IT Security News Daily Summary 2023-04-12

• 83% of organizations paid up in ransomware attacks

• Better ID management could help DMVs become ‘departments of citizen engagement’

• When Banking Laws Don’t Protect Consumers From Cybertheft

• IARPA’s plan to hack the brains of hackers

• Were you caught up in the latest data breach? Here’s how to tell

• TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

• Opera Adds Free VPN to Opera for iOS

• Some states may be barring the door to unemployment benefits

• The best AirTag wallets of 2023

• What are the cybersecurity concerns of SMBs by sector?

• How to use a CASB to manage shadow IT

• Nokoyawa ransomware exploits Windows CLFS zero-day

• Cisco provides extra-secure Webex for U.S. government

• OpenAI Launches ChatGPT Bug Bounty Program – Earn $200 to $20k

• 7 Steps of the Vulnerability Assessment Process Explained

• Microsoft: NSO Group-Like ‘QuaDream’ Actor Selling Mobile Spyware to Governments

• Data on 400K Kodi Forum Members Stolen and Put Up for Sale

• QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

• Top 10 AI Jobs Taking Over With Automation

• Google launches dependency API and curated package repository with security metadata

• Banning TikTok could weaken personal cybersecurity

• Gartner: Human-Centric Design Is Top Cybersecurity Trend for 2023

• OpenAI To Offer Bug Bounties Up To $20,000

• OpenAI Launched Bug Bounty Program – Rewards up to $20,000

• FCC proposes rule to boost cell service from space

• Securing the Chaos – Harnessing Dispersed Multi-Cloud, Hybrid Environments

• How to enable Active Directory fine-grained password policies

• How to create fine-grained password policy in AD

• The Bot Invasion: Is Your Digital Ad Campaign at Risk?

• How to use a public key and private key in digital signatures

• CISA Updates Zero Trust Maturity Model With Public Feedback

• QuaDream Apple Spyware Maker Just Popped Up On The Radar Again

• Microsoft Patches Zero Day Under Active Attack

• OpenAI Unleases Bug Bounty Program With Rewards Up To $20,000

• Much-Hyped Water Plant Hack Wasn’t A Hack, Just User Error

• E-mail header analysis

• DHS seeks solutions to ‘dark swarms’ of drones

• For AI laws, China joins the U.S. in asking the public to chime in

• Lazarus Group’s DeathNote Campaign Reveals Shift in Targets

• Australia to issue ban on ransomware payments after Latitude Financial Cyber Attack

• Emotet Climbs March 2023’s Most Wanted Malware List With OneNote Campaign

• Windows CLFS Vulnerability Used for Ransomware Attacks

• Zigbee PRO 2023 introduces new security mechanisms, feature enhancements

• Cybercriminals Set Android Apps For Sale for Up to $20K a Piece

• Three Commonly Neglected Attack Vectors in Cloud Security

• TSMC Investment Plans For Taiwan Unchanged – Report

• US, India and China Most Targeted in DDoS Attacks, StormWall Q1 2023 Report

• How To Build for Payment Processing Resiliency

• ‘ASTORS’ Champion Cymulate – Ups the Game on Exposure Management

• Fortinet Patches Critical Vulnerability in Data Analytics Solution

• Microsoft mends Windows zero-day on April Patch Tuesday

• LinkedIn Verification Now Lets You Verify Your Job and Account

• 5G Security — A Shared Responsibility

• A Brief History of Programmatic Collection Pre-Section 702

• The Dangerous Cycle of Pentagon Sexual Assault and Harassment ‘Lowest Level’ Policy

• Massive Surge in DDoS Attacks Reported in First Quarter of 2023

• Quest Software Podcast: The Democratisation of Data: Episode 2: Legacy Technology – A Burden and a Vulnerability?

• US Government Looks To Establish Rules For AI

• Android App Trojans Sold on Dark Web for $25-$20,000

• Defending against backdoor attacks with zero trust

• 400,000 Users Hit by Data Breach at Media Player Maker Kodi

• Microsoft fixes a zero-day – and two curious bugs that take the Secure out of Secure Boot

• Role of the Modern CISO in the Rapidly Evolving Cybersecurity Landscape

• HashiCorp Vault vulnerability could lead to RCE, patch today! (CVE-2023-0620)

• Warning: Threat Actors Compromise 3CX Desktop App in a Supply Chain Attack (Updated)

• Sushiswap Smart Contract Exploited in $3.3 Million Hack

• PC Shipments Decline 30 Percent, Gartner Finds

• How Secure are Composable Architectures?

