IT Security News Daily Summary 2024-03-19

• This Acoustic Side-Channel Attack Steals Keystrokes Via Typing Patterns

• Pro Players Hacked Live On Stream! Apex Legends Tournament Postponed

• Pokemon resets some users passwords after hacking attempts

• Ukraine cyber police arrested crooks selling 100 million compromised accounts

• Daniel Stori’s ‘I’m Fine’

• USENIX Security ’23 – Abderrahmen Amich, Birhanu Eshete, Vinod Yegneswaran, Nguyen Phong Hoang – DeResistor: Toward Detection-Resistant Probing for Evasion Of Internet Censorship

• MacOS Sonoma 14.4 bug round-up: What to know before you update

• Crypto scams more costly to the US than ransomware, Feds say

• Beijing-backed cyberspies attacked 70+ orgs across 23 countries

• How To Craft The Perfect Data Loss Prevention Strategy

• Zero Day Moves to Ghost

• Crypto scams more costly to the US than ransomware, feds say

• Upcoming webinar: How a leading architecture firm approaches cybersecurity

• Lazarus Group Hackers Resurface Utilizing Tornado Cash for Money Laundering

• Encina Wastewater Authority Reportedly Targeted by BlackByte Ransomware

• The best VPN for streaming in 2024: Expert tested and reviewed

• 7 Best Network Security Tools to Use in 2024

• Speaking Freely: Maryam Al-Khawaja

• Powerful Cloud Permissions You Should Know: Series Final

• Discovering API secrets & endpoints using APKLeaks

• Why IT General Controls Are Important for Compliance and Cybersecurity

• 3 ways we tried to outwit AI last week: Legislation, preparation, intervention

• Owning Versus Renting – The Circumstances of Web3 Domains

• The Power of AI: Building a Robust Data Ecosystem for Enterprise Success

• Best Enterprise Security Tools For Tip-top Business Protection

• CISA and Partners Release Joint Fact Sheet for Leaders on PRC-sponsored Volt Typhoon Cyber Activity

• Cisco Launches CCST IT Support Certification: Your Pathway to a Career in IT

• APIs Drive the Majority of Internet Traffic and Cybercriminals are Taking Advantage

• Cybercriminals Beta Test New Attack to Bypass AI Security

• Vulnerability Recap 3/19/24 – Microsoft, Fortinet & More

• How Rogue ISPs Tamper With Geofeeds

• Taking Cyber Asset and Exposure Management to the Boardroom

• Nude Deepfakes: What is EU Doing to Prevent Women from Cyber Harassment

• BunnyLoader 3.0 Detected With Advanced Keylogging Capabilities

• Novel Script-Based Attack That Leverages PowerShell And VBScript

• Simplifying Data Management in the Age of AI

• Appdome launches Social Engineering Prevention service to safeguard mobile users

• Researchers Uncover New “Conversation Overflow” Tactics

• United Health spends $2 billion in ransomware recovery

• CISA Releases One Industrial Control Systems Advisory

• Franklin Fueling System EVO 550/5000

• Cisco’s Bill Davenport Starts Term on FCC Technological Advisory Council

• New AcidPour wiper targets Linux x86 devices. Is it a Russia’s weapon?

• Cloudflare Loses 22% Of Its Domains In Freenom .tk Shutdown

• Kasada introduces CDN edge API integrations to block abuse and online fraud

• Tufin Orchestration Suite R24-1 enhances cloud security and compliance

• CalypsoAI Platform provides real-time LLM cybersecurity insights

• SQL Injection Vulnerability Patched in Tutor LMS WordPress Plugin

• How to manage third-party risk in the cloud

• Building Data Center Infrastructure for the AI Revolution

• Update Delays To NIST Vulnerability DB Alarms Researchers

• Nations Direct Mortgage Data Breach Affects 83,000 Individuals

• Apex Legends Esports Final Delayed By Hack Claims

• Airbus Pulls Out of Deal to Buy Atos Cybersecurity Unit

• Threat Actors Exploit the Aiohttp Bug to Locate Susceptible Networks

• Ordr launches OrdrAI CAASM+ to provide asset visibility with AI/ML classification

