IT Security News Daily Summary 2023-05-12

• WordPress Plugin Used in 1M+ Websites Patched to Close Critical Bug

• XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks

• Leaked source code of Babuk ransomware used by 10 different ransomware families targeting VMware ESXi

• Ex-Ubiquiti dev jailed for 6 years for stealing internal corp data, extorting bosses

• How Compliance Automation Can Transform Your Next Audit

• How cyberstalkers could access your iPhone using the Windows Phone Link app

• Explore the impact of quantum computing on cryptography

• U.S. military now has voice-controlled bug drones

• Ex-Ubiquiti dev jailed for 6 years after stealing internal corp data, extorting bosses

• Wildlife management migrates to the cloud

• Security experts share cloud auditing best practices

• An Analyst View of XM Cyber’s Acquisition of Confluera

• 6G promises immersive communications for public safety

• Making Sure Lost Data Stays Lost

• Lawmakers tell Biden they are ‘extremely concerned’ about critical vacant cyber role

• Republicans unemployment fraud bill passes House, gets Senate version

• Toyota: Data on More Than 2 Million Vehicles in Japan Were at Risk in Decade-Long Breach

• New Competition Focuses on Hardening Cryptosystems

• Malicious Chatbots Target Casinos in Southeast Asia

• Global Supply Chain With Kafka and IoT

• Eight Years Holding ISPs to Account in Latin America: A Comparative Outlook of Victories and Challenges for User Privacy

• Align agencies, residents to boost customer experience

• The Law Should Not Require Parental Consent for All Minors to Access Social Media

• Whodunnit? Cybercrook gets 6 years for ransoming his own employer

• Securing and Managing ChatGPT Traffic with Palo Alto Networks App-ID

• Britain’s largest private pension scheme reveals scale of Capita break-in

• Is federal financial management stuck in the 20th century?

• UK’s largest private pension scheme warns of Capita break-in

• WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers

• Toyota: Data on More Than 2 million Vehicles in Japan Were at Risk in Decade-Long Breach

• Bl00dy ransomware gang targets schools via PaperCut flaw

• Facebook Must Face Yet Another Privacy Suit Over Cambridge Analytica Scandal

• Black Basta Ransomware Attacks Global Technology Company ABB

• The UK Online Safety Bill Must Not Violate Our Rights to Free Speech And Private Communication

• How To Implement Istio Ambient Mesh in GKE or AKS

• Lessons from ‘Star Trek: Picard’ – a cybersecurity expert explains how a sci-fi series illuminates today’s threats

• Experts question San Bernardino’s $1.1M ransom payment

• PaperCut Software Flaw Sparks Ransomware Attacks, CISA Warns

• Hacker Marketplace Still Active Despite Police Takedown Claim

• Microsoft Will Take Nearly A Year To Finish Patching New 0-Day Secure Boot Bug

• More Than 2 Million Toyota Users Face Risk Of Vehicle Data Leak In Japan

• Activists Gatecrash Capita’s AGM To Protest GPS Tracking Contract

• UK Cops Score Legal Win In EncroChat Snooping Case

• SideWinder APT Group: Victims in Pakistan and Turkey Stricken with Multiphase Polymorphic Attack

• Toyota Admits Decade-Long Data Leak Affecting 2.15 Million Customers

• How Cybercriminals Adapted to Microsoft Blocking Macros by Default

• How to avoid mothers day scams

• Virginia joins Republican states pulling out of multi-state voter list program

• Essential Addons Plugin Flaw Exposes One Million WordPress Websites

• What the Email Security Landscape Looks Like in 2023

• Millions of Android Phones Comes Pre-Infected with Malware Firmware

• OneTrust enhances Trust Intelligence Platform to empower responsible data use

• Here’s How Global Firms are Capturing First- & Zero-Party Data of Consumers

• Incident response: How to implement a communication plan

• New Stealthy Variant of Linux Backdoor BPFDoor Emerges from the Shadows

• Netgear Routers’ Flaws Expose Users to Malware, Remote Attacks, and Surveillance

• Ted Chiang on the Risks of AI

• How To Avoid Mother’s Day Scams By Protecting Your Purse And Heart

• SaaS vs. On-Prem Data Security: Which is Right for You?

• ‘Very Noisy:’ For the Black Hat NOC, It’s All Malicious Traffic All the Time

• AI Is About to Be Everywhere: Where Will Regulators Be?

