IT Security News Daily Summary 2024-03-22

• Unsaflok flaws allow to open millions of doors using Dormakaba Saflok electronic locks

• Chinese snoops use F5, ConnectWise bugs to sell access into top US, UK networks

• Empowering Developers With Scalable, Secure, and Customizable Storage Solutions

• Chinese snoops use F5, ConnectWise bugs to sell access to top US, UK networks

• JumpCloud vs Okta (2024): IAM Software Comparison

• What It Takes to be a Cybersecurity Professional: The Non-Technical Skills You Need

• Cybersecurity: The Core of Computer Science Expertise

• New Go loader pushes Rhadamanthys stealer

• Cyber Security Today, Week in Review for week ending Friday, March 22, 2024

• Java 22 brings security enhancements

• Top 6 Google Authenticator Alternatives in 2024

• Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

• AT&T won’t say how its customers’ data spilled online

• Cops Running DNA-Manufactured Faces Through Face Recognition is Tornado of Bad Ideas

• Canada revisits decision to ban Flipper Zero

• Why SSH Certificates Can Be A Better Option For Remote Access Than SSH Keys

• Randall Munroe’s XKCD ‘Moon Armor Index’

• RaaS Groups Go Recruiting in Wake of LockBit, BlackCat Takedowns

• Apple M-Series FAIL: GoFetch Flaw Finds Crypto Keys

• China Relaxes Some Security Review Rules For Data Exports

• Apple Lawsuit: US Says iPhone Monopoly Undermines Security

• Hackers Can Unlock Over 3 Millions Hotel Doors In Seconds

• FBI Reports Surge in Cryptocurrency Scams, Highlighting Growing Threat of Confidence Scams

• Thousands of WordPress Websites Hacked with New Sign1 Malware

• CISA, NSA, FBI and Five Eyes Issue New Alert on Chinese APT Volt Typhoon

• CISA, DC HSEMA and Regional Partners Conduct Exercise to Ensure National Capital Region Water Service Resilience

• Democratizing Development: The Rise of No-Code Platforms

• Security expert Chris Krebs on TikTok, AI and the key to survival (part 2)

• 3 million doors open to uninvited guests in keycard exploit

• Data protection impact assessment template and tips

• UN Adopts Resolution Backing Efforts to Ensure Artificial Intelligence is Safe

• Russian APT29 Hackers Caught Targeting German Political Parties

• Is Your Data Safe? Fujitsu Discovers Breach, Customers Warned

• IONIX Advances Industry Leading Attack Surface Management (ASM) Platform With Centralized Threat Center for Swift Zero-day Response

• Privacy concerns makes Airbnb ban security cameras indoors

• 8 Best Enterprise Password Managers

• #MIWIC2024: Chelsea Jarvie, CISO and Director at Neon Circle

• Vans Warns Consumers of Fraudsters Following ALPHV Data Breach

• NIA Investigates Cyberattack on Aerospace Research Firm

• Strengthening Cyber Resiliency through Collaboration

• Hardware-level Apple Silicon vulnerability can leak cryptographic keys

• In Other News: Google’s PQC Threat Model, Keyboard Sounds Expose Data, AI Roadmap

• ‘Brain Weasels’: Impostor Syndrome in Cybersecurity

• Ransomware Group Takes Credit for Attack on Boat Dealer MarineMax

• Click Farms: How to Block Click Farming & Protect Your Ads

• The Impact of Click Spamming On Your Business & How You Can Prevent It

• What is PPC Bot Traffic? 5 Methods for Securing Ad Campaigns

• New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S.

• Building Bridges: The Power of Purpose Alignment for Positive Impact

• The human impact of ransomware attacks: how can businesses protect their security professionals?

