IT Security News Daily Summary 2023-10-23

• Cyberattackers Alter Implant on 30K Compromised Cisco IOS XE Devices

• The Hamas Threat of Hostage Execution Videos Looms Large Over Social Media

• CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

• GATOR – GCP Attack Toolkit For Offensive Research, A Tool Designed To Aid In Research And Exploiting Google Cloud Environments

• Why GPT-4 is vulnerable to multimodal prompt injection image attacks

• 8 Best Vulnerability Scanner Tools & Software for 2023

• Hackers Reportedly Selling Access To Facebook’s Police Portal

• Hola Espana: ‘Grandoreiro’ Trojan Targets Global Banking Customers

• Valve’s 2FA Mandate for Game Developers Shows SMS Stickiness

• CISA Adds One Known Exploited Vulnerability to Catalog

• CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

• DEF CON 31 – Allison Young’s, Diane Akerman’s ‘Private Until Presumed Guilty ‘

• Weekly Vulnerability Recap – October 23, 2023 – Cisco, SolarWinds Vulnerabilities Make News

• City of Philadelphia Releases Cyber-Breach Notice

• DC elections agency warns entire voting roll may have been stolen

• Gartner’s Top 10 Strategic Technology Trends for 2024

• Ragnar Locker Ransomware Boss Arrested in Paris

• How State and Local Governments Can Serve Citizens More Securely

• Cisco warns of a second IOS XE zero-day used to infect devices worldwide

• Taking the complexity out of identity solutions for hybrid environments

• Malicious Apps Spoof Israeli Attack Detectors: Conflict Goes Mobile

• Multi-region connectivity just got faster and easier with Meraki vMX and AWS Cloud WAN

• Cisco Catalyst SD-WAN: Driving High Efficiency on AWS Cloud WAN using Tunnel-less Connect

• Blockchain Security: Understanding vulnerabilities and mitigating risks

• Cyber Insurance Report: Breach Frequency Down, Breach Severity Up

• What Are Booking.com Doing To Protect Customers From Huge Phishing Campaign?

• What is Cybersecurity-as-a-Service (CSaaS) and How It Can Help Your Business?

• Vulnerability Management Metrics: It’s Time to Look Past the Metrics Mirage

• Cybersecurity And The Patching Paralysis Problem

• Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar

• DoNot Team’s New Firebird Backdoor Hits Pakistan and Afghanistan

• Who’s Experimenting with AI Tools in Your Organization?

• Make your iPhone super secure. This app shows you how

• How to Enable Passkeys For Your Google Account

• Freelance Market Flooded With North Korean IT Actors

• Google Chrome to Mask User IP Addresses to Protect Privacy

• Okta Hacked Yet Again: 2FA Firm Failed to 2FA

• EU Wants Details from Meta, TikTok About Disinformation Measures

• VPN Intrusions From North Korea Expose Businesses to New Security Threats

• The Evolution of Access Control: A Deep Dive with PlainID’s Gal Helemski

• How to Remove an Apple ID from an iPhone

• CISA Releases New Resource to Help Small and Medium-Sized Businesses Develop Supply Chain Resilience Plans

• Insider Threats nurtured for circumnavigating data centers

• GitHub Compliance – All You Need To Know

• Commander – A command And Control (C2) Server

• Google Chrome is testing a new feature to automatically hide users’ IP addresses

• DEF CON 31 – Frank ‘D9’ DiGiovanni’s ‘Packet Hacking Village – Pwning The Pwners With Mindware’

• Deep Instinct Prevention for Storage fills gaps in data protection left by legacy tools

• How to make sure the reputation of your products and company is good

• Block Ads for a Special Price of Just $10/Year

• Top 10 tips for employees to prevent phishing attacks

• 12 common types of malware attacks and how to prevent them

• Labels for Consumer IoT Devices? Cisco’s View

• Gen Z’s Take on AI: Ethics, Security, and Career

• Europe’s Shipping Industry Grapples with Widespread Cyberattack

• Reusable Persona stores PII for reuse across any device or browser

• QuasarRAT Deploys Advanced DLL Side-Loading Technique

• Okta Support System Hacked, Users Sensitive Data Exposed

• How FlexPod Cybersecure Architecture Helps You Protect, Detect, and Recover Your Precious Data

