IT Security News Daily Summary 2024-01-18

• CISA and FBI Reveal Known Androxgh0st Malware IoCs and TTPs

• Akira Ransomware Attacks Surge. Finnish Companies Among Targets

• White House Revamps Cybersecurity Hiring Strategy

• Lawsuit Claims Over 100,000 Children On Facebook Are Sent Sex Abuse Material Every Day

• Cisco and Schneider Electric Are Creating Smarter, More Efficient Buildings

• Reduce Business Email Compromise with Collaboration

• USENIX Security ’23 – Xingman Chen, Yinghao Shi, Zheyu Jiang, Yuan Li, Ruoyu Wang, Haixin Duan, Haoyu Wang, Chao Zhang – MTSan: A Feasible and Practical Memory Sanitizer for Fuzzing COTS Binaries

• Defining Good: A Strategic Approach to API Risk Reduction

• A Q&A with Rubrik CEO and venture capitalist Bipul Sinha

• Significance of CMDB in Device Visibility To Control Unauthorized Access in Banks

• CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

• Is Temu safe? What to know before you ‘shop like a billionaire’

• Empowering Exceptional Digital Experiences at Cisco Live EMEA

• JPMorgan exec claims bank repels 45 billion cyberattack attempts per day

• What to do with that fancy new internet-connected device you got as a holiday gift

• Androxgh0st Malware Botnet Steals AWS, Microsoft Credentials and More

• Attackers Could Eavesdrop on AI Conversations on Apple, AMD, Imagination and Qualcomm GPUs

• Future of America’s Cyber Safety Review Board hangs in balance amid calls for rethink

• PixieFail Bugs in UEFI Open Source Implementation Threaten Computers

• Sam Altman Surprised At NYT Lawsuit

• Do you love or fear your smart home devices? For most Americans, it’s both

• Should the CIO be solely responsible for keeping AI in check? Info-Tech weighs in

• Web monitors say Gaza week-long internet outage is longest yet

• Court Bans Apple Watch Imports Amid Patent Dispute

• Meet Turbine Canvas and Embrace the Art of Powerful Simplicity

• Massive ‘New’ Leaked Credentials List: Naz.API Pwns Troy

• New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic

• TA866 Resurfaces in Targeted OneDrive Campaign

• Ransomware attacks hospitalizing security pros, as one admits suicidal feelings

• How Secure Is Cloud Storage? Features, Risks, & Protection

• Oracle Releases Critical Patch Update Advisory for January 2024

• AVEVA PI Server

• Incident Response Guide for the WWS Sector

• Spamhaus Blocklist (SBL) listings are moving

• Want to Justify Your IT Investments Faster? Measure Business Outcomes.

• Digitizing the Physical World: Insights from Cisco Live Melbourne and the Industrial IoT Industry Summit

• Time to bring order to Cyber Chaos

• Russian threat group spreading backdoor through phishing, says Google

• New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs

• New Microsoft Incident Response guides help security teams analyze suspicious activity

• 70 million account credentials were leaked in a massive password dump

• GCHQ Releases Unseen Photos Of WW2 Colossus Computer

• Anonymous Sudan’s DDoS Attacks Disrupt Network at Israeli BAZAN Group

• What is a TPM, and why does your PC need one?

• SolarWinds breach news center

• Chainalysis observes decrease in cryptocurrency crime in 2023

• Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks

• New Malware Campaign Exploits 9hits in Docker Assault

• CISA, FBI and EPA Release Incident Response Guide for Water and Wastewater Systems Sector

• How to lock a file or folder in MacOS Finder – to save you from yourself

• CISA Releases One Industrial Control Systems Advisory

• EFF’s 2024 In/Out List

• Protect AI Report Surfaces MLflow Security Vulnerabilities

• As Deepfake of Sachin Tendulkar Surface, India’s IT Minister Promises Tighter Rules

• Vercara UltraSecure offers protection from malicious attacks

• Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware

• Iranian Phishing Campaign Targets Israel-Hamas War Experts

• Students and teachers fight back cyber attack on University Network

• Sheryl Sandberg To Step Down From Meta’s Board

• Check Point Research Unfolds: Navigating the Deceptive Waters: Unmasking A Sophisticated Ongoing NFT Airdrop Scam

• Two more Citrix NetScaler bugs exploited in the wild

• GitHub, PyTorch and More Organizations Found Vulnerable to Self-Hosted Runner Attacks

