IT Security News Daily Summary 2023-12-08

• Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code

• Kali vs. ParrotOS: 2 versatile Linux distros for security pros

• Top 12 Firewall Best Practices to Optimize Network Security

• What Is a Privilege Escalation Attack? Types & Prevention

• Meta releases open-source tools for AI safety

• Cisco Partners and Purpose are Greater Together

• The House Intelligence Committee’s Surveillance ‘Reform’ Bill is a Farce

• Facebook Approves Ads Featuring Violent Hate Speech Against Women Journalists

• The Endless Pursuit of the Ecosystem

• Cyber Security Today, Week in Review for Friday, December 8, 2023

• DNA companies should receive the death penalty for getting hacked

• The best AirTag wallets of 2023: Expert recommended

• Opal Security Scores $22M Investment for IAM Technology

• Meta’s Purple Llama wants to test safety risks in AI models

• Mine’s $30M boost will bring AI-based privacy to the enterprise

• Social Engineering: The Art of Human Hacking

• Microsoft Glass Storage: A Breakthrough Technology That Can Make Ransomware Attacks Impossible

• Fresh SLAM Attack Extracts Sensitive Data from AMD CPUs and Upcoming Intel Processors

• New 5G Modems Flaws Affect iOS Devices and Android Models from Major Brands

• Ex-Uber CSO Joe Sullivan on why he ‘had to get over’ shock of data breach conviction

• Atlassian Releases Security Advisories for Multiple Products

• Cyberattack On Irish Utility Cuts Off Water Supply For Two Days

• In Other News: Fake Lockdown Mode, New Linux RAT, AI Jailbreak, Country’s DNS Hijacked

• Seoul Police Reveals: North Korean Hackers Stole South Korean Anti-Aircraft Data

• Critical Bluetooth Flaw Could Take Over Android, Apple, Linux Devices

• Five Cybersecurity Tabletop Exercise Myths Debunked

• Russian FSB Targets US and UK Politicians in Sneaky Spear-Phish Plan

• Trojan Malware Hidden in Cracked macOS Software, Kaspersky Says

• Elon Musk Calls For Firing Of Disney CEO Amid Ad Boycott

• How Cisco Black Belt Academy Learns from Our Learners

• Bypassing major EDRs using Pool Party process injection techniques

• iPhone Security Unveiled: Navigating the BlastPass Exploit

• Microsoft to offer glass based storage tech that is ransomware proof

• Ex-Uber CSO Joe Sullivan on why he ‘had to get over’ shock data breach conviction

• That call center tech scammer could be a human trafficking victim

• Russian APT Used Zero-Click Outlook Exploit

• WordPress 6.4.2 Patches Remote Code Execution Vulnerability

• ProvenRun Banks €15 Million for Secure Connected Vehicle Software

• Bitcoin Core Flaw Raises Concerns Regarding Blockchain Integrity

• Canadian mid-sized firms pay an average $1.13 million to ransomware gangs

• UK Regulator Begins Scrutiny Of Microsoft Partnership With OpenAI

• Data Lineage in a Data-Driven World

• Fighting the Next Generation of Fraud

• Unlocking Data Privacy: Mine’s No-Code Approach Nets $30 Million in Funding

• Bluetooth Vulnerability Enables Keystroke Injection on Android, Linux, macOS, iOS

• Google DeepMind Researchers Uncover ChatGPT Vulnerabilities

• N. Korean Kimsuky Targeting South Korean Research Institutes with Backdoor Attacks

• Cracked macOS Software Laced with New Trojan Proxy Malware

• US, UK Announce Charges and Sanctions Against Two Russian Hackers

• Identity Fraud Rises as E-Commerce, Payment Firms Targeted

• Trustmi Certify provides protection against business payment fraud

• Apple To Move Key iPad Engineering Resources To Vietnam – Report

• Exploitation Methods Used by PlugX Malware Revealed by Splunk Research

• Cisco’s Commitment to Human Rights: A Tribute to the 75th Anniversary of the Universal Declaration of Human Rights

• Founder of Bitzlato exchange has pleaded for unlicensed money transmitting

• New Bluetooth Attack

• Cyber Security Today, Dec. 8, 2023 – Ransomware is increasingly impacting OT systems, and more

• How to Prevent DNS Attacks: DNS Security Best Practices

• Android, Linux, Apple Devices Exposed to Bluetooth Keystroke Injection Attacks

• New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164)

