IT Security News Daily Summary 2023-10-16

• Avast SecureLine VPN Review (2023): Is It a Good VPN for You?

• New CISA and NSA Identity and Access Management Guidance Puts Vendors on Notice

• Malicious ‘Airstrike Alert’ App Targets Israelis

• Gcp_Scanner – A Comprehensive Scanner For Google Cloud

• ROMCOMLITE: Stealthier Version of ROMCOM Backdoor Targets Female Politicians

• Weekly Vulnerability Recap – October 16, 2023 – DDoS, Microsoft, Apple & Linux Lead a Busy Week

• Critical, Unpatched Cisco Zero-Day Bug Is Under Active Exploit

• Vulnerability Summary for the Week of October 9, 2023

• Cisco warns of active exploitation of IOS XE zero-day

• Randall Munroe’s XKCD ‘Sign Combo’

• Is Cisco’s Acquisition of Splunk a Shade of Brilliance or Madness?

• DEF CON 31 – Alan Meekins’ ‘Snoop On To Them, As They Snoop On To Us’

• RomCom Malware Group Targets EU Gender Equality Summit

• Cisco IOS XE zero-day exploited by attackers to deliver implant (CVE-2023-20198)

• How Is Machine Learning Used in Fraud Detection?

• ‘RomCom’ Cyber Campaign Targets Women Political Leaders

• 12 Best AI-powered Customer Communication Platforms for Contact Centers

• CCTV Cambridge: Nurturing Community with Tools for Speech and Civic Engagement

• Digital Rights Updates with EFFector 35.13

• We’re not in e-Kansas anymore: State courts reel from ‘unauthorized incursion’

• HackerOne Bug Bounty Disclosure: b-inviting-excessive-long-email-addresses-to-a-calendar-event-makes-the-server-unresponsive-b-shuvam

• HackerOne Bug Bounty Disclosure: b-critical-curl-cve-vulnerability-code-changes-are-disclosed-on-the-internet-b-shelldoit

• SAML SSO In Terms Of GitHub Security

• XDR vs. EDR vs. NDR: A Comparison

• Congratulations to the Top MSRC 2023 Q3 Security Researchers!

• Name That Toon: Modern Monarchy

• EFF and 45 Organizations Tell UN: Reverse Decision to Host IGF in Saudi Arabia

• Elon’s CSAM FAIL: Twitter Fined by Australian Govt.

• RWVP: CISA Shares Vulnerabilities and Misconfigurations Targeted by Ransomware Groups

• $1.2 Million Stolen from Grafton Family Business, Sparks Cyber Security Warnings

• Preparing Digital Identity for the Post-Quantum Era

• Equinix’s data center system upgrade results in hours-long disruption at banks

• Pro-Israeli Hacktivist Group Predatory Sparrow Reappears

• Cisco Releases Security Advisory for IOS XE Software Web UI

• Microsoft Launches Bug Bounty Program For AI Bing Across All Products

• DarkGate Malware Becomes Active, Spreads Via Skype Accounts

• Signal Zero-Day Vulnerability Rumors Refuted by Company

• A hack in hand is worth two in the bush

• Microsoft Launches an AI Bug Bounty Program

• How to make sure the reputation of your products and company is good

• CISOs witness meagre salary rise and bonuses in 2023

• Nebraska.Code() — Developing in the Great Plains

• BLOODALCHEMY provides backdoor to southeast Asian nations’ secrets

• How AI Affects Human Cognition

• Ransomware Targets Unpatched WS_FTP Servers

• Best practices to conduct a user access review

• Flipper Zero can be used to crash iPhones running iOS 17, but there’s a way to foil the attack

• Unpatched WS_FTP Servers: Ransomware Threat

• Space Start-Up Investment Sees Third-Quarter Growth

• CISA, FBI, and MS-ISAC Release Joint Advisory on Atlassian Confluence Vulnerability CVE-2023-22515

• Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks

• New Cybersecurity and Cloud Skills to Protect Companies from Cybersecurity Attacks of the Future

• Hack Your Way to a New Career in Cybersecurity: Cisco Networking Academy offers new Ethical Hacker course

• Microsoft Improving Windows Authentication, Disabling NTLM

• Academics Devise Cyber Intrusion Detection System For Unmanned Robots

• Milesight Industrial Router Vuln Possibly Exploited In Attacks

• 530,000 People’s Info Feared Stolen From Gaming Biz Shadow

• Biden Postpones Colorado Trip For National Security Meetings

• Black Basta Ransomware Victim: NCC_2

• Black Basta Ransomware Victim: DOMAIN-BACCARAT_2

• Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign

• China Smartphone Sales See Promising Holiday Growth

• AgentTesla Stealer Delivered Via Weaponized PDF and CHM Files

• Healthcare breach costs soar requiring new thinking for safeguarding data

• SEO poisoning (search poisoning)

• How Data Changes the Cyber-Insurance Market Outlook

• Signal denies claims of an alleged zero-day flaw in its platform

• Knight Ransomware Victim: Guhring was hacked[.] Thousands of confidential files stolen[.]

