IT Security News Daily Summary 2024-03-13

• Feds seek attestation on secure software

• Malwarebytes Premium blocks 100% of malware during external AVLab test

• Facebook VR Headsets Are Vulnerable To “Inception-Style” Hack

• Edgeless Systems Brings Confidential Computing to AI

• LockBit Affiliate Sentenced to 4 Years in Canada, Faces Extradition

• 6 Best Enterprise Password Managers for 2024 Rated

• HHS to Investigate Change’s Security in Wake of Crippling Cyberattack

• How data poisoning attacks work

• 5 Tips for Pi Day Savings at the Cisco Learning Network Store

• Okta says that leaked data is not their clients: Cyber Security Today for March 13th, 2024

• SAFECOM and NCSWIC Develop 911 Cybersecurity Resource Hub

• Microsoft’s February 2024 Patch Tuesday Addresses 2 Zero-Days and 73 Vulnerabilities

• ThreatDown achieves perfect score in latest AVLab assessment

• Fortinet fixes critical bugs in FortiOS, FortiProxy, and FortiClientEMS

• Randall Munroe’s XKCD ‘Physics vs. Magic’

• Meta Adds Messaging Interoperability For Whatsapp, Messenger

• Protect Yourself from Election Misinformation

• US Gives ByteDance Six Months To Divest TikTok Or Face Ban

• ChatGPT Plugins Exposed to Critical Vulnerabilities, Risked User Data

• Over 15,000 Roku accounts were breached. Here’s what you need to do

• Poking holes in Google tech bagged bug hunters $10M

• The ‘Emergency Powers’ Risk of a Second Trump Presidency

• Shift Left Exhaustion – Part 2: Smart Shift Left

• Researchers Disclose Proof of Concept for New GhostRace Attack

• Open Source Password Managers: Overview, Pros & Cons

• How Autonomous Vehicles are Revolutionizing the Last-Mile Logistics Industry

• How to update outdated software on Mac endpoints: Introducing ThreatDown VPM for Mac

• Chipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural Vulnerabilities

• Europe’s World-First AI Rules Get Final Approval From Lawmakers. Here’s What Happens Next

• LockBit Ransomware Affiliate Sentenced to Prison in Canada

• Google Splashes the Cash in Bug Bounty Bonanza: $59 Million to Date

• UK Joins EU’s Chip Research Program

• Research Reveals That Infostealers Target Healthcare Sector Data

• ChatGPT Extensions Could be Exploited to Steal Data and Sensitive Information

• USENIX Security ’23 – Dilawer Ahmed, Aafaq Sabir, Anupam Das – Spying Through Your Voice Assistants: Realistic Voice Command Fingerprinting

• JetBrains Says Rapid7’s Fast Release of Flaw Details Harmed Users

• Demystifying a Common Cybersecurity Myth

• Microsoft’s ‘Copilot for Security’ brings generative AI to the frontlines of cybersecurity

• Microsoft Copilot for Security prepares for April liftoff

• New Google Gemini Content Manipulation Vulns Found

• Microsoft Patch Tuesday March 2024 includes critical Hyper-V flaws

• New Phishing Campaign Delivers Remote Access Trojans (RATs)

• Building a Security Culture of Shared Responsibility

• Where is AI Leading Content Creation?

• Investment Scams Grow, 13,000 Domains Detected in January 2024

• LockBit takedown surges Akira Ransomware Attacks

• Understanding the OWASP API Security Top 10: Why BOLA is the Number One Risk for APIs

• Expert Insight: How more diverse perspectives can lead to more innovative solutions

• SVG Files Abused in Emerging Campaigns

• Roku Data Breach: Over 15,000 Accounts Compromised; Data Sold for Pennies

• The effects of law enforcement takedowns on the ransomware landscape

• Critical Vulnerability Remains Unpatched in Two Permanently Closed MiniOrange WordPress Plugins – $1,250 Bounty Awarded

• Intel Export License Allows It To Continue Selling To Huawei – Report

• Google paid out $10 million in bug bounties to security researchers in 2023

• Simplifying Network Management in the Real World with AI-Driven Automation

• Danchev’s EXIF Analysis Of Conti Ransomware Gang Marketing Material

• White House Budget Proposal Seeks Cybersecurity Funding Boost

• Healthcare’s Ransomware Epidemic: Why Cyberattacks Hit the Medical Sector With Alarming Frequency

