IT Security News Daily Summary 2023-05-19

• When does an old iPhone become unsafe to use?

• OpenAI Launches ChatGPT App for iOS, Bolstering Accessibility and Safety

• Federal grants could boost whole-of-state cyber defense

• Russian IT guy sent to labor camp for DDoSing Kremlin websites

• Pentagon outlines upcoming contractor cybersecurity plan

• Pimcore Platform Flaws Exposed Users to Code Execution

• US Teenager Indicted for Credential Stuffing Attack on Fantasy Sports Website

• Data Siloes: Overcoming the Greatest Challenge in SecOps

• Apple Patches 3 Zero-Days Possibly Already Exploited

• The potential danger of the new Google .zip top-level domain

• 3 Common Initial Attack Vectors Account for Most Ransomware Campaigns

• How business email compromise attacks emulate legitimate web services to lure clicks

• February cyber incident will cost molten metal flow engineering firm Vesuvius £3.5 million

• Protect Your WhatsApp Chats From Snoopers With Chat Lock

• Check Point Software Celebrates Success of its Channel Partners at Annual Awards Gala

• 10 Years After Snowden: Some Things Are Better, Some We’re Still Fighting For

• Expect .zip and .mov domains to be used in phishing and malware attacks

• Zerto 10 for Microsoft Azure delivers disaster recovery (DR) and mobility at scale

• Accenture invests in SpiderOak to elevate satellite communications security in space

• Phishing-resistant MFA 101: What you need to know

• How feds think data can buy time for people suffering a financial shock

• Microsoft Warns of Increase in Business Email Compromise Attacks

• Details of Kia Boyz breaching car security as Kia Challenge on TikTok

• KeePass Flaw Exposes Master Passwords

• New Relic integrates infrastructure and application monitoring for faster troubleshooting

• NTT and Cisco help customers transition to IoT-as-a-Service model

• Several RCE Bugs Making Industrial IoT Devices Vulnerable to Cyberattacks

• BianLian Ransomware has Switched to Extortion-only Attacks, FBI Confirms

• First Lawsuit From TikTok Users Over Montana Ban

• GDIT launches tech strategy focused on ‘accelerators’

• New movie chronicles rise and fall of government’s first secure smartphone devices

• Don’t get scammed by fake ChatGPT apps: Here’s what to look out for

• CommonMagic Malware Implants Linked to New CloudWizard Framework

• How You, or Anyone, Can Dodge Montana’s TikTok Ban

• Three New Zero-Day Vulnerabilities Fixed By Apple

• Homeland Security Employs AI to Analyze Social Media of Citizens and Refugees

• Cyber Signals: Shifting tactics fuel surge in business email compromise

• Google Upgrades Its Vulnerability Reward Program Rules For Android, Devices

• US Supreme Court Leaves Protections For Internet Companies Unscathed

• Millions Of Android TVs And Phones Come With Malware

• Cisco Squashes Critical Bugs In Small Biz Switches

• FTC To Crack Down On Biometric, Health Privacy Violations

• Zerto Cyber Resilience Vault allows users to monitor for encryption-based anomalies

• Check Point CloudGuard secures Microsoft Azure Virtual WAN

• Juniper Networks and ServiceNow partner to deliver E2E automation for MSPs and enterprises

• Strata Identity unifies Maverics ID Orchestration functions across environments

• Cyberattack That Stole Personal Data of 16,000 Law Society Members, What Was Lacking?

• Urgent Patches: macOS Ventura 13.4, iOS 16.5 fix 3 actively exploited vulns

• NPM packages found containing the TurkoRat infostealer

• How to prevent against the 5 main types of insider threats

• Preinstalled ‘Guerrilla’ Malware Infects Millions of Smartphones Worldwide

• Top 5 search engines for internet‑connected devices and services

• Experts Warn of Voice Cloning-as-a-Service

• Keep Your Friends Close and Your Identity Closer

• UK Government Unveils Long-Awaited £1 Billion Semiconductor Strategy

• Educating Your Board of Directors on Cybersecurity

• Google Debuts Quality Ratings for Security Bug Disclosures

• Privacy Sandbox Initiative: Google to Phase Out Third-Party Cookies Starting 2024

• Toyota Japan confirms decade-long security breach affecting more than 2M customers

• Take action now to avoid BianLian ransomware attacks, US Government warns organisations

• Multiple Vulnerabilities Found in the Kiddoware Kids Place Parental Control Android App

• Teen Charged in DraftKings Data Breach

• Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

• Apple fixes WebKit 0-days under attack (CVE-2023-28204, CVE-2023-32373, CVE-2023-32409)

• Researchers Identify Second Developer of ‘Golden Chickens’ Malware

• Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware

• Dr. Active Directory vs. Mr. Exposed Attack Surface: Who’ll Win This Fight?

