IT Security News Daily Summary 2023-12-07

• Attacks abuse Microsoft DHCP to spoof DNS records and steal secrets

• Cisco goes all in on AI to strengthen its cybersecurity strategy

• Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot

• adaptive multifactor authentication (adaptive MFA)

• UK and US expose Russia Callisto Group’s activity and sanction members

• CISA Issues Warning for Russian ‘Star Blizzard’ APT Spear-Phishing Operation

• Dashlane vs 1Password: Which password manager should you use in 2023?

• Norton Secure VPN Review (2023): Pricing, Features & Security

• Bitwarden vs LastPass 2023: Which Password Manager Is Best?

• DEF CON 31 – Dan Petro’s, David Vargas’ ‘Badge Of Shame Breaking Into Secure Facilities With OSDP’

• Nova Scotia privacy commissioner investigating provincial MOVEit hack

• US government is snooping on people via phone push notifications, says senator

• Exploiting GOG Galaxy XPC service for privilege escalation in macOS

• Think Twice Before Giving Surveillance for the Holidays

• News alert: Reflectiz adds AI-powered capabilities to its Smart Alerting web threat management system

• Integrated DFIR Tool Can Simplify and Accelerate Cyber Forensics

• Using IAM Authentication for Redis on AWS

• EFF Reminds the Supreme Court That Copyright Trolls Are Still a Problem

• Cybersecurity considerations to have when shopping for holiday gifts

• Bank Of England, FCA Propose Rules To Regulate Bank’s Tech Reliance

• New XorDdos-Linked Linux RAT Krasue Targeting Telecom Firms

• Assess security posture with the Cloud Security Maturity Model

• US and EU infosec authorities pen intel-sharing pact

• US indicts alleged Russian hackers for years-long cyber espionage campaign against Western countries

• Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption

• MixModes Approach to Combating The Growing Threat of Identity-Based Attacks on Enterprise Organizations

• CISA to Developers: Adopt Memory Safe Programming Languages

• Tracking Russia’s NoName057[16] attempts to DDoS UK public services

• FTC Urges Appeals Court To Reject Microsoft-Activision Merger

• It’s not cricket! Sri Lanka and Bangladesh co-host phishing attack

• Kernel security now: Linux’s unique method for securing code

• Types of Encryption, Methods & Use Cases

• WhatsApp adds support for disappearing voice messages

• Optimizing API Lifecycles: A Comprehensive Guide for Product Managers

• What Is Encryption? Definition, How it Works, & Examples

• Meta Announces End-to-End Encryption by Default in Messenger

• Star Blizzard Cyber Attacks on UK

• Getting Ahead of the Attack

• Log4Shell: A Persistent Threat to Cybersecurity – Two Years On

• BlackSuit ransomware – what you need to know

• Securities and Exchange Commission Cyber Disclosure Rules: How to Prepare for December Deadlines

• 9 Best DDoS Protection Service Providers for 2024

• End-to-End Encrypted Instagram and Messenger Chats: Why It Took Meta 7 Years

• Elijah Wood and Mike Tyson Cameo Videos Were Used in a Russian Disinformation Campaign

• Cisco at AWS re:Invent 2023: Contagious Excitement for All

• New Report: Over 40% of Google Drive Files Contain Sensitive Info

• Microsoft To Offer Consumers Paid Windows 10 Support, Beyond Cutoff Date

• ZTNA over VPN Can Be a Good Place to Start Your Zero Trust Journey

• MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF

• Lessons Learned: Five Cybersecurity Takeaways from 2023

• AHA, Federals Urge Healthcare Ogranizations to Minimize Citrix Bleed Vulnerability

• Small Canadian energy producer reports cybersecurity incident

• Bluetooth keystroke-injection Flaw: A Threat to Apple, Linux & Android Devices

• Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns

• CISA and International Partners Release Advisory on Russia-based Threat Actor Group, Star Blizzard

