IT Security News Daily Summary 2023-09-14

• MGM, Caesars File SEC Disclosures on Cybersecurity Incidents

• Cybercriminals Use Webex Brand to Target Corporate Users

• Hackers Claiming to Jailbreak AI Chatbots to Write Phishing Emails

• More malicious attachments found by researchers

• Caesars says cyber-crooks stole customer data as MGM casino outage drags on

• DDoS attack hampers PEI websites

• Developer platform Retool breached in vishing attack

• UK Greater Manchester Police disclosed a data breach

• Microsoft Fixed 59 Bugs With September 2023 Patch Tuesday

• 3 Strategic Insights from Cybersecurity Leader Study

• Contractor Data Breach Impacts 8k Greater Manchester Police Officers

• The Promise of Personal Data for Better Living

• New DarkGate Malware Campaign Hits Companies Via Microsoft Teams

• Zero-Day Security Vulnerability Found in Chrome, Firefox and Other Browsers

• Caesars Confirms Ransomware Hack, Stolen Loyalty Program Database

• A Second Major British Police Force Suffers a Cyberattack in Less Than a Month

• Google Cloud Next focuses on generative AI for security

• Facebook-Owned Threads Censors Searches Related To COVID

• Stealer Thugs Behind RedLine & Vidar Pivot to Ransomware

• Cuba Ransomware Gang Continues to Evolve With Dangerous Backdoor

• Diligent One allows users to analyze and report disparate data from any information source

• Caesars paid millions in ransom to cybercrime group prior to MGM hack

• How to defend your organization against deepfake content

• Bitwarden adds passwordless SSO to make enterprise customer lives easier

• Manchester Police Officer Data Compromised In Supplier Attack

• A One-Two Punch for Security ROI

• How to Transform Security Awareness Into Security Culture

• Canadian weather websites still struggling after supplier attack

• Mind the trust gap: Data concerns prompt customer caution over generative AI

• CertiK launches SkyInsights to simplify crypto compliance and risk management

• Attackers hit software firm Retool to get to crypto companies and assets

• CloudBees unveils a new DevSecOps platform

• Getting ready for a post-quantum world

• Alphabet Cutting Hundreds Of Jobs In Recruitment Unit

• Siemans WIBU Systems CodeMeter

• Siemans QMS Automotive

• CISA Releases Seven Industrial Control Systems Advisories

• Siemens SIMATIC IPCs

• Siemens Parasolid

• Overcoming the Escalating Challenge Posed by Session Hijacking

• Two Ransomware Attack Stories currently trending on Google

• Tech Leaders Gather For Closed Senate Summit On AI

• BLASTPASS: Government agencies told to secure iPhones against spyware attacks

• Companies Affected by Ransomware [Updated 2023]

• Using Generative AI to Revolutionize Your Small Business

• Guarding Against DMARC Evasion: The Google Looker Studio Vulnerability

• Resort Giant Hacked: MGM Resorts Experiences a “Cybersecurity Issue”

• Rollbar might be good at tracking bugs, uninvited guests not so much

• ICS Computers in Western Countries See Increasing Attacks: Report

• Manchester Police Officers’ Data Breached in Third-Party Attack

• Mideast Retailers Dogged by Scam Facebook Pages Offering ‘Investment’ Opportunities

• Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems

• BianLian Ransomware Gang Siphons 6.8TB of Data from Save The Children

• How to spot a fake online review

• How to Backup Data from NAS: A Complete Guide

• Selecting Sales Intelligence Software in 2023: A Comprehensive Guide

• Eleven of the Best Open Source Hypervisor Technologies

• Spectro Cloud Palette EdgeAI builds and manages Kubernetes-based AI software stacks

