IT Security News Daily Summary 2024-04-03

• Google addressed another Chrome zero-day exploited at Pwn2Own in March

• Smart Traffic Signals Security in the Era of AI and Smart Cars

• Google patches critical vulnerability for Androids with Qualcomm chips

• Want to keep getting Windows 10 updates next year? Here’s what it will cost

• Soft Skills for Cybersecurity Leaders: CISO’s Perspective

• Security Pioneer Ross Anderson Dies At 67

• Microsoft Blamed For A Cascade Of Security Failures In Exchange Breach Report

• ChatGPT Jailbreak Prompts Proliferate On Hacker Forums

• EU Drops Sovereignty Reqs In Cybersecurity Cert Scheme

• Google Chrome gets ‘Device Bound Session Credentials’ to stop cookie theft

• Omni Hotels IT systems down since Friday, hitting bookings, payments, door locks

• Cisco Duo wins Best in KLAS again for the second year in a row

• In Historic Victory for Human Rights in Colombia, Inter-American Court Finds State Agencies Violated Human Rights of Lawyers Defending Activists

• NIST Proposes Public-Private Group to Help with NVD Backlog

• Biden Review Board Gives Microsoft a Big, Fat Raspberry

• Some things you can learn from SSH traffic, (Wed, Apr 3rd)

• Amazon Web Services Lays Off Hundreds Of Staff

• Ostrich Cyber-Risk Announces Partnership with Kyndryl

• Embracing innovation: Derrick’s transition from banking to Microsoft’s Threat Intelligence team

• Musicians, Artists Call For Protection From AI

• The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse

• Indian government issues cyber crime alert in view of job offers

• Know the significance of World Cloud Security Day

• Victoria VR Becomes First Virtual Reality Developer to Integrate OpenAI

• Google Cloud/Cloud Security Alliance Report: IT and Security Pros Are ‘Cautiously Optimistic’ About AI

• Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies

• FCC To Vote This Month To Restore Net Neutrality

• Delivering on the vision of a modern grid network that’s secure, simple, and scalable

• #MIWIC2024: Hazel McPherson, CISO at ALD Automotive

• Speaking Freely: Emma Shapiro

• Vulnerability Summary for the Week of March 25, 2024

• Cyber Safety Review Board Report Slams Microsoft Security Failures in Government Email Breach

• Sophos Reveals Ransomware Attacks Are Now Targeting Backups

• Expand your IT and cybersecurity skills with this $28 learning bundle

• RoboForm Review 2024: Is It Right for Your Business?

• IoT Botnets and Infostealers Frequently Target Retail Sector

• U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers

• Prudential Financial Notifies 36,000 Individuals of Data Breach

• Celebrating 25 Years of OpenSSL

• Jackson County, Missouri, Closes Offices Because of Ransomware Attack

• Number of Chinese Devices in US Networks Growing Despite Bans

• Google Messages’ Gemini Update: What You Need To Know

• Infostealers Prevalent in Retail Sector Cybercrime Trends

• Elon Musk’s X Names New Head Of Safety

• The best travel VPNs of 2024: Expert tested and reviewed

• A True Trusted Advisor

• Palo Alto Networks 2023 ESG Report — Securing Our Digital Future

• Why your data isn’t as safe as you think and what it could cost you

• On Secure Workload Access and Aembit’s Journey to Innovation Sandbox at RSA Conference 2024

• Aembit Selected as Finalist for RSA Conference 2024 Innovation Sandbox Contest

• Navalny’s Revenge? Hackers Siphon Huge Russian Prisoner Database: Report

• Protecting Your Digital Identity: Celebrating Identity Management Day

• Google fixed two actively exploited Pixel vulnerabilities

• CVE and NVD – A Weak and Fractured Source of Vulnerability Truth

• Know Your Audience When Speaking to Security Practitioners

• Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks

• IntelBroker Leaks Alleged National Security Data Tied to US Contractor Acuity Inc.

