IT Security News Daily Summary 2023-01-25

• Zacks Investment Research data breach impacted hundreds of thousands of customers

• New Wave of Cyberattacks Targeting MS Exchange Servers

• GAO calls on Energy Department to bolster competition for management contracts

• Microsoft closes another door to attackers by blocking Excel XLL files from the internet

• ChatGPT could boost phishing scams

• Healthcare Remains Top Target in 2022 ITRC Breach Report

• Google Pushes Privacy to the Limit in Updated Terms of Service

• Zacks Investment Research Hack Exposes Data for 820K Customers

• Davos Debrief: Critical Shortage of Cybersecurity Talent Requires Action on Several Fronts, CompTIA Executive Says

• Despite Slowing Economy, Demand for Cybersecurity Workers Remains Strong

• I’m still bitter about Slammer

• SAFHER cloud-based platform for regulating food and agriculture comes closer to fruition

• It takes a team to secure operational technology

• Researchers Pioneer PoC Exploit for NSA-Reported Bug in Windows CryptoAPI

• Handling Automatic ID Generation in PostgreSQL With Node.js and Sequelize

• iPhone Security: Do iPhones Need Antivirus?

• Contractor error led to Baltimore schools ransomware attack

• Experian Glitch Exposing Credit Files Lasted 47 Days

• GoTo Encrypted Backups Stolen in LastPass Breach

• Fani Willis to Judge McBurney: Give Us Time, Please

• Google Chrome 109 update addresses six security vulnerabilities

• Choosing the Best Cloud Provider for Hosting DevOps Tools

• How one state cut its vehicle titling time down to a few days

• Survey: Cybersecurity budgets aren’t matching cybersecurity challenges

• How cyber deception technology strengthens enterprise security

• Protecting Against Malicious Use of Remote Monitoring and Management Software

• CISA, NSA, and MS-ISAC Release Advisory on the Malicious Use of RMM Software

• How to Prevent Cross-Site Scripting (XSS) Attacks

• Protecting Against Malicious Use of Remote Monitoring and Management Software

• CISA, NSA, and MS-ISAC Release Advisory on the Malicious Use of RMM Software

• North Korea-linked TA444 group turns to credential harvesting activity

• Kronos Malware Reemerges with Increased Functionality

• Malicious Prompt Engineering With ChatGPT

• North Korean Group TA444 Shows ‘Startup’ Culture, Tries Numerous Infection Methods

• North Korea’s Top APT Swindled $1B From Crypto Investors in 2022

• Log4j Vulnerabilities Are Here to Stay — Are You Prepared?

• VMware Releases Security Updates for VMware vRealize Log Insight

• GoTo’s LastPass Breach: Encrypted Customer Data Taken

• How to use Security Keys to protect your Apple ID on your iPhone

• Multicloud Security Challenges Will Persist in 2023

• VMware Releases Security Updates for VMware vRealize Log Insight

• Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages

• Top FinTech API Security Challenges

• Plan for federal AI research and development resource emphasizes diversity in innovation

• Security Update for Chrome 109 Patches 6 Vulnerabilities

• Centralized services as a hedge against shadow IT’s escalation

• Yahoo Overtakes DHL As Most Impersonated Brand in Q4 2022

• Microsoft Security reaches another milestone—Comprehensive, customer-centric solutions drive results

• OSC Edge Earns Recurring Spot on Washington Technology’s 2022 Fast 50 List and Rewards Employees with Additional Bonus

• Cloud Range Launches the First OT/ICS Cyber Range for Live-Fire Training to Reduce Risk from Cyber Attacks on Critical Infrastructure

• Public Safety Threat Alliance Joins CISA’s Joint Cyber Defense Collaborative to Enhance Cybersecurity Posture of United States and Strategic International Partners

