IT Security News Monthly Summary – April

• IT Security News Daily Summary 2023-03-31

• Treading Water: The Struggle Against Third-Party Vulnerabilities and How True Automation Can Help.

• Dependency Poker for Scrum Teams

• The best travel VPNs of 2023: Expert tested

• Pro-Islam ‘Anonymous Sudan’ Hacktivists Likely a Front for Russia’s Killnet Operation

• Mimecast Report Reveals Nearly 60% of Companies in UAE and Saudi Arabia Need to Increase Cybersecurity Spending

• The FDA’s Medical Device Cybersecurity Overhaul Has Real Teeth, Experts Say

• New Cylance Ransomware Targets Linux and Windows, Warn Researchers

• Space Force is building a virtual training ground for space conflict

• Stupid Patent of the Month: Traxcell Tech Gets Ordered To Pay Attorneys’ Fees

• S4x23 Review Part 4: Cybersecurity for Industrial IoT

• How one state looks to shared cyber services to defend rural areas

• Study: Women in cybersecurity feel excluded, disrespected

• Hackers are actively exploiting a flaw in the Elementor Pro WordPress plugin

• NYPD blues: Cops ignored 93 percent of surveillance law rules

• IG: Social Security isn’t moving fast enough on agile development

• How to Solve IoT’s Identity Problem

• Adaptive Access Technologies Gaining Traction for Security, Agility

• A Machine With First Amendment Rights

• PRODUCT REVIEW: Trend Micro Cloud One

• Report: 39% of VA IT contract awards didn’t have CIO approval

• German Police Raid DDoS-Friendly Host ‘FlyHosting’

• After Students Challenged Proctoring Software, French Court Slaps TestWe App With a Suspension

• The best home security systems of 2023: Expert reviewed

• Glitch in system upgrade identified as cause of delays at Singapore immigration

• Is Decentralized Identity About to Reach an Inflection Point?

• Ukraine Busts Gang for Massive $4.3 Million Phishing Scams

• Chinese Hackers Using KEYPLUG Backdoor to Attack Windows & Linux Systems

• Working in cybersecurity and zero trust with Ericom Software’s David Canellos

• CISA Moving Further Towards Pre-Emptive Stance with Ransomware Attack Alert System

• Latest Cyberthreats and Advisories – March 31, 2023

• Women in Cybersecurity – History to Today

• A new resource to roll out responsible AI

• FDA Announces New Cybersecurity Requirements for Medical Devices

• Italy’s Privacy Watchdog Blocks ChatGPT Amid Privacy Concerns

• The Role of International Assistance in Cyber Incident Response

• FDA Sets New Medical Devices Cybersecurity Standards

• NATO and Diplomats’ Email Portals Targeted by Russian APT Winter Vivern

• NHS IT systems under disruption threat due to cyber attack on Capita

• Modular “AlienFox” Toolkit Used to Steal Cloud Service Credentials

• New Azure Flaw “Super FabriXss” Enables Remote Code Execution Attacks

• Vulkan Playbook Leak Exposes Russia’s Plans for Worldwide Cyberwar

• Apple’s iOS 16.4: Security Updates Are Better Than New Emoji

• Know These Potential Drawbacks Before Joining New Social Media Sites

• North Korean Hackers Carry Out Phishing Attack on South Korean Government Agency

• CISA Warns of Vulnerabilities in Propump and Controls’ Osprey Pump Controller

• Report: Chinese State-Sponsored Hacking Group Highly Active

• PCI DSS 12 requirements

• Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability

• AlienFox Toolset Harvests Credentials From 18 Cloud Services

• Pro-Russia Cyber Gang Winter Vivern Puts US, Euro Lawmakers In Line Of Fire

• Hacking Campaign Exploited Zero Day Tied To Spyware Firm

• ChatGPT Banned In Italy Over Privacy Concerns

• Study Reveals WiFi Protocol Vulnerability Exposing Network Traffic

• Is It Time to Start Hiding Your Work Emails?

• US Space Force Requests $700M for Cybersecurity Blast Off

• Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M

• Leading Tech Talent Issues Open Letter Warning About AI’s Danger to Human Existence

• Security Copilot: Microsoft Employes GPT-4 to Improve Security Incident Response

• Lumen Technologies Hit by Two Cyberattacks

• Votiro Raises $11.5 Million to Prevent File-Borne Threats

• What CISOs Can Do to Build Trust & Fight Fraud in the Metaverse

• Late Efforts at the International Law Commission to Decriminalize the Crime of Aggression Is Wrong in Law

• Maintaining Data Integrity With Growing Cybersecurity Concerns

• Post-Quantum Satellite Protection Rockets Towards Reality

• Privacy Implications of Web 3.0 and Darknets

• Face Biometric Authentication: Pros and cons

• Ukrainian Authorities Stop a Phishing Scam Worth $4.3 million

• Latest Cyberthreats and Advisories – March 31, 2023

• Leaked Vulkan Files Reveal Kremlin’s Cyberwarfare Tactics

• Top 60 Cybersecurity Startups to Watch

• Deep Dive Into 6 Key Steps to Accelerate Your Incident Response

• Cyber Police of Ukraine Busted Phishing Gang Responsible for $4.33 Million Scam

• Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months

• Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks

• Smart Grid Fragility, a Constant Threat for the European and American Way of Living

• Psst! Infosec bigwigs: Wanna be head of security at HM Treasury for £50k?

• Virgin Orbit Lays Off 85 Percent Of Staff

• 3CX Supply Chain Attack — Here’s What We Know So Far

• Russian APT group Winter Vivern targets email portals of NATO and diplomats

• Ukraine Cyberpolice Dismantles Fraud Ring That Stole $4.3 million

• For Cybersecurity, the Tricks Come More Than Once a Year

• Warning: Threat Actors Compromise 3CX Desktop App in a Supply Chain Attack

• Best Practices for Effective Identity Lifecycle Management (ILM)

• Japan Joins US, Netherlands, In Chip Export Restrictions To China

• NHS Highland ‘reprimanded’ by data watchdog for BCC blunder with HIV patients

• Severe Azure Vulnerability Led to Unauthenticated Remote Code Execution

• UK Regulator: HIV Data Protection Must Improve

• GCHQ Updates Security Guidance for Boards

• Ukrainian Police Bust Multimillion-Dollar Phishing Gang

• Can’t Clear Your Browser History? Here’s How to Fix It

• Using Data and Analytics to Improve Hedge Fund Performance: Strategies and Techniques

• Red Hat Shares – Security automation

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows?

• Pro-Russia cyber gang Winter Vivern puts US, Euro lawmakers in line of fire

• The UK Government Shares New Strategy to Boost NHS Cybersecurity by 2030

• Azure ADを使用するマルチテナント アプリケーションの承認に関する構成ミスの可能性に関するガイダンス

• Gamers playing with real money should be wary of scammers.

• Apple’s iOS 16.4: Security Updates Are Better Than a Goose Emoji

• Overcoming obstacles to introduce zero-trust security in established systems

• New infosec products of the week: March 31, 2023

• Sundry Files – 274,461 breached accounts

• Cloud diversification brings complex data management challenges

• Leveraging network automation to enhance network security

• The foundation of a holistic identity security strategy

• Real Talk with CCSPs: An Interview with Panagiotis Soulos

• BlackGuard stealer extends its capabilities in new variant

• ReasonLabs Dark Web Monitoring identifies malicious online activity

• AttackIQ Ready! gives security teams a clear portrait of their security program performance

• Intruder unveils API scanning to help organizations reduce exposure

• OSC&R open software supply chain attack framework now on GitHub

• authentication factor

• CSR (Certificate Signing Request)

• World Backup Day is here again – 5 tips to keep your precious data safe

• Leaked Reality – 114,907 breached accounts

• Leaked IT contractor files detail Kremlin’s stockpile of cyber-weapons

• 3CX Desktop App Supply Chain Attack Targets Millions – Known Facts and First Expert Comments

