IT Security News Daily Summary 2023-05-11

• Plug-and-Play Microsoft 365 Phishing Tool ‘Democratizes’ Attack Campaigns

• Optimization model delivers faster emergency response

• CISA is growing up, CIO says

• Billy Corgan Paid Off Hacker Who Threatened to Leak New Smashing Pumpkins Songs

• GPT-3 Detected 213 Security Vulnerabilities… Or It Did Not

• Google offers certificate in cybersecurity, no dorm room required

• North Korean Hackers Behind Hospital Data Breach in Seoul

• Bitdefender unveils App Anomaly Detection to detect malicious activity in Android apps

• Adopting ChatGPT Securely: Best Practices for Enterprises

• Millions of mobile phones come pre-infected with malware, say researchers

• Integrating Cyber Resiliency With FPGAs

• This New Era of Security Requires Secure Networking, Vendor Consolidation, and Focus on OT

• Introducing a new way to buzz for eBPF vulnerabilities

• Google’s New Dark Web Monitoring Feature for Gmail Users

• Federal money is coming to fix aging flood control systems – but plans all too often reflect historical patterns and not future risks

• Startup Competition Secures ML Systems, Vulnerabilities in Automation

• Hybrid Working Key Factor For Most Tech Workers

• Threat Actors Use Babuk Code to Build Hypervisor Ransomware

• Check Point expands Harmony Endpoint with automated patch management capabilities

• Point Predictive BorrowerCheck 3.0 combats fraud and identity theft

• Application Programming Interface (API) testing for PCI DSS compliance

• How I Got Started: Offensive Security

• Cloud security gap: Shadow, orphan and democratized data

• Why take the whole-of-state approach to ransomware protection and remediation

• Ransomware Attacks Adapt With New Techniques: Kaspersky Report

• Cyber Attack on Tokyo MoU compromises data

• Microsoft Freezes Salaries, Amid Economic Uncertainty

• What’s going on with DHS’ enterprise cloud plan?

• Bipartisan group looks to fix ‘hopelessly obsolete’ classification system

• US Probing Cybersecurity Risks of Rockwell Automation’s China Operations: Report

• Active Directory functional levels

• S3 Ep134: It’s a PRIVATE key – the hint is in the name!

• “Greatness” Phishing Tool Exploits Microsoft 365 Credentials

• Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

• Ransomware Attack Gets Personal For Dragos Chief

• $1.5M Crypto Scheme Leads To 2-Year Prison Term For Ex-Coinbase Manager

• ENISA Leans Into EU Clouds With Draft Cybersecurity Label

• Qrypt and Carahsoft join forces to provide quantum secure encryption to federal agencies

• RKVST Instaproof adds transparency and traceability to data wherever it is stored

• Turning a page

• Senate confirms Biden’s pick to lead NARA

• Akira ransomware – what you need to know

• Spanish Police Takes Down Massive Cybercrime Ring, 40 Arrested

• New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe

• Twitter Launches Encrypted Private Messages, Says Elon Musk

• Risk of cyber-attack “worry” for Eurovision contest

• 13 Tech Gifts Under $50 For Any Gadget Lover

• Here’s All You Know About Public Key Cryptography

• NextGen Data Breach, Personal Data of 1.5M Patients Hacked

• OpenAI CEO Sam Altman To Testify Before US Congress

• British hacker pleads guilty to hacking schemes, faces 77 years in prison

• Zero Trust: Can It Be Implemented Outside the Cloud?

• CISA Addresses ‘Cyber Poor’ Small Biz, Local Government

• Google will provide dark web monitoring to all US Gmail users and more

• We are in the final! Please vote for Security Affairs and Pierluigi Paganini

• 10 Web Development Skillset And Key Abilities You Can’t Ignore

• DCI partners with DataVisor to help banks fight fraud

• SAP and Google Cloud expand collaboration to advance enterprise AI development

• Cynalytica releases OTNetGuard 4G/5G sensor to provide secure critical infrastructure monitoring

