IT Security News Weekly Summary – Week 05

• IT Security News Daily Summary 2023-02-05

• Dark Web Hitman Paid with BTC to Murder Teen Victim

• Horizon3.ai Unveils: ‘Year in Review: Thru the Eyes of the Attacker 2022’

• Cloud Computing Penetration Testing Checklist – 2023

• Top 5 cyber-threats and how to prevent them

• Cybersecurity Industry News Review – 31 January 2023

• Finland’s Most-Wanted Hacker Nabbed in France

• Addressing the Effects of Civilian Targeting: Lessons from Syria for Ukraine

• Energy and Healthcare Firms Are The Focus of The Lazarus Group Once Again

• There Could a Facebook-Cambridge Analytica Scandal Everyday

• LexisNexis’ Virtual Crime Center: Making Millions from Sales to the U.S. Government

• Nevada Ransomware: Another Feather in the RaaS Ecosystem

• Installing Software via Google Poses Concerns

• The biggest risks in procrastinating on iPhone, Android software updates

• The biggest risks in putting off iPhone and Android software updates

• Apple and Google are Under Rising Pressure to Remove TikTok From App Stores

• The Importance To Provide Buyers And Sellers Secure, Convenient, And Frictionless Payment Experiences

• The Psychology Behind Spear Phishing Scams

• Validating Tools

• 50 Best Free Cyber Threat Intelligence Tools – 2023

• Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process

• Microsoft attributes Charlie Hebdo data leak to Iran-linked NEPTUNIUM APT

• Have we learnt nothing from SolarWinds supply chain attacks? Not yet it appears

• Implementing Digital Rights Management Systems To Safeguard Against Unauthorized Access Of Protected Content

• Security Affairs newsletter Round 405 by Pierluigi Paganini

• Week in review: Rail transport cybersecurity, “verified” OAuth apps used to infiltrate organizations

• Cyber Security Management System (CSMS) for the Automotive Industry

• Businesses turn to new as-a-service models in Industry 4.0

• Cybersecurity Leaders Launch OSC&R, An Open Framework for Analyzing Threats

• Improve KeePass security with this simple configuration change

• Gigamon names Chaim Mazal as CSO

• ExtraHop and Binary Defense join forces to protect customers against advanced threats

• Instant Checkmate, TruthFinder Data Breach: 20M Accounts Leaked

• US Downs Chinese Balloon Off Carolina Coast

• IT Security News Daily Summary 2023-02-04

• Bermuda: Major Internet And Power Outage Strikes

• CISA adds Oracle, SugarCRM bugs to its Known Exploited Vulnerabilities Catalog

• Feds Say Cyberattack Caused Suicide Helpline’s Outage

• Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op

• F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution

• HeadCrab malware targets Redis to mine cryptocurrency

• GoAnywhere MFT zero-day flaw actively exploited

• GoodRx Made Money On Your Behalf, FTC is Making It Pay

• Dingo Token ranking is #774, with a live market cap of $10,941,525 USD is a SCAM!

• Malvertising attacks are distributing .NET malware loaders

• Essential Team Building for Strong Cloud Security

• PixPirate: Brand New Brazilian Banking Trojan

• Edgio Sponsors OWASP ModSecurity CRS to Further Advance Application Security Development

• Royal Mail “cyber incident” is an ongoing cyberattack CEO admits to MPs

• To protect satellites, secure your networks, chief of space ops says

• S3 Ep120: When dud crypto simply won’t let go [Audio + Text]

• 6 Examples of the Evolution of a Scam Site

• How the end of Netflix password sharing will change the way families watch

• ‘Ransomware Year’ May Be The Most Devastating Ever

• 20M User Data Breach Reported by PeopleConnect

• PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions

• All You Need to Know About the Cisco Command-Injection Bug

• Beware: Malicious Apps On Apple & Google Play Push Users into Fake Investments

• Googling for Software Downloads Is Extra Risky Right Now

• CERT-FR warns of a new wave of ransomware attacks targeting VMware ESXi servers

• The Evolution of Antivirus Software to Face Modern Threats

• Google Shells Out $600,000 for OSS-Fuzz Project Integrations

• Threat Actors Use ClickFunnels to Bypass Security Services

• CISA Adds Two Known Exploited Vulnerabilities to Catalog

• Drupal Releases Security Update to Address a Vulnerability in Apigee Edge

• Cisco Releases Security Advisories for Multiple Products

• CISA Adds Two Known Exploited Vulnerabilities to Catalog

• CISA Releases Six Industrial Control Systems Advisories

• A High-severity bug in F5 BIG-IP can lead to code execution and DoS

• Truth Finder – 8,159,573 breached accounts

• How the University of Tulsa is Educating and Training the Next Generation of Cybersecurity Professionals

• Tallahassee Memorial HealthCare, Florida, has taken IT systems offline after cyberattack

• Scale Azure Firewall SNAT ports with NAT Gateway for large workloads

• Industry voices complaints over short response window for $60B VA recompete

• CISA Releases Six Industrial Control Systems Advisories

• Iran crew stole Charlie Hebdo database, says Microsoft

• Build or Buy your own antivirus product

• Lack of emerging tech framework is ‘weakening’ US stance against China, lawmakers warn

• North Korea Led Biggest Year Ever Of Crypto Hacks

• The Benefits of eBPF for API Security

• Ransomware attacks on public sector persist in January

• Arnold Clark Confirms Customer Data Compromised in Breach

• Malware Attacks can be Thwarted by Tampering with DNS Communications

• Mitigate risk by integrating threat modeling and DevOps processes

• United States Senator demands TikTok app store ban

• Study: Companies have upwards of 1,000 apps but only a third are integrated

• AppSec Playbook 2023: Study of 829M Attacks on 1,400 Websites

• Patch Critical Bug Now: QNAP NAS Devices Ripe for the Slaughter

• Speaking Engagements

• HPE, NetApp Warn Of Critical Open Source Bug

• Google Boosts Bounties For Open Source Flaws Found Via Fuzzing

• Up To 29,000 Unpatched QNAP Storage Devices Are Sitting Ducks To Ransomware

• Enter The Hunter Satellites Preparing For Space War

• New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers

• CyberSaint STRONGER 2023 Conference Call for Speakers is Open!

• IRONSCALES Enters 2023 Riding Significant Wave of Positive Momentum

• BAE Systems part of contract award supporting CANES program

• 9 Ways You Can Improve Security Posture

• Lazarus Group Attack Identified After Operational Security Fail

• Women in CyberSecurity Calls for Participants for New Measuring Inclusion Workshops

• Warning: Hackers Actively Exploiting Zero-Day in Fortra’s GoAnywhere MFT

• Ransomware Attack On Data Firm ION Could Take Days To Fix

• The Cybercrime Ecosystem Knits a Profitable Underground Gig Economy

• Rivian To Axe 6 Percent Of Jobs, Amid EV Price War

• TrickGate: Malicious Software Outwitting Antivirus for 6 Years

• Prilex POS malware evolves to block contactless transactions

• ChatGPT May Already Be Used In Nation State Cyberattacks, Say IT Decision Makers in BlackBerry Global Research

• Cybersecurity Leaders Launch First Attack Matrix for Software Supply Chain Security

• Managing the Governance Model for Software Development in a No-Code Ecosystem

• Cisco Releases Security Advisories for Multiple Products

• Romance Fraudsters Have Stolen £65m from Brits Since 2020

• Ransomware attack halts London trading

• JD Sports: Data of 10 Million Customers at Risk

• A Nunavut Ransomware Incident Was Not Reported by Qulliq Energy

• LATEST CYBERTHREATS AND ADVISORIES – FEBRUARY 3, 2023

• Is malware abusing your infrastructure? Find out with VirusTotal!

