IT Security News Daily Summary 2024-05-10

• The FBI is Playing Politics with Your Privacy

• New LLMjacking Attack Lets Hackers Hijack AI Models for Profit

• Nmap 7.95 Released: Enhanced Network Scanning with More OS and Service Detection Power

• Iran most likely to launch destructive cyber-attack against US – ex-Air Force intel analyst

• Analysis of CVE-2024-4671: A Critical Zero-Day in Google Chrome

• CISA and Partners Release Advisory on Black Basta Ransomware

• #StopRansomware: Black Basta

• Healthcare Software Company Gains Comprehensive Visibility with LogRhythm Axon

• Emerald Divide Uses GenAI to Exploit Social, Political Divisions in Israel Using Disinformation

• Cybercriminals hit jackpot as 500k+ Ohio Lottery lovers lose out on their personal data

• Dell Data Breach Could Affect 49 Million Customers

• Why Active Directory Is A Big Deal?

• Malware Lurking in Minecraft Source Packs

• Update your Chrome browser ASAP. Google has confirmed a zero-day exploited in the wild

• ‘TunnelVision’ Attack Leaves Nearly All VPNs Vulnerable to Spying

• Dell Hell: 49 Million Customers’ Information Leaked

• Apple updates its Platform Security Guide

• Threat actor says he scraped 49M Dell customer addresses before the company found out

• The 2023 USG Data Breach: 800 Accounts Compromised, A Closer Look

• Dell admits data breach of over 49 million customers via Cyber Attack

• Adaptive Shield Launches SaaS Security for AI at RSA Conference 2024 to Mitigate GenAI Revolution Risks

• New Attack Against Self-Driving Car AI

• The Top 7 IAM Tools in 2024

• Google Staff Question Layoffs After Record Earnings

• Patch Tuesday

• US officials optimistic on AI but warn of risks, abuse

• Leaked FBI Email Stresses Need For Warrantless Surveillance Of Americans

• FBI Working Towards Nabbing Scattered Spider Hackers, Official Says

• Ex-White House Election Threat Hunter Weighs In On What To Expect In November

• MoD Contractor Hacked By China Failed To Report Breach For Months

• 500,000 Impacted By Ohio Lottery Ransomware Attack

• USENIX Security ’23 – URET: Universal Robustness Evaluation Toolkit (for Evasion)

• Akamai Expands into API Security with $450 Million Noname Deal

• US Authorities Charge LockBit Ransomware Ringleader

• North Korean Hackers Deploy New Golang Malware ‘Durian’ Against Crypto Firms

• Microsoft’s Brad Smith summoned by Homeland Security committee over ‘cascade’ of infosec failures

• Telus Acquires Cybersecurity Services Firm Vumetric

• UK’s AI Safety Institute Unveils Platform to Accelerate Safe AI Development

• New LLMjacking Attack Uses Stolen Cloud Credentials to Target Cloud-Hosted AI Models

• Dell notifies customers about data breach

• Healthcare Giant Ascension Hacked, Hospitals Diverting Emergency Service

• DocGo Confirms Cyberattack: Patient Health Data Breach

• Defending Against Hackers in the Public Sector Is a Different Beast

• GhostStripe attack haunts self-driving cars by making them ignore road signs

• Android Remote Access Trojan Equipped to Harvest Credentials

• Update: Thwarted Cyberattack Targeted Library of Congress in Tandem With October British Library Breach

• PRODUCT REVIEW: SYXSENSE ENTERPRISE

• DDoS Attack Size Increased by 233.33%, UDP-Based are Popular

• How Can Businesses Defend Themselves Against Common Cyberthreats?

• CensysGPT: AI-Powered Threat Hunting for Cybersecurity Pros (Webinar)

• Report: Global Ransomware Crisis Worsens

• Red Sea Crisis and the Risk of Cyber Fallout

• Microsoft to Enforce Executive Accountability for Cybersecurity

• How to Maintain Your Cyber Security Hygiene for a Vulnerability-free Environment

• ‘Four horsemen of cyber’ look back on 2008 DoD IT breach that led to US Cyber Command

