IT Security News Daily Summary 2024-04-22

• Facebook AI Makes Creepy Comment That It Has A Gifted, Disabled Child

• Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

• U.S. Senate and Biden Administration Shamefully Renew and Expand FISA Section 702, Ushering in a Two Year Expansion of Unconstitutional Mass Surveillance

• FBI and friends get two more years of warrantless FISA Section 702 snooping

• Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme

• Vulnerability Recap 4/22/24 – Cisco, Ivanti, Oracle & More

• Vulnerability Summary for the Week of April 15, 2024

• 5 Best Practices to Secure AWS Resources

• US government says security flaw in Chirp Systems’ app lets anyone remotely control smart home locks

• Europol now latest cops to beg Big Tech to ditch E2EE

• BreachRx Gets $6.5 Million to Automate Security Incident Response

• Mitre breached by nation-state threat actor via Ivanti flaws

• Biometrics: A Flash Point in AI Regulation

• Three Ways Organizations Can Overcome the Cybersecurity Skills Gap

• Rise In Cybercrime: Dark Web Fueling Credential Attacks

• CISA Releases Physical Security Checklist to Help Election Officials Secure Polling Locations

• TikTok Says New US Ban Effort Would ‘Trample Free Speech’

• AI, toll fraud and messaging top the list of UC security concerns

• The Next US President Will Have Troubling New Surveillance Powers

• From Water to Wine: An Analysis of WINELOADER

• Malicious PyPI Package Attacking Discord Users to Steal Credentials

• Tesla Cuts Prices Across Major Markets

• Europol becomes latest law enforcement group to plead with big tech to ditch E2EE

• Dependency Confusion Vulnerability Found in an Archived Apache Project

• More companies refuse to pay ransom in 2024

• Tinder’s ‘Share My Date’ feature will let you share date plans with friends and family

• The 7 Best iPhone VPNs (Recommended for 2024)

• It’s Earth Day! Let’s talk Circularity, Growth and Profitability!

• Find Your Path to Unmatched Security and Unified Experiences

• Customers Praise the Surprising Longevity and Adaptability of Cisco UCS

• Using Legitimate GitHub URLs for Malware

• #MIWIC2024: Melissa Chambers, CEO and Co-Founder of Sitehop

• Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09

• Germany arrests trio accused of trying to smuggle naval military tech to China

• UN Agency Faces Data Crisis: Ransomware Hack Exposes Extensive Data Theft

• Numerous LastPass Users Fall Victim to Highly Convincing Scam, Losing Master Passwords

• Anonymous Hackers Threaten To Publish IDF’s ‘Top Secret Projects’

• Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft

• Fraudsters Exploit Telegram’s Popularity For Toncoin Scam

• chief privacy officer (CPO)

• Research Shows How Attackers Can Abuse EDR Security Products

• Crafting AI’s Future: Decoding the AI Executive Order

• Citrix UberAgent Flaw Let Attackers Elevate Privileges

• Beware Of Weaponized Zip Files That Deliver WINELOADER Malware

• Malicious PyPI Package Attacking Discord Users To Steal Credentials

• The Role of Cybersecurity Training in Compliance

• Hackers Group Claims To Have Broke Into IDF & Stolen Documents

• Watchdog tells Dutch govt: ‘Do not use Facebook if there is uncertainty about privacy’

• CVEs Targeting Remote Access Technologies

• CrushFTP Patches Exploited Zero-Day Vulnerability

• Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow

• The Future of Automated Testing with DAQ

• Taking Steps Toward Achieving FedRAMP

• Getting to Know Netzer Shohet

• Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

• Malware Developer Lures Child Exploiters Into Honeytrap to Extort Them

• Story 1: Removing super-admin tokens across 33 GitHub tenants in 2 hours

• Cloud Security Stories: From Risky Permissions to Ransomware Execution

• The 10 Women in Cybersecurity You Need to Follow

• Tech Outages: Exposing the Web’s Fragile Threads

• Binary Defense enhances BDVision to improve security for SMBs

• apexanalytix Passkeys protects data with biometric authentication

• Dependency Confusion Vulnerability Found in Apache Project

• US House of Representatives passes new TikTok ban bill to Senate

• Transforming Operations to Eliminate Technical Debt

• TA547 Phishing Attack: German Companies Hit With Infostealer

• GUEST ESSAY: Here’s why securing smart cities’ critical infrastructure has become a top priority

• The Essential KVM Cheat Sheet for System Administrators

• Understanding Spectre V2: A New Threat to Linux Systems

• Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability

• Cybercriminals Threaten Release of Stolen World-Check Database, Exposing Millions to Financial Risk

• MITRE breached by nation-state threat actor via Ivanti zero-days

• Trend Micro launches AI-driven cyber risk management capabilities

• Malvertising: Fake Popular Software Ads Deliver New MadMxShell Backdoor

• Windows MagicDot Path Flaw Lets Attackers Gain Rootkit-Like Abilities

• VMware ESXi Shell Service Exploit on Hacking Forums: Patch Now

• UK Cyber Agency NCSC Announces Richard Horne as its Next Chief Executive

• Ukrainian Soldiers’ Apps Increasingly Targeted for Spying, Cyber Agency Warns

• Billions of scraped Discord messages up for sale

• UK data watchdog questions how private Google’s Privacy Sandbox is

• MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

• Pentera’s 2024 Report Reveals Hundreds of Security Events per Week, Highlighting the Criticality of Continuous Validation

• IT Security News Weekly Summary – Week 17

• Alert! Zero-day Exploit For WhatsApp Advertised On Hacker Forums

• Has the ever-present cyber danger just got worse?

