IT Security News Daily Summary 2024-03-21

• Role-Based Multi-Factor Authentication

• Transforming communities, one drop of water at a time

• Critical Fortinet’s FortiClient EMS flaw actively exploited in the wild

• FBI v the bots: Feds urge denial-of-service defense after critical infrastructure alert

• Apple’s iMessage Encryption Puts Its Security Practices in the DOJ’s Crosshairs

• Patch Ivanti Standalone Sentry and Ivanti Neurons for ITSM now

• The Role of Data Brokers in Software Development: Navigating Ethics and Privacy Concerns

• Microsoft faces bipartisan criticism for alleged censorship on Bing in China

• Can Parents See Internet History on Wi-Fi?

• 1Password Review: Features, Pros, Cons & Pricing 2024

• Congress votes unanimously to ban brokers selling American data to enemies

• Exploring the Comprehensive World of Burp Suite

• Nothing Scares the PRC More Than a Russian Defeat in Ukraine

• Lost Crypto Wallet? New Firm Promises Ethical, Transparent and Inexpensive Recovery

• New Bipartisan Bill Would Require Online Identification, Labeling of AI-Generated Videos and Audio

• Facebook Shuts Down Critical Tool For Tracking Fake News

• Microsoft, Meta, X, Match Group Challenge Apple App Store Terms

• Pwn2Own Vancouver 2024 Day 1 – team Synacktiv hacked a Tesla

• How To Respond To An AWS Key Honeytoken Trigger: A Detailed Guide

• USENIX Security ’23 – Sparsity Brings Vulnerabilities: Exploring New Metrics in Backdoor Attacks

• CISA, NSA, Others Outline Security Steps Against Volt Typhoon

• Unpatched Zephyr OS Expose Devices to DoS Attacks via IP Spoofing

• Why adversarial AI is the cyber threat no one sees coming

• “Pig butchering” is an evolution of a social engineering tactic we’ve seen for years

• DataDome Releases Ruby Server-Side Integration

• USENIX Security ’23 – A Data-Free Backdoor Injection Approach In Neural Networks

• Sentry, GitHub Use AI to Help Fix Coding Errors

• GPT-4 ‘Kinda Sucks’ Admits Sam Altman, Says GPT-5 Will Be Better

• Remote Work Security Tips for Developers

• Pwn2Own 2024 Awards $700k as Hackers Pwn Tesla, Browsers, and More

• 6 Most Secure Cloud Storage Solutions in 2024 Reviewed

• Cisco portfolio for manufacturing: What can we help you solve today?

• Massive Data Breach Sends Shockwaves Through Businesses

• Russia Hackers Using TinyTurla-NG to Breach European NGO’s Systems

• US Treasury Targets Russian Entities in Cyber Influence Campaign

• Whois “geofeed” Data, (Thu, Mar 21st)

• US Government, US States Sue Apple For Smartphone Monopoly

• Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)

• Now FCC endorses IoT products with Cyber Trust Mark Logo

• NCC Group: Ransomware attacks jump 73% in February

• Dymium Snags $7M to Build Data Security Platform with Secure AI Chat

• Sentry, GitHub Use AI to Help Fixing Coding Errors

• Critical Bug in aiohttp: Ransomware Attackers On A Roll

• US Legislation Targets Data Sharing With Foreign Adversaries

• Neuralink Livestreams Chip-Implant Patient Playing Chess

• Yacht dealer to the stars attacked by Rhysida ransomware gang

• Tarsal Raises $6 Million for Security Data Movement Platform

• House Passes Bill Barring Sale of Personal Information to Foreign Adversaries

• Tiktok Ban: China Criticizes a Proped Bill in the US Congress

• The Cisco Observability Platform is the right solution at the right time

• 5 Ways SMB Leaders Can Make Better IT Decisions

• Fairness is a Critical And Challenging Feature of AI

• Over 800 npm Packages Found with Discrepancies, 18 Exploitable to ‘Manifest Confusion’

