IT Security News Daily Summary 2023-12-16

• DEF CON 31 – Ting-Yu [NiNi] Chen’s ‘Review On The Less Traveled Road – 9 Yrs of Overlooked MikroTik PreAuth RCE’

• Hackers Fix Polish Train Glitch, Face Legal Pushback by the Manufacturer

• The CISO risk calculus: Navigating the thin line between paranoia and vigilance

• Hunters International ransomware gang claims to have hacked the Fred Hutch Cancer Center

• The Murky Waters of API Visibility and What That Means for Your Company

• Shining a Light on Modern Cyber Battlefield Attacks

• New ‘NKAbuse’ Linux Malware Uses Blockchain Technology to Spread

• Google moves to end geofence warrants, a surveillance problem it largely created

• OAuth App Abuse: A Growing Cybersecurity Threat

• Ransomware Groups are Using PR Charm Tactic to Put Pressure on Victims to Pay Ransom

• Google Just Denied Cops a Key Surveillance Tool

• Rise of OLVX: A New Haven for Cybercriminals in the Shadows

• LockBit is Recruiting Members of ALPHV/BlackCat and NoEscape Ransomware Outfit

• How to Defend Against Digital Cyberthreats This Holiday Season

• Akamai?s Perspective on December?s Patch Tuesday 2023

• DEF CON 31 – Joe Sullivan’s ‘A Different Uber Post Mortem’

• New iOS feature to thwart eavesdropping – Week in security with Tony Anscombe

• Unleashing the Power of AI in Fintech API Management: A Comprehensive Guide for Product Managers

• China’s MIIT Introduces Color-Coded Action Plan for Data Security Incidents

• Protect your Discord account with a Security Key

• Why It’s More Important Than Ever to Align to The MITRE ATT&CK Framework

• Cybersecurity Is Changing: Is the Experience Positive or Negative?

• Navigating The Cybersecurity Horizon: Insights and Takeaways from Blackhat2023

• Understanding The Impact of The SEC’s Cybersecurity Disclosure Regulations

• Microsoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card Frauds

• Rev Up to Recert: Your Catalyst for Learning Cisco SD-WAN

• Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server

• New NKAbuse malware abuses NKN decentralized P2P network protocol

• Hundreds of thousands of dollars in crypto stolen after Ledger code poisoned

• Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains

• Top 10 CISSP Stress-Busting Study Tips & Tricks

• 4 Different Types of VPNs & When to Use Them

• December 2023 Web Server Survey

• Stellar & Blackberry Join to Deliver Open XDR to MSSPs and Enterprise

• How CISOs can manage multiprovider cybersecurity portfolios

• The Surveillance Showdown That Fizzled

• Privacy Policy 2024

• Kraft Heinz suggests we simmer down about Snatch ransomware attack claims

• Christmas scams: Attacks to be aware of this holiday season

• Cyber Security Today, Week in Review for the week ending Friday, Dec. 15, 2023

• Beyond Captchas: Exploring the Advancements of AI in Modern Bot Mitigation

• Ubiquiti fixes glitch that exposed private video streams to other customers

• Southern Ontario school board acknowledges ‘cyber incident’

• Delta Dental Hit with 7 Million User Data Breach in MOVEit-Linked Attack

• NKAbuse Threat Uses NKN Blockchain Network for DDoS Attacks

• Dental benefits group notifying almost 7 million Americans of MOVEit data theft

• CISA Releases Key Risk and Vulnerability Findings for Healthcare and Public Health Sector

• Zerocopter Debuts First Hacker-Led Cybersecurity Marketplace

• Achieving Continuous Compliance

• 4 ways to overcome your biggest worries about generative AI

• CISA Releases Advisory on Cyber Resilience for the HPH Sector

• Ransomware Revealed: From Attack Mechanics to Defense Strategies

• Internet Archive Files Appeal Brief Defending Libraries and Digital Lending From Big Publishers’ Legal Attack

• Kansas Courts’ Computer Systems Are Starting to Come Back Online, 2 Months After Cyberattack

• China Issues Warning About Theft of Military Geographic Data in Data Breaches

• New Lock Screen Bypass Discovered For Android 13 And 14

• Hackers abusing OAuth to automate cyber attacks, says Microsoft

• Privacy Complaint Filed Against Elon Musk’s X

• Demystifying SAST, DAST, IAST, and RASP

• Shaping the Future of Finance: The Cisco and AWS Collaboration in EMEA

• DEF CON 31 – Noam Moshe’s And Sharon Brizinov’s ‘A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS’

• Romance Scammers are Adopting Approval Phishing Tactics

• Happy New Year: Google Cookie Block Starts Soon, but Fear Remains

• Sensitive data loss is due to lack of encryption

• Simplifying IT for Better Experiences

• Demystifying CASB and Its Role within SASE

• Apple’s Push Notification Data Used to Investigate Capitol Rioters; Apple Sets Higher Legal bar

• Unlocking Security Excellence: The Power of SOC-as-a-Service

• Will 2024 Be the Year of the Software Bill of Materials? Experts Weigh In.

