IT Security News Daily Summary 2024-03-12

• Congress Must Stop Pushing Bills That Will Benefit Patent Trolls

• Tweaks Stealer Targets Roblox Users Through YouTube and Discord

• Microsoft Patch Tuesday security updates for March 2024 fixed 59 flaws

• Sophos: Remote ransomware attacks on SMBs increasing

• Facebook And Instagram Ran Ads For Deepfake App Featuring Nude Underage Celebrity

• 7 Essential Practices for Secure API Development

• Patch Tuesday, March 2024 Edition

• VERT Threat Alert: March 2024 Patch Tuesday Analysis

• Microsoft Releases Security Updates for Multiple Products

• asymmetric cryptography

• JetBrains releases security fixes for TeamCity CI/CD system

• Patch Tuesday: Microsoft Flags Major Bugs in HyperV, Exchange Server

• DOJ Warns Using AI in Crimes Will Mean Harsher Sentences

• March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V

• US Lawmaker Cited NYC Protests in a Defense of Warrantless Spying

• Biden’s budget proposal boosts CISA funding to $3B

• Ransomware review: March 2024

• Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by Microsoft

• Marriott Leads the Way in the Fight to Protect Children Online

• Biden’s budget proposal boosts CISA funding to $3b

• Google Paid Out $10 Million via Bug Bounty Programs in 2023

• Adobe Patches Critical Flaws in Enterprise Products

• SAP Patches Critical Command Injection Vulnerabilities

• OpenSSL 3.3 Alpha Release Date Announced

• Microsoft Patch Tuesday – March 2024, (Tue, Mar 12th)

• Know your enemies: An approach for CTI teams

• FakeUpdates Malware Campaign Targets WordPress – Millions of Sites at Risk

• Konica Minolta Wins Two Platinum ‘ASTORS’ Homeland Security Awards

• How AI firewalls will secure your new business applications

• How to secure on-prem apps with Entra Application Proxy

• A prescription for insights: Cisco Full-Stack Observability supercharges healthcare

• Study Reveals Top Vulnerabilities in Corporate Web Applications

• Control the Network, Control the Universe

• Europe’s Digital Markets Act Compels Tech Corporations to Adapt

• How Much Data Does Streaming Use? + 5 Tips to Manage Data

• Navigating the Shift: Mastering Pod Security in Kubernetes

• 5 Unique Challenges for AI in Cybersecurity

• JetBrains is still mad at Rapid7 for the ransomware attacks on its customers

• US Intelligence Predicts Upcoming Cyber Threats for 2024

• The Impact of Cigarettes and Vapes in the IT Industry and How to Address Them

• Four things we learned when US intelligence chiefs testified to Congress

• New Cloud Attack Targets Crypto CDN Meson Ahead of Launch

• Boeing Whistleblower Who Raised Safety Concerns Found Dead

• French Government Sites Disrupted By Tres Grande DDoS

• Never Before Seen Linux Malware Gets Installed Using 1-Day Exploits

• EquiLend Ransomware Attack Leads To Data Breach

• White House Summons UnitedHealth CEO Over Hack

• Reject Nevada’s Attack on Encrypted Messaging, EFF Tells Court

• ICS Patch Tuesday: Siemens Ruggedcom Devices Impacted by 45 Fortinet Vulnerabilities

• Broadcom Merging Carbon Black, Symantec to Create Security Unit

• Japan Blames Lazarus for PyPi Supply Chain Attack

• Ransomware news headlines trending on Google

• Access to Internet Infrastructure is Essential, in Wartime and Peacetime

• DTEX i³ Issues Threat Advisory for Detecting the Use of Multiple Identities

• How Secure Cloud Development Replaces Virtual Desktop Infrastructures

• 6 Benefits of Vulnerability Management

• LockBit attacks continue via ConnectWise ScreenConnect flaws

• CISA Releases One Industrial Control Systems Advisory

• Let the “Mother of all Breaches” Be a Wake-up Call

• Russia’s Foreign Intelligence Service (SVR) alleges US is plotting to interfere in presidential election

