IT Security News Daily Summary 2024-01-25

• HP Claims Monopoly on Ink, Alleges 3rd-Party Cartridge Malware Risk

• Big-Name Targets Push Midnight Blizzard Hacking Spree Back Into the Limelight

• Yearly Intel Trend Review: The 2023 RedSense report

• San Francisco: Vote No on Proposition E to Stop Police from Testing Dangerous Surveillance Technology on You

• Using Microsoft AD Explorer for common admin tasks

• HPE breached by Russian APT behind Microsoft hack

• Quebec cybersecurity institute gets $1.3 million grant from Google

• 23andMe admits it didn’t detect cyberattacks for months

• Failure to launch: Cybersecurity pros discuss how to solve the resource crisis

• Wordfence Researcher Featured on Critical Thinking Podcast: Sharing Advanced WordPress Bug Bounty Tips and Tricks

• Safeguarding Privacy: A Developer’s Guide to Detecting and Redacting PII With AI-Based Solutions

• Cisco warns of a critical bug in Unified Communications products, patch it now!

• Why is the cost of cyber insurance rising?

• Monitoring Dynamic Linker Hijacking With eBPF

• Securing the Digital Frontline: Advanced Cybersecurity Strategies for Modern Web Development

• Using Google Search to Find Software Can Be Risky

• Cisco Meraki Developer Highlights Coming to Cisco Live Amsterdam

• 3 Key takeaways from NRF2024

• Malicious AdTech Spies on People as NatSec Targets

• Powerloom to Hold First Ever Node Mint on Polygon Network

• Pure Malware Tools Pose As Legitimate Software to Bypass AV Detections

• In the Context of Cloud, Security and Mobility, It’s Time Organizations Ditch Legacy MPLS

• Microsoft Axes 1,900 Staff, After Activision Acquisition

• NCSC Warns That AI is Already Being Used by Ransomware Gangs

• Cisco Releases Security Advisory for Multiple Unified Communications and Contact Center Solutions Products

• AI Will Fuel Rise in Ransomware, UK Cyber Agency Says

• China-Aligned APT Group Blackwood Unleashes NSPX30 Implant

• TSMC Further Delays $40 Billion Arizona Chip Fab

• Google Kubernetes Flaw Let Any Google User Control the Cluster

• 198% Surge in Browser Based zero-hour Phishing Attacks

• 6 Best SIEM Tools & Software for 2024

• Shield GKE’s Achilles Heel using RBAC

• PHP-less phishing kits that can run on any website

• That new X cryptocurrency? It’s a scam.

• How to create a passkey for your Google account (and why you should)

• CISA Releases Two Industrial Control Systems Advisories

• SystemK NVR 504/508/516

• Opteev MachineSense FeverWarn

• Another Phobos Ransomware Variant Launches Attack – FAUST

• Government Security Vulnerabilities Surge By 151%, Report Finds

• Headlines Trending on Google Regarding Recent Cyber Attacks

• REVIEW OF THE ISC2 CISSP CERTIFICATION

• Meta To Reduce Unwanted Messages To Teens On Facebook, Instagram

• $1.7 Billion Stolen in Cryptocurrency Hacks in 2023: Analysis

• Dangerous Trends: YouTube Stream-Jacking Attacks Reach Alarming Levels

• Amazon Ring Halts Controversial Police Video-Sharing Program

• More Australian IT Leaders Could Be Looking to Replace Passwords With Passkeys in 2024

• QR code phishing

• Imperva customers are protected against the recent GoAnywhere MFT vulnerability CVE-2024-0204

• The Cybersecurity Horizon: AI, Resilience and Collaboration in 2024

• Organizations are Embracing Cyber Insurance, But It’s Not Easy: Survey

• ColdRiver APT: Google TAG Warns Against Russian APT Group is Using a Custom Backdoor

• Security Trends to Monitor in 2024

• Vercara introduces the Private Data Lake feature into UltraDNS

• Searchlight Cyber adds AI-powered language translation to simplify dark web investigations

• SystemBC Malware’s C2 Server Analysis Exposes Payload Delivery Tricks

• Wordfence Intelligence Weekly WordPress Vulnerability Report (January 15, 2024 to January 21, 2024)

• Repository and Metadata Backup, Disaster Recovery, And Compliance: The Unbreakable Trio

• Updated SBOM guidance: A new era for software transparency?

• Navigating the Complex Cybersecurity Landscape: Kyndryl and Cisco’s Innovative Security Edge Services

• Fintech Company EquiLend Restoring Systems Following Cyberattack

• New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security

• Kyndryl and Cisco unveil two security edge services

• API Security: Best Practices for API Activity Data Acquisition

• What Is API Detection and Response?