• Apple says it is not aware anyone using Lockdown Mode got hacked

• Simplifying IT for Better Experiences

• Five Eyes Agencies Publish Guidance on Eliminating Memory Safety Bugs

• IronKey: What is it & How Is It Different From Other Storage Drives

• Star Blizzard launched Cyber Attacks on UK since years

• Russia’s FSB Hacking UK Politicians, Warns NCSC

• Hugging Face’s AI Supply Chain Escapes Near Breach by Hackers

• Malek Team: Iran-linked Hackers Claim to Leak Medical Records From Israeli Hospital

• Microsoft Warns of COLDRIVER’s Evolving Evading and Credential-Stealing Tactics

• UK Government Warns of Russian Cyber Campaigns Against Democracy

• Atlassian Patches RCE Flaw that Affected Multiple Products

• A cyber attack hit Nissan Oceania

• Dragos Offers Free OT Security Tools to Small Utilities

• Canadian Financial Intelligence Agency Predicts Crypto Crime to Surge Rapidly

• Navigating Ethical Challenges in AI-Powered Wargames

• Twisted Spider’s Dangerous CACTUS Ransomware Attack

• Phylum integrates with Sumo Logic to identify software supply chain attacks

• HireRight Global ID enables employers to remotely verify their candidates’ identity documents

• Why Infostealers are Stealing the Security Spotlight

• advanced persistent threat (APT)

• Just About Every Windows And Linux Device Vulnerable To New LogoFAIL Firmware Attack

• Is Web Scraping Illegal? Depends on Who You Ask

• 2024 Predictions for Cybersecurity: The Rise of AI Brings New Challenges

• Concerned About Business Email Compromise? 4 Technologies That Can Help

• Microsoft Security Copilot drives new product integrations at Microsoft Ignite to empower security and IT teams

• Star Blizzard increases sophistication and evasion in ongoing attacks

• Netskope rolls out NewEdge’s seamless localized experience

• Short-term AWS access tokens allow attackers to linger for a longer while

• Microsoft Mitigates Three Vulnerabilities in Azure HDInsight

• Cyber-Attacks More Likely Than Fire or Theft, Aviva Research Finds

• Fighting Ursa Aka APT28: Illuminating a Covert Campaign

• Cybersecurity Firm Hacks Itself, Finds DNS Flaw Leak AWS Credentials

• How to be more sustainable during the holidays

• Master Cloud Computing Risks with a Proactive, End-to-End Approach

• New ‘Pool Party’ Process Injection Techniques Undetected by EDR Solutions

• Nissan Restoring Systems After Cyberattack

• Google Offers Gemini AI Model To Challenge GPT-4

• Reflectiz Introduces AI-powered Insights on Top of Its Smart Alerting System

• SLAM Attack Gets Root Password Hash in 30 Seconds

• Yet another UK public sector data blab, this time info of pregnant women, cancer patients

• Developers behaving badly: Why holistic AppSec is key

• In Pursuit of a Passwordless Future

• Cybersixgill introduces new features and capabilities to strengthen threat analysis

• Future Intel, AMD and Arm CPUs Vulnerable to New ‘SLAM’ Attack: Researchers

• Watch Sessions From SecurityWeek’s 2023 Cyber AI & Automation Summit

• WALA’s Shocking Data Leak: 25GB of Personal Information from Pet Owners Revealed

• Flashpoint Uncovers 100,000+ Hidden Vulnerabilities, Including Zero-Days

• Navigating privacy: Should we put the brakes on car tracking?

• Android phones can be taken over remotely – update when you can

• Spying through Push Notifications

• Malwarebytes unveils vulnerability assessment module to help users identify critical vulnerabilities

• Liability Fears Damaging CISO Role, Says Former Uber CISO

• Ransomware Attacks on Industrial Orgs Increasingly Impact OT Systems: Survey

• FBI Chief Makes Fresh Pitch for Spy Program Renewal and Says It’d Be ‘Devastating’ If It Lapsed

• Daon xSentinel minimizes generative AI voice fraud

• Hacking the Human Mind: Exploiting Vulnerabilities in the ‘First Line of Cyber Defense’

• New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices

• Meta Deploys End-To-End Encryption Across Messenger, Facebook

• 1Kosmos partners with AWS to offer MFA for customer use cases

• Governments May Spy on You by Requesting Push Notifications from Apple and Google