• ISACA Joins Forces with Erasmus+ for SHE@CYBER Project

• J.P. Morgan Growth Leads $39 Million Investment in Eye Security

• ChatGPT and Beyond: Generative AI in Security

• Aviatrix releases Distributed Cloud Firewall for Kubernetes

• CISA Publishes SCuBA Hybrid Identity Solutions Guidance

• Cybersecurity training aligned with the MITRE ATT&CK framework

• Cloud security training: Build secure cloud systems

• US, Russia Accuse Each Other of Potential Election Cyberattacks

• CISA’s OT Attack Response Team Understaffed: GAO

• EquiLend Ransomware Attack Leads to Data Breach

• Read the Latest NIST Cybersecurity Framework Updates

• Cybersecurity Teams Tackle AI, Automation, and Cybercrime-as-a-Service Challenges

• Rubrik EPE secures enterprise data from cyberattacks

• Shield Your Documents: Introducing DocLink Defender for Real-Time Malware Blockade

• VCURMS: A Simple and Functional Weapon

• Mitigating Lurking Threats in the Software Supply Chain

• Hyper-Personalization in Retail: Benefits, Challenges, and the Gen-Z Dilemma

• Netskope and Egress partner to enhance behavioral-based threat detection and response

• Claroty Advanced ATD Module provides continuous monitoring of healthcare network risks

• Enhancing Blockchain Randomness To Eliminate Trust Issues Once For All

• Insurance Claim Contact Center Collaboration – Digital Customer Experience Then and Now

• Leicester City Council’s IT System and Phones Down Amid Cyber Attack

• Thrive Incident Response & Remediation helps organizations contain and remove threats

• Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets

• Three-Quarters of Cyber Incident Victims Are Small Businesses

• CloudGrappler: Open Source Tool that Detects Hacking Activity

• Celebrating Creativity and Authenticity: Cisconians’ Talents and Careers Shine

• UK council yanks IT systems and phone lines offline following cyber ambush

• ZeroFox launches EASM to give customers visibility and control over external assets

• Elon Musk’s xAI To Open Source Grok Chatbot In Dig At OpenAI

• Telegram Reaches 900m Users, Nears Profitability

• Hackers Advertising FUD APK Crypter that Runs on all Android Devices

• Jailbreaking LLMs with ASCII Art

• Exploited Building Access System Vulnerability Patched 5 Years After Disclosure

• Critical Vulnerabilities in GovQA Platform Expose Sensitive Government Records

• Microsoft Source Code Heist: Russian Hackers Escalate Cyberwarfare

• CTEM 101 – Go Beyond Vulnerability Management with Continuous Threat Exposure Management

• Muddled Libra Hackers Using Pentesting Tools To Gain Admin Access

• Nvidia Sued By Authors For Training AI With Copyrighted Works

• Reddit Seeks Valuation Up To $6.4bn In NYSE Listing

• Top 10 web application vulnerabilities in 2021–2023

• #MIWIC2024: Blessing Usoro, Cyber for Schoolgirls

• Lawmakers Slam UK Government’s “Ostrich Strategy” for Cybersecurity

• French Government Hit with Severe DDoS Attack

• Reducing Cyber Risks with Security Configuration Management

• Justice Department Beefs up Focus on Artificial Intelligence Enforcement, Warns of Harsher Sentences

• Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites

• Elliott Walks Away From Currys Offer

• Baidu’s Ernie AI ‘Better At Tang Chinese Poetry’ Than Rivals

• Xpeng Electric ‘Flying Car’ Completes Flight Over Guangzhou

• Victims Lose $47m to Crypto Phishing Scams in February

• Insurance scams via QR codes: how to recognise and defend yourself

• First-ever South Korean national detained for espionage in Russia

• The Rise of AI Worms in Cybersecurity

• Hackers leverage 1-day vulnerabilities to deliver custom Linux malware

• Italian DPA Asks OpenAI’s ‘Sora’ to Reveal Algorithm Information

• Alert: FBI Warns Of BlackCat Ransomware Healthcare Attack

• South Korean Citizen Detained in Russia on Cyber Espionage Charges

• Podcast Episode: ‘I Squared’ Governance

• AuditBoard unveils AI, analytics, and annotation capabilities to deliver more timely insights