• NETSCOUT Appoints Shannon Nash and Marlene Pelage to Board of Directors

• SpyCloud Compass Reduces Ransomware Risk with Post-Infection Remediation

• The risks of 5G security

• Learn cutting-edge ethical hacking techniques for just $39.99

• Cybersecurity Budgets Increase for Retail & Hospitality Industry

• BD Publishes 2022 Cybersecurity Annual Report

• ThreatConnect Extends Threat Intelligence Platform to Enable Threat Intelligence Operations (TI Ops)

• Apple launches educational video resources to iPhone users on Data Privacy Day

• 2023 Predictions: Emerging Tech & Global Conflict Bring New Cyber Threats

• The Role of Data Governance in Data Strategy: Part II

• Federated learning key to securing AI

• CISA releases guide to help safeguard K-12 schools from cyber threats

• North Korean APT Expands Its Attack Repertoire

• Risk & Repeat: Another T-Mobile data breach disclosed

• Ticketmaster Claims Bot Attack Disrupted Taylor Swift Tour Sales

• BlackBerry’s Inaugural Quarterly Threat Intelligence Report Reveals Threat Actors Launch One Malicious Threat Every Minute

• Quantum Computers No Threat To Encryption Just Yet

• GoTo Warns Customers Of Crypto Key And Backup Heist

• DragonSpark Threat Actor Leverages Open Source RAT

• Hackers Demand $10M From Riot Games To Stop Leak Of League Of Legends Source Code

• Recharge Industries Makes Surprise Bid For Britishvolt – Report

• Revolutionizing Supply Chain Management With AI: Improving Demand Predictions and Optimizing Operations

• What Is the Main Vector of Ransomware Attacks?

• Twitter Ad Spending Fell Over 70 Percent In December – Report

• 2023 Software Testing Trends: A Look Ahead at the Industry’s Future

• Who Will Be the Next National Cyber Director?

• Infosys Uses Cortex XSIAM to Revolutionize Your SOC

• Strata Raises $26 Million for Multi-Cloud Identity Management Platform

• New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch

• CISA Provides Resources for Securing K-12 Education System

• Can’t Fill Open Positions? Rewrite Your Minimum Requirements

• Threat actors launch one malicious attack every minute

• Apple’s Wireless Charging Push: Doing More Harm Than Good

• Attacking The Supply Chain: Developer

• Chat Cybersecurity: AI Promises a Lot, but Can It Deliver?

• Finland in 2023: Beyond Military Nonalignment and a Revanchist Putin

• Big Data and the Law of War

• How to Choose Bitcoin Casino

• A Swiss Hacker Uncovered Confidential FBI Terrorism Screening Center File

• Linux Malware Records a New High in 2022

• PayPal Users Should Check Their Accounts

• UK Watchdog Opens Investigation Of $61bn Broadcom-VMware Buy

• Announcing the new Security Headers API, New Features and Upgrades!

• Microsoft Azure Logic Apps Service

• Best Practices to Succeed at Continuous AWS Security Monitoring

• Strata raises $26M to unify IAM across the cloud

• Forward Networks Raises $50 Million in Series D Funding

• South Dakota’s Noem Says Cell Phone Number Hacked

• The Salt Security API Protection Platform is Now Available on Google Cloud Marketplace

• No experience, No Problem – (ISC)² Recruits 140,000 Individuals Interested in a Cybersecurity Career

• The Definitive Browser Security Checklist

• Riot Games Says Source Code Stolen in Ransomware Attack

• Password Dependency: How to Break the Cycle

• Endpoint Protection Capability Guide

• Entire US “No Fly List” Exposed Online Via Unsecured Server

• Steps To Planning and Implementation Of Endpoint Protection

• Riot Games breached: How did it happen?