• Ensuring Data Security in Retail ERP

• The best security keys of 2024: Expert tested and reviewed

• Kusari is building a supply chain security platform on top of open source

• How Life-Cycle Services Can Help Drive Business Outcomes

• EquiLend drags systems offline after admitting attacker broke in

• Scoping Chatbots for Safe and Effective Experiences

• Crypto Firm Terraform Labs Files for Chapter 11 Bankruptcy in US

• Guardian Air boosts Nozomi Networks threat detection, securing from endpoint to air

• Comprehensive Gun Detection for Schools: An AI-Based Approach Leveraging Audio and Video Insights

• Simplify, Scale and Accelerate Your SOC with AI-Driven Security

• Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug

• Tesla Hack Earns Researchers $100,000 at Pwn2Own Automotive

• Cisco Patches Critical Vulnerability in Enterprise Collaboration Products

• Regula introduces smart testing for remote onboarding efficiency

• North Korea Hacks Crypto: More Targets, Lower Gains

• Pwn2Own Automotive: Tesla, Sony, Alpine Players Breached on Day One

• The sophistication of cybercriminals intensifies with emerging strategies for cashing in or causing chaos

• What is internet safety?

• Zscaler Adds SASE Offering to Zero-Trust Portfolio of Cloud Services

• Russian hackers breached Microsoft, HPE corporate maliboxes

• Kasseika Ransomware Exploits Driver Functionality to Kill Antivirus

• Exclusive: What will it take to secure gen AI? IBM has a few ideas

• How to Prevent Phishing Attacks with Multi-Factor Authentication

• Protect AI Guardian scans ML models to determine if they contain unsafe code

• Data Privacy Week: US Data Breaches Surge, 2023 Sees 78% Increase in Compromises

• HP Enterprise Hacked By Suspected Russian Hackers

• QR Code Phishing Soars 587%: Users Falling Victim to Social Engineering Scams

• 1Kosmos BlockID 1Key secures users in restricted environments

• LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks

• Critical Jenkins Vulnerability Exposes Servers to RCE Attacks – Patch ASAP!

• NCSC Warns AI Already Being Used By Ransomware Hackers

• How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar

• Privacy is a Key Enabler of Trust

• Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users

• Firefox 122 Patches 15 Vulnerabilities

• Southern Water Confirms Data Breach Following Black Basta Claims

• Cequence Security partners with Vercara to prevent sophisticated automated API attacks

• Blackwood APT delivers malware by hijacking legitimate software update requests

• Cyber Threat Landscape: 7 Key Findings and Upcoming Trends for 2024

• Memory Scanning for the Masses

• HPE says it was hacked by Russian group behind Microsoft email breach

• HPE Says Russian Government Hackers Had Access to Emails for 6 Months

• AI expected to increase volume, impact of cyberattacks

• China-backed Hackers Hijack Software Updates to Implant “NSPX30” Spyware

• Pwn2Own Contest Unearths Dozens of Zero-Day Vulnerabilities

• Stolen credentials are big business

• Privacy predictions for 2024

• HPE Says SolarWinds Hackers Accessed its Emails

• Pakistan Hackers Targeting Indian Android Users with Fake Loan Apps

• Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)

• New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits

• Apple Stolen Device Protection: A Shield For Your iPhone in Unexpected Hands

• Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach

• Facebook and Instagram collect immense data from users

• Phishing Prevention for Businesses: Employee Training

• Fighting insider threats is tricky but essential work

• Developers Hold the New Crown Jewels. Are They Properly Protected?

• Expect to Fail: How Organizations Can Benefit from a Breach

• Ignite the Future with Swimlane: Highlights from SKO 2024

• CISOs’ role in identifying tech components and managing supply chains

• Automated Emulation: Open-source breach and attack simulation lab

• 45% of critical CVEs left unpatched in 2023

• In 2024, AI and ML shift from flashy to functional

• HPE joins the ‘our executive email was hacked by Russia’ club

• Business Data Backups: Strategies for Data Resilience

• What Home Videotaping Can Tell Us About Generative AI

• CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog

• 2024-01-23 – UltraVNC infection

• US judge rejects spyware developer NSO’s attempt to bin Apple’s spyware lawsuit

• Ring Will Stop Giving Cops a Free Pass on Warrantless Video Requests

• Facebook Reverses Decision On Controversial Anti-Trans Post

• 6 Best Vulnerability Management Software & Systems in 2024

• What Are Firewall Rules? Ultimate Guide & Best Practices

• Protect AI Unveils Gateway to Secure AI Models

• IT Security News Daily Summary 2024-01-24

• NCSC says AI will increase ransomware, cyberthreats

• Global ransomware threat expected to rise with AI, U.K. cyber authority warns

• Patch management needs a revolution, part 3: Vulnerability scores and the concept of trust

• Enabling Peer Pods on IBM Z and LinuxONE with Red Hat OpenShift sandboxed containers

• What’s next on the horizon for telecommunications service providers? A look at 2024 with Red Hat.