• Building a Robust Threat Intelligence with Wazuh

• Opal Security, which helps companies manage access and identities, raises $22M

• New Krasue Linux RAT targets telecom companies in Thailand

• Atlassian Patches Critical Remote Code Execution Vulnerabilities

• Researchers automated jailbreaking of LLMs with other LLMs

• Meta and Microsoft double-down on AI

• How to Avoid and Prevent Identity Theft

• PCI 4.0: Your Next Audit May Take Longer, But it’s for a Good Cause

• Ninety Percent of Energy Companies Suffer Supplier Data Breach

• Governments Spying on Apple and Google Users, Says Senator

• Top Security Trends and Predictions for 2024

• Cambridge Hospitals Admit Two Excel-Based Data Breaches

• Akira Ransomware Exploiting Zero-day Flaws For Organization Network Access

• The Imperative for Zero Trust in a Cloud-Native Environment

• Belgian man charged with smuggling sanctioned military tech to Russia and China

• Hackers Deliver AsyncRAT Through Weaponized WSF Script Files

• Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger

• New Stealthy ‘Krasue’ Linux Trojan Targeting Telecom Firms in Thailand

• JoyGames – 4,461,787 breached accounts

• Sierra Wireless routers are vulnerable to Cyber Attacks

• Ransomware in 2024: Anticipated impact, targets, and landscape shift

• Using AI and automation to manage human cyber risk

• Australia building ‘top secret’ cloud to catch up and link with US, UK intel orgs

• Third-party breaches shake the foundations of the energy sector

• OpenTofu: Open-source alternative to Terraform

• Splunk Predictions 2024: Leadership Trends and Emerging Technologies

• Splunk Data Security Predictions 2024

• Meta finally starts rolling out default end-to-end encryption for Messenger

• What is Software Piracy?

• Tech Privacy: Navigating the Age of Digital Surveillance

• CISA and ENISA enhance their Cooperation

• Speaking Freely: Alison Macrina

• IT Security News Daily Summary 2023-12-06

• Tor vs. VPN: What They Do and Which is Better

• Using Falco to Create Custom Identity Detections

• State Attorney General Accuses Facebook Of Creating A “Marketplace” For Child Predators

• Cisco Training Bootcamps: Get the Scoop from Subject Matter Experts

• Generative AI increasingly used for threats to Canadian democracy: Report

• Google pushes yet another security update to its Chrome browser

• Atlassian addressed four new RCE flaws in its products

• The Combined Federal Campaign Pledge Period is Closing Soon!

• Apple and some Linux distros are open to Bluetooth attack

• CISA: Hackers Use ColdFusion Flaw to Breach Federal Agency

• Kickstart your IT career with this cybersecurity training bundle

• Your mobile password manager might be exposing your credentials

• CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

• Remote code execution vulnerabilities found in Buildroot, Foxit PDF Reader

• YouTuber Jailed After Deliberately Crashing Plane For Views

• Kali Linux 2023.4 is Out: Cloud ARM64, Hyper-V, Pi 5, & More!

• Continuous Testing in the Era of Microservices and Serverless Architectures

• Windows 10 Extended Security Updates Promised for Small Businesses and Home Users

• The Binance Crackdown Will Be an ‘Unprecedented’ Bonanza for Crypto Surveillance

• CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps

• Marketing Trends Heading into 2024

• Webex Connect and a New Digital Experience

• When a Botnet Cries: Detecting Botnet Infection Chains

• Monolith Versus Microservices: Weigh the Pros and Cons of Both Configs

• CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps

• US senator warns governments are spying on Apple and Google users via push notifications

• Security Analysis of a Thirteenth-Century Venetian Election Protocol

• Bank of England Will Review the Risks That AI Poses to UK Financial Stability

• Use Windows 10? You Must PAY for Security

• Meta Pressure Led To Harvard Termination, Alleges Misinformation Expert

• Police Can Spy on Your iOS and Android Push Notifications

• Microsoft Hires New CISO in Major Security Shakeup

• Ofcom Proposes Face Scanning, Banking Details For Porn Age Verification

• Ofcom’s Age Verification Proposals Pose ‘Significant’ Privacy, Security Risk

• How IT teams can conduct a vulnerability assessment for third-party applications

