IT Security News Daily Summary 2023-07-11

• The Looming Threat of Business Email Compromise: Insights from John Wilson at Fortra

• VERT Threat Alert: July 2023 Patch Tuesday Analysis

• Cybersecurity professional accused of stealing $9M in crypto

• Former Security Engineer Arrested for $9 Million Crypto Exchange Hack

• API Testing Automation: How and Why Automate API Testing

• Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884)

• Cisco Talos Reports Microsoft Windows Policy Loophole Being Exploited by Threat Actor

• Dark Web Genesis Market for Sale: Operators Seek Buyers for Defunct Enterprise

• Playing Around With AWS Vault for Fun and Profit

• Apple’s Rapid Security Response Patches Are Breaking Websites

• Microsoft Warns of Office Zero-Day Attacks, No Patch Available

• Silk Road’s Second-in-Command, Variety Jones, Gets 20 Years in Prison

• Bangladesh government takes down exposed citizens’ data

• Savvy, a platform to secure SaaS apps, launches out of stealth with $30M

• HCA Healthcare reports breach of 11 million patients’ personal data

• Banks, hotels and hospitals among latest MOVEit mass-hack victims

• Cybersecurity professional accused of stealing $9 million in crypto

• Over $30 Billion Stolen from Crypto Sector, Reveals SlowMist’s

• Judge Declines FTC Injunction In Microsoft Activision Blizzard Purchase

• Bangladesh Government Website Leaks Personal Data

• Mastodon Patches 4 Bugs, but Is the Twitter Killer Safe to Use?

• Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures

• DDoS Attacks Soar by 168% on Government Services, StormWall Warns

• Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion

• SaaS Application Security Firm Savvy Exits Stealth Mode With $30 Million in Funding

• OpenAI Has Made The GPT-4 API Available To Everyone

• How to Enhance IAM by Adding Layers of Zero Trust

• Critical VMware Bug Exploit Code Released Into the Wild

• Apple’s Rapid Zero-Day Patch Causes Safari Issues, Users Say

• Cyberattacks Are a War We’ll Never Win, but We Can Defend Ourselves

• What is identity and why is it important?

• How social media compromises information security

• Apple silently pulls its latest zero-day update – what now?

• Clop: Behind MOVEit Lies a Loud, Adaptable and Persistent Threat Group

• Lobbying Group Says Facebook Hosts More Than Half Of Digital Payment Scams

• NETSCOUT enhances its AED with ML-based Adaptive DDoS Protection

• Cyber Attack on Australia Ventia

• PC Shipment Decline Slows In Q2, Says Canalys

• API’s Role in Digital Government, 10 National Best Practices

• ICS Patch Tuesday: Siemens, Schneider Electric Fix 50 Vulnerabilities

• Clop’s MoveIt Transfer attacks lead to mixed results

• 11 Million Patients Impacted in Healthcare Data Breach

• UK Cyber Extortion Rose by 39% in One Year, International Law Firm Reveals

• Anthropic Opens Rival AI Chatbot To Public

• Hackers use Rekoobe Backdoor to Attack Linux Systems

• Razer investigates potential breach involving its digital wallet

• For stronger public cloud data security, use defense in depth

• How to Use Discord’s Family Center With Your Teens

• Verifying Software Integrity With Sigstore

• EU Adopts New US Data Privacy Agreement

• HCA Healthcare data breach impacted 11 million patients

• Apple Releases, Quickly Pulls Rapid Security Response Update For 0-Day WebKit Bug

• Data For 11 Million Patients Stolen In Breach Of HCA Healthcare

• Clever Letscall Vishing Malware Targets Android Phones

• Privacy Activists Slam EU-US Pact On Data Sharing

• The Battle Against Business Logic Attacks: Why Traditional Security Tools Fall Short

