IT Security News Daily Summary 2023-09-27

• Researchers Release Details of New RCE Exploit Chain for SharePoint

• China-linked APT BlackTech was spotted hiding in Cisco router firmware

• WMIExec – Set Of Python Scripts Which Perform Different Ways Of Command Execution Via WMI Protocol

• The Cost of Cybercrime in the US: Facts and Figures

• Protecting customer trust with AI is the future of e-commerce

• E-commerce fraud to cost $48 billion globally this year as attacks skyrocket, report says

• China APT Cracks Cisco Firmware in Attacks Against the US and Japan

• Security researcher warns of chilling effect after feds search phone at airport

• How to View Incognito History on Android Without Them Knowing

• Apple Zero-Day Flaws Exploited For Predator Spyware Attacks

• Why a DevOps approach is crucial to securing containers and Kubernetes

• Facebook Reportedly Caved To Government Pressure Overseas And Allowed Hate Speech To Thrive

• This startup wants to verify your ID without storing your personal data

• Multi-Tenancy With Keycloak, Angular, and SpringBoot

• SwiftData Dependency Injection in SwiftUI Application

• Tequila OS 2.0: The first forensic Linux distribution in Latin America

• Fake Bitwarden Password Manager Website Drops Windows ZenRAT

• Smart Contract Language Comparison: Solidity vs. Cadence vs. Move

• CISA and FEMA Open the Application Process for the Tribal Cybersecurity Grant Program

• RATs, rootkits, and ransomware (oh my!)

• Check Point Research Uncovers Critical Vulnerabilities in Friend.tech WEB3 Platform

• Chinese Gov Hackers Caught Hiding in Cisco Router Firmware

• SoundThinking, Maker of ShotSpotter, Is Buying Parts of PredPol Creator Geolitica

• Bitwarden adds passkey 2FA to keep online accounts protected

• SpecterOps introduces Purple Team Assessments Services

• Cybertech Europe 2023 will explore innovation, new possibilities in cyber technology

• HackerOne Bug Bounty Disclosure: b-missing-function-level-access-control-in-mozilla-formula-containsregular-expression-denial-of-service-cve-b-unexpectedbuffercon

• HackerOne Bug Bounty Disclosure: b-subdomain-takeover-on-mozaws-net-b-mikey

• HackerOne Bug Bounty Disclosure: b-curl-cve-http-header-allocation-dos-b-selmelc

• Publisher’s Spotlight: Radiant Security: Your AI-powered SOC Co-pilot

• Amazon Hires Former Microsoft Head Panos Panay As Device Boss

• Malware Concealed as Dependabot Contributions Strikes GitHub Projects

• SMS Security & Privacy Gaps Make It Clear Users Need a Messaging Upgrade

• Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees

• ‘ASTORS’ Nominee Partners to Bring Unified SASE to EMEA Enterprises

• Your Bard conversations are someone else’s Google results

• NYC rights groups say no to grocery store spycams and snooping landlords

• Simple Membership Plugin Flaws Expose WordPress Sites

• ZoobeTek unveils CRA to fight mobile hacking risks and quantum threats

• SeeMetrics releases customizable Cybersecurity Performance Boards

• Cyxtera launches COE for exploring AI and quantum computing

• TikTok Blow As Indonesia Bans E-commerce Transactions

• The latest Windows 11 update is rolling out now. Here’s what’s new

• Ransomed.vc Group Hits NTT Docomo After Sony Breach Claims

• Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors

• Russian zero-day seller offers $20M for hacking Android and iPhones

• EFF’s Comment to the Meta Oversight Board on Polish Anti-Trans Facebook Post

• Ethics in the Age of Ransomware: Challenges and Strategies for Negotiation

• AtlasCross Hackers Target Organizations with Red Cross Phishing Lures

• RasomedVC: Ransomware Group Claims to Have Breached Sony’s Computer Systems

• Lawsuit against MGM and Ceasars Entertainment Ransomware Attack

• CISA Unveils New HBOM Framework to Track Hardware Components

• BEC Attacks Increase By 279% in Healthcare

• MOVEit Breach Delivers Bundle Of 3.4 Million Baby Records

• Google Quietly Corrects Previously Submitted Disclosure For Critical Webp 0-Day

