IT Security News Daily Summary 2023-05-09

• With updated data profiles, opioid detectors ID latest drugs

• The best VPN services for iPhone and iPad in 2023

• Privoro and Samsung Partner to Provide Trusted Control Over Smartphone Radios and Sensors

• Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware

• How the war in Ukraine has been a catalyst in private‑public collaborations

• ESET APT Activity Report Q4 2022­–Q1 2023

• What Is a Passkey? The Future of Passwordless Authentication

• FBI Disarms Russian FSB ‘Snake’ Malware Network

• Creating a Cybersecurity Program That Complies With the FTC Safeguards Rule

• DHS wants software to manage biometrics system requirements

• VERT Threat Alert: May 2023 Patch Tuesday Analysis – Cloned

• US Disrupts Russia’s Sophisticated ‘Snake’ Cyberespionage Malware

• Microsoft Patch Tuesday: 40 Vulnerabilities, 2 Zero-Days

• passkey

• Microsoft fixes two actively exploited bugs, one used by BlackLotus bootkit (CVE-2023-29336, CVE-2023-24932)

• FBI-led Op Medusa slays NATO-bothering Russian military malware network

• A Linux NetFilter kernel flaw allows escalating privileges to ‘root’

• Microsoft disarms push notification bombers with number matching in Authenticator

• GSA tools flag diverse suppliers for procurement officials

• ESET APT Report: Attacks by China-, North Korea-, and Iran-aligned Threat Actors; Russia Eyes Ukraine and the EU

• FBI takes down Russian computer malware network that attacked NATO nations, journalists

• GSA tools flags diverse suppliers for procurement officials

• application blacklisting (application blocklisting)

• Best VPN for streaming TV and movies in 2023

• VentureBeat Q&A: How Airgap CEO Ritesh Agrawal created an innovative cybersecurity startup

• Adobe Patches 14 Vulnerabilities in Substance 3D Painter

• GitHub Secret-Blocking Feature Now Generally Available

• Low-level motherboard security keys leaked in MSI breach, claim researchers

• U.S. Authorities Seize 13 Domains Offering Criminal DDoS-for-Hire Services

• FBI takes down Russian malware network that attacked allies, journalist computers

• Understanding the TikTok Ban: A CISO’s Perspective on the Implications for Enterprises

• How the Economy is Impacting Cybersecurity Teams

• FBI Seized 13 Websites that Offered DDoS-for-hire Services

• Nebulon unveils threat detection solution for cryptographic ransomware

• SAIC EQADR platform accelerates data driven decision making

• Zscaler expands Digital Experience with AI-powered insights to support workforce productivity

• Is Your Cybersecurity “Too” Good?

• The Problem of Old Vulnerabilities — and What to Do About It

• As Platforms Decay, Let’s Put Users First

• Guidance related to Secure Boot Manager changes associated with CVE-2023-24932

• EU proposes spyware Tech Lab to keep Big Brother governments in check

• ICS Patch Tuesday: Siemens, Schneider Electric Address Few Dozen Vulnerabilities

• New Botnet Campaign Exploits Ruckus Wireless Flaw

• Scanning Plans On Europe’s CSAM May Violate International Law

• Alert: NextGen Data Breach Puts 1 Million User Identities at Risk

• Deloitte Launches Blockchain Integration for Digital Credentials

• Study: Artificial Intelligence is Fueling a Rise in Online Voice Scams

• Scans required for PCI DSS compliance

• The role of AI in healthcare: Revolutionizing the healthcare industry

• Only 39% of IT Security Decision-Makers See it As Business Enabler

• Keeper Security Announces Minority Growth Equity Investment from Summit Partners

• CertifID provides identity verification designed to combat seller impersonation fraud

• OneLayer Bridge discovers, assesses, and secures IoT device activity

• Suit by Renowned Saudi Human Rights Activist Details Harms Caused by Export of U.S. Cybersurveillance Technology and Training to Repressive Regimes

• Protecting Your Privacy on ChatGPT: How to Change Your Settings

• Microsoft new ChatGPT to address all privacy concerns

• claims-based identity

• 5 major data backup trends to watch

• CISA, FBI need data from cybercrime victims to support policy

• NextGen Healthcare Data Breach: One Million Patient Records Affected

• PIPEDREAM Malware against Industrial Control Systems

• Services Partner Path — Breakaway 1=5

• CyberGhost VPN Patches Command Injection Vulnerability

• Royal Ransomware Gang Quickly Expands Reign

• Feds Seize 13 More DDoS For Hire Platforms

• Beijing Raids Consultancy, State Sponsored Media Warns More To Come

• WordPress Plugin Hole Puts 2 Million Websites At Risk

• White House addresses AI’s risks and rewards as security experts voice concerns about malicious use

