IT Security News Daily Summary 2023-12-12

• cyber attack

• Microsoft Patch Tuesday, December 2023 Edition

• Bitcoin ATM company Coin Cloud got hacked. Even its new owners don’t know how.

• How to choose a free vulnerability scanner: Insights from an industry veteran

• Cyberattack Cripples Ukraine’s Largest Telcom Operator

• Does Your App Accept Digital Wallets?

• Update now! Apple issues patches for older iPhones and other devices

• VERT Threat Alert: December 2023 Patch Tuesday Analysis

• Facebook Scrapes User Photos To Generate AI Images

• Healthcare giant Norton breach leads to theft of millions of patient records

• Snyk Launches ASPM Platform to Secure Software Supply Chains

• Adobe Patches 207 Security Bugs in Mega Patch Tuesday Bundle

• Microsoft Patch Tuesday: Critical Spoofing and Remote Code Execution Flaws

• DEF CON 31 – David Pekoske’s, Sean Lyngaas’, Jen Easterly’s ‘All Information Looks Like Noise Until You Break The Code’

• Mastering SDLC Security: Best Practices, DevSecOps, and Threat Modeling

• Akamai EdgeWorkers for SaaS: Balancing Customization and Security

• Improve Performance with HTTP/2 Stream Prioritization

• Beyond Buzzwords: Glasswing AI palette guides startups navigating AI’s diverse terrain

• How ConductorOne’s Copilot improves identity governance with AI

• December 2023 Patch Tuesday: 33 fixes to wind the year down

• Microsoft releases lightest Patch Tuesday in three years, no zero-days disclosed

• Tor vs. VPN: What They Do and Which is Better

• Meta Publicly Releases End-To-End Encryption For Facebook Messenger

• 9 Best Next-Generation Firewall (NGFW) Solutions for 2023

• Kyivstar, Ukraine’s largest mobile carrier brought down by a cyber attack

• Cloud engineer wreaks havoc on bank network after getting fired

• CISA Unveils Tools to Strengthen Google Cloud Services

• How the EU Cyber Resilience Act Impacts Manufacturers

• How To Build a Financial App With Proactive Security Measures

• Proofpoint Exposes Sophisticated Social Engineering Attack on Recruiters That Infects Their Computers With Malware

• SAP Patches Critical Vulnerability in Business Technology Platform

• Avira security software is causing Windows PCs to freeze up, and there’s no fix in sight

• Black Hat Europe 2023: Should we regulate AI?

• 4 Tips for Safe and Secure Holiday Shopping

• No Robots(.txt): How to Ask ChatGPT and Google Bard to Not Use Your Website for Training

• Discord in the ranks: Lone Airman behind top-secret info leak on chat platform

• Apple Bops Beeper, but iMessage Android Whac-A-Mole Ensues

• Unveiling the Cyber Threats to Healthcare: Beyond the Myths

• Fake Resumes, Real Malware: TA4557 Exploits Recruiters for Backdoor Access

• Unleashing the Power of GPT in Slack With React Integration

• Hardening cellular basebands in Android

• Over 100 WordPress Repository Plugins Affected by Shortcode-based Stored Cross-Site Scripting

• Mozilla VPN Review (2023): Features, Pricing, and Security

• Bitcoin ATM company Coin Cloud got hacked. Even its new owners don’t know how

• Apple Sets Trap to Catch iMessage Impersonators

• Multiple Critical Flaws Found In Zyxel NAS Devices

• Google Updates Chrome bfcache For Faster Page Viewing

• Multi-cloud vs. hybrid cloud: The main difference

• Ukraine’s largest mobile operator Kyivstar downed by ‘powerful’ cyberattack

• Secure your critical roadways infrastructure as you digitize and resolve congestion

• Dubai’s largest taxi app exposes 220K+ users

• Insomniac Game Wolverine Hits Ransomware Attack

• Best VPN for streaming in 2023

• Kelvin Security cybercrime gang suspect seized by Spanish police

• CISA Releases Two Industrial Control Systems Advisories

• Netskope and BT Partner to Provide Secure Managed Services to the Modern Hybrid Enterprise

