IT Security News Daily Summary 2023-10-17

• Chatbot Offers Roadmap for How to Conduct a Bio Weapons Attack

• Amazon Quietly Wades Into the Passkey Waters

• ILSpy – .NET Decompiler With Support For PDB Generation, ReadyToRun, Metadata (and More) – Cross-Platform!

• Impact of React on Logistics and Supply Chain: Revolutionizing Efficiency and Innovation

• New Netskope Report Exposes Increasing Use of Cloud Apps to Spread Malware

• Survey Reveals Lack of Appreciation for Business Risks

• ‘Etherhiding’ Blockchain Technique Masks Malicious Code in WordPress Sites

• Zero-Day Alert: Ten Thousand Cisco IOS XE Systems Now Compromised

• UAE, US Partner to Bolster Financial Services Cybersecurity

• CSC Report Highlights Cybersecurity Threats .AI Domains Pose

• How to conduct a cyber-resilience assessment

• Cisco IOS XE zero-day facing mass exploitation

• CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE systems

• Randall Munroe’s XKCD ‘Inspiraling Roundabout’

• What are the Legal Implications and Risks of Generative AI?

• Supply Chain Attack Targeting Telegram, AWS and Alibaba Cloud Users

• BSidesLV: The Big Event Before the Biggest Security Event in Las Vegas

• Secure Sockets Layer certificate (SSL certificate)

• Save the Embarrassment: The Value of Multi-Factor Authentication

• Watch Out: Attackers Are Hiding Malware in ‘Browser Updates’

• Tech CEO Sentenced to 5 Years in IP Address Scheme

• Digital Trust & Safety Roundup: Rising ATO, new product updates, and Sift recognition

• CISA and FBI to Network Admins: Patch Atlassian Confluence Now

• Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure

• FTX Engineer Testifies To Lavish Spending In Bankman-Fried Trial

• Biden Campaign Launches Account On Trump’s Truth Social

• Enhanced Security for Your Secrets With AWS Secrets Manager

• CISA Releases Two Industrial Control Systems Advisories

• Rockwell Automation FactoryTalk Linx

• Schneider Electric EcoStruxure Power Monitoring Expert and Power Operation Products

• AI Chatbots Could Help Plan Bioweapon Attacks, Report Finds

• Healthcare Orgs A Prime Target For NoEscape Ransomware, HHS Warns

• MemComputing ASICs Could Shatter 2048-Bit RSA Encryption

• 0-Day In Cisco IOS XE Software Is Under Attack

• Trench Tales: The College Account Takeover That Never Happened

• Persistent Espionage Campaign Targets APAC Governments

• Ten 10 essential tips to bolster information security

• Is Collaboration The Key To Aussie Tech Challenges?

• Software Supply Chain Security Attacks Up 200%: New Sonatype Research

• Three Easy Ways to Improve DevSecOps with Thales and Red Hat

• Networking and Security Teams Are Converging, Finds Cato Networks Survey

• Women Political Leaders Summit Targeted with Backdoor Malware

• DEF CON 31 – James Kettle’s ‘Smashing The State Machine The True Potential Of Web Race Conditions’

• Deepfakes: A Rising Threat to Cybersecurity and Society

• Risks of Free VPNs: Proceed with Caution

• Fake Browser Updates Used in Malware Distribution

• Apple iPhone Ousted As Top Ranking Mobile In China – Report

• Anonybit raises $3M to further build out biometric security platform Genie

• Multi-factor authentication: How to enable 2FA and boost your security

• A week in security (October 9 – October 15)

• The forgotten malvertising campaign

• BackBox Network Vulnerability Manager identifies vulnerabilities and classifies them by threat level

• Prevalent Alfred improves third-party risk management

• Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software

• How To Transfer Google Drive To Another Account With MultCloud

• What is a CMDB?