• “When can we be together – forever?” A deep dive into emotional scamming

• Empowering Your Team: 5 Ways Internally Marketing Security Policies can Benefit Your Organization

• Authy vs Google Authenticator: Two-Factor Authenticator Comparison

• The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind

• Salt Security Launches AI-Powered Assistant Pepper

• Bridging IT and OT Cybersecurity with AI

• A “cascade” of errors let Chinese hackers into US government inboxes

• New XZ Utils Backdoor Free Scanner to Detect Malicious Executables

• GenAI: The next frontier in AI security threats

• ‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

• Picus Security helps organizations reduce their threat exposure with AI-driven insights

• Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites

• Scathing Federal Report Rips Microsoft for Shoddy Security, Insincerity in Response to Chinese Hack

• Continuous Monitoring and Frameworks: A Web of Security Vigilance

• Picus Security Melds Security Knowledge Graph with Open AI LLM

• NVD’s New Phase, Industry Consortium to Oversee NIST’s Vulnerability Database

• Cyber Slavery: Thousands of Indians Trapped in a Web of Deceit

• Microsoft’s Exchange Server Hack: Key Rotation Flaw Triggers Breach

• Top GenAI Threats – and why Zero Trust AI Access is the Future

• Empowering Your Team: 5 ways internally marketing security policies can benefit your organization

• Google Cloud and CSA: 2024 will bring significant generative AI adoption in cybersecurity, driven by C-suite

• Unlocking the Future of Government Cybersecurity: Insights from CyberScoop’s Zero Trust Summit

• Accelerate the path to PCI DSS 4.0 adoption

• Security pioneer Ross Anderson dies at 67

• Cyber Security Today, April 3, 2024 – New Linux vulnerability is found, and a must-read ransomware case study

• Google bakes new cookie strategy that will leave crooks with a bad taste

• Missouri County Hit by Ransomware

• Microsoft Singled Out In Review Of Chinese Hack Of US Government Emails

• This IT Career Kickstarter Bundle is An Extra 20% Off Through April 7th

• Attack Surface Management vs. Vulnerability Management

• Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption

• [Free & Downloadable] Incident Management Policy Template – 2024

• XZ Utils Backdoor Attack Brings Another Similar Incident to Light

• Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own

• UK and US to Build Common Approach on AI Safety

• Samsung To ‘Redefine’ Bixby With Generative AI

• UN? FBI? World Bank? Deepfake police chief used for compensation scam video

• Class-Action Lawsuit against Google’s Incognito Mode

• Google Patches Exploited Pixel Vulnerabilities

• Bitwarden releases magic links API to improve passwordless user authentication

• NVD: NIST is working on longer-term solutions

• RDP Abuse Present in 90% of Ransomware Breaches

• WhatsApp vs. Signal vs. Telegram vs. Facebook: What data do they have about you?

• Mispadu Trojan Targets Europe, Thousands of Credentials Compromised

• Jackson County Missouri Ransomware Attack Impacts IT Systems

• Exploring Access Control Models: Building Secure Systems in Cybersecurity

• Tripwire Patch Priority Index for March 2024

• New Version of the Vultur Android Banking Trojan Spoofs Security App

• Rust memory safety explained

• Owl Talon 3 provides hardware-enforced, one-way data transfers

• YouTube Video Game ‘Hacks’ Contain Malware Links

• Block Ads And Free Up The Internet For An Extra 20% Off

• Customer Story | Content Filter Protects Student Safety, Data Security, and CIPA Compliance At Azusa Unified School District

• TrueMedia.org introduces deepfake detection tool

• Highly sensitive files mysteriously disappeared from EUROPOL headquarters

• Beware of New Mighty Stealer That Takes Webcam Pictures & Capture Cookies

• Meet clickjacking’s slicker cousin, ‘gesture jacking,’ aka ‘cross window forgery’

• DarkGate Malware Abusing Cloud Storage & SEO Following Delivery Over Teams

• USSD Call Forwarding Deactivation: India’s Move to Safeguard Against Cyber Fraud