• US DoJ Sues Google Over Online Ad Domination

• Apple just patched this ‘actively exploited’ flaw in older iPhones and iPads

• Memory safe programming languages are on the rise. Here’s how developers should respond

• Data Privacy Legislation: What You Should Be Looking for in 2023

• US Cyber Command Operations During the 2022 Midterm Elections

• Strengthening the human element

• The Future of Cloud Engineering Evolves

• North Korean Hackers Turn to Credential Harvesting in Latest Wave of Cyberattacks

• Critical VMware vRealize Log Insight flaws patched (CVE-2022-31706, CVE-2022-31704)

• Riot Games Receives a $10 Million Ransom Demand

• Google Sued for Monopolizing the Online Ad Market

• DDoS Attacks in 2022 Exceeded All Records, Says Russia’s Largest ISP

• The benefits of video conferencing with iMind

• DragonSpark threat actor avoids detection using Golang source code Interpretation

• French rugby club Stade Français leaks source code

• Registry Vulnerability Scanning: Early Prevention for Max Efficiency

• Regulator Stress Test Highlights Cyber Insurance Concerns

• Ukraine deepens NATO cyber partnership

• North Korean cryptocurrency hackers expand target list

• LastPass Owner GoTo Confirms Hackers Stole Customers’ Backups

• Micorosft Down – Xbox, Azure, MS365 and MS Teams Down

• Your 10-Minute Guide to PKI and How Internet Encryption Works

• 2023 MacBook Pro review: A refined second generation

• Fearing ChatGPT, Google enlists founders Brin and Page in AI fight

• China Is the World’s Biggest Face Recognition Dealer

• How to Choose a Software Solution for Your Hospitality Business

• The Intersection of Artificial Intelligence and Environmental, Social, and Governance Concerns

• Financial Firms In The European Union Are Facing Strict Rules Around Cloud Based Services

• New Cheats May Emerge After Riot Games Hack

• GoTo Admits Hackers Stole Customers’ Backups & Encryption Keys

• No-fly list with details of over 1 million people leaked by hacker

• Just Half of Firms Have Sufficient Cybersecurity Budget

• Microsoft Investigates Outage With Teams, Outlook

• Australian man given two-year jail sentence for $69K phishing scams

• Chip giant ASML sees 2023 sales surge; says China revenue to be steady despite U.S. restrictions

• Cybersecurity professionals upskill in Brazil and Mexico

• Why performing security testing on your products and systems is a good idea

• Go to security school, GoTo – theft of encryption keys shows you need it

• VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities

• LastPass Parent Company GoTo Suffers Data Breach, Customers’ Backups Compromised

• Wireshark 4.0.3 Released – What’s New!

• Breaking Down the NASCIO Top 10 for 2023

• Google advertisements turning into malware spreading platforms

• What makes small and medium-sized businesses vulnerable to BEC attacks

• Chinese researchers: RSA is breakable. Others: Do not panic!

• Most consumers would share anonymized personal data to improve AI products

• How to tackle the cybersecurity skills shortage in the EU

• BrandShield Recognized by Frost & Sullivan as a Leader in Digital Risk Protection Services

• Hackers Using Sliver Framework as an Alternative to Cobalt Strike & Metasploit

• F5 Reports 2% Revenue Growth in its First Quarter of Fiscal Year 2023

• New Tech Port Center + Arena Renamed Boeing Center at Tech Port

• ERI Brings Carbon Neutral, SOC 2 Compliant Circular Economy Innovations to California Businesses

• Dependency Mapping for DevSecOps

• Datto introduces networking solutions for MSP and SMB markets

• Venafi TLS Protect for Kubernetes simplifies machine identity management

• 5 valuable skills your children can learn by playing video games

• Logfile management is no fun. Now it’s a nightmare thanks to critical-rated VMware flaws

• A Brief Overview of the Spring Cloud Framework

• GoTo admits: Customer cloud backups stolen together with decryption key

• What is Stakeholder-Specific Vulnerability Categorization?