• CISA and NSA Issues New Identity and Access Management Guidance for Vendors

• Allowlisting vs. blocklisting: Benefits and challenges

• With $33M Series C, Fingerprint looks to expand device intelligence platform

• IT Admins Are Just as Guilty For Weak Password Use

• Zero to Pentester

• Medusa Locker Ransomware Victim: Symposia Organizzazione Congressi S[.]R[.]L

• Medusa Locker Ransomware Victim: EDB

• Medusa Locker Ransomware Victim: ATI Traduction

• Medusa Locker Ransomware Victim: Global Product Sales

• Medusa Locker Ransomware Victim: Believe Productions

• New ESG Research Report Outlines Best Practices for Effective Application Security Programs

• Cisco Zero-Day: As Bad as it Gets — and No Fix 4 Weeks in

• EPA Withdraws Cybersecurity Requirements for Water Systems

• ‘Shocking’ cybersecurity numbers in survey of Canadian small businesses, says Mastercard

• Top 6 Mistakes in Incident Response Tabletop Exercises

• Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

• Black Basta Ransomware Victim: PIEMME S[.]p[.]A[.]

• Black Basta Ransomware Victim: BACCARAT

• Black Basta Ransomware Victim: Edwardian Hotels London

• Black Basta Ransomware Victim: STANTON WILLIAMS

• Black Basta Ransomware Victim: HAFFNER GmbH Co[.]

• Passive Optical Networks: A Game Changer for Now And The Future

• Valve introduces SMS-based confirmation to prevent malicious games on Steam

• Verint PII Redaction Bot protects sensitive data

• Binance Stops Accepting New UK Users, Citing Regulations

• Cyber experts applaud the new White House cybersecurity plan

• Tips for the CISO: 6 Secure Cloud Migration Myths

• Prove Identity nabs $40M at a “unicorn status” valuation to expand in mobile-based authentication tech

• Taking Stock of Identity Solutions in the Age of AI

• ManageEngine strengthens endpoint security with next generation antivirus capability

• Whistic Smart Response eliminates the manual steps of security assessment questionnaires

• OpenSSF Launches Malicious Packages Repository

• The Next Chapter of Secure by Design

• US cybercops urge admins to patch amid ongoing Confluence chaos

• Threat Hunting to Find the Good Stuff

• Will Zero Trust Replace SD-WAN?

• XorDDoS Infects Linux Devices and uses them to Carry out DDoS Attacks

• Amazon quietly rolls out support for passkeys, with a catch

• Cybersecurity Professionals Anticipate Broad AI Integration in Security Operations, Yet Uncertain About Specific Applications

• JumpCloud Adds Passwordless Authentication to Open Directory Platform

• Hackers Alleged to Have Breached Millions of DNA User Profiles, Offering Data for Sale on the Internet

• Privacy Risk Alert: Google Pixel 8’s Face Unlock is Susceptible to Tricks

• NetWitness delivers visibility into a vast array of network assets with the 12.3 update

• Researchers Uncovered the Hack of a Private Power Station in Israel

• Webinar: Locking Down Financial and Accounting Data — Best Data Security Strategies

• Rising AI-Fueled Phishing Drives Demand for Password Alternatives

• Security Vulnerability of Switzerland’s E-Voting System

• Video Playlist For YouTube Plugin for WordPress cross-site request forgery | CVE-2023-45653

• GPAC denial of service | CVE-2023-5586

• GPAC denial of service | CVE-2023-5595

• LockBit 3.0 Ransomware Victim: cpstate[.]org

• LockBit 3.0 Ransomware Victim: sdproducts[.]co[.]uk

• Cybeats collaborates with CodeSecure to prevent software supply chain attacks

• LinkedIn To Cut More Jobs, In Second Round Of Layoffs

• 5 Ways to Ensure Your Enterprise Data Security Strategy is fit for Purpose

• Top 10 Compliance Tips for Startups

• Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers

• Exploring the Realm of Malicious Generative AI: A New Digital Security Challenge

