IT Security News Weekly Summary – Week 18

• IT Security News Daily Summary 2024-05-05

• USENIX Security ’23 – A Bug’s Life: Analyzing the Lifecycle and Mitigation Process of Content Security Policy Bugs – Distinguished Paper Award Winner

• Don’t Overlook the Cyber Risks for Operational Technology

• Lineaje Tackles Open-Source Management with New Solution

• The Quantum Security Challenge: Data Resilience Around the Unknown

• AI Could Transform Detection and Response as Legacy MDRs Lack

• Report: Spanish Authorities Discover CPF Nomination Note on iPad of Slain Singaporean Woman in Spain

• Hackers are Targeting Routers Across the Globe

• NATO and the EU formally condemned Russia-linked APT28 cyber espionage

• Offensive Awakening: The 2024 Shift from Defensive to Proactive Security

• End-to-end encryption may be the bane of cops, but they can’t close that Pandora’s Box

• Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION

• Navigating the Digital Age: AI’s Crucial Role in Cybersecurity Reinforcement

• CISA Ask Companies to Fix Path Traversal Vulnerabilities

• NSW Cybercrime Squad Arrests Suspect in Million-Person Data Breach Case

• GenAI Continues to Dominate CIO and CISO Conversations

• RSAC 2024 Innovation Sandbox | Reality Defender: Deepfake Detection Platform

• Insect Farmers Embrace AI to Drive Down Production Costs

• Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks

• nslookup’s Debug Options, (Sun, May 5th)

• USENIX Security ’23 – Silent Bugs Matter: A Study of Compiler-Introduced Security Bugs

• IT Security News Daily Summary 2024-05-04

• Pay up, or else? – Week in security with Tony Anscombe

• Facial Recognition System Breach Sparks Privacy Concerns in Australia

• DropBox E-Signature Breach Exposes Customer Data

• A Mind at Play: Rediscovering Minesweeper in the Professional Arena

• Dating apps kiss’n’tell all sorts of sensitive personal info

• A Checklist for What Every Online Coding Class for Kids Needs

• Blackbasta gang claimed responsibility for Synlab Italia attack

• French Hospital CHC-SV Refuses to Pay LockBit Ransomware Demand

• Strengthening Password Security: Addressing Misconceptions and Best Practices

• Sweden Faces Influx of DDoS Attacks Following NATO Membership

• Navigating the API Security Landscape: A CEO’s Perspective on Embedding Zero Trust Principles

• Google’s Med-Gemini: Advancing AI in Healthcare

• Your Google Account allows you to create passkeys on your phone, computer and security keys

• German Foreign Minister Says Russia will Face Consequences for Monthslong Cyber Espionage

• French Cyberwarriors Ready to Test Their Defense Against Hackers and Malware During the Olympics

• AI vs Human Intelligence: Who Is Leading The Pack?

• A New Surveillance Tool Invades Border Towns

• AI Takes the Controller: Revolutionizing Computer Games

• Microsoft Outlook Flaw Exploited by Russia’s APT28 to Hack Czech, German Entities

• Privacy Breach Rocks Australian Nightlife as Facial Recognition System Compromised

• Ukraine Records Increase in Financially Motivated Attacks by Russian Hackers

• The Real Risk is Not Knowing Your Real Risk: Perspectives from Asia Pacific Tour with EY

• CISA Urges Software Devs to Weed out Path Traversal Vulnerabilities

• Ex-Cybersecurity Consultant Jailed For Trading Confidential Data

• 13 Years of Keeping You Update: A Heartfelt HOC Anniversary Message

• Android Bug can Leak DNS Traffic With VPN Kill Switch Enabled

• Cybersecurity professional Madison Horn runs for Congress. Cyber Security Today Weekend Show May 3, 2024

• New Goldoon Botnet Targeting D-Link Devices by Exploiting 9-Year-Old Flaw

• Kaspersky hits back at claims its AI helped Russia develop military drone systems

• New Goldoon Botnet Targeting D-Link Devices by Exploiting Weak Credentials

• Airsoft Data Breach Exposes Data of 75,000 Players

• Kaspersky hits back at claims it helped Russia develop military drone systems

• What is Data Encryption Standard (DES)?

• Adding insult to injury: crypto recovery scams

• Security above all else—expanding Microsoft’s Secure Future Initiative

• LockBit published data stolen from Simone Veil hospital in Cannes

• Kaspersky accused of helping Russia develop military drone systems

• IT Security News Daily Summary 2024-05-03

• Breaking down Microsoft’s pivot to placing cybersecurity as a top priority

• You get a passkey, you get a passkey, everyone should get a passkey

• Healthcare Needs To Be Laser-Focused on API Security and Its Blind Spots

• Dangerous Militia Groups Are Organizing On Facebook Nationwide

• CCTV Cambridge, Addressing Digital Equity in Massachusetts

• Russia-linked APT28 and crooks are still using the Moobot botnet

• AMSI Write Raid 0day Vulnerability

• CEO Discusses MDR Service With a Risk-Based Approach

• The impact of automating open source dependency management

• Palo Alto Networks Extends SASE Reach to Unmanaged Devices

• Code faster with generative AI, but beware the risks when you do

• UnitedHealth data breach should be a wake-up call for the UK and NHS

• My TED Talks

• Proactive, Responsible Disclosure Is One Crucial Way Fortinet Strengthens Customer Security

• “Dirty Stream” Attack Affects Popular Android Apps

• Microsoft Overhauls Cybersecurity Strategy After Scathing CSRB Report

• Hackers Claim Biggest Attack On UAE in History

• Cyber Criminal Sentenced for Targeting Therapy Patients

• Industrial Cyberattackers Reverting to USB Tactics, Says Honeywell Report

• It may take decade to shore up software supply chain security, says infosec CEO

• More Than Two Dozen Android Vulnerabilities Fixed

• GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW

• U.K., U.S. and Canadian Cyber Authorities Warn of Pro-Russia Hacktivist Attacks on Operational Technology Systems

• Top 5 Global Cyber Security Trends of 2023, According to Google Report

• North Korean Hackers Spoofing Journalist Emails to Spy on Experts

• The U.S. House Version of KOSA: Still a Censorship Bill

• How Are APAC Tech Salaries Faring in 2024?

