IT Security News Daily Summary 2023-10-01

• Mellon – OSDP Attack Tool

• Microsoft Defender Flags Tor Browser as Win32/Malgent!MTB Malware

• Demystifying cybersecurity terms: Policy, Standard, Procedure, Controls, Framework

• Demystifying cybersecurity terms: Policy, Standard, Procedure, Controls

• NIS2: 2.Designate a responsible person or team

• DEF CON 31 – Andrew Brandt’s ‘War Stories – You’re Not George Clooney, And This Isn’t Oceans 11’

• Automation Giant Johnson Controls Hit by Ransomware Attack

• Russian Court Jails Crypto Money Launderer for 12 Years

• FBI Warns Energy Sectors: Chinese and Russian Hackers may Actively Target Energy Sector

• The UK Government Warns Against Using Excel Spreadsheets Due to Multiple Data Breaches

• Volkswagen Faces Production Standstill in Germany Due to IT Problem

• Cybercriminals Exploit Curiosity in Criminal ChatGPT Variant to Deceive Fellow Crooks

• Iranian APT34 Employs Menorah Malware for Covert Operations

• AI in Healthcare: Ethical Concerns for a Sustainable Era

• BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care

• Google Chrome Heap Buffer Overflow Vulnerability (CVE-2023-5217) Notification

• No Cloud, No Problems: Why Dynamic DNS Reigns Supreme Over Cloud Applications

• How to Stop Google Bard From Storing Your Data and Location

• How to Tell When Your Phone Will Stop Getting Security Updates

• LockBit 3.0 Ransomware Victim: cdwg[.]com

• LockBit 3.0 Ransomware Victim: solveindustrial[.]com

• LockBit 3.0 Ransomware Victim: palaciodosleiloes[.]com[.]br

• EDRaser – A Suite For Remotely Deleting Windows Access Logs

• Avoid libwebp Electron Woes On macOS With positron

• Week in review: Chrome zero-day is actually in libwebp, Sony hacking rumours

• Warptech Warpgate security bypass | CVE-2023-43660

• Matrix Hookshot security bypass | CVE-2023-43656

• Chai.js Assertion Library get-func-name denial of service | CVE-2023-43646

• OpenFGA denial of service | CVE-2023-43645

• Discourse Encrypt cross-site scripting | CVE-2023-43657

• Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

• Cyber Security Management System (CSMS) for the Automotive Industry

• Weekly Cyber Security Tip: Harnessing The Power of Firewall Technology

• Cloudflare DDoS protections ironically bypassed using Cloudflare

• ‘ASTORS’ Nominee Announce Unified AI-Powered TDIR for Partner Profit

• IT Security News Daily Summary 2023-09-30

• Electron_Shell – Developing A More Covert Remote Access Trojan (RAT) Tool By Leveraging Electron’s Features For Command Injection And Combining It With Remote Control Methods

• ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

• A Closer Look at the Snatch Data Ransom Group

• Vietnamese Hackers Continue Widespread Attack On Facebook Users

• Embracing Minimalism: The “Less is More” Approach in UI/UX Design

• FBI warns of dual ransomware attacks

• Darkbeam Data Breach: Billions of Usernames and Credentials Exposed Online

• Russian Zero-Day Vendor Proposes $20 Million for Hacking Android and iPhones

• New BEC 3.0 Attack Exploiting Dropbox for Phishing

• With ChatGPT, Users Can Now Access Updated Information on The Internet

• Progress Software fixed two critical severity flaws in WS_FTP Server

• Here’s Why The New U.S. National Cybersecurity Policy Need Some Minor Tweaks

• Chinese Hackers Are Hiding in Routers in the US and Japan

• Simplifying your Approach to the Zero Trust Journey

• FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies

• Apple, Microsoft, and Google Just Fixed Multiple Zero-Day Flaws

• Iranian APT Group OilRig Using New Menorah Malware for Covert Operations

• Child abuse site taken down, organized child exploitation crime suspected – exclusive

• LG Mobile devices information disclosure | CVE-2023-44126

• DEXMA DEXGate information disclosure | CVE-2023-41088

• LG Mobile devices security bypass | CVE-2023-44125

• LG Mobile devices information disclosure | CVE-2023-44124

• LG Mobile devices information disclosure | CVE-2023-44129

• Defending Democracy and Standing Up for Civil Society

• How Lazarus impersonated Meta to attack a target in Spain – Week in security with Tony Anscombe

• When it Comes to Compliance Requirements – Topology Matters!

• Build or Buy your own antivirus product

• CACTUS Ransomware Victim: www[.]utcoverseas[.]com

• AI responses may link to malware

• Cybercriminals Using New ASMCrypt Malware Loader to Fly Under the Radar

• New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks

• Discord is investigating cause of ‘You have been blocked’ errors

• The Week in Ransomware – September 29th 2023 – Dark Angels

• Millions of Exim mail servers exposed to zero-day RCE attacks

• Exploit released for Microsoft SharePoint Server auth bypass flaw

• Lazarus hackers breach aerospace firm with new LightlessCan malware

• 2023-09-28 – IcedID (Bokbot) infection with Keyhole VNC and Cobalt Strike

• Update Chrome now! Google patches another actively exploited vulnerability

• Dependabot impersonators cause trouble on GitHub

• A still unpatched zero-day RCE impacts more than 3.5M Exim servers

Generated on 2023-10-01 23:55:29.238466