IT Security News Daily Summary 2024-08-29

• High Fidelity Data: Balancing Privacy and Usage

• Nvidia’s ‘Eagle’ AI sees the world in Ultra-HD, and it’s coming for your job

• Cisco addressed a high-severity flaw in NX-OS software

• The art and science behind Microsoft threat hunting: Part 3

• Threat Actors Exploit Microsoft Sway to Host QR Code Phishing Campaigns

• Oh, great. Attacks developed by spyware vendors are being re-used by Russia’s Cozy Bear cretins

• 10 ways to speed up your slow internet connection today

• Cisco Umbrella for Government: DNS Security Integrated With CISA Protective DNS

• The 25% off Blink Mini 2 is one of the best security cameras deals this Labor Day

• Preventing counterfeiting by adding dye to liquid crystals to create uncrackable coded tags

• The AppViewX Experience: A Journey to Seamless Solution Onboarding

• CISA Launches New Portal to Improve Cyber Reporting

• Fake Canva home page leads to browser lock

• Feds claim sinister sysadmin locked up thousands of Windows workstations, demanded ransom

• What kind of summer has it been?

• OpenAI, Anthropic To Share AI Models With US Government

• 6 Principles for Use of AI in K12 Education

• Top Cybersecurity Companies You Need to Know in 2024 (And How to Choose One)

• Musk Row With Brazil Continues, As Supreme Court Threatens To Suspend X

• #StopRansomware: RansomHub Ransomware

• Flying through Seattle’s hacked airport

• Key Strategies for Building Cyber Workforce Resilience

• Gaps in Skills, Knowledge, and Technology Pave the Way for Breaches

• Innovator Spotlight: ThreatLocker

• Spotlight on Sysdig

• Spotlight on Akto.ai

• Rock Chrome hard enough and get paid half a million

• USENIX Security ’23 – RøB: Ransomware over Modern Web Browsers

• Elevating your secrets security hygiene: H1 roundup of our product innovations

• Cyberattacks Skyrocket in India, Are We Ready for the Digital Danger Ahead?

• Check Point Software acquires Cyberint Technologies

• Google Mulling ‘Hyperscale’ Vietnam Data Centre – Report

• The best free VPNs of 2024: Expert tested

• 2.5 Million Reward Offered For Cyber Criminal Linked To Notorious Angler Exploit Kit

• Flying through Sea-Tac’s hacked airport

• Stay in the H2 know – providing clean water with Cisco industrial IoT

• Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published

• Innovator Spotlight: Beyond Identity

• Innovator Spotlight: Zenity

• Innovator Spotlight: Traceable AI

• Dick’s Sporting Goods Says Sensitive Data Exposed in Cyberattack

• Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

• Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32

• North Korean Hackers Launch New Wave of npm Package Attacks

• Intel Questioned By US Senator Over Job Cuts After $20bn Grant, Loans

• Hackers Calling Employees to Steal VPN Credentials from US Firms

• Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs

• Rockwell Automation ThinManager ThinServer

• Delta Electronics DTN Soft

• Zero touch provisioning with Cisco Firewall Management Center Templates

• Customer Experience is a Learning Experience

• Top Data Center Priorities—Evolving Needs for Scaling Infrastructure

• The Power of Reporting at Cisco Black Belt Academy: Driving Success for Partners

• Innovator Spotlight: Reco.ai

• BlackByte Ransomware Outfit is Targeting More Orgs Than Previously Known

• Snowflake Faces Declining Growth Amid Cybersecurity Concerns and AI Expansion

• BlackByte Adopts New Tactics, Targets ESXi Hypervisors

• Wordfence Intelligence Weekly WordPress Vulnerability Report (August 19, 2024 to August 25, 2024)

• Inside the NIST Cybersecurity Framework 2.0 and API Security

• A Measure of Motive: How Attackers Weaponize Digital Analytics Tools

• Shares In Nvidia Fall, Despite Record Profits, Sales

• How to embrace Secure by Design principles while adopting AI

• Powerful Spyware Exploits Enable a New String of ‘Watering Hole’ Attacks

• Check Point Joins Esteemed Sponsors of Security Serious Unsung Heroes Awards 2024

• International Cyber Expo’s 2024 Tech Hub Stage Agenda Showcases the Future of Cybersecurity Innovation, From AI to Automation

• Dick’s Sporting Goods Discloses Cyberattack

• What is Gift Card and Loyalty Program Abuse?