• What the SEC’s New Incident Disclosure Rules Mean for CISOs

• Lazarus Group Exploits Log4j Flaw in New Malware Campaign

• November 2023’s Most Wanted Malware: New AsyncRAT Campaign Discovered while FakeUpdates Re-Entered the Top Ten after Brief Hiatus

• Something exciting is brewing for NRF24

• Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

• AI Tools are Quite Susceptible to Targeted Attacks

• AutoSpill Attack Steal Credentials from Android Password Managers

• Coffee Briefing Dec. 12- Lighthouse Labs’ new cyber upskilling program; Extended security updates for Windows 10; Canada’s AI code of conduct has new signatories; and more

• DataDome Device Check blocks bots from the first request

• Cyber Attack on Ukraine Kyivstar while China disrupts the Critical Infrastructure of the United States

• Oracle Shares Sink On Disappointing Cloud Results

• The Technology That’s Remaking OU Health into a Top-Tier Medical Center

• Why Biden’s EO on AI Conflates the Role of Red-Teaming

• Censys unveils two new product tiers to help researchers enhance their threat hunting work

• Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign

• Widespread Security Flaws Blamed for Northern Ireland Police Data Breach

• SpaceX Scrubs Falcon Heavy Spaceplane Launch At Last Minute

• Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware

• Cybercriminals Are Using Wyoming Shell Companies For Global Hacks

• Atlassian Warns Of Four New Critical Vulnerabilities

• Toyota Germany Says Customer Data Stolen In Ransomware Attack

• North Ireland Cops Count Human Cost Of August Data Breach

• Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution

• Why Automation and Consolidation are Key to Restoring Confidence in Cybersecurity

• Reco Employs Graph and AI Technologies to Secure SaaS Apps

• Ukraine’s Largest Phone Operator Hack Tied to War With Russia

• Apple May Open iPhone NFC Access To Competitors

• TechBash: Automation, Security and Development Best Practices in The Poconos

• Edge Computing: Revolutionizing Data Processing and Connectivity

• Stepping into 2024 with a look at emerging cybersecurity risks

• CISA Seeks Public Comment on Newly Developed Secure Configuration Baselines for Google Workspace

• CISA Releases SCuBA Google Workspace Secure Configuration Baselines for Public Comment

• Why Financial Institutions Are Adopting the CRI Profile

• Northern Ireland cops count human cost of August data breach

• Sandman Cyberespionage Group Linked to China

• Air Force Disciplines 15 as IG Finds That Security Failures Led to Massive Classified Documents Leak

• ICS Patch Tuesday: Electromagnetic Fault Injection, Critical Redis Vulnerability

• Recruiters, beware of cybercrooks posing as job applicants!

• Calamu expands support for a wide array of enterprise applications

• Ukraine’s Largest Phone Operator Hacked in “Act of War”

• Toyota Ransomware Attack Exposes Customers Personal Data

• Meet the new CloudGuard: Risk Management in Action

• MFA and supply chain security: It’s no magic bullet

• The Challenges of Building Generative AI Applications in Cybersecurity

• The Next One Billion Lives

• Amplifying Connection and Embracing Collaboration Through Volunteering at Mix 92.6 Community Radio

