IT Security News Daily Summary 2023-08-23

• Facebook Once Again Says It Will Roll Out End-To-End Encryption By End Of Year

• Threat Actor Exploits Zero-Day in WinRAR to Target Crypto Accounts

• API Misuse: Hacker Exposes 2.6M Duolingo Users’ Emails & Names

• AWS Outages: Is North Virginia the Least Reliable AWS Region and Why?

• Sophos: RDP played a part in 95% of attacks in H1 2023

• FBI Warns of Cryptocurrency Heists by North Korea’s Lazarus Group

• North Korea may be itching to sell $40m of purloined Bitcoin

• network vulnerability scanning

• Meta to roll out end-to-end encryption for Messenger by the end of 2023

• Using WinRAR? Be sure to patch against these code execution bugs…

• FBI identifies wallets holding cryptocurrency funds stolen by North Korea

• Microsoft’s Rise as a Cybersecurity Powerhouse

• Brazil’s Top Escort Service Exposes Millions of Escort and Client Data

• How to Create an Incident Response Plan (+ Free Template)

• Window Snyder talks striking out on her own in cybersecurity at TechCrunch Disrupt

• Danish cloud host says customers ‘lost all data’ after ransomware attack

• The best identity theft protection & credit monitoring services of 2023: Protect your data

• Name That Toon: Swift as an Arrow

• Google plans to bring AI-fueled security enhancements to Google Workspace

• Attackers exploited WinRAR zero-day for months to steal money from brokers (CVE-2023-38831)

• SpyCloud raises $110 million to accelerate identity threat protection

• Google to add more granular security controls to Workspace

• India’s Chandrayaan-3 Lands Successfully On Moon

• Hackers Threaten Patients Following a Massive Cyberattack on a Hospital

• Google introduces 11 new security features for Workspace (some AI-powered)

• What is the Bitwarden Master Password re-prompt and how do you enable it?

• XLoader MacOS Malware Variant Returns With OfficeNote Facade

• The Role of Cryptography in Data Safety

• Google Removes 22 Malicious Android Apps Exposed by McAfee

• U.S. Intelligence Reports: Spies and Hackers are Targeting US Space Industry

• Tesla Data Breach: 75,000 Users Affected Due to Insider Wrongdoing

• Cyberattack Strikes Australian Energy Software Company Energy One

• VMware, NVIDIA team up, launch major GenAI initiative at VMware Explore

• Mobile threat defense or bust

• How Malware Sandboxes Strengthen Your Cybersecurity

• Remote access detection in 2023: Unmasking invisible fraud

• Cybersecurity Companies Report Surge in Ransomware Attacks

• FBI Finds 1,580 Bitcoin in Crypto Wallets Linked to North Korean Hackers

• Smart Cities: Utopian Dream, Security Nightmare, or Political Gimmick?

• Thoma Bravo Merges ForgeRock with Ping Identity

• WinRAR Vulnerability Affects Traders Worldwide

• New HiatusRAT Malware Campaign Targets U.S. Defense Department`s Server

• Headlines about ransomware making waves on Google’s trending news

• Artificial Intelligence and USBs Drive 8% Rise in Cyber-Attacks

• Attackers Dangle AI-Based Facebook Ad Lures to Hijack Business Accounts

• Nagarro-Seclore Secure Collaboration Solution ensures business compliance

• Elon Musk To Axe Headlines From News Links On Twitter

• Salt Security Partners with API Testing Leaders, introduces STEP programme

• An Essential Guide to XDR Software

• Ransomware attacks broke records in July, mainly driven by this one group

• 3,000 Openfire Servers Exposed to Attacks Targeting Recent Vulnerability

• The End of “Groundhog Day” for the Security in the Boardroom Discussion?

