IT Security News Daily Summary 2023-12-21

• The 2023 Wordfence Holiday Bug Extravaganza Reaches An Exciting Conclusion!

• Lapsus$ teen sentenced to indefinite detention in hospital after Nvidia, GTA cyberattacks

• Unlocking CAPTCHAs: Moving Beyond Deterrence to Detection

• Stupid Patent of the Month: Selfie Contests

• Randall Munroe’s XKCD ‘Love Songs’

• USENIX Security ’23 – Domien Schepers, Aanjhan Ranganathan, Mathy Vanhoef – ‘Framing Frames: Bypassing Wi-Fi Encryption By Manipulating Transmit Queues’

• Cisco Places Bet on AI Cloud Security with Isovalent Purchase

• Iran’s Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector

• Web fuzzing: Everything you need to know

• Cisco to Acquire Isovalent, Add eBPF Tech to Cloud Portfolio

• Interpol Nets $300 Million, Arrests 3,500 in Major Cyber Crime Bust

• CISA Finalizes Microsoft 365 Secure Configuration Baselines

• ‘ASTORS’ Champion QuSecure: Tips to Stay Safe this Holiday Season

• CISA Adds Two Known Exploited Vulnerabilities to Catalog

• FXC AE1021/AE1021PE

• CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool

• Unraveling the Struts2 security vulnerability: A deep dive

• Google Cloud’s Cybersecurity Predictions of 2024 and Look Back at 2023

• Three Big Porn Websites Must Verify User’s Age In EU

• Shifting from reCAPTCHA to hCaptcha

• CISOs Need to Take a Holistic Approach to Risk Management

• EFF Has a Guiding Star 🌠

• EFF Urges Supreme Court to Set Standard for How Government Can and Can’t Talk to Social Media Sites About Censoring Users’ Posts

• Chameleon Android Banking Trojan Variant Bypasses Biometric Authentication

• Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware

• Controversial Parler Platform Set For 2024 Return

• US Commerce Dept To Review Semiconductor Supply Chain

• Weather Wonders: A Guide to Crafting a Dynamic App Using Weather APIs

• Introducing ThreatCloud Graph: A Multi-Dimensional Perspective on Cyber Security

• Cheers to 2023 and a Year of Partner Prosperity Ahead

• Recapping Cisco industrial IoT’s journey: A year of security, simplification and innovation

• Bandook – A Persistent Threat That Keeps Evolving

• EFF Has a Guiding Star 🌠

• USENIX Security ’23 – Min Shi, Jing Chen, Kun He, Haoran Zhao, Meng Jia, and Ruiying Du – Formal Analysis And Patching Of BLE-SC Pairing

• Phishing Campaign Targets Instagram Users, Steals Backup Codes and Circumvent 2FA Protection

• Healthcare Provider ESO Hit in Ransomware Attack, 2.7 Million Impacted

• CISA Releases Two Industrial Control Systems Advisories

• QNAP VioStor NVR

• Cisco to acquire cloud-native networking and security startup Isovalent

• The Great Interoperability Convergence: 2023 Year in Review

• EFF Has a Guiding Star 🌠

• BattleRoyal Cluster Signals DarkGate Surge

• Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware

• Malware threat on rise and some details

• Best practices for secure network automation workflows

• ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products

• The Four Layers of Antivirus Security: A Comprehensive Overview

• 2023 Year in Review

• HackersEra Launches Telecom Penetration Testing to Eliminate Cyber Threats

• Mr. Cooper Data Breach: 14 Million Customers Exposed

• Decoding the Elusive ‘FedEx’ Scam: An Inside Look at the Tactics and Challenges

• Digital Landline Switch Halted for Vulnerable Users in UK

• Wordfence Intelligence Weekly WordPress Vulnerability Report (December 11, 2023 to December 17, 2023)

• 3 Key Updates Introduced in the 2023 FDA Cybersecurity Guidance for Medical Devices

