IT Security News Daily Summary 2024-04-10

• fraud detection

• Maryland State Passes Two Major Privacy Bills To Stop Facebook Data Gathering

• Trump Loyalists Kill Vote on US Wiretap Program

• AT&T states that the data breach impacted 51 million former and current customers

• It’s 2024 and Intel silicon is still haunted by data-spilling Spectre

• CISA Releases Malware Next-Gen Analysis System for Public Use

• How to protect yourself from online harassment

• USENIX Security ’23 – Discovering Adversarial Driving Maneuvers against Autonomous Vehicles

• The best travel VPNs of 2024

• Uber adds safety options that every rider should start using – here’s how

• President Biden ‘Considering’ Request To Drop Julian Assange Charges

• Fortinet fixed a critical remote code execution bug in FortiClientLinux

• India’s Businesses Under Huge Cyber Threats, Kaspersky Reported

• LinkedIn Users Targeted in Complex Phishing Scheme

• Fostering Cybersecurity Culture: From Awareness to Action

• Alert! Brute-Force SSH Attacks Rampant in the Wild: New Study From 427 Million Failed SSH Login Attempts

• Raspberry Robin Malware Now Using Windows Script Files to Spread

• The Motion Picture Association Doesn’t Get to Decide Who the First Amendment Protects

• Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WordPress Core

• Vulnerability in some TP-Link routers could lead to factory reset

• Apple Doubles iPhone Production In India – Report

• Match Systems publishes report on the consequences of CBDC implementation, led by CEO Andrei Kutin

• Real-World Law Enforcement Hack of Hackers End-to-Encrypted Chat Messenger

• E-commerce Breach: Hackers Target Magento, Steal Payment Data

• single sign-on (SSO)

• AT&T Data Breach Update: 51 Million Customers Impacted

• Watch This? Patch This! LG Fixes Smart TV Vulns

• The ClickOps Era Has Begun—Here’s a Quick Primer

• Beyond Technical Skills: Making Cybersecurity More Human-Centered

• Google Unveils ARM-based AI CPU, Google Axion

• Rhadamanthys Malware Deployed By TA547 Against German Targets

• Microsoft experiences another cyber attack after China email server intrusion

• TikTok bans explained: Everything you need to know

• AT&T notifies regulators after customer data breach

• Microsoft Patches 2 Zero Days Exploited For Malware Delivery

• DOJ Data On 340,000 Individuals Stolen

• Peter Higgs, Father Of The God Particle, Dies At 94

• Speed Of AI Development Is Outpacing Risk Assessment

• New covert SharePoint data exfiltration techniques revealed

• LG TV Vulnerabilities Expose 91,000 Devices

• Cypago Announces New Automation Support for AI Security & Governance

• Google Chrome is getting a new security feature to address memory corruption

• Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers

• Cisco’s Vision at Hannover Messe 2024

• Cisco and Nutanix: A 360-Degree Partnership Where 1 + 1 = 3

• Zero Trust Matures, Insider Threat Programs Take Off, and AI Doesn’t Change Things that Much Yet: 2024 Cybersecurity Predictions

• Hackers Siphon 340,000 Social Security Numbers From U.S. Consulting Firm

• Tesla Settles Lawsuit Over Crash That Killed Apple Engineer

• Cisco at NAB 2024: Cloud-Native Media Production

• Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of issues

• Researchers Resurrect Spectre v2 Attack Against Intel CPUs

• Posthumous Data Access: Can Google Assist with Deceased Loved Ones’ Data?

