IT Security News Daily Summary 2023-10-24

• Tines Report Finds More than Half of Security Professionals Likely To Switch Jobs Next Year

• This Cybersecurity Awareness Month, Don’t Lose Sight of Human Risk

• Facad1ng – The Ultimate URL Masking Tool – An Open-Source URL Masking Tool Designed To Help You Hide Phishing URLs And Make Them Look Legit Using Social Engineering Techniques

• Citrix urges ‘immediate; patch for critical NetScaler bug as exploit POC made public

• Cisco Patches Two Dangerous Zero-Day Vulnerabilities

• Accenture Expands Cybersecurity Services Capabilities in Latin America With Acquisition of MNEMO Mexico

• 2023 Ransomware Attacks Up More Than 95% Over 2022, According to Corvus Insurance Q3 Report

• DEF CON 31 – Craig Martell’s ‘Shall We Play A Game’

• Meet Rhysida, a New Ransomware Strain That Deletes Itself

• 1Password Becomes Latest Victim of Okta Customer Service Breach

• The Evolution of Influencer Marketing in Manchester, UK

• Cisco IOS XE instances still under attack, patch now

• Former NSA Employee Faces Life in Prison After Espionage Attempt

• 1Password stops attack linked to Okta breach

• MapleSEC: How Kyndryl built cyber resiliency into its new IT infrastructure

• Social Login Flaws in Popular Websites Risked Billions of User Accounts

• IBM: ChatGPT-Generated Can Write Convincing Phishing Emails

• Dev Up 2023: Leveling Up Our Dev Skills, Security Posture, and Careers

• Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!

• HackerOne Bug Bounty Disclosure: b-hacker-email-disclosed-on-submission-at-hackerone-hactivity-b-xdemiray

• Cost of data breach up 12 per cent: Survey

• Forrester names Microsoft a Leader in the 2023 Endpoint Security Wave™ report

• Do Small Companies Need Fractional AppSec Teams Akin to vCISOs?

• Forrester names Microsoft a Leader in the 2023 Endpoint Security Wave™ report

• Gartner Cites Generative AI Impact On Business Going Forward

• 15 Best SaaS SEO Experts That Will Help You Dominate Online

• Ex-NSA techie pleads guilty to selling state secrets to Russia

• Generative AI Can Write Phishing Emails, But Humans are Better at It, IBM X-Force Finds

• How to use SDelete to ensure deleted data is gone for good

• JPMorgan Chase CISO explains why he’s an ‘AI optimist’

• Cyberattacks on Kenya Drop in Third Quarter

• Strengthening Oman’s Economic Backbone

• Europe’s CSAM-scanning plan is a tipping point for democratic rights, experts warn

• Analysis: A Ransomware Attack on a PostgreSQL Database

• University of Michigan Faces Data Breach Impacting Many of its Affiliates

• Improving the Grand Unified Theory of Cloud Governance

• AMA with K8s Experts: Learn from Real-Life Pitfalls & Success Stories

• Amazon Trials Humanoid Robot, Prompting Job Fears

• Israeli-Hamas Conflict Spells Opportunity for Online Scammers

• Don’t Be Evil: Google’s Scary ‘IP Protection’ Privacy Plan

• Ex-NSA Employee Pleads Guilty to Leaking Classified Data to Russia

• CISA Announces Keynote Speakers and Sessions for 2023 National Summit on K-12 School Safety and Security

• 1Password Discloses Security Incident Linked to Okta Breach

• 1Password Latest Hit With Okta Related Intrusion

• Irish Cops Data Debacle Exposes Half A Million Motorist Records

• Canadian Lawmakers Targeted By China-Linked Spamouflage Disinformation

• Bitcoin Soars To Near 18-Month High As ETF Speculation Mounts

• Lacework increases operational efficiency around risk management

• API Security Flaw Impacted Grammarly, Vidio and Bukalapak

• American healthcare looses $78 billion to ransomware attacks

• 1Password confirms attacker tried to pull list of admin users after Okta intrusion

• CISA Releases One Industrial Control Systems Advisory

• Rockwell Automation Stratix 5800 and Stratix 5200

• Learn how to revolutionize your applications the Carhartt way

• Prioritizing sustainability can open doors to profitability

• SMBs Increasingly Confident in Cybersecurity

• Cybersecurity Crisis Deepens in Phillipines as Hackers Leak State Secrets

• Revolutionizing Security: Passkeys by Google and Apple

• Canadian CEO confidence in facing cyber attacks varies, according to KMPG surveys