• Azure blunder left Bing results editable, MS 365 accounts potentially exposed

• Microsoft adds GPT-4 to its defensive suite in Security Copilot

• Former President Trump Indicted

• Smart home assistants at risk from “NUIT” ultrasound attack

• 3CX desktop app used in a supply chain attack

• “BingBang” flaw enabled altering of Bing search results, account takeover

• Update now! Apple fixes actively exploited vulnerability and introduces new features

• Votiro raises $11.5 million to accelerate global expansion

• IBM partners with Wasabi to power data insights across hybrid cloud environments

• Cynerio and Sodexo join forces to address growing threats to medical IoT devices

• Certa collaborates with ID-Pal to simplify third-party onboarding

• Digital Rights Updates with EFFector 35.4

• Azure flaw left Bing results editable and MS 365 accounts exposed

• CISO’s Guide to Presenting Cybersecurity to Board Directors

• The Human Aspect in Zero Trust Security

• Russian Cyberwarfare Documents Leaked

• Automatic Updates Deliver Malicious 3CX ‘Upgrades’ to Enterprises

• Trump’s Indictment Marks a Historic Reckoning

• Security leaders are finally getting a seat at the table with corporate leadership – make good use of your time there

• As Cyber Attacks Target Large Corporates, Teams Need to Evolve Data Security

• AlienFox malware caught in the cloud hen house

• IT Security News Daily Summary 2023-03-30

• Lessons from the metaverse

• Facebook Will Finally Allow Users To Opt Out Of Data Tracking In Europe

• Super FabriXss vulnerability in Microsoft Azure SFX could lead to RCE

• IRS tax forms W-9 email scam drops Emotet malware

• Compress File Using Mule 4 With AES 256 Encryption

• Every state sees tech workforce gains, report says

• How smaller agencies are working to close their technology talent gaps

• Report: Terrible employee passwords at world’s largest companies

• BEC Fraudsters Expand to Snatch Real-World Goods in Commodities Twist

• Ironing Out The macOS Details Of A Smooth Operator

• Secret Trove Offers Rare Look Into Russian Cyberwar Ambitions

• The new AI boom could increase data breaches, if companies aren’t held responsible

• Singapore bank faces regulatory action over ‘unacceptable’ digital service outage

• 3CX desktop app compromised, abused in supply chain attack

• New AlienFox toolkit harvests credentials for tens of cloud services

• The Future of Fintech Applications

• ChatGPT Ready to Write Ransomware But Failed to Go Deep

• Low-Code and No-Code Are the Future of Work — For IT and Beyond

• Ransomware attacks skyrocket as threat actors double down on U.S., global attacks

• Microsoft Patches ‘Dangerous’ RCE Flaw in Azure Cloud Service

• Court Grants Twitter Subpoena To Identify Source Code Leaker

• The challenges of collective cyber defense

• Anti-Bot Software Firm DataDome Banks $42M Financing

• Supply chain blunder puts 3CX telephone app users at risk

• Vulnerability Enabled Bing.com Takeover, Search Result Manipulation

• DataDome Closes $42M in Series C Funding to Advance the Fight Against Bot-Driven Cyberattacks and Fraud

• Organizations Reassess Cyber Insurance as Self-Insurance Strategies Emerge

• Researchers Detail Severe “Super FabriXss” Vulnerability in Microsoft Azure SFX

• GSA releases new 5G acquisition guidance for agencies

• cardholder data (CD)

• S3 Ep128: So you want to be a cyber­criminal? [Audio + Text]

• Socura Launches Managed SASE (MSASE) Service

• Google Uncovers more Details on Spanish-made Spyware that Targeted UAE Users

• Sam Bankman-Fried Pleads Not Guilty To Additional Charges

• Spyware Vendors Exploit 0-Days On Android and iOS Devices

• Italian agency warns ransomware targets known VMware vulnerability

• 2022 Industry Threat Recap: Finance and Insurance

• Localize this: Public reporting of opioid settlement cash

• Amid AI craze, what will it take for firms to take data security seriously?

• North Korean Hackers Use Trojanized 3CX DesktopApp in Supply Chain Attacks

• Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor

• Afghanistan Requires a Change from Humanitarian Business as Usual

• Supply Chain Attack By Hackers On 3CX Desktop App

• Do you use comms software from 3CX? What to do next after biz hit in supply chain attack

• Clearview: Face Recognition Software Used by US Police

• iCloud Keychain Data and Passwords are at Risk From MacStealer Malware

• Judge Rules Google Deleted Chats In Antitrust Case

• Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks

• S3 Ep128: So you want to be a cybercriminal? [Audio + Text]

• Over 70% of Employees Keep Work Passwords on Personal Devices

• Apple acquires WaveOne that uses AI to compress videos

• Azure vulnerability allowed hackers to manipulate Bing results and take over accounts

• How Digital Twins Can Prevent the Metaverse from Becoming a Fad

• A Clear Road to Net Zero – Tackling Data Centre Sustainability Myths

• PCI DSS merchant levels

• Is your TikTok account hiding enemies of the state? How do you know?

• FDA Protects Medical Devices Against Cyber-Threats With New Measures

• 3CX voice and video conferencing software victim of a supply chain attack

• Ransomware gangs are exploiting IBM Aspera Faspex RCE flaw (CVE-2022-47986)

• US Healthcare Startup Brightline Impacted by Fortra GoAnywhere Assaults

• Why First-Party Data is the Key to Improving the Customer Experience

• Staying Safe in Our New AI World: How Organisations Can Protect Themselves

• The 10 Best Cybersecurity Companies in the UK

• Hackers Used Spyware Made In Spain To Target Users In The UAE

• Pro-Russian Hackers Target Elected US Officials Supporting Ukraine

• FDA Will Refuse New Medical Devices For Cybersecurity Reasons

• Court Orders GitHub To Reveal Who Leaked Twitter’s Source Code

• 6 Malware Removal Tips for Mac

• Can AWS Be Hacked? What You Need to Know

• The Risk and Reward of ChatGPT in Cybersecurity

• Why Leaders Must Embrace Technological Chaos

• X-Force Prevents Zero Day from Going Anywhere

• And Stay Out! Blocking Backdoor Break-Ins

• Azure Pipelines vulnerability spotlights supply chain threats

• Only 10% of workers remember all their cyber security training

• Companies Affected by Ransomware [2022-2023]

• Street Fighter 5 Not Launching? Here are 8 Easy Solutions

• Microsoft uses carrot and stick with Exchange Online admins

• Broadcom’s $61bn VMware Deal Faces Phase 2 CMA Probe

• Stop Blaming the End User for Security Risk

• Popular PABX platform, 3CX Desktop App suffers supply chain attack

• Why Endpoint Resilience Matters

• Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks

• 500k Impacted by Data Breach at Debt Buyer NCB

• New Mélofée Linux malware linked to Chinese APT groups

• How China’s Spies Fooled an America That Wanted to be Fooled

• What Is User Provisioning?

• How to stay safe while using public Wi-Fi

• Securing cloud tech stacks with zero trust will drive growth of confidential computing

• DataDome raises $42M to leverage machine learning for confronting bot attacks

• New Wi-Fi Protocol Security Flaw Affecting Linux, Android and iOS Devices

• US Gives Costa Rica $25M For Eradication Of Conti Ransomware

• NullMixer Campaign: A Threat to Cybersecurity

• New CISSP Exam Registration Process for 2023

• 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component

• Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data

• Cyberstorage: Leveraging the Multi-Cloud to Combat Data Exfiltration

• 3CX customers targeted via trojanized desktop app

• APT43: A New Cyberthreat From North Korea

• Microsoft Rolls Out Security Copilot For Swift Incident Response

• Amazon Opens Sidewalk Mesh Network To Third-Party Devices

• Top Vulnerabilities in 2023 and How to Block Them

• AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services

• Advanced AI Poses Risk To Humanity, Open Letter Warns

• UK Introduces Mass Surveillance With Online Safety Bill

• The U.K. Police Hunts Cybercriminals with Fake DDoS-as-a-service Sites

• Technology Meets Gambling: How to Get The Most Out of Your Live Casino Experience

• Volume of HTTPS Phishing Sites Surges 56% Annually

• Selecting the right MSSP: Guidelines for making an objective decision

• iOS vs. Android – Which Is The More Secure Platform?

