IT Security News Daily Summary 2024-02-15

• Don’t Fall for the Latest Changes to the Dangerous Kids Online Safety Act

• Feds dismantle Russian GRU botnet built on 1,000-plus home, small biz routers

• FBI Shuts Down Warzone RAT; Cybercriminals Arrested

• Feds Disrupt Botnet Used by Russian APT28 Hackers

• Cyber Signals: Navigating cyberthreats and strengthening defenses in the era of AI

• Staying ahead of threat actors in the age of AI

• Your Free Upgrade to Cisco Secure Client Awaits

• Spyware startup Variston is losing staff, some say it’s closing

• US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

• Pentagon launches nuke-spotting satellites amid Russian space bomb rumors

• How To Monitor Kubernetes Audit Logs

• 9 tips to protect your family against identity theft and credit and bank fraud

• FBI Dismantles Ubiquiti Router Botnet Controlled by Russian Cyberspies

• Siemens SCALANCE XCM-/XRM-300

• Siemens RUGGEDCOM APE1808

• Siemens Location Intelligence

• Siemens SIDIS Prime

• Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization

• A cyberattack halted operations at Varta production plants

• Complexity and software supply chain security: 5 key survey takeaways

• Why the toothbrush DDoS story fooled us all

• The best travel VPNs of 2024: Expert tested and reviewed

• Ransomware disrupts utilities, infrastructure in January

• Inadaquate ID authentication blamed for 2020 data thefts at Canada Revenue, ESDC

• Microsoft To Invest €3.2 billion In Germany, Mirroring UK Investment

• Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023

• Cyber Resilience – Beyond Cyber Security

• An Interview With Jeffrey Stephens

• Cybersecurity Preparedness 2024

• Digital Technologies Power Global Operations but Present Growing Risks

• Cyberattacks on Hospitals Are Likely to Increase, Putting Lives at Risk, Experts Warn

• New Security Advisory Tab Added to the Microsoft Security Update Guide

• New TicTacToe Dropper Steals Data, Spreads Multiple Threats on Windows

• Rely on Authy desktop apps? You have one month to switch your 2FA, or else

• Cargo Security, Subversive Crime, and Insider Risk

• Australian Parliament Calls For Return Of Julian Assange

• Massive utility scam campaign spreads via online ads

• “TicTacToe Dropper” Malware Distribution Tactics Revealed

• How to Analyse an Advanced Phishing Attack with ANY.RUN Threat Intelligence Lookup

• Siemens SCALANCE W1750D

• Hacking Microsoft and Wix with Keyboard Shortcuts

• NIST Cybersecurity Framework Policy Template Guide – 2024

• Mitigating AI security risks

• USENIX Security ’23 – *Distinguished Paper Award Winner* – Tight Auditing of Differentially Private Machine Learning

• Wordfence Intelligence Weekly WordPress Vulnerability Report (February 5, 2024 to February 11, 2024)

• Waymo Recalls Hundreds Of Vehicles Over Software Error

• Nexo Teams Up with Sift for Enhanced Digital Security and User Experience

• North Korea-linked actors breached the emails of a Presidential Office member

• Android/SpyNote Moves to Crypto Currencies

• Prudential Financial Faces Cybersecurity Breach

• Will VPN Security Vulnerabilities Accelerate ZTNA Adoption?

• LockBit claims cyberattack on Indian broker Motilal Oswal

• Award-Winning Centralized Platform Helps Unlock Value Through Simplicity

• Zoom stomps critical privilege escalation bug plus 6 other flaws

• Cyberattack Disrupts Production at Varta Battery Factories

• FTC Warns AI Companies About Changing Policies to Leverage User Data

• Data Disaster: 33 Million French Citizens at Risk in Massive Leak

• 23andMe Is On The Ventilator. Its CEO Remains ‘Hopeful’

• Bank of America’s Security Response: Mitigating Risks After Vendor Data Breach

• SEC admits on Twitter X that security lapses led to account hack

• The Noticeable Shift in SIEM Data Sources

• Rhysida ransomware cracked! Free decryption tool released

• Feds Want To Ban The World’s Cutest Hacking Device. Experts Say It’s A Scapegoat