• Elon Musk Finds New CEO For Twitter

• Leaked Babuk Code Fuels New Wave of VMware ESXi Ransomware

• Spain Arrests Hackers in Crackdown on Major Criminal Organization

• New Variant of Linux Backdoor BPFDoor Uncovered After Years of Staying Under the Radar

• Criminal IP partners with DNS0.EU to combat cyber threats

• Private Keys for Intel Boot Guard Have Reportedly Been Leaked, Jeopardizing the Security of Many PCs

• VT Code Insight: Updates and Q&A on Purpose, Challenges, and Evolution

• Chinese Government to Ban TikTok Apps From Collecting U.S. Data

• System Testing and Best Practices

• DOD plans free software tools to support cyber compliance by small biz

• Appian World 2023: Focus On AI, Data Management

• WordPress Plugin Flaw Let Attackers Hijack 1m Websites

• Organizations Informed of Over a Dozen Vulnerabilities in Rockwell Automation Products

• Solving Your Teams Secure Collaboration Challenges

• 9 Ransomware Forms Against VMware ESXi Built From Babuk Source Code

• The Ultimate Guide To Net Documents For Law Firms

• The Black Basta ransomware gang hit multinational company ABB

• Appian World 2023: Process Automation To Become More Intelligent (And Private)

• Greatness phishing-as-a-service threatens Microsoft 365 users

• Activists gatecrash Capita’s AGM to protest GPS tracking contract

• Data breach alert: Intel confronts massive security incident

• Silicon UK Pulse: Your Tech News Update: Episode 2

• PoC Disclosed for Five Vulnerabilities to Exploit Netgear Routers

• Australian Enterprise Software Maker TechnologyOne Resumes Trading Following Hack

• France Punishes Clearview AI For Failing To Pay Fine

• CISA, FBI: Ransomware Gang Exploited PaperCut Flaw Against Education Facilities

• Tech Provider ABB Struck By Black Basta Ransomware Attacks

• 1 Million WordPress Sites Impacted by Exploited Plugin Vulnerability

• Manufacturers Targeted as Ransomware Victim Numbers Spike 27%

• A flaw in the Essential ‘Addons for Elementor’ WordPress plugin poses 1M sites at risk of hacking

• Malicious AI Tool Ads Used to Deliver Redline Stealer

• Software Supply Chain Attacks Hit 61% of Firms

• Bl00dy Ransomware Gang Strikes Education Sector with Critical PaperCut Vulnerability

• How To Install Olympiacos FC In PC ( Windows 7, 8, 10, and Mac )

• Card ‘ID Theft’ Fraud Doubles in 2022

• What Is Privileged Identity Management (PIM)?

• XDR vs SIEM vs SOAR: A Comparison

• Leaving USB Devices & Critical Enterprise Data Unmonitored can Leave Your Sysadmins Perplexed

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows?

• Black Basta Ransomware attack on ABB Group LTD

• Cyber Security vs Data Science: Which is best pay wise

• Github Announced Push Protection Feature Free for all Public Repositories

• A flaw in the Essential ‘Addons for Elementor’ WordPress plugin poses 1M sites at risk of hacking

• UK cops score legal win in EncroChat snooping op

• Severe Security Flaw Exposes Over a Million WordPress Sites to Hijack

• Top 3 trends shaping the future of cybersecurity and IAM

• NIST updates cyber guidance for contractors handling sensitive data

• A classified cloud is headed to the Indo-Pacific

• New infosec products of the week: May 12, 2023

• OneNote documents have emerged as a new malware infection vector

• Preventing sophisticated phishing attacks aimed at employees

• CISOs’ confidence in post-pandemic security landscape fades

• Fraud victims risk more than money

• Microsoft Authenticator to Enforce Number Matching

• Secure Messaging Arrives on Twitter – Sort of. ‘Don’t Trust It Yet,’ Musk Warns

• India to send official whassup to WhatsApp after massive spamstorm

• Google offers Dark Web monitoring for US Gmail users

• Google Passkeys: How to create one and when you shouldn’t

• Malwarebytes achieves perfect score in latest AVLab assessment

• Trend Micro Reports Consistent Earnings Results for Q1 2023

• Juniper Research Study Reveals Staggering Cost of Vulnerable Software Supply Chains

• Let white-hat hackers stick a probe in those voting machines, say senators

• IT Security News Daily Summary 2023-05-11

• Plug-and-Play Microsoft 365 Phishing Tool ‘Democratizes’ Attack Campaigns

• Optimization model delivers faster emergency response

• CISA is growing up, CIO says

• Billy Corgan Paid Off Hacker Who Threatened to Leak New Smashing Pumpkins Songs

