IT Security News Daily Summary 2023-07-21

• VirusTotal: We’re sorry someone fat-fingered and exposed 5,600 users

• Banks In Attackers’ Crosshairs, Via Open Source Software Supply Chain

• CISA warns of attacks against Citrix NetScaler ADC and Gateway Devices

• Young People Should Oppose the Kids Online Safety Act

• 6 Steps to the Incident Response Process & Frameworks

• Global CDN Service ‘jsdelivr’ Exposed Users to Phishing Attacks

• Few Fortune 100 Firms List Security Pros in Their Executive Ranks

• Microsoft Cloud Hack Exposed More Than Exchange, Outlook Emails

• Roblox Data Breach: PII of Thousands of Developers Stolen

• Rootkit Attack Detections Increase at UAE Businesses

• Cosmic Wire raises $30M to expand cross-chain Web3 platform

• Europol’s IOCTA 2023 Report Reveals Cybercriminals are Increasingly Interdependent

• Microsoft Cloud Hack Exposed More than Exchange, Outlook Emails

• The latest from Black Hat USA 2023

• CVSS 4.0 Is Here, But Prioritizing Patches Still a Hard Problem

• 8 Best Enterprise Password Managers for 2023

• Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps

• Saudi Arabia’s Tuwaiq Academy Opens Cybersecurity Bootcamp

• ChatGPT, the new rubber duck

• Meet the Finalists for the 2023 Pwnie Awards

• White House, Big Tech Ink Commitments to Secure AI

• Top Cyber Official Says AI Needs Better Security

• HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software

• Azure AD Token Forging Technique in Microsoft Attack Extends Beyond Outlook, Wiz Reports

• Security Professionals Propose Guidelines for AI Development in an Open Letter

• Growing Surveillance Threat for Abortions and Gender-Affirming Care

• Cyber Trust Mark: U.S. Administration Introduces Program to Boost Home Security

• Microsoft offers free cloud security logs after CISA recommend

• AI Firms Agree Safeguards, Including Watermarks For AI Content

• Best VPN for streaming in 2023: Unblock your favorite streaming services now

• How to Access Your iPhone if You Forget Your Passcode

• US DoJ Announces Plan to Shakeup Cybercrime Investigations

• Confidential containers with AMD SEV

• Deloitte expands MXDR solution with new operational technology and identity modules

• IGEL appoints Klaus Oestermann as CEO

• Google Creates Red Team to Test Attacks Against AI Systems

• Russia Seeks 18 Years in Jail for Founder of Cybersecurity Firm

• In Other News: Military Emails Leaked, Google Restricts Internet Access, Chinese Spyware

• Plurilock Launches Generative AI ‘Guardrails’ Product for Workforces

• Google Outlines Common Red Team Attacks Targeting AI Systems

• Docker Images: Why are Many Cyber Attacks Originating Here?

• The growing impact of generative AI on cybersecurity and identity theft

• BMC Firmware Flaw Affecting Millions Gives Superuser Access

• Microsoft Key Stolen By Chinese Hackers Provided Access Far Beyond Outlook

• NetScaler RCE Abused To Pilfer Critical Infra Active Directory Data

• OpenMeetings Flaws Allow Hackers To Execute Code And Hijack

• AppViewX joins AWS ISV Accelerate Program to offer a certificate lifecycle management

• Russian Prosecutor Asks for 18 Years in Jail for Group-IB Founder

• The Dark Side of AI

• Three Things Corporate Board Members Need to Know to Protect Their Companies From Cyberattacks

• FTX’s Sam Bankman-Fried Sued For More Than $1Bn

• OpenMeetings Flaws Allow Hackers to Hijack Instances, Execute Code on Servers

• North Korean hackers targeted tech companies through JumpCloud and GitHub

• G-71 launches integration with mail servers to secure email attachments

• Chinese Hackers Breached Ambassador’s Email

• Watch Now: Cloud & Data Security Summit Sessions

• VirusTotal Provides Clarifications on Data Leak Affecting Premium Accounts

• Local Governments Targeted for Ransomware – How to Prevent Falling Victim

• Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities

• Citrix ADC zero-day exploitatation: CISA releases details about attack on CI organization (CVE-2023-3519)