• AtData collaborates with Persona to strengthen fraud prevention

• Claroty’s VRM enhancements empower security teams to quantify CPS risk posture

• California Assembly Passes Right To Repair Bill

• How to use Norton’s free AI-powered scam detector

• Kubernetes Vulnerability Leads to Remote Code Execution

• How to Tell if Active Directory is Compromised

• Cybersecurity and Compliance in the Age of AI

• Free Download Manager Site Compromised to Distribute Linux Malware to Users for 3+ Years

• Caesars Entertainment says customer data stolen in cyberattack

• Read it right! How to spot scams on Reddit

• Thales & Prime Factors’ 30 Year Collaboration Continues to Deliver Simplicity, Flexibility, and Security for Payment Applications

• Hackers claim MGM cyberattack as outage drags into fourth day

• Azure HDInsight Flaws Allow Data Access, Session Hijacking, Payload Delivery

• North Korean Hackers Steal $53 Million In Cryptocurrency From CoinEx

• Conversational AI Company Uniphore Leverages Red Box Acquisition for New Data Collection Tool

• LockBit Affiliate Deploys New 3AM Ransomware in Recent Attack

• Azure HDInsight Flaws Allowed Data Access, Session Hijacking, Payload Delivery

• Professional Sports: The Next Frontier of Cybersecurity?

• Patronus AI conjures up an LLM evaluation tool for regulated industries

• Deduce raises $9 million to tackle AI-generated identity fraud

• Viavi Solutions and Google Cloud unlock new opportunities for network optimization

• ‘Scattered Spider’ Behind MGM Cyberattack, Targets Casinos

• Microsoft Releases September 2023 Updates

• CISA Releases Three Industrial Control Systems Advisories

• CISA Adds Two Known Vulnerabilities to Catalog

• Mozilla Releases Security Updates for Multiple Products

• CISA Adds Three Known Vulnerabilities to Catalog

• CISA Announces Open Source Software Security Roadmap

• Readout from CISA’s 2023 Third Quarter Cybersecurity Advisory Committee Meeting

• Avoid These 5 IT Offboarding Pitfalls

• The iPhone of a Russian journalist was infected with the Pegasus spyware

• Banking Cybersecurity: The Risks Faced by Financial Institutions

• A Weekend Getaway in Ohio: Where to Go and What to See

• Ransomware Gang Takes Credit for Disruptive MGM Resorts Cyberattack

• North Korean Hackers Steal $53 Million in Cryptocurrency From CoinEx

• Elon Musk in Hot Water With FTC Over Twitter Privacy Issues

• Fake Signal and Telegram Apps in the Google Play Store

• SecurityScorecard and Measured Analytics and Insurance strengthen proactive cybersecurity strategies

• Attackers use fallback ransomware if LockBit gets blocked

• Lacework expands partnership with Snowflake to drive secure cloud growth

• Ivanti collaborates with Catchpoint to detect and troubleshoot remote connectivity issues

• N-Able’s Take Control Agent Vulnerability Exposes Windows Systems to Privilege Escalation

• Data — The Lifeblood of Security and Detection Engineering

• Meet AI-Powered Prisma SASE at SASE Converge 2023

• China Denies Issuing Ban On Apple iPhones

• Next-Gen Email Firewalls: Beyond Spam Filters to Secure Inboxes Checklist

• Palo Alto Networks: 80% of security exposures exist in cloud

• Stealing More Than Towels: The New InfoStealer Campaign Hitting Hotels and Travel Agencies

• MalindoAir – 4,328,232 breached accounts

• ARM Holdings IPO Values Firm At £43.6 Billion

• Microsoft Teams as a Tool for Storm-0324 Threat Group to Hack Corporate Networks

• Check Point Infinity Global Services Saved Financial Services Organization up to 80% on Insurance Costs

• Ensuring Data Security and Confidentiality in IT Staffing Augmentation

• Cisco IOS Verification Flaw Let Attackers Execute Arbitrary Code

• Lazarus Group Blamed For $53m Heist at CoinEx

• Access Management Policy

• Wake-Up Call as 3AM Ransomware Variant Is Discovered

• Russian Journalist’s iPhone Compromised by NSO Group’s Zero-Click Spyware

• Access control in cloud-native applications in multi-location environments (NIST SP 800-207)

