IT Security News Daily Summary 2023-10-20

• Five Eyes Coalition Release Guidelines for Business Leaders on Securing Intellectual Property

• From Snooze to Enthuse: Security Awareness Training That Sticks

• Okta says hackers stole customer access tokens from support unit

• CloudBees readies cloud-native devsecops platform

• Cisco Finds New Zero Day Bug, Pledges Patches in Days

• Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover

• Admin behind E-Root stolen creds souk extradited to US

• On Detection: Tactical to Functional

• EU Authorities Deal Blow to RagnarLocker Ransomware Operations

• Palo Alto Networks Extends Scope of CNAPP Reach

• Cyber Security Today, Week in Review for the week ending Friday, October 20, 2023

• What Is Hybrid Cloud Security? How it Works & Best Practices

• DoD Gets Closer to Nominating Cyber Policy Chief

• CISA Announces Effort to Revise the National Cyber Incident Response Plan

• Strengthening the weakest link: top 3 security awareness topics for your employees

• NordVPN vs. ExpressVPN: Which VPN Is Best for 2023?

• Hackers Stole Access Tokens from Okta’s Support Unit

• SIM Card Ownership Slashed in Burkina Faso

• Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors

• CISA Releases Fact Sheet on Effort to Revise the National Cyber Incident Response Plan (NCIRP)

• Unlocking Success in the Digital Landscape: Deloitte and Cisco

• Let’s Embrace Death in the Software Development Lifecycle

• New Windows Infostealer ‘ExelaStealer’ Being Sold on Dark Web

• Learning Partner Strategies Can Add Movement and Balance on Your Journey

• Daniel Stori’s ‘Cloud Autoscaling Revealed

• Here’s Why Passkeys is a Good Option to Safeguard Your Data

• Suspected developer of Ragnar Locker ransomware arrested in Paris

• Authorities confirm RagnarLocker ransomware taken down during international sting

• VMware Aria Operations for Logs CVE-2023-34051 Technical Deep Dive and IOCs

• Bloodhound Enterprise: securing Active Directory using graph theory

• Develop High-Demand Cybersecurity Skills for Just $60 Through 10/23

• International Criminal Court says cyberattack was attempted espionage

• What to Do If You’re Concerned About the 23andMe Breach

• PDF Security – How To Keep Sensitive Data Secure in a PDF File

• A quarter of American populace have had their health data compromised

• Getting your organisation post-quantum ready

• Chinese Scammers Use Fake Loan Apps for Money Laundering

• Maximizing the Value of Your Technology Investments

• Frontier AI Taskforce harnesses industry leaders to research development risks

• KeePass Malicious Ads: Google Goof Permits Punycode Attacks Again

• SpyNote Android Trojan Emerges As Recent Spyware Threat For Android

• 4 Simple Online Research Strategies

• Safeguarding Education: Marple Newtown School District Partners with Check Point to Protect Students and Employees

• Iranian Hackers Lurked For 8 Months In Government Network

• Casio Keyed Up After Data Loss Hits Customers In 149 Countries

• Hackers Target U.S. Facebook Biz Accounts With Potent Malware

• Biden Administration Seeks $105 Billion In National Security Package That Includes Aid To Ukraine And Israel

• The hot topics from Europe’s largest trade fair for IT security

• IT administrators’ passwords are awful too

• Survey Sees Zero-Trust Transition Gaining Momentum

• U.S. Seizes Money, Domains Involved In North Korea IT Worker Scam

• Expanding audit logging and retention within Microsoft Purview for increased security visibility

• Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability

• Microsoft Security Copilot Early Access Program: Harnessing generative AI to empower security teams

• ABS Consulting and Dragos Expand Strategic Partnership to Strengthen OT Defences