• Proactive Responsible Disclosure is One Crucial Way Fortinet Strengthens Customer Security

• US Says North Korean Hackers Exploiting Weak DMARC Settings

• LayerX Raises $26 Million for Browser Security Platform

• Understanding the Link Between API Exposure and Vulnerability Risks

• Most of the ransomware incidents invite lawsuits in the United States

• Compare Azure Government vs. commercial cloud offering

• UnitedHealth data breach should be a wakeup call for the UK and NHS

• On World Press Freedom Day (and Every Day), We Fight for an Open Internet

• How remote work is changing patch management

• Apple Working to Patch Alarming iPhone Issue

• Russia Accused Of Cyberattack On Germany’s Ruling Party, Defence Firms

• Unifying Excellence with Strategic Partnerships: Cisco Black Belt Academy and VQ Communications

• DeepKeep Secures $10M in Seed Funding to Boost GenAI Protection Endeavors

• A Closer Look at Top 5 Vulnerabilities of April 2024

• Streamline NIS2 Compliance with Automation

• No MFA, No Defense: Change Healthcare Falls Victim to Citrix Account Hijacking

• What we can learn from the best collegiate cyber defenders

• Europol Op Shutters 12 Scam Call Centers And Cuffs 21 Suspected Fraudsters

• Indonesia Sneakily Buys Spyware, Claims Amnesty International

• Microsoft, Google Do A Victory Lap Around Passkeys

• Lessons From LOCKED SHIELDS 2024 Cyber Exercise

• Botnet Disrupted By FBI Still Used By Russian Spies, Cybercriminals

• reNgine: Open-Source Automated Reconnaissance Framework for Web Applications

• In Other News: Locked Shields 2024, Data Exposure Bugs, NVIDIA Patches

• Bug hunters can get up to $450,000 for an RCE in Google’s Android apps

• Alphabet Axes Hundreds Of Staff From ‘Core’ Organisation

• Mal.Metrica Malware Hijacks 17,000+ WordPress Sites

• tproxy To Monitor gRPC And TCP Connections

• document sanitization

• Dirty stream attack poses billions of Android installs at risk

• Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications

• Expert-Led Webinar – Uncovering Latest DDoS Tactics and Learn How to Fight Back

• AAPI Heritage Month Spotlight: Jenny Nguyen

• Cybersecurity Consultant Arrested After Allegedly Extorting IT Firm

• Identity Management Challenges

• ArcaneDoor Espionage Campaign Targeting Cisco Firewalls Linked to China

• CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities

• Botnet Disrupted by FBI Still Used by Russian Spies, Cybercriminals

• Insider Risk Digest: April

• North Korean Hackers Spoofing Journalist Emails to Spy on Policy Experts

• ApacheMQ Authentication Flaw Let Unauthorized Users Perform Multiple Actions

• Hackers Exploit Microsoft Graph API For C&C Communications

• Strengthening our U.S. Public Sector Leadership Team with the Promotion of two Industry Veterans

• Safeguarding Your Employee Data From Identity Theft

• 68% of Data Breach Occurs Due to Social Engineering Attacks

• What is Proxmox VE – and Why You Should Live Patch It

• Microsoft Alerts Users as Russian Hackers Target Windows Systems

• Cyber Security Today, May 3, 2024 – North Korea exploits weak email DMARC settings, and the latest Verizon analysis of thousands of data breaches

• Trellix Wise automates security workflows with AI, streamlining threat detection and remediation

• ZLoader Malware adds Zeus’s anti-analysis feature

• AI-Driven Phishing Attacks Deceive Even the Most Aware Users

• Cyble Vision X covers the entire breach lifecycle

• Microsoft, Google widen passkey support for its users

• Rare Interviews with Enigma Cryptanalyst Marian Rejewski

• Investigation Uncovers Substantial Spyware Exports to Indonesia

• Microsoft Warns of ‘Dirty Stream’ Vulnerability in Popular Android Apps

• Horizon3.ai Introduces AI-Assisted Service to Prioritize and Patch Vulnerabilities Faster

• “Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps

• Microsoft introduces passkeys for consumer accounts

• Apple Announces Record Share Buyback, Amid iPhone Sales Decline

• RSA Conference 2024 – Where it all started and where to find our team

• FortiGate 200G series boosts campus connectivity for Wi-Fi 7

• BlackBerry CylanceMDR improves cybersecurity defensive strategy

• New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data

• Cyber Security Headlines: Goldoon exploits D-Link, CISA GitLab warning, Dropbox Sign breach

• How Structured Cabling Can Help With Cyber Security Attacks

• Cybercriminals and Nation-State Actors Found Sharing Compromised Networks

• US Charges 16 Over ‘Depraved’ Grandparent Scams

• Indonesia is a Spyware Haven, Amnesty International Finds

• Essential Steps for Zero-Trust Strategy Implementation

• Lenovo launches AI-based Cyber Resiliency as a Service

• Nokod Security Platform secures low-code/no-code development environments and apps

• NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources

• Attack Report: Custom QR Code Phishing Templates

• White House Issues National Security Memorandum for Critical Infrastructure

• Edgio ASM reduces risk from web application vulnerabilities

• Cyber Security Today, May 3, 2024 – North Korea exploits weak email DMARC settings, and the latest Verizon analysis of thousands of data breaches

• Vulnerability Scanning vs. Penetration Testing

• These Dangerous Scammers Don’t Even Bother to Hide Their Crimes

• U.S. Govt Warns of Massive Social Engineering Attack from North Korean Hackers

• NASA Doesn’t Know if Its Spacecraft Have Adequate Cyber Defenses, GAO Warns

• Ukrainian REvil Ransomware Affiliate Gets 13 Years in US Prison

• Gurucul REVEAL empowers organizations with full control over data

• The Crucial Role of Data in Sustainability

• Using Our Environmental Management System to Create a Sustainable Future

• Mal.Metrica Redirects Users to Scam Sites

• GUEST ESSAY: A primer on how, why ‘dynamic baselining’ fosters accurate DDoS protection

• Orum No Code Verify helps businesses validate bank accounts

• Why Cloud Vulnerabilities Need CVEs

• Essential programming languages to be learnt by Cybersecurity Professionals

• Threat Actors Renting Out Compromised Routers To Other Criminals

• Cisco IP Phone Vulnerability Let Attackers Trigger DoS Attack

• Google Announces Passkeys Adopted by Over 400 Million Accounts

• Microsoft issues cyber threat alert to Google on Vulnerable Mobile Apps

• New “Goldoon” Botnet Hijacking D-Link Routers to Use for Other Attacks

• Europol op shutters 12 scam call centers and cuffs 21 suspected fraudsters

• Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks

• Indonesia sneakily buys spyware, claims Amnesty International

• Ransom recovery costs reach $2.73 million

• Most companies changed their cybersecurity strategy in the past year

• 97% of security leaders have increased SaaS security budgets

• What is cybersecurity mesh architecture (CSMA)?

• New infosec products of the week: May 3, 2024

• Mitigating breaches on Red Hat OpenShift with the CrowdStrike Falcon Operator

• Simplify hybrid cloud operations with Red Hat Enterprise Linux 9.4

• Beyond the lingo: What does Red Hat Insights and FedRAMP mean for your workload?

• Chinese government website security is often worryingly bad, say Chinese researchers

• ISC Stormcast For Friday, May 3rd, 2024 https://isc.sans.edu/podcastdetail/8966, (Fri, May 3rd)

• Biden Signed the TikTok Ban. What’s Next for TikTok Users?

