IT Security News Daily Summary 2024-03-14

• ​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024

• Recent DarkGate campaign exploited Microsoft Windows zero-day

• Making the Law Accessible in Europe and the USA

• JetBrains, Rapid7 clash over vulnerability disclosure policies

• CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms

• Discover the 3 Trends Driving API Security Compliance

• What a Cluster: Local Volumes Vulnerability in Kubernetes

• Cyber Strategy: Don?t Focus on Prevention ? Master Resilience

• TikTok’s Security Threats Go Beyond the Scope of House Legislation

• Expand your IT and cybersecurity skills with this $35 learning bundle

• “Build for Better” – Revolutionize Sustainability with AI, Observability, and Cisco Tech

• Revolutionizing Legal Data Security and Compliance

• Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #282 – ReadMe

• USENIX Security ’23 – Powering for Privacy: Improving User Trust in Smart Speaker Microphones with Intentional Powering and Perceptible Assurance

• Nissan Confirms Data Breach Affected 100,000 Customers and Employees

• FTC goes undercover to probe suspected antivirus scam, scores $26M settlement

• 2024-03-13: GootLoader activity

• Why U.S. House Members Opposed the TikTok Ban Bill

• Former Treasury Secretary Steve Mnuchin Gathers Investors To Buy TikTok – Report

• $1,313 Bounty Awarded for Privilege Escalation Vulnerability Patched in RegistrationMagic WordPress Plugin

• Get 408 hours of cybersecurity training with this $60 bundle

• cloud encryption

• Meta Sues Former VP, After Move To AI Startup

• Four Common CI/CD Pipeline Vulnerabilities

• Google is changing how Chrome detects and warns you about unsafe sites

• LockBit ransomware kingpin gets 4 years behind bars

• Privacy Perils: Experts Warn of Pitfalls in Sharing Pregnancy Photos Online

• Not everything has to be a massive, global cyber attack

• The best VPN deals right now

• Google gooses Safe Browsing with real-time protection that doesn’t leak to ad giant

• Webinar recap: 6 critical cyberthreats in 2024 and how to counter them

• TikTok faces ban in US unless it parts ways with Chinese owner ByteDance

• Ballistic Ventures Closes $360 Million Cybersecurity-Focused Fund

• UK Judge Rules Craig Wright Is Not Bitcoin’s ‘Satoshi Nakamoto’

• The Blink Mini 2’s weather resistance makes for a worthy Wyze Cam competitor

• Crypto Phishing Scams: $47M Lost in February

• TikTok Faces US Ban as House Votes to Compel ByteDance to Sell

• Healthy and Inclusive Learning Spaces

• Introducing Cisco Rail CBTC and Safety Solution

• Record breach of French government exposes up to 43 million people’s data

• Boat Dealer MarineMax Hit by Cyberattack

• Webinar: CISO Strategies for Boardroom Success

• Chrome’s Standard Safe Browsing Now Has Real-Time URL Protection

• Ransomware news trending on Google

• Google’s Safe Browsing protection in Chrome goes real-time

• Nissan Oceania data breach impacted roughly 100,000 people

• 23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies

• Researchers Find Flaws in OpenAI ChatGPT, Google Gemini

• New Report Suggests Surge in SaaS Assets, Employee Data Sharing

• Starting 2024 strong – The largest launch of security training from OffSec

• Getting to High-Fidelity Detections Faster with Context Creation Models

• Sophisticated Vishing Campaigns are Rising Exponentially Worldwide

• MarineMax’s Cyber Resilience: Responding to SEC on Cyberattack Incident

• Wordfence Intelligence Weekly WordPress Vulnerability Report (March 4, 2024 to March 10, 2024)

• Artificial Intelligence Act: Industry Reaction

• Microsoft is Opening AI-Powered “Copilot for Security” to Public

• International effort to disrupt cybercrime moves into operational phase

• Siemens SENTRON 7KM PAC3x20

• Siemens SENTRON

• Siemens SINEMA Remote Connect Server

• Siemens RUGGEDCOM APE1808

• Siemens Solid Edge

• Ted Schlein’s 2-year-old Ballistic Ventures has already raised a second $360 million fund

