IT Security News Daily Summary 2023-05-31

• Crypto Discord Communities Targeted by Malicious Bookmarks & JavaScript

• Never Use Credentials in a CI/CD Pipeline Again

• US deploys tech diplomacy to cultivate leadership in emerging fields

• DHS faces slow disaster response burdened by legacy systems, officials warn

• 8 best practices for securing your Mac from hackers in 2023

• Yet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers

• Experts warn of backdoor-like behavior within Gigabyte systems

• Decoding eBPF Observability: How eBPF Transforms Observability as We Know It

• Machine Learning Applications in the Cybersecurity Space

• Serious Security: That KeePass “master password crack”, and what we can learn from it

• British Healthcare System Accused Of Sharing Intimate Patient Details With Facebook Without Consent

• Can Cloud Services Encourage Better Login Security? Netflix’s Accidental Model

• The Right to Repair Is Law in Minnesota. California Should Be Next

• Debt ceiling politics could derail plans for modernizing unemployment benefits delivery

• MacOS ‘Migraine’ Bug: Big Headache for Device System Integrity

• Ways to Help Cybersecurity’s Essential Workers Avoid Burnout

• Shadow Data Concerns, Public Cloud Breaches Remain Sky-High: Here’s How Organizations Can Protect Themselves

• AI and China are ‘defining challenges of our time,’ CISA director says

• NASA team’s plan to decode UFO sightings hinges on better data

• Amazon Staff Walkout Over Environment, Return To Office Policies

• Draft AI Code Drafted Within Weeks – EU Official

• Phishing defense, one simulated email at a time

• Barracuda Email Security Gateways bitten by data thieves

• Barracuda zero-day bug exploited months prior to discovery

• Top 5 Application Security Tools & Software for 2023

• Organizations Warned Of Backdoor In Hundreds Of Gigabyte Motherboards

• Criminals spent 10 days in US dental insurer’s systems extracting data of 9 million

• How agencies can automate data extraction at scale

• Bitdefender GravityZone Security for Mobile provides protection against mobile attack vectors

• Rezilion Smart Fix improves software supply chain security

• Bitdefender Introduces GravityZone Security for Android, iOS, and Chromebook

• 10 ways to speed up your internet connection today

• The best VPN trials of 2023: Top VPNs to test for free

• 6 Best Bot Protection Solutions and Software for 2023

• Checkmarx Announces GenAI-powered AppSec Platform, Empowering Developers and AppSec Teams to Find and Fix Vulnerabilities Faster

• Investment May Be Down, but Cybersecurity Remains a Hot Sector

• Apple’s iOS 16.5 Fixes 3 Security Bugs Already Used in Attacks

• Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining

• Warning! WordPress Plugin ”Gravity Forms” Vulnerable to PHP Object Injection

• Adding Chrome Browser Cloud Management remediation actions in Splunk using Alert Actions

• Vulnerability Summary for the Week of May 22, 2023

• Buy-Now-Pay-Later (BNPL) is Revolutionising the E-Commerce Landscape

• New Mexico trying to build and train new workforce for broadband expansion

• New “Migraine” Flaw Enables Attackers to Bypass MacOS Security

• New eID Scheme Gives EU Citizens Easy Access to Public Services Online

• Software Liability And Hard Truths Of Manufacturer Responsibility

• Critical Barracuda 0-Day Was Used To Backdoor Networks For 8 Months

• Cyberwar Manufacturers Plot To Stay On Right Side Of US

• XFS Bug In Linux Kernel 6.3.3 Coincides With SGI Code Comebank

• Solar Panels at Risk of Cyber Attacks, warn Experts

• SeroXen RAT for sale

• Phishing-resistant MFA 101: What you need to know

• Twitter Sued By Janitors, As Musk Meets Chinese Officials

• Were you caught up in the latest data breach? Here’s how to find out

• SpinOk Trojan Compromises 421 Million Android Devices

• Virginia ABC officials say they’ve ‘automated’ liquor lotteries to prevent future errors

• Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards

• Chrome 114 Released With 18 Security Fixes

• IDSA: Only 49% of Firms Invest in Identity Protection Before Incidents

• Mirai Variant Opens Tenda, Zyxel Gear to RCE, DDoS

• A Roadmap for Becoming a Penetration Tester in 2023

• Here’s How Quantum Computing can Help Safeguard the Future of AI Systems

• Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices

• Chinese Hacking of US Critical Infrastructure

• Salt Security Attains AWS Security Competency Status

• 3 ways to spot a malware-infected app on your smartphone

• Threatening botnets can be created with little code experience, Akamai finds

• Threat actors are exploiting Barracuda Email Security Gateway bug since October 2022

• PingSafe helps organizations securely deploy containers with KSPM module

• ConnectSecure enhances its cybersecurity platform with deep attack surface scanning and EPSS

• Someone is roping Apache NiFi servers into a cryptomining botnet

• Permit.io launches FoAz to give frontend developers the keys to security

• NYC’s Metropolitan Opera Faces Lawsuit for 2022 Data Breach

• The pros and cons of the debt deal for states and localities

• Focus Security Efforts on Choke Points, Not Visibility

• Beware of Ghost Sites: Silent Threat Lurking in Your Salesforce Communities

• Critical Firmware Backdoor in Gigabyte Systems Exposes ~7 Million Devices

• AI: the cause of the metaverse’s demise?

• AI Leaders Warn Of ‘Extinction’ Risk To Humans

• Shut Down Phishing Attacks – Types, Methods, Detect, Prevention Checklist

• Critical Jetpack WordPress Flaw Exposes Millions of Website

• XFS bug in Linux kernel 6.3.3 coincides with SGI code comeback

• Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor

• Swiss real estate agency Neho fails to put a password on its systems

• When the popular safeguarding tool is anything but

• PyPI Enforces the Usage of Two-factor Authentication for All Software PUBLISHES

• This Campaign Delivers Three Malware Via Pirated Software Videos On YouTube

• Many Gigabyte PC models affected by major supply chain issue

• Salesforce ‘Ghost Sites’ Expose Sensitive Corporate Data

• Netskope integrates with AWS to simplify security data management

• Zyxel patches vulnerability in NAS devices (CVE-2023-27988)

• PingOne Protect prevents account takeover

• Hitachi Data Reliability Engineering improves the consistency of business-critical data

• 1Password tightens the thumbscrews for users of the old version of the password manager

• Spyware Found in Google Play Apps With Over 420 Million Downloads

• Breaking Enterprise Silos and Improving Protection

• 6 Steps to Effective Threat Hunting: Safeguard Critical Assets and Fight Cybercrime

• Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass

• China Urges Japan To Drop Chip Export Restrictions

• Danni Brooke to Spotlight the Role of Women in Cyber at Infosecurity Europe 2023

• Nvidia Briefly Hits $1 Trillion Valuation

• Mirantis Lens Control Center simplifies secure Kubernetes deployments

• How APTs target SMBs

• MacOS Vulnerability Enables Hackers to Bypass SIP Root Restrictions

• Hackers Can Bypass Fingerprint Locks On Phones With BrutePrint Attack

• Investigating BlackSuit Ransomware’s Similarities to Royal

• Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery

• Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability

• Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks

• Cybersecurity Standards in the Banking Industry

• The Issue of Insider Threats: What you Need to Know

• Learn how to protect your company from cyberattacks for just $46

• Pentagon Cyber Policy Cites Learnings from Ukraine War

• Affiliate Marketing Meets Tech: Conferences Every Tech Geek Should Have On Their Radar

• How To Fulfil Your Dream Of Becoming A Digital Nomad In Australia

• Thinking straight in the SoC: How AI erases cognitive bias

• WordPress Rushes Out Jetpack Patch to Millions

• Centripetal Extends Innovative CleanINTERNET® Technology to the Cloud

• Dark Pink APT Group Expands Tooling and Targets

• RomCom RAT Using Deceptive Web of Rogue Software Sites for Covert Attacks

• Microsoft found a new bug that allows bypassing SIP root restrictions in macOS

• Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more!

