IT Security News Daily Summary 2024-02-23

• Hackers Leak 2.5M Private Plane Owners’ Data Linked to LA Intl. Airport Breach

• Microsoft released red teaming tool PyRIT for Generative AI

• EFF Urges Ninth Circuit to Reinstate X’s Legal Challenge to Unconstitutional California Content Moderation Law

• February 2024 Web Server Survey

• Avast Hit With $16.5 Million Fine for Selling Customer Data

• U-Haul tells 67K customers that cyber-crooks drove away with their personal info

• Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024

• Get the most out of Microsoft Copilot for Security with good prompt engineering

• Announcing Microsoft’s open automation framework to red team generative AI Systems

• Breaking news: RCMP facing ‘alarming’ cyber attack

• Sintrex Wins 2024 ThousandEyes Integration Partner of the Year EMEA

• Ransom-War Escalation: The New Frontline in Cyber Warfare

• Reducing Burnout and Increasing SOC Retention: How Leaders Can Improve Their Employees’ Lives and Improve Security

• Daniel Stori’s ‘Rest Easy, Sysadmin’

• EFF Opposes California Initiative That Would Cause Mass Censorship

• Dormant PyPI Package Compromised to Spread Nova Sentinel Malware

• Advocating for Inclusion in Tech

• The Future of MATIC and What to Expect in 2024

• USENIX Security ’23 – Hui Peng, Zhihao Yao, Ardalan Amiri Sani, Dave (Jing) Tian, Mathias Payer – GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation

• Secure Your API With These 16 Practices With Apache APISIX (Part 1)

• Using SD-WAN for securing distributed renewable energy

• Spyware leak offers ‘first-of-its-kind’ look inside Chinese government hacking efforts

• AIs Hacking Websites

• Navigating Cybersecurity Challenges with the Essential Eight

• Joomla! patches XSS flaws that could lead to remote code execution

• LockBit identity reveal a bigger letdown than Game of Thrones Season 8

• Operation Cronos: Who Are the LockBit Admins

• $2,063 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in Ultimate Member WordPress Plugin

• AT&T Denies Outage Was Due To Cyberattack

• Signal21 Beta Launch Bridges Gap in Blockchain Intelligence Services

• Enabling Compliance and Security in AI-Driven, Low-Code/No-Code Development

• New Facebook Funeral Scam Targets Grieving Families

• Calling, the Cloud, and the New Era of Collaboration

• Analysis: AI-Driven Online Financial Scams Surge

• Cybersecurity Breach Hits Global Software Developer PSI Software SE

• Indian Authorities Probes Data Breach Concerns Involving PMO and EPFO

• Repeat Ransomware attacks on 78% of victims who pay

• What Is an Application Level Gateway? How ALGs Work

• Tips To Help GitHub Admins Prepare A Company For SOC 2 And ISO 27001 Audits

• The Use of Machine Learning in Cybersecurity: Threat Detection and Prevention

• Hackers Exploit ConnectWise Bugs to Deploy LockBit Ransomware

• Intuitive Machines Becomes First Commercial Firm To Land On Moon

• What Is Identity and Access Management (IAM)?

• In Other News: Spyware Vendor Shutdown, Freenom-Meta Settlement, 232 Threat Groups

• Apple Shortcuts Vulnerability Exposes Sensitive Information

• Toward Better Patching — A New Approach with a Dose of AI

• Watch Now: Cloudy With a Chance of Threats: The Active Threat Landscape in the Cloud

• Securing Sensitive Information in Cloud Repositories

• Exploring the Spike in Data Breaches in 2023

• How to Properly Handle Cyber Security Incident Management

• Update now! ConnectWise ScreenConnect vulnerability needs your attention

• Tips on meeting complex cloud security challenges

• ICO Bans Serco Leisure’s Use of Facial Recognition for Employee Attendance

• NSFOCUS Innovative DDoS Protection Technology Secures Your Network Perimeter

• Organizations Unprepared to Face Cloud Security Threats

• Intruders in the Library: Exploring DLL Hijacking

• Deepfake Threat: $2 Deceptive Content Undermines Election Integrity

• Exploring the Nexus Between DevSecOps and Cybersecurity

• Bridging innovation and standards compliance: Red Hat’s drive towards the next-generation of government computing standards

