IT Security News Daily Summary 2023-08-11

• SandboxAQ unveils Sandwich, an open-source meta-library of cryptographic algorithms

• Black Hat USA 2023 Panel: Used Correctly, Generative AI is a Boon for Cybersecurity

• Security Pressures Mount Around AI’s Promises & Peril

• ‘Bulletproof’ hosting site that allegedly enabled 400 ransomware attacks seized, founder indicted

• DARPA Taps RTX to Attune AI Decisions to Human Values

• MoustachedBouncer Hackers Caught Spying on Embassies

• Microsoft: Codesys PLC bugs could be exploited to ‘shut down power plants’

• Fortinet Announces Free Security Awareness Curriculum for K-12 Students Tied to White House’s Cyber Initiatives

• Microsoft says Codesys bugs in ‘millions’ of PLCs could ‘shut down power plants’

• Get a one-year subscription to Norton 360 Standard and LifeLock Identity Advisor for $25

• Threat Intelligence Efforts, Investment Lagging, Says Opswat

• As Phishing Gets Even Sneakier, Browser Security Needs to Step Up

• Cyber Security Today, Week in Review for the week ending Friday, August 11, 2023

• Dependency Confusion Attacks: New Research Into Which Businesses are At Risk

• The Evolution of API: From Commerce to Cloud

• Federal Judge Upholds Arizonans’ Right to Record the Police

• Maker of Chrome extension with 300,000+ users tells of constant pressure to sell out

• XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure

• Alberta dental plan administrator paid ransomware gang after attack

• Phishing 3.0: Crooks Leverage AWS in Deceptive Email Campaigns

• Gurucul Brings Generative AI Capabilities (Sme) to Next-Gen SIEM

• Best Encryption Software and Tools for 2023

• Downfall Vulnerability Affects Millions of Intel CPUs With Strong Data Leak Impact

• What is SASE? Secure Access Service Service Edge Explained

• GitHub’s Hardcore Plan to Roll Out Two-Factor Authentication (2FA)

• Image steganography: Concealing secrets within pixels

• Check Point Partners with the White House on National Cyber Workforce and Education Strategy

• Multiple Flaws Found in the Avada WordPress Theme and Plugin

• New Study Claims Facebook Does Not Cause Psychological Harm

• US cyber board to investigate Microsoft hack of government emails

• Revolutionizing Everyday Life: The Transformative Potential of AI and Blockchain

• Ditch SMS-based MFA, urges board investigating Lapsus$ gang’s successful attacks

• How to enable DNS over HTTPS in Opera

• iOS 17 cheat sheet: Release date, supported devices and more

• Evaluate the risks and benefits of AI in cybersecurity

• DroxiDat-Cobalt Strike Duo Targets Power Generator Network

• The MOVEit mass hacks hold a valuable lesson for the software industry

• Digital Disaster: Electoral Commission Data Breach Leaves 40 Million UK Voters Exposed

• Google Cloud launched Chronicle Cybershield

• Lapsus$ Hacker Group Exposed in Latest CSRB Report

• Researchers Uncover Years-Long Cyber Espionage on Foreign Embassies in Belarus

• Novel Downfall Bug is Targeting Intel CPUs to Steal Encryption Keys, and Data

• DHS to Review Microsoft’s Security in Chinese Email Hack

• The U.S. Government Wants To Control Online Speech to “Protect Kids”

• Chip Shortage In Germany To Last Years, Warns Audi Head

• In Other News: macOS Security Reports, Keyboard Spying, VPN Vulnerabilities

• Researchers Uncover Decade-Long Cyber Espionage on Foreign Embassies in Belarus

• Crash Test: REST API vs. SOAP Security

• North Korean Hackers Breach Russia’s Top Missile Maker’s Data

• This bank’s new app security feature irks customers

• What CISA and NSA Guidance Means for Critical Infrastructure Security

• Cyber Mindfulness Corner Company Spotlight: Mimecast

• Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS

• 75% of businesses are implementing or considering bans on ChatGPT

• Understanding Risk-Based Authentication (RBA)

