IT Security News Daily Summary 2024-01-08

• VulnRecap 1/8/24 – Ivanti EPM & Attacks on Old Apache Vulnerabilities

• Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

• YouTube Channels Hacked to Spread Lumma Stealer via Cracked Software

• Toronto Zoo hit by ransomware

• Privacy Expert Weighs In On If Users Should Delete Their Facebook Profiles

• GenAI could make KYC effectively useless

• Easy Firewall Implementation & Configuration for Small and Medium Businesses

• USENIX Security ’23 – ‘Know Your Cybercriminal: Evaluating Attacker Preferences by Measuring Profile Sales on an Active, Leading Criminal Market for User Impersonation at Scale’

• Vulnerability Summary for the Week of January 1, 2024

• How to become an incident responder: Requirements and more

• NIST Cybersecurity Framework

• Mastering the ‘cd’ Command: Tips and Tricks for Efficient Directory Navigation

• Gen AI could make KYC effectively useless

• New NIST report sounds the alarm on growing threat of AI attacks

• Randall Munroe’s XKCD ‘Range Safety’

• Embracing the Virtual: The Rise and Role of vCISOs in Modern Businesses

• AsyncRAT Infiltrates Key US Infrastructure Through GIFs and SVGs

• Grab 9 Ethical Hacking Courses for $25 and Improve Your Business Security

• Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

• LoanDepot hit by suspected ransomware attack

• Apache OFBiz zero-day pummeled by exploit attempts after disclosure

• LastPass Enforces 12-Character Master Password Limit For All

• Secure Browser Usage Policy

• NRF 2024 Know Before You Go

• NIST: Better Defenses are Needed for AI Systems

• Infinispan Insights: Security Basics and Secured Caches

• The best VPN services for iPhone and iPad in 2024: Tested and reviewed

• CISA Adds Six Known Exploited Vulnerabilities to Catalog

• USENIX Security ’23 – Zixin Wang, Danny Yuxing Huang, Yaxing Yao – ‘Exploring Tenants’ Preferences of Privacy Negotiation in Airbnb’

• New Research: Tackling .NET Malware With Harmony Library

• Deceptive Cracked Software Spreads Lumma Variant on YouTube

• NIST issues cybersecurity guide for AI developers

• Google malware exploit allows hackers to access accounts without passwords

• Cyqur Launches A Game-Changing Data Encryption and Fragmentation Web Extension

• The conundrum that is the modern use of NAT at a carrier grade level

• Saudi Ministry exposed sensitive data for 15 months

• Anti-Hezbollah Groups Hack Beirut Airport Screens

• Why is the internet so busy? Bots

• Apple Vision Pro Headset To Go On Sale In February

• DOE Puts Up $70 Million to Secure US Energy Infrastructure

• xDedic Marketplace Admin and Operators Arrested

• Turkish Cyberspies Targeting Netherlands

• QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products

• Cancer Hospital Suffers Ransomware Attack, Hackers Threaten to Swat Patients

• Anthropic Pledges to Not Use Private Data to Train Its AI

• Web3: Championing Digital Freedom and Safeguarding Liberty in the Modern Era

• Samsung ‘Sees Fourth-Quarter Chip Rebound’

• AsyncRAT Malware Attacking the US Infrastructure for 11 Months

• Facebook, Instagram Now Mine Web Links You Visit To Fuel Targeted Ads

• British Library: Finances Remain Healthy As Ransomware Recovery Continues

• After Injecting Cancer Hospital With Malware, Crims Threaten To Swat Patients

• Google Accounts Accessed Without A Password

• How to Get Started with Security Automation: Consider the Top Use Cases within Your Industry

• NIST: No Silver Bullet Against Adversarial Machine Learning Attacks

• Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack

• Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals

• Here’s How To Steer Clear Of QR Code Hacking

• Privacy at Stake: Meta’s AI-Enabled Ray-Ban Garners’ Mixed Reactions

• Orrick Data Breach: Law Firm Dealing with Data Breaches Hit by One

• Turkish APT Sea Turtle Resurfaces, Spies on Dutch IT Firms

• Poisoned Data, Malicious Manipulation: NIST Study Reveals AI Vulnerabilities

• Alkem Laboratories Future-Proofs Security Infrastructure with Check Point Software Technologies