• Certified Cloud Security Professional (CCSP)

• Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnet

• Kyndryl collaborates with Fortinet to modernize mission-critical networking

• ThreatBlockr integrates with GreyNoise to guard against false positives

• DigiCert and Oracle join forces to help joint customers manage their digital trust initiatives

• Waterfall Security Solutions and Atlantic Data Security improve protection for OT networks

• SafePaaS’ UPAM offering enables discovery, monitoring, and control of privileged accounts

• TikTok Sister Site Douyin Mandates Labels For AI Content

• How To Handle AWS Secrets

• The Biden Administration’s 2023 Cybersecurity Strategy

• Data Protection Startup Optery Raises $2.7 Million in Seed Funding

• Intel BootGuard private keys leaked following MSI hack

• Feds Take Down 13 More DDoS-for-Hire Services

• SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack

• the test is here

• Half of npm Packages Vulnerable to Old-School Weapon: the ‘Shift’ Key

• Royal Ransomware Expands to Target Linux, VMware ESXi

• Keep Your Company Cyber Competent Without Adding Cyber Anxiety

• From DevOps to DevSecOps: Strengthen Product Security with Collaborative Tools

• Operation ChattyGoblin: Hackers Targeting Gambling Firms via Chat Apps

• FBI seized 13 domains linked to DDoS-for-hire platforms

• Uncovering the Mystery: How to Find a Person’s Address in 2023

• Pentagon Weapons Systems Have ‘Nearly All’ Vulnerabilities

• Porsche To Add Mobileye Driver Assistance To Future Cars

• Building Automation System Exploit Brings KNX Security Back in Spotlight

• Microsoft: Iranian APTs Exploiting Recent PaperCut Vulnerability

• In Global Rush to Regulate AI, Europe Set to Be Trailblazer

• Patch Tuesday May 2023 – Microsoft Slates for Release 11 Security Fixes for Edge Browser Vulnerabilities

• New Way to Exploit PaperCut Vulnerability Detected

• Scammers Are Hacking Verified Facebook Pages To Trick Users

• Webb Protocol raises $7 million to build interoperable privacy in Web3

• Twitter Apologises For Glitch That Published Private Content

• BEC Campaign via Israel Spotted Targeting Large Multinational Companies

• LinkedIn Displaces 716 Positions, Pulls Out Its China App

• Heimdal® Takes Home Top Honors at Security Excellence Awards for Risk Management

• Iranian Threat Groups Mango Sandstorm and Mint Sandstorm Join the PaperCut Attack Spree

• Twitter To ‘Purge’ Inactive Accounts

• Nextgen Healthcare Hacked – Over 1 Million Customers’ Data Exposed

• US Seizes Domains of 13 DDoS-for-Hire Services

• The SBOM Bombshell

• The Team of Sleuths Quietly Hunting Cyberattack-for-Hire Services

• Microsoft Authenticator push notifications get number matching

• Web3 in 2023 and Beyond: The Trends, Pros and Cons

• Researchers Uncover SideWinder’s Latest Server-Based Polymorphism Technique

• 1-15 April 2023 Cyber Attacks Timeline

• Crypto Exchange Bittrex Files For Bankruptcy After SEC Action

• AndoryuBot DDoS Botnet Exploiting Ruckus AP Vulnerability

• New CACTUS ransomware appeared in the threat landscape

• Is it time for a cyber security hygiene check?

• EU’s Client-Side Scanning Plans Could be Unlawful

• Microsoft Warns of State-Sponsored Attacks Exploiting Critical PaperCut Vulnerability

• OpenVPN DIVE helps admins build ZTNA defined access control policies

• Digital trust can make or break an organization

• Apple Co-Founder Wozniak Warns Over AI Misuse

• CISOs Worried About Personal Liability For Breaches

• Finding bugs in AI models at DEF CON 31

• FCW Insider Chat: Cyber and Tech Policy

• Operation Power Off: 13 More Booter Sites Seized

• Intel BootGuard Secret Keys Compromised During An MSI Breach

• LinkedIn To Shutter China Site, Cut 716 Jobs

• Singapore pitches new law to slow spread of cybercrime

• Five Takeaways From the Russian Cyber-Attack on Viasat’s Satellites

• Beijing raids consultancy, State-sponsored media warns more to come

• Need to improve the detection capabilities in your security products?

