IT Security News Daily Summary 2023-08-01

• Forgepoint Capital Places $15M Series A Bet on Converge Insurance

• Nile Raises $175M Series C Funding to Redefine Enterprise Networks

• Forescout’s Risk and Exposure Management Solution Delivers Streamlined, Quantitative Approach to Cyber Asset Risk Management

• MEF and CyberRatings.org Partner on SASE Certification Program

• NodeStealer 2.0 takes over Facebook Business accounts and targets crypto wallets

• Canon Inkjet Printers at Risk for Third-Party Compromise via Wi-Fi

• Infosec experts divided on SEC four-day reporting rule

• Best Cybersecurity and IT Outsourcing Options

• Space Pirates Train Cyber Sabers on Russian, Serbian Organizations

• Itseez3D launches Avatar SDK Deep Fake Detector to bolster user identity protection

• Combating Cybercrime in the Age of Remote Work

• Canon Inkjet Printers Retain WiFi Data Unless Wiped – Warns Canon

• Understanding Package.json II: Scripts

• Facebook Oversight Board Urges Company To Close Loophole In Bullying And Harassment Policy

• Forgepoint Capital Places $20M Series A Bet on Converge Insurance

• Balbix introduced a new capability that automates CIS Benchmark requirements

• Firefox fixes a flurry of flaws in the first of two releases this month

• Chinese APT Group Hits Air-Gapped Systems in Europe with Malware

• Iran-Run ISP ‘Cloudzy’ Caught Supporting Nation-State APTs, Cybercrime Hacking Groups

• Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack

• ‘DarkBERT’ GPT-Based Malware Trains Up on the Entire Dark Web

• Apple Users Open to Remote Control via Tricky macOS Malware

• Forescout Risk and Exposure Management offers quantitative approach to risk prioritization

• Tessian Abuse Mailbox Response helps security teams manage email based threats

• Canon Advises Users to Reset Wi-Fi Settings When Discarding Inkjet Printers

• Bad news: Another data-leaking CPU flaw. Good news: It’s utterly impractical

• CISA: ‘Submarine’ Backdoor Torpedoes Barracuda Email Security

• Lessons Not Learned From Software Supply Chain Attacks

• Cybersecurity Audit for Homes

• Burp Suite 2023.8 Released – What’s New!

• Synopsys Software Risk Manager simplifies application security testing

• Mobb automates vulnerability remediations with AI-powered technology

• Stay Safe When Charging Phone in Public: Scammers Steal Money Using USB Ports via “Juice Jacking”

• Following the JumpCloud Incident, Additional Malware was Discovered in the Npm Packages

• Novel Worm-Like Malware P2Pinfect Targets Redis Deployments

• New NodeStealer Targeting Facebook Business Accounts and Crypto Wallets

• Chinese APTs Establish Major Beachheads Inside US Infrastructure

• Cloud Company Assisted 17 Different Hacking Groups

• Ransomware Attacks On Industrial Organizations Doubled In Past Year

• US Military Battling Cyber Threats From Within And Without

• UK Spy Agencies Want To Relax Laws On AI Data Use

• Canon Inkjet Printers Expose Wi-Fi Threat

• Cyber Mindfulness Corner Company Spotlight: DXC Technology

• Cisco adds automated ransomware recovery to its XDR solution

• Monte Carlo Data Product Dashboard improves reliability for critical data products

• Schneider Electric MSS protects networks, systems and data across OT environments

• Abyss Locker Ransomware Targets VMware ESXi Servers on Linux

• FBI Alerts: Cybercriminals Exploiting Open-Source AI Programs with Ease

• Data Breach from Accreditation Org Exposes Sensitive Data of Educational Institutions

• eCitizen Cyberattack: Kenyan Government Portal’s Services Disrupted

• Cloud Tech Debt Puts Millions of Apps at Risk, Says New Report

• Researchers claim US-registered cloud host facilitated state-backed cyberattacks

• TARK#MULE Cyber Attack Campaign Tricking Koreans with U.S. Military-Themed Documents

• 4 Generative AI Security Benefits

• Weaponized Excel, OneNote, or PDF Attachments Deliver New WikiLoader Malware

• How to enable the free Google One VPN on your Pixel device

• Mattress maker Tempur Sealy says it isolated tech system to contain cyber burglary

