IT Security News Daily Summary 2023-10-21

• How Can DevSecOps Improve Agility and Security in Manufacturing Operations?

• Commander – A Command And Control (C2) Server

• SecuSphere – Efficient DevSecOps

• The Evolution of Security: From Signatures to Deep Learning

• WhatsApp’s New Twinning Feature: Manage Two Accounts on a Single Device

• Group Behind Ragnar Locker Ransomware Debunked

• A threat actor is selling access to Facebook and Instagram’s Police Portal

• Will Artificial Intelligence Take Over the World?

• AI Chatbots Have Extensive Knowledge About You, Whether You Like It or Not

• Proxyjacking Threat: Exploited SSH Servers for Sale on the Dark Web

• NIS2: Perform a risk assessment

• Threat actors breached Okta support system and stole customers’ data

• DEF CON 31 – Corynne McSherry’s, India McKinney’s, Daly Barnett’s, Kate Bertash’s ‘Reproductive Justice In The Age of Digital Surveillance’

• HBSQLI: Automated Tester For Header Based Blind SQL Injection

• Ragnar Locker ransomware group taken down

• Spearphishing targets in Latin America – Week in security with Tony Anscombe

• Europol Dismantles Ragnar Locker Ransomware Infrastructure, Nabs Key Developer

• ISO Certification is the Key to Better Cybersecurity for Business

• Vietnamese DarkGate Malware Targets META Accounts in the UK, USA, India

• The 23andMe User Data Leak May Be Far Worse Than Believed

• From Chaos to Control: The Crucial Role of Cyber Incident Response for SMBs

• LockBit 3.0 Ransomware Victim: uaes[.]com

• LockBit 3.0 Ransomware Victim: charleystaxi[.]com

• LockBit 3.0 Ransomware Victim: degrootgroep[.]nl

• The Dangerous Mystery of Hamas’ Missing ‘Suicide Drones’

• US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide

• bbp style pack Plugin for WordPress cross-site scripting | CVE-2023-44984

• Seriously Simple Stats Plugin for WordPress cross-site scripting | CVE-2023-45005

• Social Media Share Buttons and Social Sharing Icons plugin for WordPress cross-site request forgery | CVE-2023-5602

• Woo Custom Emails Plugin for WordPress cross-site scripting | CVE-2023-45004

• Theme Switcha plugin for WordPress cross-site scripting | CVE-2023-5614

• Okta’s Support System Breach Exposes Customer Data to Unidentified Threat Actors

• Build or Buy your own antivirus product

• Daily Vulnerability Trends: Sat Oct 21 2023

• Behind the Breach: Cross-tenant Impersonation in Okta

• Critical RCE flaws found in SolarWinds access audit solution

• Okta says its support system was breached using stolen credentials

• Cisco discloses new IOS XE zero-day exploited to deploy malware implant

• Kwik Trip finally confirms cyberattack was behind ongoing outage

• Fake Corsair job offers on LinkedIn push DarkGate malware

• Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices

• Navigating the Maze: Cybersecurity Compliance and Regulations

• Sphero – 832,255 breached accounts

• How to Stay Anonymous on the Internet in 12 Secure Steps

• 9 Innovative Ways to Boost Security Hygiene for Cyber Awareness Month

• Play Ransomware Victim: Tru-val Electric

• Play Ransomware Victim: Kobi Karp Architecture and Interior Design

• Play Ransomware Victim: Bridgeport Fittings

• Play Ransomware Victim: Williamson Foodservice

• Play Ransomware Victim: Epaccsys

• Internet Access Shouldn’t Be a Bargaining Chip In Geopolitical Battles

• Alleged developer of the Ragnar Locker ransomware was arrested

• CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

• Ragnar Locker Ransomware Gang Dismantled, Key Suspect Arrested, Site Seized

• More Okta Customers Hacked

• This Is What Happens When You Lay Off Your Red Team

• MapleSEC: Keeping track of your information

• IT Security News Daily Summary 2023-10-20

• Five Eyes Coalition Release Guidelines for Business Leaders on Securing Intellectual Property