• Hacking Groups Rapidly Weaponizing N-Day Vulnerabilities to Attack Enterprise Targets

• Thales 2023 Data Threat Report: Sovereignty, Transformation, and Global Challenges

• How To Combine Cyber Resilience and Cybersecurity for Maximum Cyber Protection

• Iran-linked APT groups started exploiting Papercut flaw

• How To Delete Your Data From ChatGPT

• New Ransomware Strain ‘CACTUS’ Exploits VPN Flaws to Infiltrate Networks

• 13 Additional Domains Linked To DDoS-for-hire Firms Seized By FBI

• Jobs that will be lost for sure with adoption of Artificial Intelligence Technology

• Data Exfiltration Prevention with Zero Trust

• Unattended API challenge: How we’re losing track and can we get full visibility

• How 2022’s threats will impact the global landscape in 2023

• To enable ethical hackers, a law reform is needed

• Get ready for RSA 2023: Stronger Together

• New Bazel Ruleset Helps Developers Build Secure Container Images

• FYI: Intel BootGuard OEM private keys leak from MSI cyber heist

• How To Scan and Validate Image Uploads in Java

• FYI: Intel BootGuard OEM private keys leak from MSI cyber-heist

• Hackers publish MSI private keys, enabling signed malware

• 7 Rules Of Risk Management For Cryptocurrency Users

• Hybrid and remote work: The state of play in 2023

• Drive across this border with a QR code, no passport needed

• How this global company uses SSO and MFA to keep systems and data safe

• LayerX’s Browser Security Survey Reveals: 87% of SaaS Adopters Exposed to Browser-borne Attacks in the Past Year

• A week in security (May 1 – 7)

• The rise of “Franken-ransomware,” with Allan Liska: Lock and Code S04E11

• Ransomware review: May 2023

• Google passkeys are a no-brainer. You’ve turned them on, right?

• Next-gen Apple Watch will reportedly get its first major CPU upgrade in years

• Former head of Roscosmos now thinks NASA did not land on the Moon

• What Really Made Geoffrey Hinton Into an AI Doomer

• Hackers leak images to taunt Western Digital

• A CEO’s Guide to Not Becoming the Next Cyberattack Headline

• Advancements in AI Cybersecurity: Leveraging ChatGPT to Stay Ahead of Cyber Criminals

• ChatGPT Can Vastly Improve Healthcare, But The Industry Needs A Secure Database First

• 8 habits of highly-secure remote workers

• Western Digital: Customer info stolen in that IT attack

• Remote workers are still more vulnerable to hackers than they should be. Here’s what to do

• WordPress plugin hole puts ‘2 million websites’ at risk

• Lessons From the Fortune 100 About Cloud-Native Application Security

• Energy Department’s cybersecurity program features critical weaknesses, report says

• How sports data can help public safety agencies up their game

• IT Security News Daily Summary 2023-05-08

• Bank Says That 80 Percent Of Its Fraud Cases Come From Meta Owned Sites

• Consilient Inc. and Harex InfoTech Partner to Fight Financial Crime in South Korea

• Palantir soars on earnings beat and prediction of full-year profitability

• Twitter admits ‘security incident’ made private Circles not so much

• Top 12 Web Application Firewall (WAF) Solutions in 2023

• Government, Industry Efforts to Thwart Ransomware Slowly Start to Pay Off

• Whiteford Taylor & Preston LLP Issues Notice of Data Incident

• Palantir soars 25% on earnings beat and prediction of full-year profitability

• SASE: The Ultimate Guide To Secure Access Service Edge

• Biden will veto Republican-led clawback of unemployment funding, White House says

• 1M NextGen Patient Records Compromised in Data Breach

• The Emerging World of Data Security Posture Management

• NSF jumpstarts regional innovation with $20M awards

• Money Message gang leaked private code signing keys from MSI data breach

• Local leaders feel cloud migration pressure, survey says

• Firing the Vulnerability Disclosure Fire-Drill Mentality

• Protestware explained: Everything you need to know

• Western Digital confirms ransomware actors stole customer data

• What Is AES Encryption? A Guide to the Advanced Encryption Standard

• Western Digital Confirms Customer Data Stolen in Ransomware Attack

• Empowering Weak Primitives: File Truncation to Code Execution With Git

• NextGen Healthcare suffered a data breach that impacted +1 Million individuals

• Chinese Researchers Say They Broke RSA Encryption. Will That Affect You?