• SpecterOps Updates BloodHound Active Directory Mapping Tool

• Silk Security Emerges from Stealth With $12.5 Million Seed Funding

• Nile Raises $175 Million for Secure NaaS Solutions

• Socket Scores $20M as Investors Bet on Software Supply Chain Security Startups

• Computer Fraud and Abuse Act (CFAA)

• New Infostealer Uncovered in Phishing Scam Targeting Facebook Business Accounts

• How to Meet Phishing-Resistant MFA Requirements

• US govt is hunting a Chinese malware that can interfere with its military operations

• Your First Line of Defense Against Ransomware: SASE

• TechRepublic Premium Editorial Calendar: IT Policies, Checklists, Hiring Kits and Research for Download

• Why the California Delete Act Matters

• There’s no reason to panic over WormGPT

• Everlast, Famous Boxing Equipment Brand, Targeted In Daring Cyberattack Linked to World’s Largest Online Bank Heist

• Battery Safety in Vaping: What Every Vaper Needs to Know

• Artificial intelligence threats in identity management

• Tempur Sealy, World’s Largest Mattress Seller, Hit By Cyberattack, Forcing IT Systems Shutdown

• Menlo Security introduces two features to protect users against web browser threats

• Actionable Threat Intel (V) – Autogenerated Livehunt rules for IoC tracking

• Hacker Conversations: Youssef Sammouda, Bug Bounty Hunter

• Investing in a Robust Cybersecurity Workforce

• Iranian Hackers Posed as Israelis in Targeted LinkedIn Phishing Attack

• Women two-thirds more likely to fear losing CNI security jobs than men

• 8 Best CrowdStrike Competitors [2023]

• Fake Android App Used to Exfiltrate Signal and WhatsApp User Data

• The Intersection of CDP and AI: How Artificial Intelligence Is Revolutionizing Customer Data Platforms

• Socket lands $20M investment to help companies secure open source software

• US government outlines National Cyber Workforce and Education Strategy

• Dynatrace acquires Rookout to improve productivity for developers

• Android n-day bugs pose zero-day threat

• Cyborg Security integrates REST API into HUNTER Platform

• New Android Malware Via WhatsApp steals Call logs, Locations, & Contacts

• Ransomware Attacks Frequently Target Organizations with 51-200 Employees

• Java: A Time-Tested Programming Language Still Going Strong

• How AI May Be Used to Create Custom Disinformation Ahead of 2024

• A New Attack Impacts ChatGPT—and No One Knows How to Stop It

• European Bank Customers Targeted in SpyNote Android Trojan Campaign

• WikiLoader malware-as-a-service targets Italian organizations

• Vulnerability Summary for the Week of July 24, 2023

• VirusTotal Malware Trends Report: Emerging Formats and Delivery Techniques

• Bedding Giant Tempur Sealy Takes Systems Offline Following Cyberattack

• Ransomware Attacks on Industrial Organizations Doubled in Past Year: Report

• CMA Publishes Microsoft Arguments In Activision Case

• US States Fight Court Order Blocking Social Media Misinformation Efforts

• Musk, Yaccarino To Jointly Oversee X Trust and Safety

• Judge Gives Go-Ahead To SEC’s Terraform Labs Crypto Lawsuit

• Researchers Expose Space Pirates’ Cyber Campaign Across Russia and Serbia

• What is Data Security Posture Management (DSPM)?

• 16-30 June 2023 Cyber Attacks Timeline

• NHS Staff Reprimanded For WhatsApp Data Sharing

• China’s APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe

• Social Media Security Awareness: What you Should Know

• What is the General Data Protection Regulation (GDPR)?

• 200 Canon Printer Models May Expose Wi-Fi Connection Data

• Possible Chinese Malware in US Systems a ‘Ticking Time Bomb’: Report

• Capita Boss to Step Down Following Cyber Incident

• Sanctioned Jingjia Plans China AI GPU Production Ramp

• Intel Launches China Innovation Hub Amidst Sanctions

• New WikiLoader Malware Goes to Extreme Lengths to Hide

• Stremio vulnerability exposes millions to attack

• Need to improve the detection capabilities in your security products?