• MapleSEC: How the Canadian government’s Cyber Centre helps infosec pros

• Beyond passwords: 4 key security steps you’re probably forgetting

• Change From Within: 3 Cybersecurity Transformation Traps for CISOs to Avoid

• Vietnamese Hackers Target U.K., U.S., and India with DarkGate Malware

• Malvertisers Using Google Ads to Target Users Searching for Popular Software

• AI Chatbots’ Growing Concern in Bioweapon Strategy

• Google CEO Emphasizes the Critical Importance of Ethical AI Implementation

• UK Notifies Nuclear Power Plant Operator About Cybersecurity Weakness

• D-Link Confirms Data Breach, After Employees Suffer Phishing Attack

• OpenSSL Adds Support for Raw Public Key (RFC7250)

• soft token

• Thousands of Cisco IOS XE Devices Compromised Due to Zero-Day Vulnerability

• How Digital Forensics Can Investigate the Dark Web

• NetSPI boosts phishing resilience with enhanced social engineering penetration testing

• Six Must-Focus Cybersecurity Areas in Network Sprawl

• VMware Workstation 17.5 Player fixes a security issue

• An opportunity and a responsibility

• Akira Ransomware Victim: Southland Integrated
  Services

• Akira Ransomware Victim: Visionary Integratio
  n Professionals

• Akira Ransomware Victim: Protector Fire Servi
  ces

• Akira Ransomware Victim: Inventum Øst

• Akira Ransomware Victim: QuadraNet Enterprise
  s

• How to Make Your Threat-Hunting Program More Effective

• Cyber Security Today, Oct. 20, 2023 – Free anti-phishing guidance, ransomware gang sunk for not patching Confluence servers

• CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

• ABS Consulting and Dragos boost OT cybersecurity partnership for federal and commercial sectors

• Unleashing the Power of the Internet of Things and Cyber Security

• ENISA Warns of Rising AI Manipulation Ahead of Upcoming European Elections

• FCC Votes To Start Reinstating Net Neutrality Rules

• LockBit 3.0 Ransomware Victim: nirolaw[.]com

• Silicon UK Pulse: Your Tech News Update: Episode 23

• Elon Musk Says X To Have Two New Premium Tiers

• Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198

• Best Patch Management Software & Tools 2023

• North Korean hackers are targeting software developers and impersonating IT workers

• Researchers uncover DarkGate malware’s Vietnamese connection

• Ghost Accounts, Entitlement Creep and Unwanted Guests

• ExelaStealer: A New Low-Cost Cybercrime Weapon Emerges

• UK Cites Nuclear Plant Operator Over Cybersecurity Strategy

• Sphero – 832,255 breached accounts

• Funnelforms Free Plugin for WordPress cross-site scripting | CVE-2023-4950

• Discourse denial of service | CVE-2023-44388

• Engelsystem weak security | CVE-2023-45659

• Nextcloud Server and Enterprise Server information disclosure | CVE-2023-45151

• Fiber cross-site request forgery | CVE-2023-45128

• DarkGate Malware Campaigns Linked to Vietnam-Based Cybercriminals

• U.S. DoJ Cracks Down on North Korean IT Scammers Defrauding Global Businesses

• Explorations in the spam folder: A sum greater than the parts

• Knight Ransomware Victim: Benefit Management

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows?

• Netflix password sharing crackdown yields excellent results

• The Unyielding Importance of Cybersecurity in Times of Recession

• New infosec products of the week: October 20, 2023

• BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks

• India targets Microsoft, Amazon tech support scammers in nationwide crackdown

• Casio discloses data breach impacting customers in 149 countries

• Iranian hackers lurked in Middle Eastern govt network for 8 months

• Ragnar Locker ransomware’s dark web extortion sites seized by police

• Legacy authentication leads to growing consumer frustration

• The double-edged sword of heightened regulation for financial services

• GenAI investments surge, anticipated to hit $143 billion by 2027

• The real impact of the cybersecurity poverty line on small organizations

• CISA Adds Two Known Exploited Vulnerabilities to Catalog

• Hook, Line, and Sinker: How to Spot and Avoid Phishing Attacks

• How to Defend Against a DDoS Attack: 2023 Guide to Outsmart Cybercriminals

• Citing Hamas, the US Wants to Treat Crypto “Mixers” as Suspected Money Launderers