• UN Adopts First Global Resolution For Artificial Intelligence

• The DOJ Puts Apple’s iMessage Encryption in the Antitrust Crosshairs

• AI Trends in Program Management

• CrowdStrike Enhances Cloud Detection and Response (CDR) Capabilities to Protect CI/CD Pipeline

• AWS Patches Critical ‘FlowFixation’ Bug in Airflow Service to Prevent Session Hijacking

• Investors’ pledge to fight spyware undercut by past investments in US malware maker

• NVD slowdown leaves thousands of vulnerabilities without analysis data

• US Government Issues New DDoS Mitigation Guidance

• 39,000 Websites Infected in ‘Sign1’ Malware Campaign

• New AcidPour Wiper Targeting Linux Devices Spotted in Ukraine

• How to build a data protection policy, with template

• Application Security for Dummies: The Only Way Forward

• The Rise of Temu: A Game-Changer in Online Shopping

• US Government Releases New DDoS Attack Guidance for Public Sector

• Top Zero Trust Platforms Evaluated by Miercom: Check Point Ranks #1

• Implementing Risk Compliance and Management in Linux Systems: A Practical Guide

• US organizations targeted with emails delivering NetSupport RAT

• EFF and 34 Civil Society Organizations Call on Ghana’s President to Reject the Anti-LGBTQ+ Bill

• Nvidia Unveils Latest AI Chip, Promising 30x Faster Performance

• China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws

• Modern Digital Authentication Protocols

• AI is changing cybersecurity and businesses must wake up to the threat

• Introducing Cisco XDR Playbooks: Finding the balance in automating and guiding incident response

• DTX + UCX Manchester is Back: Global brands, cutting-edge technology and world-renowned speakers take centre stage

• Cybaverse launches new platform to streamline cyber security management for organisations and MSPs

• New ‘GoFetch’ Apple CPU Attack Exposes Crypto Keys

• Saflok Lock Vulnerability Can Be Exploited to Open Millions of Doors

• BlueFlag Security Emerges From Stealth With $11.5M in Funding

• Cyber Security Today, March 22, 2024 – Mac CPUs are vulnerable to encrypted key theft, white hat hackers win a second Tesla, and more

• CISA: Here’s how you can foil DDoS attacks

• Google Cloud Launches Security Command Center Enterprise

• UK Gives Three, Vodafone Five Days To Avoid In-depth Merger Probe

• Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days

• Implementing Zero Trust Controls for Compliance

• New Loop DoS Attack Can Cause Indefinite System Crash

• Google Pays $10M in Bug Bounties in 2023

• I-Soon Leak: Exposing China’s Cyber Espionage

• Large-Scale StrelaStealer Campaign in Early 2024

• Reddit Shares Surge After Successful NYSE IPO

• DHCP Hacked to Escalate Privileges in Windows Domains

• Exploit Released For Critical Fortinet RCE Flaw: Patch Soon!

• One-Click AWS Vulnerability Let Attackers Takeover User’s Web Management Panel

• Tesla, OS, Software Exploits Earn Hackers $1.1 Million at Pwn2Own 2024

• OpenSSL 3.3 Alpha Release Live

• Upcoming Webinar: Writing Your First OpenSSL Application

• Unmasking the Vulnerabilities in Telecom Signaling: A Call for Enhanced Security

• Silicon UK In Focus Podcast: Circular Computing Equals a Circular Economy

• Understanding ISO 27001:2022 Annex A.7 – Human Resource Security

• TeamCity Vulnerability Exploits Leads to Surge in Ransomware Attacks

• TinyTurla Evolved TTPs To Stealthly Attack Enterprise Organizations

• How Microsoft Incident Response and Microsoft Defender for Identity work together to detect and respond to cyberthreats

• Unsaflok Vulnerability Lets Hackers Open 3M+ Hotel Doors in Seconds

• MediaWorks – 162,710 breached accounts

• Evasive Panda Cyber Attacks: Threat Actor Targets Tibetans

• Ex-Secret Service agent and convicted hacker share stage at GISEC Global

• Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded ‘AcidPour’ Malware

• U.S. Justice Department Sues Apple Over Monopoly and Messaging Security

• Thoughts on AI and Cybersecurity

• Balancing functionality and privacy concerns in AI-based Endpoint Security solutions

