IT Security News Daily Summary 2024-01-24

• NCSC says AI will increase ransomware, cyberthreats

• Global ransomware threat expected to rise with AI, U.K. cyber authority warns

• Patch management needs a revolution, part 3: Vulnerability scores and the concept of trust

• Enabling Peer Pods on IBM Z and LinuxONE with Red Hat OpenShift sandboxed containers

• What’s next on the horizon for telecommunications service providers? A look at 2024 with Red Hat.

• Jason’s Deli Restaurant Chain Hit by a Credential Stuffing Attack

• Global ransomware threat surely will rise with AI, U.K.’s NCSC warns

• Mobb unveils vulnerability fixer for GitHub users

• National Cyber Security Centre Study: Generative AI May Increase Global Ransomware Threat

• Cyber League: UK’s NCSC Calls on Industry Experts to Join its Fight Against Cyber Threats

• We Must Consider Software Developers a Key Part of the Cybersecurity Workforce

• The 9 best incident response metrics and how to use them

• USENIX Security ’23 – Mazharul Islam, Marina Sanusi Bohuk, Paul Chung, Thomas Ristenpart, Rahul Chatterjee – Araña: Discovering And Characterizing Password Guessing Attacks In Practice

• 5379 GitLab servers vulnerable to zero-click account takeover attacks

• Cyber Security Today, Jan. 24, 2024 – The latest ransomware news and a controversy over alleged viruses in HP printer cartridges

• Victory! Ring Announces It Will No Longer Facilitate Police Requests for Footage from Users

• Spotify To Begin In-App Purchases On iPhone

• Jason’s Deli Data Breach Exposes 344,000 Users in Credential Stuffing Attack

• Cisco U. Wins Silver at Prestigious Awards

• Advancing the Circular Economy with the Cisco Circularity Promotion

• Daniel Stori’s ‘influencer’

• Major IT outage at Europe’s largest caravan and RV club makes for not-so-happy campers

• ‘Mother of all Breaches’ Leaks — 26 BILLION Records from 12TB Open Bucket

• Is YouTube Kids Safe? The Ultimate Parent Safety Guide

• Google Settles AI Chip Patent Lawsuit With Singular

• Explore Cisco IOS XE Automation at Cisco Live EMEA 2024

• ‘Mother of all breaches’ uncovered after 26 billion records leaked

• ChatGPT Cybercrime Surge Revealed in 3000 Dark Web Posts

• Top 11 Tips for Safe Web Browsing

• What Is Digital Security? Tools and Applications

• The Impact of AI-Generated Content on Internet Quality

• Browser Phishing Threats Grew 198% Last Year

• Beware of Weaponized Office Documents that Deliver VenomRAT

• Mozilla Releases Security Updates for Thunderbird and Firefox

• The Power of Public-Private Partnerships

• Trezor Unveils Unauthorized User Data Access, Highlighting Emerging Phishing Threat

• Undetected Threat: Chinese Hackers’ Long-Term VMware Exploitation

• Netflix Subscribers Surge Amid Password Crackdown

• Israeli Startup Gets $5M Seed Capital to Tackle AI Security

• Orca Flags Dangerous Google Kubernetes Engine Misconfiguration

• Pwn2Own Automotive: Hackers Earn Over $700k for Tesla, EV Charger, Infotainment Exploits

• CISO Conversations: The Legal Sector With Alyssa Miller at Epiq and Mark Walmsley at Freshfields

• AI Ransomware Threat to increase in two years says UK GCHQ

• CEO Of eBay Confirms 1,000 Job Losses

• NRF 2024: An Interview with the Cisco Store Team

• Maximizing Operational Efficiency: Introducing our New Smart Agent Management for Cisco AppDynamics

• Using GoAnywhere MFT for file transfers? Patch now – an exploit’s out for a critical bug

• Ransomware Attack Targets Major North American Water Company

• Beware of rogue chatbot hacking incidents

• Prompt Security wants to make GenAI safe for the enterprise

• Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204

• Google to put Disclaimer on How its Chrome Incognito Mode Does ‘Nothing’

• Stack Identity expands its plaform with ITDR to tackle shadow access and shadow identities

• Venafi Stop Unauthorized Code Solution reduces attack surface

• Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters

• High Severity Arbitrary File Upload Vulnerability Patched in File Manager Pro WordPress Plugin

• Integrating mPulse?s Beacon API with EdgeWorkers to Visualize All Client Requests

• Russian Citizen Sanctioned By US, UK, Australia Over Medibank Hack

• Countown to Cisco Live EMEA!

