IT Security News Daily Summary 2023-09-26

• Researchers Uncover RaaS Affiliate Distributing Multiple Ransomware Strains

• Suspicious New Ransomware Group Claims Sony Hack

• Catalyte Leverages Google Career Certificates to Expand Cybersecurity Apprenticeship Opportunities

• CISA Launches National Public Service Announcement Campaign Encouraging Americans to Take Steps to Keep Themselves and Their Families Safe Online

• KnockKnock – Enumerate Valid Users Within Microsoft Teams And OneDrive With Clean Output

• AtlasReaper – A Command-Line Tool For Reconnaissance And Targeted Write Operations On Confluence And Jira Instances

• AI needs human insight to reach its full potential against cyberattacks

• EFF, ACLU and 59 Other Organizations Demand Congress Protect Digital Privacy and Free Speech

• New security features in Windows 11 protect users and empower IT

• Maine Department of Labor to Announce the Launch of University of Maine at Augusta Cybersecurity and IT Registered Apprenticeship Program

• Delinea Secret Server Introduces MFA Enforcement at Depth to Meet Cyber Insurance Requirements

• Canadian Flair Airlines left user data leaking for months

• Cybersecurity Awareness Month 2023: 4 Actionable Tips

• Windows 11 begins (very slowly) rolling out a slew of new features

• Microsoft Adding New Security Features to Windows 11

• CrowdStrike makes a breakout move

• Judge Sides With Facebook And Puts Groundbreaking Privacy Law On Hold

• Risk of a US Government Shutdown Is Fueled by Very Online Republicans

• Microsoft is Rolling out Support for Passkeys in Windows 11

• OffSec Cyber Range Blue Webinar Recap

• T-Mobile SASE protects corporate networks, applications and data

• HackerOne Bug Bounty Disclosure: b-no-rate-limit-on-forgot-password-on-https-apps-nextcloud-com-b-cyber-world

• HackerOne Bug Bounty Disclosure: b-dos-in-form-submission-at-https-nextcloud-com-instant-trial-b-krrish-hackk

• HackerOne Bug Bounty Disclosure: b-nextcloud-all-in-one-path-disclosure-of-internal-frontend-b-shuvam

• HackerOne Bug Bounty Disclosure: b-existance-of-calendars-and-addressbooks-can-be-checked-by-unauthenticated-users-b-themarkib-x

• Windows 11 begins rolling out a slew of new features

• MSP shares details of Kaseya VSA ransomware attack, recovery

• Amazon Sued By FTC, US States Over ‘Monopoly Power’

• Microsoft harnesses power of AI to boost Windows 11 security, pushes for passwordless future

• Microsoft’s bold move: Introducing AI assistant ‘Copilot’ in Windows 11

• ROBOT crypto attack on RSA is back as Marvin arrives

• 4 Pillars for Building a Responsible Cybersecurity Disclosure Program

• Found: Live from TechCrunch Disrupt with cybersecurity trailblazer Window Snyder from Thistle Technologies

• ChatGPT Update Enables Chatbot to “See, Hear and Speak” with Users

• 2023-09-21 thru 09-25 – malspam examples pushing AgentTesla

• More than 30 US Banks Targeted in New Xenomorph Malware Campaign

• ShadowSyndicate: A New Cybercrime Group Linked to 7 Ransomware Families

• NY College Must Spend $3.5M on Cybersecurity After Breach Affecting 200k Students

• Coffee Briefing Sept. 26 – Cybercrime on the rise in Canada; CGI selected by Scotiabank to deploy enterprise payments platform; IBM aims to train two million learners in AI by 2026; and more

• Data on 3.4 million mothers, children stolen from Ontario registry

• Top Five Steps to Elevate Your Data Security Posture Management and Secure Your Data

• Top 3 Priorities for Today’s CISO: Safeguarding the Digital Frontier

• AI To Ease Unnecessary Software Burden On UK Businesses, Freshworks Finds

• Google Chrome use-after-free Vulnerability Leads to Remote Attack

• The Winds of Change: How Generative AI is Revolutionizing Cybersecurity

• Australian Government’s ‘Six Cyber Shields’ Is Potentially a Well-Meaning Skills Crisis

