IT Security News Daily Summary 2023-12-06

• Tor vs. VPN: What They Do and Which is Better

• Using Falco to Create Custom Identity Detections

• State Attorney General Accuses Facebook Of Creating A “Marketplace” For Child Predators

• Cisco Training Bootcamps: Get the Scoop from Subject Matter Experts

• Generative AI increasingly used for threats to Canadian democracy: Report

• Google pushes yet another security update to its Chrome browser

• Atlassian addressed four new RCE flaws in its products

• The Combined Federal Campaign Pledge Period is Closing Soon!

• Apple and some Linux distros are open to Bluetooth attack

• CISA: Hackers Use ColdFusion Flaw to Breach Federal Agency

• Kickstart your IT career with this cybersecurity training bundle

• Your mobile password manager might be exposing your credentials

• CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

• Remote code execution vulnerabilities found in Buildroot, Foxit PDF Reader

• YouTuber Jailed After Deliberately Crashing Plane For Views

• Kali Linux 2023.4 is Out: Cloud ARM64, Hyper-V, Pi 5, & More!

• Continuous Testing in the Era of Microservices and Serverless Architectures

• Windows 10 Extended Security Updates Promised for Small Businesses and Home Users

• The Binance Crackdown Will Be an ‘Unprecedented’ Bonanza for Crypto Surveillance

• CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps

• Marketing Trends Heading into 2024

• Webex Connect and a New Digital Experience

• When a Botnet Cries: Detecting Botnet Infection Chains

• Monolith Versus Microservices: Weigh the Pros and Cons of Both Configs

• CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps

• US senator warns governments are spying on Apple and Google users via push notifications

• Security Analysis of a Thirteenth-Century Venetian Election Protocol

• Bank of England Will Review the Risks That AI Poses to UK Financial Stability

• Use Windows 10? You Must PAY for Security

• Meta Pressure Led To Harvard Termination, Alleges Misinformation Expert

• Police Can Spy on Your iOS and Android Push Notifications

• Microsoft Hires New CISO in Major Security Shakeup

• Ofcom Proposes Face Scanning, Banking Details For Porn Age Verification

• Ofcom’s Age Verification Proposals Pose ‘Significant’ Privacy, Security Risk

• How IT teams can conduct a vulnerability assessment for third-party applications

• 78% of CISOs Concerned About AppSec Manageability

• Adobe ColdFusion Flaw Used by Hackers to Access US Govt Servers

• Serpent Stealer Acquire Browser Passwords and Erases Intrusion Logs

• BlueNoroff: New Malware Attacking MacOS Users

• ICANN Launches Service to Help With WHOIS Lookups

• CISA says US government agency was hacked thanks to ‘end of life’ software

• The Rise of Digital Customer Experience

• Navigating Retail Disruption: Maximize Customer Centricity and Business Performance with Observability

• Tracking Cybersecurity Progress at Industrial Companies

• Locking down the edge

• 5 Security Benefits of Application Mapping

• Russian-Backed Hackers Target High-Value US, European Entities

• Decrypting Breach Realities: Beyond Isolation to Collective Progress

• Trojan-Proxy Threat Expands Across macOS, Android and Windows

• Exploitation of Recent Cisco IOS XE Vulnerabilities Spikes

• Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images

• Trail of Bits Spinout iVerify Tackles Mercenary Spyware Threat

• Fortifying the Human Firewall: Six-Steps For An Effective Security Awareness Program

• Cyber Threat emerges out of Apple iOS 17 new NameDrop Feature

• Millions of patient scans and health records spilling online thanks to decades-old protocol bug

• csharp-streamer: Peeking under the hood

• Cyber Intrusion: Royal Family Braces for Potential Medical Data Release

• Exploring Blockchain’s Revolutionary Impact on E-Commerce

• US Health Dept Urges Hospitals to Patch Critical ‘Citrix Bleed’ Vulnerability

• Panther Labs introduces Security Data Lake Search and Splunk Integration capabilities