• How I got started: Ransomware negotiator

• How to avoid internet black holes for the network

• New chapter begins as ENISA celebrates 20 years of strengthening cybersecurity

• Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds

• Ransomware, RATs, And More Deployed On Compromised TeamCity Servers

• Exposed: Chinese Smartphone Farms That Run Thousands Of Barebone Mobes To Do Crime

• $200,000 Awarded At Pwn2Own 2024 For Tesla Hack

• The art and science of product security: A deep dive with Jacob Salassi

• Premiums Affected as Internet-Connected Cars Share Data with Insurers

• CISA, FBI, and MS-ISAC Release Update to Joint Guidance on Distributed Denial-of-Service Techniques

• A Recognized Leader in SSE

• MIWIC2024: Rebecca Taylor, Threat Intelligence Knowledge Manager at Secureworks

• Ivanti Patches Critical Vulnerabilities in Standalone Sentry, Neurons for ITSM

• Watch Now: Supply Chain & Third-Party Risk Summit 2024

• Vulnerability Allowed One-Click Takeover of AWS Service Accounts

• Microsoft Patches Xbox Vulnerability Following Public Disclosure

• Risk and Regulation: Preparing for the Era of Cybersecurity Compliance

• Vishal Rao joins Skyhigh Security as CEO

• AttackIQ Ready! 2.0 enables organizations to validate their cyber defense

• AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials

• Hacker Pleads Guilty For Stealing 132,000+ Users Data

• Nemesis Market: Leading Darknet Market Seized

• DOT to investigate data security and privacy practices of top US airlines

• IoT Consumer Labeling Goes Global – What This Means for Vendors and Consumers

• Deceptive Calls in Kolkata, Residents Targeted in Elaborate Scam

• Security Leaders Acknowledge API Security Gaps Despite Looming Threat

• New details on TinyTurla’s post-compromise activity reveal full kill chain

• Best Practices for AI Training Data Protection

• Making Sport of Sports: The Growing Cyber Threat to Global Sports Events in 2024

• The Student-Centric Experience: Technologies

• A Decade of Trust — Meeting the Needs of the DoD

• Ordr Taps AI to Augment Attack Surface Management

• Veritas Backup Exec enhancements protect SMBs’ critical data

• Apricorn releases 24TB hardware encrypted USB drive

• ICO Probes Kate Middleton Medical Record Breach

• Five Steps to Overcoming Cyber Complacency

• Why Browser Security Matters More Than You Think

• GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta

• Microsoft Warns of New Tax Returns Phishing Scams Targeting You

• Keeper Security Bolsters Administrative Control Over Passwords and Privileged Access Management With UI Updates and Streamlined Onboarding

• Q4 2023 Cyber Attacks Statistics

• Disinformation and Elections: EFF and ARTICLE 19 Submit Key Recommendations to EU Commission

• UK council won’t say whether two-week ‘cyber incident’ impacted resident data

• EPA and White House Send Water Industry Cybersecurity Warning

• Public AI as an Alternative to Corporate AI

• LogicGate introduces cyber and operational risk suite offerings

• GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws

• How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

• North Korea’s Kimsuky Group Equipped to Exploit Windows Help files

• White House Warns Of Cyberattacks On US Water Infrastructure

• New Application-Layer Loop DoS Attack – 300,000 Online Systems At Risk

• 19 million plaintext passwords exposed by incorrectly configured Firebase instances

• Kyndryl partners with Cloudflare to help enterprises migrate to next-generation networks

