IT Security News Daily Summary 2023-12-22

• What do CISOs need to know about API security in 2024?

• Secure Password Hashing in Java: Best Practices and Code Examples

• Ben Rothke’s Review of A Hacker’s Mind

• USENIX Security ’23 ‘The Digital-Safety Risks Of Financial Technologies For Survivors Of Intimate Partner Violence’

• Weaponizing DHCP DNS Spoofing ? A Hands-On Guide

• UAC-0099 Hackers Using Old WinRAR Flaw in New Cyberattack on Ukraine

• Threat modeling: the future of cybersecurity or another buzzword⎥Derek Fisher (author of The Application Security Handbook)

• Data Classification Software Features to Look Out For

• How Cybersecurity for Law Firms has Changed

• The Effectiveness of AI is Limited in Cybersecurity, Yet Boundless in Cybercrime

• UAC-0099UAC-0099 Hackers Using Old WinRAR Flaw in New Cyberattack on Ukraine

• Update your Google Chrome browser ASAP to get these important new security features

• Safeguard the joy: 10 tips for securing your shiny new device

• PXP: Enabling Our Partnership, Now and Into the Future!

• Chameleon Android Malware Can Bypass Biometric Security

• Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft

• The ticking time bomb of Microsoft Exchange Server 2013

• Multiple Vulnerabilities Found In Perforce Helix Core Server

• CRN Recognizes Cisco Secure Firewall 4200

• AlphV/BlackCat allegedly calls for ransomware gang ‘cartel’ to stand up to police

• Twelve Steps to Cyber Resiliency

• India BSNL data breach exposes 2.9 million user records to hackers

• Comcast’s Xfinity Breached: Data of 36 Million Users Exposed

• Cyber sleuths reveal how they infiltrate the biggest ransomware gangs

• 20 Most Popular TechRepublic Articles in 2023

• 10 best practices to secure your Spring Boot applications

• Building Core Capabilities to Modernize SecOps for Cloud

• Web Injection Campaign Targets 40 Banks, 50,000 Users

• Hyperloop One To Close Down – Report

• Top Data Security Issues of Remote Work

• Ransomware gangs increasingly crave the media spotlight

• Zoom says AI features should come at no additional cost. Here’s why

• Rise in RaaS Operations and Implications for Business Security

• Are the Fears About the EU Cyber Resilience Act Justified?

• International Bank Aims To Crack Down On Facebook Marketplace Scams

• Iranian Hackers Target US Defense Sector With New Backdoor

• From CZ To SBF, 2023 Was The Year Of The Fallen Crypto Bro

• GTA 6 Hacker Sentenced To Life In Hospital Prison

• In Other News: Crypto Exchange Hack Guilty Plea, Rating AI Vulnerabilities, Intellexa Spyware

• UK Teen Gets Indefinite Hospital Order For ‘Grand Theft Auto’ Hack

• Holiday Threats Surge as Christmas-Themed Scams Explode

• GTA 6 Hacker from Lapsus$ Gang Sentenced to Hospital

• Navigating the Perilous Waters of Crypto Phishing Attacks

• IBM’s 2024 predictions show gen AI is the new DNA of cyberattacks

• Member of Lapsus$ gang sentenced to an indefinite hospital order

• Best of 2023: Watching a Crypto Investment Scam WhatsApp Group

• Codenotary Adds Machine Learning Algorithms to SBOM Search Tool

• Insomniac Games Cybersecurity Breach

• FBI Alarmed as Ransomware Strikes 300 Victims, Critical Sectors Under Siege

• International Authorities Take Down ALPHV ransomware Gang’s Dark Web Leak Site

• Operation RusticWeb: Rust-Based Malware Targets Indian Government Entities

• Anticipating the Journey: Launching Your First Open Source Project

• GigaOm’s Cloud Network Security Radar Ranks Check Point as the Industry Leader

• Cyber Security Today, Year in Review for 2023

• China Drafts New Restrictions For Online Gaming

• Report Warns Of Landfill Risk, When Microsoft Ends Windows 10 Support

• 5 Environmental Sustainability Trends for 2024

• Iranian Hackers Targeting US Defense Industrial Base Entities With New Backdoor

• Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware

• Congress Sure Made a Lot of Noise About Kids’ Privacy in 2023—and Not Much Else

• Facebook Marketplace Is Being Ruined by Zelle Scammers

• Data Exfiltration Using Indirect Prompt Injection

• AWS re:Invent 2023: Passwordless Authentication

• These are the cybersecurity stories we were jealous of in 2023

• Major Data Breach at ESO Solutions Affects 2.7 Million Patients

• NSA Releases 2023 Cybersecurity Year in Review Report

• CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild

• Inmate, Staff Information Stolen in Rhode Island Prison Data Breach

• Weekly Blog Wrap-Up (December 18- December 21 , 2023)

• This year’s resolution: remove nosey apps from your device

• Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher

• Ho Ho Home For Christmas? Tips For Avoiding Tech Terrors This Festive Season

• Base Operations raises $9.1 million to boost global threat intelligence

• SMS Scams Set to Peak on Saturday in UK

• JaskaGO Malware Attacking Windows and macOS Operating Systems

• Justice Secretary in Deepfake General Election Warning

• Crypto Drainer Steals $59m Via Google and X Ads

• Real estate agency exposes details of 690k customers

• UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware

• Hackers Exploiting Old Microsoft Office RCE Flaw to Deploy Agent Tesla Malware

• What is Host Header Injection?

• Most scammed items for this Christmas season

• New infosec products of the week: December 22, 2023

• First American becomes victim to a ransomware attack

• Microsoft Warns of New ‘FalseFont’ Backdoor Targeting the Defense Sector

• Forging A New Era of Invoicing Security

• Digital Criminal Ontology; Trading Pistols for Programmers

• Companies Must Strengthen Cyber Defense in Face of Shifting Threat Actor Strategies

• Grip SSCP-Slack Blog

• Future of wireless technology: Key predictions for 2024

• New insights into the global industrial cybersecurity landscape

• Tech workers fear being left unprepared for the future

• 11 GenAI cybersecurity surveys you should read

• Deepfactor 3.4 Includes Enhanced Runtime Reachability and Runtime Security Capabilities

• Cybersecurity for Remote Work: Securing Virtual Environments and Endpoints

• 5 Ways to Conquer Your Certification Exam Fears

• 10 of the biggest ransomware attacks in 2023

• Data Protection in Educational Institutions

• The Cyber Threat Intelligence Paradox – Why too much data can be detrimental and what to do about it

• Advancing SOAR Technology: Key 2023 Updates in Incident Response Automation

• Two Lapsus$ gang members sentenced in U.K.

• BidenCash Market Leaks 1.6 Million Credit Card Details

• Cybersecurity Competitions for Students

• SecureAcademy Reaches Major Milestone in its Mission to Train the Next Generation of Cyber Warriors

• IT Security News Daily Summary 2023-12-21

• The 2023 Wordfence Holiday Bug Extravaganza Reaches An Exciting Conclusion!

• Lapsus$ teen sentenced to indefinite detention in hospital after Nvidia, GTA cyberattacks

• Unlocking CAPTCHAs: Moving Beyond Deterrence to Detection

• Stupid Patent of the Month: Selfie Contests

• Randall Munroe’s XKCD ‘Love Songs’

• USENIX Security ’23 – Domien Schepers, Aanjhan Ranganathan, Mathy Vanhoef – ‘Framing Frames: Bypassing Wi-Fi Encryption By Manipulating Transmit Queues’

