IT Security News Daily Summary 2023-08-02

• Still No Death Star In Sight

• Tanium Selected by DHS CISA to Join the Joint Cyber Defense Collaborative

• Guardio Uncovers Zero-Day Vulnerability in Salesforce’s Email Services

• BeyondTrust’s Identity Security Insights Provides Unprecedented Visibility into Identity Threats

• HackerOne lays off 12% workforce as ‘one-time event’

• Hackers already installed web shells on 581 Citrix servers in CVE-2023-3519 attacks

• A Clear Road To Net Zero – Tackling Data Centre Sustainability Myths

• Global Optical Sensor Market to Reach $45.56B by 2030, Rising Demand in Consumer Electronics and IoT Applications

• SynSaber and ICS Advisory Project Identify Vulnerability Trends Within The Critical Infrastructure Sector

• Solvo Unveils SecurityGenie: A Revolutionary ChatGPT-Like Solution for Cloud Security Teams

• Instagram Flags AI-Generated Content

• VALIC Retirement Services Company Experiences PBI Data Breach Exposing Approximately 798,000 Social Security Numbers

• The best security cameras of 2023: Expert reviewed

• Zero-day in Salesforce email services exploited in targeted Facebook phishing campaign

• Tesla Investigated Over Steering Problems

• Torq launches Torq Socrates, an AI agent for Tier-1 SecOps threat resolution

• Iranian Company Plays Host to Reams of Ransomware, APT Groups

• Shield and Visibility Solutions Target Phishing From Inside the Browser

• Hot Topic Apparel Brand Faces Credential-Stuffing Attack

• Iran’s APT34 Hits UAE With Supply Chain Attack

• Mondee security lapse exposed flight itineraries and unencrypted credit card numbers

• Tech Consolidation – How and When?

• Impact of Freenom halting registrations on cybercrime

• NodeStealer 2.0 Poses as ‘Microsoft’ to Hack Facebook and Browser Data

• How To Approach Dependency Management in Java [Video]

• UN Cybercrime Convention Negotiations Enter Final Phase With Troubling Surveillance Powers Still on the Table

• Amazon Clinic Rolls Out Across US, As Healthcare Push Continues

• Cyber-Insurance Underwriting Is Still Stuck in the Dark Ages

• The State Of Cybersecurity – Outlook And Challenges For 2023 And Beyond

• Emerging Cybersecurity Threat: How Google AMP Phishing Attacks Are Bypassing Email Security Measures

• AI-Powered CryptoRom Scam Targets Mobile Users

• Burger King forgets to put a password on their systems, again

• Safeguarding Against Pharming Cyber Attacks: Tips for Enhanced Security

• BT Appoints Allison Kirkby As Carrier’s First Female CEO

• jQuery vs. Angular: Common Differences You Must Know

• Threat Actors Use AWS SSM Agent as a Remote Access Trojan

• Keeper empowers cybersecurity advocates with new Influencer Programme

• Care Bears and Open Campus Launch Educational Games on Climate Change

• Users of Facebook for Business are the Target of a New Phishing Attack

• Researchers Uncovered a New Flaw in ChatGPT to Turn Them Evil

• Cloud Firm Under Scrutiny For Suspected Support of APT Operations

• It’s A Hot 0-Day Summer For Apple, Google, And Microsoft Security Fixes

• Nearly All Modern CPUs Leak Data To New Collide+Power Side Channel Attack

• Wi-Fi Vuln In Canon Inkjet Printers May Expose User Information

• Firefox 116 Patches High Severity Vulnerabilities

• New hVNC macOS Malware Advertised On Hacker Forum

• Traceable AI combats API abuse with digital fraud prevention capabilities

• Salesforce and Meta suffer phishing campaign that evades typical detection methods

• Sonar’s new deep-analysis capability discovers and fixes code security issues

• Eyes on IDOR Vulnerabilities! US and Australia Release Joint Advisory

• White House Panel Recommends Restricting the FBI’s Access to spy Data

• Designers Still Have an Opportunity to Get AI Right

• Royal Mail Begins UK’s First Drone Delivery Postal Service

• Beware! Hacker-Sold macOS HVNC Tool Allows Complete Takeover

• Cyble Raises $24 Million for AI-Powered Threat Intelligence Platform

• New hVNC macOS Malware Advertised on Hacker Forum

• Russian Cyber Adversary BlueCharlie Alters Infrastructure in Response to Disclosures

• The generative A.I. battle between companies and hackers is starting

• Here’s How Microsoft Fought Against Ireland’s HSE Attackers

• Bad Hygiene: New Study Uncovers Common Security Failures of Cloud-First Organizations

