IT Security News Daily Summary 2024-02-07

• Google will block Android users from installing ‘unsafe’ apps in fraud protection test

• Info-Tech report outlines 5 GenAI initiatives CIOs must key in on

• China group may have been hiding in IT networks for five years, says Five Eyes warning

• China-backed Volt Typhoon hackers have lurked inside US critical infrastructure for ‘at least five years’

• Half of polled infosec pros say their degree was less than useful for real-world work

• SOC Evolution Is About More Than Automation

• CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog

• NetSecOps best practices for network engineers

• Chainalysis: 2023 a ‘watershed’ year for ransomware

• Fortinet addressed two critical FortiSIEM vulnerabilities

• Free & Downloadable Cybersecurity Incident Response Plan Templates

• US says China’s Volt Typhoon is readying destructive cyberattacks

• Google Pushes Software Security Via Rust, AI-Based Fuzzing

• Elon Musk Continues Disney Feud, Funds Mandalorian Lawsuit

• Developing Software Applications Under the Guidance of Data-Driven Decision-Making Principles

• USENIX Security ’23 – Hengkai Ye, Song Liu, Zhechang Zhang, and Hong Hu – VIPER: Spotting Syscall-Guard Variables for Data-Only Attacks

• Randall Munroe’s XKCD ‘Relationship Advice’

• PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure

• Meet the Cybersecurity Defender of 2024 for EMEA

• The Importance of Patching: An Analysis of the Exploitation of N-Day Vulnerabilities

• Governments and Tech Giants Unite Against Commercial Spyware

• Google To Pay $350m To Settle Google Plus Privacy Lawsuit

• Composability in Flow: Unlocking Technical and Business Opportunities

• Back to basics: Better security in the AI era

• From Cybercrime Saul Goodman to the Russian GRU

• Patched Critical Flaw Exposed JetBrains TeamCity Servers

• Try the New “Recommendations” Feature in Cisco Code Exchange

• How to Win the SMB Market with Cisco Secure Networking

• How to tell if your toothbrush is being used in a DDoS attack

• Few infosec pros think higher ed prepared them for their jobs: Survey

• CISA Launches #Protect2024 Resources Webpage for State and Local Election Officials

• Ransomware leak site reports rose by 49% in 2023, but there is good news

• Iran’s cyber operations in Israel a potential prelude to US election interference

• How ZTNA protects against internal network threats

• Experts warn of a critical bug in JetBrains TeamCity On-Premises

• Can Face Biometrics Prevent AI-Generated Deepfakes?

• ‘Leaky Vessels’ Cloud Flaws Enable Container Escapes Worldwide

• Northern Light Health Ensures Patient Record Security Following Weekend Cyberattack

• Google and CSA Singapore Combat Android Fraud With New Pilot

• Ransomware payments reached $1 billion in 2023

• Taylor Swift Threatens To Sue Student Who Clashed With Elon Musk

• VMware Releases Security Advisory for Aria Operations for Networks

• After FBI Takedown, KV-Botnet Operators Shift Tactics in Attempt to Bounce Back

• Raspberry Pi Pico cracks BitLocker in under a minute

• Defence department upbraided for not doing PIAs on data extraction tools

• INTERPOL Uncovers 1,300+ Servers Used as Launchpads For Cyber Attacks

• Brief – Back to Basics: For Better Security, Bank on Function Over Form

• encryption

• Critical shim bug impacts every Linux boot loader signed in the past decade

• Harnessing Artificial Intelligence for Ransomware Mitigation

• Securiti AI enables organizations to safely use AI

• Amazon Cuts Hundreds Of Jobs In Health Units

• Active Scan Alert: Over 28,000 Ivanti Instances Exposed to Internet

• IBM Shows How Generative AI Tools Can Hijack Live Calls

• Facebook’s Two Decades: Four Transformative Impacts on the World

• Qualys TotalCloud 2.0 measures cyber risk in cloud and SaaS apps

• Chinese hackers breached Dutch Ministry of Defense

• Meta to Introduce Labeling for AI-Generated Images Ahead of US Election

• Ransomware Payments Hit a Record $1.1 Billion in 2023

• JetBrains Patches Critical Authentication Bypass in TeamCity

• Verizon Discloses Internal Data Breach Impacting 63,000 Employees

• Device Authority Raises $7M for Enterprise IoT Identity and Access Management Platform