• Board preparedness: 7 steps to combat cybersecurity threats

• Top 12 online cybersecurity courses for 2024

• Celebrities Found in Unprotected Real Estate Database Exposing 1.5 Billion Records

• Outage Resolved At Elon Musk’s X

• Matching Algorithms in Dating Apps

• Phosphorus gets $27M to build out its xIoT security solutions

• Third-Party Supply Chain Risk a Challenge for Cyber Security Professionals in Australia

• Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware

• International Investigations Target Financial Cybercrime

• Four in five Apache Struts 2 downloads are for versions featuring critical flaw

• How Human Elements Impact Email Security

• Rapid Bug Fixes For iPhone and Mac Users

• Defining the Future of Multicloud Networking and Security: Cisco Announces Intent to Acquire Isovalent

• Google Rushes To Patch Eighth Chrome Zero Day This Year

• Mozilla Decides Trusted Types Is A Worthy Security Feature

• Something Nasty Injected Login Stealing JavaScript Code Into 50k Online Banking Sessions

• Is Your Organization Infected by Mobile Spyware?

• ESET Patches High-Severity Vulnerability in Secure Traffic Scanning Feature

• Best of 2023: Why is everyone getting hacked on Facebook?

• 8220 Gang Targets Telecom and Healthcare in Global Cryptojacking Attack

• The Elusive Quest for DevSecOps Collaboration

• AWS re:Invent 2023: Cybersecurity Visibility

• AWS re:Invent 2023: Ransomware Defense

• New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

• Apple Fails To Delay Apple Watch Import Ban

• Start a career in IT with this cybersecurity training bundle

• What developers trying out Google Gemini should know about their data

• Cyberattack on Ukraine’s Kyivstar Seems to Be Russian Hacktivists

• FTC Proposes Strengthening Children’s Online Privacy Rules to Address Tracking, Push Notifications

• Ivanti Patches Dozen Critical Vulnerabilities in Avalanche MDM Product

• ESO Solutions Data Breach Impacts 2.7 Million Individuals

• Mozilla decides Trusted Types is a worthy security feature

• Vulnerability prioritization in Kubernetes: unpacking the complexity

• How to Encrypt Emails in Outlook?

• Cost of a Data Breach Report 2023: Insights, Mitigators and Best Practices

• BT Risks Fine As Huawei Removal Deadline Nears – Report

• New OilRig Downloaders Abusing Microsoft Cloud APIs for C&C Communications

• Google Rushes to Patch Eighth Chrome Zero-Day This Year

• Product showcase: DCAP solution FileAuditor for data classification and access rights audit

• OpenSSL’s Official Youtube Channel

• HCL Investigating Ransomware Attack on Isolated Cloud Environment

• German Authorities Dismantle Dark Web Hub ‘Kingdom Market’ in Global Operation

• Ivanti Urges Customers to Patch 13 Critical Vulnerabilities

• What Role Does Cybersecurity Awareness Play in Education?

• Windows CLFS and five exploits used by ransomware operators (Exploit #1 – CVE-2022-24521)

• Windows CLFS and five exploits used by ransomware operators

• Windows CLFS and five exploits used by ransomware operators (Exploit #2 – September 2022)

• Windows CLFS and five exploits used by ransomware operators (Exploit #3 – October 2022)

• Windows CLFS and five exploits used by ransomware operators (Exploit #4 – CVE-2023-23376)

• Shield Your Device: Mitigating Bluetooth Vulnerability Risks

• Understanding QEMU’s Role in Linux System Emulation Security

• Navigating the Latest Android Security Updates: December 2023 Highlights

• German Police Take Down Kingdom Market Dark Web Marketplace

• Fake Delivery Websites Surge By 34% in December

• Chinese ‘Volt Typhoon’ hackers take aim at US critical infrastructure

• Data leak exposes users of car-sharing service Blink Mobility

• IAM & Detection Engineering

• Hackers Exploiting Old MS Excel Vulnerability to Spread Agent Tesla Malware

• Key Takeaways from the Gartner® Market Guide for Insider Risk Management

• Why data, AI, and regulations top the threat list for 2024

• How companies should recover when password breach occurs

• A closer look at the manufacturing threat landscape

• Data loss prevention isn’t rocket science, but NASA hasn’t made it work in Microsoft 365

• Are organizations moving away from passwords?

