IT Security News Daily Summary 2024-01-17

• Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 (Updated)

• Google DeepMind’s AI system solves geometry problems like a math Olympian

• phishing

• Over 178K SonicWall Firewalls Vulnerable to DoS, Potential RCE Attacks

• Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

• CISOs are both anxious and see opportunities: Report

• The Role of Zero-Knowledge Proofs in LLM Chains for Data Privacy

• Kaspersky’s iShutdown Tool Detects Pegasus Spyware on iOS Devices

• How to Use Ansible with CML

• Vulnerability Management Firm Vicarius Raises $30 Million

• Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #275 — Comic Agilé Consulting

• 5 Best VPNs for Android in 2024

• Elon Musk Seeks Larger Tesla Stake Ahead Of AI, Robotics Push

• Alphabet’s Wing Unveils Larger Drone For Bigger Payloads

• How To Ensure Cloud Application Security: Compromises and Best Practices

• 16 top ERM software vendors to consider in 2024

• Swiss Govt Websites Hit by Pro-Russia Hackers After Zelensky Visit

• Microsoft: Iranian APT Impersonating Prominent Journalist in Clever Spear-Phishing Attacks

• Hackers Building AndroxGh0st Botnet to Target AWS, O365, Feds Warn

• Google Incognito Mode: New Disclaimer Reveals Data Tracking

• How to conduct incident response tabletop exercises

• E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

• AI, Gaming, FinTech Named Major Cybersecurity Threats For Kids

• CISOs on alert following SEC charges against SolarWinds

• VMware Releases Security Advisory for Aria Operations

• CISA Adds Three Known Exploited Vulnerabilities to Catalog

• 2024 Tech Predictions: Hybrid Collaboration is Here to Stay

• US Gov Issues Warning for Androxgh0st Malware Attacks

• Apple Smashes Ban Hammer on Beeper iMessage Users

• Release Cybersecurity Guidance on Chinese-Manufactured UAS for Critical Infrastructure Owners and Operators

• Hidden iPhone Spyware iShutdown Unveiled – Research

• Badge Makes Device-Independent Authentication Platform Available

• Vendor Email Attacks Surged by 137% in Financial Sector in 2023

• OpenAI to use ChatGPT to curtail fake news and Deepfakes

• Come Together Right Now, IT Operations Teams

• What’s worse than paying an extortion bot that auto-pwned your database?

• Atlassian Warns of Critical RCE Vulnerability in Outdated Confluence Instances

• Kaspersky Details Method for Detecting Spyware in iOS

• Surge in Police Adoption of Private Cameras for Video Evidence Raises Privacy Concerns

• Holidays are over, but don’t let employees’ guard drop over fake shipping emails

• Skyhigh Security’s AI-driven DLP Assistant prevents critical data loss

• Apple To Drop Sensor From Some Watch Models – Report

• London Calling: Hey, US, Let’s Chat About Cyber AI – The Next WannaCry

• Unused Apps Could Still be Tracking and Collecting User’s Data

• Wing Security unveils automated protection against AI-SaaS risks

• New Phishing Scam Hooks META Businesses with Trademark Threats

• SMB Security Pack

• Transmission of Sensitive Data Policy

• Github rotated credentials after the discovery of a vulnerability

• China Backed Actors are Employing Generative AI to Breach US infrastructure

• Combating IP Leaks into AI Applications with Free Discovery and Risk Reduction Automation

• PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions

• Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin

• Twitter Appeal Against Search Warrant For Trump’s DMs Denied

• JFrog, AWS team up for machine learning in the cloud

• PSA: Anyone can tell if you are using WhatsApp on your computer

• Naz.API – 70,840,771 breached accounts

• Living Security Unify Power Insights identifies vulnerable members within an organization

• AI in Security — Ready for Prime Time

• Keeper Security Adds Support for Hardware Security Keys as Sole 2FA Method

• New research reveals disconnect between global university education and recruitment standards

• Salt Security Delivers another Technology Breakthrough with Industry’s only API Posture Governance Engine

• Shifting Paradigms: Cloud Security in the Post-Pandemic Era

• GitHub Rotates Credentials in Response to Vulnerability

• Achieving “Frictionless Defense” in the Age of Hybrid Networks

• AI Data Exposed to ‘LeftoverLocals’ Attack via Vulnerable AMD, Apple, Qualcomm GPUs

• What is the Difference Between Cyberstalking and Cyberbullying?

• AI’s Role in Cybersecurity for Attackers and Defenders in 2024

• Salt Security Adds Governance Engine to API Security Platform

• Cyber Security Today, Jan. 17, 2024 – Security updates issued for Atlassian, Citrix, VMware and Chrome products

• Vicarius raises $30 million to accelerate the development of new AI capabilities

• Consumer Tech in Business

• As hacks worsen, SEC turns up the heat on CISOs

• FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation

• OpenAI Announces Plans to Combat Misinformation Amid 2024 Elections

• US Supreme Court Snubs Apple App Store Appeal

• macOS Infostealers That Actively Involve in Attacks Evade XProtect Detection

• Citrix warns admins to immediately patch NetScaler for actively exploited zero-days

• Lessons learned upgrading to React 18 in SonarQube

• Windows Server 2022 patch is breaking apps for some users

• Opera Browser Users Beware: MyFlaw Bug Allows Hackers to Run Any File Remotely

• Kaspersky releases utility to detect iOS spyware infections

• Webinar: The Art of Privilege Escalation – How Hackers Become Admins

• Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials

• 75% of Organizations Hit by Ransomware in 2023

• Google Axes Hundreds Of Staff In Ad Sales Team

• Google Chrome Browser Zero-Day Vulnerability Exploited in Wild – Emergency Patch!

