IT Security News Daily Summary 2024-04-05

• Magento flaw exploited to deploy persistent backdoor hidden in XML

• Friday Squid Blogging: SqUID Bots

• Salt Security Applies Generative AI to API Security

• Anyscale addresses critical vulnerability on Ray framework — but thousands were still exposed

• Beware the Blur: Phishing Scam Drops Byakugan Malware via Fake PDF

• U.K. and U.S. Agree to Collaborate on the Development of Safety Tests for AI Models

• 6 Top Open-Source Vulnerability Scanners & Tools

• Retail Tech Deep-Dive: CAE Labs

• What Lies Ahead for Cybersecurity in the Era of Generative AI?

• “Infrastructures of Control”: Q&A with the Geographers Behind University of Arizona’s Border Surveillance Photo Exhibition

• This backdoor almost infected Linux everywhere: The XZ Utils close call

• Cookie consent choices are just being ignored by some websites

• Cyber Security Today, Week in Review for week ending Friday, April 5, 2024

• The Tech Needed to Survive This Decade’s ‘Seismic’ APAC B2B Trends

• 3 healthcare organizations that are building cyber resilience

• Heightened Hacking Activity Prompts Social Media Security Warning

• Ontario Hospitals Dispatch 326,000 Letters to Patients Affected by Cyberattack Data Breach

• 5 ways to strengthen healthcare cybersecurity

• Latrodectus Uses Sandbox Evasion Techniques To Launch Malicious Payloads

• Ivanti CEO Pledges To Fundamentally Transform Its Hard-Hit Security Model

• Cisco Warns Of Vulnerability In Discontinued Small Business Routers

• Acuity Responds To US Government Data Theft Claims

• Israel’s Justice Ministry Reviewing Cyber Incident After Hacktivists Claim Breach

• 9 top cloud storage security issues and how to contain them

• Ivanti CEO Promises Stronger Security After a Year of Flaws

• FCC: Phone Network Bugs Must Be Fixed — But are SS7/Diameter Beyond Repair?

• GAM3S.GG and Immutable Announce Partnership for Web3 Gaming Expansion

• How your business should deal with negative feedback on social media

• Government Communications: The Threats

• SASE and Zero Trust: A Powerful Combination

• Rise of Hacktivist Groups Targeting OT Systems

• Software supply chain attacks are escalating at an alarming rate

• Hoya suffers a suspected ransomware attack

• AI To Reduce Worker Numbers, Staffing Firm Adecco Warns

• Cisco Warns of Vulnerability in Discontinued Small Business Routers

• Prudential Financial Notifies 36,000 Victims of Data Leak

• $657 Bounty Awarded for Arbitrary File Upload Patched in WEmanage App Worker WordPress Plugin

• Elon Musk’s X Offers Free Blue Checks, Free Subscriptions

• Mastering Skills with Play: The Fusion of Gaming and Learning in Black Belt Gamification

• US government excoriates Microsoft for ‘avoidable errors’ but keeps paying for its products

• Tech Companies Want to Build Artificial General Intelligence. But Who Decides When AGI is Attained?

• CISA Unveils Critical Infrastructure Reporting Rule

• Sensitive Documents Vanish Under Mysterious Circumstances from Europol Headquarters

• Malware Targets End-of-Life Routers and IoT Devices

• AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks

• Alleged Home Depot Data Breach: IntelBroker Leaks 22,000 Employee Data

• #MIWIC2024: Nikki Webb, Global Channel Manager at Custodian360

• Proactive and Reactive Ransomware Protection Strategies

• Themes From (And Beyond) Altitude Cyber’s 2023 Cybersecurity Year In Review

• Mapping Your Path to Passwordless

• CyberTowns Initiative Aims to Spotlight Canada’s Top Locations for Cybersecurity Careers

• Chinese Threat Actors Deploy New TTPs to Exploit Ivanti Vulnerabilities

• 10M+ Downloaded Dating App Discloses User’s Exact Location

• Protecting the weakest link: how human errors can put a company in risk

• Federal Court Dimisses X’s Anti-Speech Lawsuit Against Watchdog

• NIST Grants $3.6 Million to Boost US Cybersecurity Workforce

• In Other News: 100,000 Affected by CISA Breach, Microsoft AI Copilot Ban, Nuclear Site Prosecution

• LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

• YubiKey Manager Privilege Escalation Let Attacker Perform Admin Functions

• Heimdal® Joins Internet Watch Foundation to Fight Child Sexual Abuse Imagery

• Hotel check-in terminal bug spews out access codes for guest rooms

• Cyber Security Today, April 5, 2024 – New ransomware gang claims 11 victims, Ivanti promises to overhaul product security, and more

• Apple Axes 600 Staff In First Layoffs Since Pandemic

• Microsoft’s Priva Platform: Revolutionizing Enterprise Data Privacy and Compliance

• Defending Against IoT Ransomware Attacks in a Zero-Trust World

• Wiz Discovers Flaws in GenAI Models Enabling Customer Data Theft

• Oxycorat Android RAT Spotted on Dark Web Stealing Wi-Fi Passwords

• Get an Extra 20% Off a Lifetime of Powerful VPN Protection Through 4/7

• Microsoft AI-Driven Security Tool Copilot for Security is Now GA

• Hackers Hijack Facebook Pages to Mimic AI Brands & Inject Malware

• Lens Maker Hoya Scrambling to Restore Systems Following Cyberattack

• Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained Old Info

• Magento Vulnerability Exploited to Deploy Persistent Backdoor

• Cybersecurity Firms Raised $2.3 Billion in Q1 2024: Report

• Atlassian Flaws Fixes: Critical Bamboo Patch Mitigates Risk

• Expert Insights on IoT Security Challenges in 2024

• CISO Perspectives on Complying with Cybersecurity Regulations

• Red Hat issues “urgent security alert” following attack on XZ Utils compression library

• Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed

• Stream.Security Releases Suite of Next-Gen Features

• Cyberattack disrupted services at Omni Hotels & Resorts

• From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware

• China Using AI-Generated Content to Sow Division in US, Microsoft Finds

• From EDR to XDR: Detailed Walkthrough

• Powerhost’s ESXi Servers Encrypted with New SEXi Ransomware

• Critical Progress Flowmon Vulnerability Let Attackers Inject Malicious Code

• 1.3 Million Customers Affected: Pandabuy Grapples with Data Breach Fallout

• Trellix ZTS enables organizations to strengthen cyber resilience

• Keep Your Tech Flame Alive: Akamai Trailblazer Alex Virley

• Exploring Advanced Tripwire Enterprise Capabilities

• Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws

• New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA

• Multiple Ivanti Connect Secure Flaw Let Attackers Execute Remote Code

• Winnti Hackers’ New UNAPIMON Tool Hijacks DLL And Unhook API Calls

• Bing Ads Exploited by Hackers to Spread SecTopRAT Through NordVPN Mimic

• Face-to-Face 2024 Australia

• FBI shares some valuable insights on ransomware

• Seven tips to find spyware on a smart phone

• Impact of IoT Security for 5G Technology

• Academics probe Apple’s privacy settings and get lost and confused

• AI Package Hallucination – Hackers Abusing ChatGPT, Gemini to Spread Malware

• Security pros are cautiously optimistic about AI

• Cybercriminal adoption of browser fingerprinting

• Feds Patching Years-Old SS7 Vulnerability in Phone Networks

• 22% of employees admit to breaching company rules with GenAI

• HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks

• New infosec products of the week: April 5, 2024

• How manual access reviews might be weakening your defenses

• Incident Response Orchestration: Streamlining Incident Handling

• Cybersecurity for Nonprofits: Protecting Mission-Critical Data

• ISC Stormcast For Friday, April 5th, 2024 https://isc.sans.edu/podcastdetail/8926, (Fri, Apr 5th)

• HTTP/2 CONTINUATION Flood Vulnerability

• World’s second-largest eyeglass lens-maker blinded by infosec incident

• Feds probe alleged classified US govt data theft and leak

• Smart SOAR’s Innovative Approach to Error-Handling Explained

• Web3 Security Specialist Hypernative To Provide Proactive Protection To The Flare Ecosystem

• DataStax acquires Langflow to accelerate enterprise generative AI app development

• Explore Microsoft’s AI innovations at RSA Conference 2024

• Thought leaders tips to obtain a secure cloud environment

• Facebook AI Tool Accused Of Racial Bias

• IT Security News Daily Summary 2024-04-04

• Google survey: 63% of IT and security pros believe AI will improve corporate cybersecurity