• NuHarbor Security partners with Zscaler to protect distributed workforces

• Meta introduces default end-to-end encryption for Messenger and Facebook

• Ransomware-as-a-Service: The Growing Threat You Can’t Ignore

• Delve Risk and ThreatNG Security join forces to boost client decisions through advanced intelligence

• Android barcode scanner app exposes user passwords

• Importance of Web Application Security Testing: Exploring Vulnerabilities in Web Apps

• Mac Users Beware: New Trojan-Proxy Malware Spreading via Pirated Software

• ICO Warns of Fines for “Nefarious” AI Use

• This Mini Router Gives You Lifetime Wi-Fi and VPN Coverage for $599.99

• WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability

• Geopolitics to Blame For DoS Surge in Europe, Says ENISA

• To tap or not to tap: Are NFC payments safer?

• Preventing PII Leakage through Text Generation AI Systems

• Welltok Data Breach: 8.5M US Patients’ Information Exposed

• Ransomware Surge is Driving UK Inflation, Says Veeam

• Enterprises will need AI governance as large language models grow in number

• CISA Releases Five Industrial Control Systems Advisories

• Schweitzer Engineering Laboratories SEL-411L

• CISA Adds Two Known Exploited Vulnerabilities to Catalog

• Smart Home Technology: Your Gateway to Modern Living

• Smart Home Security Essentials: Protecting What Matters Most

• Eclypsium Helps Florida Law Enforcement Agencies Achieve CJIS Compliance

• New Microsoft Purview features use AI to help secure and govern all your data

• Polish train maker denies claims its software bricked rolling stock maintained by competitor

• TA422 Hackers Attack Organizations Using Outlook & WinRAR Vulnerabilities

• December 2023 Patch Tuesday forecast: ‘Tis the season for vigilance

• Microsoft Warns of COLDRIVER’s Evolving Evasion and Credential-Stealing Tactics

• Founder of Bitzlato Cryptocurrency Exchange Pleads Guilty in Money-Laundering Scheme

• LogoFail vulnerability affects many Windows and Linux devices

• New infosec products of the week: December 8, 2023

• Twitter fired its Information Security head for cutting budget on data security and privacy

• Guidelines for Secure AI System Development

• Increase In Mobile Threats Calls for A Proactive Mindset.

• Halting Hackers on the Holidays 2023

• Aim for a modern data security approach

• Alert fatigue puts pressure on security and development teams

• AI literacy gap extends beyond technical skills

• Movie Forums – 39,914 breached accounts

• Meta Makes End-to-End Encryption a Default on Facebook Messenger

• Love for sports could lead to poor password practices

• Canadian privacy czars release principles for responsible development of AI

• Five Eyes nations warn Moscow’s mates at the Star Blizzard gang have new phishing targets

• Russia-linked APT8 exploited Outlook zero-day to target European NATO members

• Hacker IntelBroker Leaks Alleged Sensitive US DoD Documents

• In Landmark Battle Over Free Speech, EFF Urges Supreme Court to Strike Down Texas and Florida Laws that Let States Dictate What Speech Social Media Sites Must Publish

• How Data Ingestion Works in SOAR

• IT Security News Daily Summary 2023-12-07

• Attacks abuse Microsoft DHCP to spoof DNS records and steal secrets

• Cisco goes all in on AI to strengthen its cybersecurity strategy

• Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot

• adaptive multifactor authentication (adaptive MFA)

• UK and US expose Russia Callisto Group’s activity and sanction members

• CISA Issues Warning for Russian ‘Star Blizzard’ APT Spear-Phishing Operation

• Dashlane vs 1Password: Which password manager should you use in 2023?

• Norton Secure VPN Review (2023): Pricing, Features & Security

• Bitwarden vs LastPass 2023: Which Password Manager Is Best?