• Redefining Network Management: The Advantages of Cisco Managed Campus for MSPs

• Microsoft’s AI-Powered Copilot for Security Set for Worldwide Release

• Zscaler Acquires Avalor for $350 Million

• BotGuard Raises $13 Million to Protect Against Harmful Web Traffic

• Protect Yourself: Tips to Avoid Becoming the Next Target of a Microsoft Hack

• LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada

• US Government to Investigate Change Healthcare Ransomware Attack

• French Employment Agency Data Breach Could Affect 43 Million People

• US to probe Change Healthcare’s data protection standards as lawsuits mount

• Expert Urges iPhone and Android Users to Brace for ‘AI Tsunami’ Threat to Bank Accounts

• Halo Security Dark Web Monitoring identifies and mitigates potential exposures

• Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788)

• Perception Point GPThreat Hunter allows cybersecurity experts to focus on in-depth investigations

• Hackers Use Weaponized Lnk File to Deploy AutoIt Malware

• Combining Threat Intelligence Platforms & Sandboxes for Efficient Security Operations – A DFIR Guide

• LockBit affiliate jailed for almost four years after guilty plea

• [Free & Downloadable] Information Security Policy Template – 2024

• Breaking: What is Going on with the NVD? Does it Affect Me?

• Cado Security enables organizations to investigate and respond to potential M365 threats

• Elevate Your Security Posture: Grafana for Real-Time Security Analytics and Alerts

• US Congress Goes Bang, Bang, On Tik-Tok Sale Or Ban Plan

• Poking Holes In Google Tech Bagged Bug Hunters $10M

• Meta Sues Brazenly Disloyal Former Exec Over Stolen Confidential Docs

• RedLine Malware Top Credential Stealer Of Last 6 Months

• Cisco Patches High Severity IOS RX Vulnerabilities

• Cisco Patches High-Severity IOS RX Vulnerabilities

• Microsoft Copilot for Security Official Launch Date Announced

• Navigating Application Security in the AI Era

• Thinking of Stealing a Tesla? Just Use Flipper Zero

• Hackers Exploit Vulnerability in Popup Builder Plugin for WordPress

• QuProtect Core Security secures Cisco routers against quantum threats

• CrowdStrike a Research Participant in Two Latest Center for Threat-Informed Defense Projects

• March 2024 Patch Tuesday: Two Critical Bugs Among 60 Vulnerabilities Patched

• CrowdStrike Launches SEC Readiness Services to Prepare Boardrooms for New Regulations

• Phishing Through Venmo

• Concentric AI introduces Copilot data risk module

• Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover

• Artificial Intelligence Act: EU Parliament Approves Landmark AI Law

• Hackers Abuse Document Publishing (DDP) Websites to Launch Cyber Attacks

• Practical strategies for shadow IT management

• virus signature (virus definition)

• Complexity drives more than security risk. Secure Access can help with that too.

• Pi Day: How Hackers Slice Through Security Solutions

• Investigative Scenario, 2024-03-12

• #MIWIC2024: Zinet Kemal, Cloud Security Engineer – Best Buy

• Kubernetes Vulnerability Allows Remote Code Execution on Windows Endpoints

• Bill That Could Ban TikTok Passed in the House. Here’s What to Know

• Shadow AI – Should I be Worried?

• Cyber Madness Bracket Challenge – Register to Play

• Microsoft Copilot for Security: AI tool to Help Security and IT professionals

• Automakers Are Sharing Driver Data with Insurers without Consent

• Navigating the Digital Frontier: What Every High-Net-Worth Individual Needs to Know About Router and Firewall Vulnerabilities

• Google Paid $10m in Bug Bounties to Security Researchers in 2023

• Waymo Begins Los Angeles Ride-Hailing Service With Free Rides

• PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)

• RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage

• 3 Things CISOs Achieve with Cato

• Bitcoin Fog Operator Convicted for Stealing Over $400M

• Nissan Data Breach Affects 100,000 Individuals

• Government Launches Probe Into Change Healthcare Data Breach

• Fortinet Patches Critical Bug in FortiClient EMS

• A patched Windows attack surface is still exploitable

• Meta Sues Former VP After Defection to AI Startup

• Increase in the number of phishing messages pointing to IPFS and to R2 buckets, (Thu, Mar 14th)

• Silicon UK In Focus Podcast: Can Tech Innovation Coexist with Sustainability?