• Mallox Ransomware Witnessing Alarming Surge in Activity

• Securing Communications for Operational Military Success

• Mobile Roaming Charging Sees Ofcom Propose New Rules

• Tampa General Hospital Says Patient Information Stolen in Ransomware Attack

• GitHub Warns of North Korean Social Engineering Attacks Targeting Tech Firm Employees

• Tech Titans Promise Watermarks to Expose AI Creations

• AI and Microdirectives

• WormGPT: Cybercriminals AI Tool Gained Over 5,000 Subscribers in Just a Week

• Experts believe North Korea behind JumpCloud supply chain attack

• Lawyer sees almost 1,000 complainants sign up to Capita breach class action

• Citrix Zero-Day Exploited Against Critical Infrastructure Organization

• Chinese Hackers Breached Ambassador’s Email – Report

• Intrusion Detection Policy

• Clop Drives Record Ransomware Activity in June

• DDoS Botnets Hijacking Zyxel Devices to Launch Devastating Attacks

• Critical Zyxel Firewall Vulnerability Exploited in DDOS Attacks

• New Severe Vulnerabilities Found in AMI MegaRAC BMC Software

• A Google Cloud Build Vulnerability Could Aid Supply-Chain Attacks

• GitHub Warns Devs of North Korean Attacks

• Nice Suzuki, sport: shame dealer left your data up for grabs

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows?

• Silicon UK Pulse: Your Tech News Update: Episode 12

• Citrix NetScaler ADC and Gateway Devices Under Attack: CISA Urges Immediate Action

• New infosec products of the week: July 21, 2023

• Meta collaborates with Qualcomm for Llama 2 Artificial Intelligence

• How to Draft an Effective Data Protection Strategy

• Hackers Deliver HotRat as Hidden Scripts in cracked software

• Attackers intensify DDoS attacks with new tactics

• Unveiling the secrets: Exploring whitespace steganography for secure communication

• Life sciences leaders act to counter insider-driven data loss

• How healthcare organizations should measure their device security success

• CISOs are making cybersecurity a business problem

• Apology and Update on Recent Accidental Data Exposure

• Amazon in-van delivery driver footage makes its way online

• Accidental VirusTotal upload is a valuable reminder to double check what you share

• Google fixes “Bad.Build” Cloud Build flaw, researchers say it’s not enough

• Report: Apple has already built its own ChatGPT-like chatbot

• Firmware vulnerabilities in millions of computers could give hackers superuser status

• A Battlefield AI Company Says It’s One of the Good Guys

• Pioneering hacker Kevin Mitnick, dies at 59

• The Metaverse is connected to cryptocurrencies – but not so much to Bitcoin

• Kevin Mitnick, Hacker Turned Cybersecurity Leader, Dies at 59

• North Korean Attackers Targeted Crypto Companies in JumpCloud Breach

• Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

• Victory! Embedded Links to Photos on Instagram Don’t Infringe Photographers’ Copyrights, Court Rules

• First Draft of UN Cybercrime Convention Drops Troubling Provisions, But Dangerous And Open-Ended Cross Border Surveillance Powers Are Still on the Table

• IT Security News Daily Summary 2023-07-20

• Fake ChatGPT and AI pages on Facebook are spreading infostealers

• How Developers Can Work With Generative AI Securely

• TrustArc Announces TRUSTe EU-US Data Privacy Framework Verification

• MOVEit body count closes in on 400 orgs, 20M+ individuals

• UN security council delegates urge AI controls to defuse potential global threat

• API keys: Weaknesses and security best practices

• First Draft of UN Cybercrime Convention Drops Troubling Provisions, But Dangerous And Open-Ended Cross Border Surveillance Powers Are Back on the Table

• zkEVMs and the Future of Blockchain Scalability

• Mallox Ransomware Group Activity Shifts Into High Gear

• Deloitte Global Expands MXDR Cybersecurity SaaS Solution With Operational Technology and Identity Modules

