Thousands of publicly-exposed Apache Superset installs exposed to RCE attacks

• The Anatomy of a Scalping Bot: NSB Was Copped!

• KuppingerCole Secrets Management Report Names Keeper Security an Overall Leader

• Why you shouldn’t turn on Google Authenticator’s cloud sync feature

• RSA Conference 2023 video walkthrough

• ExtraHop simplifies approach to intrusion detection for security teams with new solutions

• Code42 adds real-time blocking capabilities to the Incydr IRM solution

• Traceable AI Zero Trust API Access detects and classifies the data that APIs are handling

• Cisco Launches Advanced Threat Detection XDR Platform

• CISOs Rethink Data Security With Info-Centric Framework

• Chinese Hackers Using MgBot Malware to Target International NGOs in Mainland China

• Saas Security: The Need For Continuous Sustenance

• SMB cyber safety: De-risking catastrophic events

• Microsoft Shares Rise As Q3 Earnings Beat Forecasts

• Browser Security Survey: 87% of SaaS Adopters Exposed to Browser-borne Attacks

• Sophos’ MDR service’s customer base grows 33% in first 6 months since launching new capabilities

• VMware fixes critical flaws in virtualization software (CVE-2023-20869, CVE-2023-20870)

• ManageEngine releases MSSP Edition of Log360 Cloud

• Google Authenticator updated, finally allows syncing of 2FA codes

• 7,413 People Were Impacted by Alaska Railroad Data Breach

• Japan’s ispace Admits Moon Lander Likely Crashed

• Top Considerations for Securing AWS Lambda, part 2

• Join Check Point at RSA Conference in San Francisco

• VMware Patches Critical Vulnerability Disclosed at Pwn2Own Hacking Contest

• Organizations Warned of Security Risk in Default Apache Superset Configurations

• VMware Resolves Crucial Pwn2Own Zero-Day Exploit Chain

• Western Digital hit by hackers

• Operation Cookie Monster Shuts Down a Global Dark Web Marketplace

• Decoy Dog Malware Tool Kit Spotted Via Malicious DNS Queries

• Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks

• World IP Day 2023: Defending Against the On-Going Threat to Intellectual Property

• New SLP Vulnerability Could Enable Massive DDoS Attacks

• New Type of Side-Channel Attack Impacts Intel CPUs and Allows Data Leakage

• What is a WAF? (Web Application Firewall)

• Explaining the PCI DSS Evolution & Transition Phase

• Quad Countries Prepare For Info Sharing on Critical Infrastructure

• Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline

• The good, the bad and the generative AI

• Update Now: PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation

• UK Cyber Pros Burnt Out and Overwhelmed

• Why performing security testing on your products and systems is a good idea

• VMware Releases Critical Patches for Workstation and Fusion Software

• Quad nations unite to fight Cyber Attacks on Critical Public Infrastructure

• Is the fear of AI being overblown

• Overcoming industry obstacles for decentralized digital identities

• Google Authenticator Major Update Brings Cloud Backup Feature

• New coercive tactics used to extort ransomware payments

• Are you ready for PCI DSS 4.0?

• CISOs: unsupported, unheard, and invisible

• Guidance on network and data flow diagrams for PCI DSS compliance

• Halo Security detects exposed secrets and API keys in JavaScript

• Immuta releases new data security features to help users accelerate remediation efforts

• Seclore puts risk into focus with new data classification and risk insights capabilities

• Akamai Prolexic Network Cloud Firewall defends organizations against DDoS attacks

• Corporate boards pressure CISOs to step up risk mitigation efforts

• US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt

• Accenture and Google Cloud expand collaboration to accelerate cybersecurity resilience

• #RSAC: Ransomware Poses Growing Threat to Five Eyes Nations

• #RSAC: Characterless Security Training Fails to Change User Behavior

• CISOs Rethink Data Security with Info-Centric Framework

• Black Basta ransomware attacks Yellow Pages Canada

• GuLoader returns with a rotten shipment

• NetRise raises $8 million to advance XIoT security technology

• Deep Instinct partners with eSentire to protect customers from unknown and zero-day attacks

