IT Security News Daily Summary 2024-01-16

• Tokyo startup Sakana AI lands $30M to forge new path with compact AI models

• Netcraft Report Surfaces Spike in Online Healthcare Product Scams

• Google Warns of Chrome Browser Zero-Day Being Exploited

• A New Breed Of Security Leadership: How the Digital Age Is Transforming the Security Professional

• Facebook Bans Ads For Board Game About Voting Over “Sensitive Social Issues”

• Singapore seeks expanded governance framework for generative AI

• Cisco Automation Developer Days 2024 in Stockholm – Call for Speakers

• Locking down the edge

• WEF 2024 Report: Cybersecurity at the forefront, zero trust seen as critical for trust rebuilding

• Ivanti zero-day flaws under ‘widespread’ exploitation

• FCC adopts lead generation rules to protect consumer privacy

• Patch now: Critical VMware, Atlassian flaws found

• Inferno Drainer Phishing Nets Scammers $80M from Crypto Wallets

• Rethinking Threat Detection and Response in Cloud-Native Ecosystems

• Deepen Your Security Acumen with OffSec’s OWASP Top 10:2021 Learning Path

• Double trouble for VMware and Atlassian admins – critical flaws to fix

• Randall Munroe’s XKCD ‘Sheet Bend’

• Baidu denies any ties to reported Chinese military training on its GenAI chatbot

• VMware fixed a critical flaw in Aria Automation. Patch it now!

• Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)

• Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks

• More than 178,000 SonicWall firewalls are exposed to old denial of service bugs

• OpenAI: We’ll Stop GPT Misuse for Election Misinfo

• Phemedrone Stealer Targets Windows Defender Flaw Despite Patch

• WebCopilot – Automation Scanner To Find Latest Web Vulnerabilities

• A Flaw in Millions of Apple, AMD, and Qualcomm GPUs Could Expose AI Data

• Hackers begin mass exploiting Ivanti VPN zero-day flaws

• Snyk acquires Helios to bolster its AppSec platform

• MSSPs: Differentiate your Managed Security Offerings with Cisco XDR

• How Wi-Fi 7 Is About to Transform Business As We Know It

• Partnering with Government to Strengthen Cyber Resilience in Poland

• Comprehensive Guide to Patch Management Templates

• Vulnerabilities Expose PAX Payment Terminals to Hacking

• Ho, Ho, Hoooold on a Minute: A New Year Resolution That IoT Isn’t a Gift That Keeps on Taking

• SonicWall firewall admins urged to update to prevent devices from being compromised

• Fortinet unveils networking solution integrated with Wi-Fi 7

• New Tool Identifies Pegasus and Other iOS Spyware

• Dawnofdevil hacker group claims to steal Indian Income Tax department data

• How To Start Using Passkeys?

• Known Indicators of Compromise Associated with Androxgh0st Malware

• CISA and FBI Release Known IOCs Associated with Androxgh0st Malware

• A Symphony of Network Success: Simplify, Secure, and Scale with Cisco SD-WAN Enhancements

• Microsoft ‘Cherry-picked’ Examples to Make its AI Seem Functional, Leaked Audio Revealed

• The CISO’s guide to accelerating quantum-safe readiness

• Understanding Cloud Workload Protection: Technologies and Best Practices

• Ahead of Regulatory Wave: Google’s Pivotal Announcement for EU Users

• Skopenow Grid detects the earliest signals of critical risks

• 1,700 Ivanti VPN devices compromised. Are yours among them?

• Apple Becomes Top Smartphone Vendor By Volume For First Time

• Ivanti zero-day exploits explode as bevy of attackers get in on the act

• eBay Settles Blogger Harassment Case with $3 Million Fine

• Ivanti Patches Connect Secure Zero-day Flaws Under Attack

• GitLab Addressed A Critical Zero-Click Vulnerability With Latest Updates

• Nadella Says Microsoft ‘Comfortable’ With OpenAI Governance

• Check Point Research: 2023 – The year of Mega Ransomware attacks with unprecedented impact on global organizations

• Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits – Act Now

• VMware Urges Customers to Patch Critical Aria Automation Vulnerability

• 180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE

• Remote Code Execution Vulnerability Found in Opera File Sharing Feature

• Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation

• The Evolving Threat Landscape: Where Out-of-Band Communications Fit – Part One

• Volkswagen ‘In Talks’ With Blue Solutions For Solid-State EV Battery

• Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023

• Simplifying Kubernetes Deployments: An In-Depth Look at Helm

• How to Create an End-to-End Privileged Access Management Lifecycle

• GitLab Fixes Password Reset Bug That Allows Account Takeover

• Remcos RAT Spreading Through Adult Games in New Attack Wave

• Navigating the new frontier of cryptocurrency futures

• My Journey with Cisco: A Decade of Growth, Opportunity, and Empowerment

• Hacker Conversations: HD Moore and the Line Between Black and White

• Apple Supplier Goertek To Set Up Vietnam Unit

• Data Management for Small Businesses

• The Sad Truth of the FTC’s Location Data Privacy Settlement

• Crypto Heists Surge in 2023, $16.93m Already Stolen in 2024

• Microsoft Adds Copilot AI Subscriptions For Consumers, Small Business

• Case Study: The Cookie Privacy Monster in Big Global Retail

• 13 incident response best practices for your organization

• Accenture and SandboxAQ offer protection against quantum-based decryption attacks

• Multiple mortgage companies hit by cyber attacks

• New Year, New Scams – Health product scam campaigns abusing cheap TLDs

• Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

• Nominations Open for The Most Inspiring Women in Cyber Awards 2024

• Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins

• US Export Controls Fuel Revenue Surge For Chip-Tool Maker Nuara

• Why Therapists need Data Protection and Cybersecurity

• Shining Light on Employee Cybersecurity Awareness in Retail

• Ivanti Zero-Days Exploited By Multiple Actors Globally

• A lightweight method to detect potential iOS malware

• Crypto Firm HashKey Attains Unicorn Status With $100m Funding Round

• Hackers Abuse GitHub to Host Malicious Infrastructure

• Inferno Drainer Spoofs Over 100 Crypto Brands to Steal $80m+

• Integrating Zscaler ZIA with Sekoia.io

• Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims

• Russian Hackers Orchestrate Ukrainian Telecom Giant Attack

• Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer

• Mastermind Hacker Behind $2 Million Crypto Scam Arrested

• Cyber Attack on Telecommunications Company

• How does technology impact well-being? Cisco and OECD will launch a global study to find out.

• Experts warn of a vulnerability affecting Bosch BCC100 Thermostat

• Ransomware attacks witnessed 55% surge in 2023

• Critical Apache OFBiz Zero-day AuthBiz (CVE-2023-49070 and CVE-2023-51467)

• 10 cybersecurity frameworks you need to know about

• 3 ways to combat rising OAuth SaaS attacks

• Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations

• Geopolitical tensions combined with technology will drive new security risks

• China’s gambling crackdown spawned wave of illegal online casinos and crypto-crime in Asia

• Ontario city the latest to temporarily lose control of its X account

• Warren (Ohio) PD Launches Mark43 Records Management System

• The Cyber Risk Nightmare and Financial Risk Disaster of Using Personal Messaging Apps in The Workplace

• IT Security News Daily Summary 2024-01-15

• Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

• Anonymous Sudan Claims London Internet Exchange Attack Over Yemen Strikes

• More Than 100 Deepfake Ads Featuring British Prime Minister Spread On Facebook

• Thousands of Juniper Networks devices vulnerable to critical RCE bug

• IT World Canada strikes partnership with Canadian Cybersecurity Network

• Windows Defender SmartScreen Vulnerability Exploited with Phemedrone Stealer

• Revolutionizing Commerce With AI: Trends and Predictions

• Spot Technologies, now with $2M, will see AI security tech go into Mexico Walmarts

• Top 19 Network Security Threats + Defenses for Each

• EDRSilencer

• Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers

• British Cosmetics Retailer Lush Investigating Cyber Attack

• Honeytokens for Peace of Mind: Using Cyber Deception To Buy Time to Remediate at Scale

• What Is Compliance Monitoring for Remote Developers?

• How to secure APIs built with Express.js

• What is Identity Threat Detection and Response?

• GitHub Faces Rise in Malicious Use

• Navigating the Paradox: Bitcoin’s Self-Custody and the Privacy Challenge

• Researchers Uncover Major Surge in Global Botnet Activity

• Senators Demand Probe into SEC Hack After Bitcoin Price Spike

• Python-Based Tool FBot Disrupts Cloud Security

• Quantum Radiology ransomware attack turns nightmare to patients

• Ransomware: From Origins to Defense – How Zero Trust Holds the Key

• FTC secures first databroker settlement banning sale of sensitive location data

• Hacker Behind $2 Million Cryptocurrency Mining Scheme Arrested in Ukraine

• Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S.