• GPUs From All Major Suppliers Are Vulnerable To New Pixel Stealing Attack

• Misconfigured TeslaMate Instances Put Tesla Car Owners At Risk

• Firefox 118 Patches High Severity Vulnerabilities

• Sony`s Systems Breached. Ransomed.vc Claims Stealing 260 GB of Data

• Ransomware Attack Blamed As Logistics Firm Collapses

• Lu0Bot Node.js Malware Takes Complete Control Over Victim’s Computer

• Atlas VPN Review (2023): Features, Pricing, Alternatives

• EchoMark launches AI-driven solution to improve data privacy standards

• FileCloud partners with OPSWAT to strengthen data security posture for customers

• Baffle Data Protection for AI secures private data for use in GenAI projects

• New Relic Session Replay aids engineers in issue resolution with video-like playback

• Arrcus and NVIDIA join forces to deliver high-performance, zero-trust networking for datacenters

• Liberals to add ‘fundamental right to privacy’ to proposed law, but no details yet

• Watch out! CVE-2023-5129 in libwebp library affects millions applications

• Strategies for Merchant Ransomware Protection

• Data Mapping vs. Data Lineage: Understanding The Differences

• Embracing Innovation: AI-Driven Service Management for IT Professionals

• Medusa Locker Ransomware Victim: LANDSTAR POWER ONTARIO INC

• Medusa Locker Ransomware Victim: Acoustic Center

• How AI and better pay can address the ongoing cyber talent shortage

• TalkTalk To Split Into Three Companies, With CEO To Step Down

• JetBrains Patches Severe TeamCity Flaw Allowing RCE and Server Hijacking

• Stolen GitHub Credentials Used to Push Fake Dependabot Commits

• Firefox 118 Patches High-Severity Vulnerabilities

• Misconfigured TeslaMate Instances Put Tesla Car Owners at Risk

• Gem Security Lands $23 Million Series A Funding

• Leading CISO Creates Model for Ransomware Payment Decisions

• CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber Activity

• Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data

• Gem Security raises $23M for its cloud security platform

• Celebrating Over 20,000 Hours of Cyber Hacking Training via the Check Point MIND and NotSoSecure Partnership

• Apple rolls out fix for data transfer bug to all compatible iPhones and iPads

• Protected Extensible Authentication Protocol (PEAP)

• NSA, FBI, CISA, and Japanese Partners Release Advisory on PRC-Linked Cyber Actors

• People’s Republic of China-Linked Cyber Actors Hide in Router Firmware

• New twist on ZeroFont phishing technique spotted in the wild

• stackArmor ATO for AI accelerates safe AI adoption for public sector organizations

• Musk’s X Disabled Electoral Misinformation Reporting Feature, Researcher Claims

• Apple Security Fixes for iPhone, iPad, Safari, Watch & Sonoma14: Update Now!

• Cost of a data breach 2023: Geographical breakdowns

• Will Government Secure Open Source or Muck It Up?

• Cybersecurity firm Lumu raises $30M to detect network intrusions

• PikaBot C2 Detected – 148[.]153[.]34[.]82:2078

• Soaring Cyber Insurance Claims are Hurting firms with Ransomware Attacks and Compromised Emails

• The Rise of Biometric Security: Protecting Data in the Future of Cybercrime

• macOS 14 Sonoma Patches 60 Vulnerabilities

• Google Open Sources Binary File Comparison Tool BinDiff

• Research reveals 80% of applications developed in EMEA contain security flaws

• OneTrust AI Governance helps organizations manage AI systems and mitigate risk

• Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)

• Appdome unveils mobile anti-malware protections

• Which Industries Use Document Translation Services?