• Open source is not insecure

• Microsoft Copilot for Security is generally available on April 1, 2024, with new capabilities

• Unveiling the depths of Residential Proxies providers

• Keep Your Network Secure With This $39.99 CompTIA Bundle

• Ande Loader Malware Targets Manufacturing Sector in North America

• 150K+ Networking Devices & Apps Exposed Online With Critical Vulnerabilities

• Researchers found multiple flaws in ChatGPT plugins

• How to share sensitive files securely online

• 5M WordPress Websites At Risk Amid LiteSpeed Plugin Flaw

• Nigeria’s Youverify raises $2.5M to enhance anti-money laundering compliance

• 16-31 December 2023 Cyber Attacks Timeline

• Hackers Abuse Amazon & GitHub to Deploy Java-based Malware

• Immutable data storage is last line of defense against ransomware

• Only 13% of medical devices support endpoint protection agents

• MobSF: Open-source security research platform for mobile apps

• Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

• DarkGate Malware Exploits Recently Patched Microsoft Flaw in Zero-Day Attack

• How teams can improve incident recovery time to minimize damages

• IT leaders think immutable data storage is an insurance policy against ransomware

• Cohesity Simplifies Data Management and Security for Developers

• A bug in an Irish government website that exposed COVID-19 vaccination records took two years to publicly disclose

• DCIM Software is the Key to Uptime and Performance

• ISC Stormcast For Thursday, March 14th, 2024 https://isc.sans.edu/podcastdetail/8894, (Thu, Mar 14th)

• Cyber Physical Systems: Integrating Digital and Physical Worlds

• US Congress goes bang, bang, on TikTok sale-or-ban plan

• Nissan to let 100,000 Aussies and Kiwis know their data was stolen in cyberattack

• Biodegradable Technology: Sustainable Innovations

• Nissan to alert 100,000 Aussies and Kiwis about data loss incident

• SXSW Tried to Silence Critics with Bogus Trademark and Copyright Claims. EFF Fought Back.

• Anthropic releases Claude 3 Haiku, an AI model built for speed and affordability

• Take a Cisco Store Tech Lab Tour

• IT Security News Daily Summary 2024-03-13

• Feds seek attestation on secure software

• Malwarebytes Premium blocks 100% of malware during external AVLab test

• Facebook VR Headsets Are Vulnerable To “Inception-Style” Hack

• Edgeless Systems Brings Confidential Computing to AI

• LockBit Affiliate Sentenced to 4 Years in Canada, Faces Extradition

• 6 Best Enterprise Password Managers for 2024 Rated

• HHS to Investigate Change’s Security in Wake of Crippling Cyberattack

• How data poisoning attacks work

• 5 Tips for Pi Day Savings at the Cisco Learning Network Store

• Okta says that leaked data is not their clients: Cyber Security Today for March 13th, 2024

• SAFECOM and NCSWIC Develop 911 Cybersecurity Resource Hub

• Microsoft’s February 2024 Patch Tuesday Addresses 2 Zero-Days and 73 Vulnerabilities

• ThreatDown achieves perfect score in latest AVLab assessment

• Fortinet fixes critical bugs in FortiOS, FortiProxy, and FortiClientEMS

• Randall Munroe’s XKCD ‘Physics vs. Magic’

• Meta Adds Messaging Interoperability For Whatsapp, Messenger

• Protect Yourself from Election Misinformation

• US Gives ByteDance Six Months To Divest TikTok Or Face Ban

• ChatGPT Plugins Exposed to Critical Vulnerabilities, Risked User Data

• Over 15,000 Roku accounts were breached. Here’s what you need to do

• Poking holes in Google tech bagged bug hunters $10M

• The ‘Emergency Powers’ Risk of a Second Trump Presidency

• Shift Left Exhaustion – Part 2: Smart Shift Left

• Researchers Disclose Proof of Concept for New GhostRace Attack

• Open Source Password Managers: Overview, Pros & Cons

• How Autonomous Vehicles are Revolutionizing the Last-Mile Logistics Industry

• How to update outdated software on Mac endpoints: Introducing ThreatDown VPM for Mac

• Chipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural Vulnerabilities

• Europe’s World-First AI Rules Get Final Approval From Lawmakers. Here’s What Happens Next

• LockBit Ransomware Affiliate Sentenced to Prison in Canada

• Google Splashes the Cash in Bug Bounty Bonanza: $59 Million to Date

• UK Joins EU’s Chip Research Program

• Research Reveals That Infostealers Target Healthcare Sector Data

• ChatGPT Extensions Could be Exploited to Steal Data and Sensitive Information

• USENIX Security ’23 – Dilawer Ahmed, Aafaq Sabir, Anupam Das – Spying Through Your Voice Assistants: Realistic Voice Command Fingerprinting