• How to Use DNS IoCs to Prevent Ransomware Attacks

• Guarding Against Fileless Malware: Types and Prevention

• P2P File Sharing Policy

• Cloud Vulnerabilities Surge 200% in a Year

• Kubernetes flaws could lead to remote code execution on Windows endpoints

• Librem 11 tablet sets new standard for privacy and security with Linux-based PureOS

• Update your browsers ASAP

• SolarWinds Platform Vulnerability Let Attackers Execute Arbitrary Commands

• Do you know what your supply chain is and if it is secure?

• Great security training is a real challenge

• Threat actor leaks sensitive data belonging to Airbus

• MGM Hotel Resorts Cyber attack by Scattered Spider or BlackCat Ransomware

• Mobile Verification Toolkit: Forensic analysis of Android and iOS devices to identify compromise

• The critical role of authorization in safeguarding financial institutions

• Keeping cybersecurity regulations top of mind for generative AI use

• Download: Ultimate guide to Certified in Cybersecurity

• Rising OT/ICS cybersecurity incidents reveal alarming trend

• Tech Industry Leaders Endorse Regulating Artificial Intelligence at Rare Summit in Washington

• Bridging the Widening Gap in Cybersecurity Talent: Addressing the Urgent Need for Skilled Professionals

• FBI Hacker Dropped Stolen Airbus Data on 9/11

• PSA: Ongoing Webex malvertising campaign drops BatLoader

• Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days

• 3 reasons why your endpoint security is not enough

• iPhone 15 launch: Wonderlust scammers rear their heads

• ALPHV Ransomware Used Vishing to Scam MGM Resorts Employee

• UN Cybercrime Treaty Talks End Without Consensus on Scope And Deep Divides About Surveillance Powers

• JFrog adds ML model management to devsecops platform

• NordVPN Launches Sonar to Prevent Phishing Attacks

• Claroty Unveils Vulnerability & Risk Management Capabilities to Elevate Risk Reduction for Cyber-Physical Systems

• EFF to Michigan Court: Governments Shouldn’t Be Allowed to Use a Drone to Spy on You Without a Warrant

• IT Security News Daily Summary 2023-09-13

• Fortifying the Cloud: A Look at AWS Shield’s Scalable DDoS Protection

• triple extortion ransomware

• Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns

• Rail Cybersecurity Is a Complex Environment

• iOS 17 Cheat Sheet: Release Date, Supported Devices and More

• Watchdog urges change of HART: Late, expensive US biometric ID under fire

• Microsoft Azure HDInsight Plagued With XSS Vulnerabilities

• Federal Mandates on Medical-Device Cybersecurity Get Serious

• A new ransomware family called 3AM appears in the threat landscape

• CISO Global Threat Informed captures and analyzes data posted to darknets

• Browser companies patch critical zero-day vulnerability

• Digital forensics firm Binalyze raises $19M to investigate cyber threats

• Openreach Reveals New Destinations In Full Fibre Build Update

• Uncle Sam warns deepfakes are coming for your brand and bank account

• AuthMind Scores $8.5M Seed Funding for ITDR Tech

• When LockBit Ransomware Fails, Attackers Deploy Brand-New ‘3AM’

• New Free Tool From Contrast Security Makes API Security Testing Fast and Easy

• Airbus suffers data leak turbulence to cybercrooks’ delight

• Watchdog Alleges X/Twitter Failing To Tackle Online Hate

• Hackers Attack Facebook Business Users Aggressively to Steal Login Credentials

• HCL BigFix 11 accelerates endpoint management strategies for organizations

• Armis Centrix delivers a modular approach to cyber exposure management

• Torii launches generative AI-powered SaaS Management Platform

• SentinelOne releases Singularity RemoteOps Forensics to improve incident response for companies

