IT Security News Daily Summary 2023-04-20

• New Google Chrome Zero-Day Bug Actively Exploited in Wide – Emergency Update!

• One city’s unexpected open-data benefits

• International Law Enforcement Agencies Condemn Facebook Encryption Plans

• ChatGPT’s other risk: Oversharing confidential data

• Cyberattack accelerates county’s modernization, cloud push

• Fortra completes GoAnywhere MFT investigation

• Cybersecurity still ‘high risk’ in GAO’s book after over 25 years

• Best VPN for streaming TV and movies in 2023

• VMware Patches Pre-Auth Code Execution Flaw in Logging Product

• The Double-edged Sword of Hybrid Work

• Why data gravity is helping cloud providers become cybersecurity companies

• Report highlights procurement innovation hubs that may help achieve White House equity goals

• 6 Mac antivirus options to improve internet security

• S3 Ep131: Can you really have fun with FORTRAN?

• Trigona Ransomware Trolling for ‘Poorly Managed’ MS-SQL Servers

• SECURITY ALERT: Heimdal® Detects Massive MitID Smishing Campaign Targeting Nordea Bank Customers

• EU Agrees Comprehensive Framework For Crypto Regulation

• Data Encryption: Benefits, Types, and Methods

• Microsoft Will Name Threat Actors After Weather Events

• Tech Insight: Dangers of Using Large Language Models Before They Are Baked

• New Ransomware Attack Hits Health Insurer Point32Health

• Fletch raises $12.5 million for NLP engine to scan cyber threat landscape

• AI/ML advancements outpacing federal policies, cyber experts warn

• DC Health Link breach caused by misconfigured server

• Twitter’s 2FA Policy Is a Call for Passkey Disruption

• Experts disclosed two critical flaws in Alibaba cloud database services

• The EARN IT Bill Is Back, Seeking To Scan Our Messages and Photos

• Malware is proliferating, but defenses are stronger: Mandiant

• Microsoft Will Name APTs Actors After Weather Events

• North Korean Hacker Suspected in 3CX Software Supply Chain Attack

• Get ready for RSA 2023: Stronger Together

• SpaceX Starship Rocket Explodes After Launch

• What’s in Your Policy: Insurance Markets and Nation State Cyberattacks

• How prompt injection can hijack autonomous AI agents like Auto-GPT

• US charges three men with six million dollar business email compromise plot

• Daggerfly APT Targets African Telecoms Firm With New MgBot Malware

• Global Spyware Attacks Spotted Against Both New & Old iPhones

• ‘AuKill’ Malware Hunts & Kills EDR Processes

• Google TAG warns of Russia-linked APT groups targeting Ukraine

• Criminal Records Service Still Disrupted 4 Weeks After Hack

• Experts Warn Patching Won’t Protect Critical Infrastructure Against New Age Malware

• Another Supply Chain Attack Discovered During 3CX Investigation

• Crime Agencies Condemn Meta’s Encryption Plans

• Dragos OT-CERT Celebrates One Year of Service

• ChatGPT may be Able to Forecast Stock Movements, Finance Professor Demonstrates

• Microsoft Entra delivers 240 percent ROI, according to new Forrester study

• Cost of state cyber attacks not to be covered under insurance says Lloyd

• US teams up with partner nations to release smart city cyber guidance

• Ransomware Attack Hits Health Insurer Point32Health

• ChatGPT-Related Malicious URLs on the Rise

• Pillars of Threat Blocking-as-a-Service

• Triple Extortion and Erased Data are the New Ransomware Norm

• What Is a Vulnerability Assessment? Types, Steps & Benefits

• Two Critical Flaws Found in Alibaba Cloud’s PostgreSQL Databases

• Daggerfly Cyberattack Campaign Strikes African Telecom Providers

• Companies Affected by Ransomware [2022-2023]