• Microsoft Rolls Out Early Access Process Program for Security Copilot

• Here’s How to Monitor the AI Data Feed

• Veritas 360 Defense protects enterprise data and applications across clouds

• PCI DSS Compliance for E-commerce: Ensuring the Security of Cardholder Data

• Cisco Finds Second Zero-Day As Number Of Hacked Devices Apparently Drops

• Microsoft Opens Early Access To AI Assistant For Infosec, Security Copilot

• Admin Behind E-Root Stolen Creds Souk Extradited To US

• US Seizes 17 North Korean Money Funneling Sites

• Medusa Locker Ransomware Victim: Safpro

• Medusa Locker Ransomware Victim: Native Counselling Services of Alberta

• Medusa Locker Ransomware Victim: EHPAD

• Medusa Locker Ransomware Victim: Beaver Lake Cree Nation

• MapleSEC: How infosec pros can make their organizations safe for AI

• Centific and Prove Identity partner to bridge cybersecurity and fraud protection gap

• Contractor Database Leak Exposes 500K Irish Police Vehicle Seizure Records

• Microservices Security With SPIFFE and SPIRE

• NJ Man Hired Online to Firebomb, Shoot at Homes Gets 13 Years in Prison

• Telling Small Businesses to Buy Cyber Insurance Isn’t Enough

• Steps for Preparing for a Quantum-Resistant Cryptographic Future

• Ragnar Locker Taken Down by FBI and Other Police Organizations

• Contractor Data Breach Leaks 500K Irish National Police Vehicle Seizure Records

• Sustainability 101: What is embodied carbon?

• City of Philadelphia suffers a data breach

• Cybersecurity Awareness Month: DTX Recap with SenseOn on “Why SOCS Fail”

• Hot Takes in Data Security: Data Manipulation, Blind Trust and Compliance

• Jumio 360° Fraud Analytics identifies patterns based on behavioral similarities

• What is Malvertising?

• Into the Cyber Abyss: Check Point’s Riveting 2024 Predictions Reveal a Storm of AI, Hacktivism, and Weaponized Deepfakes

• Redefining united data protection

• Microsoft opens early access to AI assistant for infosec, Security Copilot

• 19 Different Types of Malware Attacks: Examples & Defenses

• Internet Safety Tips to Protect Students Online

• Improve protection and simplify security with Cisco Security

• SolarWinds fixed three critical RCE flaws in its Access Rights Manager product

• Incident Workflow to streamline ITGC testing

• Access Policy Review Segregation of Duty Controls

• Access Governance vs Access Management

• Microsoft Vulnerabilities Top CISA’s List of Ransomware-Linked CVEs

• Cisco Discloses Multiple Zero-Days Under Attack In IOS XE Devices

• Get a Lifetime Subscription of FastestVPN for just $30

• LockBit 3.0 Ransomware Victim: harlingentx[.]gov

• LockBit 3.0 Ransomware Victim: mamu[.]be

• Cyber Security Today, Oct. 23, 2023 – Okta’s support system hacked, and examples to use for cyber awareness training

• Microsoft announces wider availability of AI-powered Security Copilot

• Child Exploitation and the Crypto Wars

• HCL AppScan Presence privilege escalation | CVE-2023-37537

• Unit21 Real-Time Monitoring empowers users to identify potential fraud

• Top 3 Google trending news headlines related to Cyber Attacks

• How Maritime companies can shield from Ransomware

• The outstanding stealth of Operation Triangulation

• “Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day

• Casio Hacked: Customers’ Personal Details Exposed

• Sourcecodester Best Courier Management System SQL injection | CVE-2023-46006

• Nothings stb_image information disclosure | CVE-2023-45663

• Nothings stb_image denial of service | CVE-2023-45667

• Sourcecodester Best Courier Management System SQL injection | CVE-2023-46005

• Sourcecodester Best Courier Management System file upload | CVE-2023-46004

• ICC: September Breach Was Espionage Raid

• California goes rough on data brokers

• Penetration Testing and Scanning Policy

• Knight Ransomware Victim: Emmea Srl

• Okta Reveals Breach Via Stolen Credential

• Machine Learning: Recruiting for AI Skills

• Don’t use AI-based apps, Philippine defense ordered its personnel

• Police Dismantle Ragnar Locker Ransomware Group

• Software developers, how secure is your software?