• Apache Superset: A story of insecure default keys, thousands of vulnerable systems, few paying attention

• RSA: Cisco launches XDR, with focus on platform-based cybersecurity

• 8 Best Password Managers for Business & Enterprises in 2023

• Dig Security Announces New Integration With CrowdStrike

• Datadog’s 2023 State of Application Security Report Presents Top AppSec Trends

• CODE PA to design simple, seamless, secure digital services

• BlackBerry Extends Partnership With Managed Security Services Provider (MSSP) to Ensure SMBs are Set Up for Cyber Success

• VR drives next-gen situational awareness for public safety

• AI Experts: Account for AI/ML Resilience & Risk While There’s Still Time

• SLP flaw allows DDoS attacks with an amplification factor as high as 2200 times

• IT Security News Daily Summary 2023-04-25

• Mobile device security policy

• Top 10 Cloud Access Security Broker (CASB) Solutions for 2023

• ReliaQuest Adds AI Capabilities to GreyMatter Intelligent Analysis

• NetWitness Partners With Palo Alto Networks, Broadcom to Launch SASE Packet Integrations at RSA Conference 2023

• Forcepoint Delivers Data Security Everywhere, Extending DLP Policies From Endpoints to the Cloud

• Akamai Introduces Prolexic Network Cloud Firewall

• Welcome to FCW Insider Chat

• Vantage Travel Experiences Data Security Incident

• SmartStoreNET: Malicious Message Leading To E-Commerce Takeover

• #RSAC: AI Can Help Save Our Democracy

• Large 2,200x DDoS Amplification Assault Due To New SLP Flaw

• Menaced by miscreants, critical infrastructure needs a good ETHOS. Ah, here’s one

• Azure Data Box

• OMB, CISA set to release common form for software self-attestation

• NASCIO’s game plan for enterprise portfolio management

• VMware addressed two zero-day flaws demonstrated at Pwn2Own Vancouver 2023

• Texas Should Leave Its Anti-SLAPP Law Alone

• RSAC 2023: SecurityScorecard launches ‘first’ GPT-4 security ratings platform

• NASA struggles to improve workforce diversity

• Bugcrowd CTO talks hacker feedback, vulnerability disclosure

• PaperCut security vulnerabilities under active attack – vendor urges customers to patch

• ‘Good’ AI Is the Only Path to True Zero-Trust Architecture

• Active Directory Penetration Testing Cheatsheet

• DOD components on the clock to certify compliance with classified access rules in the wake of Discord leaks

• A Security Team Is Turning This Malware Gang’s Tricks Against It

• How ChatGPT and other advanced AI tools are helping secure the software supply chain

• Attackers Abuse PaperCut RCE Flaws to Take Over Enterprise Print Servers

• Cloud-native security metrics for CISOs

• #RSAC: Election Protection is CISA’s Top Priority for Next 18 Months

• BigID launches BigAI, a ‘privacy-by-design’ LLM  designed to discover data

• #RSAC: GPT-4 Empowers Cybersecurity Leaders to Make Smarter Risk Decisions

• The Decline in Ransomware: Does It Actually Increase Risks for Organizations?

• Internal Documents Show How Little the FBI Did to Correct Misuse of Section 702 Databases

• How to send password-protected emails in Gmail

• Secure Access Startup Sonet.io Emerges From Stealth With $6 Million in Funding

• Token Gets $30M Funding for Biometrics MFA Smart Ring

• NetRise Adds $8 Million in Funding to Grow XIoT Security Platform

• Exposed Artifacts Seen In Misconfigured Cloud Software Registries

• Cyera enhances its AI-powered data security platform to stop sensitive data exfiltration

• Cisco XDR prioritizes security incidents using evidence-backed automation

• SecurityScorecard introduces security ratings platform with OpenAI’s GPT-4 search system

• Yellow Pages Canada Suffered a Cyberattack

• Improving your bottom line with cybersecurity top of mind

• Cloud forensics – An introduction to investigating security incidents in AWS, Azure and GCP

• What Comes After the Digital Transformation?