• Research Shows IT and Construction Sectors Hardest Hit By Ransomware

• DarkGPT OSINT AI Assistant To Find Leaked Database

• Crypto wallet providers urged to rethink security as criminals drain them of millions

• Cato Unveils Industry First AI-driven Networking and Security Incident Detection and Response

• Innovative Web Automation Solutions Unveiled by Skyvern AI

• WhatsApp Beta Testing Expanded Authentication Methods for App Lock Feature

• Synopsys fAST Dynamic enables DevOps teams to fix security vulnerabilities in modern web apps

• eSentire Threat Intelligence reduces false positive alerts

• Drata unveils Adaptive Automation for streamlined compliance

• From Deepfakes to Malware: AI’s Expanding Role in Cyber Attacks

• Secure Your API With JWT: Kong OpenID Connect

• How AI can be hacked with prompt injection: NIST report

• BigID Raises $60 Million at $1 Billion Valuation

• Chinese APT Hacks 48 Government Organizations

• Traefik Labs updates address rising Kubernetes adoption and API management

• NIST’s NVD has encountered a problem

• Attacker Hunting Firewalls, (Tue, Mar 19th)

• Lurking in the Shadows: Attack Trends Shine Light on API Threats

• Flexible Billing now available in the Avast Business Hub for MSPs

• Delivering Digital Immunity: Taking a Holistic Approach to Optimize Your Network

• Sonatype SBOM Manager identifies and mitigates vulnerabilities within the software supply chain

• Mintlify Data Breach Exposes Customer GitHub Tokens

• Providing Optimal Cloud Security Outcomes Through StateRAMP

• Atos says Airbus flew off, no longer interested in infosec and big data biz

• AI and the Evolution of Social Media

• Case Study: Fatty Liver Foundation Improves Enterprise Domain Security with PowerDMARC

• Verimatrix Counterspy safeguards content across various devices

• NHS Dumfries and Galloway Faces Cyberattack, Patient Data at Risk

• Social media influencers targeted by identity thieves

• Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle

• Nations Direct Mortgage Data Breach Impacts 83,000 Individuals

• SUSE announces new enhancements to help users manage business-critical workloads

• Recognizing Progress and Living Our Values: Akamai?s 2023 ESG Impact Report

• 900+ websites Exposing 10M+ Passwords: Most in Plaintext

• Exploring Zero-Trust Architecture Implementation in Modern Cybersecurity

• Cisco Secure Access named Leader in Zero Trust Network Access

• Navigating the Internship Odyssey: Taking a Leap To Love Where I Work

• December 2023 Cyber Attacks Timeline

• Store manager admits SIM swapping his customers

• PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

• Nvidia Introduces Next-Generation ‘Blackwell’ AI Chips

• AI Researchers In West, China Identify AI ‘Red Lines’

• 5 Types of Crypto You Didn’t Know Existed

• Players hacked during the matches of Apex Legends Global Series. Tournament suspended

• Pentest People Announces its Assured Service Provider status for NCSC’s Cyber Incident Exercising Scheme

• Alleged AT&T (unverified) – 49,102,176 breached accounts

• Vultr Cloud Inference simplifies AI deployment

• NCSC Publishes Security Guidance For Cloud-Hosted SCADA

• Hackers Exploiting Microsoft Office Templates to Execute Malicious Code

• What are non-human identities?

• Suspected Russian Data-Wiping ‘AcidPour’ Malware Targeting Linux x86 Devices

• Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks

• Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In

• Apple In Talks With Google To Bring Gemini AI To iPhones

• Aiohttp Vulnerability in Attacker Crosshairs

• Mintlify Data Breach Leads to Exposure of Customer GitHub Tokens

• Misconfigured Firebase Instances Expose 125 Million User Records

• Microsoft Copilot for Security: General Availability details

• Cohesity partners with NVIDIA to harness the power of generative AI

• NCSC Publishes Security Guidance for Cloud-Hosted SCADA

• Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke Loader Backdoor

• US Senators Voice Support For TikTok Bill

• How ANY.RUN Malware Sandbox Process IOCs for Threat Intelligence Lookup?