• Jason’s Deli Restaurant Chain Hit by a Credential Stuffing Attack

• Global ransomware threat surely will rise with AI, U.K.’s NCSC warns

• Mobb unveils vulnerability fixer for GitHub users

• National Cyber Security Centre Study: Generative AI May Increase Global Ransomware Threat

• Cyber League: UK’s NCSC Calls on Industry Experts to Join its Fight Against Cyber Threats

• We Must Consider Software Developers a Key Part of the Cybersecurity Workforce

• The 9 best incident response metrics and how to use them

• USENIX Security ’23 – Mazharul Islam, Marina Sanusi Bohuk, Paul Chung, Thomas Ristenpart, Rahul Chatterjee – Araña: Discovering And Characterizing Password Guessing Attacks In Practice

• 5379 GitLab servers vulnerable to zero-click account takeover attacks

• Cyber Security Today, Jan. 24, 2024 – The latest ransomware news and a controversy over alleged viruses in HP printer cartridges

• Victory! Ring Announces It Will No Longer Facilitate Police Requests for Footage from Users

• Spotify To Begin In-App Purchases On iPhone

• Jason’s Deli Data Breach Exposes 344,000 Users in Credential Stuffing Attack

• Cisco U. Wins Silver at Prestigious Awards

• Advancing the Circular Economy with the Cisco Circularity Promotion

• Daniel Stori’s ‘influencer’

• Major IT outage at Europe’s largest caravan and RV club makes for not-so-happy campers

• ‘Mother of all Breaches’ Leaks — 26 BILLION Records from 12TB Open Bucket

• Is YouTube Kids Safe? The Ultimate Parent Safety Guide

• Google Settles AI Chip Patent Lawsuit With Singular

• Explore Cisco IOS XE Automation at Cisco Live EMEA 2024

• ‘Mother of all breaches’ uncovered after 26 billion records leaked

• ChatGPT Cybercrime Surge Revealed in 3000 Dark Web Posts

• Top 11 Tips for Safe Web Browsing

• What Is Digital Security? Tools and Applications

• The Impact of AI-Generated Content on Internet Quality

• Browser Phishing Threats Grew 198% Last Year

• Beware of Weaponized Office Documents that Deliver VenomRAT

• Mozilla Releases Security Updates for Thunderbird and Firefox

• The Power of Public-Private Partnerships

• Trezor Unveils Unauthorized User Data Access, Highlighting Emerging Phishing Threat

• Undetected Threat: Chinese Hackers’ Long-Term VMware Exploitation

• Netflix Subscribers Surge Amid Password Crackdown

• Israeli Startup Gets $5M Seed Capital to Tackle AI Security

• Orca Flags Dangerous Google Kubernetes Engine Misconfiguration

• Pwn2Own Automotive: Hackers Earn Over $700k for Tesla, EV Charger, Infotainment Exploits

• CISO Conversations: The Legal Sector With Alyssa Miller at Epiq and Mark Walmsley at Freshfields

• AI Ransomware Threat to increase in two years says UK GCHQ

• CEO Of eBay Confirms 1,000 Job Losses

• NRF 2024: An Interview with the Cisco Store Team

• Maximizing Operational Efficiency: Introducing our New Smart Agent Management for Cisco AppDynamics

• Using GoAnywhere MFT for file transfers? Patch now – an exploit’s out for a critical bug

• Ransomware Attack Targets Major North American Water Company

• Beware of rogue chatbot hacking incidents

• Prompt Security wants to make GenAI safe for the enterprise

• Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204

• Google to put Disclaimer on How its Chrome Incognito Mode Does ‘Nothing’

• Stack Identity expands its plaform with ITDR to tackle shadow access and shadow identities

• Venafi Stop Unauthorized Code Solution reduces attack surface

• Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters

• High Severity Arbitrary File Upload Vulnerability Patched in File Manager Pro WordPress Plugin

• Integrating mPulse?s Beacon API with EdgeWorkers to Visualize All Client Requests

• Russian Citizen Sanctioned By US, UK, Australia Over Medibank Hack

• Countown to Cisco Live EMEA!

