IT Security News Daily Summary 2023-08-10

• Cyber Insurance Experts Make a Case for Coverage, Protection

• Ransomware Attack Timeline

• Black Hat 2023 Keynote: Navigating Generative AI in Today’s Cybersecurity Landscape

• CSPM vs CWPP vs CIEM vs CNAPP: What’s the Difference?

• 6 Best Threat Intelligence Feeds to Use in 2023

• There’s a good chance your VPN is vulnerable to privacy-menacing TunnelCrack attack

• Check Point to Acquire SASE Security Firm Perimeter 81 for $490 Million

• Kemba Walden: We need to secure open source software

• Trend Micro discloses ‘silent threat’ flaws in Azure ML

• The Future of Cloud-Native Data Security: A Look at Laminar’s New Capabilities

• AMD and Intel CPU security bugs bring Linux patches

• EvilProxy Cyberattack Flood Targets Execs via Microsoft 365

• Teens Hacked Boston Subway’s CharlieCard to Get Infinite Free Rides—and This Time Nobody Got Sued

• SecurityGen Study Highlights Hidden Threat to 5G Mobile Networks From GTP-Based Cyberattacks

• The Hard Realities of Setting AI Risk Policy

• CISA discovered a new backdoor, named Whirlpool, used in Barracuda ESG attacks

• Detectify IP Addresses view enables organizations to uncover unauthorized assets

• Lumen Data Protect defends critical business data from corruption

• OpenAI’s GPTBot: A New Era of Web Crawling

• Dissident Republicans Claim To Have PSNI Breach Data, Admits Chief Constable

• Request-Level Authentication and Authorization With Istio and Keycloak

• 5 Best Encryption Key Management Software for 2023

• Osano Secures $25M Series B to Advance Data Privacy Platform

• Rootly Raises $12M to Help Enterprise IT Teams Resolve Incidents 80 Percent Faster

• What Is Patch Management as a Service (PMaaS) & What Can It Do For You?

• Congress Amended KOSA, But It’s Still A Censorship Bill

• Black Hat: Tenable to add AI query module to its Exposure Management platform; DARPA AI Cyber Challenge announced

• Cybersecurity: It’s Time to Trust the Machines

• Zoom Refutes Claims of AI Training on Calls Without Consent

• Understanding Security Vulnerabilities: A First Step in Preventing Attacks

• Calix expands security options in SmartBiz to protect small businesses from cyberthreats

• Fortra releases new integrations for its Offensive Security

• Lookout SAIL improves efficiency for cybersecurity professionals

• Making Chrome more secure by bringing Key Pinning to Android

• Solution to hardware flaw in Intel CPUs may cause large performance hit

• Mac systems turned into proxy exit nodes by AdLoad

• Top 15 Data Security Posture Management (DSPM) platforms for 2023

• Co-Founder Of Yandex Condemns Ukraine Invasion

• EvilProxy Phishing Kit Hits 100+ Firms, Bypasses MFA via Reverse Proxy

• Vulnerability management, its impact and threat modeling methodologies

• Avoiding False Positive: The Silent SAST Killer

• New York Introduces First-Ever Statewide Cybersecurity Strategy

• Lookout incorporates generative AI to support security professionals and boost security

• LockBit Attack: Ransomware Gang Threatens to Leak Cancer Patients’ Medical Data

• Revolutionizing IT: Ultraviolet’s Innovative Approach to Developer Efficiency

• Legions of DEF CON hackers will attack generative AI models

• Researchers put LLMs to the test in phishing email experiment

• APT31 Linked to Recent Industrial Attacks in Eastern Europe

• 37% of Third-party Applications have High-risk Permissions

• Adobe Patches 30 Acrobat, Reader Vulnerabilities

• Hundreds of executives are falling for Microsoft 365 phishing attacks: Report

• Zoom using user data to train its AI models

• US Scientists Repeat Fusion Ignition Breakthrough

• #BHUSA: Only 22% of Firms Have Mature Threat Intelligence Programs

• New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks

• Critical Start introduces Managed Cyber Risk Reduction to address risks, vulnerabilities, and threats

• Authorities Taken Down Bulletproof Hosting Provider Lolek

• Google just made its Chrome browser more secure by cutting ‘patch gap’ in half

• Generative AI takes center stage at Black Hat USA 2023

• What Is Cloud Security Posture Management (CSPM)?