• GPT-3 Detected 213 Security Vulnerabilities… Or It Did Not

• Google offers certificate in cybersecurity, no dorm room required

• North Korean Hackers Behind Hospital Data Breach in Seoul

• Bitdefender unveils App Anomaly Detection to detect malicious activity in Android apps

• Adopting ChatGPT Securely: Best Practices for Enterprises

• Millions of mobile phones come pre-infected with malware, say researchers

• Integrating Cyber Resiliency With FPGAs

• This New Era of Security Requires Secure Networking, Vendor Consolidation, and Focus on OT

• Introducing a new way to buzz for eBPF vulnerabilities

• Google’s New Dark Web Monitoring Feature for Gmail Users

• Federal money is coming to fix aging flood control systems – but plans all too often reflect historical patterns and not future risks

• Startup Competition Secures ML Systems, Vulnerabilities in Automation

• Hybrid Working Key Factor For Most Tech Workers

• Threat Actors Use Babuk Code to Build Hypervisor Ransomware

• Check Point expands Harmony Endpoint with automated patch management capabilities

• Point Predictive BorrowerCheck 3.0 combats fraud and identity theft

• Application Programming Interface (API) testing for PCI DSS compliance

• How I Got Started: Offensive Security

• Cloud security gap: Shadow, orphan and democratized data

• Why take the whole-of-state approach to ransomware protection and remediation

• Ransomware Attacks Adapt With New Techniques: Kaspersky Report

• Cyber Attack on Tokyo MoU compromises data

• Microsoft Freezes Salaries, Amid Economic Uncertainty

• What’s going on with DHS’ enterprise cloud plan?

• Bipartisan group looks to fix ‘hopelessly obsolete’ classification system

• US Probing Cybersecurity Risks of Rockwell Automation’s China Operations: Report

• Active Directory functional levels

• S3 Ep134: It’s a PRIVATE key – the hint is in the name!

• “Greatness” Phishing Tool Exploits Microsoft 365 Credentials

• Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

• Ransomware Attack Gets Personal For Dragos Chief

• $1.5M Crypto Scheme Leads To 2-Year Prison Term For Ex-Coinbase Manager

• ENISA Leans Into EU Clouds With Draft Cybersecurity Label

• Qrypt and Carahsoft join forces to provide quantum secure encryption to federal agencies

• RKVST Instaproof adds transparency and traceability to data wherever it is stored

• Turning a page

• Senate confirms Biden’s pick to lead NARA

• Akira ransomware – what you need to know

• Spanish Police Takes Down Massive Cybercrime Ring, 40 Arrested

• New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe

• Twitter Launches Encrypted Private Messages, Says Elon Musk

• Risk of cyber-attack “worry” for Eurovision contest

• 13 Tech Gifts Under $50 For Any Gadget Lover

• Here’s All You Know About Public Key Cryptography

• NextGen Data Breach, Personal Data of 1.5M Patients Hacked

• OpenAI CEO Sam Altman To Testify Before US Congress

• British hacker pleads guilty to hacking schemes, faces 77 years in prison

• Zero Trust: Can It Be Implemented Outside the Cloud?

• CISA Addresses ‘Cyber Poor’ Small Biz, Local Government

• Google will provide dark web monitoring to all US Gmail users and more

• We are in the final! Please vote for Security Affairs and Pierluigi Paganini

• 10 Web Development Skillset And Key Abilities You Can’t Ignore

• DCI partners with DataVisor to help banks fight fraud

• SAP and Google Cloud expand collaboration to advance enterprise AI development

• Cynalytica releases OTNetGuard 4G/5G sensor to provide secure critical infrastructure monitoring

• Dragos Employee Hacked, Revealing Ransomware, Extortion Scheme

• Why Economic Downturns Put Innovation at Risk & Threaten Cyber Safety

• Operation MEDUSA Brings Down ‘Snake’ – Russia’s Cyberespionage Malware

• Google I/O: Pixel Tablet, Pixel Fold, Pixel 7a

• New Akira Ransomware Attacking Organizations and Exposes Sensitive Data

• Understanding the Backdoor Debate in Cybersecurity

• Former Ubiquiti Employee Who Posed as Hacker Sentenced to Prison

• Mass Event Will Let Hackers Test Limits of AI Technology

• New ‘Greatness’ Phishing-as-a-Service Targets Microsoft 365 Accounts

• OpenSSF Receives $5 Million for Open Source Software Security Project

• Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers

• 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem

• North Korea-linked APT breached the Seoul National University Hospital

• NETGEAR launches Nighthawk M6 Pro 5G WiFi 6E Hotspot Router

• Arlo improves physical security for Ping Identity employees

• Absolute to be acquired by Crosspoint Capital Partners

• Comcast Business, Fortinet, and Exclusive Networks team up to offer fully managed IT services