• Critical Security Flaw Found in Popular LayerSlider WordPress Plugin

• Location tracking and the battle for digital privacy

• How Google plans to make stolen session cookies worthless for attackers

• Cybersecurity jobs available right now: April 3, 2024

• Indian government’s cloud spilled citizens’ personal data online for years

• Microsoft Priva announces new solutions to help modernize your privacy program

• Human risk is the top cyber threat for IT teams

• Cyber attacks on critical infrastructure show advanced tactics and new capabilities

• Microsoft slammed for lax security that led to China’s cyber-raid on Exchange Online

• Microsoft slammed for lax security that led to Exchange Online attack

• ISC Stormcast For Wednesday, April 3rd, 2024 https://isc.sans.edu/podcastdetail/8922, (Wed, Apr 3rd)

• Threat Intelligence Platforms: Leveraging Actionable Insights

• Prioritizing Cyber Risk: Get a leg up with AI

• Our People and Our Growth: Key Drivers of Akamai?s ESG Strategy

• XZ Utils Backdoor ? Everything You Need to Know, and What You Can Do

• Announcing Flow-IPC, an Open-Source Project for Developers to Create Low-Latency Applications

• The Sustainability Team Is Listening. Here?s What We Heard.

• What Is a Heuristic Virus? + How to Remove It

• SurveyLama – 4,426,879 breached accounts

• Feds finally decide to do something about years-old SS7 spy holes in phone networks

• Gomble Games Secures $10M Funding to Advance Ambitious Web3 Gaming Vision

• Vulnerability Exposed Ibis Budget Guest Room Codes to Hackers

• Guide to New CSRD Regulation for Data Center Operators

• Thinking about a Career in Governance, Risk and Compliance? Follow this Path

• How to conduct a data privacy audit, step by step

• Facebook Is Pushing App Store Providers To Be Responsible For Age Verification

• AT&T confirms 73 million people affected by data breach

• IT Security News Daily Summary 2024-04-02

• 3 UK Cyber Security Trends to Watch in 2024

• How to Escape the 3 AM Page as a Kubernetes Site Reliability Engineer

• A Deep Dive on the xz Compromise

• Defending against IoT ransomware attacks in a zero-trust world

• Open source foundations unite on common standards for EU’s Cyber Resilience Act

• Rubrik’s IPO filing hints at thawing public markets for tech companies

• Microsoft expands Priva suite to tackle evolving privacy landscape

• Understanding Brute Force Attacks: The Persistent Threat in Cybersecurity

• XSS flaw in WordPress WP-Members Plugin can lead to script injection

• OWASP server blunder exposes decade of resumes

• Chrome’s Incognito Mode Isn’t as Private as You Think — but Google’s Not Sorry

• Microsoft Copilot for Security brings GenAI to SOC teams

• Open source foundations unite on common standards for EU’s Cybersecurity Resilience Act

• xz Utils Backdoor

• Google To Destroy Browsing Data To Settle Consumer Privacy Lawsuit

• Microsoft Warns Deepfake Election Subversion Is Disturbingly Easy

• Security Flaw In WP-Members Plugin Leads To Script Injection

• Heartbleed Is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed!

• OWASP breach exposes decade of resumes due to misconfigured server

• Shares In Trump’s Truth Social Firm Rise, Then Tumble

• Powerloom Announces Expansion to Base as It Surpasses 5200 Snapshotter Lite Nodes

• Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor

• Public WiFi Convenience Leads to Cyber Threats, Read to Know Everything

• Foiled Attempt to Hack Supply Chain Sparks Concerns in Washington DC

• Authentic8 launches Silo Shield Program to Protect High-Risk Communities in Partnership with CISA

• US, UK join forces on AI safety and testing AI models

• Cloud computing forensics techniques for evidence acquisition

• OpenAI Drops Sign Up Need To Access ChatGPT

• Declassified NSA Newsletters

• The Challenges of Zero Trust 800-207 and Advocating for Prescriptive Controls

• Chrome’s Incognito Mode: Not as Private as You Think — but Google’s not Sorry

• UK, US Sign Agreement To Test AI Safety

• Authentic8 launches Silo Shield program to protect high-risk communities in partnership with CISA