• Identity management platform Veza secures $15M from Capital One and ServiceNow

• Exabeam and Cribl partnership helps enterprises accelerate SIEM deployments

• Appdome and Bugcrowd join forces to create a more secure mobile app economy

• The 9 Best XDR Software Solutions and Tools in 2023 [Features, Pricing & Reviews]

• Top Exploit Databases to Use in Bolstering Cybersecurity Posture

• Ransomware Prevention Checklist: Safeguarding Your Digital Assets

• How the SEC’s Proposed Security Rules Could Impact Businesses

• Controlling Cybersecurity Risks

• What Will Cybersecurity Jobs Look Like in 2028?

• Fines for Facebook Privacy Breaches in Norway Crack Down on Meta

• The Pentagon’s 2023 cyber strategy: What you need to know

• Symmetry Systems Raises $17.7M for Data Security Posture Management Platform

• Managing and Securing Distributed Cloud Environments

• Potent Trojans Targeting MacOS Users

• New Statc Stealer Malware Emerges: Your Sensitive Data at Risk

• UK cybersecurity giant NCC Group is making more layoffs

• Black Hat USA Keynote: In AI Do Not Trust

• DARPA Sponsors Competition For AI Innovation And Cybersecurity

• CISA Warns Orgs Of Exploited Vuln Affecting .NET, Visual Studio

• Nearly Every AMD CPU Since 2017 Vulnerable To Inception Attacks

• How An Unpatched Microsoft Exchange 0-Day Likely Caused One Of The UK’s Biggest Hacks Ever

• Zoom Declines Training AI on Calls Without Approval

• Coalition looks to bridge gap between CISOs, cyber insurance

• S3 Ep147: What if you type in your password during a meeting?

• #BHUSA: DARPA Challenges AI Pros to Safeguard US Infrastructure

• Navigating Cybersecurity’s Seas: Environmental Regulations, OT & the Maritime Industry’s New Challenges

• Investigating the Intricacies of BEC Invoice Redirect Attacks

• Lookout incorporates generative AI assistant to support security professionals and boost security

• Check Point to acquire Perimeter 81 for $490 million

• Illumio for Azure Firewall allows users to protect different parts of their cloud environment

• MITRE partners with Robust Intelligence to tackle AI supply chain risks in open-source models

• Bionic integrates with ServiceNow, launches Bionic Events

• AI Eavesdrops on Keystrokes with 95% Accuracy

• Microsoft Authenticator will soon provide codes via WhatsApp

• Elon Musk To Auction Twitter Signs, Backs Verbal Cage Fight With Zuck

• #BHUSA: ESET Unmasks Cyber-Espionage Group Targeting Embassies in Belarus

• Check Point buys Perimeter 81 for $490M to enhance its security tools for hybrid and remote workers

• Deloitte Safeguards Software Development Lifecycle

• KnowBe4 helps protect endangered species to celebrate 13th anniversary

• Rhysida Ransomware: The Rise of a New Threat for Healthcare Organizations

• Feds Seize Bulletproof Hosting Service ”Lolek Hosted”

• DAY 2! Dark Reading News Desk: Live at Black Hat USA 2023

• DTX Europe 2023

• How randomized data can improve our security

• New Infostealer Malware Steal Logs & Corporate Access Data

• Rhysida ransomware – what you need to know

• European Startup Pistachio Raises €3.25 Million for Cybersecurity Training Platform

• Osano, a data privacy management platform, nabs $25M

• Adaptive Shield’s ITDR capabilities help users detect identity-related security threats

• ConcealSherpaAI identifies potentially harmful webpages

• Microsoft 365 accounts of execs, managers hijacked through EvilProxy

• SentinelOne enhances vulnerability management through Singularity Ranger Insights