• Creator of ‘Ready Player One’ Ventures into Launching Metaverse

• VulnCheck IP Intelligence identifies vulnerable internet-connected infrastructure

• Wordfence Intelligence Weekly WordPress Vulnerability Report (January 8, 2024 to January 14, 2024)

• Multichain Inferno Drainer Abuse Web3 Protocols To Connect Crypto Wallets

• AI trends: A closer look at machine learning’s role

• Drupal Releases Security Advisory for Drupal Core

• Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

• Software Supply Chain Security Startup Kusari Raises $8 Million

• Data is the Missing Piece in the AI Jigsaw, Here’s How to Bridge the Gap

• Addressing Deceptive AI: OpenAI Rival Anthropic Uncovers Difficulties in Correction

• N-able MDR ingests data from existing security and IT tools

• Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot

• ‘Stablecoins’ Enabled $40 Billion in Crypto Crime Since 2022

• Are You Ready for PCI DSS 4.0?

• Energy Department to Invest $30 Million in Clean Energy Cybersecurity Solutions

• Russian APT Known for Phishing Attacks Is Also Developing Malware, Google Warns

• SOC-as-a-Service: The Five Must-Have Features

• Oleria raises $33 million to accelerate its product innovation

• Google TAG: Kremlin cyber spies move into malware with a custom backdoor

• Google says Russian espionage crew behind new malware campaign

• How AI-Powered Security Capabilities Implement Real-Time Cybersecurity

• Illicit Cryptocurrency Flows Drop 39% in 2023

• Reduce API Security Risk by Fixing Runtime Threats in Code Faster

• What is the Windows Security Account Manager (SAM)?

• List Containing Millions of Credentials Distributed on Hacking Forum, but Passwords Old

• Oleria Secures $33M Investment to Grow ID Authentication Business

• ESET launches MDR service to improve cybersecurity for SMBs

• Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers

• How Do You Protect Your APIs From DDoS Attacks?

• MFA Spamming and Fatigue: When Security Measures Go Wrong

• TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks

• Cisco Secure Equipment Access wins “IoT Security Innovation of the Year” in the 2024 IoT Breakthrough Awards

• Samsung Embeds Google’s AI Tech In S24 Smartphones

• Canadian Citizen Gets Phone Back from Police

• Customer Information of Toyota Insurance Company Exposed Due to Misconfigurations

• Malware Exploits 9Hits, Turns Docker Servers into Traffic Boosted Crypto Miners

• PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

• DevOps’ Big Challenge: Limiting Risk Without Impacting Velocity

• Webinar: Managing Without Governing? Why Your Organization Needs a Management System to Govern Your Information Resilience Program

• ChatGPT For Enterprises Is Here – But CEOs First Want Data Protections

• Why is data security important?

• Swimlane enhances Turbine platform to alleviate the pressure on SecOps teams

• Google CEO Warns Staff To Expect More Job Cuts – Report

• Ransomware Group Targets Foxconn Subsidiary Foxsemicon

• Outsmarting Ransomware’s New Playbook

• Sourcepoint introduces sensitive data opt-in feature to prepare users for privacy changes

• FBI: Androxgh0st Malware Building Mega-Botnet for Credential Theft

• Vast botnet hijacks smart TVs for prime-time cybercrime

• VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063)

• Citrix NetScaler 0-day Vulnerability Exploited In The Wild, CISA Urges Patching

• Enter the era of platform-based cloud security

• PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft

• NCSC Builds New “Cyber League” Threat Tracking Community

• Confessions on MFA and Security Best Practices

• JinxLoader Malware: Next-Stage Payload Threats Revealed

• HealthEC Data Breach Impacts 4.5 Million Patients

• Navigating the Debian 10 EOL: A Guide to the Future

• Hackers Deploying Androxgh0st Botnet Malware that Steals AWS, Microsoft Credentials

• iShutdown lightweight method allows to discover spyware infections on iPhones

• Your iPhone is at risk – Signs of Viruses You Shouldn’t Ignore!

