IT Security News Daily Summary 2023-09-29

• How to land a corporate board seat as a CISO

• Digital Accessibility and Cybersecurity Must Go Hand in Hand

• Mozilla Rushes to Fix Critical Vulnerability in Firefox and Thunderbird

• Skyhook – A Round-Trip Obfuscated HTTP File Transfer Setup Built To Bypass IDS Detections

• Microsoft Bing Chat pushes malware via bad ads

• Lazarus APT Exploiting LinkedIn to Target Spanish Aerospace Firm

• How Can Your Security Team Help Developers Shift Left?

• PhD student guilty of 3D-printing ‘kamikaze’ drone for Islamic State terrorists

• Video Encoding Library Leaves Chrome, Firefox and More Open to Zero-Day Attack

• Cyber Security Today, Week in Review for the week ending Friday, Sept. 29, 2023

• Russian Company Offers $20m For Non-NATO Mobile Exploits

• DHS Calls Into Question Physical Security in Johnson Controls Cyberattack

• Spyware Vendor Targets Egyptian Orgs With Rare iOS Exploit Chain

• Is that how it works? Hacking and scamming in popular TV shows

• 5 common browser attacks and how to prevent them

• CIA’s AI Chatbot: A New Tool for Intelligence Gathering

• AWS Using MadPot Decoy System to Disrupt APTs, Botnets

• CISA and UK NCSC Hold Inaugural Meeting of Strategic Dialogue on Cybersecurity of Civil Society Under Threat of Transnational Repression

• The Art of Creating Digital Experiences: Exploring Website Development and Technology

• From Text to Multisensory AI: ChatGPT’s Latest Evolution

• ChatGPT Enterprise can Boost AI Adoption by Addressing Business Concerns

• Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software

• Cybersecurity Gaps Plague US State Department, GAO Report Warns

• Mozilla Releases Security Updates for Multiple Products

• Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar

• Reddit to Pay Users for Popular Posts

• Mozilla Releases Security Updates for Multiple Products

• Reddit to Pay Users for Popular Posts

• The Role of DevOps in Streamlining Cloud Migration Processes

• Transforming Vulnerability Management: CISA Adds OASIS CSAF 2.0 Standard to ICS Advisories

• The best VPN services for iPhone and iPad in 2023: Tested and reviewed

• Kickstart your journey to IPv6 with Segment Routing over IPv6 (SRv6)

• 2023: The Big Shift to Managed Services

• Unifying Security: Elevate Your Zero Trust Strategy with Cisco’s Duo and Cisco Secure Access

• Distributed ZTNA enables simple and scalable secure remote access to OT assets

• Debbie goes from being a full-time mother to a dynamo in networking

• Selecting Cybersecurity Solutions for Hybrid and Hyperscale Data Centers

• Threat Actors Exploit the Tensions Between Azerbaijan and Armenia

• Researchers Extract Sounds From Still Images on Smartphone Cameras

• In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea

• Generative AI Startup Nexusflow Raises $10.6 Million

• Russian Company Offers $20M For Non-NATO Mobile Exploits

• Progress Software Releases Urgent Patches to Fix WS_FTP Server Vulnerabilities

• Vulnerability Summary for the Week of September 18, 2023

• After Ransomware Disruption, Hospital Turns to Check Point Infinity Global Services to Recover and Build Cyber Resilience

• Microsoft’s Bing AI Faces Malware Threat From Deceptive Ads

• Malicious ads creep into Bing Chat responses

• Modern GPUs Susceptible to Latest GPU.zip Side-Channel Assault

• High Security Alert Issued for Apple Devices by India’s CERT-In

• VMware customers anxious about ransomware threats

• Chinese Hackers Stole 60,000 US State Department Emails from Microsoft

• Quantum Nominated to Compete in Fifth ‘ASTORS’ Awards Program

• Phishing, Smishing Surge Targets US Postal Service

• Overcoming Challenges in Cyber Defense Business Naming in The Age of AI

• National Security Agency is Starting an Artificial Intelligence Security Center

• European Regulators Want To Extend Ban On Facebook Data Tracking

• Russian State Hackers Attempted To Block Ukrainians From Opening US Bank Accounts