• Microsoft, Google do a victory lap around passkeys

• Ukrainian REvil gang member sentenced to 13 years in prison

• IT Security News Daily Summary 2024-05-02

• Tips and stories for your team on World Password Day

• Florida man gets 6 years behind bars for flogging fake Cisco kit to US military

• Pro-Russia hackers target critical infrastructure in North America and Europe

• Dropbox Sign customer data accessed in breach

• Patch up – 4 critical bugs in ArubaOS lead to remote code execution

• 4 IoT Trends U.K. Businesses Should Watch in 2024

• Elliptic Shows How an AI Model Can Identify Bitcoin Laundering

• What to Expect at RSA 2024: Will AI Wreak Havoc on Cybersecurity?

• Join Us 05-17-24 for the Capture the CISO Finals

• LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere

• Cisco at NAB2024: Takeaways

• What are passkeys? Experience the life-changing magic of going passwordless

• Top Tech Conferences & Events to Add to Your Calendar in 2024

• 2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

• HPE Aruba Networking addressed four critical ArubaOS RCE flaws

• Scans Probing for LB-Link and Vinga WR-AC1200 routers CVE-2023-24796, (Thu, May 2nd)

• Tesla Backs Away From Gigacasting Manufacturing – Report

• What can we learn from the passwords used in brute-force attacks?

• What is a potentially unwanted program (PUP)?

• What is role-based access control (RBAC)?

• What is security information and event management (SIEM)?

• EU plan to force messaging apps to scan for CSAM risks millions of false positives, experts warn

• CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities

• US Urges No AI Control Of Nuclear Weapons

• LayerX Security Raises $24M for Browser Security: Empowering Secure Remote Work

• LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely From Any Browser, Anywhere

• Two years in, Google says passkeys now protect more than 400 million accounts

• Ransomware Defense Startup Mimic Raises Hefty $27M Seed Round

• USENIX Security ’23 – “My Privacy for their Security”: Employees’ Privacy Perspectives and Expectations when using Enterprise Security Software

• Dropbox Hacked: eSignature Service Breached

• North Korean Scammers Lure Developers with Fake Job Offers

• Okta Alert: The Rise of Credential Stuffing Attacks Through Proxy Networks

• Dropbox Sign witnesses data breach

• Microsoft Announces Big Investments In Malaysia, Indonesia, Thailand

• Flatiron Software unveils Snapshot Reviews, an AI tool for analyzing developer code and performance

• Anthropic’s Claude Teams and iOS App: The secure, scalable solution for enterprise AI adoption

• Dropbox discloses data breach involving Dropbox Sign

• Under the Digital Radar: Defending Against People’s Republic of China’s Nation-State Cyber Threats to America’s Small Businesses

• The Breach of a Face Recognition Firm Reveals a Hidden Danger of Biometrics

• Delta Electronics DIAEnergie

• Google expands passkey support to its Advanced Protection Program ahead of the US presidential election

• Watch out for tech support scams lurking in sponsored search results

• Startup Dealflow: New Investments at Resonance, RunReveal, StepSecurity, Insane Cyber

• AI Security Startup Apex Emerges From Stealth With Funding From OpenAI CEO

• Building the Right Vendor Ecosystem – a Guide to Making the Most of RSA Conference

• Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw

• Android Flaw Affected Apps With 4 Billion Installs

• Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)

• LastPass Separates From Parent After Security Incidents

• Cuttlefish 0-click Malware Hijacks Routers & Captures Data

• GoldDigger Malware Using Deep Fake AI Photos To Hijack Bank Accounts

• LayerX Security Raises $24M for its Browser Security Platform, Enabling Employees to Work Securely From Any Browser, Anywhere

• Operational Innovations for AI and Cloud-Native Workloads from Cisco and Red Hat

• Threat actors hacked the Dropbox Sign production environment

• Finnish Psychotherapy Center Cyber-Blackmailer Gets Six Years

• Safeguarding Reproductive Health Workers: Addressing Risks Posed by Data Brokers and Doxxing

• VNC Is The Hacker’s New Remote Desktop Tool For Cyber Attacks

• ArubaOS Critical Vulnerability Let Attackers Execute Remote Code

• CyberPower PowerPanel

• Federal frenzy to patch gaping GitLab account takeover hole

• Japan’s Kishida Unveils a Framework for Global Regulation of Generative AI

• Verizon DBIR 2024 Shows Surge in Vulnerability Exploitation, Confirmed Data Breaches

• Network Security Firm Corelight Raises $150 Million

• Key Areas Where Open-Source Security Needs to Evolve

• GM Car Buyers’ Nightmare: The Unveiling of a Program Raising Insurance Rates

• Is ChatGPT Secure? Risks, Data Safety, and Chatbot Privacy Explained

• Hackers Target New NATO Member Sweden with Surge of DDoS Attacks

• LayerX Security Raises $24M for Innovative Browser Security Platform

• 5 Best Password Managers Built for Teams in 2024 (Free & Paid)

• Red Team vs Blue Team vs Purple Team: Differences Explained

• Here’s Your Chance To Own A Decommissioned US Government Supercomputer

• REvil Ransomware Scum Gets 14 Years, $16 Million Fine

• Hacker Free-For-All Fights For Control Of Home And Office Routers Everywhere

• Hackers Compromised Dropbox eSignature Service

• 1,400 GitLab Servers Impacted By Exploited Vulnerability

• Psychotherapy practice hacker gets jail time after extorting patients, publishing personal therapy notes online

• News alert: LayerX Security raises $24M Series A funding for its ‘enterprise browser’ security platform

• Hackers Claiming Breach of UAE Government Servers

• Drop My VPN – Are You Nuts?

• Today’s Security Requires Specialized Processors

• New Goldoon Botnet Targeting D-Link Devices Using Decade-Old Flaw

• 1Password Extended Access Management secures unmanaged applications and devices

• Hyperbole, Misinformation, and CyberMonsters Under the Bed

• Ying Ying Yang finds a new life and career in Australia as a Cisco Networking Academy Instructor

• The Student-Centric Experience: Leadership

• CISA Adds GitLab Flaw to its Known Exploited Vulnerabilities Catalog

• LayerX Security Raises $24M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere

• Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million

• Russian Hackers Target Industrial Systems in North America, Europe

• 1,400 GitLab Servers Impacted by Exploited Vulnerability

• CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog

• Prisma SASE 3.0 — Securing Work Where It Happens

• HPE Aruba Networking Fixes Four Critical RCE Flaws in ArubaOS

• The Surveillance Invasion: IoT and Smart Devices Stealing Corporate Secrets

• New SOHO router malware aims for cloud accounts, internal company resources

• Security Breach Exposes Dropbox Sign Users

• Three-Quarters of CISOs Admit App Security Incidents

• Deepfakes and AI-Driven Disinformation Threaten Polls

• The UK Bans Default Passwords

• World Password Day 2024: Try Passkeys!

• Vulnerability Exploits Triple as Initial Access Point for Breaches

• Trend Micro expands AI-powered cybersecurity platform

• Russian Hackers Actively Attacking Small-scale Infrastructure Sectors

• Digital fraud detection startup BioCatch hits $1.3B valuation as Permira buys majority stake

• World Password Day 2024: What are the experts saying?