• Just-in-Time Access (JIT Access) Explained: How It Works, Importance, Benefits

• France Cyber Attack – Data Breaches Compromise 33 Million People’s Data

• NIST Cybersecurity Framework Policy Template Guide

• Identity Governance Has a Permission Problem

• Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries

• Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor

• New York City Sues Social Media Firms Over Youth Mental Health

• New iOS Trojan “GoldPickaxe” Steals Facial Recognition Data

• Why Sequoia is funding open source developers via a new equity-free fellowship

• The Cyber Scheme launches training course for IoT/ICS security testers

• New Wi-Fi Authentication Bypass Flaws Expose Home, Enterprise Networks

• No Security Scrutiny for Half of Major Code Changes: AppSec Survey

• ESET Patches High-Severity Privilege Escalation Vulnerability

• BigID unveils access intelligence capabilities for security, risk, and AI compliance

• Eclypsium: Ivanti firmware has ‘plethora’ of security issues

• How to craft cyber-risk statements that work, with examples

• IGAaaS Vs. On-Premises IGA Solutions: A Comparative Analysis

• Eureka Security Extends DSPM Reach to File Sharing Services

• Mitek MiControl empowers financial institutions to detect check fraud

• NICE Actimize introduces generative AI-based solutions designed to fight financial crime

• OpenAI Shuts Down Accounts Used to Generate Phishing Emails & Malware

• Cybercriminals are stealing Face ID scans to break into mobile banking accounts

• Crypto-Money Laundering Records 30% Annual Decline

• Getting to Know Muhammad Yahya Patel

• “Dr. Zero Trust” Chase Cunningham Joins Keeper Security Public Sector Advisory Board

• Infoblox SOC Insights reduces critical security operations challenges

• TinyTurla Next Generation – Turla APT spies on Polish NGOs

• Enhanced Cybersecurity with Cisco Secure Endpoint and Vulnerability Management

• iptables vs nftables in Linux: What is The Difference?

• Critical PixieFail Vulnerabilities Lead to RCE and DoS Attacks

• The Principles for Package Repository Security: An Overview

• Unlocking Innovation with Confidence: How Eureka Security Empowers Tech Companies in the Cloud | Eureka Security

• Keeping the Vaults Secure: How Eureka Security Safeguards Financial Data in the Cloud | Eureka Security

• Cisco Confirms It Will Cut More Than 4,000 Jobs

• On the Insecurity of Software Bloat

• Bitwarden adds event logs and self-hosting capabilities to its Passwordless.dev toolkit

• Battery maker Varta halts production after cyberattack

• Facebook Marketplace users’ stolen data offered for sale

• DDoS Hacktivism is Back With a Geopolitical Vengeance

• Microsoft Warns of Exploited Exchange Server Zero-Day

• Microsoft, OpenAI Confirm Nation-States are Weaponizing Generative AI in Cyber-Attacks

• Musk Confirms SpaceX Incorporation Moved From Delaware To Texas

• Incident Response Policy

• How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

• CPS Insights helps organizations analyze and visualize their healthcare privacy data

• Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks

• CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog

• iOS users beware: GoldPickaxe trojan steals your facial data

• GoldPickaxe Trojan Blends Biometrics Theft and Deepfakes to Scam Banks

• DNS Server Vulnerability: Single DNS Packet can Bring Down the System

• Microsoft Patch Tuesday 2024: 73 Security Flaws, Including Two 0-Days Patched

• Protecting Yourself on the Go: Cybersecurity Tips for Travelers

• Miscreants turn to ad tech to measure malware metrics

• Cybersecurity as a Revenue Driver: Insights for MSPs

• Nation-state actors are using AI services and LLMs for cyberattacks

• European Court of Human Rights declares backdoored encryption is illegal

• AI outsourcing: A strategic guide to managing third-party risks

• Cloud-Native Security Challenges and Solutions

• Riding Dragons: capa Harnesses Ghidra

• Cyber Attack news headlines trending on Google

• Collaboration at the core: The interconnectivity of ITOps and security

• 5 free digital forensics tools to boost your investigations

• Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyber Attacks

• Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation

• North Korea running malware-laden gambling websites as-a-service

• Understanding the tactics of stealthy hunter-killer malware

• AI PC shipments are expected to surpass 167 million units by 2027

• Threat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (Volt Typhoon)