• Sports And Fitness: How Fitness Apps Make Exercise Management Easier

• Jack Dorsey’s Twitter Clone, Bluesky, Launches On Android

• 3 iOS Zero-Click Exploits Exploited by NSO Group to Deploy Spyware

• ChatGPT Unbound

• How to Strengthen your Insider Threat Security

• LockBit Operators Target Apple MacOS Devices

• Air Force Unit in Document Leaks Case Loses Intel Mission

• Cisco Patches Critical Vulnerabilities in Industrial Network Director, Modeling Labs

• Cascading Supply Chain Attack: 3CX Hacked After Employee Downloaded Trojanized App

• Phylum Adds Open Policy Agent to Open Source Analysis Engine

• #CYBERUK23: UK Strengthens Cybersecurity Audits for Government Agencies

• GPT-4 Provides Improved Answers While Posing New Questions

• The Role Of Artificial Intelligence In Detecting And Preventing Problem Gambling In Online Casinos

• Domino Backdoor Malware Created by FIN7 and Ex-Conti

• Tesla Likely To Launch Full Self-Drive ‘This Year’, Says Elon Musk

• The best VPN services for iPhone and iPad in 2023

• Capita has ‘evidence’ customer data was stolen in digital burglary

• The Value of CYBERFORCE — Breakaway 1=5

• Iranian Hackers Target U.S. Energy and Transit Systems

• Seagate hit with $300 million penalty for $1 billion relationship with blacklisted firm Huawei

• Zaraza Malware Exploits Web Browsers To Steal Stored Passwords And Data

• APT43: An investigation into the North Korean group’s cybercrime operations

• Seagate To Pay $300m Penalty Over Huawei Exports

• Newer Authentication Tech a Priority for 2023

• Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job

• Beyond Traditional Security: NDR’s Pivotal Role in Safeguarding OT Networks

• The Developing Law of AI Regulation: A Turn to Risk Regulation

• UK government employees receive average of 2,246 malicious emails per year

• The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks

• Raspberry Robin Adopts Initiates Evasion Techniques

• An earlier supply chain attack led to the 3CX supply chain attack, Mandiant says

• Mandiant: 3CX breach caused by second supply chain attack

• ChatGPT’s Data Protection Blind Spots and How Security Teams Can Solve Them

• Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks

• Russian Hacktivists Shifting Interest to Business Sector, UK Cyber-agency Warns

• Fortra Completes Investigation Into GoAnywhere Zero-Day Incident

• PaperCut Warns of Exploited Vulnerability in Print Management Solutions

• UK Warns of Russian Hackers Targeting Critical Infrastructure

• Proton Pass: new password manager announced

• Meta Lays Off Technical Staffers, In Another Workforce Blow

• Cloud Risk Mitigation: Putting it in Context

• FTC accuses payments firm of knowingly assisting tech support scammers

• Daggerfly Cyberattack Campaign Hits African Telecom Services Providers

• New Zero-Click Exploits Against iOS

• Top 5 Infrastructure as Code Security Challenges

• Cyber Threat Intelligence: The Power of Data

• How to update your router’s firmware (and why you should be doing it regularly)

• NSO Group Used 3 Zero-Click iPhone Exploits Against Human Rights Defenders

• Trigona Ransomware Deployed Through Vulnerable Microsoft SQL Servers

• What is a Customer Data Platform and How Does It Work?

• Google Patched Second Chrome Zero-Day Within A Week

• Preventing Malware & Cyber Attacks: Simple Tips for Your Computer

• Ex-Conti and FIN7 Hackers Team Up To Develop Domino Backdoor Malware

• Salt Security Announce New Investigation Capabilities to Help API Threat Detection

• Revamp Remote Working: The Ultimate Guide To Developing A Comprehensive Digital Communications Strategy

• Sideloading on iOS, Lockbit Ransomware on Mac, and Zero-Day Chrome Vulnerabilities – Intego Mac Podcast Episode 288

• DC Health Link Data Breach Blamed on Human Error

• #CYBERUK23: Russian Cyber Offensive Exhibits ‘Unprecedented’ Speed and Agility

• Recycled Network Devices Exposing Corporate Secrets

• The importance of independent third-party testing of anti-malware solutions

• Designing user management for machine-to-machine interactions

• Critical Infrastructure Firms Concerned Over Insider Threat

• SIEM vs XDR: A Comparison of Two Advanced Detection and Response Solutions

• AI defenders ready to foil AI-armed attackers

• Commscope Ransomware Attack Exposes Sensitive Employee Data

• Small Business Interest in Cyber-Hygiene is Waning

• Protect the Industrial Control Systems (ICS)

• Trigona Ransomware targets Microsoft SQL servers

• Do you know what your supply chain is and if it is secure?