• Fake Obituary Sites Send Grievers to Porn and Scareware Pages

• Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention

• Quick Glossary: Cybersecurity Countermeasures

• Ivanti urges customers to fix critical RCE flaw in Standalone Sentry solution

• Intel To Spend $100bn In US, After Biden’s $20bn Award

• $200,000 Awarded at Pwn2Own 2024 for Tesla Hack

• Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware

• Hackers Claimed to have Breached the Israeli Nuclear Facility’s Networks

• Making Sense of Operational Technology Attacks: The Past, Present, and Future

• Security Researchers Win Second Tesla At Pwn2Own

• Phishing Campaign Uses Microsoft Office Docs to Spread NetSupport RAT

• NIST’s National Vulnerability Database Put CVE Enrichment on Hold

• U.S. Sanctions Russians Behind ‘Doppelganger’ Cyber Influence Campaign

• Authorities Dismantle Grandoreiro Banking Malware Operation

• Recent Windows Server Updates Trigger Domain Controller Reboots & Crash

• New Loop DoS attack may target 300,000 vulnerable hosts

• AI Transparency: Why Explainable AI Is Essential for Modern Cybersecurity

• Aligning With NSA’s Cloud Security Guidance: Four Takeaways

• Python Snake Info Stealer Spreading Via Facebook Messages

• GitHub’s New AI Tool that Fixes Your Code Automatically

• Exposed: Chinese smartphone farms that run thousands of barebones mobes to do crime

• Ransomware turns innovative and hides in websites where files are being uploaded

• It’s 2024 and North Korea’s Kimsuky gang is exploiting Windows Help files

• Fake data breaches: Countering the damage

• Bridging the Gap: Integrating SOCs into Application Security for Enhanced Cyber Resilience

• Using cloud development environments to secure source code

• WebCopilot: Open-source automation tool enumerates subdomains, detects bugs

• Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability

• Secrets sprawl: Protecting your critical secrets

• Malware stands out as the fastest-growing threat of 2024

• Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug

• The Not-so-True People-Search Network from China

• Mobile Device Security: Protecting Your Smartphone

• ISC Stormcast For Thursday, March 21st, 2024 https://isc.sans.edu/podcastdetail/8904, (Thu, Mar 21st)

• Controversial Clearview AI Added to US Government’s Tech Marketplace

• Cybersecurity for Small Businesses: Essential Protection

• How to Build a Phishing Playbook Part 3: Playbook Development

• New Loop DoS Attack Threatens Hundreds of Thousands of Systems

• USENIX Security ’23 – How The Great Firewall Of China Detects And Blocks Fully Encrypted Traffic

• Apex Legends Global Series plagued by hackers

• IT Security News Daily Summary 2024-03-20

• Users say Glassdoor added real names to user profiles without their consent

• OpenAI’s GPT store is brimming with promise – and spam

• The best VPN routers of 2024

• How to defend against phishing as a service and phishing kits

• Introducing Cisco U. Spotlight

• Critical flaw in Atlassian Bamboo Data Center and Server must be fixed immediately

• What Is Spoofing? 10 Types + How to Prevent It

• Texas Adult Site Age Verification Law Sparks 234.8% VPN Surge

• Securing Cloud Infrastructure: Leveraging Key Management Technologies

• U.S. data privacy protection laws: 2024 guide

• It’s tax season, and scammers are a step ahead of filers, Microsoft says

• EFF Seeks Greater Public Access to Patent Lawsuit Filed in Texas

• API Governance: Ensuring Control and Compliance in the Era of Digital Transformation

• GitHub previews AI-powered code scanning autofix

• US task force aims to plug security leaks in water sector

• Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)

• Theft Of Tesla Battery Manufacturing Secrets Triggers Arrest

• Some of the Most Popular Websites Share Your Data With Over 1,500 Companies

• DevSecOps: Bridging the Gap Between Speed and Security

• AI used extensively for security but not coding, JFrog survey finds

• 1 in 4 Organizations Shut Down OT Operations Due to Cyberattacks: Survey

• Pwned by the Mail Carrier

• New Sysrv Botnet Variant Makes Use of Google Subdomain to Spread XMRig Miner

• Misconfigurations in Google Firebase lead to over 19.8 million leaked secrets

• Google Fined 250 Million Euros By French Competition Watchdog

• Russia Warns US Over SpaceX ‘Spy Satellites’

• Cyber Flashing: A Digital Intrusion

• CISA Warns Critical Infrastructure Leaders of Volt Typhoon

• Fraudsters Are Posing As The FTC To Scam Consumers

• GitHub’s latest AI tool can automatically fix code vulnerabilities

• Hacker Caught Stealing Personal Data of 132,000 Individuals Pleads Guilty

• Microsoft Hires Influential AI Figure Mustafa Suleyman to Head up Consumer AI Business