• Sharp-Project: New Stealer Family on the Market

• Researchers Find Dozens of Fake E-Zpass Toll Websites After FBI Warning

• Ransomware Double-Dip: Re-Victimization in Cyber Extortion

• CrushFTP File Transfer Vulnerability Lets Attackers Download System Files

• It appears that the number of industrial devices accessible from the internet has risen by 30 thousand over the past three years, (Mon, Apr 22nd)

• EU Set To Approve Apple Plan For Opening NFC Access

• Trump Media Warns Of ‘Potential Market Manipulation’

• Deciphering the Economics of Software Development: An In-Depth Exploration

• Windows DOS-to-NT flaws exploited to achieve unprivileged rootkit-like capabilities

• ACDS Launches Revolutionary OBSERVATORY Solution: Redefining Attack Surface Management

• Report: 51% of Enterprises Experienced a Breach Despite Large Security Stacks

• MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days

• NSA Launches Guidance for Secure AI Deployment

• Concerned About Your Online Privacy in 2024? You Are Not the Only One.

• Apple Removed Numerous Apps From China App Store

• Palo Alto Networks Patched A Pan-OS Vulnerability Under Attack

• CrushFTP Servers Zero-day Under Active Attack: Update Now

• ToddyCat is making holes in your infrastructure

• Critical Flaw in the Forminator Plugin Impacts Hundreds of Thousands of WordPress Sites

• Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

• NCSC Announces PwC’s Richard Horne as New CEO

• Netflix Reports Profits Surge, But Forecast Disappoints

• Group Supporting Women In Tech Abruptly Closes

• Google Shifts Rules For Contract Firms Amidst Labour Battle

• TSMC Shocks Investors With Lower Chip Growth Forecast

• Victorian Councils Data Exposed in OracleCMS Breach

• Rising Ransomware Issue: English-Speaking Western Affiliates

• Researchers Claim that Windows Defender Can Be Bypassed

• JavaScript Malware Switches to Server-Side Redirects and Uses DNS TXT Records as TDS

• A week in security (April 15 – April 21)

• Google all at sea over rising tide of robo-spam

• Apple Removes WhatsApp & Threads from its App Store for China

• NATO to Launch New Cyber Center to Contest Cyberspace ‘At All Times’

• MITRE Reveals Ivanti Breach By Nation State Actor

• Securing cloud perimeters

• NSA Debuts Top 10 Cloud Security Mitigation Strategies

• Exploring Cybersecurity Risks in Telemedicine: A New Healthcare Paradigm

• HelloKitty Ransomware Rebrands, Releases CD Projekt and Cisco Data

• Rarest, strangest, form of Windows saved techie from moment of security madness

• 10 Essentials Every Anti-Phishing Course Must Have

• Tesla Recalls Thousands Of Cybertrucks Over Accelerator Fault

• North Koreans Secretly Animated Amazon and Max Shows, Researchers Say

• Implementing ISO 27001:2022 Annex A.16 – Information Security Incident Management

• A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites

• Jury Dishes Out Guilty Verdict in Mango Markets Fraud Case

• The first steps of establishing your cloud security strategy

• Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage

• T2 – 85,894 breached accounts

• Safeguarding Your Gmail Account: Strategies to Defend Against Fraud

• Hellokity Ransomware Actors Returns Under New Name

• What is HSM Integration?

• EASA Alerts Airlines Amid Suspected Cyber-Attacks on UK-Bound Flights

• Cannes Hospital Cancels Medical Procedures Following Cyberattack

• Researchers claim Windows Defender can be fooled into deleting databases

• How to optimize your bug bounty programs

• Fuxnet malware: Growing threat to industrial sensors

• Cloud Console Cartographer: Open-source tool helps security teams transcribe log activity

• Uncertainty is the most common driver of noncompliance

• China creates ‘Information Support Force’ to improve networked defence capabilities

• How to improve response to emerging cybersecurity threats

• ISC Stormcast For Monday, April 22nd, 2024 https://isc.sans.edu/podcastdetail/8948, (Mon, Apr 22nd)

• MITRE admits ‘nation state’ attackers touched its NERVE R&D operation

• USENIX Security ’23 – On the Security Risks of Knowledge Graph Reasoning

• Akira Ransomware Group Takes In $42 million from 250 Attacks in a Year

• IT Security News Weekly Summary – Week 16

• IT Security News Daily Summary 2024-04-21

• Akira ransomware received $42M in ransom payments from over 250 victims

• DuneQuixote campaign targets the Middle East with a complex backdoor

• Cyberattackers Employ Elusive “CR4T” Backdoor to Target Middle Eastern Governments

• New AI Speed Cameras Record Drivers on Their Phones

• Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

• Information Stealer Malware Preys on Gamers via Deceptive Cheat Code Baits

• Androxgh0st Malware Compromises Servers Worldwide for Botnet Attack

• Weighing Down Cyberrisk Options: How to Make Objective Cybersecurity Decisions Without Negatively Impacting the Organization’s IT Teams?

• Review: ‘Artificial Intelligence — A Primer for State and Local Governments’

• New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth

• Week in review: Palo Alto firewalls mitigation ineffective, PuTTY client vulnerable to key recovery attack

Generated on 2024-04-22 23:55:08.544092