• 340,000 Jason’s Deli Customers Potentially Impacted by Credential Stuffing Attack

• PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability

• The Vulnerability Management Stack: 5 Essential Technologies

• Cryptographers Groundbreaking Discovery Enables Private Internet Searches

• PoC for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

• Enzoic and ThreatQuotient join forces to defend companies from compromised credentials

• Artificial Intelligence Heightens Ransomware Threat, UK Cyber Security Center Warns

• Have you ever been inspired by a teacher?

• Beyond the Hype — Where AI Can Shine in Security

• Survey: Increased Volume and Sophistication of Cyberattacks Creating Higher Costs

• Pay Now or Pay Later

• Cybersecurity education from childhood is a vital tool: 72% of children worldwide have experienced at least one type of cyber threat

• PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

• Significant increase in ransomware activity found in Talos IR engagements, while education remains one of the most-targeted sectors

• How to get to Inbox Zero in no time at all – and stay there

• Meet the Nominees for the Cybersecurity Defender of 2024 Award in the EMEA Region

• VIVOTEK VORTEX Connect empowers enterprise cloud transition

• Hackers Use SYSTEMBC Tool to Maintain Access to Compromised Network

• Cybersecurity Market Forecasts: AI, API, Adaptive Security, Insurance Expected to Soar

• Chrome 121 Patches 17 Vulnerabilities

• What Is Professional Services Automation (PSA) Software?

• Kasseika Ransomware Using BYOVD Trick to Disarms Security Pre-Encryption

• What is Nudge Security and How Does it Work?

• Why Bulletproof Hosting is Key to Cybercrime-as-a-Service

• SAP To Restructure 8,000 Jobs, Amid Business AI Push

• Global Retailer BuyGoods.com Leaks 198GB of Internal and User PII, KYC data

• Hackers Deploy Malicious npm Packages on GitHub to Steal SSH Keys

• Notorious Spyware Maker NSO Group Is Quietly Plotting a Comeback

• Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

• When the Enemy Is DDoS, Holistic Protection Is a Must

• Keeping SaaS Data Under Wraps

• Data Sanitization for End-Of-Use Assets

• SPECIAL REPORT: CYBER LEADERS ON 2023 TRENDS AND 2024 OUTLOOK

• Securiti collaborates with Lacework to improve data protection in the cloud

• Online Retailer BuyGoods.com Leaks 198GB of Internal and User PII, KYC data

• Four Takeaways from the McKinsey AI Report

• WaterISAC: 15 Security Fundamentals You Need to Know

• What Microsoft’s latest email breach says about this IT security heavyweight

• Major US, UK Water Companies Hit by Ransomware

• Stellar Cyber partners with Proofpoint to speed detection of email-driven cyberattacks

• X Makes Passkeys Available for US-Based Users

• VexTrio a hub of Cyber attacks With Massive Criminal Affiliate Chain

• Amazon’s French Warehouses Fined Over Employee Surveillance

• Exploit Code Released For Critical Fortra GoAnywhere Bug

• Improper Separation of User/Administrator Privilege in Cybersecurity

• Multiple Go Vulnerabilities Fixed in Ubuntu

• U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach

• The Unknown Risks of The Software Supply Chain: A Deep-Dive

• AI Set to Supercharge Ransomware Threat, Says NCSC

• Splunk fixed high-severity flaw impacting Windows versions

• MavenGate Supply Chain Attack Let Attackers Hijack Java & Android Apps

• International Day of Education 2024: Spotlight on Cisco’s Education Non-Profit Partnerships

• Determining Cyber Materiality in a Post-SEC Cyber Rule World | Kovrr blog

• Top 12 Best Penetration Testing Companies & Services – 2024

• COVID-19 test lab accused of exposing 1.3 million patient records to open internet

• Parrot TDS Injecting Malicious Redirect Scripts on Hacked Sites

• Patch Your GoAnywhere MFT Immediately – Critical Flaw Lets Anyone Be Admin

• Headlines on Trending Cyber Attacks from Google News

• The Insider Threat: Can Employees Pose a Greater Risk than Hackers

• GCHQ’s NCSC warns of ‘realistic possibility’ AI will help state-backed malware evade detection

• The effect of omission bias on vulnerability management

• Prioritizing CIS Controls for effective cybersecurity across organizations

• 10 USA cybersecurity conferences you should visit in 2024

• Why resilience leaders must prepare for polycrises

• NodeZero Updated With Attack Content for Critical Confluence RCE

• Organizations invest more in data protection but recover less

• Whitepaper: MFA misconceptions

• Software supply chain attacks are getting easier

• 4 Ways to Protect Your Company from Data Breaches

• Securing Remote Work: A Guide for Businesses

• Fragging: The Subscription Model Comes for Gamers

• FTC Bars X-Mode from Selling Sensitive Location Data

• Watch out, a new critical flaw affects Fortra GoAnywhere MFT

• IT Security News Daily Summary 2024-01-23

• Cybercrime’s Silent Operator: The Unraveling of VexTrio’s Malicious Network Empire

• CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive

• Google Chrome adds new AI features to boost productivity and creativity

• Uncovering the hidden superpowers of your smartphone

• Mother of All Breaches: 26 Billion Records Leaked in Largest Data Breach Ever

• Australian Organisations Struggling to Resolve Tensions Between Personalisation, Privacy

• Attacks begin on critical Atlassian Confluence vulnerability

• HP CEO Says They Brick Printers That Use Third-Party Ink Because of … Hackers

• Stop combining patches with new features, networking vendors advised

• Facebook Urged To Enforce Hate Speech Rules For Holocaust Denial Content

• Microsoft Says State-Sponsored Attackers Accessed Senior Leaders’ Emails

• BYOD (bring your own device)

• Randall Munroe’s XKCD ‘Log Alignment’

• FBI and CISA Warn of Androxgh0st Malware Attacks

• CISA boss swatted: ‘While my own experience was certainly harrowing, it was unfortunately not unique’

• Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets

• Our Bug Bounty Program Extravaganza is Back and it’s Longer This Time – Earn up to $10,000 for Vulnerabilities in WordPress Software!

• Building Secure Cloud Applications: A Developer’s Companion to NIST CSF

• How to avoid malware on Linux systems

• Achieving Successful Business Outcomes Through Digital Infrastructure

• How to turn your Android phone into a security key for your Chrome browser

• SEC X Account Hack is a Case of SIM Swapping

• LockBit Ransomware Gang Claims Subway as New Victim

• US sanctions Russian citizen accused of playing key role in Medibank ransomware attack

• Russia Hacked Microsoft Execs — SolarWinds Hackers at it Again

• Major Data Breach Hits Popular Brands

• Malicious npm Packages Used to Target GitHub Developer SSH Keys

• Clerk, the authentication startup, lands $30M and inks a strategic deal with Stripe

• Lacework and Securiti Ally to Better Secure Data

• Aftermath of Ransomware Attacks Take a Mental and Physical Toll on Security Pros

• Security Researchers Establish Connections Between 3AM Ransomware and Conti, Royal Cybercriminal Groups

• Hackers Target Atlassian Confluence With RCE Exploits

• Upcoming Getting Started With OpenSSL Webinar

• Accused PII seller faces jail for running underground fraud op

• Top incident response service providers, vendors and software

• Cato Networks Adds XDR Service to SASE Platform

• Tufin Dashboard Essentials tracks security implementation progress

• PRODUCT REVIEW: ISC2 CC Certification

• France slaps 32 million Euros penalty on Amazon for data privacy concerns among employees

• AI Testing Startup RagaAI Emerges From Stealth With $4.7M in Seed Funding

• Androxgh0st Haunts Cloud Credentials

• Threat actors are exploiting web applications

• CISA’s Proactive Measures averted Ransomware, Millions Preserved

• Seceon aiSIEM-CGuard protects cloud-powered applications and infrastructure

• Cato Networks introduces new incident response tools

• VexTrio: The Uber of Cybercrime – Brokering Malware for 60+ Affiliates

• Top 5 Cybersecurity Predictions for 2024 Unveiled!

• Apple Moves To Dismiss Lawsuit Over UK Developer Fees

• Australian government announced sanctions for Medibank hacker

• Cato Networks Introduces World’s First SASE-based XDR

• CISA, FBI, EPA Offer Cybersecurity Guide for Water System Operators

• SEC Admits Multi-Factor Security Disabled Before Fake Bitcoin Post

• iPhone users should turn on Apple’s stolen device protection feature

• EFF and More Than 100+ NGOS Set Non-Negotiable Redlines Ahead of UN Cybercrime Treaty Negotiations

• The Evolving Threat Landscape: Where Out-of-Band Communications Fit – Part Two

• Zscaler unveils Zero Trust SASE solution for simplified security implementation

• Apple debuts new feature to frustrate iPhone thieves

• Veriti Odin utilizes AI algorithms to detect and analyze threats

• Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub

• Crypto Firm Terraform Labs Files For Bankrupcy In US

• New Malware Hidden In PyPI Packages Attacking Windows & Linux Machines

• North Korean Hackers Attacking Cybersecurity Professionals to Steal Threat Research Reports

• Silverfort raises $116M for its holistic approach to identity security

• Doppel Secures $14M for AI-Powered Brand Protection Technology

• Identity Security Firm Silverfort Lands $116 Million Investment

• Aircraft Lessor AerCap Confirms Ransomware Attack

• High-Severity Vulnerability Patched in Splunk Enterprise

• Silobreaker integrates with DarkOwl for enhanced darknet credential monitoring

• Data Security: Leveraging AI for Enhanced Threat Detection and Prevention

• Conditional QR Code Routing Attacks

• Silverfort now valued at $1B after raising $116M for its holistic approach to identity security