• NCA Celebrates Multimillion-Pound Fraud Takedowns

• ChatGPT and copywriting

• The Role of AI in Digital Marketing: Opportunities and Challenges

• The most important email conversation you will ever have

• New Mac Malware, and Stolen Session Cookies – Intego Mac Podcast Episode 285

• Thieves Steal $9m from Crypto Liquidity Pool

• 3CX Desktop App Supply Chain Attack Leaves Millions at Risk – Urgent Update on the Way!

• What Is the Ghost of Tsushima Legends Mode – Everything You Need to Know

• 3CXDesktop App Trojanizes in A Supply Chain Attack: Check Point Customers Remain Protected

• 3CX Desktop App Targeted in Supply Chain Cyber Attack, Affecting Millions of Users

• Do you know what your supply chain is and if it is secure?

• Developing Story: Information on Attacks Involving 3CX Desktop App

• 3CXDesktop App Trojanizes in A Supply Chain Attack: Check Point customers remain protected

• World Backup Day 2023: Five Essential Cyber Hygiene Tips

• US Federal agencies banned from using foreign spyware

• Warning: Your wireless networks may leak data thanks to Wi-Fi spec ambiguity

• Porn ID Laws: Your State or Country May Soon Require Age Verification

• Dangerous misconceptions about emerging cyber threats

• Scan and diagnose your SME’s cybersecurity with expert recommendations from ENISA

• Protect your entire business with the right authentication method

• The rise of biometrics and decentralized identity is a game-changer for identity verification

• alphaMountain has launched a new Cyber Threat analysis platform called “threatYeti”

• Elon Musk says AI Machines could launch their own Cyber Attacks

• Another year, another North Korean malware-spreading, crypto-stealing gang named

• There’s a chronic shortage of talent in cybersecurity, Microsoft says

• BreachLock API Penetration Testing Service prevents exploits of unpatched APIs

• BigID’s privacy suite discovers and classifies all CPRA-related data

• LOKKER Web Privacy Risk Score helps organizations measure and mitigate online privacy threats

• The best defense against cyber threats for lean security teams

• The cost-effective future of mainframe modernization

• Smugglers busted sneaking tech into China

• Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT

• Spera Takes Aim at Identity Security Posture Management

• 8 Proven Ways to Combat End-of-Life Software Risks

• Malware disguised as Tor browser steals $400k in cryptocash

• QuSecure partners with Accenture to conduct multi-orbit data transmission secured with PQC

• Netskope and Zoom collaborate to improve security posture and maintaining compliance

• NanoLock and ISTARI team up to protect OT manufacturing environments

• Data Lakehouses: The Future of Scalable, Agile, and Cost-Effective Data Infrastructure

• Spira Takes Aim at Identity Security Posture Management

• BingBang: How A Simple Developer Mistake Could Have Led To Bing.com Takeover

• The US Is Sending Money to Countries Devastated by Cyberattacks

• ChatGPT happy to write ransomware, just really bad at it

• “Log-out king” Instagram scammer gets accounts taken down, then charges to reinstate them

• GSA makes a case for Login.gov on Capitol Hill following scathing report

• Versa Networks strengthens marketing team with three new executives

• Right-Hand Cybersecurity raises $5 million to expand its global operations

• Spera raises $10 million to equip cybersecurity teams with the visibility and risk contextualization

• Anomali and Canon IT join forces to combat zero-day threats

• Google reveals spyware attack on Android, iOS, and Chrome

• How an inclusive work environment attracts, retains tech workers

• Top Tech Talent Warns of AI’s Threat to Human Existence in Open Letter

• IT Security News Daily Summary 2023-03-29

• Mélofée: The Latest Malware Targeting Linux Servers

• Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App

• Top Tech Talent Warns on AI’s Threat to Human Existence in Open Letter

• QNAP fixed Sudo privilege escalation bug in NAS devices

• Trojan-Rigged Tor Browser Bundle Drops Malware

• How is mLearning the Future of On-The-Go Dynamic Training Programs?

• How to Hide Tables in SQL Server Management Studio

• Senate committee advances open source software and digital identity bills

• Tech innovations get tryout in regulatory sandboxes

• Google: Spyware vendors exploiting iOS, Android zero days

• Arkansas Announces Lawsuit Against Facebook For Harming Young Users

• Patch Now: Cybercriminals Set Sights on Critical IBM File Transfer Bug

• Australia’s Casino Giant Crown Resorts disclosed data breach after Clop ransomware attack

• 5 Reasons mLearning is the Future of On-The-Go Dynamic Training Programs

• Cybersecurity Investment Outlook Remains Grim as Funding Activity Sharply Declines

• Phishing Emails Up a Whopping 569% in 2022

• Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD

• Spotify’s new Niche Mixes are tailor-made for me

• Microsoft’s Security Copilot brings AI to security, and it’s making me nervous

• Pig butchering scams: The anatomy of a fast‑growing threat

• Cybersecurity Investment and M&A Activity Slowed in Q1, 2023

• Microsoft Defender shoots down legit URLs as malicious

• Fake Tor Browser Installers Distributing Clipper Malware

• LeapXpert Banks $22M Funding to Secure Corporate Messaging With Consumer Apps

• OpenAI quickly fixed account takeover bugs in ChatGPT

• Pinduoduo Malware Executed a Dangerous 0-day Exploit Against Millions of Android Devices

• How to automatically lock your Windows PC with Dynamic Lock

• Cops use fake DDoS services to take aim at wannabe cybercriminals

• South Korea, US Seek Do Kwon Extradition

• How Can Enterprises, ML Developers, and Data Scientists Safely Implement AI to Fight Email Phishing?

• OpenAI Patches Account Takeover Vulnerabilities in ChatGPT

• Spera Banks $10 Million to Tackle Identity and Access Sprawl

• Blockchain Security Firm True I/O Raises $9 Million

• Vulnerability management vs. risk management, compared

• Aruba ClearPass Policy Manager NAC Solution Review

• Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits

• Using Observability to Power a Smarter Cybersecurity Strategy

• Cybersecurity Industry News Review – March 21, 2023

• API security: the new security battleground

• 10 Ways B2B companies can improve mobile security

• ‘New threats’ to national security are created by emerging tech, DHS chief says

• Google Warns Against Commercial Spyware Exploiting Zero-Days

• Defend against DDoS attacks with Azure DDoS IP Protection

• How to Keep Up With a Shifting Threat Landscape

• Another Democrat joins chorus of concerns about CBP’s mobile app

• Why formal government communications work better than informal ones

• Clop Ransomware Group Exploits GoAnywhere MFT Flaw

• Will you entrust cybersecurity to AI as per Microsoft

• Dark and Darker Developer Uses ChatGPT AI tool in Bid to Prove it Hasn’t Infringed Copyright

• Partnerships and improved data may bolster U.S. weather predictions

• OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023

• Attacks Targeting APIs Increased By 400% in Last Six Months

• Enhanced Azure Arc integration with Datadog simplifies hybrid and multicloud observability

• Apple Launches Buy Now, Pay Later Service For US

• Beware of MacStealer: A New Malware Targeting macOS Catalina Devices

• How Threat Actors are Using IPFS for Email Phishing

• Improper Disposal of IT Equipment Poses Cyber Security Risks

• Sam Bankman-Fried Charged With Bribing Chinese Officials

• Overcoming Challenges and Best Practices for Data Migration From On-Premise to Cloud

• Cyber Storm Predicted at the 2023 World Economic Forum

• EU mandated messaging platform love-in is easier said than done: Cambridge boffins

• How Good Smile, a Major Toy Company, Kept 4chan Online

• Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

• Google TAG shares details about exploit chains used to install commercial spyware

• A Dispatch From Italy: Meloni’s First Six Months

• Enforcement of Cybersecurity Regulations: Part 2

• Barracuda Ransomware Report

• Viral KYC Scam in Mumbai Steals Rs 1 Crore from 81 Users

• New WiFi Flaw Let Attackers Hijack Network Traffic

• Nexus Android malware targets 450 financial applications

• Casino Giant Crown Resorts Investigating Ransomware Group’s Data Theft Claims

• New Wi-Fi Attack Allows Traffic Interception, Security Bypass

• The CISO Mantra: Get Ready to Do More With Less

• Investors Pull $1.6 Billion After US CFTC Charged Binance

• 5 common SD-WAN challenges and how to prepare for them

• The Power of the Team — Meeting Customers in the Cloud

• North Korean APT43 Group Finances Spy Activities Via Cybercrime

• Microsoft unveils AI-powered Security Copilot analysis tool

• New API Report Shows 400% Increase in Attackers

• How to use Bitwarden’s Password Manager in Chrome, Edge and Firefox

• What Makes an Effective Anti-Bot Solution?