• Mobb Wins Black Hat Startup Spotlight Competition

• How Teenagers Hacked Some Of The World’s Biggest Targets

• Gootloader SEO Watering Hole Malware Targets Law Firms

• AI Evil Twins May Already Be Manipulating Human Nature

• Microsoft Discloses 16 Vulnerabilities In CodeSys Products

• How to Backup Amazon EC2 Instance

• 66% of Organisations in UK Set to Ban ChatGPT and Generative AI Apps on Work Devices

• 1 in 5 CIOs Believe Cyber Security Ops Are Not An Immediate Priority

• Major Story – Data Breach Exposes Sensitive Police Data In Northern Ireland

• Black Hat USA 2023 – Announcements Summary

• Northern Ireland’s Top Police Officer Apologizes for ‘Industrial Scale’ Data Breach

• Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying

• Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116

• BigID Access Intelligence Remediation defends users against unauthorized exposure

• Black Hat USA 2023 video walkthrough

• Are You Being Tracked by an AirTag? Here’s How to Check

• Electoral Commission had internet-facing server with unpatched vuln

• Cyber Security Today, August 11, 2023 – Employee mistake leads to Northern Ireland police data breach, why employee awareness training is vital, and more.

• MoustachedBouncer Attacking Foreign Embassies Using NightClub and Disco Hacking Tools

• The Inability to Simultaneously Verify Sentience, Location, and Identity

• Microsoft Role To Be Investigated After US Government Breach

• Email Hacking Reigns as Top Cybersecurity Threat, Indusface Study

• India Passes Data Protection Legislation in Parliament. Critics Fear Privacy Violation

• New SystemBC Malware Variant Targets Southern African Power Company

• Researchers Shed Light on APT31’s Advanced Backdoors and Data Exfiltration Tactics

• CommScope SYSTIMAX Constellation allows enterprises to build and augment IP networks

• UK, EU, Mull Tighter China Controls After New US Restriction

• #BHUSA: Security Risks to Boom in the Era of Widespread Generative AI Adoption

• Magento shopping cart attack targets critical vulnerability revealed in early 2022

• New SystemBC Malware Variant Targets South African Power Company

• A totaled Tesla was sold for parts in the U.S. but came back online in Ukraine — here’s how

• MoustachedBouncer: Foreign Embassies in Belarus Likely Targeted via ISPs

• UK Government Slammed For Encryption Mistruths

• Researchers Suggest Ways to Tackle Thermal Attacks

• CISA: New Whirlpool Backdoor Used in Barracuda ESG Campaign

• A totaled Tesla was sold for parts in the US but came back online in Ukraine — here’s how

• Gafgyt botnet is targeting EoL Zyxel routers

• 2023 Threat Report – Dramatic Surge in Social Engineering and Web Attacks

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows?

• Researchers Uncover Series of Ransomware Attacks that Follow Same Pattern

• Charming Kitten APT is targeting Iranian dissidents in Germany

• Connecticut school loses millions in Spoofing Cyber Attack

• Ensuring HIPAA Compliance on Mobile Devices: A Vital Guide

• 16 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks

• How to handle API sprawl and the security threat it poses

• US Cyber Command boss says China’s spooky cyber skills still behind

• 15 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks

• How digital content security stays resilient amid evolving threats

• Photos: Black Hat USA 2023

• New infosec products of the week: August 11, 2023

• US Cyber Command boss says China’s spooky cyber-skills trail America’s

• CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation

• Threat intelligence’s key role in mitigating malware threats

• Cybersecurity as a global, multi-sector activity with Mihoko Matsubara

• How executives’ personal devices threaten business security

• How to accelerate and access DDoS protection services using GRE

• Microsoft Expands Cloud Security Posture Management to Google Cloud

• 2023-08-03 – .msix file –> IcedID (Bokbot) –> BackConnect and Keyhole VNC

• What’s in New York’s ‘First Ever’ Cyber Strategy?

