IT Security News Daily Summary 2024-01-26

• Generative AI’s enterprise gamble: IT leaders bet big on tech despite security woes

• Shift-left Convergence with Generative AI Improves the Programmer’s Role

• Friday Squid Blogging: Footage of Black-Eyed Squid Brooding Her Eggs

• What is DMARC?

• Hackers Crack Tesla Twice, Rake in $1.3 Million at Pwn2Own Automotive

• Assessing and mitigating supply chain cybersecurity risks

• Prevent BEC with AI-Powered Email and Collaboration

• Police Arrest Teen Said to Be Linked to Hundreds of Swatting Attacks

• Wait, security courses aren’t a requirement to graduate with a computer science degree?

• Microsoft: Legacy account hacked by Russian APT had no MFA

• The Pentagon Tried to Hide That It Bought Americans’ Data Without a Warrant

• More Than a Decade Later, Site-Blocking Is Still Censorship

• A Framework for Maintaining Code Security With AI Coding Assistants

• Facebook Collects Your Data Through Push Notifications Even When The App Is Closed

• Cyber Security Today, Week in Review for the week ending Friday, Jan. 26, 2024

• The Pentagon Tried to Hide That It Bought Americans’ Data Without a Warrant

• Who is Alleged Medibank Hacker Aleksandr Ermakov?

• DORA and your quantum-safe cryptography migration

• INTERPOL Fights Virtual Crime in the Metaverse

• Thousands of Dark Web Posts Expose ChatGPT Abuse Plans

• ICO confirms data breach probe as UK councils remain downed by cyberattack

• NSA is buying Americans’ internet browsing records without a warrant

• Generative AI banned by businesses because of data privacy risks

• What’s Coming to Cisco Live Europe 2024 for the Data Center Developer?

• Improving Audience Understanding and Store Operations with EVERYANGLE and Meraki

• Data Privacy Day 2024: Part 1

• Data Privacy Day 2024: Part 2

• Microsoft says Russian hackers also targeted other organizations

• Nineteen Group acquires SASIG

• Ransomware Roundup – Albabat

• How Datawiza uses Microsoft Entra ID to help universities simplify access

• UK CMA Opens Antitrust Investigation Of Vodafone, Three Merger

• Russian TrickBot Malware Developer Pleaded Guilty

• Guess the company: Takes your DNA, blames you when criminals steal it, can’t spot a cyberattack for 5 months

• digital forensics and incident response (DFIR)

• How a mistakenly published password exposed Mercedes-Benz source code

• Major Water Suppliers Hit by Ransomware Attacks

• Ukraine Arrests Hacker for Assisting Russian Missile Strikes

• Guidance: Assembling a Group of Products for SBOM

• In Other News: Secure Use of AI, HHS Hacking, CISA Director Swatting

• QR Code Scammers are Changing Tactics to Evade Detection

• Hackers Drain Wallets via Cracked macOS Apps using Scripts Accessed From DNS Records

• Enhanced Security Alert: Setting Up Stolen Device Protection on iOS 17.3

• Web Vulnerability Submissions Exploded in 2023

• Why We Need to Cultivate a Confidential Computing Ecosystem

• Salesforce Lays-Off 700 Staff – Report

• Join Customer Experience (CX) for Cisco Live EMEA Demos

• Russian Midnight Blizzard APT is targeting orgs worldwide, Microsoft warns

• Healthcare Cybersecurity — Three Trends to Watch in 2024

• LockBit Ransomware Outfit Claims Subway as its Latest Victim

• Cyber Security Today, Jan. 26, 2024 – US government employees slammed for backing forbidden videocam purchases, and more

• Check Point Attains ‘Champion’ Status in the Canalys Global Cybersecurity Leadership Matrix for three consecutive years

• Westermo Switch Vulnerabilities Can Facilitate Attacks on Industrial Organizations

• New Leaks Expose Web of Iranian Intelligence and Cyber Companies

• Binance Founder Changpeng Zhao Refused Permission To Leave US, Again

• Malwarebytes vs. Norton (2024): Which Antivirus Solution Is Better?