• Readout from CISA’s 2023 Fourth Quarter Cybersecurity Advisory Committee Meeting

• Cyber and Physical Security Are Different, But They Must Work Together

• Cisco Talos Report: New Trends in Ransomware, Network Infrastructure Attacks, Commodity Loader Malware

• Microsoft Blames Russia For Ongoing Hacks Of 9 Month Old Exchange Bug

• Adobe Coldfusion Vuln Exploited In Attacks On US Government

• 21 Vulns In Sierra Wireless Routers Could Expose Critical Infrastructure

• Microsoft Will Eventually Start Charging You For Windows 10 Security Updates

• Governments Spying On Apple, Google Users Through Push Notifications

• Windows 10 gets its own extended security updates program

• A year on, CISA realizes debunked vuln actually a dud and removes it from must-patch list

• GAO: Federal Agencies Yet to Fully Implement Incident Response Capabilities

• Dragos Offering Free OT Cybersecurity Technology to Small US Utilities

• Chrome 120 Patches 10 Vulnerabilities

• U.S. Treasury Sanctions Eight Foreign-Based Agents and North Korean Kimsuky Attackers

• Qilin Ransomware Strikes VMware ESXi

• Protecting credentials against social engineering: Cyberattack Series

• 3 reasons why now is the time to go cloud native for device management

• Microsoft Incident Response lessons on preventing cloud identity compromise

• CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360)

• Atlassian fixes four critical RCE vulnerabilities, patch quickly!

• Data Theorem releases API Attack Path Visualization for enhanced API and Software supply chain security

• IBM Unveils Heron Quantum Chip, Plus Quantum System Two

• A primer on storage anomaly detection

• Adobe Coldfusion vulnerability used in attacks on government servers

• Understanding Each Link of the Cyberattack Impact Chain

• Survey Surfaces Wasted Efforts Collecting Cybersecurity Data

• Atsign releases SSH No Ports 4.0 with Windows support and SDK

• Living Security Unify Go improves human risk management

• Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts

• Doppelgänger: Hackers Employ AI to Launch Highly sophistication Attacks

• The Art and Science of Container Security

• WebAuthn Conditional UI: Technical Explanation and Implementation

• Product showcase: Apiiro unifies AppSec and SSCS in a deep ASPM

• LABScon Replay | The Cyber Arm of China’s Soft Power: Reshaping a Continent

• Top Characteristics of a QR Code Phishing Email

• Cyber Security Today, Dec. 6, 2023 – Warnings about Russian-based cyber attacks, and more

• Searchlight Cyber launches Exposure Data view in DarkIQ

• Microsoft will offer extended security updates for Windows 10

• Lenovo and Microsoft join forces to simplify security deployments

• The Power of Purpose

• Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode

• CISA Urges Federal Agencies to Patch Exploited Qualcomm Vulnerabilities

• Adobe ColdFusion Vulnerability Exploited in Attacks on US Government Agency

• How Cyber Risk Management Tools Have Evolved

• Cisco AI Assistant for Security helps customers automate complex tasks

• Elon Musk’s xAI Seeks To Raise $1 Billion In Equity

• Top 6 Security Challenges of SMEs (Small to Medium Enterprises)

• Sierra:21 – Flaws in Sierra Wireless Routers Expose Critical Sectors to Cyber Attacks

• New Report: Unveiling the Threat of Malicious Browser Extensions

• Warfare and Geopolitics are Fuelling Denial-of-Service Attacks

• 21 Vulnerabilities in Sierra Wireless Routers Could Expose Critical Infrastructure to Attacks

• Virtual Event Today: Cyber AI & Automation Summit

• 5 Critical Steps to Prepare for AI-Powered Malware in Your Connected Asset Ecosystem

• LockBit Remains Top Global Ransomware Threat

• Beers with Talos episode 141: The TurkeyLurkey Man wants YOU to read Talos’ Year in Review report

• Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers

• Scaling Security Operations with Automation

• Deutsche Wohnen Ruling Set to Drive Up GDPR Fines

• Cryptocurrency losses reach $1.75 Billion in 2023; CeFi and Hacks Blamed

• Free Reverse Phone Lookup Services 2024

• Shielding the data that drives AI

• GST Invoice Billing Inventory exposes sensitive data to threat actors

• New macOS Trojan-Proxy piggybacking on cracked software

• 21 high-risk vulnerabilities in OT/IoT routers found

• Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution

• Police Arrest 1000 Suspected Money Mules

• 10 Essential Cybersecurity Tips For Your Organization This Holiday Season

• Digital Rights Groups Urge Meta to Stop Silencing Palestine

• UK FCA Warns of Christmas Loan Fee Fraud Surge

• Kali Linux 2023.4 Released – What’s New!

• Automating Tasks in CentOS 7 with Cron and Anacron

• Forward Momentum: Key Learnings From Trend Micro’s Security Predictions for 2024

• Hello Authentication Vulnerabilities Discovered: Stay Safe

• Kubernetes Security: Sensitive Secrets Exposed

• Trickbot Malware Developer Pleads Guilty & Faces 35 Years in Prison

• Microsoft issues deadline for end of Windows 10 support – it’s pay to play for security

• Atlassian security advisory reveals four fresh critical flaws – in mail with dead links

• UK to block all Social Media Scams

• Securing the Cloud: Strategies for CSPs to Mitigate Malware Hosting Risks

• Three security data predictions for 2024

• Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks

• Navigating the Uncertainties of CMMC 2.0: An Urgent Call for Clarity

• 5 open-source tools for pentesting Kubernetes you should check out

• Cisco intros AI to find firewall flaws, warns this sort of thing can’t be free

• Why zero-trust segmentation is critical for cloud resilience

• Businesses gain upper hand with GenAI integration

• ICANN Launches RDRS to Assist Law Enforcement Agencies to Discover Private Info

• Hackers stole ancestry data of 6.9 million users, 23andMe finally confirmed

• Wearable Tech Future: Where Fashion Meets Function

• Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw

• How to Improve Performance with Client-Side JavaScript Tag Optimizations

• Fancy Bear goes phishing in US, European high-value networks

• The malware, attacker trends and more that shaped the threat landscape in 2023

• The 23andMe Data Breach Keeps Spiraling

• Give Your Firewall Admins Superpowers with the Cisco AI Assistant for Security

• Our “How to Fix the Internet” Podcast is an Anthem Awards Finalist— Help Make It a Winner!

• Cisco Extends SSE innovation with Mobile Zero Trust and Flexible Resource Connectors

• How We’re Making AI Pervasive in the Cisco Security Cloud

• IT Security News Daily Summary 2023-12-05

• Consumer Rights Group Files Complaint Against Facebook Alleging It’s Charging Users For Privacy

• Webex announces comprehensive Device Management Capabilities with Phonism integration

• Roblox and Twitch provider Tipalti breached by ransomware [updated]

• 23andMe Says Hackers Saw Data From Millions of Users

• Imperva Named an Overall Leader in the KuppingerCole Leadership Compass: API Security and Management Report

• AI’s Future Could be Open-Source or Closed. Tech Giants Are Divided as They Lobby Regulators

• Exposed Hugging Face API tokens jeopardized GenAI models

• ENISA published the ENISA Threat Landscape for DoS Attacks Report

• AI and Mass Spying

• Defining Geofencing: A Digital Boundary

• The Roots of Cybersecurity: Traditional Methods

• Behind EB Control’s Revolutionary Patented Key Management System

• The Absolute Necessity of Multi-Factor Authentication

• Coffee Briefing Dec. 5 – OpenText to divest AMC to Rocket Software; Global companies hiring Canadians; Bell and ServiceNow partner; and more

• Accelerating into 2024 with NEOM McLaren Formula E Team

• Comprehensive Cloud Monitoring Platforms: Ensuring Optimal Performance and Security in the Cloud

• DEF CON 31 – Tiffany Rad’s And Austin Shamlin’s ‘Civil Cyber Defense’

• Daniel Stori’s ‘Welcome To Hell’

• Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk

• Microsoft will offer extended support options for Windows 10 PCs, for a price

• Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more!