• A New Chrome 0-Day Is Sending The Internet Into A New Chapter Of Groundhog Day

• Chinese Snoops Stole 60,000 State Department Emails

• The NSA Is Starting An Artificial Intelligence Security Center

• Johnson Controls Hit By Ransomware

• Meta Admits AI Assistant Trained On User Posts

• ZeroFont Phishing: Hackers Manipulating Font Size to Bypass Office 365 Security

• September 2023 Web Server Survey

• ZenRAT Malware Targets Windows Users Via Fake Bitwarden Password Manager Installation Package

• How to use Wireshark to sniff and scan network traffic

• How Paidy is securing the future of fintech through a strategic alliance with OffSec

• ZeroFont Phishing: Hackers Manipulating Font Size to Bypass Office 365 Security

• September 2023 Web Server Survey

• ZenRAT Malware Targets Windows Users Via Fake Bitwarden Password Manager Installation Package

• How to use Wireshark to sniff and scan network traffic

• How Paidy is securing the future of fintech through a strategic alliance with OffSec

• Attacks on Azerbaijan Businesses Drop Malware via Fake Image Files

• People Still Matter in Cybersecurity Management

• Moody’s Executive & Security Ratings Snapshot Request

• Free Attack Surface Report – Free Demo

• Bitsight Security Ratings

• Executive & Security Ratings Snapshot Request – SEC

• Executive & Security Ratings Snapshot Request – SEC PPC

• Use-After-Free in Voice Control: CVE-2021-30902 Write-up

• How iOS Malware Can Spy on Users Silently

• Persistence without “Persistence”: Meet The Ultimate Persistence Bug – “NoReboot”

• ZecOps Announces Support for Forensics Images Acquired by GrayShift

• Fake Droids: Your New Android Device is Actually an Old Android 6

• Vulnerability Summary for the Week of August 14, 2023

• Vulnerability Summary for the Week of August 21, 2023

• Vulnerability Summary for the Week of August 28, 2023

• Vulnerability Summary for the Week of September 4, 2023

• Vulnerability Summary for the Week of September 11, 2023

• Cyber Resilient 911 Symposium

• Region 8 Invites You to Secure Our World

• Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks

• CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks

• Bitdefender Threat Intelligence enables organizations to improve their security posture

• Dialpad PII Redaction enhances privacy protection

• Norway wants Facebook behavioral advertising banned across Europe

• Jim Cramer’s top 10 things to watch in the stock market Friday

• Admins urged to quickly patch holes in WS_FTP file transfer server

• Amazon Wins Interim Stay On Public Ads Archive

• QR Code 101: What the Threats Look Like

• Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm

• Modern Data Backup Strategies for Safeguarding Your Information

• Cloud Migration: How To Overcome Fears and Capitalize on Opportunities

• Akira Ransomware Victim: Vertical Development

• Cyber Security Today, Sept. 29, 2023 – Protect your routers from this attacker, new open-source malware packages found, and more

• Post-Quantum Cryptography: Finally Real in Consumer Apps?

• Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach

• DevOps and Platform Engineering

• NIST Publishes Final Version of 800-82r3 OT Security Guide

• A Key US Government Surveillance Tool Should Face New Limits, a Divided Privacy Oversight Board Says

• Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers

• Nexusflow raises $10.6 million to improve generative AI in cybersecurity

• Conceal partners with CyberForce Security to elevate MSSP services with advanced browser security

