IT Security News Daily Summary 2023-11-02

• Exploring Software Categories: From Basics to Specialized Applications

• Clop group obtained access to the email addresses of about 632,000 US federal employees

• Okta Data Compromised Through Third-Party Vendor

• Should you allow your browser to remember your passwords?

• YouTube launches “global effort” to block ad blockers

• DEF CON 31 – Christopher Wade’s ‘Physical Attacks Against Smartphones’

• How Do We Truly Make Security ‘Everyone’s Responsibility’?

• Attackers Target Max-Severity Apache ActiveMQ Bug to Drop Ransomware

• Analyst says Bletchley Declaration delivers the right type of signals

• Microsoft launches Secure Future Initiative to bolster security

• What Is Programmatic Advertising And How To Use It

• Introducing Jira Security: Best Practices for Protecting Your Data

• Zscaler finds 117 Microsoft 365 bugs via SketchUp 3D file type

• Russian Reshipping Service ‘SWAT USA Drop’ Exposed

• Tagged vs Untagged VLAN: When You Should Use Each

• Iran’s MuddyWater Group Targets Israelis with Fake Memo Spear-Phishing

• Upgraded Kazuar Backdoor Offers Stealthy Power

• Sam Bankman-Fried Trial Nears End After Closing Remarks

• Could Australia’s Cybersecurity Strategy Benefit From More Data Science Rigour?

• Mortgage and loan giant Mr. Cooper blames cyberattack for ongoing outage

• Infosec pros can secure IT, but have harder time securing job satisfaction

• Choosing the Right PDU for Your Data Center

• You’d be surprised to know what devices are still using Windows CE

• CVSS v4.0 Released with New Supplemental Metrics, and OT/ICS/IoT Support

• Saudi Aramco CEO Warns of New Threat of Generative AI

• Europe Expands Ban On Meta’s “Behavioural Ad” Practices

• Critical Apache ActiveMQ flaw under attack by ‘clumsy’ ransomware crims

• Announcing Microsoft Secure Future Initiative to advance security engineering

• Bridging the IT Skills Gap Through SASE: A Path to Radical Simplification and Transformation

• GM Cruise Halts Driverless Operations

• Uber’s Costly Mistake: AUS$412,500 Fine for Spam Emails in Australia

• Nebulon Medusa2 SPU unifies storage, cyber and networking services

• Spy Module Discovered in WhatsApp Mods

• Israeli Entities Under Attack By MuddyWater’s Advanced Tactics

• CISA Adds One Known Exploited Vulnerability to Catalog

• Cisco Partner Summit 2023: Know Before You Go

• Okta discloses a new data breach after a third-party vendor was hacked

• Navigating the Complex Threat Landscape — Key Takeaways for CISOs

• A10 Expands AI-Driven Security Strategy to Battle DDoS Attacks

• Prez Biden Signs AI Executive Order for Monitoring AI Policies

• Citrix Bleed Bug Delivers Sharp Blow: Vulnerability is Now Under “Mass Exploitation”

• Hackers for Hire: Navigating the Dark Web, Penetration Tests, and More

• OneSpan Trust Vault protects documents against emerging technologies and security threats

• Follow these cybersecurity tips while shopping for this Christmas 2023

• Boeing ‘Cyber Incident’ Comes After Ransomware Gang Threat

• Risk & Repeat: Breaking down SEC charges against SolarWinds

• Okta tells 5,000 of its own staff that their data was accessed in third-party breach

• AI Safety: 28 Nations+EU Agree to Test in Turing’s Huts

• Forty-eight governments pledge not to pay ransomware gangs

• Starting your journey to become quantum-safe

• Thentia introduces AI-powered Data Migration Accelerator for seamless transitions

• Why Storage And Backup Are Cybersecurity’s Weakest Links? – Top 5 Reasons

• Cisco AnyConnect SSL VPN Flaw Let Remote Attacker Launch DoS Attack

• Authentication at the Network Edge

• Microsoft Does Damage Control With Its New ‘Secure Future Initiative’

• Invisible downtime obscures the true measure of application performance

• DEF CON 31 Policy – Panel : A Global Approach to Tackling Software Resilience

• Snappt Identity Verification allows property managers to detect fraudulent applicants