• EPA and White House Raise Alarm on Water Cybersecurity

• Microsoft Threat Intelligence unveils targets and innovative tactics amidst tax season

• Netgear wireless router open to code execution after buffer overflow vulnerability

• Abusing the DHCP Administrators Group to Escalate Privileges in Windows Domains

• Biden Administration issues emergency alert against cyber-attacks on critical infrastructure

• Apple’s Tim Cook Reassures China Of Supply Chain Importance

• London Clinic probes claim staffer tried to peek at Princess Kate’s records

• Facebook Will Make Its “Pay For Privacy” Model Cheaper To Appease Regulators

• Apex Legends hacker said he hacked tournament games ‘for fun’

• GitHub’s latest AI tool that can automatically fix code vulnerabilities

• Here’s Why Tracking Everything on the Dark Web Is Vital

• AT&T Denies Involvement in Massive Data Leak Impacting 71 Million People

• E-Commerce Scam: Read These 5 Tips to Stay Safe from Fake Sites

• Zoom Compliance Manager helps organizations fulfill regulatory requirements

• Study Uncovers 27% Spike in Ransomware; 8% Yield to Demands

• 2024-03-19: DarkGate infection

• New ‘Loop DoS’ Attack Impacts Hundreds of Thousands of Systems

• Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

• #MIWIC2024: Lisa Ventura MBE, Founder of Cyber Security Unity Ltd.

• The Tech Apocalypse Panic is Driven by AI Boosters, Military Tacticians, and Movies

• DataDome Account Protect provides security for login and registration endpoints

• $601 Bounty Awarded for Interesting Cross-Site Request Forgery to Local JS File Inclusion Vulnerability Patched in File Manager WordPress Plugin

• Microsoft Hires DeepMind Co-Founder Mustafa Suleyman

• SOC 2 Audits as a Pillar of Data Accountability

• Proofpoint: APAC Employees Are Choosing Convenience, Speed Over Cyber Security

• Increase Market Share Quickly with Cisco Specializations and GTM Tools

• Serial extortionist of medical facilities pleads guilty to cybercrime charges

• Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server

• RaaS groups increasing efforts to recruit affiliates

• A prescription for privacy protection: Exercise caution when using a mobile health app

• Stalkerware Usage Surging, Despite Data Privacy Concerns

• Fraud Risk For Vans Customers After Data Breach

• Google Firebase May Have Exposed 125M Records From Misconfigurations

• ControlUp Secure DX reduces endpoint management complexity

• Semgrep Assistant boosts AppSec team productivity using AI

• NCSC Released an Advisory to Secure Cloud-hosted SCADA

• Secure Your Heroku Apps With SSL

• AI-generated deepfakes and investment scams

• The UK energy sector faces an expanding OT threat landscape

• UK Government: 75% of UK Businesses Experienced a Cyber Incident in 2023

• Scans for Fortinet FortiOS and the CVE-2024-21762 vulnerability, (Wed, Mar 20th)

• Elon Musk Replies To Far Right User, After Reinstatement Of X Account

• Check Point Wins First Place in Head-to-Head Firewall Testing Miercom 2024 NGFW Firewall Security Benchmark

• BunnyLoader 3.0 surfaces in the threat landscape

• Stalkerware usage surging, despite data privacy concerns

• Kubernetes 1.30: A Security Perspective

• Closing the False Positives Gap for SOC Efficiency

• ChatGPT Meets Music: Suno’s Trailblazing Initiative Marks a New Era

• Colombian Government Impersonation Campaign Targets Latin American Individuals in Cyberattack

• Apiiro and Secure Code Warrior join forces for developer training integration

• Androxgh0st Exploits SMTP Services To Extract Critical Data

• Hackers Selling GlorySprout Malware with Anti-VM Features in underground Fourm for $300

• Exclusive: AWS, Accenture and Anthropic partner to accelerate enterprise AI adoption

• New Open License Generator helps ensure AI is used responsibly

• NSTAC’s Cyber Report — Leveraging AI to Measurably Reduce Risk

• Enhancing the Polaris Software Integrity Platform: Synopsys Introduces Dynamic Security Testing Features