• SSH Remains Most Targeted Service in Cado’s Cloud Threat Report

• Review of Recent NPM-Based Vulnerabilities

• Tesla Jailbreak Unlocks Theft of In-Car Paid Features

• Blocking Access to AI Apps is a Short-term Solution to Mitigate Safety Risk

• The BleedingPipe RCE Exploit Presents Minecraft With a New Security Challenge

• Utilities Face Security Challenges as They Embrace Data in New Ways

• Phishers Exploit Salesforce’s Email Services Zero-Day in Targeted Facebook Campaign

• Industrial Control Systems Vulnerabilities Soar: Over One-Third Unpatched in 2023

• US, Norway say hackers have been exploiting Ivanti zero-day since April

• PrivacyHawk Privacy Score enables users to understand their privacy and data risk

• Cyble raises $24 million to enhance its AI-driven security solutions

• Attackers can turn AWS SSM agents into remote access trojans

• Armis partners with Security Risk Advisors to protect cyber physical systems

• Melton Littlepage joins 1Password as CMO

• Best Health and Nutrition Apps to Kickstart Your Wellness Journey 2023

• Rolls Royce targeted in a sophisticated Cyber Attack with potential Data Breach

• Juice Jacking Cyber Attack: The Hidden Threat at Public Charging Stations

• Staff at NHS Lanarkshire Exposed Patient`s Data on Unauthorized WhatsApp Group

• Microsoft Defender for Office 365 gets highest rating in SE Labs Enterprise Email Security Services test for Q1 2023

• ARM Targets $60 Billion Valuation For IPO

• Unified XDR and SIEM Alleviate Security Alert Fatigue

• Analyzing Android and iOS Cybersecurity Vulnerabilities

• The Future of Cloud Computing: Unleashing the Power of the Cloud

• Google AMP Abused in Phishing Attacks Aimed at Enterprise Users

• Firefox 116 Patches High-Severity Vulnerabilities

• Researchers Uncover AWS SSM Agent Misuse as a Covert Remote Access Trojan

• Top Industries Significantly Impacted by Illicit Telegram Networks

• The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022

• New Collide+Power Exploit Let Attacker Steal Sensitive Data From All Modern CPUs

• ClearSale Brand Protection combats phishing, fake accounts, and counterfeit products

• 7 Benefits of Implementing ZTNA

• Biometric as a Service (BaaS) – An Opinion Piece

• CISA Published a Warning About Ivanti EPMM Zero-day Vulnerabilities

• Synopsys Launches Software Risk Manager to Simplify Enterprise-Scale AppSec

• Cloud Service Provider Cloudzy Accused of Aiding Ransomware and APTs

• 4-Optimization Techniques for Enhancing Algorithmic Trading Performance

• Meta Begins News Closure In Canada Over Publisher Payment Law

• AI-Enhanced Phishing Driving Ransomware Surge

• Hot Topic Announces Potential Data Breach Due to Stolen Account Credentials

• Understanding India’s Personal Data Protection Bill (PDPB)

• An Introduction to Cyber Threat Intelligence: Key Concepts and Principles

• Is Your MSP Taking Its Own Security Seriously?

• Russian Cybersecurity Exec Wanted By Russia and US

• OT/IoT Malware Surges Tenfold in First Half of the Year

• New SEC Regulations: US Businesses Must Report Cyberattacks within 4 Days

• CISA in New Warning Over Ivanti Vulnerabilities

• Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers

• Why performing security testing on your products and systems is a good idea

• Fake Chat App On Android Steals Signal and WhatsApp Data

• MSMQ QueueJumper (RCE Vulnerability): An In-Depth Technical Analysis

• Australian Senate committee recommends bans on Chinese social media apps

• Australian Senate committee recommends further bans on Chinese social media apps

• Ivanti Zero-Day Exploited by APT Since at Least April in Norwegian Government Attack

• CISA adds second Ivanti EPMM flaw to its Known Exploited Vulnerabilities catalog

• 67% of data breaches start with a single click

• From tech expertise to leadership: Unpacking the role of a CISO

• Delivering privacy in a world of pervasive digital surveillance: Tor Project’s Executive Director speaks out

• Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability

• 1 in 100 emails is malicious

• Open-source penetration testing tool BloodHound CE released

• New NodeStealer Variant Targeting Facebook Business Accounts and Crypto Wallets

• Socket moves beyond JavaScript and Python and gets into Go

• 2023-08-01 – Bandook infection

• Public companies must now disclose breaches within 4 days

• SpyNote Spyware Returns with SMS Phishing Against Banking Customers

• Devo and Cybermindz Partner to Address the Mental Health of Front-Line Cybersecurity Workers in the US

• White House Cyber Workforce Strategy: No Quick Fix for Skills Shortage

• This California agency wants to know what happens to all that connected car data

• IT Security News Daily Summary 2023-08-01

• Forgepoint Capital Places $15M Series A Bet on Converge Insurance

• Nile Raises $175M Series C Funding to Redefine Enterprise Networks

• Forescout’s Risk and Exposure Management Solution Delivers Streamlined, Quantitative Approach to Cyber Asset Risk Management

