IT Security News Daily Summary 2024-02-27

• USENIX Security ’23 – ClepsydraCache – Preventing Cache Attacks with Time-Based Evictions

• Synopsys Report Exposes Extent of Open Source Software Security Risks

• Black Basta and Bl00dy ransomware gangs exploit recent ConnectWise ScreenConnect bugs

• EFF to D.C. Circuit: The U.S. Government’s Forced Disclosure of Visa Applicants’ Social Media Identifiers Harms Free Speech and Privacy

• Sandvine put on America’s export no-fly list after Egypt used network tech for spying

• CloudGuard Streamlines Azure Virtual WAN security with Direct Ingress

• Hackers Are Using Fake Oculus Accounts To Get Facebook Users Suspended

• Enabling Network Engineering Skills in an AI World

• Sandvine put on America’s export no-fly list for flogging snoop-ware to Egypt

• US Gov Says Software Measurability is ‘Hardest Problem to Solve’

• Vulnerability Summary for the Week of February 19, 2024

• New Variant of AMOS Stealer Targets Safari Cookies and Crypto Wallets

• BT Completes 3G Switch-Off, With Belfast Site Closure

• White House urges developers to dump C and C++

• GenAI will Transform B2B Interactions and Solutions in the Year Ahead with New Depth of Context and Control

• NIST updates Cybersecurity Framework after a decade of lessons

• US Will Fight Russian Disinformation — Hacks and Leaks and Deepfakes, Oh My!

• CES 2024: Motorola Reveals Smartphone On Wrist Concept

• Safe Data Sharing Practices: How to Avoid Data Leaks

• Industrial Cyber Espionage France’s Top Threat Ahead of 2024 Paris Olympics

• Take Downs and the Rest of Us: Do they matter?, (Tue, Feb 27th)

• New Vulnerabilities in ConnectWise ScreenConnect Massively Exploited by Attackers

• Where Is DevNet Going Over the Next 10 Years, and Beyond?

• Hackers Selling DCRat Malware Subscriptions For $5 on Telegram

• Top 5 Common Cybersecurity Attacks MSPs Should Know in 2024

• Critical Infrastructure Protection in the Age of Cyber Threats

• An Approach To Synthetic Transactions With Spring Microservices: Validating Features and Upgrades

• OpenSSL

• 1Password vs LastPass: 2024 Business Password Manager Comparison

• Takes Downs and the Rest of Us: Do they matter?, (Tue, Feb 27th)

• Expedia To Cut 8 Percent Of Workforce

• Sploitscan – Cybersecurity Utility To Identify Exploits For Known Vulnerabilities

• Energy Department Invests $45 Million in 16 Projects to Improve Cybersecurity

• Black Basta, Bl00dy Ransomware Exploiting Recent ScreenConnect Flaws

• Risk Management Strategy in an Economic Downturn: How to Take a Holistic Approach to GRC

• Law Enforcement Strikes Blow Against LockBit Ransomware Group

• Russian threat actor expanding its target list, warns Five Eyes report

• SpinSPM for Salesforce identifies misconfigurations within SaaS applications

• NIST Releases Final Version of Cybersecurity Framework 2.0

• Four Million WordPress Sites Vulnerable to LiteSpeed Plugin Flaw

• IBM offers AI enabled ransomware resilience data storage solutions

• Explore Salesforce OAuth Authorization Flows and Its Use Cases

• CISA Releases Two Industrial Control Systems Advisories

• Santesoft Sante DICOM Viewer Pro

• Mitsubishi Electric Multiple Factory Automation Products

• Evolution to 5G-Advanced and Beyond: A Blueprint for Mobile Transport

• XSS flaw in LiteSpeed Cache plugin exposes millions of WordPress sites at risk

• Canada’s privacy watchdog investigating hack at Global Affairs

• PKI Solutions introduces new version of PKI Spotlight

• Google Pay To Close In US, To ‘Simplify’ Payment Apps

• The compelling need for cloud-native data protection

• The UK Is GPS-Tagging Thousands of Migrants

• Hackers Steal Nearly $10 Million from Axie Infinity Co-founder’s Personal Accounts

• AI Against AI: Harnessing Artificial Intelligence To Detect Deepfakes and Vishing