• Blackpoint Cyber unveils Cloud Response for Google Workspace

• 9 Best Carbon Black Alternatives & Competitors in 2023

• LockBit 3.0 Ransomware Victim: fdf[.]org[.]uk

• LockBit 3.0 Ransomware Victim: ezpaybuildings[.]net

• LockBit 3.0 Ransomware Victim: rexgroup[.]co[.]uk

• Netflix Mails Its Final DVD As It Ends Postal Service

• Censys Reveals Open Directories Share More Than 2,000 TB of Unprotected Data

• ZeroFont trick dupes users into thinking message has been scanned for threats

• Best SIEM Tools and Software for 2023

• Protect Your Passwords for Life for Just $30

• Johnson Controls Hit by Ransomware

• FBI Warns Organizations of Dual Ransomware, Wiper Attacks

• Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites

• Ann Minooka joins Synopsys as CMO

• Privacy Regulator Orders End to Spreadsheet FOI Responses

• 12 Benefits of Zero Trust for Mid-Sized Businesses

• AjaxNewsTicker cross-site scripting | CVE-2023-41453

• Zephyr buffer overflow | CVE-2023-4260

• AjaxNewsTicker cross-site scripting | CVE-2023-41448

• AjaxNewsTicker code execution | CVE-2023-41449

• Zephyr buffer overflow | CVE-2023-4262

• APT34 Deploys Phishing Attack With New Malware

• Diverse threat intelligence key to cyberdefense against nation-state attacks

• Microsoft Breach Exposed 60,000 State Department Emails

• 5 Best Features Protecting Your Education Software from Cyber Threats

• When Worlds Collide: A Phygital Future?

• MOVEit Developer Patches Critical File Transfer Bugs

• Misconfigured WBSC server leaks thousands of passports

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows?

• Silicon UK Pulse: Your Tech News Update: Episode 20

• 8 Base Ransomware Victim: C[.]F[.] Service and Supply

• 8 Base Ransomware Victim: Kona Equity

• Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server

• A Roadmap to Launch Your Career in Network Security

• VMware users anxious about costs and ransomware threats

• New infosec products of the week: September 29, 2023

• How should organizations navigate the risks and opportunities of AI?

• Canada govt websites disrupted by Cyber Attacks from India

• CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

• Financial crime compliance costs exceed $206 billion

• Cybersecurity budgets show moderate growth

• Why California’s Delete Act matters for the whole country

• US State Department Says 60,000 Emails Taken in Alleged Chinese Hack

• Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts

• Cisco Products Multiple Vulnerabilities

• Champagne squeezed to produce proposed amendments on privacy, AI bills

• The Growing Threat of Cybercrime Law Abuse: LGBTQ+ Rights in MENA and the UN Cybercrime Draft Convention

• Malicious ad served inside Bing’s AI chatbot

• Google’s Bard conversations turn up in search results

• Malicious Ads Infiltrate Bing AI Chatbot in Malvertising Attack

• Play Ransomware Victim: BAMO

• Play Ransomware Victim: Jacobson

• Play Ransomware Victim: Webb Landscape

• Play Ransomware Victim: Amanzi Marble & Granite

• Play Ransomware Victim: Robuck Homes

• Watch EFF’s Talks from DEF CON 31

• Chinese snoops stole 60K State Department emails in that Microsoft email heist

• Get Real, Congress: Censoring Search Results or Recommendations Is Still Censorship

• Government Shutdown Poised to Stress Nation’s Cybersecurity Supply Chain

• The Federal Government’s Privacy Watchdog Concedes: 702 Must Change

• New Cisco IOS Zero-Day Delivers a Double Punch

• Chrome Flags Third Zero-Day This Month That’s Tied to Spying Exploits

• IT Security News Daily Summary 2023-09-28

• Pinkerton – An JavaScript File Crawler And Secret Finder Developed In Python

• Feds’ privacy panel backs renewing Feds’ S. 702 spying powers — but with limits

• Cisco patches zero-day vulnerability under attack

• US, Japan warn China-linked ‘BlackTech’ targeting routers

• Johnson Controls International Disrupted by Major Cyberattack

• Vulnerability resolution enhanced by integrations

• EFF to D.C. Circuit: Animal Rights Activists Shouldn’t Be Censored on Government Social Media Pages Because Agency Disagrees With Their Viewpoint

• Dark Web Pedophiles Using Open-Source AI to Generate CSAM

• Safeguard Your AWS Account: IAM Best Practices

• Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product

• External vs Internal Vulnerability Scans: Difference Explained

• Q&A: UK Ambassador on Creating New Cybersecurity Agencies Around the World

• DARPA takes its long-duration Manta undersea drone for a test-dip

• Join the new Microsoft Security experience at Microsoft Ignite 2023

• Novel ZenRAT Scurries Onto Systems via Fake Password Manager Tool

• CIA Builds Own Artificial Intelligence Tool – Report

• Apple Releases Security Updates for Multiple Products

• CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month with New Public Awareness Campaign to Secure Our World

• GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions

• HackerOne Bug Bounty Disclosure: b-reflected-xss-in-oauth-complete-endpoints-b-zerodivisi-n

• How To Turn Off Google’s “Privacy Sandbox” Ad Tracking—and Why You Should

• FCC Proposes To Restore Net Neutrality Laws In US

• How To Implement Zero Trust: Best Practices and Guidelines

• Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

• Apple Ordered To Face Apple Pay Antitrust Lawsuit

• Phishing via Dropbox

• Asian banks are a favorite target of cybercooks, and malicious bots their preferred tool

• Looking Beyond the Hype Cycle of AI/ML in Cybersecurity

• NordVPN Review (2023): Pricing, Security & Performance

• Budworm APT Evolves Toolset, Targets Telecoms and Government

• US Justice Department Urged to Investigate Gunshot Detector Purchases

• Fake Bitwarden Site Distributes Novel RAT Malware

• Chinese Hackers Stole Emails From US State Dept In MS Breach

• Cisco Warns Of IOS Software Zero-Day Exploitation Attempts

• After Failing At Privacy Again, Google Is Working To Keep Bard Chats Out Of Search

• Right Wing Elon Scraps Tool To Report Electoral Fake News

• Wi-Fi Eavesdropping: Risks and How to Stay Secure

• AI Boom: Cybercriminals Winning Early

• RansomedVC Ransomware Group Claims to Have Breached Sony Network

• Digital identity: Dispelling the myths

• Sir Jony Ive And OpenAI Discuss AI Hardware Project – Report

• Unpatched Cisco Catalyst SD-WAN Manager Systems Exposed to DoS Attacks

• Post-Pandemic Cybersecurity: Lessons Learned and Predictions

• Booking.com Customers Targeted in Major Phishing Campaign

• Cyber Attack paralysis IT operations at Volkswagen

• Google to launch Android Earthquake Alerts in India

• Android Banking Trojan Zanubis Evolves to Target Peruvian Users

• DEXMA DexGate

• Rockwell Automation PanelView 800

• CISA Releases Three Industrial Control Systems Advisories

• CISA Adds One Known Exploited Vulnerability to Catalog

• Google patches zero-day exploited by commercial spyware vendor

• Swissbit releases N5200 Enterprise SSD

• Armilla AI AutoGuard makes generative AI safer for enterprises

• Veriti Agentless OS-Level Remediation boosts scalability and resiliency

• Malicious ad served inside Bing’s AI chatbot

• Nexusflow raises $10.5 to build a conversational interface for security tools

• Meta Connect 2023: Meta Quest 3, Ray-Ban Meta Smart Glasses

• Why Organizations Struggle With Vulnerability Management?

• Demystifying the SEC’s Enhanced Cybersecurity Disclosure Requirements

• Sony Launches Investigation After Hackers Threaten to Sell Stolen Data on Dark Web

• What Is Web App Penetration Testing?

• How I got started: SIEM engineer

• Moving From Qualitative to Quantitative Cyber Risk Modeling

• Government Shutdown Could Bench 80% of CISA Staff

• Lumu Raises $30 Million for Threat Detection and Response Platform

• Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users

• Supply Chain Attackers Escalate With GitHub Dependabot Impersonation

• 4 Legal Surprises You May Encounter After a Cybersecurity Incident

• China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies

• Norton Small Business offers protection against scams and phishing threats

• Linksys announces Cognitive Security capability

• Kong Insomnia 8.0 accelerates API design and developer efficiency

• ZYXEL Buffer Overflow vulnerability Let Attacker Launch DoS Attack

• Case Study: Blocking Botnet-Driven Low-Rate HTTP DDoS Attacks

• US Lawmaker: Government Shutdown Will Leave Americans Exposed to Cyber-Attacks

• Dark Angels Team ransomware group hit Johnson Controls

• Sysdig Launches Realtime Attack Graph for Cloud Environments

• Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits

• Cisco Warns of IOS Software Zero-Day Exploitation Attempts

• Yet another Chrome zero-day exploited in the wild! (CVE-2023-5217)

• Panzura Edge minimizes the risk of data leakage and exfiltration

• Heimdal® Achieves ISAE 3000 SOC 2 Type II Certification, Demonstrating Compliance with the Highest Security Standards