• Knight Ransomware Victim: Kinesis Film Srl

• Knight Ransomware Victim: Decarie Motors Inc

• Knight Ransomware Victim: Hacketts printing services

• Knight Ransomware Victim: GDL Logística Integrada S[.]A

• MOVEit’s Ransomware Attack Highlights the State of Cybersecurity

• Compromised Skype accounts deliver DarkGate malware to employees

• Zyxel Networks introduces 22Gbps WiFi 7 access point for MSPs and SMBs

• Signal Disputes Alleged Zero-Day Flaw

• Growing Concern Over Role of Hacktivism in Israel-Hamas Conflict

• Exploring Cybersecurity Career Pathways

• Build Vs. Buy: The Unknown Unknowns of FIDO-Based Passkeys

• Survey Sees Shift to Passwordless Authentication Accelerating

• When Hackers Strike: The Inside Story of Clorox’s Lengthy Disappearance

• SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls

• TikTok Details Actions Against Middle East Misinformation

• Introducing Check Point Horizon Playblocks: The Ultimate Security Automation and Collaboration Platform

• Cybersecurity’s Future: Women at the Forefront

• Fairfax Healthcare Company Announces Data Breach

• Securing the Cloud

• BlackBerry’s Generative AI powered assistant enhances CISO operations

• Enabling a new generation of AI with Ethernet

• New Cybersecurity and Cloud skills to protect companies from cybersecurity attacks of the future

• Coin Flips Are Biased

• Cyber Security Today, Oct. 16, 2023 – Why a hacker created a fake conference website after the event, and more

• Microsoft announces AI bug bounty program

• The Fast Evolution of SaaS Security from 2020 to 2024 (Told Through Video)

• Hackers Target Israeli Rocket Alert App Users with Spyware

• GUEST ESSAY: A primer on best practices for automating supply chain cybersecurity

• New RomCom Backdoor Targets Female Political Leaders

• Healthcare Sector Warned About New Ransomware Group NoEscape

• US ‘Plans New China Restrictions’ For AI Chips

• Deepfake Porn Is Out of Control

• Signal Debunks Zero-Day Vulnerability Reports, Finds No Evidence

• South Korean NAND Memory Exports Rise Amidst Chip Gloom

• Microsoft to Kill NTLM and Expand Kerberos Authentication

• Safeguarding Your Business From Social Media Risks

• Microsoft Completes $75bn Activision Blizzard Buyout

• Understanding Cybersecurity Footprinting: Techniques and Strategies

• Cyberattacks on Gaming Developers: Five Security Tips

• EU GDPR Compliance Checklist

• Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

• DIY attack surface management: Simple, cost-effective and actionable perimeter insights

• Hackers steal sensitive info of thousands of Sony employees

• Beware: Lumma Stealer Distributed via Discord CDN

• Singapore and US sync up on AI governance and set up joint group

• Silicon UK In Focus Podcast: The Future of Targeted Marketing

• Australia Fines X Over Child Protection Failures

• DarkGate malware campaign abuses Skype and Teams

• Software developers, how secure is your software?

• Hackers Using Remote Admin Tools To Compromise Organizations With Ransomware

• 3 Essential Steps to Strengthen SaaS Security

• Why Zero Trust Is the Cloud Security Imperative

• Google trending Ransomware news headlines for the day

• A Deep Dive into Ransomware History: From Its Origins to Modern Threats

• Educating the Next Cybersecurity Generation with Tib3rius

• Binance’s Smart Chain Exploited in New ‘EtherHiding’ Malware Campaign

• CISOs and board members are finding a common language

• How organizations can combat rising cloud costs with FinOps

• Keeping control in complex regulatory environments

• Inadequate IoT protection can be a costly mistake

• Regulator, insurers and customers all coming for Progress after MOVEit breach

• Node.js Multiple Vulnerabilities

• Security review for Microsoft Edge version 118

• DEF CON 31 – Marcelo Salvati’s (@byt3b133d3r) ‘SpamChannel – Spoofing Emails From 2M+ Domains & Virtually Becoming Satan’

• YouTube Takes on Ad Blockers with Warning Pop-Ups

• The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital

• Where Next for States on All Things IT and Security?

• Major Caesars Data Breach: 41,000+ Individuals’ Information Compromised

• Elliptic Claims: FTX Hacks Could Have Possible Connection to Russia

• How Are Autonomous Vehicles Changing Microcontroller Use?

• How Can Businesses Use AI to Strengthen Their Own Cyber Defence?

• How Hacking of The Internet of Things Works In Practice

• Achieving Optimal Zero Trust Maturity: The Role of Data and Governance

• The Insider Threat: Everest Cybercriminals Offering Cash for Remote Access

• Unlock Threat Hunting with MITRE ATT&CK: A 2023 Guide You Can’t Miss

• Security Affairs newsletter Round 441 by Pierluigi Paganini – INTERNATIONAL EDITION

• Week in review: Patched curl and libcurl vulnerability, 15 free M365 security training modules

• Cyber Security Management System (CSMS) for the Automotive Industry

• Ensuring Robust Digital Security with Weekly Security Assessment and Testing>

• DarkGate malware spreads through compromised Skype accounts

• Ubuntu discovers ‘hate speech’ in release 23.10 — how to upgrade?

• AI algorithm detects MitM attacks on unmanned military vehicles

• Hackers’ Playbook Exposed: Defending Against Social Engineering Attacks

Generated on 2023-10-16 23:55:38.196937