• QuSecure and Accenture Test Multi-Orbit Communications Link Using Post-Quantum Cryptography

• Over 200 Organizations Targeted in Chinese Cyberespionage Campaign

• Most Weaponized Vulnerabilities of 2022 and 5 Key Risks: Report

• Google Links More iOS, Android Zero-Day Exploits to Spyware Vendors

• Smart Mobility has a Blindspot When it Comes to API Security

• How to Build a Research Lab for Reverse Engineering — 4 Ways

• Mélofée: Researchers Uncover New Linux Malware Linked to Chinese APT Groups

• Clipper attacks use Trojanized TOR Browser installers

• New Fake Tor Browser Theft Campaign Steals Over $400,000 In Crypto

• Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis

• Clop Ransomware Exploits Zero-Day Vulnerability to Breach Crown Resorts

• Command-and-Control Servers Explained. Techniques and DNS Security Risks

• Analysis: Hackers Exploit Zero-Day to Siphon $1.5 Million From Bitcoin ATMs

• ChatGPT Vulnerability Exposed Users’ Convos And Payment Details

• Why Fleksy Keyboard Is the Most Secure to Use

• The Security Vulnerabilities of Message Interoperability

• Leaky Buckets in 2023

• Laptop Keeps Shutting Off? Here’s How to Fix It

• AI terms you need to know

• TikTok Data Centre Blamed For Hampering Ukraine Ammo Production

• An Overview of the Quantum Revolution in Computing

• IAM isn’t cutting it, Spera raises $10M for a new approach to identity security

• Government Sets Out ‘Adaptable’ AI Plan

• ChatGPT Vulnerability May Have Exposed Users’ Payment Information

• Ransomware Crooks Are Exploiting IBM File Exchange Bug

• China Urges Apple To Improve Security And Privacy

• AI Could Replace Equivalent Of 300 Million Jobs

• Meet APT43: The Group That Hacks, Spies, And Steals For North Korea’s Ruling Elite

• Back and Bigger Than Ever! The Inside Man Season 5 Takes a Stab at Power Hungry Adversaries

• How To Install Filmoviplex filmovi online sa prevodom In PC – Windows 7, 8, 10, and Mac

• FTX cryptovillain Sam Bankman-Fried charged with bribing Chinese officials

• Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware

• Financial cyberthreats in 2022

• Tech Industry Bids to Tackle Cyber-Mercenary Epidemic

• Redefining the Boundaries of People, Process, and Platforms

• Just 1% of Cloud Permissions Are Actively Used

• DDoS DNS attacks are old-school, unsophisticated … and they’re back

• Experts Warn of Self-Funding North Korean Group APT43

• Warning! 14 Million Customers Impacted by Latitude Financial`s Data Breach

• Why performing security testing on your products and systems is a good idea

• A Military-Type Explosive Sent Via USB Drive to Detonate When Plug-in To Computer

• North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations

• How cybersecurity decision-makers perceive cyber resilience

• Microsoft Exchange Server vulnerability makes lawyers pay $200k as a settlement

• Understanding the difference between attack simulation vs penetration testing

• ICS/OT Cybersecurity 2022 TXOne Annual Report Insights

• UK Police Setup Thousands of  Fake DDoS-For-Hire Websites

• Visa fraud expert outlines the many faces of payment ecosystem fraud

• New York law firm gets fined $200k for failing to protect health data

• LATEST CYBERTHREATS AND ADVISORIES – MARCH 24, 2023

• Broken Object Level Authorization: API security’s worst enemy

• Microsoft announces Microsoft Incident Response Retainer

• Ignoring network automation is a ticking time bomb for security

• HackNotice Actions helps people to understand the extent of their data exposure

• Protegrity Borderless Data Solution enables compliant cross-border data flows

• NTT’s MDR service improves cyber resilience for organizations

• Netwrix upgrades its product portfolio and launches Netwrix 1Secure

• Understanding MQTT Security: A Comprehensive Overview

• China urges Apple to improve security and privacy

• How Does Data Literacy Enhance Data Security?

• ChatGPT helps both criminals and law enforcement, says Europol report

• Fake DDoS services set up to trap cybercriminals

• Signifyd and Adobe partner to eliminate the risk of payments fraud

• Endace collaborates with Niagara Networks to accelerate response to network threats

• Top Benefits of Using Flutter for Cross-Platform App Development

• Mandiant Catches Another North Korean Gov Hacker Group

• TV Networks Slam Facebook Over Allowing Scam Ads

• Apple patches all the iThings, including iOS 15 hole under attack right now

• With political ‘hacktivism’ on the rise, Google launches Project Shield to fight DDoS attacks

• Toyota Italy accidentally leaked sensitive data

• Apple patches all the iThings, including an iOS 15 hole under attack right now

• How to talk to users about cybersecurity

• With political ‘hacktivism’ on the rise, Google launches Project Shield to fight DDos attacks

• Eight Tips for CISOs Trying Get Their Board on Board

• Next Generation Cybersecurity for Small to Midsize Businesses

• IT Security News Daily Summary 2023-03-28

• CISA director says agency is working on cyber workforce gaps

• Bitter APT group targets China’s nuclear energy sector

• NASA plans to consolidate cloud contracts

• NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month

• MacStealer Malware Plucks Bushels of Data From Apple Users

• PGP Encryption: The Email Security Standard

• Millions of Pen Tests Show Companies’ Security Postures Are Getting Worse

• Google again accused of willfully destroying evidence in Android antitrust battle

• Watermarking ChatGPT, DALL-E and other generative AIs could help protect against fraud and misinformation

• Microsoft launches AI-powered Security Copilot

• OPINION: Why Perfection is the Enemy of Progress in Cybersecurity

• How data insights can solve geographic inequity, build regional economies

• Bitwarden Announces Secrets Management With a Combination of Open Source, End-to-End Encryption, and Ease of Use

• NextWave Program Product and Service Specializations — Breakaway 1=5

• Texas may be about to scrap a voting security system it can’t replace

• Improve your technical knowledge with 13 CompTIA courses for $54.97

• Video: How to Build Resilience Against Emerging Cyber Threats

• Microsoft Puts ChatGPT to Work on Automating Cybersecurity

• Microsoft Introduces GPT-4 AI-Powered Security Copilot Tool to Empower Defenders

• How effective asset management supports data center sustainability

• Latitude Data breach is worse than initially estimated. 14 million individuals impacted

• Exchange Online will soon start blocking emails from old, vulnerable on-prem servers

