IT Security News Daily Summary 2024-04-06

• US Cancer Patient Data Breach Affected 800000 Patients Records

• Insights into Recent Malware Attacks: Key Learnings and Prevention Strategies

• AI Developed to Detect Invasive Asian Hornets

• More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894

• Bing Ad Posing as NordVPN Aims to Propagate SecTopRAT Malware

• Controversial Reverse Searches Spark Legal Debate

• What can be done to protect open source devs from next xz backdoor drama?

• Price of zero-day exploits rises as companies harden products against hackers

• Alejandro Caceres: The Vigilante Hacker Who Took Down North Korea’s Internet

• Best Privacy Browsers (2024): Brave, Safari, Ghostery, Firefox, DuckDuckGo

• Speaking Cyber-Truth: The CISO’s Critical Role in Influencing Reluctant Leadership

• Browsing in Incognito Mode Doesn’t Protect You as Much as You Might Think

• House to Take up Bill to Reauthorize Crucial US Spy Program as Expiration Date Looms

• Unveiling the XZ Utils Backdoor: A Wake-Up Call for Linux Security

• Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

• Identity Thief Lived as a Different Man for 33 Years

• Cisco warns of XSS flaw in end-of-life small business routers

• Ransomware Attack Via Unpatched Vulnerabilities Are Brutal: New Survey

• Apricorn Returns to Compete in 2024 ‘ASTORS’ Homeland Security Awards

• 57,000 Kaspersky Fan Club Forum User Data Leaked in Hosting Breach

• Eclipse joins with industry groups to secure open source

• It’s Time to Update Your Network Assurance Skills

• Vulnerabilities Exposed Hugging Face to AI Supply Chain Attacks

• IT Security News Daily Summary 2024-04-05

• Magento flaw exploited to deploy persistent backdoor hidden in XML

• Friday Squid Blogging: SqUID Bots

• Salt Security Applies Generative AI to API Security

• Anyscale addresses critical vulnerability on Ray framework — but thousands were still exposed

• Beware the Blur: Phishing Scam Drops Byakugan Malware via Fake PDF

• U.K. and U.S. Agree to Collaborate on the Development of Safety Tests for AI Models

• 6 Top Open-Source Vulnerability Scanners & Tools

• Retail Tech Deep-Dive: CAE Labs

• What Lies Ahead for Cybersecurity in the Era of Generative AI?

• “Infrastructures of Control”: Q&A with the Geographers Behind University of Arizona’s Border Surveillance Photo Exhibition

• This backdoor almost infected Linux everywhere: The XZ Utils close call

• Cookie consent choices are just being ignored by some websites

• Cyber Security Today, Week in Review for week ending Friday, April 5, 2024

• The Tech Needed to Survive This Decade’s ‘Seismic’ APAC B2B Trends

• 3 healthcare organizations that are building cyber resilience

• Heightened Hacking Activity Prompts Social Media Security Warning

• Ontario Hospitals Dispatch 326,000 Letters to Patients Affected by Cyberattack Data Breach

• 5 ways to strengthen healthcare cybersecurity

• Latrodectus Uses Sandbox Evasion Techniques To Launch Malicious Payloads

• Ivanti CEO Pledges To Fundamentally Transform Its Hard-Hit Security Model

• Cisco Warns Of Vulnerability In Discontinued Small Business Routers

• Acuity Responds To US Government Data Theft Claims

• Israel’s Justice Ministry Reviewing Cyber Incident After Hacktivists Claim Breach

• 9 top cloud storage security issues and how to contain them

• Ivanti CEO Promises Stronger Security After a Year of Flaws

• FCC: Phone Network Bugs Must Be Fixed — But are SS7/Diameter Beyond Repair?

• GAM3S.GG and Immutable Announce Partnership for Web3 Gaming Expansion

• How your business should deal with negative feedback on social media

• Government Communications: The Threats

• SASE and Zero Trust: A Powerful Combination

• Rise of Hacktivist Groups Targeting OT Systems

• Software supply chain attacks are escalating at an alarming rate

• Hoya suffers a suspected ransomware attack

• AI To Reduce Worker Numbers, Staffing Firm Adecco Warns

• Cisco Warns of Vulnerability in Discontinued Small Business Routers

• Prudential Financial Notifies 36,000 Victims of Data Leak

• $657 Bounty Awarded for Arbitrary File Upload Patched in WEmanage App Worker WordPress Plugin

• Elon Musk’s X Offers Free Blue Checks, Free Subscriptions

• Mastering Skills with Play: The Fusion of Gaming and Learning in Black Belt Gamification

• US government excoriates Microsoft for ‘avoidable errors’ but keeps paying for its products

• Tech Companies Want to Build Artificial General Intelligence. But Who Decides When AGI is Attained?