• Malwarebytes releases EDR Extra Strength for endpoint protection

• LOKKER launches On-demand Website Privacy Audit for healthcare organizations

• Spear Phishing Prevention: 10 Ways to Protect Your Organization

• 5 Early Warning Indicators That Are Key to Protecting National Secrets

• Learning the lessons from cybersecurity trash fires at TC Disrupt 2023

• Court Finds Teenagers Carried Out Lapsus Hacking Spree

• MacOS Variant Of XLoader Written In C Observed In The Wild

• Guidance On Migrating To Post-Quantum Cryptography Released By US

• Exploitation Of Ivanti Sentry Zero-Day Confirmed

• Surge in Cybercrime: Check Point 2023 Mid-Year Security Report Reveals 48 Ransomware Groups Have Breached Over 2,200 Victims

• Thousands of High-Risk Incidents Neutralized Using AI

• Meta Set to Enable Default End-to-End Encryption on Messenger by Year End

• North Korean Affiliates Suspected in $40M Cryptocurrency Heist, FBI Warns

• St Helens Council Targeted In Suspected Ransomware Attack

• First Weekly Chrome Security Update Patches High-Severity Vulnerabilities

• US Government Publishes Guidance on Migrating to Post-Quantum Cryptography

• How to Talk to Your Kids About Social Media and Mental Health

• FBI says North Korean hackers preparing to cash out after high-profile crypto hacks

• Bogus OfficeNote app delivers XLoader macOS malware

• Surge in identity crime victims reporting suicidal thoughts

• BeyondID launches BeyondID SOC

• Exploring the Top ManageEngine Competitors & Alternatives in 2023

• New Ivanti Zero-Day Vulnerability Allows Hackers to Access Sensitive APIs

• Cyber Security Today, August 23, 2023 – Public exposure doesn’t deter this attacker, and more

• Ensuring Cyber Resilience: The Critical Role of Threat Modeling in Software Security

• FTX’s Sam Bankman-Fried Surviving On ‘Bread And Water’

• Doubling of Identity Theft Victims With Suicidal Thoughts

• Syrian Threat Actor EVLF Unmasked as Creator of CypherRAT and CraxsRAT Android Malware

• Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead

• The ‘US Cyber Trust Mark’ finally gives device makers a reason to spend big on security

• Personal Data Privacy: Trends, Challenges, and Solutions

• Researchers Demonstrate Apple Device Spoofing At Def Con 2023

• Microsoft Makes Concession To Win UK Activision Approval

• Carderbee Hacking Group Uses Legitimate Software in Supply Chain Attack

• Canadian PM Trudeau Slams Facebook Amid Wildfire Crisis

• Threat Actors Leak 2.6 Million DuoLingo Users` Data on Hacking Forum

• Choosing the Right Document Format – Business Guide 2023

• Apache XML Graphics Batik Flaw Exposes Sensitive Information

• Open redirect flaws increasingly exploited by phishers

• Security Onion 2.4: Free, open platform for defenders gets huge update

• Meta Releases Web Version Of Threads App

• Spacecolon Toolset Fuels Global Surge in Scarab Ransomware Attacks

• Five processes every organisation needs for successful BizDevOps

• Industrial networks need better security as attacks gain scale

• Exploitation of Ivanti Sentry Zero-Day Confirmed

• Cybersecurity’s Crucial Role Amidst Escalating Financial Crime Risks

• Experian Pays $650,000 to Settle Spam Claims

• Hackers exploit WinRAR zero-day bug to steal funds from broker accounts

• TP-Link Smart Bulb Spills Wi-Fi Passwords

• Carderbee APT targets Hong Kong orgs via supply chain attacks

• Why performing security testing on your products and systems is a good idea

• Over a Dozen Malicious npm Packages Target Roblox Game Developers

• TP-Link Tapo L530E smart bulb flaws allow hackers to steal user passwords

• Criminals go full Viking on CloudNordic, wipe all servers and customer data

• Meta plans to roll out default end-to-end encryption for Messenger by the end of the year