• DEF CON 31 – Dan Petro’s, David Vargas’ ‘Badge Of Shame Breaking Into Secure Facilities With OSDP’

• Nova Scotia privacy commissioner investigating provincial MOVEit hack

• US government is snooping on people via phone push notifications, says senator

• Exploiting GOG Galaxy XPC service for privilege escalation in macOS

• Think Twice Before Giving Surveillance for the Holidays

• News alert: Reflectiz adds AI-powered capabilities to its Smart Alerting web threat management system

• Integrated DFIR Tool Can Simplify and Accelerate Cyber Forensics

• Using IAM Authentication for Redis on AWS

• EFF Reminds the Supreme Court That Copyright Trolls Are Still a Problem

• Cybersecurity considerations to have when shopping for holiday gifts

• Bank Of England, FCA Propose Rules To Regulate Bank’s Tech Reliance

• New XorDdos-Linked Linux RAT Krasue Targeting Telecom Firms

• Assess security posture with the Cloud Security Maturity Model

• US and EU infosec authorities pen intel-sharing pact

• US indicts alleged Russian hackers for years-long cyber espionage campaign against Western countries

• Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption

• MixModes Approach to Combating The Growing Threat of Identity-Based Attacks on Enterprise Organizations

• CISA to Developers: Adopt Memory Safe Programming Languages

• Tracking Russia’s NoName057[16] attempts to DDoS UK public services

• FTC Urges Appeals Court To Reject Microsoft-Activision Merger

• It’s not cricket! Sri Lanka and Bangladesh co-host phishing attack

• Kernel security now: Linux’s unique method for securing code

• Types of Encryption, Methods & Use Cases

• WhatsApp adds support for disappearing voice messages

• Optimizing API Lifecycles: A Comprehensive Guide for Product Managers

• What Is Encryption? Definition, How it Works, & Examples

• Meta Announces End-to-End Encryption by Default in Messenger

• Star Blizzard Cyber Attacks on UK

• Getting Ahead of the Attack

• Log4Shell: A Persistent Threat to Cybersecurity – Two Years On

• BlackSuit ransomware – what you need to know

• Securities and Exchange Commission Cyber Disclosure Rules: How to Prepare for December Deadlines

• 9 Best DDoS Protection Service Providers for 2024

• End-to-End Encrypted Instagram and Messenger Chats: Why It Took Meta 7 Years

• Elijah Wood and Mike Tyson Cameo Videos Were Used in a Russian Disinformation Campaign

• Cisco at AWS re:Invent 2023: Contagious Excitement for All

• New Report: Over 40% of Google Drive Files Contain Sensitive Info

• Microsoft To Offer Consumers Paid Windows 10 Support, Beyond Cutoff Date

• ZTNA over VPN Can Be a Good Place to Start Your Zero Trust Journey

• MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF

• Lessons Learned: Five Cybersecurity Takeaways from 2023

• AHA, Federals Urge Healthcare Ogranizations to Minimize Citrix Bleed Vulnerability

• Small Canadian energy producer reports cybersecurity incident

• Bluetooth keystroke-injection Flaw: A Threat to Apple, Linux & Android Devices

• Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns

• CISA and International Partners Release Advisory on Russia-based Threat Actor Group, Star Blizzard

• Apple says it is not aware anyone using Lockdown Mode got hacked

• Simplifying IT for Better Experiences

• Five Eyes Agencies Publish Guidance on Eliminating Memory Safety Bugs

• IronKey: What is it & How Is It Different From Other Storage Drives

• Star Blizzard launched Cyber Attacks on UK since years

• Russia’s FSB Hacking UK Politicians, Warns NCSC

• Hugging Face’s AI Supply Chain Escapes Near Breach by Hackers

• Malek Team: Iran-linked Hackers Claim to Leak Medical Records From Israeli Hospital

• Microsoft Warns of COLDRIVER’s Evolving Evading and Credential-Stealing Tactics

• UK Government Warns of Russian Cyber Campaigns Against Democracy

• Atlassian Patches RCE Flaw that Affected Multiple Products

• A cyber attack hit Nissan Oceania

• Dragos Offers Free OT Security Tools to Small Utilities

• Canadian Financial Intelligence Agency Predicts Crypto Crime to Surge Rapidly

• Navigating Ethical Challenges in AI-Powered Wargames

• Twisted Spider’s Dangerous CACTUS Ransomware Attack

• Phylum integrates with Sumo Logic to identify software supply chain attacks

• HireRight Global ID enables employers to remotely verify their candidates’ identity documents

• Why Infostealers are Stealing the Security Spotlight

• advanced persistent threat (APT)

• Just About Every Windows And Linux Device Vulnerable To New LogoFAIL Firmware Attack

• Is Web Scraping Illegal? Depends on Who You Ask

• 2024 Predictions for Cybersecurity: The Rise of AI Brings New Challenges

• Concerned About Business Email Compromise? 4 Technologies That Can Help

• Microsoft Security Copilot drives new product integrations at Microsoft Ignite to empower security and IT teams