• Cisco Places Bet on AI Cloud Security with Isovalent Purchase

• Iran’s Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector

• Web fuzzing: Everything you need to know

• Cisco to Acquire Isovalent, Add eBPF Tech to Cloud Portfolio

• Interpol Nets $300 Million, Arrests 3,500 in Major Cyber Crime Bust

• CISA Finalizes Microsoft 365 Secure Configuration Baselines

• ‘ASTORS’ Champion QuSecure: Tips to Stay Safe this Holiday Season

• CISA Adds Two Known Exploited Vulnerabilities to Catalog

• FXC AE1021/AE1021PE

• CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool

• Unraveling the Struts2 security vulnerability: A deep dive

• Google Cloud’s Cybersecurity Predictions of 2024 and Look Back at 2023

• Three Big Porn Websites Must Verify User’s Age In EU

• Shifting from reCAPTCHA to hCaptcha

• CISOs Need to Take a Holistic Approach to Risk Management

• EFF Has a Guiding Star 🌠

• EFF Urges Supreme Court to Set Standard for How Government Can and Can’t Talk to Social Media Sites About Censoring Users’ Posts

• Chameleon Android Banking Trojan Variant Bypasses Biometric Authentication

• Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware

• Controversial Parler Platform Set For 2024 Return

• US Commerce Dept To Review Semiconductor Supply Chain

• Weather Wonders: A Guide to Crafting a Dynamic App Using Weather APIs

• Introducing ThreatCloud Graph: A Multi-Dimensional Perspective on Cyber Security

• Cheers to 2023 and a Year of Partner Prosperity Ahead

• Recapping Cisco industrial IoT’s journey: A year of security, simplification and innovation

• Bandook – A Persistent Threat That Keeps Evolving

• EFF Has a Guiding Star 🌠

• USENIX Security ’23 – Min Shi, Jing Chen, Kun He, Haoran Zhao, Meng Jia, and Ruiying Du – Formal Analysis And Patching Of BLE-SC Pairing

• Phishing Campaign Targets Instagram Users, Steals Backup Codes and Circumvent 2FA Protection

• Healthcare Provider ESO Hit in Ransomware Attack, 2.7 Million Impacted

• CISA Releases Two Industrial Control Systems Advisories

• QNAP VioStor NVR

• Cisco to acquire cloud-native networking and security startup Isovalent

• The Great Interoperability Convergence: 2023 Year in Review

• EFF Has a Guiding Star 🌠

• BattleRoyal Cluster Signals DarkGate Surge

• Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware

• Malware threat on rise and some details

• Best practices for secure network automation workflows

• ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products

• The Four Layers of Antivirus Security: A Comprehensive Overview

• 2023 Year in Review

• HackersEra Launches Telecom Penetration Testing to Eliminate Cyber Threats

• Mr. Cooper Data Breach: 14 Million Customers Exposed

• Decoding the Elusive ‘FedEx’ Scam: An Inside Look at the Tactics and Challenges

• Digital Landline Switch Halted for Vulnerable Users in UK

• Wordfence Intelligence Weekly WordPress Vulnerability Report (December 11, 2023 to December 17, 2023)

• 3 Key Updates Introduced in the 2023 FDA Cybersecurity Guidance for Medical Devices

• Board preparedness: 7 steps to combat cybersecurity threats

• Top 12 online cybersecurity courses for 2024

• Celebrities Found in Unprotected Real Estate Database Exposing 1.5 Billion Records

• Outage Resolved At Elon Musk’s X

• Matching Algorithms in Dating Apps

• Phosphorus gets $27M to build out its xIoT security solutions

• Third-Party Supply Chain Risk a Challenge for Cyber Security Professionals in Australia

• Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware

• International Investigations Target Financial Cybercrime

• Four in five Apache Struts 2 downloads are for versions featuring critical flaw

• How Human Elements Impact Email Security

• Rapid Bug Fixes For iPhone and Mac Users

• Defining the Future of Multicloud Networking and Security: Cisco Announces Intent to Acquire Isovalent

• Google Rushes To Patch Eighth Chrome Zero Day This Year

• Mozilla Decides Trusted Types Is A Worthy Security Feature

• Something Nasty Injected Login Stealing JavaScript Code Into 50k Online Banking Sessions

• Is Your Organization Infected by Mobile Spyware?