• Facebook users have little time left to make $725m data privacy claims

• Leveraging ChatGPT to Alleviate Stress on Cybersecurity Teams

• Scarabs colon-izing vulnerable servers

• Bitwarden launches Secrets Manager for teams

• Anticipating the next wave of IoT cybersecurity challenges

• How the downmarket impacted enterprise cybersecurity budgets

• Duolingo – 2,676,696 breached accounts

• How to make your phishing campaign a success

• Get the AT&T Cybersecurity Insights Report: Focus on US SLED

• ProxyNation: The dark nexus between proxy apps and malware

• Large-scale breaches overshadow decline in number of healthcare data incidents

• Cybercriminals turn to AI to bypass modern email security measures

• Profile Stealers Spread via LLM-themed Facebook Ads

• CarderBee hacking group targets organizations in Asia

• Threat actor targeted DOD contracting website

• Meta’s “massively multilingual” AI model translates up to 100 languages, speech or text

• How ChatGPT and Large Language Models Can Impact the Future of Cybersecurity

• A New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China

• Yet Another Glitch In The Matrix

• Update now! WinRAR files can be abused to run malware

• Alert Prioritization and Guided Remediation: The future of EDR

• What is a Managed Security Service Provider? MSSPs Explained

• More Than Half of Browser Extensions Pose Security Risks

• Learning Management System: What is it and Why do you need it?

• How AI brings greater accuracy, speed, and scale to microsegmentation

• Generative AI: Cybersecurity Weapon, But Not Without Adaptable, Creative (Human) Thinkers

• Grip Security Raising $41M Series B Led by Third Point Ventures

• Study: More Than Half of Browser Extensions Pose Security Risks

• ‘Millions’ of spammy emails with no opt-out? That’ll cost you $650K, Experian

• IT Security News Daily Summary 2023-08-22

• Adobe Patches Critical Deserialization Vulnerability, but Exploits Persist

• Absolute Dental Services Notifies Patients of Data Security Incident

• Forescout Joins MISA and Announces Integration With Microsoft Sentinel

• Proposed UN Cybercrime Treaty Threatens to be an Expansive Global Surveillance Pact

• Ivanti issues fix for third zero-day flaw exploited in the wild

• Controversial Cybercrime Law Passes in Jordan

• Fleeceware drains money from account slowly over time – here’s how to spot it

• Lawmakers Blast Facebook For Still Allowing Sale Of Deadly Recalled Product

• EFF Benefit Poker Tournament at DEF CON 31

• Luna Grabber Malware Hits Roblox Devs Through npm Packages

• Newer, Better XLoader Signals a Dangerous Shift in macOS Malware

• Proton debuts VPN for Business, enabling IT departments to control access to content and apps

• Smart light bulbs could give away your password secrets

• Publisher’s Spotlight: Black Hat USA 2023 Closes on Record-Breaking Event in Las Vegas

• How to Prevent Data Breaches: Data Breach Prevention Tips

• Defense contractor Belcan leaks admin password with a list of flaws

• Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.

• Software Makers May Face Greater Liability in Wake of MOVEit Lawsuit

• Bracing for the AI-Driven Cybersecurity Landscape of Tomorrow

• Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

• SEC fines fintech crypto fund that promised 2,700% returns

• When Leadership Style Is a Security Risk

• What is post-quantum cryptography and why is it important?

• Leveraging AT&T Cybersecurity Consulting for a robust Zero Trust Center of Excellence

• Why is API security the next big thing in Cybersecurity?

• Do It for You: Commit to Cybersecurity Certification Now

• Critical Insight Report: 15% Drop in Breaches, 31% Surge in Victims

• Application Security From Code to Cloud – An Interview with Lotem Guy at Cycode

• New QwixxRAT Windows Malware Spreads Through Telegram And Discord

• Researchers Uncovered the Developer of CypherRAT and CraxsRAT

• Scarab Ransomware Deployed Worldwide Via Spacecolon Toolset

• 16 Remote Access Security Best Practices to Implement

• Bitsight Security Ratings

• Cyber Attacks that impacted billions and millions of online accounts

• US ARPA-H Initiative Counters Healthcare Cyber-Threats

• 90% of Consumers Worry Cybersecurity’s Future Is in Jeopardy if Students Aren’t Exposed to the Field at an Earlier Age