• Play Ransomware Victim: Associated Wholesale Grocers

• Law enforcement operation seized Ragnar Locker group’s infrastructure

• Amazon Defends Prime Service, Amid FTC Lawsuit

• US-CERT Vulnerability Summary for the Week of October 9, 2023

• IT Security News Daily Summary 2023-10-19

• SailPoint Unveils Annual ‘Horizons of Identity Security’ Report

• Fingerprint Raises $33M in Series C Funding to Accelerate Enterprise Device Intelligence and Fraud Prevention Adoption

• Spec Secures $15M Series A Funding, Accelerating Innovation in Fraud Defense

• Norton Boosts Security and Privacy With Enhanced Password Manager and AntiTrack

• AI ‘Will Have a Significant Impact on Energy Industry,’ EPRI Tells Congress

• The First Step In Product Development: It’s Not Development, It’s The Idea

• E-Root Marketplace Admin Extradited to US on Computer Fraud Charge

• Better safe than sorry: 10 tips to build an effective business backup strategy

• 23AndMe Hacker Leaks New Tranche of Stolen Data

• North Korean State Actors Attack Critical Bug in TeamCity Server

• A warning to software founders developing apps with lean teams and open source code

• Casio keyed up after data loss hits customers in 149 countries

• North Korean hackers exploit critical TeamCity vulnerability

• Europol Strike Wounds Ragnar Locker Ransomware Group

• DEF CON 31 – Laurie Kirk’s ‘Runtime Riddles – Abusing Manipulation Points In The Android Source’

• Cisco Web UI Vulnerability Exploited Massly, Impacting Over 40K Devices

• Enterprise security challenges for CNI organizations: Technical solutions to address security challenges

• Runtime security deep dive: Ask An OpenShift Admin episode 116

• EU Sets Deadline For Meta, TikTok To Detail Efforts To Curb Misinformation

• Beat the Bots to Defeat SMS Toll Fraud in Gaming

• New “Complaint Stealer” Malware Escalates, Targeting Cryptocurrency Wallets & Hospitality Sector

• Human Error: Casio ClassPad Data Breach Impacting 148 Countries

• CISA, NSA, FBI publish phishing guidance

• Tips for a Successful SecOps Game Plan

• The Role of IoT Vulnerabilities in Identity Theft: An Unseen Danger for High-Net-Worth Individuals (HNWI)

• AI-Powered Israeli ‘Cyber Dome’ Defense Operation Comes to Life

• Tips for a Successful SecOps Gameplan

• HackerOne Bug Bounty Disclosure: b-deny-admin-from-editing-linkedin-company-page-using-gen-form-visibility-via-post-voyager-api-voyagerorganizationdashcompanies-id-b-domg

• HackerOne Bug Bounty Disclosure: b-responsive-server-side-request-forgery-ssrf-b-bhmth

• BTS #15 – Reverse Engineering BMCs and Other Firmware – Vladyslav Babkin

• APTs Exploiting WinRAR 0day Flaw Despite Patch Availability

• Europol knocks RagnarLocker offline in second major ransomware bust this year

• What is Private Cloud Security? Everything You Need to Know

• CISA Adds Two Known Exploited Vulnerability to Catalog

• Dashlane limits Free users to 25 passwords starting next month

• Q&A: The Outlook for Israeli Cyber Startups, As War Clouds Gather

• Protecting industrial networks from cyber threats. Where do I start?

• Attack Surface Management: The Role it Plays in Cybersecurity

• DNA Data Breaches: A Growing Cybersecurity Concern

• Maritime Companies Increasingly Paying Ransoms Amidst Ransomware Surge

• Meta To Deploy Broadcast Channels For Facebook, Messenger

• Structured Threat Information eXpression (STIX)

• Securing generative AI starts with sustainable data centers

• The cyber risks of overheating data centers

• Cybercrim claims fresh 23andMe batch takes leaked records to 5 million

• Threat Spotlight: Initial Access Brokers on Russian Hacking Forums

• Growing Threat of Cyberattacks Puts Businesses at Risk

• QR Codes Used in 22% of Phishing Attacks

• How to build a content governance model

• Patch Now: APTs Continue to Pummel WinRAR Bug

• Telegram is still leaking user IP addresses to contacts

• Hackers exploit zero-day to compromise tens of thousands of Cisco devices

• Another InfoStealer Enters the Field, ExelaStealer

• Clever malvertising attack uses Punycode to look like KeePass’s official website

