IT Security News Daily Summary 2023-04-27

• Critical VMware Vulnerabilities Let Attackers Execute Arbitrary Code

• Q1 marked lowest VC funding for security in a decade, but there’s a silver lining

• DHS R&D arm to drive climate change response under new bill

• City pilots sensors that track street activity, detect conflicts

• Can Fortran survive another 15 years?

• ‘Anonymous Sudan’ Claims Responsibility for DDoS Attacks Against Israel

• 35M Downloads Of Android Minecraft Clones Spreads Adware

• How to block tracking pixels in Apple Mail (and why you might want to)

• #RSAC: Organizations Warned About the Latest Attack Techniques

• Microsoft is busy rewriting core Windows library code in memory-safe Rust

• Clean up technical debt before chasing shiny objects, state CTO advises

• 10 ways to speed up your internet connection today

• The best browsers for privacy in 2023

• Report: Facebook And Instagram Are Still Widely Used For Child Sex Trafficking

• How post-quantum cryptography will help fulfill the vision of zero trust

• Secureworks CEO weighs in on XDR landscape, AI concerns

• China’s ‘Evasive Panda’ Hijacks Software Updates to Deliver Custom Backdoor

• Threat Actor Names Proliferate, Adding Confusion

• User Data Governance and Processing Using Serverless Streaming

• Global Cyberattacks Continue to Rise with Africa and APAC Suffering Most

• Why security and resilience are essential for enterprise risk management

• Were you caught up in the latest data breach? Here’s how to find out

• Automated Bots Pose Growing Threat To Businesses

• Elon Musk Meets US Lawmakers To Discuss AI Regulation

• Design Patterns for Microservices: Ambassador, Anti-Corruption Layer, and Backends for Frontends

• Implementing RBAC in Quarkus

• S3 Ep132: Proof-of-concept lets anyone hack at will

• ChatGPT Security and Privacy Issues Remain in GPT-4

• SANS Reveals Top 5 Most Dangerous Cyberattacks for 2023

• Tenable report shows how generative AI is changing security research

• VA’s health record ‘reset’ has budget fallout

• How Target built its DevSecOps culture using psychology

• Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers

• Vodafone Appoints Finance Boss Margherita Della Valle As Group CEO

• Cybersecurity: Why It’s More Important Than Ever

• Takeaways from our investigation into Wisconsin’s racially inequitable dropout algorithm

• (ISC)2 Urges Countries to Strengthen Collaboration on Cybersecurity Regulation

• Continuous Scanning Is Imperative for Effective Web Application Security

• The White House National Cybersecurity Strategy Has a Fatal Flaw

• NSA Cybersecurity Director Says ‘Buckle Up’ for Generative AI

• Researchers found the first Linux variant of the RTM locker

• Good, Better And Best Security

• Industrial Espionage: Here’s All You Need to Know

• PCI DSS reporting details to ensure when contracting quarterly CDE tests

• How I Got Started: SOC Analyst

• #RSAC: Cyber-Attacks on Civilian Infrastructure Should Be War Crimes, says Ukraine Official

• Vietnamese Hackers Linked to ‘Malverposting’ Campaign

• CommScope Workers Left In The Dark After A Ransomware Attack

• Email Threat Report 2023: Key Takeaways

• What Is a Ping Flood and How to Prevent It?

• Intel allows Google to hack its servers

• Semiconductor Revenue To Decline In 2023, Gartner Warns

• Charming Kitten targets critical infrastructure in US and elsewhere with BellaCiao malware