• Supply chain security for Go, Part 3: Shifting left

• Critical Infrastructure Workers Better At Spotting Phishing

• Kevin Mitnick Died

• The best VPN trials: Top VPNs to test for free

• Estée Lauder Breached in Twin MOVEit Hacks, by Different Ransom Groups

• Kevin Mandia Brings the HammerCon

• NYPD Body Cam Data Shows the Scale of Violence Against Protesters

• Updated Researcher Portal Submission Form: Discover the New Fields in the Submission Form

• Security Patch Management Strengthens Ransomware Defense

• Apple Developing ChatGPT AI Equivalent – Report

• Tech support scammers trick victims into old-school offline money transfer

• Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability

• Human Cyber-Risk Can Be Demonstrably Mitigated by Behavior Changing Training: Analysis

• Cosmetics Giant Estée Lauder Targeted by Two Ransomware Groups

• JumpCloud Cyberattack Linked to North Korean Hackers

• New AMI BMC Flaws Allowing Takeover and Physical Damage Could Impact Millions of Devices

• S3 Ep144: When threat hunting goes down a rabbit hole

• RIP Kevin Mitnick: Former most-wanted hacker dies at 59

• What to do about the rise of financial fraud

• A Few More Reasons Why RDP is Insecure (Surprise!)

• North Korean State-Sponsored Hackers Suspected in JumpCloud Supply Chain Attack

• Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities

• Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks

• Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks

• LTIMindtree partners with CYFIRMA to help enterprises identify threats

• Island Enterprise Browser now available through AWS Marketplace

• OTAVA adds SIEM and SOC services to strengthen enterprises’ security posture

• Osano releases Privacy Program Maturity Model and Data Mapping product

• FileCloud 23.1 empowers businesses to streamline workflow and boost data security

• XDR vs EDR – A Comparison

• Adobe Releases Patches to Fix Three New ColdFusion Vulnerabilities

• BlackCat and Clop Claim Cyberattack on Beauty Giant Estée Lauder

• Tampa General Hospital Reports Cybercriminals Stole 1.2M Patient Data

• P2PInfect: A New Worm Targets Redis Servers on Linux and Windows

• A look at Chrome’s security review culture

• Twitter Seeks End Of Privacy Agreement With FTC

• Akamai Survey: API-Specific Controls are Lacking

• Cyber insurers adapting to data-centric ransomware threats

• Apache OpenMeetings Wide Open to Account Takeover, Code Execution

• Amended Cooper Davis Act Is a Direct Threat to Encryption

• Should You Be Using a Cybersecurity Careers Framework?

• ALPHV/BlackCat and Clop gangs claim to have hacked cosmetics giant Estée Lauder

• With More Jobs Turning Automated, Protecting Jobs Turn Challenging

• Protecting energy infrastructure from cyberattacks

• Microsoft Expands Security Logging and Offers 365 Clients Free Access

• Hacker-Turned-Security-Researcher Kevin Mitnick Dies Aged 59

• Plurilock Announces Generative AI ‘Guardrails’ Product, PromptGuard

• Google says Apple employee found a zero-day but did not report it

• Apple Warns Of FaceTime, iMessage Withdrawal In UK Over Act Changes

• P2PInfect: Self-Replicating Worm Hits Redis Instances

• Designing for safety: 10 cybersecurity priorities for a zero-trust data center

• Case study: Cybersecurity, hybrid cloud spur St. Joseph’s Health data center upgrade

• New Study Highlights Critical Infrastructure’s Resilience

• Kevin Mitnick hacker dies unexpectedly at 59

• Poisoned Facebook Ads Deliver Malware Using Fake ChatGPT, Bard & Other AI Services

• Fake passports, real bank accounts: How TheTruthSpy stalkerware made its millions

• WormGPT: What to know about ChatGPT’s malicious cousin

• My go-to cleaning app for Mac just got a major security upgrade

• Microsoft Strengthens Cloud Logging Against Nation-State Threats

• Zyxel Vulnerability Exploited by DDoS Botnets on Linux Systems

• How to Perform a Vulnerability Scan in 10 Steps

• Google’s New Security Pilot Program Will Ban Employee Internet Access

• Apple Slams UK Surveillance Bill Proposals

• North Korean Hackers Breached A US Tech Company To Steal Crypto

• DDoS Botnets Exploiting Recent Zyxel Vulnerability

• Enhancing Security and Observability with Splunk AI

• TSMC Delays Production At Arizona Fab, Amid Skills Shortage

• Oracle Patches 32 Critical Flaws in MySQL, WebLogic Server, & VirtualBox VM

• North Korea-backed hackers breached JumpCloud to target cryptocurrency clients

• CDN Service Exposes Users to Malicious Packages for Phishing Attacks Invisible to Security Tools