• IDAT Loader used to infect a Ukraine entity in Finland with Remcos RAT

• An educational robot security research

• SubdoMailing Manipulates Subdomains To Send Spam

• China Warns Of Fake Digital Currency Wallets Fleecing Netizens

• LoadDepot Confirms SSNs Leaked In Breach Claimed By ALPHV/BlackCat

• Bitcoin Scorches Past $57,000 As Big Buyers Flock In

• Cyber Insights 2024: Quantum and the Cryptopocalypse

• Domains Once Owned by Major Firms Help Millions of Spam Emails Bypass Security

• Nvidia CEO Believes AI Would Kill Coding

• VIAVI enhances Observer Sentry’s exposure and vulnerability analysis

• Akamai extends its segmentation solution to hybrid cloud environments

• WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk

• INTMAX Launches Plasma Next to Scale Ethereum with Stateless Layer

• 14-Year-Old CMS Editor Flaw Exploited to Hack Govt & Edu Sites

• Abyss Locker Ransomware Attacks Microsoft Windows and Linux Users

• computer forensics (cyber forensics)

• 5 Best VPN Services (2024): For Routers, PC, iPhone, Android, and More

• Cato Networks to Present on AI and SASE at Cloud Expo Europe and DevOps Live

• FortiGuard Labs Outbreak Alerts Annual Report 2023: A Glimpse into the Evolving Threat Landscape

• White House to Software Developers: Use Memory Safe Languages

• AgileBlue Sapphire AI streamlines SecOps and SOAR processes

• White House: Use memory-safe programming languages to protect the nation

• AU10TIX KYB solution validates info against global registries and jurisdictions

• Half of IT Leaders Identify IoT as Security Weak Point

• Hackers Abuse Telegram API To Exfiltrate User Information

• Zyxel Firewall Flaw Let Attackers Execute Remote Code

• Unveiling the Power of Virtual Private Networks (VPNs)

• Fortifying Web Applications: A Guide To Preventing SQL Injection in AWS RDS SQL Server

• W-2 phishing scams: Everything you need to know

• Watch out! There are hidden dangers lurking your PDFs

• Understand SASE ROI for Network Security Transformation

• Google’s Magika: Revolutionizing File-Type Identification for Enhanced Cybersecurity

• Legato Security Ensemble helps organizations prevent breaches

• Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub

• Getting Ahead of Cybersecurity Materiality Mayhem

• TimbreStealer campaign targets Mexican users with financial lures

• ResurrecAds Attack Hijacks Brand Names, Spreads Spam Via ‘SubdoMailing’

• The Cost of Not Conducting a Network Infrastructure Risk Assessment: A Costly Gamble

• Benefits of Ingesting Data from Amazon Inspector into Cisco Vulnerability Management

• Meta plans to prevent disinformation and AI-generated content from influencing voters

• Most Commercial Code Contains High-Risk Open Source Bugs

• TSMC Opens First Factory In Japan

• ThreatHunter.ai Stops Hundreds of Attacks in 48 Hours: Fighting Ransomware and Nation-State Cyber Threats

• China Surveillance Company Hacked

• [Free & Downloadable] Cybersecurity Risk Management Template – 2024

• Canada’s RCMP, Global Affairs Hit by Cyberattacks

• Artificial Arms Race: What Can Automation and AI do to Advance Red Teams

• 67,000 U-Haul Customers Impacted by Data Breach

• Google and Yahoo DMARC Requirement: Answering Your Webinar Questions

• Generative AI Governance: Essential Tips to Get Started

• APT29 revamps its techniques to breach cloud environments

• Android banking trojans: How they steal passwords and drain bank accounts

• NIST Cybersecurity Framework 2.0 Officially Released

• Terra’s Do Kwon To Miss Start Of SEC Trial In US

• How the Pentagon Learned to Use Targeted Ads to Find its Targets—and Vladimir Putin

• Identity theft is number one threat for consumers, says report

• From Classrooms to Cyberspace: The AI Takeover in EdTech

• From Alert to Action: How to Speed Up Your SOC Investigations

• Top 5 Scam Techniques: What You Need to Know

• US pharmacy outage caused by Blackcat ransomware attack on Optum Solutions

• Weak or Misconfigured Multi-Factor Authentication (MFA) Methods

• Several OpenJDK Vulnerabilities Fixed

• New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks

• Five Eyes Agencies Expose APT29’s Evolving Cloud Attack Tactics

• 69% of Organizations Infected by Ransomware in 2023

• Bitwarden Secrets Manager integrates with Ansible Playbook

• WordPress Plugin Flaw Exposes 200,000+ Websites for Hacking

• Exclusive: Enkrypt raises seed round to create a ‘control layer’ for generative AI safety

• Cybercrims: When we hit IT, they sometimes pay, but when we hit OT… jackpot

• Which apps use the most data on my iPhone?