• Proofpoint DLP Transform secures data moving to ChatGPT, copilots, and other GenAI tools

• Secure Code Warrior SCW Trust Score quantifies the security posture of developer teams

• HITRUST updates Cyber Threat Adaptive engine to address emerging cyber threats

• Cyber Security Headlines: Chinese disinformation, NCSC AMS, new State Secrets law

• Scaling Least Privilege for the Cloud

• US To Ban Huawei, ZTE From Certifying Wireless Kit

• SafeBase Raises $33M in Series B to Accelerate Vision for Friction-Free Security Reviews

• Confluent enhances Apache Flink with new features for easier AI and broader stream processing

• Appdome launches MobileEDR, merging MTD and EDR to protect enterprise mobile apps

• New “Goldoon” Botnet Targets D-Link Routers With Decade-Old Flaw

• Dropbox Discloses Breach of Digital Signature Service Affecting All Users

• When is One Vulnerability Scanner Not Enough?

• Cyber Startup Oasis Secures $35 Million Series A Extension, Doubles Valuation

• AI is Creating a New Generation of Cyberattacks

• CalypsoAI introduces customizable generative AI security scanners for enterprises

• Nord Security unveils NordStellar, a platform for advanced cyber threat detection and response

• REvil Ransomware Affiliate Sentenced to Over 13 Years in Prison

• Cybersecurity: The Battle of Wits

• Tripwire Patch Priority Index for April 2024

• US Warns of Russian Hackers Targeting Operational Technology in Water Systems

• Veracode platform enhancements help organizations reduce application risk

• Illumio and Wiz’s integration enhances cyber resilience in the cloud

• Anthropic Launches Enterprise-Focused Claude, Plus iPhone App

• Threat Actors Attacking MS-SQL Servers to Deploy Ransomware

• Understanding Microsoft’s Trusted Signing service

• IAM and Passkeys: 4 Steps Towards a Passwordless Future

• Venafi launches 90-Day TLS Readiness Solution

• Deep Instinct DIANNA provides malware analysis for unknown threats

• Skyhawk Security unveils cloud-native CTEM, streamlining security with AI-powered automation

• Dropbox says attackers accessed customer and MFA info, API keys

• Iranian Hackers Impersonate Journalists in Social Engineering Campaign

• Corelight Gets $150M to Expand Detection, Improve Workflows

• Dropbox Data Breach Impacts Customer Information

• Lineaje OSM improves software supply chain security

• Snyk AppRisk Pro leverages AI and third-party integrations for faster risk mitigation

• US and UK Warn of Disruptive Russian OT Attacks

• Panda Restaurant Group disclosed a data breach

• Virsec releases security tools to offer ransomware protection

• Bitwarden Authenticator protects online services and applications

• Think tank: China’s tech giants refine and define Beijing’s propaganda push

• Virsec releases security tools to provide ransomware protection

• USB Malware Attacks Targeting Industrial Systems Adapts LOL Tactics

• REvil Ransomware Affiliate Sentenced for 13 Years in Prison

• REvil ransomware scum sentenced to almost 14 years inside, ordered to pay $16 million

• Think tank: China’s tech brands refine and define Beijing’s propaganda push

• CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability

• Inside Ukraine’s Killer-Drone Startup Industry

• United Health CEO testifies before senate for ransomware attack

• Attention all Windows Users! The Microsoft April Security Update Could Break Your VPN

• 2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element

• User Privacy Threats Around T-Mobile’s ‘Profiling and Automated Decisions’

• Securing your organization’s supply chain: Reducing the risks of third parties

• New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials

• Bitwarden launches standalone Bitwarden Authenticator app

• Post DBIR 2024: 7 Ways to Reduce Your Cyber Risk

• reNgine: Open-source automated reconnaissance framework for web applications

• Understanding emerging AI and data privacy regulations

• Women rising in cybersecurity roles, but roadblocks remain

• A million Australian pubgoers wake up to find personal info listed on leak site

• AI-driven phishing attacks deceive even the most aware users

• Panda Restaurant Corporate Systems Hacked: Customer Data Exposed

• ISC Stormcast For Thursday, May 2nd, 2024 https://isc.sans.edu/podcastdetail/8964, (Thu, May 2nd)

• Deepfake of Principal’s Voice Is the Latest Case of AI Being Used for Harm

• Change Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication, UnitedHealth CEO says

• Security in the AI Sector: Understanding Infostealer Exposures and Corporate Risks

• Dropbox dropped the ball on security, haemorrhaging customer and third-party info

• Block accused of mass compliance failures that saw digi-dollars reach terrorists

• 4 Easy Ways to Find Free Wi-Fi Anywhere You Go

• Reading the Mandiant M-Trends 2024

• U.S. warns of pro-Russian hacktivist attacks against OT systems

• Lawsuit Claims Facebook Is Required To Give You More Control Of Your Own Feed

• How Cybersecurity Training Lowers Insurance Premiums

• Red Hat’s latest enterprise Linux distro has new features to tackle hybrid cloud complexity

• UnitedHealthcare CEO says ‘maybe a third’ of US citizens were affected by recent hack

• AI’s Offensive & Defensive Impacts

• IT Security News Daily Summary 2024-05-01

• United HealthCare CEO says ‘maybe a third’ of US citizens were affected by recent hack

• Red Hat’s latest enterprise Linux delivers new features to tackle hybrid-cloud complexity

• remote access

• United HealthCare CEO says ‘maybe a third’ of U.S. citizens were affected by recent hack

• 4 Takeaways from Hannover Messe 2024

• Ex-NSA employee sentenced to 262 months in prison for attempting to transfer classified documents to Russia

• Lawsuits After Ransomware on the Rise, Comparitech Says

• TikTok Viewed As Chinese Influence Tool By Most Americans – Poll

• Infosec biz boss accused of BS’ing the world about his career, anti-crime product, customers

• Cuttlefish malware targets enterprise-grade SOHO routers

• Ex-NSA employee sentenced to 262 months for attempting to transfer classified documents to Russia

• Speaking Freely: Rebecca MacKinnon

• Traceable AI Raises $30 Million to Safeguard Cloud APIs

• Oasis Security Raises $35 Million to Tackle Non-Human Identity Management

• Product Release: PreVeil 5.0

• Ofcom Confirms OnlyFans Investigation Over Age Verification

• Which Programming Language to Choose for AI?