• Dragos Employee Hacked, Revealing Ransomware, Extortion Scheme

• Why Economic Downturns Put Innovation at Risk & Threaten Cyber Safety

• Operation MEDUSA Brings Down ‘Snake’ – Russia’s Cyberespionage Malware

• Google I/O: Pixel Tablet, Pixel Fold, Pixel 7a

• New Akira Ransomware Attacking Organizations and Exposes Sensitive Data

• Understanding the Backdoor Debate in Cybersecurity

• Former Ubiquiti Employee Who Posed as Hacker Sentenced to Prison

• Mass Event Will Let Hackers Test Limits of AI Technology

• New ‘Greatness’ Phishing-as-a-Service Targets Microsoft 365 Accounts

• OpenSSF Receives $5 Million for Open Source Software Security Project

• Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers

• 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem

• North Korea-linked APT breached the Seoul National University Hospital

• NETGEAR launches Nighthawk M6 Pro 5G WiFi 6E Hotspot Router

• Arlo improves physical security for Ping Identity employees

• Absolute to be acquired by Crosspoint Capital Partners

• Comcast Business, Fortinet, and Exclusive Networks team up to offer fully managed IT services

• Passwords and 2FA Codes Stolen by the Android FluHorse Malware

• Dish Network Hit by Cyberattack and Multiple Lawsuits

• What Apple Has in Store With Its New AR/VR Headset

• ENISA leans into EU-based clouds with draft cybersecurity label

• CACTUS ransomware evades antivirus and exploits VPN flaws to hack networks

• Multiple Ransomware Groups Adapt Babuk Code to Target ESXi VMs

• This data platform will help banks share criminal intelligence

• Delaware Judge Refuses to Dismiss Facebook Shareholder Suit Over User Data Privacy Breaches

• Microsoft Makes Second Attempt to Patch Recent Outlook Zero-Day

• Google Improves Android Security With New APIs

• Senators Push Overhaul of Classification Rules After Trump, Biden Cases

• Google notifies users about dark web exposure

• Dragos blocks ransomware attack, brushes aside extortion attempt

• Snake Malware, Lockdown Mode, and Apple App Subscriptions

• A Republican-Led Lawsuit Threatens Critical US Cyber Protections

• How Attack Surface Management Supports Continuous Threat Exposure Management

• Babuk Source Code Sparks 9 Different Ransomware Strains Targeting VMware ESXi Systems

• Building Trustworthy AI

• Google I/O: AI For Google Search

• April 2023’s Most Wanted Malware: Qbot Launches Substantial Malspam Campaign and Mirai Makes its Return

• How to Use Sms Coupons to Increase Sales and Customer Loyalty

• Twitter now supports Encrypted Direct Messages, with some limitations

• Linux Kernel Vulnerability Gives Cybercriminals Root Privileges

• Should you protect your Google Account with a passkey instead of a password?

• NCSC and ICO Dispel Incident Reporting Myths

• Why Should You Take IT Security Seriously?

• How to Use SMS Coupons to Increase Sales and Customer Loyalty?

• Ransomware Group Tries and Fails to Extort Security Vendor Dragos

• Neighborhood Watch Out: Cops Are Incorporating Private Cameras Into Their Real-Time Surveillance Networks

• Red Teaming: 4 Ways to Get the Best Value While Improving Your Security

• Fake Windows Update Used to Push Aurora Info-Stealer

• Bad Bots Now Account For 30% of All Internet Traffic

• A zero-click vulnerability in Windows allows stealing NTLM credentials

• New ransomware trends in 2023

• Google Broadens Dark Web Monitoring To Track All Gmail Users

• How to Become a Professional Poker Player

• Do you know what your supply chain is and if it is secure?

• Andoryu Botnet Exploits Critical Ruckus Wireless Flaw for Widespread Attack

• The Retail Data Threat Environment and Why CIAM is a Key Cornerstone to Better Cybersecurity.