• Research Says, Mobile Phones are Listening to Your Conversations

• Hacker Returns $200 Million Stolen from Euler Finance

• Why SASE will benefit from faster consolidation of networking and security

• UK Sets Up Fake Booter Sites To Muddy DDoS Market

• North Korea’s Kimsuky Evolves into Full-Fledged, Prolific APT

• France Bans TikTok And Other ‘Fun Apps’ On Government Devices

• Essential Cybersecurity Tips to Reduce the Risk of Data Breaches

• Member Feedback on (ISC)² 2023 Bylaws Requested by April 7

• Cybersecurity Industry News Review – March 28, 2023

• (ISC)² Listens: Women Working in Cybersecurity

• Dridex malware, the banking trojan

• The FBI Has Been Buying Bulk Internet Data from This Florida Company

• Parts of Twitter’s Source Code Leaked Online On GitHub

• Legacy Application Refactoring: How To Revive Your Aging Software

• How to prevent fork bombs on your Linux development servers

• Publicly disclosed U.S. ransomware attacks in 2023

• Clipboard-Injector Attacks Target Cryptocurrency Users

• New Research Examines Traffers and the Business of Stolen Credentials

• China asks Apple to bolster its data security and privacy protections

• Apple Releases Security Patches For Older iPhone and iPad Models

• Hey, Siri: Hackers Can Control Smart Devices Using Inaudible Sounds

• Microsoft’s ‘Security Copilot’ Sics ChatGPT on Security Breaches

• Two-Week ATO Attack Mitigated by Imperva

• Silicon Labs: Logitech MX Mouse and Keyboard

• Silicon Labs: MX Master 3S Mouse

• GPT-4 kicks AI security risks into higher gear

• Microsoft Security Copilot uses GPT-4 to help security teams move at AI speed

• France Bans TikTok, Other ‘Fun’ Apps From Government Devices

• North Korea Is Now Mining Crypto to Launder Its Stolen Loot

• How to Succeed As a New Chief Information Security Officer (CISO)

• Microsoft Conduct an Emergency Fix for the Notorious ‘Acropalypse’ Bug

• Dallas County: Sold Computers May Have Public’s Personal Details

• Chinese-Designed Apps Pose Greater Privacy Risks to Americans

• CLOPS Claim to Have Hacked 130 Organizations

• Securing Cloud-Native Applications: Tips and Tricks for Secure Modernization

• National Security AI and the Hurdles to International Regulation

• Bukele Has Defeated El Salvador’s Gangs—for Now. How? And What Does It Mean for the Region?

• The Importance of Data Security and Privacy for Individuals and Businesses in the Digital Age

• The U.S. Government Restricts the Use of Spyware, White House Says

• How to Comply with the U.S. Federal Trade Commission’s (FTC) revised Safeguards Rule

• Is the future of social media subscription-based?

• ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

• SecurityScorecard Guarantees Accuracy of Its Security Ratings

• China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign

• Nigerian BEC Scammer Sentenced to Prison in US

• Compare breach and attack simulation vs. penetration testing

• Europol warns of criminal use of ChatGPT

• US President Biden Kind Of Mostly Bans Commercial Spyware

• The FBI Has Been Buying Bulk Internet Data From Team Cymru

• North Dakota To Require Cybersecurity Education In Public Schools

• Clearview AI Used Nearly 1m Times By US Police, It Tells The BBC

• New IcedID Malware Variants Shift From Banking Trojans To Ransomware

• Cymulate’s 2022 Cybersecurity Effectiveness Report reveals that organizations are leaving common attack paths exposed

• Spend on Safety Measures & Call Out Insecure Practices for Safer IoT

• Executive Order Limiting Usage Of Commercial Spyware Signed

• Wi-Fi When Traveling: 7 Ways to Get Internet for Travel

• How to Find WiFi Anywhere You Go

• Electric Carmaker Nio Pushes New-Model Battery Swap Stations

• Remote Employees: Update Your Routers (and More WFH IT Tips)

• How to protect your Windows PC from the attack that led to the Linus Tech Tips hack

• Breaking the Mold: Pen Testing Solutions That Challenge the Status Quo

• IcedID Malware Shifts Focus from Banking Fraud to Ransomware Delivery

• Pakistan-Origin SideCopy Linked to New Cyberattack on India’s Ministry of Defence

• Cybersecurity Industry News Review – March 28, 2023

• Alibaba Group To Split In Major Restructure

• Prompt engineering and jailbreaking: Europol warns of ChatGPT exploitation

• Apple backports fix for exploited WebKit bug to older iPhones, iPads (CVE-2023-23529)

• Twitter To Demote Non-Paying Posts In Subscription Overhaul

• Introduction to Shift Left Testing

• Webinar Today: Understanding Hidden Third-Party Identity Access Risks

• 14 Million Records Stolen in Data Breach at Latitude Financial Services

• Security Vulnerabilities in Snipping Tools

• Clearview ‘Carried Out Nearly 1m Searches’ For US Police

• Europol details ChatGPT’s potential for criminal abuse

• Guaranteeing Employee Loyalty for Organisational Success

• How Do Market Leaders Get Valuable Consumer Data in 2023

• Future Data Breach Threats to UK Businesses

• How to Secure Your Mobile Device: 8 Tips for 2023

• iOS Security Update Patches Exploited Vulnerability in Older iPhones

• Thousands Access Fake DDoS-for-Hire Websites Set Up by UK Police

• Stealthy DBatLoader Malware Loader Spreading Remcos RAT and Formbook in Europe

• Vulnerabilities: Understand, mitigate, remediate

• Telecom giant Lumen suffered a ransomware attack and disclose a second incident

• Should you use your browser’s password manager or a dedicated app?

• France Set To Legalise AI-Powered Surveillance For Olympics

• Is the Future of Social Media Subscription-Based?

• A Recession Must Not Halt Modernisation Programmes

• Copy-paste heist or clipboard-injector attacks on cryptousers

• Cybersecurity Industry News Review – March 21, 2023

• US Reglators Seek Ban On Crypto Exchange Binance

• Hackers Earned $1,035,000 for Exploiting 27 Zero-Days at Pwn2Own Vancouver

• Become your organization’s cybersecurity expert with this $79 bundle

• Four Years Behind Bars for Prolific BEC Scammer

• President Biden Signs Executive Order Restricting Use of Commercial Spyware

• New IcedID Variants Switch From Delivering Malware To Bank Fraud

• MacStealer MacOS Malware Steals Passwords from iCloud Keychain

• US Reglators Seek To Ban Crypto Exchange Binance

• Call for Submissions to UK’s New Computer Misuse Act

• Motivations for Insider Threats: What to Watch Out For

• US Moves to Ban “Anti-Democratic” Spyware

• How to Join a Playstation Party on PC? Step by Step Guide

• Need to improve the detection capabilities in your security products?

• EU Security and Privacy Laws: What to Expect in 2023 and beyond

• Romance scams loss termed to have reached £10k on an average in UK

• Running a security program before your first security hire

• What you need before the next vulnerability hits

• How CIAM safely orchestrates your customers’ journey and its benefits

• Best Practices for Secure Remote Development

• Apple Issues Urgent Security Update for Older iOS and iPadOS Models

• Balancing security risks and innovation potential of shadow IT teams

• What the food and building industry can teach us about securing embedded systems

• Tausight expands its AI-based PHI Security Intelligence platform to cover new attack vectors

• US president Biden kind of mostly bans commercial spyware

• How CISOs Can Reduce the Danger of Using Data Brokers

• Apple patches everything, including a zero-day fix for iOS 15 users

• Using Artificial Intelligence in Finance

• Web Testing Tutorial: Comprehensive Guide With Best Practices

• Food giant Dole reveals more about ransomware attack

• Bogus Chat GPT extension takes over Facebook accounts

• Ransomware gunning for transport sector’s OT systems next

• GitHub accidentally exposes RSA SSH key

• Solving the password’s hardest problem with passkeys, featuring Anna Pobletts

• AU10TIX partners with Microsoft on decentralized verifiable credentials

• Hunters integrates its SOC Platform with Databricks Lakehouse

• Study Reveals Inaudible Sound Attack Threatens Voice Assistants

• Lawyers cough up $200k after health data stolen in Microsoft Exchange pillaging

• Apple fixes recently disclosed CVE-2023-23529 zero-day on older devices

• ChatGPT for state and local agencies? Not so fast.