• Discord’s Security Challenge: APTs Enter the Malware Mix

• WhatsApp Announces Passkey Support for its Users

• Druva launches Dru to make data protection more autonomous

• Valve Enhances Steam Security With SMS Verification

• Embracing Minimalism: The “Less is More” Approach in UI/UX Design

• 61% of firms worry they are unprepared for security risks in quantum era

• CISA Releases One Industrial Control Systems Advisory

• Cisco IOS XE vulnerability widely exploited in the wild

• 3 crucial security steps people should do, but don’t

• Clever malvertising attack uses Punycode to look like KeePass’s official website

• US Authority Investigates Pedestrian Threats at GM’s Self-Driving Unit Cruise

• Nvidia, Foxconn Partner Up To Build ‘AI Data Centres

• Top 5 Benefits of Data Lineage

• More Content Moderators Sue Facebook For Being Exposed To Graphic Content

• Iran-Linked ‘MuddyWater’ Spies on Mideast Gov’t for 8 Months

• RagnarLocker ransomware dark web site seized in international sting

• Sophisticated MATA Framework Strikes Eastern European Oil and Gas Companies

• Hacktivism in 2023: From Grassroots Movements to State-Sponsored Threats

• What is ransomware? Everything you need to know and how to reduce your risk

• Ex-Navy IT manager jailed for selling people’s data on the dark web

• Ex-Navy IT manager gets 5 years in slammer for 2018 database heist

• CISA, NSA, FBI, and MS-ISAC Release Update to #StopRansomware Guide

• THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

• Privacy Advocates To TSA: Slow Down Plans For mDLs

• There’s A New Way To Flip Bits In DRAM

• You Need To Update WinRAR, Right Now

• Hacker Leaks Millions More 23AndMe User Records On Cybercrime Forum

• Database Ransomware: From Attack to Recovery

• Be On Alert; That HR Email Could Be A Phishing Email!

• Zumigo unveils QR code for passwordless login

• What Is Phishing-as-a-Service (PhaaS) and How to Protect Against It

• Securing Police Communications: Protecting Communities

• Google Enhances Play Protect to Defend Against Polymorphic Malware

• Use of QR Codes in Phishing Campaigns is on the Rise

• Zumigo introduces QR code for passwordless login

• Sumsub For Fake’s Sake combats deepfake and synthetic fraud

• Endpoint security in the cloud: What you need to know

• antispoofing

• October Cybersecurity Awareness Month to target internal security risks

• Hybrid Work in Higher Education: What’s Next?

• 3 Ways the Threat Landscape Is Changing

• August 2023 Cyber Attacks Statistics

• Open Source DAST, Browser Security and EDR: Security Tools Anyone Can Afford

• Key Factors and Measures to Address Burnout In The Cybersecurity Field

• itemis and Cybellum partner to enhance product software security

• Hackers Exploit QR Codes with QRLJacking for Malware Distribution

• Developer Week CloudX 2023: Better Security and Accessibility in the Cloud

• Closing the Cybersecurity Skills Gap and Opening Opportunities

• IDC Spotlight: Cisco Secure Access Delivers on Promise of SSE

• Cybersecurity Spending Slows as Investment Patterns Shift

• AuditBoard unveils AI and analytics capabilities to help teams automate critical workflows

• Google Play Protect Introduces Real-Time Code-Level Scanning for Android Malware

• Vulnerability Scanning: How Often Should I Scan?