• 2023-02-03 – DEV-0569: Google ad –> FakeBat Loader –> Redline Stealer and Gozi/ISFB

• MITRE CREF Navigator empowers enterprises to improve cyber resiliency strategies

• Trace3 integrates Deepwatch services into their solutions

• Drata Audit Hub unifies customer and auditor communication

• Apple, Google Urged To Remove TikTok From App Stores

• India’s Largest Truck Brokerage Company Leaking 140GB of Data

• How Do Threat Hunters Keep Organizations Safe?

• Key takeaways from ESET’s new APT Activity Report – Week in security with Tony Anscombe

• Romance fraud losses rose 91% during the pandemic, claims UK’s TSB bank

• Drupal Releases Security Update to Address a Vulnerability in Apigee Edge

• Atlassian’s Jira Service Management Found Vulnerable to Critical Vulnerability

• Here’s How to Avoid Reddit Frauds

• Bitwarden Users Attacked via Malicious Google Ads

• IBM X-Force Exchange Threat Intelligence Platform

• Samsung Unveils Premium Galaxy S23 Series

• NTT Partners with Palo Alto Networks to Deliver Managed Prisma SASE

• Commercial Initiatives for Partner Success – Breakaway 1=5

• John Eastman and the Limits of Bar Discipline

• How ChatGPT Could Drive A Viral Crypto Narrative

• Russia Blocked Encrypted Email Startup Skiff

• Clarity and Transparency: How to Build Trust for Zero Trust

• Building a secure and scalable multi-cloud environment with Cisco Secure Firewall Threat Defense on Alkira Cloud

• UK NCC Group To Cut Workforce By 7 Percent – Report

• Lifetime VPNSecure subscriptions are now just $39.99

• Cybersecurity Budgets Are Going Up. So Why Aren’t Breaches Going Down?

• New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

• Experts warn of two flaws in popular open-source software ImageMagick

• Civilian Harm Mitigation: An Opportunity for Values-Based U.S. Leadership at NATO

• New HeadCrab Malware Hijacks 1,200 Redis Servers

• Instant Checkmate – 11,943,887 breached accounts

• AI Transcription Service vs. Human Transcription: How to Decide?

• Credential Stuffing, Pig Butchering, Security Keys for Your Apple Account, and the New Mac mini – Intego Mac Podcast Episode 277

• The Chinese Spy Balloon Shows the Downsides of Spy Balloons

• Bitwarden’s Latest Update Takes Security to the Next Level

• ChatGPT Firm Trails Subscription Fee, Detection Tool

• Over 1800 Android Mobile App Web Injects for Sale on Hacking Forums

• Development Platform for Data Protection

• Sextortion Scams – How They Persuade and What to Watch for

• Record $3.8bn Stolen Via Crypto in 2022

• Discrepancies Discovered in Vulnerability Severity Ratings

• North Korean Hackers Exploit Unpatched Zimbra Devices in ‘No Pineapple’ Campaign

• City Of London Traders Hit By Russia-Linked Cyberattack

• HeadCrab Malware Infects 1,200 Redis servers to Mine Monero

• Pro-Russian Hackers Target European Hospitals

• OAuth Explained: A Guide to Understanding What It Is and How It Works

• Super Bock says ‘cyber’ nasty ‘disrupting computer services’

• HeadCrab bots pinch 1,000+ Redis servers to mine coins

• The rise of multi-threat ransomware

• Cyberthreats facing UK finance sector “a national security threat”

• How the CISA catalog of vulnerabilities can help your organization

• Business Email Compromise attack imitates vendors, targets supply chains

• LockBit Ransomware Attack on ION and Expeditors faces $2m lawsuit from customer

• Meta Pleases Investors With ‘Year Of Efficiency’ Pledge

• New Prilex Malware Blocks Contactless Payments to Steal Credit Card Data

• Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms

• New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers

• Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw

• UK IT Leaders Fear ChatGPT Already Being Used In Nation State Cyberattacks, Reveals New BlackBerry Research

• Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

• InTheBox Threat Actor Sells Over 1,800 Web Injects on Cybercrime Forums

• Courts Must Not Allow Litigants to Plead Around The First Amendment’s Speech Protections

• W-2 phishing scams: Everything you need to know

• Army wants ideas from industry on autonomous, anti-drone capabilities

• When data science shortcuts are a bad idea

• How to protect and secure your password manager

• How to Address the Requirements of Personal Data Protection (PDP) Law of Indonesia

• A Chance for the Courts to Rein in Governing by Emergency

• IT Security News Daily Summary 2023-02-03

• Research Exposes Azure Serverless Security Blind Spots

• New APT34 Malware Targets The Middle East

• 6 Ransomware Trends & Evolutions For 2023

• Cybersecurity organizations fight back against rise of emotet and omnatuor malvertising

• How APIs are shaping zero trust, and vice versa

• How endpoint management can transform retail

• A call for data-first security

• The black hat hacker trap: Why unethical hacking lures young people

• Where states can learn to turn data into decisions

• Iran-Backed Actor Behind ‘Holy Souls’ Cyberattack on Charlie Hebdo, Microsoft Says

• Friday Squid Blogging: Studying the Colossal Squid

• Big China Spy Balloon Moving East Over US, Pentagon Says

• Watchdog Group Issues Warning About Scam Financial Influencers On Facebook

• School District 42 – 18,850 breached accounts

• Content Delivery Network (CDN) FAQs

• NIST researcher calls for further evaluation of the AI impact on humans

• How to solve customer-service language barriers with virtual queuing

• The importance of data retention policies

• WebAuthn API

• Remote Debugging Dangers and Pitfalls

• Check Point Software Join Forces with Samsung to Elevate Mobile Security

• Auditing and logging policy

• TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

• Why CISOs Should Care About Brand Impersonation Scam Sites

• What CISOs Can Do About Brand Impersonation Scam Sites

• A Hacker’s Mind News

• How to protect your business from supply chain attacks

• Up to 10 million people potentially impacted by JD Sports breach

• GitHub revokes several certificates after unauthorized access

• Malwarebytes earns AV-TEST Top Product awards for fifth consecutive quarter

• Fast-evolving Prilex POS malware can block contactless payments

• LockBit brags it pumped ION full of ransomware

• Guy accused of wrecking crypto exchange now hauled into court

• OpenSSH fixes double-free memory bug that’s pokable over the network

• Exploitation attempts for Oracle E-Business Suite flaw observed after PoC release

• Another RAC staffer nabbed for storing, sharing car crash data

• Guy accused of crashing crypto exchange now hauled into court

• Google Fi User Data Breached Through T-Mobile Hack

• Check Point Software takes 1st Place in Independent Test of Top Network Firewalls

• Government watchdog warns on cyber weakness

• Hoyer takes up post as top Dem on key approps subcommittee

• 10 steps to future water sustainability

• Dashboard helps city track diversity, equity, inclusion progress

• The headache of changing passwords

• How to build an incident response plan, with examples, template

• Inside Killnet: Pro-Russia Hacktivist Group’s Support and Influence Grows

• Greater Incident Complexity, Shift in How Threat Actors Use Stolen Data, Will Drive the Cyber Threat Landscape in 2023, Says Beazley Report

• CISA to Open Supply Chain Risk Management Office

• Nearly All Firms Have Ties With Breached Third Parties

• Pro-Russia Killnet group hit Dutch and European hospitals

• Google boosts bounties for open source flaws found via fuzzing

• Why you still need security alongside your API Gateway

• Malicious Reward Apps Trick Over 2 Million Android Users

• Digital Health Company Allegedly Sold Sensitive Health Information To Facebook

• Reduce Data Breaches by Adding a Data Privacy Vault to Your HealthTech App Architecture

• R&D funding vehicle could supercharge small biz innovation programs

• Data sharing initiatives slowly gaining traction

• Singapore, EU digital pact to cover ‘all areas’ of bilateral cooperation

• Flipper Zero: How to install third-party firmware (and why you should)

• OneNote documents spread malware in several countries

• New cybersecurity BEC attack mimics vendors

• What reverse shell attacks are and how to prevent them

• Password-stealing “vulnerability” reported in KeePass – bug or feature?