• The world convenes to discuss AI protections and policies amid growing data asymmetries

• China-Linked Blackwood APT Deploys Advanced NSPX30 Backdoor in Cyberespionage

• Chatbots and Human Conversation

• Akira ransomware gang says it stole passport scans from Lush in 110 GB data heist

• How to Create a Threat Hunting Program for Your Business

• How To Improve Security Capacities of The Internet of Things?

• Russian TrickBot Malware Developer Sentenced to Prison in US

• Elusive Chinese Cyberspy Group Hijacks Software Updates to Deliver Malware

• Critical Jenkins Vulnerability Leads to Remote Code Execution

• Perfecting the Defense-in-Depth Strategy with Automation

• Weekly Blog Wrap-Up (January 22- January 25, 2023)

• What are the Common Security Challenges CISOs Face?

• Chinese Hackers Hijack Software Updates to Install Malware Since 2005

• Watch out, experts warn of a critical flaw in Jenkins

• GitLab Arbitrary File Write Vulnerability (CVE-2024-0402) Alert

• Collaboration Achievement: NSFOCUS and China University of Geosciences Article Secures Spotlight in Acclaimed Journal TIFS

• Malicious Ads on Google Target Chinese Users with Fake Messaging Apps

• Data Privacy Week: Companies are Banning Generative AI Due to Privacy Risks

• Nozomi Unveils Wireless Security Sensor for OT, IoT Environments

• Guide: The Best Cybersecurity Conferences and Events of 2024

• Pwn2Own Automotive 2024 Day 2 – Tesla hacked again

• Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive

• Everything you need to know about the SEC Form 8-K

• Controversy Surrounds TFL’s Alleged Data Fraud and Hefty Penalties

• Top 10 Ways to Avoid Cybersecurity Misconfigurations

• What makes ransomware victims less likely to pay up?

• Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs

• Longer passwords aren’t safe from intensive cracking efforts

• Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems

• Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree

• New infosec products of the week: January 26, 2024

• Cloud-Native Security for Modern Businesses

• Emerging trends and strategies in digital forensics

• Budget cuts loom for data privacy initiatives

• Essential questions for developing effective human rights policies

• Cisco Foundation Grantees prioritize Indigenous leadership to protect the Amazon Basin

• E-commerce Security: Protecting Customer Data

• USENIX Security ’23 – Wenjun Qiu, David Lie, Lisa Austin – Calpric: Inclusive and Fine-grain Labeling of Privacy Policies with Crowdsourcing and Active Learning

• CI/CD Pipeline Security: Best Practices Beyond Build and Deploy

• Save your Twitter Account

• Trickbot malware scumbag gets five years for infecting hospitals, businesses

• 2024-01-25 – DarkGate activity

• Tell the FTC: It’s Time to Act on the Right to Repair

• 12 Days of Learning at Cisco

• IT Security News Daily Summary 2024-01-25

• HP Claims Monopoly on Ink, Alleges 3rd-Party Cartridge Malware Risk

• Big-Name Targets Push Midnight Blizzard Hacking Spree Back Into the Limelight

• Yearly Intel Trend Review: The 2023 RedSense report

• San Francisco: Vote No on Proposition E to Stop Police from Testing Dangerous Surveillance Technology on You

• Using Microsoft AD Explorer for common admin tasks

• HPE breached by Russian APT behind Microsoft hack

• Quebec cybersecurity institute gets $1.3 million grant from Google

• 23andMe admits it didn’t detect cyberattacks for months

• Failure to launch: Cybersecurity pros discuss how to solve the resource crisis

• Wordfence Researcher Featured on Critical Thinking Podcast: Sharing Advanced WordPress Bug Bounty Tips and Tricks

• Safeguarding Privacy: A Developer’s Guide to Detecting and Redacting PII With AI-Based Solutions

• Cisco warns of a critical bug in Unified Communications products, patch it now!