• Skyhawk Security Launches Multicloud Runtime Threat Detection and Response Platform

• Key takeaways from Malwarebytes 2023 State of Mobile Cybersecurity

• Riot Games compromised, new releases and patches halted

• What privacy can get you

• VASTFLUX ad fraud massively affected millions of iOS devices, dismantled

• Own an older iPhone? Check you’re on the latest version to avoid this bug

• Facebook Announces It Will Centralize More Privacy Settings Across Its Apps

• View from Davos: The Changing Economics of Cybercrime

• VMware warns of critical code execution bugs in vRealize Log Insight

• Lawmakers want GAO to assess risk of government contractors working for China

• IT Security News Daily Summary 2023-01-24

• Project Hygiene

• Mr. Over, the Engineer [Comic]

• Distributed Stateful Edge Platforms

• Public Cloud-to-Cloud Repatriation Trend

• Spring Cloud: How To Deal With Microservice Configuration (Part 1)

• Cyber grants: Some governments may be ‘totally left out’

• Smart street pilots aim to curb parking violations

• Penetration Testing vs. Vulnerability Testing: An Important Difference

• Ticketmaster Blames Bots in Taylor Swift ‘Eras’ Tour Debacle

• Pakistan hit by nationwide power outage, is it the result of a cyber attack?

• Learning to Lie: AI Tools Adept at Creating Disinformation

• Cyber grants could leave some governments ‘totally left out’

• Apple emits emergency patch for older iPhones after snoops pounce on WebKit hole

• Recent rise in SEO poisoning attacks compromise brand reputations

• How hackers stole the personal data of 37 million T-Mobile customers

• VMware Plugs Critical Code Execution Flaws

• Apple issues emergency patch for outdated iPhones after criminals pounce on WebKit

• USAID seeks contractor input on new STEM fellowship program

• States look to speed fiber installation across railroad tracks

• Chat Cybersecurity: AI Promises a Lot, But Can It Deliver?

• Forescout Appoints Technology Veteran Barry Mainz as CEO

• Vulnerability Summary for the Week of January 16, 2023

• Cybercriminals Use VSCode Extensions as New Attack Vector

• Fenix24 Releases White Paper Proposing New Cyber Incident Response Paradigm

• The Next Stage in Security Expert’s Trial Set for January 31

• Fujitsu: Quantum computers no threat to encryption just yet

• How password management tools are helping enterprises prevent intrusions

• What’s in a word? FCC’s proposed data breach rule redefines key terms

• Administrator of RSOCKS Proxy Botnet Pleads Guilty

• Sophisticated SMS Phishing scam Dupes Zendesk Staff

• What is XDR, MXDR, DRs & SBOM ? – Cybersecurity Acronyms 2023

• Customer data, encryption key stolen in GoTo breach

• GSA wants nominations for its new FedRAMP committee

• #DataPrivacyWeek: ICO Offers Data Protection Advice to SMBs

• TSA No-Fly List Snafu Highlights Risk of Keeping Sensitive Data in Dev Environments

• ‘DragonSpark’ Malware: East Asian Cyberattackers Create an OSS Frankenstein

• The 2022-2023 Cloud Awards Announces Its Finalists

• Keeper Security Shares Password Best Practices Ahead of Data Privacy Day

• Armis State of Cyberwarfare and Trends Report: 2022-2023 Highlights Global IT and Security Professionals’ Sentiment on Cyberwarfare

• Apple Releases Security Updates for Multiple Products 

• Five Secrets to Crafting an Unforgettable Business Name

• 10 cybersecurity predictions for tech leaders in 2023

• GoTo Says Hackers Stole Encrypted Backups, MFA Settings

• passkey

• DragonSpark Hackers Evade Detection With SparkRAT and Golang

• Apple Releases Security Updates for Multiple Products 

• Conning Survey: U.S. Insurers Expected to Increase Investment Risk Tolerance Amid Concerns of Higher Volatility and Inflation

• Sysdig Grows New Customers by 120%, Appoints New Chief Marketing Officer

• Everyone Wants to Build a Cyber Range: Should You?