• Encryption Flaws in Popular Chinese Language App Put Users’ Typed Data at Risk

• Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization

• Cryptographic Flaw in Libbitcoin Explorer Cryptocurrency Wallet

• Unleashing Your Potential Through Destiny 2 Accounts For Sale: A New Perspective

• Fact vs. Fiction: Unmasking Exaggerated AI Failures and Successes

• White House launches AI Cyber Challenge to make software more secure

• LastPass removes the master password from customers’ login with FIDO2 authenticators

• UK Appoints Tech Expert, Diplomat To Head AI Safety Summit

• Researchers Tricked Hackers into Reveal Their Secrets Using Honeypot

• Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives

• Microsoft Patch Tuesday For August ’23 Addresses 84 Flaws

• Breaking the Mold: New Directions in Commercial Video Production

• Get your staff’s consent before you monitor them, tech inquiry warns

• Fresh Blow to PSNI Security as Second Data Breach Disclosed

• Leaked Yandex Code Breaks Open the Creepy Black Box of Online Advertising

• Belarus hackers target foreign diplomats with help of local ISPs, researchers say

• Focus on DroxiDat/SystemBC

• CISA Warns Organizations of Exploited Vulnerability Affecting .NET, Visual Studio

• Regulator: “Harmful” Web Design Could Break Data Protection Laws

• ‘MoustachedBouncer’ APT Spies on Embassies, Likely via ISPs

• CISA adds actively exploited flaw in .NET, Visual Studio to its Known Exploited Vulnerabilities catalog

• Investigating the Intricacies of Invoice Redirect Attacks

• The Aftermath: Dallas Ransomware Attack- 26K Residents Affected

• President Biden Executive Order Targets Tech Investments In China

• Tripwire Enterprise: Five ‘Other’ Things You Should Know

• EvilProxy Campaign Fires Out 120,000 Phishing Emails

• Quick Glossary: Cybersecurity Attack Response and Mitigation

• NIST Expands Cybersecurity Framework with New Pillar

• US Govt launches Artificial Intelligence Cyber Challenge

• Understanding Changes in the OWASP API Security Top 10 List

• Brand Extension: Definition, How It Works, Example, and Criticism – 2023 Guide

• Common TTPs of attacks against industrial organizations

• Do you know what your supply chain is and if it is secure?

• Interpol Busts Phishing-as-a-Service Platform ’16Shop,’ Leading to 3 Arrests

• Data of all serving police officers Police Service of Northern Ireland (PSNI) mistakenly published online

• Chinese hackers stole US government emails

• TargetCompany Ransomware Deploy Fully Undetectable Malware on SQL Server

• Norway first to put daily penalty on Meta over data security concerns

• Will AI kill cybersecurity jobs?

• Mind the (Interpretation) gap: Another reason why threat modeling is important

• RAM dump: Understanding its ­­­importance and the process

• What to know about FedRAMP Rev. 5 Baselines

• Learning from past healthcare breaches to fortify future cybersecurity strategies

• 37% of third-party applications have high-risk permissions

• Private network adoption grows as enterprises seek greater control and security

• Australian broadcaster cuts presence on platform formerly called Twitter

• DARPA Launches 2-Year Contest to Build AI Tools to Fix Vulnerabilities

• Voter data stolen in UK Electoral Commission systems breach

• Cloudflare Tunnel increasingly abused by cybercriminals

• Facial recognition tech lands innocent woman with bogus carjacking charge

• Nearly every AMD CPU since 2017 vulnerable to Inception data-leak attacks

• Hackers Rig Casino Card-Shuffling Machines for ‘Full Control’ Cheating

• Panasonic Warns That IoT Malware Attack Cycles Are Accelerating

• New Microsoft Security innovations expand multicloud visibility and enhance multiplatform protection

• Symmetry Systems Closes $17.7M To Scale its AI-Powered Data Security Platform

• Sweet Security Lands $12M in Seed Funding to Shift Cloud Security Right

• LastPass Announces Availability of FIDO2 Authenticators for Passwordless Login

• DARPA Launches Two-Year Contest to Build AI Tools to Fix Vulnerabilities

• IT Security News Daily Summary 2023-08-09

• crisis management plan (CMP)