• Data Privacy Laws Around the World: A Comprehensive Guide

• Cisco Announces It is Laying Off Thousands of Workers

• New HijackLoader Malware Uses Advanced Techniques to Avoid Detection

• CISA, FBI, EAC and USPIS Release Election Mail Handling Procedures to Protect Against Hazardous Materials

• OpenAI shuts down China, Russia, Iran, N Korea accounts caught doing naughty things

• EFF to Court: Strike Down Age Estimation in California But Not Consumer Privacy

• Hip Hip Hooray For Hipster Antitrust

• 2024-02-14 – Danabot infection from Italian malspam

• Network Security: A Top Priority for Healthcare Organizations

• IT Security News Daily Summary 2024-02-14

• Menlo Security report: Cybersecurity risks surge with AI adoption

• Microsoft, OpenAI warn nation-state hackers are abusing LLMs

• 200,000 Facebook Marketplace User Records Leaked Online

• Abusing the Ubuntu ‘command-not-found’ utility to install malicious packages

• C can be memory safe, part 2

• China’s Volt Typhoon spies broke into emergency network of ‘large’ US city

• ChatGPT Down? Anonymous Sudan Claims Responsibility for DDoS Attacks

• DuckDuckGo’s encrypted syncing brings private browsing to all your devices

• IBM, ISC2 Offer Cybersecurity Certificate

• Initial Access Broker Landscape in NATO Member States on Exploit Forum

• ALERT: Thieves❤️Wi-Fi Camera Jammers

• Randall Munroe’s XKCD ‘Sphere Tastiness’

• USENIX Security ’23 – What Are the Chances? Explaining the Epsilon Parameter in Differential Privacy

• Microsoft Catches APTs Using ChatGPT for Vuln Research, Malware Scripting

• ALERT: Thieves❤️Wi-Fi Camera Jammers

• Microsoft, OpenAI Catch China, Russia Using AI Tools For Hacking

• Overworld secures $10M for cross-platform ARPG development

• Google Threat Analysis Group’s Spyware Research: How CSVs Target Devices and Applications

• Who’s the Boss? Teaming Up With AI in Security

• ALERT: Thieves❤️Wi-Fi Camera Jammers

• Google’s Threat Analysis Group’s Spyware Research: How CSVs Target Devices and Applications

• What Is Stateful Inspection in Network Security? Ultimate Guide

• US Air Force’s new cyber, IT skill recruitment plan: Bring back warrant officer ranks

• ALERT: Thieves❤️Wi-Fi Camera Jammers

• Google, EDF To Track Methane Leaks From Space

• How to Use LogMeOnce Step-by-Step Guide

• ALERT: Thieves❤️Wi-Fi Camera Jammers

• American Express Faces Criticism Over Weak Password Policies

• How to Analyze the MITRE Engenuity ATT&CK® Evaluations: Enterprise

• K8s Network Policy Automation in Falco Talon

• BMW security lapse exposed sensitive company information, researcher finds

• A Free Decryptor Tool for Rhysida Ransomware is Available

• ALERT: Thieves❤️Wi-Fi Camera Jammers

• Cyber Risk Management: Bring Security to the Boardroom

• Upcoming Speaking Engagements

• Prudential Financial finds cybercrims lurking inside its IT systems

• Security priorities for 2024: Skills development, AI and more, says report

• Water Hydra’s Zero-Day Attack Chain Targets Financial Traders

• Bitcoin Rise Sees Market Cap Cross $1 Trillion

• 5 Ways to Maximize the Impact of IaC Scans

• U.S. Internet Leaked Years of Internal, Customer Emails

• The Managed Services Surge: Insights from Cisco Live EMEA

• South Korea Says Presumed North Korean Hackers Breached Personal Emails of Presidential Staffer

