IT Security News Daily Summary 2024-04-16

• Palo Alto Networks GlobalProtect exploit public and widely exploited CVE-2024-3400, (Tue, Apr 16th)

• Simeio Returns to Compete in 2024 ‘ASTORS’ Awards with Simeio OI

• ShadowRay Vulnerability: 6 Lessons for AI & Cybersecurity

• MGM says FTC can’t possibly probe its ransomware downfall – watchdog chief Lina Khan was a guest at the time

• Facebook Oversight Board Will Investigate Deepfake Porn Problem

• Speaking Freely: Lynn Hamadallah

• How Political Campaigns Use Your Data to Target You

• Change Healthcare’s New Ransomware Nightmare Goes From Bad to Worse

• PuTTY SSH Client flaw allows of private keys recovery

• Top Officials Again Push Back on Ransom Payment Ban

• Americans Deserve More Than the Current American Privacy Rights Act

• New Vulnerability “LeakyCLI” Leaks AWS and Google Cloud Credentials

• How to conduct security patch validation and verification

• A crypto wallet maker’s warning about an iMessage bug sounds like a false alarm

• Tell the FCC It Must Clarify Its Rules to Prevent Loopholes That Will Swallow Net Neutrality Whole

• Navigating the Cyber Typhoon: Safeguarding Data Amidst US-China Geo-Political Tensions.

• How to Remove Malware From a Mac or PC

• Trustifi’s Email Security Awareness Training – Empowering MSPs to Train & Protect Clients

• Proactive Threat Detection: Introducing Threat Hunting Essentials

• Cybersecurity Compliance: Understanding Regulatory Frameworks

• SIM Swappers Try Bribing T-Mobile and Verizon Staff $300

• US Think Tank Struck by Cyberattack

• Report: Bad Bots Drive 10% Annual Surge in Account Takeover Attacks

• US Senate to Vote on a Wiretap Bill That Critics Call ‘Stasi-Like’

• XZ Utils might not have been the only sabotage target, open-source foundations warn

• The best VPN deals right now

• Gen AI training costs soar yet risks are poorly measured, says Stanford AI report

• Evolution Equity Partners raises $1.1B for new cybersecurity and AI fund

• FTC Bans Online Mental Health Firm From Sharing Certain Data

• Alleged cryptojacker accused of stealing $3.5M from cloud to mine under $1M in crypto

• Critical PuTTY Vulnerability Allows Secret Key Recovery

• Virtual Event Tomorrow: Ransomware Resilience & Recovery Summit

• MixMode Launches Advanced AI-Powered Attack Detection Prioritization

• Online Health Firm Cerebral to Pay $7 Million for Sharing Private Data

• PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)

• Cyber Attack on Cisco Duo breaches its multifactor authentication

• Microsoft will Limit Exchange Online Bulk Emails to Fight Spam

• Speedify VPN Review: Features, Security & Performance

• SIM swap crooks solicit T-Mobile US, Verizon staff via text to do their dirty work

• Rockwell Automation ControlLogix and GuardLogix

• Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread

• Blackjack Group Used ICS Malware Fuxnet Against Russian Targets

• Report: Microsoft Most Impersonated Brand in Phishing Scams

• Data Loss Prevention: Best Practices for Secure Data Management

• USENIX Security ’23 – Account Verification on Social Media: User Perceptions and Paid Enrollment

• Ban the Scan – Is Facial Recognition a Risk to Civil Liberties?

• Cisco Duo provider breached, SMS MFA logs compromised

• OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

• Electrolink FM/DAB/TV Transmitter

• Measuresoft ScadaPro

• Answering the Executive “Why” and “What” for Full-Stack Observability

• Celebrating Cisco’s AI Differentiation and Our Engineers During World Creativity & Innovation Week