• Versa Secure SD-LAN delivers zero trust and IoT security

• Philadelphia Alerts Public to Recent Data Breach

• Why EDRs and other preventative measures cannot stop ransomware

• Mexico Orders Samsung, Motorola To Stop Remotely Disabling Phones

• IBM finds that ChatGPT can generate phishing emails nearly as convincing as a human

• Element users are asking for protection against government encryption busting

• What’s the Goal and How Do We Get There? Crucial Issues in Brazil’s Take on Saving the News from Big Tech

• A week in security (October 16 – October 22)

• Battling a new DarkGate malware campaign with Malwarebytes MDR

• MGM attack is too late a wake-up call for businesses, says James Fair: Lock and Code S04E22

• Google Chrome wants to hide your IP address

• Five Southern Ontario hospitals impacted by cyber attack on shared services provider

• Forrester names Microsoft a Leader in the 2023 Endpoint Security Wave™ report

• Blockforia: A Comprehensive Analysis of a Prominent Cryptocurrency Exchange

• CrowdStrike Outlines Its Vision for AI-Driven Security at Fal.Con 2023

• CrowdStrike Services Offers Incident Response Executive Preparation Checklist

• Black Basta Ransomware Victim: Panificio Grandolfo

• Amazon Now Supports Passkeys, Joining Microsoft and Google

• Unravelling the 23andMe Data Leak: A Deep Dive into the Extent of the Breach

• Pro-Palestinian Hacktivists Reportedly Employ Crucio Ransomware

• Data Theorem enhances Cloud Secure platform with ML-based hacker toolkits and visualizations

• Semgrep Secrets prevents sensitive credentials from leaking

• Tech-Forward Strategies to Effectively Fight Fraud

• AI Used In Most Organisations, But Staff Unaware

• What are passkeys? Experience the life-changing magic of going passwordless

• It’s Time to Establish the NATO of Cybersecurity

• Okta’s latest hack fallout hits Cloudflare, 1Password

• Salt Security Discovers Flaws in Social Login Mechanism Impacting Thousands of Websites and Exposing Billions of Users to Account Takeover

• Cato Vice President to Speak About Collaboration on SASE Projects at Gartner IT Symposium/XPO 2023, Barcelona, Spain

• Google Pixel’s Face-altering Feature Sparks AI Manipulation Debates

• Vulnerability Summary for the Week of October 16, 2023

• Veeam and Sophos partner to help organizations detect cybersecurity threats

• Eight Reasons You Need an SSL Certificate for Your Website

• Check Point Unveils Quantum Rugged 1595R: Fortifying Critical Infrastructure and OT Networks with AI Security and 5G Connectivity

• Driving API Security Forward: Protecting Vehicle-to-Cloud Communications

• PikaBot C2 Detected – 45[.]79[.]147[.]119:9785

• Shadow Access Creates Invisible Cloud Security Risks

• Searchlight Cyber improves DarkIQ Dark Web Traffic Monitoring capabilities

• Censys lands new cash to grow its threat-detecting cybersecurity service

• Why You Should Prioritize Your Privacy Policies

• Java Is Still Full of Surprises After 28 Years

• Ivanti’s new capabilities simplify vulnerability prioritization and remediation

• Why access to timely and relevant health information is critical to patient engagement

• The Rise of DevOps in Startups- A Strategic Approach

• Unmasking the Phishing Threat: Beyond Training and Patching

• AppSec Metrics That Matter: Measuring the Success of Your Application Security Program

• Drata unveils platform enhancements to automate GRC processes

• iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation

• Make API Management Less Scary for Your Organization

• 34 Cybercriminals Arrested in Spain for Multi-Million Dollar Online Scams

• ‘Log in with…’ Feature Allows Full Online Account Takeover for Millions

• Hostile Takeover: Malicious Ads via Facebook

• LockBit 3.0 Ransomware Victim: hgmonline[.]com

• LockBit 3.0 Ransomware Victim: grupocobra[.]com

• Zyxel launches high-performance firewalls to offer multi-layered protection against cyber threats

• Secure the Cluster

• AI vs. human deceit: Unravelling the new age of phishing tactics

• A Powerful Tool US Spies Misused to Stalk Women Faces Its Potential Demise

• A Controversial Plan to Scan Private Messages for Child Abuse Meets Fresh Scandal

• EPA Won’t Force Water Utilities to Audit Their Cybersecurity

• Generative AI Can Save Phishers Two Days of Work

• IBM X-Force pits ChatGPT against humans: Who’s better at phishing?