• Prince Harry spills beans on Daily Mirror Phone Hacking story

• GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets

• Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users

• North Korean Hackers Stole 830K Data From Seoul’s Top Hospital

• New Linux NetFilter Kernel Flaw Let Attackers Gain Root Privileges

• CISOs confront mounting obstacles in tracking cyber assets

• Twitter’s Encrypted DMs Are Deeply Inferior to Signal and WhatsApp

• The impact of blockchain technology on the future of finance

• Improving your bottom line with cybersecurity top of mind

• Refined methodologies of ransomware attacks

• Automotive industry employees unaware of data security risks

• Avast discovers and helps patch a major vulnerability

• The STOP CSAM Act: Improved But Still Problematic

• Manage Cyber Risk with a Platform Approach

• How Boards Can Set Enforceable Cyber Risk Tolerance Levels

• Android TV Boxes Sold on Amazon Come Pre-Loaded with Malware

• How to spot and avoid a tech support scam

• New Discord username policy raises user privacy fears

• Uncovering RedStinger – Undetected APT cyber operations in Eastern Europe since 2020

• Update now! May 2023 Patch Tuesday tackles three zero-days

• Navigating mobile malware trends: Crucial insights and predictions for MSPs

• Blockchain Startups Are Drawing Substantial Venture Capital Funding

• RentoMojo – 2,185,697 breached accounts

• 4 ways to secure your remote work setup

• Federal Appeals Court Gets It: Fair Use Protects Security Research Tools

• Coalfire Compliance Report Unveils the Next Horizon in Compliance

• Turning on stealth mode: 5 simple strategies for staying under the radar online

• Experian Announces US Fintech Data Network to Combat Fraud

• Secureframe Finds 37% of Organizations Reuse Passwords for Cloud Service Providers

• IT Security News Daily Summary 2023-05-10

• Tech subcommittee chairwoman plans MGT Act rewrite

• Lawmakers tackle VA pharmacy tech woes at hearing

• 5 SBOM tools to start securing the software supply chain

• CISOs face mounting pressures, expectations post-pandemic

• Global Research From Delinea Reveals That 61% of IT Security Decision Makers Think Leadership Overlooks the Role of Cybersecurity in Business Success

• Advice for the Graduating Class of 2023: Qualities of a Modern Day Cybersecurity Professional

• Your Android apps are tracking you. Here’s how to stop them

• Concert Ticket Scams Are On The Rise On Facebook

• Infamous Twitter Hacker Cops to Cybercrimes, Extradited to US for Trial

• Sonatype axes 14 percent of staff, reminds them not to talk to the press

• State and local agencies weigh procurement outsourcing

• Camera, sensor, drone data lights up disaster response

• Cybersecurity firm Dragos shared details about a failed extortion attempt it suffered

• How to enable tracker blocking in Opera One (and why you should)

• Equifax Releases Security and Privacy Controls Framework

• Google Now Lets US Users Search Dark Web for Their Gmail ID

• Dragos discloses blocked ransomware attack, extortion attempt

• Microsoft Fixes Failed Patch for Exploited Outlook Vulnerability

• I/O 2023: What’s new in Android security and privacy

• Signed, Secured, Delivered: Authenticating Digital Agreements in the Time of Web3

• Microsoft reports two Iranian hacking groups exploiting PaperCut flaw

• How government can build secure and frictionless digital identity programs

• Dark Reading Goes Global

• Google Announces New Privacy, Safety, and Security Features Across Its Services

• Feedzai ScamPrevent protects bank customers from financial scams

• Aqua Security strengthens software supply chain security with pipeline integrity scanning

• Red Hat delivers latest releases of Red Hat Enterprise Linux

• Dangerous EARN IT Bill Advances Out of Committee, but Several Senators Offer Objections

• Securing Access, Encryption, and Storage Keys

• How to remove specific cookies from Microsoft Edge

• Sysco Data Breach Exposes Customer, Employee Data

• DownEx cyberespionage operation targets Central Asia

• Verified Facebook Accounts Being Hijacked to Distribute Malware; Here’s How You Can Protect Yourself

• Court Accepts EFF’s Amicus Brief on the Right to Publish Code in Tornado Cash Case

• Microsoft Signs Nuclear Fusion Power Deal

• Op PowerOFF: 13 Domains Linked to DDoS-For-Hire Services Seized

• Dragos Says Ransomware Gang Accessed Limited Data but Failed at Extortion Scheme

• Appeals Court Sides With Corellium in Apple Copyright Case

• Microsoft Patch Tuesday, May 2023 – Fixes for 2 zero-days and 40 vulnerabilities

• Wultra and iProov join forces to bring biometric technology to financial services providers

• TruaID helps consumers keep personal information secure

• Dell Technologies boosts cyber resilience and advances IT efficiency with software innovations