• Turning hackers’ behavior against them

• Twitter’s Source Code Leak on GitHub a Potential Cyber Nightmare

• Clop Keeps Racking Up Ransomware Victims With GoAnywhere Flaw

• IT Security News Daily Summary 2023-03-27

• State mandates K-12 cyber education

• New MacStealer macOS malware appears in the cybercrime underground

• How to prepare for a world without passwords

• ODNI official details efforts to use automation to speed talent recruitment timelines

• The best security cameras of 2023: Protect your home

• It’s time to update all of your Apple devices again. Here’s why

• Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April

• A Review Of Helm And Kubernetes For Your DevOps Pipeline

• GitHub Publishes RSA SSH Host Keys by Mistake, Issues Update

• Portion of Twitter’s proprietary source code leaked on GitHub

• Reducing health disparities through effective data management

• Passwords vs Passwordless: A Debate on Online Security

• Planned Login-dot-gov deployment at IRS is postponed

• Hackers Earn Over $1 Million at Pwn2Own Exploit Contest

• US to Adopt New Restrictions on Using Commercial Spyware

• Imperva recognized as a Strong Performer in Forrester Wave: Data Security Platforms, Q1 2023

• How to secure your GitHub account with two-factor authentication

• How shift left security and DevSecOps can protect the software supply chain

• White House bans government ‘operational’ use of commercial spyware in executive order

• Analysis of 7 single-vendor SASE platforms

• 7 Women Leading the Charge in Cybersecurity Research & Analysis

• Upgrading Online Security with Password Managers

• Twitter Says Source Code Was Leaked on GitHub, Now It’s Trying to Find the Culprit

• Introduction To OpenSSH

• The best home security cameras of 2023

• Microsoft assigns CVE to Snipping Tool bug, pushes patch to Store

• Pwn2Own 2023: Tesla Model 3, Windows 11, Ubuntu and more Pwned

• 2023-03-24 – IcedID (Bokbot) with BackConnect traffic and Cobalt Strike

• Australia Dismantles BEC Group That Laundered $1.7 Million

• GoAnywhere Zero-Day Attack Hits Major Orgs

• Drive to Pervasive Encryption Boosts Key Management

• Pwn2Own Hacking Competition Awards Over $1 Million In Vancouver

• US needs improved regulation to foster drone R&D

• How often should security audits be?

• US Lawmakers Push TikTok Ban Bill After CEO Testimony

• Musk’s Neuralink ‘Approached Partner’ For Human Trials

• Microsoft Fixes Security Flaw in Windows Screenshot Tools

• AI and Twitter could help predict opioid deaths

• Three Variants of IcedID Malware Discovered

• 20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison

• Pleading TikTok to “Think of the Children” Misses the Point

• How to make sure the reputation of your products and company is good

• Source Code of Twitter leaked on GitHub

• New MacStealer Targets Catalina, Newer MacOS Versions

• GoAnywhere Hack Targets UK Pension Protection Fund

• TikTok Bans: Governments Worldwide Take Action Over Security and Privacy Concerns

• Webinar Tomorrow: Understanding Hidden Third-Party Identity Access Risks

• ‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns

• 5 Best Password Managers (2022): Features, Pricing, and Tips

• Malvertising Gives Cybercriminals Access to Big Technologies

• Watch Out for These Common Signs to Identify an Email Phishing Scam

• The Role of Human Resources in Cybersecurity

• Updates from the MaaS: new threats delivered through NullMixer

• CISA Unleashes Untitled Goose Tool To Honk At Danger In Microsoft’s Cloud

• Five Takeaways From TikTok CEO’s Congress Grilling

• Android App From China Executed Zero Day Exploit On Millions Of Devices

• Singapore Businesses Stumbling Over What Security Culture Entails

• Twitter Takes Legal Action After Source Code Leaked Online

• Critical Vulnerability Fixed In WooCommerce Payments WordPress Plugin

• Hackers Exploited Critical Microsoft Outlook Vulnerability To Gain Exchange Server Access

• Cybersecurity vs. Everyone: From Conflict to Collaboration

• Climate Change Advisory Opinion Requests: Risk and Reward

• GitHub Rotates Publicly Exposed RSA SSH Private Key

• OpenAI: ChatGPT Payment Data Leak Caused By Open-Source Bug

• 10 Best Browser Based FPS Games in 2023 – No Downloads No Limits

• Zoom launches Okta Authentication for E2EE to verify identity

• Baidu Shows Corporate Chatbot Skills In Closed Session

• Latitude Financial Data Breach: 14 Million Customers Affected

• Scaling Your Testing Efforts With Cloud-Based Testing Tools

• Weakness at the Network Edge: Mandiant Examines 2022’s Zero-Day Exploits

• Technical analysis of China-linked Earth Preta APT’s infection chain

• A bug revealed ChatGPT users’ chat history, personal and billing data

• BEC scammers are after physical goods, the FBI warns

• Cookie Clicker Garden Guide to Unlocking Every Seed – Quick Tutorial

• Women in Cybersecurity – History to Today

• Intel Co-Founder Gordon Moore Dies At 94

• The Power of Docker Images: A Comprehensive Guide to Building From Scratch

• GitHub Suspends Repository Containing Leaked Twitter Source Code

• Gone in 120 seconds: Tesla Model 3 child’s play for hackers

• VERT Reads All About It – Cybersecurity News March 27, 2023

• New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords

• Where SSO Falls Short in Protecting SaaS

• Hacks at Pwn2Own Vancouver 2023

• 14 Million Customer Details Breached In Latitude Financial Firm

• Congratulations to Our 2023 CPX 360 Award Winners in EMEA

• Alibaba’s Jack Ma Returns To China After Year’s Absence

• Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools

• Earth Preta’s Cyberespionage Campaign Hits Over 200

• Failed Silicon Valley Bank Assets Acquired By Rival

• Financial Institutions and Cybersecurity Risk: Why you need ISO27001

• Avoiding the Pitfalls of Tax Season: Philadelphia Warns Against Sophisticated Phishing Attacks

• Parts of Twitter`s Source Code Were Leaked on GitHub, According to Elon Musk

• China crisis is a TikToking time bomb

• NCA Harvests Info on DDoS-For-Hire With Fake Booter Sites

• Known unknowns: Refining your approach to uncategorized web traffic

• Twitter Says Source Code Posted Online

• New BEC Tactics Enable Fake Asset Purchases

• Latitude Financial Admits Breach Impacted Millions

• How scammers employ IPFS for email phishing

• Software developers, how secure is your software?

• Malicious Python Package uses Unicode support to evade detection

• What Goes “App” Could Take You Down

• They Posted Porn on Twitter. German Authorities Called the Cops

• ChatGPT users data leaked because of bug vulnerability

• Artificial Intelligence vs Machine Learning: Understanding the Differences

• ChatGPT Exposes Email Address of Other Users – Open-Source Bug

• Prioritizing data security amid workforce disruptions

• Veterans Affairs committee Dems offer bills to streamline VA operations

• The era of passive cybersecurity awareness training is over

• Understanding adversaries through dark web intelligence

• CISA to Start Issuing Early-Stage Ransomware Alerts

• In Memoriam – Gordon Moore, who put the more in “Moore’s Law”

• OpenAI: A Redis bug caused a recent ChatGPT data exposure incident

• Zero Trust in a DevOps World

• IT Security News Weekly Summary – Week 12

• IT Security News Daily Summary 2023-03-26

• Host Hack Attempt Detection Using ELK

• Microsoft Offers Guidelines on Detecting Outlook Zero-day Exploits

• Security Affairs newsletter Round 412 by Pierluigi Paganini – International edition

• NCA Infiltrates Cybercrime Market With Fake DDoS Sites

• Afghanistan’s Crises Require a Clear Statement of U.S. Policy

• Microsoft shares guidance for investigating attacks exploiting CVE-2023-23397

• Users’ Private Info Accidentally Made Public by ChatGPT Bug

• New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

• A ChatGPT Bug Exposes Sensitive User Data

• Schools’ Files Leak Online Days After Ransomware Deadline

• How Do I Get My Phone To Stop Tracking My Activity?