• Generative AI Can Write Phishing Emails, But Humans Are Better At It, IBM X-Force Finds

• Island raises $100 million, boosts valuation to $1.5 billion

• 1Password also affected by Okta Support System breach

• GenAI Can Save Phishers Two Days of Work

• 5 Tripwire Enterprise Misconfigurations to Avoid

• The growth of APIs attracts Cybercrime: How to prepare against cyber attacks

• Irish cops data debacle exposes half a million motorist records

• They Cracked the Code to a Locked USB Drive Worth $235 Million in Bitcoin. Then It Got Weird

• Semperis and Veritas defend enterprises against cyberattacks on Microsoft AD systems

• Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware

• In Conversation With Ilona Simpson, CIO EMEA at Netskope

• Backdoor Implant on Hacked Cisco Devices Modified to Evade Detection

• Operation Triangulation: Experts Uncover Deeper Insights into iOS Zero-Day Attacks

• Japan Opens Probe Into Google Search Domination

• Open Source Security: Trends and Predictions for 2024

• How to have encryption, computation, and compliance all at once

• How did the Okta Support breach impact 1Password?

• Widgets for Google Reviews plugin for WordPress cross-site request forgery | CVE-2023-3254

• CodeAstro Internet Banking System cross-site scripting | CVE-2023-5696

• HCL Compass weak security | CVE-2023-37504

• CodeAstro Internet Banking System cross-site scripting | CVE-2023-5695

• Pega Platform cross-site scripting | CVE-2023-32088

• Microsoft To Invest Billions To Bolster Australian Cyber Defences

• Police Dismantle Multimillion-Dollar Scam Gang

• Helping you bridge the cloud security gap

• Remote Scripts with Cisco Secure Endpoint: Defend your endpoint from attackers without business disruption

• How an EOR can keep you GDPR compliant in 2023

• Healthcare Ransomware Attacks Cost US $78bn

• September saw a record 153% increase of ransomware attacks, says NCC Group

• New Grandoreiro Malware Variant Targets Spain

• Need to improve the detection capabilities in your security products?

• PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

• 8 Base Ransomware Victim: SURTECO North America

• Spain police dismantled a cybercriminal group who stole the data of 4 million individuals

• Cisco Raises Alarm Over Critical Vulnerability in IOS XE Software

• Vietnam hackers start stealing Facebook Credentials

• 1Password Detects Suspicious Activity Following Okta Support Breach

• Above the Clouds: Challenges and Solutions in Cloud Security

• D.C. Board of Elections: Hackers may have breached entire voter roll

• QNAP takes down server behind widespread brute-force attacks

• Spain arrests 34 cybercriminals who stole data of 4 million people

• City of Philadelphia discloses data breach after five months

• Hackers update Cisco IOS XE backdoor to hide infected devices

• The primary pain points for SOC teams

• Wazuh: Free and open-source XDR and SIEM

• Bracing for AI-enabled ransomware and cyber extortion attacks

• CI/CD Pipeline: How to Overcome Set-Up Challenges

• Scammers use India’s real-time payment system to siphon off money, send it to China

• Cisco IOS XE Escalation of Privilege Vulnerability

• Today’s CIO has ambitions well beyond IT delivery

• Five fraud solution oversights that gut business growth

• Security That Enables Digital Transformation: Cybersecurity Awareness Month 2023

• CISA: CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance

• CISA: CISA, NSA, FBI, and MS-ISAC Release Update to #StopRansomware Guide

• CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog

• CISA: CISA Releases Two Industrial Control Systems Advisories

• CISA: Oracle Releases October 2023 Critical Patch Update Advisory

• What Is Incident Management Software?

• Cisco fixes critical IOS XE bug but malware crew way ahead of them

• Okta customer support system breached via stolen credentials

• Rev up for the Last Lap of Cybersecurity Awareness Month

• IT Security News Daily Summary 2023-10-23

• Cyberattackers Alter Implant on 30K Compromised Cisco IOS XE Devices

• The Hamas Threat of Hostage Execution Videos Looms Large Over Social Media

• CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

• GATOR – GCP Attack Toolkit For Offensive Research, A Tool Designed To Aid In Research And Exploiting Google Cloud Environments