• Cisco Warns of Critical Vulnerability in IOS XE Software

• They Supported Air Strike Victims. Then They Were Doxed and Arrested

• Researchers warn of increased malware delivery via fake browser updates

• Meta Lawsuit Settlement Talks Collapse In Kenya

• Ransomware realities in 2023: one employee mistake can cost a company millions

• APT trends report Q3 2023

• Threat Actors Abuse Discord to Blend Within Organizations’ Network Traffic

• Netis N3Mv2 denial of service | CVE-2023-45463

• Microsoft Edge (Chromium-based) spoofing | CVE-2023-36559

• IRivYou Plugin for WordPress cross-site request forgery | CVE-2023-45267

• HP ThinUpdate information disclosure | CVE-2023-4499

• ZZZCMS cross-site scripting | CVE-2023-5582

• A Third of Organizations Not Ready to Comply with NIS2

• The path from VT Intelligence queries to VT Livehunt rules: A CTI analyst approach

• Digital Personal Data Protection Act (DPDP ACT) 2023, India’s Privacy Law

• HTTP/2 Rapid Reset Attack Vulnerability

• What To Expect When Working With an Online Marketing Service

• British boffins say aircraft could fly on trash, cutting pollution debt by 80%

• Need to improve the detection capabilities in your security products?

• CACTUS Ransomware Victim: www[.]ovt[.]com

• CACTUS Ransomware Victim: www[.]scsivrea[.]it

• Malware-laced ‘RedAlert – Rocket Alerts’ app targets Israeli users

• CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks

• All Gmail Personal Accounts to get passkey login security as default

• How to go from collecting risk data to actually reducing risk?

• NSFOCUS Launches CTEM Offerings to Mitigate Threat Exposure

• Warning: Unpatched Cisco Zero-Day Vulnerability Actively Targeted in the Wild

• Fake ‘RedAlert’ rocket alert app for Israel installs Android spyware

• Signal says there is no evidence rumored zero-day bug is real

• Women Political Leaders Summit targeted in RomCom malware phishing

• Steam enforces SMS verification to curb malware-ridden updates

• CISA, FBI urge admins to patch Atlassian Confluence immediately

• The collaborative power of CISOs, CTOs and CIOs for a secure future

• Cyberattacks on healthcare organizations affect patient care

• One in five CISOs miss out on pay raise

• Will you meet the directive?

• Fortifying Your Digital Fortress: Data Breach Prevention and Response

• Phoenix – 74,776 breached accounts

• Cisco IOS XE Escalation of Privilege Vulnerability

• Anticipating the benefits of a passwordless tomorrow

• ELITEWOLF: NSA’s repository of signatures and analytics to secure OT

• Essential cyber hygiene: Making cyber defense cost effective

• 5 Ways Hospitals Can Help Improve Their IoT Security

• Posh C2 Detected – 88[.]210[.]9[.]139:443

• CISA, U.S. and International Partners Announce Updated Secure by Design Principles Joint Guide

• The TLS Extended Master Secret and FIPS in Red Hat Enterprise Linux

• Vulnerability Exploitability eXchange (VEX) beta files now available

• Breaking the Chain of Data Access: The Importance of Separating Human and Application Users

• Security Must Empower AI Developers Now

• Public Cloud Security Explained: Everything You Need to Know

• Colorado Supreme Court Upholds Keyword Search Warrant

• New Cisco Web UI Vulnerability Exploited by Attackers

• Spooky Experiments: Building Your Own Security Research Lab

• New York State Wants To Restrict Facebook Collection Of Children’s Data

• Cisco Network Automation Developer Days in New York, December 5-6

• US-CERT Vulnerability Summary for the Week of October 9, 2023

• IT Security News Daily Summary 2023-10-16

• Avast SecureLine VPN Review (2023): Is It a Good VPN for You?

• New CISA and NSA Identity and Access Management Guidance Puts Vendors on Notice

• Malicious ‘Airstrike Alert’ App Targets Israelis

• Gcp_Scanner – A Comprehensive Scanner For Google Cloud

• ROMCOMLITE: Stealthier Version of ROMCOM Backdoor Targets Female Politicians

• Weekly Vulnerability Recap – October 16, 2023 – DDoS, Microsoft, Apple & Linux Lead a Busy Week

• Critical, Unpatched Cisco Zero-Day Bug Is Under Active Exploit

• Vulnerability Summary for the Week of October 9, 2023

• Cisco warns of active exploitation of IOS XE zero-day

• Randall Munroe’s XKCD ‘Sign Combo’

• Is Cisco’s Acquisition of Splunk a Shade of Brilliance or Madness?