• Ransomware Attacks Impact 20% of Sensitive Data in Healthcare Orgs

• Monday.com Removes “Share Update” Feature Abused for Phishing Attacks

• Exploited Chrome Zero-Day Patched by Google

• In Other News: European Parliament Breach, DocGo Hack, VMware Advisories Moved

• New LLMjacking Used Stolen Cloud Credentials to Attack Cloud LLM Servers

• Russia-linked APT28 targets government Polish institutions

• Google fixes fifth actively exploited Chrome zero-day this year

• BSidesSF 2024: A Community Event Anchored To Hope For The Future Of Security

• CISA Explains Why it Doesn’t Call Out Tech Vendors by Name

• OpenAI To Announce Google Search Competitor Next Week – Report

• Widely Used Telit Cinterion Modems Open to SMS-based Device Takeover Attacks

• RSAC: Experts Highlight Novel Cyber Threats and Tactics

• Cyber Security Headlines: F5 Big-IP warning, UK Army breach, BetterHelp pays out

• Citrix Warns Customers to Update PuTTY Version Installed on Their XenCenter System Manually

• Regulators are Coming for IoT Device Security

• Malicious Android Apps Pose as Google, Instagram, WhatsApp, Spread via Smishing

• What’s the Right EDR for You?

• Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability

• Biden Admin Set To Impose Tariffs On Chinese Electric Vehicles

• CISA Starts CVE “Vulnrichment” Program

• RSA Conference 2024 – Announcements Summary (Day 4)

• 500,000 Impacted by Ohio Lottery Ransomware Attack

• HijackLoader Malware Attack Windows Via Weaponized PNG Image

• Develop Valuable Cyber Security Skills Over a Lifetime for Only $56

• Cybercriminals are Getting Faster at Exploiting Vulnerabilities

• Google Fixes Fifth Chrome Zero-Day Exploited in Attacks This Year

• SocGholish Sets Sights on Victim Peers

• Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671)

• Cyber Security Today, May 10 ,2024 – Patches for F5’s Next Central Manager released, Dell discovers data theft covering millions of buyers, and more

• North Korean Hackers Abusing Facebook & MS Management Console

• Singapore updates cybersecurity law to expand regulatory oversight

• Transparency is sorely lacking amid growing AI interest

• How implementing a trust fabric strengthens identity and network

• RSAC 2024: AI hype overload

• Researchers Uncover ‘LLMjacking’ Scheme Targeting Cloud-Hosted AI Models

• Google Chrome Zero-day Exploited in the Wild, Patch Now

• Best Practices for Companies in protection of User Data

• Stack Overflow Users Delete Posts in Protest Over OpenAI Partnership

• Dell Hacked – Attackers Stolen 49 Million Customers Personal Information

• Britain NCSC faces Password Embarrassment

• Warning! Google Chrome Zero-day Vulnerability Exploited in Wild

• Citrix warns customers to update PuTTY version installed on their XenCenter system manually

• May 2024 Patch Tuesday forecast: A reminder of recent threats and impact

• How secure is the “Password Protection” on your files and drives?

• Researchers Hacked Apple Infrastructure Using SQL Injection

• Cybercriminals are getting faster at exploiting vulnerabilities

• Nmap 7.95 released: New OS and service detection signatures

• Selfie spoofing becomes popular identity document fraud technique

• GenAI enables cybersecurity leaders to hire more entry-level talent

• New infosec products of the week: May 10, 2024

• ISC Stormcast For Friday, May 10th, 2024 https://isc.sans.edu/podcastdetail/8976, (Fri, May 10th)

• Researchers Hacked into Apple Infrastructure Using SQL Injection

• The Post Millennial – 26,818,266 breached accounts

• 5 Reasons Structured Cabling Networks are Critical for IT Security Management

• Dell Discloses Data Breach As Hacker Sells 49 Million Customer Data

• NASA Must Improve Spacecraft Cybersecurity, GAO Report Finds

• IT Security News Daily Summary 2024-05-09

• How to inspire the next generation of scientists | Cybersecurity podcast

• Ex-White House election threat hunter weighs in on what to expect in November

• The Road to CTEM, Part 1: The Role of Validation

• Recent Breaches in Israel and Iran: A Closer Look at Cybersecurity Vulnerabilities

• TikTok To Label AI-Generated Content From Other Platforms

• No Country Should be Making Speech Rules for the World

• Why Reddit’s new content policy is a big win for your privacy

• Accenture Lands $789 Million Contract to Bolster U.S. Navy Cybersecurity

• Why Reddit’s new content policy is a big win for user privacy

• New Mexico Attorney General Blasts Facebook Again For Failing To Stop Child Exploitation

• US faith-based healthcare org Ascension says ‘cybersecurity event’ disrupted clinical ops

• Climate concerns: Personal advice on how to navigate eco-anxiety

• Cybersecurity Training and Cyber Insurance: Bridging the Gap with Continuous Improvement