• WordPress Plugin Flaw Exposes 200,000+ Websites to XSS Attacks

• Hackers Deliver MSIX Malware in The Lure of Freemium Productivity App

• French government sites disrupted by très grande DDoS

• Cyber Attack on France government websites

• OWASP Top 10 Explained: SQL Injection

• Flipkart – 552,094 breached accounts

• Cybersecurity jobs available right now: March 12, 2024

• How advances in AI are impacting business cybersecurity

• Tax-related scams escalate as filing deadline approaches

• Binance’s Top Crypto Crime Investigator Is Being Detained in Nigeria

• Oh No! My JSON Keys and Values are Separated! How Can I Extract Them For My Searches?

• Enable Sharing of Datamodel Acceleration Summaries between Search Heads

• How organizations can keep up with shifting data privacy regulations

• KrustyLoader Backdoor Attack Both Windows & Linux Systems

• Image-based phishing tactics evolve

• BianLian Hackers Hijacked TeamCity Servers To Install GO Backdoor

• Wearable Technology: Integrating Devices With Daily Life

• The French Government Says It’s Being Targeted by Unusual Intense Cyberattacks

• Hackers Compromised TeamCity Server To Install BianLian’s GO Backdoor

• ISC Stormcast For Tuesday, March 12th, 2024 https://isc.sans.edu/podcastdetail/8890, (Tue, Mar 12th)

• The best travel VPNs of 2024: Expert tested and reviewed

• GUEST ESSAY: A DIY guide to recognizing – and derailing – Generative AI voice scams

• Autonomous Vehicles: Driving the Future

• White House and lawmakers increase pressure on UnitedHealth to ease providers’ pain

• When a Data Mesh Doesn’t Make Sense for Your Organization

• Navigating the Labyrinth of Digital Cyberthreats Using AI-Powered Cryptographic Agility

• Navigating Ransomware: Securin’s Insights and Analysis from 2023

• EFF to Ninth Circuit: There’s No Software Exception to Traditional Copyright Limits

• New Report Finds 81% of Defense SMBs Have Begun CMMC Compliance, Yet Struggle to Reach Certification

• Massive cyberattacks hit French government agencies

• Introducing Salt Security’s New AI-Powered Knowledge Base Assistant: Pepper!

• IT Security News Daily Summary 2024-03-11

• Understanding the basics of Windows 365 Government

• Four things we learned when US spy chiefs testified to Congress

• Kremlin accuses America of plotting cyberattack on Russian voting systems

• Data brokers admit they’re selling information on precise location, kids, and reproductive healthcare

• USENIX Security ’23 – PELICAN: Exploiting Backdoors of Naturally Trained Deep Learning Models In Binary Code Analysis

• 5 PaaS security best practices to safeguard the app layer

• Lawmaker Demands Facebook To Explain How It Protects Girls From Predators

• VulnRecap 3/11/24 – JetBrains & Atlassian Issues Persist

• Unlocking the Economic Benefit of NGFWs

• DARPA awards $1 million to Trail of Bits for AI Cyber Challenge

• Vulnerability Summary for the Week of March 4, 2024

• How to lock away sensitive information on Linux with KDE Vaults

• Driving fast or braking hard? Your connected car may be telling your insurance company

• CISA confirms compromise of its Ivanti systems

• State Dept-backed report provides action plan to avoid catastrophic AI risks

• The best security keys of 2024: Expert tested

• OneLogin vs. Okta (2024): Which IAM Solution Is Better?

