IT Security News Daily Summary 2024-01-09

• The SEC’s Official X Account Was ‘Compromised’ and Used to Post Fake Bitcoin News

• Next generation digital substation WAN

• SEC Twitter hijacked to push fake news of hotly anticipated Bitcoin ETF approval

• New year, new bugs in Windows, Adobe, Android, more to be fixed

• SEC Twitter hijacked to push fake news of hotly anticipated ETF approval

• USENIX Security ‘An Input-Agnostic Hierarchical Deep Learning Framework For Traffic Fingerprinting’

• Arctic Wolf Survey Surfaces Election Security Fears

• Amsterdam arrest leads to Babuk Tortilla ransomware decryptor

• PRODUCT REVIEW: ENEA QOSMOS THREAT DETECTION SDK

• Indian ISP Hathway Data Breach: Hacker Leaks 4 Million Users, KYC Data

• The Evolution of Authorization Controls: Exploring PBAC and Its Benefits

• Identity Theft Statistics

• Unlocking The Potential Of Mvp: 5 Ways It Revolutionizes Software Development

• Fortinet Releases Security Updates for FortiOS and FortiProxy

• Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700)

• AI aids nation-state hackers but also helps US spies to find them, says NSA cyber director

• Microsoft starts off new year with relatively light Patch Tuesday, no zero-days

• Hey Google: If AI is replacing Google Assistant, I have two questions

• sandbox

• FTC bans X-Mode from selling phone location data, and orders firm to delete collected data

• AI aides nation-state hackers but also helps US spies to find them, says NSA cyber director

• CISA adds Apache Superset bug to its Known Exploited Vulnerabilities catalog

• Delinea Acquires Authomize to Tackle Identity-Based Threats

• Microsoft Ships Urgent Fixes for Critical Flaws in Windows Kerberos, Hyper-V

• Survey: Election Workers Feel Unprepared for Upcoming Cyberthreats

• Top 7 enterprise cybersecurity challenges in 2024

• Cyber Intruders Disrupt Operations at Beirut International Airport

• Siemens, Schneider Electric Release First ICS Patch Tuesday Advisories of 2024

• Adobe Patches Code Execution Flaws in Substance 3D Stager

• CISA Warns of Apache Superset Vulnerability Exploitation

• Infographic: A History of Network Device Threats and What Lies Ahead

• Demystifying Cloud Trends: Statistics and Strategies for Robust Security

• Many IT departments still don’t know how many APIs they have: Report

• The Technology Powering Trading Signals in Binary Options: A Deep Dive

• Leveraging a digital twin with machine learning to revitalize bridges

• USENIX Security ’23 – ‘HorusEye: A Realtime IoT Malicious Traffic Detection Framework Using Programmable Switches’

• 2024 Cybersecurity Predictions

• SpecterOps adds new Attack Paths to BloodHound Enterprise

• Alert: Water Curupira Hackers Actively Distributing PikaBot Loader Malware

• Flaw in AI Plugin Exposes 50,000 WordPress Sites to Remote Attack

• How Sekoia.io empowers cybersecurity with 170+ integrations

• Securing the Electric Vehicle Charging Infrastructure

• Turkish Hackers Target Microsoft SQL Servers in Americas, Europe

• What are the Privacy Measures Offered by Character AI?

• Hackers Find a Way to Gain Password-Free Access to Google Accounts

• Critical Start Asset Visibility helps customers become more proactive within their security program

• Deep dive into synthetic voice phishing (vishing) defense

• CISA Releases One Industrial Control Systems Advisory

• LockBit ransomware gang claims the attack on Capital Health

• Turkish Hackers Target Microsoft SQL Servers In Americas, Europe

• LoanDepot Systems Offline Following Ransomware Attack

• Hackers Can Infect Network-Connected Wrenches To Install Ransomware

• Apache OFBiz Zero Day Pummeled By Exploit Attempts After Disclosure

• Harnessing the Power of Trillions: DataDome Continues to Expand Signals Collection For Most Accurate ML Detection Models