• Twitter Flaw Exposes Private Circle Tweets to Public

• Mastering Data Integration for Seamless Cloud Migration Approaches Benefits and Challenges

• How to secure your Mac’s data via Full Disk Access settings

• Kimsuky Spear-Phishing Campaign Goes Global Using New Malware

• Why the ‘Why’ of a Data Breach Matters

• Twitter Confirms a “Security Incident” that Led to Exposing Private Circle Tweets

• Modern Auth comes to on-prem Exchange Server gear

• Preventing sophisticated phishing attacks aimed at employees

• The High-Stakes Game of Cybersecurity: Why Your Data Is a Prime Target for Hackers

• AI Hacking Village at DEF CON This Year

• The Rising Popularity of Remote Browser Isolation

• How to make sure the reputation of your products and company is good

• One Password can cause huge damage to reputation of an Individual and Company

• New AI research funding to focus on 6 areas

• Google Releases Open Source Bazel Plugin for Container Image Security

• NextGen Healthcare Hit By Data Breach, Over 1M+ Details Exposed

• Cloudflare partners with Kyndryl to help enterprises modernize and scale corporate networks

• Western Digital Confirms Customer Data Stolen by Hackers in March Breach

• Twitter Admits To Security Incident Involving Circles Tweets

• DEF CON To Set Thousands Of Hackers Loose On LLMs

• Banks Warn Of Big Increase In Online Scams

• Ransomware Watchers Are Finding Creative Ways To Track Attacks

• Russian Hackers use WinRAR as Cyberweapon

• RFK Jr. Criticizes Crypto, Following Anti-CBDC Remark

• Bangladeshi Hacker Group Targets Multiple Indian News Agencies

• Truecaller To Offer WhatsApp Caller ID As Scams Surge

• Netcraft among the UK’s 100 fastest growing technology companies

• Privoro collaborates with Samsung to protect customers from spyware attacks

• Waratek adds API security capabilities to its Java Security Platform

• Mystery China Space Vehicle Returns To Earth

• Why the FTX Collapse Was an Identity Problem

• SideCopy Using Action RAT and AllaKore RAT to infiltrate Indian Organizations

• Join Our Webinar: Learn How to Defeat Ransomware with Identity-Focused Protection

• Western Digital notifies customers of data breach after March cyberattack

• Constellation Software Cyberattack Claimed by ALPHV

• SAP, Siemens Say EU Data Act Endangers Trade Secrets

• How the ZeuS Trojan Info Stealer Changed Cybersecurity

• Supply Chain Compromise: The Risks You Need to Know

• Cybersecurity for Small Businesses: How to Protect Your Company on a Budget

• Private Tweets Exposed Due to Twitter Circle Security Bug

• Vulnerability in Field Builder Plugin Exposes Over 2M WordPress Sites to Attacks

• Ransomware Group Claims Attack on Constellation Software

• The Anatomy of a Scalping Bot: NSB Goes Undercover & How it Avoids Detection

• MSI’s firmware, Intel Boot Guard private keys leaked

• OpenAI’s Regulatory Issues are Just Getting Started

• What Role Does SASE Have in Protecting the Cloud?

• Biden Meets With Google, Microsoft Bosses Over AI

• ChatGPT: The End of Data Analytics as We Know It?

• How to Set Up a Threat Hunting and Threat Intelligence Program

• A New Ransomware Operation Threatens Your Business: Akira

• $1.1M Paid to Resolve Ransomware Attack on California County

• 1 Million Impacted by Data Breach at NextGen Healthcare

• FinServ Ahead Of The Pack In API Transformation

• Western Digital store offline due to March breach

• TikTok Tracked UK Journalist Via Cat Account

• Protecting DevOps Workflow From The Threat Of Malicious Packages

• Cisco Phone Adapters Flaw Let Attackers Execute Arbitrary Code

• SafeGraph Lands US Air Force Contract After Targeting Abortion Clinics

• Western Digital Confirms Ransomware Group Stole Customer Information

• Banks Warn Of Sharp Rise In Online Fraud

• CERT-UA warns of an ongoing SmokeLoader campaign

• Malware Attacks From SmokeLoader And RoarBAT, CERT-UA Warns

• Former Uber Security Chief Sentenced To Probation Over Hack

• How To Install Fhx sg Private Server In PC ( Windows 7, 8, 10, and Mac )

• SEC issued a record award of $279 million to a whistleblower

• Software developers, how secure is your software?

• CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine

• Your voice could be your biggest vulnerability

• The true numbers behind deepfake fraud

• The WhatsApp of secure computation

• Empire of Hackers launched by CIA targets China

• How 5G network is immune to Cyber Attacks

• T-Mobile suffers second data theft in less than six months

• Lessons from a 40-year-long automotive OEM leader

• Consumer skepticism is the biggest barrier to AI-driven personalization

• ChatGPT and the new AI are wreaking havoc on cybersecurity in exciting and frightening ways

Generated on 2023-05-09 23:55:18.866163