• Delivering a better view of system vulnerabilities with Red Hat Insights

• Cyber Security Today, Feb. 23, 2024 – A cyber warning on the second anniversary of Russia’s invasion of Ukraine, and more LockBit news

• GM Cruise To Resume Robotaxi Tests On Public Roads – Report

• 230k Individuals Impacted by Data Breach at Australian Telco Tangerine

• ‘SlashAndGrab’ ScreenConnect Vulnerability Widely Exploited for Malware Delivery

• How to Use Tines’s SOC Automation Capability Matrix

• Microsoft Releases PyRIT – A Red Teaming Tool for Generative AI

• As India Prepares for Elections, Government Silences Critics on X with Executive Order

• ALPHV Ransomware Strikes: LoanDepot and Prudential Financial Targeted

• Checklist: Network and Systems Security

• Avast ordered to pay $16.5 million for misuse of user data

• 78% of Organizations Suffer Repeat Ransomware Attacks After Paying

• Microsoft Releases Red Teaming Tool for Generative AI

• AT&T Says the Outage to Its US Cellphone Network Was Not Caused by a Cyberattack

• CISA And FBI Share Cyber Attack Defenses For Securing Water Systems

• Cyber Mindfulness Corner Company Spotlight: Jamf

• MIWIC24: Plexal Alumni Receive Multiple Nominations From Peers at This Year’s Awards

• Hackers are exploiting ConnectWise flaws to deploy LockBit ransomware, security experts warn

• New Infostealer Malware Attacking Oil and Gas Industry

• Researchers Detail Apple’s Recent Zero-Click Shortcuts Vulnerability

• X protests forced suspension of accounts on orders of India’s government

• New infosec products of the week: February 23, 2024

• The old, not the new: Basic security issues still biggest threat to enterprises

• Cyber Attack news headlines trending on Google

• Top 7 best Practices for Mobile Security in a BYOD Environment

• 2024 will be a volatile year for cybersecurity as ransomware groups evolve

• Secure email gateways struggle to keep pace with sophisticated phishing campaigns

• Business Data Backup and Recovery Planning

• Cybersecurity in the Age of Remote Work

• 92% of companies eyeing investment in AI-powered software

• Leaked documents may show the inside of China’s hacking strategy

• FTC Slams Avast with $16.5 Million Fine for Selling Users’ Browsing Data

• The Real Deal About ZTNA and Zero Trust Access

• Is the Justice Department Even Following Its Own Policy in Cybercrime Prosecution of a Journalist?

• Here Are the Secret Locations of ShotSpotter Gunfire Sensors

• UnitedHealth says Change Healthcare hacked by nation state, as pharmacy outages drag on

• CISA orders federal agencies to fix ConnectWise ScreenConnect bug in a week

• Avast shells out $17M to shoo away claims it peddled people’s personal data

• Cybersecurity’s Class Conundrum

• Leak Reveals the Unusual Path of ‘Urgent’ Russian Threat Warning

• FTC charged Avast with selling users’ browsing data to advertising companies

• IT Security News Daily Summary 2024-02-22

• Identify Weak Links in Your Application Stack – Part 2, Anomaly Detection

• Cyberattack downs pharmacies across America

• USENIX Security ’23 – Junjie Wang, Zhiyi Zhang, Shuang Liu, Xiaoning Du, Junjie Chen – FuzzJIT: Oracle-Enhanced Fuzzing for JavaScript Engine JIT Compiler

• Playbooks on-prem

• FTC Accuses Avast of Selling Customer Browsing Data to Advertisers

• The best VPN routers of 2024

• Leak Shows Alarm in Congress Over a Russian ‘Threat’ Is a Real Anomaly

• Webex Connect’s Second Quarter

• “Beyond the border scam”, pay attention to the instance of the new Nigerian fraud

• Authorities dismantled LockBit before it could unleash revamped variant

• Google To Pause Gemini AI’s Image Generation Of People

• cloud architect

• FTC bans antivirus giant Avast from selling its users’ browsing data to advertisers

• Coming Soon to Wi-SUN Field Area Network: Versatility to connect sensors with low power and high throughput capabilities