• HCA Healthcare Falls Victim to Data Security Incident

• Cato Networks Extends ZTNA to Protect Against Insider Threats

• Drata appoints Sydney Sloan as CMO

• Digilock introduces hardwired keyless lock solution

• Amazon Challenges EU ‘Gatekeeper’ Designation

• Lowering the Bar(d)? Check Point Research’s security analysis spurs concerns over Google Bard’s limitations

• RomCom Spies Target NATO Summit Ahead of Zelensky’s Arrival

• Cyber Mindfulness Corner Company Spotlight: Exabeam

• India’s Finance Ministry Tell State-run Banks to Adopt Emerging Technologies to Increase Operational Efficiency

• SCARLETEEL Hackers Target AWS Fargate in Latest Cryptojacking Campaign

• Top Takeaways From Table Talks With Fortune 100 CISOs

• Vercara partners with HashiCorp to support DevOps teams throughout the development lifecycle

• Perimeter 81 hires Gadi BenMark as CMO

• Are we doomed to make the same security mistakes with AI?

• Users’ Data is Stolen Through 1.5 million Android Apps

• ESET Threat Report H1 2023

• Personal Information of 11 Million Patients Stolen in Data Breach at HCA Healthcare

• Apple issued Rapid Security Response updates to fix a zero-day but pulled them due to a Safari bug

• Cybercrime to Cost Global Economy $10.5 trillion By 2025

• SAAS Security: 6 Best Practices and Strategies

• Privacy of Printing Services

• Netskope collaborates with Wipro to help users protect sensitive data

• Microsoft Confirms More Job Losses

• Apple Issues Device Updates to Patch Critical Vulnerability

• Legion Tool Steals PUBG Players’ Browser Passwords through a Fake GitHub Repo

• Hungary As A Tax Haven: A Strategic Location With Favorable Tax Rates And Skilled Workforce

• How To Setup A Crypto-exchange: Licensing, Software And Banking Guide

• Empowered Encryption

• Most Commonly Overlooked Attack Surface Vulnerabilities & How to Fix Them

• Russia-Linked RomCom Hackers Targeting NATO Summit Guests

• How to Apply MITRE ATT&CK to Your Organization

• Alteryx Analytics Automation powered by AWS allows CFOs to modernize financial processes

• SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign

• Foxconn Abandons Indian Chip Joint Venture, Seeks New Project

• ‘ScarletEel’ Hackers Worm Into AWS Cloud

• Managing Complexity, Data Control, and Sovereignty in the Cloud

• European Commission adopts adequacy decision for safe EU-U.S. data flows

• Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450)

• How the NIS2 Directive Will Impact You

• Zero-Day Exploits: A Cheat Sheet for Professionals

• Moroccan Charged With OpenSea NFT and Crypto Theft

• What is Vulnerability Assessment In Cybersecurity? – A Comprehensive Guide

• Man Charged With Remote Attack on Water Plant

• Beware of Big Head Ransomware: Spreading Through Fake Windows Updates

• VMware warns customers of exploit available for critical vRealize RCE flaw CVE-2023-20864

• Owncast, EaseProbe security vulnerabilities revealed

• How The Internet Of Things Has Revolutionized Your Finances

• Hunting for A New Stealthy Universal Rootkit Loader

• E-commerce Fraud Surges By Over 50% Annually

• Vermillion – 8,106 breached accounts

• Hiring Kit: Security Analyst

• Implementing secure over-the-air (OTA) updates in embedded devices

• CISO perspective on why boards don’t fully grasp cyber attack risks

• Barts NHS hack leaves folks on tenterhooks over extortion

• Need to improve the detection capabilities in your security products?

