IT Security News Daily Summary 2023-10-31

• Scaling security: How to build security into the entire development pipeline

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• EFF to Copyright Office: Copyright Is Indeed a Hammer, But Don’t Be Too Hasty to Nail Generative AI

• DEF CON 31 Policy – Panel: Blocking Pathways into Cybercrime Current Efforts, Future Opportunities

• News alert: Ivanti reports reveals 49% of CXOs have requested bypassing security measures

• News alert: Traceable celebrates winning the prestigious SINET16 Innovator Award for 2023

• How the SEC charges against SolarWinds highlight the cybersecurity liability of software companies

• SEC Charges Against SolarWinds CISO Send Shockwaves Through Security Ranks

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Critical Atlassian Confluence flaw can lead to significant data loss

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Accelerating AI tasks while preserving data security

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• VICTORY! California Department of Justice Declares Out-of-State Sharing of License Plate Data Unlawful

• ‘Mass exploitation’ of Citrix Bleed underway as ransomware crews pile in

• Generative AI and Cybersecurity in a State of Fear, Uncertainty and Doubt

• No patches yet for Apple iLeakage side-channel attack

• How to Write a Pentesting Report – With Checklist

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Cybersecurity Leaders Spooked by SEC Lawsuit Against SolarWinds CISO

• SlimAI’s John Amaral discusses open source security and the responsibility of software vendors

• AI CyberSecurity Risks: Equip Your Employees To Think Like a Hacker

• Generative AI: The Unseen Insider Threat

• Google Offers Bug Bounties for Generative AI Security Vulnerabilities

• Law Enforcement Official Blasts Facebook Encryption For Enabling Child Abuse

• US Leads 40-Country Alliance to Cut Off Ransomware Payments

• Malware ‘Meal Kits’ Serve Up No-Fuss RAT Attacks

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Navigating Security, Business Continuity, Through a Downturn

• SEC charges SolarWinds for security failures, fraud

• Log analysis and security firm Graylog raises $9M in equity, $30M in debt

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Now Russians accused of pwning JFK taxi system to sell top spots to cabbies

• The Evolution of Financial Fraud

• Securing Cloud Infrastructure Demands a New Mindset

• Massive MOVEit Hack: 630K+ US Defense Officials’ Emails Breached

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Netherlands Challenges Apple Over App Store Commissions

• How Telegram Became a Terrifying Weapon in the Israel-Hamas War

• The Power of AI, New Products, and Partner Excellence

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Atlassian CISO Urges Quick Action to Protect Confluence Instances From Critical Vulnerability

• Palo Alto Networks to Acquire Cloud Security Start-Up Dig Security

• Unlocking the Future: How Multimodal AI is Revolutionizing Technology

• Contact Key Verification: Boosting iMessage Security

• Unlocking a Passwordless Future: The Case for Passkeys

• How to use Managed Google Play with Microsoft Intune

• Arid Viper Camouflages Malware in Knockoff Dating App

• ‘Prolific Puma’ Hacker Gives Cybercriminals Access to .us Domains

• Toronto Public Library Under Cyberattack

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Ace holed: Hardware store empire felled by cyberattack

• Nvidia Shares Sink On Report Of $5bn China AI Chip Cancellations

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Windows 11, version 23H2 security baseline

• SolarWinds CISO Sued for Fraud by US SEC

• UN Seeks International AI Consensus With New Body

• Prepare Your Employees to Withstand a Zero-Day Cyber Attack: 5 Key Strategies

• Unlocking the Potential of Low-Code No-Code Development Platforms

• Survey: AppSec Maturity Hindered by Staffing, Budgets, Vulnerabilities

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• CEO John Chen Exiting BlackBerry as It Prepares to Split

• Arid Viper Campaign Targets Arabic-Speaking Users

• Zavio IP Camera

• INEA ME RTU

• CISA Releases Three Industrial Control Systems Advisories

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Finance orgs have 30 days to confess cyber sins under incoming FTC rules

