IT Security News Daily Summary 2023-09-08

• JWT Token Revocation: Centralized Control vs. Distributed Kafka Handling

• Microsoft reveals how hackers stole its email signing key… kind of

• Cyber Security Today, Week in Review for Friday, September 8, 2023

• Dell and CTO Roese dive into AI, edge, security at MTCC event

• North Korea-linked threat actors target cybersecurity experts with a zero-day

• Identity and Access Management Best Practices

• What Is API Security? Definition, Fundamentals, & Tips

• California’s Middle Mile Network Must Bridge the Digital Divide, Not Reinforce It

• Australian Data Breach Costs are Rising — What Can IT Leaders Do?

• 16 top ERM software vendors to consider in 2023

• Risk prediction models: How they work and their benefits

• Critical Security Bug Opens Cisco BroadWorks to Complete Takeover

• New Flaw In Apple Devices Led To Spyware Infection, Researchers Say

• Cisco: Booming identity market driven by leadership awareness

• ‘Evil Telegram’ Spyware Campaign Infects 60K+ Mobile Users

• Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

• Axon’s Ethics Board Resigned Over Taser-Armed Drones. Then the Company Bought a Military Drone Maker

• Top US Spies Meet With Privacy Experts Over Surveillance ‘Crown Jewel’

• Apple Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

• U.K. and U.S. Sanction 11 Russia-based Trickbot Cybercrime Gang Members

• China Unleashes AI-Powered Image Generation For Influence Operations

• Polish Senate says use of government spyware is illegal in the country

• 6 stages of the ransomware lifecycle

• Trickbot, Conti Sanctions Affect Top Cybercrime Brass

• Kenya Initiates Public Sector Digital Skills Training, No Mention of Cybersecurity

• Biometrics in law enforcement

• The SEC demands more transparency about Cybersecurity incidents in public companies

• Cyber-criminals Exploit GPUs in Graphic Design Software

• UK Military Data Breach via Outdated Windows 7 System

• Dallas Ransomware Attack: Hackers Steal 800K City Files

• Tesla data breach lawsuit and Johnson and Johnson data breach details

• Google TAG Exposes North Korean Campaign Targeting Researchers

• How to Protect Your Personal Financial Information from Data Brokers

• UK’s Nuclear Submarine Base Faces Unprecedented Threats: Russia Implicated in Shocking Incidents

• Apple And ARM Sign Long-Term Chip Deal

• Cisco BroadWorks Is Affected by a Critical-Severity Vulnerability

• In Other News: LastPass Vault Hacking, Russia Targets Ukraine Energy Facility, NXP Breach

• New Phishing Campaign Launched via Google Looker Studio

• Cisco ASA Zero-Day Exploited in Akira Ransomware Attacks

• Emerging threats: Adapting cyber defense to the changing landscape

• PallyCon DRM License Cipher protects users against software-level DRM vulnerabilities

• Warning: RocketMQ Vulnerability Actively Exploited by Threat Actors

• Automakers can Exploit Your Private Data However They Want

• Russian Man Handed Nine-Year Sentence for Hacking Scheme

• 3 Strategies to Defend Against Resurging Infostealers

• Polish senate says use of government spyware is illegal in the country

• Outsourcing Translation Services in the Digital Age: Leveraging Technology

• Safe delivery

• Cybersecurity Mergers Flatline – Here’s Why That Won’t Last

• Getting to Know: Grant Asplund

• From AI-driven Defense to Dark Web Threat Intelligence

• Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

• Cyber Security Today, Friday Sept. 8, 2023 – Are boards and CISOs communicating, the latest ransomware data and more

• Emsisoft Tells Users to Update Products, Reboot Systems Due to Certificate Mishap

• Mastering Anything Through Technology: The Role of Videos & Blogs in Skill Acquisition

• Tech-Driven Fitness: How Modern Technology is Revolutionizing Workouts

• Tech Unveiled: Surprising Innovations You Probably Didn’t Know About (2023)

• Apple races to patch the latest zero-day iPhone exploit

• Citizen Lab Identifies NSO Spyware On Apple Devices

• LLMs and Tool Use

• Keeper Introduces Major Password Manager Update for iOS

• Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269)

• Tech Talk: How Digital Tools Enhance Word Exploration and Comprehension

• Surfing the Blogosphere: Unleash the Power of the Internet for Fresh Insights

• Bridewell announces CHECK penetration testing accreditation from NCSC

• Strider Technologies Names Royal Navy and UK Ministry of Defence Veteran, Admiral Sir Tim Fraser, as an Advisor