• RTM Locker Ransomware Targets Linux Architecture

• Why you should practice rollbacks to prevent data loss in a ransomware attack

• UK Regulator Defends Microsoft Activision Decision, After Angry Response

• 3 in 4 Americans worry AI will take their jobs

• CISA aims to reduce email threats with serial CDR prototype

• #RSAC: Securing Software Supply Chains Requires Outside-the-Box Thinking

• APT Groups Expand Reach to New Industries and Geographies

• What Is Cyber Threat Hunting? Process, Types and Solutions

• How we fought bad apps and bad actors in 2022

• Canada Attempts to Control Big Tech as Data Gets More Potent

• APT Groups Tomiris and Turla Target Governments

• TP-Link WAN-Side Vulnerability Exploited to Install Mirai Malware

• Aadya Raises $5 Million for SMB-Focused Security Platform

• Crooks use PaperCut exploits to deliver Cl0p and LockBit ransomware

• Hackers Leaked Minneapolis Students’ Psychological Reports

• Sifting Through The Top Cyber Myths In The Military Service Branches

• Microsoft Probes Complaints Of Edge Leaking URLs To Bing

• VMware Releases Patches For Workstation, Fusion Exploits

• SSL vs. TLS: Which should you be using?

• Paperbug Attack: New Politically-Motivated Surveillance Campaign in Tajikistan

• Technologies Such As ChatGPT And Applications Are Affecting Modern Services

• What Is a Root Certificate? Differences Between Root and Intermediate Certificates

• Combating Kubernetes — the Newest IAM Challenge

• Security Risks of AI

• Microsoft Admits PaperCut Servers Used In LockBit and Cl0p Ransomware

• TP-Link High-Severity Flaw Added to Mirai Botnet Arsenal

• Zero Trust Data Security: It’s Time To Make the Shift

• Innovation Sandbox: Cybersecurity Investors Pivot to Safeguarding AI Training Models

• New ‘Atomic macOS Stealer’ Malware Offered for $1,000 Per Month

• Chinese Cyberspies Delivered Malware via Legitimate Software Updates

• Climate Change Impacts on Subsea Cables and Ramifications for National Security—A Legal Perspective

• 911? We Have an Emergency: Cyberattacks On Emergency Response Systems

• Photos: RSA Conference 2023 Early Stage Expo

• How To Choose The Right Software Development Service Provider For Your Startup

• Major Iot Technology Trends To Watch Out For In 2023

• Secure API Management For IoT: Basics And Fundamentals

• Tenable Makes Generative AI Security Tools Available to the Research Community

• Photos: RSA Conference 2023, part 3

• Thales CTE-RWP protects critical files and folders from ransomware attacks

• Skyhigh Security unveils major updates to product portfolio

• Securing Public Sector Software Throughout 2023 and Beyond

• Big Tech Crackdown Looms as EU, UK Ready New Rules

• Google Obtains Court Order to Disrupt CryptBot Distribution

• LimeRAT Malware Analysis: Extracting the Config

• CryptoRom: OkCupid scam cost Florida man $480k – we followed the money to Binance

• New LOBSHOT Malware Deployed Via Google Ads

• Cisco Zero-Day Flaw: Let Remote Attackers Launch XSS Attacks

• Brace Yourself for the 2024 Deepfake Election

• Securing Safari Browsers with Perception Point’s New Safari Extension

• Google Goes After CryptBot Distributors Stealing Sensitive Data

• PaperCut vulnerabilities leveraged by Clop, LockBit ransomware affiliates

• ThreatX strengthens API and application protection with Botnet Console and API Catalog 2.0

• OFAC Takes Action Against Accused Providing Material Support To North Korean Hackers

• Meta Pleases Investors After Sales Rise, As Profits Dive

• When Cyberattacks Have Nothing to Do with You – The Escalation of DDoS Cyberattacks due to Hacktivism

• RSA Conference 2023 – Announcements Summary (Day 3)

• Microsoft: Cl0p Ransomware Exploited PaperCut Vulnerabilities Since April 13

• Chinese APT Alloy Taurus Is Back – Linux Variant of PingPull Malware Is Active

• April 2023 Web Server Survey

• RTM Locker’s First Linux Ransomware Strain Targeting NAS and ESXi Hosts

• APT trends report Q1 2023

• Man Arrested for Selling Data on 300 Million Victims to Russians

• Microsoft Blames Clop Affiliate for PaperCut Attacks

• What Is SOC-as-a-Service (SOCaaS) and How Could Your Company Benefit?