• Strata Identity to Host Tear Down and Modernization Webinar for Legacy Identity Infrastructures

• Rain Technology Laptop Switchable Privacy protects against visual hackers and snoopers

• Unpatched CCTV Cameras Exploited to Spread Mirai Variant

• Corona Mirai botnet spreads via AVTECH CCTV zero-day

• Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites

• Marketing Trends: How to Use Big Data Effectively

• Russia’s APT29 using spyware exploits in new campaigns

• Russian government hackers found using exploits made by spyware companies NSO and Intellexa

• Critical Fortra FileCatalyst Workflow Vulnerability Patched (CVE-2024-6633)

• Strengthening Your Cybersecurity Insurance Posture with Privileged Access Management (PAM) Solutions

• Brain Cipher claims attack on Olympic venue, promises 300 GB data leak

• Harmful ‘Nudify’ Websites Used Google, Apple, and Discord Sign-On Systems

• Cisco Patches Multiple NX-OS Software Vulnerabilities

• Iranian State Hackers Team Up with Ransomware Gangs in Attacks on US

• Telegram CEO Pavel Durov charged with allowing criminal activity

• AI Hype vs Hesitence

• A Guide To Selecting The Best URL Filtering Software

• Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks

• How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back

• U.S. Agencies Warn of Iranian Hacking Group’s Ongoing Ransomware Attacks

• Surge in New Scams as Pig Butchering Dominates

• Telegram’s Pavel Durov Charged For Allowing Criminal Activity On App

• NordVPN vs Proton VPN (2024): Which VPN Should You Choose?

• Telegram CEO Pavel Durov charged in France for facilitating criminal activities

• May 2024 Cyber Attacks Statistics

• Threat Group ‘Bling Libra’ Pivots to Extortion for Cloud Attacks

• Iranian Hackers Secretly Aid Ransomware Attacks on US

• The Emerging Dynamics of Deepfake Scam Campaigns on the Web

• Google, Apple, and Discord Let Harmful AI ‘Undress’ Websites Use Their Sign-On Systems

• Meeting the New Cyber Insurance Requirements

• Hundreds of LLM Servers Expose Corporate, Health & Other Online Data

• What’s Working With Third-Party Risk Management?

• Exploring the VirusTotal Dataset | An Analyst’s Guide to Effective Threat Research

• Scam Sites at Scale: LLMs Fueling a GenAI Criminal Revolution

• Analysis of two arbitrary code execution vulnerabilities affecting WPS Office

• Stealing cash using NFC relay – Week in Security with Tony Anscombe

• Don’t Leave Your Digital Security to Chance: Get Norton 360

• CISA Adds Google Chromium V8 Bug to its Known Exploited Vulnerabilities Catalog

• AWS Load Balancer Plagued by Authentication Bypass Flaw

• Iranian Hackers Use New Tickler Malware to Collect Intel From US, UAE

• Cybersecurity News: Iran hacking, Labour Party backlog, more Telegram warrants

• Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

• Sweat Sensors Raise Health Benefits and Privacy Concerns

• Bitwarden introduces enhanced inline autofill feature for credit cards and identities

• IT Engineer Charged For Attempting to Extort Former Employer

• Check Point to Acquire Cyberint Technologies to Enhance Operations

• US Sees Iranian Hackers Working Closely With Ransomware Groups

• RISCPoint RADAR provides real-time vulnerability detection across multiple attack surfaces

• Unifying Cyber Defenses: How Hybrid Mesh Firewalls Shape Modern Security

• Change Management and File Integrity Monitoring – Demystifying the Modifications in Your Environment

• Concentric AI unveils AI-based DSPM functionality that monitors user activity risk

• Live Patching DLLs with Python, (Thu, Aug 29th)

• Wireshark 4.4.0 Released – What’s New!

