IT Security News Daily Summary 2023-07-20

• Fake ChatGPT and AI pages on Facebook are spreading infostealers

• How Developers Can Work With Generative AI Securely

• TrustArc Announces TRUSTe EU-US Data Privacy Framework Verification

• MOVEit body count closes in on 400 orgs, 20M+ individuals

• UN security council delegates urge AI controls to defuse potential global threat

• API keys: Weaknesses and security best practices

• First Draft of UN Cybercrime Convention Drops Troubling Provisions, But Dangerous And Open-Ended Cross Border Surveillance Powers Are Back on the Table

• zkEVMs and the Future of Blockchain Scalability

• Mallox Ransomware Group Activity Shifts Into High Gear

• Deloitte Global Expands MXDR Cybersecurity SaaS Solution With Operational Technology and Identity Modules

• Supply chain security for Go, Part 3: Shifting left

• Critical Infrastructure Workers Better At Spotting Phishing

• Kevin Mitnick Died

• The best VPN trials: Top VPNs to test for free

• Estée Lauder Breached in Twin MOVEit Hacks, by Different Ransom Groups

• Kevin Mandia Brings the HammerCon

• NYPD Body Cam Data Shows the Scale of Violence Against Protesters

• Updated Researcher Portal Submission Form: Discover the New Fields in the Submission Form

• Security Patch Management Strengthens Ransomware Defense

• Apple Developing ChatGPT AI Equivalent – Report

• Tech support scammers trick victims into old-school offline money transfer

• Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability

• Human Cyber-Risk Can Be Demonstrably Mitigated by Behavior Changing Training: Analysis

• Cosmetics Giant Estée Lauder Targeted by Two Ransomware Groups

• JumpCloud Cyberattack Linked to North Korean Hackers

• New AMI BMC Flaws Allowing Takeover and Physical Damage Could Impact Millions of Devices

• S3 Ep144: When threat hunting goes down a rabbit hole

• RIP Kevin Mitnick: Former most-wanted hacker dies at 59

• What to do about the rise of financial fraud

• A Few More Reasons Why RDP is Insecure (Surprise!)

• North Korean State-Sponsored Hackers Suspected in JumpCloud Supply Chain Attack

• Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities

• Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks

• Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks

• LTIMindtree partners with CYFIRMA to help enterprises identify threats

• Island Enterprise Browser now available through AWS Marketplace

• OTAVA adds SIEM and SOC services to strengthen enterprises’ security posture

• Osano releases Privacy Program Maturity Model and Data Mapping product

• FileCloud 23.1 empowers businesses to streamline workflow and boost data security

• XDR vs EDR – A Comparison

• Adobe Releases Patches to Fix Three New ColdFusion Vulnerabilities

• BlackCat and Clop Claim Cyberattack on Beauty Giant Estée Lauder

• Tampa General Hospital Reports Cybercriminals Stole 1.2M Patient Data

• P2PInfect: A New Worm Targets Redis Servers on Linux and Windows

• A look at Chrome’s security review culture

• Twitter Seeks End Of Privacy Agreement With FTC

• Akamai Survey: API-Specific Controls are Lacking

• Cyber insurers adapting to data-centric ransomware threats

• Apache OpenMeetings Wide Open to Account Takeover, Code Execution

• Amended Cooper Davis Act Is a Direct Threat to Encryption

• Should You Be Using a Cybersecurity Careers Framework?