• IBM Quantum Safe technology prepares clients for the post-quantum era

• Twitter adds new DM features, and Musk says E2EE is here, starting today

• An outdated tracking system is a key factor in Texas’ foster care shortcomings

• Twitter Hacker Admits Guilt in New York Court, Extradited from Spain

• Leak of Intel Boot Guard Keys Could Have Security Repercussions for Years

• RapperBot Crew Drops DDoS/CryptoJacking Botnet Collab

• RSAC 2023 | Cybersecurity research on edge computing generates big interest

• Looking at a penetration test through the eyes of a target

• Twitter To Launch Encrypted Direct Messaging

• Dragos Says Ransomware Hackers Failed at Elaborate Extortion Scheme

• Cyber-Criminals Exploit Hardware Wallet to Steal Almost $30,000

• Hacker Pleads Guilty To Twitter’s 2020 Outage, Could Get 70 Years

• IPFS Phishing Attacks: How Cybercriminals Exploit Decentralized File Storage

• Learn How to Use the New Bing AI Image Generator in the Edge Browser

• News on WhatsApp listening to sleeping users and Doctors fraternity raising voice against AI threat to humanity

• State-sponsored actors leading cause of cyber concern in public sector

• Akamai bypasses mitigation for critical Microsoft Outlook flaw

• NSA and Allies Uncover Russian Snake Malware Network in 50+ Countries

• FBI Disables Russian Malware

• Fujitsu Triggers Privacy Breach At Japanese Convenience Stores

• Windows For Gamers Rolls Dice With Your Security

• Briton Pleads Guilty In US To 2020 Twitter Hack

• How One Of Vladimir Putin’s Most Prized Hacking Units Got Pwned By The FBI

• Kasada and Signifyd join forces to combat eCommerce fraud

• Prove Identity partners with Visa to eliminate manual account registration

• Easily bypassed patch makes zero-click Outlook flaw exploitable again (CVE-2023-29324)

• Nutanix Central simplifies management of hybrid multicloud environments

• Cactus Ransomware Infiltrates Networks by Exploiting VPN Flaws

• Emails With HTML Attachments are Still Popular Among Phishing Scammers

• Nearly Half Of Ransomware Victims Pay Up, Sophos Finds

• Western Digital Cyber Attack a ‘Wake Up Call for ASIC Vendors’

• Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft

• Here’s How the FTX Collapse Turned into an Identity Issue

• Cactus: New Ransomware Encrypts Itself to Evade Detection

• Microsoft Flaws Include Secure Boot Bypass, System-Level Takeovers

• Smashing Pumpkins frontman paid ransom to a hacker who threatened to leak the band’s songs

• Revelstoke collaborates with Check Point to automate detection and response solutions

• Codenotary partners with Snyk to ensure the integrity and security of the entire software supply chain

• LogRhythm integrates with Mimecast to defend users against email-based threats

• 23-year-old Brit linked to 2020 Twitter attack and SIM-swap scheme pleads guilty

• What should protection for your 365 data really look like?

• UK’s CMA Approves Viasat Inmarsat Merger

• Capita Says Ransomware Attack Will Cost It Up to $25 Million

• IBM Delivers Roadmap for Transition to Quantum-safe Cryptography

• Webb Raises $7 Million for Blockchain Asset Transfer Privacy System

• SquareX Raises $6 Million for Browser Security Product

• Microsoft Digital Defense Report: Trends In Device and Infrastructure Attacks

• The Industrywide Consequences of Making Security Products Inaccessible

• Sophisticated DownEx Malware Campaign Targeting Central Asian Governments

• Why Attackers Target the Government Industry

• A Decade of Fighting Bad Bots: Key Learnings from the 2023 Imperva Bad Bot Report

• Use Apple HomeKit to automate and secure your home

• NSA Releases New Best Practices for Securing Home Networks

• Free Tool Unlocks Some Encrypted Data in Ransomware Attacks

• Turla’s Snake malware network disrupted by Five Eyes’ authorities

• Nutanix announces data services for Kubernetes and cross-cloud data mobility

• New Startup SquareX Targets Brower-Based Attacks

• 23-year-old Brit linked to 2020 Twitter SIM-swap attack pleads guilty

• Salt Security Achieves AWS WAF Ready Designation

• Warning! New DDoS Botnet Malware Exploits Critical Ruckus RCE Vulnerability

• AI Poses Greater Job Threat Than Automation, Experts Warn

• Enterprise Targeted by Akira Ransomware’s Extortion Techniques

• 3 Tips for Enterprise Patch Management

• Chipmaker Patch Tuesday: Intel, AMD Address Over 100 Vulnerabilities

• SAP Patches Critical Vulnerabilities With May 2023 Security Updates

• CISO Conversations: HP and Dell CISOs Discuss the Role of the Multi-National Security Chief

• Bootkit zero-day fix – is this Microsoft’s most cautious patch ever?