• Critical Vulnerability in Perl Module Installer Let Attackers Intercept Traffic

• Iran-linked group APT33 adds new Tickler malware to its arsenal

• French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform

• America witnesses $1.5 billion in Cyber Crime losses so far in 2024

• National Public Data (NPD) Breach: Essential Guide to Protecting Your Identity

• The NIS2 Directive: How far does it reach?

• Ransomware Attacks Exposed 6.7 Million Records in US Schools

• Deepfakes: Seeing is no longer believing

• Why ransomware attackers target Active Directory

• Durex India spilled customers’ private order data

• CrowdStrike Estimates the Tech Meltdown Caused by Its Bungling Left a $60 Million Dent in Its Sales

• Third-party risk management is under the spotlight

• ISC Stormcast For Thursday, August 29th, 2024 https://isc.sans.edu/podcastdetail/9118, (Thu, Aug 29th)

• CrowdStrike’s meltdown didn’t dent its market dominance … yet

• BlackByte Ransomware Exploits New VMware Flaw in VPN-Based Attacks

• When Get-Out-The-Vote Efforts Look Like Phishing

• Are Java Users Making Bad Oracle Java Migration Decisions?

• Chrome bug hunters can earn up to $250,000 for serious vulnerabilities now – here’s how

• 3CX Phone System Local Privilege Escalation Vulnerability

• Spotlight on Simbian

• Innovator Spotlight: DNSFilter

• Microsoft hosts a security summit but no press, public allowed

• Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations

• Data Masking Challenges in Complex Data Environments and How to Tackle them

• Choosing the Right DSPM Vendor: The Map is Not the Territory

• Product Release: Selective Sync + Account Recovery

• Exploits, Vulnerabilities and Payloads – Who Knew?

• IT Security News Daily Summary 2024-08-28

• Akamai Named a Leader in The Forrester Wave?: Microsegmentation Solutions, Q3 2024

• I Spy With My Little Eye: Uncovering an Iranian Counterintelligence Operation

• Types of hackers: Black hat, white hat, red hat and more

• Chrome bug hunters can earn up to $250,000 for serious vulnerabilities now – how’s how

• Bitdefender vs. McAfee: Comparing Features, Pricing, Pros & Cons

• Young Consulting data breach impacts 954,177 individuals

• U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog

• Proof-of-concept code released for zero-click critical Windows vuln

• GiveWP Plugin Vulnerability Risked 100,000+ Websites To RCE Attacks

• WPML WP Plugin Vulnerability Risked 1M+ WordPress Websites

• Microsoft Copilot Studio Vulnerability Could Expose Sensitive Data

• Infosec experts applaud DOJ lawsuit against Georgia Tech

• Simplifying the policy experience for today’s IT teams

• Americans Are Uncomfortable with Automated Decision-Making

• DataDome Releases Fastly Compute Server-Side Integration

• Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day

• Google Restarts Gemini AI’s Image Generation Of People

• CODAC Behavioral Healthcare, US Marshalls are latest ransomware targets

• Copyright Is Not a Tool to Silence Critics of Religious Education

• Iran’s Pioneer Kitten hits US networks via buggy Check Point, Palo Alto gear

• Google Now Offering Up to $250,000 for Chrome Vulnerabilities

• Mike Lynch: Captain Of Bayesian Yacht Declines To Talk

• Advanced Techniques in Automated Threat Detection

• Google’s Gemini AI gets major upgrade with ‘Gems’ assistants and Imagen 3

• Halliburton cyberattack explained: What happened?

