IT Security News Daily Summary 2024-05-29

• ‘Largest Botnet Ever’ Tied to Billions in Stolen Covid-19 Relief Funds

• A Plan to Protect Critical Infrastructure from 21st Century Threats

• How to converge networking and security teams: Key steps

• Multi-day DDoS storm batters Internet Archive

• Chinese EVs – and their connected tech – are the next target of US lawmakers

• USENIX Security ’23 – Dubhe: Succinct Zero-Knowledge Proofs for Standard AES and related Applications

• Scammers Build Fraud Campaigns Around Free Piano Offers

• Is Your Computer Part of ‘The Largest Botnet Ever?’

• Check Point released hotfix for actively exploited VPN zero-day

• Top 6 Managed Detection & Response (MDR) Providers in 2024

• From Trend to Mainstay: The Unstoppable Force of Managed Services

• From IT Pro to Swiftie, Scott Sardella’s Winning Big with Cisco Insider Advocates

• Don’t Let the Sun Go Down on Section 230 | EFFector 36.7

• Cybercriminals Abuse StackOverflow to Promote Malicious Python Package

• Christie’s Auction House Hacked, Sensitive Data from 500,000 Customers Stolen

• Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks

• 6 insights from Microsoft’s 2024 state of multicloud risk report to evolve your security strategy

• Why healthcare data is often the target of ransomware attacks

• House bill would ban Chinese connected vehicles over security concerns

• Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges

• New Generative AI category added to Talos reputation services

• Retail Tech Deep-Dive: Meraki Security

• Integration of Cisco Secure Threat Defense Virtual with Megaport

• #MIWIC2024 One To Watch: Ellie Calver, Cybersecurity Apprentice at BT

• How to turn off location tracking on iOS and iPadOS

• USENIX Security ’23 – PROGRAPHER: An Anomaly Detection System based on Provenance Graph Embedding

• Advance Fee Fraud Targets Colleges With Free Piano Offers

• Microsoft uncovers North Korea Moonstone Sleet

• Surge in Discord Malware Attacks as 50,000 Malicious Links Uncovered

• Check Point discovers vulnerability tied to VPN attacks

• Defend Your Business: Testing Your Security Against QakBot and Black Basta Ransomware

• Check Point Warns of Zero-Day Attacks on its VPN Gateway Products

• Geoffrey Hinton Discusses Risks and Societal Impacts of AI Advancements

• New PyPI Malware “Pytoileur” Steals Crypto and Evades Detection

• Brazilian Banks Targeted by New AllaKore RAT Variant Called AllaSenha

• AI, Deepfakes and Digital ID: The New Frontier of Corporate Cybersecurity

• Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution

• Transcend Raises $40 Million for Data Privacy Platform

• A NIST AI RMF Summary

• You Know You Need GenAI Policies, Right?

• 400% Increase in MoD Data Breaches Sparks Fears of Cyber Threats from Russia and China

• Hackers exploited “Free VPN” to build massive fraud botnet, hit with US sanctions

• Severe Vulnerability Fixed In Cisco Firepower Management Center

• North Korea Building Cash Reserves Using Ransomware, Video Games

• Top Lieutenant To Crypto King Jailed For Seven Years

• US Sanctions Three Chinese Men For Operating 911 S5 Botnet

• Netflix Paid Out Over $1 Million Via Bug Bounty Program

• BreachForums Returns Just Weeks After FBI-Led Takedown

• A Wider View on TunnelVision and VPN Advice

• Risks of Generative AI for Organisations and How to Manage Them

• Combatting International Spoofed Calls: India’s New Measures to Protect Citizens

• Protect and Elevate Your DNS with Akamai Shield NS53

• How to turn off location tracking on Android

• US Sanctions Three Chinese Men for Operating 911 S5 Botnet

• AI Market Research: The Pivotal Role of Generative AI in Cyber Security

• Keeper Unveils Revamped Browser Extension

• Data leak site BreachForums is back, boasting Live Nation/Ticketmaster user data. But is it a trap?

