IT Security News Daily Summary 2023-01-31

• House lawmakers want VA’s $20 billion-plus electronic health record program to improve or else

• NASA SEWP director echoes concerns over looming deadlines for software providers

• Risk & Repeat: The FBI’s Hive ransomware takedown

• The FCC Broadband Maps: Meet the New Maps, Same as the Old Maps

• Energy Department wants national labs to drive regional innovation

• Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code

• ‘Ghost buses’ haunt transit agencies and frustrate riders

• Tribal broadband grants needs better metrics

• Microsoft upgrades Defender to lock down Linux gear for its own good

• Singapore can now order social media sites to block access, as ‘online safety’ law kicks in

• Microsoft upgrades Defender to lock down Linux devices for their own good

• Measuring for management

• What cybersecurity consolidation means for enterprises

• Phishers Trick Microsoft Into Granting Them ‘Verified’ Cloud Partner Status

• EFF Files Amicus Briefs in Two Important Geofence Search Warrant Cases

• Setting the Record Straight: EFF Statement in Support of FCC Nominee Gigi Sohn

• ChatGPT Clone Apps Collecting Personal Data on iOS, Play Store

• Poser Hackers Impersonate LockBit in SMB Cyberattacks

• Experts released VMware vRealize Log RCE exploit for CVE-2022-31706

• John the Ripper: Password Cracking Tutorial and Review

• Vulnerability Summary for the Week of January 23, 2023

• What Makes ReactJS Good for Logistics Applications in 2023?

• Will Cybersecurity Remain Recession-Proof in 2023?

• Two Steps Forward, One Step Back on Vaccine Privacy in New York

• Zero trust security: A cheat sheet (free PDF)

• Horizon3.ai releases POC exploit for VMware vulnerabilities

• GitHub Says Hackers Cloned Code-Signing Certificates In Breached Repository

• Threats to VoIP Security Are Rising

• The 12 Biggest Android App Development Trends in 2023

• CIOs hold greater organizational leadership status

• GitHub Confirms Signing Certificates Stolen in Cyber-Attack, Revokes Them

• Crystal Group Joins the vPAC Alliance as Charter Member

• USPS signs data management contract worth up to $70M with Veritas Technologies

• Sentra Raises $30 Million for DSPM Technology

• OffSec Yearly Recap 2022

• U.S. Stops Granting Export Licenses For China’s Huawei

• KeePass Disputes Report Of Flaw That Could Exfiltrate A Database

• Chromebook SH1MMER Exploit Promises Admin Jailbreak

• Bill Targets Suicide Hotline Vulnerabilities After Cyberattack On Intrado

• South Korea Makes Crypto Crackdown A National Justice Priority

• DOD instructs acquisition teams to prioritize small business engagement over best-in-class contracts

• DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000

• CISA Releases One Industrial Control Systems Advisory

• ManageEngine Study Finds United States Enterprises Hit by Short-staffed Security Operations Centers

• Advanced IT Concepts (AITC) Names New Chief of Cyber and Technology Programs

• Menlo Security Cloud Security Platform Receives FedRAMP® Authorization

• Stories from the SOC – RapperBot, Mirai Botnet – C2, CDIR Drop over SSH

• Russia Killnet launches DDoS attack on Netherlands and the United States

• Tech Nation To Shut Down After Government Pulls Grant

• The Data Leakage Nightmare in AI

• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year

• NanoLock Addresses Global Industrial & OT Cyber Demand with Expansions into Europe and North America

• CISA Releases One Industrial Control Systems Advisory

• Hackers Stole GitHub Desktop and Atom Code-Signing Certificates

• Amid FTX’s burning wreckage, Japan outpost promises asset withdrawals in February

• Qwant or DuckDuckGo: Which Search Engine is More Private?

• Password Changes are Required for LastPass Customers

• US Justice Department Requests Tesla Self-Driving Documents

• DevSecOps Benefits and Challenges

• Microsoft’s Verified Publisher Status Abused in Email Theft Campaign

• Cyber Insights 2023: Artificial Intelligence

• Cyber Insights 2023: Cyberinsurance

• Cyber Insights 2023: Attack Surface Management

• Financial Services Targeted in 28% of UK Cyber-Attacks Last Year

• Sentra Raises $30 Million Series A Financing to Meet Growing Demand for Data Security in the Cloud

• Aura and Nonprofit Cyversity Partner to Support a More Inclusive Cyber Workforce

• GitHub to revoke stolen code signing certificates for GitHub Desktop and Atom

• Conti Source Code & Everything API Employed by Mimic Ransomware

• US Hospitals DDoS Attack, Websites Taken Down By Russian Hackers

• Attackers used malicious “verified” OAuth apps to infiltrate organizations’ O365 email accounts

• TSA U.S. ‘No Fly List’ Gets Leaked On Hacking Forum

• 10 Ways Digitalisation is Improving the UK Immigration Process

• FBI Takes Down the Infamous Ransomware Gang’s Website

• China Start-Up ‘Delivers Quantum Computer’

• CEO, CIO or CFO: Who Should Your CISO Report To?