• How executives adapt to rising cybersecurity concerns in mobile networks

• 86% of cyberattacks are delivered over encrypted channels

• Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild – Update ASAP

• To Xfinity’s Breach and Beyond – The Fallout from “CitrixBleed”

• Ransomware Attacks: Are You Self-Sabotaging?

• Cybersecurity Tips to Stay Safe this Holiday Season

• Why RV Connex Chose Swimlane As “The Powerhouse” Of Their SOC

• Role of Parents in Teaching Online Safety

• Addressing Cyberbullying and Online Harassment

• Google addressed a new actively exploited Chrome zero-day

• German police seized the dark web marketplace Kingdom Market

• Something nasty injected login-stealing JavaScript into 50K online banking sessions

• IT Security News Daily Summary 2023-12-20

• FTC’s Rite Aid Ruling Rightly Renews Scrutiny of Face Recognition

• BlackCat/ALPHV Ransomware Site Seized in International Takedown Effort

• Cybercrooks book a stay in hotel email inboxes to trick staff into spilling credentials

• Attackers Finding Novel Ways to Abuse GitHub: ReversingLabs

• New to Cybersecurity? Use These Career Hacks to Get a Foot in the Door

• security.txt: A Simple File with Big Value

• BlackCat Ransomware Site Seized in International Takedown Effort

• FBI Disrupts BlackCat Ransomware Threat Group Activity – The Essential Facts

• CodeSecure Expands Automation Capabilities for Complying with Leading Embedded Software Safety and Security Standards

• 7 Cybersecurity Tips for Small Businesses

• Exploring EMBA: Unraveling Firmware Security with Confidence

• USENIX Security ’23 – Claudio Anliker, Giovanni Camurati, and Srdjan Čapkun ‘Time for Change: How Clocks Break UWB Secure Ranging’

• Managing API Contracts and OpenAPI Documents at Scale

• SimSpace Scores $45 Million Investment to Expand Cyber Range Tech Markets

• Threat actors still exploiting old unpatched vulnerabilities, says Cisco

• Scraped images of sexually abused children found in AI training database

• Data Leak Exposes 1.5 Billion Real Estate Records, Including Elon Musk, Kylie Jenner

• Cyber Security Trends to Watch in Australia in 2024

• CISA Issues Request For Information on Secure by Design Software Whitepaper

• Top 7 Cybersecurity Threats for 2024

• AppOmni Previews Generative AI Tool to Better Secure SaaS Apps

• Automate Your SSO With Ansible and Keycloak

• With the Right Support, Developers Can Lead Your Organization to Superior PCI-DSS 4.0 Compliance

• Check Point Software: The Pioneer in Cybersecurity Earns Security Platform Recognition from Top Analysts Firms in 2023

• The Limitations of Google Play Integrity API (ex SafetyNet)

• U.S. drug store chain banned from using facial recognition for five years

• The Do?s and Don?ts of Modern API Security

• Women Can Make a Difference in the Field of Data Science

• NASA Uses Laser To Beam Cat Video From Deep Space

• Mozilla Releases Security Updates for Firefox and Thunderbird

• Tech gifts you shouldn’t buy your family and friends for the holidays

• SSH FAIL: Terrapin Attack Smashes ‘Secure’ Shell Spec

• Enhancing Home Security: The Essential Guide to Garage Door Opener Manuals and Advanced Security Features

• Full Fibre Broadband Reaches 17 Million UK Homes, Says Ofcom

• ARM Lays Off Workers In China – Report

• Nashville-based Phosphorus gets $27M to build out its xIoT security solutions

• Apple Releases Security Updates for Multiple Products

• Keeping the Lights On: Brazilian Power Utility Wins Cybersecurity Award for Securing Grid Network with Cisco