• Attackers Exploit Citrix Zero-Day Bug to Pwn NetScaler ADC, Gateway

• Enterprise Choices in Measuring Risk

• Ofcom says it won’t pay ransom, as new MOVEit hack victims come forward

• Old Roblox Data Leak Resurfaces, 4000 Users’ Personal Information Exposed

• Kevin Mitnick Dies Age 59

• Under CISA pressure collaboration, Microsoft makes cloud security logs available for free

• ChatGPT’s Reputability is Under Investigation by the FTC

• Evil Unleashed: Meet WormGPT Chat’s Wicked Twin

• UK Selected For Battery Gigafactory For Jaguar Land Rover EVs

• Utilizing Programmatic Advertising to Locate Abducted Children: Unleashing its Power

• Zero Trust: Storage and Search

• Legendary Hacker Kevin Mitnick Passes Away

• Sensitive Information of VirusTotal Users Exposed in Data Leak

• Satellites Are Rife With Basic Security Flaws

• Commentary on the Implementation Plan for the 2023 US National Cybersecurity Strategy

• Hackers Turn Exchange Servers into Malware Command & Control Centers

• Improving Storage Security and Compliance: Best Practices for Implementing Granular Authentication in Storage

• Half of AI Open Source Projects Reference Buggy Packages

• Turla’s New DeliveryCheck Backdoor Breaches Ukrainian Defense Sector

• Global IT Spend To Rise Amid Automation Focus, Says Gartner

• 3 Ways to Protect Smart Devices from Criminal Exploits

• P2PInfect, a Rusty P2P worm targets Redis Servers on Linux and Windows systems

• Lookout Uncovers Advanced Android Surveillanceware Linked To China’s APT41

• The Crucial Role of Cyber Essentials in the UK Public Sector

• Renowned Hacker Kevin Mitnick Died at the Age of 59

• Adobe Releases New Patches for Exploited ColdFusion Vulnerabilities

• CNI Firms: Climate Tech is Increasing Cyber Risk

• Sophisticated Cloud Credential Theft Campaign Targets AWS, Expands to Azure and Google Cloud

• Microsoft Inspire: Partner resources to prepare for the future of security with AI

• ​​Expanding cloud logging to give customers deeper security visibility

• Singapore releases draft guidelines on personal data use in AI training

• Three Reasons Why Business Security Starts with Employee Education

• Renowned Hacker Kevin Mitnick Passes Away at the Age of 59

• Estee Lauder Breached by Two Ransomware Groups

• WooCommerce Payments WP Plugin Flaw Goes Under Active Attack

• Roblox data leak may have affected nearly 4000 users

• Adobe out-of-band update addresses an actively exploited ColdFusion zero-day

• Do you know what your supply chain is and if it is secure?

• Ukraine busts bot farm spreading Russian infowar propaganda and fraud

• Facebook Flooded with Ads and Pages for Fake ChatGPT, Google Bard and other AI services, Tricking Users into downloading Malware

• New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems

• Understanding Artificial Intelligence

• Minor Typo Results in the Leak of Millions Sensitive of US Military Emails

• Russia issues ban on Apple iPhone for security reasons

• Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats

• Why data travel is healthcare’s next big cybersecurity challenge

• A fresh look at the current state of financial fraud

• LLMs and AI positioned to dominate the AppSec world

• Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability

• Exploring the macro shifts in enterprise security

• 67% of daily security alerts overwhelm SOC analysts

• Kevin Mitnick Passed Away

• Famed Hacker Kevin Mitnick Dead at 59

• Microsoft validation error allowed state actor to access user email of government agencies and others

• Plane sailing for ticket scammers: How to keep your flight plans safe

• Docker Hub images found to expose secrets and private keys

• Forrester’s Top 10 Emerging Technologies in 2023 and Beyond

Generated on 2023-07-21 23:55:21.498658