IT Security News Daily Summary 2024-05-22

• Microsoft Build 2024: Copilot AI Will Gain ‘Personal Assistant’ and Custom Agent Capabilities

• New APT Group “Unfading Sea Haze” Hits Military Targets in South China Sea

• How to find out if an AirTag is tracking you

• USENIX Security ’23 – PET: Prevent Discovered Errors from Being Triggered in the Linux Kernel

• Prompt Injection Threats Highlight GenAI Risks

• ISPM & ITDR Synergize for AI-Based Identity Security

• Sustainability 101: What is a resilient ecosystem?

• SOCRadar Raises $25M Series B for Threat Intel Tech

• Canada’s London Drugs confirms ransomware attack after LockBit demands $25M

• NYSE parent gets $10M wrist tap for failing to report 2021 systems break-in

• How to change your IP address, why you’d want to – and when you shouldn’t

• Security Compliance 101: What It Is and How to Master It

• 15 Best DevSecOps Tools For Seamless Security in 2024

• Spyware found on US hotel check-in computers

• Critical Veeam Backup Enterprise Manager authentication bypass bug

• Ransomware, BEC, GenAI Raise Security Challenges

• CFO Deepfake Redux — Arup Lost $26M via Video

• Microsoft Recall Triggers Enquiry From UK Data Regulator

• AttackGen- A MITRE ATT&CK framework For Cybersecurity Incident

• The best identity theft protection and credit monitoring services of 2024

• The best travel VPNs of 2024: Expert tested and reviewed

• Laundering cash from healthcare, romance scams lands US man in prison for a decade

• Hackers Sell Fake Pegasus Spyware on Clearnet and Dark Web

• Cybercriminals are targeting elections in India with influence campaigns

• What You Need to Know About SEC Compliance Requirements

• Upcoming Honor Smartphones To Feature Google AI Tech

• Confused by the SEC’s breach reporting rules? Read this

• Top things to do at InfoSecurity Europe 2024 – Learn, Explore and Have Fun

• Virtual Event Now Live: Threat Detection and Incident Response (TDIR) Summit

• Cybersecurity Risks and Solutions for Millennials and Gen Z

• Patient Privacy at Risk: Experts React to Health Company Data Leak

• Enhancing Workplace Security and Productivity with Effective Web Filtering

• Report Reveals 341% Rise in Advanced Phishing Attacks

• Google shows Microsoft Cybersecurity failures to US Government to gain business

• Amazon To Refresh Alexa With AI, Charge Monthly Subscription – Report

• Ikaruz Red Team Leveraging LockBit Builder To Launch Ransomware Attacks

• Turla Hackers Leveraging Microsoft Build Engine To Deliver Malware Stealthily

• Why IT Leaders Are Evolving the Network into a High-Performance Digital Engine

• Congo Lawyers Say They Have New Evidence On Apple’s Minerals Supply Chain

• LockBit Dethroned As Ransomware Leader Since Takedown

• Uncle Sam To Inject $50M Into Auto-Patcher For Hospital IT

• Microsoft’s AI Recall Feature Raises Security, Privacy Concerns

• Researchers Spot Cryptojacking Attack That Disables Endpoint Protections

• USENIX Security ’23 – USENIX Security ’23 – Content-Type: multipart/oracle – Tapping into Format Oracles in Email End-to-End Encryption

• Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries

• UserPro Plugin Vulnerability Allows Account Takeover

• Up to 30X Faster PHP Malware Scans with Wordfence CLI 4.0.1

• Top 7 generative AI development companies

• Electric Vehicles Twice As Likely To Hit Pedestrians – Study

• As tech evolves at full tilt, power skills are critical for IT leaders

• Stopping ransomware in multicloud environments

• Arctic Wolf CPO: Most AI deployment is generic, ‘pretty weak’

• Bolster, creator of the CheckPhish phishing tracker, raises $14M led by Microsoft’s M12

• Fortifying Digital Health Against Cyber Attacks

• Indian Govt Targets Cyber Criminals: DoT To Deactivate 1.8 Million SIMs

• Chinese Hackers Rely on Covert Proxy Networks to Evade Detection

• An ongoing malware campaign exploits Microsoft Exchange Server flaws

• BeyondTrust vs. Delinea: Which Is Best for Privileged Access Management?