• Proposed Cybercrime Treaty’s International Cooperation Provisions Could Let Tyrants Run Amok

• Reshaping the API Security Landscape: Graylog Acquires Resurface

• #BHUSA: White House, DARPA and CISA Ask for Help in Securing Open Source Software

• Statc Stealer, a new sophisticated info-stealing malware

• A totaled Tesla came was sold for parts in the US but came back online in Ukraine — here’s how

• The EVM Compatibility Chronicles Part II

• August Patch Tuesday stops actively exploited attack chain and more

• Ransomware review: August 2023

• NSA: Codebreaker Challenge Helps Drive Cybersecurity Education

• Rightbiz – 65,376 breached accounts

• Palo Alto: SugarCRM zero-day reveals growing cloud threats

• #BHUSA: US National Security Agency Announces Codebreaker Challenge Theme

• CISA: ‘Whirlpool’ Backdoor Sends Barracuda ESG Security Down the Drain

• Rhysida Ransomware Trains Its Sights on Healthcare Operations

• A totaled Tesla came was sold for parts in the US but came back online in the Ukraine — here’s how

• Dell Credentials Bug Opens VMWare Environments to Takeover

• IT Security News Daily Summary 2023-08-10

• Cyber Insurance Experts Make a Case for Coverage, Protection

• Ransomware Attack Timeline

• Black Hat 2023 Keynote: Navigating Generative AI in Today’s Cybersecurity Landscape

• CSPM vs CWPP vs CIEM vs CNAPP: What’s the Difference?

• 6 Best Threat Intelligence Feeds to Use in 2023

• There’s a good chance your VPN is vulnerable to privacy-menacing TunnelCrack attack

• Check Point to Acquire SASE Security Firm Perimeter 81 for $490 Million

• Kemba Walden: We need to secure open source software

• Trend Micro discloses ‘silent threat’ flaws in Azure ML

• The Future of Cloud-Native Data Security: A Look at Laminar’s New Capabilities

• AMD and Intel CPU security bugs bring Linux patches

• EvilProxy Cyberattack Flood Targets Execs via Microsoft 365

• Teens Hacked Boston Subway’s CharlieCard to Get Infinite Free Rides—and This Time Nobody Got Sued

• SecurityGen Study Highlights Hidden Threat to 5G Mobile Networks From GTP-Based Cyberattacks

• The Hard Realities of Setting AI Risk Policy

• CISA discovered a new backdoor, named Whirlpool, used in Barracuda ESG attacks

• Detectify IP Addresses view enables organizations to uncover unauthorized assets

• Lumen Data Protect defends critical business data from corruption

• OpenAI’s GPTBot: A New Era of Web Crawling

• Dissident Republicans Claim To Have PSNI Breach Data, Admits Chief Constable

• Request-Level Authentication and Authorization With Istio and Keycloak

• 5 Best Encryption Key Management Software for 2023

• Osano Secures $25M Series B to Advance Data Privacy Platform

• Rootly Raises $12M to Help Enterprise IT Teams Resolve Incidents 80 Percent Faster

• What Is Patch Management as a Service (PMaaS) & What Can It Do For You?

• Congress Amended KOSA, But It’s Still A Censorship Bill

• Black Hat: Tenable to add AI query module to its Exposure Management platform; DARPA AI Cyber Challenge announced

• Cybersecurity: It’s Time to Trust the Machines

• Zoom Refutes Claims of AI Training on Calls Without Consent

• Understanding Security Vulnerabilities: A First Step in Preventing Attacks

• Calix expands security options in SmartBiz to protect small businesses from cyberthreats

• Fortra releases new integrations for its Offensive Security

• Lookout SAIL improves efficiency for cybersecurity professionals

• Making Chrome more secure by bringing Key Pinning to Android

• Solution to hardware flaw in Intel CPUs may cause large performance hit

• Mac systems turned into proxy exit nodes by AdLoad

• Top 15 Data Security Posture Management (DSPM) platforms for 2023

• Co-Founder Of Yandex Condemns Ukraine Invasion

• EvilProxy Phishing Kit Hits 100+ Firms, Bypasses MFA via Reverse Proxy

• Vulnerability management, its impact and threat modeling methodologies

• Avoiding False Positive: The Silent SAST Killer

• New York Introduces First-Ever Statewide Cybersecurity Strategy

• Lookout incorporates generative AI to support security professionals and boost security

• LockBit Attack: Ransomware Gang Threatens to Leak Cancer Patients’ Medical Data