• Ushering Into New Era With the Integration of AI and Machine Learning

• QR Code Phishing Attacks: A Rising Threat

• StripedFly: Cryptomining Tool Infects 1 Million Targets Worldwide

• Ukraine’s top security official to keynote IRISSCON 2023 conference

• Scarred Manticore Targets Middle East With Advanced Malware

• India witnesses biggest data breach of Aadhaar details via ICMR

• Chinese Social Media Requires Real Names For Biggest Influencers

• Why ransomware victims can’t stop paying off hackers

• US-led cybersecurity coalition vows to not pay hackers’ ransom demands

• Attackers Exploiting Critical F5 BIG-IP Vulnerability

• IAM Credentials in Public GitHub Repositories Harvested in Minutes

• 11 Ways to Tweak radare2 for Faster and Easier macOS Malware Analysis

• Hackers Abuse Google Search Ads to Deploy Bonanza Malware

• Dual ransomware attacks on the rise, but causes are unclear

• Cisco’s Catalyst SD-WAN: Now available through Azure Marketplace Multiparty Partner Offers Program

• WiHD leak exposes details of all torrent users

• Dragos and Rockwell Automation Strengthen Industrial Control System Cybersecurity for Manufacturers with Expanded Capabilities

• Coffee Briefing Oct. 31 – NPower receives investment to empower underserved youth; Dell partners with Meta; Bell outlines five key security outcomes in new report; and more

• Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App

• Understanding Zero Trust Security Building a Safer Digital World

• ‘Elektra-Leak’ Attackers Harvest AWS Cloud Keys in GitHub Campaign

• Advanced Behavioral Detection Analytics: Enhancing Threat Detection with AI

• LogRhythm collaborates with D3 Security to help security teams identify behavioral anomalies

• Web Path Finder – To Identify Subdomains and DNS Info

• Cybersecurity snafu sends British Library back to the Dark Ages

• DigiSure TrustScreen Negative File protects sharing platforms against fraud

• Apple Launches Third-Generation M3 Chips With Speed Boost

• Canada Bans WeChat and Kaspersky Due to Spying Concerns

• Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla)

• Could a threat actor socially engineer ChatGPT?

• .US Harbors Prolific Malicious Link Shortening Service

• SEC accuses SolarWinds CISO of misleading investors before Russian cyberattack

• Alliance Of 40 Countries To Vow Not To Pay Ransom To Cybercriminals, US Says

• Packet Storm Updates Will Be Minimal Until November 10

• You Wanna Break Up With Your Bank? The CFPB Wants to Help You Do It.

• Patch now! BIG-IP Configuration utility is vulnerable for an authentication bypass

• Protecting Against FraudGPT

• Dragos and Rockwell Automation strengthen ICS/OT cybersecurity threat detection for organizations

• New Index Finds AI Models Are Murky, Not Transparent At All

• 20 Years Later, Is Patch Tuesday Enough?

• Navigating Cybersecurity in a Social-First Campaign

• Florida Man Jailed For Crypto SIM Swapping Attacks

• Citrix Bleed Bug Under Mass Exploitation

• Atlassian Wants Everyone To Patch A Critical Confluence Flaw Now

• Cyber Pros Praise Biden Executive Order On Artificial Intelligence

• Canada Bans WeChat And Kaspersky On Government Phones

• Increase in Phishing Threats among Organizations Has Created a Lot of Opportunities for the Cyber Security Industry

• UK policing minister urges doubling down on face-scanning tech

• Extending ZTNA to Protect Against Insider Threats

• The Changing Landscape of CIOs: A Glimpse into the Acora 2023 CIO Report

• Canada Bans WeChat From Government Devices

• Hacker Jailed for Stealing $1 Million Via SIM Swapping Attacks

• Confirmed: Palo Alto Networks buys Dig Security, sources say for $400M

• Collaboration Comes Together in San FranCISCO

• Determining the 10 most critical vulnerabilities on your network

• Preventing E-Communication Fines in Financial Services

• Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198

• Security Compliance for SaaS: Cutting Costs and Boosting Sales with Automation

• LogRhythm Partners with D3 Security to Automate Threat Management and Incident Response Capabilities in Cloud-Native LogRhythm Axon SIEM

• Microsoft Data Leaks and the Importance of Open Source Intelligence

• Why Bad Bots Are the Digital Demons of the Internet

• Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss

• PentestPad: Platform for Pentest Teams

• Malicious NuGet Packages Caught Distributing SeroXen RAT Malware

• Enhancing IoT Security: The Role of Security Information and Event Management (SIEM) Systems

• Palo Alto Networks + Dig Security

• BiBi-Linux wiper targets Israeli companies

• Meta Offers Paid Ad-Free Subscription For Facebook, Instagram

• Proofpoint to Acquire AI Email Security Firm Tessian

• Unraveling the Scarred Manticore Saga: A Riveting Epic of High-Stakes Espionage Unfolding in the Heart of the Middle East