• Combatting iPhone Scams: Steps Towards Enhanced Security

• ‘eXotic Visit’ Spyware Campaign Targets Android Users in India and Pakistan

• Mitigating the Impact of Data Breaches Through DDR

• Beware of Encrypted Phishing Attack With Weaponized SVG Files

• Cypago Announces New Automation Support for AI Security and Governance

• Malwarebytes Digital Footprint Portal offers insights into exposed passwords and personal data

• Vultr Sovereign Cloud and Private Cloud delivers data control to nations and enterprises

• Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files

• CISA Announces Malware Next-Gen Analysis

• Shifting Attack Landscapes and Sectors in Q1 2024 with a 28% increase in cyber attacks globally

• Rust rustles up fix for 10/10 critical command injection bug on Windows

• Insider Threats Surge Amid Growing Foreign Interference

• Security Advisory: Protecting Mobile Devices for UAE Residents

• The Fake E-Shop Scam Campaign Sweeping Southeast Asia, seizing users banking details

• Privacy is ‘Virtually Impossible’ on iPhones, Experts Warn

• Eclypsium Automata discovers vulnerabilities in IT infrastructure

• Index Engines CyberSense 8.6 detects malicious activity

• Beware: GitHub’s Fake Popularity Scam Tricking Developers into Downloading Malware

• Women Experience Exclusion Twice as Often as Men in Cybersecurity

• Flaws in 90,000+ LG WebOS TVs Let Attacker’s Completely take Over Devices

• Introducing the Digital Footprint Portal

• Develop Advanced Cybersecurity Skills for Just $64

• A Quarter of UK Business Are Not Using AI to Bolster Cybersecurity

• Zero Trust: Navigating the Labyrinth of Laws in a Borderless Digital Age

• Concentric AI unveils employee offboarding risk monitoring and reporting module

• Hack The Box redefines cybersecurity performance, setting new standards in the cyber readiness of organizations

• Thousands of LG TVs Possibly Exposed to Remote Hacking

• Fortinet Patches Critical RCE Vulnerability in FortiClientLinux

• How to Stop Your Data From Being Used to Train AI

• IT pros targeted with malicious Google ads for PuTTY, FileZilla

• Cohesity teams up with Intel to integrate confidential computing into Data Cloud Services

• Windows: New ‘BatBadBut’ Rust Vulnerability Given Highest Severity Score

• Intel Unveils Latest AI Chip To Counter Nvidia

• Hands-on Review: Cynomi AI-powered vCISO Platform

• In Memoriam: Ross Anderson, 1956-2024

• 530k Impacted by Data Breach at Wisconsin Healthcare Organization

• Sprinto Raises $20 Million for Automated Risk and Compliance Platform

• NICE Actimize enhances Integrated Fraud Management platform to help financial services prevent scams

• US Claims to Have Recovered $1.4bn in COVID Fraud

• Microsoft Patch Tuesday: 149 Security Vulnerabilities & Zero-days

• 6 Best Open Source Password Managers for Mac in 2024

• X fixes URL blunder that could enable convincing social media phishing campaigns

• Silicon UK In Focus Podcast: Digital Transformation and Sustainability

• GHC-SCW Hack: Ransomware Actors Stolen User’s Personal Information

• Cyber Insurance Policy

• Microsoft Patches Two Zero-Days Exploited for Malware Delivery

• Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel

• Microsoft Patches 150 Flaws Including Two Zero-Days

• GM’s Cruise To Resume Operations In Phoenix With Human Drivers

• The AI Gold Rush: ChatGPT and OpenAI targeted in AI-themed investment scams

• Custom-made Awareness Raising to enhance Cybersecurity Culture

• Proton picks up Standard Notes to deepen its pro-privacy portfolio

• New ransomware group demands Change Healthcare ransom

• Alethea raises $20 million to combat disinformation campaigns

• Webinar: Learn How to Stop Hackers from Exploiting Hidden Identity Weaknesses

• Half of UK Businesses Hit by Cyber-Incident in Past Year, UK Government Finds

• Critical Rust Vulnerability Let Hackers Inject Commands on Windows Systems

• Embracing Two-Factor Authentication for Enhanced Account Protection

• Life in Cybersecurity: From Nursing to Threat Analyst

• Turning the tide on third-party risk

• RUBYCARP the SSH Brute Botnet Resurfaces With New Tools

• New Critical Rust Vulnerability Allows Attackers to Inject Commands on Windows Systems

• Cybersecurity in the Evolving Threat Landscape

• Rewards For Justice offers up to $10 million reward for info on ALPHV BlackCat hacker group leaders

• Dracula Phishing Platform Targets Organizations Worldwide

• New SharePoint Technique Lets Hackers Bypass Security Measures

• Upcoming report on the state of cybersecurity in Croatia

• Google top trending cybersecurity news headlines

• Navigating the Divide: Data Security Management vs Cloud Security Management

• Chrome Enterprise Premium promises extra security – for a fee

• How to Use Cyber Threat Intelligence? 4 TI Categories to Learn SOC/DFIR Team

• Why are many businesses turning to third-party security partners?

• Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included

• WEF Cybercrime Atlas: Researchers are creating new insights to fight cybercrime

• AI risks under the auditor’s lens more than ever

• GSMA releases Mobile Threat Intelligence Framework

• Cybersecurity jobs available right now: April 10, 2024

• Critical ‘BatBadBut’ Rust Vulnerability Exposes Windows Systems to Attacks

• ISC Stormcast For Wednesday, April 10th, 2024 https://isc.sans.edu/podcastdetail/8932, (Wed, Apr 10th)

• Navigating Third-Party Cyber Risks in Healthcare: Insights from Recent Events

• Is My VPN Working? How To Test for VPN Leaks

• Microsoft squashes SmartScreen security bypass bug exploited in the wild

• Synopsys takes aim at software supply chain risks

• Synopsys aims to mitigate software supply chain risks

• Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)

• IT Security News Daily Summary 2024-04-09

• Is My VPN Working? How to Test for VPN Leaks

• VERT Threat Alert: April 2024 Patch Tuesday Analysis

• April’s Patch Tuesday Brings Record Number of Fixes

• Section 702: The Future of the Biggest US Spy Program Hangs in the Balance

• Should You Pay a Ransomware Attacker?

• USENIX Security ’23 – Qifan Xiao, Xudong Pan, Yifan Lu, Mi Zhang, Jiarun Dai, Min Yang,- xorcising “Wraith”: Protecting LiDAR-based Object Detector In Automated Driving System From Appearing Attacks

• FCC Mulls Rules to Protect Abuse Survivors from Stalking Through Cars

• April 2024 Microsoft Patch Tuesday Summary, (Tue, Apr 9th)

• Over 91,000 LG smart TVs running webOS are vulnerable to hacking

• Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

• Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)

• Unit 42: Malware-initiated scanning attacks on the rise

• Speaking Freely: Mary Aileen Diez-Bacalso

• Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers

• April’s Patch Tuesday includes 150 vulnerabilities, 60 which could lead to remote code execution

• The Essential Tools and Plugins for WordPress Development

• Fortinet Releases Security Updates for Multiple Products

• Microsoft employees exposed internal passwords in security lapse

• Toward greater transparency: Adopting the CWE standard for Microsoft CVEs

• Muddled Libra’s Evolution to the Cloud

• Got an unpatched LG ‘smart’ television? It could be watching you back

• Patch Tuesday: Code Execution Flaws in Multiple Adobe Software Products

• Daniel Stori’s ‘Minimum Viable Elevator’

• LG smart TVs may be taken over by remote attackers

• 0G Launches Newton Testnet of Ultra-Scalable Modular AI Blockchain

• How to Use Cyber Threat Intelligence ? 4 TI Categories to Learn SOC/DFIR Team

• ScrubCrypt used to drop VenomRAT along with many malicious plugins

• OffSec Versus: Revolutionizing Cybersecurity Training Through Live-Fire Collaboration

• Behind Enemy Lines: Understanding the Threat of the XZ Backdoor

• Patch Tuesday Update – April 2024

• Hackers Use Malware to Hunt Software Vulnerabilities

• “Let’s Get the Third Party Started In Here,”

• Google Cloud Next 2024: New Data Center Chip and Chrome Enterprise Premium Join the Ecosystem

• CISA Releases One Industrial Control Systems Advisory

• SUBNET PowerSYSTEM Server and Substation Server

• Asia-Focused Dark Web Threat Intelligence Startup StealthMole Raises $7 Million

• Data Security Firm Cyera Raises $300 Million at $1.4 Billion Valuation

• The Hidden Danger of Public USB Charging Stations: What You Need to Know

• Google workspace to use AI for Data Security

• Private Data of 7.5 million BoAt Users Leaked in Massive Data Breach

• Change Healthcare Hit By Cyber Extortion Again

• SaaS Asset and User Numbers are Exploding: Is SaaS Data Security Keeping Up?