• Protecting Gig Identities – The 7 CIAM Capabilities You Need

• PCI DSS reporting details to ensure when contracting quarterly CDE tests

• ChatGPT Account Takeover Bug Allows Hackers To Gain User’s Online Account

• Trending Google news headlines on Ransomware, Penalties and Espionage

• The biggest data security blind spot: Authorization

• 1Password ending support for classic browser extensions

• Used Routers Fully Loaded With Corporate Secrets for Just $100

• CISOs struggling to protect sensitive data records

• How companies are struggling to build and run effective cybersecurity programs

• Urgent: 2nd Chrome zero-day vulnerability patched in 5 days

• Venafi Firefly enhances the security of machine identities for cloud-native applications

• NICE Actimize launches SAM-10 to detect suspicious activity while reducing false positives

• Picus Security expands its CTEM solution with CAASM and CSPM capabilities

• IT and business services market shows resilience with positive growth outlook

• Outdated cybersecurity practices leave door open for criminals

• Tentacle AI Control Mapping enables organizations to centralize security information

• VMware Cross-Cloud managed services helps customers secure multi-cloud environments

• Daon unveils TrustX platform for identity proofing and authentication

• Oracle updates Fusion Cloud Applications Suite with automation capabilities

• Digi WAN Bonding delivers bonded Gigabit internet speeds and improved connection reliability

• Web3 Onboarding Is Terrible: How To Make It Better With Account Abstraction and Flow

• Dominion v. Fox Is Just the Beginning

• LogRhythm and Zscaler integration streamlines website access control

• Instagram scam promises money in exchange for your image

• Malware authors join forces and target organisations with Domino Backdoor

• Introducing the Malwarebytes Admin app: Endpoint security at your fingertips

• Medusa ransomware crew brags about spreading Bing, Cortana source code

• The 3Cs of Best Security: Comprehensive, Consolidated, and Collaborative

• KnowBe4 Q1 Phishing Report reveals IT and online services emails drive dangerous attack trend

• Appeals court spares Google from $20m patent payout over Chrome

• Appeals court spares Google from $20m patent payout over Chrome sandbox

• Ransomware attacks increased 91% in March, as threat actors find new vulnerabilities

• Warning From UK Cyber Agency For A New ‘Class’ Of Russian Hackers

• 7 Sizzling Sessions to Check Out at RSA Conference 2023

• Russian Fancy Bear APT Exploited Unpatched Cisco Routers to Hack US, EU Gov’t Agencies

• Killnet Boss Exposes Rival Leader in Kremlin Hacktivist Beef

• Russian national sentenced to time served for committing money laundering for the Ryuk ransomware operation

• IT Security News Daily Summary 2023-04-19

• GlobalFoundries Sues IBM, Again

• Coro raises $75M for all-in-one platform to tackle SOC complexity

• Portnox Cloud: NAC Product Review

• European Union Finalises €43bn Chips Act

• The top 20 zero-trust startups to watch in 2023

• Inside one state’s decade-long effort to map broadband availability

• IoT network insights drive smart city planning

• Risk management through resilient technology

• How to prepare for a cybersecurity audit

• Facebook Scores Rare Win In Privacy Case

• CrowdStrike turns to managed XDR to help orgs navigate the cyber skills gap

• House Democrats bring back customer experience bill targeting student loan, passport updates

• CrowdStrike Announces Managed XDR to Close the Cybersecurity Skills Gap, Expands MDR Portfolio