• Chrome to Fight Cookie Theft With Device Bound Session Credentials

• AT&T Data Breach Reveals 73 Million Users’ Info on Hacker Forum

• Navigating Data Protection: What Car Shoppers Need to Know as Vehicles Turn Tech

• Linux Servers Targeted by DinodasRAT Malware

• Google’s latest project could help protect you against cookie theft

• Pandabuy admits to data breach of 1.3 million unique records

• Sophos: Backups are in the Crosshairs of Ransomware Groups

• AT&T Confirms 73 Million Customer Data Breach Linked to Dark Web

• Ransomware criminals target backups for assured ransom

• Apple To Bring RCS To iPhones Autumn 2024, Says Google

• 5 Major Phishing Campaigns in March 2024

• TechCrunch Minute: AT&T data breach prompts millions of passcodes to be reset

• Security Flaw in WP-Members Plugin Leads to Script Injection

• SBOMs are now essential: Make them actionable to better manage risk

• Researchers Report Sevenfold Increase in Data Theft Cases

• $5,500 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in LayerSlider WordPress Plugin

• CISA Publishes High-Risk Communities Webpage

• IOSIX IO-1020 Micro ELD

• CISA Publishes New Webpage Dedicated to Providing Resources for High-Risk Communities

• CISA Releases One Industrial Control Systems Advisory

• ‘Reverse’ searches: The sneaky ways that police tap tech companies for your private data

• Cisco Secure Application makes it easier than ever to secure your cloud native applications and sensitive data

• Google Strengthens Gmail Security, Blocks Spoofed Emails to Combat Phishing

• Microsoft Unbundles Teams From Office Suite

• Microsoft warns deepfake election subversion is disturbingly easy

• Re-architecting Broadband Networks

• Build for Better Code Challenge Focuses on AI and Sustainability

• Trusted Contributor Plants Sophisticated Backdoor in Critical Open-Source Library

• The Future of Defense in an Era of Unprecedented Cyber Threats

• Cybersecurity trends: Some rays of hope among the dark clouds

• What Kubernetes Users Need to Know About Windows Node Attacks

• 4 Incident Triage Best Practices for Your Organization in 2024

• JCDC Working and Collaborating to Build Cyber Defense for Civil Society and High-Risk Communities

• Trusted Advisor now available for Mac, iOS, and Android

• The Latest Threat CISOs Cannot Afford to Ignore—Business Payment Fraud

• Silicon In Focus Podcast: Smart ESG: Your Data, Your Sustainability

• The evolution of a CISO: How the role has changed

• Hotel Self Check-In Kiosks Exposed Room Access Codes

• Deciphering the Impact of Neural Networks on Artificial Intelligence Evolution

• Fortinet upgrades its real-time network security operating system

• Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution

• Clearpool Expands to Avalanche with Listed Fintech Firm Launching First Credit Vault

• Swalwell for Congress Campaign Partners with Wolfsbane.ai to Protect Against AI-Generated Cloning

• Indian Govt Rescues 250 Citizens Trapped In Cambodia Forced Into Cyber-Slavery

• Rubrik files to go public following alliance with Microsoft

• Fastly Bot Management protects websites, apps, and valuable data from malicious automated traffic

• Hundreds of Indians Rescued from Cambodian Cybercrime Gangs

• Swalwell for Congress Campaign Partners with Wolfsbane.ai to Protect Against AI Generated Cloning

• Beyond Imagining – How AI is actively used in election campaigns around the world

• Top 6 Passwordless Authentication Solutions for 2024

• Prioritizing risk based vulnerability compliance for Financial Institutions

• Tech Tools for the Future: Zebras, AI, and Girls in ICT Day

• AI, Cybersecurity and the Rise of Large Language Models

• Compromising Bank Customer Trust: The Price of Inadequate Data Protection

• Why risk management is key for Oracle ERP Cloud Success

• PandaBuy Data Breach: 1.3 Million Customers Data Leaked

• Google agreed to erase billions of browser records to settle a class action lawsuit