• 78% of CISOs Concerned About AppSec Manageability

• Adobe ColdFusion Flaw Used by Hackers to Access US Govt Servers

• Serpent Stealer Acquire Browser Passwords and Erases Intrusion Logs

• BlueNoroff: New Malware Attacking MacOS Users

• ICANN Launches Service to Help With WHOIS Lookups

• CISA says US government agency was hacked thanks to ‘end of life’ software

• The Rise of Digital Customer Experience

• Navigating Retail Disruption: Maximize Customer Centricity and Business Performance with Observability

• Tracking Cybersecurity Progress at Industrial Companies

• Locking down the edge

• 5 Security Benefits of Application Mapping

• Russian-Backed Hackers Target High-Value US, European Entities

• Decrypting Breach Realities: Beyond Isolation to Collective Progress

• Trojan-Proxy Threat Expands Across macOS, Android and Windows

• Exploitation of Recent Cisco IOS XE Vulnerabilities Spikes

• Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images

• Trail of Bits Spinout iVerify Tackles Mercenary Spyware Threat

• Fortifying the Human Firewall: Six-Steps For An Effective Security Awareness Program

• Cyber Threat emerges out of Apple iOS 17 new NameDrop Feature

• Millions of patient scans and health records spilling online thanks to decades-old protocol bug

• csharp-streamer: Peeking under the hood

• Cyber Intrusion: Royal Family Braces for Potential Medical Data Release

• Exploring Blockchain’s Revolutionary Impact on E-Commerce

• US Health Dept Urges Hospitals to Patch Critical ‘Citrix Bleed’ Vulnerability

• Panther Labs introduces Security Data Lake Search and Splunk Integration capabilities

• Readout from CISA’s 2023 Fourth Quarter Cybersecurity Advisory Committee Meeting

• Cyber and Physical Security Are Different, But They Must Work Together

• Cisco Talos Report: New Trends in Ransomware, Network Infrastructure Attacks, Commodity Loader Malware

• Microsoft Blames Russia For Ongoing Hacks Of 9 Month Old Exchange Bug

• Adobe Coldfusion Vuln Exploited In Attacks On US Government

• 21 Vulns In Sierra Wireless Routers Could Expose Critical Infrastructure

• Microsoft Will Eventually Start Charging You For Windows 10 Security Updates

• Governments Spying On Apple, Google Users Through Push Notifications

• Windows 10 gets its own extended security updates program

• A year on, CISA realizes debunked vuln actually a dud and removes it from must-patch list

• GAO: Federal Agencies Yet to Fully Implement Incident Response Capabilities

• Dragos Offering Free OT Cybersecurity Technology to Small US Utilities

• Chrome 120 Patches 10 Vulnerabilities

• U.S. Treasury Sanctions Eight Foreign-Based Agents and North Korean Kimsuky Attackers

• Qilin Ransomware Strikes VMware ESXi

• Protecting credentials against social engineering: Cyberattack Series

• 3 reasons why now is the time to go cloud native for device management

• Microsoft Incident Response lessons on preventing cloud identity compromise

• CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360)

• Atlassian fixes four critical RCE vulnerabilities, patch quickly!

• Data Theorem releases API Attack Path Visualization for enhanced API and Software supply chain security

• IBM Unveils Heron Quantum Chip, Plus Quantum System Two

• A primer on storage anomaly detection

• Adobe Coldfusion vulnerability used in attacks on government servers

• Understanding Each Link of the Cyberattack Impact Chain

• Survey Surfaces Wasted Efforts Collecting Cybersecurity Data

• Atsign releases SSH No Ports 4.0 with Windows support and SDK

• Living Security Unify Go improves human risk management

• Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts

• Doppelgänger: Hackers Employ AI to Launch Highly sophistication Attacks

• The Art and Science of Container Security

• WebAuthn Conditional UI: Technical Explanation and Implementation

• Product showcase: Apiiro unifies AppSec and SSCS in a deep ASPM

• LABScon Replay | The Cyber Arm of China’s Soft Power: Reshaping a Continent

• Top Characteristics of a QR Code Phishing Email

• Cyber Security Today, Dec. 6, 2023 – Warnings about Russian-based cyber attacks, and more