• Hackers Actively Hijacking ConnectWise ScreenConnect server

• Improving OT Security in Industrial Processes

• Business Logic Abuse Dominates as API Attacks Surge

• Heavily Obfuscated PIKABOT Evades EDR Protection

• Zyxel fixed four bugs in firewalls and access points

• Octopus Deploy acquires Codefresh to drive innovation in continuous delivery

• Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities

• Podcast Episode: Open Source Beats Authoritarianism

• NSFGPT: A Large Model for Security Applications that Attracts Gartner’s Attention

• How to convince Top Management to invest in cybersecurity and secure software development

• What is Application Security Testing (AST)?

• Russia-linked APT29 switched to targeting cloud services

• Learning from the LockBit Takedown

• Keep Your Tech Flame Alive: Akamai Trailblazer ? Richa Dayal

• Broadcom builds a better SASE out of VMware VeloCloud and Symantec

• NIST CSF 2.0 released, to help all organizations, not just those in critical infrastructure

• WordPress Plugin Alert – Critical SQLi Vulnerability Threatens 200K+ Websites

• Trending Cyber Attack news headlines on Google

• Using AI to reduce false positives in secrets scanners

• Overcoming the pressures of cybersecurity startup leadership

• Enterprises’ progress in digital trust implementation is far from great

• Does AI remediation spell the end for developers in 2024?

• China warns of fake digital currency wallets fleecing netizens

• Anonymous Sudan Promoting New DDoS Botnet: Beware

• Unmanaged third-party access threatens OT environments

• Smart Home Security: Protecting Your Connected Devices

• ISC Stormcast For Tuesday, February 27th, 2024 https://isc.sans.edu/podcastdetail/8870, (Tue, Feb 27th)

• PCAParse

• Cloud-Native Security for Modern Businesses

• Sidebar: The powerful Digital Safety Commission

• VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

• The Quick and Easy Solution to Lagging 5G Monetization

• LoanDepot Ransomware Attack Leads to Data Breach; 17 Million Impacted

• Meta ramps up efforts to combat disinformation ahead of crucial EU elections

• IT Security News Daily Summary 2024-02-26

• Latest Research Reveals Rise in API Attacks in 2023, Putting Businesses at Risk in 2024

• Malicious Packages in npm, PyPI Highlight Supply Chain Threat

• From Indiana Jones to Cybersecurity: The Inspiring Journey of Devin

• Nevada sues to deny kids access to Meta’s Messenger encryption

• 7 Cyber Safety Tips to Outsmart Scammers

• Prowler gets $6M seed to build out hit open-source cloud security platform

• A cyber attack hit Thyssenkrupp Automotive Body Solutions business unit

• ALPHV/BlackCat responsible for Change Healthcare cyberattack

• Randall Munroe’s XKCD ‘Light Leap Years’

• USENIX Security ’23 – Synchronization Storage Channels (S2C): Timer-less Cache Side-Channel Attacks on the Apple M1 via Hardware Synchronization Instructions

• LockBit Back Online as Ransomware Gang Continues to Clash with Law Enforcement

• Feds hack LockBit, LockBit springs back. Now what?

