🗞️ Daily Cybersecurity News
NDAQ 2.36% VTI 1.65% SPY 1.45% AAPL 0.48% JAMF 1.88% CIBR 0.11%
Microsoft plans to end support for its AI assistant, Cortana, on the Windows standalone app starting from late 2023. The company has introduced various AI assistants for its products and has decided to kill Cortana to focus on other areas.
In the latest news on ransomware, this week has been relatively calm. While no major attacks have been reported, there are some signs of a possible rebranding and a new zero-day data-theft campaign that could be linked to ransomware. Stay tuned for updates on these developments.
Beautiful squid chromolithographs have been featured in the latest Friday Squid Blogging post. The artwork is remarkable and worth checking out. Additionally, readers are welcome to discuss any security-related news stories not covered in the blog post within the guidelines provided by the author.
Researchers have claimed that the Python Package Index's new 2FA requirements are not sufficient for protecting the software supply chain. While the new measures will help improve the security for developers' accounts, more action needs to be taken to prevent cyberattacks.
OpenAI has announced a new cybersecurity grant program worth $1 million. The program aims to support projects that promote defensive use-cases for generative AI technology. The move is expected to advance defense against cyberattacks. The announcement was made on SecurityWeek.
After several weeks of consecutive conferences and talks, our weekly update 350 marks the end of this hectic but productive period. Though it was challenging to keep track of them all, we now have some much-needed downtime before the next round of events.
Members of the public in the United Arab Emirates have been targeted by an SMS campaign with the aim of stealing data. The attacks, carried out by an entity known as PostalFurious, have been identified and are currently being investigated.
Microsoft has announced that new security measures will be implemented in Windows 11 to prevent NTLM relay attacks. SMB signing will be required for all connections, starting with the latest Windows build released to Insiders in the Canary Channel. This move is intended to strengthen the system's protection against cyberattacks and enhance the security of users' information.
The North Korean hacker group Kimsuky, also known as APT43, has been identified as posing as journalists and academics to conduct spear-phishing attacks on various organizations and institutions. The group aims to steal intelligence from think tanks, research centers, and media organizations, with the NSA and FBI warning of their activities.
Los Angeles-based startup Galvanick has secured $10 million in seed capital to develop an advanced industrial detection and response platform. The technology, known as Industrial XDR, will be used to identify and respond to potential security threats in industrial environments. This development was reported by SecurityWeek in their post titled "Galvanick Banks $10 Million for Industrial XDR Technology."
Beware of a new phishing scam that tricks people into visiting malicious websites. The scam uses photos promoting deals from trusted brands, such as Delta and Kohl's, to hide the malicious URLs. This method is called "picture-in-picture" obfuscation and is used to harvest victims' credentials. Stay alert and double-check the authenticity of URLs before entering any personal information.
Amazon Web Services (AWS) has released a new eBook titled "5 Keys to Secure Enterprise Messaging". The eBook provides readers with best practices for mitigating security and compliance risks that come with using messaging apps. With over 3.09 billion mobile phone users utilizing messaging apps for communication, the eBook provides valuable insights for businesses looking to enhance their security. This number is expected to grow to 3.51 billion users in the coming years.
A new episode of 'Friday Night Hacking' called '#AppSec: #askMeAnything' will be aired soon. This episode focuses on application security and will offer viewers the opportunity to ask questions.
Burton Snowboards has announced a data breach after it was discovered that customers' sensitive information may have been compromised during a cyber attack in February. The snowboard manufacturer has notified affected customers and urged them to take cautionary measures.
The Practical Junior Penetration Tester (PJPT) certification from TCM Security has been introduced to help aspiring penetration testers learn the practical skills required for a career in cybersecurity. The certification can be obtained through TCM Security's training courses and examination. In addition to offering pentesting and security consulting services, TCM Security also provides merchandise and sponsorship opportunities. The company's founder, Heath Adams, can be found on various social media platforms, including Twitter, Instagram, LinkedIn and TikTok. He also offers online courses and recommends hacker books and equipment on his website.
A new QBot malware campaign has emerged, exploiting a DLL hijacking vulnerability in WordPad utility application to avoid detection from security measures. Cybersecurity specialist, ProxyLife, discovered the campaign and reported on the increasingly common trend of exploiting Windows programs for malicious purposes. The QBot phishing campaign has been discovered recently.
Following the recent ban on password sharing, frustrated Netflix users are turning to the dark web to find cheaper options for accessing the streaming service. Numerous offers for "full Netflix access" at significantly reduced rates have been reported.
Meta, a social media company, has released its language model, LLaMA, in the open-source community. The model has been leaked, allowing researchers and programmers to modify and improve it. This has led to immediate and innovative results, including increased training speeds and the ability to create and run models on a laptop. The release of LLaMA marks a significant change in the world of AI research.
Combining strategic user education with well-constructed process automation is the key to achieving sustainable security, according to experts. They say that finding a balance between technology and education is crucial in protecting individuals and businesses from cyber threats. The recipe for success involves both tactical and strategic approaches to ensure a safe and secure digital environment.