• From Courtroom to Cyber Threat: The JAVS Viewer 8 Incident

• Internet Archive Disrupted by Sustained and “Mean” DDoS Attack

• North Korea building cash reserves using ransomware, video games

• Industrials at Cisco Live 2024

• How Empathetic Leadership Can Shape the Future of Inclusion in Cybersecurity

• Truecaller AI Call Scanner detects AI voice clones in real-time

• Moonstone Sleet: A new North Korean threat actor

• The Idea of Web3 and 7 Global Web3 Agencies

• Ransomlord – Anti-Ransomware Exploitation Tool

• Top 6 Managed Detection and Response (MDR) Providers in 2024

• BreachForums resurrected after FBI seizure

• New Endpoint Protection Platform by Cigent Blocks Ransomware at the Data Level

• Europe’s Cybersecurity Chief Says Disruptive Attacks Have Doubled in 2024, Sees Russia Behind Many

• New North Korean Threat Actor Engaging in Espionage, Revenue Generation Attacks

• Zendata Emerges From Stealth With Data Security, AI Governance Solutions

• New Research Warns About Weak Offboarding Management and Insider Risks

• U.S. Sentences 31-Year-Old to 10 Years for Laundering $4.5M in Email Scams

• Blocksquare Hits $100M Tokenized RWA Triggering Launchpad Release

• 10 Best SIEM Tools for 2024

• Strengthening Data Security to Protect Consumers

• #Infosec2024: How Williams Racing Relies on Data Security for Peak Performance

• OpenAI Creates AI Safety Committee After Criticism

• EU Eyes Telegram User Numbers As It Nears Regulatory Threshold

• Nvidia Value Nears Apple As Shares Surge

• Musk’s Neuralink Seeks Patients For Clinical Trial

• GMO GlobalSign introduces Certificate Automation Manager

• Privacy Implications of Tracking Wireless Access Points

• Personal Information of 44,000 Compromised in First American Cyberattack

• ASML and TSM Face Uncertain Future in Event of Chinese Assault on Taiwan

• How fraudsters stole $37 million from Coinbase Pro users

• Microsoft Uncovers ‘Moonstone Sleet’ — New North Korean Hacker Group

• ELLIO and ntop Partnership Enhances Real-Time Network Traffic Monitoring

• Hiring Kit: Cryptography Engineer

• Price Drop: This Complete Ethical Hacking Bundle is Now $40

• New North Korean Hacking Group Identified by Microsoft

• Join Us 06-14-24 for “Hacking the Conversation Around Risk” – Super Cyber Friday

• PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)

• Cybersecurity News: BreachForums returns, First American data breach, Chinese nationals sanctioned

• Netflix Paid Out Over $1 Million via Bug Bounty Program

• Dashlane Nudges reduces the risk of credential theft

• #Infosec2024: Decoding SentinelOne’s AI Threat Hunting Assistant

• Cyber Security Today, May 29, 2024 – A new North Korean ransomware gang spotted, and more

• ELLIO and ntop partnership to boost high-speed network traffic monitoring with real-time data on opportunistic scans, botnets, and mass attacks.

• Introducing Sekoia TDR

• TikTok Challenge To US Ban Law Gets September Hearing

• Tencent Uses AI To Help Decipher Ancient Chinese Script

• Transcend raises $40 million to address data privacy issues

• Tracking Threat Actors Using Images and Artifacts

• Data Destruction: The Final Line of Defense Against Cyber Attacks

• EU Is Tightening Cybersecurity for Energy Providers

• BreachForums Returns Just Weeks After FBI Seizure – Honeypot or Blunder?

• Study Finds Public Interest In AI Lags Industry Hype

• ABN Amro discloses data breach following an attack on a third-party provider

• Understanding Material Cybersecurity Breaches and Material Cyber Attacks

• Simplify 5G Fixed Wireless Access and Scale Secure Connectivity to More Places

• Symmetry Systems Unveils State of Data+AI Security: Dormant data growing 5X Year on Year, while 1/4 of Identities haven’t accessed Any Data in over 90 days.

• Data Entry Job Offers in Southeast Asia Could Be Cyber Crime Traps

• Customer Identity and Access Management (CIAM) 101

• Avoiding the cybersecurity blame game

• RansomLord: Open-source anti-ransomware exploit tool

• Cybersecurity jobs available right now: May 29, 2024

• A closer look at GenAI impact on businesses

• Spyware maker pcTattletale says it’s ‘out of business’ and shuts down after data breach

• 
Is that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary], (Tue, May 28th)

• ISC Stormcast For Wednesday, May 29th, 2024 https://isc.sans.edu/podcastdetail/9000, (Wed, May 29th)

• Is that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary], (Tue, May 28th)

• Using Scary but Fun Stories to Aid Cybersecurity Training

• What Is Security Service Edge (SSE): All You Need to Know

• Top Cloud Security Issues: Threats, Risks, Challenges & Solutions

• Hackers Claim Ticketmaster Data Breach: 560M Users’ Info for Sale at $500K

• 2 Weeks Out: Evolution at RSAC 2024

• Christie disclosed a data breach after a RansomHub attack

• 2.8M US folks learn their personal info was swiped months ago in Sav-Rx IT heist