• Akira Ransomware Victim: Civic San Diego

• Akira Ransomware Victim: The Polish American
  Association

• Critical Chrome Update Counters Spyware Vendor’s Exploits

• The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies

• Meta Connect 2023: Meta Launches AI Chatbots With Personalities

• Snatch Ransomware Group Leaked User’s Location and Internal Data

• Critical Cisco WAN Manager Vulnerabilities Let Attacker Conduct DoS Attack

• Simplifying Blockchain Development by using Abstraction

• China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

• KSOC says it’s tackling cloud-native security in a way that is Kubernetes-first

• PingSafe unveils MSSP partnership with Human Managed

• Apple macOS Ventura security bypass | CVE-2023-41996

• snappy-java denial of service | CVE-2023-43642

• Cookie Notice & Consent Plugin for WordPress cross-site scripting | CVE-2023-41948

• Trellix Endpoint Security (ENS) code execution | CVE-2023-3665

• iFolders plugin for WordPress cross-site scripting | CVE-2023-41949

• China’s chip equipment firms see revenue surge as Beijing seeks semiconductor self-reliance

• Robots: Cybercriminals of the Future?

• Guide to ransomware and how to detect it

• Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor

• How to develop a cybersecurity strategy: Step-by-step guide

• Around the World with Thales: Our Upcoming Events

• Google confirms CVE-2023-5129 is the hidden threat in Libwebp

• What Does Secure by Design Actually Mean?

• Google Patches Chrome Zero-Day Used in Spyware Attacks

• US and Japan Warn of Chinese Router Attacks

• GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

• Journey partners with Webex by Cisco to enhance security for customer interactions

• Imagination GPU devices information disclosure | CVE-2023-44216

• Apple macOS Sonoma code execution | CVE-2023-40432

• GLPI information disclosure | CVE-2023-41321

• Apple macOS Sonoma security bypass | CVE-2023-40426

• Apple macOS Sonoma information disclosure | CVE-2023-40429

• UK Logistics Firm Forced to Close After Ransomware Breach

• Actively Exploited Chrome Zero-day Patched: Update Now!

• A cryptor, a stealer and a banking trojan

• After failing at privacy, again, Google is working to keep Bard chats out of Search

• Do you know what your supply chain is and if it is secure?

• BlackTech APT Hackers Break into Cisco Firmware to Attack the US and Japan

• CACTUS Ransomware Victim: www[.]spuncast[.]com

• CACTUS Ransomware Victim: www[.]unitex[.]com

• Daily Vulnerability Trends: Thu Sep 28 2023

• 8 Base Ransomware Victim: Notel

• SIEM in 2024: 7 Trends to Watch Out For

• The hidden costs of neglecting cybersecurity for small businesses

• How to avoid the 4 main pitfalls of cloud identity management

• A Preview of Windows 11’s Passkeys Support

• CAPTCHAs Easy for Humans, Hard for Bots

• Johnson Controls hit by Dark Angels Ransomware

• Ransomware groups are shifting their focus away from larger targets

• The clock is ticking for businesses to prepare for mandated certificate automation

• Kubernetes attacks in 2023: What it means for the future

• Google fixes fifth actively exploited Chrome zero-day of 2023

• SSH keys stolen by stream of malicious PyPI and npm packages

• US and Japan warn of Chinese hackers backdooring Cisco routers

• Modern GPUs vulnerable to new GPU.zip side-channel attack

• GitHub repos bombarded by info-stealing commits masked as Dependabot

• Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability

• China’s national security minister rates fake news among most pressing cyber threats

• Google Chrome Multiple Vulnerabilities

• AWS Graviton Use Cases

• Using GenAI in Your Business? Here Is What You Need To Know

• Malwarebytes Admin update: New Detection screens to manage threats!

• Malwarebytes MDR wins G2 awards for “Best ROI,” “Easiest to Use,” and more

• Xenomorph hunts cryptocurrency logins on Android

• Pegasus spyware and how it exploited a WebP vulnerability

• Top 8 Secure Access Service Edge (SASE) Providers in 2023

Generated on 2023-09-29 23:55:48.441978