• Star Blizzard increases sophistication and evasion in ongoing attacks

• Netskope rolls out NewEdge’s seamless localized experience

• Short-term AWS access tokens allow attackers to linger for a longer while

• Microsoft Mitigates Three Vulnerabilities in Azure HDInsight

• Cyber-Attacks More Likely Than Fire or Theft, Aviva Research Finds

• Fighting Ursa Aka APT28: Illuminating a Covert Campaign

• Cybersecurity Firm Hacks Itself, Finds DNS Flaw Leak AWS Credentials

• How to be more sustainable during the holidays

• Master Cloud Computing Risks with a Proactive, End-to-End Approach

• New ‘Pool Party’ Process Injection Techniques Undetected by EDR Solutions

• Nissan Restoring Systems After Cyberattack

• Google Offers Gemini AI Model To Challenge GPT-4

• Reflectiz Introduces AI-powered Insights on Top of Its Smart Alerting System

• SLAM Attack Gets Root Password Hash in 30 Seconds

• Yet another UK public sector data blab, this time info of pregnant women, cancer patients

• Developers behaving badly: Why holistic AppSec is key

• In Pursuit of a Passwordless Future

• Cybersixgill introduces new features and capabilities to strengthen threat analysis

• Future Intel, AMD and Arm CPUs Vulnerable to New ‘SLAM’ Attack: Researchers

• Watch Sessions From SecurityWeek’s 2023 Cyber AI & Automation Summit

• WALA’s Shocking Data Leak: 25GB of Personal Information from Pet Owners Revealed

• Flashpoint Uncovers 100,000+ Hidden Vulnerabilities, Including Zero-Days

• Navigating privacy: Should we put the brakes on car tracking?

• Android phones can be taken over remotely – update when you can

• Spying through Push Notifications

• Malwarebytes unveils vulnerability assessment module to help users identify critical vulnerabilities

• Liability Fears Damaging CISO Role, Says Former Uber CISO

• Ransomware Attacks on Industrial Orgs Increasingly Impact OT Systems: Survey

• FBI Chief Makes Fresh Pitch for Spy Program Renewal and Says It’d Be ‘Devastating’ If It Lapsed

• Daon xSentinel minimizes generative AI voice fraud

• Hacking the Human Mind: Exploiting Vulnerabilities in the ‘First Line of Cyber Defense’

• New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices

• Meta Deploys End-To-End Encryption Across Messenger, Facebook

• 1Kosmos partners with AWS to offer MFA for customer use cases

• Governments May Spy on You by Requesting Push Notifications from Apple and Google

• Building a Robust Threat Intelligence with Wazuh

• Opal Security, which helps companies manage access and identities, raises $22M

• New Krasue Linux RAT targets telecom companies in Thailand

• Atlassian Patches Critical Remote Code Execution Vulnerabilities

• Researchers automated jailbreaking of LLMs with other LLMs

• Meta and Microsoft double-down on AI

• How to Avoid and Prevent Identity Theft

• PCI 4.0: Your Next Audit May Take Longer, But it’s for a Good Cause

• Ninety Percent of Energy Companies Suffer Supplier Data Breach

• Governments Spying on Apple and Google Users, Says Senator

• Top Security Trends and Predictions for 2024

• Cambridge Hospitals Admit Two Excel-Based Data Breaches

• Akira Ransomware Exploiting Zero-day Flaws For Organization Network Access

• The Imperative for Zero Trust in a Cloud-Native Environment

• Belgian man charged with smuggling sanctioned military tech to Russia and China

• Hackers Deliver AsyncRAT Through Weaponized WSF Script Files

• Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger

• New Stealthy ‘Krasue’ Linux Trojan Targeting Telecom Firms in Thailand

• JoyGames – 4,461,787 breached accounts

• Sierra Wireless routers are vulnerable to Cyber Attacks

• Ransomware in 2024: Anticipated impact, targets, and landscape shift

• Using AI and automation to manage human cyber risk

• Australia building ‘top secret’ cloud to catch up and link with US, UK intel orgs

• Third-party breaches shake the foundations of the energy sector

• OpenTofu: Open-source alternative to Terraform

• Splunk Predictions 2024: Leadership Trends and Emerging Technologies

• Splunk Data Security Predictions 2024

• Meta finally starts rolling out default end-to-end encryption for Messenger

• What is Software Piracy?

• Tech Privacy: Navigating the Age of Digital Surveillance

Generated on 2023-12-08 23:55:54.670807