• Top Cyber Threats Automotive Dealerships Should Look Out For

• TikTok’s latest actions to combat misinformation shows it’s not just a U.S. problem

• 6 Best Open Source IAM Tools in 2024

• Secure Coding – A critical skill in today’s threat landscape

• NSA Spying Shirts Are Back Just In Time to Tell Congress to Reform Section 702

• Gartner Predicts Concerns For Enterprises Using Cloud-based Generative AI

• AT&T Outage Disrupts Service for Millions of Users Across US

• Hiding Data in DB2

• Threat Hunting Powered by Efficient and Straightforward Anomaly Detection on Your Data Lake

• Imperva successfully defends against CVE-2024-25600 in WordPress Bricks Builder

• Randall Munroe’s XKCD ‘Crossword Constructors’

• PRC State Hacking: ‘Chinese Edward Snowden’ Spills I‑Soon Secrets in Huge Dump of TTPs

• Researchers Unveil Sound-Based Attack: Swipe Sounds Used to Recreate Fingerprints

• Nvidia Nears $2 Trillion Value, As AI Boosts Profits, Sales

• Apple Shortcuts Vulnerability Exposes Sensitive Data, Update Now!

• Bring us the head of LockBit! $15 million bounty offered for information on leaders of notorious ransomware gang

• 5 Best Free Password Managers for 2024

• New Image/Video Prompt Injection Attacks

• Indian SMEs Lead in Cybersecurity Preparedness and AI Adoption

• UK Led Global Operations Disrupt LockBit’s Criminal Network

• Cactus Ransomware Strikes Schneider Electric, Demands Ransom

• UOB, Samsung Back Singapore’s Startale Labs in $7 Million Web3 Push

• How to Analyse Linux Malware in ANY.RUN

• Securing the power grid: Are you ready for NERC CIP’s upcoming mandate?

• Why ransomware gangs love using RMM tools—and how to stop them

• Eye Care Services Firm Faces Lawsuit Over Data Breach Impacting 2.3 Million

• Apple Unveils PQ3 Protocol – Post-Quantum Encryption for iMessage

• Common Cybersecurity Threats and How To Protect Yourself

• CISA Adds One Known Exploited Vulnerability to Catalog

• CISA Releases One Industrial Control Systems Advisory

• Delta Electronics CNCSoft-B DOPSoft

• ConnectWise Says ScreenConnect Flaw Being Actively Exploited

• SMBs at Risk From SendGrid-Focused Phishing Tactics

• IBM and Cisco: A Powerful Partnership Unveiled at Cisco Live EMEA

• Multiple XSS flaws in Joomla can lead to remote code execution

• Threat Actors Quick to Abuse ‘SSH-Snake’ Worm-Like Tool

• Russian Turla Cyberspies Target Polish NGOs With New Backdoor

• Toshiba and Orange offer quantum secure data transmission with utmost security

• Intel Signs Microsoft As Foundry Customer

• Securing the Digital Frontline: Cybersecurity Trends and Best Practices in Networking

• AT&T Cell Service Outage in United States – Analysis Report

• Ukrainian police arrest father and son in suspected LockBit affiliate double act

• An Online Dump Of Chinese Hacking Documents Offers A Rare Window Into Pervasive State Surveillance

• ConnectWise Exploit Could Spur Ransomware Free-For-All

• VMware Issues No Patch Advisory For Critical Flaw In Old SSO Plugin

• Oh Geez The Coast Guard Is Just Now Going To Think About Infosec?

• Threat Actors Quick To Abuse SSH-Snake Worm-Like Tool

• Change Healthcare Cyber-Attack Leads to Prescription Delays

• Google To Manufacture Pixel Smartphones In India – Report

• Tenable: Cyber Security Pros Should Worry About State-Sponsored Cyber Attacks

• State Department Puts Up $10 Million for Info on LockBit Leaders

• Wordfence Intelligence Weekly WordPress Vulnerability Report (February 12, 2024 to February 18, 2024)

• Why one in 20 people fall for dating scams – and how to not be one of them

• IoMT device tips for healthcare IT departments

• US Government Issues Guidance on Securing Water Systems

• Webinar Today: Cloudy With a Chance of Threats: The Active Threat Landscape in the Cloud