• JetBrains Says Rapid7’s Fast Release of Flaw Details Harmed Users

• Demystifying a Common Cybersecurity Myth

• Microsoft’s ‘Copilot for Security’ brings generative AI to the frontlines of cybersecurity

• Microsoft Copilot for Security prepares for April liftoff

• New Google Gemini Content Manipulation Vulns Found

• Microsoft Patch Tuesday March 2024 includes critical Hyper-V flaws

• New Phishing Campaign Delivers Remote Access Trojans (RATs)

• Building a Security Culture of Shared Responsibility

• Where is AI Leading Content Creation?

• Investment Scams Grow, 13,000 Domains Detected in January 2024

• LockBit takedown surges Akira Ransomware Attacks

• Understanding the OWASP API Security Top 10: Why BOLA is the Number One Risk for APIs

• Expert Insight: How more diverse perspectives can lead to more innovative solutions

• SVG Files Abused in Emerging Campaigns

• Roku Data Breach: Over 15,000 Accounts Compromised; Data Sold for Pennies

• The effects of law enforcement takedowns on the ransomware landscape

• Critical Vulnerability Remains Unpatched in Two Permanently Closed MiniOrange WordPress Plugins – $1,250 Bounty Awarded

• Intel Export License Allows It To Continue Selling To Huawei – Report

• Google paid out $10 million in bug bounties to security researchers in 2023

• Simplifying Network Management in the Real World with AI-Driven Automation

• Danchev’s EXIF Analysis Of Conti Ransomware Gang Marketing Material

• White House Budget Proposal Seeks Cybersecurity Funding Boost

• Healthcare’s Ransomware Epidemic: Why Cyberattacks Hit the Medical Sector With Alarming Frequency

• Tenable enhances ExposureAI capabilities to directly query AI engine and reduce risk

• 17 potential costs of shadow IT

• MSP vs MSSP: What Is The Difference

• New Relic empowers IT and engineering teams to focus on real application security problems

• DataDome Ad Protect detects fraudulent ad traffic

• Cloud Account Attacks Surged 16-Fold in 2023

• The Tor Project introduces WebTunnel to help you bypass Tor network censorship

• PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users

• New Mimecast report finds cybercriminals capitalise on businesses’ biggest flaw: Human risk

• Trellix secures sensitive and proprietary information with new protections for macOS

• How an AI Surveillance Software Can Reduce Shoplifting

• Popup Builder Plugin Flaw Exploited To Infect WordPress Sites

• Nozomi Networks Raises $100 Million to Expand Industrial Cybersecurity Business

• ChatGPT Plugin Vulnerabilities Exposed Data, Accounts

• Charting a Course for Cybersecurity

• Phishing Threats Rise as Malicious Actors Target Messaging Platforms

• How Real-Time Personal Cybersecurity and Botnet Detection Protects Corporate Executives

• Regula 4205D updates help border control authorities fight identity document fraud

• OpenAI Reinstates Sam Altman To Board Of Directors

• Leading EV Charging Firm Spills Trove of Customer Info in Server Leak

• SAP Security: Code Injection & Other Vulnerabilities Patched

• New Fortinet FortiOS Flaw Lets Attacker Execute Arbitrary Code

• Beef – The Browser Exploitation Framework

• Microsoft’s Security Copilot Enters General Availability

• Let AI Handle the Heavy Lifting in the Modern SOC

• i-confidential Receives EcoVadis Gold Sustainability Rating

• LockBit’s Double Cross: Ransom Paid, Data Remains Locked Away

• Stellar Cyber and Torq join forces to deliver automation-driven security operations platform

• New Research Exposes Security Risks in ChatGPT Plugins

• There Are Dark Corners of the Internet. Then There’s 764

• Stanford University failed to detect ransomware intruders for 4 months

• Webinar Today: CISO Strategies for Boardroom Success

• US Seizes $1.4 Million in Cryptocurrency From Tech Scammers

• Stanford University Data Breach Impacts 27,000 Individuals

• Nozomi Networks raises $100 million to help secure critical infrastructure

• Google to Restrict Election-Related Answers on AI Chatbot Gemini

• Threat actors leverage document publishing sites for ongoing credential and session token theft