• The Power of AI Assistants and Advanced Threat Detection

• 2024-04-04: Koi Loader/Stealer activity

• Google Patches Pixel Phone Zero-days After Exploitation by

• Ransomware attacks ravaged municipal governments in March

• New Latrodectus Downloader Malware Linked to IcedID and Qbot Creators

• Introducing Confidential Containers Trustee: Attestation Services Solution Overview and Use Cases

• Bing ad for NordVPN leads to SecTopRAT

• Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz

• Google Chrome Enlists Emerging DBSC Standard to Fight Cookie Theft

• Infosec professionals praise CSRB report on Microsoft breach

• Mastering MITRE: Enhancing Cybersecurity with Device Log Mapping

• Feds probe massive alleged classified US govt data theft and leak

• Slicing up DoNex with Binary Ninja, (Thu, Apr 4th)

• Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)

• There are plenty of ways to improve cybersecurity that don’t involve making workers return to a physical office

• Alphabet Mulls Offer For Marketing Software Firm HubSpot

• OWASP Disclosed Data Breach Affecting Old Members

• Cisco Industrial IoT: Enabling the global acceleration of offshore wind

• Navigating the Multicloud Journey with Cisco’s New Certifications [Infographic]

• The White House is Wrong: Section 702 Needs Drastic Change

• US To Urge Holland To Halt ASML Servicing Tools For China

• OWASP Reveals Data Breach Stemming from Wiki Misconfiguration

• Smishing Surge: Tactics, Threats, and ‘The Com’

• 5 Best Crypto Marketing Agencies for Web3 Security Brands in 2024

• Jackson County hit by ransomware, declares state of emergency

• New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware

• Vietnam-Based Hackers Steal Financial Data Across Asia with Malware

• LockBit Scrambles After Takedown, Repopulates Leak Site with Old Breaches

• Cyber Attack propelled Electromagnetic Interference targets ships on Iran Coast

• AT&T To Face Lawsuit Following Breach Impacting 73 Million Customers

• AI Deepfakes Rising as Risk for APAC Organisations

• DOD Officially Launches New Cyber Policy Office

• Jackson County IT Systems Hit By Ransomware Attack

• Tesla Shares Dive After EV Shipments Disappoint

• Google Patches Pixel Phone Zero-days After Exploitation by “Forensic Companies”

• Asia-Pacific Ransomware Threats Depend on Country and Sector, Says Rapid7

• Hitachi Energy Asset Suite 9

• CISA Releases Two Industrial Control Systems Advisories

• CISA Adds Two Known Exploited Vulnerabilities to Catalog

• US cancer center City of Hope: data breach impacted 827149 individuals

• Byakugan – The Malware Behind a Phishing Attack

• A 5-Minute Refresher to Cryptography

• Ivanti commits to secure-by-design overhaul after vulnerability nightmare

• From Promising to Practical: The Transformative Impact of Homomorphic Encryption

• Leadership in the Age of AI: Skills You Need to Succeed

• New JSOutProx Malware Targets Financial Firms in APAC, MENA

• Hackers Hijacked Notepad++ Plugin to Execute Malicious Code

• CISA Joins the Minimum Viable Secure Product Working Group

• Data protection vs. data backup: How are they different?

• Transforming Connectivity: Inside Bush Brothers & Company’s Network Infrastructure Overhaul

• Empowering Partner Success: How 3 Black Female CEOs lead the charge with AACPC

• 1-15 January 2024 Cyber Attacks Timeline

• Fake Lawsuit Threat Exposes Privnote Phishing Sites

• Ivanti Releases Security Update for Ivanti Connect Secure and Policy Secure Gateways