• Pennsylvania says it’s eligible for up to $5.2M cyber grant

• Yellow Pages Canada Hit by Cyber-Attack, Black Basta Claims Credit

• PoC Exploit Code Released for Critical Papercut Flaw

• Iranian Hackers “Educated Manticore” Target Israel With New Tools

• Google’s Authenticator App Now Lets You Sync 2FA Codes Across Devices

• A new Mirai botnet variant targets TP-Link Archer A21

• Google Adds Generative AI To Its Cloud Security Offerings

• Artificial Intelligence Takes RSA Conference By Storm

• Terra Co-Founder And 9 Staff Indicted For Role In Crypto Collapse

• Eight Years Since The Obama-Xi Agreement, Chinese Hacking Is Worse Than Ever

• Microsoft announces the 2023 Microsoft Security Excellence Awards winners

• New SLP Vulnerability to play catalyst to 2000x DDoS attacks

• Cybersecurity for Kids: 7 Tips for Teaching the Basics

• Space Force should look to the private sector to fill data gaps, watchdog says

• DOJ’s Monaco addresses ‘misperception’ of Joe Sullivan case

• Google, Mandiant highlight top threats, evolving adversaries

• Google Finds Flaws in Intel TDX After Nine-Month Audit

• Palo Alto Networks Unit 42 expands its DFIR service globally

• Most SaaS adopters exposed to browser-borne attacks

• Thales’ new secrets management solution improves DevOps and cloud security

• Macbook Security: Do I Need Antivirus for Macbook?

• Security Benefits of Enhanced Cloud Visibility

• Build a Web3 Ticketing System and Disrupt Online Ticketing

• Google Authenticator will now sync your 2FA codes to use on different devices

• Apiiro Launches Application Attack Surface Exploration Tool

• Millions of Exposed Artifacts Found in Misconfigured Cloud Software Registries

• Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor

• New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks

• Google researchers found multiple security issues in Intel TDX

• Global Infosec Award Winners Announced at RSA

• Abnormal Security expands its platform and launches new products

• VMware announces new security capabilities to help protect hybrid workforce

• How to Create a New Discord Account in 2 Minutes – A Comprehensive Guide

• Data on Resold Corporate Routers can be Used by Hackers to Access Networks

• US Sanctions Two For Aiding North Korean Crypto Thieves

• Reach Out to Peers and Vendors to Build Your Security

• Nvidia helps enterprises guide and control AI responses with NeMo Guardrails

• RSA Conference 2023 – Announcements Summary (Day 1)

• Kaspersky Analyzes Links Between Russian State-Sponsored APTs

• Building a Better SBOM

• The Political Cybersecurity Blindfold in Latin America

• Ukraine’s Nuclear Moment

• Imperva Unveils Latest API Security Enhancements

• Lookout Launches Mobile Endpoint Detection and Response for MSSPs to Help Close the Mobile Security Gap for Customers

• Iranian Hackers Launch Sophisticated Attacks Targeting Israel with Powerless Backdoor

• Spotify Surpasses Half-Billion Monthly Users

• Check Point Software Technologies and BBT.live Join Forces to Bring Enhanced Cybersecurity to Remote Networks with Secure SD-WAN Solution

• RidgeShield monitors traffic across workloads and enforces unified security policies

• Key Tech Dominating On Online Sportsbooks

• Vehicles Stolen Using High-Tech Methods by Criminals

• Modernizing Vulnerability Management: The Move Toward Exposure Management

• Google Audit Finds Vulnerabilities in Intel TDX

• Insider Q&A: OpenAI CTO Mira Murati on Shepherding ChatGPT

• Google Cloud Introduces Security AI Workbench for Faster Threat Detection and Analysis

• Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware

• Google adds new risk assessment tool for Chrome extensions

• GrammaTech and ArmorCode unify application security tools and intelligence

• AWS boosts Amazon GuardDuty with 3 new capabilities to protect varied workloads

• AnimeUltima 2023 – Top Alternatives to Watch Anime Online

• European Payments Initiative Buys Two Fintech Firms

• #RSAC: US DoJ Prioritizes Victim Support in Cybercrime Crackdown

• OTP Codes Synchronized Across Devices With Google Authenticator

• PaperCut Flaw Exploited to Hijack Servers, Fix Released

• Shanghai To Back Chip, AI Investments

• Google Authenticator App now supports Google Account synchronization

• IBM Security QRadar Suite streamlines security analysis throughout the incident process

• PoC exploit for abused PaperCut flaw is now public (CVE-2023-27350)

• Attackers are logging in instead of breaking in

• MITRE Caldera for OT tool enables security teams to run automated adversary emulation exercises

• Leveraging SaaS Data Security and Compliance Tools

• Check Point Research uncovers rare techniques used by Iranian-affiliated threat actor, targeting Israeli entities

• Falling Dwell Time May Be Due to Faster Threat Activity

• Cyberweapons Manufacturer QuaDream Shuts Down

• What Is Privileged Account and Session Management (PASM)?

• The Importance of Data Sciences in Today’s Day and Age

• The dark side of budgeting apps: potential security risks

• CISA Warns Of PaperCut Print Software Vulnerabilities Under Attack

• VirusTotal Code Insight: AI-powered malware analysis feature

• Japan Start-Up iSpace Prepares First Commercial Moon Landing

• Peugeot leaks access to user information in South America

• Arista Networks unveils AI-driven network identity service

• IBM’s Security QRadar Suite streamlines security analysis throughout the incident process

• How to Join a Playstation Party on PC? – Connecting with Friends

• Financial Trading Desktop And Mobile Apps To Try Out In 2023

• Cool, Funny, Best Gaming Names – Creative Ideas for Your ING Personality

• 4 Key Elements Of Successful Construction Management

• CyberSmart makes waves in SME cybersecurity market

• Root Cause Analysis for Deployment Failures

• Cloud security 101: Understanding and defending your cloud infrastructure

• Thousands of Social Media Takedowns Hit People Smugglers

• North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

• This Evil Extractor Malware Steals Data from Windows Devices

• Indian Court Rejects Xiaomi Plea To Return Seized Funds

• Researchers Find 250 Million Artifacts Exposed in Misconfigured Registries

• UK Introduces Long-Delayed Digital Markets Legislation

• Need to improve the detection capabilities in your security products?

• Thales CipherTrust Manager Integrates with archTIS NC Encrypt to Secure Business Critical Content in Microsoft 365 Applications

• How to fortify your cryptocurrency security

• Cyber Attack news headlines trending on Google

• Securing the rapidly developing edge ecosystem

• The silent killers in digital healthcare

• AI tools help attackers develop sophisticated phishing campaigns

• Microsoft Changed the Method of Naming the Hacker Groups

• Google Authenticator App Gets Cloud Backup Feature for TOTP Codes

• How to establish network security for your hybrid workplace

• E-mail header analysis

• The double-edged sword of open-source software

• Rethinking the effectiveness of current authentication initiatives

• Google’s here to boost your cloud security and the magic ingredient? AI, of course

• SentinelOne unveils cybersecurity AI platform

• ByteDance is pushing a new app in the U.S. as TikTok faces a ban

• On Validation, pt III

• New Events Ripper Plugins

• #RSAC: Climate Change is Increasing Cyber-Risks

• A week in security (April 17 – 23)

• Adult content malvertising scheme leads to clickjacking

• Removing the human: When should AI be used in emotional crisis? Lock and Code S03E09

• #RSAC: Cyber Intrusion Campaign Against Three US Federal Agencies Thwarted

Generated on 2023-04-26 23:55:32.393808