• Tenable enhances ExposureAI capabilities to directly query AI engine and reduce risk

• 17 potential costs of shadow IT

• MSP vs MSSP: What Is The Difference

• New Relic empowers IT and engineering teams to focus on real application security problems

• DataDome Ad Protect detects fraudulent ad traffic

• Cloud Account Attacks Surged 16-Fold in 2023

• The Tor Project introduces WebTunnel to help you bypass Tor network censorship

• PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users

• New Mimecast report finds cybercriminals capitalise on businesses’ biggest flaw: Human risk

• Trellix secures sensitive and proprietary information with new protections for macOS

• How an AI Surveillance Software Can Reduce Shoplifting

• Popup Builder Plugin Flaw Exploited To Infect WordPress Sites

• Nozomi Networks Raises $100 Million to Expand Industrial Cybersecurity Business

• ChatGPT Plugin Vulnerabilities Exposed Data, Accounts

• Charting a Course for Cybersecurity

• Phishing Threats Rise as Malicious Actors Target Messaging Platforms

• How Real-Time Personal Cybersecurity and Botnet Detection Protects Corporate Executives

• Regula 4205D updates help border control authorities fight identity document fraud

• OpenAI Reinstates Sam Altman To Board Of Directors

• Leading EV Charging Firm Spills Trove of Customer Info in Server Leak

• SAP Security: Code Injection & Other Vulnerabilities Patched

• New Fortinet FortiOS Flaw Lets Attacker Execute Arbitrary Code

• Beef – The Browser Exploitation Framework

• Microsoft’s Security Copilot Enters General Availability

• Let AI Handle the Heavy Lifting in the Modern SOC

• i-confidential Receives EcoVadis Gold Sustainability Rating

• LockBit’s Double Cross: Ransom Paid, Data Remains Locked Away

• Stellar Cyber and Torq join forces to deliver automation-driven security operations platform

• New Research Exposes Security Risks in ChatGPT Plugins

• There Are Dark Corners of the Internet. Then There’s 764

• Stanford University failed to detect ransomware intruders for 4 months

• Webinar Today: CISO Strategies for Boardroom Success

• US Seizes $1.4 Million in Cryptocurrency From Tech Scammers

• Stanford University Data Breach Impacts 27,000 Individuals

• Nozomi Networks raises $100 million to help secure critical infrastructure

• Google to Restrict Election-Related Answers on AI Chatbot Gemini

• Threat actors leverage document publishing sites for ongoing credential and session token theft

• X introduces free audio and video calling

• 4 types of prompt injection attacks and how they work

• Acer Philippines disclosed a data breach after a third-party vendor hack

• Russians Used Microsoft’s Stolen Authentication Secrets to Access Source Code

• Private Operators to Manage Mobile Speed Cameras in New Zealand

• Beware Of New Malicious PyPI Packages That Steal Wallet Passwords

• What’s in your notepad? Infected text editors target Chinese users

• Burglars Using Wi-Fi Jammers to Disable Security Cameras

• Mirantis enhances Lens Desktop to improve Kubernetes operations

• Enhancing security with IOC detection

• EquiLend Employee Data Breached After January Ransomware Attack

• Singapore to begin passportless immigration clearance with QR code

• #MIWIC2024: Lauren Zink, Manager of Security, Culture and Awareness at Indeed

• Researchers Highlight Google’s Gemini AI Susceptibility to LLM Threats

• Join Our Webinar on Protecting Human and Non-Human Identities in SaaS Platforms

• Google Restricts Gemini AI Chatbot Election Answers

• Stanford University Hack Exposes Over 27K People’s Data

• Online investment scams: Inside a fake trading platform

• The Importance of Host-Based Intrusion Detection Systems

• The 10 Most Common Website Security Attacks (and How to Protect Yourself)