• Muddling Meerkat Group Suspected of Espionage via Great Firewall of China

• Quantum Technology: Implications for Digital Security

• Ex Google Staff Fired Over Israel Protest File NLRB Complaint

• US charges 16 over ‘depraved’ grandparent scams

• The US Government Is Asking Big Tech to Promise Better Cybersecurity

• CISA and Partners Release Fact Sheet on Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity

• A flaw in the R programming language could allow code execution

• What’s hot at RSAC 2024: 8 SSCS talks you don’t want to miss

• Fraudulent npm Packages Deceive Software Developers into Malware Installation

• Vulnerabilities in employee management system could lead to remote code execution, login credential theft

• Cyber-attacks in the APAC region driven by espionage motives

• Cybersecurity Startup Resonance Secures Funding To Meet Its Ambitious Growth Targets

• Tesla Axes Entire Supercharger Team, Plus Senior Executives

• CISA Adds One Known Exploited Vulnerability to Catalog

• Island Raises $175 Million at $3 Billion Valuation

• Zero-Day Nightmare: Palo Alto, Cisco, and MITRE Under Attack

• LockBit, Black Basta, Play Dominate Ransomware in Q1 2024

• Spoofing Shein for Credential Harvesting

• UnitedHealth CEO tells Senate all systems now have multi-factor authentication after hack

• Beyond visibility, there’s observability

• China’s Attacks On Critical Infrastructure Tip Of Iceberg

• London Drugs Pharmacy Closes All Stores To Respond To Cyber Incident

• Google Boosts Bug Bounty Payouts Tenfold In Mobile App Security Push

• Adobe Adds Content Credentials And Firefly To Bug Bounty Program

• Qantas App Glitch Sees Boarding Passes Fly To Other Accounts

• New “Goldoon” Botnet Targeting D-Link Devices

• New Cuttlefish Malware Infects Routers to Monitor Traffic for Credential Theft

• Cuttlefish Malware Targets Routers, Harvests Cloud Authentication Data

• Adobe Adds Content Credentials and Firefly to Bug Bounty Program

• Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push

• Redefining Education: The AI Revolution in Classrooms Everywhere

• Dutch Threat Experts Issues Warning to Companies Regarding Ransomware Attack

• UnitedHealth CEO Confirms Breach Tied to Stolen Credentials, No MFA

• Qantas app glitch sees boarding passes fly to other accounts

• CISA Unveils Guidelines for AI and Critical Infrastructure

• Venafi Launches 90-Day TLS Certificate Renewal Initiative

• Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds

• Thinking about a Career in Software Security? Follow This Path

• Microsoft, OpenAI Sued By More Newspaper Publishers

• Learn Cybersecurity Skills From Scratch for Just $40

• New Wpeeper Android Malware Hides Behind Hacked WordPress Sites

• DeepKeep Launches AI-Native Security Platform With $10 Million in Seed Funding

• Machine Identity Firm Venafi Readies for the 90-day Certificate Lifecycle

• Belgium’s Aikido lands $17M Series A for its ‘no BS’ security platform aimed at developers

• A closer look at Apiiro’s SHINE partner program

• Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers

• Capture the CISO S2E3: BugProve, Egress, and Zenity

• Identity Verification Payments Challenges in the Age of AI

• Adobe Adds Firefly and AI Watermarking to Bug Bounty Program

• A Vast New Data Set Could Supercharge the AI Hunt for Crypto Money Laundering

• How SaaS-Based Identity Governance Can Help Future-Proof Your Security

• Ransomware Strikes St-Jerome Company: Everest Group Suspected

• HackerOne Survey Reveals Organizations Feel Equipped to Fight AI Threats Despite Security Incidents

• Unpacking the New DHS Guidelines for Securing Critical Infrastructure from AI-related Threats

• Extending SASE Protection Into the Browser

• A Vast New Dataset Could Supercharge the AI Hunt for Crypto Money Laundering

• 1 in 5 US Ransomware Attacks Triggers Lawsuit

• Organizations Need Fully Autonomous Security Powered by Gen-AI

• Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server

• CISO Conversations: Talking Cybersecurity With LinkedIn’s Geoff Belknap and Meta’s Guy Rosen

• Lawsuits and Company Devaluations Await For Breached Firms

• Binance’s Changpeng Zhao Sentenced To Four Months In Prison

• Are VPNs Legal To Use?

• AI Voice Scam

• Intel 471 Acquires Cyborg Security to Expand Its Cyber Threat Intelligence Portfolio with Innovative Threat Hunting Capabilities

• Data Breaches in April 2024 – Infographic

• Protecting Users Against Bugs: Software Providers’ Scalable Attempts

• ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan

• Everyone’s an Expert: How to Empower Your Employees for Cybersecurity Success

• TechRepublic Premium Editorial Calendar: Policies, Checklists, Hiring Kits and Glossaries for Download

• DBIR: Vulnerability Exploits Triple as Initial Access Point for Data Breaches

• Cyber Security Headlines: UnitedHealth Group CEO faces congress, U.S. wireless carriers face majors fine, Marriott backtracks protection claims

• ISC Stormcast For Wednesday, May 1st, 2024 https://isc.sans.edu/podcastdetail/8962, (Wed, May 1st)

• Judge0 Vulnerabilities Could Allow Sandbox Escape

• Wireless carriers fined $200 million after illegally sharing customer location data

• Infosecurity Europe Keynote: Building Strong Teams and Driving Change with F1’s Claire Williams

• Programming Language R Patches Code Execution Security Flaw

• Cyber Security Today, May 1, 2024 – Data may have been stolen in London Drugs cyber attack, Congressional testimony today by UnitedHealth CEO on ransomware attack, and more

• Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks

• Google Guide! How to Detect Browser Data Theft Using Windows Event Logs

• Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

• NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms

• Patched Deserialization Flaw in Siemens Product Allows RCE

• US Government Releases New Resources Against AI Threats

• Millions of Malicious “Imageless” Docker Hub Repositories Drop Malware

• New Latrodectus Malware Attacks Use Microsoft, Cloudflare Themes

• Belarus Secret Service Website Still Down After Hackers Claim the Breach

• Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia

• RSAC 2024 Innovation Sandbox | VulnCheck: A Solution to the Challenge of Vulnerability Prioritization

• Google blocks millions of apps from Playstore for Mobile Security

• Crafting an Airtight Security Posture Against Ransomware Threats

• Attackers Leverage Sidecar Container Injection Technique To Stay Stealthy

• How space exploration benefits life on Earth: Q&A with David Eicher

• Why cloud vulnerabilities need CVEs

• Making cybersecurity more appealing to women, closing the skills gap

• How to Utilize Azure Logs to Identify Threats: Insights From Microsoft

• Verizon DBIR: Vulnerability exploitation in breaches up 180%

• Building a strong cloud security posture

• Cybersecurity jobs available right now: May 1, 2024

• UnitedHealth CEO Says Hackers Lurked in Network for Nine Days Before Ransomware Strike

• Essential steps for zero-trust strategy implementation

• Linux Trojan – Xorddos with Filename eyshcjdmzg, (Mon, Apr 29th)

• Open source programming language R patches gnarly arbitrary code exec flaw

• Infosec products of the month: April 2024

• Navigating the Future: Insights From the M&A Symposium at Kaseya Connect Global