• What Meta’s Mark Zuckerberg Thinks Of Apple Vision Pro Headset

• Reflecting on the Parkland tragedy, its lasting impacts, and work still to be done

• Section 702 Surveillance Fight Pits the White House Opposite Reproductive Rights

• Zoom fixed critical flaw CVE-2024-24691 in Windows software

• Cyber gaps in the supply chain — Bank of America breached in another vendor cyberattack

• TicTacToe Dropper

• Security review for Microsoft Edge version 121

• Romanian hospital ransomware crisis attributed to third-party breach

• New book: ‘Facebook: Sins & Insensitivities’

• Malware Masked as a Visual Studio Update Poses a Threat to macOS

• The Reasons Behind Companies’ Reversal of Cloud Migration

• How are state-sponsored threat actors leveraging AI?

• PII Input Sparks Cybersecurity Alarm in 55% of DLP Events

• Black Basta Ransomware targets Southern Water

• Securing Applications Throughout the Software Development Lifecycle

• Check Point Research Unveils Critical #MonikerLink Vulnerability in Microsoft Outlook with a 9.8 CVSS Severity Score

• Leverage the Power of a Cloud Operating Model to Streamline IT Operations

• 55% of Generative AI Inputs Include Sensitive Data: Menlo Security

• Cyber Security Today, Feb. 14, 2024 – Get cracking on Patch Tuesday security fixes

• What?s Next for Akamai?s Cloud Computing Strategy

• SEC Chairman Calls For AI Caution, Cites Financial Stability Risk

• What is a Passkey? Definition, How It Works and More

• What is cybersecurity mesh and how can it help you?

• UK utility giant Southern Water says hackers stole personal data of hundreds of thousands of customers

• Ransomware Attack Hits Dozens Of Romanian Hospitals

• Deepfake Proofing The President: What Is Cryptographic Verification?

• Zoom Patches Critical Vulnerability In Windows Applications

• Total Amount Invested In Bitcoin Back Above $1 Trillion

• Prudential Financial Discloses Data Breach

• Kubernetes Security Firm KTrust Emerges From Stealth With $5.3M in Funding

• Here’s How to Choose the Right AI Model for Your Requirements

• 13 Security Flaws in Adobe Acrobat & Reader Allows Remote Code Execution

• Protecting Your Heart and Wallet Against Phishing This Valentine’s Day

• Fortinet vs Palo Alto NGFWs: Complete 2024 Comparison

• How ransomware changed in 2023

• Appdome unveils Geo Compliance suite to thwart spoofing and enhance mobile app security

• Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyberattacks

• Iranian Hackers Target Israel and US to Sway Public Opinion in Hamas Conflict

• LogMeOnce Review (2024): Is It a Safe & Reliable Password Manager?

• Who’s the Boss? Teaming up with AI in Security

• Python’s Colorama Typosquatting Meets ‘Fade Stealer’ Malware

• Imperva defends customers against CVE-2024-22024 in Ivanti products

• The Added Value of SNI-Only Mode in Imperva Cloud WAF

• The Channel can help SMEs protect themselves from increasing security threats

• Malwarebytes crushes malware all the time

• Chipmaker Patch Tuesday: AMD and Intel Patch Over 100 Vulnerabilities

• Zoom Patches Critical Vulnerability in Windows Applications

• 3 Ways Insider Threats Put Your Company at Risk in 2024

• Infoblox Applies AI to DNS Traffic to Thwart Malware Infestations

• Playdapp’s $31M Token Heist and Silent Reward Controversy

• LOKKER introduces a feature to notify users if their website breaches various privacy laws

• Ubuntu ‘command-not-found’ Tool Could Trick Users into Installing Rogue Packages

• Static Application Security Testing

• A Complete Guide to Breach and Attack Simulation

• Unveiling the truth behind AI relationship chatbots

• US military notifies 20,000 of data breach after cloud email leak

• Update now! Microsoft fixes two zero-days on February Patch Tuesday

• New Integration: Domain Connect For Effortless DNS Management

• Valentine’s Day Scams Woo the Lonely-Hearted

• Armis acquires CTCI to improve pre-attack threat hunting technology

• How are attackers using QR codes in phishing emails and lure documents?