• 9 ways to tell if your phone has been hacked

• AI Safety Summit 2023: UK To Invest £225m For AI Supercomputer

• ‘Scarred Manticore’ Unleashes the Most Advanced Iranian Cyber Espionage Yet

• Mitsubishi Electric MELSEC Series

• Mitsubishi Electric MELSEC iQ-F Series CPU Module

• Red Lion Crimson

• Caesars Takes Action After Cyberattack on Loyalty Program Data

• Five Markers that Your Phone is Being Spied on or Has Been Compromised

• Ontario hospital group confirms attack was ransomware

• Enzoic unveils BIN Monitoring to reduce credit card fraud

• G7 Countries Establish Voluntary AI Code of Conduct

• UK AI Safety Summit: Global Powers Make ‘Landmark’ Pledge to AI Safety

• Suspected exploitation of Apache ActiveMQ flaw CVE-2023-46604 to install HelloKitty ransomware

• SlashNext: ChatGPT Led to a 1,265% Jump in Phishing Attacks

• What You Need to Know About the New Bing GPT Integration

• Claroty and Rockwell Automation expand capabilities with SaaS-powered OT security solution

• Threat Prevention Begins With IT & Security Team Collaboration

• Do government sanctions against ransomware groups work?

• Boeing confirms ‘cyber incident’ after ransomware gang claims data theft

• The Role of AI in Business Email Security

• Attackers exploiting Apache ActiveMQ flaw to deliver ransomware (CVE-2023-46604)

• The People Hacker: AI a Game-Changer in Social Engineering Attacks

• “The Big Bully : Importance of detecting and preventing cyberbullying”

• When generative AI cyberthreats arrive, Wraithwatch will be ready and waiting

• Don’t shy away from talking about mental health

• 1-15 September 2023 Cyber Attacks Timeline

• Atlassian: “Take immediate action” to patch your Confluence Data Center and Server instances

• Tis the Season for Denial of Inventory Attacks

• CISO Global Licenses Cutting Edge Proprietary AI and Neural Net Intellectual Property to New Partner

• New defense tools from Abnormal Security defend against seemingly harmless QR codes

• SAIC evolves its AI and ML ecosystem to improve government mission outcomes

• AI Safety Summit: Biden-Harris Administration Launches US AI Safety Institute

• AI Safety Summit 2023: UK, US, China, EU Sign Declaration Of AI’s Danger

• Bridging the Gap: Better Token Standards for Cross-chain Assets

• Celebrating Latinas in Tech

• The SEC and SolarWinds’ CISO: A Wake-Up Call

• Action1 platform updates automate vulnerability remediation

• AI Safety Summit: Biden-Harris Administration Launch US AI Safety Institute

• Attackers use JavaScript URLs, API forms and more to scam users in popular online game “Roblox”

• Boeing Confirms Cyberattack Amid Lockbit Ransomware Gang Claims

• India Blockchain Week (IBW) Unveils Diverse Speaker Line-up

• Top 3 Cyber Threats That Attack Banks in 2023 – Counter Them With Any.Run Sandbox

• Automating Least-Privilege Access

• The UN Hired an AI Company to Untangle the Israeli-Palestinian Crisis

• Boeing confirmed its services division suffered a cyberattack

• Spyware in India

• F5 BIG-IP vulnerabilities leveraged by attackers: What to do?

• AI Safety Summit: OWASP Urges Governments to Agree on AI Security Standards

• Understanding the Core Principles of Information Security

• Hackers Attacking Blockchain Engineers with Novel macOS Malware

• UK Banks Warn Quantum Will Imperil Entire Payment System

• AI Safety Summit 2023: Elon Musk Says Summit Seeks AI Referee

• China and US part of multilateral pact to collaborate on AI risks

• Xage Security raises $20M more to expand its security platform

• WhatsApp spy mod spreads through Telegram, attacks Arabic-speaking users

• Russian Security Services Arrest Suspected Ukrainian Hackers

• The state of API security in 2023

• Protect Your Data With the MonoDefense Security Suite for $130

• Resecurity: Insecurity of 3rd-parties leads to Aadhaar data leaks in India

• MITRE ATT&CK v14 released

• HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability

• FIRST Announces CVSS 4.0 – New Vulnerability Scoring System

• Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover

• Iran’s MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign

• SaaS Security is Now Accessible and Affordable to All

• Forrester: GenAI Will Lead to Breaches and Fines in 2024

• CVSS 4.0 Released – Next Generation Common Vulnerability Scoring System

• What Gen Z really cares about when it comes to privacy

• Uncovering Prolific Puma, Massive Domain Generator & URL Shortener

• Who is behind the Mozi Botnet kill switch?