• Google Leads $16 Million Investment in Dope.security

• Intel Co-founder, Philanthropist Gordon Moore Dies at 94

• Crypto Was Afraid to Show Its Face at SXSW 2023

• The Uniquely American Future of US Authoritarianism

• Week in review: Manage the risk of ChatGPT use, know the danger of failed Okta logins

• A Major Flaw in the AI Testing Framework MLflow can Compromise the Server and Data

• Cyber Security Management System (CSMS) for the Automotive Industry

• Vice Society claims attack on Puerto Rico Aqueduct and Sewer Authority

• USB bombs sent to news organizations

• ChatGPT leaks bits of users’ chat history

• IT Security News Daily Summary 2023-03-25

• 4 Best dApp Frameworks for First-Time Ethereum Developers

• NCA infiltrates the cybercriminal underground with fake DDoS-for-hire sites

• Update – New Process for (ISC)² Exam Registration

• Pwn2Own Vancouver 2023 awarded $1,035,000 and a Tesla for 27 0-days

• GitHub Introduces the AI-powered Copilot X, which Uses OpenAI’s GPT-4 Model

• How to Shield Yourself From Malicious Websites

• Kimsuky’s Attacks Alerted German and South Korean Agencies

• Hackers Inject Weaponized JavaScript (JS) on 51,000 Websites

• Cropping Apps Can Expose Photos Online

• New Report on Current and Emerging Cyber Threats to Healthcare

• Password Hash Leakage

• India Shut Down Mobile Internet in Punjab Amid Manhunt for Amritpal Singh

• Okta Post-Exploitation Method Reveals User Passwords

• The “Why” Behind Tactics

• Rundown Of News And Events That Happened This Week

• The Impact of Technology and Digitalization on Global Business Mobility Visas – 2023 Guide

• U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals

• Build or Buy your own antivirus product

• Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

• OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident

• Opti9 launches Observr ransomware detection and managed services for Veeam

• US Charges 20-Year-Old Head of Hacker Site BreachForums

• McAfee and Mastercard expand partnership to improve security for small businesses

• CISA announced the Pre-Ransomware Notifications initiative

• IT Security News Daily Summary 2023-03-24

• 4 Tips for Better AWS Cloud Workload Security

• Prevent Ransomware with Cybersecurity Monitoring

• Pack it Secretly: Earth Preta’s Updated Stealthy Strategies

• Diffusion models can be contaminated with backdoors, study finds

• DevSecOps puts security in the software cycle

• CyberSecure Announces Strategic Alliance

• Online Dating and Privacy: 6 Tips for Protecting Yourself in the Digital Age – 2023 Guide

• Why Tackling Financial Crime Calls for A Privacy-First Approach

• Why You Can’t Have True Zero Trust Without API Security

• Even after armed with defense tools, CISOs say successful cyberattacks are ‘inevitable’: New study

• GitHub’s Private RSA SSH Key Mistakenly Exposed in Public Repository

• Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

• China-linked hackers target telecommunication providers in the Middle East

• Friday Squid Blogging: Creating Batteries Out of Squid Cells

• ChatGPT Bug Exposed Payment Details of Paid Users

• 8 Best User & Entity Behavior Analytics (UEBA) Tools for 2023

• CISA gives ransomware victims a heads-up

• SMS pumping attacks and how to mitigate them

• How hackers outwit facial ID

• Zoom Zoom: ‘Dark Power’ Ransomware Extorts 10 Targets in Less Than a Month

• Yet Another Health Network Is Sued For Sharing Sensitive Patient Data With Facebook

• Malicious ChatGPT Extensions Add to Google Chrome Woes

• City of Toronto is one of the victims hacked by Clop gang using GoAnywhere zero-day

• CISA unleashes Untitled Goose Tool to honk at danger in Microsoft’s cloud

• How to slam the brakes on account takeover fraud

• Senators try again to advance software license bill

• UK’s NCA infiltrates cybercrime market with fake DDoS sites

• LinusTechTips YouTube channels hacked to promote cryptoscams

• New USP 5.0 Can Run 10K Cameras on Single System with Max Uptime

• Tesla Hacked Twice at Pwn2Own Exploit Contest

• Victory at the Ninth Circuit: Twitter’s Content Moderation is Not “State Action”

• Consumer Product Safety Commission failed to complete mandated future of work plan, report says

• WooCommerce Payments plugin for WordPress has an admin-level hole – patch now!

• Google and Microsoft are bringing AI to Word, Excel, Gmail and more. It could boost productivity for us – and cybercriminals

• CISA Unveils Ransomware Notification Initiative

• Food Giant Dole, Victim of a Ransomware Attack [Updated]

• WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites

• Red Teaming at Scale to Uncover Your Big Unknowns

• GitHub publishes RSA SSH host keys by mistake, issues update

• AV-Comparatives Anti-Phishing Test | Avast

• Hacker demonstrates security flaws in GPT-4 just one day after launch

• ManageEngine AD360 New Nominee in 2023 ‘ASTORS’ Awards Program

• CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections

• GitHub Updates Security Protocol For Operations Over SSH

• Journalist Plugs In Unknown USB Drive Mailed To Him – It Exploded In His Face

• Github Publishes RSA SSH Keys By Mistake, Issues Update

• French Parliament Says Oui To AI Surveillance For 2024 Olympics

• Fugitive Cryptocrash Boss Arrested In Montenegro

• House Leaders Don’t Want CISA’s Reach To Exceed Its Grasp

• Rewind brings ChatGPT into your personal life, but at what cost?

• GitHub Replaces Exposed RSA SSH Key To Keep Git Operations

• Myopenmath Answers: Tech Tips And Strategies For Success

• Killnet targeting healthcare apps hosted on Microsoft Azure

• Gambling is a tech industry. Are Nevada regulators up for the challenge?

• Critical WooCommerce Payments Vulnerability Leads to Site Takeover

• 8 cybersecurity conferences to attend in 2023

• three-factor authentication (3FA)

• Critical flaw in WooCommerce Payments plugin allows site takeover

• What Is Quishing: QR Code Phishing Explained

• Splunk Adds New Security Observability Features

• D.C. Circuit Hears Oral Argument in Bahlul v. United States

• Export Control is Not a Magic Bullet for Cyber Mercenaries

• Synopsys discover new vulnerability in Pluck Content Management System

• Cengage Mindtap Answers: A Guide To Improving Your Online Learning Experience

• Bill Gates Says AI is the Biggest Technological Advance in Decades

• Unpatched ICS Flaws in Critical Infrastructure: CISA Issues Alert

• Data Breach: Data of 168 Million Citizens Stolen and Sold, 7 Suspects Arrests

• Malicious ChatGPT Chrome Extension Steal Facebook Accounts

• Apple Supplier Pegatron Explores Second Factory In India – Report

• Journalist Targeted in USB Drive Bombing Attack

• Stop Using Spring Profiles Per Environment

• CISA Gets Proactive With New Pre-Ransomware Alerts

• PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw

• Application Security Requires More Investment in Developer Education

• Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

• CISA releases free tool for detecting malicious activity in Microsoft cloud environments

• All Batman: Arkham Games in Order of Release Date – A Complete List

• Github publishes RSA SSH host keys by mistake, issues update

• New Attack Targets Online Customer Service Channels

• The right corporate structure is key to balancing risk and user experience

• WooCommerce Payments Plugin Patches Critical Vulnerability

• Chinese Hackers Infiltrate Middle Eastern Telecom Companies

• Find Out What Is a Logic Bomb. Definition, Characteristics, and Protection Measures

• Hacking contest Pwn2Own: Ubuntu, Tesla, macOs and Windows 11 cracked

• Understanding Managed Detection and Response and what to look for in an MDR solution

• Dole confirms employee data was breached following February ransomware attack

• Turning the Unamazing into the Amazing

• Terra Co-Founder Do Kwon Arrested In Montenegro

• TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content

• Watch on Demand: Supply Chain & Third-Party Risk Summit Sessions

• THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps

• Intel vPro platform unveils advanced security measures

• The Most Prevalent Types of Ransomware You Need to Know About

• GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations

• Enhanced Version of the BlackGuard Stealer Spotted in the Wild

• Analysis: Will ChatGPT’s Perfect English Change the Game For Phishing Attacks?

• Is Private 5G the Future of Business Connectivity?