• MEF and CyberRatings.org Partner on SASE Certification Program

• NodeStealer 2.0 takes over Facebook Business accounts and targets crypto wallets

• Canon Inkjet Printers at Risk for Third-Party Compromise via Wi-Fi

• Infosec experts divided on SEC four-day reporting rule

• Best Cybersecurity and IT Outsourcing Options

• Space Pirates Train Cyber Sabers on Russian, Serbian Organizations

• Itseez3D launches Avatar SDK Deep Fake Detector to bolster user identity protection

• Combating Cybercrime in the Age of Remote Work

• Canon Inkjet Printers Retain WiFi Data Unless Wiped – Warns Canon

• Understanding Package.json II: Scripts

• Facebook Oversight Board Urges Company To Close Loophole In Bullying And Harassment Policy

• Forgepoint Capital Places $20M Series A Bet on Converge Insurance

• Balbix introduced a new capability that automates CIS Benchmark requirements

• Firefox fixes a flurry of flaws in the first of two releases this month

• Chinese APT Group Hits Air-Gapped Systems in Europe with Malware

• Iran-Run ISP ‘Cloudzy’ Caught Supporting Nation-State APTs, Cybercrime Hacking Groups

• Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack

• ‘DarkBERT’ GPT-Based Malware Trains Up on the Entire Dark Web

• Apple Users Open to Remote Control via Tricky macOS Malware

• Forescout Risk and Exposure Management offers quantitative approach to risk prioritization

• Tessian Abuse Mailbox Response helps security teams manage email based threats

• Canon Advises Users to Reset Wi-Fi Settings When Discarding Inkjet Printers

• Bad news: Another data-leaking CPU flaw. Good news: It’s utterly impractical

• CISA: ‘Submarine’ Backdoor Torpedoes Barracuda Email Security

• Lessons Not Learned From Software Supply Chain Attacks

• Cybersecurity Audit for Homes

• Burp Suite 2023.8 Released – What’s New!

• Synopsys Software Risk Manager simplifies application security testing

• Mobb automates vulnerability remediations with AI-powered technology

• Stay Safe When Charging Phone in Public: Scammers Steal Money Using USB Ports via “Juice Jacking”

• Following the JumpCloud Incident, Additional Malware was Discovered in the Npm Packages

• Novel Worm-Like Malware P2Pinfect Targets Redis Deployments

• New NodeStealer Targeting Facebook Business Accounts and Crypto Wallets

• Chinese APTs Establish Major Beachheads Inside US Infrastructure

• Cloud Company Assisted 17 Different Hacking Groups

• Ransomware Attacks On Industrial Organizations Doubled In Past Year

• US Military Battling Cyber Threats From Within And Without

• UK Spy Agencies Want To Relax Laws On AI Data Use

• Canon Inkjet Printers Expose Wi-Fi Threat

• Cyber Mindfulness Corner Company Spotlight: DXC Technology

• Cisco adds automated ransomware recovery to its XDR solution

• Monte Carlo Data Product Dashboard improves reliability for critical data products

• Schneider Electric MSS protects networks, systems and data across OT environments

• Abyss Locker Ransomware Targets VMware ESXi Servers on Linux

• FBI Alerts: Cybercriminals Exploiting Open-Source AI Programs with Ease

• Data Breach from Accreditation Org Exposes Sensitive Data of Educational Institutions

• eCitizen Cyberattack: Kenyan Government Portal’s Services Disrupted

• Cloud Tech Debt Puts Millions of Apps at Risk, Says New Report

• Researchers claim US-registered cloud host facilitated state-backed cyberattacks

• TARK#MULE Cyber Attack Campaign Tricking Koreans with U.S. Military-Themed Documents

• 4 Generative AI Security Benefits

• Weaponized Excel, OneNote, or PDF Attachments Deliver New WikiLoader Malware

• How to enable the free Google One VPN on your Pixel device

• Mattress maker Tempur Sealy says it isolated tech system to contain cyber burglary

• SpecterOps Updates BloodHound Active Directory Mapping Tool

• Silk Security Emerges from Stealth With $12.5 Million Seed Funding

• Nile Raises $175 Million for Secure NaaS Solutions

• Socket Scores $20M as Investors Bet on Software Supply Chain Security Startups

• Computer Fraud and Abuse Act (CFAA)

• New Infostealer Uncovered in Phishing Scam Targeting Facebook Business Accounts

• How to Meet Phishing-Resistant MFA Requirements

• US govt is hunting a Chinese malware that can interfere with its military operations

• Your First Line of Defense Against Ransomware: SASE

• TechRepublic Premium Editorial Calendar: IT Policies, Checklists, Hiring Kits and Research for Download