• Revolutionizing IT: Ultraviolet’s Innovative Approach to Developer Efficiency

• Legions of DEF CON hackers will attack generative AI models

• Researchers put LLMs to the test in phishing email experiment

• APT31 Linked to Recent Industrial Attacks in Eastern Europe

• 37% of Third-party Applications have High-risk Permissions

• Adobe Patches 30 Acrobat, Reader Vulnerabilities

• Hundreds of executives are falling for Microsoft 365 phishing attacks: Report

• Zoom using user data to train its AI models

• US Scientists Repeat Fusion Ignition Breakthrough

• #BHUSA: Only 22% of Firms Have Mature Threat Intelligence Programs

• New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks

• Critical Start introduces Managed Cyber Risk Reduction to address risks, vulnerabilities, and threats

• Authorities Taken Down Bulletproof Hosting Provider Lolek

• Google just made its Chrome browser more secure by cutting ‘patch gap’ in half

• Generative AI takes center stage at Black Hat USA 2023

• What Is Cloud Security Posture Management (CSPM)?

• Identity management platform Veza secures $15M from Capital One and ServiceNow

• Exabeam and Cribl partnership helps enterprises accelerate SIEM deployments

• Appdome and Bugcrowd join forces to create a more secure mobile app economy

• The 9 Best XDR Software Solutions and Tools in 2023 [Features, Pricing & Reviews]

• Top Exploit Databases to Use in Bolstering Cybersecurity Posture

• Ransomware Prevention Checklist: Safeguarding Your Digital Assets

• How the SEC’s Proposed Security Rules Could Impact Businesses

• Controlling Cybersecurity Risks

• What Will Cybersecurity Jobs Look Like in 2028?

• Fines for Facebook Privacy Breaches in Norway Crack Down on Meta

• The Pentagon’s 2023 cyber strategy: What you need to know

• Symmetry Systems Raises $17.7M for Data Security Posture Management Platform

• Managing and Securing Distributed Cloud Environments

• Potent Trojans Targeting MacOS Users

• New Statc Stealer Malware Emerges: Your Sensitive Data at Risk

• UK cybersecurity giant NCC Group is making more layoffs

• Black Hat USA Keynote: In AI Do Not Trust

• DARPA Sponsors Competition For AI Innovation And Cybersecurity

• CISA Warns Orgs Of Exploited Vuln Affecting .NET, Visual Studio

• Nearly Every AMD CPU Since 2017 Vulnerable To Inception Attacks

• How An Unpatched Microsoft Exchange 0-Day Likely Caused One Of The UK’s Biggest Hacks Ever

• Zoom Declines Training AI on Calls Without Approval

• Coalition looks to bridge gap between CISOs, cyber insurance

• S3 Ep147: What if you type in your password during a meeting?

• #BHUSA: DARPA Challenges AI Pros to Safeguard US Infrastructure

• Navigating Cybersecurity’s Seas: Environmental Regulations, OT & the Maritime Industry’s New Challenges

• Investigating the Intricacies of BEC Invoice Redirect Attacks

• Lookout incorporates generative AI assistant to support security professionals and boost security

• Check Point to acquire Perimeter 81 for $490 million

• Illumio for Azure Firewall allows users to protect different parts of their cloud environment

• MITRE partners with Robust Intelligence to tackle AI supply chain risks in open-source models

• Bionic integrates with ServiceNow, launches Bionic Events

• AI Eavesdrops on Keystrokes with 95% Accuracy

• Microsoft Authenticator will soon provide codes via WhatsApp

• Elon Musk To Auction Twitter Signs, Backs Verbal Cage Fight With Zuck

• #BHUSA: ESET Unmasks Cyber-Espionage Group Targeting Embassies in Belarus

• Check Point buys Perimeter 81 for $490M to enhance its security tools for hybrid and remote workers

• Deloitte Safeguards Software Development Lifecycle

• KnowBe4 helps protect endangered species to celebrate 13th anniversary

• Rhysida Ransomware: The Rise of a New Threat for Healthcare Organizations

• Feds Seize Bulletproof Hosting Service ”Lolek Hosted”

