IT Security News Daily Summary 2023-08-22

• Adobe Patches Critical Deserialization Vulnerability, but Exploits Persist

• Absolute Dental Services Notifies Patients of Data Security Incident

• Forescout Joins MISA and Announces Integration With Microsoft Sentinel

• Proposed UN Cybercrime Treaty Threatens to be an Expansive Global Surveillance Pact

• Ivanti issues fix for third zero-day flaw exploited in the wild

• Controversial Cybercrime Law Passes in Jordan

• Fleeceware drains money from account slowly over time – here’s how to spot it

• Lawmakers Blast Facebook For Still Allowing Sale Of Deadly Recalled Product

• EFF Benefit Poker Tournament at DEF CON 31

• Luna Grabber Malware Hits Roblox Devs Through npm Packages

• Newer, Better XLoader Signals a Dangerous Shift in macOS Malware

• Proton debuts VPN for Business, enabling IT departments to control access to content and apps

• Smart light bulbs could give away your password secrets

• Publisher’s Spotlight: Black Hat USA 2023 Closes on Record-Breaking Event in Las Vegas

• How to Prevent Data Breaches: Data Breach Prevention Tips

• Defense contractor Belcan leaks admin password with a list of flaws

• Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.

• Software Makers May Face Greater Liability in Wake of MOVEit Lawsuit

• Bracing for the AI-Driven Cybersecurity Landscape of Tomorrow

• Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

• SEC fines fintech crypto fund that promised 2,700% returns

• When Leadership Style Is a Security Risk

• What is post-quantum cryptography and why is it important?

• Leveraging AT&T Cybersecurity Consulting for a robust Zero Trust Center of Excellence

• Why is API security the next big thing in Cybersecurity?

• Do It for You: Commit to Cybersecurity Certification Now

• Critical Insight Report: 15% Drop in Breaches, 31% Surge in Victims

• Application Security From Code to Cloud – An Interview with Lotem Guy at Cycode

• New QwixxRAT Windows Malware Spreads Through Telegram And Discord

• Researchers Uncovered the Developer of CypherRAT and CraxsRAT

• Scarab Ransomware Deployed Worldwide Via Spacecolon Toolset

• 16 Remote Access Security Best Practices to Implement

• Bitsight Security Ratings

• Cyber Attacks that impacted billions and millions of online accounts

• US ARPA-H Initiative Counters Healthcare Cyber-Threats

• 90% of Consumers Worry Cybersecurity’s Future Is in Jeopardy if Students Aren’t Exposed to the Field at an Earlier Age

• Kyndryl becomes a VMware Cross-Cloud managed services provider

• Enhanced VMware Cloud helps customers modernize, optimize, and protect their businesses

• SA may Surpass the ‘Nigerian Prince,’ Becoming Africa’s New Cybercrime Capital

• DDoS Attacks in a Kubernetes Environment: Detection and Mitigation

• Ivanti Sentry Flaw: Let Attackers Access Critical APIs Used for Configuration

• One simple way to cut ransomware recovery costs in half

• TP-Link Smart Bulb Vulnerabilities Expose Households to Hacker Attacks

• CISA Warns Of Another Exploited Adobe Coldfusion Vulnerability

• TP-Link Smart Bulb Vulns Expose Households To Hacker Attacks

• Apple’s Defense Against Apps Vandalizing Other Apps Is Still Broken, Developer Claims

• Crypto Botnet On X Is Powered By ChatGPT

• 0-Day In Ivanti’s Sentry Gateway Actively Exploited

• Vulnerabilities in TP-Link IoT Devices Can Get You Hacked

• Network Architecture Mapping Improves Security Posture and Saves Big Bucks

• OT Under Greater Scrutiny in Global Cybersecurity Regulatory Environment

• Cuba Ransomware Targets U.S. Organizations via Veeam Exploit

• Training the Next Generation of Cybersecurity Professionals: 4 Keys to a Successful Internship Program

• Juniper Networks Junos OS Let Attacker Remotely Execute Code

• Apache Ivy Injection Flaw Let Attackers Exfiltrate Sensitive Data

• VMware Explore 2023: Keynote Highlights

• Hacker Conversations: Cris Thomas (AKA Space Rogue) From Lopht Heavy Industries

• Ivanti warns customers another zero-day is under active attack

• Ten Ways an XDR Service Can Empower IT Managers

• Cybersecurity Concerns: When Mental Health Queries Become Malware Magnets

• XLoader macOS Malware Variant Disguised as ‘OfficeNote’ Productivity App

• Juniper Networks Junos OS let Attacker Remotely Execute Code

• Top 13 ransomware targets in 2023 and beyond

• The Physical Impact of Cyberattacks on Cities

• Aston University partners with ISACA to offer credentials in cybersecurity and risk management to graduates

• MITRE appoints Deborah Youmans as CIO

• What Are X-forwarded Headers, and Why Is It Used?