• Tax scammer goes after small business owners and self-employed people

• Chrome 123, Firefox 124 Patch Serious Vulnerabilities

• Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon

• Ukraine Arrests Hackers for Selling 100 Million Email, Instagram Accounts

• What Is the Dark Web? Myths and Facts About the Hidden Internet

• CyberSaint raises $21 million to accelerate market expansion

• Portnox Conditional Access for Applications improves data security for organizations

• Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word

• Microsoft Notifies of Major Domain Change With Teams is Coming

• Cisco and Nvidia: Redefining Workload Security

• White House Calls on States to Boost Cybersecurity in Water Sector

• Virtual Event Today: Supply Chain & Third-Party Risk Summit 2024

• WordPress Plugin Flaw Exposes 40,000+ Websites to Cyber Attack

• Cyber Security Today, March 20, 2024 – Misconfigured Firebase instances are leaking passwords, a China-related threat actor is hacking governments and more

• TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks

• Generative AI Security – Secure Your Business in a World Powered by LLMs

• Android malware, Android malware and more Android malware

• The ‘AT&T breach’—what you need to know

• Risk Management Firm CyberSaint Raises $21 Million

• Venafi Firefly with SPIFFE capability enables security teams to ensure governance and reduce risk

• The most prevalent malware behaviors and techniques

• Growing AceCryptor attacks in Europe

• Beyond Ctrl+Alt+Delete: Strategies For Erasing Negative Online Content

• Mintlify Confirms Data Breach Through Compromised GitHub Tokens

• Workings of MalSync Malware Unveiled: DLL Hijacking & PHP Malware

• What Is Log Management and Why you Need it

• Five Eyes tell critical infra orgs: take these actions now to protect against China’s Volt Typhoon

• New BunnyLoader Malware Variant Surfaces with Modular Attack Features

• Ukrainian Police Arrest Suspected Brute-Force Account Hijackers

• Understanding ISO 27001:2022 Annex A.6 – Organization of Information Security

• 300,000 Systems Vulnerable to New Loop DoS Attack

• Nirmata Policy Manager combats cloud security threats

• Glassdoor Wants to Know Your Real Name

• Pokemon Company resets some users’ passwords

• Deepfakes and AI’s New Threat to Security

• White House Convenes States to Discuss Water Sector Breaches

• How to deploy software to Linux-based IoT devices at scale

• Elon Musk hints a flying Tesla at Don Lemon’s show

• Tor Unveils WebTunnel – Let Users Bypass Censorship

• Ukraine Arrests Trio for Hijacking Over 100 Million Email and Instagram Accounts

• Introducing OpenShift Service Mesh 2.5

• Red Hat Quay 3.11: Smarter permissions, lifecycle, and AWS integration

• Hackers Attacking Critical US Water Systems, White House Warns

• Five 5G Security Concerns: Safeguarding the Future of Connectivity

• Azorult Malware Abuses Google Sites To Steal Login Credentials

• Andariel Hackers Leveraging Remote Tools To Exploit Organizations

• U.S. EPA Forms Task Force to Protect Water Systems from Cyberattacks

• Kate Middleton Medical Record Data was hacked

• NIST Launches Cybersecurity Framework (CSF) 2.0

• Red teaming in the AI era

• Security best practices for GRC teams

• 1% of users are responsible for 88% of data loss events

• API environments becoming hotspots for exploitation

• The Impact of Biometric Authentication on User Privacy and the Role of Blockchain in Preserving Secure Data

• ISC Stormcast For Wednesday, March 20th, 2024 https://isc.sans.edu/podcastdetail/8902, (Wed, Mar 20th)

• Australian techie jailed for accessing museum’s accounting system and buying himself stuff

• Malware

• Understanding Your Attack Surface: AI or bust

• The Future of Incident Response: SOAR’s Impact on Cybersecurity Defense

• Cybersecurity Hygiene: Best Practices for Individuals

• Design Principles-Building a Secure Cloud Architecture

• Pokémon resets some users’ passwords after hacking attempts

Generated on 2024-03-21 23:55:44.925332