• Critical QNAP Vulnerability Leads to Code Injection

• How the Atomized Network Changed Enterprise Protection

• Guardz Emerges From Stealth Mode With $10 Million in Funding

• Are Your Employees Thinking Critically About Their Online Behaviors?

• Understanding Business Email Compromise to better protect against it

• 10 Surprises of Remote Work from Security Engineers

• Cybersecurity Industry News Review – 31 January 2023

• Spotify Beats Estimates, But Losses Soar

• The U.N. Cybercrime Convention Should Not Become a Tool for Political Control or the Watering Down of Human Rights

• The Lessons of the Electoral Count Reform Act: Next Steps in Reform

• Why Attackers Target the Financial Services Industry

• The Future of Online Shopping – What to Expect

• Phishing attacks are getting scarily sophisticated. Here’s what to watch out for

• Pro-Palestine hackers threaten Israeli chemical companies

• Perception Point Announces New Record Year, Protecting Over 2,000 Organizations, Doubling Annual Recurring Revenue, and Expanding Portfolio into Web Security

• What Is Dynamic Host Configuration Protocol (DHCP)?

• 10 Million JD Sports Customers Had Their Data Exposed in a Data Breach

• Why Cybersecurity Business Needs a Real-Time Collaboration Tool

• You Don’t Know Where Your Secrets Are

• Facebook & Instagram Flaw Let Anyone Bypass Two-factor Authentication

• SAST: How Code Analysis Tools Look for Security Flaws

• New year, new storage challenge

• GitHub Revokes Code Signing Certificates Following Cyberattack

• Saviynt Raises $205M; Founder Rejoins as CEO

• OpenVEX Spec Adds Clarity to Supply Chain Vulnerability Warnings

• Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596)

• GitHub code-signing certificates stolen (but will be revoked this week)

• You Really Need to Update Firefox and Android Right Now

• Porsche Stops NFT Launch While Phishing Sites Fills The Space

• Gartner Sees Further Smartphone, PC Sales Slide In 2023

• Oversight Chairman Comer: ‘We’re two years behind in oversight’

• Cyber Insurance Companies Require Enhanced Security from Clients

• Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years

• New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector

• 1-15 January 2023 Cyber Attacks Timeline

• Samsung Chip Business Posts Profit Plunge

• C++ creator Bjarne Stroustrup defends its safety

• 11 Questions to Ask When Choosing an Application Security Vendor

• Saviynt raises $205M and affirms that IAM must be cloud-friendly

• Microsoft Investigation – Threat actor consent phishing campaign abusing the verified publisher process

• Killnet Attackers DDoS US and Dutch Hospitals

• US ‘Stops Providing’ Huawei Export Licences

• Two US Doctors Convicted of $30m Medicare Fraud

• $27,000 Awarded By Meta As Bounty For 2FA Bypass Vulnerability

• QNAP: Patch Critical Remote Code Injection Bug

• 4 Ways Artificial Intelligence Is Making Virtual Casinos Safer for Users

• Bitwarden to increase its server-side iterations to 600,000; here’s how to set it manually

• Pro-Russia group Killnet targets US healthcare with DDoS attacks

• Budget constraints force cybersecurity teams to do more with less

• Is President Biden’s National Cybersecurity Strategy a good idea?

• DigiCert releases new unified approach to trust management

• 3 ways to stop cybersecurity concerns from hindering utility infrastructure modernization efforts

• Need to improve the detection capabilities in your security products?

• Sentra raises $30M to streamline data securely across the public cloud

• Prilex modification now targeting contactless credit card transactions

• CyberSecurity Tools: 21 Research Tools For Threat Intelligence

• BlackCat Ransomware targets Indian Military weapons maker and Yandex Data Breach

• The Hidden Threat: 1Password Password Manager Phishing Ads on Google

• Amid FTX’s burning wreckage, Japanese outpost promises asset withdrawals in February

• Russian Millionaire on Trial in Hack, Insider Trade Scheme

• Fiserv Looks to Support New Payment Flows with Major Payment Institution License from Monetary Authority of Singapore

• Coalition Launches Coalition Insurance Company

• TD SYNNEX Announces Closing of Secondary Public Offering of Common Stock and Concurrent Share Repurchase

• South Korea makes crypto crackdown a national justice priority

• QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates

• GitHub Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom

• ShardSecure partners with Entrust to address data security challenges

• Perimeter 81 collaborates with AVANT to expand access to SASE solutions

• KELA launches cyber intelligence platform to empower proactive digital crime prevention

• Cyber Security Managed Services 101

• Planet Ice – 240,488 breached accounts

• Soft Skills: Writing

• What’s Next for Data Security in 2023

• How to implement MVP and its key benefits

• House bill would scrap VA’s $20 billion-plus electronic health record program

• A private moment, caught by a Roomba, ended up on Facebook. Eileen Guo explains how: Lock and Code S04E03

• Update your LearnPress plugins now!