• Secure Network Analytics 7.5.0 Launch

• Southern Water cyberattack expected to hit hundreds of thousands of customers

• KeyTrap DNS Attack Could Disable Large Parts of Internet: Researchers

• VicOne xNexus offers contextualized insights into complex attack paths

• Cybersecurity Spending Expected to be Slashed in 41% of SMEs

• Improving the Cryptanalysis of Lattice-Based Public-Key Algorithms

• Albanian Authorities Accuse Iranian-Backed Hackers of Cyberattack on Institute of Statistics

• Windows Zero-Day Exploited in Attacks on Financial Market Traders

• Beyond the Hype: Questioning FUD in Cybersecurity Marketing

• Cyberhaven Linea AI protects vital corporate data

• Akto provides security assessments for GenAI models

• Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses

• Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

• Nvidia Now Worth More Than Amazon, Amid AI Chip Demand

• Resecurity partners with CyberPeace Foundation to address emerging cyber threats

• Zero-Day in QNAP QTS Affects NAS Devices Globally

• Bumblebee malware wakes from hibernation, forgets what year it is, attacks with macros

• KTrust launches an automated red team for Kubernetes security

• QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)

• Foreign hackers have been nestling in U.S. critical infrastructure for years

• Adobe Patch Tuesday fixed critical vulnerabilities in Magento, Acrobat and Reader

• SAP Patches Critical Vulnerability Exposing User, Business Data

• Seal Security raises $7.4 million to secure open source with GenAI

• Microsoft Fixes Two Zero-Days in February Patch Tuesday

• Protect Your Private Data With an iProVPN Lifetime Subscription for Under $30

• Three Cybersecurity Frameworks for School Systems

• Romantic AI Chatbots Fail the Security and Privacy Test

• How Sekoia Endpoint Agent works

• ‘AI Girlfriends’ Are a Privacy Nightmare

• Microsoft Patch Tuesday for February 2024 fixed 2 actively exploited 0-days

• Corporate users getting tricked into downloading AnyDesk

• ZLoader Now Attack 64-bit Windows: Live Analyse With ANY.RUN Sandbox

• Alert! 333% Surge in Hunter-Killer Malware that Bypasses Network Security Controls

• Patch Tuesday Update – February 2024

• DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability

• Cybersecurity Audits: Assessing and Improving Security Posture

• Phishing Threats: Trends and Countermeasures

• No formal education is needed for Cybersecurity Professionals say experts

• How to maintain security across multi cloud environments

• Rise in cyberwarfare tactics fueled by geopolitical tensions

• We can’t risk losing staff to alert fatigue

• Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days

• Stolen Credentials Make You Question Who Really Has Access

• Fabric: Open-source framework for augmenting humans using AI

• Australian Tax Office probed 150 staff over social media refund scam

• Cybercriminals get productivity boost with AI

• How to take control of personal data

• Tech Companies Plan to Sign Accord to Combat AI-Generated Election Trickery

• Threat actors intensify focus on NATO member states

• Crims found and exploited these two Microsoft bugs before Redmond fixed ’em

• Improving Software Quality with the OWASP BOM Maturity Model

• Declining Ransomware Payments: Shift in Hacker Tactics?

• Infosys Data Breach Impacts 57,000 Bank of America Customers

• Iranian cyberattacks targeting U.S. and Israeli entities

• Privacy Isn’t Dead. Far From It.

• Qmulos Launches Q-Compliance Core for Businesses in Need of a Modern Compliance Approach

• Just one bad packet can bring down a vulnerable DNS server thanks to DNSSEC

• Facebook Says Risk Of Account Theft From Recycled Phone Numbers Isn’t Its Problem To Solve

• USENIX Security ’23 – Chenghong Wang, David Pujol, Kartik Nayak, Ashwin Machanavajjhal – Private Proof-of-Stake Blockchains using Differentially-Private Stake Distortion

Generated on 2024-02-15 23:56:08.488735