• 340,000 Jason’s Deli Customers Potentially Impacted by Credential Stuffing Attack

• PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability

• The Vulnerability Management Stack: 5 Essential Technologies

• Cryptographers Groundbreaking Discovery Enables Private Internet Searches

• PoC for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

• Enzoic and ThreatQuotient join forces to defend companies from compromised credentials

• Artificial Intelligence Heightens Ransomware Threat, UK Cyber Security Center Warns

• Have you ever been inspired by a teacher?

• Beyond the Hype — Where AI Can Shine in Security

• Survey: Increased Volume and Sophistication of Cyberattacks Creating Higher Costs

• Pay Now or Pay Later

• Cybersecurity education from childhood is a vital tool: 72% of children worldwide have experienced at least one type of cyber threat

• PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

• Significant increase in ransomware activity found in Talos IR engagements, while education remains one of the most-targeted sectors

• How to get to Inbox Zero in no time at all – and stay there

• Meet the Nominees for the Cybersecurity Defender of 2024 Award in the EMEA Region

• VIVOTEK VORTEX Connect empowers enterprise cloud transition

• Hackers Use SYSTEMBC Tool to Maintain Access to Compromised Network

• Cybersecurity Market Forecasts: AI, API, Adaptive Security, Insurance Expected to Soar

• Chrome 121 Patches 17 Vulnerabilities

• What Is Professional Services Automation (PSA) Software?

• Kasseika Ransomware Using BYOVD Trick to Disarms Security Pre-Encryption

• What is Nudge Security and How Does it Work?

• Why Bulletproof Hosting is Key to Cybercrime-as-a-Service

• SAP To Restructure 8,000 Jobs, Amid Business AI Push

• Global Retailer BuyGoods.com Leaks 198GB of Internal and User PII, KYC data

• Hackers Deploy Malicious npm Packages on GitHub to Steal SSH Keys

• Notorious Spyware Maker NSO Group Is Quietly Plotting a Comeback

• Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

• When the Enemy Is DDoS, Holistic Protection Is a Must

• Keeping SaaS Data Under Wraps

• Data Sanitization for End-Of-Use Assets

• SPECIAL REPORT: CYBER LEADERS ON 2023 TRENDS AND 2024 OUTLOOK

• Securiti collaborates with Lacework to improve data protection in the cloud

• Online Retailer BuyGoods.com Leaks 198GB of Internal and User PII, KYC data

• Four Takeaways from the McKinsey AI Report

• WaterISAC: 15 Security Fundamentals You Need to Know

• What Microsoft’s latest email breach says about this IT security heavyweight

• Major US, UK Water Companies Hit by Ransomware

• Stellar Cyber partners with Proofpoint to speed detection of email-driven cyberattacks

• X Makes Passkeys Available for US-Based Users

• VexTrio a hub of Cyber attacks With Massive Criminal Affiliate Chain

• Amazon’s French Warehouses Fined Over Employee Surveillance

• Exploit Code Released For Critical Fortra GoAnywhere Bug

• Improper Separation of User/Administrator Privilege in Cybersecurity

• Multiple Go Vulnerabilities Fixed in Ubuntu

• U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach

• The Unknown Risks of The Software Supply Chain: A Deep-Dive

• AI Set to Supercharge Ransomware Threat, Says NCSC

• Splunk fixed high-severity flaw impacting Windows versions

• MavenGate Supply Chain Attack Let Attackers Hijack Java & Android Apps

• International Day of Education 2024: Spotlight on Cisco’s Education Non-Profit Partnerships

• Determining Cyber Materiality in a Post-SEC Cyber Rule World | Kovrr blog

• Top 12 Best Penetration Testing Companies & Services – 2024

• COVID-19 test lab accused of exposing 1.3 million patient records to open internet

• Parrot TDS Injecting Malicious Redirect Scripts on Hacked Sites

• Patch Your GoAnywhere MFT Immediately – Critical Flaw Lets Anyone Be Admin

• Headlines on Trending Cyber Attacks from Google News

• The Insider Threat: Can Employees Pose a Greater Risk than Hackers

• GCHQ’s NCSC warns of ‘realistic possibility’ AI will help state-backed malware evade detection

• The effect of omission bias on vulnerability management

• Prioritizing CIS Controls for effective cybersecurity across organizations

• 10 USA cybersecurity conferences you should visit in 2024

• Why resilience leaders must prepare for polycrises

• NodeZero Updated With Attack Content for Critical Confluence RCE

• Organizations invest more in data protection but recover less

• Whitepaper: MFA misconceptions

• Software supply chain attacks are getting easier

• 4 Ways to Protect Your Company from Data Breaches

• Securing Remote Work: A Guide for Businesses

• Fragging: The Subscription Model Comes for Gamers

• FTC Bars X-Mode from Selling Sensitive Location Data

Generated on 2024-01-25 23:55:53.817568