IT Security News Daily Summary 2024-03-29

• Malicious backdoor sneaks into xz, Linux world’s data compression library and tool

• U.S. Supreme Court Does Not Go Far Enough in Determining When Government Officials Are Barred from Censoring Critics on Social Media

• Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching

• Friday Squid Blogging: The Geopolitics of Eating Squid

• Facebook Accused Of Censoring Reproductive Health Content

• TheMoon Malware Returns: 6,000 Asus Routers Hacked in 72 Hours

• Honey, I Lost My Credentials! Finding Plaintext Credentials on the Internet

• Cyber Security Today, Week in Review for the week ending Friday, March 29, 2024

• What Is Data Loss Prevention (DLP)? Definition & Best Practices

• ‘Darcula’ PhaaS Campaign Sinks Fangs into Victims

• 5 tips for building a cybersecurity culture at your company

• Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094

• Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)

• The Pentagon Cybersecurity Strategy For Defense Industrial Bases

• Nvidia’s Newborn ChatRTX Bot Patched For Security Bugs

• The Complexity And Need To Manage Mental Well-Being In The Security Team

• Ubuntu Will Manually Review Snap Store After Crypto Wallet Scams

• JetBrains Keeps Mum On 26 Security Problems Fixed After Rapid7 Spat

• PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found

• The Rising Energy Demand of Data Centres and Its Impact on the Grid

• Data Breach Alert: 3TB of NHS Scotland Data Held Ransom by Cyber Threat

• The Netherlands To Spend Billions To Retain ASML Operations

• MFA bombing taken to the next level

• How to Conduct an Internal Audit: A Comprehensive Guide

• Meet the Phishing service platform named Darcula

• Hot Topic customers targeted by Credential Stuffing attacks

• Kiosks in Brookline is Tracking Cell Phone Data

• Smartphone Shipments To Rebound In 2024, Says Counterpoint

• ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

• Manufacturing on the Cyber Frontlines: Enhancing Cybersecurity on the Factory Floor

• Collaboration Innovation at Enterprise Connect 2024

• In Other News: Airline Privacy Review, SEC’s SolarWinds Hack Probe, Apple MFA Bombing

• SydeLabs Emerges From Stealth Mode With $2.5 Million in Funding

• Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in Seconds

• Payment authorization and one-time passwords – Mobile Token

• Hacker Generates 1 Billion CGT Tokens Valued at $40 Million within Curio Ecosystem

• IdeaSoft To Launch an Innovative Perpetual DEX on INTMAX’s Open-source L2 Plasma Next

• Restricting Flipper is a Zero Accountability Approach to Security: Canadian Government Response to Car Hacking

• How to back up your iPhone to iCloud

• How to back up your iPhone to a Mac

• How to back up your iPhone to a Windows computer

• How to back up your Windows 10/11 PC to OneDrive

• How to back up your Mac

• CISA Launches New Cyber Incident Reporting Rules for US Defense Contractors

• World Backup Day 2024: Navigating the Future of Cyber security with Cloud Solutions

• Pentagon Outlines Cybersecurity Strategy for Defense Industrial Base

• Exclusive: Waffle House Risk Index 1.0 Open For Public Comment Period

• CRM Backup Trends to Watch on World Backup Day

• TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

• China Bans Intel, AMD Chips, Windows OS From Government Computers

• Cisco warns of password-spraying attacks targeting Secure Firewall devices

• Making Our Infrastructure Resilient: 5 Priorities for Security R&D

• Energy Department Invests $15 Million in University Cybersecurity Centers

• The Complexity and Need to Manage Mental Well-Being in the Security Team

• Data Highways: Navigating the Privacy Pitfalls of New Automobiles

• Unveiling the New Era of Hacking Ethics: Profit Over Principles

• Microsoft unveils safety and security tools for generative AI

• The Power of ISP Proxies: Unlocking Local Content and Resources

• Linux Kernel Privilege Escalation Vulnerability (CVE-2024-1086) Alert

• Industrial Enterprise Operational Technology Under Threat From Cyberattacks

• WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

• Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

• The Golden Age of Automated Penetration Testing is Here

• Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

• Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

• Lessons from a Ransomware Attack against the British Library

• 26 Security Issues Patched in TeamCity

• Massachusetts Health Insurer Data Breach Impacts 2.8 Million

• Cyber Security Today, March 29, 2024 – PyPI repository shuts to stop malicious uploads, a plea to developers to stop creating apps with SQL vulnerabilities, and more

• New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking

• Stream.Security unveils threat investigation and AI-powered remediation capabilities

• American fast-fashion firm Hot Topic hit by credential stuffing attacks

• LockBit Hacker Sentenced To 4 Years Jail Plus Fined $860K

• Understanding the Surge in Cyber Kidnapping: Exploring the Factors Behind the Rise

• IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

• Understanding ISO 27001:2022 Annex A.6 – Organization of Information Security

• Quick Forensics Analysis of Apache logs, (Fri, Mar 29th)

• How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

• Symmetry Systems Ramps Up Hybrid-Cloud Data Security with $15 Million Series A Funding

• PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers

• AI abuse and misinformation campaigns threaten financial institutions

• How much does cloud-based identity expand your attack surface?