• Alphabet Tentatively Settles US Google Play Store Antitrust Probe – Report

• Hackers Steal NTLMv2 Hashes using Custom Powershell Scripts

• North Korean Hackers Actively Attacking Security Researchers

• Tripwire Patch Priority Index for August 2023

• US Aeronautical Organization Hacked via Zoho, Fortinet Vulnerabilities

• US, UK Sanction More Members of Trickbot Russian Cybercrime Group

• Grow Revenue, Cross Sell, and Reduce Churn with Sentinel Pulse

• Evil Telegram doppelganger attacks Chinese users

• Tech-Enhanced Exploration: Navigating the Netherlands with Apps and More

• CISA Adds Critical RocketMQ Bug to Must-Patch List

• Regulator to Investigate Fertility App Security Concerns

• North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers

• Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061)

• North Korean hackers target security researchers with zero-day exploit

• Dymocks – 836,120 breached accounts

• CISA Adds Critical RocketMQ Bug to Must-Patch List

• Dymocks – 836,120 breached accounts

• Apple Patches Two Zero-Days Exploited in Pegasus Attacks

• Apple Discloses 2 Zero-Day Flaws Exploited to Hack iPhones & Mac

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows?

• Silicon UK Pulse: Your Tech News Update: Episode 17

• SSO Implementation Flaw In Cisco Broadworks Let Attackers Forge Credentials

• Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware

• Concerns Over Cyber Attacks Growing Among UK Schools

• How to Achieve Maximum Security in Virtualized Data Centers

• Global Ticketing Giant Hacked: Attackers Accessed Customers’ Payment Data

• Multiple ArubaOS vulnerabilities Let Attackers Execute Arbitrary Code

• Microsoft, recently busted by Beijing, thinks it’s across China’s ever-changing cyber-offensive

• CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities

• Internal discussions of a large ransomware-as-a-service Group Exposed

• New infosec products of the week: September 8, 2023

• September 2023 Patch Tuesday forecast: Important Federal government news

• Introduction To Cybersecurity

• Okta: Cyber Attackers Target IT Help Desks to Compromise Super Admin and Disable MFA

• New quantum random number generator could revolutionize encryption

• Unimplemented controls could derail your ESG compliance efforts

• 75% of education sector attacks linked to compromised accounts

• Best practices for implementing a proper backup strategy

• Navigating economic uncertainty with managed security services

• Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

• Software Supply Chain Strategies to Parry Dependency Confusion Attacks

• Temu is collecting user data including text messages and bank info, claims Grizzly Research

• Russian infosec boss gets nine years for $100M insider-trading caper using stolen data

• Temu is collecting user data including text messages and bank info, claims Grizzly Research

• A history of ransomware: How did it get this far?

• FreeWorld ransomware attacks MSSQL—get your databases off the internet

• How Microsoft’s highly secure environment was breached

• Cybersecurity Mergers Flatline. Here’s Why That Won’t Last.

• Musk stiffed Twitter vendors and dared them to sue—dozens did just that

• North Korea-backed hackers target security researchers with 0-day

• The Double-Edged Sword of AI – How Artificial Intelligence is Shaping the Future of Privacy and Personal Identity

• US, UK sanction more Russians linked to Trickbot

• Microsoft ID Security Gaps That Let Threat Actor Steal Signing Key

• EFF Award Winner: Alexandra Asanova Elbakyan

• Weekly Vulnerability Recap – September 4, 2023 – Attackers Hit Network Devices and More

• Apple Hit By 2 No-Click Zero-Days in Blastpass Exploit Chain

• North Korean Hackers Target Security Researchers — Again

• Cloud storage security: What’s new in the threat matrix

• IT Security News Daily Summary 2023-09-07

• Rwanda Launches Smart-City Investment Program

• Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs

• Investing in Cybersecurity’s Future: A Conversation with Richard Seewald of Evolution Equity Partners

• Update NOW! Pegasus Spyware Exploit Found in iPhones Running Latest iOS

• Apple fixes zero-day bugs used to plant Pegasus spyware

• Best Practices To Secure Data Transmission

• Rigged Software and Zero-Days: North Korean APT Caught Hacking Security Researchers