• Kyndryl becomes a VMware Cross-Cloud managed services provider

• Enhanced VMware Cloud helps customers modernize, optimize, and protect their businesses

• SA may Surpass the ‘Nigerian Prince,’ Becoming Africa’s New Cybercrime Capital

• DDoS Attacks in a Kubernetes Environment: Detection and Mitigation

• Ivanti Sentry Flaw: Let Attackers Access Critical APIs Used for Configuration

• One simple way to cut ransomware recovery costs in half

• TP-Link Smart Bulb Vulnerabilities Expose Households to Hacker Attacks

• CISA Warns Of Another Exploited Adobe Coldfusion Vulnerability

• TP-Link Smart Bulb Vulns Expose Households To Hacker Attacks

• Apple’s Defense Against Apps Vandalizing Other Apps Is Still Broken, Developer Claims

• Crypto Botnet On X Is Powered By ChatGPT

• 0-Day In Ivanti’s Sentry Gateway Actively Exploited

• Vulnerabilities in TP-Link IoT Devices Can Get You Hacked

• Network Architecture Mapping Improves Security Posture and Saves Big Bucks

• OT Under Greater Scrutiny in Global Cybersecurity Regulatory Environment

• Cuba Ransomware Targets U.S. Organizations via Veeam Exploit

• Training the Next Generation of Cybersecurity Professionals: 4 Keys to a Successful Internship Program

• Juniper Networks Junos OS Let Attacker Remotely Execute Code

• Apache Ivy Injection Flaw Let Attackers Exfiltrate Sensitive Data

• VMware Explore 2023: Keynote Highlights

• Hacker Conversations: Cris Thomas (AKA Space Rogue) From Lopht Heavy Industries

• Ivanti warns customers another zero-day is under active attack

• Ten Ways an XDR Service Can Empower IT Managers

• Cybersecurity Concerns: When Mental Health Queries Become Malware Magnets

• XLoader macOS Malware Variant Disguised as ‘OfficeNote’ Productivity App

• Juniper Networks Junos OS let Attacker Remotely Execute Code

• Top 13 ransomware targets in 2023 and beyond

• The Physical Impact of Cyberattacks on Cities

• Aston University partners with ISACA to offer credentials in cybersecurity and risk management to graduates

• MITRE appoints Deborah Youmans as CIO

• What Are X-forwarded Headers, and Why Is It Used?

• Webinar Today: ZTNA Superpowers CISOs Should Know

• Australian Energy Software Firm Energy One Hit by Cyberattack

• Ransomware Group Starts Leaking Data From Japanese Watchmaking Giant Seiko

• US Military Targeted in Recent HiatusRAT Attack

• Thousands of Malicious Android Apps are Employing Covert APKs to Bypass Security

• Silicon Labs: reMarkable 2

• Silicon Labs: Logitech MX Keyboard

• TP-Link Smart Bulb Users at Risk of WiFi Password Theft

• Cato Networks: Challenger in Gartner Magic Quadrant for Single-Vendor SASE

• The devil in the detail

• Continued MOVEit Exploitation Drives Record Ransomware Attacks

• ‘Cuba’ Ransomware Group Uses Every Trick in the Book

• Energy One Cyberattack: Key Systems In Australia And UK Compromised – Immediate Actions Taken And Investigation Underway

• Tesla Data Breach Exposes Personal Information Of Over 75,000 Individuals: Inside Job By Former Employees Confirmed

• Grip Security raises $41 million to accelerate growth and extend its market

• Cyberattack on UK IT Firm Swan Retail Affects 300 Retailers

• Grip Security Lands $41 Million Series B Financing

• New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack

• The Internet Is Turning Into a Data Black Box. An ‘Inspectability API’ Could Crack It Open

• CISOs Tout SaaS Cybersecurity Confidence, But 79% Admit to SaaS Incidents, New Report Finds

• Ivanti Sentry zero-day vulnerability fixed, patch ASAP! (CVE-2023-38035)

• Silicon UK Labs: Logitech MX Keyboard

• CISA Warns of Another Exploited Adobe ColdFusion Vulnerability

• Cerby Raises $17 Million for Access Management Platform for Nonstandard Applications

• Essential Advice for Aspiring Software Developer Beginners (2023)

• US Judge Denies Copyright For AI-Generated Artwork

• Silicon UK Labs: reMarkable 2

• What is Configuration Drift?