• How To Install Mcent Browser In PC ( Windows 7, 8, 10, 11, and Mac )

• Despite Soaring Prices, Cybersecurity Insurance Keeps Growing Briskly

• Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

• AI to Aid Democracy

• GitHub introduces private vulnerability reporting for open source repositories

• AI Is Everywhere, and How to Set Up an Old Mac as a Server – Intego Mac Podcast Episode 289

• Quest Software Podcast: The Democratisation of Data: Episode 4: In Data We Trust?

• Google Goes After CryptBot Distributors

• Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware

• The Importance Of Youtube Tags For Video Optimization And Discovery

• How To Install Premiere Pro Transitions

• Drones will deliver medical supplies through this pioneering 5G service

• Do you know what your supply chain is and if it is secure?

• The State of Responsible Technology

• What Are the Latest Developments from Thales in Data Security and IAM at RSA Conference 2023?

• The true numbers behind deepfake fraud

• LockBit Ransomware Group feels ashamed for the Cyber Attack

• Generative AI and security: Balancing performance and risk

• New Phishing Attacks Using ChatGPT to Develop Sophisticated Campaigns

• eBook: Security Compliance for CISOs

• CISOs struggle to manage risk due to DevSecOps inefficiencies

• Why juice jacking is overhyped

• Tessian Respond enables security teams to identify and respond to email threats

• How to set up your own Mac server (with an old or new Mac)

• Accenture partners with Palo Alto Networks to improve visibility across IT networks

• Decoy dog toolkit plays the long game with Pupy RAT

• APC warns about critical vulnerabilities in online UPS monitoring software

• Update your PaperCut application servers now: Exploits in the wild

• US senator open letter calls for AI security at ‘forefront’ of development

• #RSAC: Experts Urge Applying Lessons Learned from Russia-Ukraine Cyberwar to Potential China-Taiwan Scenario

• IBM launches QRadar Security Suite for accelerated threat detection and response

• How ransomware victims can make the best of a bad situation

• Google 2FA Syncing Feature Could Put Your Privacy at Risk

• Microsoft probes complaints of Edge leaking visited URLs to Bing

• Smart city lab tests IoT network to protect pedestrians, cyclists

• RSA Conference 2023 – How AI will infiltrate the world

• #RSAC: Pro Sports Grapple with Convergence of Cyber and Physical Security Challenges

• China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

• IT Security News Daily Summary 2023-04-26

• Maine Gets Another (Necessary) Opportunity to Defund Its Local Intelligence Fusion Center

• Et esse laboriosam At consequatur nemo eum quibusdam voluptatum?

• Accelerated FAA modernization will suffer under stopgap funding, says agency head

• Urban-rural collaborations help eliminate transit deserts and improve mobility equity

• Microsoft probes complaints of Edge leaking URLs to Bing

• BigID and Thales Collaborate to Deliver Comprehensive Data Protection and Privacy Compliance

• Security Leaders Are Finally Getting a Seat at The Table with Corporate Leadership – Make Good Use of Your Time There.

• Greenpeace Stands Up Against SLAPPs And Wins

• President’s AI advisory committee says the government needs clearer leadership on the technology

• Generative AI helps spot malicious open-source code

• AFRL wants white papers for $500M quantum information science solicitation

• Find high-paying cybersecurity and IT support jobs in these U.S. cities

• CrowdStrike details new MFA bypass, credential theft attack

• Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling

• A US Bill Would Ban Kids Under 13 From Joining Social Media

• High-Severity SLP Flaw Can Amplify DDoS Attacks up to 2,200 Times

• DoJ, Treasury accuses 3 men of laundering crypto for North Korea

• TrickBot malware

• Google leaking 2FA secrets – researchers advise against new “account sync” feature for now

• RCE Attacks Against Thousands Of Apache Superset Servers

• The Cybersecurity Talent Gap – Where do We Go from Here?