• Meta’s Threads Now Available In European Union

• Shared Platforms Explained: Navigating the Enterprise Ecosystem

• CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords

• Russian Hackers Attack JetBrains TeamCity Servers

• Information For 45,000 Stolen In Idaho National Laboratory Data Breach

• Microsoft Takes Down Websites Used To Create 750 Million Fraudulent Accounts

• Suspects Can Refuse To Provide Phone Passcodes To Police, Court Rules

• MrAnon Stealer Propagates via Email with Fake Hotel Booking PDF

• Epic Games Wins: Historic Decision Against Google in App Store Antitrust Case

• Snatch ransomware gang claims the hack of the food giant Kraft Heinz

• NKabuse Backdoor Harnesses Blockchain Brawn To Hit Several Architectures

• In Other News: Ukraine Hacks Russia, CVE for Water ICS Attacks, New Intel Xeon CPUs

• New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks

• NKabuse backdoor harnesses blockchain brawn to hit several architectures

• CVE-2023-22524: RCE Vulnerability in Atlassian Companion for macOS

• Most API security strategies are underdeveloped. Let’s unpack that.

• Tools Alone do not Automatically Guarantee Mature Secrets Management

• The Dark Side of Digital Reading: E-Books as Corporate Surveillance Tools

• Tired of Messy Code? Master the Art of Writing Clean Codebases

• Data Governance: MDM and RDM (Part 3)

• Getting to Know: Royce Ho

• Santa’s presents can be your worst spy this Christmas: five must-haves to keep this Season’s treats safe from cyber criminals

• iOS 17.2 update puts an end to Flipper Zero’s iPhone shenanigans

• Zoom Unveils Open Source Vulnerability Impact Scoring System

• Master Identity Governance

• 7 Best Practices for Identity Governance

• Cyber Security Today, Dec. 15, 2023 – A botnet expands, threats to unpatched TeamCity servers, and more

• Crypto Hardware Wallet Ledger’s Supply Chain Breach Results in $600,000 Theft

• Secure Workload and Secure Firewall: The recipe for a robust zero trust cybersecurity strategy

• Be one of those people that gives back to the community

• Multiple flaws in pfSense firewall can lead to arbitrary code execution

• Hackers are Increasingly Using Remote Admin Tools to Control Infected Systems

• Transcend enhances its privacy platform to address current and future compliance challenges

• WALLIX One helps mitigate risks associated with theft and identity compromise

• Bug or Feature? Hidden Web Application Vulnerabilities Uncovered

• Amazon Wins $274m Tax Battle With EU

• Windows Defender Quarantine Folder Metadata Recovered for Forensic Investigations

• Ledger NPM Repo Hacked Through a Spear Phishing Attack on an Employee

• Recent Apache Struts 2 Vulnerability in Attacker Crosshairs

• Personal Information of 45,000 Individuals Stolen in Idaho National Laboratory Data Breach

• OilRig targets Israel organizations with new lightweight downloaders

• InfoWorld’s 2023 Technology of the Year Award winners

• Google starts to add Tracking Protection to Chrome, turning off third-party cookies

• Benefits of Adopting Zero-Trust Security

• Data of over a million users of the crypto exchange GokuMarket exposed

• BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

• To BCC or not to BCC – that is the question data watchdog wants answered

• Food Giant Kraft Heinz Targeted by Ransomware Group

• Penetration Testing for Sensitive Data Exposure in Enterprise Networks: Everything You Need to Know!

• AutoSecT : Powered by Kratikal

• Four Charged in Connection With $80m Pig Butchering Scheme

• UK Plans Tough New Security Rules For Datacenters

• Over 45,000 Employees Hit By Nuclear Research Lab Breach

• Idaho National Laboratory data breach impacted 45,047 individuals

• Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit

• Google’s New Tracking Protection in Chrome Blocks Third-Party Cookies

• Scam or not? BitDefender’s Scamio AI promises to have the answer

• New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks

• Microsoft AI ChatGPT going rogue or experiencing seasonal depression

• Essential Tips for Claiming Cyber Insurance Coverage

• New infosec products of the week: December 15, 2023

• Fortifying cyber defenses: A proactive approach to ransomware resilience

• Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors

• The Defender’s Advantage Cyber Snapshot, Issue 5 — Insiders, Applications, and Mitigating Risk

• Multi-cloud computing offers benefits but makes IT far more complex

• CIOs shape long-term success with GenAI expertise

• Modern DevSecOps

• Takeaways from Our Roundtable at the Millennium Alliance – Dec 2023

• Home AI Revolution: From Assistants to Smart Appliances

• Security Review for M365 Apps for enterprise v2312

• Russian APT29 Hacked US Biomedical Giant in TeamCity-Linked Breach

• Security review for Microsoft Edge version 120

• CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component

Generated on 2023-12-16 23:55:30.553169