• Ex-Twitter CISO Lea Kissner appointed as LinkedIn security chief

• Porsche – Executive & Security Ratings Snapshot Request

• SOC 2 vs. SAS 70: A Comprehensive Comparison

• China Cyberwar Coming? Versa’s Vice: Volt Typhoon’s Target

• Bitcoin and Nostr: What Lies Beyond Decentralization and Freedom

• Why AI-Driven Cybercrime Could Be Your Business’s Biggest Risk

• Ransomware on the Rise: Key Steps to Safeguard Your Business from Cyber Threats

• Pioneer Kitten: Iranian hackers partnering with ransomware affiliates

• Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability

• Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver

• Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing

• Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case

• The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks

• Hacktivists turning to ransomware spread

• Cybersecurity Companies Join Microsoft to Discuss Safe Deployment Practices following CrowdStrike Outage

• Innovator Spotlight: Gurucul

• Dick’s Sporting Goods discloses cyberattack

• LinkedIn Hires Former Twitter Security Chief Lea Kissner as New CISO

• Top 10 Lessons Learned from Managing Kubernetes from the Trenches

• LummaC2 Infostealer Resurfaces With Obfuscated PowerShell Tactics

• HMD Launches ‘Barbie’ Flip Phone To Tackle Smartphone Addiction

• Notorious Iranian Hackers Have Been Targeting the Space Industry With a New Backdoor

• Cisco Smart Bonding for MSPs: Enhance Customer Experience and Streamline Support Workflows

• BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085

• WPS Office Zero-Day Exploited by South Korea-Linked Cyberspies

• Georgia Tech Faces DOJ Lawsuit Over Alleged Lapses in Cybersecurity for Defense Contracts

• Ukrainian Hackers Launch Coordinated Cyber Offensive on Russian Networks

• Here’s How to Safeguard Yourself Against Phone Scams

• AuthenticID enhances Smart ReAuth to combat AI-based attacks and account takeovers

• Veeam Data Platform 12.2 extends data resilience to more platforms and applications

• Iran-Backed Peach Sandstorm Hackers Deploy New Tickler Backdoor

• New LummaC2 Malware Variant Uses PowerShell, Obfuscation to Steal Data

• Now available on Microsoft Azure: Cisco AppDynamics provides more flexibility

• BlackByte Blends Known Tactics With New Encryptor Variant and Vulnerability Exploits to Support Ongoing Attacks

• Quantum Computing and the Risk to Classical Cryptography

• APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor

• The Advantages of Runtime Application Self-Protection

• 32 Million Sensitive Records Exposed From Service Management Provider

• TDECU MOVEit Data Breach, 500,000+ members’ Personal Data Exposed

• Overcoming Challenges in Defensive Cybersecurity Teams with an Offensive Mindset

• Microsoft’s Sway Serves as Launchpad for ‘Quishing’ Campaign

• Rezonate’s mid-market solution reduces the cloud identity attack surface

• Diligent NIS2 Compliance Toolkit helps organizations bolster their cybersecurity resilience

• Research Unveils Eight Android And iOS That Leaks Users Sensitive Data

• The Jedi of Code: May CloudGuard Be with You

• Deep Analysis of Snake Keylogger’s New Variant

• From Copilot to Copirate: How data thieves could hijack Microsoft’s chatbot

• Dragos Platform updates streamline OT threat and vulnerability workflows

• Regardless of Market Fluctuation, Web3 Infrastructure Is Booming

• Pootry EDR Killer Malware Wipes Out Security Tools From Windows Machine

• Versa Director Zero-day Vulnerability Let Attackers Upload Malicious Files

• Price Drop: This Complete Ethical Hacking Bundle is Now $40

• Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

• New Phishing Campaign Steals VPN Credentials Using Social Engineering Methods

• The End of the Tunnel Vision: Why Companies Are Ditching VPNs for Zero Trust

• Malware Delivered via Malicious Pidgin Plugin, Signal Fork

• Beating MFA Fatigue and AI-Driven Attacks with DirectDefense

• US offers $2.5M reward for Belarusian man involved in mass malware distribution