• Four Ways to Harden Your Network Perimeter

• Cisco adds air-gapping to Webex in response to national security concerns

• SAP Patches Critical Vulnerabilities in Diagnostics Agent, BusinessObjects

• Windows Zero-Day Exploited in Nokoyawa Ransomware Attacks

• CrowdStrike Expands Falcon to Include IoT

• The Service Accounts Challenge: Can’t See or Secure Them Until It’s Too Late

• Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit

• Upper Galilee Irrigation Systems Crippled by Cyberattack

• LinkedIn and Microsoft Entra introduce a new way to verify your workplace

• Finding ChatGPT Vulnerabilities May Pay Hackers Up To $20,000

• China follows in US footsteps, seeks public opinion on draft AI laws

• Details Emerge on Israeli Spyware Vendor QuaDream and Its iOS Malware

• CISA Publishes New Guidance for Achieving Zero Trust Maturity

• Virtual Event Today: Zero Trust Strategies Summit

• Mandiant Also Links 3CX Supply Chain Attack to North Korean Hackers

• FBI Advising People to Avoid Public Charging Stations

• Kodi forum breach: User data, encrypted passwords grabbed

• 3CX compromise: More details about the breach, new PWA app released

• Apple Doubles Investment In Carbon Removal Fund

• iPhones Hacked Via iOS Zero-Click Exploit To Deploy Spyware

• CISA Publishes Advisory on Improving Network Monitoring and Hardening

• Top 17 Free Online Phishing Tools

• Spyware Used Across 10 Countries, Says Citizen Lab, Microsoft

• OpenAI starts bug bounty program with cash rewards up to $20,000

• Insider Threat and Ransomware: A Growing Issue

• Researchers Uncover 7000 Malicious Open Source Packages

• Mission possible

• Unmasking NIS2: Europe’s Secret Weapon Against Cybersecurity Threats

• Ethical Hackers Could Earn up to $20,000 Uncovering ChatGPT Vulnerabilities

• New Zero-Click iOS Exploit Deploys Israeli Spyware

• SAP April 2023 security updates fix critical vulnerabilities

• Microsoft Fixes Zero-Day Bug This Patch Tuesday

• OpenAI launched a bug bounty program

• Following the Lazarus group by tracking DeathNote campaign

• 5 Smallest ATX Cases for Best Compact PC Builds in 2023 – Power in a Tiny Package

• 8 Fun And Engaging Online Casual Games You Might Have Missed

• Why performing security testing on your products and systems is a good idea

• Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit

• This Identity Management Day, Go BIG or Go HOME!

• Hackers Using Fake Google Chrome Error Screens To Inject Malware

• GitGuardian Honeytoken helps companies secure their software supply chains

• Cloud security firm Ericom Software acquired by Cradlepoint

• CYBERSECURITY INDUSTRY NEWS REVIEW – APRIL 11, 2023

• #IdentityManagementDay – Best Practices to Help Keep Your Organization Secure

• The Top Challenges Faced by CISOs in 2023

• (ISC)² Supports Cyber Newcomers

• Kodi confirms user forum data breach

• Pay $20K To Infect Android Devices Via Google Play Store – Darkweb Report

• North Korean Hackers Uncovered as Mastermind in 3CX Supply Chain Attack

• Cybercrime group exploits Windows zero-day in ransomware attacks

• Lazarus Sub-Group Labyrinth Chollima Uncovered as Mastermind in 3CX Supply Chain Attack

• Key factors driving changes in the perception of the CISO role

• 3CX teases security-focused client update, plus password hashing

• New Imperva Office & Customer Experience Centre Aims to Meet the Needs of Customers In Singapore & Across Asia Pacific and Japan

• Threat hunting programs can save organizations from costly security breaches

• Hybrid work environments are stressing CISOs

• Data-backed insights for future-proof cybersecurity strategies

• Netskope Endpoint SD-WAN helps enterprises accelerate edge networking

• AutoRABIT expands Salesforce security posture management services

• 11:11 Systems Managed SteelDome provides protection from ransomware attacks

• US cyber chiefs warn AI will help crooks, China develop nastier cyberattacks faster

• Xerox improves productivity and security for hybrid workers

• 2023 年 4 月のセキュリティ更新プログラム (月例)

• Another zero-click Apple spyware maker just popped up on the radar again

• Microsoft (& Apple) Patch Tuesday, April 2023 Edition

• A week in security (April 3 – 9)