• This year’s Security Serious Unsung Heroes Awards winners named

• LockBit 3.0 Ransomware Victim: salaw[.]com

• LockBit 3.0 Ransomware Victim: thecsi[.]com

• LockBit 3.0 Ransomware Victim: smart-union[.]org

• LockBit 3.0 Ransomware Victim: frs-fnrs[.]be

• LockBit 3.0 Ransomware Victim: fdf[.]org

• Mastercard enhances its solutions using AI technology

• US Charge Man with Running Stolen Credentials Marketplace

• North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

• The Urgency for Robust Utility Cybersecurity

• Understanding the Difference Between Penetration Testing and Vulnerability Scanning

• Google Play Protect takes on malicious apps with code-level scanning

• Iran-Linked OilRig Targets Middle East Governments in 8-Month Cyber Campaign

• Google Russia Declared Bankrupt After Bank Account Seizure

• What We Learned from the 2023 Annual Cybersecurity Attitudes and Behaviors Report

• Resecurity partners with Spire Solutions to protect organizations in the MEA region

• North Korean Attackers Exploiting Critical CI/CD Vulnerability

• How much money did MGM lose due to last month’s cyber-attack?

• EU Elections at Risk with Rise of AI-Enabled Information Manipulation

• Money-making scripts attack organizations

• Nokia To Axe 14,000 Jobs As US Demand Declines

• Government officials debate effectiveness of multilateral relations in cybersecurity

• WebAuthn4J Spring Security security bypass | CVE-2023-45669

• QNAP QTS, QuTS hero, and QuTScloud directory traversal | CVE-2023-32974

• Who Hit The Page – Hit Counter plugin for WordPress cross-site scripting | CVE-2023-46066

• XnSoft NConvert for Windows denial of service | CVE-2023-43251

• Zephyr buffer overflow | CVE-2023-4263

• Google ads for KeePass, Notepad++ lead to malware

• 2024 cybersecurity predictions: GenAI edition

• Hacker Group GhostSec Unveils New Generation Ransomware Implant

• IT Spending Worldwide To Increase 8 Percent Next Year

• Knight Ransomware Victim: National Health Mission[.] Department of Health & Family Welfare, Govt[.] of U[.]P

• Can AI detectors save us from ChatGPT? I tried 5 online tools to find out

• Microsoft Warns of North Korean Attacks Exploiting JetBrains TeamCity Flaw

• Do you know what your supply chain is and if it is secure?

• Microsoft Warns of North Korean Attacks Exploiting TeamCity Flaw

• Interesting cyber attack headlines trending on Google for this day

• Sustainability data — Are we comparing apples and oranges?

• Hackers Using Secure USB Drives to Attack Government Entities

• Multiple APT groups exploited WinRAR flaw CVE-2023-38831

• Old WinRAR vulnerability is exploited by government-backed actors

• The must-knows about low-code/no-code platforms

• NSFOCUS AISecOps: Elevating Your Security Operations Efficacy and Mitigating Alert Fatigue

• Google links WinRAR exploitation to Russian, Chinese state hackers

• MATA malware framework exploits EDR in attacks on defense firms

• Recently patched Citrix NetScaler bug exploited as zero-day since August

• Qubitstrike attacks rootkit Jupyter Linux servers to steal credentials

• FBI warns of extortion groups targeting plastic surgery offices

• Addressing cyber threats in healthcare operational technology

• Reinforcing cybersecurity: The network’s role to prevent, detect, and respond to attacks

• Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw

• The Trifecta of Consumer Data Privacy: Education, Advocacy & Accountability

• Cyber resilience starts in the C-suite

• From Within: Defending Against Insider Threats

• Business resilience becomes primary force behind cybersecurity investments

• FBI Warns of Extortionists Stealing Plastic Surgery Data for Ransom

• MapleSEC: How to stop CSOs from saying, ‘Goodbye’

• MapleSEC: Rogers Cybersecure Catalyst launches Cyber Talent Management Playbook to address skills shortage

• How to Design Software to Reduce Breaches Caused by Human Error

• A Technical Deep Dive on Meltdown and Does It Work?

• MapleSEC: ‘Quiet hiring’ key to helping reduce cybersecurity staffing crisis

• Android will now scan sideloaded apps for malware at install time

• Elon Musk’s X (Twitter) to Charge $1 for Basic Features

• North Korea experiments with AI in cyber warfare: US official

Generated on 2023-10-20 23:55:41.931766