• Cisco and Nutanix Team Up in Response to Customer Demand: Another Win for Customer-Centric Innovation

• Okta to Acquire Israeli Startup Spera Security

• USENIX Security ’23 – Ang Li, Jiawei Li, Dianqi Han, Yan Zhang, Tao Li, Ting Zhu, Yanchao Zhang ‘PhyAuth: Physical-Layer Message Authentication for ZigBee Networks’

• Hospitality Industry Faces New Password-Stealing Malware

• Top 5 Lucrative Careers in Artificial Intelligence

• New JaskaGO Malware Targets Mac and Windows for Crypto, Browser Data

• Using VB.NET To Check for Proxy and VPN With IP2Location.io Geolocation API

• Why CISOs and CIOs Should Work Together More Closely

• Law enforcement Operation HAECHI IV led to the seizure of $300 Million

• New Report: 85% Firms Face Cyber Incidents, 11% From Shadow IT

• 5 common data security pitfalls — and how to avoid them

• 7 Best Attack Surface Management Software for 2024

• What is the EPSS score? How to Use It in Vulnerability Prioritization

• How to Complete an IT Risk Assessment (2023)

• Unveiling the Dynamics of Cybersecurity- A Heimdal® Report

• New JaskaGO Malware Stealer Threatens Windows and MacOS Operating Systems

• BlackCat Strikes Back: Ransomware Gang “Unseizes” Website, Vows No Limits on Targets

• NSA Blocked 10 Billion Connections to Malicious and Suspicious Domains

• Mozilla Patches Firefox Vulnerability Allowing Remote Code Execution, Sandbox Escape

• Unveiling Storm-1152: A Top Creator of Fake Microsoft Accounts

• Telus Makes History with ISO Privacy Certification in AI Era

• Belgium Commences Mega Drug Trial After Covert Apps Cracked

• Kasada launches advanced bot defense platform with evolving protection and attack insights

• 2024 Cybersecurity Industry Experts Predictions: Part 1

• ImmuniWeb is now ISO 9001 certified

• Toshiba Delisted From Toyko Stock Exchange After 74 Years

• Hackers Abuse Bot Protection Tool to Launch Cyber Attacks

• The Evolving Cyber Landscape: AI Fighting AI

• How Education Institution Technology Needs to Evolve

• How Cisco and Wipro are Improving the Airport Experience

• 1 In 4 High Risk CVEs Are Exploited Within 24 Hours Of Going Public

• Play Ransomware Gang Tied To 300 Attacks In 17 Months

• DOJ Seizes Ransomware Site as BlackCat Threatens More Attacks

• Stellar Cyber integrates with SentinelOne for enhanced cybersecurity across environments

• Remote Encryption Attacks Surge: How One Vulnerable Device Can Spell Disaster

• New Web Injection Malware Campaign Steals Bank Data of 50,000 People

• Cyber Security Today, Dec. 20, 2023 – Data on over 35 million Comcast customers stolen because patching wasn’t fast enough

• AskOmni simplifies and enhances SaaS security

• OpenSSL 25 Year Anniversary T-Shirt Giveaway

• INTERPOL Arrests 3,500 Suspects In Sweeping Cybercrime Operation

• Krasue RAT Malware: A New Threat to Linux Systems

• Extended Detection and Response: The Core Element of Zero-Trust Security

• Recap from Singapore FinTech Festival

• Sophisticated JaskaGO info stealer targets macOS and Windows

• Xfinity Data Breach Impacts 36 Million Individuals

• 8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers

• ConnectSecure announces improved cybersecurity scanning platform for MSPs

• BlackCat Rises: Infamous Ransomware Gang Defies Law Enforcement

• The Shift to Distributed Cloud: The Next Era of Cloud Infrastructure

• Mute the Sound: Chaining Vulnerabilities to Achieve RCE on Outlook: Pt 2

• Mute the Sound: Chaining Vulnerabilities to Achieve RCE on Outlook: Pt 1

• Insights from Survey of Financial Services Cyber Leaders in Asia-Pacific

• Novel Detection of Process Injection Using Network Anomalies

• Sigma rules for Linux and MacOS

• UK Supreme Court Rules AI Cannot Be Patent Inventor

• Hackers Stole Banking Details From Over 50,000 Users Via Web Injections

• Data Privacy and Cloud Computing: A Review of Security and Privacy Measures

• GCHQ Christmas Codebreaking Challenge

• Codenotary Trustcenter 4.0 helps customers prioritize and address software security issues