• Home Depot Confirms Data Breach Via Third Party Vendor

• Critical Takeover Vulns In 92,000 D-Link Devices Under Active Exploitation

• US Insurers Use Drone Photos To Deny Home Insurance Policies

• CISO Conversations: Nick McKenzie (Bugcrowd) And Chris Evans (HackerOne)

• Three Key Threats Fueling the Future of Cyber Attacks

• New Google Workspace feature prevents sensitive security changes if two admins don’t approve them

• Hackers Targeting Human Rights Activists in Morocco and Western Sahara

• 10-Year-Old ‘RUBYCARP’ Romanian Hacker Group Surfaces with Botnet

• Android 15’s Private Space feature could better protect your sensitive data

• Why the Keitaro TDS keeps causing security headaches

• What Is a SaaS Security Checklist? Tips & Free Template

• X adds support for passkeys globally on iOS

• Techstrong Group Announces Rebranding of Security Bloggers Network to Security Creators Network

• What Security Metrics Should I Be Looking At?

• SurveyLama Data Breach Exposes Millions of Users’ Information

• ESET Small Business Security offers protection against online fraud, data theft and human error

• Research Unearths RUBYCARP’s Multi-Miner Assault on Crypto

• $937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin

• Feds say Microsoft security ‘requires an overhaul’ — but will it listen?

• Raindex Launches On Flare To Power Decentralized CEX-Style Trading

• Ahoi Attacks – New Attack Breaking VMs With Malicious Interrupts

• Hackers Using ScrubCrypt ‘AV Evasion Tool’ To Exploit Oracle WebLogic Servers

• US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack

• ICS Patch Tuesday: Siemens Addresses Palo Alto Networks Product Vulnerabilities

• SAP’s April 2024 Updates Patch High-Severity Vulnerabilities

• TufinMate accelerates network access troubleshooting

• Gurucul Data Optimizer provides control over real-time data transformation and routing

• Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

• Foreign Interference Drives Record Surge in IP Theft

• 91,000 Smart LG TV Devices Vulnerable to Remote Takeover

• Google Gemini Code Assist – Code With AI Intelligence

• Check Point Supercharges Brisbane Catholic Education’s Security Stack to Improve Threat Detection and Streamline Manageability

• March 2024’s Most Wanted Malware: Hackers Discover New Infection Chain Method to Deliver Remcos

• Ransomware gang’s new extortion trick? Calling the front desk

• #MIWIC2024: Illyana Mullins, Founder of WiTCH (Women in Tech and Cyber Hub CIC)

• The role of certificate lifecycle automation in enterprise environments

• Exploring HelpWire: A New Option in Free Remote Support Software

• Thousands Of Internet-Exposed Ivanti VPN Appliances Vulnerable To RCE Attacks

• Google unveils new Gemini-powered security updates to Chronicle and Workspace

• Google injects generative AI into its cloud security tools

• Chrome Enterprise goes Premium with new security and management features

• Entering the Next Chapter of SASE at InterSECt 2024

• Keeper Security Tightens Access Control with New Features

• Synopsys Introduces Latest Solution for Comprehensive Security Across Software Supply Chains

• The Role of Identity Data Management in Achieving CISA’S Strategic Goals

• UK businesses shockingly unaware of how to handle security threats

• What AI Can Do Today? The latest generative AI tool to find the perfect AI solution for your tasks