• Cybersecurity M&A Roundup: 27 Deals Announced in March 2024

• AT&T data leaked: 73 million customers affected

• Adversaries are leveraging remote access tools now more than ever — here’s how to stop them

• Understanding LLM Security: Threats, Applications, and Everything In-Between

• Polish officials may face criminal charges in Pegasus spyware probe

• From Mobile Coding to Cisco Intern: My Tech Transformation Story

• Google To Destroy Billions Of Private Browsing Records

• Google to Delete Billions of User’s Personal Data Collected Via Chrome Browser

• INC Ransom claims to be behind ‘cyber incident’ at UK city council

• OWASP Data Breach Caused by Server Misconfiguration

• Prudential Financial Data Breach Impacts 36,000

• Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed!

• In the News | State Governments Can Boost K-12 Cybersecurity

• Harnessing the Power of CTEM for Cloud Security

• Top 3 Cybersecurity Tools to Protect Business Data

• #MIWIC2024: Dr. Iretioluwa Akerele, Co-Founder of Cyblack

• Cato Shatters SASE Speed Record

• Keeper Security Announces Passkey Support on Mobile Devices

• Expert Insight: Why do women feel cybersecurity isn’t for them?

• Rhysida Ransomware leaks MarineMax data files after cyber attack

• Alert: Connectwise F5 Software Flaws Used To Breach Networks

• Navigating the PHP 7.4 End of Life: A Retrospective Analysis

• OpenSSL Vulnerabilities Patched in Ubuntu 18.04

• LogRhythm Axon enhancements improve data management and operational efficiency

• TechRepublic Premium Editorial Calendar: Policies, Checklists, Hiring Kits and Glossaries for Download

• Happy 20th birthday Gmail, you’re mostly grown up – now fix the spam

• Boat Dealer MarineMax Confirms Data Breach

• The Best SIEM Tools To Consider in 2024

• Veracode acquires Longbow Security to help organizations reduce application risk

• Indian Authorities Rescue Hundreds Trafficked For Cybercrime

• Pentagon Releases Cybersecurity Strategy To Strengthen Defense Industrial Base

• Avoiding the dangers of AI-generated code

• What’s New in NIST’s Cybersecurity Framework 2.0?

• Oops, Malware! Now What? Dealing with Accidental Malware Execution

• Impersonation Scams Net Fraudsters $1.1bn in a Year

• xz-utils Backdoor Affects Kali Linux Installations – How to Check for Infection

• Live Forensic Techniques To Detect Ransomware Infection On Linux Machines

• The XZ Backdoor: Everything You Need to Know

• PandaBuy data breach allegedly impacted over 1.3 million customers

• On Hiatus

• 71% Website Vulnerable: API Security Becomes Prime Target for Hackers

• Apple’s GoFetch silicon security fail was down to an obsession with speed

• Volt Typhoon Threat Report

• Google to Delete Billions of Browsing Records in ‘Incognito Mode’ Privacy Lawsuit Settlement

• OpenSSL 3.3 Beta Release Live

• Veracode Announces Acquisition of Longbow Security

• Earth Freybug Uses UNAPIMON for Unhooking Critical APIs

• Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors

• What the ID of tomorrow may look like

• Cloud Active Defense: Open-source cloud protection

• Why AI forensics matters now

• Cybersecurity Training for Employees: Building a Security-Aware Culture

• 73% brace for cybersecurity impact on business in the next year or two

• 6 keys to navigating security and app development team tensions

• ISC Stormcast For Tuesday, April 2nd, 2024 https://isc.sans.edu/podcastdetail/8920, (Tue, Apr 2nd)

• Google to Purge Billions of Files Containing Personal Data in Settlement of Chrome Privacy Case

• Unearthing Identity Threat Exposures

• Six banks share customer info to help Singapore fight money laundering

• Cloud Security Compliance: Navigating Regulatory Requirements

• A software supply chain meltdown: What we know about the XZ Trojan

Generated on 2024-04-03 23:55:44.684683