• An Online Dump of Chinese Hacking Documents Offers a Rare Window Into Pervasive State Surveillance

• TEGWAR, AI and the FTC – Gov’t Agency Warns of Deceptive AI Contract Language

• Russian-Aligned Network Doppelgänger Targets German Elections

• Bluzelle’s Curium App Makes Crypto Earning Effortless

• Apex Code Vulnerabilities Let Hackers Steal Salesforce Data

• Leak of China’s Hacking Documentation Stunned Researchers

• 5 tips for securing SSH on your Linux server or desktop

• New Leak Shows Business Side of China’s APT Menace

• Palo Alto Networks and Kyndryl: Unlocking Industry 4.0 with Private 5G

• New Cybereason ‘True Cost to Business Study 2024’ Reveals it Still Doesn’t Pay to Pay

• Techstrong Research: Navigating the Future of Security With Resilience

• IBM Signals Major Paradigm Shift as Valid Account Attacks Surge

• GitHub Copilot makes insecure code even less secure, Snyk says

• Develop Advanced Cybersecurity Skills for Just $80

• OWASP Releases Security Checklist Generative AI Deployment

• TinyTurla-NG in-depth tooling and command and control analysis

• From childhood curiosity to Cisco’s FIFA Women’s World Cup all-female Dream Team

• To win against cyber attackers at Super Bowl LVIII, the NFL turns to Cisco XDR

• US Offering $10M for LockBit Leaders as Law Enforcement Taunts Cybercriminals

• Change Healthcare Cyberattack Causes Significant Disruption

• Microsoft begins broadening free cloud logging capabilities

• Cyber Pros Embrace AI, Over 80% Believe It Will Enhance Jobs

• IT Email Templates: Security Alerts

• Signal to shield user phone numbers by default

• Terra’s Do Kwon Should Be Extradited to US, Montenegro Court Rules

• TikTok safety for schools: K-12 best practices

• Apple Approves Fake App Before Real Rabby Wallet, Users’ Funds Stolen

• US to Pay $15M for Info About Lockbit Ransomware Operator Data

• Beware of New AsukaStealer Steal Browser Passwords & Desktop Screens

• Employees input sensitive data into generative AI tools despite the risks

• Russian Government Software Backdoored to Deploy Konni RAT Malware

• A New Age of Hacktivism

• Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks

• Customizing Security with Security Configuration Management (SCM)

• Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708)

• Chinese Duo Found Guilty of $3m Apple Fraud Plot

• Ransomware Warning as CVSS 10.0 ScreenConnect Bug is Exploited

• A Comprehensive Guide on GraphQL Testing

• Scattered Spider laying new eggs

• UK government seeks to strengthen national cyber resilience

• Earth Preta Hackers Abuses Google Drive to Deploy DOPLUGS Malware

• LockBit Attempts to Stay Afloat With a New Version

• Swiggy Account Hacked, Hackers Placed Orders Worth Rs 97,000

• Digital Deception at the Ballot Box: The Shadow Machinery of Election Manipulation: How Deepfake Technology Threatens the 2024 U.S. Elections

• New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

• SASE Survey Reveals User Experience Is Top of Mind

• Giant leak reveals Chinese infosec vendor I-Soon is one of Beijing’s cyber-attackers for hire

• Cloud-Native Data Security Posture Management Deployments on AWS with Symmetry Systems

• A step-by-step plan for safe use of GenAI models for software development

• Air Canada AI Chatbot spreads misinformation only to fetch hefty legal penalty

• U.S. Offers $15 Million Bounty to Hunt Down LockBit Ransomware Leaders

• Attack velocity surges with average breakout time down to only 62 minutes

• Wire fraud scams escalate in real estate deals

• Cybersecurity fears drive a return to on-premise infrastructure from cloud computing

• MSPs undergo transformation in response to persistent cyber threats

• Safe Clones With Ansible

• Facebook Marketplace – 77,267 breached accounts

• Threat Brief: ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709)

• Top 5 Cybersecurity Risks Facing Businesses Today

• Face off: Attackers are stealing biometrics to access victims’ bank accounts

• 2024-02-21 – Parrot TDS –> SogGholish –> Aysnc RAT

Generated on 2024-02-23 23:55:47.094989