• Strengthening Cyber Defense with Threat Intelligence Operations

• Strike Graph VerifyAI gives businesses flexibility and control for audits

• IOC Extinction? China-Nexus Cyber Espionage Actors Use ORB Networks to Raise Cost on Defenders

• Breaking Down the WebTPA Data Breach: Expert Analysis and Perspectives

• Teslas Can Still Be Stolen With a Cheap Radio Hack—Despite New Keyless Tech

• Rockwell Automation Urges Customers to Disconnect ICS From Internet

• US to Invest $50 Million in Securing Hospitals Against Cyber Threats

• Criminal IP: Enhancing Security Solutions through AWS Marketplace Integration

• Block Ads and Boost Security with AdGuard DNS

• Revolutionizing Connectivity: The Rise of iSIMs in the Mobile Industry

• Google Unhappy: Microsoft’s Cybersecurity Struggles: What Went Wrong?

• Safeguard Your Future with Seven Layers of Data Resilience

• Stealerium Malware Targeting Wi-Fi Networks, Outlook to Steal Login Credentials

• PlexTrac Plex AI helps offensive security teams write reports

• Kelp DAO Secures $9 Million in Private Sale for Restaking Innovations

• Zoom Announces Advanced Encryption for Increased Meeting Security

• Public Sector at Cisco Live 2024

• A Consolidated Approach to Fraud: Bringing Together Risk Insights, Organizations and Technology

• Critical Authentication Bypass Resolved in GitHub Enterprise Server

• Critical Veeam Vulnerability Leads to Authentication Bypass

• Exploring the Role of ISO/IEC 42001 in Ethical AI Frameworks

• AU10TIX Risk Assessment Model identifies potential vulnerabilities

• Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats

• From trust to trickery: Brand impersonation over the email attack vector

• EU Countries Endorse AI Act, Due Next Month

• Critical SAML Auth Bypass Vulnerability Found in GitHub Enterprise Server

• Windows’ new Recall feature: A privacy and security nightmare?

• NMAP Scanning without Scanning (Part 2) – The ipinfo API, (Wed, May 22nd)

• Hackers Claiming Access to Qatar National Bank Database

• AI in Cyber Is Here to Stay — How to Weather This Sea Change

• More Than 70% of Surveyed Water Systems Failed to Meet EPA Cyber Standards

• Critical Vulnerability in Honeywell Virtual Controller Allows Remote Code Execution

• Virtual Event Today: Threat Detection and Incident Response (TDIR) Summit

• Ivanti Patches Critical Code Execution Vulnerabilities in Endpoint Manager

• Breakthrough for Solv Protocol: $1 Billion TVL, Now a Top 32 DeFi Player

• Cloud-Based Malware Attack Abusing Google Drive & Dropbox

• Unredacting Pixelated Text

• GhostEngine Mining Attacks Kill EDR Security Using Vulnerable Drivers

• OmniVision Technologies Cyber Attack, Hackers Stolen Personal Data in Ransomware Attack

• Criminal record database of millions of Americans dumped online

• LockBit dethroned as leading ransomware gang for first time post-takedown

• How to Change Your VPN Location (A Step-by-Step Guide)

• ARPA-H Pledges $50M for Hospital IT Security Auto-Patching

• The Ultimate SaaS Security Posture Management Checklist, 2025 Edition

• Mastercard Doubles Speed of Fraud Detection with Generative AI

• SpaceX Demos First Video Call Of T-Mobile’s Direct To Cell Service

• Critical GitHub Enterprise Server Authentication Bypass bug. Fix it now!

• Snapchat Revises AI Privacy Policy Following UK ICO Probe

• Beware – Your Customer Chatbot is Almost Certainly Insecure: Report

• Chrome 125 Update Patches High-Severity Vulnerabilities

• Join Us 06-07-24 for “Hacking SOC 2 Vs. ISO 27001” – Super Cyber Friday

• Optimizing LMS Integration: 7 Strategies for Enhanced Blended Learning

• Stealers, stealers and more stealers

• Set of Bugs Puts Software Company and IoT Device Makers Into Motion

• GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack

• US Unveils $50M Program to Help Hospitals Patch Cybersecurity Gaps

• Cybersecurity News: UK ransomware reporting, Tech Against Scams, secure Windows 11 defaults