• Open source programming language R patches critical arbitrary code exec flaw

• PGP Encryption: The Email Security Standard

• Cyber-bastard jailed for stealing psychotherapy files, blackmailing patients

• TrustCloud Product Updates: April 2024

• Opening Statement by CISA Director Jen Easterly

• Facebook Faces Scrutiny For Allowing Russian Disinformation To Spread

• Notorious Finnish Hacker sentenced to more than six years in prison

• IT Security News Monthly Summary – May

• IT Security News Daily Summary 2024-04-30

• USENIX Security ’23 – Sherlock on Specs: Building LTE Conformance Tests through Automated Reasoning

• UnitedHealth CEO: ‘Decision to pay ransom was mine’

• FCC Fines Verizon, AT&T and T-Mobile for Sharing User Location Data

• 5 Steps to Make Zero Trust Achievable

• The best travel VPNs of 2024: Expert tested and reviewed

• China Has a Controversial Plan for Brain-Computer Interfaces

• FCC Fines Verizon, AT&T, and T-Mobile for Sharing User Location Data

• How To Set Up a Firewall in 8 Easy Steps + Best Practices

• How To Set Up DMZ on Servers: 7-Step DMZ Configuration

• NSA guy who tried and failed to spy for Russia gets 262 months in the slammer

• Randall Munroe’s XKCD ‘Doppler Effect’

• Unlocking the Prioritization Secrets of Top CISOs

• Brits Ban Default Passwords — and More IoT Stupidity

• Island Secures $175M Investment as Enterprise Browser Startups Defy Tech Giants

• Apptega Raises $15 Million for Cybersecurity Compliance Platform

• Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover

• Docker Hub Users Targeted With Imageless, Malicious Repositories

• Finnish Hacker Gets Prison for Accessing Thousands of Psychotherapy Records and Demanding Ransoms

• Qlik Sense Servers Prone To Cactus Ransomware Threats

• The Dangerous Rise of GPS Attacks

• CISA guidelines to protect critical infrastructure against AI-based threats

• NSA employee who tried and failed to spy for Russia gets 262 months in the slammer

• Announcing the General Availability of Spectra Detect v5.0: Enhancing File Analysis for Advanced Threat Detection

• Introducing the Unified RL Spectra Suite

• Releases Distribution Changes

• Commvault projects Cleanroom Recovery for ransomware thwarting customers

• EDR vs. EPP: What’s the difference?

• Delta Electronics CNCSoft-G2 DOPSoft

• Vulnerability In R Programming Language Could Fuel Supply Chain Attacks

• UK Outlaws Awful Default Passwords On Connected Devices

• Hacker Jailed For Blackmailing Therapy Patients

• Apple’s Incredibly Private Safari Is Not So Private In Europe

• Defending Infrastructure, Securing Systems Key To CISA’s New AI Guidelines

• Sysdig Extends CNAPP Reach to AI Workloads

• Ransomware Rising Despite Takedowns, Says Corvus Report

• Another Day, Another NAS: Attacks against Zyxel NAS326 devices CVE-2023-4473, CVE-2023-4474, (Tue, Apr 30th)

• Redline Malware Using Lua Bytecode to Challenge the SOC/TI Team to Detect

• employee onboarding and offboarding

• How SASE convergence affects organizational silos

• US fines telcos $200M for sharing customer location data without consent

• Guest Blog: Securing K12 Schools with Centripetal and LANRover

• Hacking and Cybersecurity

• FCC Fines Wireless Carriers for Sharing User Locations Without Consent

• YMCA Fined for Data Breach, ICO Raises Concerns About Privacy for People with HIV

• CISA Releases Three Industrial Control Systems Advisories

• Delta Electronics CNCSoft-G2 DOPSoft DPAX

• Microsoft Releases New-Open Source Tool for OT Security

• SSH vs. SSL/TLS: What’s The Difference?

• 3 Ways File Integrity Monitoring Identifies Zero-Day Attacks

• Defense-in-Depth: A Layered Approach for Modern Cybersecurity

• Japanese Authorities Deploy Counterfeit Payment Cards to Alert Victims of Support Scams

• Researchers Discover Coordinated Attacks on Docker Hub to Plant Millions of Malicious Repositories

• KnowBe4 to Acquire Egress

• Malwarebytes Premium Security earns “Product of the Year” from AVLab

• Vulnerability in R Programming Language Could Fuel Supply Chain Attacks

• SafeBase Scores $33M Series B Investment

• Apple ID Shuts Down: Users Panic While Trying to Reset Password

• Banish Browser Clutter: How to Easily Remove Junk Files on Android

• Teachers’ Taxes Fraudulently Filed in Glendale Ransomware Attack

• Adaptive Shield unveils SaaS security for AI

• Analyzing Malware in Binaries and Executables with AI

• AI cybersecurity solutions detect ransomware in under 60 seconds

• Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

• The White House Has a New Master Plan to Stop Worst-Case Scenarios

• Malwarebytes Premium earns “Product of the Year” from AVLab

• Island raises $175 million at $3 billion valuation

• Onyxia launches AI-powered predictive insights to optimize security management

• Millions of Malicious ‘Imageless’ Containers Planted on Docker Hub Over 5 Years

• The internet is now at the mercy of open source vulnerabilities.

• Infinity Global Services’ Cyber Park Introduces “Nemesis” – A Cyber Security Adventure Awaits!

• SafeBase taps AI to automate software security reviews

• Synopsys Introduces Polaris Assist: AI-Powered Application Security Assistant

• Synopsys Polaris Assist automates repetitive, time-consuming tasks for security and development teams

• Millions of Malicious Containers Found on Docker Hub

• Keeper Security Forges Cybersecurity Partnership With Williams Racing

• European Commission starts formal probe of Meta over election misinformation

• Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades

• FCC fines major wireless carriers over illegal location data sharing

• Disinformation: EU Opens Probe Against Facebook and Instagram Ahead of Election

• Why Using Microsoft Copilot Could Amplify Existing Data Quality and Privacy Issues

• LockBit, RAGroup Drive Ransomware Attacks in March

• Guarding Democracy: Assessing Cyber Threats to 2024 Worldwide Elections

• Cisco Talos at RSAC 2024

• Threat Actor Claims Selling of Dell Database with 49M User Records

• How We’re Navigating Parenthood, Careers, and Connection at Cisco

• Computing that’s purpose-built for a more energy-efficient, AI-driven future

• Researchers Unveil Novel Attack Methods Targeting Intel’s Conditional Branch Predictor

• Prompt Fuzzer: Open-Source Tool for Strengthening GenAI Apps

• Cybersixgill Third-Party Intelligence module identifies potential supply chain risks

• Ransom Payments Surge by 500% to an Average of $2m

• Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO

• UK Enacts IoT Cybersecurity Law

• FBI warns online daters to avoid “free” online verification schemes that prove costly

• Google Blocks 2.28M Malicious Apps Entering The Play Store

• WhatsApp in India

• Muddling Meerkat Hackers Manipulate DNS Using China’s Great Firewall

• Considerations for Operational Technology Cybersecurity

• U.S. Government Releases New AI Security Guidelines for Critical Infrastructure