• Cyber Security Today, Sept. 27 2023 – Hackers are targeting luxury hotels, a Red Cross scam and more

• North Korean and Chinese Hackers Attacking Healthcare Industries

• The Rise of Automotive Hacking: How to Secure Your Vehicles Against Hacking

• ‘Snatch’ Ransom Group Exposes Visitor IP Addresses

• New Survey Uncovers How Companies Are Confronting Data Security Challenges Head-On

• Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023

• Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

• What You Must Know About Rate Limiting

• Cyber-Attacks on Ukraine Surge 123%, But Success Rates Plummet

• DarkBeam leaks billions of email and password combinations

• Critical Vulnerability in libwebp Library

• LockBit 3.0 Ransomware Victim: cochraninc[.]com

• ICS Reconnaissance Attacks – Introduction to Exploiting Modbus

• The Weather Network Faces Ransomware Attack, Faces Data Leak Threat

• Google To Sunset Gmail’s Basic HTML View In 2024

• Closing Integrity Gaps with NIST CSF

• ‘Ransomed.vc’ in the Spotlight – What is Known About the Ransomware Group Targeting Sony and NTT Docomo

• Fake Bitwarden installation packages delivered RAT to Windows users

• TeamViewer and Ivanti simplify the complex task of managing and securing remote devices

• Phobos Ransomware: Everything You Need to Know and More

• Upgrade Your Cybersecurity With This VPN That’s Only $89 for Three Years

• Regulator Warns Breaches Can Cost Lives

• New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software

• QR codes in email phishing

• Keeper Security study shows cultural changes imperative to improve cyber incident reporting

• New GPU Side-Channel Attack Allows Malicious Websites to Steal Data

• Attacks on European Financial Services Double in a Year

• Booking.com Customers Hit by Phishing Campaign Delivered Via Compromised Hotels Accounts

• Poll Maker Plugin for WordPress cross-site scripting | CVE-2023-41872

• Online Job Portal SQL injection | CVE-2023-43468

• szvone vmqphp SQL injection | CVE-2023-43132

• Order Delivery Date for WooCommerce Plugin for WordPress cross-site scripting | CVE-2023-41874

• PeproDev CF7 Database Plugin for WordPress cross-site scripting | CVE-2023-41863

• How do you spook cyber criminals?

• Quick Glossary: Malware

• NCSC Launches Cyber Incident Exercise Scheme

• Attacks on EMEA Financial Services Double in a Year

• Love in the Digital Age: How Technology Transformed Dating

• Identity Theft Protection Policy

• Why performing security testing on your products and systems is a good idea

• Top 5 Problems Solved by Data Lineage

• CACTUS Ransomware Victim: www[.]astrolighting[.]com

• CACTUS Ransomware Victim: www[.]orthumbau[.]de

• 8 Base Ransomware Victim: Muenz-Engineered Sales

• New AtlasCross APT Using Weaponized Word Documents to Deploy Malware

• Cyber Attacks Arising from Microsoft Office Software

• Critical libwebp Vulnerability Under Active Exploitation – Gets Maximum CVSS Score

• Indian government reports Security Vulnerabilities in Apple devices

• High number of security flaws found in EMEA-developed apps

• Best Practices for Data Protection

• Hackers actively exploiting Openfire flaw to encrypt servers

• New AtlasCross hackers use American Red Cross as phishing lure

• ShadowSyndicate hackers linked to multiple ransomware ops, 85 servers

• Can we fix the weaknesses in password-based authentication?