• Dell Survey Surfaces Lack of Ransomware Resiliency

• Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production

• 82% of Companies Struggle to Manage Security Exposure

• How to smartly tackle BlackCat Ransomware group

• Continuity in Chaos: Applying Time-Tested Incident Response to Modern Cybersecurity

• My Yearly Look Back, a Look Forward and a Warning

• Browser security is the key to stopping ransomware attacks

• Deciphering Cybersecurity Vulnerabilities Requires Context

• Cloudflare Report Surfaces Lots of API Insecurity

• Coming March 2024: How to Prepare for PCI DSS Version 4.0 Compliance

• Automotive Industry Under Ransomware Attacks: Proactive Measures

• Integrating the Power of AI and Blockchain for Data Security and Transparency

• ID R&D introduces voice clone detection to protect users against audio deepfakes

• What CISOs Need to Know About Data Privacy in 2024

• EU Regulators Examining Microsoft’s OpenAI Investment

• NASA ‘To Push Back Artemis Moon Missions’

• Silex Technology AMC Protect improves cybersecurity for critical devices

• Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe

• REVIEW: ISC2 CERTIFIED CLOUD SECURITY PROFESSIONAL (CCSP) CERTIFICATION

• Cybersecurity trends: IBM’s predictions for 2024

• Delinea acquires Authomize to help organizations reduce identity-related risk

• Cybersecurity Deals Boom as Investment Dips, Pinpoint Reports

• CES 2024: Gadget Makers Add AI To TVs, Cars

• Judge Orders Google Not To Google Jurors In $7bn AI Patent Case

• McAfee’s Mockingbird AI Tool Detects Deepfake Audio with 90% accuracy

• December 2023’s Most Wanted Malware: The Resurgence of Qbot and FakeUpdates

• And that’s a wrap for Babuk Tortilla ransomware as free decryptor released

• Ransomware Gang Claims Attack on Capital Health

• LoanDepot Takes Systems Offline Following Ransomware Attack

• Bosch Nutrunner Vulnerabilities Could Aid Hacker Attacks Against Automotive Production Lines

• Character.ai’s AI Chatbots Soar: Celebrities, Therapists, and Entertainment, All in One Platform

• Viavi enhances Observer Platform to maximize network availability, productivity and compliance

• Ta-da Raises $3.5M to Build Out Its AI Data Marketplace

• Award Winning Antivirus, On Sale for $25, Offers Elite Protection from Malware

• Cisco Allowed Me To Start My Family, Stress-Free

• Egress Security: Part of a Holistic, Multidirectional Security Strategy for Today’s Multicloud World

• Customer Success Stories – Year in Review

• February 1, 2024: A Date All Email Senders Should Care About

• Cybersecurity Funding Dropped 40% in 2023: Analysis

• Alert: Chinese Threat Actors Exploit Barracuda Zero-Day Flaw

• Embedded Linux IoT Security: Defending Against Cyber Threats

• Attackers Targeting Poorly Managed Linux SSH Servers

• Digital Battlefield: Syrian Threat Group’s Sinister SilverRAT Emerges

• Nvidia Finds Reduced China Demand For Slower Chips

• The Ultimate Guide To Securing Virtual Machines

• 12 Software Development Predictions for a Futuristic World

• US Mortgage Lender LoanDepot Confirms Cyber Incident – Faces Ransomware Attack

• New Decryption Key Available for Babuk Tortilla Ransomware Victims

• Cacti Blind, SQL Injection Flaw, Enables Remote Code Execution

• SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448)

• Why Public Links Expose Your SaaS Attack Surface

• Multiple QNAP High-Severity Flaws Let Attackers Execute Remote Code

• CES 2024: Nvidia Stock Surges After AI Graphics Card Launch

• 1-15 November 2023 Cyber Attacks Timeline

• Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager

• Zyxel unveils new cloud-managed switches for small businesses and professional home users

• “Security researcher” offers to delete data stolen by ransomware attackers

• Nigerian Gets 10 Years For Laundering Scam Funds

• Samsung Reports Larger Profit Drop Than Expected

• Syrian group Anonymous Arabic distributes stealthy malware Silver RAT

• Analysis of OT cyberattacks and malwares

• Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer

• LoanDepot Confirms Ransomware Attack in SEC Filing

• New decryptor for Babuk Tortilla ransomware variant released

• What to do if I think I’ve been hacked? Checklist

• Accenture Buys 6point6 to Expand Cyber Portfolio

• Discover the Consequences of a Data Breach

• BlueHat India Call for Papers is Now Open!