• Apple releases emergency updates for two known-to-be-exploited vulnerabilities

• Check Point vs Palo Alto Networks: Top NGFWs Compared

• Trellix names Ash Parikh as CMO

• Flashpoint and Google Cloud expand partnership to deploy generative AI

• VERT Threat Alert: April 2023 Patch Tuesday Analysis

• April Patch Tuesday: Ransomware gangs already exploiting this Windows bug

• QuaDream: Israeli Cyber Mercenary Behind iPhone Hacks

• Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs

• OpenAI announces bug bounty program to address AI security risks

• NYPD pilots GPS darts, autonomous patroller and reintroduces robot dog

• ChatGPT Creator OpenAI Ready to Pay Hackers for Security Flaws

• IT Security News Daily Summary 2023-04-11

• State grounds Chinese-made drones over security concerns

• NextGen TV to deliver data-rich emergency alerts

• Stakeholders wonder how to sustain CX momentum long-term

• Virtual Event Tomorrow: Zero Trust Strategies Summit

• Researchers Discover Well-Known Malware Hidden In Facebook Ads

• Microsoft Azure Shared Key Misconfiguration Could Lead to RCE

• Microsoft patches zero-day exploited by attackers (CVE-2023-28252)

• Protect your data with a USB condom

• The best free PC antivirus software of 2023

• A “By-Design” flaw in Microsoft Azure can allow storage accounts takeover

• Ukrainian Hackers Breach Email of APT28 Leader, Who’s Wanted by FBI

• Microsoft Patches Another Already-Exploited Windows Zero-Day

• How to Provide Relevant Threat Intelligence

• CISA releases updated guidance for zero trust security architectures

• Inside the never-ending race to update the Pentagon’s IT

• Adobe Plugs Gaping Security Holes in Reader, Acrobat

• FTX bankruptcy filing highlights security failures

• ‘Blatantly Obvious’: Spyware Offered to Cyberattackers via PyPI Python Repository

• The U.S. Deserves Stronger Spyware Protections Than Biden’s Executive Order

• 10 hot topics to look for at RSA Conference 2023

• Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert

• Nokoyawa ransomware attacks with Windows zero-day

• Major Hack Hits South Korean Exchange GDAC, $13.9M Stolen

• How to fix the top 5 API vulnerabilities

• Cybercriminals To Add Android Malware On Google Play Up To $20,000

• Protect your company data with an Ivacy VPN lifetime subscription for $18

• 7 Things Your Ransomware Response Playbook Is Likely Missing

• Where Are the Women? Making Cybersecurity More Inclusive

• Announcing the deps.dev API: critical dependency data for secure supply chains

• Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign

• Strategy Reporting Essentials: A Guide to Efficient Data Collection

• 10 things to look out for when buying a password manager

• Apple Patches Two Zero-Days Exploited in the Wild

• Malicious Android Apps Sold For Up to $20,000 on Darknet

• Sophos Web Appliance Critical Flaw Let Attacker Execute Arbitrary Code

• Don’t bet with ChatGPT – study shows language AIs often make irrational decisions

• Balada Injector Infects Nearly 1 Million WordPress Sites

• DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia

• Eliminating 2% of Exposures Could Protect 90% of Critical Assets

• Beware of companies offering paid sextortion assistance

• BigID’s data minimization capabilities enable organizations to identify duplicate data

• CYBERSECURITY INDUSTRY NEWS REVIEW – APRIL 11, 2023

• What to Look For If Your Phone Is Hacked

• Thieves Use JBL Speakers to Hack Cars with Keyless Entry

• Now ransomware leads to three more additional Cyber Threats

• Apple Patched Two New Zero-days That Were Exploited to Hack iPhones and macOS

• ICS Patch Tuesday: Siemens, Schneider Electric Address Dozens of Vulnerabilities

• Microsoft Azure Users Warned of Potential Shared Key Authorization Abuse

• OSINT Company Fivecast Raises $20 Million

• Attackers Hide RedLine Stealer Behind ChatGPT, Google Bard Facebook Ads

• Yum! Brands, the owner of KFC, Taco Bell and Pizza Hut, discloses data breach

• Yum! Brands Report Data Breach After Ransomware Attack

• Keeper Security introduces new user interface

• Two New Emergency Patches from Apple

• Design Like A Pro: Top 6 Floor Plan Software Programs For Every Budget

• Estonian Arrested: Accused of Supplying Hacking Tools to Russia

• Azure Admins Warned To Disable Shared Key Access As Backdoor Attack Detailed

• FTX’s Cybersecurity Was Hilariously Bad

• Illinois Hospital Forced Into EHR Downtime After Cyberattack

• Malware Campaign Infects A Million WordPress Sites Since 2017

• One of the Stiffest Charges Against Jan. 6 Insurrectionists Hangs on by a Thread in the D.C. Circuit