• Microsoft AI “Recall” feature records everything, secures far less

• Top 7 Cybersecurity Trends for Enterprises in 2024

• HITRUST: the Path to Cyber Resilience

• 15 Best DevSecOps Tools For Seamless Security In 2024

• Exploring the Depths of SolarMarker’s Multi-tiered Infrastructure

• Authelia: Open-Source Authentication and Authorization Server

• UK Government in £8.5m Bid to Tackle AI Cyber-Threats

• Cyber Security Today, May 22, 2024 – LockBit ransomware gang hits more victims, Fluent Bit servers need to be updated, and more

• Choosing the Right Pricing Intelligence Solution for Your Business

• 100 Groups Urge Feds to Put UHG on Hook for Breach Notices

• Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849)

• CyberArk CORA AI accelerates identity threat detection

• Authorized Push Payment Fraud Cases Surge 12% Annually

• Hackers run away with 3,000 gallons of fuel stolen from a gas station in Washington

• OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

• Zoom Adds ‘Post-Quantum’ Encryption for Video Conferencing

• Veeam Warns of Critical Backup Enterprise Manager Auth Bypass Bug

• Threat Actors Leverage Bitbucket Artifacts to Breach AWS Accounts

• Critical Flaw In Confluence Server Let Attackers Execute Arbitrary Code

• GitHub Enterprise Server patches 10-outta-10 critical hole

• OneTrust empowers organizations to govern data and AI without slowing down innovation

• MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks

• Bridging the NHI security gap: Astrix and Torq partner up

• LockBit demands $25 million from London Drugs in 48 hours

• Can a Cyber Threat Abruptly Evolve into a Ransomware Attack

• Hackers Breached Western Sydney University Microsoft 365 & Sharepoint Environments

• Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings

• QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances

• Authelia: Open-source authentication and authorization server

• Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass

• Cybersecurity jobs available right now: May 22, 2024

• CEOs accelerate GenAI adoption despite workforce resistance

• Technological complexity drives new wave of identity risks

• Kentik for Ansible Automation Platform now certified with Red Hat

• ISC Stormcast For Wednesday, May 22nd, 2024 https://isc.sans.edu/podcastdetail/8992, (Wed, May 22nd)

• Uncle Sam to inject $50M into auto-patcher for hospital IT

• Hackers Leverage AI as Application Security Threats Mount

• AI Companies Make Fresh Safety Promise at Seoul Summit, Nations Agree to Align Work on Risks

• FUD: How Fear, Uncertainty, and Doubt can ruin your security program

• Back to Cooking: Detection Engineer vs Detection Consumer, Again?

• Breach Forums Plans Dark Web Return This Week Despite FBI Crackdown

• SaaS BOM: The Advantage for Securing SaaS Ecosystems

• USENIX Security ’23 – Rods with Laser Beams: Understanding Browser Fingerprinting on Phishing Pages

• EFF Urges Supreme Court to Reject Texas’ Speech-Chilling Age Verification Law

• Have Web Trust Issues? Bot Management Can Help

• IT Security News Daily Summary 2024-05-21

• 5 Mitre ATT&CK framework use cases

• Cybersecurity or Cyber Resilience: Which Matters More?

• Using Open-Souce and Built-In Tools for Supply Chain Validation

• The best VPN trials of 2024: Expert tested and reviewed

• Facebook Joins New Anti-Scam Coalition To Fight Financial Fraud

• CISA adds NextGen Healthcare Mirth Connect flaw to its Known Exploited Vulnerabilities catalog

• How to remove a user from a shared Windows device

• How to remove a user from a shared Mac

• How to remove a user from a shared Android device

• Zoom adds ‘post-quantum’ encryption for video nattering

• Getting Your Copilot Pilot Out of Pilot

• How the new Microsoft Recall feature fundamentally undermines Windows security

• cloud penetration testing

• Critical Fluent Bit bug affects all major cloud providers, say researchers

• AI Safety Summit 2024: Tech Firms Agree AI Safety Pledges

• Soft skills every entrepreneur needs

• Microsoft’s new Recall feature for Copilot+PCs criticized as ‘spyware’

• Speaking Freely: Ethan Zuckerman

• Sensitive Data Detection using AI for API Hackers

• Legacy Systems: Learning From Past Mistakes

• Critical GitHub Enterprise Server Flaw Allows Authentication Bypass

• The Wordfence Affiliate Program Officially Launches Today

• Microsoft’s latest Windows 11 security features aim to make it ‘more secure out of the box’