• Why GPT-4 is vulnerable to multimodal prompt injection image attacks

• 8 Best Vulnerability Scanner Tools & Software for 2023

• Hackers Reportedly Selling Access To Facebook’s Police Portal

• Hola Espana: ‘Grandoreiro’ Trojan Targets Global Banking Customers

• Valve’s 2FA Mandate for Game Developers Shows SMS Stickiness

• CISA Adds One Known Exploited Vulnerability to Catalog

• CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

• DEF CON 31 – Allison Young’s, Diane Akerman’s ‘Private Until Presumed Guilty ‘

• Weekly Vulnerability Recap – October 23, 2023 – Cisco, SolarWinds Vulnerabilities Make News

• City of Philadelphia Releases Cyber-Breach Notice

• DC elections agency warns entire voting roll may have been stolen

• Gartner’s Top 10 Strategic Technology Trends for 2024

• Ragnar Locker Ransomware Boss Arrested in Paris

• How State and Local Governments Can Serve Citizens More Securely

• Cisco warns of a second IOS XE zero-day used to infect devices worldwide

• Taking the complexity out of identity solutions for hybrid environments

• Malicious Apps Spoof Israeli Attack Detectors: Conflict Goes Mobile

• Multi-region connectivity just got faster and easier with Meraki vMX and AWS Cloud WAN

• Cisco Catalyst SD-WAN: Driving High Efficiency on AWS Cloud WAN using Tunnel-less Connect

• Blockchain Security: Understanding vulnerabilities and mitigating risks

• Cyber Insurance Report: Breach Frequency Down, Breach Severity Up

• What Are Booking.com Doing To Protect Customers From Huge Phishing Campaign?

• What is Cybersecurity-as-a-Service (CSaaS) and How It Can Help Your Business?

• Vulnerability Management Metrics: It’s Time to Look Past the Metrics Mirage

• Cybersecurity And The Patching Paralysis Problem

• Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar

• DoNot Team’s New Firebird Backdoor Hits Pakistan and Afghanistan

• Who’s Experimenting with AI Tools in Your Organization?

• Make your iPhone super secure. This app shows you how

• How to Enable Passkeys For Your Google Account

• Freelance Market Flooded With North Korean IT Actors

• Google Chrome to Mask User IP Addresses to Protect Privacy

• Okta Hacked Yet Again: 2FA Firm Failed to 2FA

• EU Wants Details from Meta, TikTok About Disinformation Measures

• VPN Intrusions From North Korea Expose Businesses to New Security Threats

• The Evolution of Access Control: A Deep Dive with PlainID’s Gal Helemski

• How to Remove an Apple ID from an iPhone

• CISA Releases New Resource to Help Small and Medium-Sized Businesses Develop Supply Chain Resilience Plans

• Insider Threats nurtured for circumnavigating data centers

• GitHub Compliance – All You Need To Know

• Commander – A command And Control (C2) Server

• Google Chrome is testing a new feature to automatically hide users’ IP addresses

• DEF CON 31 – Frank ‘D9’ DiGiovanni’s ‘Packet Hacking Village – Pwning The Pwners With Mindware’

• Deep Instinct Prevention for Storage fills gaps in data protection left by legacy tools

• How to make sure the reputation of your products and company is good

• Block Ads for a Special Price of Just $10/Year

• Top 10 tips for employees to prevent phishing attacks

• 12 common types of malware attacks and how to prevent them

• Labels for Consumer IoT Devices? Cisco’s View

• Gen Z’s Take on AI: Ethics, Security, and Career

• Europe’s Shipping Industry Grapples with Widespread Cyberattack

• Reusable Persona stores PII for reuse across any device or browser

• QuasarRAT Deploys Advanced DLL Side-Loading Technique

• Okta Support System Hacked, Users Sensitive Data Exposed

• How FlexPod Cybersecure Architecture Helps You Protect, Detect, and Recover Your Precious Data

• Microsoft Rolls Out Early Access Process Program for Security Copilot

• Here’s How to Monitor the AI Data Feed

• Veritas 360 Defense protects enterprise data and applications across clouds

• PCI DSS Compliance for E-commerce: Ensuring the Security of Cardholder Data

• Cisco Finds Second Zero-Day As Number Of Hacked Devices Apparently Drops

• Microsoft Opens Early Access To AI Assistant For Infosec, Security Copilot

• Admin Behind E-Root Stolen Creds Souk Extradited To US

• US Seizes 17 North Korean Money Funneling Sites

• Medusa Locker Ransomware Victim: Safpro

• Medusa Locker Ransomware Victim: Native Counselling Services of Alberta

• Medusa Locker Ransomware Victim: EHPAD

• Medusa Locker Ransomware Victim: Beaver Lake Cree Nation

• MapleSEC: How infosec pros can make their organizations safe for AI

• Centific and Prove Identity partner to bridge cybersecurity and fraud protection gap