• Latest Bitwarden update introduces support for saving passkeys

• Who killed Mozi? Finally putting the IoT zombie botnet in its grave

• All for CITY, All for Cisco!

• Atlassian Confluence Improper Authentication Vulnerability (CVC-2023-22518) Notification

• Enhance Your Reporting with Grafana – Security Spotlight

• Log Ingestion 101: Which Logs Should You Be Bringing Into Your SIEM?

• Samsung Galaxy users to get new Auto Blocker Mobile Security

• 6 steps to accelerate cybersecurity incident response

• Cybersecurity workforce shortages: 67% report people deficits

• Unlock GDPR Compliance for Small Business: A Must-Read Guide

• How human behavior research informs security strategies

• Why legacy system patching can’t wait

• Boeing acknowledges cyberattack on parts and distribution biz

• Cybersecurity habits and behaviors executives need to be aware of

• Risk Management: Safeguarding Your Business Future

• FBI boss: Taking away our Section 702 spying powers could be ‘devastating’

• Boeing Confirms Cyberattack, System Compromise

• 2023-10-31 – IcedID (Bokbot) infection

• More Than 100 Vulns in Microsoft 365 Tied to SketchUp 3D Library

• Ransomware crooks SIM swap medical research biz exec, threaten to leak stolen data

• Join the Cloud Native Community at KubeCon + CloudNativeCon North America

• IT Security News Daily Summary 2023-11-01

• Threat Brief: Citrix Bleed CVE-2023-4966

• Mandiant Tracks Four Uncategorized Groups Exploiting Citrix Vulnerability

• British, Toronto Libraries Struggle After Cyber Incidents

• ISC2 Study: Economic Conditions Continue to Sandbag Cyber Hiring

• Multi-Tenancy Cloud Security: Definition & Best Practices

• Global AI Cybersecurity Agreement Signed At Turing’s Bletchley Park

• Las Vegas CIO doubles down on AI and endpoint security to protect Sin City

• The New Era of Social Media Looks as Bad for Privacy as the Last One

• GameSprite – 6,164,643 breached accounts

• Countries at a UK Summit Pledge to Tackle AI’s Potentially ‘Catastrophic’ Risks

• The Hidden Costs of Outsourcing Healthcare Revenue Cycle Management

• Mozi botnet murder mystery: China or criminal operators behind the kill switch?

• DEF CON 31 Policy – Panel: All Your Vulns Are Belong To Terms And Conditions

• Proposed privacy, AI legislation doesn’t limit business use of facial recognition, complain rights groups

• Weighing the Risks and Rewards of Generative AI for Business

• The Imperative of Accessibility in Security Awareness Training

• Facebook Targeted Ads Could Be Banned In Europe

• Graylog Secures $39 Million Investment to Accelerate Growth and Security Product Line Expansion

• Proofpoint Signs Definitive Agreement to Acquire Tessian

• ReasonLabs Unveils RAV VPN for Apple iOS

• One Ukraine Company Shares Lessons in Prepping for Wartime Cyber Resilience

• Hybrid Work Preview at Cisco Partner Summit 2023

• Feds collar suspected sanctions-busting Russian smugglers of US tech

• Splunk cuts 7% of workforce ahead of Cisco acquisition

• EFF to Supreme Court: Reverse Dangerous Prior Restraint Ruling Upholding FBI Gag on X’s Surveillance Transparency Report

• Russian Pair Charged with JFK Airport Taxi System Hack for Over 2 Years

• Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748

• CISA adds two F5 BIG-IP flaws to its Known Exploited Vulnerabilities catalog

• Non-Bank Financial Firms Are to Report Breaches in Less Than 30 Days

• On Detection: Tactical to Functional

• Understanding the Joe Biden Executive Order on AI and Enhancing Cybersecurity: Key Takeaways and Recommendations

• Orca Security Taps Amazon for Generative AI Expertise

• North Korean Links: Lazarus Group Strikes Again. This time via Unpatched Software Flaws

• AI ‘Hypnotizing’ for Rule bypass and LLM Security

• Securing Kubernetes: Don’t Underestimate the Risk Posed by Misconfigurations

• Why Granular, Scalable Control Is a Must for Every CTO

• Should You Always Use a Service Mesh?