• Mastering Docker Networking Drivers: Optimizing Container Communication

• How to create a CSIRT: 10 best practices

• How a 27-Year-Old Codebreaker Busted the Myth of Bitcoin’s Anonymity

• Oracle Patches 200 Vulnerabilities With January 2024 CPU

• Here’s How ChatGPT Maker OpenAI Plans to Deter Election Misinformation in 2024

• US Government Urges Action to Mitigate Androxgh0st Malware Threat

• Industrial Defender collaborates with Dragos to enhance outcomes for OT operators

• New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone

• Print on Demand Power: Tech Accessories Driving Shopify Sales

• Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation

• Majorca Tourist Hotspot Hit With $11m Ransom Demand

• Dark web threats and dark market predictions for 2024

• Home improvement marketers dial up trouble from regulator

• Google fixes actively exploited Chrome zero-day (CVE-2024-0519)

• The 2023 Global Cybercrime Report: A look at the key takeaways

• Tips for Ensuring HIPAA Compliance

• GitHub Rotates Credentials and Patches New Bug

• Unified security operations with Microsoft Sentinel and Microsoft Defender XDR

• GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials

• Microsoft eases up data security framework for users of European Union

• How 5G Technology offers a secure network

• Combination of cheap .cloud domains and fake Shark Tank news fuel unhealthy wellness scams

• Key Considerations for Successful Cybersecurity Supply Chain Risk Management (C-SCRM)

• Top Insider Risk Management Predictions for 2024

• Security considerations during layoffs: Advice from an MSSP

• The 7 deadly cloud security sins and how SMBs can do things better

• CISOs’ crucial role in aligning security goals with enterprise expectations

• The right strategy for effective cybersecurity awareness

• Best practices to mitigate alert fatigue

• Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!

• PentestGPT – A ChatGPT Powered Automated Penetration Testing Tool

• IT teams unable to deliver data fast enough to match the speed of business

• Nokia walks the walk about its RAN to play on Uncle Sam’s China fears

• Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability

• FBI: Beware of thieves building Androxgh0st botnets using stolen creds

• Secure Your Secrets With .env

• Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887

• Atlassian fixed critical RCE in older Confluence versions

• Google fixed the first actively exploited Chrome zero-day of 2024

• VulnRecap 1/16/24 – Major Firewall Issues Persist

• IT Security News Daily Summary 2024-01-16

• Tokyo startup Sakana AI lands $30M to forge new path with compact AI models

• Netcraft Report Surfaces Spike in Online Healthcare Product Scams

• Google Warns of Chrome Browser Zero-Day Being Exploited

• A New Breed Of Security Leadership: How the Digital Age Is Transforming the Security Professional

• Facebook Bans Ads For Board Game About Voting Over “Sensitive Social Issues”

• Singapore seeks expanded governance framework for generative AI

• Cisco Automation Developer Days 2024 in Stockholm – Call for Speakers

• Locking down the edge

• WEF 2024 Report: Cybersecurity at the forefront, zero trust seen as critical for trust rebuilding

• Ivanti zero-day flaws under ‘widespread’ exploitation

• FCC adopts lead generation rules to protect consumer privacy

• Patch now: Critical VMware, Atlassian flaws found

• Inferno Drainer Phishing Nets Scammers $80M from Crypto Wallets

• Rethinking Threat Detection and Response in Cloud-Native Ecosystems

• Deepen Your Security Acumen with OffSec’s OWASP Top 10:2021 Learning Path

• Double trouble for VMware and Atlassian admins – critical flaws to fix

• Randall Munroe’s XKCD ‘Sheet Bend’

• Baidu denies any ties to reported Chinese military training on its GenAI chatbot

• VMware fixed a critical flaw in Aria Automation. Patch it now!

• Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)

• Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks

• More than 178,000 SonicWall firewalls are exposed to old denial of service bugs

• OpenAI: We’ll Stop GPT Misuse for Election Misinfo

• Phemedrone Stealer Targets Windows Defender Flaw Despite Patch

• WebCopilot – Automation Scanner To Find Latest Web Vulnerabilities

• A Flaw in Millions of Apple, AMD, and Qualcomm GPUs Could Expose AI Data

• Hackers begin mass exploiting Ivanti VPN zero-day flaws

• Snyk acquires Helios to bolster its AppSec platform

• MSSPs: Differentiate your Managed Security Offerings with Cisco XDR

• How Wi-Fi 7 Is About to Transform Business As We Know It

• Partnering with Government to Strengthen Cyber Resilience in Poland

• Comprehensive Guide to Patch Management Templates

• Vulnerabilities Expose PAX Payment Terminals to Hacking

• Ho, Ho, Hoooold on a Minute: A New Year Resolution That IoT Isn’t a Gift That Keeps on Taking

• SonicWall firewall admins urged to update to prevent devices from being compromised

• Fortinet unveils networking solution integrated with Wi-Fi 7

• New Tool Identifies Pegasus and Other iOS Spyware

• Dawnofdevil hacker group claims to steal Indian Income Tax department data

• How To Start Using Passkeys?