• British Library: Finances remain healthy as ransomware recovery continues

• SEC Cyber Incident Reporting Rules Pressure IT Security Leaders

• Google Begins To Switch Off Ad-Tracker Cookies

• DoJ charged 19 individuals in a transnational cybercrime investigation xDedic Marketplace

• Cyber Security Today, Jan. 8, 2024 – How a Spanish cellular carrier’s network was knocked offline, and more

• Beirut Airport Screens Hacked with Anti-Hezbollah Message

• Second Interdisciplinary Workshop on Reimagining Democracy

• CISO Conversations: Jason Rebholz and Jason Ozin From the Insurance Sector

• Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy

• Debian and Ubuntu Fixed OpenSSH Vulnerabilities

• Tesla Recalls 1.6 Million Cars In China Over Autopilot Issues

• Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs

• Lebanon Airport Screens Display Anti-Hezbollah Message After Being Hacked

• Video series discussing the major threat actor trends from 2023

• Logan Paul To Buy Back CryptoZoo NFTs

• McAfee Project Mockingbird defends users against AI-generated scams and disinformation

• North Korean Hackers Stole $600m in Crypto in 2023

• Merck Settles With Insurers Over $700m NotPetya Claim

• BT To Retrofit Roadside Cabinets As EV Chargers

• How Does PCI DSS 4.0 Affect Web Application Firewalls?

• How to Reduce Your Attack Surface

• Security Firm Certik’s Account Hijacked to Spread Crypto Drainer

• NIST Warns of Security and Privacy Risks from Rapid AI System Deployment

• Webinar – Leverage Zero Trust Security to Minimize Your Attack Surface

• Long-existing Bandook RAT targets Windows machines

• Facebook, Instagram now mine web links you visit to fuel targeted ads

• Social engineer reveals effective tricks for real-world intrusions

• DoJ Charges 19 Worldwide in $68 Million xDedic Dark Web Marketplace Fraud

• Most Advanced iPhone Exploit Ever, Google’s $5 Billion Settlement, Apple’s Journal App

• Review: Engineering-grade OT security: A manager’s guide

• Country takes help of Blackhat Hackers infiltrating government websites

• A Guide to Guarding Against Ransomware Attacks in 2024

• SentinelOne acquires Peak XV-backed PingSafe for over $100 million

• AuthLogParser: Open-source tool for analyzing Linux authentication logs

• North Korea’s Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023

• Top 2024 AppSec predictions

• Uncovering the hidden dangers of email-based attacks

• Vim 9.1 released: New features and bug fixes

• IT Security News Weekly Summary – Week 01

• IT Security News Daily Summary 2024-01-07

• A cyber attack hit the Beirut International Airport

• USENIX Security ’23 – Oshrat Ayalon, Dana Turjeman, Elissa M. Redmiles – ‘Exploring Privacy And Incentives Considerations In Adoption Of COVID-19 Contact Tracing Apps’

• North Korean Actors Behind $600M in Crypto Thefts: TRM Labs

• Cybercriminals Exploit X Gold Badge, Selling Compromised Accounts on Dark Web

• 9 Questions to Ask a Privileged Access Provider

• Security Issue in Banking Applications?

• Google Removes Foreign eSIM Apps Airola and Holafly from PlayStore

• Prior to Cyber Attack, Russian Attackers Spent Months Inside the Ukraine Telecoms Giant

• Iranian crypto exchange Bit24.cash leaks user passports and IDs

• SBU Cybersecurity Chief Exposes Persistent Hacker Presence in Kyivstar

• Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

• Microsoft is Rolling out an AI Powered Key

• Turkish Sea Turtle APT targets Dutch IT and Telecom firms

• Week in review: 15 open-source cybersecurity tools, Patch Tuesday forecast

• FAQ: What Is DFARS Compliance and How Does It Work?

• Three Years After January 6th: The Insurrection’s Impact on U.S. Democracy

• Explore Redis for User Session Management on AWS Elasticache

• An Age-by-Age Guide to Online Safety for Kids

• Your #1 Security Initiative in 2024 Should be Operational Resilience

• Overcoming Multi-Cloud Security Challenges: The Power of a Unified Configuration of Clouds

Generated on 2024-01-08 23:55:37.069698