• Apple, Google, and Microsoft Just Patched Some Spooky Security Flaws

• The Future of Drone Warfare

• Arid Viper disguising mobile spyware as updates for non-malicious Android applications

• Resecurity brings IDP service to citizens and businesses in India

• Trojanized PyCharm Software Version Delivered via Google Search Ads

• Regulator Reveals Large Disparity in APP Fraud Reimbursement

• Atlassian patches critical Confluence bug, urges for immediate action (CVE-2023-22518)

• Half of Execs Request Security Bypass Over Past Year

• ServiceNow Misconfigurations Lead to Leak of Sensitive Data

• Cisco IOS XE CVE-2023-20198: Deep Dive and POC

• Agent vs. Agentless: A New Approach to Insider Risk Monitoring

• What makes Web Applications Vulnerable?

• SEC Charges SolarWinds and CISO With Misleading Investors

• Cyber Skills Gap Reaches 4 Million, Layoffs Hit Security Teams

• Elon Musk To Attend Bletchley Park AI Summit

• Who’s most at risk for scams, hacks, and identity theft? (It’s not who you think)

• 3 things for your 2024 cloud to-do list

• Meta’s ad-free scheme dares you to buy your privacy back, one euro at a time

• Apple warns Indian opposition leaders of state-sponsored iPhone attacks

• Canada Bans WeChat and Kaspersky Apps On Government Devices

• SolarWinds and CISO accused of fraud, control failures

• Meta Launches Paid Ad-Free Subscription in Europe to Satisfy Privacy Laws

• Canada bans WeChat and Kaspersky apps on government-issued mobile devices

• How security observability can help you fight cyber attacks

• From Windows 9x to 11: Tracing Microsoft’s security evolution

• Ransomware news trending on Google

• Indian opposition leaders say Apple has warned them of state-sponsored iPhone attacks

• Stop what you’re doing and patch this critical Confluence flaw, warns Atlassian

• A closer look at healthcare’s battle with AI-driven attacks

• The hidden costs of data breaches for small businesses

• Vulnerability management metrics: How to measure success

• Simplify User Access with Federated Identity Management

• The PEAK Threat Hunting Framework

• SolarWinds allegedly misled public on its security before Sunburst cyberattack: SEC

• SEC Charges SolarWinds and Its CISO With Fraud and Cybersecurity Failures

• Chen to leave BlackBerry at the end of the week

• privacy impact assessment (PIA)

• Young People May Be The Biggest Target for Online Censorship and Surveillance—and the Strongest Weapon Against Them

• How GoGuardian Invades Student Privacy

• What is a Cloud Workload Protection Platform ? (CWPP)

• Malvertising via Dynamic Search Ads delivers malware bonanza

• A week in security (October 23 – October 29)

• OneView updates: Dive into Report 2.0 & the new Global Site Filter

• Author Q&A: Here’s why the good guys must continually test the limitations of ‘EDR’

• Florida man jailed after draining $1M from victims in crypto SIM swap attacks

• IT Security News Daily Summary 2023-10-30

• Google Dynamic Search Ads Abused to Unleash Malware ‘Deluge’

• Facebook Unveils Paid Subscription Model To Comply With Privacy Regulations

• VMware Releases Advisory for VMware Tools Vulnerabilities

• Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of $1M in cryptocurrency

• Unpatched NGINX ingress controller bugs can be abused to steal Kubernetes cluster secrets

• Internet access in Gaza partially restored after blackout

• An Anchor in the Race

• Biden issues Executive Order on AI for U.S. government departments and application developers

• Lazarus Group Malware Targets Legitimate Software

• Budget Cuts at CISA Could Affect Enterprise Cybersecurity

• Lateral Movement: Abuse the Power of DCOM Excel Application

• Vulnerability Summary for the Week of October 23, 2023

• 3D Printing: Unpacking Facts and Safeguarding from Cybersecurity Threats

• iOS 17.1 update still no defense against Flipper Zero iPhone crashes

• White House Executive Order on AI Provides Guidelines for AI Privacy and Safety