• Sectigo appoints Jason Scott as CISO

• Rocket DevOps simplifies compliance processes

• Google Adds V8 Sandbox To Chrome To Fight Against Browser Attacks

• Expert Insight: Growing Your Mindset

• Using emerging technology to bridge the cyber skills gap

• SE Labs Annual Security Awards 2024

• CL0P’s Ransomware Rampage – Security Measures for 2024

• Starry Addax targets human rights defenders in North Africa with new malware

• The Threat That Can’t Be Ignored: CVE-2023-46604 in Apache ActiveMQ

• Building Bridges: Embracing Change, Growth, and Discovery at Cisco

• Defusing the threat of compromised credentials

• Second Ransomware Group Extorting Change Healthcare

• DOJ-Collected Information Exposed in Data Breach Affecting 340,000

• CISO Conversations: Nick McKenzie (Bugcrowd) and Chris Evans (HackerOne)

• CVS Group Restoring Systems Impacted by Cyberattack

• Cyber Attack on Consulting Firm Exposes DOJ Data of 341,000 People

• Targus Hacked: Attackers Gain Access to File Servers

• AI data security startup Cyera confirms $300M raise at a $1.4B valuation

• Akamai Shield NS53 protects on-prem and hybrid DNS infrastructure

• 6 Best Open Source Password Managers for Windows in 2024

• 35-year long identity theft leads to imprisonment for victim

• New Latrodectus loader steps in for Qbot

• Darktrace ActiveAI Security Platform helps organizations shift focus to proactive cyber resilience

• Shield NS53 Protects Your Origin DNS Infrastructure from NXDOMAIN Attacks

• Samsung To Receive $6bn For Texas Chip Expansion

• Google announces V8 Sandbox to protect Chrome users

• Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices

• StrikeReady Raises $12M to Build AI-Powered Security Command Center

• SINEC Security Guard identifies vulnerable production assets

• Room for Error: Hotel Check-In Terminal Flaw Leads to Access Code Leak

• HashKey Launches Global Crypto Exchange, Targets Coinbase

• PC Shipments Return To Pre-Pandemic Levels In First Quarter

• Sprinto raises $20M to bring automation to security compliance management

• Over 90,000 D-Link NAS Devices Are Under Attack

• Top Israeli Spy Chief Identity Exposed In A Privacy Mistake

• Parasoft unveils safety testing tool for C and C++ apps

• Cybersecurity Compliance Around the Globe: India’s DPDP

• TechRepublic Academy Is Offering Extra 20% Off Most Deals Through April 16

• Cloudflare partners with Booz Allen Hamilton to guide organizations under attack

• Why payers are pivotal to API security across the healthcare ecosystem

• Brazil Judge Opens Probe Into Elon Musk

• TSMC Expands Arizona Chip Plans Under $6.6bn US Deal

• Notepad++ Wants Your Help to Take Down the Parasite Website

• Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing

• Why Identity Management is Key in a Cyber Resilience Strategy

• Microsoft To Open AI Hub In London After Suleyman Hire

• Google Rolls Out “Find My Device” Network for Android Users

• China is using generative AI to carry out influence operations

• Podcast Episode: Antitrust/Pro-Internet

• How Avast One Silver adapts to your unique online world

• D-Link RCE Vulnerability That Affects 92,000 Devices Exploited in Wild

• HTTP/2 Vulnerability Let Hackers Launch DOS Attacks on Web Servers

• Kaspersky Club – 55,971 breached accounts

• CVE-2024-3094: RCE Vulnerability Discovered in XZ Utils

• Embracing the Cloud: Revolutionizing Privileged Access Management with One Identity Cloud PAM Essentials

• Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks

• Another ransomware gang reclaims to have hacked United Health

• How exposure management elevates cyber resilience

• boAt – 7,528,985 breached accounts

• Strategies for secure identity management in hybrid environments

• EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA)

• Exploring How Penetration Tests Are Classified – Pentesting Aspirant Guide 2024

• Defining a holistic GRC strategy

• Building a DDR Strategy: A Step-by-Step Guide

• ISC Stormcast For Tuesday, April 9th, 2024 https://isc.sans.edu/podcastdetail/8930, (Tue, Apr 9th)

• 10 Million Devices Were Infected by Data-Stealing Malware in 2023

Generated on 2024-04-10 23:55:11.448200