• Pwn2Own Vancouver 2023 Day 2: Microsoft Teams, Oracle VirtualBox, and Tesla hacked

• Exploding USB Sticks

• Silicon In Focus Podcast: The Cybersecurity Skills Gap

• Key Takeaways From TikTok’s CEO Grilling In US Congress

• Reliable SD-WAN Connectivity with Enterprise-Grade Security—The Best of Both Worlds

• Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies

• The City of Toronto, Among This Week’s Victims of GoAnywhere Attacks

• The Importance Of Collaboration: A Look Into The Web Design Agency Process

• City Of Toronto Admits Data Theft, Clop Takes Blame

• Now UK Parliament Bans TikTok from its Network and Devices

• IRS Phishing Emails Used to Distribute Emotet

• Drive-by Download Attack – What It Is and How It Works

• Fifth of Execs Admit Security Flaws Cost Them New Biz

• Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites

• LATEST CYBERTHREATS AND ADVISORIES – MARCH 24, 2023

• Understanding metrics to measure SOC effectiveness

• Top ways attackers are targeting your endpoints

• New infosec products of the week: March 24, 2023

• MITRE’s System of Trust risk model manager improves supply chain resiliency

• Biggest data theft in world history takes place in India

• French parliament says oui to AI surveillance for 2024 Paris Olympics

• Streaming Platform Gaint Lionsgate Exposes Over 37m Users’ Data

• In uncertain times, organizations prioritize tech skills development

• Why organizations shouldn’t fold to cybercriminal requests

• TheGradCafe – 310,975 breached accounts

• Vectra Match helps security teams accelerate threat hunting and investigation workflows

• Zenoss improves security for user credentials with identity management capabilities

• mTLS Everywere

• Do Kwon, Founder of Terraform Labs, Arrested in Montenegro

• Brivo expands mobile credentials by adding employee badge to Apple Wallet

• Kasm collaborates with OCI to offer Workspaces for Oracle

• SecureAuth and HashiCorp join forces to deliver passwordless continuous authentication

• BlackBerry partners with Adobe to deliver secure forms with electronic signatures on mobile

• Uncle Sam reveals it sent cyber-soldiers to Albania to hunt for Iranian threats

• The TikTok Hearing Revealed That Congress Is the Problem

• Converting String to Enum at the Cost of 50 GB: CVE-2020-36620

• Beware: Fake IRS tax email delivers Emotet malware

• BreachForums to be shut down after all for fear of law enforcement infiltration

• Sophos XGS vs Fortinet FortiGate: Top NGFWs Compared

• The D.C. Circuit Gets Weird in the Mar-a-Lago Investigation

• IT Security News Daily Summary 2023-03-23

• How to clear your Google search cache on Android (and why you should)

• Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams

• A million at risk from user data leak at Korean beauty platform PowderRoom

• Critical infrastructure gear is full of flaws, but hey, at least it’s certified

• New Android Malware Targets Customers of 450 Financial Institutions Worldwide

• TikTok Paid for Influencers to Attend the Pro-TikTok Rally in DC

• Experts published PoC exploit code for Veeam Backup & Replication bug

• Cryptocurrency Scams: What to Know and How to Avoid Them

• New federal website offers grants info and research to counter domestic terrorism

• City building a talent pipeline for a quantum-enabled workforce

• States want to see some digital ID before you visit that porn site

• The best home security systems of 2023: Expert reviewed

• Fake ChatGPT Extension Hijacks Facebook Accounts

• Industry reps like CISA’s public-private cybersecurity collaborative, but offer tips on how to scale it

• role-based access control (RBAC)

• Why Access Control Should Be a Core Focus for Enterprise Cybersecurity

• Why Continuous Monitoring of AWS Logs Is Critical To Secure Customer and Business-Specific Data

• CISA, NSA Issue Guidance for IAM Administrators

• What Are the Benefits of Java Module With Example

• Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office

• S3 Ep127: When you chop someone out of a photo, but there they are anyway…

• How chat comments can supercharge safety net programs

• Bundestag Bungle: Political Microtargeting of Facebook Users Draws Ire

• Cisco fixed multiple severe vulnerabilities in its IOS and IOS XE software

• Accenture To Cut 19,000 Jobs, After Lowering Forecasts

• Cybersecurity 101: What is Attack Surface Management?

• FTC seeks info on cloud computing market’s influence

• Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy

• China-Aligned “Operation Tainted Love” Targets Middle East Telecom Providers

• New Government Cyber Security Strategy Vital For Healthcare

• 2023-03-22 – Emotet Epoch 4 activity

• SharePoint Phishing Scam Targets 1600 Across US, Europe

• MITRE Rolls Out Supply Chain Security Prototype

• Epidemic of Insecure Storage, Backup Devices Is a Windfall for Cybercriminals

• The Board of Directors Will See You Now

• Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts

• BlackGuard stealer extends its capabilities in new variant

• Government Launches NHS Cyber Security Strategy

• North Korean Hackers Attack Gmail Users With Malicious Chrome Extensions

• What Are the Different Types of API Testing?

• New HUD playbook guides underserved communities in accessing broadband funding

• Stop using your browser’s built-in password manager. Here’s why

• Europe’s transport sector terrorised by ransomware, data theft, and denial-of-service attacks

• 37M Subscribers Streaming Platform Lionsgate Exposes User Data

• Security Observability: How it Transforms Cloud Security

• A Privacy Flaw in Windows 11’s Snipping Tool Exposes Cropped Image Content

• How To Secure Your Twitter Account Without Sms-Based Two-Factor Authentication

• FTX Agrees Deal To Recover $400m From Hedge Fund

• What Is Pen Testing?

• Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform

• New Post-Exploitation Attack Method Found Affecting Okta Passwords

• Fake ChatGPT for Google extension hijacks Facebook accounts

• Threat actor Kimsuky using rogue browser extensions to steal data from users’ Gmail Inboxes

• New Android Botnet Nexus Being Rented Out on Russian Hacker Forum

• Soldiers can now steer robot dogs with brain signals

• Quantum sensing has ‘critical’ potential for electrical grid, official says

• Okta Post-Exploitation Method Exposes User Passwords

• Nexus, an emerging Android banking Trojan targets 450 financial apps

• Bill Gates: OpenAI GPT Most Important Tech Advance Since 1980

• New Android Botnet Nexus Being Rented on Russian Hacker Forum

• March 2023 Web Server Survey

• BreachForums taken down after arrest of alleged owner

• Just 1% of Nonprofit Domains Have Basic DMARC Email Security Protections

• Revising, or Rejecting, ‘Reasonable Prospect of Success’ in Just Wars? Lessons From Ukraine

• Two New Bills on TikTok and Beyond: The DATA Act and RESTRICT Act

• How Technology Is Changing the Real Estate Landscape in Portugal: A Buyer’s Agent Perspective

• Analysts share 8 ChatGPT security predictions for 2023

• Study: Software Vendors Needed A 3rd-Party Monetization Solution. Here’s Their Experience Using Thales’ Sentinel

• CISA, NSA Push Identity And Access Management Framework

• Threat Actor Attempted Email Compromise Attack For $36 Million

• B-List Celebs Including Lindsay Lohan Fined After Crypto Shill Probe

• ChatGPT Bug Leaked Users’ Conversation Histories

• Aloria, Who Made Us All Laugh For Years With Infosec Reactions, Passes Away At 41

• German and South Korean Agencies Alerts of Kimsuky’s Attacks

• OpenAI CEO admits a bug allowed some ChatGPT users to see others’ conversation titles

• Alert Organizations About Aveva HMI, SCADA Vulnerabilities

• LockBit Attacks Oakland with Ransomware Twice in as Many Weeks

• The Role of Identity Detection and Response (IDR) in Safeguarding Government Networks

• Six Ways to Secure Your Organization on a Smaller Budget

• Understanding Managed Detection and Response – and what to look for in an MDR solution

• Cisco Patches High-Severity Vulnerabilities in IOS Software

• Are You Talking to a Carbon, Silicon, or Artificial Identity?

• A common user mistake can lead to compromised Okta login credentials

• Computer Turns on but Monitor Says No Signal – 9 Ways to Fix

• Using AI in Business: The Benefits and Challenges

• What Is Nmap and How to Use It to Enhance Network Security

Generated on 2023-04-01 00:02:06.367266