• Online Jobseekers Beware: Strategies to Outsmart Scammers

• ReconAIzer: OpenAI-based Extension for Burp Suite

• Businesses need pricing clarity as generative AI services hit the market

• The 10 biggest ransomware attacks in history

• Facebook Scam Victim Told By Police To Write Letter Of Complaint To Mark Zuckerberg

• MGM Resorts says cyberattack could have material effect on company

• MrTonyScam: Python-based Stealers Deployed via Facebook Messenger

• A 2-Week Prescription for Eliminating Supply Chain Threats

• Eco-hacks: The intersection of sustainability and cyber threats

• Securing the smart cities of tomorrow: Cybersecurity challenges and solutions

• France Halts Sales Of iPhone 12, Cites Radiation Exposure

• How Next-Gen Threats Are Taking a Page From APTs

• US Agencies Publish Cybersecurity Report on Deepfake Threats

• CISOs and Board Reporting – an Ongoing Problem

• Distributed Energy Resources Get Cybersecurity Boost with $39M DOE Funding

• Microsoft Patch Tuesday Includes Word, Streaming Service Zero-Days

• Mozilla Patches 0-Day Exploited For Spyware Delivery

• France Halts iPhone 12 Sales Over Radiation Levels

• Malicious AI Tools Flourish, Put Pressure On Lawmakers

• Cisco Secure Application provides business risk insights for cloud native apps

• Skybox Security announces platform enhancements to mitigate cyber exposure risk

• SCYTHE 4.0 empowers team collaboration in real-world adversarial campaigns

• GitHub Vulnerability Exposes Over 4,000 Repositories to Repojacking Attacks

• MGM Resorts cyberattack and outage stretches into third day

• Details of Airbus Cyber Attack and Implications

• Apple iPhone 15, Apple Watch: Industry Reaction

• New Microsoft Teams Phishing Campaign Targets Corporate Employees

• Hackers Attack Telegram With DDoS After Targeting Microsoft and X

• Google Chrome Launches ‘Privacy Sandbox’ to Phase Out Tracking Cookies

• IBM, Salesforce and More Pledge to White House List of Eight AI Safety Assurances

• Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints

• Researchers Detail 8 Vulnerabilities in Azure HDInsight Analytics Service

• China Threat Recap: A Deeper Insight

• Salesforce and Google join forces to drive productivity with AI

• Mirantis Kubernetes Engine 3.7.0 minimizes the risk associated with updates

• Apple Watch Update Sees Modest Changes

• Storm-0324 Exploits MS Teams Chats to Facilitate Ransomware Attacks

• Airbus Launches Investigation After Hacker Leaks Data

• macOS Info-Stealer Malware ‘MetaStealer’ Targeting Businesses

• China Says No Law Banning iPhone Use in Govt Agencies

• CISA Releases Open Source Software Security Roadmap

• Cybersecurity Skills Gap: Roadies & Gamers Are Untapped Talent

• The Dark Side of Web Development: Why You Should Be Prioritizing Shadow Code

• Microsoft Teams Phishing Attacks: Ransomware Group Shifts Tactics

• China says it hasn’t banned iPhones or foreign devices for government staff

• Protecting ML models will secure supply chain, JFrog releases ML security features

• Everbridge 360 helps organizations optimize their response efforts

• Gradle Version Catalogs on Android

• MGM Criticized for Repeated Security Failures

• Recent Rhysida Attacks Show Focus on Healthcare By Ransomware Actors

• Webinar: Identity Threat Detection & Response (ITDR) – Rips in Your Identity Fabric

• The return of the ASN-DROP

• Ransomware Trends and Predictions for 2023 and Beyond

• Cyber Security Today, Sept. 13, 2023 – Crooks target Facebook Messenger accounts of businesses, a warning to IT support staff and more

• Ease of Use and Security: Two key aspects of API Design

• SAP Patches Critical Vulnerability Impacting NetWeaver, S/4HANA

• CISA Offering Free Vulnerability Scanning Service to Water Utilities

• SecurityWeek to Host Cyber AI & Automation Summit

• Redfly group infiltrated an Asian national grid as long as six months

• iProov and Cybernetica partner to create a remote identity solution for government and finance onboarding

• Used cars? Try used car accounts: 15,000 up for grabs online at just $2 a pop

• The Cybersecurity Crisis: Dating App “Coffee Meets Bagel (CMB)” Hacked again!