• Huawei Starts Construction Of First Overseas Plant In France

• Huawei Mate 60 Shows China ‘Progress’ In Replacing US Parts

• How ConductorOne’s Copilot Improves Identity Governance with AI

• New Windows/Linux Firmware Attack

• The sound of you typing on your keyboard could reveal your password

• Toyota Germany Says Customer Data Stolen in Ransomware Attack

• The Top 10, Top 10 Predictions for 2024

• Understanding SBOMs

• LogoFAIL Attack: A Deep Dive into UEFI Vulnerabilities

• Non-Human Access is the Path of Least Resistance: A 2023 Recap

• FBI Issues Guidance for Delaying SEC-Required Data Breach Disclosure

• Toyota Germany Confirms Personal Information Stolen in Ransomware Attack

• Los Angeles Adopts AI Tech for Automated Ticketing of Bus Lane Violators

• “Pool Party” process injection techniques evade EDRs

• BT collaborates with Netskope to minimize the risk of cyber threats

• New MrAnon Stealer Malware Targeting German Users via Booking-Themed Scam

• Threat Actor Targets Recruiters With Malware

• What is CloudSecOps? – A Complete Security Operations Guide – 2024

• US Awards $35m To BAE Systems In First Chips Act Grant

• WordPress Plugin Flaw Exposes 90K+ Websites to Hack Attack

• What to do if your company was mentioned on Darknet?

• Backup Migration WordPress Plugin Flaw Impacts 90,000 Sites

• Apache Warns of Critical Vulnerability in Struts 2

• Fortnite Maker Epic Wins Antitrust Case Against Google

• Apple released iOS 17.2 to address a dozen of security flaws

• BlackBerry squashes plan to spin out its IoT biz

• Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws

• Interpol moves against human traffickers who enslave people to scam you online

• Watch out for these signs when your smart phone is hacked

• Many popular websites still cling to password creation policies from 1985

• New Critical RCE Vulnerability Discovered in Apache Struts 2 – Patch Now

• The Embedded Systems and The Internet of Things

• Nemesis: Open-source offensive data enrichment and analytic pipeline

• Balancing AI advantages and risks in cybersecurity strategies

• eIDAS: EU’s internet reforms will undermine a decade of advances in online security

• Protecting Children Online: A Parent’s Guide

• WhatsApp, Slack, Teams, and other messaging platforms face constant security risks

• A Gigantic New ICBM Will Take US Nuclear Missiles Out of the Cold War-Era but Add 21st-Century Risks

• Secure Online Shopping: Tips for Smart Homeowners

• A Recap of Our Pragmatic Cyber Risk Management Webinar

• Proposed US surveillance regime would enlist more businesses

• InflateVids – 13,405 breached accounts

• KubeCon 2023: Not Your Father’s Tenable

• Toyota Financial Services discloses a data breach

• Anthropic leads charge against AI bias and discrimination with new research

• 23andMe changes to terms of service are ‘cynical’ and ‘self-serving,’ lawyers say

• Replace broken AppSec tools with an Application Security technology that actually works: Runtime Security

• New Microsoft Incident Response team guide shares best practices for security teams and leaders

• IT Security News Daily Summary 2023-12-11

• Apple Ships iOS 17.2 With Urgent Security Patches

• Vulnerability Summary for the Week of December 4, 2023

• Hotspot Shield VPN Review 2023: Features, Pros & Cons

• 2.5M patients infected with data loss in Norton Healthcare ransomware outbreak

• Child Safety Advocates Blast Facebook Encryption Again

• ‘5Ghoul’ Vulnerabilities Haunt Qualcomm, MediaTek 5G Modems

• Transmission Control Protocol (TCP)

• Congress Clashes Over the Future of America’s Section 702 Spy Program

• CISA Adds One Known Exploited Vulnerability to Catalog

• 2.5M patents infected with data loss in Norton Healthcare ransomware outbreak

• Is TikTok Safe for Kids? What Parents Should Know

• Gamers Warned of Potential CS2 Exploit That Can Reveal IP Addresses

• Meta champions a new era in safe gen AI with Purple Llama

• The top cyber security news stories of 2023

• Holistic Approach To Privacy and Security in Tech: Key Principles

• Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin

• Protecting the perimeter with VT Intelligence – Email security

• Spanish Police Nab Venezuelan Leader of Kelvin Security Hacker Group

• VTMondays

• The Virtual Desktop Revolution: Redefining Work and Productivity

• Memory-safe languages so hot right now, agrees Lazarus Group as it slings DLang malware

