IT Security News Daily Summary 2024-03-11

• Understanding the basics of Windows 365 Government

• Four things we learned when US spy chiefs testified to Congress

• Kremlin accuses America of plotting cyberattack on Russian voting systems

• Data brokers admit they’re selling information on precise location, kids, and reproductive healthcare

• USENIX Security ’23 – PELICAN: Exploiting Backdoors of Naturally Trained Deep Learning Models In Binary Code Analysis

• 5 PaaS security best practices to safeguard the app layer

• Lawmaker Demands Facebook To Explain How It Protects Girls From Predators

• VulnRecap 3/11/24 – JetBrains & Atlassian Issues Persist

• Unlocking the Economic Benefit of NGFWs

• DARPA awards $1 million to Trail of Bits for AI Cyber Challenge

• Vulnerability Summary for the Week of March 4, 2024

• How to lock away sensitive information on Linux with KDE Vaults

• Driving fast or braking hard? Your connected car may be telling your insurance company

• CISA confirms compromise of its Ivanti systems

• State Dept-backed report provides action plan to avoid catastrophic AI risks

• The best security keys of 2024: Expert tested

• OneLogin vs. Okta (2024): Which IAM Solution Is Better?

• Broadcom Merges Symantec and Carbon Black Into New Business Unit

• Magnet Goblin Hackers Using Ivanti Flaws to Deploy Linux Malware

• The 4 Big Questions the Pentagon’s New UFO Report Fails to Answer

• In Effort to Bolster Government Cybersecurity, Biden Administration Takes Step to Ensure Secure Development Practices

• The 4 Big Questions the Pentagon’s New UFO Report Fails to Answer

• EFF’s Submission to Ofcom’s Consultation on Illegal Harms

• Phobos Unleashed: Navigating the Maze of Ransomware’s Ever-Evolving Threat

• Irony of Ironies: CISA Hacked — ‘by China’

• Dashify: Solving Data Wrangling for Dashboards

• Phishing Campaign Exploits Open Redirection Vulnerability In ‘Indeed.com’

• The Ethics And Privacy Concerns Of Employee Monitoring: Insights From Data Privacy Expert Ken Cox

• The Balancing Act for Mid-Market Firms: Navigating Digital Growth and Security Hurdles

• ImmuniWeb AI Platform

• OT Security Q&A for Cybersecurity Leaders with Difenda and Microsoft

• Software Reliability Firm Steadybit Raises $6 Million

• Magnet Goblin Exploits Ivanti Vulnerabilities

• Beyond the Call: AI and Machine Learning’s Role in Evolving Vishing Cyber Threats

• Incognito Darknet Market Mass-Extorts Buyers, Sellers

• #MIWIC2024: Rosie Anderson, Th4ts3cur1ty.Company

• Rise in Phishing Attacks Targeting US Schools Raises Concerns

• BianLian Threat Actor Shifts Focus to Extortion-Only Tactics

• America to offer compensation to victims of Deep Fake AI content

• Recent TeamCity Vulnerability Exploited in Ransomware Attacks

• February 2024’s Most Wanted Malware: WordPress Websites Targeted by Fresh FakeUpdates Campaign

• What We Learned from These 3 API Security Breaches

• Going viral shouldn’t lead to bomb threats, with Leigh Honeywell: Lock and Code S05E06

• Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks

• USENIX Security ’23 – Yifan Yan, Xudong Pan, Mi Zhang, Min Yang – Rethinking White-Box Watermarks on Deep Learning Models under Neural Structural Obfuscation

• Threat Groups Rush to Exploit JetBrains’ TeamCity CI/CD Security Flaws

• OpenAI Bolsters Data Security with Multi-Factor Authentication for ChatGPT

• Airbnb Bans All Indoor Security Cameras

• Why 2024 is the Year of AI for Networking

• BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

• Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites To Attacks

• Ransomware Attack Causes British Library To Push The Cloud Button

• US Says UFO Sightings Likely Secret Military Tests

• Critical Vulnerability Allows Access To QNAP NAS Devices

• Scaleway Introduces First RISC-V Servers on the Cloud

• New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics

• Embracing the Cloud: Revolutionizing Privileged Access Management with One Identity PAM Essentials

• WordPress Builder Plugin Flaw Exposes 3,300+ Websites To XSS Attack

• Beware of OpenAI and ChatGPT-4 Turbo in Healthcare Orgs’ API Attack Surface

• CyberGate RAT Mimic as Dorks Tool to Attack Cybersecurity Professionals

• Breaking it Down: A Data-Centric Security Perspective on NIST Cybersecurity Framework 2.0

• Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks

• Critical Vulnerability Allows Access to QNAP NAS Devices

• SecurityWeek Cyber Insights 2024 Series

• UnitedHealth Group Cyberattack Fallout: Government Intervention and Industry Critique

• Cynerio extends Healthcare Cybersecurity Platform to improve patient data protections

• Windstream Enterprise and Fortinet join forces to accelerate digital transformation for enterprises

• CyberGate RAT Mimic as Dorks to Attack Cybersecurity Professionals

• British Library pushes the cloud button, says legacy IT estate cause of hefty rebuild