• Addressing the Security Risks of AI

• Digital Spring Cleaning: Here is How You Can Declutter Your Digital Space

• Amazon Bans Flipper Zero for Being a Card Skimming Tool

• Former Twitter Executives Sue Over $1m In Unpaid Legal Bills

• GPT has entered the security threat intelligence chat

• Recorded Future launches OpenAI GPT model for threat intel

• Israeli Irrigation Water Controllers & Postal Service Breached

• How CIEM Can Improve Identity, Permissions Management for Multicloud Deployments

• How Password Managers Can Get Hacked

• Newly Discovered “By-Design” Flaw in Microsoft Azure Could Expose Storage Accounts to Hackers

• Syxsense platform updates simplify endpoint security and management

• ThreatX Runtime API & Application Protection goes beyond basic observability

• Indian Start-Ups Demand Delay For New Google Payment System

• SD Worx Shuts Down its UK & Ireland IT Systems Following Cyberattack

• XDR vs MDR: A Comparison of Two Detection and Response Solutions

• Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access

• #IdentityManagementDay – Best Practices to Help Keep Your Organization Secure

• What’s Going On With LastPass, and is it Safe to Use?

• Azure admins warned to disable shared key access as backdoor attack detailed

• Samsung Engineers Feed Sensitive Data to ChatGPT, Sparking Workplace AI Warnings

• How to Use Apple’s New All-In-One Password Manager

• Cybercriminals Turn to Android Loaders on Dark Web to Evade Google Play Security

• South Korea Fines Google £26m For Blocking Rival App Store

• [eBook] A Step-by-Step Guide to Cyber Risk Assessment

• Apple rushes fixes for exploited zero-days in iPhones and Macs (CVE-2023-28205, CVE-2023-28206)

• Ethereum Upgrade Set To Release Billions In Value

• Yum Brands Discloses Data Breach Following Ransomware Attack

• Potential Outcomes of the US National Cybersecurity Strategy

• Apple Rolls Out Zero-Day Patches to Older iOS, macOS Devices

• Car Thieves Hacking the CAN Bus

• Military Intel Leak Investigated By US Officials

• CISA Urges to Fix Backup Exec Bug Exploited to Deploy Ransomware

• GitGuardian’s honeytokens in codebase to fish out DevOps intrusion

• Apple released emergency updates to fix recently disclosed zero-day bugs on older devices

• UK Casino Site Bonuses – A Guide to Maximizing Your Bankroll

• What is the Most Gambling Addicted Country?

• Gamblers in the USA

• China’s SenseTime Shows AI Chat, Image Tools

• 30 Ransomware Prevention Tips

• Microsoft Exchange Server 2013 Reaches End of Support

• US Scrambles to Investigate Military Intel Leak

• Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages

• 40% of IT security pros say they’ve been told not to report a data leak

• KFC Owner Discloses Data Breach

• Vodafone Fixes Broadband Outage That Affected Thousands

• 3 overlooked cloud security attack vectors

• A cyber attack hit the water controllers for irrigating fields in the Jordan Valley

• Latitude Financial Refuses to Pay Ransom

• Alibaba Launches ChatGPT-Like AI Chatbot

• Cyber spring cleaning: Maintaining your digital home

• Need to improve the detection capabilities in your security products?

• Reduce SaaS App Risks with Cloud Security Broker & Zero Trust

• Tesla Employees Shared Sensitive Images of Cameras on Customers‘ Cars

• Round-Robin DNS Explained. What It Is and How It Works

• FBI warns: avoid public charging stations

• How to transform cybersecurity learning and make content more engaging

• Making risk-based decisions in a rapidly changing cyber climate

• Why it’s time to move towards a passwordless future

• People disclose more personal info when question is repeated

• Criminal businesses adopt corporate behavior as they grow

• Consumers take data control into their own hands amid rising privacy concerns

• Australian Finance Company Refuses Hackers’ Ransom Demand

• Renewed Focus on Incident Response Brings New Competitors and Partnerships

• Ethereum’s Shanghai Update Opens a Rift in Crypto

• AI can crack most password in less than a minute

• Generative AI and Cybersecurity: Advantages and Challenges

• FBI: Don’t use public phone charging stations

• Last-gen ultralight laptops are nearly as fast as new models—and much cheaper

• How the cops buy a “God view” of your location data, with Bennett Cyphers: Lock and Code S04E09

• 4 ways to secure your remote work setup

• Tesla Sued Over Workers’ Alleged Access to Car Video Imagery

Generated on 2023-04-12 23:55:29.335164