• ZenRAT Malware Uncovered in Bitwarden Impersonation

• Chad Taps Huawei for Digital Modernization Project

• Mitsubishi Electric FA Engineering Software

• Baker Hughes Bently Nevada 3500

• Hitachi Energy Asset Suite 9

• Advantech EKI-1524-CE series

• Suprema BioStar 2

• LiveAction updates LiveWire to provide visibility for NetOps and SecOps teams

• runZero unveils CAASM Platform for IT and OT visibility

• Critical JetBrains TeamCity vulnerability could be exploited to launch supply chain attacks (CVE-2023-42793)

• Transposit On-Call enables users to handle incidents from alert to resolution

• The Com: Youth Hacking Ring Executing High-profile Cybercrimes

• Gaming Giant Nintendo Embraces Passkeys for Enhanced Security and Convenience

• Obtain career boost in 2024 with these 10 cybersecurity certifications

• EU Tells Tech To Resist Russian Misinformation, With Twitter Singled Out

• ShadowSyndicate Investigation Reveals RaaS Ties

• Amidst MGM, Caesar’s Incidents, Attackers Focus on Luxury Hotels

• Balancing Promise and Pitfalls: Integrating AI into Cybersecurity

• OpenSea Warns API Customers of Third-Party Security Breach

• Progressive Holdings Cyberattack: Sensitive Data Stolen

• Modbus Protocol: The Grandfather of IoT Communication

• MOVEit breach delivers bundle of 3.4 million baby records

• Sony Investigating After Hackers Offer to Sell Stolen Data

• UAE-Linked APT Targets Middle East Government With New ‘Deadglyph’ Backdoor

• The Rhysida ransomware group hit the Kuwait Ministry of Finance

• Why You Should Phish In Your Own Pond

• Essential Tools for Small Businesses: Streamlining Operations with 11 Must-Haves

• Common Challenges in Outsourcing Software Development and Strategies for Mitigation

• 12 Indispensable Online Tools for Startup Success

• The Growing Risks of Shadow IT and SaaS Sprawl

• 3 phases of the third-party risk management lifecycle

• Proactive Security: What It Means for Enterprise Security Strategy

• Why the public sector is an easy target for ransomware

• Immersive Labs Workforce Exercising allows cyber leaders to identify and fill skills gaps

• Crypto Quantique introduces SaaS platform QuarkLink Ignite

• Censys Internet Map helps organizations identify, understand and mitigate threats

• Hunter Biden Sues Rudy Giuliani And Former Attorney, Alleging They Tried To Hack His Devices

• Millions Of Newborn Registry Records Were Compromised In A MOVEit Data Breach

• Space Force Chief Says Commercial Satellites May Need Defending

• Russia’s APT29 Intensifies Espionage Operations

• Xenomorph Android Banking Trojan Targeting Users In US, Canada

• Sony Investigating After Hackers Offer To Sell Stolen Data

• When It Comes to Email Security, the Cloud You Pick Matters

• Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions

• Essential Guide to Cybersecurity Compliance

• BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients

• New CISA HBOM Framework for Supply Chain Risk Management

• $200 Million in Cryptocurrency Stolen in Mixin Network Hack

• Xenomorph Android Banking Trojan Targeting Users in US, Canada

• The CISO Carousel and its Effect on Enterprise Cybersecurity

• Update on Naked Security

• Half of Cyber-Attacks Go Unreported

• FortiSASE SASE Solution Review

• Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations

• Facial Recognition Lawsuit After Man Is Falsely Jailed

• Cisco+ Secure Connect SASE Review & Features 2023

• Threat Report: The High Tech Industry Targeted the Most with 46% of NLX-Tagged Attack Traffic

• Signal Will Leave the UK Rather Than Add a Backdoor

• Unlocking the Secrets of DevSecOps: The Essential Lifecycle Stages

• Palo Alto Prisma SASE Review & Features 2023

• Siren 13.4 provides accelerated data retrieval for analysts

• Has Sony been hacked again?