• SickKids impacted by BORN Ontario data breach that hit 3.4 million

• Guide: SaaS Offboarding Checklist

• Cloud service inefficiencies drain IT budgets

• Network Flight Simulator: Open-source adversary simulation tool

• Is your identity safe? Exploring the gaps in threat protection

• The pitfalls of neglecting security ownership at the design stage

• ChromeOS Multiple Vulnerabilities

• Apple Products Multiple Vulnerabilities

• Artificial Intelligence — Beyond the Algorithms

• Google Indexed Trove of Bard AI User Chats in Search Results

• Credit card thieves target Booking.com customers

• Child health data stolen in registry breach

• Webinar: Bridging digital transformation & cybersecurity

• Sources: Palo Alto Networks in advanced talks to buy Talon and Dig in a $1B security sweep

• principle of least privilege (POLP)

• Sony investigating alleged ransomware attack, group threatens to sell data

• Versa Unified SASE Review & Features 2023

• Sources: Palo Alto in advanced talks to buy Talon and Dig in a $1B security sweep

• Research From IANS and Artico Search Reveals Cybersecurity Budgets Increased Just 6% for 2022-2023 Cycle

• Threat actors claim the hack of Sony, and the company investigates

• Clop MoveIt Transfer attacks affect over 2,000 organizations

• Cyemptive Technologies Expands Operations in the Middle East and the Americas

• IT Security News Daily Summary 2023-09-26

• Researchers Uncover RaaS Affiliate Distributing Multiple Ransomware Strains

• Suspicious New Ransomware Group Claims Sony Hack

• Catalyte Leverages Google Career Certificates to Expand Cybersecurity Apprenticeship Opportunities

• CISA Launches National Public Service Announcement Campaign Encouraging Americans to Take Steps to Keep Themselves and Their Families Safe Online

• KnockKnock – Enumerate Valid Users Within Microsoft Teams And OneDrive With Clean Output

• AtlasReaper – A Command-Line Tool For Reconnaissance And Targeted Write Operations On Confluence And Jira Instances

• AI needs human insight to reach its full potential against cyberattacks

• EFF, ACLU and 59 Other Organizations Demand Congress Protect Digital Privacy and Free Speech

• New security features in Windows 11 protect users and empower IT

• Maine Department of Labor to Announce the Launch of University of Maine at Augusta Cybersecurity and IT Registered Apprenticeship Program

• Delinea Secret Server Introduces MFA Enforcement at Depth to Meet Cyber Insurance Requirements

• Canadian Flair Airlines left user data leaking for months

• Cybersecurity Awareness Month 2023: 4 Actionable Tips

• Windows 11 begins (very slowly) rolling out a slew of new features

• Microsoft Adding New Security Features to Windows 11

• CrowdStrike makes a breakout move

• Judge Sides With Facebook And Puts Groundbreaking Privacy Law On Hold

• Risk of a US Government Shutdown Is Fueled by Very Online Republicans

• Microsoft is Rolling out Support for Passkeys in Windows 11

• OffSec Cyber Range Blue Webinar Recap

• T-Mobile SASE protects corporate networks, applications and data

• HackerOne Bug Bounty Disclosure: b-no-rate-limit-on-forgot-password-on-https-apps-nextcloud-com-b-cyber-world

• HackerOne Bug Bounty Disclosure: b-dos-in-form-submission-at-https-nextcloud-com-instant-trial-b-krrish-hackk

• HackerOne Bug Bounty Disclosure: b-nextcloud-all-in-one-path-disclosure-of-internal-frontend-b-shuvam

• HackerOne Bug Bounty Disclosure: b-existance-of-calendars-and-addressbooks-can-be-checked-by-unauthenticated-users-b-themarkib-x

• Windows 11 begins rolling out a slew of new features

• MSP shares details of Kaseya VSA ransomware attack, recovery

• Amazon Sued By FTC, US States Over ‘Monopoly Power’

• Microsoft harnesses power of AI to boost Windows 11 security, pushes for passwordless future

• Microsoft’s bold move: Introducing AI assistant ‘Copilot’ in Windows 11

• ROBOT crypto attack on RSA is back as Marvin arrives

• 4 Pillars for Building a Responsible Cybersecurity Disclosure Program

• Found: Live from TechCrunch Disrupt with cybersecurity trailblazer Window Snyder from Thistle Technologies