• 4 Best Small Business VPNs for 2023

• CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

• Cisco at Smart City Expo World Congress (SCEWC) 2023

• Apple Watch To Include Blood Pressure, Sleep Apnoea Detection – Report

• Atlassian Releases Urgent Confluence Patches Amid State-Backed Threats

• Amazon Web Services Launches Independent European Cloud as Calls for Data Sovereignty Grow

• Cisco Security + Partners = Greater Together

• From classroom to cyberfront: Unlocking the potential of the next generation of cyber defenders

• A Comprehensive Look at Hardware Components in a Cloud Computing Data Center

• From Ransomware to Ransom Nations: Everything You Need to Know About State-Sponsored Cyberattacks

• Cowbell gets $25M more to keep growing like gangbusters

• FBI Director Warns of Increased Iranian Attacks

• Atlassian Customers Should Patch Latest Critical Vuln Immediately

• 3 Ways to Close the Cybersecurity Skills Gap — Now

• Mozi Botnet Likely Killed by Its Creators

• Mysterious Kill Switch Shuts Down Mozi IoT Botnet

• North Korean Hackers Target macOS Crypto Engineers With Kandykorn

• Vodafone To Exit Spain With Sale Of Spanish Arm To Zegona

• Lawmakers say Costco’s decision to continue selling banned China surveillance tech is ‘puzzling’

• Critical vulnerability in F5 BIG-IP under active exploitation

• Understanding the Basics of HL7 Standards in Healthcare

• 10 ways to know your smart phone has spying malware

• Tesla Wins US Trial Of Autopilot Fatal Crash

• Supply Chain Startup Chainguard Scores $61 Million Series B

• Dozens of Kernel Drivers Allow Attackers to Alter Firmware, Escalate Privileges

• We Won’t Pay Ransomware Crims — 40 Nations Promise Biden’s WH

• Security Experts Warn Social Media Users of Account Takeover

• Study Finds: Online Games are Collecting Gamers’ Data Using Dark Designs

• Researchers Expose Prolific Puma’s Underground Link Shortening Service

• Data Encrypted in 75% of Ransomware Attacks on Healthcare Organizations

• Mass exploitation of CitrixBleed vulnerability, including a ransomware group

• Leading, effective, and powerful tools for identifying site visitors

• Pro-Hamas hacktivist group targets Israel with BiBi-Linux wiper

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Recent Updates to the Secure-by-Design, Secure-by-Default Standards

• Unlocking Key Stretching: Safeguarding Your Passwords for Enhanced Security

• CISA Launches Critical Infrastructure Security and Resilience Month 2023

• Google CEO Defends Paying Apple For Default Search

• Hackers Deliver Malicious DLL Files Chained With Legitimate EXE Files

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Cybercrooks amp up attacks via macro-enabled XLL files

• What is data security posture management?

• Lockbit Targeted Boeing with Ransomware. Data Breach Under Investigation

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Free Attack Surface Report – Regulatory Compliance

• Chrome 119 Patches 15 Vulnerabilities

• Mass Exploitation of ‘Citrix Bleed’ Vulnerability Underway

• Iranian Cyber Spies Use ‘LionTail’ Malware in Latest Attacks

• SolarWinds Swings Back at SEC Following Fraud Charges

• Investigation of Session Hijacking via Citrix NetScaler ADC and Gateway Vulnerability (CVE-2023-4966)

• Mozi Botnet Takedown: Who Killed the IoT Zombie Botnet?

• A Look at the Future of Supply Chain and National Security: Updates From CISA and NIST

• It’s Cheap to Exploit Software — and That’s a Major Security Problem

• The beta nature of the Threat Intel Community Portal

• Atlassian urges customers to take ‘immediate action’ to protect against data-loss security bug

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• What is Attack Surface Management and How Has it Changed?