• Achieving continuous compliance with Tripwire’s Security Configuration Manager

• Critical insights into Australia’s supply chain risk landscape

• Threat landscape for industrial automation systems. H2 2023

• What is Credential Harvesting? Examples & Prevention Methods

• GlobalSign PKIaaS Connector enhances ServiceNow certificate lifecycle management

• SpaceX ‘Developing Spy Satellites’ For US Agency

• Government Wants Flying Taxis In Operation By 2028

• Earth Krahang APT breached tens of government organizations worldwide

• BigID raises $60 million to accelerate AI data security innovation

• Prolific Chinese Threat Campaign Targets 100+ Victims

• Uber To Pay £149m In Settlement With Australian Taxi Drivers

• CryptoWire Ransomware Attacking Abuses Schedule Task To maintain Persistence

• Keep Your Data Safe as You Become More Productive for Just $30 Through 3/24

• Streamline your SBOM management with SBOM Manager

• Alleged A&TT (unverified) – 49,102,176 breached accounts

• E-Root Admin Sentenced to 42 Months in Prison for Selling 350,000 Credentials

• Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk

• WhiteSnake Stealer Checks for Mutex & VM Function Before Execution

• Your FAQ Guide to RSA Conference 2024

• Researchers Hack AI Assistants Using ASCII Art

• Surviving the “quantum apocalypse” with fully homomorphic encryption

• New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT

• CISA Hacked and over 70m files leaked online from AT&T database

• Microsoft Deprecate 1024-bit RSA Encryption Keys in Windows

• Why USB Attacks Are Back and How to Prevent Them

• Cybersecurity jobs available right now: March 19, 2024

• E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials

• Why is everyone talking about certificate automation?

• Outsmarting cybercriminal innovation with strategies for enterprise resilience

• Lynis: Open-source security auditing tool

• Decoding the California DMV’s Mobile Driver’s License

• UnitedHealth Says It Has Made Progress on Recovering From Massive Cyberattack

• ISC Stormcast For Tuesday, March 19th, 2024 https://isc.sans.edu/podcastdetail/8900, (Tue, Mar 19th)

• Beware Of Free wedding Invite WhatsApp Scam That Steal Sensitive Data

• NVIDIA GTC Keynote: Blackwell Architecture Will Accelerate AI Products in Late 2024

• Insider Threat Detection: Identifying Internal Risks

• EFF to California Appellate Court: Reject Trial Judge’s Ruling That Would Penalize Beneficial Features and Tools on Social Media

• Microsoft Teams Notifications Integration

• IT Security News Daily Summary 2024-03-18

• Mintlify says customer GitHub tokens exposed in data breach

• Don’t be like these 900+ websites and expose millions of passwords via Firebase

• PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released

• Fujitsu Scrambles After Malware Attack: Customer Data Potentially Breached

• Rethinking DevOps in 2024: Adapting to a New Era of Technology

• Five AI topics to discuss with your CEO

• Fujitsu reveals malware installed on internal systems, risk of customer data spill

• 5 Best Practices to Secure Azure Resources

• Exploitation activity increasing on Fortinet vulnerability

• US Government Investigating Facebook For Role In Illegal Drug Sales

• Fujitsu finds malware on company systems, investigates possible data breach

• New AcidRain Linux Malware Variant “AcidPour” Found Targeting Ukraine

• USENIX Security ’23 – Network Responses To Russia’s Invasion of Ukraine In 2022: A Cautionary Tale For Internet Freedom

• Vulnerability Summary for the Week of March 11, 2024

• cloud load balancing

• cloud application

• Fujitsu suffered a malware attack and probably a data breach

• More than 133,000 Fortinet appliances still vulnerable to month-old critical bug