• US Bill To Require Parental Consent For Kids Use Of Social Media

• CyberGRX Announces Winners of the Inaugural Cyber Risk Nation Awards

• A component in Huawei network appliances could be used to take down Germany’s telecoms networks

• ASML Boss Warns Of Chip Supply Uncertainty

• Evasive Panda’s Backdoor MgBot Delivered Via Chinese Software Updates

• #RSAC: ISACA’s New Ransomware Incident Checklist to Aid Cyber Pros

• Forcepoint Data Security Everywhere simplifies DLP management

• Graylog 5.1 optimizes threat detection and response

• Cybersecurity leaders introduced open-source information sharing to help OT community

• Application Programming Interface (API) testing for PCI DSS compliance

• Critical Flaw Patched in VMware Workstation and Fusion

• Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks

• Alphabet Beats Expectations, Announces $70 Billion Share Buyback

• NIST releases draft post-quantum encryption document

• #RSAC: Google Cloud Introduces Generative AI to Security Tools as LLMs Reach Critical Mass

• Celebrating SLSA v1.0: securing the software supply chain for everyone

• Cloud Storage: Is Stored Data Secure ?

• Decoy Dog Malware Toolkit: A New Cybersecurity Threat

• Healthy security habits to fight credential breaches: Cyberattack Series

• F-Secure to acquire Lookout Mobile Security

• UK’s CMA Blocks Microsoft’s $69bn Acquisition Of Activision Blizzard

• Benefits of Manual Penetration Testing

• Cybersecurity Futurism for Beginners

• RSAC panel warns AI poses unintended security consequences

• Alloy Taurus Hackers Update PingPull Malware to Target Linux Systems

• Facebook Glitch Charged Users Hundreds Of Thousands For Ads

• Metaverse Version of the Dark Web Could be Nearly Impenetrable

• IMA Financial Group Targeted in Cyberattack. Confidential Consumer Data Spilled

• Be Wary Because Cybercriminals Are Getting More Ingenious

• Google Delivers Bumblebee Malware

• Google’s New Two-Factor Authentication Isn’t End-To-End Encrypted

• How AI Subverts Democracy And How To Fight Back

• US Charges North Korean In Crypto Laundering Conspiracies

• Apache Superset: A Story Of Insecure Default Keys, Thousands Of Vulnerable Systems, Few Paying Attention

• Evilflare: Circumventing Cloudflare’s Protection

• Photos: RSA Conference 2023, part 2

• Eclypsium launches Supply Chain Security Platform with SBOM capability

• How AIoT Will Reshape the Security Industry in 2023

• How to lock an Apple Note to keep prying eyes out of your ideas

• Challenges of Implementing AI With “Democratic Values”: Lessons From Algorithmic Transparency

• A New Approach to Prosecuting Border Militias

• Cynet announces platform updates to help organizations protect their systems and infrastructure

• Common insecure configuration opens Apache Superset servers to compromise

• Uptycs unveils cloud security early warning system

• 3 reasons why Motorola’s $699 ThinkPhone is a dream phone for business power users

• RSA Conference 2023 – Announcements Summary (Day 2)

• SLP Vulnerability Allows DoS Attacks With Amplification Factor of 2,200

• FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability

• Malware-Free Cyberattacks Are On the Rise; Here’s How to Detect Them

• Effects of the Hive Ransomware Group Takedown

• Charming Kitten’s New BellaCiao Malware Discovered in Multi-Country Attacks

• Thousands of publicly-exposed Apache Superset installs exposed to RCE attacks

• The Anatomy of a Scalping Bot: NSB Was Copped!