• Security Risks of New .zip and .mov Domains

• Apple Deploys Emergency Patches To Thwart 3 Zero-Day Threats

• Lemon Gang Pre-Infects 9 Million Android Devices With Malware

• Google To Begin Disabling Third-Party Chrome Cookies In Q1 2024

• #CRESTCon: White House Shifts US Cybersecurity Strategy Towards International Cooperation

• DarkBERT could help automate dark web mining for cyber threat intelligence

• Keeper Password Vulnerability Let Hackers Gain the Master Password

• CloudWizard APT: the bad magic story goes on

• Apple Patches 3 Exploited WebKit Zero-Day Vulnerabilities

• Cloudflare Unveils New Secrets Management Solution

• A Mysterious Group Has Ties to 15 Years of Ukraine-Russia Hacks

• Application Control 101: Definition, Features, Benefits, and Best Practices

• Laptop Keeps Shutting Off? Here’s How to Fix It

• UK’s GDPR replacement could wipe out oversight of live facial recognition

• Hackers steal the SSN of nearly 6 million people

• Rust-Based Info Stealers Abuse GitHub Codespaces

• NCSC: It’s Time for CISOs to Prioritize Accessibility

• Lemon Group Exploits 8.9 Million Pre-Infected Android Phones

• Silicon Pulse: Your Tech News Update: Episode 3

• Teen Charged in DraftKings Credential Stuffing Case

• Searching for AI Tools? Watch Out for Rogue Sites Distributing RedLine Malware

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows?

• Critical Cisco Switch Vulnerabilities Allow Remote Exploitation

• Microsoft VMs hijacked in cloud Cyber Attack

• The Vital Importance of Cybersecurity for Profit-Making Organizations

• New infosec products of the week: May 19, 2023

• WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities

• Europe: The DDoS battlefield

• Inadequate tools leave AppSec fighting an uphill battle for cloud security

• Exploring the tactics of phishing and scam websites in 2023

• Apple warns of three WebKit vulns under active exploitation, dozens more CVEs across its range

• Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!

• Apple fixed three new actively exploited zero-day vulnerabilities

• The Internet Dodges Censorship by the Supreme Court

• KeePass vulnerability allows attackers to access the master password

• Child safety app riddled with vulnerabilities: Update now!

• Zip domains, a bad idea nobody asked for

• APT attacks: Exploring Advanced Persistent Threats and their evasive techniques

• Four federal departments have not fully implemented cloud security practices, GAO says

• Cisco Warns of Multiple Flaws in Small Business Series Switches

• Enterprises Rely on Multicloud Security to Protect Cloud Workloads

• Outperforming fund manager is bullish on these cybersecurity stocks, citing more room for growth

• Cyberattacks on City and Municipal Governments

• Cyber Attack as an Asymmetric Threat

• 2023-05-17 – Knock knock… Guess who? It’s Pikabot!

• Cisco squashes critical bugs in small biz switches

• 18-Year-Old Hacker Charged Over Theft Of 60,000 DraftKings Accounts

• The Role of Open Source in Cloud Security: A Case Study With Terrascan by Tenable

• Why technical debt is really ‘innovation debt’

• County looks to blockchain for records management

• KeePass Vulnerability Imperils Master Passwords

• IT Security News Daily Summary 2023-05-18

• How To Check IP Addresses for Known Threats and Tor Exit Node Servers in Java

• Change Control Doesn’t Work: When Regulated DevOps Goes Wrong

• Should governments ban TikTok? Can they?

• KeePass 2.X Master Password Dumper allows retrieving the KeePass master password

• EEOC alerts employers to AI discrimination risks

• Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict

• 5 useful search engines for internet‑connected devices and services

• Acronis adds EDR to endpoint security

• Facebook To Face Record Privacy Fine Over Transferring User Data

• ClearML unveils ClearGPT, a generative AI platform overcoming ChatGPT challenges

• Okta’s Security Center opens window to customer insights, including threats and friction

• Support the “My Body, My Data” Act

• 4 priorities B2B technology leaders should strive to meet this year

• Bill to cut software costs advances in Senate

• Investors Make $6M Bet on Manifest for SBOM Management Technology

• Passage by 1Password brings passkeys to any website

• How to scan container images with Docker Scout

• What Is IBM Hybrid Cloud Mesh?