• Attribute-based encryption could spell the end of data compromise

• Fujitsu issues apology for IT and Data Privacy scandal of UK Post Offices

• Skytrack: Open-source aircraft reconnaissance tool

• Ransomware negotiation: When cybersecurity meets crisis management

• Iranian Hackers Masquerade as Journalists to Spy on Israel-Hamas War Experts

• Adversaries exploit trends, target popular GenAI apps

• The power of AI in cybersecurity

• Business Continuity Planning: Ensuring Tech Resilience

• Navigating the Dark Web: Business Risks and Precautions

• Insurance website’s buggy API leaked Office 365 password and a giant email trove

• A fortified approach to preventing promo, bonus, and other multi-account abuse

• Embracing a risk-based cybersecurity approach with ASRM

• The Perils of Platformization

• USENIX Security ’23 – FloatZone: Accelerating Memory Error Detection using the Floating Point Unit

• Calling Home, Get Your Callbacks Through RBI

• Apple, AMD, Qualcomm GPU security hole lets miscreants snoop on AI training and chats

• Vulnerability Summary for the Week of January 8, 2024

• IT Security News Daily Summary 2024-01-17

• Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 (Updated)

• Google DeepMind’s AI system solves geometry problems like a math Olympian

• phishing

• Over 178K SonicWall Firewalls Vulnerable to DoS, Potential RCE Attacks

• Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

• CISOs are both anxious and see opportunities: Report

• The Role of Zero-Knowledge Proofs in LLM Chains for Data Privacy

• Kaspersky’s iShutdown Tool Detects Pegasus Spyware on iOS Devices

• How to Use Ansible with CML

• Vulnerability Management Firm Vicarius Raises $30 Million

• Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #275 — Comic Agilé Consulting

• 5 Best VPNs for Android in 2024

• Elon Musk Seeks Larger Tesla Stake Ahead Of AI, Robotics Push

• Alphabet’s Wing Unveils Larger Drone For Bigger Payloads

• How To Ensure Cloud Application Security: Compromises and Best Practices

• 16 top ERM software vendors to consider in 2024

• Swiss Govt Websites Hit by Pro-Russia Hackers After Zelensky Visit

• Microsoft: Iranian APT Impersonating Prominent Journalist in Clever Spear-Phishing Attacks

• Hackers Building AndroxGh0st Botnet to Target AWS, O365, Feds Warn

• Google Incognito Mode: New Disclaimer Reveals Data Tracking

• How to conduct incident response tabletop exercises

• E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

• AI, Gaming, FinTech Named Major Cybersecurity Threats For Kids

• CISOs on alert following SEC charges against SolarWinds

• VMware Releases Security Advisory for Aria Operations

• CISA Adds Three Known Exploited Vulnerabilities to Catalog

• 2024 Tech Predictions: Hybrid Collaboration is Here to Stay

• US Gov Issues Warning for Androxgh0st Malware Attacks

• Apple Smashes Ban Hammer on Beeper iMessage Users

• Release Cybersecurity Guidance on Chinese-Manufactured UAS for Critical Infrastructure Owners and Operators

• Hidden iPhone Spyware iShutdown Unveiled – Research

• Badge Makes Device-Independent Authentication Platform Available

• Vendor Email Attacks Surged by 137% in Financial Sector in 2023

• OpenAI to use ChatGPT to curtail fake news and Deepfakes

• Come Together Right Now, IT Operations Teams

• What’s worse than paying an extortion bot that auto-pwned your database?

• Atlassian Warns of Critical RCE Vulnerability in Outdated Confluence Instances

• Kaspersky Details Method for Detecting Spyware in iOS

• Surge in Police Adoption of Private Cameras for Video Evidence Raises Privacy Concerns

• Holidays are over, but don’t let employees’ guard drop over fake shipping emails

• Skyhigh Security’s AI-driven DLP Assistant prevents critical data loss

• Apple To Drop Sensor From Some Watch Models – Report

• London Calling: Hey, US, Let’s Chat About Cyber AI – The Next WannaCry

• Unused Apps Could Still be Tracking and Collecting User’s Data

• Wing Security unveils automated protection against AI-SaaS risks

• New Phishing Scam Hooks META Businesses with Trademark Threats

• SMB Security Pack

• Transmission of Sensitive Data Policy

• Github rotated credentials after the discovery of a vulnerability

• China Backed Actors are Employing Generative AI to Breach US infrastructure

• Combating IP Leaks into AI Applications with Free Discovery and Risk Reduction Automation

• PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions

• Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin

• Twitter Appeal Against Search Warrant For Trump’s DMs Denied

• JFrog, AWS team up for machine learning in the cloud

• PSA: Anyone can tell if you are using WhatsApp on your computer

• Naz.API – 70,840,771 breached accounts

• Living Security Unify Power Insights identifies vulnerable members within an organization