Russia's FSB intelligence agency has accused the United States' NSA of using Apple Zero-Day vulnerabilities and iMessage to spy on Russian targets for the past four years. The FSB claims that the attacks were zero-click and were not confined to Kaspersky. However, allegations against the NSA have not been corroborated.
Integrating a subject rights request tool with security and compliance solutions can effectively assist CISOs in managing security, privacy, and trust. It helps identify any potential data conflicts with more accuracy and efficiency.
A ransomware attack on Massachusetts health insurer Point32Health has resulted in the theft of personal and protected health information from 2.5 million Harvard Pilgrim Health Care subscribers. SecurityWeek reports that the attack has put the data of millions at risk.
Google has recently taken down 32 malicious Chrome extensions from the Web Store, which collectively have a download count of 75 million. These extensions were capable of altering search results and pushing spam or unwanted ads. The move comes as part of the tech giant's efforts to keep its platform secure.
The US and South Korea have released a warning about social engineering tactics employed by North Korea. Think tanks, academic and research institutions, and news media organizations are among the likely targets. Security experts say these tactics are increasingly being used in cyberattacks. This news was published on SecurityWeek.
SecurityWeek reports that Splunk has recently fixed several high-severity vulnerabilities in Splunk Enterprise, which involved bugs found in third-party packages used by the software.
Two hospitals and their clinics in eastern Idaho are striving to resume full operations following a cyberattack on their computer systems. The hospitals are working towards recovery, with the aim of returning to complete normalcy. The news was reported by SecurityWeek.
Harvard Pilgrim Health Care has reported a ransomware attack that exposed the data of 2.5 million patients. The Massachusetts-based non-profit health services provider shared the information with the US Department of Health and Human Services breach portal. The attack took place on April 17, 2023, and sensitive patient data was stolen. Harvard Pilgrim Health Care has not yet disclosed the extent of the damage caused by the attack.
A new malware botnet called Horabot has targeted Spanish-speaking users in Latin America since November 2020, according to cybersecurity researcher Chetan Raghuprasad from Cisco Talos. The malware allows hackers to take control of the victim's Outlook mailbox, extract email addresses from contacts and send phishing emails with harmful HTML attachments to all addresses in the mailbox.
Organizations are realizing the importance of managing their data security posture with the emergence of new solutions in the market. Data security posture management (DSPM) is becoming increasingly vital as it provides evidence-based security to protect data. DSPM went mainstream after its publication and is now a vital aspect of ensuring data protection.
Chinese hacking group, Camaro Dragon, has been identified as the creator of a new backdoor called TinyNote, designed to gather intelligence. Cybersecurity firm Check Point has linked the Go-based malware to the group, stating that it can perform "basic machine enumeration and command execution" using PowerShell or Goroutines. While TinyNote has limited capabilities, it still presents a significant threat to targeted systems.
Enzo Biochem has revealed that a recent ransomware attack exposed the clinical test information of approximately 2.47 million individuals. The attack compromised data of millions and caused a huge security breach. The incident highlights the importance of taking appropriate measures to secure sensitive information.
Apple has dismissed the claim made by Russia that the tech giant helped the NSA hack iPhones. The company has denied any involvement with government agencies in adding backdoors to its products. The accusation made by Russia has been refuted by Apple, as it reaffirms its commitment to protect user privacy.
SecurityWeek reports that hackers have exploited a zero-day vulnerability in the MOVEit Transfer product from Progress Software to steal data from organizations. This breach has highlighted the urgent need for better security measures and software updates to protect against such attacks.
The Finder, Apple's file management system, has a customisable metadata display allowing users to access file metadata despite its confusing layout. Additionally, the new APFS file system handles extended attributes for users.
The Kimsuky Group, a state-sponsored cluster responsible for sustained information gathering efforts through cyber attacks, has been identified by US and South Korean intelligence agencies. The group, which also goes by the names APT43, ARCHIPELAGO, Black Banshee, and Emerald Sleet, uses social engineering tactics to target think tanks, academia, and news media sectors. Both agencies have issued an alert warning of the North Korean cyber actors' actions.
Tech giant Google is currently running a limited-time offer in which they will reward up to $180,000 for a complete chain exploitation leading to sandbox escape in the Chrome browser. The announcement was made on SecurityWeek and is part of the bug bounty program where researchers can report exploits in exchange for rewards. The offer is said to be temporary.
Progress Software's MOVEit Transfer is facing an active zero-day vulnerability that can potentially exploit vulnerable systems. The flaw, which hasn't been assigned a CVE identifier yet, is a severe SQL injection vulnerability that could lead to unauthorized access and elevated privileges. This vulnerability has been under widespread exploitation, putting the appliction's users at risk.
A new podcast called 'Risky Biz News' has been released, summarizing the latest security news. The podcast is hosted by Catalin Cimpanu and read by Claire Aird. The most recent episode covers the global iPhone hacking scandal, with the hosts discussing how hackers accessed iPhones by just sending a text message. A newsletter version of the podcast is also available.
Copyright © 2022-2023 Andrew Katz