• #BHUSA: New Zero-Day Vulnerabilities Could Instantly Drain Crypto Wallets

• Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR

• Black Hat Opens With Call to Steer AI from Predictions to Policy

• Blockchain Signing Bug Cracks Open Crypto Investors’ Wallets Worldwide

• Checkmarx CISO Study Finds 96% of CISOs Say Their Business Prospects Consider Their Organizations’ AppSec Maturity When Making Deal Decisions

• It’s Time for Cybersecurity to Talk About Climate Change

• New LLM Tool Seeks and Remediates Vulnerabilities

• Disposed-of Gadgets Can Lead to Wi-Fi Network Hacks, Kaspersky Says

• Researchers Detail Vuln That Allowed for Windows Defender Update Process Hijack

• A Clever Honeypot Tricked Hackers Into Revealing Their Secrets

• INTERPOL Dismantles Infamous ’16shop’ Phishing-as-a-Service Platform

• DBS Bank uncovers big data challenges with AI use – and solutions, too

• Researchers watched 100 hours of hackers hacking honeypot computers

• Balada Injector still at large – new domains discovered

• ‘Downfall’ Bug in Billions of Intel CPUs Reveals Major Design Flaw

• Intel Responds to ‘Downfall’ Attack with Firmware Updates, Urges Mitigation

• Microsoft Patch Tuesday: 74 CVEs plus 2 “Exploit Detected” advisories

• Safety of Officers & Civilians of PSNI Compromised in Major Data Breach

• Virtual Meetings Security with Token Authentication

• This Acoustic Attack Analyzes Keystrokes To Steal Data Via Deep Learning

• John Lewis Signs Google Deal To Utilise AI Tech

• Amazon Loses Two Key Drone Delivery Executives – Report

• Onapsis researchers detail new SAP security threats

• EvilProxy used in massive cloud account takeover scheme

• Cracking the Code: 7 Secrets Every Web Developer Should Know

• Rapid7 prepares to toss 18% of workforce to cut costs

• Western Digital, Synology NAS Vulnerabilities Exposed Millions of Users’ Files

• White House Offers Prize Money for Hacker-Thwarting AI

• Patch Tuesday Targets 74 Flaws, Including Microsoft Teams, Office

• Top 3 Insights I Learned at Recent Cybersecurity Events

• Irish Police Data Breach Rattles Northern Ireland’s Security Landscape

• Types of Nmap scans and best practices

• Gurucul launches Sme AI to improve threat detection and response capabilities

• NetRise unveils SBOM and vulnerability prioritization solutions to enhance XIoT firmware security

• Rust-Based Injector Deploys XWorm and Remcos RAT in Multi-Stage Attack

• Rhysida Ransomware Has Added New Techniques, Tactics, And Tools to Its Arsenal

• 16 Zero-Day Vulnerabilities Discovered in CODESYS Affect Millions of Industrial Devices

• Will data backups save you from ransomware? Think again

• White House launches AI Cyber Challenge to test how top AI models protect software

• C-Suite Cybersecurity Sign-off Hinges on Customer Trust, Digital Opps

• DARPA launches two-year competition to build AI-powered cyber defenses

• Dark Web Grows Stronger. And So Does the Value of Monitoring

• What Is Global Privacy Control (GPC), and how can it help you protect your data?

• Fortifying Defences: Cybersecurity in the Dawn of AI

• 0Patch promises to support Windows Server 2012 and 2012 R2 with 3 years of security updates

• Breach Connected to MOVEit Flaw Affects Missouri Medicaid Recipients

• Rhysida Ransomware Analysis Reveals Vice Society Connection

• Facebook Faces Daily Fine Over Privacy Violations

• Sweet Security Debuts Runtime Management for Cloud

• OWASP Lead Flags Gaping Hole in Software Supply Chain Security

• Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs

• Dynatrace Security Analytics detects and blocks common application attacks

• Rising Threat of ‘Hackers for Hire’ – How End-to-End Encryption Software Safeguards Businesses