• Contractor Database Leak Exposes 500K Irish Police Vehicle Seizure Records

• Microservices Security With SPIFFE and SPIRE

• NJ Man Hired Online to Firebomb, Shoot at Homes Gets 13 Years in Prison

• Telling Small Businesses to Buy Cyber Insurance Isn’t Enough

• Steps for Preparing for a Quantum-Resistant Cryptographic Future

• Ragnar Locker Taken Down by FBI and Other Police Organizations

• Contractor Data Breach Leaks 500K Irish National Police Vehicle Seizure Records

• Sustainability 101: What is embodied carbon?

• City of Philadelphia suffers a data breach

• Cybersecurity Awareness Month: DTX Recap with SenseOn on “Why SOCS Fail”

• Hot Takes in Data Security: Data Manipulation, Blind Trust and Compliance

• Jumio 360° Fraud Analytics identifies patterns based on behavioral similarities

• What is Malvertising?

• Into the Cyber Abyss: Check Point’s Riveting 2024 Predictions Reveal a Storm of AI, Hacktivism, and Weaponized Deepfakes

• Redefining united data protection

• Microsoft opens early access to AI assistant for infosec, Security Copilot

• 19 Different Types of Malware Attacks: Examples & Defenses

• Internet Safety Tips to Protect Students Online

• Improve protection and simplify security with Cisco Security

• SolarWinds fixed three critical RCE flaws in its Access Rights Manager product

• Incident Workflow to streamline ITGC testing

• Access Policy Review Segregation of Duty Controls

• Access Governance vs Access Management

• Microsoft Vulnerabilities Top CISA’s List of Ransomware-Linked CVEs

• Cisco Discloses Multiple Zero-Days Under Attack In IOS XE Devices

• Get a Lifetime Subscription of FastestVPN for just $30

• LockBit 3.0 Ransomware Victim: harlingentx[.]gov

• LockBit 3.0 Ransomware Victim: mamu[.]be

• Cyber Security Today, Oct. 23, 2023 – Okta’s support system hacked, and examples to use for cyber awareness training

• Microsoft announces wider availability of AI-powered Security Copilot

• Child Exploitation and the Crypto Wars

• HCL AppScan Presence privilege escalation | CVE-2023-37537

• Unit21 Real-Time Monitoring empowers users to identify potential fraud

• Top 3 Google trending news headlines related to Cyber Attacks

• How Maritime companies can shield from Ransomware

• The outstanding stealth of Operation Triangulation

• “Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day

• Casio Hacked: Customers’ Personal Details Exposed

• Sourcecodester Best Courier Management System SQL injection | CVE-2023-46006

• Nothings stb_image information disclosure | CVE-2023-45663

• Nothings stb_image denial of service | CVE-2023-45667

• Sourcecodester Best Courier Management System SQL injection | CVE-2023-46005

• Sourcecodester Best Courier Management System file upload | CVE-2023-46004

• ICC: September Breach Was Espionage Raid

• California goes rough on data brokers

• Penetration Testing and Scanning Policy

• Knight Ransomware Victim: Emmea Srl

• Okta Reveals Breach Via Stolen Credential

• Machine Learning: Recruiting for AI Skills

• Don’t use AI-based apps, Philippine defense ordered its personnel

• Police Dismantle Ragnar Locker Ransomware Group

• Software developers, how secure is your software?

• Vietnamese threat actors linked to DarkGate malware campaign

• Silicon Reviews: Kingston Keypad 200C

• FedRAMP Rev. 5: How Cloud Service Providers Can Prepare

• Navigating OT/IT convergence and securing ICS environments

• How passkeys are changing the face of authentication

• Guardians of the Network: Strategies for Robust Network Security

• Number of hacked Cisco IOS XE devices plummets from 50K to hundreds

• New TetrisPhantom hackers steal data from secure USB drives on govt systems

• Scaling rapidly? Your application security strategies need to keep up

• Only a fraction of risk leaders are prepared for GenAI threats

• Cyberattacks put healthcare organizations on high alert

• How to Install Microsoft Exchange Updates with Reliability

• Exposing North Korea’s IT Worker’s Eden Programming Solutions WMD-Funding IT Services and Solutions Franchise – An Overview

Generated on 2023-10-24 23:55:58.099767