• Sony Systems Alleged Breached By Hackers

• Cato SASE Cloud Review & Features 2023

• Xenomorph malware is back after months of hiatus and expands the list of targets

• 1-15 August 2023 Cyber Attacks Timeline

• Meta Surrenders Lease At One London Building

• EvilBamboo Attacking Android & iOS Devices With Custom Malware

• Threat Actors Actively Using Remote Management Tools to Deploy Ransomware

• Best 10 Cybersecurity Podcasts

• Visibility: An Essential Component of Industrial Cyber Security

• Pension Firms Report 4000% Surge in Breaches

• CISA Publishes Hardware Bill of Materials Framework

• Tech Giants Launch Post-Quantum Cryptography Coalition

• Emerging technologies make it easier to phish

• Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign

• Happy Compliance Officer Day!

• Smishing Triad Stretches Its Tentacles into the United Arab Emirates

• Cyberelements Partners with ABC Distribution Partners to Revolutionise Privileged Access Management in Europe

• CREST and IASME announce partnership with the NCSC to deliver Cyber Incident Exercising scheme

• Stratascale acquires Vector0 to strengthen its cybersecurity services

• Welcart e-Commerce plugin for WordPress cross-site scripting | CVE-2023-41962

• Contact Form by FormGet Plugin for WordPress cross-site scripting | CVE-2023-5125

• RustCrypto aes-gcm information disclosure | CVE-2023-42811

• Galaxy Project Galaxy server-side request forgery | CVE-2023-42812

• WithSecure Policy Manager cross-site scripting | CVE-2023-43763

• Defending Beyond 9-to-5: BlackCloak’s Fortress for Executives’ Digital Sanctuaries

• Ukraine accuses Russian spies of hunting for war-crime info on its servers

• 5 free vulnerability scanners you should check out

• Are developers giving enough thought to prompt injection threats when building code?

• Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers

• Email inboxes are vulnerable to sophistication driven cyber attacks

• Cybersecurity skills employers are desperate to find in 2023

• MITRE ATT&CK project leader on why the framework remains vital for cybersecurity pros

• Google is retiring its Gmail Basic HTML view in January 2024

• BORN Ontario child registry data breach affects 3.4 million people

• Xenomorph Android malware now targets U.S. banks and crypto wallets

• Mixin Network suspends operations following $200 million hack

• IT workers see generative AI as a serious threat to their profession

• Fraud prevention forces scammers to up their game

• Challenge Your Cybersecurity Systems With AI Controls in Your Hand

• VMware SASE Solution Review

• A week in security (September 18 – September 24)

• What does a car need to know about your sex life? Lock and Code S04E20

• TikTok flooded with fake celebrity nude photo Temu referrals

• Ransomware group claims it’s “compromised all of Sony systems”

• 10 Best Container & Kubernetes Security Solutions & Tools [2023]

• Cloudflare One SASE Review & Features 2023

• When It Comes to Email Security, The Cloud You Pick Matters

• Crooks stole $200 million worth of assets from Mixin Network

• Brute Ratel C4 Detected – :

• How to Create and Copy SSH Keys with 2 Simple Commands

• New SEC cybersecurity disclosure rules: What you need to know to stay in compliance

• Journey Down Under: How Rocco Became Australia’s Premier Hacker

• IT Security News Daily Summary 2023-09-25

• Kick off a career in IT with this cybersecurity training bundle

• Xenomorph Android Malware Targets Customers of 30 US Banks

• MOVEit Flaw Leads to 900 University Data Breaches

• UAE-Linked ‘Stealth Falcon’ APT Mimics Microsoft in Homoglyph Attack

• Hackers steal $200M from crypto company Mixin

• The Future of Cybersecurity: Insights from Forrester’s Latest Report

• EFF at FIFAfrica 2023

• Mixin Network Halts Services After $200M Crypto Hack

• How to Compare the Contents of Local & Remote Files with the Help of SSH

• LogRhythm vs. SolarWinds (2023): SIEM Tool Comparison

• How to Compare the Contents of Local & Remote Files With the Help of SSH

• Are iPhones more secure than Android devices?