• Twitter Threatens To Sue Hate Speech Research Firm

• US military battling cyber threats from within and without

• How to Meet Phishing-Resistant MFA

• Be aware of exposure of sensitive data on Wi-Fi settings for Canon inkjet printers

• Cybersecurity survey: 36% of Europeans don’t even have an IoT device

• How Generative AI Will Transform Cybersecurity

• Report says no evidence that cyber insurance coverage makes victim pay more

• China bans export of drones some countries have already banned anyway

• Strategies for ensuring compliance and security in outdated healthcare IT systems

• Keeping the cloud secure with a mindset shift

• Cybercriminals Renting WikiLoader to Target Italian Organizations with Banking Trojan

• The gap in users’ identity security knowledge gives cybercriminals an opening

• Infosec products of the month: July 2023

• EU’s financial institutions face cyber resilience crisis

• Supply chain attacks demand a 3rd party risk re-think

• What Implementing Biometrics for Authentication Looks Like

• Pioneering Application Security: AI Meets Human Intelligence – Insights from an Interview with ImmuniWeb’s Dr. Ilia Kolochenko

• Facebook Fined For Misleading Australian Users About Data Collection

• A week in security (July 24 – July 30)

• Supply chain attacks disrupt emergency services communications

• Meta subsidiaries must pay $14m over misleading data collection disclosure

• The Most In-Demand Freelance Skills for 2023

• Unzipping the truth: The hidden dangers of .zip domains

• US Gov Rolls Out National Cyber Workforce, Education Strategy

• A fan-made Mario game says ‘Lets-a-cryptomine’

• Are my apps spying on me? A paranoid’s guide to digital life

• IBM study reveals how AI, automation protect enterprises against data breaches

• IT Security News Monthly Summary – August

• IT Security News Daily Summary 2023-07-31

• Experts discovered a previously undocumented initial access vector used by P2PInfect worm

• Understanding Data Protection: Best Practices for Keeping Your Information Safe

• MIT CSAIL unveils PhotoGuard, an AI defense against unauthorized image manipulation

• Reducing Generative AI Hallucinations and Trusting Your Data: Interview With Cognite CPO Moe Tanabian

• China’s Volt Typhoon APT Burrows Deeper into US Critical Infrastructure

• Protecting Intellectual Property When It Needs to Be Shared

• The White House Acknowledges the Pressure on Section 702, But Much More Reform is Needed

• Police Arrest Suspect in Crypto Millionaire’s Murder

• White House: Losing Section 702 spy powers would be among ‘worst intelligence failures of our time’

• Air-Gapped ICS Systems Targeted by Sophisticated Malware

• SEC demands four-day disclosure limit for cybersecurity breaches

• July 2023 Web Server Survey

• CISA details backdoor malware used in Barracuda ESG attacks

• Essential Types of Metrics to Boost Support for Your Cybersecurity Learning Program – Part 2

• Hikvision, Nvidia named in contract for ‘Uyghur detection’

• Reddit Taps Fredrick ‘Flee’ Lee for CISO Job

• Apple Lists APIs That Developers Can Only Use for Good Reason

• SpyNote Android Spyware Strikes Financial Institutions

• Abyss Locker Ransomware Looks to Drown VMware’s ESXi Servers

• Call of Duty Self-Spreading Worm Takes Aim at Player Lobbies

• Fleek Network Releases New Whitepaper for Decentralized Edge Platform

• APT31 Implants Target Industrial Organizations

• Israeli Oil Refinery Giant BAZAN Hit by Fresh Wave of Cyber Attacks

• 5 Essential Tips For Data Security On The Cloud

• Worldcoin Crypto Project Already Under Radar in Europe

• Kenya’s eCitizen Service Faces Downtime: Analyzing the Cyber-Attack

• Critical Cybercrime Hub’s Hacked Data Emerges for Sale on Underground Markets

• The Power of Automation in DevOps: Streamlining Software Development and Delivery

• Lenovo’s latest heavy on flash, security for enterprise storage

• Biden Announces National Cyber Workforce and Education Strategy

• RAM dump: Understanding its ­­­importance and the process

• Singapore government sees rise in security incidents amid increased data sharing

• UK Military Embraces Security by Design

• Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081)

• Oracle unveils Cloud Native SCCA Landing Zone framework for the U.S. Department of Defense

• Dell introduces new offerings to accelerate secure generative AI initiatives

• How to make sure the reputation of your products and company is good

• U.S. Senator Blasts Microsoft for Chinese Hack Seeks Federal Action

• Ongoing STARK#MULE Attack Campaign Discovered

• Call of Duty worm malware used to hack players exploits years-old bug

• Was Pro-Russian Group Behind Kenya Cyber-Attack?