• Bitwarden strengthens security with SSO integrations for businesses

• MetaStealer malware is targeting enterprise macOS users

• Apple Axes Lightning Cable With iPhone 15 Launch

• Weaponized Free Download Manager for Linux Steals System Data & Passwords

• The US Congress Has Trust Issues. Generative AI Is Making It Worse

• Zero-Click Exploit in iPhones

• Machine Learning is a Must for API Security

• RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware

• Patch Now! Mozilla Releases Security Updates For Firefox Zero Day Vulnerability

• How to snoop on passwords with this one weird trick (involving public Wi-Fi signals)

• Implementing the Least Privilege Principle to Safeguard Your Assets

• Chilling Lack of Cyber Experts in UK Government, Finds Parliamentary Inquiry

• Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family

• How Cyberattacks Are Transforming Warfare

• Microsoft Teams phishing: Enterprises targeted by ransomware access broker

• Capita class action: 2,000 folks affected by data theft sign up

• The Twisted Eye in the Sky Over Buenos Aires

• Chinese Redfly Hacked National Power Grid & Maintained Access for 6 Months

• Mozilla Zero-Day Vulnerability Exploited in the Wild – Patch Now!

• After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery

• Microsoft Fixes Two Zero-Day Bugs Used in Attacks

• Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages

• Mozilla fixed a critical zero-day in Firefox and Thunderbird

• MGM Resorts Suspends IT Systems Following Cyber Incident

• CISA Publishes Plan to Enhance Open Source Security

• Threat landscape for industrial automation systems. Statistics for H1 2023

• The Utility of ServiceNow Integration in Streamlining Workflows

• Chrome Zero-Day Vulnerability Exploited in the Wild

• 5 Reasons Why You Should Conduct Regular Cybersecurity Audits

• Around the World in IOT Days (Security Frameworks Edition)

• UK ICO and NCSC Set to Share Anonymized Threat Intelligence

• Why performing security testing on your products and systems is a good idea

• Windows Arbitrary File Deletion Vulnerability Leads to Full System Compromise

• Data Poisoning: A Growing Threat to Cybersecurity and AI Datasets

• Top 10 Programming Languages that are required in Cybersecurity Field

• Zero-Day Summer: Microsoft Warns of Fresh New Software Exploits

• Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws

• Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws

• The rise and evolution of supply chain attacks

• Serial cybersecurity founders get back in the game

• How should SMBs navigate the phishing minefield?

• The Digital Battlefield: Common Types of Cyber Threats Exposed

• Future forward cyber

• Privacy concerns cast a shadow on AI’s potential for software development

• Latest fraud schemes targeting the payments ecosystem

• Ransomware attack hits Sri Lanka government, causing data loss

• Update Adobe Acrobat and Reader to Patch Actively Exploited Vulnerability

• Malware distributor Storm-0324 facilitates ransomware access

• Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird

• Learn the Risks of API Vulnerabilities

• Major cyberattack leaves MGM Resorts reeling

• Two Apple issues added by CISA to its catalog of known exploited vulnerabilities

• Microsoft Teams used to deliver DarkGate Loader malware

• Update Chrome now! Google patches critical vulnerability being exploited in the wild

• Ransomware review: September 2023

• China caught – again – with its malware in another nation’s power grid

• The State of Windows Digital Analysis

Generated on 2023-09-14 23:55:19.824468