• Cyber Security Headlines: USPS phishing, UK IoT law, industrial USB attacks

• I Really Shouldn’t Have Agreed to Variable Rate Technical Debt

• New Android Malware Mimic As Social Media Apps Steals Sensitive Data

• LightSpy Malware Actively Targeting MacOS Devices

• ESET launches two MDR subscription tiers for SMBs and enterprises

• OpenAI Hit By Austrian Complaint Over ChatGPT ‘False Data’

• Kaiser Permanente Cyber Attack Exposes 13.4 Million Users Data

• Safari Vulnerability Exposes EU iOS Users to Malicious Marketplaces

• FCC Imposes $200 Million in Fines on Four US Carriers

• ThreatX provides always-active API security from development to runtime

• FCC Fines Carriers $200m For Selling User Location Data

• Darkgate Malware Leveraging Autohotkey Following Teams

• DMARC – The Next Step in Email Hygiene and Security

• Defending Against Supply Chain Spoofing in Critical Manufacturing

• Managed Detection and Response in 2023

• CyberQP unveils solutions to help MSPs proactively prevent security incidents

• Austria Conference Calls For Controls On ‘Killer Robots’

• Beating the Barbarians in the Cloud

• EU Designates Apple’s iPad OS As DMA ‘Gatekeeper’

• Google Rejected 2.28 Million Risky Android Apps From Play Store in 2023

• Google Blocks 2.3 Million Apps From Play Store Listing

• Why space exploration is important for Earth and its future: Q&A with David Eicher

• Security Flaws in IRS Systems Pose Risk to Financial Statements, GAO Says

• The Darkgate Menace: Leveraging Autohotkey & Attempt to Evade SmartScreen

• RSAC 2024 Innovation Sandbox | RAD Security: New Solutions for Cloud-Native Anomaly Detection and Response

• MITRE ATT&CK v15: A Deeper Dive into SaaS Identity Compromise

• KapeKa Backdoor: Russian Threat Actor Group’s Recent Attacks

• Taiwanese Chip Giant Exits China Mainland

• Increasing cybersecurity awareness and skills training across India

• NCSC: New UK law bans default passwords on smart devices

• Apple’s ‘incredibly private’ Safari is not so private in Europe

• Meet the New Exclusive AI Malware Analyst: Gemini 1.5 Pro

• New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024

• An Empty S3 Bucket Can Make Your AWS Bills Explode

• The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data

• Tesla wins data security concerns in China

• Tracecat: Open-source SOAR

• Triangulation fraud: The costly scam hitting online retailers

• Why the automotive sector is a target for email-based cyber attacks

• Security analysts believe more than half of tasks could be automated

• Passwords under seven characters can be easily cracked

• MovieBoxPro – 6,009,014 breached accounts

• eBook: Do you have what it takes to lead in cybersecurity?

• ISC Stormcast For Tuesday, April 30th, 2024 https://isc.sans.edu/podcastdetail/8960, (Tue, Apr 30th)

• Tech CEOs Altman, Nadella, Pichai and Others Join Government AI Safety Board Led by DHS’ Mayorkas

• External Penetration Testing: Cost, Tools, Steps, & Checklist

• AT&T, Verizon, Sprint, T-Mobile US fined $200M for selling off people’s location info

• Wireless Network Security: WEP, WPA, WPA2 & WPA3 Explained

• Google blocked 2.3M apps from Play Store last year for breaking the G law

• Fake AI-Generated Images Are Running Wild On Facebook

• IT Security News Daily Summary 2024-04-29

• FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data

• Vulnerability Recap 4/29/24 – Cisco, Microsoft, Palo Alto & More

• Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023

• Congress Should Just Say No to NO FAKES

• USPS Phishing Scams Generate Almost as Much Traffic as the Real Site

• What Is Integrated Risk Management? Definition & Implementation

• Rubrik Sets Cyber Resiliency Course Following IPO

• Google Meet Now Offers Client-Side Encryption For All Calls

• During National Small Business Week, Take Steps to Secure Your Business

• London Drugs closes all of its pharmacies following ‘cybersecurity incident’

• Vulnerability Summary for the Week of April 22, 2024

• Ford’s hands-free driver system is under investigation after fatal crashes – what to know

• Stop Managing Identities, Segment them Instead

• How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat

• CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure

• Thoma Bravo to Buy Cybersecurity Firm Darktrace for $5.3 Billion

• Orca Security Allies with ModePUSH for Cloud Incident Response

• Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023

• Tesla Shares Surge On China Advanced Self-Driving Push

• Google Says it Blocked 2.28 Million Apps from Google Play Store

• digital identity

• How Compliance Can Launch Your Risk Program with Vanta

• What is MFA bombing? Apple users were targeted using this phishing technique

• UK to Take Steps in Helping Protect Consumers Against Cyber Threats from Smart Devices

• South Korean iPhone Ban: MDM DMZ PDQ

• Why Shouldn’t You Upload Files So Readily On Your Browser?

• From IcedID to Dagon Locker Ransomware in 29 Days

• Cyber Attack forces London Drugs to close temporarily

• UK Law Aims To Boost Security For ‘Smart’ Devices

• Study Reveals Alarming Levels of USPS Phishing Traffic

• Kaiser Permanente Data Breach Impacts 13.4 Million Patients

• Should Cybersecurity Leadership Finally be Professionalized?

• Managing Generative AI Risk and Meeting M-24-10 Mandates on Monitoring & Evaluation

• USENIX Security ’23 – Instructions Unclear: Undefined Behaviour in Cellular Network Specifications

• Cactus Ransomware Exposes Thousands of Vulnerable Qlik Sense Servers

• Researchers Successfully Sinkhole PlugX Malware Server, Recording 2.5 Million Unique IPs

• SpaceX Data Breach: Hunters International Publishes Alleged Stolen Data

• Judge0 Sandbox Vulnerabilities Expose Systems to Takeover Risk

• $197 Bounty Awarded for Unauthenticated Arbitrary Post Deletion Vulnerability Patched in LeadConnector WordPress Plugin

• UK PSTI Act – New Law To Protect Smart Devices

• Ten Years Of Heartbleed: Lessons Learned

• Meta To Face EU Probe For Not Doing Enough To Stop Russian Disinformation

• Watchdog Reveals Google Privacy Sandbox Worries

• Okta Warns Of Credential Stuffing Attacks Using Tor, Residential Proxies

• OpenAI’s ChatGPT Targeted In Austrian Privacy Complaint

• 91% of ransomware victims paid at least one ransom in the past year, survey finds

• D-Link NAS Device Backdoor Abused, (Mon, Apr 29th)

• Grafana Tool Vulnerability Let Attackers Inject SQL Queries

• CISA and FEMA IPAWS in Partnership with FCC Host Second National Meeting of Alerting Officials

• DDoS Attacks Continue, Post-Election, Against Russian Independent Media Site Meduza

• Honeywell: USB Malware Attacks on Industrial Orgs Becoming More Sophisticated

• Beyond the Buzz: Rethinking Alcohol as a Cybersecurity Bonding Ritual

• Everything you need to know about network penetration testing [+checklist to follow]