• Riot Games refuses to pay ransom to avoid League of Legends leak

• Analyzing and remediating a malware infested T95 TV box from Amazon

• Republicans announce new congressional cyber subcommittee leadership

• i-PRO New Multi-Sensor Lineup, PTZ Cameras & New Analytics at ISC West

• QNAP addresses a critical flaw impacting its NAS devices

• U.S. No Fly List Leaked on Hacker Forum

• Open Source Security Index Lists Top Projects

• Russia’s Sandworm APT Launches Swarm of Wiper Attacks in Ukraine

• Chromebook SH1MMER exploit promises admin jailbreak

• IT Security News Daily Summary 2023-01-30

• Cybercrime Ecosystem Spawns Lucrative Underground Gig Economy

• The wages of sin aren’t that great if you’re a developer choosing the dark side

• Ransomware victims stand up to attackers

• Facebook Accused Of Secretly Draining Users’ Cell Phone Batteries

• SentinelOne and KPMG Announce Alliance To Accelerate Cyber Investigations and Response

• JD Sports discloses a data breach impacting 10 million customers

• 10M JD Sports Customers’ Info Exposed in Data Breach

• How AI helps one city spot damaged rooftops

• crypto wallet (cryptocurrency wallet)

• Serious Security: The Samba logon bug caused by outdated crypto

• IT and Security Professionals Spend an Average of 4,300 Hours Annually Achieving or Maintaining Compliance

• Make Developers the Driver of Software Security Excellence

• The Threat from Within: 71% of Business Leaders Surveyed Think Next Cybersecurity Breach Will Come from the Inside

• British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers

• How $6 Can Buy Hacked Social Media & Streaming Accounts From the Dark Web, Whizcase Study Reveals

• Stupid Patent of the Month: Digital Verification Systems Patents E-Signatures

• Gootloader malware updated with PowerShell, sneaky JavaScript

• Royal Mail “cyber incident” is an ongoing cyberattack CEO admits to MPs

• Facebook Bug Allows 2FA Bypass Via Instagram

• ISC Issues Security Updates to Address New BIND DNS Software Bugs

• Long Con Impersonates Financial Advisers to Target Victims

• Mounting cybersecurity pressure is creating headaches in railway boardrooms

• A glut of wiper malware hits Ukrainian targets

• California Law Says Electronic Search Data Must Be Posted Online. So Where Is It?

• Top Authentication Trends to Watch Out for in 2023

• zero-day (computer)

• The 5 best VPN trials of 2023

• JD Sports Confirms Breach Affected 10 Million Customers

• Fake Texts From the Boss, Bogus Job Postings and Frankenstein Shoppers — Oh My!

• Facebook Parent Seeks To Block £3bn UK Lawsuit

• Convincing, Malicious Google Ads Look to Lift Password Manager Logins

• Are Jan. 6 Defendants Getting a Fair Shake from DC Juries? Comparing Jury and Bench Trial Outcomes

• TikTok Chief Chew To Testify Before US Congress

• Critical Realtek Vulnerability Impacting IoT Devices Worldwide

• Get nine ethical hacking courses for just $30

• Hackers Use TrickGate Software to Deploy Emotet, REvil, Other Malware

• The Journal, Artificial Intelligence in the Life Sciences, Highlights the Contributions of Women in Artificial Intelligence in the Life Sciences

• Moola Market Manipulation

• How to make sure the reputation of your products and company is good

• Sontiq’s BreachIQ Recognized as ‘Transformative’ With CyberSecured Fraud Protection Award

• Perimeter 81 Partners with AVANT to Expand Access to Award-Winning SASE Solutions

• University of Phoenix Recognized With 2022 Academia Circle of Excellence Award by EC-Council, World’s Largest Cybersecurity Certification Body

• Why enterprises trust hardware-based security over quantum computing

• Clever Hacker Finds The Perfect Way To Creatively Vandalize London’s Knightrider Court

• TikTok CEO To Testify Before U.S. Congress Over Security Concerns

• JD Sports Says 10 Million Customers Hit By Cyber Attack

• Russian Hackers DDoS Germany For Aiding Ukraine

• Most Criminal Cryptocurrency Is Funneled Through Just 5 Exchanges

• A Six-Step Guide to Preventing Cyber Security Breaches

• 9 Ways smart devices can compromise your privacy

• Data Breach at Britain JD Sports leaks 10 million customers

• Blacklisted China Chip Giant YMTC Cuts ‘Hundreds’ Of Staff

• Schools don’t pay, but ransomware attacks still increasing

• Devs on Dark Web Forums Paid Up to $20,000 For Illicit Activities

• Researcher received a $27,000 bounty for 2FA bypass bug in Facebook and Instagram

• JD Sports admits data breach

• Threat Intelligence Platform: A Tool to Mitigate Upcoming Cyber Threats

• Evolution of Gootkit Malware Using Obfuscations

• Serious 2FA Bypass Vulnerability Affected Facebook And Instagram

• The Hidden Threat: Bitwarden Password Manager Targeted by Phishing Scams

• No, AI is Not Magic!