• Vista Equity Partners Completes Acquisition of KnowBe4

• Radiant Logic Signs Definitive Agreement to Acquire Brainwave GRC

• MITRE Releases Tool to Design Cyber-Resilient Systems

• Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

• Civil Society Organizations Call on the House Of Lords to Protect Private Messaging in the Online Safety Bill

• The Breadth of the Fediverse

• Microsoft sweeps up after breaking .NET with December security updates

• Chinese ‘surveillance balloon’ over US causes fearful gasbagging

• Protect Your Online Data Now, Rather than Waiting for the Government

• Bitwarden Password Manager will add support for Argon2 KDF soon

• MalVirt Loaders Exploit .NET Virtualization to Deliver Malvertising Attacks

• Taking the next step: OSS-Fuzz in 2023

• LATEST CYBERTHREATS AND ADVISORIES – FEBRUARY 3, 2023

• Is it forensics or is it junk science?

• Va. regulators propose easing emission limits for data centers over power transmission concerns

• IBM, NASA will use AI to improve climate change research

• Microsoft: We are tracking these 100 active ransomware gangs using 50 types of malware

• How to use BeEF, the Browser Exploitation Framework

• Beating the Odds: 3 Challenges Women Face in the Cybersecurity Industry

• VMware Releases Security Update for VMware vRealize Operations

• Attackers Abuse Microsoft’s Verified Publisher Status To Steal Data

• Apple’s Focus On Secrecy Violated Employee Rights

• SBF Barred From Contacting FTX Employees Via Signal

• Netflix’s New Password Sharing Restrictions Are Confusing

• DarkTrace’s Shares Dive As Short Sellers Circle

• It Was Smart for an AI

• C can be memory-safe

• Table Stakes Security Services for 2023

• Chinese surveillance balloon over US causes fearful gasbagging

• The Unheard Story of a Crippling Ransomware

• Britain Government With Robust Crypto Regulation

• High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation

• Atlassian Warns of Critical Jira Service Management Vulnerability

• Cyber Insights 2023: Venture Capital

• Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty

• 4 identity predictions for 2023

• Atlassian Patches Critical Authentication Flaw in Jira Software

• What Is Encryption as a Service (EaaS)? A Definitive Guide

• Top 10 SOAR Tools to Enhance Your SecOps Experience

• TD SYNNEX Named a 2023 Fortune World’s Most Admired Company

• Latest Cyberthreats and Advisories – January 20, 2023

• Anker Confirms Eufy Cameras Not Fully Encrypted, Raising Concerns

• Key Firefox and Android updates you need to be aware of

• UK Government Details Plan To Regulate Crypto, Post FTX

• EV Charging Stations at Risk of DoS Attacks

• Hackers Abuse Microsoft’s ‘Verified Publisher’ OAuth Apps to Hack Organizations Cloud

• Report: 6 keys for successful government crisis contact centers

• Fortra’s Terranova Security 2022 Gone Phishing Tournament Results Reveal Large Organizations at Highest Risk of Compromising Data

• Contrast Security Launches Alliance Program to Change the Way Customers Scale Their Security Solutions

• Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover

• Gem Security Emerges From Stealth With $11M, Unveils Cloud TDIR Platform for Faster Response to Cloud Threats

• Scores of Redis Servers Infested by Sophisticated Custom-Built Malware

• The Pivot: How MSPs Can Turn a Challenge Into a Once-in-a-Decade Opportunity

• New Prilex PoS Malware evolves to target NFC-enabled credit cards

• Hacking Group: Darkweb Developers Are In High Demand

• What Is Ethical Hacking? An Introduction to the Concept

• Server-Side Request Forgery Attack Explained: Definition, Types, Protection

• How Can Technology Help Reduce Carbon Emissions?

• North Korean Cybercriminals Attempt to Steal $27M in ETH

• Northern European Criminals Copy the Lockbit Gang

• Titan-Stealer: A New Golang-based Info-Stealer Malware

• Insider Attacks Becoming More Frequent, And Difficult Gurucul Report

• Where Do the Most Ransomware Attacks Take Place in the United States?

• Australia entities suffer Cyber Attacks and QUAD update

• New Credential-Stealing Campaign By APT34 Targets Middle East Firms

• Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware

• Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

• Airbnb is making a simple, but big booking change bringing it closer to hotel check-in

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• Apple To Launch ‘Folding iPad’ In 2024 – Report

• Introduction to Azure Data Lake Storage Gen2

• Contain Breaches and Gain Visibility With Microsegmentation

• Red Hat gives an ARM up to OpenShift Kubernetes operations

• Gem Security shows detection and response key to cloud security, raises $11M

• Microsoft warning: These phishing attackers used fake OAuth apps to steal email

• The dark side of Optimize Mac Storage: What you need to know if you rely on it

• Google Fi Users Caught Up in T-Mobile Breach

• ManageEngine Study Finds United States Enterprises Hit by Short-Staffed Security Operations Centers

• KnowBe4 to Offer $10,000 to Black Americans in Cybersecurity Scholarship

• Application Security Must Be Nonnegotiable

• Experts Warn of ‘Ice Breaker’ Cyberattacks Targeting Gaming and Gambling Industry

• Central Bank Immunity, Afghanistan, and Judgments Against the Taliban

• Safer Internet Day: Experts Reveal 7 Tips To Avoid DeepFake Scams

• OilRig Hackers Exfiltrate Data From Govt. Agencies Using New Backdoors

• Hive Ransomware: A Detailed Analysis

• New Versions of Prilex POS Malware Can Block Contactless Transactions

• Russian Hacktivists Target US and Dutch Hospitals

• How Crypto & Blockchain Technology Changed the Way Casinos Do Business

• Bridging the 3.4 Million Workforce Gap in Cybersecurity

• How the Cloud Is Shifting CISO Priorities

• VMware Workstation update fixes an arbitrary file deletion bug

• Hate It When That Happens: China Says It’s Checking If It Accidentally Sent A Spy Balloon To Montana

• HeadCrab Malware Compromised 1,200 Redis Servers

• Passion Botnet Cyberattacks Hit Healthcare

• Former Ubiquiti Dev Pleads Guilty In Data Theft And Extortion Case

• Top 5 Video Games Of 2022 According To Gamers

• Influence of Digitalization on IT Admins

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• New SH1MMER ChromeOS Exploit Jailbreaks Chromebooks

• KeePass Password Manager Vulnerability: Is Your Data at Risk?

• LastPass Hack-Proof: How to Up Your Security Game Instantly

• PayPal To Axe 7 Percent Of Workforce

• China “Deeply Concerned” At US Halt Of Export Licences For Huawei

• Alphabet Earnings Miss Expectations, As YouTube Declines

• Strengthening security on my Apple account!

• The New DevOps Performance Clusters

• ChatGPT: Is its use of people’s data even legal?