• Apple Chip Flaw Lets Hackers Steal Encryption Keys

• Researchers Propose An Invisible Backdoor Attack Dubbed DEBA

• DOJ calls Apple’s privacy justifications an ‘elastic shield’ for financial gains

• Attackers are targeting financial departments with SmokeLoader malware

• Russia bans Microsoft followed by Amazon and Google

• Unraveling the Cyber Threats Lurking Behind QR Codes

• Shadow AI is the latest cybersecurity threat you need to prepare for

• Organizations under pressure to modernize their IT infrastructures

• Inside the book – See Yourself in Cyber: Security Careers Beyond Hacking

• New infosec products of the week: March 22, 2024

• 95% of companies face API security problems

• Russian Hackers Target Ukrainian Telecoms with Upgraded ‘AcidPour’ Malware

• A Practical Guide to the SEC Cybersecurity Rules

• Paid Cybersecurity Courses: Why They Are Not the Solution for Security Awareness

• IoT Security Best Practices: Safeguarding Connected Devices

• ISC Stormcast For Friday, March 22nd, 2024 https://isc.sans.edu/podcastdetail/8906, (Fri, Mar 22nd)

• Akamai Customer Trust Built on Partnership and Best User Experience

• Getting Started With NCache Java Edition (Using Docker)

• Security Awareness Training: Building a Cyber-Resilient Culture

• Threat Actors Dropping Multiple Ransomware Variants

• A Look At Threat Intel Through The Lens Of Kimsuky

• Truck-to-truck worm could infect – and disrupt – entire US commercial fleet

• Securing Cloud Storage Access: Approach to Limiting Document Access Attempts

• Cross Tenant Microsoft 365 Migration

• IT Security News Daily Summary 2024-03-21

• Role-Based Multi-Factor Authentication

• Transforming communities, one drop of water at a time

• Critical Fortinet’s FortiClient EMS flaw actively exploited in the wild

• FBI v the bots: Feds urge denial-of-service defense after critical infrastructure alert

• Apple’s iMessage Encryption Puts Its Security Practices in the DOJ’s Crosshairs

• Patch Ivanti Standalone Sentry and Ivanti Neurons for ITSM now

• The Role of Data Brokers in Software Development: Navigating Ethics and Privacy Concerns

• Microsoft faces bipartisan criticism for alleged censorship on Bing in China

• Can Parents See Internet History on Wi-Fi?

• 1Password Review: Features, Pros, Cons & Pricing 2024

• Congress votes unanimously to ban brokers selling American data to enemies

• Exploring the Comprehensive World of Burp Suite

• Nothing Scares the PRC More Than a Russian Defeat in Ukraine

• Lost Crypto Wallet? New Firm Promises Ethical, Transparent and Inexpensive Recovery

• New Bipartisan Bill Would Require Online Identification, Labeling of AI-Generated Videos and Audio

• Facebook Shuts Down Critical Tool For Tracking Fake News

• Microsoft, Meta, X, Match Group Challenge Apple App Store Terms

• Pwn2Own Vancouver 2024 Day 1 – team Synacktiv hacked a Tesla

• How To Respond To An AWS Key Honeytoken Trigger: A Detailed Guide

• USENIX Security ’23 – Sparsity Brings Vulnerabilities: Exploring New Metrics in Backdoor Attacks

• CISA, NSA, Others Outline Security Steps Against Volt Typhoon

• Unpatched Zephyr OS Expose Devices to DoS Attacks via IP Spoofing

• Why adversarial AI is the cyber threat no one sees coming

• “Pig butchering” is an evolution of a social engineering tactic we’ve seen for years

• DataDome Releases Ruby Server-Side Integration

• USENIX Security ’23 – A Data-Free Backdoor Injection Approach In Neural Networks

• Sentry, GitHub Use AI to Help Fix Coding Errors

• GPT-4 ‘Kinda Sucks’ Admits Sam Altman, Says GPT-5 Will Be Better

• Remote Work Security Tips for Developers

• Pwn2Own 2024 Awards $700k as Hackers Pwn Tesla, Browsers, and More

• 6 Most Secure Cloud Storage Solutions in 2024 Reviewed

• Cisco portfolio for manufacturing: What can we help you solve today?