• KuppingerCole Secrets Management Report Names Keeper Security an Overall Leader

• Why you shouldn’t turn on Google Authenticator’s cloud sync feature

• RSA Conference 2023 video walkthrough

• ExtraHop simplifies approach to intrusion detection for security teams with new solutions

• Code42 adds real-time blocking capabilities to the Incydr IRM solution

• Traceable AI Zero Trust API Access detects and classifies the data that APIs are handling

• Cisco Launches Advanced Threat Detection XDR Platform

• CISOs Rethink Data Security With Info-Centric Framework

• Chinese Hackers Using MgBot Malware to Target International NGOs in Mainland China

• Saas Security: The Need For Continuous Sustenance

• SMB cyber safety: De-risking catastrophic events

• Microsoft Shares Rise As Q3 Earnings Beat Forecasts

• Browser Security Survey: 87% of SaaS Adopters Exposed to Browser-borne Attacks

• Sophos’ MDR service’s customer base grows 33% in first 6 months since launching new capabilities

• VMware fixes critical flaws in virtualization software (CVE-2023-20869, CVE-2023-20870)

• ManageEngine releases MSSP Edition of Log360 Cloud

• Google Authenticator updated, finally allows syncing of 2FA codes

• 7,413 People Were Impacted by Alaska Railroad Data Breach

• Japan’s ispace Admits Moon Lander Likely Crashed

• Top Considerations for Securing AWS Lambda, part 2

• Join Check Point at RSA Conference in San Francisco

• VMware Patches Critical Vulnerability Disclosed at Pwn2Own Hacking Contest

• Organizations Warned of Security Risk in Default Apache Superset Configurations

• VMware Resolves Crucial Pwn2Own Zero-Day Exploit Chain

• Western Digital hit by hackers

• Operation Cookie Monster Shuts Down a Global Dark Web Marketplace

• Decoy Dog Malware Tool Kit Spotted Via Malicious DNS Queries

• Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks

• World IP Day 2023: Defending Against the On-Going Threat to Intellectual Property

• New SLP Vulnerability Could Enable Massive DDoS Attacks

• New Type of Side-Channel Attack Impacts Intel CPUs and Allows Data Leakage

• What is a WAF? (Web Application Firewall)

• Explaining the PCI DSS Evolution & Transition Phase

• Quad Countries Prepare For Info Sharing on Critical Infrastructure

• Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline

• The good, the bad and the generative AI

• Update Now: PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation

• UK Cyber Pros Burnt Out and Overwhelmed

• Why performing security testing on your products and systems is a good idea

• VMware Releases Critical Patches for Workstation and Fusion Software

• Quad nations unite to fight Cyber Attacks on Critical Public Infrastructure

• Is the fear of AI being overblown

• Overcoming industry obstacles for decentralized digital identities

• Google Authenticator Major Update Brings Cloud Backup Feature

• New coercive tactics used to extort ransomware payments

• Are you ready for PCI DSS 4.0?

• CISOs: unsupported, unheard, and invisible

• Guidance on network and data flow diagrams for PCI DSS compliance

• Halo Security detects exposed secrets and API keys in JavaScript

• Immuta releases new data security features to help users accelerate remediation efforts

• Seclore puts risk into focus with new data classification and risk insights capabilities

• Akamai Prolexic Network Cloud Firewall defends organizations against DDoS attacks

• Corporate boards pressure CISOs to step up risk mitigation efforts

• US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt

• Accenture and Google Cloud expand collaboration to accelerate cybersecurity resilience

• #RSAC: Ransomware Poses Growing Threat to Five Eyes Nations

• #RSAC: Characterless Security Training Fails to Change User Behavior

• CISOs Rethink Data Security with Info-Centric Framework

• Black Basta ransomware attacks Yellow Pages Canada

• GuLoader returns with a rotten shipment

• NetRise raises $8 million to advance XIoT security technology

• Deep Instinct partners with eSentire to protect customers from unknown and zero-day attacks

• Apache Superset: A story of insecure default keys, thousands of vulnerable systems, few paying attention

Generated on 2023-04-27 23:55:25.688847