• UAE Cyber Council Warns of Google Chrome Vulnerability

• Boeing Breached by Ransomware, LockBit Gang Claims

• Cryptojackers steal AWS credentials from GitHub in 5 minutes

• Canada Bans WeChat and Kaspersky on Government Phones

• supercookie

• Weekly Vulnerability Recap – October 30, 2023 – Citrix & Cisco Haunted by Vulnerabilities

• Boeing Evaluates Cyber Group’s Data Dump Threat

• Canada bans federal employees from using WeChat, Kaspersky mobile apps

• Investigate Google Service Account Key Origins and Usage

• Beyond the Login Box: Okta Fuels Developer Innovation in Identity

• Evolving Cyber Dynamics Amidst the Israel-Hamas Conflict

• Break into a career in IT with this cybersecurity training bundle

• UAE Bolsters Cyber Future With US Treasury Partnership, Collaborations

• SternX Resources to Assist Businesses with Insider Threat Risk Assessment

• A Complete Guide to NIST Compliance: Navigating the Cybersecurity Framework, NIST 800-53, and NIST 800-171

• Accelerating FedRAMP ATOs: OMB Memo

• How to Get HITRUST Certified—and Why

• Pro-Palestinian Threat Groups Expand Cyberwar Beyond Israel

• Rishi Sunak Outlines Risks and Potential of AI Ahead of Tech Summit

• The Risk of RBAC Vulnerabilities – A Prevention Guide

• Virtual credit card fraud: An old scam reinvented

• Hamas Hackers Targeting Israelis with New BiBi-Linux Wiper Malware

• Integrating Salesforce With Google BigQuery for Cortex Framework Deployment

• Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware

• F5 fixes critical BIG-IP vulnerability, PoC is public (CVE-2023-46747)

• Wiki-Slack attack allows redirecting business professionals to malicious websites

• Biden Issues Executive Order on Safe, Secure AI

• Report Links ChatGPT to 1265% Rise in Phishing Emails

• Google App turns into malware for many on Smart Phones

• Nonprofit Plans To Lease 24,000 Nvidia H100 GPUs For AI

• Google Chief Pichai Takes Stand In Landmark Antitrust Trial

• Microsoft Exposes Octo Tempest, One of the Most Dangerous Financial Threat Actors to Date

• ‘Accidental’ malvertising via Dynamic Search Ads delivers malware frenzy

• Apple Improves iMessage Security With Contact Key Verification

• Boeing Investigating Ransomware Attack Claims

• Proofpoint to Acquire Tessian for AI-Powered Email Security Tech

• Florida SIM Swapper Sentenced to Prison for Cryptocurrency Theft

• CISA Unveils Logging Tool to Aid Resource-Scarce Organizations

• India’s DPDP Act: Industry’s Compliance Challenges and Concerns

• F5 fixes critical BIG-IP vulnerability (CVE-2023-46747)

• Critical PHPFox RCE Vulnerability Risked Social Networks

• Critical F5 BIG-IP Flaw Allows Remote Code Execution Attacks

• Hackers Deliver Remcos RAT as Weaponized PDF Payslip Document

• iPhone users who don’t want to be tracked need Apple’s iOS 17.1 privacy patch

• Ransomware Roundup – Knight

• Kraken to Provide 42,000 Consumers’ Data with IRS Following Court Order

• Western Digital To Split Into Two After Walking Away From Kioxa Merger

• Cisco Americas Partner Organization: Laser Focused on Customer and Partner Success

• Stanford schooled in cybersecurity after Akira claims ransomware attack

• A New Tactic to Combat Cyber Warfare: Diversity as Digital Defense

• RansomedVC Ransomware Group Quitting and Selling its Entire Infrastructure

• Securely Migrating to AWS with Check Point

• Immuta Discover identifies and classifies sensitive data

• Xiaomi Prepares Unified OS As Huawei Cuts Off Android

• What the Boardroom Is Missing: CISOs

• Hackers Earn Over $1 Million at Pwn2Own Toronto 2023

• Attackers Can Use Modified Wikipedia Pages to Mount Redirection Attacks on Slack

• Cybersecurity Awareness Month: ‘Staff training far most cost-effective than going through a cyber compromise’

• Privacy in the Age of AI: Strategies for Protecting Your Data

• F-Secure Eyes $9.5M in Cost Savings With Layoffs

• Cybersecurity Certifications Play a Vital Role in Shrinking the Skills Gap

• Spookiest Hacks, Cybercriminals and Tactics Lurking in 2023

• Netwrix releases product enhancements to strengthen data security

• New Webinar: 5 Must-Know Trends Impacting AppSec

• 4 Secure Framework Considerations Before Deploying Workloads in The Public Cloud