• BreachForums returns just weeks after FBI-led takedown

• IT Security News Daily Summary 2024-05-28

• Treasury Sanctions Creators of 911 S5 Proxy Botnet

• Spyware maker pcTattletale shutters after data breach

• pcTattleTale spyware leaks database containing victim screenshots, gets website defaced

• Important Security Update – Stay Protected Against VPN Information Disclosure (CVE-2024-24919)

• Elon Musk and Yann LeCun’s social media feud highlights key differences in approach to AI research and hype

• IBM to test Southeast Asian LLM and facilitate localization efforts

• Experts released PoC exploit code for RCE in Fortinet SIEM

• OpenAI Launches Security Committee Amid Ongoing Criticism

• How AI could bolster software supply chain security

• Check Point warns of threat actors targeting VPNs

• BreachForums returns, just weeks after FBI-led takedown

• Rock band’s hidden hacking-themed website gets hacked

• Vulnerability Summary for the Week of May 20, 2024

• Why cellular-first SASE is defining the future of distributed enterprises

• Randall Munroe’s XKCD ‘Room Code’

• Upcoming Webinar: Getting Started With QUIC and OpenSSL

• Hackers Target Check Point VPNs, Security Fix Released

• Ongoing Hacking Campaign Targets Check Point VPNs

• The Satellites Using Radar To Peer At Earth In Minute Detail

• OpenAI Forms Safety Committee As It Starts Training Latest AI Model

• Christie’s Confirms Data Breach After Ransomware Group Claims Attack

• SpiderOak One customers threaten to jump ship following datacenter upgrade

• The Rise of Generative AI is Transforming Threat Intelligence – Five Trends to Watch

• ‘Microsoft’ Scammers Steal the Most, says FTC

• GDPR Turns Six: Reflecting on a Global Privacy Benchmark

• Threats of the Week: Black Basta, Scattered Spider, and FIN7 Malvertising

• HP Report Surfaces Shifts in Cyber Attack Tactics

• Unmasking the Trojan: How Hackers Exploit Innocent Games for Malicious Intent

• Check Point Urges VPN Configuration Review Amid Attack Spike

• ABN AMRO bank hit by Ransomware

• Congresswomen Advocate for Cybersecurity Jobs for Formerly Incarcerated

• CISA Releases One Industrial Control Systems Advisory

• Campbell Scientific CSI Web Server

• CISA Adds One Known Exploited Vulnerability to Catalog

• Shared Responsibility: How We Can All Ensure Election Security and Voter Confidence

• Social Distortion: The Threat of Fear, Uncertainty and Deception in Creating Security Risk

• ABN Amro Client Data Possibly Stolen in AddComm Ransomware Attack

• OpenAI Forms Safety Committee as It Starts Training Latest Artificial Intelligence Model

• XSS Vulnerabilities Found in WordPress Plugin Slider Revolution

• Building AI on a Foundation of Open Source Requires a Fundamentally New Approach to Application Security

• RSAC Fireside Chat: Dispersive adapts WWII radio-signal masking tool to obfuscating network traffic

• User Guide: PCI 4.0 Requirement 11.6 – Detecting and Responding to Unauthorized Changes on Payment Pages with Feroot

• Windows 11: Home or Pro? A Comprehensive Comparison

• Sharp Dragon Shifts Cyber Attacks to New Frontiers: Africa and the Caribbean

• WhatsApp Chats Vulnerable To Government Monitoring – Report

• Moroccan Cybercrime Group Storm-0539 Exploits Gift Card Systems with Advanced Phishing Attacks

• What is GPS Jamming, a Rising Concern for Global Aviation?

• Tonic Textual extracts, governs, and deploys unstructured data for AI development

• Breach Forums Return to Clearnet and Dark Web Despite FBI Seizure

• Will Australia Ever Dig Itself Out of the Cybersecurity Skills Shortage?

• Auction house Christie’s confirms criminals stole some client data

• INE Security Enables CISOs to Secure Board Support for Cybersecurity Training

• From Phish to Phish Phishing: How Email Scams Got Smart

• Get 3 Years of Rock-Solid Protection With Surfshark VPN for $67.20 by 5/31

• Top 5 Cloud Trends U.K. Businesses Should Watch in 2024

• Indian National Pleads Guilty to $37 Million Cryptocurrency Theft Scheme

• Bridging The Gap: Diversity Cyber Council and The Emergence of Tech as The New Opportunity Frontier

• Private Equity Firm Hg Acquires AuditBoard for $3 Billion

• Christie’s Confirms Data Breach After Ransomware Group Claims Attack

• US Drug Distributor Cencora Reveals Major Cyberattack, Sensitive Medical Data Breached