• Massive Data Breach Sends Shockwaves Through Businesses

• Russia Hackers Using TinyTurla-NG to Breach European NGO’s Systems

• US Treasury Targets Russian Entities in Cyber Influence Campaign

• Whois “geofeed” Data, (Thu, Mar 21st)

• US Government, US States Sue Apple For Smartphone Monopoly

• Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)

• Now FCC endorses IoT products with Cyber Trust Mark Logo

• NCC Group: Ransomware attacks jump 73% in February

• Dymium Snags $7M to Build Data Security Platform with Secure AI Chat

• Sentry, GitHub Use AI to Help Fixing Coding Errors

• Critical Bug in aiohttp: Ransomware Attackers On A Roll

• US Legislation Targets Data Sharing With Foreign Adversaries

• Neuralink Livestreams Chip-Implant Patient Playing Chess

• Yacht dealer to the stars attacked by Rhysida ransomware gang

• Tarsal Raises $6 Million for Security Data Movement Platform

• House Passes Bill Barring Sale of Personal Information to Foreign Adversaries

• Tiktok Ban: China Criticizes a Proped Bill in the US Congress

• The Cisco Observability Platform is the right solution at the right time

• 5 Ways SMB Leaders Can Make Better IT Decisions

• Fairness is a Critical And Challenging Feature of AI

• Over 800 npm Packages Found with Discrepancies, 18 Exploitable to ‘Manifest Confusion’

• How I got started: Ransomware negotiator

• How to avoid internet black holes for the network

• New chapter begins as ENISA celebrates 20 years of strengthening cybersecurity

• Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds

• Ransomware, RATs, And More Deployed On Compromised TeamCity Servers

• Exposed: Chinese Smartphone Farms That Run Thousands Of Barebone Mobes To Do Crime

• $200,000 Awarded At Pwn2Own 2024 For Tesla Hack

• The art and science of product security: A deep dive with Jacob Salassi

• Premiums Affected as Internet-Connected Cars Share Data with Insurers

• CISA, FBI, and MS-ISAC Release Update to Joint Guidance on Distributed Denial-of-Service Techniques

• A Recognized Leader in SSE

• MIWIC2024: Rebecca Taylor, Threat Intelligence Knowledge Manager at Secureworks

• Ivanti Patches Critical Vulnerabilities in Standalone Sentry, Neurons for ITSM

• Watch Now: Supply Chain & Third-Party Risk Summit 2024

• Vulnerability Allowed One-Click Takeover of AWS Service Accounts

• Microsoft Patches Xbox Vulnerability Following Public Disclosure

• Risk and Regulation: Preparing for the Era of Cybersecurity Compliance

• Vishal Rao joins Skyhigh Security as CEO

• AttackIQ Ready! 2.0 enables organizations to validate their cyber defense

• AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials

• Hacker Pleads Guilty For Stealing 132,000+ Users Data

• Nemesis Market: Leading Darknet Market Seized

• DOT to investigate data security and privacy practices of top US airlines

• IoT Consumer Labeling Goes Global – What This Means for Vendors and Consumers

• Deceptive Calls in Kolkata, Residents Targeted in Elaborate Scam

• Security Leaders Acknowledge API Security Gaps Despite Looming Threat

• New details on TinyTurla’s post-compromise activity reveal full kill chain

• Best Practices for AI Training Data Protection

• Making Sport of Sports: The Growing Cyber Threat to Global Sports Events in 2024