• ESET Patches High-Severity Vulnerability in Secure Traffic Scanning Feature

• Best of 2023: Why is everyone getting hacked on Facebook?

• 8220 Gang Targets Telecom and Healthcare in Global Cryptojacking Attack

• The Elusive Quest for DevSecOps Collaboration

• AWS re:Invent 2023: Cybersecurity Visibility

• AWS re:Invent 2023: Ransomware Defense

• New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

• Apple Fails To Delay Apple Watch Import Ban

• Start a career in IT with this cybersecurity training bundle

• What developers trying out Google Gemini should know about their data

• Cyberattack on Ukraine’s Kyivstar Seems to Be Russian Hacktivists

• FTC Proposes Strengthening Children’s Online Privacy Rules to Address Tracking, Push Notifications

• Ivanti Patches Dozen Critical Vulnerabilities in Avalanche MDM Product

• ESO Solutions Data Breach Impacts 2.7 Million Individuals

• Mozilla decides Trusted Types is a worthy security feature

• Vulnerability prioritization in Kubernetes: unpacking the complexity

• How to Encrypt Emails in Outlook?

• Cost of a Data Breach Report 2023: Insights, Mitigators and Best Practices

• BT Risks Fine As Huawei Removal Deadline Nears – Report

• New OilRig Downloaders Abusing Microsoft Cloud APIs for C&C Communications

• Google Rushes to Patch Eighth Chrome Zero-Day This Year

• Product showcase: DCAP solution FileAuditor for data classification and access rights audit

• OpenSSL’s Official Youtube Channel

• HCL Investigating Ransomware Attack on Isolated Cloud Environment

• German Authorities Dismantle Dark Web Hub ‘Kingdom Market’ in Global Operation

• Ivanti Urges Customers to Patch 13 Critical Vulnerabilities

• What Role Does Cybersecurity Awareness Play in Education?

• Windows CLFS and five exploits used by ransomware operators (Exploit #1 – CVE-2022-24521)

• Windows CLFS and five exploits used by ransomware operators

• Windows CLFS and five exploits used by ransomware operators (Exploit #2 – September 2022)

• Windows CLFS and five exploits used by ransomware operators (Exploit #3 – October 2022)

• Windows CLFS and five exploits used by ransomware operators (Exploit #4 – CVE-2023-23376)

• Shield Your Device: Mitigating Bluetooth Vulnerability Risks

• Understanding QEMU’s Role in Linux System Emulation Security

• Navigating the Latest Android Security Updates: December 2023 Highlights

• German Police Take Down Kingdom Market Dark Web Marketplace

• Fake Delivery Websites Surge By 34% in December

• Chinese ‘Volt Typhoon’ hackers take aim at US critical infrastructure

• Data leak exposes users of car-sharing service Blink Mobility

• IAM & Detection Engineering

• Hackers Exploiting Old MS Excel Vulnerability to Spread Agent Tesla Malware

• Key Takeaways from the Gartner® Market Guide for Insider Risk Management

• Why data, AI, and regulations top the threat list for 2024

• How companies should recover when password breach occurs

• A closer look at the manufacturing threat landscape

• Data loss prevention isn’t rocket science, but NASA hasn’t made it work in Microsoft 365

• Are organizations moving away from passwords?

• How executives adapt to rising cybersecurity concerns in mobile networks

• 86% of cyberattacks are delivered over encrypted channels

• Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild – Update ASAP

• To Xfinity’s Breach and Beyond – The Fallout from “CitrixBleed”

• Ransomware Attacks: Are You Self-Sabotaging?

• Cybersecurity Tips to Stay Safe this Holiday Season

• Why RV Connex Chose Swimlane As “The Powerhouse” Of Their SOC

• Role of Parents in Teaching Online Safety

• Addressing Cyberbullying and Online Harassment

• Google addressed a new actively exploited Chrome zero-day

• German police seized the dark web marketplace Kingdom Market

• Something nasty injected login-stealing JavaScript into 50K online banking sessions

Generated on 2023-12-22 23:55:51.206453