• Safeguarding Data Exchange: A Comprehensive Overview of API Gateways and Their Imperative Role in Ensuring Robust Security

• CISA details twin attacks on federal servers via unpatched ColdFusion flaw

• How to Set Internet Parental Controls on All Devices

• Disney+ Cyber Scheme Exposes New Impersonation Attack Tactics

• CISA Releases Two Industrial Control Systems Advisories

• Major Organizations Using ‘Hugging Face’ AI Tools Put at Risk by Leaked API Tokens

• Application Security Startup ArmorCode Raises $40 Million

• SpyLoan Scams Target Android Users With Deceptive Apps

• Fake Lockdown Mode Exposes iOS Users to Malware Attacks

• Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d

• Takeaways from Cisco at InsureTech Connect 2023

• DSPM deep dive: debunking data security myths

• A Deep Dive Into How Digital Pound Can Menace Financial Stability

• Varonis enhances DSPM capabilities with Azure and AWS support

• Nine 9 tips before putting your Android Smartphone or Apple iPhone for resale

• Apple ‘Asks For Rethink’ On India Universal Charger Rules

• offensive security

• ENISA published ENISA Threat Landscape for DoS Attacks

• Analyzing the SonicWall Custom Grub LUKS Encryption Modifications

• 23andMe Finally Admits: 6.9 MILLION Users’ PII Breached

• Pirated Software Puts Mac Users at Risk as Proxy Malware Emerges

• Navigating the Future: Global AI Regulation Strategies

• One Year of ChatGPT: Domains Evolved by Generative AI

• India Seeks Strengthened Interpol Collaboration for Real-Time Crime Prevention

• Canadian law regulating social media platforms is needed fast, Parliament told

• Vanta announces new offerings to meet the needs of modern GRC and security leaders

• US Federal Agencies Miss Deadline for Incident Response Requirements

• OpenSSL Providers Workshop: Authors Track

• Thinking about a Career in Cloud Security? Follow this Path

• How to build a cyber incident response team (a 2024 playbook)

• Securiti collaborates with Databricks to enable the safe use of data and generative AI

• CellTrust SL2 Moderator AI prevents data leakage and blocks risky mobile messages

• Russia’s AI-Powered Disinformation Operation Targeting Ukraine, US, and Germany

• Warning for iPhone Users: Experts Warn of Sneaky Fake Lockdown Mode Attack

• Online Safety Act May Require AI Facial Scans

• Securing REST APIs With Nest.js: A Step-by-Step Guide

• Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

• What the Future Holds for Data Security

• Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)

• Stytch offers toolkit for developers to build, implement, and customize passkey-based authentication

• Brazilian City Passes Law Drafted By ChatGPT

• 9 Best Password Managers (2023): Features, Pricing, and Tips

• Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers

• 23andMe Confirms Nearly 7 Million Customers Affected In Data Leak

• Cyber Av3ngers Gang Hacks Industrial Controllers Across US

• MIPS Chips Targeted By New P2Pinfect Malware In Multiple Attacks

• 94 Vulns Patched In Android With December Updates

• Two New Versions Of OpenZFS Fix Long-Hidden Corruption Bug

• New Synopsys Report Reveals Application Security Automation Soars

• Q3 2023 Cyber Attacks Statistics

• Unpatched Loytec Building Automation Flaws Disclosed 2 Years After Discovery

• Harpie Launches Proactive Mechanism to Stop Crypto Theft

• MixMode platform enhancements boost threat detection and response

• Veeam Data Platform 23H2 update enhances resilience against ransomware

• USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data

• DevSecOps: Shifting Security to the Left

• How Arnica’s CEO foresees generative AI’s impact on DevOps security

• Why We’re a Cisco Family Through and Through

• Thousands of Outdated Microsoft Exchange Servers are Susceptible to Cyber Attacks