• Coro Raises an Additional $75M Bringing the Total Raised to $155M in 12 Months

• Spyware slinger QuaDream’s reported demise may be the canary in the coal mine

• Point32Health confirms service disruption due to ransomware

• Dashlane releases ‘first’ SSO powered by confidential computing

• The Hacker Who Hijacked Matt Walsh’s Twitter Was Just ‘Bored’

• The Hacker Who Hijacked Matt Walsh’s Twitter Was Just ‘Bored’

• Want a Flipper Zero without paying inflated prices? Now’s your chance

• Google fixed the second actively exploited Chrome zero-day of 2023

• Guidance on network and data flow diagrams for PCI DSS compliance

• Chinese fraudsters: evading detection and monetizing stolen credit card information

• Security at the Masters

• cloud workload protection

• How to defend against TCP port 445 and other SMB exploits

• OT Zero Trust

• Diving Into Cloud Infrastructure: An Exploration of Its Different Components

• The best VPN trials of 2023: Top VPNs to test for free

• #CYBERUK23: Threat Posed by ‘Irresponsible’ Use of Commercial Hacking Tools Increasing, NCSC Warns

• Iranian Nation-State Actor “Mint Sandstorm” Weaponizes N-day Flaws

• Gary Bowser, Former Nintendo Hacker, Released From Prison

• Dominion v. Fox is Just the Beginning

• If you have a tell-a-friend feature on your website, disable it right now

• GitHub debuts pedigree check for npm packages via Actions

• Investors Bet Big on Safe Security for Cyber Risk Management

• Raspberry Robin Adopts Unique Evasion Techniques

• Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered

• Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine

• Auditing Algorithms for Responsible AI

• Kidnapping Scam Implicates AI Cloning

• Simplified endpoint management with Microsoft Intune Suite: Adopting a long-term approach with intelligence and automation

• Facebook introduces new AI model capable of detecting objects in images

• US must be more aware of ‘adversarial side’ of AI, DHS official warns

• Nurse Call Systems, Infusion Pumps Riskiest Connected Medical Devices

• Call for Papers: The University of Texas at Austin Announces the 2023 “Bobby R. Inman Award” for Student Scholarship on Intelligence

• Google Chrome Hit By Second Zero-Day Attack, Urgent Patch Update Released

• These medical IoT devices carry the biggest security risks

• Dasera Scores $12M Funding for Cloud Data Security

• Russian Man Who Laundered Money for Ryuk Ransomware Gang Sentenced

• Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones

• US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

• Google Chrome Hit By Second Zero-Day Attack – Urgent Patch Update Released

• Tornado vs. FastAPI: Why We Made the Switch

• firewall

• Akamai Technologies to Acquire API Security Company Neosec

• Imperva and Kong Partner to Bring API Security to the Gateway for Enhanced API Management

• How to Spot and Avoid Phishing Scams While Gambling Online

• Google’s Pixel Fold, Set For June Launch – Report

• Hackers Storing Malware in Google Drive as Encrypted ZIP Files To Evade Detection

• 9 Top Network Access Control (NAC) Solutions for 2023

• How to Prevent 2 Common Attacks on MFA

• Google Chrome Hit by Second Zero-Day Attack – Urgent Patch Update Released

• The Mentality That Finland’s Mandatory Military Service Brings to NATO

• ChatGPT’s Cybersecurity Threats and How to Mitigate Them

• The Importance of Accessible and Inclusive Cybersecurity

• Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers

• NSO Group Escalates Spyware Tactics With 3 New iPhone Zero-Click Exploit Chains

• Four Charged With Pushing Pro-Kremlin Disinfo, Election Interference

• Russian Snoops Just Love Invading Unpatched Cisco Gear, America And UK Warn

• Russia-linked Hackers Want To ‘Destroy’ UK, Minister Warns

• #CYBERUK23: NCSC Urges International Collaboration to Build Cyber Resilience

• Oracle Releases 433 New Security Patches With April 2023 CPU

• Google Patches Second Chrome Zero-Day Vulnerability of 2023

• Pakistani Hackers Use Linux Malware Poseidon to Target Indian Government Agencies

• Top 7 data loss prevention tools for 2023

• APT28 Russian Hackers Inject Routers with Jaguar Tooth Custom Malware

• US Company CommScope Hit by Ransomware

• Are public USB charging stations to be trusted?