• Officials Point To Russia After Electoral Commission Hack

• RedHotel Chinese APT Hackers Attack Government Entities & Intelligence Organizations

• X-Force releases detection & response framework for managed file transfer software

• Zoom is entangled in an AI privacy mess

• Worldcoin explained: Everything you need to know

• RedHotel Checks in As Dominant China-Backed Cyberspy Group

• Interpol Shuts Down African Cybercrime Group, Seizes $2 Million

• Symmetry raises $18M to bolster organizations’ data security programs

• White House To Strengthen K-12 Cybersecurity

• Researchers Find Active Campaigns Exploiting Two Kubernetes Misconfigurations

• eSentire releases MDR Agent to reduce costs and risk of business disruption for SMBs

• Whistic introduces third-party risk management platform powered by AI

• Vicarius vuln_GPT enables security teams to find and fix software vulnerabilities

• India to replace all its defense related Microsoft systems with Maya OS due to Ransomware

• High-Severity Access Control Vulnerability Found in Spring WebFlux

• Colorado Department of Higher Education Attacked by Ransomware

• AI Risk Database Tackles AI Supply Chain Risks

• China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign

• Q2 2023, Community Updates: Introducing New Learning Assets, a Unique Solution for Workforce Development, and Capture the Flag (CTF)

• Worldwide Tailor-Made Massive Phishing Campaign

• Experts Alert Travelers Against Sharing Photos of Boarding Passes Online

• Apple, Amazon In Talks To Invest In ARM – Report

• Microsoft Paid Out $13 Million via Bug Bounty Programs for Fourth Consecutive Year

• Sweet Security Emerges From Stealth With $12 Million Seed Funding and a Cloud Runtime Solution

• Kyndryl and Microsoft join forces to help customers explore the use of generative AI

• Cymulate delivers threat-informed defense for cloud infrastructure

• Appdome collaborates with NetSPI to improve security defenses for all mobile apps

• UK Electoral Commission Data Breach Exposes Information of 40 Million Voters

• Elon Musk’s X Steps Up: Pledges Legal Funds for Workers Dealing with Unfair Bosses

• Two-Thirds of UK Websites are at Risk from Malicious Bots

• Sweet Security Lands $12 Million in Seed Funding to Shift Cloud Security Right with Runtime Security Suite

• July 2023’s Most Wanted Malware: Remote Access Trojan (RAT) Remcos Climbs to Third Place while Mobile Malware Anubis Returns to Top Spot

• Why Shellshock Remains a Cybersecurity Threat After 9 Years

• History’s Greatest Insider Threats

• PSNI data breach left officers vulnerable

• Tenable launches LLM-powered ExposureAI product

• Cyber-attack hits the UK’s electoral registers

• Downfall Attack Enables Extraction of Passwords and Encryption Key From Intel Microprocessor

• Northern Ireland police may have endangered its own officers by posting details online in error

• TUNE IN Dark Reading News Desk: Live at Black Hat USA 2023

• Closing Coverage Gaps Where Customer Resources Meet Cloud Environments

• Cybersecurity giant Rapid7 announces sweeping layoffs as losses mount

• Hardening SSH connections to managed hosts with Red Hat Ansible Automation Platform

• The State of Edge Security Report

• Beware of New Malware Attack Disguised As Google Bard Ads On Facebook

• Got vulns? vuln_GPT debuts as AI-powered approach to find and remediate software vulnerabilities

• Automated Security Control Assessment: When Self-Awareness Matters

• Intel Addresses 80 Firmware, Software Vulnerabilities

• Cloud Security Firm Kivera Raises $3.5 Million in Seed Funding

• How to Remove Your Info From Google With the ‘Results About You’ Tool

• Missing The Point In The Current Age Of Cyber

• Major Data Breach In The UK: Electoral Commission Systems Compromised Affecting Over 40 Million Voters

• DigiCert expands certificate management platform to extend the value of internal CAs

• Ghost Platform simplifies application security in the cloud

• Computer Integrated Services partners with Island to strengthen data protection across enterprises

• Cyber Security Today, August 9, 2023 – The latest ransomware news, and more

• Continuous Security Validation with Penetration Testing as a Service (PTaaS)