• From Snooze to Enthuse: Security Awareness Training That Sticks

• Okta says hackers stole customer access tokens from support unit

• CloudBees readies cloud-native devsecops platform

• Cisco Finds New Zero Day Bug, Pledges Patches in Days

• Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover

• Admin behind E-Root stolen creds souk extradited to US

• On Detection: Tactical to Functional

• EU Authorities Deal Blow to RagnarLocker Ransomware Operations

• Palo Alto Networks Extends Scope of CNAPP Reach

• Cyber Security Today, Week in Review for the week ending Friday, October 20, 2023

• What Is Hybrid Cloud Security? How it Works & Best Practices

• DoD Gets Closer to Nominating Cyber Policy Chief

• CISA Announces Effort to Revise the National Cyber Incident Response Plan

• Strengthening the weakest link: top 3 security awareness topics for your employees

• NordVPN vs. ExpressVPN: Which VPN Is Best for 2023?

• Hackers Stole Access Tokens from Okta’s Support Unit

• SIM Card Ownership Slashed in Burkina Faso

• Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors

• CISA Releases Fact Sheet on Effort to Revise the National Cyber Incident Response Plan (NCIRP)

• Unlocking Success in the Digital Landscape: Deloitte and Cisco

• Let’s Embrace Death in the Software Development Lifecycle

• New Windows Infostealer ‘ExelaStealer’ Being Sold on Dark Web

• Learning Partner Strategies Can Add Movement and Balance on Your Journey

• Daniel Stori’s ‘Cloud Autoscaling Revealed

• Here’s Why Passkeys is a Good Option to Safeguard Your Data

• Suspected developer of Ragnar Locker ransomware arrested in Paris

• Authorities confirm RagnarLocker ransomware taken down during international sting

• VMware Aria Operations for Logs CVE-2023-34051 Technical Deep Dive and IOCs

• Bloodhound Enterprise: securing Active Directory using graph theory

• Develop High-Demand Cybersecurity Skills for Just $60 Through 10/23

• International Criminal Court says cyberattack was attempted espionage

• What to Do If You’re Concerned About the 23andMe Breach

• PDF Security – How To Keep Sensitive Data Secure in a PDF File

• A quarter of American populace have had their health data compromised

• Getting your organisation post-quantum ready

• Chinese Scammers Use Fake Loan Apps for Money Laundering

• Maximizing the Value of Your Technology Investments

• Frontier AI Taskforce harnesses industry leaders to research development risks

• KeePass Malicious Ads: Google Goof Permits Punycode Attacks Again

• SpyNote Android Trojan Emerges As Recent Spyware Threat For Android

• 4 Simple Online Research Strategies

• Safeguarding Education: Marple Newtown School District Partners with Check Point to Protect Students and Employees

• Iranian Hackers Lurked For 8 Months In Government Network

• Casio Keyed Up After Data Loss Hits Customers In 149 Countries

• Hackers Target U.S. Facebook Biz Accounts With Potent Malware

• Biden Administration Seeks $105 Billion In National Security Package That Includes Aid To Ukraine And Israel

• The hot topics from Europe’s largest trade fair for IT security

• IT administrators’ passwords are awful too

• Survey Sees Zero-Trust Transition Gaining Momentum

• U.S. Seizes Money, Domains Involved In North Korea IT Worker Scam

• Expanding audit logging and retention within Microsoft Purview for increased security visibility

• Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability

• Microsoft Security Copilot Early Access Program: Harnessing generative AI to empower security teams

• ABS Consulting and Dragos Expand Strategic Partnership to Strengthen OT Defences