• How ChatGPT—and Bots Like It—Can Spread Malware

• Uncovering (and Understanding) the Hidden Risks of SaaS Apps

• Iran-linked Mint Sandstorm APT targeted US critical infrastructure

• Electric Vs. Manual Gaming Desks: Which Is Right For You – 2023 Guide

• US, UK: Russia Exploiting Old Vulnerability to Hack Cisco Routers

• Microsoft: Iranian Hackers Moved From Recon to Targeting US Critical Infrastructure

• Coro Raises $75 Million for Mid-Market Cybersecurity Platform

• U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage

• EFF on the UN Cybercrime Treaty

• Prioritize what matters most

• UK Government To Deliver Crypto Laws In Next 12 Months – Report

• Hackers Using Old Nokia 3310 Phone to Start Car Without Key

• Police Escape $1.2m Fine For Secretly Recording Phone Calls

• Why Cybercriminals Love The Rust Programming Language

• Privilege Elevation and Delegation Management (PEDM) Explained: Definition, Benefits and More

• Microsoft’s new naming convention for threat groups sound like an order at a cocktail bar

• EPA Has ‘New Rules’ for Protecting Public Drinking Water

• Electrical Grid Security: NERC CIP, Cyber Threats and Key Challenges

• Triple-digit Increase in API and App Attacks on Tech and Retail

• Researchers discover sensitive corporate data on decommissioned routers

• How To Install Shqiperia Chat In PC ( Windows 7, 8, 10, and Mac )

• Netflix Ends DVD By Post, Amid Password-Sharing Crackdown

• These medical IoT devices carry biggest security risks

• NCSC Warns of Destructive Russian Attacks on Critical Infrastructure

• Why performing security testing on your products and systems is a good idea

• Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems

• Auto-GPT: New autonomous ‘AI agents’ Can Act Independently & Modify Their Own Code

• The State of Kubernetes Security in 2023

• 5 free online cybersecurity resources for small businesses

• Over 25 billion email address and phone numbers available on dark web and Putin hacking British Power Network

• Is it time to move to a Passwordless future

• PWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022

• Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution

• Quantifying cyber risk vital for business survival

• Ransomware reinfection and its impact on businesses

• Security beyond software: The open source hardware security evolution

• 10 Reasons why businesses need mobile device management (MDM)

• Versa Zero Trust Everywhere strengthens security posture for onsite, remote and hybrid workers

• Tight budgets and burnout push enterprises to outsource cybersecurity

• Veracode Fix helps organizations tackle software security issues

• Phylum adds OPA and continuous reporting to its policy engine

• Armis enables enterprises to identify gaps in security controls with CAASM enhancements

• LastPass University improves password management habits

• Edgio Advanced Bot Management protects users against bot attacks

• Goldoson Android Malware Found in 60 Apps with 100M Downloads

• SIMS a Returning ‘ASTORS’ Sponsor: ‘State of 2023 Facility Security Officer’

• BlackCat (ALPHV) Gang Claims Ransomware Attack on NCR Data Center

• Payment giant’s point-of-sale outage caused by ALPHV ransomware

• Spring cleaning tips for your browser

• Avoid this “lost injured dog” Facebook hoax

• Swatting-as-a-Service is a growing and complicated problem to solve

• LockBit ransomware on Mac: Should we worry?

• Styra appoints Mark Pundsack as CEO

• DigiCert launches new partner program to deliver digital trust

• Allurity acquires CloudComputing and Securix to expand into new markets

• Swimlane collaborates with AWS to accelerate investigation and response when threats occur

• US citizens charged with pushing pro-Kremlin disinfo, election interference

Generated on 2023-04-20 23:55:25.971632