• Why confidential computing will be critical to (not so distant) future data security efforts

• Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyberattacks

• Enter the Hunter Satellites Preparing for Space War

• New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices

• Global Technology Products, U.S. Security Policy, and Spectrums of Risk

• Digital Project Design Brief: A Key to Effective Partnership

• Specifically, Targeted VMware RCE Vulnerabilities

• Microsoft Azure Key Vault Service

• Tougher cybersecurity rules may be more than a year away—but don’t wait to get ready

• MITRE Releases Tool to Design Cyber Resilient Systems

• Atlassian fixed critical authentication vulnerability in Jira Software

• Electric Vehicle Vulnerabilities Can Allow Hackers To Disrupt System, Cause Energy Theft

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• Amazon Still Selling T95 TV Box with Pre-Installed Malware

• GitHub Breach – Hackers Stole Code Signing Certificates From Repositories

• The Rise of the Code Package Threat

• Nvidia CSO: Generative AI, ChatGPT has made security a ‘cat and mouse’ game

• Firms fear software stack breach as attack surface widens

• ​​Key Insights From the Guide to Cybersecurity Trends and Predictions for 2022-23

• The State of the US National Cybersecurity Strategy for the Electric Grid

• Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards

• Auditing Kubernetes with Open Source SIEM and XDR

• Nevada Ransomware Has Released Upgraded Locker

• New LockBit Green ransomware variant borrows code from Conti ransomware

• Threat Actors Gained Access to Google Fi Customers’ Information

• Congress Has a Lo-Fi Plan to Fix the Classified Documents Mess

• The Pivot: How MSPs can Turn a Challenge Into a Once-in-a-Decade Opportunity

• Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations

• LockBit Goes ‘Green’: How the New Conti-Based Encryptor Is Changing the Ransomware Game

• What Is Data Erasure?

• Hackers Abuse Google Ads to Send Antivirus Avoiding Malware

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• Intel Cuts Pay For Staff, Executives

• US Official Confirms Japan, Netherlands Joined US China Chip Sanctions

• Amazon Posts Annual Loss, Amid Restructuring

• GoAnywhere MFT Users Warned of Zero-Day Exploit

• China Says It’s Looking Into Report of Spy Balloon Over US

• Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication

• Hackers Abused Microsoft’s “Verified Publisher” OAuth Apps to Breach Corporate Email Accounts

• Manipulating Weights in Face-Recognition AI Systems

• Data Privacy Capability Guide

• 29,000 QNAP Devices Unpatched In Critical Vulnerabilities

• The ‘New Cold War’ Continues To Mark Urgency For Organisations To Bolster Cyber-Resilience

• NetFlow’s Dirty Little Secret

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users

• Cyberattacks on Energy’s National Labs draw lawmaker scrutiny

• Hackers are using this new trick to deliver their phishing attacks

• Another RAC staffer nabbed for storing and sharing road accident data

• Attackers abuse Microsoft’s ‘verified publisher’ status to steal data

• Ransomware Attacks on the Small and Medium Businesses are on the Rise

• Privacy Assistant Jumbo Reinvents Itself

• Most Important Computer Forensics Tools for 2023

• How multicloud changes devops

• Learn More About Check Point’s Prevention-First CNAPP

• 2022 in Review: Privacy gains footholds in the US; EU continues to lead

• Vulnerability in F5 BIG-IP May Cause DoS and Code Execution

• Patch your Jira Service Management Server and Data Center and check for compromise! (CVE-2023-22501)

• ChatGPT: When Cybercrime Meets the Emerging Technologies

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• Apple Disappoints By Missing Wall Street Expectations

• ICO Relaxes Breach Reporting for Comms Providers

• Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software

• US Man Charged in $110m Crypto Trading Scheme

• Russia-linked Gamaredon APT targets Ukrainian authorities with new malware

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• GitHub Reports Code-Signing Certificate Theft in Security Breach

• New DDoS-as-a-Service Platform Attacking Medical Institutions

• 2023-01-31 – BB12 Qakbot (Qbot) with Cobalt Strike and VNC traffi

• Writing a Modern HTTP(S) Tunnel in Rust

• Quarter of CFOs Have Suffered $1m+ Breaches

• How Can Disrupting DNS Communications Thwart a Malware Attack?

• IT Leaders Reveal Cyber Fears Around ChatGPT

• So much hype about Chat GPT… here are some facts

• Cisco fixed command injection bug in IOx Application Hosting Environment

• 3 Ways to Improve Your Customer Retention With Social Media

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows?

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• Atlassian’s Jira Software Found Vulnerable to Critical Authentication Vulnerability

• New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• LockBit claims responsibility for ION ransomware attack but US/UK hounds are sniffing

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• CISOs laxity towards cybersecurity is leading to more Cyber Attacks

• QNAP NAS devices are vulnerable to ransomware attacks

• Hackers Use TrickGate Packer to Deploy Emotet, Cobalt Strike & Other Malware

• We can’t rely on goodwill to protect our critical infrastructure

• New infosec products of the week: February 3, 2023

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack

• Is that survey real or fake? How to spot a survey scam

• Inability to prevent bad things from happening seen as the worst part of a security job

• Short-staffed SOCs struggle to gain visibility into cloud activities

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• MITRE Launches Cyber Resiliency Engineering Framework Navigator

• Uprite Services Achieves HIPAA Compliance With Compliancy Group

• Pixalate iCloud Private Relay helps users measure their exposure to iCPR traffic

• Keepit introduces backup and recovery solution for Power BI users

• HYCU R-Cloud protects all business-critical apps from on-premises to SaaS

• Netwrix 1Secure empowers MSPs to secure clients from a single console

• NordVPN Identifies the Most Risky Websites for Users’ Privacy and Security

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• Wasabi Surveillance Cloud offloads surveillance footage from local storage directly to the cloud

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• Former Ubiquiti dev pleads guilty in data theft and extortion case

• Gem Security emerges from stealth and raises $11 million

• Radiant Logic acquires Brainwave GRC to strengthen security posture for customers

• NTT and Palo Alto Networks join forces to improve security management for enterprises

• Weekly Update 333

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• Top Three Docker Alternatives To Consider

• Everything You Need To Know About The Latest Imperva Online Fraud Prevention Feature Release

• Hospitals Hit by DDoS Attacks as Killnet Group Targets the Healthcare Sector – What You Need to do Now

• EFF, ACLU Seek to Protect the Public’s Right to Access Judicial Records

• Ransomware in December 2022

• Cybersecurity and privacy tips you can teach your 5+-year-old

• Dan Streetman joins Tanium as CEO

• ACLU, EFF Seek to Protect the Public’s Right to Access Judicial Records

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• U.S. cyberspace ambassador lays out technology’s role in geopolitical contests

• What is an OSINT Tool – Best OSINT Tools 2023

• Better data management makes digital services shine

• IT Security News Daily Summary 2023-02-02

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• US Justice Department Requests Tesla Self-Driving Documents

• Tech Nation To Shut Down After Government Pulls Grant

• DevSecOps Benefits and Challenges

• The Data Leakage Nightmare in AI

• Sentra Raises $30 Million Series A Financing to Meet Growing Demand for Data Security in the Cloud

• Aura and Nonprofit Cyversity Partner to Support a More Inclusive Cyber Workforce

• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year

• NanoLock Addresses Global Industrial & OT Cyber Demand with Expansions into Europe and North America

• Netflix’s US Password-Sharing Crackdown Isn’t Happening—Yet

• CISA Releases One Industrial Control Systems Advisory

• Hackers Stole GitHub Desktop and Atom Code-Signing Certificates

• Amid FTX’s burning wreckage, Japan outpost promises asset withdrawals in February

• Conti Source Code & Everything API Employed by Mimic Ransomware

• Qwant or DuckDuckGo: Which Search Engine is More Private?

• Password Changes are Required for LastPass Customers

• Common Vulnerability Scoring System (CVSS)

• DOD’s open cyber recommendations date back to 2012

• Threat activity increasing around Fortinet VPN vulnerability

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• Spotify Beats Estimates, But Losses Soar

• China Start-Up ‘Delivers Quantum Computer’

• CEO, CIO or CFO: Who Should Your CISO Report To?

• Access management policy

• Are Your Employees Thinking Critically About Their Online Behaviors?