• X introduces free audio and video calling

• 4 types of prompt injection attacks and how they work

• Acer Philippines disclosed a data breach after a third-party vendor hack

• Russians Used Microsoft’s Stolen Authentication Secrets to Access Source Code

• Private Operators to Manage Mobile Speed Cameras in New Zealand

• Beware Of New Malicious PyPI Packages That Steal Wallet Passwords

• What’s in your notepad? Infected text editors target Chinese users

• Burglars Using Wi-Fi Jammers to Disable Security Cameras

• Mirantis enhances Lens Desktop to improve Kubernetes operations

• Enhancing security with IOC detection

• EquiLend Employee Data Breached After January Ransomware Attack

• Singapore to begin passportless immigration clearance with QR code

• #MIWIC2024: Lauren Zink, Manager of Security, Culture and Awareness at Indeed

• Researchers Highlight Google’s Gemini AI Susceptibility to LLM Threats

• Join Our Webinar on Protecting Human and Non-Human Identities in SaaS Platforms

• Google Restricts Gemini AI Chatbot Election Answers

• Stanford University Hack Exposes Over 27K People’s Data

• Online investment scams: Inside a fake trading platform

• The Importance of Host-Based Intrusion Detection Systems

• The 10 Most Common Website Security Attacks (and How to Protect Yourself)

• Information Security Policy

• Equipment Reassignment Checklist

• RisePro stealer targets Github users in “gitgub” campaign

• Fortinet Patches Critical Vulnerabilities Leading to Code Execution

• Major CPU, Software Vendors Impacted by New GhostRace Attack

• What is Identity Governance: 5 Steps to Build Your Framework

• Alert: Cybercriminals Deploying VCURMS and STRRAT Trojans via AWS and GitHub

• Single RCE Bug Features Among 60 CVEs in March Patch Tuesday

• New Facebook photo rule hoax spreads

• Heimdal’s 10th Anniversary – Our Finest Hours

• Nearly 13 Million Secrets Spilled Via Public GitHub Repositories

• Sharp Increase in Akira Ransomware Attack Following LockBit Takedown

• Porn Sites Need Age-Verification Systems in Texas, Court Rules

• Andariel Hackers Attacking Asset Management Companies to Inject Malicious Code

• Researchers jimmy OpenAI’s and Google’s closed models

• Reducing the cloud security overhead

• Using ChatGPT to Deobfuscate Malicious Scripts, (Wed, Mar 13th)

• Mitigating Risks in the Age of AI Agents

• Stanford University announced that 27,000 individuals were impacted in the 2023 ransomware attack

• The State of Stalkerware in 2023–2024

• Change Ransomware Attack: UnitedHealth Profits from a Crisis it Created

• Google’s Gemini AI Vulnerability Lets Attackers Gain Control Over Users’ Queries

• Organizations issue warning to Ransomware gangs about no money

• Unseen Guardians: How Submarine Internet Cables in Deep Seas Thwart Cyber Attacks

• Microsoft’s March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws

• ClickASnap – 3,262,980 breached accounts

• BSAM: Open-source methodology for Bluetooth security assessment

• LastPass’ CIO vision for driving business strategy, innovation

• Beware! Disguised Adobe Reader Installer That Installs Infostealer Malware

• Magnet-Goblin Hackers Attack Public Services Using 1-Day Exploits

• ChatGPT-Next-Web SSRF Bug Let Hackers Gain Full Access to HTTP Endpoints

• The most concerning risks for 2024 and beyond

• Product showcase: How to track SaaS security best practices with Nudge Security

• Keyloggers, spyware, and stealers dominate SMB malware detections

• State of the Cloud: Where We Are and Where We?re Heading

• Akamai Security Solutions ? Everywhere Your Business Meets the World

• A Necessary Digital Odyssey of RPA and AI/ML at HUD

• US Spearheads First UN Resolution on Artificial Intelligence

• Beware Of Disguised Adobe Reader Installer That Install Infostealer Malware

• Cloud Computing: The Future of Data Storage

• ISC Stormcast For Wednesday, March 13th, 2024 https://isc.sans.edu/podcastdetail/8892, (Wed, Mar 13th)

• Internet Security: Ensuring Safe Online Experiences

• Congress Should Give Up on Unconstitutional TikTok Bans

• March Patch Tuesday sees Hyper-V join the guest-host escape club

• New Vcurms Malware Targets Popular Browsers for Data Theft

Generated on 2024-03-14 23:56:14.438173