• Gentex confirms data breach by Dunghill ransomware actors

• 10 Types of AI Attacks CISOs Should Track

• API Security: Why You No Longer Feel Secure

• Ensuring Online Privacy and Security: Best Practices and Strategies

• Accelerating Security Risk Management

• S3 Ep135: Sysadmin by day, extortionist by night

• Microsoft Azure VMs Highjacked in Cloud Cyberattack

• Google May Delete Your Old Accounts. Here’s How to Stop It

• Microsoft decides it will be the one to choose which secure login method you use

• Ex ByteDance Staffer Alleges Beijing Had ‘Supreme Access’ To All Data

• Researchers Uncovered Notorious QakBot Malware C2 Infrastructure

• How to turn on Private DNS Mode on Android (and why you should)

• Bitwarden Passwordless.dev simplifies passkey implementation for developers

• ServiceNow and NVIDIA join forces to build generative AI across enterprise IT

• Komprise automates data governance for IT

• Concentric AI unveils deep-learning driven detection capabilities

• ExtraHop protects organizations from accidental misuse of AI tools

• What Is Istio Service Mesh?

• Google Public Sector names new board of directors

• A ‘stronger, faster’ intelligence community is possible with AI

• Embedding Security by Design: A Shared Responsibility

• This Cybercrime Syndicate Pre-Infected Over 8.9 Million Android Phones Worldwide

• Build a Cloud Tagging Strategy in 5 Steps

• HEAT and EASM: What to Know About the Top Acronyms at RSA

• Skyflow launches ‘privacy vault’ for building LLMs

• Why Amazon S3 is a ransomware target and how to protect it

• Apple’s App Store Blocks $2bn in Fraudulent Transactions

• Cyber Warfare Escalates Amid China-Taiwan Tensions

• Beware of ChatGPT and Midjourney imposters

• Poland Blames Russia After DDoS Attacks On News Websites

• Apple’s App Store Blocks $2b in Fraudulent Transactions

• Satori Augments Its Data Security Platform With Posture Management and Data Store Discovery Capabilities

• OX Security Launches OX-GPT, AppSec’s First ChatGPT Integration

• ‘If it gets hit, we’ll buy more,’ Jim Cramer says of this cybersecurity firm

• Triple Threat: Insecure Economy, Cybercrime Recruitment and Insider Threats

• Industrial Secure Remote Access Is Essential, but Firms Concerned About Risks

• Montana Signs Ban on TikTok Usage on Personal Devices

• Once Again, Malware Discovered Hidden in npm

• Zero Trust + Deception: Join This Webinar to Learn How to Outsmart Attackers!

• Admin of the darknet carding platform Skynet Market pleads guilty

• 5 ways security leaders are using real-world exercises

• Kyndryl and SAP boost partnership to ease digital transformation

• Teradata collaborates with FICO to help customers reduce fraud

• New Relic launches AWS Systems Manager Distributor integration

• BeeKeeperAI releases EscrowAI to expedite the development and deployment of AI in healthcare

• China’s Access to TikTok User Data Raises Privacy Concerns

• Generative AI Empower Users, But it May Challenge Security

• Hackers Target Apple macOS Systems with a Golang Version of Cobalt Strike

• Google Refuses to Disclose Reason for Withholding Bard AI in EU

• New Top-Level Domains, .Zip and .Mov; Geacon Malware; and Google to Delete Dormant Accounts

• Google Introduces Dark Web Monitoring For Gmail Users

• Survey: 45% of gov employees may walk if agencies reduce remote work flexibility

• New SBOM Hub Helps All Stakeholders in Software Distribution Chain

• Quantum Decryption Brought Closer by Topological Qubits

• WithSecure Launches New Range of Incident Response and Readiness Services

• LexisNexis Risk Solutions Cybercrime Report Reveals 20% Annual Increase in Global Digital Attack Rate

• Twitter’s Top Users Posting Less, Pew Research Finds

• How To Conduct a Secure Code Review

• How to password-protect a file in Apple Pages (and when you might want to)

• Google Announces New Rating System for Android and Device Vulnerability Reports

• Eagle Eye Networks and Brivo Announce $192M Investment — One of the Largest Ever in Cloud Physical Security

• LayerZero Labs Launches $15M Bug Bounty; Largest in the World

• ActZero Teams Up With UScellular to Secure Mobile Devices From Ransomware Attacks

• 3 Ways Hackers Use ChatGPT to Cause Security Headaches

• Babuk is Customized by RA Ransomware Group

• Is Patching the Holy Grail of Cybersecurity?