• Massive Online Shopping Scam Racks Up 850,000 Victims

• New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation

• RSAC: How CISOs Should Protect Themselves Against Indictments

• RSAC: Why Cybersecurity Professionals Have a Duty to Secure AI

• One in Four Tech CISOs Unhappy with Compensation

• A new alert system from CISA seems to be effective — now we just need companies to sign up

• GitHub takes aim at software supply chain security

• Dell discloses data breach impacting millions of customers

• Global attackers targeting US critical infrastructure should be ‘wake-up call’

• Dell customer order database of ’49M records’ stolen, now up for sale on dark web

• Dell Says Customer Names, Addresses Stolen in Database Breach

• London Drugs cyber attack: What businesses can learn from their week-long shutdown

• #RSAC: Why Cybersecurity Professionals Have a Duty to Secure AI

• Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)

• Tesla Ordered To Provide NHTSA With Autopilot Recall Data

• Neuralink’s First Human Brain Implant Develops Malfunction

• FBI Warns US Retailers That Cybercriminals Are Targeting Their Gift Card Systems

• Answering Your Top 9 Questions About Monitoring in Kubernetes

• OpenAI and Stack Overflow Partnership: A Controversial Collaboration

• Crypto’s New Cybersecurity Initiative Led by Justine Bone

• #RSAC: How CISOs Should Protect Themselves Against Indictments

• Combatting foreign interference

• How Criminals Are Using Generative AI

• Network Security for Schools: Tools, Tips, And Best Practices

• Ascension suffers Cyber Attack

• Navigating the Future: Zero Trust and SSE in Cybersecurity Leadership Strategies

• The Top Four Things Tech Manufacturers can do to Bolster the Cybersecurity of Target-Rich, Cyber-Poor Organizations

• Graduation to Adulting: Navigating Identity Protection and Beyond!

• alpitronic Hypercharger EV Charger

• CISA Releases Four Industrial Control Systems Advisories

• Rockwell Automation FactoryTalk Historian SE

• Delta Electronics InfraSuite Device Master

• How Workforce Reductions Affect Cybersecurity Postures

• Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign

• New ‘LLMjacking’ Attack Exploits Stolen Cloud Credentials

• CrowdStrike Enhances Cloud Asset Visualization to Accelerate Risk Prioritization

• FBI Warns US Retailers That Cybercrimnals Are Targeting Their Gift Card Systems

• ‘Secure by design’ makes waves at RSA Conference 2024

• Dell discloses data breach of customers’ physical addresses

• Zscaler Investigates Hacking Claims After Data Offered For Sale

• TunnelVision DHCP Flaw Lets Attackers Bypass VPNs, Redirect Traffic

• UK Armed Forces’ Personal Data Hacked In MoD Breach

• LockBit Takes Credit For City Of Wichita Ransomware Attack

• AWS CloudQuarry: Digging For Secrets In Public AMIs

• CIOs and CFOs, two parts of the same whole

• Update: Boeing Confirms Attempted $200 Million Ransomware Extortion Attempt

• Criminal Use of AI Growing, But Lags Behind Defenders

• Chinese Attackers Deployed Backdoor Quintet to Down MITRE

• MITRE Links Recent Attack to China-Associated UNC5221

• Analyzing PDF Streams, (Thu, May 9th)

• How Data Fabric Architecture Helps Enhance Security Governance

• Microsoft Will Hold Executives Accountable for Cybersecurity

• Poland Says it was Targeted by Russian Military Intelligence Hackers

• With Nation-State Threats in Mind, Nearly 70 Software Firms Agree to Secure by Design Pledge

• Mobile Banking Malware Surges 32%

• Biden Admin Mulls Export Restrictions For AI Models – Report

• Social engineering in the era of generative AI: Predictions for 2024

• Generative AI is a Looming Cybersecurity Threat

• Empowering Indigenous Data Sovereignty: The TTP-Microsoft Partnership

• ASD’s ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies

• Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs

• Security Tools Fail to Translate Risks for Executives

• LockBit Takes Credit for City of Wichita Ransomware Attack

• F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026)

• Threat Actors Accessed Cancer Patients’ Data left Open by Testing Lab

• April 2024’s Most Wanted Malware: Surge in Androxgh0st Attacks and the Decline of LockBit3