• Known Indicators of Compromise Associated with Androxgh0st Malware

• CISA and FBI Release Known IOCs Associated with Androxgh0st Malware

• A Symphony of Network Success: Simplify, Secure, and Scale with Cisco SD-WAN Enhancements

• Microsoft ‘Cherry-picked’ Examples to Make its AI Seem Functional, Leaked Audio Revealed

• The CISO’s guide to accelerating quantum-safe readiness

• Understanding Cloud Workload Protection: Technologies and Best Practices

• Ahead of Regulatory Wave: Google’s Pivotal Announcement for EU Users

• Skopenow Grid detects the earliest signals of critical risks

• 1,700 Ivanti VPN devices compromised. Are yours among them?

• Apple Becomes Top Smartphone Vendor By Volume For First Time

• Ivanti zero-day exploits explode as bevy of attackers get in on the act

• eBay Settles Blogger Harassment Case with $3 Million Fine

• Ivanti Patches Connect Secure Zero-day Flaws Under Attack

• GitLab Addressed A Critical Zero-Click Vulnerability With Latest Updates

• Nadella Says Microsoft ‘Comfortable’ With OpenAI Governance

• Check Point Research: 2023 – The year of Mega Ransomware attacks with unprecedented impact on global organizations

• Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits – Act Now

• VMware Urges Customers to Patch Critical Aria Automation Vulnerability

• 180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE

• Remote Code Execution Vulnerability Found in Opera File Sharing Feature

• Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation

• The Evolving Threat Landscape: Where Out-of-Band Communications Fit – Part One

• Volkswagen ‘In Talks’ With Blue Solutions For Solid-State EV Battery

• Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023

• Simplifying Kubernetes Deployments: An In-Depth Look at Helm

• How to Create an End-to-End Privileged Access Management Lifecycle

• GitLab Fixes Password Reset Bug That Allows Account Takeover

• Remcos RAT Spreading Through Adult Games in New Attack Wave

• Navigating the new frontier of cryptocurrency futures

• My Journey with Cisco: A Decade of Growth, Opportunity, and Empowerment

• Hacker Conversations: HD Moore and the Line Between Black and White

• Apple Supplier Goertek To Set Up Vietnam Unit

• Data Management for Small Businesses

• The Sad Truth of the FTC’s Location Data Privacy Settlement

• Crypto Heists Surge in 2023, $16.93m Already Stolen in 2024

• Microsoft Adds Copilot AI Subscriptions For Consumers, Small Business

• Case Study: The Cookie Privacy Monster in Big Global Retail

• 13 incident response best practices for your organization

• Accenture and SandboxAQ offer protection against quantum-based decryption attacks

• Multiple mortgage companies hit by cyber attacks

• New Year, New Scams – Health product scam campaigns abusing cheap TLDs

• Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

• Nominations Open for The Most Inspiring Women in Cyber Awards 2024

• Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins

• US Export Controls Fuel Revenue Surge For Chip-Tool Maker Nuara

• Why Therapists need Data Protection and Cybersecurity

• Shining Light on Employee Cybersecurity Awareness in Retail

• Ivanti Zero-Days Exploited By Multiple Actors Globally

• A lightweight method to detect potential iOS malware

• Crypto Firm HashKey Attains Unicorn Status With $100m Funding Round

• Hackers Abuse GitHub to Host Malicious Infrastructure

• Inferno Drainer Spoofs Over 100 Crypto Brands to Steal $80m+

• Integrating Zscaler ZIA with Sekoia.io

• Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims

• Russian Hackers Orchestrate Ukrainian Telecom Giant Attack

• Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer

• Mastermind Hacker Behind $2 Million Crypto Scam Arrested

• Cyber Attack on Telecommunications Company

• How does technology impact well-being? Cisco and OECD will launch a global study to find out.

• Experts warn of a vulnerability affecting Bosch BCC100 Thermostat

• Ransomware attacks witnessed 55% surge in 2023

• Critical Apache OFBiz Zero-day AuthBiz (CVE-2023-49070 and CVE-2023-51467)

• 10 cybersecurity frameworks you need to know about

• 3 ways to combat rising OAuth SaaS attacks

• Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations

• Geopolitical tensions combined with technology will drive new security risks

• China’s gambling crackdown spawned wave of illegal online casinos and crypto-crime in Asia

• Ontario city the latest to temporarily lose control of its X account

• Warren (Ohio) PD Launches Mark43 Records Management System

Generated on 2024-01-17 23:55:41.100805