• Cyberattack on Fintech Firm Disrupts Derivatives Trading Globally

• Korelock Launches IOT Smart Lock Technology Company

• Hornetsecurity Combats QR Code Phishing With Launch of New Technology

• Understanding Business Email Compromise to better protect against it

• 10 Surprises of Remote Work from Security Engineers

• The U.N. Cybercrime Convention Should Not Become a Tool for Political Control or the Watering Down of Human Rights

• US Hospitals DDoS Attack, Websites Taken Down By Russian Hackers

• TSA U.S. ‘No Fly List’ Gets Leaked On Hacking Forum

• 10 Ways Digitalisation is Improving the UK Immigration Process

• Cybersecurity Industry News Review – 31 January 2023

• FBI Takes Down the Infamous Ransomware Gang’s Website

• As pandemic-era Medicaid provisions lapse, millions approach a coverage cliff

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• Facebook & Instagram Flaw Let Anyone Bypass Two-factor Authentication

• SAST: How Code Analysis Tools Look for Security Flaws

• Phishing attacks are getting scarily sophisticated. Here’s what to watch out for

• Speed up onboarding with Active Directory user templates

• GitHub code-signing certificates stolen (but will be revoked this week)

• You Really Need to Update Firefox and Android Right Now

• You Don’t Know Where Your Secrets Are

• The Lessons of the Electoral Count Reform Act: Next Steps in Reform

• Porsche Stops NFT Launch While Phishing Sites Fills The Space

• Why Attackers Target the Financial Services Industry

• What Is Dynamic Host Configuration Protocol (DHCP)?

• 10 Million JD Sports Customers Had Their Data Exposed in a Data Breach

• The Future of Online Shopping – What to Expect

• New year, new storage challenge

• More details emerge on NYC free internet pilot

• API management (APIM): What It Is and Where It’s Going

• Perception Point Announces New Record Year, Protecting Over 2,000 Organizations, Doubling Annual Recurring Revenue, and Expanding Portfolio into Web Security

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• US ‘Stops Providing’ Huawei Export Licences

• Samsung Chip Business Posts Profit Plunge

• Gartner Sees Further Smartphone, PC Sales Slide In 2023

• 11 Questions to Ask When Choosing an Application Security Vendor

• Saviynt raises $205M and affirms that IAM must be cloud-friendly

• Oversight Chairman Comer: ‘We’re two years behind in oversight’

• Cyber Insurance Companies Require Enhanced Security from Clients

• F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution

• HeadCrab malware targets Redis to mine cryptocurrency

• Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyberattacks

• Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years

• New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector

• 1-15 January 2023 Cyber Attacks Timeline

• 4 Ways Artificial Intelligence Is Making Virtual Casinos Safer for Users

• Malvertising attacks are distributing .NET malware loaders

• Essential Team Building for Strong Cloud Security

• C++ creator Bjarne Stroustrup defends its safety

• Dingo Token ranking is #774, with a live market cap of $10,941,525 USD is a SCAM!

• To protect satellites, secure your networks, chief of space ops says

• S3 Ep120: When dud crypto simply won’t let go [Audio + Text]

• 6 Examples of the Evolution of a Scam Site

• Microsoft Investigation – Threat actor consent phishing campaign abusing the verified publisher process

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• APT groups use ransomware TTPs as cover for intelligence gathering and sabotage

• Foreign states already using ChatGPT maliciously, UK IT leaders believe

• NTT, Palo Alto partner for managed SASE with AIOps

• The Hidden Threat: 1Password Password Manager Phishing Ads on Google

• Sentra raises $30M to streamline data securely across the public cloud

• Cyber Insights 2023 | Ransomware

• Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse

• Cyber Insights 2023 | Regulations

• Google Shells Out $600,000 for OSS-Fuzz Project Integrations

• CISA Adds Two Known Exploited Vulnerabilities to Catalog

• The Evolution of Antivirus Software to Face Modern Threats

• Threat Actors Use ClickFunnels to Bypass Security Services

• CISA Releases Six Industrial Control Systems Advisories

• A High-severity bug in F5 BIG-IP can lead to code execution and DoS

• Prilex modification now targeting contactless credit card transactions

• How the University of Tulsa is Educating and Training the Next Generation of Cybersecurity Professionals

• Scale Azure Firewall SNAT ports with NAT Gateway for large workloads

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• Industry voices complaints over short response window for $60B VA recompete

• CISA Releases Six Industrial Control Systems Advisories

• GitHub Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom

• QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates

• North Korea Led Biggest Year Ever Of Crypto Hacks

• Planet Ice – 240,488 breached accounts

• South Korea makes crypto crackdown a national justice priority

• Lack of emerging tech framework is ‘weakening’ US stance against China, lawmakers warn

• i-PRO New Multi-Sensor Lineup, PTZ Cameras & New Analytics at ISC West

• F5 Working on Patch for BIG-IP Flaw That Can Lead to DoS, Code Execution

• Ransomware attacks on public sector persist in January

• Arnold Clark Confirms Customer Data Compromised in Breach

• Soft Skills: Writing

• Mitigate risk by integrating threat modeling and DevOps processes

• Edgio Sponsors OWASP ModSecurity CRS to Further Advance Application Security Development

• ExtraHop Partners with Binary Defense to Deliver Managed Network Detection and Response

• Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™

• Trace3 to Deliver Managed Detection and Response Service Powered by Deepwatch

• Keyfactor Achieves Payment Card Industry Data Security Standard Compliance Certification

• United States Senator demands TikTok app store ban

• Study: Companies have upwards of 1,000 apps but only a third are integrated

• AppSec Playbook 2023: Study of 829M Attacks on 1,400 Websites

• Patch Critical Bug Now: QNAP NAS Devices Ripe for the Slaughter

• Speaking Engagements

• HPE, NetApp Warn Of Critical Open Source Bug

• Google Boosts Bounties For Open Source Flaws Found Via Fuzzing

• Up To 29,000 Unpatched QNAP Storage Devices Are Sitting Ducks To Ransomware

• Enter The Hunter Satellites Preparing For Space War

• Ransomware Attack On Data Firm ION Could Take Days To Fix

• CyberSaint STRONGER 2023 Conference Call for Speakers is Open!

• IRONSCALES Enters 2023 Riding Significant Wave of Positive Momentum

• BAE Systems part of contract award supporting CANES program

• KLDiscovery Names Lawrence B. Prior III, Chair of the Board, Adds Lloyd W. Howell Jr. to the Board of Directors

• Netflix password paid sharing amuses consumers to a certain extent

• 9 Ways You Can Improve Security Posture

• Lazarus Group Attack Identified After Operational Security Fail

• Women in CyberSecurity Calls for Participants for New Measuring Inclusion Workshops

• Cisco Releases Security Advisories for Multiple Products

• The Cybercrime Ecosystem Knits a Profitable Underground Gig Economy

• A Nunavut Ransomware Incident Was Not Reported by Qulliq Energy

• Rivian To Axe 6 Percent Of Jobs, Amid EV Price War

• Prilex POS malware evolves to block contactless transactions

• Cisco Releases Security Advisories for Multiple Products

• Romance Fraudsters Have Stolen £65m from Brits Since 2020

• Ransomware attack halts London trading

• Is malware abusing your infrastructure? Find out with VirusTotal!

• TrickGate: Malicious Software Outwitting Antivirus for 6 Years

• UK Car Retailer Arnold Clark Hit by Ransomware

• Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots

• ChatGPT May Already Be Used In Nation State Cyberattacks, Say IT Decision Makers in BlackBerry Global Research

• Cybersecurity Leaders Launch First Attack Matrix for Software Supply Chain Security

• Managing the Governance Model for Software Development in a No-Code Ecosystem

• Drupal Releases Security Update to Address a Vulnerability in Apigee Edge

• JD Sports: Data of 10 Million Customers at Risk

• Here’s How to Avoid Reddit Frauds

• Bitwarden Users Attacked via Malicious Google Ads

• Apple, Google Urged To Remove TikTok From App Stores

• How Do Threat Hunters Keep Organizations Safe?