• Five business use cases for evaluating Azure Virtual WAN security solutions

• Upgrade Your Cybersecurity With This VPN That’s Only $70 for Three Years

• Build a resilient network: What I learned from 5 thought leaders

• Mirai Botnet Exploits Ivanti Connect Secure Flaws for Payload Delivery

• Zscaler swats claims of a significant breach

• Threat Actors Accessed Cancer patients’ Data left Open by Testing Lab

• CISA Extends CIRCIA Rule Comment Period

• Quishing Campaign Exploits Microsoft Open Redirect Vulnerability

• BetterHelp Customers Begin Receiving Refund Notices From $7.8M Data Privacy Settlement, FTC Says

• CISA Announces CVE Enrichment Project ‘Vulnrichment’

• Ofcom Urges Tech Firms To Tame Toxic Algorithms

• Cyber Attack On Data Center Cooling Systems Leads To Disruption

• Report: 97% of Organizations Hit by Ransomware Turn to Law Enforcement

• AI-Powered Russian Network Pushes Fake Political News

• IntelBroker Hacker Leaks Alleged HSBC & Barclays Bank Data

• Zscaler is investigating data breach claims

• Fake E-commerce Network Scams $50M from American, European, Australian Shoppers

• Android App Security Alert: Proactive Measures to Prevent Unauthorized Control

• Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery

• New Guide: How to Scale Your vCISO Services Profitably

• Microsoft Passkey Authentication Now Available For Personal Accounts

• DocGo patient health data stolen in cyberattack

• F5 Patches Dangerous Vulnerabilities in BIG-IP Next Central Manager

• Cyber Security Headlines: Lockbit hit Wichita, AI export bans, Pathfinder on Intel

• Understanding the Zero-Trust Landscape

• SocGholish Attacks Enterprises Via Fake Browser Updates

• Pktstat: Open-Source Ethernet Interface Traffic Monitor

• FBI Warns of Gift Card Fraud Ring Targeting Retail Companies

• AuditBoard enhances InfoSec Solutions to reduce compliance fatigue across the organization

• How long does it take to crack a password in 2024?

• The Future of Phishing Email Training for Employees in Cybersecurity

• Data Classification Policy

• CISA starts CVE “vulnrichment” program

• Jack Dorsey Resigns From Bluesky Board, Calls X ‘Freedom Technology’

• Alert! Hackers Running Thousands of Fake Webshops : 850,000+ Cards Stolen

• APT trends report Q1 2024

• Silverfort Announces New Integration with Microsoft Entra ID EAM

• BigID equips security teams with AI-guided data security and risk remediation recommendations

• Secureworks Taegis NDR identifies malicious activity on the network

• Ransomware Criminals SIM Swap Executives’ Kids to Pressure Parents

• RSA Conference 2024 – Announcements Summary (Day 3)

• Critical Start adds multiple frameworks to Risk Assessments

• US Advances on Cyber Goals Amid Rapidly Changing Threat Environment, White House Says

• Crypto Mixer Money Laundering: Samourai Founders Arrested

• Veeam Fixes RCE Flaw in Backup Management Platform

• Two-Thirds of Organizations Failing to Address AI Risks, ISACA Finds

• AI Regulation in Finance: Steering the Future with Consumer Protection at the Helm

• Skyhigh Security boosts data protection measures with AI innovations

• Fake Online Stores Scam Over 850,000 Shoppers

• F5’s Next Central Manager Vulnerabilities Let Hackers Take Full Device Control Remotely

• Experts warn of two BIG-IP Next Central Manager flaws that allow device takeover

• Undetectable Threats Found in F5 BIG-IP Next Central Manager

• Zscaler Investigates Hacking Claims After Data Offered for Sale

• Polish Government Under Sophisticated Cyber Attack From APT28 Hacker Group

• Bangladesh IT Provider Database Compromise: 95k Email Addresses Leaked

• Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover

• How Nudge Security is useful in a merger or acquisition

• LockBit Ransomware Group demands $200 million ransom from Boeing

• Regulators are coming for IoT device security

• ISC Stormcast For Thursday, May 9th, 2024 https://isc.sans.edu/podcastdetail/8974, (Thu, May 9th)

• Global ransomware crisis worsens

• Why SMBs are facing significant security, business risks

• Ransomware attacks impact 20% of sensitive data in healthcare orgs

• Build Strong Information Security Policy: Template & Examples

• 3 CIS resources to help you drive your cloud cybersecurity

• Tappware – 94,734 breached accounts

• RSAC: Three Strategies to Boost Open-Source Security

Generated on 2024-05-10 23:55:09.747968