• Broadcom Merges Symantec and Carbon Black Into New Business Unit

• Magnet Goblin Hackers Using Ivanti Flaws to Deploy Linux Malware

• The 4 Big Questions the Pentagon’s New UFO Report Fails to Answer

• In Effort to Bolster Government Cybersecurity, Biden Administration Takes Step to Ensure Secure Development Practices

• The 4 Big Questions the Pentagon’s New UFO Report Fails to Answer

• EFF’s Submission to Ofcom’s Consultation on Illegal Harms

• Phobos Unleashed: Navigating the Maze of Ransomware’s Ever-Evolving Threat

• Irony of Ironies: CISA Hacked — ‘by China’

• Dashify: Solving Data Wrangling for Dashboards

• Phishing Campaign Exploits Open Redirection Vulnerability In ‘Indeed.com’

• The Ethics And Privacy Concerns Of Employee Monitoring: Insights From Data Privacy Expert Ken Cox

• The Balancing Act for Mid-Market Firms: Navigating Digital Growth and Security Hurdles

• ImmuniWeb AI Platform

• OT Security Q&A for Cybersecurity Leaders with Difenda and Microsoft

• Software Reliability Firm Steadybit Raises $6 Million

• Magnet Goblin Exploits Ivanti Vulnerabilities

• Beyond the Call: AI and Machine Learning’s Role in Evolving Vishing Cyber Threats

• Incognito Darknet Market Mass-Extorts Buyers, Sellers

• #MIWIC2024: Rosie Anderson, Th4ts3cur1ty.Company

• Rise in Phishing Attacks Targeting US Schools Raises Concerns

• BianLian Threat Actor Shifts Focus to Extortion-Only Tactics

• America to offer compensation to victims of Deep Fake AI content

• Recent TeamCity Vulnerability Exploited in Ransomware Attacks

• February 2024’s Most Wanted Malware: WordPress Websites Targeted by Fresh FakeUpdates Campaign

• What We Learned from These 3 API Security Breaches

• Going viral shouldn’t lead to bomb threats, with Leigh Honeywell: Lock and Code S05E06

• Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks

• USENIX Security ’23 – Yifan Yan, Xudong Pan, Mi Zhang, Min Yang – Rethinking White-Box Watermarks on Deep Learning Models under Neural Structural Obfuscation

• Threat Groups Rush to Exploit JetBrains’ TeamCity CI/CD Security Flaws

• OpenAI Bolsters Data Security with Multi-Factor Authentication for ChatGPT

• Airbnb Bans All Indoor Security Cameras

• Why 2024 is the Year of AI for Networking

• BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

• Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites To Attacks

• Ransomware Attack Causes British Library To Push The Cloud Button

• US Says UFO Sightings Likely Secret Military Tests

• Critical Vulnerability Allows Access To QNAP NAS Devices

• Scaleway Introduces First RISC-V Servers on the Cloud

• New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics

• Embracing the Cloud: Revolutionizing Privileged Access Management with One Identity PAM Essentials

• WordPress Builder Plugin Flaw Exposes 3,300+ Websites To XSS Attack

• Beware of OpenAI and ChatGPT-4 Turbo in Healthcare Orgs’ API Attack Surface

• CyberGate RAT Mimic as Dorks Tool to Attack Cybersecurity Professionals

• Breaking it Down: A Data-Centric Security Perspective on NIST Cybersecurity Framework 2.0

• Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks

• Critical Vulnerability Allows Access to QNAP NAS Devices

• SecurityWeek Cyber Insights 2024 Series

• UnitedHealth Group Cyberattack Fallout: Government Intervention and Industry Critique

• Cynerio extends Healthcare Cybersecurity Platform to improve patient data protections

• Windstream Enterprise and Fortinet join forces to accelerate digital transformation for enterprises

• CyberGate RAT Mimic as Dorks to Attack Cybersecurity Professionals

• British Library pushes the cloud button, says legacy IT estate cause of hefty rebuild