• Romance fraud losses rose 91% during the pandemic, claims UK’s TSB bank

• IBM X-Force Exchange Threat Intelligence Platform

• Drupal Releases Security Update to Address a Vulnerability in Apigee Edge

• NTT Partners with Palo Alto Networks to Deliver Managed Prisma SASE

• Commercial Initiatives for Partner Success – Breakaway 1=5

• How ChatGPT Could Drive A Viral Crypto Narrative

• Russia Blocked Encrypted Email Startup Skiff

• LastPass Password Manager: increase this setting to improve security significantly

• Samsung Unveils Premium Galaxy S23 Series

• HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining

• Dealing With the Carcinization of Security

• Clarity and Transparency: How to Build Trust for Zero Trust

• Building a secure and scalable multi-cloud environment with Cisco Secure Firewall Threat Defense on Alkira Cloud

• John Eastman and the Limits of Bar Discipline

• Civilian Harm Mitigation: An Opportunity for Values-Based U.S. Leadership at NATO

• What SOCs Need to Know About Water Dybbuk, A BEC Actor Using Open-Source Toolkits

• New HeadCrab Malware Hijacks 1,200 Redis Servers

• Credential Stuffing, Pig Butchering, Security Keys for Your Apple Account, and the New Mac mini – Intego Mac Podcast Episode 277

• Lifetime VPNSecure subscriptions are now just $39.99

• Cybersecurity Budgets Are Going Up. So Why Aren’t Breaches Going Down?

• New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

• Experts warn of two flaws in popular open-source software ImageMagick

• EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft

• Cyber Insights 2023: Ransomware

• Cyber Insights 2023: Quantum Computing and the Coming Cryptopocalypse

• Cyber Insights 2023 | Supply Chain Security

• Cyber Insights 2023: Regulations

• AIs as Computer Hackers

• AI Transcription Service vs. Human Transcription: How to Decide?

• UK NCC Group To Cut Workforce By 7 Percent – Report

• Development Platform for Data Protection

• HeadCrab Malware Infects 1,200 Redis servers to Mine Monero

• OAuth Explained: A Guide to Understanding What It Is and How It Works

• Super Bock says ‘cyber’ nasty ‘disrupting computer services’

• Bitwarden’s Latest Update Takes Security to the Next Level

• Discrepancies Discovered in Vulnerability Severity Ratings

• ChatGPT Firm Trails Subscription Fee, Detection Tool

• Over 1800 Android Mobile App Web Injects for Sale on Hacking Forums

• Sextortion Scams – How They Persuade and What to Watch for

• Record $3.8bn Stolen Via Crypto in 2022

• North Korean Hackers Exploit Unpatched Zimbra Devices in ‘No Pineapple’ Campaign

• Cybersecurity budgets are going up. So why aren’t breaches going down?

• City Of London Traders Hit By Russia-Linked Cyberattack

• Pro-Russian Hackers Target European Hospitals

• InTheBox Threat Actor Sells Over 1,800 Web Injects on Cybercrime Forums

• Researchers Warn of Crypto Scam Apps on Apple App Store

• UK IT Leaders Fear ChatGPT Already Being Used In Nation State Cyberattacks, Reveals New BlackBerry Research

• Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

• Application Security for Microservices: API Gateway, Service Mesh, and More

• 600,000 Server-Side Iterations: Bitwarden’s Latest Update Takes Security to the Next Level

• Meta Pleases Investors With ‘Year Of Efficiency’ Pledge

• Less is more: Conquer your digital clutter before it conquers you

• City of London on High Alert After Ransomware Attack

• Photos: Cybertech Tel Aviv 2023, part 2

• Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms

• Do you know what your supply chain is and if it is secure?

• W-2 phishing scams: Everything you need to know

• New Prilex Malware Blocks Contactless Payments to Steal Credit Card Data

• New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers

• How to Address the Requirements of Personal Data Protection (PDP) Law of Indonesia

• Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw

• LockBit Ransomware Attack on ION and Expeditors faces $2m lawsuit from customer

• New UN cybercrime convention has a long way to go in a tight timeframe

• Threat actors abuse Microsoft’s “verified publisher” status to exploit OAuth privileges

• The emergence of trinity attacks on APIs

• School District 42 – 18,850 breached accounts

• Yugabyte Releases YugabyteDB Voyager to Accelerate Cloud Native Adoption through Simple, Risk-Free Migration

• Research Exposes Azure Serverless Security Blind Spots

• New APT34 Malware Targets The Middle East

• 6 Ransomware Trends & Evolutions For 2023

• 50% of organizations have indirect relationships with 200+ breached fourth-party vendors

• The next cyber threat may come from within

• Hybrid cloud storage security challenges

• Janes Secures Sam Gordy as President of Janes US via Benchmark Executive Search

• Tanium Appoints Dan Streetman as Chief Executive Officer

• CEA Invests in European-Based Cyber and Intel

• LATEST CYBERTHREATS AND ADVISORIES – JANUARY 13, 2023

• Predicting which hackers will become persistent threats

• InterVision enhances its cloud and security services for mid-market organizations

• Hornetsecurity unveils two tools to counter rise in phishing attacks and malicious links

• Neustar Security Services introduces UltraDDR for DNS-based user protection

• Content Delivery Network (CDN) FAQs

• Remote Debugging Dangers and Pitfalls

• Certa joins forces with Sayari to improve third party management

• Zscaler Resilience prepares businesses for unpredictable events

• Sentra raises $30 million to meet growing demand for data security in the cloud

• Dremio and Privacera enhance data security governance capabilities on data lakehouses

• SAP partners with Red Hat to enhance intelligent business operations

• Trulioo launches end-to-end identity platform

• Privacera connects to Dremio’s data lakehouse to aid data governance

• Guardz debuts with cybersecurity-as-a-service for small businesses

• New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs

• BrandPost: Nation-State Threats and the Rise of Cyber Mercenaries: Exploring the Microsoft Digital Defense Report

• Attack Vector vs Attack Surface: The Subtle Difference

• How to protect your business from supply chain attacks

• Up to 10 million people potentially impacted by JD Sports breach

• GitHub revokes several certificates after unauthorized access

• Malwarebytes earns AV-TEST Top Product awards for fifth consecutive quarter

• Check Point Software Join Forces with Samsung to Elevate Mobile Security

• Why CISOs Should Care About Brand Impersonation Scam Sites

• RedSeal appoints Gregory Enriquez as CEO

• Kurt Gaudette joins Dragos as VP of Global Threat Intelligence

• Nearly All Firms Have Ties With Breached Third Parties

• Monthly Threat Webinar Series in 2023: What to Expect

• Google boosts bounties for open source flaws found via fuzzing

• IT Security News Daily Summary 2023-02-01

• Check Point Software takes 1st Place in Independent Test of Top Network Firewalls

• Hoyer takes up post as top Dem on key approps subcommittee

• Dashboard helps city track diversity, equity, inclusion progress

• The headache of changing passwords

• Digital Health Company Allegedly Sold Sensitive Health Information To Facebook

• CISA to Open Supply Chain Risk Management Office

• Pro-Russia Killnet group hit Dutch and European hospitals

• Why you still need security alongside your API Gateway

• Malicious Reward Apps Trick Over 2 Million Android Users

• Google Fi User Data Breached Through T-Mobile Hack

• How endpoint management can transform retail

• Government watchdog warns on cyber weakness

• Inside Killnet: Pro-Russia Hacktivist Group’s Support and Influence Grows

• 10 steps to future water sustainability

• Greater Incident Complexity, Shift in How Threat Actors Use Stolen Data, Will Drive the Cyber Threat Landscape in 2023, Says Beazley Report

• No experience, No Problem – (ISC)² Recruits 140,000 Individuals Interested in a Cybersecurity Career

• Real Talk with CCSPs An interview with Vanessa Leite, CCSP, CISSP

• New cybersecurity BEC attack mimics vendors

• Vista Equity Partners Completes Acquisition of KnowBe4

• Radiant Logic Signs Definitive Agreement to Acquire Brainwave GRC

• Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

• Data sharing initiatives slowly gaining traction

• Flipper Zero: How to install third-party firmware (and why you should)

• OneNote documents spread malware in several countries

• What reverse shell attacks are and how to prevent them

• Password-stealing “vulnerability” reported in KeePass – bug or feature?