• Companies slow to “mask up” with zero trust cybersecurity protocols

• Get lifetime access to this feature-rich VPN for just $60

• backdoor (computing)

• Microsoft to Block Excel Add-ins to Stop Office Exploits

• Fulton County Hearing Live-Blog

• Global State Of Cyberwarfare Study

• Apple Patches Exploited iOS Vulnerability in Old iPhones

• FBI Confirms Lazarus Group Was Behind $100m Harmony Hack

• LAUSD Computers are Breached via Cybercriminals

• After a Vendor Hack, FanDuels Warns of a Data Breach

• SentinelOne Announces Executive Appointments and Promotions Amidst Rapid Growth

• Halo Security Platform Now Offers Visibility to the Vulnerabilities That Matter Most

• Venafi Introduces TLS Protect for Kubernetes to Simplify Cloud Native Machine Identity Management

• FireTail Names Timo Rüppell as Vice President of Product

• Working with AWS to secure your data against attack

• #DataPrivacyWeek: Consumers Already Concerned About AI’s Impact on Data Privacy

• 13 Best Intrusion Detection and Prevention Systems (IDPS) for 2023

• CISA Releases Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats

• CISA Releases Two Industrial Control Systems Advisories

• GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

• Raspberry Pi Hacking Like It’s 1995

• FBI: North Korean Hackers Behind $100M Horizon Bridge Theft

• Microsoft To Invest Billions In Chatbot Maker OpenAI

• Ransomware Victims Are Refusing To Pay

• Russia’s Largest ISP Reports Highest DDoS Attacks in 2022

• How Does Increased User Privacy Alter Mobile Advertisement Set-up?

• China spies on the UK populace with microchips

• Sweden To Upgrade Nvidia-Powered Berzelius Supercomputer

• What is the Android Files Safe folder and how do you use it?

• FBI Confirms North Korean Hackers Behind $100 Million Horizon Bridge Heist

• Attacks Targeting Realtek SDK Vulnerability Ramping Up

• Arm Vulnerability Leads to Code Execution, Root on Pixel 6 Phones

• Microsoft to Block Excel XLL Add-Ins to Stop Malware Delivery

• CISA Releases Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats

• CISA Releases Two Industrial Control Systems Advisories

• GoTo now says customers’ backups have also been stolen

• Microsoft Seals Multi-Billion Dollar Deal With OpenAI

• What is Security Keys for Apple ID and why does it matter?

• Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection

• FBI confirms that North Korea-linked Lazarus APT is behind Harmony Horizon Bridge $100 million cyber heist

• EU Lawmakers Approve ‘Prohibitive’ Crypto Rules

• Too Much Caffeine? Phishing-as-a-Service Makes Us Jittery

• Security and the Electric Vehicle Charging Infrastructure

• Finally Some Clear Thinking on Child Sexual Abuse and Exploitation Investigation and Intervention

• 2023 Insider Threat Report Finds Three-Quarters of Organizations are Vulnerable to Insider Threats

• Crypto Exchange Bizlato ‘Laundered 1bn Euros’ In Crime Funds

• Zendesk Hacked After Employees Fall for Phishing Attack

• Microsoft Office to Block XLL Add-ins From Internet

• Cygnvs Emerges From Stealth Mode With Incident Response Platform

• Spotify To Cut 6 Percent Of Staff

• Chinese Hackers Exploit FortiOS Zero-Day Vulnerability to Deploy New Malware

• Privacy’s impact continues to grow, but more remains to be done

• Cyber Attack at ODIN Intelligence Discloses a Massive Trove of Police Raid Files

• 6 of the Best Crypto Bug Bounty Programs

• Snyk and ServiceNow’s strategic partnership shows DevSecOps isn’t a fad

• FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft

• Threat Actors Adopt Silver To Popular C2 Frameworks

• An IBM Hacker Breaks Down High-Profile Attacks

• The Unrelenting Menace of the LockBit Ransomware Gang

• Meta Platforms expands features for EE2E on Messenger App

• Apple delivers belated zero-day patch for iOS v12 (CVE-2022-42856)