• DAY 2! Dark Reading News Desk: Live at Black Hat USA 2023

• DTX Europe 2023

• How randomized data can improve our security

• New Infostealer Malware Steal Logs & Corporate Access Data

• Rhysida ransomware – what you need to know

• European Startup Pistachio Raises €3.25 Million for Cybersecurity Training Platform

• Osano, a data privacy management platform, nabs $25M

• Adaptive Shield’s ITDR capabilities help users detect identity-related security threats

• ConcealSherpaAI identifies potentially harmful webpages

• Microsoft 365 accounts of execs, managers hijacked through EvilProxy

• SentinelOne enhances vulnerability management through Singularity Ranger Insights

• Encryption Flaws in Popular Chinese Language App Put Users’ Typed Data at Risk

• Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization

• Cryptographic Flaw in Libbitcoin Explorer Cryptocurrency Wallet

• Unleashing Your Potential Through Destiny 2 Accounts For Sale: A New Perspective

• Fact vs. Fiction: Unmasking Exaggerated AI Failures and Successes

• White House launches AI Cyber Challenge to make software more secure

• LastPass removes the master password from customers’ login with FIDO2 authenticators

• UK Appoints Tech Expert, Diplomat To Head AI Safety Summit

• Researchers Tricked Hackers into Reveal Their Secrets Using Honeypot

• Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives

• Microsoft Patch Tuesday For August ’23 Addresses 84 Flaws

• Breaking the Mold: New Directions in Commercial Video Production

• Get your staff’s consent before you monitor them, tech inquiry warns

• Fresh Blow to PSNI Security as Second Data Breach Disclosed

• Leaked Yandex Code Breaks Open the Creepy Black Box of Online Advertising

• Belarus hackers target foreign diplomats with help of local ISPs, researchers say

• Focus on DroxiDat/SystemBC

• CISA Warns Organizations of Exploited Vulnerability Affecting .NET, Visual Studio

• Regulator: “Harmful” Web Design Could Break Data Protection Laws

• ‘MoustachedBouncer’ APT Spies on Embassies, Likely via ISPs

• CISA adds actively exploited flaw in .NET, Visual Studio to its Known Exploited Vulnerabilities catalog

• Investigating the Intricacies of Invoice Redirect Attacks

• The Aftermath: Dallas Ransomware Attack- 26K Residents Affected

• President Biden Executive Order Targets Tech Investments In China

• Tripwire Enterprise: Five ‘Other’ Things You Should Know

• EvilProxy Campaign Fires Out 120,000 Phishing Emails

• Quick Glossary: Cybersecurity Attack Response and Mitigation

• NIST Expands Cybersecurity Framework with New Pillar

• US Govt launches Artificial Intelligence Cyber Challenge

• Understanding Changes in the OWASP API Security Top 10 List

• Brand Extension: Definition, How It Works, Example, and Criticism – 2023 Guide

• Common TTPs of attacks against industrial organizations

• Do you know what your supply chain is and if it is secure?

• Interpol Busts Phishing-as-a-Service Platform ’16Shop,’ Leading to 3 Arrests

• Data of all serving police officers Police Service of Northern Ireland (PSNI) mistakenly published online

• Chinese hackers stole US government emails

• TargetCompany Ransomware Deploy Fully Undetectable Malware on SQL Server

• Norway first to put daily penalty on Meta over data security concerns

• Will AI kill cybersecurity jobs?

• Mind the (Interpretation) gap: Another reason why threat modeling is important

• RAM dump: Understanding its ­­­importance and the process

• What to know about FedRAMP Rev. 5 Baselines

• Learning from past healthcare breaches to fortify future cybersecurity strategies

• 37% of third-party applications have high-risk permissions

• Private network adoption grows as enterprises seek greater control and security

• Australian broadcaster cuts presence on platform formerly called Twitter

• DARPA Launches 2-Year Contest to Build AI Tools to Fix Vulnerabilities

• Voter data stolen in UK Electoral Commission systems breach

• Cloudflare Tunnel increasingly abused by cybercriminals

• Facial recognition tech lands innocent woman with bogus carjacking charge

Generated on 2023-08-11 23:55:33.334906