• Reduce Data Breaches by Adding a Data Privacy Vault to Your HealthTech App Architecture

• Cybersecurity organizations fight back against rise of emotet and omnatuor malvertising

• How APIs are shaping zero trust, and vice versa

• R&D funding vehicle could supercharge small biz innovation programs

• Singapore, EU digital pact to cover ‘all areas’ of bilateral cooperation

• Microsoft sweeps up after breaking .NET with December security updates

• Taking the next step: OSS-Fuzz in 2023

• Civil Society Organizations Call on the House Of Lords to Protect Private Messaging in the Online Safety Bill

• Working with AWS to secure your data against attack

• IoT, connected devices biggest contributors to expanding application attack surface

• BrandPost: Is Your Organization Security Resilient? Here’s How to Get There

• Why you might not be done with your January Microsoft security patches

• US DOJ applies carrot-and-stick approach to Foreign Corrupt Practices Act policy

• Misconfiguration and vulnerabilities biggest risks in cloud security: Report

• Cybersecurity sees rise of emotet and the omnatuor malvertising

• Va. regulators propose easing emission limits for data centers over power transmission concerns

• How to use BeEF, the Browser Exploitation Framework

• Beating the Odds: 3 Challenges Women Face in the Cybersecurity Industry

• It Was Smart for an AI

• C can be memory-safe

• Ransomware Attack Forces Closure of Nantucket Schools

• Attackers Abuse Microsoft’s Verified Publisher Status To Steal Data

• Apple’s Focus On Secrecy Violated Employee Rights

• SBF Barred From Contacting FTX Employees Via Signal

• Netflix’s New Password Sharing Restrictions Are Confusing

• DarkTrace’s Shares Dive As Short Sellers Circle

• Vulnerability in Cisco industrial appliances is a potential nightmare (CVE-2023-20076)

• Security in Style: Perimeter 81 Releases Limited Edition Fashion Capsule

• IT staff systems and data access policy

• 98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis

• VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities

• Malicious NPM, PyPI Packages Stealing User Information

• VMware Releases Security Update for VMware vRealize Operations

• The Unheard Story of a Crippling Ransomware

• Is it forensics or is it junk science?

• Microsoft: We are tracking these 100 active ransomware gangs using 50 types of malware

• Google Fi Confirms Data Breach, Hints At Link to T-Mobile Hack

• VMware Releases Security Update for VMware vRealize Operations

• Secure APIs to Drive Digital Business

• Security in gaming: How to Recognize and Prevent Social Engineering Attacks in Gaming

• Table Stakes Security Services for 2023

• cPacket Networks Experienced Hyper Growth in 2022

• GuidePoint Security Adds Fortress as the Latest Technology Partner in the Company’s Federal Emerging Cyber Vendor Program

• SecurityScorecard Research Shows 98% of Organizations Globally Have Relationships With At Least One Breached Third-Party

• Praetorian Appoints Peter Kwan as Vice President of Engineering

• The top 8 Cybersecurity threats facing the automotive industry heading into 2023

• Gem Security Emerges From Stealth With $11M, Unveils Cloud TDIR Platform for Faster Response to Cloud Threats

• Updates, Compilation

• Server-Side Request Forgery Attack Explained: Definition, Types, Protection

• Where Do the Most Ransomware Attacks Take Place in the United States?

• Ransomware attack shuts down Nantucket Public Schools and University of Iowa Hospitals

• Anker Confirms Eufy Cameras Not Fully Encrypted, Raising Concerns

• Key Firefox and Android updates you need to be aware of

• Hackers Abuse Microsoft’s ‘Verified Publisher’ OAuth Apps to Hack Organizations Cloud

• Ransomware Leads to Nantucket Public Schools Shutdown

• Gem Security Gets $11 Million Seed Investment for Cloud Incident Response Platform

• Dutch, European Hospitals ‘Hit by Pro-Russian Hackers’

• Researchers Claim High-Risk Vulnerabilities Found in 87% of All Container Images

• Contrast Security Launches Alliance Program to Change the Way Customers Scale Their Security Solutions

• Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover

• New Prilex PoS Malware evolves to target NFC-enabled credit cards

• Hacking Group: Darkweb Developers Are In High Demand

• Insider Attacks Becoming More Frequent, And Difficult Gurucul Report

• UK Government Details Plan To Regulate Crypto, Post FTX

• Fortra’s Terranova Security 2022 Gone Phishing Tournament Results Reveal Large Organizations at Highest Risk of Compromising Data

• What Is Ethical Hacking? An Introduction to the Concept

• How Can Technology Help Reduce Carbon Emissions?

• North Korean Cybercriminals Attempt to Steal $27M in ETH

• Northern European Criminals Copy the Lockbit Gang

• Titan-Stealer: A New Golang-based Info-Stealer Malware

• Introduction to Azure Data Lake Storage Gen2

• Red Hat gives an ARM up to OpenShift Kubernetes operations

• Gem Security shows detection and response key to cloud security, raises $11M

• Google Fi Users Caught Up in T-Mobile Breach

• ManageEngine Study Finds United States Enterprises Hit by Short-Staffed Security Operations Centers

• KnowBe4 to Offer $10,000 to Black Americans in Cybersecurity Scholarship

• Application Security Must Be Nonnegotiable

• How are you marking data privacy day?

• Key software updates you need to be aware of

• Apple To Launch ‘Folding iPad’ In 2024 – Report

• Contain Breaches and Gain Visibility With Microsegmentation

• Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing

• Checkmarx Launches Threat Intelligence for Open Source Packages

• Central Bank Immunity, Afghanistan, and Judgments Against the Taliban

• Safer Internet Day: Experts Reveal 7 Tips To Avoid DeepFake Scams

• How Crypto & Blockchain Technology Changed the Way Casinos Do Business

• Microsoft warning: These phishing attackers used fake OAuth apps to steal email

• The dark side of Optimize Mac Storage: What you need to know if you rely on it

• Boxx Insurance Raises $14.4 Million in Series B Funding

• Almost all Organizations are Working with Recently Breached Vendors

• Experts Warn of ‘Ice Breaker’ Cyberattacks Targeting Gaming and Gambling Industry

• Hive Ransomware: A Detailed Analysis

• New Versions of Prilex POS Malware Can Block Contactless Transactions

• Russian Hacktivists Target US and Dutch Hospitals

• Improve your AWS security posture, Step 3: Encrypt AWS data in transit and at rest

• Lessons learned from 2022

• Why confidential computing will be critical to (not so distant) future data security efforts

• Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking

• BEC Group Uses Open Source Tactics in Hundreds of Attacks

• Digital Project Design Brief: A Key to Effective Partnership

• Strengthening security on my Apple account!

• The New DevOps Performance Clusters

• ChatGPT: Is its use of people’s data even legal?

• Cyber Insights 2023: ICS and Operational Technology

• Cyber Insights 2023: The Geopolitical Effect

• Cyber Insights 2023: Criminal Gangs

• 30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability

• Prilex PoS Malware Blocks NFC Transactions to Steal Credit Card Data

• New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices

• New SH1MMER ChromeOS Exploit Jailbreaks Chromebooks

• Maximize Security with Bitwarden’s Latest Update: 600,000 Server-Side Iterations

• KeePass Password Manager Vulnerability: Is Your Data at Risk?