• ALPHV/BlackCat and Clop gangs claim to have hacked cosmetics giant Estée Lauder

• With More Jobs Turning Automated, Protecting Jobs Turn Challenging

• Protecting energy infrastructure from cyberattacks

• Microsoft Expands Security Logging and Offers 365 Clients Free Access

• Hacker-Turned-Security-Researcher Kevin Mitnick Dies Aged 59

• Plurilock Announces Generative AI ‘Guardrails’ Product, PromptGuard

• Google says Apple employee found a zero-day but did not report it

• Apple Warns Of FaceTime, iMessage Withdrawal In UK Over Act Changes

• P2PInfect: Self-Replicating Worm Hits Redis Instances

• Designing for safety: 10 cybersecurity priorities for a zero-trust data center

• Case study: Cybersecurity, hybrid cloud spur St. Joseph’s Health data center upgrade

• New Study Highlights Critical Infrastructure’s Resilience

• Kevin Mitnick hacker dies unexpectedly at 59

• Poisoned Facebook Ads Deliver Malware Using Fake ChatGPT, Bard & Other AI Services

• Fake passports, real bank accounts: How TheTruthSpy stalkerware made its millions

• WormGPT: What to know about ChatGPT’s malicious cousin

• My go-to cleaning app for Mac just got a major security upgrade

• Microsoft Strengthens Cloud Logging Against Nation-State Threats

• Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems

• How to Perform a Vulnerability Scan in 10 Steps

• Google’s New Security Pilot Program Will Ban Employee Internet Access

• Apple Slams UK Surveillance Bill Proposals

• North Korean Hackers Breached A US Tech Company To Steal Crypto

• DDoS Botnets Exploiting Recent Zyxel Vulnerability

• Enhancing Security and Observability with Splunk AI

• TSMC Delays Production At Arizona Fab, Amid Skills Shortage

• Oracle Patches 32 Critical Flaws in MySQL, WebLogic Server, & VirtualBox VM

• North Korea-backed hackers breached JumpCloud to target cryptocurrency clients

• CDN Service Exposes Users to Malicious Packages for Phishing Attacks Invisible to Security Tools

• Attackers Exploit Citrix Zero-Day Bug to Pwn NetScaler ADC, Gateway

• Enterprise Choices in Measuring Risk

• Ofcom says it won’t pay ransom, as new MOVEit hack victims come forward

• Old Roblox Data Leak Resurfaces, 4000 Users’ Personal Information Exposed

• Kevin Mitnick Dies Age 59

• Under CISA pressure collaboration, Microsoft makes cloud security logs available for free

• ChatGPT’s Reputability is Under Investigation by the FTC

• Evil Unleashed: Meet WormGPT Chat’s Wicked Twin

• UK Selected For Battery Gigafactory For Jaguar Land Rover EVs

• Utilizing Programmatic Advertising to Locate Abducted Children: Unleashing its Power

• Zero Trust: Storage and Search

• Legendary Hacker Kevin Mitnick Passes Away

• Sensitive Information of VirusTotal Users Exposed in Data Leak

• Satellites Are Rife With Basic Security Flaws

• Commentary on the Implementation Plan for the 2023 US National Cybersecurity Strategy

• Hackers Turn Exchange Servers into Malware Command & Control Centers

• Improving Storage Security and Compliance: Best Practices for Implementing Granular Authentication in Storage

• Half of AI Open Source Projects Reference Buggy Packages

• Turla’s New DeliveryCheck Backdoor Breaches Ukrainian Defense Sector

• Global IT Spend To Rise Amid Automation Focus, Says Gartner

• 3 Ways to Protect Smart Devices from Criminal Exploits

• P2PInfect, a Rusty P2P worm targets Redis Servers on Linux and Windows systems

• Lookout Uncovers Advanced Android Surveillanceware Linked To China’s APT41

• The Crucial Role of Cyber Essentials in the UK Public Sector

• Renowned Hacker Kevin Mitnick Died at the Age of 59

• Adobe Releases New Patches for Exploited ColdFusion Vulnerabilities

• CNI Firms: Climate Tech is Increasing Cyber Risk

• Sophisticated Cloud Credential Theft Campaign Targets AWS, Expands to Azure and Google Cloud

• Microsoft Inspire: Partner resources to prepare for the future of security with AI

• ​​Expanding cloud logging to give customers deeper security visibility

• Singapore releases draft guidelines on personal data use in AI training

• Three Reasons Why Business Security Starts with Employee Education

• Renowned Hacker Kevin Mitnick Passes Away at the Age of 59

• Estee Lauder Breached by Two Ransomware Groups

• WooCommerce Payments WP Plugin Flaw Goes Under Active Attack

• Roblox data leak may have affected nearly 4000 users

• Adobe out-of-band update addresses an actively exploited ColdFusion zero-day

• Do you know what your supply chain is and if it is secure?