• Most Linux Systems Exposed to Complete Compromise via Shim Vulnerability

• The 8 Must Haves for the Next Generation of SIEM

• ‘Total Bollocks’ — No, Your Toothbrush isn’t DDoS’ing

• Binance Data Breach Sparks Concerns: Dark Web Sale Rumors Surface

• Ransomware Payments Hit $1bn All-Time High in 2023

• Malicious PDFs, deepfakes, and romance scams were just some of the 10 billion cyber attacks we saw last year

• 4 Threat Hunting Techniques to Prevent Bad Actors in 2024

• Critical Bootloader Vulnerability in Shim Impacts Nearly All Linux Distros

• Endpoint security startup NinjaOne lands $231.5M at $1.9B valuation

• Harnessing the Power of AI in Cybersecurity — Predictions and Solutions

• SolarWinds offers complete hybrid visibility across on-premises and cloud networks

• Ransomware Payments Hit $1bn All-Time High Last Year

• Choosing the Right SMB Backup Solution

• Raspberry Robin: Evolving Cyber Threat with Advanced Exploits and Stealth Tactics

• Cyber Security Today, Feb. 7, 2024 – Deepfake video scam costs a company US$25 million

• JetBrains urges swift patching of latest critical TeamCity flaw

• The fight against commercial spyware misuse is heating up

• Twitter Spin-off Bluesky Opens Itself To General Public

• When is ART useful? When it’s IBM’s Adversarial Robustness Toolbox for AI

• Teaching LLMs to Be Deceptive

• Fortinet Patches Critical Vulnerabilities in FortiSIEM

• Cybersecurity M&A Roundup: 34 Deals Announced in January 2024

• Super Bowl of Passwords: Chiefs vs. 49ers in the Battle of Cybersecurity

• OneTrust launches Data Privacy Maturity Model

• DynaRisk Cyber Intelligence Data Lake enhances the accuracy of data breach predictions

• AnyDesk System Breach Raises Concerns Among MSP Users

• How quickly can things go horribly wrong if a hacker steals your Facebook credentials?

• TSMC To Build Second Factory In Japan

• TeamCity Authentication Bypass Flaw Let Attackers Gain Admin Control

• Phishception – SendGrid is abused to host phishing attacks impersonating itself

• Anonymous-Proxies: A Cutting-Edge Proxy Solution

• 2054, Part III: The Singularity

• Facebook fatal accident scam still rages on

• Entrust in final talks to acquire Onfido

• Centripetal and Platform 94 Join Forces to Bring Cybersecurity Defence to Irish Companies

• Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

• New Webinar: 5 Steps to vCISO Success for MSPs and MSSPs

• Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)

• On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917)

• Martin Hellman: We’re playing Russian roulette

• Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks

• Researchers Uncover DiceLoader Malware Used to Attack Corporate Business

• Cybersecurity burnout hits APAC firms, with lack of resources the key challenge

• The Vital Role of Defensive AI: Safeguarding the Future

• WhatsApp Scams in 2024: How to Spot a Fake

• The spyware business is booming despite government crackdowns

• Chinese Spies Hack Dutch Networks With Novel Coathanger Malware

• China-linked APT deployed malware in a network of the Dutch Ministry of Defence

• Draft UN Cybercrime Treaty Could Make Security Research a Crime, Leading 124 Experts to Call on UN Delegates to Fix Flawed Provisions that Weaken Everyone’s Security

• Protect Good Faith Security Research Globally in Proposed UN Cybercrime Treaty

• What is a Behavioral Risk Indicator? Demystifying Insider Risk Indicators

• Celebrating the 2024 CX Customer Hero Award Winners

• Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network

• Why budget allocation for cybersecurity is a necessity in corporate environments

• Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover – Patch Now

• Interesting cybersecurity news headlines trending on Google

• Mastering SBOMs: Best practices

• Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure

• Common cloud security mistakes and how to avoid them

• Demystifying SOC-as-a-Service (SOCaaS)