• Information Security Policy

• Equipment Reassignment Checklist

• RisePro stealer targets Github users in “gitgub” campaign

• Fortinet Patches Critical Vulnerabilities Leading to Code Execution

• Major CPU, Software Vendors Impacted by New GhostRace Attack

• What is Identity Governance: 5 Steps to Build Your Framework

• Alert: Cybercriminals Deploying VCURMS and STRRAT Trojans via AWS and GitHub

• Single RCE Bug Features Among 60 CVEs in March Patch Tuesday

• New Facebook photo rule hoax spreads

• Heimdal’s 10th Anniversary – Our Finest Hours

• Nearly 13 Million Secrets Spilled Via Public GitHub Repositories

• Sharp Increase in Akira Ransomware Attack Following LockBit Takedown

• Porn Sites Need Age-Verification Systems in Texas, Court Rules

• Andariel Hackers Attacking Asset Management Companies to Inject Malicious Code

• Researchers jimmy OpenAI’s and Google’s closed models

• Reducing the cloud security overhead

• Using ChatGPT to Deobfuscate Malicious Scripts, (Wed, Mar 13th)

• Mitigating Risks in the Age of AI Agents

• Stanford University announced that 27,000 individuals were impacted in the 2023 ransomware attack

• The State of Stalkerware in 2023–2024

• Change Ransomware Attack: UnitedHealth Profits from a Crisis it Created

• Google’s Gemini AI Vulnerability Lets Attackers Gain Control Over Users’ Queries

• Organizations issue warning to Ransomware gangs about no money

• Unseen Guardians: How Submarine Internet Cables in Deep Seas Thwart Cyber Attacks

• Microsoft’s March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws

• ClickASnap – 3,262,980 breached accounts

• BSAM: Open-source methodology for Bluetooth security assessment

• LastPass’ CIO vision for driving business strategy, innovation

• Beware! Disguised Adobe Reader Installer That Installs Infostealer Malware

• Magnet-Goblin Hackers Attack Public Services Using 1-Day Exploits

• ChatGPT-Next-Web SSRF Bug Let Hackers Gain Full Access to HTTP Endpoints

• The most concerning risks for 2024 and beyond

• Product showcase: How to track SaaS security best practices with Nudge Security

• Keyloggers, spyware, and stealers dominate SMB malware detections

• State of the Cloud: Where We Are and Where We?re Heading

• Akamai Security Solutions ? Everywhere Your Business Meets the World

• A Necessary Digital Odyssey of RPA and AI/ML at HUD

• US Spearheads First UN Resolution on Artificial Intelligence

• Beware Of Disguised Adobe Reader Installer That Install Infostealer Malware

• Cloud Computing: The Future of Data Storage

• ISC Stormcast For Wednesday, March 13th, 2024 https://isc.sans.edu/podcastdetail/8892, (Wed, Mar 13th)

• Internet Security: Ensuring Safe Online Experiences

• Congress Should Give Up on Unconstitutional TikTok Bans

• March Patch Tuesday sees Hyper-V join the guest-host escape club

• New Vcurms Malware Targets Popular Browsers for Data Theft

• FakeBat delivered via several active malvertising campaigns

• Meta sues ex infra VP for allegedly stealing top-secret datacenter blueprints

• IT Security News Daily Summary 2024-03-12

• Congress Must Stop Pushing Bills That Will Benefit Patent Trolls

• Tweaks Stealer Targets Roblox Users Through YouTube and Discord

• Microsoft Patch Tuesday security updates for March 2024 fixed 59 flaws

• Sophos: Remote ransomware attacks on SMBs increasing

• Facebook And Instagram Ran Ads For Deepfake App Featuring Nude Underage Celebrity

• 7 Essential Practices for Secure API Development

• Patch Tuesday, March 2024 Edition

• VERT Threat Alert: March 2024 Patch Tuesday Analysis

• Microsoft Releases Security Updates for Multiple Products

• asymmetric cryptography

• JetBrains releases security fixes for TeamCity CI/CD system

• Patch Tuesday: Microsoft Flags Major Bugs in HyperV, Exchange Server

• DOJ Warns Using AI in Crimes Will Mean Harsher Sentences

• March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V

• US Lawmaker Cited NYC Protests in a Defense of Warrantless Spying

• Biden’s budget proposal boosts CISA funding to $3B

• Ransomware review: March 2024

• Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by Microsoft

• Marriott Leads the Way in the Fight to Protect Children Online

• Biden’s budget proposal boosts CISA funding to $3b

• Google Paid Out $10 Million via Bug Bounty Programs in 2023

• Adobe Patches Critical Flaws in Enterprise Products

• SAP Patches Critical Command Injection Vulnerabilities

• OpenSSL 3.3 Alpha Release Date Announced

• Microsoft Patch Tuesday – March 2024, (Tue, Mar 12th)