• ChatGPT Update Enables Chatbot to “See, Hear and Speak” with Users

• 2023-09-21 thru 09-25 – malspam examples pushing AgentTesla

• More than 30 US Banks Targeted in New Xenomorph Malware Campaign

• ShadowSyndicate: A New Cybercrime Group Linked to 7 Ransomware Families

• NY College Must Spend $3.5M on Cybersecurity After Breach Affecting 200k Students

• Coffee Briefing Sept. 26 – Cybercrime on the rise in Canada; CGI selected by Scotiabank to deploy enterprise payments platform; IBM aims to train two million learners in AI by 2026; and more

• Data on 3.4 million mothers, children stolen from Ontario registry

• Top Five Steps to Elevate Your Data Security Posture Management and Secure Your Data

• Top 3 Priorities for Today’s CISO: Safeguarding the Digital Frontier

• AI To Ease Unnecessary Software Burden On UK Businesses, Freshworks Finds

• Google Chrome use-after-free Vulnerability Leads to Remote Attack

• The Winds of Change: How Generative AI is Revolutionizing Cybersecurity

• Australian Government’s ‘Six Cyber Shields’ Is Potentially a Well-Meaning Skills Crisis

• ZenRAT Malware Uncovered in Bitwarden Impersonation

• Chad Taps Huawei for Digital Modernization Project

• Mitsubishi Electric FA Engineering Software

• Baker Hughes Bently Nevada 3500

• Hitachi Energy Asset Suite 9

• Advantech EKI-1524-CE series

• Suprema BioStar 2

• LiveAction updates LiveWire to provide visibility for NetOps and SecOps teams

• runZero unveils CAASM Platform for IT and OT visibility

• Critical JetBrains TeamCity vulnerability could be exploited to launch supply chain attacks (CVE-2023-42793)

• Transposit On-Call enables users to handle incidents from alert to resolution

• The Com: Youth Hacking Ring Executing High-profile Cybercrimes

• Gaming Giant Nintendo Embraces Passkeys for Enhanced Security and Convenience

• Obtain career boost in 2024 with these 10 cybersecurity certifications

• EU Tells Tech To Resist Russian Misinformation, With Twitter Singled Out

• ShadowSyndicate Investigation Reveals RaaS Ties

• Amidst MGM, Caesar’s Incidents, Attackers Focus on Luxury Hotels

• Balancing Promise and Pitfalls: Integrating AI into Cybersecurity

• OpenSea Warns API Customers of Third-Party Security Breach

• Progressive Holdings Cyberattack: Sensitive Data Stolen

• Modbus Protocol: The Grandfather of IoT Communication

• MOVEit breach delivers bundle of 3.4 million baby records

• Sony Investigating After Hackers Offer to Sell Stolen Data

• UAE-Linked APT Targets Middle East Government With New ‘Deadglyph’ Backdoor

• The Rhysida ransomware group hit the Kuwait Ministry of Finance

• Why You Should Phish In Your Own Pond

• Essential Tools for Small Businesses: Streamlining Operations with 11 Must-Haves

• Common Challenges in Outsourcing Software Development and Strategies for Mitigation

• 12 Indispensable Online Tools for Startup Success

• The Growing Risks of Shadow IT and SaaS Sprawl

• 3 phases of the third-party risk management lifecycle

• Proactive Security: What It Means for Enterprise Security Strategy

• Why the public sector is an easy target for ransomware

• Immersive Labs Workforce Exercising allows cyber leaders to identify and fill skills gaps

• Crypto Quantique introduces SaaS platform QuarkLink Ignite

• Censys Internet Map helps organizations identify, understand and mitigate threats

• Hunter Biden Sues Rudy Giuliani And Former Attorney, Alleging They Tried To Hack His Devices