• Surge in Open Source Malware Stealing Login Credentials & Sensitive Data

• Incorporating Mobile Threat Defense into Your Device Management Ecosystem

• If you prepare, a data security incident will not cause an existential crisis

• AI And Ad Fraud: Growing Risks for Marketers Using Google’s AI-Based Advertising Campaigns

• Bolster an Organizational Cybersecurity Strategy with External Data Privacy

• Ransomware hackers threaten to send SWAT teams to victimized patients

• Understanding zero-trust design philosophy and principles

• The growing challenge of cyber risk in the age of synthetic media

• Accelerate essential cyber hygiene for your small business

• Securing AI systems against evasion, poisoning, and abuse

• NSFOCUS named a Major Player in IDC MarketScape: Worldwide Risk-Based Vulnerability Management Platforms 2023 Vendor Assessment

• Life in the Swimlane with Principal Data Scientist, Dima Skorokhodov

• Craig Newmark Philanthropies – Celebrating 30 Years of Support for Digital Rights

• IT Security News Daily Summary 2024-01-08

• VulnRecap 1/8/24 – Ivanti EPM & Attacks on Old Apache Vulnerabilities

• Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

• YouTube Channels Hacked to Spread Lumma Stealer via Cracked Software

• Toronto Zoo hit by ransomware

• Privacy Expert Weighs In On If Users Should Delete Their Facebook Profiles

• GenAI could make KYC effectively useless

• Easy Firewall Implementation & Configuration for Small and Medium Businesses

• USENIX Security ’23 – ‘Know Your Cybercriminal: Evaluating Attacker Preferences by Measuring Profile Sales on an Active, Leading Criminal Market for User Impersonation at Scale’

• Vulnerability Summary for the Week of January 1, 2024

• How to become an incident responder: Requirements and more

• NIST Cybersecurity Framework

• Mastering the ‘cd’ Command: Tips and Tricks for Efficient Directory Navigation

• Gen AI could make KYC effectively useless

• New NIST report sounds the alarm on growing threat of AI attacks

• Randall Munroe’s XKCD ‘Range Safety’

• Embracing the Virtual: The Rise and Role of vCISOs in Modern Businesses

• AsyncRAT Infiltrates Key US Infrastructure Through GIFs and SVGs

• Grab 9 Ethical Hacking Courses for $25 and Improve Your Business Security

• Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

• LoanDepot hit by suspected ransomware attack

• Apache OFBiz zero-day pummeled by exploit attempts after disclosure

• LastPass Enforces 12-Character Master Password Limit For All

• Secure Browser Usage Policy

• NRF 2024 Know Before You Go

• NIST: Better Defenses are Needed for AI Systems

• Infinispan Insights: Security Basics and Secured Caches

• The best VPN services for iPhone and iPad in 2024: Tested and reviewed

• CISA Adds Six Known Exploited Vulnerabilities to Catalog

• USENIX Security ’23 – Zixin Wang, Danny Yuxing Huang, Yaxing Yao – ‘Exploring Tenants’ Preferences of Privacy Negotiation in Airbnb’

• New Research: Tackling .NET Malware With Harmony Library

• Deceptive Cracked Software Spreads Lumma Variant on YouTube

• NIST issues cybersecurity guide for AI developers

• Google malware exploit allows hackers to access accounts without passwords

• Cyqur Launches A Game-Changing Data Encryption and Fragmentation Web Extension

• The conundrum that is the modern use of NAT at a carrier grade level

• Saudi Ministry exposed sensitive data for 15 months

• Anti-Hezbollah Groups Hack Beirut Airport Screens

• Why is the internet so busy? Bots

• Apple Vision Pro Headset To Go On Sale In February

• DOE Puts Up $70 Million to Secure US Energy Infrastructure

• xDedic Marketplace Admin and Operators Arrested

• Turkish Cyberspies Targeting Netherlands

• QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products

• Cancer Hospital Suffers Ransomware Attack, Hackers Threaten to Swat Patients

• Anthropic Pledges to Not Use Private Data to Train Its AI

• Web3: Championing Digital Freedom and Safeguarding Liberty in the Modern Era

• Samsung ‘Sees Fourth-Quarter Chip Rebound’