• Update Now! Apple Issues an Emergency Patch to Address a Zero-Day Flaw in iOS and macOS

• Cybercriminals Evolve Antidetect Tooling for Mobile OS-Based Fraud

• Update Now! Apple Issues Emergency Patch for iOS & macOS Zero-day Flaw

• New Crypto Phishing Attack Steals Funds from Cold Wallets

• Critical TootRoot Bug Hijack Mastodon Servers

• Anonymous Sudan launches DDoS Attack on fan fiction website for 24 hours

• Cybersecurity best practices while working in the summer

• CISO perspective on why Boards don’t fully grasp cyber attack risks

• Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari

• Compliance seizes spotlight in the connected devices arena

• Industry responses and strategies for navigating the tides of DDoS attacks

• A week in security (July 3 – 9)

• Warning issued over increased activity of TrueBot malware

• Malwarebytes Browser Guard introduces three new features

• MOVEit Transfer fixes three new vulnerabilities

• 1Kosmos BlockID Latest Nominee in 2023 ‘ASTORS’ Awards Program

• Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs

• Ray McCay Joins Cyemptive as New Chief Revenue Officer

• Apple Ships Urgent iOS Patch for WebKit Zero-Day

• Archive of Our Own Website Suffering Massive DDoS Attacks

• Analysts: Cybersecurity Funding Set for Rebound

• HCA Healthcare patient data stolen and for sale by hackers

• TPG Capital acquires Forcepoint’s government unit for $2.45B

• NIST Launches Generative AI Working Group

• Vulnerability Summary for the Week of July 3, 2023

• IT Security News Daily Summary 2023-07-10

• Wi-Fi AP placement best practices and security policies

• Serious Security: Rowhammer returns to gaslight your computer

• Guardz Identifies New ‘ShadowVault’ macOS Stealer Malware

• Honeywell to Acquire SCADAfence, Strengthening its Cybersecurity Software Portfolio

• Imperva Offers New Features to Simplify PCI DSS Compliance

• New MOVEit vulnerability CVE-2023-36934 blocked by Imperva

• Europe Signs Off on a New Privacy Pact That Allows People’s Data to Keep Flowing to US

• Exploit Code Published for Remote Root Flaw in VMware Logging Software

• Amazon Prime Day Draws out Cyber Scammers

• Triada Malware Infects Android Devices via Fake Telegram App

• How to map security gaps to the Mitre ATT&CK framework

• Get started: Threat modeling with the Mitre ATT&CK framework

• Experts released PoC exploit for Ubiquiti EdgeRouter flaw

• 10 Features an API Security Service Needs to Offer

• Sir Jony Ive’s First Post Apple Hardware Product Is Record Player

• RomCom RAT Targets Pro-Ukraine Guests at Upcoming NATO Summit

• 6 Best VPNs for iPhone in 2023

• APT35 Develops Mac Bespoke Malware

• Locally – 362,619 breached accounts

• How to turn on Private DNS Mode on Android (and why)

• Deepfake Quantum AI Investment Scam Pops Up on Facebook

• Law firms under cyberattack

• Malware delivery to Microsoft Teams users made easy

• lockr Connections Hub blocks machine-generated emails

• Honeywell acquires SCADAfence to strengthen its OT cybersecurity portfolio

• Flaw in Revolut payment systems exploited to steal $20 million

• Meet unprecedented security challenges by leveraging MXDR services

• EU Agrees US Trans-Atlantic Data Sharing Deal

• Critical Infrastructure Services Firm Ventia Takes Systems Offline Due to Cyberattack