• Deliver Exceptional Digital Experiences and Unlock New Value With Okta Customer Identity

• F5 Hurriedly Squashes BIG-IP Remote Code Execution Bug

• Boeing Looking Into Hacking Gang’s Ransomware Threat

• HackerOne Paid Ethical Hackers Over $300 Million In Bug Bounties

• Britain To Push Ahead With Rules For Cryptoassets

• Identity Theft: The Silent Threat for Executives

• CCleaner Data Privacy at Risk: MOVEit Mass-Hack Exposes User Information

• White House issues Executive Order for safe, secure, and trustworthy AI

• Patches Released For The Actively Exploited Cisco IOS XE Zero-Day Flaws

• Hackers Abusing OAuth Token to Take Over Millions of Accounts

• UN sets up advisory team to coordinate ‘inclusive’ AI governance

• Get a Lifetime of Secure VPN Protection for Just $28.97 Until 10/31

• The myth of the long-tail vulnerability

• Cisco Networking Academy introduces Professional Skills – empowering tomorrow’s leaders

• HackerOne awarded over $300 million bug hunters

• SEC Regulations, Government Overreach and Access to Cybersecurity Information

• ServiceNow Data Exposure: A Wake-Up Call for Companies

• NetSupport Intrusion Results in Domain Compromise

• CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys

• How to stop important messages going to spam

• Biden Executive Order Sets Out AI Safeguards

• Biden Wants to Move Fast on AI Safeguards and Will Sign an Executive Order to Address His Concerns

• Whistleblowers: Should CISOs Consider Them a Friend or Foe?

• Cyber Security Today, Oct. 30, 2023 – Hackers warn Las Vegas-area parents they have their children’s data

• Citrix Bleed: Mass exploitation in progress (CVE-2023-4966)

• Beware of Data Security Monsters Lurking in the Shadows this Halloween

• Hacking Scandinavian Alcohol Tax

• EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub

• ZeroRISC raises $5M to deliver commercial OpenTitan-based cloud security for chips

• Surveillance Commissioner Blasts Cops for Data Retention

• G7 Nations Agree To Voluntary AI Guidelines

• Logging Made Easy: Free log management solution from CISA

• A Scary Story of Group Policy Gone Wrong: Accidental Misconfigurations

• 6 Common Phishing Attacks and How to Protect Against Them

• HackerOne Exceeds $300m in Bug Bounty Payments

• Silicon In Focus Podcast: The Omnichannel Evolves

• NHS Data Would Be ‘Safe’ Under Contract, Says Palantir Boss

• This holiday, you could be inviting a fraudster to your home

• StripedFly, a complex malware that infected one million devices without being noticed

• Separation of Privilege (SoP) 101: Definition and Best Practices

• Google expands bug bounty program to cover AI-related threats

• Boeing Investigates LockBit Ransomware Breach Claims

• XWorm Sold Malware-as-a-service Opens Vast Hacking Opportunities

• Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware

• Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes

• Raven: Open-source CI/CD Pipeline Vulnerability Scanner Tool

• Getting Smart With Cybersecurity: AI Can Help the Good Guys, Too

• CISO Skills in a Changing Security Market: Are You Prepared?

• Securing Modern Enterprises in a Borderless Landscape

• The dangers of dual ransomware attacks

• LockBit Ransomware Group Targets Boeing with Data Threat

• Kaspersky Uncovers ‘Operation Triangulation,’ a Threat to iOS Devices

• Ten Ways to Protect PCs and Routers from Holiday Season Cyber Attacks

• Finding the right approach to security awareness

• Companies scramble to integrate immediate recovery into ransomware plans

• AI threat landscape: Model theft and inference attacks emerge as top concerns

• Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Maware

• IoT’s convenience comes with cybersecurity challenges

• Cyber attacks cause revenue losses in 42% of small businesses

• Communication Fort Knox: Tools to Safeguard Your Business

• GameSprite – 6,164,643 breached accounts

• LockBit alleges it boarded Boeing, stole ‘sensitive data’

• Toronto Public Library hit by cyber attack

• Netsupport Intrusion Results in Domain Compromise

Generated on 2023-10-31 23:56:01.627083