• Know your enemies: An approach for CTI teams

• FakeUpdates Malware Campaign Targets WordPress – Millions of Sites at Risk

• Konica Minolta Wins Two Platinum ‘ASTORS’ Homeland Security Awards

• How AI firewalls will secure your new business applications

• How to secure on-prem apps with Entra Application Proxy

• A prescription for insights: Cisco Full-Stack Observability supercharges healthcare

• Study Reveals Top Vulnerabilities in Corporate Web Applications

• Control the Network, Control the Universe

• Europe’s Digital Markets Act Compels Tech Corporations to Adapt

• How Much Data Does Streaming Use? + 5 Tips to Manage Data

• Navigating the Shift: Mastering Pod Security in Kubernetes

• 5 Unique Challenges for AI in Cybersecurity

• JetBrains is still mad at Rapid7 for the ransomware attacks on its customers

• US Intelligence Predicts Upcoming Cyber Threats for 2024

• The Impact of Cigarettes and Vapes in the IT Industry and How to Address Them

• Four things we learned when US intelligence chiefs testified to Congress

• New Cloud Attack Targets Crypto CDN Meson Ahead of Launch

• Boeing Whistleblower Who Raised Safety Concerns Found Dead

• French Government Sites Disrupted By Tres Grande DDoS

• Never Before Seen Linux Malware Gets Installed Using 1-Day Exploits

• EquiLend Ransomware Attack Leads To Data Breach

• White House Summons UnitedHealth CEO Over Hack

• Reject Nevada’s Attack on Encrypted Messaging, EFF Tells Court

• ICS Patch Tuesday: Siemens Ruggedcom Devices Impacted by 45 Fortinet Vulnerabilities

• Broadcom Merging Carbon Black, Symantec to Create Security Unit

• Japan Blames Lazarus for PyPi Supply Chain Attack

• Ransomware news headlines trending on Google

• Access to Internet Infrastructure is Essential, in Wartime and Peacetime

• DTEX i³ Issues Threat Advisory for Detecting the Use of Multiple Identities

• How Secure Cloud Development Replaces Virtual Desktop Infrastructures

• 6 Benefits of Vulnerability Management

• LockBit attacks continue via ConnectWise ScreenConnect flaws

• CISA Releases One Industrial Control Systems Advisory

• Let the “Mother of all Breaches” Be a Wake-up Call

• Russia’s Foreign Intelligence Service (SVR) alleges US is plotting to interfere in presidential election

• ISACA Joins Forces with Erasmus+ for SHE@CYBER Project

• J.P. Morgan Growth Leads $39 Million Investment in Eye Security

• ChatGPT and Beyond: Generative AI in Security

• Aviatrix releases Distributed Cloud Firewall for Kubernetes

• CISA Publishes SCuBA Hybrid Identity Solutions Guidance

• Cybersecurity training aligned with the MITRE ATT&CK framework

• Cloud security training: Build secure cloud systems

• US, Russia Accuse Each Other of Potential Election Cyberattacks

• CISA’s OT Attack Response Team Understaffed: GAO

• EquiLend Ransomware Attack Leads to Data Breach

• Read the Latest NIST Cybersecurity Framework Updates

• Cybersecurity Teams Tackle AI, Automation, and Cybercrime-as-a-Service Challenges

• Rubrik EPE secures enterprise data from cyberattacks

• Shield Your Documents: Introducing DocLink Defender for Real-Time Malware Blockade

• VCURMS: A Simple and Functional Weapon

• Mitigating Lurking Threats in the Software Supply Chain

• Hyper-Personalization in Retail: Benefits, Challenges, and the Gen-Z Dilemma

• Netskope and Egress partner to enhance behavioral-based threat detection and response

• Claroty Advanced ATD Module provides continuous monitoring of healthcare network risks

• Enhancing Blockchain Randomness To Eliminate Trust Issues Once For All

• Insurance Claim Contact Center Collaboration – Digital Customer Experience Then and Now

• Leicester City Council’s IT System and Phones Down Amid Cyber Attack

• Thrive Incident Response & Remediation helps organizations contain and remove threats

• Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets

• Three-Quarters of Cyber Incident Victims Are Small Businesses

• CloudGrappler: Open Source Tool that Detects Hacking Activity

• Celebrating Creativity and Authenticity: Cisconians’ Talents and Careers Shine

• UK council yanks IT systems and phone lines offline following cyber ambush

• ZeroFox launches EASM to give customers visibility and control over external assets

• Elon Musk’s xAI To Open Source Grok Chatbot In Dig At OpenAI

• Telegram Reaches 900m Users, Nears Profitability

• Hackers Advertising FUD APK Crypter that Runs on all Android Devices

• Jailbreaking LLMs with ASCII Art

• Exploited Building Access System Vulnerability Patched 5 Years After Disclosure

• Critical Vulnerabilities in GovQA Platform Expose Sensitive Government Records

• Microsoft Source Code Heist: Russian Hackers Escalate Cyberwarfare

• CTEM 101 – Go Beyond Vulnerability Management with Continuous Threat Exposure Management

• Muddled Libra Hackers Using Pentesting Tools To Gain Admin Access

• Nvidia Sued By Authors For Training AI With Copyrighted Works

• Reddit Seeks Valuation Up To $6.4bn In NYSE Listing

• Top 10 web application vulnerabilities in 2021–2023

• #MIWIC2024: Blessing Usoro, Cyber for Schoolgirls

• Lawmakers Slam UK Government’s “Ostrich Strategy” for Cybersecurity

• French Government Hit with Severe DDoS Attack

• Reducing Cyber Risks with Security Configuration Management

• Justice Department Beefs up Focus on Artificial Intelligence Enforcement, Warns of Harsher Sentences

• Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites

• Elliott Walks Away From Currys Offer

• Baidu’s Ernie AI ‘Better At Tang Chinese Poetry’ Than Rivals

• Xpeng Electric ‘Flying Car’ Completes Flight Over Guangzhou

• Victims Lose $47m to Crypto Phishing Scams in February

• Insurance scams via QR codes: how to recognise and defend yourself

• First-ever South Korean national detained for espionage in Russia

• The Rise of AI Worms in Cybersecurity

• Hackers leverage 1-day vulnerabilities to deliver custom Linux malware

• Italian DPA Asks OpenAI’s ‘Sora’ to Reveal Algorithm Information

• Alert: FBI Warns Of BlackCat Ransomware Healthcare Attack

• South Korean Citizen Detained in Russia on Cyber Espionage Charges

• Podcast Episode: ‘I Squared’ Governance

• AuditBoard unveils AI, analytics, and annotation capabilities to deliver more timely insights

• WordPress Plugin Flaw Exposes 200,000+ Websites to XSS Attacks

• Hackers Deliver MSIX Malware in The Lure of Freemium Productivity App

• French government sites disrupted by très grande DDoS

• Cyber Attack on France government websites

• OWASP Top 10 Explained: SQL Injection

• Flipkart – 552,094 breached accounts

• Cybersecurity jobs available right now: March 12, 2024

• How advances in AI are impacting business cybersecurity

• Tax-related scams escalate as filing deadline approaches

• Binance’s Top Crypto Crime Investigator Is Being Detained in Nigeria

• Oh No! My JSON Keys and Values are Separated! How Can I Extract Them For My Searches?

• Enable Sharing of Datamodel Acceleration Summaries between Search Heads

• How organizations can keep up with shifting data privacy regulations

• KrustyLoader Backdoor Attack Both Windows & Linux Systems

• Image-based phishing tactics evolve

• BianLian Hackers Hijacked TeamCity Servers To Install GO Backdoor

• Wearable Technology: Integrating Devices With Daily Life

• The French Government Says It’s Being Targeted by Unusual Intense Cyberattacks

• Hackers Compromised TeamCity Server To Install BianLian’s GO Backdoor

• ISC Stormcast For Tuesday, March 12th, 2024 https://isc.sans.edu/podcastdetail/8890, (Tue, Mar 12th)

• The best travel VPNs of 2024: Expert tested and reviewed

• GUEST ESSAY: A DIY guide to recognizing – and derailing – Generative AI voice scams

• Autonomous Vehicles: Driving the Future

• White House and lawmakers increase pressure on UnitedHealth to ease providers’ pain

• When a Data Mesh Doesn’t Make Sense for Your Organization

Generated on 2024-03-13 23:56:14.637019