• Enhancing adversary simulations: Learn the business to attack the business

• Whitepaper: Why Microsoft’s password protection is not enough

• Cybersecurity teams hesitate to use automation in TDIR workflows

• Legit Security Named in the 2024 Gartner® Emerging Tech Impact Radar: Cloud-Native Platforms report

• More countries to act against misuse of spyware

• Endpoint Security: Protecting Devices in a Remote World

• Meta Says It Will Label AI-Generated Images on Facebook and Instagram

• USENIX Security ’23 – Wen Li, Jinyang Ruan, Guangbei Yi, Long Cheng, Xiapu Luo, Haipeng Cai – PolyFuzz: Holistic Greybox Fuzzing of Multi-Language Systems

• Cloud Security: Ensuring Data Protection in the Cloud

• DEF CON is canceled! No, really this time – but the show will go on

• Antivirus Software: A Comprehensive Guide

• Facebook Vows To Crack Down On Deceptive Content By Labeling AI-Generated Images

• Spear Phishing vs Phishing: What Are The Main Differences?

• IT Security News Daily Summary 2024-02-06

• How Does Automated API Testing Differ from Manual API Testing: Unveiling the Advantages

• Patch Management and Container Security

• MuleSoft unveils policy development kit for API gateway

• Confirmed: Entrust is buying AI-based ID verification startup Onfido, sources say for more than $400M

• Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

• 3 million smart toothbrushes were just used in a DDoS attack. Really

• Google is making sharing passwords with your family members a lot easier

• Mozilla adds paid-for data-deletion tier to Monitor, its privacy-breach radar

• dictionary attack

• Free & Downloadable Cybersecurity Risk Assessment Templates

• Verizon says 63K employees’ info fell into the wrong hands – an insider this time

• The Web Scraping Problem, Part 2: Use Cases that Require Scraping

• What to Do When Your VPN Provider Suffers from Zero-Day Vulnerabilities

• Stop Scrapers and Scalpers with Akamai Content Protector

• The Web Scraping Problem, Part 3: Protecting Against Botnets

• Securing The Future: Cybersecurity Predictions for 2024

• Verizon says 63K employees’ info fell into wrong hands – an insider in this case

• CISA Announces Renewal of the Information and Communications Technology Supply Chain Risk Management Task Force

• Verizon alerts 63k employees their details were leaked by an insider

• Unifying Cloud Security Beyond Siloes

• Chained Exploits, Stolen VPN Access: Hackers Target Ivanti Users Despite Patches

• Google fixed an Android critical remote code execution flaw

• Report Surfaces Extent of SaaS Application Insecurity

• Top 7 Cyber Threat Hunting Tools for 2024

• How GPL-1 Drug Success Transforms Healthcare Revenue – Is your Organization Ready?

• USENIX Security ’23 – Chen Chen, Rahul Kande, Nathan Nguyen, Flemming Andersen, and Aakash Tyagi, Ahmad-Reza Sadeghi, Jeyavijayan Rajendran – HyPFuzz: Formal-Assisted Processor Fuzzing

• Unlocking Seamless Experiences: Embracing Passwordless Login for Effortless Customer Registration and Authentication

• A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

• Documents about the NSA’s Banning of Furby Toys in the 1990s

• The Essential Guide to Incident Response and Cyber Resilience

• Chinese Coathanger malware hung out to dry by Dutch defense department

• New ResumeLooters Gang Targets Job Seekers, Steals Millions of Resumes

• Why and How to Extract Malware Configurations in a Sandbox

• Microsoft unveils Face Check for secure identity verification

• WhatsApp Chats Will Soon Work With Other Encrypted Messaging Apps

• CISA Adds One Known Exploited Vulnerability to Catalog

• Navigating the AI Frontier with Cisco

• Safer Internet Day: Cybersecurity Experts Weigh In

• Spotify Sees Record Subscriber Growth For 2023

• Securden Password Vault Review 2024: Security, Pricing, Pros & Cons

• 20 free cybersecurity tools you should know about

• Tech Giants Form Post-Quantum Cryptography Alliance

• ZeroFox to be Taken Private in $350 Million Deal

• EU Takes a Leap Forward with Cybersecurity Certification Scheme

• Watch Out for Phone Scams

• Telegram Emerges as Hub for Cybercrime, Phishing Attacks as Cheap as $230

• Critical infrastructure cyber law needed ‘more than ever,’ Parliament told

• Adaptiva launches risk-based prioritization capability for OneSite Patch

• $1,900 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in Cookie Information | Free GDPR Consent Solution WordPress Plugin