• New SteganoAmor Attacks Use Steganography to Target 320 Organizations Globally

• Law Firm to Pay $8M to Settle Health Data Hack Lawsuit

• Cloud Users Warned of Data Exposure Risk From Command-Line Tools

• Cryptojacker Arrested, Charged for Defrauding Cloud Providers of $3.5 Million

• Ex-Security Engineer Jailed For Hacking Decentralized Cryptocurrency Exchanges

• Resilient Together, Highlighting the Importance of Emergency Communications

• OT security vendor Nozomi Networks lands Air Force contract

• AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs

• TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks

• Omni Hotels says customers’ personal data stolen in ransomware attack

• A renewed espionage campaign targets South Asia with iOS spyware LightSpy

• AI Watchdog Defends Against New LLM Jailbreak Method

• Delinea Scrambles To Patch Critical Flaw After Ignoring Researcher

• Cryptojacker Arrested For Defrauding Cloud Providers Of $3.5 Million

• Google Location Tracking Deal Could Be Derailed By Politics

• Open sourcerers say suspected xz-style attacks continue to target maintainers

• Tanium Automate reduces manual processes for repeatable tasks

• Vercara UltraEdge offers protection against internet-based threats

• Obtaining security clearance: Hurdles and requirements

• IMF Warns of Potential Bank Runs Triggered by Cyber Attacks

• Report Suggests 93% of Breaches Lead to Downtime and Data Loss

• QUIC Server Preview Branch Available for Testing and Feedback

• Guardz Welcomes SentinelOne as Strategic Partner and Investor to Boost Cybersecurity Defenses for SMBs

• Misinformation and hacktivist campaigns targeting the Philippines skyrocket

• Pentest People Becomes the First Leeds-based Cybersecurity Company to Achieve NCSC’s Cyber Advisor (Cyber Essentials) Accreditation

• Giant Tiger breach sees 2.8 million records leaked

• A Crash Course in Hardware Hacking Methodology: The Ones and Zeros

• AI Helps Security Teams, But Boosts Threats

• The Hidden Risk of Airport Phone Charging Stations and Why You Should Avoid It

• Roku Security Breach Exposes Over 500,000 User Accounts to Cyber Threats

• Data-Stealing Malware Infections Surge by 600% in Three Years, Kaspersky Reports

• Cybersecurity Crisis: Small Firms Rank Attacks as the Greatest Business Risk

• New open-source project takeover attacks spotted, stymied

• LeakyCLI Flaw Exposes AWS and Google Cloud Credentials

• Global Hack Exposes Personal Data: Implications & Privacy Protection – Axios Security Group

• OpenSSF Warns of Fake Maintainers Targeting JavaScript Projects

• Connect:fun Attacking Organizations Running Fortinet’s FortiClient EMS

• Omni Hotels & Resorts Hack: Attackers have Stolen Customer Information

• Securing the Financial Sector with Check Point Infinity Global Services

• Change Healthcare’s ransomware attack costs edge toward $1B so far

• Hacker Conversations: Kevin O’Connor, From Childhood Hacker to NSA Operative

• Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation

• Personal Data Exposed in Massive Global Hack: Understanding the Implications & Guarding Privacy- Axios Security Group

• The best AirTag wallets of 2024: Expert tested and recommended

• Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials

• TA558 Hackers Compromised 320+ Organizations’ FTP & SMTP Servers

• Synergizing Advanced Identity Threat Detection & Response Solutions

• Omni Hotels Says Personal Information Stolen in Ransomware Attack

• You Against the World: The Offenders Dilemma

• Ransomware Group Starts Leaking Data Allegedly Stolen From Change Healthcare

• Knowledge & Research Security

• GuidePoint Security introduces IoT Security Assessment

• Atlas VPN Review (Updated for 2024)

• Who Stole 3.6M Tax Records from South Carolina?

• Sectigo SCM Pro automates certificate management

• Identity in the Shadows: Shedding Light on Cybersecurity’s Unseen Threats

• Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack

• Microsoft Most Impersonated Brand in Phishing Scams

• Blackjack Hackers Destroyed 87,000 Sensors Using Lethal ICS Malware

• X.com Automatically Changing Link Text but Not URLs

• Google location tracking deal could be derailed by politics

• Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt

• Russia is trying to sabotage European railways, Czech minister said

• IDnow VideoIdent Flex blends AI technology with human interaction

• Rolling Back Packages on Ubuntu/Debian, (Tue, Apr 16th)

• Hong Kong Approves Bitcoin, Ether ETFs

• Open Source Groups Warn Of Ongoing Attacks

• FTC Fines Mental Health Startup Cerebral $7 Million for Major Privacy Violations

• Open Source Leaders Warn of XZ Utils-Like Takeover Attempts

• Better application networking and security with CAKES

• Casting a Cybersecurity Net to Secure Generative AI in Manufacturing

• SCM and NERC: What You Need to Know

• Bad Bots Drive 10% Annual Surge in Account Takeover Attacks

• Apple Loses Smartphone Crown To Samsung Amidst China Pressure

• Trump Media Shares Buckle Over Secondary Offering Plans

• Cisco Duo Data Breach: Hackers Stolen VoIP & SMS for MFA

• Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown

• Apple’s Tim Cook Visits Vietnam Amidst China Troubles

• Android: Banking trojan masquerading as Chrome

• Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

• Five Key Takeaways from the 2024 Imperva Bad Bot Report

• NSA, CISA & FBI Released Best Practices For AI Security Deployment 2024

• Critical RCE Vulnerability in 92,000 D-Link NAS Devices

• LockBit 3.0 ransomware customized version now used to attack Global Firms

• 5 free red teaming resources to get you started

• Audio deepfakes: What they are, and the risks they present

• AI set to enhance cybersecurity roles, not replace them

• 31% of women in tech consider switching roles over the next year

• ISC Stormcast For Tuesday, April 16th, 2024 https://isc.sans.edu/podcastdetail/8940, (Tue, Apr 16th)