• DEF CON 31 – Alan Meekins’ ‘Snoop On To Them, As They Snoop On To Us’

• RomCom Malware Group Targets EU Gender Equality Summit

• Cisco IOS XE zero-day exploited by attackers to deliver implant (CVE-2023-20198)

• How Is Machine Learning Used in Fraud Detection?

• ‘RomCom’ Cyber Campaign Targets Women Political Leaders

• 12 Best AI-powered Customer Communication Platforms for Contact Centers

• CCTV Cambridge: Nurturing Community with Tools for Speech and Civic Engagement

• Digital Rights Updates with EFFector 35.13

• We’re not in e-Kansas anymore: State courts reel from ‘unauthorized incursion’

• HackerOne Bug Bounty Disclosure: b-inviting-excessive-long-email-addresses-to-a-calendar-event-makes-the-server-unresponsive-b-shuvam

• HackerOne Bug Bounty Disclosure: b-critical-curl-cve-vulnerability-code-changes-are-disclosed-on-the-internet-b-shelldoit

• SAML SSO In Terms Of GitHub Security

• XDR vs. EDR vs. NDR: A Comparison

• Congratulations to the Top MSRC 2023 Q3 Security Researchers!

• Name That Toon: Modern Monarchy

• EFF and 45 Organizations Tell UN: Reverse Decision to Host IGF in Saudi Arabia

• Elon’s CSAM FAIL: Twitter Fined by Australian Govt.

• RWVP: CISA Shares Vulnerabilities and Misconfigurations Targeted by Ransomware Groups

• $1.2 Million Stolen from Grafton Family Business, Sparks Cyber Security Warnings

• Preparing Digital Identity for the Post-Quantum Era

• Equinix’s data center system upgrade results in hours-long disruption at banks

• Pro-Israeli Hacktivist Group Predatory Sparrow Reappears

• Cisco Releases Security Advisory for IOS XE Software Web UI

• Microsoft Launches Bug Bounty Program For AI Bing Across All Products

• DarkGate Malware Becomes Active, Spreads Via Skype Accounts

• Signal Zero-Day Vulnerability Rumors Refuted by Company

• A hack in hand is worth two in the bush

• Microsoft Launches an AI Bug Bounty Program

• How to make sure the reputation of your products and company is good

• CISOs witness meagre salary rise and bonuses in 2023

• Nebraska.Code() — Developing in the Great Plains

• BLOODALCHEMY provides backdoor to southeast Asian nations’ secrets

• How AI Affects Human Cognition

• Ransomware Targets Unpatched WS_FTP Servers

• Best practices to conduct a user access review

• Flipper Zero can be used to crash iPhones running iOS 17, but there’s a way to foil the attack

• Unpatched WS_FTP Servers: Ransomware Threat

• Space Start-Up Investment Sees Third-Quarter Growth

• CISA, FBI, and MS-ISAC Release Joint Advisory on Atlassian Confluence Vulnerability CVE-2023-22515

• Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks

• New Cybersecurity and Cloud Skills to Protect Companies from Cybersecurity Attacks of the Future

• Hack Your Way to a New Career in Cybersecurity: Cisco Networking Academy offers new Ethical Hacker course

• Microsoft Improving Windows Authentication, Disabling NTLM

• Academics Devise Cyber Intrusion Detection System For Unmanned Robots

• Milesight Industrial Router Vuln Possibly Exploited In Attacks

• 530,000 People’s Info Feared Stolen From Gaming Biz Shadow

• Biden Postpones Colorado Trip For National Security Meetings

• Black Basta Ransomware Victim: NCC_2

• Black Basta Ransomware Victim: DOMAIN-BACCARAT_2

• Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign

• China Smartphone Sales See Promising Holiday Growth

• AgentTesla Stealer Delivered Via Weaponized PDF and CHM Files

• Healthcare breach costs soar requiring new thinking for safeguarding data

• SEO poisoning (search poisoning)

• How Data Changes the Cyber-Insurance Market Outlook

• Signal denies claims of an alleged zero-day flaw in its platform

• Knight Ransomware Victim: Guhring was hacked[.] Thousands of confidential files stolen[.]