• Instead Of Warrants, The NSA Would Like To Keep Buying Your Data

• Unpatched Apache Tomcat Servers Spread Mirai Botnet Malware

• Second Ivanti EPMM Zero-Day Vulnerability Exploited In Targeted Attacks

• What Is an Exploit? Definition, Types, and Prevention Measures

• BAZAN Group, Israel’s Largest Oil Refinery, Had Its Website Hit by a DDoS Attack

• How to Migrate from a compromised Hosted Microsoft Exchange Service to Microsoft 365?

• New Android Malware Uses Optical Character Recognition to Steal Login Credentials

• Key Developer Concepts and Tools in Software Supply Chain Security

• How to Structure a Platform Team – An Illustrative Model

• Israeli Oil Refinery Taken Offline by Pro-Iranian Attackers

• Spend to save: The CFO’s guide to cybersecurity investment

• Best Practices for Enterprise Private 5G Security

• New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods

• Threat intelligence startup Cyble lands $24M investment

• Efficiency Unleashed: The Benefits of Intranet Software Solutions

• Experts link AVRecon bot to the malware proxy service SocksEscort

• Pentagon Looks Into ‘Critical Compromise’ of Air Force and FBI Contacts

• Summer Documentary Watch Party: 8 Sizzling Cybersecurity Tales

• Webinar: Riding the vCISO Wave: How to Provide vCISO Services

• Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor

• Multiple Chinese Hacker Outfits are Targeting Organisations Worldwide

• FakeTrade Android Malware Attack Steals Crypto Wallet Data

• Data Encryption Policy

• Locky Ransomware 101: Everything You Need to Know

• What Is an Exploit? Definition, Types and Prevention Measures

• Hikvision and Nvidia named in contract for Uyghur detection

• Peloton Treadmill Vulnerabilities Risk Users Data

• SEC Mandates Cyber Attack Disclosure Within Four Days: A Major Shift in Cybersecurity Transparency

• Security professionals unaware of NCSC Cyber Essentials framework – Lookout

• Why Inadequate Investment in Cybersecurity is a False Economy

• The Power of AI In Today’s Rapidly Evolving Financial Crime Landscape

• How to enable two-factor authentication on your Opera account

• Strengthening security in a multi-SaaS cloud environment

• Automatically Finding Prompt Injection Attacks

• Apple Strengthens App Store API Regulations To Curb User Fingerprinting

• New SEC Rules Require U.S. Companies To Reveal Cyber Attacks Within 4 Days

• Apple iOS, Google Android Patch Zero-Days in July Security Updates

• Salt Security Appoints Ori Bach as Executive Vice President of Product

• New persistent backdoor used in attacks on Barracuda ESG appliances

• Web browsing is the primary entry vector for ransomware infections

• Ministry of Defence Investigates Emails Sent To Russian Ally

• Tech Investors Flee China As Political Tensions Worsen

• Musk Says X Users Reach ‘New High’

• US Lawmakers Call For Stricter AI Chip Export Controls

• EU Launches Probe Into Spanish Ride-Hailing Restrictions

• CISA Analyzes Malware Used in Barracuda ESG Attacks

• Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks

• Global Lawyers Unveil Cyber Best Practices for Execs

• Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT

• AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service

• DNS Security in Healthcare: The Gem in Your Cybersecurity Arsenal

• Think Tank: Insurers Not Fuelling Ransomware Market

• Three flaws in Ninja Forms plugin for WordPress impact 900K sites

• Ivanti Warns Of Another EPMM Zero-Day Flaw Under Attack

• Server Inventory Checklist

• How the best CISOs leverage people and technology to become superstars

• What would sustainable security even look like?

• CISA: New Submarine Backdoor Used in Barracuda Campaign

• Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable

• NIS-2: EU Directive Takes a Massive Step towards Increased Security

• Experts warn attackers started exploiting Citrix ShareFile RCE flaw CVE-2023-24489

• Software developers, how secure is your software?

• Cyber-Attacks Disrupt Kenyan Government Systems

• Silicon UK In Focus Podcast: The State of MedTech

• Healthcare Innovation: A Safe and Secure Approach

• Captcha security to end for Google and Apple users

• Curbing Mobile Malware with Zero Trust: Enhancing Mobile Security

• AI reduces data breach lifecycles and costs

• The race against time in ransomware attacks

• Open-source security challenges and complexities

• Relying on CVSS alone is risky for vulnerability management

• Data privacy vault: Securing sensitive data while navigating regulatory demands

• US senator victim-blames Microsoft for Chinese hack

Generated on 2023-08-01 23:55:31.391169