• TPG to Acquire Forcepoint’s Government Cybersecurity Business Unit

• CSC report: Space systems should be critical infrastructure

• Crimeware Group Asylum Ambuscade Ventures Into Cyber-Espionage

• RomCom Group Targets Ukraine Supporters Ahead of NATO Summit

• Ransomware Attack on Pro Bono California Law Firm Affects More Than 42,000

• Elon Musk Sues Law Firm Over Twitter Buyout Fees

• Angular v16: A New Era of Angular Development

• How DevOps Teams Can Boost Kubernetes Performance

• The Thin Line Between User Behavioral Analytics and Privacy Violation

• The Top 10 Highest Paying Jobs in Cybersecurity – Part 2

• Over Half of People Have Felt Socially Excluded In Past Year

• How to make sure the reputation of your products and company is good

• UK Finance company loses £20m to Cyber Criminals

• Android OS Tools Fuel Cybercrime Spree, Prey on Digital Users

• Banking Firms Under Attack by Sophisticated ‘Toitoin’ Campaign

• A Cybersecurity Wishlist Ahead Of NATO Summit

• Big Head Malware Threat Looms, Warn Researchers

• Why I started the Security Serious Unsung Heroes Awards

• What Is a DNS Rebinding Attack? Vulnerabilities and Protection Measures

• New Ransomware Strain Discovered: Big Head

• Automated Patch Management Explained: Benefits, Best Practices & More

• A New Banking Trojan on the Rise: TOITOIN Banking Trojan

• AI: How to guard against privacy invasion by bots

• Instagram’s Threads Surpasses 100 Million Users

• EdgeRouter and AirCube miniupnpd Vulnerabilities Enable Attackers to Execute Arbitrary Code

• RomCom RAT attackers target groups supporting NATO membership of Ukraine

• Dragos Hosts Inaugural Dragos European Forum For Industrial Asset Owners and Operators

• Celebrating 33 Years of EFF

• DeFi Clients Lost $228 Million to Hackers in Past 3 Months

• Critical Vulnerability Can Allow Takeover of Mastodon Servers

• PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability

• Honeywell Boosting OT Cybersecurity Offering With Acquisition of SCADAfence

• A Cybersecurity Wish List Ahead of NATO Summit

• ‘Meduza Stealer’ Malware is Preying on Windows Users For Data Theft

• A flaw in Revolut US payments resulted in the theft of $20 Million

• Patch Now or Peril: MOVEit Transfer Customers Urged to Address Critical Vulnerability

• 5 Benefits of AI for Logistics and Supply Chains

• Zero Trust Keeps Digital Attacks From Entering the Real World

• New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security

• How To Scan GCP Storage Files for Threats Using Go

• Hackers Steal $20 Million by Exploiting Flaw in Revolut’s Payment Systems

• RomCom RAT Targeting NATO and Ukraine Support Groups

• Global Retailers Must Keep an Eye on Their SaaS Stack

• New TOITOIN Banking Trojan Targeting Latin American Businesses

• BT Chief Executive Philip Jansen To Step Down

• Letscall – New Sophisticated Voice over IP Phishing Attack Steal Banking Details

• Razer Data Breach: Alleged Database and Backend Access Sold for $100k

• RomCom Threat Actor Uses Weaponized Microsoft Word File to Deliver Malware

• Wisconsin Governor Hacks the Veto Process

• Global Neobank Revolut Hacked; $20 Million Stolen

• The Quiet Rise of Real-Time Crime Centers

• Multiple Vulnerabilities Patched In Siemens Automation Device

• Samsung Warns Of 96 Percent Q2 Profit Plunge

• SOC Fourth Defense Phase – Cyber Threat Intelligence Guide

• How to Use an SSH Config File on macOS for Easier Connections to Your Data Center Servers

• Central Bankers Develop Framework For Securing Digital Currencies

• EFF’s Comment to the Meta Oversight Board on United States Posts Discussing Abortion

• What Are Mobile VPN Apps and Why You Should Be Using Them

• Martin Lewis Shocked at Deepfake Investment Scam Ad

• Cyber Extortion Cases Surge 39% Annually

• The Importance of Secure Flashing for Embedded Devices and Secure Implementation Practices

• France’s government is giving the police more surveillance power

• Software developers, how secure is your software?

• Hackers backed by North Korea have stolen $3 billion in crypto

• Liberté, Égalité, Spyware: France okays cops snooping on phones

• Warning Issued for ‘Big Head’ Ransomware Targeting Windows Operating System

• What is Tailgating in Cyber World

• How to Use Log Management to Retrace Your Digital Footsteps

Generated on 2023-07-11 23:55:29.601305