• Millions Of Newborn Registry Records Were Compromised In A MOVEit Data Breach

• Space Force Chief Says Commercial Satellites May Need Defending

• Russia’s APT29 Intensifies Espionage Operations

• Xenomorph Android Banking Trojan Targeting Users In US, Canada

• Sony Investigating After Hackers Offer To Sell Stolen Data

• When It Comes to Email Security, the Cloud You Pick Matters

• Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions

• Essential Guide to Cybersecurity Compliance

• BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients

• New CISA HBOM Framework for Supply Chain Risk Management

• $200 Million in Cryptocurrency Stolen in Mixin Network Hack

• Xenomorph Android Banking Trojan Targeting Users in US, Canada

• The CISO Carousel and its Effect on Enterprise Cybersecurity

• Update on Naked Security

• Half of Cyber-Attacks Go Unreported

• FortiSASE SASE Solution Review

• Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations

• Facial Recognition Lawsuit After Man Is Falsely Jailed

• Cisco+ Secure Connect SASE Review & Features 2023

• Threat Report: The High Tech Industry Targeted the Most with 46% of NLX-Tagged Attack Traffic

• Signal Will Leave the UK Rather Than Add a Backdoor

• Unlocking the Secrets of DevSecOps: The Essential Lifecycle Stages

• Palo Alto Prisma SASE Review & Features 2023

• Siren 13.4 provides accelerated data retrieval for analysts

• Has Sony been hacked again?

• Sony Systems Alleged Breached By Hackers

• Cato SASE Cloud Review & Features 2023

• Xenomorph malware is back after months of hiatus and expands the list of targets

• 1-15 August 2023 Cyber Attacks Timeline

• Meta Surrenders Lease At One London Building

• EvilBamboo Attacking Android & iOS Devices With Custom Malware

• Threat Actors Actively Using Remote Management Tools to Deploy Ransomware

• Best 10 Cybersecurity Podcasts

• Visibility: An Essential Component of Industrial Cyber Security

• Pension Firms Report 4000% Surge in Breaches

• CISA Publishes Hardware Bill of Materials Framework

• Tech Giants Launch Post-Quantum Cryptography Coalition

• Emerging technologies make it easier to phish

• Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign

• Happy Compliance Officer Day!

• Smishing Triad Stretches Its Tentacles into the United Arab Emirates

• Cyberelements Partners with ABC Distribution Partners to Revolutionise Privileged Access Management in Europe

• CREST and IASME announce partnership with the NCSC to deliver Cyber Incident Exercising scheme

• Stratascale acquires Vector0 to strengthen its cybersecurity services

• Welcart e-Commerce plugin for WordPress cross-site scripting | CVE-2023-41962

• Contact Form by FormGet Plugin for WordPress cross-site scripting | CVE-2023-5125

• RustCrypto aes-gcm information disclosure | CVE-2023-42811

• Galaxy Project Galaxy server-side request forgery | CVE-2023-42812

• WithSecure Policy Manager cross-site scripting | CVE-2023-43763

• Defending Beyond 9-to-5: BlackCloak’s Fortress for Executives’ Digital Sanctuaries

• Ukraine accuses Russian spies of hunting for war-crime info on its servers

• 5 free vulnerability scanners you should check out

• Are developers giving enough thought to prompt injection threats when building code?

• Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers

• Email inboxes are vulnerable to sophistication driven cyber attacks

• Cybersecurity skills employers are desperate to find in 2023

• MITRE ATT&CK project leader on why the framework remains vital for cybersecurity pros

• Google is retiring its Gmail Basic HTML view in January 2024

• BORN Ontario child registry data breach affects 3.4 million people

• Xenomorph Android malware now targets U.S. banks and crypto wallets

• Mixin Network suspends operations following $200 million hack

• IT workers see generative AI as a serious threat to their profession

• Fraud prevention forces scammers to up their game

• Challenge Your Cybersecurity Systems With AI Controls in Your Hand

• VMware SASE Solution Review

• A week in security (September 18 – September 24)

• What does a car need to know about your sex life? Lock and Code S04E20

• TikTok flooded with fake celebrity nude photo Temu referrals

• Ransomware group claims it’s “compromised all of Sony systems”

• 10 Best Container & Kubernetes Security Solutions & Tools [2023]

• Cloudflare One SASE Review & Features 2023

Generated on 2023-09-27 23:55:58.321133