• 3,500 Arrested, $300 Million Seized in International Crackdown on Online Fraud

• Oversight Board Reverses Meta Removal Of Graphic Israel-Gaza Videos

• Xfinity Rocked with Data Breach Impacting 36 Million Users

• Product Explained: Memcyco’s Real-Time Defense Against Website Spoofing

• Why Is an Australian Footballer Collecting My Passwords? The Various Ways Malicious JavaScript Can Steal Your Secrets

• Interpol Arrested 3,500 Suspects and Seized $300 Million

• The Avast Phishing Awards: Trickiest email headlines of 2023

• How Strata Identity and Microsoft Entra ID solve identity challenges in mergers and acquisitions

• Halcyon raises $40 million to combat ransomware attacks

• Citrix Bleed leveraged to steal data of 35+ million Comcast Xfinity customers

• Argus vDome prevents cyber vehicle theft

• Alert: Chinese-Speaking Hackers Pose as UAE Authority in Latest Smishing Wave

• 4 Best War Games You Should Play

• Hackers Leveraging GitHub Platform for Hosting Malware

• Manchester’s finest drowning in paperwork as Freedom of Information requests pile up

• SimSpace raises $45 million to fuel continued growth

• Cyber-Incident Costs Surge 11% as Budgets Remain Muted

• Global Police Seize $300m Linked to Online Scams

• Xfinity Discloses Data Breach Impacting Nearly 36 Million

• AI’s Emerging Role in the Fight Against Intellectual Property Theft

• Tips, Tricks and Updates for Tripwire’s State Analyzer

• SSH shaken, not stirred by Terrapin vulnerability

• New Go-Based JaskaGO Malware Targeting Windows and macOS Systems

• 3,500 Arrested in Global Operation HAECHI-IV Targeting Financial Criminals

• Revolutionizing Cybersecurity with Cyber Defense Planning and Optimization

• BMW dealer at risk of takeover by cybercriminals

• AI’s efficacy is constrained in cybersecurity, but limitless in cybercrime

• Ransomware news on FBI, BlackCat, and Game plan release

• How to retrieve data from google account if user dies

• How Are Security Professionals Managing the Good, The Bad and The Ugly of ChatGPT?

• Anticipation And Agility: Cyber Protection for the 2024 Olympics

• Lost in Translation: Mitigating Cybersecurity Risks in Multilingual Environments

• Halting Hackers on the Holidays 2023 Part II: The Apps You (Shouldn’t) Trust

• Product showcase: ImmuniWeb AI Platform

• Analyst Perspective: Toward Converged Identity Assurance

• Supply chain emerges as major vector in escalating automotive cyberattacks

• What Can Go Wrong with Bank Online Account Opening?

• Balancing AI’s promise with privacy and intellectual property concerns

• Subdominator: Open-source tool for detecting subdomain takeovers

• Exploring Technology in Classroom Learning

• New generative AI-powered SaaS security expert from AppOmni

• Cybersecurity Awareness Campaigns in Education

• Comcast’s Xfinity customer data exposed after CitrixBleed attack

• Philippines, South Korea, Interpol cuff 3,500 suspected cyber scammers, seize $300M

• Insight – The Evolving Cybersecurity Landscape in 2024: Predictions and Preparations

• Azure Serial Console Attack and Defense – Part 2

• Biggest Data Security Threats for Businesses: Strategies to Strengthen Your Defense

Generated on 2023-12-21 23:55:46.407418