• Advanced cybersecurity strategies boost shareholder returns

• Cloud Security Posture Management (CSPM): Ensuring Cloud Compliance

• What is Threat Management?

• New infosec products of the week: March 29, 2024

• England Cricket – 43,299 breached accounts

• C2A Security’s EVSec Platform: Driving Cybersecurity Compliance in the Automotive Industry

• Next-Generation Firewall (NGFW): Enhancing Network Security

• ISC Stormcast For Friday, March 29th, 2024 https://isc.sans.edu/podcastdetail/8916, (Fri, Mar 29th)

• Thread Hijacking: Phishes That Prey on Your Curiosity

• Tax scams: Scams to be aware of this tax season

• The Importance of User Roles and Permissions in Cybersecurity Software

• IT Security News Daily Summary 2024-03-28

• SydeLabs raises $2.5M seed to develop an intent-based firewall guard for AI

• New iMessage Phishing Campaign Targets Postal Service Users Globally

• Activision investigating password-stealing malware targeting game players

• Go Big & Go Chrome: Strengthen Cybersecurity in Education, the Enterprise & Beyond

• Stopping a K-12 cyberattack (SolarMarker) with ThreatDown MDR

• Powering the future of ThreatDown with AI

• Unleashing generative AI’s power: Secure the future of your enterprise at the Atlanta AI Impact Tour (April 10th)

• LastPass Review 2024: Features, Pricing, Pros & Cons

• Jeffrey Epstein’s Island Visitors Exposed by Data Broker

• Cisco addressed high-severity flaws in IOS and IOS XE software

• Apple OTP FAIL: ‘MFA Bomb’ Warning — Locks Accounts, Wipes iPhones

• Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

• sensitive information

• retina scan

• Malware Upload Attack Hits PyPI Repository

• Enter the substitute teacher

• Wilder World Launches on Epic Games Store as The First ‘GTA of Web3’ Game

• US offers $10M to help catch Change Healthcare hackers

• Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries

• FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

• CISA Urges Patching Microsoft SharePoint Vulnerability (CVE-2023-24955)

• PyPI Inundated by Malicious Typosquatting Campaign

• Microsoft wants to stop you from using AI chatbots for evil

• JetBrains keeps mum on 26 ‘security problems’ fixed after Rapid7 spat

• Elon Musk Orders FSD Demo For Every Tesla US Sale

• Google: Zero-Day Attacks Rise, Spyware and China are Dangers

• Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack

• PyPI Suspends New Projects and Users Due to Malicious Packages

• C2A Security’s EVSec Risk Management and Automation Platform Gains Automotive Industry Favor as Companies Pursue Regulatory Compliance

• Sam Bankman-Fried Sentenced To 25 Years In Prison

• Splunk Patches Vulnerabilities in Enterprise Product

• Checkmarx Aligns With Wiz to Improve Application Security

• GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

• Ransomware Strikes Tarrant Appraisal District

• Unmasking Cyber Shadows: New Zealand’s Battle Against State-Backed Hackers

• Wordfence Intelligence Weekly WordPress Vulnerability Report (March 18, 2024 to March 24, 2024)

• NHS patient data published on the Dark Web

• Facebook spied on Snapchat users to get analytics about the competition

• Nvidia’s newborn ChatRTX bot patched for security bugs

• Darcula Phishing Network Leveraging RCS and iMessage to Evade Detection

• US Treasury Urges Financial Sector to Address AI Cybersecurity Threats

• OpenSSL at FOSDEM 24

• Cisco Releases Security Updates for Multiple Products

• Celebrating Women’s History Month and International Women’s Day at Fortinet

• Cyberespionage Campaign Targets Government, Energy Entities in India

• Cybersecurity Mesh: Overcoming Data Security Overload

• Zero-day exploitation surged in 2023, Google finds

• Amazon Pumps Another $2.75 Billion Into Anthropic

• Partnering for Purpose: Bridging the Gender Gap in Leadership Development

• Key Differences in Securing OT & IT Environments

• Facebook Spied on Users’ Snapchat Traffic in a Covert Operation, Documents Reveal

• New ZenHammer Attack Bypasses RowHammer Defenses on AMD CPUs

• NIST Unveils New Consortium to Operate its National Vulnerability Database

• Robust remote access security for the utilities sector advances with Zero Trust

• GoPlus Report: Blockchain Networks Using API Security Data to Mitigate Web3 Threats

• Masa Network Integrates with LayerZero to Power Its Cross-chain AI Data Network

• These 17,000 Microsoft Exchange Servers Are A Ticking Time Bomb

• Sellafield To Be Prosecuted For IT Security Offenses

• Sam Bankman-Fried’s Sentencing Hearing Over FTX Fraud Begins Today

• Coro Raises $100 Million for All-in-One Security Platform

• Cybersecurity Infrastructure Investment Crashes and Burns Without Governance

• ‘Tycoon’ Malware Kit Bypasses Microsoft and Google Multifactor Authentication

• Snowflake Data Clean Rooms helps organizations preserve the privacy of their data

• C2A Security’s EVSec Platform Gains Automotive Industry Traction for Compliance

• Zoom Unveils AI-Powered All-In-One AI Work Workplace

• Wireshark 4.2.4 Released: What’s New!