• AsyncRAT Malware Attacking the US Infrastructure for 11 Months

• Facebook, Instagram Now Mine Web Links You Visit To Fuel Targeted Ads

• British Library: Finances Remain Healthy As Ransomware Recovery Continues

• After Injecting Cancer Hospital With Malware, Crims Threaten To Swat Patients

• Google Accounts Accessed Without A Password

• How to Get Started with Security Automation: Consider the Top Use Cases within Your Industry

• NIST: No Silver Bullet Against Adversarial Machine Learning Attacks

• Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack

• Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals

• Here’s How To Steer Clear Of QR Code Hacking

• Privacy at Stake: Meta’s AI-Enabled Ray-Ban Garners’ Mixed Reactions

• Orrick Data Breach: Law Firm Dealing with Data Breaches Hit by One

• Turkish APT Sea Turtle Resurfaces, Spies on Dutch IT Firms

• Poisoned Data, Malicious Manipulation: NIST Study Reveals AI Vulnerabilities

• Alkem Laboratories Future-Proofs Security Infrastructure with Check Point Software Technologies

• British Library: Finances remain healthy as ransomware recovery continues

• SEC Cyber Incident Reporting Rules Pressure IT Security Leaders

• Google Begins To Switch Off Ad-Tracker Cookies

• DoJ charged 19 individuals in a transnational cybercrime investigation xDedic Marketplace

• Cyber Security Today, Jan. 8, 2024 – How a Spanish cellular carrier’s network was knocked offline, and more

• Beirut Airport Screens Hacked with Anti-Hezbollah Message

• Second Interdisciplinary Workshop on Reimagining Democracy

• CISO Conversations: Jason Rebholz and Jason Ozin From the Insurance Sector

• Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy

• Debian and Ubuntu Fixed OpenSSH Vulnerabilities

• Tesla Recalls 1.6 Million Cars In China Over Autopilot Issues

• Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs

• Lebanon Airport Screens Display Anti-Hezbollah Message After Being Hacked

• Video series discussing the major threat actor trends from 2023

• Logan Paul To Buy Back CryptoZoo NFTs

• McAfee Project Mockingbird defends users against AI-generated scams and disinformation

• North Korean Hackers Stole $600m in Crypto in 2023

• Merck Settles With Insurers Over $700m NotPetya Claim

• BT To Retrofit Roadside Cabinets As EV Chargers

• How Does PCI DSS 4.0 Affect Web Application Firewalls?

• How to Reduce Your Attack Surface

• Security Firm Certik’s Account Hijacked to Spread Crypto Drainer

• NIST Warns of Security and Privacy Risks from Rapid AI System Deployment

• Webinar – Leverage Zero Trust Security to Minimize Your Attack Surface

• Long-existing Bandook RAT targets Windows machines

• Facebook, Instagram now mine web links you visit to fuel targeted ads

• Social engineer reveals effective tricks for real-world intrusions

• DoJ Charges 19 Worldwide in $68 Million xDedic Dark Web Marketplace Fraud

• Most Advanced iPhone Exploit Ever, Google’s $5 Billion Settlement, Apple’s Journal App

• Review: Engineering-grade OT security: A manager’s guide

• Country takes help of Blackhat Hackers infiltrating government websites

• A Guide to Guarding Against Ransomware Attacks in 2024

• SentinelOne acquires Peak XV-backed PingSafe for over $100 million

• AuthLogParser: Open-source tool for analyzing Linux authentication logs

• North Korea’s Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023

• Top 2024 AppSec predictions

• Uncovering the hidden dangers of email-based attacks

• Vim 9.1 released: New features and bug fixes

Generated on 2024-01-09 23:55:46.447286