• China “Deeply Concerned” At US Halt Of Export Licences For Huawei

• Enter the Hunter Satellites Preparing for Space War

• Amazon Still Selling T95 TV Box with Pre-Installed Malware

• GitHub Breach – Hackers Stole Code Signing Certificates From Repositories

• The State of the US National Cybersecurity Strategy for the Electric Grid

• New LockBit Green ransomware variant borrows code from Conti ransomware

• Anker admits its Eufy security cameras were not end-to-end encrypted

• Google Fi Data Breach Reportedly Led to SIM Swapping

• Video walkthrough: Cybertech Tel Aviv 2023

• Threat Actors Gained Access to Google Fi Customers’ Information

• The Rise of the Code Package Threat

• Firms fear software stack breach as attack surface widens

• Thriving Dark Web Trade in Fake Security Certifications

• Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards

• Nevada Ransomware Has Released Upgraded Locker

• ​​Key Insights From the Guide to Cybersecurity Trends and Predictions for 2022-23

• PayPal To Axe 7 Percent Of Workforce

• Auditing Kubernetes with Open Source SIEM and XDR

• Photos: Cybertech Tel Aviv 2023

• US Official Confirms Japan, Netherlands Joined US China Chip Sanctions

• Nearly 30,000 QNAP Devices Exposed Via New Bug

• 29,000 QNAP Devices Unpatched In Critical Vulnerabilities

• Why performing security testing on your products and systems is a good idea

• Intel Cuts Pay For Staff, Executives

• ESET APT Activity Report T3 2022

• TrickGate, a packer used by malware to evade detection since 2016

• Data Privacy Capability Guide

• Hackers Abused Microsoft’s “Verified Publisher” OAuth Apps to Breach Corporate Email Accounts

• KeePass Password Manager vulnerability: what you need to know

• Attackers abuse Microsoft’s ‘verified publisher’ status to steal data

• Building a Quantum-Safe Blockchain Today

• As the anti-money laundering perimeter expands, who needs to be compliant, and how?

• Hackers Abused Microsoft’s “Verified Publisher” OAuth Apps to Hack Corporate Email Accounts

• Involta DRaaS+ secures critical business systems and data

• Ransomware Attacks on the Small and Medium Businesses are on the Rise

• Google Fi Customer Information leaked in a Cyber Attack

• 70% of CIOs anticipate their involvement in cybersecurity to increase

• The future of vulnerability management and patch compliance

• ERI Brings Carbon Neutral, SOC 2 Compliant Circular Economy Innovations to Indiana Businesses

• Bridge Security Advisors Names Brian Jeffords Chief Revenue Officer

• AppOmni Names Tina Hawk Chief People Officer

• Matt DeFrain Promoted to Managing Director and CORe Practice Leader at MorganFranklin Consulting

• SentinelOne and KPMG Announce Alliance to Accelerate Cyber Investigations and Response

• ThreatSpike Red makes offensive cybersecurity accessible to more organizations

• OTAVA releases Security as a Service to protect users against all attack vectors

• Trulioo identity verification platform helps businesses achieve regulatory compliance

• GroupSense VIP Monitoring service enables enterprises to proactively protect executives

• Mix of legacy OT and connected technologies creates security gaps

• Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software

• GitHub Reports Code-Signing Certificate Theft in Security Breach

• Writing a Modern HTTP(S) Tunnel in Rust

• How Can Disrupting DNS Communications Thwart a Malware Attack?

• 2023-01-31 – BB12 Qakbot (Qbot) with Cobalt Strike and VNC traffi

• BOXX Insurance raises $14.4 million to help customers stay ahead of cyber threats

• Red Hat and Oracle expand collaboration to standardize cloud operations

• Hackerman [Comic]

• Zero-trust security: A cheat sheet (free PDF)

• New data wipers deployed against Ukraine

• Google sponsored ads malvertising targets password manager

• 40% of online shops tricking users with “dark patterns”

• Check Point Software takes 1st Place in Independent Test of Top Network Firewalls Miercom NGFW Benchmark 2023

• Tribal broadband grants need better metrics

• Urban heat map reveals priority spots for cooling efforts

• 15 odd and interesting gift ideas for hackers in 2023

• Facebook Bug Discovered That Allowed Anyone To Bypass Two-Factor Authentication

• Firmware Flaws Could Spell ‘Lights Out’ for Servers

• IT Army of Ukraine gained access to a 1.5GB archive from Gazprom

• IT Security News Monthly Summary – February

• IT Security News Daily Summary 2023-01-31

• House lawmakers want VA’s $20 billion-plus electronic health record program to improve or else

• NASA SEWP director echoes concerns over looming deadlines for software providers

• Risk & Repeat: The FBI’s Hive ransomware takedown

• The FCC Broadband Maps: Meet the New Maps, Same as the Old Maps

• Energy Department wants national labs to drive regional innovation

• Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code

• ‘Ghost buses’ haunt transit agencies and frustrate riders

• Tribal broadband grants needs better metrics

• Microsoft upgrades Defender to lock down Linux gear for its own good

• Singapore can now order social media sites to block access, as ‘online safety’ law kicks in

• Microsoft upgrades Defender to lock down Linux devices for their own good

• Measuring for management

• What cybersecurity consolidation means for enterprises

• Phishers Trick Microsoft Into Granting Them ‘Verified’ Cloud Partner Status

• EFF Files Amicus Briefs in Two Important Geofence Search Warrant Cases

• Setting the Record Straight: EFF Statement in Support of FCC Nominee Gigi Sohn

• ChatGPT Clone Apps Collecting Personal Data on iOS, Play Store

• Poser Hackers Impersonate LockBit in SMB Cyberattacks

• Experts released VMware vRealize Log RCE exploit for CVE-2022-31706

• John the Ripper: Password Cracking Tutorial and Review

• Vulnerability Summary for the Week of January 23, 2023

• What Makes ReactJS Good for Logistics Applications in 2023?

• Will Cybersecurity Remain Recession-Proof in 2023?

• Two Steps Forward, One Step Back on Vaccine Privacy in New York

• Zero trust security: A cheat sheet (free PDF)

• Horizon3.ai releases POC exploit for VMware vulnerabilities

• GitHub Says Hackers Cloned Code-Signing Certificates In Breached Repository

• Threats to VoIP Security Are Rising

• The 12 Biggest Android App Development Trends in 2023

• CIOs hold greater organizational leadership status

• GitHub Confirms Signing Certificates Stolen in Cyber-Attack, Revokes Them

• Crystal Group Joins the vPAC Alliance as Charter Member

• USPS signs data management contract worth up to $70M with Veritas Technologies

• Sentra Raises $30 Million for DSPM Technology

• OffSec Yearly Recap 2022

• U.S. Stops Granting Export Licenses For China’s Huawei

• KeePass Disputes Report Of Flaw That Could Exfiltrate A Database

• Chromebook SH1MMER Exploit Promises Admin Jailbreak

• Bill Targets Suicide Hotline Vulnerabilities After Cyberattack On Intrado

• South Korea Makes Crypto Crackdown A National Justice Priority

• DOD instructs acquisition teams to prioritize small business engagement over best-in-class contracts

• DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000

• CISA Releases One Industrial Control Systems Advisory

• ManageEngine Study Finds United States Enterprises Hit by Short-staffed Security Operations Centers

• Advanced IT Concepts (AITC) Names New Chief of Cyber and Technology Programs

• Menlo Security Cloud Security Platform Receives FedRAMP® Authorization

• Stories from the SOC – RapperBot, Mirai Botnet – C2, CDIR Drop over SSH

• Russia Killnet launches DDoS attack on Netherlands and the United States

• Tech Nation To Shut Down After Government Pulls Grant

• The Data Leakage Nightmare in AI

• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year

• NanoLock Addresses Global Industrial & OT Cyber Demand with Expansions into Europe and North America

• CISA Releases One Industrial Control Systems Advisory

• Hackers Stole GitHub Desktop and Atom Code-Signing Certificates

Generated on 2023-02-05 23:59:24.244341