• Why performing security testing on your products and systems is a good idea

• UberEats to use 2000 AI powered robots for delivery by 2026

• The Transformative Power of Artificial Intelligence in Healthcare

• Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months

• The strategic importance of digital trust for modern businesses

• Attackers leave organizations with no recovery option

• Organizations are placing OT cybersecurity responsibility on CISOs

• Managing mental health in cybersecurity

• RaidForums – 478,604 breached accounts

• A.I. poses human extinction risk on par with nuclear war, Sam Altman and other tech leaders warn

• Kali Linux 2023.2 Released – What’s New!

• Spotlight on 2023 Dan Kaminsky Fellow: Dr. Gus Andrews

• BackBox Launches Cisco CIS Benchmark Automation Templates

• Discord Admins Hacked by Malicious Bookmarks

• Barracuda Networks patches zero-day vulnerability in Email Security Gateway

• Polish Credentials – 1,204,870 breached accounts

• 1. This crypto-coin is called Jimbo. 2. $8m was stolen from its devs in flash loan attack

• Reduce Healthcare Insider Threats with Identity and Access Management

• 90+ orgs tell Slack to stop slacking when it comes to full encryption

• How Generative AI Will Remake Cybersecurity

• Ransomware Takes No Prisoners

• Web3 Needs A Truly Decentralized Infrastructure That IPFS Alone Cannot Deliver

• BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

• Human-Assisted CAPTCHA-Cracking Services Supercharge Shopper Bots

• IT Security News Daily Summary 2023-05-30

• Clean energy advancements hinge on steady funding, Energy official says

• Unmonitored networks put US nuclear arsenal at risk, GAO finds

• Windows 11: Enforcing password resets for local group users

• 421M Spyware Apps Downloaded Through Google Play

• Go Phish: How Attackers Utilize HTML Files to Evade Security

• SimpleTire Database Leak: Over 2.8 Million Records Exposed

• State looks to better assess vendor security

• IoT network streamlines state DOT traffic monitoring

• Agencies launch initiative to better identify minority-owned contractors

• Google offers certificate in cybersecurity, no dorm room required

• The Rush to SaaS Modernization Can Result in Reputational Damage

• Tenet and LayerZero Forge Cross-Chain LSD Adoption

• Debt limit deal would save feds’ paychecks, but freeze agency spending

• Federal Judge Makes History in Holding That Border Searches of Cell Phones Require a Warrant

• Pegasus-pusher NSO gets new owner keen on the commercial spyware biz

• The Perfect Blend: Qdoba’s SASE Information

• Vendors: Threat actor taxonomies are confusing but essential

• PyPI enforces 2FA authentication to prevent maintainers’ account takeover

• The Challenges with Passkeys: Addressing Limitations

• Authorization: Get It Done Right, Get It Done Early

• Budget and tech challenges loom over IRS’s direct file pilot

• GOP-led states plan new voter data systems to replace one they rejected

• Serious Security: Verification is vital – examining an OAUTH login bug

• Undetected Attacks Against Middle East Targets Conducted Since 2020

• Attackers hacked Barracuda ESG appliances via zero-day since October 2022

• EU’s Proposed Cyber Resilience Act Raises Concerns for Open Source and Cybersecurity

• Elon Musk Withdraws Twitter from EU’s Disinformation Code of Practice

• 9M Dental Patients Affected by LockBit Attack on MCNA

• New macOS vulnerability, Migraine, could bypass System Integrity Protection

• Telesign Trust Index a call to action for any enterprise that’s discounting cybersecurity

• Human Error Fuels Industrial APT Attacks, Kaspersky Reports

• Nigerian Cybercrime Ring’s Phishing Tactics Exposed

• CERN Spots Strange Higgs Boson Decay Breaking The Rules

• ABB Confirms Data Stolen In Black Basta Ransomware Attack

• Artificial Intelligence Could Lead To Extinction, Experts Warn

• Hacker Wins $105k For Reporting Flaws In Sonos One Speakers

• Introduction to the purpose of AWS Transit Gateway

• Warning: Lazarus Targets Windows IIS Web Servers For Initial Access

• Things ChatGPT cannot but Google Bard can do

• DogeRAT Malware Impersonates BFSI, Entertainment, E-commerce Apps

• Facebook Under Pressure For Allowing Racist Content To Spread In Australia

• ‘Hot Pixel’ Attack Exploits Novel GPUs and SoCs to Siphon Browsing History

• Raidforums Database Leak: Data of 460,000 Users Dumped Online

• How Web3 Is Driving Social and Financial Empowerment

• Now Social Engineering Attackers Have AI. Do You?