• Why is the cost of cyber insurance rising?

• Monitoring Dynamic Linker Hijacking With eBPF

• Securing the Digital Frontline: Advanced Cybersecurity Strategies for Modern Web Development

• Using Google Search to Find Software Can Be Risky

• Cisco Meraki Developer Highlights Coming to Cisco Live Amsterdam

• 3 Key takeaways from NRF2024

• Malicious AdTech Spies on People as NatSec Targets

• Powerloom to Hold First Ever Node Mint on Polygon Network

• Pure Malware Tools Pose As Legitimate Software to Bypass AV Detections

• In the Context of Cloud, Security and Mobility, It’s Time Organizations Ditch Legacy MPLS

• Microsoft Axes 1,900 Staff, After Activision Acquisition

• NCSC Warns That AI is Already Being Used by Ransomware Gangs

• Cisco Releases Security Advisory for Multiple Unified Communications and Contact Center Solutions Products

• AI Will Fuel Rise in Ransomware, UK Cyber Agency Says

• China-Aligned APT Group Blackwood Unleashes NSPX30 Implant

• TSMC Further Delays $40 Billion Arizona Chip Fab

• Google Kubernetes Flaw Let Any Google User Control the Cluster

• 198% Surge in Browser Based zero-hour Phishing Attacks

• 6 Best SIEM Tools & Software for 2024

• Shield GKE’s Achilles Heel using RBAC

• PHP-less phishing kits that can run on any website

• That new X cryptocurrency? It’s a scam.

• How to create a passkey for your Google account (and why you should)

• CISA Releases Two Industrial Control Systems Advisories

• SystemK NVR 504/508/516

• Opteev MachineSense FeverWarn

• Another Phobos Ransomware Variant Launches Attack – FAUST

• Government Security Vulnerabilities Surge By 151%, Report Finds

• Headlines Trending on Google Regarding Recent Cyber Attacks

• REVIEW OF THE ISC2 CISSP CERTIFICATION

• Meta To Reduce Unwanted Messages To Teens On Facebook, Instagram

• $1.7 Billion Stolen in Cryptocurrency Hacks in 2023: Analysis

• Dangerous Trends: YouTube Stream-Jacking Attacks Reach Alarming Levels

• Amazon Ring Halts Controversial Police Video-Sharing Program

• More Australian IT Leaders Could Be Looking to Replace Passwords With Passkeys in 2024

• QR code phishing

• Imperva customers are protected against the recent GoAnywhere MFT vulnerability CVE-2024-0204

• The Cybersecurity Horizon: AI, Resilience and Collaboration in 2024

• Organizations are Embracing Cyber Insurance, But It’s Not Easy: Survey

• ColdRiver APT: Google TAG Warns Against Russian APT Group is Using a Custom Backdoor

• Security Trends to Monitor in 2024

• Vercara introduces the Private Data Lake feature into UltraDNS

• Searchlight Cyber adds AI-powered language translation to simplify dark web investigations

• SystemBC Malware’s C2 Server Analysis Exposes Payload Delivery Tricks

• Wordfence Intelligence Weekly WordPress Vulnerability Report (January 15, 2024 to January 21, 2024)

• Repository and Metadata Backup, Disaster Recovery, And Compliance: The Unbreakable Trio

• Updated SBOM guidance: A new era for software transparency?

• Navigating the Complex Cybersecurity Landscape: Kyndryl and Cisco’s Innovative Security Edge Services

• Fintech Company EquiLend Restoring Systems Following Cyberattack

• New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security

• Kyndryl and Cisco unveil two security edge services

• API Security: Best Practices for API Activity Data Acquisition

• What Is API Detection and Response?