• Why the California Delete Act Matters

• There’s no reason to panic over WormGPT

• Everlast, Famous Boxing Equipment Brand, Targeted In Daring Cyberattack Linked to World’s Largest Online Bank Heist

• Battery Safety in Vaping: What Every Vaper Needs to Know

• Artificial intelligence threats in identity management

• Tempur Sealy, World’s Largest Mattress Seller, Hit By Cyberattack, Forcing IT Systems Shutdown

• Menlo Security introduces two features to protect users against web browser threats

• Actionable Threat Intel (V) – Autogenerated Livehunt rules for IoC tracking

• Hacker Conversations: Youssef Sammouda, Bug Bounty Hunter

• Investing in a Robust Cybersecurity Workforce

• Iranian Hackers Posed as Israelis in Targeted LinkedIn Phishing Attack

• Women two-thirds more likely to fear losing CNI security jobs than men

• 8 Best CrowdStrike Competitors [2023]

• Fake Android App Used to Exfiltrate Signal and WhatsApp User Data

• The Intersection of CDP and AI: How Artificial Intelligence Is Revolutionizing Customer Data Platforms

• Socket lands $20M investment to help companies secure open source software

• US government outlines National Cyber Workforce and Education Strategy

• Dynatrace acquires Rookout to improve productivity for developers

• Android n-day bugs pose zero-day threat

• Cyborg Security integrates REST API into HUNTER Platform

• New Android Malware Via WhatsApp steals Call logs, Locations, & Contacts

• Ransomware Attacks Frequently Target Organizations with 51-200 Employees

• Java: A Time-Tested Programming Language Still Going Strong

• How AI May Be Used to Create Custom Disinformation Ahead of 2024

• A New Attack Impacts ChatGPT—and No One Knows How to Stop It

• European Bank Customers Targeted in SpyNote Android Trojan Campaign

• WikiLoader malware-as-a-service targets Italian organizations

• Vulnerability Summary for the Week of July 24, 2023

• VirusTotal Malware Trends Report: Emerging Formats and Delivery Techniques

• Bedding Giant Tempur Sealy Takes Systems Offline Following Cyberattack

• Ransomware Attacks on Industrial Organizations Doubled in Past Year: Report

• CMA Publishes Microsoft Arguments In Activision Case

• US States Fight Court Order Blocking Social Media Misinformation Efforts

• Musk, Yaccarino To Jointly Oversee X Trust and Safety

• Judge Gives Go-Ahead To SEC’s Terraform Labs Crypto Lawsuit

• Researchers Expose Space Pirates’ Cyber Campaign Across Russia and Serbia

• What is Data Security Posture Management (DSPM)?

• 16-30 June 2023 Cyber Attacks Timeline

• NHS Staff Reprimanded For WhatsApp Data Sharing

• China’s APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe

• Social Media Security Awareness: What you Should Know

• What is the General Data Protection Regulation (GDPR)?

• 200 Canon Printer Models May Expose Wi-Fi Connection Data

• Possible Chinese Malware in US Systems a ‘Ticking Time Bomb’: Report

• Capita Boss to Step Down Following Cyber Incident

• Sanctioned Jingjia Plans China AI GPU Production Ramp

• Intel Launches China Innovation Hub Amidst Sanctions

• New WikiLoader Malware Goes to Extreme Lengths to Hide

• Stremio vulnerability exposes millions to attack

• Need to improve the detection capabilities in your security products?

• Twitter Threatens To Sue Hate Speech Research Firm

• US military battling cyber threats from within and without

• How to Meet Phishing-Resistant MFA

• Be aware of exposure of sensitive data on Wi-Fi settings for Canon inkjet printers

• Cybersecurity survey: 36% of Europeans don’t even have an IoT device

• How Generative AI Will Transform Cybersecurity

• Report says no evidence that cyber insurance coverage makes victim pay more

• China bans export of drones some countries have already banned anyway

• Strategies for ensuring compliance and security in outdated healthcare IT systems

• Keeping the cloud secure with a mindset shift

• Cybercriminals Renting WikiLoader to Target Italian Organizations with Banking Trojan

• The gap in users’ identity security knowledge gives cybercriminals an opening

• Infosec products of the month: July 2023

• EU’s financial institutions face cyber resilience crisis

• Supply chain attacks demand a 3rd party risk re-think

• What Implementing Biometrics for Authentication Looks Like

• Pioneering Application Security: AI Meets Human Intelligence – Insights from an Interview with ImmuniWeb’s Dr. Ilia Kolochenko

• Facebook Fined For Misleading Australian Users About Data Collection

• A week in security (July 24 – July 30)

• Supply chain attacks disrupt emergency services communications

• Meta subsidiaries must pay $14m over misleading data collection disclosure

Generated on 2023-08-02 23:55:29.679492