• How to Streamline the Vulnerability Management Life Cycle

• NSA Launches Top 10 Cloud Security Mitigation Strategies

• 6 Best Single Sign-On (SSO) Providers & Solutions in 2024

• Unveiling the Underbelly of IoT: An In-Depth Analysis of Hacking Risks

• Third-Party Breach and Missing MFA Contributed to British Library Cyber-Attack

• Russian Midnight Blizzard Hackers Breached Microsoft Source Code

• Magnet Goblin Delivers Linux Malware Using One-Day Vulnerabilities

• Microsoft: Russian hackers accessed internal systems, code repositories

• Data Leakage Prevention in the Age of Cloud Computing: A New Approach

• Multiple QNAP Vulnerabilities Let Attackers Inject Malicious Codes

• Helping Ivanti VPN Customers

• Experts released PoC exploit for critical Progress Software OpenEdge bug

• Tesla Falls Behind In Fast-Growing China EV Market

• Apple Reverses Course On Epic Games EU Ban

• How do you lot feel about Pay or say OK to ads model, asks ICO

• WordPress Sites Exploited To Brute-Force Passwords Via Users’ Browsers

• Magnet Goblin group used a new Linux variant of NerbianRAT malware

• Using LLMs to Unredact Text

• New Open Source Tool Hunts for APT Activity in the Cloud

• BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks

• Police Concerned Whether AI System Could Understand ‘Brummie’ Accent

• Can Tech Save the Environment?

• PoC Exploit Released for OpenEdge Authentication Gateway & AdminServer Vulnerability

• Why WeSecureApp Rocks at Busting Payment Tampering Vulnerabilities

• Telemedicine Business Owner Faces 20 Years For $136m Fraud

• Jaguar Investigates After EV Brakes Fail On Motorway

• File Integrity Monitoring vs. Integrity: What you need to know

• Cybersecurity in the Age of AI: Exploring AI-Generated Cyber Attacks

• US Lawmakers Inundated With Calls From TikTok Users

• Instagram Tops TikTok As World’s Most Downloaded App

• Matanbuchus Malware Weaponizing XLS files to Hijack Windows Machine

• If your Business Needs Cybersecurity, you Should Become the Expert

• Russia’s Midnight Blizzard Accesses Microsoft Source Code

• LockBit Locked Down

• Dropbox Abused in New Phishing, Malspam Scam to Steal SaaS Logins

• Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites

• A week in security (March 4 – March 10)

• Ransomware Attack Shuts Down Duvel Beer Production

• Cybercriminals Hacking Systems with 10+ Legitimate Data-Extraction Tools

• Authentication vs. Authorization

• Ransomware Actors Using Dozen of Legitimate Data-Exfiltration Tools to Hack Systems

• Annex A of ISO 27001:2022 explained and tips to prepare for an audit

• Vulnerability in 16.5K+ VMware ESXi Instances Let Attackers Execute Code

• Google Is Getting Thousands of Deepfake Porn Complaints

• Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT

• Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability

• New DoNex Ransomware Observed in the Wild Targeting Enterprises

• Who’s to Blame for Hacked Social Media Accounts, Spoofed Online Meeting Requests and Malware

• Navigating the Delicate Balance: Transparency and Information Security in NATO

• 10 free cybersecurity guides you might have missed

• KeePassXC adds support for Passkeys, improves database import from Bitwarden and 1Password

• A Comprehensive Guide to Mobile Application Security Testing

• Transitioning to memory-safe languages: Challenges and considerations

• Microsoft suspects Russian hackers still lurking in its corporate network

• Email security trends in the energy and infrastructure sector

• CloudGrappler: Open-source tool detects activity in cloud environments

• Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability

• Advanced AI, analytics, and automation are vital to tackle tech stack complexity

• Cyber Security Today for Monday, March 11, 2024 – Breaking Bad in Cyber Security

• Insider threats can damage even the most secure organizations

• Breaking bad in cybersecurity: Cyber Security Today for Monday, March 11, 2024

• Nanotechnology: Innovations at the Molecular Scale

• ISC Stormcast For Monday, March 11th, 2024 https://isc.sans.edu/podcastdetail/8888, (Mon, Mar 11th)

• HIPAA and Privacy Act Training Challenge Exam [XLS download]

• What happens when you accidentally leak your AWS API keys? [Guest Diary], (Sun, Mar 10th)

• Biometric Authentication: Advancements and Challenges

• Lithuania security services warn of China’s espionage against the country

• IT Security News Daily Summary 2024-03-10

• Are We Experiencing the End of Biometrics?

• OWASP Mobile Top 10 Lists For 2024

• GenAI Regulation: Why It Isn’t One Size Fits All

• Apple iOS and iPadOS Memory Corruption Vulnerabilities: A Critical Alert

• USENIX Security ’23 – Jialai Wang, Ziyuan Zhang, Meiqi Wang, Han Qiu, Tianwei Zhang, Qi Li, Zongpeng Li, Tao Wei, Chao Zhang – Aegis: Mitigating Targeted Bit-flip Attacks against Deep Neural Networks

• Security Concerns Arise Over Chinese-Manufactured Surveillance Cameras Deployed at Romanian Military Locations

• The Foilies 2024

• Microsoft Claims Russian Hackers are Attempting to Break into Company Networks.

• Technical Glitch Causes Global Disruption for Meta Users

• Women in AI: Heidy Khlaaf, safety engineering director at Trail of Bits

• Signal Protocol Links WhatsApp, Messenger in DMA-Compliant Fusion

• OWASP Top 10 Web List Latest

• Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION

• Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast

• Demystifying cybersecurity terms: Policy, Standard, Procedure, Controls, Framework, Zero Trust

• Habib’s – 3,517,679 breached accounts

• APT attacks taking aim at Tibetans – Week in security with Tony Anscombe

• Blockchain Technology: Beyond Cryptocurrencies

• Edge Computing: Enhancing Data Processing

• Threat actors breached two crucial systems of the US CISA

Generated on 2024-03-11 23:55:56.998789