• How will the Merck settlement affect the insurance industry?

• Making applications more sustainable with Cisco

• From ChatBot To SpyBot: ChatGPT Post Exploitation

• US critical infrastructure cyberattack reporting rules inch closer to reality

• Using Generative AI to Understand How an Obfuscated Script Works

• Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework

• AppViewX partners with Fortanix to address critical enterprise security challenges

• New Webinar: Avoiding Application Security Blind Spots with OPSWAT and F5

• NIST Unveils New Consortium to Manage its National Vulnerability Database

• Trove of UK Student Records Exposed in School Software Server Leak

• Getting to Know Emma Pember

• Zafran Emerges From Stealth With Risk and Mitigation Platform, $30M in Funding

• Cisco Patches DoS Vulnerabilities in Networking Products

• How a Security Data Fabric Approach Can Transform the GRC Function

• C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

• The Great Data Heist: China’s Alleged Theft of Voter Data and Its Potential Impact

• Safeguarding the NHS: Protecting Against Potential Cyber Attacks from China

• The human-AI partnership: a guide towards secure coding

• The Sustainability of AI

• iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

• Hacking internal AI chatbots with ASCII art is a security team’s worst nightmare

• Google: China dominates government exploitation of zero-day vulnerabilities in 2023

• DinodasRAT Linux implant targeting entities worldwide

• Institutionalizing Awareness to Stop Cyberattacks

• Microsoft Teams phishing attacks and how to prevent them

• Coro Secures $100 Million Funding Round

• Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023

• Chinese Cyberspies Targeting ASEAN Entities

• NHS Scotland confirms ransomware attackers leaked patients’ data

• 17 Billion Personal Records Exposed in Data Breaches in 2023

• Trump’s Truth Social Makes Successful Market Debut

• New ZenHammer Attack Bypasses Rowhammer Defenses on AMD CPUs

• Behind the Scenes: The Art of Safeguarding Non-Human Identities

• Update Chrome now! Google patches possible drive-by vulnerability

• Canonical cracks down on crypto cons following Snap Store scam spree

• The best VPN services for iPhone and iPad in 2024: Expert tested and reviewed

• Jeffrey Epstein’s Island Visitors Exposed by Data Broker

• Hardware Vulnerability in Apple’s M-Series Chips

• US Offering $10 Million Reward for Information on Change Healthcare Hackers

• Threat Indicators Show 2024 is Already Promising to be Worse Than 2023

• Zero Trust Meets Insider Risk Management

• Dutch PM Raises Cyber Espionage Case With China’s Xi

• From JavaScript to AsyncRAT, (Thu, Mar 28th)

• Hiring Kit: Security Analyst

• INC Ransom claims responsibility for attack on NHS Scotland

• CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities

• Details and Lessons Learned From the Ransomware Attack on the British Library

• Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)

• Half of British SMEs Have Lost Data in Past Five Years

• The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

• 2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

• Android Malware Vultur Expands Its Wingspan

• Coro, building cybersecurity for SMBs, locks down $100M at a $750M valuation

• Calls to Incident Response Helpline Double in a Year

• Telegram Offers Premium Subscription in Exchange for Using Your Number to Send OTPs

• These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb

• Understanding ISO 27001:2022 Annex A.5 – Information Security Policies

• AI hallucinates software packages and devs download them – even if potentially poisoned with malware

• Exvagos – 2,121,789 breached accounts

• Execs in Japan busted for winning dev bids then outsourcing to North Koreans

• Enterprises increasingly block AI transactions over security concerns

• Debunking compliance myths in the digital era

• Cyber Attack suspected behind Baltimore Bridge Collapse

• Ransomware attack on Big Issue and University of Winnipeg

• How CISOs tackle business payment fraud

• AI weaponization becomes a hot topic on underground forums

• China encouraged armed offensive against Myanmar government to protest proliferation of online scams

• Cybercriminals use cheap and simple infostealers to exfiltrate data

• Cybersecurity Awareness Month: Promoting Cyber Hygiene

• Unleashing the Power of AI in Data Security and Compliance Through Advanced Data Discovery

• StealthMole raises $7M Series A for its AI-powered dark web intelligence platform

• ISC Stormcast For Thursday, March 28th, 2024 https://isc.sans.edu/podcastdetail/8914, (Thu, Mar 28th)

• Secure Email Communication: Protecting Against Phishing and Spoofing

• Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

• EFF Asks Oregon Supreme Court Not to Limit Fourth Amendment Rights Based on Terms of Service

Generated on 2024-03-29 23:55:41.905286