• The Student-Centric Experience: Technologies

• A Decade of Trust — Meeting the Needs of the DoD

• Ordr Taps AI to Augment Attack Surface Management

• Veritas Backup Exec enhancements protect SMBs’ critical data

• Apricorn releases 24TB hardware encrypted USB drive

• ICO Probes Kate Middleton Medical Record Breach

• Five Steps to Overcoming Cyber Complacency

• Why Browser Security Matters More Than You Think

• GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta

• Microsoft Warns of New Tax Returns Phishing Scams Targeting You

• Keeper Security Bolsters Administrative Control Over Passwords and Privileged Access Management With UI Updates and Streamlined Onboarding

• Q4 2023 Cyber Attacks Statistics

• Disinformation and Elections: EFF and ARTICLE 19 Submit Key Recommendations to EU Commission

• UK council won’t say whether two-week ‘cyber incident’ impacted resident data

• EPA and White House Send Water Industry Cybersecurity Warning

• Public AI as an Alternative to Corporate AI

• LogicGate introduces cyber and operational risk suite offerings

• GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws

• How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

• North Korea’s Kimsuky Group Equipped to Exploit Windows Help files

• White House Warns Of Cyberattacks On US Water Infrastructure

• New Application-Layer Loop DoS Attack – 300,000 Online Systems At Risk

• 19 million plaintext passwords exposed by incorrectly configured Firebase instances

• Kyndryl partners with Cloudflare to help enterprises migrate to next-generation networks

• Fake Obituary Sites Send Grievers to Porn and Scareware Pages

• Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention

• Quick Glossary: Cybersecurity Countermeasures

• Ivanti urges customers to fix critical RCE flaw in Standalone Sentry solution

• Intel To Spend $100bn In US, After Biden’s $20bn Award

• $200,000 Awarded at Pwn2Own 2024 for Tesla Hack

• Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware

• Hackers Claimed to have Breached the Israeli Nuclear Facility’s Networks

• Making Sense of Operational Technology Attacks: The Past, Present, and Future

• Security Researchers Win Second Tesla At Pwn2Own

• Phishing Campaign Uses Microsoft Office Docs to Spread NetSupport RAT

• NIST’s National Vulnerability Database Put CVE Enrichment on Hold

• U.S. Sanctions Russians Behind ‘Doppelganger’ Cyber Influence Campaign

• Authorities Dismantle Grandoreiro Banking Malware Operation

• Recent Windows Server Updates Trigger Domain Controller Reboots & Crash

• New Loop DoS attack may target 300,000 vulnerable hosts

• AI Transparency: Why Explainable AI Is Essential for Modern Cybersecurity

• Aligning With NSA’s Cloud Security Guidance: Four Takeaways

• Python Snake Info Stealer Spreading Via Facebook Messages

• GitHub’s New AI Tool that Fixes Your Code Automatically

• Exposed: Chinese smartphone farms that run thousands of barebones mobes to do crime

• Ransomware turns innovative and hides in websites where files are being uploaded

• It’s 2024 and North Korea’s Kimsuky gang is exploiting Windows Help files

• Fake data breaches: Countering the damage

• Bridging the Gap: Integrating SOCs into Application Security for Enhanced Cyber Resilience

• Using cloud development environments to secure source code

• WebCopilot: Open-source automation tool enumerates subdomains, detects bugs

• Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability

• Secrets sprawl: Protecting your critical secrets

• Malware stands out as the fastest-growing threat of 2024

• Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug

• The Not-so-True People-Search Network from China

• Mobile Device Security: Protecting Your Smartphone

• ISC Stormcast For Thursday, March 21st, 2024 https://isc.sans.edu/podcastdetail/8904, (Thu, Mar 21st)

• Controversial Clearview AI Added to US Government’s Tech Marketplace

• Cybersecurity for Small Businesses: Essential Protection

• How to Build a Phishing Playbook Part 3: Playbook Development

• New Loop DoS Attack Threatens Hundreds of Thousands of Systems

Generated on 2024-03-22 23:55:49.272852