• Meta To Begin Labelling Other Companies’ AI Images

• What Is a Host-Based Firewall? Definition & When to Use

• HID Global Reader Configuration Cards

• HID Global Encoders

• A Guide to Effective Cloud Privileged Access Management

• EquiLend back in the saddle as ransom payment rumors swirl

• Millions of User Records Stolen From 65 Websites via SQL Injection Attacks

• US Uses Visa Restrictions in Struggle Against Spyware

• Malware-as-a-Service Now the Top Threat to Organizations

• Now Spyware links can lead to Visa restrictions

• Warning After Videos Show Apple Vision Pro Users Driving Teslas

• Mozilla Monitor’s new service removes your personal info from data broker sites automatically

• Innovation With a Security-First Mindset

• Elite Supplements: The Latest Aussie Business to Fall Victim to a Cyber Attack

• US Authorities Identify Iranian Connection in Recent Cybersecurity Breaches

• Bitdefender Email Protection identifies potentially dangerous content in webmail

• SailPoint unveils two sets of new offerings to help companies grow their identity security program

• Combat Phishing Attacks With AI-Powered Email Threat Protection: Packet Guide 2024

• Third-party breaches hit 90% of top global energy companies

• State of Malware 2024: What consumers need to know

• Cisco Motific reduces GenAI security, trust, and compliance risks

• Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services

• Beware: Fake Facebook Job Ads Spreading ‘Ov3r_Stealer’ to Steal Crypto and Credentials

• VT Livehunt Cheat Sheet

• Resonance Hires Cybersecurity Pro George Skouroupathis As Its Offensive Security Engineer

• Cloudflare Server Compromised Due to Leaked Access Token in Okta Breach

• Eight emerging areas of opportunity for AI in security

• Rethinking Cybersecurity: Why Platform Consolidation is the Future

• Why an HR-IT Partnership is Critical for Managing Cybersecurity Risk

• Spoutible API exposed encrypted password reset tokens, 2FA secrets of users

• Known ransomware attacks up 68% in 2023

• Menlo Ventures’ vision for the future of security for AI

• DeepMind’s GenEM uses LLMs to generate expressive behaviors for robots

• 9 Best Cybersecurity Certifications to Get in 2024

• Safer Internet Day, or why Brad Pitt needed an internet bodyguard

• Canon Patches 7 Critical Vulnerabilities in Small Office Printers

• A Chicago Children’s Hospital Has Taken Its Networks Offline After a Cyberattack

• The Future of Rollouts: From Big Bang to Smart and Secure Approach to Web Application Deployments

• Hackers Exploit APAC Job Boards: Analysis and Key Takeaways

• Double trouble for Fortinet customers as pair of critical vulns found in FortiSIEM

• Government hackers targeted iPhones owners with zero-days, Google says

• eBPF wrapped 2023

• Red Hat and RISC-V: To the far edge and beyond

• Main Types of Patch Management Solutions: A Decision-Making Guide

• SOC 2 Audit: The Essentials for Data Security and Compliance

• Software supply chain security: Upgrade your AppSec for a new era

• The Cloudflare source code breach: Lessons learned

• Delinea appoints Kate Reed as CMO

• OpenText Fortify Audit Assistant increases developer efficiency by reducing noise and false positives

• Akamai Content Protector detects and mitigates evasive scrapers

• Chinese Tablet Vendors Post Strong Growth Amid Global Slump

• Resonance Hires Cybersecurity Pro George Skouroupathis As Its Offensive Security Lead

• Researchers Unvield the Sophisticated Ransomware Used by Black Hunt

• Joint Statement on Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities

• Attack surface management platform Ionix adds another $15M to its $27M Series A round

• Paving the Way to a More Inclusive Future

• How Cisco, together with Apple, is tackling the next frontier of hybrid work — spatial computing