• Microsoft Seals ‘Multi-Billion Dollar’ Deal With OpenAI

• Emotet Malware Makes a Comeback with New Evasion Techniques

• Security Navigator Research: Some Vulnerabilities Date Back to the Last Millennium

• How To Safeguard Your Business From Cybersecurity Stress And Prevent IT Burnout

• Highlights from Armis State of Cyberwarfare and Trends Report: 2022-2023

• 2022 Cyber Attacks Statistics

• Gartner: Zero Trust Will Not Mitigate Over Half of Attacks

• CISA added Zoho ManageEngine RCE (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog

• The Information Revolution – Revisiting Your DLP

• North Korea-linked hackers behind $100 million crypto heist, FBI says

• Musk Tells Court Tesla Tweet Not A ‘Joke’

• One-third of orgs don’t take cyberwarfare seriously despite the Russia-Ukraine war

• ioSafe 1522+ helps organizations protect data from fire and water

• Hillstone StoneOS 5.5R10 provides ML-based threat detection for encrypted traffic

• Arctic Wolf IR JumpStart Retainer addresses accessibility challenges for organizations

• The Indian Ministry of External Affairs Email servers were hacked and data leaked

• Ofcom Opens Probe Into BT Customer Contracts

• Refurbished versus Remanufactured: What’s the Difference and Why Does it Matter?

• Gartner: Zero Trust Won’t Mitigate Over Half of Attacks

• 2022 Cyber Review – Is Your Organisation Ready For 2023

• Job scams: How they persuade and how to protect yourself

• 5 Long-term Benefits of Adopting Zero Trust Architecture

• ICO Offers Data Protection Advice to SMBs

• Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability

• GTA Online Glitch Exploited, Corrupts Players’ Accounts & Ban

• Vice Society Ransomware Group Targets Manufacturing Companies

• Record-Breaking Year for DDoS Attacks Targeting Russia

• Thoma Bravo to Buy Magnet Forensics in $1.3B Transaction

• Apple Patches WebKit Code Execution in iPhones, MacBooks

• Need to improve the detection capabilities in your security products?

• Researcher found US ‘No Fly List’ on an unsecured server

• Cryptocurrencies: How have they influenced cybercrime?

• Podcast Episode: Don’t Be Afraid to Poke the Tigers

• Facebook Introduces New Features for End-to-End Encrypted Messenger App

• A closer look at malicious packages targeting Python developers

• Understanding your attack surface makes it easier to prioritize technologies and systems

• GAO pegs unemployment insurance fraud tally at more than $60 billion

• How to use Red Hat Insights malware detection service

• NSA publishes IPv6 Security Guidance

• BSidesZG 2023: Strengthening the infosec community in Croatia’s capital

• PCI Successfully Completes SOC/FISMA Examinations for 2022

• Latest Cyberthreats and Advisories – January 6, 2023

• Hybrid play: Leveling the playing field in online video gaming and beyond

• Apple patches are out – old iPhones get an old zero-day fix at last!

• How Does a Botnet Attack Work?

• How To Reduce Rising Cyber Insurance Costs When You Have a Remote Workforce

• Ransomware Recovery Plan for 2023

• 2023-01-23 – Google ad –> Fake AnyDesk page –> possible TA505 activity

• A week in security (January 16—22)

• T-Mobile reports data theft of 37 million customers in the US

• Ransomware revenue significantly down over 2022

• Microsoft to end direct sale of Windows 10 licenses at the end of January

• TikTok CEO told to “step up efforts to comply” with digital laws

• 4 ways to protect your privacy while scrolling

• 10 Best Open-Source Vulnerability Scanners for 2023

• KomplettFritid – 139,401 breached accounts

Generated on 2023-01-25 23:55:34.625085