IT Security News Daily Summary 2024-03-25

• Chinese nationals charged with cyber-spying on US biz and more for Beijing

• Constella and Social Links Join Forces to Deliver Transformative OSINT Solutions

• How to Get the Most From Your Secrets Scanning

• CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog

• USENIX Security ’23 – Lukas Lamster, Martin Unterguggenberger, David Schrammel, and Stefan Mangard – HashTag: Hash-based Integrity Protection for Tagged Architectures

• Sustainability 101: What is environmental reporting?

• Vulnerability Recap 3/25/24 – More Ivanti Issues to Patch

• AI Regulation at a Crossroads

• Top 4 Industries at Risk of Credential Stuffing and Account Takeover (ATO) attacks

• It’s Shockingly Easy To Get Around Facebook’s Content Moderation Rules

• Pure Storage, Nvidia partner to democratize AI with new infrastructure solutions

• International Sting Takes Down Major Dark Web Marketplace “Nemesis Market”

• Cloud account hijacking: How it works and how to prevent it

• A Solution Engineer’s Journey into Programmability

• Over 170K users caught up in poisoned Python package ruse

• Apple Updates for MacOS, iOS/iPadOS and visionOS, (Mon, Mar 25th)

• The OODA Loop: The Military Model That Speeds Up Cybersecurity Response

• Leen Banks Early Stage Funding for Data Security Technology

• US Treasury Slaps Sanctions on China-Linked APT31 Hackers

• EU Opens Investigation Into Apple, Google, Meta

• Chinese Hackers Charged in Decade-Long Global Spying Rampage

• Over 170K users hit by poisoned Python package ruse

• What is a Deepfake?

• No KOSA, No TikTok Ban | EFFector 36.4

• Identify and Investigate Uncommon DNS Traffic

• Is it time to enforce an Authority-to-Operate (ATO) for Healthcare Organizations?

• China Steals Defense Secrets ‘on Industrial Scale’

• New Tycoon 2FA Phishing Kit Raises Cybersecurity Concerns

• 11 Types of Phishing + Tips to Prevent Phishing Attacks

• Puppet’s devops report plumbs the benefits of platform engineering

• MixMode Garners Spot in 2024 CRN® Partner Program Guide

• USENIX Security ’23 – Design Of Access Control Mechanisms In Systems-On-Chip With Formal Integrity Guarantees

• Are GPUs Ready for the AI Security Test?

• This Security Flaw Enables Hackers to Unlock Millions of Hotel Doors

• Notorious Nemesis Market Seized by German Police

• Securing your home network is long, tiresome, and entirely worth it, with Carey Parker: Lock and Code S05E07

• Building Resiliency in the Face of Ransomware

• Hackers steal Roku credit card details to make fraudulent purchases

• March 2024 Web Server Survey

• UK blames China for massive breach of voter data

• Simplify Manufacturing Operations with Cloud Platforms

• Tech trade union confirms cyberattack behind IT, email outage

• UK Blames China for 2021 Hack Targeting Millions of Voters’ Data

• Fake Ozempic Deals on the Rise as Experts Warn of Phishing Scams

• #MIWIC2024: Lianne Potter, Head of SecOps at ASDA and Cyber Anthropologist at Compromising Positions

• The National Cybersecurity Strategy One Year Later

• 3 important lessons from a devastating ransomware attack

• Authorities Warn of AI Being Employed by Scammers to Target Canadians

• Mule Recruitment Scheme: Scammers Making Innocents Accomplices Into Money Laundering

• Mozilla fixes $100,000 Firefox zero-days following two-day hackathon

• Differentiated Experience with Cisco Catalyst Center and CX Services

• Iran-Linked APT TA450 embeds malicious links in PDF attachments

• Some 300,000 IPs Vulnerable To This Loop DoS Attack

• Biden Administration To Accuse Chinese Hackers Of Targeting US Companies In Espionage Campaign

• Developers Hacked In Sophisticated Supply Chain Attack

• Mozilla Patches Firefox Zero Days Exploited At Pwn2Own

• Why Digital Trust Has Become More Critical Than Cybersecurity & Privacy

• Does Zero Trust Improve Productivity?

• Evasive Sign1 Malware Hits 39,000 WordPress Sites in Widespread Cyber Assault

• How Hackers Breached 3 Million Hotel Keycard Locks

• Sekoia.io and GLIMPS: a new example of interoperability within the Open XDR platform

• GoFetch security exploit can’t be disabled on M1 and M2 Apple chips

• Over 100 Organizations Targeted in Recent ‘StrelaStealer’ Attacks

• Microsoft To Ban 50+ Products For Users In Russia

• 170K+ Python Developers GitHub Accounts Hacked in Supply Chain Attack

• Interos Resilience Watchtower enables companies to monitor vulnerabilities

• Russian Hackers Attacking Political Parties In Recent Cyber Attacks

• Exclusive: Foundational emerges from stealth with $8 million to tackle data quality and AI readiness challenges

• CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate SQL Injection Vulnerabilities

• Linux Kernel 6.8 Released: New Features and Hardware Support

• What is Key Management?