• IntelBroker Claims Space-Eyes Breach, Targeting US National Security Data

• 2024-04-15: Contact Forms campaign leads to SSLoad malware

• Quick Palo Alto Networks Global Protect Vulnerablity Update (CVE-2024-3400), (Mon, Apr 15th)

• The ONE Thing All Modern SaaS Risk Management Programs Do

• US Awards $6.4bn To Samsung For Expanded Texas Chip Production

• CISA in a flap as Chirp smart door locks can be trivially unlocked remotely

• Key software patch testing best practices

• IT Security News Daily Summary 2024-04-15

• 4 types of cloud security tools organizations need in 2024

• Vulnerability Recap 4/15/24 – Palo Alto, Microsoft, Ivanti Exploits

• Cisco Duo warns telephony supplier data breach exposed MFA SMS logs

• D3 Security at RSAC 2024: Streamline Your Security Operations with Smart SOAR

• Change Healthcare stolen patient data leaked by ransomware gang

• Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

• The Race Against the Hackers: How the OffSec Cyber Ranges Keep You Ahead

• Vulnerability Summary for the Week of April 8, 2024

• Collaborative Scheduling: Enhancing Team Coordination With Open-Source Tools

• Hacker Customize LockBit 3.0 Ransomware to Attack Orgs Worldwide

• A ransomware gang is leaking Change Healthcare’s stolen patient data

• Coding for a Greener Tomorrow: Developer Sustainability Week Takes Center Stage

• MY TAKE: GenAI revolution — the transformative power of ordinary people conversing with AI

• Cisco Duo Says Hack at Telephony Supplier Exposed MFA SMS Logs

• Roku: Credential Stuffing Attacks Affect 591,000 Accounts

• Data protection vs. security vs. privacy: Key differences

• Palo Alto Patches 0-Day (CVE-2024-3400) Exploited by Python Backdoor

• Joint Guidance on Deploying AI Systems Securely

• Adapting to the Deluge of Cybersecurity Data

• Tesla Cuts More Than 10 Percent Of Workforce

• Zscaler to Acquire Airgap Networks to Segment Endpoint Traffic

• Intel and Lenovo BMCs Contain Unpatched Lighttpd Server Flaw

• Tesla To Lay Off ‘More Than 10 Percent’ Of Workforce

• Ex-Security Engineer Gets Three Years in Prison for $12 Million Crypto Hacks

• Russia and Ukraine Top Inaugural World Cybercrime Index

• Nexperia Ransomware attack and some details about American hackers spreading ransomware

• Delinea Secret Server Customers Should Apply Latest Patches

• Roku Makes 2FA Mandatory For All After Nearly 600k Accounts Pwned

• Palo Alto Networks Releases Fixes For Firewall Zero-Day As Attribution Attempts Emerge

• Ransomware Group Claims Theft Of Data From Chipmaker Nexperia

• Juniper Networks Publishes Dozens Of New Security Advisories

• When Security Collides with Customer Impatience

• Roku makes 2FA mandatory for all after nearly 600K accounts pwned

• CISA Directs Affected Agencies to Mitigate Risks Arising from Microsoft Breach

• Data Exposure Incident: iCabbi’s Security Breach

• Meet With OpenSSL at RSA Conference 2024

• Crickets from Chirp Systems in Smart Lock Key Leak

• Ransomware Group Claims Theft of Data From Chipmaker Nexperia

• NightVision Raises $5.4 Million for Application Security Testing

• Second Largest Employer Amazon Opts For Robots, Substituting 100,000 Jobs

• New LockBit Variant Exploits Self-Spreading Features

• $1,250 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in Email Subscribers by Icegram Express WordPress Plugin

• The Journey: Quantum’s Yellow Brick Road

• New Report from Match Systems Sheds Light on Central Bank Digital Currencies (CDBC)

• Microsoft .NET, .NET Framework, & Visual Studio Vulnerable To RCE Attacks

• CISA adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog

• Nationwide Scam Targets Road Toll Users via SMS Phishing Scheme

• Apple Steps Up Spyware Alerts Amid Rising Mercenary Threats

• Navigating the Complex Landscape of Cyber Threats: Insights from the Sisense Breach and North Korean Tactics