• Parsing the UK voter register cyberattack

• Synopsys Bolsters Application Security Testing Solutions Through Collaborations with NowSecure and Secure Code Warrior

• Boost identity protection with Axiad Cloud and Microsoft Entra ID

• Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks

• Germany To Subsidise TSMC Factory In Dresden

• Using Machine Learning to Detect Keystrokes

• Northern Ireland Police Officers Vulnerable After Data Leak

• U.K. Electoral Commission Breach Exposes Voter Data of 40 Million Britons

• Downfall attacks can gather passwords, encryption keys from Intel processors

• BigID introduces Data Risk Assessment for hybrid environments

• Sonet.io blocks sensitive data from being pasted into ChatGPT

• Google unveils stronger cellular security for Android 14

• Is the Metaverse Dead? Head-to-Head

• ‘Monumental’ Data Breach Exposes Northern Ireland Police Officers

• SAP Patches Critical Vulnerability in PowerDesigner Product

• Enhancing Cybersecurity with Remote Browser Isolation (RBI)

• Downfall Vulnerability Exposes Intel CPUs to Data and Encryption Keys Stealing

• Malicious Campaigns Exploit Weak Kubernetes Clusters for Crypto Mining

• Bectran Advanced Fraud Prevention Suite protects users against fraudulent activity

• Sophos X-Ops showcases MDR and threat intelligence at Black Hat and DEF CON

• Recent ransomware attacks share curiously similar tactics

• An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector

• Patch Tuesday: Microsoft Fixes 2 Office Zero-Days, Critical Team Flaw

• 40 Vulnerabilities Patched in Android With August 2023 Security Updates

• New ‘Inception’ Side-Channel Attack Targets AMD Processors

• Notorious Phishing-as-a-Service Platform Shuttered

• New Report Finds Shift in Cyber Crime | Avast

• Summer Spending Pressure Fuels Loan Fee Fraud Fears

• Tenzir’s security data pipeline platform optimizes SIEM, cloud, and data costs

• Barracuda Networks and Cork offer cyber warranty services for customers of MSPs

• Cybersecurity: Creating a Foundation to build on

• Microsoft Patches 80+ Flaws Including Two Zero-Days

• New Android 14 Security Feature: IT Admins Can Now Disable 2G Networks

• Downfall Intel CPU side-channel attack exposes sensitive data

• Why performing security testing on your products and systems is a good idea

• LockBit threatens to leak medical data of cancer patients stolen from Varian Medical Systems

• Threat Actors English-Speaking Countries with Customized Yashma Ransomware

• Downfall: New Intel CPU Attack Exposing Sensitive Information

• US holds first ever cybersecurity summit on ransomware attacks on K12 Schools

• Bolstering Cloud Security Through Serverless Architecture

• Microsoft Releases Patches for 74 New Vulnerabilities in August Update

• Data exfiltration is now the go-to cyber extortion strategy

• Using creative recruitment strategies to tackle the cybersecurity skills shortage

• Why cybersecurity is a blue-collar job

• Edge computing’s role in healthcare

• Mobile Device Management: Securing the modern workplace

• Rapid7 Announces Layoffs, Office Closings Under Restructuring Plan

• SandboxAQ launches open-source meta-library of cryptographic algorithms

• The ransomware rollercoaster continues as criminals advance their business models

• INTERPOL shutters ’16shop’ phishing-as-a-service outfit

• Microsoft Patch Tuesday, August 2023 Edition

• Attacker Breakout Time Shrinks Again, Underscoring Need for Automation

• Analyzing Network Chaos Leads to Better DDoS Detection

• Novel ‘Inception’ Attack Exposes Sensitive Data in CPUs

• GrammaTech Nominated to Compete in 2023 ‘ASTORS’ Awards Program

• The FBI Is Investigating a Ransomware Attack that Disrupted Hospital Operations in 4 States

• Digital assets continue to be prime target for malvertisers

• Server breach could be fatal blow for LetMeSpy

Generated on 2023-08-10 23:55:43.114779