• Six of the most popular Android password managers are leaking data

• The best VPN trials of 2023

• Deploy Keycloak Single Sign-On With Ansible

• Get a VPN for Yourself and Your Employees This Holiday Season

• Debunking Popular Myths About Vulnerability Management

• FBI Details How Companies Can Delay SEC Cyber Disclosures

• If your Windows PC freezes, Avira security software may be the culprit

• When Looking For Cybersecurity Solutions, Don’t Shrug Off Startups

• Future-Proofing Cybersecurity: A Deep Dive into WithSecure’s Innovative Mid-Market Security Solutions

• Happy Holidays and Happy New Year Cisco Distributors

• Lazarus Group Targets Log4Shell Flaw Via Telegram Bots

• The Shift in Power from CIO to CISO: The Rise in Cyber Attacks Enables Greater Resources and Budget Allocation

• Ukraine Is Crowdfunding Its Reconstruction

• Security Series: Protecting the Edge Against DDoS Attacks with a Simplified Integrated Solution

• Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2

• Israel’s Intelligence Failure: Balancing Technology and Cybersecurity Challenges

• Europol Raises Alarm on Criminal Misuse of Bluetooth Trackers

• Norton Healthcare Ransomware Hack: 2.5 Million Personal Records Stolen

• DataVisor integrates SMS customer verification into its platform

• Alibaba’s Damo Academy Tailors AI For Southeast Asia

• The Playbook for Building Generative AI Applications

• How the White House sees the future of safeguarding AI

• Two Years On, 1 In 4 Apps Still Vulnerable To Log4Shell

• Google Patches Chromecast Vulnerabilities Exploited At Hacking Contest

• North Korean Hackers Are Developing Malware In Dlang

• “Amazon got hacked” messages are a false alarm

• Two years on, 1 in 4 apps still vulnerable to Log4Shell

• North Korean Hackers Developing Malware in Dlang Programming Language

• Google Patches Chromecast Vulnerabilities Exploited at Hacking Contest

• Why Cybersecurity Needs To Be an SMB Priority

• Here’s How Unwiped Data On Sold Devices Can Prove Costly

• El Salvador to Offer Citizenship for a $1 Million Bitcoin ‘Investment’

• Google Admits Editing of AI Viral Video for Enhanced Presentation

• Stellar Cyber incorporates GenAI into its Open XDR Platform

• BlackBerry names new CEO, will split cybersecurity and IoT businesses

• Sandman APT | China-Based Adversaries Embrace Lua

• The Biggest SAP Cybersecurity Mistake Businesses Make—And How To Prevent It

• Nvidia’s Huang Signals Vietnam AI Expansion

• Hackers Trick Users With Data Leak Message to Deploy Malware

• Security Measures To Be Taken While Developing a Mobile Application

• Navigating the Cybersecurity Landscape

• US healthcare giant Norton says hackers stole millions of patients’ data during ransomware attack

• Fortinet Adds Generative AI Tool to Security Operations Portfolio

• Elevate Your Security: Meet Modern Attacks With Advanced CSPM

• Report Sees Chinese Threat Actors Embracing Sandman APT

• Meta Rolls Out Default End-to-End Encryption on Messenger Amid Child Security Concerns

• Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans

• Researchers Unmask Sandman APT’s Hidden Link to China-Based KEYPLUG Backdoor

• Partnering for Sustainability: Cisco’s Collaborative Approach

• Read the clouds, reduce the cyber risk

• ShardSecure partners with Wasabi Technologies to help customers enhance data security

• Interpol Busts Human Traffickers Luring Victims with Fake Online Job Ads

• Holiday Season Online Privacy Recipe | Avast

• Empower Cyber Security Defenses with Horizon IOC

• …and the question is…

• Customer Story | Clint Independent School District Increases Cloud Visibility For Improved Threat Detection

• CNAPP Snap! Xcitium & AccuKnox Lay Down Cards For New Partnership

• Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang

• MrAnon Stealer Attacking Windows Users Via Weaponized PDF Files

• Hackers Spy iPhone Users Using Malicious Keyboard Apps

• Simplify budgets and purchasing with Cisco Security Suites

• Bringing Simplicity to Security: The Journey of the Cisco Security Cloud

• Cisco Duo and ISE: Better together in the cybersecurity battlefield

• Top White House Cyber Aide Says Recent Iran Hack on Water System Is Call to Tighten Cybersecurity