• AI in Security — Ready for Prime Time

• Keeper Security Adds Support for Hardware Security Keys as Sole 2FA Method

• New research reveals disconnect between global university education and recruitment standards

• Salt Security Delivers another Technology Breakthrough with Industry’s only API Posture Governance Engine

• Shifting Paradigms: Cloud Security in the Post-Pandemic Era

• GitHub Rotates Credentials in Response to Vulnerability

• Achieving “Frictionless Defense” in the Age of Hybrid Networks

• AI Data Exposed to ‘LeftoverLocals’ Attack via Vulnerable AMD, Apple, Qualcomm GPUs

• What is the Difference Between Cyberstalking and Cyberbullying?

• AI’s Role in Cybersecurity for Attackers and Defenders in 2024

• Salt Security Adds Governance Engine to API Security Platform

• Cyber Security Today, Jan. 17, 2024 – Security updates issued for Atlassian, Citrix, VMware and Chrome products

• Vicarius raises $30 million to accelerate the development of new AI capabilities

• Consumer Tech in Business

• As hacks worsen, SEC turns up the heat on CISOs

• FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation

• OpenAI Announces Plans to Combat Misinformation Amid 2024 Elections

• US Supreme Court Snubs Apple App Store Appeal

• macOS Infostealers That Actively Involve in Attacks Evade XProtect Detection

• Citrix warns admins to immediately patch NetScaler for actively exploited zero-days

• Lessons learned upgrading to React 18 in SonarQube

• Windows Server 2022 patch is breaking apps for some users

• Opera Browser Users Beware: MyFlaw Bug Allows Hackers to Run Any File Remotely

• Kaspersky releases utility to detect iOS spyware infections

• Webinar: The Art of Privilege Escalation – How Hackers Become Admins

• Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials

• 75% of Organizations Hit by Ransomware in 2023

• Google Axes Hundreds Of Staff In Ad Sales Team

• Google Chrome Browser Zero-Day Vulnerability Exploited in Wild – Emergency Patch!

• Mastering Docker Networking Drivers: Optimizing Container Communication

• How to create a CSIRT: 10 best practices

• How a 27-Year-Old Codebreaker Busted the Myth of Bitcoin’s Anonymity

• Oracle Patches 200 Vulnerabilities With January 2024 CPU

• Here’s How ChatGPT Maker OpenAI Plans to Deter Election Misinformation in 2024

• US Government Urges Action to Mitigate Androxgh0st Malware Threat

• Industrial Defender collaborates with Dragos to enhance outcomes for OT operators

• New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone

• Print on Demand Power: Tech Accessories Driving Shopify Sales

• Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation

• Majorca Tourist Hotspot Hit With $11m Ransom Demand

• Dark web threats and dark market predictions for 2024

• Home improvement marketers dial up trouble from regulator

• Google fixes actively exploited Chrome zero-day (CVE-2024-0519)

• The 2023 Global Cybercrime Report: A look at the key takeaways

• Tips for Ensuring HIPAA Compliance

• GitHub Rotates Credentials and Patches New Bug

• Unified security operations with Microsoft Sentinel and Microsoft Defender XDR

• GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials

• Microsoft eases up data security framework for users of European Union

• How 5G Technology offers a secure network

• Combination of cheap .cloud domains and fake Shark Tank news fuel unhealthy wellness scams

• Key Considerations for Successful Cybersecurity Supply Chain Risk Management (C-SCRM)

• Top Insider Risk Management Predictions for 2024

• Security considerations during layoffs: Advice from an MSSP

• The 7 deadly cloud security sins and how SMBs can do things better

• CISOs’ crucial role in aligning security goals with enterprise expectations

• The right strategy for effective cybersecurity awareness

• Best practices to mitigate alert fatigue

• Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!

• PentestGPT – A ChatGPT Powered Automated Penetration Testing Tool

• IT teams unable to deliver data fast enough to match the speed of business

• Nokia walks the walk about its RAN to play on Uncle Sam’s China fears

• Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability

• FBI: Beware of thieves building Androxgh0st botnets using stolen creds

• Secure Your Secrets With .env

• Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887

• Atlassian fixed critical RCE in older Confluence versions

• Google fixed the first actively exploited Chrome zero-day of 2024

Generated on 2024-01-18 23:55:49.994701