• Passwords and 2FA Codes Stolen by the Android FluHorse Malware

• Dish Network Hit by Cyberattack and Multiple Lawsuits

• What Apple Has in Store With Its New AR/VR Headset

• ENISA leans into EU-based clouds with draft cybersecurity label

• CACTUS ransomware evades antivirus and exploits VPN flaws to hack networks

• Multiple Ransomware Groups Adapt Babuk Code to Target ESXi VMs

• This data platform will help banks share criminal intelligence

• Delaware Judge Refuses to Dismiss Facebook Shareholder Suit Over User Data Privacy Breaches

• Microsoft Makes Second Attempt to Patch Recent Outlook Zero-Day

• Google Improves Android Security With New APIs

• Senators Push Overhaul of Classification Rules After Trump, Biden Cases

• Google notifies users about dark web exposure

• Dragos blocks ransomware attack, brushes aside extortion attempt

• Snake Malware, Lockdown Mode, and Apple App Subscriptions

• A Republican-Led Lawsuit Threatens Critical US Cyber Protections

• How Attack Surface Management Supports Continuous Threat Exposure Management

• Babuk Source Code Sparks 9 Different Ransomware Strains Targeting VMware ESXi Systems

• Building Trustworthy AI

• Google I/O: AI For Google Search

• April 2023’s Most Wanted Malware: Qbot Launches Substantial Malspam Campaign and Mirai Makes its Return

• How to Use Sms Coupons to Increase Sales and Customer Loyalty

• Twitter now supports Encrypted Direct Messages, with some limitations

• Linux Kernel Vulnerability Gives Cybercriminals Root Privileges

• Should you protect your Google Account with a passkey instead of a password?

• NCSC and ICO Dispel Incident Reporting Myths

• Why Should You Take IT Security Seriously?

• How to Use SMS Coupons to Increase Sales and Customer Loyalty?

• Ransomware Group Tries and Fails to Extort Security Vendor Dragos

• Neighborhood Watch Out: Cops Are Incorporating Private Cameras Into Their Real-Time Surveillance Networks

• Red Teaming: 4 Ways to Get the Best Value While Improving Your Security

• Fake Windows Update Used to Push Aurora Info-Stealer

• Bad Bots Now Account For 30% of All Internet Traffic

• A zero-click vulnerability in Windows allows stealing NTLM credentials

• New ransomware trends in 2023

• Google Broadens Dark Web Monitoring To Track All Gmail Users

• How to Become a Professional Poker Player

• Do you know what your supply chain is and if it is secure?

• Andoryu Botnet Exploits Critical Ruckus Wireless Flaw for Widespread Attack

• The Retail Data Threat Environment and Why CIAM is a Key Cornerstone to Better Cybersecurity.

• Prince Harry spills beans on Daily Mirror Phone Hacking story

• GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets

• Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users

• North Korean Hackers Stole 830K Data From Seoul’s Top Hospital

• New Linux NetFilter Kernel Flaw Let Attackers Gain Root Privileges

• CISOs confront mounting obstacles in tracking cyber assets

• Twitter’s Encrypted DMs Are Deeply Inferior to Signal and WhatsApp

• The impact of blockchain technology on the future of finance

• Improving your bottom line with cybersecurity top of mind

• Refined methodologies of ransomware attacks

• Automotive industry employees unaware of data security risks

• Avast discovers and helps patch a major vulnerability

• The STOP CSAM Act: Improved But Still Problematic

• Manage Cyber Risk with a Platform Approach

• How Boards Can Set Enforceable Cyber Risk Tolerance Levels

• Android TV Boxes Sold on Amazon Come Pre-Loaded with Malware

• How to spot and avoid a tech support scam

• New Discord username policy raises user privacy fears

• Uncovering RedStinger – Undetected APT cyber operations in Eastern Europe since 2020

• Update now! May 2023 Patch Tuesday tackles three zero-days

• Navigating mobile malware trends: Crucial insights and predictions for MSPs

• Blockchain Startups Are Drawing Substantial Venture Capital Funding

Generated on 2023-05-12 23:55:24.277697