• 6 reasons Cisco acquired Splunk

• Weekly Vulnerability Recap – Sept. 25, 2023 – Flaws in Apple Devices, DevOps Tools and More

• Mixin suspends deposits and withdrawals after $200m cryptocurrency heist

• What is Digital Identity? | Avast

• A phishing campaign targets Ukrainian military entities with drone manual lures

• Navigating the Skies

• Are you ready to build your organization’s digital trust?

• Top 67 Cybersecurity Startups You Should Know in 2023

• CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog

• 900 U.S. Schools Hit by MOVEit Hack, Exposing Student Data

• The U.S. Government’s Database of Immigrant DNA Has Hit Scary, Astronomical Proportions

• Sophisticated APT Clusters Target Southeast Asia

• CISA Releases Hardware Bill of Materials Framework (HBOM) for Supply Chain Risk Management (SCRM)

• Hackers steal $200 million from crypto company Mixin

• TA866 Threat Actor: Python Malware Targets Tatar-language Users

• Trends to watch at this year’s IoT Tech Conference

• Amazon Invests $4bn In Anthropic, As ChatGPT Gets Voice, Image Features

• Deadglyph: A New Backdoor Linked to Stealth Falcon APT in the Middle East

• China-Linked EvilBamboo Targets Mobiles

• CISA Adds Three Known Exploited Vulnerabilities to Catalog

• Decade of newborn child registry data stolen in MOVEit mass-hack

• Nurturing Our Cyber Talent

• Adarma Names James Todd as Chief Technology Officer, Reinforcing Dedication to Security Operations Excellence

• How to make sure the reputation of your products and company is good

• Medusa Ransomware Strikes Philippines’ PhilHealth, Demands $300,000 Ransom

• Spotify AI Tool Translates Podcasts In Speaker’s Own Voice

• The best travel VPNs of 2023: Expert tested and reviewed

• Voting Equipment Giants Team Up For Security

• SEC Probe ‘Collects Thousands Of Wall Street App Messages’

• Cyberattack Responses at MGM and Caesars Required Brutal Actions

• Accurate Eye Diagnosis, Early Parkinson’s Detection

• Two-Year Chase: FBI Relaunches Search for Cybercriminals

• BIND DNS System Flaws Let Attackers Launch DoS Attacks

• Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role

• Stealthy APT Gelsemium Seen Targeting Southeast Asian Government

• The Hot Seat: CISO Accountability in a New Era of SEC Regulation

• Localization Problems: 10 Biggest Challenges and Solutions

• Huawei Launches Luxury Brand, Remains Silent On Advanced Chip

• Gossips on Cryptography: Part 1 and 2

• Apple issues security fixes for iPhone, iPad, Apple Watch to fight Predator spyware

• Web3 Platform Mixin Network Hit by $200m Crypto Hack

• City Of Dallas Details Ransomware Attack Impact, Costs

• 3 iOS 0-Days, A Cellular Network Compromise, And HTTP Used To Infect An iPhone

• Government Of Bermuda Links Cyberattacks To Russian Hackers

• 900 US Schools Impacted By MOVEit Hack At National Student Clearinghouse

• Webinar — AI vs. AI: Harnessing AI Defenses Against AI-Powered Risks

• Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals

• Zyxel announces WiFi 6-enabled security firewalls for small- and medium-sized business networks

• GitHub Makes Passkey For Passwordless Logins Publicly Available

• Hong Kong Regulator Seeks To Limit Fallout From JPEX Crypto Scandal

• The City of Kamloops Protects City Data and Networks with Check Point Software

• Cyber Hygiene: A First Line of Defense Against Evolving Cyberattacks

• Akira Ransomware Adapts to Linux Systems, Incorporates New Tactics and TTPs

• City of Dallas Details Ransomware Attack Impact, Costs

• 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse

• Alert! Patch your TeamCity instance to avoid server hack

• Scattered Spider “bites” in Las Vegas

• E-commerce Website Design: How to Build a Successful Online Store in 2023

• Are You Willing to Pay the High Cost of Compromised Credentials?