• Webinar Today: ZTNA Superpowers CISOs Should Know

• Australian Energy Software Firm Energy One Hit by Cyberattack

• Ransomware Group Starts Leaking Data From Japanese Watchmaking Giant Seiko

• US Military Targeted in Recent HiatusRAT Attack

• Thousands of Malicious Android Apps are Employing Covert APKs to Bypass Security

• Silicon Labs: reMarkable 2

• Silicon Labs: Logitech MX Keyboard

• TP-Link Smart Bulb Users at Risk of WiFi Password Theft

• Cato Networks: Challenger in Gartner Magic Quadrant for Single-Vendor SASE

• The devil in the detail

• Continued MOVEit Exploitation Drives Record Ransomware Attacks

• ‘Cuba’ Ransomware Group Uses Every Trick in the Book

• Energy One Cyberattack: Key Systems In Australia And UK Compromised – Immediate Actions Taken And Investigation Underway

• Tesla Data Breach Exposes Personal Information Of Over 75,000 Individuals: Inside Job By Former Employees Confirmed

• Grip Security raises $41 million to accelerate growth and extend its market

• Cyberattack on UK IT Firm Swan Retail Affects 300 Retailers

• Grip Security Lands $41 Million Series B Financing

• New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack

• The Internet Is Turning Into a Data Black Box. An ‘Inspectability API’ Could Crack It Open

• CISOs Tout SaaS Cybersecurity Confidence, But 79% Admit to SaaS Incidents, New Report Finds

• Ivanti Sentry zero-day vulnerability fixed, patch ASAP! (CVE-2023-38035)

• Silicon UK Labs: Logitech MX Keyboard

• CISA Warns of Another Exploited Adobe ColdFusion Vulnerability

• Cerby Raises $17 Million for Access Management Platform for Nonstandard Applications

• Essential Advice for Aspiring Software Developer Beginners (2023)

• US Judge Denies Copyright For AI-Generated Artwork

• Silicon UK Labs: reMarkable 2

• What is Configuration Drift?

• Cyber-Attack on Australian Utility Firm Energy One Spreads to UK Systems

• Chinese APT Targets Hong Kong in Supply Chain Attack

• New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China

• Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates

• New APT Group Launches Supply Chain Campaign

• Cerby lands $17M to manage access to ‘nonstandard’ enterprise apps

• Juniper Networks fixes flaws leading to RCE in firewalls and switches

• Seiko joins growing list of ALPHV/BlackCat ransomware victims

• 1-15 July 2023 Cyber Attacks Timeline

• Webinar: Leveraging the Power of Cyber Threat Adversary Infrastructure

• Silicon Labs: Kingston Keypad 200C

• China Looks To Expand Computing Power Amidst US Sanctions

• Silicon UK Labs: MX Master 3S Mouse

• UN Study Finds Women Face Disproportionate AI Job Risk

• Why No Business in 2023 Can Grow without APIs

• Ivanti Warns of Critical New Zero-Day Bug

• Beijing Bans AI-Generated Medical Prescriptions

• Tesla: Insiders Responsible For Major Data Breach

• A cyber attack hit the Australian software provider Energy One

• CISA adds critical Adobe ColdFusion flaw to its Known Exploited Vulnerabilities catalog

• Snatch gang claims the hack of the Department of Defence South Africa

• Ukrainian hackers claim to leak emails of Russian parliament deputy chief

• British intelligence is tipping off ransomware targets to disrupt attacks

• After Russia’s failure, India is next in line to attempt a Moon landing

• China keeps buying hobbled Nvidia cards to train its AI models

• Apple’s defense against apps vandalizing other apps still broken, developer claims

• Southeast Asian Smartphone Users ‘Prefer Budget Models’

• Need to improve the detection capabilities in your security products?

• Wind-Powered Cargo Ship Sets Off On Maiden Voyage

• New Variant of XLoader macOS Malware Disguised as ‘OfficeNote’ Productivity App

• Accelerating Data Security and Manufacturing Production for Medical Sensors by 20x with nTropy.io and Thales

• Ivanti fixed a new critical Sentry API authentication bypass flaw

• DotRunpeX Malware Injector Widely Delivers Known Malware Families to Attack Windows

• Maintaining consistent security in diverse cloud infrastructures

• IT’s rising role in physical security technology

• Britain starts issuing ‘Early Warning’ to Ransomware Victims

• Privacy is Sexy: custom privacy scripts for Windows, Linux and macOS

• Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software

• 4 Major Innovations in Healthcare Smart Cards

• AT&T Cybersecurity wins SC Media Award for Best Threat Intelligence

• Building Cybersecurity into the supply chain is essential as threats mount

• Critical Adobe ColdFusion Flaw Added to CISA’s Exploited Vulnerability Catalog

• 8 open-source OSINT tools you should try

• Understanding how attackers exploit APIs is more important than ever

• Atmeltomo – 580,177 breached accounts

• The Importance of SaaS Backup and Disaster Recovery: Reasons to Consider

• Ivanti Sentry exploited in the wild, patches emitted

• Ivanti Issues Fix for Critical Vuln In Its Sentry Gateway Technology

• A week in security (August 14 – August 20)