• TeaBot Banking Trojan Activity on the Rise, Zscaler Observes

• Adaptive Shield unveils platform enhancements to improve SaaS security

• Multiple Vulnerabilities Found In Cacti Network Monitoring Tool

• Zoom Rolls Out Post-Quantum End-to-End Encryption For Safer Chats

• GitLab XSS Vulnerability Could Allow Account Takeover

• Google Patched Another Chrome Zero-Day Under Active Attack

• Fake Antivirus Sites Spread Malware Disguised as Avast, Malwarebytes, Bitdefender

• Researchers Exploited Nexus Repository Using Directory Traversal Vulnerability

• How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet

• Navigating DORA (Digital Operational Resilience Act) with Secure Workload

• Finding My Place, Part Three: Translating Military Skills to Cybersecurity Leadership

• AI Powers Sabre’s Enhanced Threat Detection & Response

• The Link Between Cybersecurity and Reputation Management for Executives

• 4-Step Approach to Mapping and Securing Your Organization’s Most Critical Assets

• Courtroom Recording Software Vulnerable to Backdoor Attacks

• DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn

• 6 Best VPNs for Canada in 2024 (Free & Paid VPNs)

• Ransomhub’s Latest Attack Raises Alarms for Industrial Control Systems (ICS) Security

• EFF Submission to the Oversight Board on Posts That Include “From the River to the Sea”

• Vendor Risk Management Best Practices in 2024

• #Infosec2024: What to Expect at Infosecurity Europe 2024

• What is an Infosec Audit and Why Does Your Company Need One?

• 2.8 Million Impacted by Data Breach at Prescription Services Firm Sav-Rx

• Data Stolen From MediSecure for Sale on Dark Web

• Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique

• AWS In Talks To Invest Billions In Italy Amidst AI Spending Surge

• EU Adopts Law To Spur Green Tech Manufacturing

• CatDDoS Exploiting 80+ Vulnerabilities, Attacking 300+ Targets Daily

• PoC Exploit Released For macOS Privilege Escalation Vulnerability

• CERT-UA Warns of Malware Campaign Conducted by Threat Actor UAC-0006

• Ransomware? Why’d It Have to Be Ransomware? (Live in San Francisco)

• Cops Are Just Trolling Cybercriminals Now

• Trusted relationship attacks: trust, but verify

• SingCERT Warns Critical Vulnerabilities Found in Multiple WordPress Plugins

• Attackers are probing Check Point Remote Access VPN devices

• Cybersecurity News: Ransomware uses BitLocker, pharmacy supplier breach, ATM malware threat

• Proxy-Advisory Firm Advises Against Musk Tesla Pay Deal

• Musk’s xAI ‘To Build Nvidia Supercomputer’

• WordPress Plugin abused to install e-skimmers in e-commerce sites

• Digital ID Adoption: Implementation and Security Concerns

• Check Point VPN Targeted for Initial Access in Enterprise Attacks

• Update: Threat Actors Created Rogue VMs to Evade Detection During December 2023 Attack on MITRE

• US Extends Probe Into Applied Materials Over Alleged China Shipments

• China Premier Welcomes Foreign Tech Investment

• Cloud Sprawl: How to Tidy It Up

• Measuring the Effectiveness of File Integrity Monitoring Tools

• Take two APIs and call me in the morning: How healthcare research can cure cyber crime

• White House Announces Plans to Revamp Data Routing Security by Year-End

• #Infosec2024: Why Human Risk Management is Cybersecurity’s Next Step for Awareness

• Human Error Still Perceived as the Achilles’ Heel of Cybersecurity

• #Infosec2024: Charity Bridges Digital Divide and Fuels New Cyber Talent

• China Forms Biggest-Ever Chip Investment Fund

• TP-Link Archer C5400X gaming router is affected by a critical flaw

• Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling

• Black Basta Ransomware Attack: Microsoft Quick Assist Flaw

• TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks

• WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites

• ATM malware developed to target Europe

• How to combat alert fatigue in cybersecurity

• The evolution of security metrics for NIST CSF 2.0

• D3 Is Security Automation that Makes Your Team Better

• Current State of Transport Layer Security (TLS) Post-Quantum Cryptography

• Cybersecurity teams gear up for tougher challenges in 2024

• Widespread data silos slow down security response times

• 34% of organizations lack cloud cybersecurity skills

• ISC Stormcast For Tuesday, May 28th, 2024 https://isc.sans.edu/podcastdetail/8998, (Tue, May 28th)

Generated on 2024-05-29 23:55:09.490804