• Ensuring Data Security in Retail ERP

• The best security keys of 2024: Expert tested and reviewed

• Kusari is building a supply chain security platform on top of open source

• How Life-Cycle Services Can Help Drive Business Outcomes

• EquiLend drags systems offline after admitting attacker broke in

• Scoping Chatbots for Safe and Effective Experiences

• Crypto Firm Terraform Labs Files for Chapter 11 Bankruptcy in US

• Guardian Air boosts Nozomi Networks threat detection, securing from endpoint to air

• Comprehensive Gun Detection for Schools: An AI-Based Approach Leveraging Audio and Video Insights

• Simplify, Scale and Accelerate Your SOC with AI-Driven Security

• Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug

• Tesla Hack Earns Researchers $100,000 at Pwn2Own Automotive

• Cisco Patches Critical Vulnerability in Enterprise Collaboration Products

• Regula introduces smart testing for remote onboarding efficiency

• North Korea Hacks Crypto: More Targets, Lower Gains

• Pwn2Own Automotive: Tesla, Sony, Alpine Players Breached on Day One

• The sophistication of cybercriminals intensifies with emerging strategies for cashing in or causing chaos

• What is internet safety?

• Zscaler Adds SASE Offering to Zero-Trust Portfolio of Cloud Services

• Russian hackers breached Microsoft, HPE corporate maliboxes

• Kasseika Ransomware Exploits Driver Functionality to Kill Antivirus

• Exclusive: What will it take to secure gen AI? IBM has a few ideas

• How to Prevent Phishing Attacks with Multi-Factor Authentication

• Protect AI Guardian scans ML models to determine if they contain unsafe code

• Data Privacy Week: US Data Breaches Surge, 2023 Sees 78% Increase in Compromises

• HP Enterprise Hacked By Suspected Russian Hackers

• QR Code Phishing Soars 587%: Users Falling Victim to Social Engineering Scams

• 1Kosmos BlockID 1Key secures users in restricted environments

• LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks

• Critical Jenkins Vulnerability Exposes Servers to RCE Attacks – Patch ASAP!

• NCSC Warns AI Already Being Used By Ransomware Hackers

• How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar

• Privacy is a Key Enabler of Trust

• Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users

• Firefox 122 Patches 15 Vulnerabilities

• Southern Water Confirms Data Breach Following Black Basta Claims

• Cequence Security partners with Vercara to prevent sophisticated automated API attacks

• Blackwood APT delivers malware by hijacking legitimate software update requests

• Cyber Threat Landscape: 7 Key Findings and Upcoming Trends for 2024

• Memory Scanning for the Masses

• HPE says it was hacked by Russian group behind Microsoft email breach

• HPE Says Russian Government Hackers Had Access to Emails for 6 Months

• AI expected to increase volume, impact of cyberattacks

• China-backed Hackers Hijack Software Updates to Implant “NSPX30” Spyware

• Pwn2Own Contest Unearths Dozens of Zero-Day Vulnerabilities

• Stolen credentials are big business

• Privacy predictions for 2024

• HPE Says SolarWinds Hackers Accessed its Emails

• Pakistan Hackers Targeting Indian Android Users with Fake Loan Apps

• Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)

• New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits

• Apple Stolen Device Protection: A Shield For Your iPhone in Unexpected Hands

• Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach

• Facebook and Instagram collect immense data from users

• Phishing Prevention for Businesses: Employee Training

• Fighting insider threats is tricky but essential work

• Developers Hold the New Crown Jewels. Are They Properly Protected?

• Expect to Fail: How Organizations Can Benefit from a Breach

• Ignite the Future with Swimlane: Highlights from SKO 2024

• CISOs’ role in identifying tech components and managing supply chains

• Automated Emulation: Open-source breach and attack simulation lab

• 45% of critical CVEs left unpatched in 2023

• In 2024, AI and ML shift from flashy to functional

• HPE joins the ‘our executive email was hacked by Russia’ club

• Business Data Backups: Strategies for Data Resilience

• What Home Videotaping Can Tell Us About Generative AI

• CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog

• 2024-01-23 – UltraVNC infection

• US judge rejects spyware developer NSO’s attempt to bin Apple’s spyware lawsuit

• Ring Will Stop Giving Cops a Free Pass on Warrantless Video Requests

Generated on 2024-01-26 23:55:54.739626