• Palo Alto Networks Zero-Day Flaw Exploited in Targeted Attacks

• Software Support: 7 Essential Reasons You Can’t Overlook

• Delinea Secret Server customers should apply latest patches

• TechRepublic’s Review Methodology for VPNs

• Destructive ICS Malware ‘Fuxnet’ Used by Ukraine Against Russian Infrastructure

• Juniper Networks Publishes Dozens of New Security Advisories

• Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft Attacks

• AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead

• Microsoft and Google Top the List in Q1 2024 Phishing Attacks: Check Point Research Highlights a Surge in Cyber Threats

• #MIWIC24 Cyber Marketeer of the Year: Laura Reilly

• Texting Secrets: How Messenger Apps Guard Your Chats

• US senator wants to put the brakes on Chinese EVs

• What’s Next in Cortex — XSIAM for Cloud and Other Innovations

• Cyber Security Today, April 15, 2024 – Act fast to a plug hole in Palo Alto Networks firewall, Canadian comedy festival loses over $800K in email scam, and more

• Chipmaker Giant Nexperia Confirms Cyber-Attack Amid Ransomware Group Claims

• Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor

• Privacera adds access control and data filtering functionality for Vector DB/RAG

• Microsoft April Patch Tuesday Fixes Dozens of RCE Flaws

• Invision Community Vulnerabilities Risk E-Commerce Websites

• How Artificial Intelligence Technology Affects Fintech Companies & The Financial Industry

• FBI and AFP Arrest Alleged Developer, Marketer of Firebird/Hive RAT

• Cisco Telemetry Broker (CTB) 2.1 Launch

• Palo Alto Networks Releases Fixes for Firewall Zero-Day as Attribution Attempts Emerge

• Former Security Engineer Sentenced to Prison for Hacking Crypto Exchanges

• Two People Arrested in Australia and US for Development and Sale of Hive RAT

• Vulnerable Villain: When Hackers Get Hacked

• A critical vulnerability in Delinea Secret Server allows auth bypass, admin access

• Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution

• New Lattice Cryptanalytic Technique

• eBook: Why CISSP?

• How to freeze your credit (and why you might want to)

• The US Government Has a Microsoft Problem

• Palo Alto Networks Releases Fixes for Firewall Zero-Day as First Attribution Attempts Emerge

• Deepfake pornography explosion

• Palo Alto Networks Fixes Critical Zero-Day Vulnerability in PAN-OS

• Huawei To Sell Laptop With Latest Intel Core Ultra AI Chip

• Deepfakes: More Than Skin Deep Security

• Huawei Building Massive Chip R&D Centre In Shanghai

• Using the LockBit builder to generate targeted ransomware

• Linux Backdoor Infection Scare, Massive Social Security Number Heist

• Scale Your Security with vCISO as a Service

• OpenAI Chief Altman Pitches ChatGPT At Corporate Events

• OpenAI Fires Two Researchers Over Information Leaks

• LightSpy Hackers Indian Apple Device Users to Steal Sensitive Data

• Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users

• FBI Warns of Massive Toll Services Smishing Scam

• How to Safeguard Your Data Through Security Awareness Training?

• ITRC’s 2023 Data Breach Report Is a Mixed Bag

• What Is an Axon Agent, and Why Do You Need One?

• Understanding ISO 27001:2022 Annex A.14 – System Acquisition, Development, and Maintenance

• Police Swoop on €645m Cannabis Investment Fraud Gang

• Elon Musk To Meet India’s Modi Over Import Deal

• Apple Nears Production Of AI-Focused M4 Chip

• Identifying third-party risk

• ShadowDragon Horizon enhancements help users conduct investigations from any device

• Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability

• A week in security (April 8 – April 14)

• MPs: Government ‘Should Use TikTok’ To Reach Young People

• U.S. and Australian police arrested Firebird RAT author and operator

• This Startup Aims To Simplify End-to-End Cybersecurity, So Anyone Can Do It

• LightSpy Malware Attacking Android and iOS Users

• Streaming service ROKU witnessed 500K customers data leak

• The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security

• Microsoft publishes new Registry security mitigation for Intel processors (Spectre)

• Geopolitical tensions escalate OT cyber attacks

• How to protect IP surveillance cameras from Wi-Fi jamming

• Exposing the top cloud security threats

• How Israel Defended Against Iran’s Drone and Missile Attack

• Zarf: Open-source continuous software delivery on disconnected networks

• Expand your library with these cybersecurity books

• How Israel Defended Itself Against Iran’s Drone and Missile Attack

• US House approves FISA renewal – warrantless surveillance and all

Generated on 2024-04-16 23:55:11.035689