• SolarWinds Sued By US SEC After 2020 Cyberattack

• Why OSS Packages Can’t Scale without New Security Measures

• authentication

• With its exit from Russia complete, Group-IB plans its US expansion

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Observability Vs. Monitoring: A Security Perspective

• Defending Digital Fortresses: How Greater Manchester Fends off 10,000 Daily Cyber Assaults

• Hackers Weaponize HWP Documents to Attack National Defense and Press Sectors

• F5 Warns of Active Attacks Targeting BIG-IP SQL injection vulnerability

• CitrixBleed Vulnerability Widely Exploited, Primarily by a Ransomware Gang

• Cybersecurity industry responds to SEC charges against SolarWinds and former CISO

• Australian CEOs Struggling to Face Cyber Risk Realities

• Unsolved Cyber Mysteries: Signal Hacking

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Malicious NuGet Packages Abuse MSBuild Integrations for Code Execution

• DPI: Still Effective for the Modern SOC?

• MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile

• Credential phishing IOCs increased nearly 45% in Q3

• Cyber Security Today, Nov 1. , 2023 – Atlassian warns admins to patch Confluence servers, GitHub being raided for AWS credentials and more

• 28 Countries Sign Bletchley Declaration on Responsible Development of AI

• Samsung Galaxy Rolls Out Auto Blocker To Protect Devices

• SolarWinds and its CISO accused of misleading investors before major cyberattack

• Extortionware – how bad actors are taking the shortest path to your money

• Popping Blisters for research: An overview of past payloads and exploring recent developments

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Hands on Review: LayerX’s Enterprise Browser Security Extension

• How To Adopt Shift Left Security on the Cloud

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Get your very own ransomware empire on the cheap, while stocks last

• Iranian Cyber Espionage Group Targets Financial and Government Sectors in Middle East

• Palo Alto Reveals New Features in Russian APT Turla’s Kazuar Backdoor

• British Library suffers major outage due to cyberattack

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Former British Cyberespionage Agency Employee Gets Life in Prison for Stabbing an American Spy

• SIEM and Log Management Provider Graylog Raises $39 Million

• Cutting-Edge AI Raises Fears About Risks to Humanity. Are Tech and Political Leaders Doing Enough?

• AI Safety Summit 2023: Who Is Attending Summit At Bletchley Park?

• US-Led Alliance of 40 Countries Unites to Combat Ransomware Threat

• Platform Engineering Trends in Cloud-Native: Q&A With Ville Aikas

• Security researchers observed ‘deliberate’ takedown of notorious Mozi botnet

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• British Library Still Reeling After Major Cyber Incident

• NHS Trust Reprimanded After Delays to Thousands of Referrals

• Conducting Robust Learning for Empire Command and Control Detection

• Global players look to create baseline to evaluate generative AI applications

• Keeper Security Begins Relationship with Ingram Micro to Expand Access to Keeper’s Cybersecurity Solutions

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Buyer’s Guide for Privileged Access Governance Solutions

• TechRepublic Premium Editorial Calendar: Policies, Checklists, Hiring Kits and Glossaries for Download

• North Korean Hackers Tageting Crypto Experts with KANDYKORN macOS Malware

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Forty Countries Agree Not to Pay Cybercrime Ransoms

• Hackers Abuse NuGet Packages to Deliver SeroXen RAT

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Meeting the challenge of OT security

• Iran’s Scarred Manticore Targets Middle East with LIONTAIL Malware

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection

• Atlassian Urged Customers to Fix Critical Confluence Security Flaw Right Away!

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Trending Cybersecurity News headlines on Google

• Top Cloud Misconfigurations Leading to Cloud Data Breaches

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Product showcase: LayerX browser security extension

• Public exposure of data breaches is becoming inevitable

• Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Indian politicians say Apple warned them of state-sponsored attacks

• Ransomware attacks set to break records in 2023

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• The hidden costs of Java, and the impact of pricing changes

• Mainframes are around to stay, it’s time to protect them

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Infosec products of the month: October 2023

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Extending Cybersecurity Awareness to IoT Devices

• Battle-Ready: Crafting an Incident Response Plan for Your Organization

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

• Seventh-annual Hacker-Powered Security Report Reveals Hackers’ Plans for GenAI, Bounty Milestones and More

• Fortinet and the Gartner® Hype Cycle™ for Zero Trust Networking

Generated on 2023-11-02 23:55:46.157111