• Ukraine busts bot farm spreading Russian infowar propaganda and fraud

• Facebook Flooded with Ads and Pages for Fake ChatGPT, Google Bard and other AI services, Tricking Users into downloading Malware

• New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems

• Understanding Artificial Intelligence

• Minor Typo Results in the Leak of Millions Sensitive of US Military Emails

• Russia issues ban on Apple iPhone for security reasons

• Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats

• Why data travel is healthcare’s next big cybersecurity challenge

• A fresh look at the current state of financial fraud

• LLMs and AI positioned to dominate the AppSec world

• Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability

• Exploring the macro shifts in enterprise security

• 67% of daily security alerts overwhelm SOC analysts

• Kevin Mitnick Passed Away

• Famed Hacker Kevin Mitnick Dead at 59

• Microsoft validation error allowed state actor to access user email of government agencies and others

• Plane sailing for ticket scammers: How to keep your flight plans safe

• Docker Hub images found to expose secrets and private keys

• Forrester’s Top 10 Emerging Technologies in 2023 and Beyond

• 5 Deepfake Scams That Threaten Enterprises

• Medical Device Cybersecurity Standards: Discussing the Common but Unseen Cyber Threats

• Instagram Insights Explained: Why Instagram Average Engagement Rate Matters

• KnowBe4 Partners With Egress to Enhance Organizations’ Inbound and Outbound Email Security Defenses

• Netskope Launches Managed Service Provider Program

• Checkmarx Announces CheckAI Plugin for ChatGPT to Detect and Prevent Attacks Against ChatGPT-Generated Code

• Cloud Range Appoints Cybersecurity Leader Galina Antova to Board of Directors

• Microsoft Relents, Offers Free Critical Logging to All 365 Customers

• Navigating the Cyber Insurance landscape as a Gen Z digital citizen

• SophosEncrypt Ransomware Fools Security Researchers

• China’s APT41 Linked to WyrmSpy, DragonEgg Mobile Spyware

• P2P Self-Replicating Cloud Worm Targets Redis

• Study: Africa Cybersecurity Improves But Lacks Cross-Border Frameworks

• Microsoft Relents, Offers Free Key Logging to All 365 Customers

• IT Security News Daily Summary 2023-07-19

• Microsoft to expand free cloud logging following recent hacks

• JFrog Curation blocks malicious open source software packages

• Tech support scammers go analog, ask victims to mail bundles of cash

• Ukraine’s cyber police dismantled a massive bot farm spreading propaganda

• Dark.IoT & Custom Botnets Exploit Zyxel Flaw in DDoS Attacks

• An important step towards secure and interoperable messaging

• House committee takes aim at U.S. venture capital firms for investments in Chinese A.I.

• The best travel VPNs of 2023: Expert tested and reviewed

• Windows 11 setup: Which user account type should you choose?

• Citrix NetScaler ADC and Gateway flaw exploited in the wild

• Top API Security Tools 2023

• I tried to buy a post on TechCrunch.com

• macOS Sonoma’s Latest Update Brings Significant Enhancements to Apple’s Password Manager

• Check Point Research: Microsoft the Most Phished Brand in Q2 2023

• Feedzai Railgun protects customers against financial crime

• Diligent Board Reporting for IT Risk equips CISOs with third party risk scores

• Vonage Protection Suite strengthens end-to-end communications security

• Meta Updates Open Source AI Model With Llama 2

• Google is cutting off internet access for some employees. Here’s why

• 3 Ways AI Could Improve Authentication

• Practice Your Security Prompting Skills

• Microsoft, Activision Extend Deal Deadline To Secure UK Approval

• Hackers Exploiting Critical Zero-Day Vulnerability in Citrix NetScaler Products

• Microsoft Bows to Pressure to Free Up Cloud Security Logs

• Facebook Flooded with Ads and Pages for Fake ChatGPT, Google Bard and other AI services, Tricking Users into Downloading Malware

• What is the new Enhanced Safe Browsing for Gmail (and should you enable it)?