• Apache Patches Critical RCE Vulnerability in Struts 2

• Flaws in Delta OT Monitoring Product Can Allow Hackers to Hide Destructive Activities

• Outside the Comfort Zone: Why a Change in Mindset is Crucial for Better Network Security

• Cyber Security Today, Dec. 11, 2023 – Irish water treatment plant shut by cyber attack, WordPress issues a security patch, and more

• UK Mobile Giants ‘Overcharged Users’ £3.3bn, Lawsuit Claims

• Facebook Enables Messenger End-to-End Encryption by Default

• Apple’s Alarming Data Breach: 2.5 Billion Records at Risk

• EU Reaches Agreement on AI Act Amid Three-Day Negotiations

• Playbook: Your First 100 Days as a vCISO – 5 Steps to Success

• ACDS Unveils Tailored Email Security Essentials Package for SMBs to Protect from Malicious Communications

• 23andMe responds to breach with new suit-limiting user terms

• ALPHV/BlackCat Site Downed After Suspected Police Action

• EU Agrees AI Rules In ‘Historic’ Deal

• Webinar — Psychology of Social Engineering: Decoding the Mind of a Cyber Attacker

• Video: Talos 2023 Year in Review highlights

• Musk Reinstates Conspiracy Theorist Alex Jones On X

• Silicon UK In Focus Podcast: Web 3.0 in Your Pocket

• TikTok To Restart Indonesia Sales With Tokopedia Investment

• Law Enforcement Reportedly Behind Takedown of BlackCat/Alphv Ransomware Website

• Does Pentesting Actually Save You Money On Cyber Insurance Premiums?

• Over 50% of the Insider Attacks Uses Privilege Escalation Vulnerability

• Insights into your unpatched vulnerabilities

• VictoriaMetrics takes organic growth over investor pressure

• NIST CSF 2.0: What you need to know

• The 2023 ISC2 Cybersecurity Workforce Study Delves into Cloud Security and AI

• CISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalog

• Story of the year: the impact of AI on cybersecurity

• Best Practices for Identity Proofing in the Workplace

• Police Arrest Hundreds of Human Traffickers Linked to Cyber Fraud

• Google is going to kill your passwords (eventually)

• Analyzing AsyncRAT’s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases

• How Smart Cars Are Spying You? Most important Privacy Concerns 2024

• Crypto Exchange Founder Pleads Guilty for Dark Web Transfer

• Two-Fifths of Log4j Apps Use Vulnerable Versions

• CISA and ENISA signed a Working Arrangement to enhance cooperation

• ActiveMQ CVE-2023-46604 Exploited by Kinsing: Threat Analysis

• A week in security (December 4 – December 10)

• iOS 17 NameDrop Debunking, Real World QR Code Attacks, Impact of Ransomware on Hospitals

• Wireless Network Security: Safeguarding Your Digital Haven

• Kubescape open-source project adds Vulnerability Exploitability eXchange (VEX) support

• SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users

• Voice Assistants and Privacy: Striking the Right Balance

• Top 8 Cyber Attack news headlines trending on Google

• A Comprehensive Cybersecurity Audit Checklist: Ensuring Digital Resilience

• Researchers Uncovered an Active Directory DNS spoofing exploit

• New PoolParty Process Injection Techniques Outsmart Top EDR Solutions

• Why are IT professionals not automating?

• Cybercriminals continue targeting open remote access products

• SCS 9001 2.0 reveals enhanced controls for global supply chains

• Adapting cybersecurity for the quantum computing era

• Security automation gains traction, prompting a “shift everywhere” philosophy

• Reflectiz Introduces AI-powered Insights on top of Its Smart Alerting System

Generated on 2023-12-12 23:55:39.616847