• Public Sector Cyberattacks Rise By 40% in 2023

• The Current State of Evolving CMMC Policy

• Google DeepMind Cofounder Claims AI Can Play Dual Role in Next Five Years

• Atakama Browser Security Platform improves security for MSPs

• “Activator” Alert: MacOS Malware Hides in Cracked Apps, Targeting Crypto Wallets

• Barcode Scanning Solutions: Enhancing Accuracy in Asset Tracking Systems

• ‘De-Googled’ smartphone company Murena launches own-brand mobile network

• Ingress security from Cisco Multicloud Defense: Protecting cloud networks and infrastructure against advanced inbound th …

• Using Data Connectors for a Consolidated View of Risk in Cisco Vulnerability Management

• Pervasive Ransomware Visibility on Existing Infrastructure: How Cisco Secure Network Analytics Helps

• How I’m Leaving My Legacy at Cisco

• Onfido Compliance Suite simplifies local and global identity verification

• New Cybersecurity Governance Code Puts Cyber Risks on Boardroom Agenda

• France Fines Amazon 32m Euros Over ‘Excessive’ Worker Surveillance

• Sequoia backs Coana to help companies prioritise vulnerabilities using ‘code aware’ software analysis

• From Megabits to Terabits: Gcore Radar Warns of a New Era of DDoS Attacks

• French Watchdog Slams Amazon with €32m Fine for Spying on Workers

• Top AI Use Cases for Customer-Facing Business Processes

• How to prepare your business for Digital Operational Resilience Act (DORA) implementation?

• TeamViewer Exploited to Obtain Remote Access, Deploy Ransomware

• SEC X Account was Hacked Using SIM Swapping Method

• LoanDepot data breach impacted roughly 16.6 individuals

• UK water giant admits attackers broke into system as gang holds it to ransom

• A Sanction Has Been Imposed on a Hacker Who Released Australian Health Insurer Client Data

• Subway Sandwich Chain Investigating Ransomware Group’s Claims

• F5 Names Samir Sherif as New CISO

• Russian Hackers Suspected of Sweden Cyberattack

• SEC Says X Account Hacked via SIM Swapping

• Keys to Adapting SecOps Processes for the Cloud

• Apple fixes actively exploited WebKit zero-day (CVE-2024-23222)

• Thales and Quantinuum strengthen protection against quantum computing attacks

• Threat Assessment: BianLian

• Scam Robocalls Use AI To Disrupt New Hampshire Election

• What is Lateral Movement in Cybersecurity?

• Data of 15 million Trello users scraped and offered for sale

• BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time

• OpenSSL FIPS Provider 3.0.9 Validated

• YouTuber MrBeast Makes $250,000 From Video On X

• Myriad Venture Partners launches with $100M fund backed by Xerox

• Cultivating a Cybersecurity Culture

• Navigating the New Waters of AI-Powered Phishing Attacks

• Australia Sanctions Russian Hacker Behind Medibank Breach

• Mega-Breach Database Exposes 26 Billion Records

• SEC Confirms SIM Swap Attack Behind X Account Takeover

• A guide to implementing fine-grained authorization

• ~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation

• “Mother of All Breaches” Unlikely to Contain New Data

• Riot Games Cuts 11 Percent Of Staff In Latest Industry Job Losses

• Data Breach Strikes Hathway: 41.5M Data Exposed

• Overcoming CVE Shock with Effective Kubernetes Vulnerability Scanning

• Hackers Abusing LSASS Process Memory to Exfiltrate Login Credentials

• CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog

• Black Basta gang claims the hack of the UK water utility Southern Water

• LoanDepot Data Breach Hits 16.6 Million Customers

• Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver

• SSH3 – Faster & Rich Secure Shell Using HTTP/3

• OpenAI says NO to election bot as another company suffers backlash from its own AI tool

• The Role of Blockchain in Business

• Why cyberattacks mustn’t be kept secret

• Top cybersecurity concerns for the upcoming elections

• Beyond blockchain: Strategies for seamless digital asset integration

• 2024 brings new risks, with cyber incidents in the spotlight

• Researchers unveil new way to counter mobile phone ‘account takeover’ attacks

• Organizations need to switch gears in their approach to email security

• Australia imposes cyber sanctions on Russian it says ransomwared health insurer

• SIM card swap led to takeover of SEC’s X account

• Lists of Images

• Apple Issues Patch for Critical Zero-Day in iPhones, Macs – Update Now

• Cybersecurity Training for Business Leaders

• Atlassian Confluence Server RCE attacks underway from 600+ IPs

• How to Use Context-Based Authentication to Improve Security

Generated on 2024-01-24 23:55:49.885963