• Why Honeytokens Are the Future of Intrusion Detection

• Phishing Ring Busted, Spanish Police Have Arrested 40 People

• FBI Disables ‘Sophisticated’ Russian Snake Cyberspying Tool

• Never leak secrets to your GitHub repositories again

• How to Reclaim Your Online Privacy

• India To Reopen Applications For $10bn Chip Incentives – Report

• The High-Stakes Game of Cybersecurity: Why Your Data Is a Prime Target for Hackers?

• Professional Services in the World of Cybersecurity

• Capita looking at a bill of £20M over breach clean-up costs

• Mastermind Behind Twitter 2020 Hack Pleads Guilty and Faces up to 70 Years in Prison

• WhatsApp Can’t be Trusted, Warns Elon Musk

• Ransomware Encryption Rates Reach New Heights

• UK man pleads guilty to Twitter hack that compromised accounts of Joe Biden, Elon Musk

• British Man Pleads Guilty To Infamous Twitter Hack

• Twitter Celebrity Hacker Pleads Guilty in US

• A Mysterious New Hacker Group, Red Stinger, Is Lurking in Ukraine’s Cyberspace

• US disrupts Russia-linked Snake implant’s network

• Phishing Ring Bust, Spanish Police Have Arrested 40 People

• Sysco`s System Breached, Customers` and Employees` Data Stolen

• High-Intensity Interval Training (HIIT) Cutting Plan

• Are you eligible for a piece of the $725 million Facebook settlement?

• U.S. Government Neutralizes Russia’s Most Sophisticated Snake Cyber Espionage Tool

• Spanish Police Arrest 40 in Phishing Gang Bust

• SquareX browser-integrated cybersecurity solution keeps consumers’ online activities safe

• How To Install FHX V7 COC New In PC ( Windows 7, 8, 10, and Mac )

• Microsoft Patches Three Zero-Day Bugs This Month

• It’s official: No more COVID vaccine mandate for federal workers and contractors

• SquareX browser-integrated cybersecurity solution keeps consumers online activities safe

• Why performing security testing on your products and systems is a good idea

• Over 600 GB of Fullerton India’s Data Published on the Dark Web

• Twitter to launch encrypted direct messages with voice and video chat to follow, Elon Musk says

• ISACA: Companies Still Face Many Barriers to Achieving Digital Trust

• Microsoft’s May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug

• Kubernetes Bill of Materials (KBOM) open-source tool enhances cloud security response to CVEs

• Australia TechnologyOne hit by a Cyber Attack

• How do password managers make sense

• Microsoft Patch Tuesday for May 2023 fixed 2 actively exploited zero-day flaws

• Microsoft Defender Antivirus had highest system load impact in latest AV-Test

• 56,000+ cloud-based apps at risk of malware exfiltration

• The security and privacy risks of large language models

• Prevent attackers from using legitimate tools against you

• The CPRA compliance checklist every business should follow in 2023

• Securing the Edge Ecosystem Global Research released – Complimentary report available

• Cyberpress Launches Cybersecurity Press Release Distribution Platform

• Japan’s ubiquitous convenience stores now serving up privacy breaches

• Company executives can’t afford to ignore cybersecurity anymore

• 2023 年 5 月のセキュリティ更新プログラム (月例)

• What Is mTLS? How To Implement It With Istio

• Microsoft Patch Tuesday, May 2023 Edition

• Brightline breach hits at least 964,000 people, US records show

• Ransomware attack on MSI led to compromised Intel Boot Guard private keys

• Fake system update drops Aurora stealer via Invalid Printer loader

Generated on 2023-05-11 23:55:29.784876

Liked it? Take a second to support IT Security News on Patreon!