• Searchlight Cyber launches Exposure Data view in DarkIQ

• Microsoft will offer extended security updates for Windows 10

• Lenovo and Microsoft join forces to simplify security deployments

• The Power of Purpose

• Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode

• CISA Urges Federal Agencies to Patch Exploited Qualcomm Vulnerabilities

• Adobe ColdFusion Vulnerability Exploited in Attacks on US Government Agency

• How Cyber Risk Management Tools Have Evolved

• Cisco AI Assistant for Security helps customers automate complex tasks

• Elon Musk’s xAI Seeks To Raise $1 Billion In Equity

• Top 6 Security Challenges of SMEs (Small to Medium Enterprises)

• Sierra:21 – Flaws in Sierra Wireless Routers Expose Critical Sectors to Cyber Attacks

• New Report: Unveiling the Threat of Malicious Browser Extensions

• Warfare and Geopolitics are Fuelling Denial-of-Service Attacks

• 21 Vulnerabilities in Sierra Wireless Routers Could Expose Critical Infrastructure to Attacks

• Virtual Event Today: Cyber AI & Automation Summit

• 5 Critical Steps to Prepare for AI-Powered Malware in Your Connected Asset Ecosystem

• LockBit Remains Top Global Ransomware Threat

• Beers with Talos episode 141: The TurkeyLurkey Man wants YOU to read Talos’ Year in Review report

• Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers

• Scaling Security Operations with Automation

• Deutsche Wohnen Ruling Set to Drive Up GDPR Fines

• Cryptocurrency losses reach $1.75 Billion in 2023; CeFi and Hacks Blamed

• Free Reverse Phone Lookup Services 2024

• Shielding the data that drives AI

• GST Invoice Billing Inventory exposes sensitive data to threat actors

• New macOS Trojan-Proxy piggybacking on cracked software

• 21 high-risk vulnerabilities in OT/IoT routers found

• Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution

• Police Arrest 1000 Suspected Money Mules

• 10 Essential Cybersecurity Tips For Your Organization This Holiday Season

• Digital Rights Groups Urge Meta to Stop Silencing Palestine

• UK FCA Warns of Christmas Loan Fee Fraud Surge

• Kali Linux 2023.4 Released – What’s New!

• Automating Tasks in CentOS 7 with Cron and Anacron

• Forward Momentum: Key Learnings From Trend Micro’s Security Predictions for 2024

• Hello Authentication Vulnerabilities Discovered: Stay Safe

• Kubernetes Security: Sensitive Secrets Exposed

• Trickbot Malware Developer Pleads Guilty & Faces 35 Years in Prison

• Microsoft issues deadline for end of Windows 10 support – it’s pay to play for security

• Atlassian security advisory reveals four fresh critical flaws – in mail with dead links

• UK to block all Social Media Scams

• Securing the Cloud: Strategies for CSPs to Mitigate Malware Hosting Risks

• Three security data predictions for 2024

• Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks

• Navigating the Uncertainties of CMMC 2.0: An Urgent Call for Clarity

• 5 open-source tools for pentesting Kubernetes you should check out

• Cisco intros AI to find firewall flaws, warns this sort of thing can’t be free

• Why zero-trust segmentation is critical for cloud resilience

• Businesses gain upper hand with GenAI integration

• ICANN Launches RDRS to Assist Law Enforcement Agencies to Discover Private Info

• Hackers stole ancestry data of 6.9 million users, 23andMe finally confirmed

• Wearable Tech Future: Where Fashion Meets Function

• Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw

• How to Improve Performance with Client-Side JavaScript Tag Optimizations

• Fancy Bear goes phishing in US, European high-value networks

• The malware, attacker trends and more that shaped the threat landscape in 2023

• The 23andMe Data Breach Keeps Spiraling

• Give Your Firewall Admins Superpowers with the Cisco AI Assistant for Security

• Our “How to Fix the Internet” Podcast is an Anthem Awards Finalist— Help Make It a Winner!

Generated on 2023-12-07 23:56:08.849393