• MapleSEC: How the Canadian government’s Cyber Centre helps infosec pros

• Beyond passwords: 4 key security steps you’re probably forgetting

• Change From Within: 3 Cybersecurity Transformation Traps for CISOs to Avoid

• Vietnamese Hackers Target U.K., U.S., and India with DarkGate Malware

• Malvertisers Using Google Ads to Target Users Searching for Popular Software

• AI Chatbots’ Growing Concern in Bioweapon Strategy

• Google CEO Emphasizes the Critical Importance of Ethical AI Implementation

• UK Notifies Nuclear Power Plant Operator About Cybersecurity Weakness

• D-Link Confirms Data Breach, After Employees Suffer Phishing Attack

• OpenSSL Adds Support for Raw Public Key (RFC7250)

• soft token

• Thousands of Cisco IOS XE Devices Compromised Due to Zero-Day Vulnerability

• How Digital Forensics Can Investigate the Dark Web

• NetSPI boosts phishing resilience with enhanced social engineering penetration testing

• Six Must-Focus Cybersecurity Areas in Network Sprawl

• VMware Workstation 17.5 Player fixes a security issue

• An opportunity and a responsibility

• Akira Ransomware Victim: Southland Integrated
  Services

• Akira Ransomware Victim: Visionary Integratio
  n Professionals

• Akira Ransomware Victim: Protector Fire Servi
  ces

• Akira Ransomware Victim: Inventum Øst

• Akira Ransomware Victim: QuadraNet Enterprise
  s

• How to Make Your Threat-Hunting Program More Effective

• Cyber Security Today, Oct. 20, 2023 – Free anti-phishing guidance, ransomware gang sunk for not patching Confluence servers

• CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

• ABS Consulting and Dragos boost OT cybersecurity partnership for federal and commercial sectors

• Unleashing the Power of the Internet of Things and Cyber Security

• ENISA Warns of Rising AI Manipulation Ahead of Upcoming European Elections

• FCC Votes To Start Reinstating Net Neutrality Rules

• LockBit 3.0 Ransomware Victim: nirolaw[.]com

• Silicon UK Pulse: Your Tech News Update: Episode 23

• Elon Musk Says X To Have Two New Premium Tiers

• Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198

• Best Patch Management Software & Tools 2023

• North Korean hackers are targeting software developers and impersonating IT workers

• Researchers uncover DarkGate malware’s Vietnamese connection

• Ghost Accounts, Entitlement Creep and Unwanted Guests

• ExelaStealer: A New Low-Cost Cybercrime Weapon Emerges

• UK Cites Nuclear Plant Operator Over Cybersecurity Strategy

• Sphero – 832,255 breached accounts

• Funnelforms Free Plugin for WordPress cross-site scripting | CVE-2023-4950

• Discourse denial of service | CVE-2023-44388

• Engelsystem weak security | CVE-2023-45659

• Nextcloud Server and Enterprise Server information disclosure | CVE-2023-45151

• Fiber cross-site request forgery | CVE-2023-45128

• DarkGate Malware Campaigns Linked to Vietnam-Based Cybercriminals

• U.S. DoJ Cracks Down on North Korean IT Scammers Defrauding Global Businesses

• Explorations in the spam folder: A sum greater than the parts

• Knight Ransomware Victim: Benefit Management

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows?

• Netflix password sharing crackdown yields excellent results

• The Unyielding Importance of Cybersecurity in Times of Recession

• New infosec products of the week: October 20, 2023

• BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks

• India targets Microsoft, Amazon tech support scammers in nationwide crackdown

• Casio discloses data breach impacting customers in 149 countries

• Iranian hackers lurked in Middle Eastern govt network for 8 months

• Ragnar Locker ransomware’s dark web extortion sites seized by police

• Legacy authentication leads to growing consumer frustration

• The double-edged sword of heightened regulation for financial services

• GenAI investments surge, anticipated to hit $143 billion by 2027

• The real impact of the cybersecurity poverty line on small organizations

• CISA Adds Two Known Exploited Vulnerabilities to Catalog

• Hook, Line, and Sinker: How to Spot and Avoid Phishing Attacks

• How to Defend Against a DDoS Attack: 2023 Guide to Outsmart Cybercriminals

Generated on 2023-10-21 23:55:38.655882