• Knight Ransomware Victim: Kinesis Film Srl

• Knight Ransomware Victim: Decarie Motors Inc

• Knight Ransomware Victim: Hacketts printing services

• Knight Ransomware Victim: GDL Logística Integrada S[.]A

• MOVEit’s Ransomware Attack Highlights the State of Cybersecurity

• Compromised Skype accounts deliver DarkGate malware to employees

• Zyxel Networks introduces 22Gbps WiFi 7 access point for MSPs and SMBs

• Signal Disputes Alleged Zero-Day Flaw

• Growing Concern Over Role of Hacktivism in Israel-Hamas Conflict

• Exploring Cybersecurity Career Pathways

• Build Vs. Buy: The Unknown Unknowns of FIDO-Based Passkeys

• Survey Sees Shift to Passwordless Authentication Accelerating

• When Hackers Strike: The Inside Story of Clorox’s Lengthy Disappearance

• SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls

• TikTok Details Actions Against Middle East Misinformation

• Introducing Check Point Horizon Playblocks: The Ultimate Security Automation and Collaboration Platform

• Cybersecurity’s Future: Women at the Forefront

• Fairfax Healthcare Company Announces Data Breach

• Securing the Cloud

• BlackBerry’s Generative AI powered assistant enhances CISO operations

• Enabling a new generation of AI with Ethernet

• New Cybersecurity and Cloud skills to protect companies from cybersecurity attacks of the future

• Coin Flips Are Biased

• Cyber Security Today, Oct. 16, 2023 – Why a hacker created a fake conference website after the event, and more

• Microsoft announces AI bug bounty program

• The Fast Evolution of SaaS Security from 2020 to 2024 (Told Through Video)

• Hackers Target Israeli Rocket Alert App Users with Spyware

• GUEST ESSAY: A primer on best practices for automating supply chain cybersecurity

• New RomCom Backdoor Targets Female Political Leaders

• Healthcare Sector Warned About New Ransomware Group NoEscape

• US ‘Plans New China Restrictions’ For AI Chips

• Deepfake Porn Is Out of Control

• Signal Debunks Zero-Day Vulnerability Reports, Finds No Evidence

• South Korean NAND Memory Exports Rise Amidst Chip Gloom

• Microsoft to Kill NTLM and Expand Kerberos Authentication

• Safeguarding Your Business From Social Media Risks

• Microsoft Completes $75bn Activision Blizzard Buyout

• Understanding Cybersecurity Footprinting: Techniques and Strategies

• Cyberattacks on Gaming Developers: Five Security Tips

• EU GDPR Compliance Checklist

• Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

• DIY attack surface management: Simple, cost-effective and actionable perimeter insights

• Hackers steal sensitive info of thousands of Sony employees

• Beware: Lumma Stealer Distributed via Discord CDN

• Singapore and US sync up on AI governance and set up joint group

• Silicon UK In Focus Podcast: The Future of Targeted Marketing

• Australia Fines X Over Child Protection Failures

• DarkGate malware campaign abuses Skype and Teams

• Software developers, how secure is your software?

• Hackers Using Remote Admin Tools To Compromise Organizations With Ransomware

• 3 Essential Steps to Strengthen SaaS Security

• Why Zero Trust Is the Cloud Security Imperative

• Google trending Ransomware news headlines for the day

• A Deep Dive into Ransomware History: From Its Origins to Modern Threats

• Educating the Next Cybersecurity Generation with Tib3rius

• Binance’s Smart Chain Exploited in New ‘EtherHiding’ Malware Campaign

• CISOs and board members are finding a common language

• How organizations can combat rising cloud costs with FinOps

• Keeping control in complex regulatory environments

• Inadequate IoT protection can be a costly mistake

• Regulator, insurers and customers all coming for Progress after MOVEit breach

• Node.js Multiple Vulnerabilities

Generated on 2023-10-17 23:56:01.642932