• Hacker Conversations: Rob Dyke on Legal Bullying of Good Faith Researchers

• Critical Remote Code Execution Vulnerability Patched in Android

• EasyDMARC VS Proofpoint DMARC

• Safer Internet Day: Two Million Brits Victims of Financial Identity Fraud

• Early Apple Vision Pro Users Find Pitfalls, Hidden Gems

• Multiple Container Flaws Allow Attackers to Access the Host OS

• NinjaOne raises $231.5 million to boost product innovation

• Meta’s Oversight Board Urges a Policy Change After a Fake Biden Video

• U.S. Gov imposes visa restrictions on individuals misusing Commercial Spyware

• Fragmented cybersecurity vendor landscape is exacerbating risks and compounding skills shortages, SenseOn research reveals

• Google Links Over 60 Zero-Days to Commercial Spyware Vendors

• Security Breach at AnyDesk: Production Servers Hacked, Password Reset

• Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data

• How a $10B Enterprise Customer Drastically Increased their SaaS Security Posture with 201% ROI by Using SSPM

• 2054, Part II: Next Big Thing

• ResumeLooters target job search sites in extensive data heist

• IBM LinuxONE 4 Express protects sensitive private data

• Latest Ivanti Zero Day Exploited By Scores of IPs

• UK EV Maker Arrival Collapses Into Administration

• The Dangers of Default: Cybersecurity in the Age of Intent-Based Configuration

• ThinkCyber and Plexal Join BT as Sponsors of The Most Inspiring Women in Cyber Awards 2024

• New kids on the ransomware block in 2023: Akira and 8Base lead dozens of newbies

• Cisco introduces new integrations across networking and security portfolios

• Hackers Exploit Job Boards in APAC, Steal Data of Millions of Job Seekers

• US Cracks Down on Spyware with Visa Restrictions

• AI In Your Pocket

• Yandex Parent To Sell Russian Operations

• What is SaaS Sprawl? Guide to Combating SaaS Security Risks

• Singapore removes personal data collected for COVID-19 contact tracing

• Save $500 on This Unique Web-Based Cybersecurity Training Program for a Limited Time

• Lagging Mastodon admins urged to patch critical account takeover flaw (CVE-2024-23832)

• ResumeLooters Gang Raids Retail and Job Site Data

• Security Risks of Kubernetes Helm Charts and What to do About Them

• Adversary infrastructures tracked in 2023

• How are user credentials stolen and used by threat actors?

• Phone Scam Siphons Over $200,000 from Bank Account Holder

• Connect, Secure, Assure Every Digital Experience Everywhere

• Staying Connected and Protected in a Highly Distributed World with Cisco Secure Networking

• Unlock Rapid, Trusted Delivery of Generative AI Applications

• HPE is investigating claims of a new security breach

• iOS sideloading & alternative app stores: Preparing for increased brand risk this March

• Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation

• The Tech Jobs That AI Will Not Disrupt

• 3 New Risks That CISOs Will Face in 2024

• How Small and Mid-Sized Businesses Can Achieve System and Organization Controls (SOC 2) Compliance

• Closing the Gap: Safeguarding Critical Infrastructure’s IT and OT Environments

• Five 5 benefits of having a cyber insurance cover on hand

• 3 ways to achieve crypto agility in a post-quantum world

• How CISOs navigate policies and access across enterprises

• U.S. Imposes Visa Restrictions on those Involved in Illegal Spyware Surveillance

• 10 must-read cybersecurity books for 2024

• Exploring NIST Cybersecurity Framework 2.0

• Paying ransoms is becoming a cost of doing business for many

• Cybersecurity for E-commerce Websites: Protecting Customer Data

• UK, France Host Conference to Tackle ‘Hackers for Hire’

• Google throws $1M at Rust Foundation to build C++ bridges

• The Role of Machine Learning in Cybersecurity

• Are you sure you want to share that with ChatGPT? How Metomic helps stop data leaks

• CVE-2024-21893: Another Ivanti Vulnerability Exploited in the Wild. Verify with NodeZero Today!

• Navigating Cybersecurity Budget Constraints for K-12 Schools

Generated on 2024-02-07 23:56:03.267219