• Trend Vision One empowers organizations to safeguard their cloud workloads

• ExtraHop IDS for Government identifies malicious activity within encrypted traffic

• Bitwarden adds passwordless SSO function with universal compatibility

• LimaCharlie SecOps Cloud Platform eliminates integration challenges

• Rubrik offers $10m ransomware compensation to victims

• AWS Reliability Pillar: Consistent Cloud Architecture

• Hackers Use “chatgpt5[.]zip” Lure to Trick Users into Downloading Malware

• WormGPT: What you need to know about the cybercriminal’s answer to ChatGPT

• What is the new Enhanced Safe Browing for Gmail (and should you enable it)?

• Recycling Giant Tomra Takes Systems Offline Following Cyberattack

• Chinese APT41 Linked to WyrmSpy and DragonEgg Surveillanceware

• Proton Pass password manager apps released as open source

• UK Clears Broadcom’s $61 Billion VMware Purchase

• Estee Lauder Hacked And Data Stolen

• United States Announces New IoT Cybersecurity Label

• Critical API Security Gaps Found in Financial Services

• Growing Demand for Healthcare Cybersecurity Specialists

• Typo Delivers Millions of US Military Emails to Russia’s Ally Mali

• The Met Police passed victims’ data to Facebook

• AI-Based Deepfake Fraud: Police Retrieves Money Worth ₹40,000 Defrauded From Kozhikode Victim

• Sophisticated DDoS Attacks Have Evolved Rapidly; Targeting IT Services

• Using defense in depth to secure cloud-stored data

• How Cyber Threat Intelligence Practitioners Should Leverage Automation and AI

• US Adds Euro Spyware Makers To Export Naughty List

• FIN8 Retools Backdoor Malware To Avoid Detection

• Two Jira Plugin Vulnerabilities In Attacker Crosshairs

• The Tail Of The MOVEit Hack May Be Longer Than We Realize

• Macnica and Dragos Partner to Deliver OT Cybersecurity to CNI and Manufacturing Control Systems in Japan

• FIN8 Revamped Hacking Toolkit with New Stealthy Attack Features

• 6 Ways Cloud Computing and Virtualization Energize Utility IT Operations With Scalability and Flexibility

• Unmasking HotRat: The hidden dangers in your software downloads

• Sensitive data FOMO: You can’t afford to miss out on data security

• Recently Patched GE Cimplicity Vulnerabilities Reminiscent of Russian ICS Attacks

• Virtual Event Today: 2023 Cloud & Data Security Summit

• Two Jira Plugin Vulnerabilities in Attacker Crosshairs

• Biden-Harris Administration Unveils Smart Device Cyber Program

• Researchers Discover New Facebook Malware Campaign After Hackers Accidentally Leak Stolen Data

• Reducing Security Debt in the Cloud

• US Gov adds surveillance firms Cytrox and Intellexa to Entity List for trafficking in cyber exploits

• Report Finds That 70% of Financial Services and Insurance Companies Have Suffered Rollout Delays Due to API Security

• Perle Systems enhances edge computing capabilities with OCI Container support

• Tenable unveils agentless container scanning to prevent vulnerable containers from reaching runtime

• How has AI Technology Influenced the Gambling and Casino Industry?