• What Is Cross-Site Scripting (XSS)? Types, Risks & Prevention

• EFF Statement on Nevada’s Attack on End-to-End Encryption

• Back from the dead: LockBit taunts cops, threatens to leak Trump docs

• LockBit Ransomware Gang Returns, Taunts FBI and Vows Data Leaks

• Ransomware attack blamed for Change Healthcare outage stalling US prescriptions

• LockBit back from the dead – taunts cops and plans to leak Trump docs

• Facebook Creates Team To Stop AI Disinformation In Elections

• What You Need to Know About the Cybersecurity Market in 2024

• Automating Policy Enforcement in Kubernetes Using OPA: A Step-By-Step Tutorial

• How to use a jump server to link security zones

• Linked Oculus Accounts Trigger Facebook and Instagram Suspension

• Key Points to Remember When Using the Terraform ‘Apply’ Command

• Cyber attack on Hamilton knocks out municipal phone, email

• White House Urges Tech Industry to Eliminate Memory Safety Vulnerabilities

• Best Practices To Secure Stateless REST Applications

• Zyxel Patches Remote Code Execution Bug in Firewall Products

• Cyber Insights 2024: Artificial Intelligence

• Russian Cyberspies Targeting Cloud Infrastructure via Dormant Accounts

• USENIX Security ’23 – Daniel Katzman, William Kosasih, Chitchanok Chuengsatiansup, Eyal Ronen, Yuval Yarom – The Gates of Time: Improving Cache Attacks with Transient Execution

• CISA Issues Alert on APT29’s Cloud Infiltration Tactics

• CrowdStrike 2024 Global Threat Report: 6 Key Takeaways

• Researchers say easy-to-exploit security bugs in ConnectWise remote-access software now under mass attack

• DevNet Sandbox Has a New Look & Feel

• How to make a fake ID online, with Joseph Cox: Lock and Code S05E05

• Researchers say easy-to-exploit security bugs in ConnectWise remote access software now under mass-attack

• Ransomware Roundup – Abyss Locker

• Expert Warns of Growing Android Malware Activity

• Sustainability 101: What are ecolabels?

• How to Leverage AI as a Cybersecurity Professional

• From Open Source to Enterprise Ready: 4 Pillars to Meet Your Security Requirements

• Ransomware Distributed Through Mass Exploitation of ConnectWise ScreenConnect

• New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT

• FTC slaps Avast with $16.5m penalty for selling browser data

• Beware That Anonymous Sudan Is Promoting A New DDoS Botnet

• LoanDepot Ransomware Attack Exposed 16.9 Million Individuals

• State-Sponsored Group Blamed for Change Healthcare Breach

• Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin

• The xSPM Trend: Security Posture Management for Everything

• LockBit Ransomware Group Returns After Law Enforcement Operation

• Bitdefender Cryptomining Protection detects malicious cryptojacking attempts

• University Of Warwick To Launch Fintech Research Group

• Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

• Serco Leisure Faces Legal Action for Unlawful Employee Face Scanning

• Amazon Issues ‘Warning’ For Employees Using AI At Work

• LockBit Takedown: What You Need to Know about Operation Cronos

• MWC 2024: Huawei Cloud Seeks Overseas Expansion Despite Sanctions

• Everything you need to know about NIS2

• Lost to the Highest Bidder: The Economics of Cybersecurity Staffing

• LockBit Ransomware: Covertly Evolving Towards Next-Gen Threats Amid Takedown Efforts

• DataVisor introduces fraud and risk solution for financial institutions

• LockBit leak site is back online

• NetSTAR PhishCompass combats phishing threats

• 8,000+ Subdomains of Trusted Brands Hijacked for Massive Spam Operation

• Meta Forms Team To Protect EU Elections From AI Risks

• Scattered Spider: Advanced Techniques for Launching High-Profile Attacks

• LockBit Ransomware Gang Resurfaces With New Site

• Report: Cyberattacks Against Software Supply Chains Become More Targeted

• LockBit claims it’s back, blames failure to patch vulnerability for police attack

• Update: MGLNDD_* Scans, (Sat, Feb 24th)

• Utilizing the VirusTotal API to Query Files Uploaded to DShield Honeypot [Guest Diary], (Sun, Feb 25th)

• ISC Stormcast For Monday, February 26th, 2024 https://isc.sans.edu/podcastdetail/8868, (Mon, Feb 26th)

• Avast Fined Millions for Selling User Browsing Data

• Build a Flow Collectibles Portal Using Cadence (Part 2)

• Securing the Road Ahead: Addressing Persistent Cloud Misconfigurations in the Automotive Industry

• How a Right-Wing Controversy Could Sabotage US Election Security

• LoanDepot says about 17 million customers had personal data and Social Security numbers stolen during cyberattack