• Israel Used AI To Identify 37,000 Hamas Targets

• WordPress LayerSlide Plugin Bug Risks Password Hash Extraction

• Man Pleads Guilty To Stealing Former Coworker’s Identity For 30 Years

• Cyberattack Causes Disruptions at Omni Hotels

• Omni Hotels suffer prolonged IT outage due to cyberattack

• Taiwan Earthquake Prompts Chip Supply Concerns

• Macs Vulnerable to Info-Stealing Malware via Ads and Fake Software

• NIST awards $3.6 million to address the cybersecurity workforce gap

• Omni hotels hit by a possible ransomware attack

• Exploring the Threat of Data Poisoning in Cybersecurity

• New Red Ransomware Group (Red CryptoApp) Exposes Victims on Wall of Shame

• Mastering The DevOps Toolchain: 10 Essential to Build a DevOps Assembly Line

• Not So Private After All: How Dating Apps Can Reveal Your Exact Location

• US Cancer Center Data Breach Impacting 800,000

• The Five Essentials of Immutable Storage: Why They Matter

• Center Identity Launches Patented Passwordless Authentication for Businesses

• Despite Mounting Cyberattacks, Analysts Uncover The Primary Challenge

• Google’s Incognito Mode: Privacy, Deception, and the Path Forward

• Are YouTube Game Cracks Hiding Malware?

• Ivanti vows to transform its security operating model, reveals new vulnerabilities

• Microsoft reveals how much Windows 10 Extended Security Updates will cost

• Pixel Phone Zero-Days Exploited by Forensic Firms

• SurveyLama Data Breach Impacts 4.4 Million Users

• Cloud Threat Detection Firm Permiso Raises $18 million

• Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems

• CoralRaider targets victims’ data and social media accounts

• 5 Best Password Managers for Android in 2024

• Get a Lifetime of VPN Protection for Just $16

• Meet the new Cisco Catalyst 1200 and 1300 Series Switches for SMBs

• New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks

• Considerations for Operational Technology Cybersecurity

• Leicester Council Confirms Confidential Documents Leaked in Ransomware Attack

• Surveillance by the New Microsoft Outlook App

• New HTTP/2 DoS Attack Potentially More Severe Than Record-Breaking Rapid Reset

• Deepfake Expert Henry Ajder to Keynote Infosecurity Europe 2024 on AI Challenges

• Ransomware gang did steal residents’ confidential data, UK city council admits

• Researchers Observed Visual Studio Code Extensions Stealing Users’ Sensitive Data

• Hosting Provider VMware ESXi Servers Hit by New SEXi Ransomware

• Zoom Paid Out $10 Million via Bug Bounty Program Since 2019

• Microsoft’s Security Chickens Have Come Home to Roost

• Cyber Insurance Reduces Risk: Five Ways to Lower Your Rates

• CMA Begins Phase 2 Probe Of Vodafone Merger With Three UK

• 9 Must-Do Tips to Secure Ubuntu Server

• Avast One Silver allows users to tailor their coverage based upon their personal preferences

• Intel Shares Slide After Foundry Business Posts $7 Billion Loss

• Security vs. Compliance: What’s the Difference?

• Expert Insight: Breaking the glass firewall: Building a cybersecurity sisterhood

• Threat Actor Claims Classified Five Eyes Data Theft

• A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask

• When AI attacks

• Firms Must Work Harder to Guard Children’s Privacy, Says UK ICO

• Ivanti fixed for 4 new issues in Connect Secure and Policy Secure

• Gesture Jacking – New Attack That Deceives Website Visitors

• Understanding ISO 27001:2022 Annex A.10 – Cryptography

• Welcome to 2024: A Year in Review with Akamai Hunt

• KeyTrap Highlights Need for Enduring DNS Defenses for Service Providers

• How to Avoid Email Blacklists and Improve Your Deliverability

• Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure

• Jackson County, Missouri, discloses a ransomware attack

• Get end-to-end protection with Microsoft’s unified security operations platform, now in public preview

• Six steps for security and compliance in AI-enabled low-code/no-code development

• Ivanti Rushes Patches for 4 New Flaw in Connect Secure and Policy Secure

• Mantis: Open-source framework that automates asset discovery, reconnaissance, scanning

• Strengthening defenses against nation-state and for-profit cyber attacks

• Healthcare’s cyber resilience under siege as attacks multiply

• Hackers Claiming Breach of Five Eyes Intelligence Group (FVEY) Documents

• 76% of consumers don’t see themselves as cybercrime targets

• ISC Stormcast For Thursday, April 4th, 2024 https://isc.sans.edu/podcastdetail/8924, (Thu, Apr 4th)

• Nearly 1M medical records feared stolen from City of Hope cancer centers

Generated on 2024-04-05 23:55:40.597816