• Apple Patches Actively Exploited iOS, macOS Zero-Days

• Rwanda Launches Smart City Investment Program

• Visa’s report makes a case for outsmarting payment fraud with AI now

• Patch ‘Em or Weep: Study Reveals Most Vulnerable IoT, Connected Assets

• NFL Security Chief: Generative AI Threats a Concern as New Season Kicks Off

• US and UK Mount Aggressive Crackdown on Trickbot and Conti Ransomware Gangs

• Weaponized Windows Installers Target Graphic Designers in Crypto Heist

• FBI Duck Hunt Operation Against Qakbot Resurgence

• Microsoft: How Chinese Hackers Stole Signing Key to Breach Outlook Accounts

• Implementing Zero-Trust in Enterprise Environments

• Wealthy Russian With Kremlin Ties Gets 9 Years in Prison for Hacking and Insider Trading Scheme

• A malvertising campaign is delivering a new version of the macOS Atomic Stealer

• Mozilla Names And Shames Privacy Compromising Cars

• How New SEC Rules Can Benefit Cybersecurity Teams

• The perils of the platforms of paranoia

• Perception Point combats QR code phishing threats using image recognition

• OPSWAT and BlackBerry join forces to strengthen cybersecurity for organizations

• Cloudflare One Data Protection Suite secures developer and AI environments

• Threat Actors Exploits SQL Servers to Deploy FreeWorld Ransomware

• Lawsuit claims Tesla corp data security is far less advanced than its cars

• API Vulnerabilities: 74% of Organizations Report Multiple Breaches

• The International Criminal Court Will Now Prosecute Cyberwar Crimes

• Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware

• Publisher’s Spotlight: Fortra: Best-in-Class Cybersecurity Portfolio

• The cat and mouse game: Staying ahead of evolving cybersecurity threats

• Is Cybersecurity as a Service (CSaaS) the answer: Move faster | Do more

• Mobile threat defense or bust

• US Government To Investigate Hauwei Breakthrough Phone

• Thousands of dollars stolen from Texas ATMs using Raspberry Pi

• The Team8 Foundry Method for Selecting Investable Startups

• How Storm-0558 hackers stole an MSA key from Microsoft

• DGA Behavior Shifts Raise Cybersecurity Concerns

• Traderie, a marketplace for in-game items, alerts users to data breach

• Golfing Community Shaken as Calloway Data Breach Hits One Million Fans

• Hackers gain access to Microsoft Cryptographic Key to spy on US Govt Departments

• Zero-Day Flaw Exposes Atlas VPN User IPs

• Building a Cyber Resilient Business: The Protection Layer

• KnowBe4 Opens New Office to Bolster UK’s Northern Powerhouse

• Druva unveils new security and cyber resilience capabilities for MSPs

• Sprinklr integrates with Google Cloud for unified customer experience management

• The Future of Health and Medicine: The Impact of Generative AI

• Google Faces UK Lawsuit Claim It Contributes To Cost Of Living Crisis

• How Easy is Email Encryption? You’d Be Surprised.

• Webinar Today: Scaling Software Supply Chain Security

• ‘Atomic macOS Stealer’ Malware Delivered via Malvertising Campaign

• CISA Releases Guidance on Adopting DDoS Mitigations

• See Tickets Alerts 300,000 Customers After Another Web Skimmer Attack

• UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware

• Peril vs. Promise: Companies, Developers Worry Over Generative AI Risk

• Chinese social media campaigns are successfully impersonating U.S. voters, Microsoft warns

• United Airlines Claims to Have Patched the Technical Glitch That Briefly Held Up Its Flights

• distributed ledger technology (DLT)

• US, UK authorities sanction more alleged Trickbot gang members

• Two flaws in Apache SuperSet allow to remotely hack servers

• Atlas VPN Zero-Day Vulnerability Exposes Linux Users’ IP Addresses

• Electoral Commission’s Cybersecurity Lapses Exposed Amidst Major Hack

• Cyber: Dealing with a Data Breach

• Does Generative AI Comply With Asimov’s 3 Laws of Robotics?

• China Bans iPhones From More Government Offices

• How China Gets Free Intel On Tech Companies’ Vulnerabilities

• Crash Dump Error: How A Chinese Espionage Group Exploited Microsoft’s Mistakes

• Cisco Patches Critical Vulnerability In BroadWorks Platform

• AI Abuse Grows Beyond Phishing To Multistage Cyberattacks

• AUCloud selects SentinelOne for government and business security

• Accenture and Workday help companies reinvent their finance functions

• How Chinese hackers got their hands on Microsoft’s token signing key

• Microsoft offers an explanation for the hack of its cloud

• IBM Notifies Janssen CarePath Customers of Data Breach

• Why consumer drones represent a special cybersecurity risk

• Phishing via Google Looker Studio

• Cisco Patches Critical Vulnerability in BroadWorks Platform

• ActiveFence snaps up Spectrum Labs, last valued at $137M, to help fight the harmful content creep