• CISA Unveils Critical Infrastructure Reporting Rule

• Sensitive Documents Vanish Under Mysterious Circumstances from Europol Headquarters

• Malware Targets End-of-Life Routers and IoT Devices

• AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks

• Alleged Home Depot Data Breach: IntelBroker Leaks 22,000 Employee Data

• #MIWIC2024: Nikki Webb, Global Channel Manager at Custodian360

• Proactive and Reactive Ransomware Protection Strategies

• Themes From (And Beyond) Altitude Cyber’s 2023 Cybersecurity Year In Review

• Mapping Your Path to Passwordless

• CyberTowns Initiative Aims to Spotlight Canada’s Top Locations for Cybersecurity Careers

• Chinese Threat Actors Deploy New TTPs to Exploit Ivanti Vulnerabilities

• 10M+ Downloaded Dating App Discloses User’s Exact Location

• Protecting the weakest link: how human errors can put a company in risk

• Federal Court Dimisses X’s Anti-Speech Lawsuit Against Watchdog

• NIST Grants $3.6 Million to Boost US Cybersecurity Workforce

• In Other News: 100,000 Affected by CISA Breach, Microsoft AI Copilot Ban, Nuclear Site Prosecution

• LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

• YubiKey Manager Privilege Escalation Let Attacker Perform Admin Functions

• Heimdal® Joins Internet Watch Foundation to Fight Child Sexual Abuse Imagery

• Hotel check-in terminal bug spews out access codes for guest rooms

• Cyber Security Today, April 5, 2024 – New ransomware gang claims 11 victims, Ivanti promises to overhaul product security, and more

• Apple Axes 600 Staff In First Layoffs Since Pandemic

• Microsoft’s Priva Platform: Revolutionizing Enterprise Data Privacy and Compliance

• Defending Against IoT Ransomware Attacks in a Zero-Trust World

• Wiz Discovers Flaws in GenAI Models Enabling Customer Data Theft

• Oxycorat Android RAT Spotted on Dark Web Stealing Wi-Fi Passwords

• Get an Extra 20% Off a Lifetime of Powerful VPN Protection Through 4/7

• Microsoft AI-Driven Security Tool Copilot for Security is Now GA

• Hackers Hijack Facebook Pages to Mimic AI Brands & Inject Malware

• Lens Maker Hoya Scrambling to Restore Systems Following Cyberattack

• Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained Old Info

• Magento Vulnerability Exploited to Deploy Persistent Backdoor

• Cybersecurity Firms Raised $2.3 Billion in Q1 2024: Report

• Atlassian Flaws Fixes: Critical Bamboo Patch Mitigates Risk

• Expert Insights on IoT Security Challenges in 2024

• CISO Perspectives on Complying with Cybersecurity Regulations

• Red Hat issues “urgent security alert” following attack on XZ Utils compression library

• Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed

• Stream.Security Releases Suite of Next-Gen Features

• Cyberattack disrupted services at Omni Hotels & Resorts

• From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware

• China Using AI-Generated Content to Sow Division in US, Microsoft Finds

• From EDR to XDR: Detailed Walkthrough

• Powerhost’s ESXi Servers Encrypted with New SEXi Ransomware

• Critical Progress Flowmon Vulnerability Let Attackers Inject Malicious Code

• 1.3 Million Customers Affected: Pandabuy Grapples with Data Breach Fallout

• Trellix ZTS enables organizations to strengthen cyber resilience

• Keep Your Tech Flame Alive: Akamai Trailblazer Alex Virley

• Exploring Advanced Tripwire Enterprise Capabilities

• Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws

• New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA

• Multiple Ivanti Connect Secure Flaw Let Attackers Execute Remote Code

• Winnti Hackers’ New UNAPIMON Tool Hijacks DLL And Unhook API Calls

• Bing Ads Exploited by Hackers to Spread SecTopRAT Through NordVPN Mimic

• Face-to-Face 2024 Australia

• FBI shares some valuable insights on ransomware

• Seven tips to find spyware on a smart phone

• Impact of IoT Security for 5G Technology

• Academics probe Apple’s privacy settings and get lost and confused

• AI Package Hallucination – Hackers Abusing ChatGPT, Gemini to Spread Malware

• Security pros are cautiously optimistic about AI

• Cybercriminal adoption of browser fingerprinting

• Feds Patching Years-Old SS7 Vulnerability in Phone Networks

• 22% of employees admit to breaching company rules with GenAI

• HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks

• New infosec products of the week: April 5, 2024

• How manual access reviews might be weakening your defenses

• Incident Response Orchestration: Streamlining Incident Handling

• Cybersecurity for Nonprofits: Protecting Mission-Critical Data

• ISC Stormcast For Friday, April 5th, 2024 https://isc.sans.edu/podcastdetail/8926, (Fri, Apr 5th)

• HTTP/2 CONTINUATION Flood Vulnerability

• World’s second-largest eyeglass lens-maker blinded by infosec incident

• Feds probe alleged classified US govt data theft and leak

• Smart SOAR’s Innovative Approach to Error-Handling Explained

• Web3 Security Specialist Hypernative To Provide Proactive Protection To The Flare Ecosystem

Generated on 2024-04-06 23:55:39.282019