• Tax Scams Ramping Up as the April 15 Deadline Approaches

• New GEOBOX Tool Hijacks Raspberry Pi, Lets Hackers Fake Location

• StrelaStealer Malware Hacked 100+ Organizations Across The EU And U.S

• Martin Lund Joining Cisco’s Executive Leadership Team

• Cybersecurity Threats in Global Satellite Internet

• Scammers steal millions from FTX, BlockFi claimants

• Key Lesson from Microsoft’s Password Spray Hack: Secure Every Account

• Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others

• Unsaflok Flaws Allow Unlocking Saflok Door Locks With Forged Cards

• Beware of New ‘HelloFire’ Ransomware Actor Mimic as a Pentester

• Agent vs. agentless security: Learn the differences

• Cyber Security Today, March 25, 2024 – A suspected China threat actor going after unpatched F5 and ScreenConnet installations

• Linux Admins Beware! Fake PuTTY Client that Installs Rhadamanthys stealer

• Top Python Developers Hacked in Sophisticated Supply Chain Attack

• The Online Safety Act: new digital offences in the UK

• Amazon Challenges £28m French Fine Over Worker Monitoring

• Russian Hackers Lure German Politicians With Fake Dinner Party Invite

• Linux Admins Beware! Fake PuTTY Client that Rhadamanthys stealer

• StrelaStealer targeted over 100 organizations across the EU and US

• Step-by-Step Guide to Creating Your First Crypto Wallet

• The best VPN trials of 2024

• White House Nominates First Assistant Secretary of Defense for Cyber Policy

• Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own

• Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit

• SMIC ‘May Have Violated’ US Law In Producing Advanced Chip

• Trump’s Truth Social Moves Closer To $5bn Merger

• The best travel VPNs of 2024: Expert tested and reviewed

• Time to examine the anatomy of the British Library ransomware nightmare

• APT29 hit German political parties with bogus invites and malware

• New “GoFetch” Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys

• Police Bust Multimillion-Dollar Holiday Fraud Gang

• Payments Regulator Probing String Of Payments Failures

• Microsoft Pays Anthropic AI $650m After Poaching Staff

• A week in security (March 18 – March 24)

• Russian Cozy Bear Group Targets German Politicians

• 10 cloud development gotchas to watch out for

• The Looming Cyber Threat in Real Estate

• Managed Cybersecurity Services Secure Modern Environments

• GoFetch side-channel attack against Apple systems allows secret keys extraction

• Kubernetes RCE Vulnerability Allows Remote Code Execution

• Fears Over ‘Mass Surveillance’ With Bill Changes

• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks

• Data Security Trends: 2024 Report Analysis

• The ISO 27000 family of protocols and their role in cybersecurity

• Hackers Claiming Unauthorized Access to the Fortinet Devices of Many Companies

• That Asian meal you eat on holidays could launder money for North Korea

• Understanding the Various Types of DDoS Attacks and Their Implications

• 20 essential open-source cybersecurity tools that save you time

• Over 40m UK voters personal data breached in hack by China

• 8 cybersecurity predictions shaping the future of cyber defense

• Hackers Transform the Raspberry Pi into an Online Anonymity Tool

• How immersive AI transforms skill development

• Scams are becoming more convincing and costly

• Cybersecurity Automation: Enhancing SOC Efficiency

• Cybercriminals use ChatGPT’s prompts as weapons

• Tool updates: le-hex-to-ip.py and sigs.py, (Sun, Mar 24th)

• ISC Stormcast For Monday, March 25th, 2024 https://isc.sans.edu/podcastdetail/8908, (Mon, Mar 25th)

• Penetration Testing: Assessing Security Posture

• Microsoft confirms memory leak in March Windows Server security update

• IT Security News Weekly Summary – Week 12

• IT Security News Daily Summary 2024-03-24

• Some 300,000 IPs vulnerable to this Loop DoS attack

• Controversy Surrounds Flipper Zero Amid Car Theft Concerns

• Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

• USENIX Security ’23 – Jinwen Wang, Yujie Wang, Ao Li, Yang Xiao, Ruide Zhang, Wenjing Lou, Y. Thomas Hou, Ning Zhang – ARI: Attestation of Real-time Mission Execution Integrity

• Unpatchable Security Flaw in Apple Silicon Macs: A Cryptocurrency Nightmare

• Critical Flaw Identified in Apple’s Silicon M-Series Chips – And it Can’t be Patched

• General Motors Ceases Sharing Driver Behavior Data with Data Brokers

• Unveiling the MaaS Campaign: Safeguarding Android Users in India

• Akamai Research Exposes Vulnerability: APIs Now Prime Targets for 29% of Web Attacks

• Classic Information Security Management Errors

• The Rise of Open-Source AI: How Companies like Mistral AI are Shaping the Future

• Cybercriminals Accelerate Online Scams During Ramadan and Eid Fitr

• Vans claims cyber crooks didn’t run off with its customers’ financial info

• Federal, State, Local Cyber Leaders Meet to Discuss Threats

• Week in review: Ivanti fixes RCE vulnerability, Nissan breach affects 100,000 individuals

• Building Resilient Web Applications on AWS: A Comprehensive Approach to Security

• N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks

• German Police Seize ‘Nemesis Market’ in Major International Darknet Raid

• Sign1 Malware Hijacked 39,000 WordPress Websites

• Cloud Security Best Practices: Protecting Cloud Environments

• Get A Day’s Schedule From Fantastical On The Command Line With Shortcuts

• Prioritizing Action After the Threat Headlines

• How to Identify and Respond to End-of-Life and Out-of-Service Operating Systems?

Generated on 2024-03-25 23:55:33.291754