• QNAP Rushes Patch for Code Execution Flaw in NAS Devices

• USENIX Security ’23 – Knowledge Expansion and Counterfactual Interaction for Reference-Based Phishing Detection

• Why Deleting Your Temu Account Might Be the Best Move

• Former OpenAI Executive Raises Safety Concerns

• Why Your Wi-Fi Router Doubles as an Apple AirTag

• Prowling the Wilds — Upgrade Your SOC and Hunt Down Threats

• CISA Warns Of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw

• Zoom Adding Post-Quantum End-to-End Encryption To All Products

• You Can Now Buy A 4-Foot-Tall Humanoid Robot For $16k

• Julian Assange Can Appeal Extradition To The US, London Court Rules

• OpenSSF Sings A Siren Song To Steer Developers Away From Buggy FOSS

• Russia’s DoppelGänger Campaign Manipulates Social Media

• OpenAI ChatGPT Cyber Threat to Scarlett Johansson

• 23-Year-Old Arrested for Running 100M Incognito Dark Web Market

• Memcyco Report Reveals Only 6% Of Brands Can Protect Their Customers From Digital Impersonation Fraud

• Windows System Admins Targeted by Hackers Via Fraudulent PuTTy, WinSCP Ads

• 70% of CISOs Expect Cyber-Attacks in Next Year, Report Finds

• US Warns Rising Cyberattacks Against Water Supplies

• cloud workload protection platform (CWPP)

• Conservative cell carrier Patriot Mobile hit by data breach

• Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users

• 70% of CISOs Expect Cyberattacks in Next Year, Report Finds

• Guardz Launches Pioneering Cyber Insurance with Active Protection Exclusively for SMBs

• Working in the security clearance world: How security clearances impact jobs

• LCDS LAquis SCADA

• CISA Releases One Industrial Control Systems Advisory

• News alert: Memcyco report reveals only 6% of brands can stop digital impersonation fraud

• AI Seoul Summit: 16 AI Companies Sign Frontier AI Safety Commitments

• The Year in GenAI: Security Catches Up with Innovation

• Scarlett Johansson ‘Shocked, Angered’ Over OpenAI’s Artificial Voice

• Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

• Vulnerability Summary for the Week of May 13, 2024

• 15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)

• Ransomware and AI-Powered Hacks Drive Cyber Investment

• Holes in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets

• 2024 Cloud Security Report: Unveiling the Latest Trends in Cloud Security

• CISSP or CISM: Which should you pursue?

• Zoom Adding Post-Quantum End-to-End Encryption to Products

• Slack Faces Backlash Over AI Data Policy: Users Demand Clearer Privacy Practices

• Digital Impersonation Fraud: a Growing Challenge for Brands

• SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure

• Scanning without Scanning with NMAP (APIs FTW), (Tue, May 21st)

• Why Game Companies Are Adopting Distributed Cloud Computing

• Memcyco Report: Just 6% of Brands Guard Against Digital Impersonation Fraud

• North Korean Hackers Hijacked Military Officials Personal Email

• Microsoft Unveild New Windows 11 Features To Strengthen Security

• Critical Memory Corruption In Cloud Logging Infrastructure Enables Code Execution Attack

• DoppelGänger Attack: Malware Routed Via News Websites And Social Media

• AAPI Heritage Month Spotlight: Archana Ragothaman

• Many Stumble Into Cybersecurity, But Leadership is By Design

• Recent Healthcare Ransomware Attacks

• Ransomware Attack Leaves Michigan Hospitals in Chaos Nine Days On

• Understanding the SOC 2 Certification

• HR and IT related phishing scams still most popular according to KnowBe4’s latest Phishing Report

• New ‘Siren’ Mailing List Aims to Share Threat Intelligence for Open Source Projects

• Five Core Tenets Of Highly Effective DevSecOps Practices

• Hyperconverged Infrastructure: Your Complete Guide to HCI

• Iranian State Hackers Partner Up for Large-Scale Attacks, Report

• Empowering Growth: My Journey with the Cisco MentorMe Program

• QNAP QTS Zero-Day in Share Feature Gets Public RCE Exploit

• Productivity Increases in Sectors Exposed To AI, PwC Finds

• Detecting Malicious Trackers

• Void Manticore Launches Destructive Attacks on Albania and Israel

• EPA Issues Alert After Finding Critical Vulnerabilities in Drinking Water Systems

• CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw

• Insider Q&A: CIA’s Chief Technologist’s Cautious Embrace of Generative AI

• Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323)

• Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

• Over 60% of Network Security Appliance Flaws Exploited as Zero Days

• With ransomware whales becoming so dominant, would-be challengers ask ‘what’s the point?’