• QR codes used to phish for Microsoft credentials

• Chrome will soon start removing extensions that may be unsafe

• Trusted Advisor puts you in the security driving seat

• Chinese Hackers Using Stolen Ivacy VPN Certificate To Sign Malware

• Less noise, better signals: Why XDR and AI are the future of cybersecurity

• Palo Alto Networks CEO warns companies need modern, integrated cybersecurity

• Whistleblower Leak Reveals Tesla Data Breach, Affects 75,000

• SIEM and SOAR in 2023: Key trends and new changes

• Three Ways to Enhance Your Cloud Security with External Attack Surface Management

• What Is Secure Remote Access?

• Uncle Sam: Rest of the world would love to steal our space blueprints – don’t let ’em

• IT Security News Daily Summary 2023-08-21

• Akamai Report: LockBit, Cl0P Expand Ransomware Efforts

• Measuring the Effectivity of Security with Data Analysis

• Vendors criticize Microsoft for repeated security failings

• This AI-generated crypto invoice scam almost got me, and I’m a security pro

• Small Businesses Are A “Gold Mine” For Facebook Scammers

• LinkedIn collaborates with CLEAR to bring free identity verification to Canadian users

• FBI and NCSC Warn of Foreign Cyberattacks on US Space Sector

• Logging Incoming Requests in Spring WebFlux

• Weekly Vulnerability Recap – August 21, 2023 – When ACE Equals Bad

• Tesla Data Breach Investigation Reveals Inside Job

• How to Configure an HTTPS Endpoint for Mule Applications With One-Way SSL

• Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability

• Energy One Investigates Cyberattack

• Fed Warning: US Space Industry Subject To Foreign Spying, Disruptions

• Palo Alto Networks rewards our faith in the stock, leading us to adjust our price target

• Can diversity and resilience address the crisis of recruiting and retaining cybersecurity talent?

• Vulnerability Summary for the Week of August 14, 2023

• Ultimate New Hire Onboarding Checklist: Your Roadmap to Success

• “Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

• BlackCat ransomware group claims the hack of Seiko network

• Vulnerability in Tencent’s Sogou Chinese Keyboard Can Leak Text Input in Real-Time

• Leak of 75k employee records was insiders’ fault, claims Tesla

• risk analysis

• New HiatusRAT campaign targets Taiwan and U.S. military procurement system

• Interpol Operation: 14 Arrested, Allegedly Involved in Scamming Victims of $40 Million

• Ex-USSS CISO Explains Agencies’ Struggle with Biden EO

• Securing the Software Supply Chain: Chainguard Builds on Foundational Innovation

• Interpol Arrests 14 Who Scammed $40m From Victims In Cyber Surge

• Volatility Workbench: Empowering memory forensics investigations

• Streamlining Security Practices for Your Org Through Live Patching

• Deceptive AI Bots Spread Malware, Raise Security Concerns

• CypherRAT And CraxsRAT Malware Developer Identified

• Donald’s Patriot Legal Defense Fund Site Got Hacked

• WinRAR Hit With High Severity Code Execution Flaw

• Secure Your Wi-Fi: Spot Hacking Signs and Preventive Tips

• Exploring the Potential Impact of a Bitcoin Spot ETF Approval

• Benefits of Using an Anonymous Bitcoin Wallet in 2023

• New Malware Turns Windows and macOS Devices into Proxy Nodes

• New NCUA Rule Requires Swift Cyber Incident Reporting

• New Chrome Feature Alerts Users About Malicious Extensions

• The Only Leader in Single-Vendor SASE. Period.

• Cuba Ransomware Exploits Veeam Flaw, Targets U.S. and Latin American Entities

• Introducing Heimdal XDR: A Game-Changer Disrupting the Market with the Widest Range of Next-Generation Solutions

• How to make sure the reputation of your products and company is good

• BlackCat Ransomware Group targets Seiko Watch Japan

• What’s Beyond SASE? The Next Steps

• Big Tech drives stocks higher, while the market rewards Club cyber name Palo Alto Networks

• Tesla Begins Notifying Individuals Impacted in a Data Breach Incident

• Jim Cramer says this surging cybersecurity is gaining market share and proving doubters wrong

• The future of SIEM: Embracing predictive analytics

• Researchers Uncover Real Identity of CypherRAT and CraxsRAT Malware Developer

• New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC

• VersaAI delivers AI-assisted enhancements across the Versa Networks portfolio

• North Korean Hackers Swipe $200M in 2023 Crypto Heists

• Interpol Arrested 14 cybercriminals and uncovered 20,674 suspicious cyber networks

• Generative AI Is Scraping Your Data. So, Now What?