• Tenable to Acquire Cloud Security Firm Ermetic for $240 Million

• IBM Reports Patient Data Breach at Johnson & Johnson Subsidiary

• More than half of UK organisations know they aren’t well protected against cyber threats

• Payment diversion fraud poses significant threat to businesses

• Pynt introduces API security platform and raises $6 million

• MacOS malware has a new trick up its sleeve

• Tenable to acquire Ermetic for $240 million in cash and $25 million in restricted stock and RSUs

• Minneapolis School District Reveals Full Extent of Data Breach

• AI In Cybersecurity – Risks and Rewards

• Electoral Commission Fails Cyber-Security Test Amidst Major Data Breach

• ProtonMail Code Vulnerabilities Leaked Emails

• Facebook Trains Its AI on Your Data. Opting Out May Be Futile

• The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2024

• If you like to play along with the illusion of privacy, smart devices are a dumb idea

• BT Halts Sale Of New Copper Lines On Openreach Network

• Chinese Hacker Steals Microsoft Signing Key, Spies on US Government

• IBM Discloses Data Breach Impacting Janssen Healthcare Platform

• Cisco Finds 8 Vulnerabilities in OAS Industrial IoT Data Platform

• Alert: Apache SuperSet Vulnerabilities Expose Servers to Remote Code Execution Attacks

• The Hacker Tool to Get Personal Data from Credit Bureaus

• GAM3S.GG Raises $2M to Grow Web3 Gaming Superapp

• Chinese Hack of Microsoft Consumer Key Stemmed From its Engineer’s Corporate Account

• SafeBase acquires Stacksi to automate responses to security questionnaires

• Microsoft Account Compromise Led To Chinese Hack Of US Officials

• Mirai Botnet Variant ‘Pandora’ Hijacks Android TVs for Cyberattacks

• July 2023 Cyber Attacks Statistics

• UK drops ‘spy clause’ for scanning encrypted messages, admits it’s not ‘feasible’

• Think Tank Urges Labour to Promote “Securonomics” Agenda

• Hackers Use Weaponized LNK Files to Deploy RedEyes Malware

• Vendor Comparison: DIY Home Security Systems

• Vulnerabilities Uncovered: Critical Remote Code Execution Risks in ASUS Routers

• How to Get a Personal Loan as a Server or Waitress

• Hundreds of Scam Pages Uncovered in Major Investment Fraud Campaign

• AI triggers tech anxiety for senior leaders, reveals new research

• Government Abandons Plan To Scan Encrypted Messages

• UK Government Backs Down on Anti-Encryption Stance

• PHPFusion Flaw Allows Attackers to Read Critical System Data

• Do you know what your supply chain is and if it is secure?

• Outlook Breach: Microsoft Reveals How a Crash Dump Led to a Major Security Breach

• 3 Key Takeaways from the recently announced NIST Post-Quantum Cryptography Standards

• PHPFusion Critical Flaw Allows Attackers to Read Critical System Data

• Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

• How to use Tor browser (and why you should)

• 3 ways to strike the right balance with generative AI

• LibreOffice: Stability, security, and continued development

• Ransomware spreading gang reveals visa details of working employees in America

• China reportedly bans iPhones from more government offices

• UK Government withdraws proposal for controversial spy clause in its Online Safety Bill

• Shifting left and right, innovating product security

• How cybercriminals use look-alike domains to impersonate brands

• Battling malware in the industrial supply chain

• Leveraging AT&T Cybersecurity Consulting for a robust Zero Trust Center of Excellence

• Baseline standards for BYOD access requirements

• Cybersecurity pros battle discontent amid skills shortage

• How Zero Trust and XDR Work Together

• CybeReady Provides Cybersecurity Awareness Month Kits As CISOs Defend Against AI Driven Attacks

• FreeWorld ransomware attacks MSSQL—get your databases off the Internet

• Smart chastity device exposes sensitive user data

• X wants your biometric data

• Mac users targeted in new malvertising campaign delivering Atomic Stealer

• Coding Tips to Sidestep JavaScript Vulnerabilities

• The Comedy of Errors That Let China-Backed Hackers Steal Microsoft’s Signing Key

• CrowdStrike CEO talks generative AI, cybersecurity and new ‘virtual security analyst’

Generated on 2023-09-08 23:55:20.150185