• Chinese Organisations ‘Buy Nvidia AI Chips’ In Spite Of Restrictions

• US House ‘Asks Intel, Nvidia, Micron CEOs’ To Testify On China

• Critical flaw found in WordPress plugin used on over 300,000 websites

• Phemedrone info stealer campaign exploits Windows smartScreen bypass

• DDoS Attackers Put Environmental Services Firms in Their Crosshairs

• Beware of Malicious YouTube Channels Propagating Lumma Stealer

• AI-Driven Phishing on the Rise: NSA Official Stresses Need for Cyber Awareness

• ‘BIN’ Attacks: Cybercriminals are Using Stolen ‘BIN’ Details for Card Fraud

• Apple Offers iPhone Discounts In China Amidst Stiff Competition

• Fueling the Future: How Tech Funding Empowers IT Consultants in AI/ML and Cybersecurity

• Embedding Security Into Cloud Operations: 5 Key Considerations

• 3 Ransomware Group Newcomers to Watch in 2024

• Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows

• Cyber Security Today, Jan. 15, 2024 – Three warnings to application developers

• Tesla To Halt Production At Berlin Plant Amidst Red Sea Disruption

• HelloFresh Fined £140,000 for 80 Million Spam Messages

• Stupid Human Tricks: Top 10 Cybercrime Cases of 2023

• Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025)

• Environmental Websites Hit by DDoS Surge in COP28 Crossfire

• Information Stealer Exploits Windows SmartScreen Bypass

• How to Create Roles in PostgreSQL

• Beijing Court Rules AI Artwork Can By Copyrighted

• Setting Up a Docker Swarm Cluster and Deploying Containers: A Comprehensive Guide

• eBay Pays $3m Fine Over Harassment Campaign

• Expert Insight for Securing Your Critical Infrastructure

• GitLab Patches Critical Password Reset Vulnerability

• Forescout Report Uncovers New Details in Danish Energy Hack

• Juniper Networks Patches Critical Remote Code Execution Flaw in Firewalls, Switches

• Cloud Server Abuse Leads to Huge Spike in Botnet Scanning

• Trellix XDR Platform for RDR strengthens operational resilience

• British Library Catalogue Back Online After Ransomware Attack

• AI Challenges Notion That All Fingerprints Are Unique

• Network Penetration Testing Checklist – 2024

• Balada Injector continues to infect thousands of WordPress sites

• Trellix XDR Platform for RDR strengthens operational resilience for customers

• Security Experts Urge IT to Lock Down GitHub Services

• IMF: AI Could Impact 40 Percent Of Jobs Worldwide

• Ohio’s New Social Media Law, Meta’s Link History Feature, 175 Million Passcode Guesses

• 2024: Reflecting on a Dynamic, Tumultuous Cyber Year

• Dr. Martin Luther King, Jr. Day 2024

• Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)

• HelloFresh Fined £140K After Sending 80 Million Spam Messages

• China loathes AirDrop so much it’s publicized an old flaw in Apple’s P2P protocol

• Attackers target Apache Hadoop and Flink to deliver cryptominers

• Ransomware protection deconstructed

• Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

• High-Severity Flaws Uncovered in Bosch Thermostats and Smart Nutrunners

• DDoS Attacks on the Environmental Services Industry Surge by 61,839% in 2023

• Medusa Ransomware Unleashes New Tactics: Data Sale, Time Extension, and AI Threats

• A Comprehensive Guide to Penetration Testing in Public Clouds

• How To Combat the Mounting ‘Hacktivist’ Threat

• OT Cybersecurity: Safeguarding Building Operations in a Digitized World

• Flipping the BEC funnel: Phishing in the age of GenAI

• Adalanche: Open-source Active Directory ACL visualizer, explorer

• Preventing insider access from leaking to malicious actors

• Key elements for a successful cyber risk management strategy

• Government organizations’ readiness in the face of cyber threats

• The Top 10 Ransomware Groups of 2023

• China loathes AirDrop so much it’s publicized an old flaw in Apple’s P2P protocol

• Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic

Generated on 2024-01-16 23:55:36.341514