• WinRAR Vulnerability Allows Remote Code Execution

• To Buy or Not to Buy: Baldur’s Gate III Overview

• Behind Closed Cyber Doors: 50 Ransomware Negotiations’ Unexpected Insights

• WinRAR Security Flaw Could Allow Command Execution

• 3,000+ Android Malware Using Unique Compression Methods to Avoid Detection

• How to add exceptions to ad blocking in Opera

• High severity vuln in WinRAR could allow code to run when files are opened

• Australian Lender Latitude Financial Reports AU$76 Million Cyberattack Costs

• Jim Cramer’s top 10 things to watch in the stock market Monday

• Android App Modularization: 4 Useful Tips to Start

• 3 Ways to Prevent Cyber Attacks and Improve Healthcare Outcomes

• DEF CON’s AI Village Pits Hackers Against LLMs to Find Flaws

• WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477)

• Palo Alto Networks shares rise more than 12% after earnings report

• Cyber Security Today, August 21, 2023 – The latest ransomware news, and security patches issued by Cisco, Juniper and Jenkins

• Webinar Tomorrow:  ZTNA Superpowers CISOs Should Know

• US Gov Warns of Foreign Intelligence Cyberattacks Against US Space Industry

• US Space Industry Under Threat from Foreign Cyber Espionage

• How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes

• Tesla says data breach impacting 75,000 employees was an insider job

• Payoro: A Glimmer of Disruption in the Banking Sector

• The Most Popular Digital Abortion Clinics, Ranked by Data Privacy

• Chrome will tell users when extensions they use are removed from Chrome Web Store

• Summer Break Isn’t a Vacation for Cybercriminals: Education and Research Organizations are Top Targets According to Check Point Research

• Multiple Vulnerabilities Found In Ivanti Avalanche EMM

• ScrutisWeb ATM Software Vulnerabilities Risked ATMs’ Security

• Flaws in Juniper Switches and Firewalls Can Be Chained for Remote Code Execution

• Brazilian Hacker Claims Bolsonaro Asked Him to Hack Into the Voting System Ahead of 2022 Vote

• What Is Network Access Control (NAC)?

• Choosing a Video Production Company in Melbourne: A Guide

• SoftBank Acquires Vision Fund ARM Stake At $64bn Valuation

• ARM ‘Saw Annual Revenue Decline’ Ahead Of IPO

• Canada Demands End To Facebook News Ban Amidst Wildfires

• Influential Google Researcher Leaves To Co-Found ‘Sakana AI’

• This Malware Turned Thousands of Hacked Windows and macOS PCs into Proxy Servers

• Tesla Discloses Data Breach Related to Whistleblower Leak

• CISA Cybersecurity Strategic Plan: What you need to know

• The CIA Debate: Which is the Most Important?

• Government Urges More Students to Be Cyber Explorers

• What is WormGPT?

• Police Insider Tipped Off Criminal Friend About EncroChat Bust

• TenSec 2019

• Tencent Keen Security Lab joins GENIVI Alliance

• Tencent Security Keen Lab: Experimental Security Assessment of Mercedes-Benz Cars

• Tesla Faces Engineer Claims In Autopilot Fatal Crash Case

• Russia’s First Moon Mission In Decades Ends In Failure

• German Government Warns Telcos Over China Risk

• Bitcoin Slumps On Elon Musk Sale, China Concerns

• A Haptic Future: Sensing the Virtual

• Last rites for the UK’s Online Safety Bill, an idea too stupid to notice it’s dead

• Cuba Ransomware Group Steals Credentials Via Veeam Exploit

• Spoofing an Apple device and tricking users into sharing sensitive data

• Tips for Backing Up an Amazon EC2 Instance

• Software developers, how secure is your software?

• Israel and US to Invest $3.85 Million in projects for critical infrastructure protection through the BIRD Cyber Program

• Visibility Is Just Not Enough to Secure Operational Technology Systems

• HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack

• MSPs and Cybersecurity: Fortifying the Partnership for Advanced Protection

• Network detection and response in the modern era

• How EU lawmakers can make mandatory vulnerability disclosure responsible

• Trending cybersecurity news headlines on Google

• Benefits on Information Security Automation

• The complex world of CISO responsibilities

• Organizations invest in AI tools to elevate email security

• Microsoft DNS boo-boo breaks Hotmail for users around the globe

• Understanding Blagging in Cybersecurity: Tactics and Implications

• Overcoming web scraping blocks: Best practices and considerations

Generated on 2023-08-22 23:55:20.139114