• Check Point Acquires Cybersecurity Startup Cyberint

• China’s Volt Typhoon Exploits Zero-Day Flaw in Versa’s SD-WAN Director Servers

• Fortinet Debuts Sovereign SASE, Updates Unified SASE With FortiAI

• F5 and Intel join forces to push the boundaries of AI deployment

• Rising Tides: Runa Sandvik on Creating Work that Makes a Difference

• The Risks Lurking in Publicly Exposed GenAI Development Services

• Optimizing SBOM sharing for compliance and transparency

• A misuse of Spamhaus blocklists: PART 2 – How to limit outbound spam

• BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave

• IDC Raises Smartphone Shipment Forecast Amid GenAI Optimism

• CoinSwitch sues WazirX to recover trapped funds

• FBI’s Internet Crime Complaint Center reports $1.6 billion in losses for Americans due to scams and fraud

• Airtags Locator Device used to Grab the Stolen Parcel

• Matthew Green on Telegram’s Encryption

• South Korean APT Group Exploits WPS Office Zero-Day for Espionage

• US Offering $2.5 Million Reward for Belarusian Malware Distributor

• Apple Axes Jobs In Digital Services Group – Report

• What Is Cybersecurity Awareness Training? Why Your Business Needs it

• GDPR Data Breach Notification Letter (Free Download)

• Park’N Fly Data Breach Compromised Sensitive Data of 1 Million Customers

• BlackByte affiliates use new encryptor and new TTPs

• Join Us 09-13-24 for “Hacking Leadership Skills” – Super Cyber Friday

• Join Us 09-06-24 for “Hacking Tabletop Exercises” – Super Cyber Friday

• BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks

• Nasdaq Seeks Permission For Bitcoin Index Listing Option

• A Guide on 5 Common LinkedIn Scams

• The Invisible Shield: Exploring the Silent Guardians of IoT Security

• Fortinet introduces sovereign SASE and GenAI capabilities

• Money Laundering Dominates UK Fraud Cases

• Cybersecurity News: Another MOVEit incident, U.S. Marshals disputes breach, Park’N Fly data swiped

• The ultimate dual-use tool for cybersecurity

• Patchwork Actors Using Weaponized Encrypted Zip Files to Attack Orgs

• Researchers Disclosed 20 Vulnerabilities Exploited To Attack ML Used In Orgs

• Broadcom Extends VMware Cybersecurity Portfolio

• Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)

• APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)

• HYCU for Microsoft Entra ID provides organizations with automated, policy-driven backups

• South Korean Spies Exploit WPS Office Zero-Day

• Three Reasons for Cisco Umbrella for Government

• U.S. CISA adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog

• Sport 2000 – 3,189,643 breached accounts

• Woman uses AirTags to nab alleged parcel-pinching scum

• Microsoft Security Update: 90 Critical Vulnerabilities Fixed

• What is binary compatibility, and what does it mean for Linux distributions?

• Expel partners with Wiz to enhance security for cloud environments

• Top 7 Questions to Ask Cybersecurity Service Providers

• BlackSuit Ransomware targets software firm and steals data of about 950k individuals

• Largest Healthcare Data Breaches of 2023

• Rockwell Automation ThinManager Flaw Let Attackers Execute Remote Code

• MacOS Version of HZ Rat Backdoor Discovered Targeting DingTalk and WeChat Users

• Watchdog Criticizes FBI for Inadequate Digital Storage and Destruction Practices

• CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports

• Four Internet Service Providers are breached by sophisticated cyber attack. Cyber Security Today for Wednesday, August 28, 2024

• Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem

• Cyberattacks on UK Law Firms Surge by 77% Amid Rising Ransomware Threat

• Cryptomator: Open-source cloud storage encryption

• MFP security: How Can Resellers Ensure Customers Have The Proper Protection?

• Cybercriminals capitalize on travel industry’s peak season

• Cybersecurity jobs available right now: August 28, 2024

• Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution

• Old methods, new technologies drive fraud losses

• ISC Stormcast For Wednesday, August 28th, 2024 https://isc.sans.edu/podcastdetail/9116, (Wed, Aug 28th)

• Chinese broadband satellites may be Beijing’s flying spying censors, think tank warns

• Not a SOC FAQ! This is SOC FMD!

• Scott Kannry on the What’s Up with Tech? Podcast

• Vega-Lite with Kibana to Parse and Display IP Activity over Time, (Tue, Aug 27th)

Generated on 2024-08-29 23:55:10.543933