• Roblox and Twitch provider Tipalti breached by ransomware

• AI and Quantum Computing Threaten Encryption and Data Security

• Global Integrity QTel protects voice, messaging, and video conversations

• Rambus launches Quantum Safe Engine for data center and government hardware security

• Crypto Deception Unveiled: Check Point Research Reports Manipulation of Pool Liquidity Skyrockets Token Price by 22,000%

• BlackCat ransomware crims threaten to directly extort victim’s customers

• CISO Conversations: Three Leading CISOs in the Modern Healthcare Sector

• 94 Vulnerabilities Patched in Android With December 2023 Security Updates

• Cybersecurity M&A Roundup: 34 Deals Announced in November 2023

• The Internet Enabled Mass Surveillance. AI Will Enable Mass Spying.

• Nvidia To Build Network Of AI Chip Plants In Japan

• Over 80% of IT Leaders Want to Move Their On-Prem PAM Solution to the Cloud

• Generative AI Security: Preventing Microsoft Copilot Data Exposure

• “Do Not Push To Production” And Other Insecure Code, Demonstrated By An Ethical Hacker

• Resecurity and ICS Technologies join forces to improve cybersecurity in Iraq

• AT&T Deploys Open RAN In $14bn Deal With Ericsson

• A New Trick Uses AI to Jailbreak AI Models—Including GPT-4

• Used by only a few nerds, Facebook kills PGP-encrypted emails

• Centripetal Announces Partnership With Tiger to Provide Cybersecurity Innovation to the UK Market

• Konni Malware Alert: Uncovering The Russian-Language Threat

• Leveraging Automation for Risk Compliance in IT

• RSA Keys Security: Insights from SSH Server Signing Errors

• 15,000 Go Module Repositories on GitHub Vulnerable to Repojacking Attack

• Russian APT28 Exploits Outlook Bug to Access Exchange

• Report Says Sellafield ‘Hacked’ By Russia, China

• It’s ba-ack… UK watchdog publishes age verification proposals

• Porn Age Checks Threaten Security and Privacy, Report Warns

• Quick Look at the New CISA Healthcare Mitigation Guide

• BlueNoroff: new Trojan attacking macOS users

• Sellafield Accused of Covering Up Major Cyber Breaches

• Data Power: What the EU Data Act Means for You

• Google fixed critical zero-click RCE in Android

• Congratulations to our 2023 CX Customer Hero Award Winners

• Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability

• New Threat Actor ‘AeroBlade’ Emerges in Espionage Attack on U.S. Aerospace

• RailYatri – 23,209,732 breached accounts

• Bolstering API Security: Introducing Wallarm’s API Attack Surface Management (AASM)

• Meet the Cybersecurity Defender of 2023 for the Asia Pacific Region

• UK government denies China/Russia nuke plant hack claim

• 75% Organizations Struggle with Recurring Cyber Attacks

• Microsoft issues alert on Cactus Ransomware spreading through DanaBOT Ransomware

• How AI is revolutionizing “shift left” testing in API security

• SessionProbe: Open-source multi-threaded pentesting tool

• Beware of Expired or Compromised Code Signing Certificates

• Advanced ransomware campaigns expose need for AI-powered cyber defense

• Customer Story | How Azusa Unified School District Increasing Visibility & Control in Google & Microsoft 365

• Exploring the impact of generative AI in the 2024 presidential election

• eBook: Defending the Infostealer Threat

• 2024 brings changes in data security strategies

• Healthcare Trends in 2024: Challenges and Opportunities

• Akamai Account Protector?s New Protection Against Account Opening Abuse

• AgTech Revolution: Innovations in Agriculture

• The Importance of Incident Response for SaaS

Generated on 2023-12-06 23:55:50.683258