• Wipro Delivers Palo Alto Networks Zero Trust OT Security Solutions

• DOJ Links Iran, China, And Russia To Five IP-Theft Related Cases

• Polish News Websites Hit By DDoS Attacks

• Six Million Patients’ Data Feared Stolen From PharMerica

• Threat Actor Bypasses Detection, Protections In Microsoft Azure Serial Console

• How To Design Reliable IIoT Architecture

• State-Sponsored Cybercrime Group`s Infrastructure Revealed

• Montana First US State To Ban China’s TikTok

• Millions of Smartphones Distributed Worldwide With Preinstalled ‘Guerrilla’ Malware

• Cisco Says PoC Exploits Available for Newly Patched Enterprise Switch Vulnerabilities

• PoC Tool Exploits Unpatched KeePass Vulnerability to Retrieve Master Passwords

• Join This Webinar — Zero Trust + Deception: Learn How to Outsmart Attackers!

• Avoiding Reputational Damage by Conquering Insider Threats

• Unveiling The Power Of Cybersecurity Monitoring Capability Guide

• Aqua Security collaborates with ServiceNow to accelerate cloud native risk remediation

• Elevating Your Pc Sports Gaming Experience: The Best Gadgets Of 2023

• Exploring The Future Of Handheld Play: Top Six Portable Gaming Devices Of 2023

• FBI, GCHQ Unite To Foil Russian Malware Hacking Tool

• Guide to Choosing the Best Family Cell Phone Plan

• How to Reduce Exposure on the Manufacturing Attack Surface

• Cisco fixes critical flaws in Small Business Series Switches

• Unfolding The Future: Technological Innovations In Video Game Development

• ChatGPT Leveraged to Enhance Software Supply Chain Security

• Critical fixed critical flaws in Cisco Small Business Switches

• DevSecOps Capability Guide

• Key Metrics In Evaluating DevOps Threat Matrix

• BT To Cut 55,000 Jobs By 2030

• 8220 Gang Exploiting Oracle WebLogic Flaw to Hijack Servers and Mine Cryptocurrency

• Escalating China-Taiwan Tensions Fuel Alarming Surge in Cyber Attacks

• Time Taken For Hackers to Crack Passwords Revealed

• How Dominica Citizenship By Investment Compares To Other Programs – 2023 Guide

• New Top-Level Domains, .Zip and .Mov; Geacon Malware; and Goggle to Delete Dormant Accounts

• Government Publishes Playbook to Enhance Smart City Security

• New Cloud Data Leak Adds to Capita’s Woes

• WhatsApp Adds ‘Chat Lock’ To Secure ‘Intimate’ Messages

• New Android & Google Device Vulnerability Reward Program – Rewards of up to $15,000!

• Identity Crimes Remain at All-Time High in 2022

• Ransomware in the Name of Charity: MalasLocker Targets Zimbra

• Do you know which data breaches you have fallen victim to?

• Risk Tolerance: Understanding the Risks to your Organization

• Do you know what your supply chain is and if it is secure?

• Ukraine, Ireland, Japan and Iceland join NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE)

• Apple Thwarts $2 Billion in App Store Fraud, Rejects 1.7 Million App Submissions

• Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands

• Ransomware – Stop’em Before They Wreak Havoc

• OpenAI CEO concerned that ChatGPT could compromise US elections 2024

• Apple Blocked Over $2 Billion in Fraudulent Transactions & 1.7 Malicious Apps

• Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks

• Meet “AI”, your new colleague: could it expose your company’s secrets?

• Your KeePass Master Password may be at risk, but a fix is coming

• Organizations’ cyber resilience efforts fail to keep up with evolving threats

• Introducing Permit.io: Simplifying access control and policy management for developers

• Enhancing open source security: Insights from the OpenSSF on addressing key challenges

• Happy Mother’s Day! Serving, surviving, and thriving as a mom with a cyber career

• Scans required for PCI DSS compliance

• Identity crimes: Too many victims, limited resources

• Lacroix Shuts Down Facilities After Ransomware Attack

• Predicting the future of endpoint security in a zero-trust world

• Six million patients’ data feared stolen from PharMerica

• Why Using Generative AI for OKRs Is Generally a Bad Idea

• PharMerica breach impacts almost 6 million people

• Leaked Babuk ransomware builder code lives on as RA Group

Generated on 2023-05-19 23:55:24.960310