• 5 Attack Trends Your Company Should Be Aware Of

• UK enacts IoT cybersecurity law

• China-Linked ‘Muddling Meerkat’ Hijacks DNS to Map Internet on Global Scale

• Financial Business and Consumer Solutions (FBCS) data breach impacted 2M individuals

• More Than 800 Vulnerabilities Resolved Through CISA Ransomware Notification Pilot

• Hackers Tool 29 Days from Initial Hack to Sabotage Ransomware Attack

• Celebrating 5 Years of Excellence with Check Point’s Hacking Point Program

• France willing to buy key Atos assets to keep them French

• Comply-to-Connect and Cisco ISE: Revolutionizing the Department of Defense

• British Intelligence Moves to Protect Research Universities From Espionage

• Voter Registration System Taken Offline in Coffee County Cyber-Incident

• Report: 73% of SME Security Professionals Missed or Ignored Critical Alerts

• Modern Phishing Attacks: Insights from the Egress Phishing Threat Trends Report

• James Nutland studies what makes threat actors tick, growing our understanding of the current APT landscape

• UK lays down fresh legislation banning crummy default device passwords

• Silobreaker empowers users with timely insight into key cybersecurity incident filings

• Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM

• OpenAI’s ChatGPT is Breaking GDPR, Says Noyb

• Whale Song Code

• DHS Announces AI Safety Board with OpenAI Founder, CEOs of Microsoft, Nvidia, IBM

• Collection Agency FBCS Says Data Breach Exposed Nearly 2 million People

• Okta Warns of Credential Stuffing Attacks Using Tor, Residential Proxies

• OfflRouter Malware Ukraine: Govt Network Breach Since 2015

• Compounded Crisis: Change Healthcare’s Breach Escalates with New Threats

• Multiple PHP 7.4 Vulnerabilities Addressed in Debian 11

• Cyber Security Today, April 29, 2024 – Credential stuffing attacks are hitting firms using Okta ID management solutions, and more

• Ensuring Robust Security in Multi-Cloud Environments: Best Practices and Strategies

• UK says NO to ransom passwords such as admin, 123456 and qwerty

• Kaiser health insurance leaked patient data to advertisers

• 10 Database Security Best Practices You Should Know

• Machines vs Minds: The Power of Human Ingenuity Against Cyber Threats

• Know-Your-Customer Executive Order Facing Stiff Opposition From Cloud Industry

• Researchers unveil novel attack methods targeting Intel’s conditional branch predictor

• Okta warns customers about credential stuffing onslaught

• Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover

• Cyber Security Headlines: Kaiser Permanente breach, DSH Safety Board, Okta stuffing attack

• Email Provider Complains To EU Over Reduced Google Rankings

• Intel Shares Sink As AI Surge Hits Chip Revenue

• Snap Sees Surge In Users, Ad Revenues

• Google Asks US Court To Dismiss Federal Adtech Case

• Alphabet Value Surges Over $2tn On Dividend Plan

• Fake Chrome Updates Hide Android Brokewell Malware Targeting Your Bank

• Cyber-Partisans hacktivists claim to have breached Belarus KGB

• Watchdog reveals lingering Google Privacy Sandbox worries

• North Korean Hackers Exploit LinkedIn in Targeted Attacks

• Agent Tesla and Taskun Malware Targeting US Education and Govt Entities

• Most People Still Rely on Memory or Pen and Paper for Password Management

• Okta Warns of Unprecedented Scale in Credential Stuffing Attacks on Online Services

• DHS establishes AI Safety and Security Board to protect critical infrastructure

• New UK Smart Device Security Law Comes into Force

• Cyber Security Today, April 29, 2024 – Credential stuffing attacks are hitting firms using Okta ID management solutions, and more

• Chinese Botnet As-A-Service Bypasses Cloudflare & Other DDoS Protection Services

• PoC Exploit Released For Windows Kernel EoP Vulnerability

• Palo Alto Updates Remediation for Max-Critical Firewall Bug

• Japanese police create fake support scam payment cards to warn victims

• New UK Smart Device Security Law Comes into Force Today

• KageNoHitobito Ransomware Attacking Windows Users Around the Globe

• The Los Angeles County Department of Health Services disclosed a data breach

• Analysis of Native Process CLR Hosting Used by AgentTesla

• US Post Office Phishing Sites Get as Much Traffic as the Real One

• Okta Warns Customers of Credential Stuffing Barrage

• 1,200+ Vulnerabilities Detected In Microsoft Products In 2023

• A week in security (April 22 – April 28)

• US Regulator Probes Effectiveness Of Tesla Autopilot Recall

• Multiple Brocade SANnav SAN Management SW flaws allow device compromise

• Android Malware Brokewell With Complete Device Takeover Capabilities

• Okta Warns of Credential Stuffing Attacks Using Proxy Services

• Exploring the Key Sections of a SOC 2 Report (In Under 4 Minutes)

• Fileless .NET Based Code Injection Attack Delivers AgentTesla Malware

• RSAC 2024 Innovation Sandbox | Mitiga: A New Generation of Cloud and SaaS Incident Response Solutions

• Prompt Fuzzer: Open-source tool for strengthening GenAI apps

• How insider threats can cause serious security breaches

• AI is creating a new generation of cyberattacks

• Closing the cybersecurity skills gap with upskilling programs

• Anticipating and addressing cybersecurity challenges

• Discord dismantles Spy.pet site that snooped on millions of users

• The next step up for high-impact identity authorization

• ISC Stormcast For Monday, April 29th, 2024 https://isc.sans.edu/podcastdetail/8958, (Mon, Apr 29th)

• IT Security News Weekly Summary – Week 17

• IT Security News Daily Summary 2024-04-28

• ICICI Bank exposed credit card data of 17000 customers

• USENIX Security ’23 – SandDriller: A Fully-Automated Approach for Testing Language-Based JavaScript Sandboxes

• Hackers Claim to Have Infiltrated Belarus’ Main Security Service

• Deceptive npm Packages Employed to Deceive Software Developers into Malware Installation

• The Tech Landscape: Rubrik, TikTok, and Early-Stage Startups

• Okta warns of unprecedented scale in credential stuffing attacks on online services

• How to Erase The Personal Details Google Knows About You

• What Would a TikTok Ban Mean?

• Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

• 9 Best Password Managers (2024): Features, Pricing, and Tips

• Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

• RSAC 2024 Innovation Sandbox | Antimatter: A Comprehensive Data Security Management Tool

• Good Security Is About Iteration, Not Perfection.

• TCS CEO Predicts AI Revolution to Decimate India’s Call Center Industry in Just One Year

• Safeguarding Your Digital Future: Navigating Cybersecurity Challenges

• Targeted operation against Ukraine exploited 7-year-old MS Office bug

• Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 2024

• Cybercriminals Exploit Web Hosting Platforms to Spread Malware

Generated on 2024-05-05 23:58:24.659844