• How to Install a VPN on Your Router

• Eventbrite Promoted Illegal Opioid Sales to People Searching for Addiction Recovery Help

• Chinese Telco Gear May Get Banned in Germany

• How to Drive Down Skyrocketing Data Costs with the Only Cost-Optimized SIEM

• Ask the Analyst: Nisos Events and Ticket Fraud Expert Kirk Maguire

• Latest Ubuntu Security Updates: Fixing Linux Kernel Vulnerabilities

• What Is Risk Management in Cybersecurity | Kovrr

• TuxCare and DOSIsoft Partner to Offer Ongoing Support and Cyber Protections for Radiation Oncology and Nuclear Medicine Software

• BT Extends Deadline For PSTN Switch To Digital Landlines

• Experts warn of a flaw in Fluent Bit utility that is used by major cloud platforms and firms

• Consumers Continue to Overestimate Their Ability to Spot Deepfakes

• CISA Warns of Actively Exploited NextGen Mirth Connect Pre-Auth RCE Vulnerability

• OmniVision Says Personal Information Stolen in Ransomware Attack

• Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses

• You Can’t Leak What You Don’t Collect

• Multiple Vulnerabilities in Honeywell VirtualUOC Let Attackers Execute Remote Code

• The Interplay of AI and Cybersecurity: Survey Results

• The UK’s Cybersecurity: Where Is it and Where Is it Going?

• ‘Linguistic Lumberjack’ Flaw in Logging Utility Fluent Bit Impacts Cloud Services

• Cybersecurity News: Military cyber service, GetCaught abuses services, chatbot jailbreaks

• North Korea-Linked Kimsuky APT Attack Targets Victims via Messenger

• The Mystery of the Targeted Ad and the Library Patron

• Authorities Arrest $100m Incognito Drugs Market Suspect

• Cybercriminals Shift Tactics to Pressure More Victims Into Paying Ransoms

• Critical Fluent Bit Bug Impacts All Major Cloud Platforms

• Grandoreiro Malware Hijacks Outlook Client to Send Phishing Emails

• Experts released PoC exploit code for RCE in QNAP QTS

• Fortinet FortiSIEM Command Injection Flaw (CVE-2023-34992) Deep-Dive

• What is ISO 42001? Structure, Responsibilities and Benefits

• Critical Memory Corruption In Cloud Logging Infrastructure Enables Code Execution Attack

• CyberArk Snaps up Venafi for $1.54B to Ramp up in Machine-to-Machine Security

• NextGen Healthcare Mirth Connect Under Attack – CISA Issues Urgent Warning

• GitCaught Campaign Leverages GitHub Repositories and Fake Profiles for Malicious Infrastructure

• Podcast Episode: Chronicling Online Communities

• Best Security Questionnaire Automation Software – Top Features To Look For

• PoC Exploit Released for QNAP QTS zero-day RCE Flaw

• “Linguistic Lumberjack” Vulnerability Discovered in Popular Logging Utility Fluent Bit

• Master of Puppets: Uncovering the DoppelGänger pro-Russian influence campaign

• USA initiates $50m incentive program to thwart ransomware threats

• Strategies for combating AI-enhanced BEC attacks

• Phishing statistics that will make you think twice before clicking

• Big Tech is not much help when fighting a junta, and FOSS doesn’t ride to the rescue

• Challenging Times Remain Among the Ever-Evolving Email Landscape

• Fighting identity fraud? Here’s why we need better tech

• YouTube has become a significant channel for cybercrime

• eBook: 10 reasons why demand for cloud security is sky-high

• ISC Stormcast For Tuesday, May 21st, 2024 https://isc.sans.edu/podcastdetail/8990, (Tue, May 21st)

• GitLab unveils GitLab 17, AI for devsecops

• Shots Fired: Congressional Letter Questions DHS Funding of ShotSpotter

Generated on 2024-05-22 23:55:12.161856