• Operationalizing Zero Trust Architecture

• Phishing Kit: New Frontier of Hacker Attacks within Everyone’s Reach

• Lenovo introduces new data management solutions to deploy AI workloads

• Veeam Software delivers new backup and restore capabilities with Microsoft 365 Backup

• Code42 helps security analysts to address the most pressing insider events with IRIs

• Zero-Day Alert! Critical Flaw in Citrix ADC and Gateway Exploited in the Wild

• Industry Experts Urge CISA to Update Secure by Design Guidance

• New Outpost24 CORE Solution Announced Bringing Visibility, Cyber Resilience & Threat Mitigation

• Security Awareness Training Isn’t Working – How Can We Improve It?

• Leverage Threat Intelligence, AI, and Data at Scale to Boost Cyber Defenses

• How to Manage Your Attack Surface?

• Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability

• AI Discussed At UN Security Council Meeting

• Understanding Reverse Email Lookup: A Tool to Strengthen Cybersecurity

• OWASP Released Top 10 Critical Vulnerabilities for LLMs(AI models)

• Citrix NetScaler zero-day exploited in the wild, patch is available (CVE-2023-3519)

• CompTIA DataSys+ program provides resources for database management skills

• U.S. Cyber Trust Mark labeling program raises the bar for smart devices’ cybersecurity

• Cybersecurity measures SMBs should implement

• Cohesity expands collaboration with Cisco and HPE to improve data security for enterprises

• How To Use ChatGPT To Trade Cryptocurrency

• Exploring the Dark Side: OSINT Tools and Techniques for Unmasking Dark Web Operations

• Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware

• Record Price For Engineer’s First Generation Apple iPhone

• Cloud Security Best Practices – A Complete Cloud Protection Guide 2023

• Chrome 115 Patches 20 Vulnerabilities

• Exploitation of New Citrix Zero-Day Likely to Increase, Organizations Warned

• Oracle Releases 508 New Security Patches With July 2023 CPU

• 1-15 June 2023 Cyber Attacks Timeline

• Bad.Build Flaw in Google Cloud Build Raises Concerns of Privilege Escalation

• INTERSECT ’23: Network Security Summit unveils cutting-edge strategies to safeguard digital assets

• Using MFT to Solve Your Cloud Data Challenges: 5 Key Takeaways

• Why Integrity is Vital to Your Corporate Infrastructure

• Get a Lifetime of Powerful VPN Protection for Your Business Data for Just $70

• Scam Job Offers Target Uni Students

• NCA: Nation States Using Cybercrime Groups as Proxies

• Citrix warns of actively exploited zero-day in ADC and Gateway

• High Energy Consumption Energies Ranked by Usage

• Norwegian Giant Tomra Suffers “Extensive” Attack

• Business Productivity Solutions: The Hidden Benefits of Online Faxing

• NHS Cybersecurity Strategy to 2030: Is it Enough to Protect Healthcare?

• Why performing security testing on your products and systems is a good idea

• U.S. Government Blacklists Cytrox and Intellexa Spyware Vendors for Cyber Espionage

• FIA World Endurance Championship driver passports leaked

• The Crucial Role of Time Stamps in Data Security

• Sophos gets startled by Sophos Encrypt Ransomware

• What to do (and what not to do) after a data breach

• Using AI/ML to optimize your tech stack and enhance business efficiency

• Trends in ransomware-as-a-service and cryptocurrency to monitor

• Hackers Actively Exploit Multiple Adobe ColdFusion Vulnerabilities

• Zero-Day Attacks Exploited Critical Vulnerability in Citrix ADC and Gateway

• Bureau raises $16.5 million to help users prevent fraud

• eBook: 9 Ways to Secure Your Cloud App Dev Pipeline

• Supply chain executives unaware of growing customer trust issues

• Google Virus Total leaks list of spooky email addresses

• Google restricting internet access to some employees to reduce cyberattack risk

• FakeSG enters the ‘FakeUpdates’ arena to deliver NetSupport RAT

• US adds Euro spyware makers to export naughty list

Generated on 2023-07-20 23:55:20.899202