• Watch the Webinar — AI vs. AI: Harnessing AI Defenses Against AI-Powered Risks

• Thunder Shield Security introduces Custos to help organizations identify critical vulnerabilities

• National Student Clearinghouse MOVEit breach impacts nearly 900 schools

• Allegro Packets boosts analysis performance with new features and enhancements

• Amazon collaborates with Anthropic to advance generative AI

• Cyber Security Today, Sept. 25, 2023 – Hackers from India say they are targeting Canadian web sites

• LockBit 3.0 Ransomware Victim: altmanplants[.]com

• UK, EU Car Makers Call For Delay To Brexit EV Tariff

• Your Boss’s Spyware Could Train AI to Replace You

• A Tricky New Way to Sneak Past Repressive Internet Censorship

• New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government

• From Watering Hole to Spyware: EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese

• Cobalt Stike Beacon Detected – :

• Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks

• In-the-Wild Exploitation Expected for Critical TeamCity Flaw Allowing Server Takeover

• Hands-on threat simulations: Empower cybersecurity teams to confidently combat threats

• BinDiff: Open-source comparison tool for binary files

• Frontend as a Service (FaaS): Revolutionizing Web Development for Speed and Simplicity

• Police, Teachers Say TikTok ‘Frenzies’ Placing Strain On Services

• 8 of the Best Cybersecurity Conferences

• Defending against DDoS Attacks: What you need to know

• How generative AI changes cybersecurity

• Almost 900 US Schools Breached Via MOVEit

• Researchers Spot Novel “Deadglyph” Backdoor

• BEC Scammer Pleads Guilty to Part in $6m Scheme

• Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

• OpenKnowledgeMaps cross-site scripting | CVE-2023-40618

• Point of Sale Security Guide and Checklist

• Almost US 900 Schools Breached Via MOVEit

• New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government

• Software developers, how secure is your software?

• OilRig: Never-seen C#/.NET Backdoor to Attack Wide Range of Industries

• 8 Base Ransomware Victim: Springer Eubank

• 8 Base Ransomware Victim: J[.]T[.] Cullen Co[.], Inc[.]

• Don’t Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection

• Nigerian National pleads guilty to participating in a millionaire BEC scheme

• Understanding and Safeguarding against QR Code Phishing Attacks aka Quishing

• Hands-on threat simulations: empower cybersecurity teams to confidently combat threats

• Trending Ransomware News headlines on Google

• New variant of BBTok Trojan targets users of +40 banks in LATAM

• Nintendo adds Passkey passwordless authentication support to accounts

• Balancing cybersecurity with convenience and progress

• How global enterprises navigate the complex world of data privacy

• Fake celebrity photo leak videos flood TikTok with Temu referral codes

• Despite rising insider risk costs, budgets are being wasted in the wrong places

• Current ransomware defenses efforts are not working

• T-Mobile US exposes some customer data – but don’t call it a breach

• T-mobile US exposes some customer data – but don’t call it a breach

• T-mobile exposes some customer data – but don’t call it a breach

• Implementing Stronger RBAC and Multitenancy in Kubernetes Using Istio

• Future Skills in Cybersecurity: Nurturing Talent for the Evolving Threatscape

• 3 iOS 0-days, a cellular network compromise, and HTTP used to infect an iPhone

• Worm that jumps from rats to slugs to human brains has invaded Southeast US

• Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters

• ‘Power, influence, notoriety’: The hackers who struck MGM, Caesars

• Your Fingerprints Might Change the Color of Your iPhone 15 Pro

Generated on 2023-09-26 23:55:48.366010