• SOPS [Security Zines]

• TikTok ‘Ban’ — ByteDance CEO and EFF are BFFs

• McDonald’s Attributes Worldwide Outage to Third-Party Provider

• New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics

• SubdoMailing and the Rise of Subdomain Phishing

• C++ creator rebuts White House warning

• Cyber baddies leak 70M+ files online, claim they’re from AT&T

• Moldovan Behind E-Root Marketplace Gets US Federal Prison Term

• Tor Launches WebTunnel Bridges To Evade Censorship

• User Privacy: Reddit Discloses FTC Probe into AI Data Licensing Ahead of IPO

• CISA Publishes Repository for Software Attestation and Artifacts

• FBI and Interpol issue cyber alerts on ransomware and pig butchering scams

• Esports league postponed after players hacked midgame

• FCC Agrees to Cyber Trust Mark for IoT Products

• Repository for Software Attestation and Artifacts Now Live

• UK Government Releases Cloud SCADA Security Guidance

• USENIX Security ’23 – Wentao Guo, Jason Walter, Michelle L. Mazurek – The Role Of Professional Product Reviewers In Evaluating Security And Privacy

• Too Much Escaping Backfires, Allows Shortcode-Based XSS Vulnerability in Contact Form Entries WordPress Plugin

• Hackers Using Weaponized SVG Files in Cyber Attacks

• Productiv launches Sidekick, an AI-powered assistant for smarter SaaS management

• A Tale of Overcoming Cyber Threats with Auto Pentesting and CTEM

• North Korean Hackers’ $12M Ethereum Laundering Via Tornado Cash Unveiled

• Russian Hackers Breach Microsoft’s Security: What You Need to Know

• Over 50,000 Vulnerabilities Discovered in DoD Systems Through Bug Bounty Program

• Splunk Joins Cisco: Our Partner Ecosystems Just Got Even Stronger

• New Attack Shows Risks Of Browser Giving Websites Access To GPU

• Haiti: Machete-Wielding Militias Battle Gangs In Port-au-Prince

• STOP Ransomware Gains Stealthier Variant

• Pentagon Received Over 50k Vulnerability Reports Since 2016

• Cisco Completes $28 Billion Acquisition of Splunk

• Fujitsu Data Breach Impacts Personal, Customer Information

• Decentralised Identity: The Next Revolution Enabled by Block Chain Technology

• Microsoft Addressed ~60 Vulnerabilities With March Patch Tuesday

• New GhostRace Vulnerability In CPUs May Leak Data

• Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted

• COTI Announces Upcoming V2 Airdrop Campaign Worth +10M USD

• Embrace the Future of Remote Access: Transitioning from Legacy VPNs to SASE

• The Hidden Risks Within Ethereum’s CREATE2 Function: A Guide to Navigating Blockchain Security

• Top 40 Cybersecurity Companies You Need to Know 2024

• Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool

• Remove WordPress miniOrange plugins, a critical flaw can allow site takeover

• Cyberattack gifts esports pros with cheats, forcing Apex Legends to postpone tournament

• New Attack Shows Risks of Browsers Giving Websites Access to GPU

• Hacker Conversations: Stephanie ‘Snow’ Carruthers, Chief People Hacker at IBM X-Force Red

• Pentagon Received Over 50,000 Vulnerability Reports Since 2016

• Zero-Trust Network Access: Why so Many Teams Get it Wrong

• TRAI Updates Regulations to Prevent SIM Swap Fraud in Telecom Porting

• Deloitte unveils CyberSphere platform for simplified cyber program management

• Three New Critical Vulnerabilities Uncovered in Argo

• New Acoustic Keyboard Side Channel Attack Let Attackers Steal Sensitive Data

• Initializing Services in Node.js Application

• Google researchers unveil ‘VLOGGER’, an AI that can bring still photos to life

• See How Our Cloud-Delivered Security Services Provide 357% ROI

• Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

• Microsoft: 87% of UK Organizations Vulnerable to Costly Cyber-Attacks

• Tech giant Fujitsu says it was hacked, warns of data breach

• A New Day for Data: Cisco and Splunk

• Drones and the US Air Force

• Navigating the NSA’s New Zero-Trust Guidelines

• Cyber Security Today, March 18, 2024 – Fix this Python vulnerability, patch these industrial control system products, the latest data breaches and more