• PCI DSS 4.0: How to Delight the Auditors

• How Large is Your Target? Advice for the Smallest Businesses

• A database containing 478,000 RaidForums members leaked online

• RaidForums Members Data Leaked on New Hacking Forum

• Promoting Trust in Facial Recognition: Principles for Biometric Vendors

• Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals

• China Approves Microsoft-Activision Deal ‘Unconditionally’

• Incident Response Guide

• Many Vulnerabilities Found in PrinterLogic Enterprise Software

• Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack

• PyPI Enforcing 2FA for All Project Maintainers to Boost Security

• Pentagon Leaks Emphasize the Need for a Trusted Workforce

• Why Attackers Target the Gaming Industry

• TenSec 2019

• Exploiting Wi-Fi Stack on Tesla Model S

• Tencent Keen Security Lab joins GENIVI Alliance

• Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars

• Tencent Security Keen Lab: Experimental Security Assessment of Mercedes-Benz Cars

• Nvidia Set To Surpass $1tn As AI Surge Continues

• Google CTF 2023 – Rewards over $32,000 For Winners

• Implementing Risk-Based Vulnerability Discovery and Remediation

• CAPTCHA-Breaking Services with Human Solvers Helping Cybercriminals Defeat Security

• Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers

• Is Your Organization Prepared Against Insider Threats?

• Enhancing Collaboration and Efficiency in DataOps With Git

• Demystifying SPF Record Limitations

• Frontegg launches entitlements engine to streamline access authorization

• Tricks of the trade: How a cybercrime ring operated a multi‑level fraud scheme

• Operation Red Deer

• Facebook Shares Private Information With NHS Trusts

• Laravel vs. Django: A Head-to-Head Comparison

• Bitcoin Trades At Steep Discount On Binance Australia

• Check Point offers new OffSec course via the MIND Learning and Training Portal

• Ransomware Gangs Adopting Business-like Practices to Boost Profits

• Beware of the new phishing technique “file archiver in the browser” that exploits zip domains

• To Save the News, We Must Ban Surveillance Advertising

• Play-to-Earn Games: A Beginner’s Guide

• Samsung ‘Pushes For Tax Payouts’ In Vietnam

• Get 9 cybersecurity courses for just $46

• April 2023 Cyber Attacks Timeline

• Crypto Bosses Look To China Ahead Of Hong Kong Rules

• The Right Help Desk for You: Is It That Complicated?

• Dark Web Data Leak Exposes RaidForums Members

• BrutePrint Attack allows to unlock smartphones with brute-forcing fingerprint

• A Comprehensive Guide to Online Gaming Withdrawals in Michigan

• Pension Funds Warn Members Over Capita Breach

• Disaster recovery in the cloud

• Retailer Database Error Leaks Over One Million Customer Records

• Nine Million MCNA Dental Customers Hit by Breach

• Amazon Offers Term Time-Only Working Amidst Strikes

• The Gravitational Pull of Data

• Sneaky DogeRAT Trojan Poses as Popular Apps, Targets Indian Android Users

• What Are the Key Trends in Cybersecurity Right Now?

• The root causes of API incidents and data breaches

• Need to improve the detection capabilities in your security products?

• Podcast Episode: Who Inserted the Creepy?

• Nvidia Builds AI Supercomputer In Israel Amidst Surging Demand

• Cybersecurity news headlines trending on Google

• New Phishing Attack Abuses .Zip Domain to Emulate Fake WinRAR Within the Browser

• Organizations spend 100 hours battling post-delivery email threats

• Generative AI: The new attack vector for trust and safety

• Penetration tester develops AWS-based automated cracking rig

• DOD submits classified cyber strategy to Congress

• A week in security (May 22-28)

Generated on 2023-05-31 23:55:24.738323