• US Leading Global Alliance To Counter Foreign Government Disinformation

• Lockbit Cybercrime Gang Says It Is Back Online Following Bust

• 230k Individuals Impacted By Data Breach At Australian Telco Tangerine

• Hackers For Sale: What We Learned From China’s Massive Cyber Leak

• Fox News Hacker Was Just Journalist Doing His Job, Claim Lawyers

• Palo Alto Networks empowers customers with integrated private 5G solutions

• Pikabot returns with new tricks up its sleeve

• Securing the Secure: The Importance of Secure Software Practices in Security Software Development

• Preventing Attacks and Securing the Supply Chain in the Security Software Industry

• The Importance of Training Employees in Cybersecurity

• CES 2024: Lenovo Shows Transparent Laptop Concept

• SVR Cyber Actors Adapt Tactics for Initial Cloud Access

• CISA, NCSC-UK, and Partners Release Advisory on Russian SVR Actors Targeting Cloud Infrastructure

• Drive Your Cybersecurity Platform Transformation: Lead the Way With SSE

• Data watchdog tells off outsourcing giant for scanning staff biometrics despite ‘power imbalance’

• Cyber Security Today, Feb. 26, 2024 – Canadian online harms legislation to be revealed today, and more

• North Korean Hackers Targeting Developers with Malicious npm Packages

• Security Best Practices for Docker Images

• Web Application Security: The Ultimate Guide to Coding Best Practices

• The Art of Ethical Hacking: Securing Systems in the Digital Age

• Reddit Users React With Dismay To IPO Plans

• ThreatHunter.ai Halts 100s of Attacks: Battling Ransomware & Nation-State Cyber Threats

• Fox News ‘hacker’ turns out to be journalist whose lawyers say was doing his job

• Intel Edge Platform simplifies development and management of edge AI apps

• McAfee Social Privacy Manager helps users keep their posts and personal information more private

• ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708)

• Three Tips to Protect Your Secrets from AI Accidents

• Avast Faces $16.5m Fine for Unlawfully Selling User Browsing Data

• Google Says Gmail ‘Here To Stay’ After Hoax Goes Viral

• Silicon In Focus Podcast: The Business Case for Mobile

• Healthcare Needs Risk-Based Cybersecurity for Comprehensive, Effective Protection

• ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

• NTT DATA partners with Schneider Electric to drive AI innovation at the edge

• Banking Trojans Target Latin America and Europe Through Google Cloud Run

• NCSC to Offer Cyber Governance Guidance to Boards

• Delving into NCSC’s New SMB Cybersecurity Guide

• Cyber Resilience: Planned and Practiced

• IntelBroker claimed the hack of the Los Angeles International Airport

• Nvidia Briefly Surpasses $2tn Valuation On AI Demand

• U-Haul Informs Customers of Major Data Breach

• 8220 Hacker Group Attacking Linux & Windows Users to Mine Crypto

• New DDoS malware Attacking Apache big-data stack, Hadoop, & Druid Servers

• The mobile malware threat landscape in 2023

• A week in security (February 19 – February 25)

• Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections

• Rethinking Trust: The Case Against Blind Reliance on Antivirus Software

• Cybersecurity fears trigger Cloud Repatriation

• Planning for Digital Afterlife: Retrieving Data from a Deceased User’s Google Account

• Accelerate 5G with AI-Powered Cybersecurity

• It’s time for security operations to ditch Excel

• Web Check: Open-source intelligence for any website

• LockBit Ransomware Group Resurfaces After Law Enforcement Takedown

• Escalating cyber threats spark demand for stronger regulations

• CVE count set to rise by 25% in 2024

• HackerGPT – A ChatGPT-Powered AI Tool for Ethical Hackers & Cyber Security Community

• Cybersecurity crisis in schools

• Phishing Prevention for Businesses: Employee Training

• FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga.

• Challenging password dogma

• SEO Poisoning to Domain Control: The Gootloader Saga Continues

• Business Data Backups: Strategies for Data Resilience

• LockBit is back and threatens to target more government organizations

• Introducing the CyberPeace Institute: Protecting Communities Online

Generated on 2024-02-27 23:56:04.082509