• Cyber-Attack on Australian Utility Firm Energy One Spreads to UK Systems

• Chinese APT Targets Hong Kong in Supply Chain Attack

• New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China

• Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates

• New APT Group Launches Supply Chain Campaign

• Cerby lands $17M to manage access to ‘nonstandard’ enterprise apps

• Juniper Networks fixes flaws leading to RCE in firewalls and switches

• Seiko joins growing list of ALPHV/BlackCat ransomware victims

• 1-15 July 2023 Cyber Attacks Timeline

• Webinar: Leveraging the Power of Cyber Threat Adversary Infrastructure

• Silicon Labs: Kingston Keypad 200C

• China Looks To Expand Computing Power Amidst US Sanctions

• Silicon UK Labs: MX Master 3S Mouse

• UN Study Finds Women Face Disproportionate AI Job Risk

• Why No Business in 2023 Can Grow without APIs

• Ivanti Warns of Critical New Zero-Day Bug

• Beijing Bans AI-Generated Medical Prescriptions

• Tesla: Insiders Responsible For Major Data Breach

• A cyber attack hit the Australian software provider Energy One

• CISA adds critical Adobe ColdFusion flaw to its Known Exploited Vulnerabilities catalog

• Snatch gang claims the hack of the Department of Defence South Africa

• Ukrainian hackers claim to leak emails of Russian parliament deputy chief

• British intelligence is tipping off ransomware targets to disrupt attacks

• After Russia’s failure, India is next in line to attempt a Moon landing

• China keeps buying hobbled Nvidia cards to train its AI models

• Apple’s defense against apps vandalizing other apps still broken, developer claims

• Southeast Asian Smartphone Users ‘Prefer Budget Models’

• Need to improve the detection capabilities in your security products?

• Wind-Powered Cargo Ship Sets Off On Maiden Voyage

• New Variant of XLoader macOS Malware Disguised as ‘OfficeNote’ Productivity App

• Accelerating Data Security and Manufacturing Production for Medical Sensors by 20x with nTropy.io and Thales

• Ivanti fixed a new critical Sentry API authentication bypass flaw

• DotRunpeX Malware Injector Widely Delivers Known Malware Families to Attack Windows

• Maintaining consistent security in diverse cloud infrastructures

• IT’s rising role in physical security technology

• Britain starts issuing ‘Early Warning’ to Ransomware Victims

• Privacy is Sexy: custom privacy scripts for Windows, Linux and macOS

• Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software

• 4 Major Innovations in Healthcare Smart Cards

• AT&T Cybersecurity wins SC Media Award for Best Threat Intelligence

• Building Cybersecurity into the supply chain is essential as threats mount

• Critical Adobe ColdFusion Flaw Added to CISA’s Exploited Vulnerability Catalog

• 8 open-source OSINT tools you should try

• Understanding how attackers exploit APIs is more important than ever

• Atmeltomo – 580,177 breached accounts

• The Importance of SaaS Backup and Disaster Recovery: Reasons to Consider

• Ivanti Sentry exploited in the wild, patches emitted

• Ivanti Issues Fix for Critical Vuln In Its Sentry Gateway Technology

• A week in security (August 14 – August 20)

• QR codes used to phish for Microsoft credentials

• Chrome will soon start removing extensions that may be unsafe

• Trusted Advisor puts you in the security driving seat

Generated on 2023-08-23 23:55:20.433807