• Vietnamese threat actors linked to DarkGate malware campaign

• Silicon Reviews: Kingston Keypad 200C

• FedRAMP Rev. 5: How Cloud Service Providers Can Prepare

• Navigating OT/IT convergence and securing ICS environments

• How passkeys are changing the face of authentication

• Guardians of the Network: Strategies for Robust Network Security

• Number of hacked Cisco IOS XE devices plummets from 50K to hundreds

• New TetrisPhantom hackers steal data from secure USB drives on govt systems

• Scaling rapidly? Your application security strategies need to keep up

• Only a fraction of risk leaders are prepared for GenAI threats

• Cyberattacks put healthcare organizations on high alert

• How to Install Microsoft Exchange Updates with Reliability

• Exposing North Korea’s IT Worker’s Eden Programming Solutions WMD-Funding IT Services and Solutions Franchise – An Overview

• Facebook Mistakenly Bans Coding Teacher For Life Because Of Algorithm Screw Up

• IT Security News Daily Summary 2023-10-22

• What is the Dark Web, Search Engines, and What Not to Do on the Dark Web

• MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

• Fraudulent KeePass Site Uses Google Ads and Punycode to Transfer Malware

• Here’s Why Businesses are Not Ready for DORA Compliance

• Signal’s Meredith Whittaker Asserts: AI is Inherently a ‘Surveillance Technology’

• Data Center Overheating Emerges as a New Cybersecurity Achilles’ Heel

• DEF CON 31 – Dr. Sebastian Köhler’s, Dr. Richard Baker’s ‘Car Hacking Village – Exploiting Wireless Side Channels In EV Charging’

• Black Basta Ransomware Victim: Simpson Strong-Tie

• Black Basta Ransomware Victim: Panetteria Grandolfo

• Secure Remote Access is Not a One Size Fits All Vision

• The attack on the International Criminal Court was targeted and sophisticated

• Lessons Learned: Cyberattack Shutters Five Illinois Healthcare Facilities

• LockBit 3.0 Ransomware Victim: chs[.]ca

• Security Affairs newsletter Round 442 by Pierluigi Paganini – INTERNATIONAL EDITION

• TinyMCE cross-site scripting | CVE-2023-45818

• ETSI TETRA Standard security bypass | CVE-2022-24404

• D-Link DSL-2750U N300 ADSL2+ and DSL-2730U N150 ADSL2+ routers security bypass | CVE-2023-46033

• TinyMCE cross-site scripting | CVE-2023-45819

• IBM Cognos Dashboards information disclosure | CVE-2023-38275

• Knight Ransomware Victim: Intellipop Fiber Internet

• Knight Ransomware Victim: il Centro

• Week in review: Cybersecurity cheat sheets, widely exploited Cisco zero-day, KeePass-themed malvertising

• 8 Base Ransomware Victim: Brunton Shaw

• 8 Base Ransomware Victim: Edwards Business Systems

• 8 Base Ransomware Victim: APS – Automotive Parts Solutions

• 8 Base Ransomware Victim: JC Roman Construction

• Cyber Security Management System (CSMS) for the Automotive Industry

• Cyber Security Tip of the Week: Malware Detection and Prevention

• American Family Insurance confirms cyberattack is behind IT outages

• International Criminal Court systems breached for cyber espionage

• The Week in Ransomware – October 20th 2023 – Fighting Back

• Ransomware Strikes: How to Prevent and Recover

• Into the Unknown: Understanding Zero-Day Vulnerabilities

• Tunngle – 8,192,928 breached accounts

• Best practices to protect data in remote work environments

• RansomHouse Ransomware Victim: Foursquare Healthcare

Generated on 2023-10-23 23:55:35.667263