• Japan, Netherlands ‘Join US China Chip Sanctions’

• JD Sports Cyber-Attack Affects Data Of 10 Million Customers

• NIST debuts long-anticipated AI risk management framework

• Unphishable mobile MFA through hardware keys

• Russia-Linked APT29 Uses New Malware in Embassy Attacks

• Vulnerabilities in OpenEMR Healthcare Software Expose Patient Data

• 5 ethical hacker certifications to consider

• Splitgate Tips & Tricks to Win More & Unlock Skins FAST!

• JD Sports admits intruder accessed 10 million customers’ data

• Hackers Exploiting Unpatched Exchange Servers in The Wild

• How the Silk Road Affair Changed Law Enforcement

• As public cloud use increases, security gaps widen

• Spotlight on 2023 DevSecOps Trends

• Recovering from Attacks: Getting Back to Normal

• What is Word Unscrambler In Gaming?

• Schools Are A Rising Target For Ransomware Attacks

• The EU Can, and Should, Designate the IRGC as a Terrorist Group

• How to Save Thousands of Afghan Allies

• Acronis seals cyber protection partnership with Fulham FC

• Critical OpenEMR vulnerabilities may allow attackers to access patients’ health records

• Microsoft warning: Protect this critical piece of your tech infrastructure

• Council Of Europe Warns Over Data Protection Rights

• Breaking: JD Sports Data Breach Following Cyberattack

• Mimic Attacks: Ransomware Hijacking Windows ‘Everything’ Search Tool

• LearnPress Plugin Vulnerabilities Risk Numerous WordPress Sites

• Multiple Vulnerabilities In Yellowfin BI Could Allow RCE Attacks

• SMEs Are Now the Top Targets for Cybercriminals

• The Untold Story of a Crippling Ransomware Attack

• Identity Reveal: Threat Actor Behind Golden Chicken Malware Service Exposed

• SwiftSlicer New Data-Wiping Malware Attacks Windows Operating Systems

• New Mimic Ransomware Uses Windows Search Engine to Find and Encrypt Files

• We are the weakest link

• An Introduction to Data Mesh

• Black swans events are shaping the cybersecurity present and future

• CISO Interview Series: Brian Haugli

• Network Security Threats and Defenses: A 2023 Guide

• The Effect of Cybersecurity Layoffs on Cybersecurity Recruitment

• Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability

• Titan Stealer: A New Golang-Based Information Stealer Malware Emerges

• Sandworm APT group hit Ukrainian news agency with five data wipers

• Apple’s 2023 Mac mini is a Mini Mac Studio

• Redaction: how to properly hide sensitive text on a PDF document

• Charities Criticise Move To Shut Down AmazonSmile

• Congressional Democrats propose an 8.7% pay raise for feds in 2024

• Fake Money Apps Garner Millions of Android Downloads

• Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices

• 20 Million Downloads In Shady Rewards Apps Via Google Play

• New Yorker Gets Four Years for $9m COVID Fraud Scheme

• Realtek Vulnerability Under Attack: 134 Million Attempts in 2 Months to Hack IoT Devices

• Come to the dark side: hunting IT professionals on the dark web

• Five Data Wipers Attack Ukrainian News Agency

• Software developers, how secure is your software?

• New Research Uncovers Threat Actor Behind Infamous Golden Chickens Malware-as-a-Service

• UNC2565 threat actors continue to improve the GOOTLOADER malware

• Arkose Labs unveils SMS Toll Fraud online ROI calculator

• Insider attacks becoming more frequent, more difficult to detect

• ICS vulnerabilities: Insights from advisories, how CVEs are reported

• Mounting pressure is creating a ticking time bomb for railway cybersecurity

• How organizations can keep themselves secure whilst cutting IT spending

• Details about TikTok Project Texas of United States

• Versa Networks Hosting Versatility 2023 Annual User Conference Next Month

• SecureAuth Closes 2022 with Exciting Momentum as Customer Adoption Soars for Passwordless Continuous Authentication

• Government Issues High-risk Warning for iPhone Users

• Gee, tanks: Russian hackers DDoS Germany for aiding Ukraine

Generated on 2023-01-31 23:55:26.043235