• NIST NVD Halt Leaves Thousands of Vulnerabilities Untagged

• Sign up for a Tour at the RSA Conference 2024 SOC

• Bankman-Fried Deserves Up To 50 Years In Jail, Prosecutors Say

• TikTok US Sales ‘Hit $16bn’, ByteDance Nears Meta In World Revenues

• CISA Adds JetBrains TeamCity Vulnerability To KEV Catalog

• IoT Live Patching Techniques: Securing a Future without Disruption

• Cyberattackers Exploit QEMU for Stealthy Network Tunneling

• Ransomware attack on Fujitsu Servers

• Demystifying Serverless Security: Safeguarding the Future of Cloud Computing

• Discontinued WordPress Plugin Flaw Exposes Websites to Cyber Attacks

• The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats

• PoC Published for Critical Fortra Code Execution Vulnerability

• Moldovan Operator of Credential Marketplace Sentenced to US Prison

• Nissan breach exposed data of 100,000 individuals

• Loft Labs simplifies multi-cluster Kubernetes management for Rancher users

• AI Security Company Backtracks On UK Testing Claims

• Senators Take Up TikTok Bill After Italy Fine Over Harmful Content

• ShadowSyndicate Hackers Exploiting Aiohttp Vulnerability To Access Sensitive Data

• NHS Dumfries and Galloway Warns of “Significant” Data Theft

• WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw

• McDonald’s International Outage Caused By Third Party

• Norfolk County Council Wins $490m Payout From Apple

• Hackers Launching AI-Powered Cyber Attacks to Steal Billions

• A week in security (March 11 – March 17)

• Federated Learning for Cybersecurity: Collaborative Intelligence for Threat Detection

• Firmware Monitoring is Just a Snapshot Away

• IMF Investigates Serious Cybesecurity Breach

• Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks

• Fujitsu Hacked – Attackers Infected The Company Computers with Malware

• Understanding ISO 27001:2022 Annex A.5 – Information Security Policies

• Email accounts of the International Monetary Fund compromised

• IMF Emails Hacked

• Africa Internet Outages Persist After Multiple Cables Cut

• 43 million workers potentially affected in France Travail data breach

• The UK’s Online Safety Act: a breakdown of key changes

• GBHackers Weekly Round-Up: Cyber Attacks, Vulnerabilities, Threats & New Cyber Stories

• Get on CompTIA Certification Track With These $30 Study Guides

• Infosec teams must be allowed to fail, argues Gartner

• Hackers Stolen 70 Million AT&T Sensitive Customers Data

• The TikTok Ban Bill, Your Car is Spying on You, Signal’s Username Update

• APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme

• Filipino police free hundreds of slaves toiling in romance scam operation

• Public anxiety mounts over critical infrastructure resilience to cyber attacks

• Microsoft Entra ID: The Complete Guide to Conditional Access Policies

• Harnessing the power of privacy-enhancing tech for safer AI adoption

• DarkGPT – A ChatGPT-4 Powered OSINT Tool To Detect Leaked Databases

• Quicmap: Fast, open-source QUIC protocol scanner

• The dark side of GenAI

• Protecting distributed branch office environments from ransomware

• ChatGPT side-channel attack has easy fix: token obfuscation

• ISC Stormcast For Monday, March 18th, 2024 https://isc.sans.edu/podcastdetail/8898, (Mon, Mar 18th)

• Gamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary], (Sun, Mar 17th)

Generated on 2024-03-19 23:55:58.609852