• How to Streamline the Vulnerability Management Life Cycle

• NSA Launches Top 10 Cloud Security Mitigation Strategies

• 6 Best Single Sign-On (SSO) Providers & Solutions in 2024

• Unveiling the Underbelly of IoT: An In-Depth Analysis of Hacking Risks

• Third-Party Breach and Missing MFA Contributed to British Library Cyber-Attack

• Russian Midnight Blizzard Hackers Breached Microsoft Source Code

• Magnet Goblin Delivers Linux Malware Using One-Day Vulnerabilities

• Microsoft: Russian hackers accessed internal systems, code repositories

• Data Leakage Prevention in the Age of Cloud Computing: A New Approach

• Multiple QNAP Vulnerabilities Let Attackers Inject Malicious Codes

• Helping Ivanti VPN Customers

• Experts released PoC exploit for critical Progress Software OpenEdge bug

• Tesla Falls Behind In Fast-Growing China EV Market

• Apple Reverses Course On Epic Games EU Ban

• How do you lot feel about Pay or say OK to ads model, asks ICO

• WordPress Sites Exploited To Brute-Force Passwords Via Users’ Browsers

• Magnet Goblin group used a new Linux variant of NerbianRAT malware

• Using LLMs to Unredact Text

• New Open Source Tool Hunts for APT Activity in the Cloud

• BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks

• Police Concerned Whether AI System Could Understand ‘Brummie’ Accent

• Can Tech Save the Environment?

• PoC Exploit Released for OpenEdge Authentication Gateway & AdminServer Vulnerability

• Why WeSecureApp Rocks at Busting Payment Tampering Vulnerabilities

• Telemedicine Business Owner Faces 20 Years For $136m Fraud

• Jaguar Investigates After EV Brakes Fail On Motorway

• File Integrity Monitoring vs. Integrity: What you need to know

• Cybersecurity in the Age of AI: Exploring AI-Generated Cyber Attacks

• US Lawmakers Inundated With Calls From TikTok Users

• Instagram Tops TikTok As World’s Most Downloaded App

• Matanbuchus Malware Weaponizing XLS files to Hijack Windows Machine

• If your Business Needs Cybersecurity, you Should Become the Expert

• Russia’s Midnight Blizzard Accesses Microsoft Source Code

• LockBit Locked Down

• Dropbox Abused in New Phishing, Malspam Scam to Steal SaaS Logins

• Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites

• A week in security (March 4 – March 10)

• Ransomware Attack Shuts Down Duvel Beer Production

• Cybercriminals Hacking Systems with 10+ Legitimate Data-Extraction Tools

• Authentication vs. Authorization

• Ransomware Actors Using Dozen of Legitimate Data-Exfiltration Tools to Hack Systems

• Annex A of ISO 27001:2022 explained and tips to prepare for an audit

• Vulnerability in 16.5K+ VMware ESXi Instances Let Attackers Execute Code

• Google Is Getting Thousands of Deepfake Porn Complaints

• Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT

• Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability

• New DoNex Ransomware Observed in the Wild Targeting Enterprises

• Who’s to Blame for Hacked Social Media Accounts, Spoofed Online Meeting Requests and Malware

• Navigating the Delicate Balance: Transparency and Information Security in NATO

• 10 free cybersecurity guides you might have missed

• KeePassXC adds support for Passkeys, improves database import from Bitwarden and 1Password

• A Comprehensive Guide to Mobile Application Security Testing

• Transitioning to memory-safe languages: Challenges and considerations

• Microsoft suspects Russian hackers still lurking in its corporate network

• Email security trends in the energy and infrastructure sector

• CloudGrappler: Open-source tool detects activity in cloud environments

• Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability

• Advanced AI, analytics, and automation are vital to tackle tech stack complexity

• Cyber Security Today for Monday, March 11, 2024 – Breaking Bad in Cyber Security

• Insider threats can damage even the most secure organizations

• Breaking bad in cybersecurity: Cyber Security Today for Monday, March 11, 2024

• Nanotechnology: Innovations at the Molecular Scale

• ISC Stormcast For Monday, March 11th, 2024 https://isc.sans.edu/podcastdetail/8888, (Mon, Mar 11th)

• HIPAA and Privacy Act Training Challenge Exam [XLS download]

• What happens when you accidentally leak your AWS API keys? [Guest Diary], (Sun, Mar 10th)

• Biometric Authentication: Advancements and Challenges

Generated on 2024-03-12 23:55:59.797771