IT Security News Daily Summary 2024-05-28

• Treasury Sanctions Creators of 911 S5 Proxy Botnet

• Spyware maker pcTattletale shutters after data breach

• pcTattleTale spyware leaks database containing victim screenshots, gets website defaced

• Important Security Update – Stay Protected Against VPN Information Disclosure (CVE-2024-24919)

• Elon Musk and Yann LeCun’s social media feud highlights key differences in approach to AI research and hype

• IBM to test Southeast Asian LLM and facilitate localization efforts

• Experts released PoC exploit code for RCE in Fortinet SIEM

• OpenAI Launches Security Committee Amid Ongoing Criticism

• How AI could bolster software supply chain security

• Check Point warns of threat actors targeting VPNs

• BreachForums returns, just weeks after FBI-led takedown

• Rock band’s hidden hacking-themed website gets hacked

• Vulnerability Summary for the Week of May 20, 2024

• Why cellular-first SASE is defining the future of distributed enterprises

• Randall Munroe’s XKCD ‘Room Code’

• Upcoming Webinar: Getting Started With QUIC and OpenSSL

• Hackers Target Check Point VPNs, Security Fix Released

• Ongoing Hacking Campaign Targets Check Point VPNs

• The Satellites Using Radar To Peer At Earth In Minute Detail

• OpenAI Forms Safety Committee As It Starts Training Latest AI Model

• Christie’s Confirms Data Breach After Ransomware Group Claims Attack

• SpiderOak One customers threaten to jump ship following datacenter upgrade

• The Rise of Generative AI is Transforming Threat Intelligence – Five Trends to Watch

• ‘Microsoft’ Scammers Steal the Most, says FTC

• GDPR Turns Six: Reflecting on a Global Privacy Benchmark

• Threats of the Week: Black Basta, Scattered Spider, and FIN7 Malvertising

• HP Report Surfaces Shifts in Cyber Attack Tactics

• Unmasking the Trojan: How Hackers Exploit Innocent Games for Malicious Intent

• Check Point Urges VPN Configuration Review Amid Attack Spike

• ABN AMRO bank hit by Ransomware

• Congresswomen Advocate for Cybersecurity Jobs for Formerly Incarcerated

• CISA Releases One Industrial Control Systems Advisory

• Campbell Scientific CSI Web Server

• CISA Adds One Known Exploited Vulnerability to Catalog

• Shared Responsibility: How We Can All Ensure Election Security and Voter Confidence

• Social Distortion: The Threat of Fear, Uncertainty and Deception in Creating Security Risk

• ABN Amro Client Data Possibly Stolen in AddComm Ransomware Attack

• OpenAI Forms Safety Committee as It Starts Training Latest Artificial Intelligence Model

• XSS Vulnerabilities Found in WordPress Plugin Slider Revolution

• Building AI on a Foundation of Open Source Requires a Fundamentally New Approach to Application Security

• RSAC Fireside Chat: Dispersive adapts WWII radio-signal masking tool to obfuscating network traffic

• User Guide: PCI 4.0 Requirement 11.6 – Detecting and Responding to Unauthorized Changes on Payment Pages with Feroot

• Windows 11: Home or Pro? A Comprehensive Comparison

• Sharp Dragon Shifts Cyber Attacks to New Frontiers: Africa and the Caribbean

• WhatsApp Chats Vulnerable To Government Monitoring – Report

• Moroccan Cybercrime Group Storm-0539 Exploits Gift Card Systems with Advanced Phishing Attacks

• What is GPS Jamming, a Rising Concern for Global Aviation?

• Tonic Textual extracts, governs, and deploys unstructured data for AI development

• Breach Forums Return to Clearnet and Dark Web Despite FBI Seizure

• Will Australia Ever Dig Itself Out of the Cybersecurity Skills Shortage?

• Auction house Christie’s confirms criminals stole some client data

• INE Security Enables CISOs to Secure Board Support for Cybersecurity Training

• From Phish to Phish Phishing: How Email Scams Got Smart

• Get 3 Years of Rock-Solid Protection With Surfshark VPN for $67.20 by 5/31

• Top 5 Cloud Trends U.K. Businesses Should Watch in 2024

• Indian National Pleads Guilty to $37 Million Cryptocurrency Theft Scheme

• Bridging The Gap: Diversity Cyber Council and The Emergence of Tech as The New Opportunity Frontier

• Private Equity Firm Hg Acquires AuditBoard for $3 Billion

• Christie’s Confirms Data Breach After Ransomware Group Claims Attack

• US Drug Distributor Cencora Reveals Major Cyberattack, Sensitive Medical Data Breached

• TeaBot Banking Trojan Activity on the Rise, Zscaler Observes

• Adaptive Shield unveils platform enhancements to improve SaaS security

• Multiple Vulnerabilities Found In Cacti Network Monitoring Tool

• Zoom Rolls Out Post-Quantum End-to-End Encryption For Safer Chats

• GitLab XSS Vulnerability Could Allow Account Takeover

• Google Patched Another Chrome Zero-Day Under Active Attack

• Fake Antivirus Sites Spread Malware Disguised as Avast, Malwarebytes, Bitdefender

• Researchers Exploited Nexus Repository Using Directory Traversal Vulnerability

• How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet

• Navigating DORA (Digital Operational Resilience Act) with Secure Workload

• Finding My Place, Part Three: Translating Military Skills to Cybersecurity Leadership

• AI Powers Sabre’s Enhanced Threat Detection & Response

• The Link Between Cybersecurity and Reputation Management for Executives

• 4-Step Approach to Mapping and Securing Your Organization’s Most Critical Assets

• Courtroom Recording Software Vulnerable to Backdoor Attacks

• DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn

• 6 Best VPNs for Canada in 2024 (Free & Paid VPNs)

• Ransomhub’s Latest Attack Raises Alarms for Industrial Control Systems (ICS) Security

• EFF Submission to the Oversight Board on Posts That Include “From the River to the Sea”

• Vendor Risk Management Best Practices in 2024

• #Infosec2024: What to Expect at Infosecurity Europe 2024

• What is an Infosec Audit and Why Does Your Company Need One?

• 2.8 Million Impacted by Data Breach at Prescription Services Firm Sav-Rx

• Data Stolen From MediSecure for Sale on Dark Web

• Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique

• AWS In Talks To Invest Billions In Italy Amidst AI Spending Surge

• EU Adopts Law To Spur Green Tech Manufacturing

• CatDDoS Exploiting 80+ Vulnerabilities, Attacking 300+ Targets Daily

• PoC Exploit Released For macOS Privilege Escalation Vulnerability

• CERT-UA Warns of Malware Campaign Conducted by Threat Actor UAC-0006

• Ransomware? Why’d It Have to Be Ransomware? (Live in San Francisco)

• Cops Are Just Trolling Cybercriminals Now

• Trusted relationship attacks: trust, but verify

• SingCERT Warns Critical Vulnerabilities Found in Multiple WordPress Plugins

• Attackers are probing Check Point Remote Access VPN devices

• Cybersecurity News: Ransomware uses BitLocker, pharmacy supplier breach, ATM malware threat

• Proxy-Advisory Firm Advises Against Musk Tesla Pay Deal

• Musk’s xAI ‘To Build Nvidia Supercomputer’

• WordPress Plugin abused to install e-skimmers in e-commerce sites

• Digital ID Adoption: Implementation and Security Concerns

• Check Point VPN Targeted for Initial Access in Enterprise Attacks

• Update: Threat Actors Created Rogue VMs to Evade Detection During December 2023 Attack on MITRE

• US Extends Probe Into Applied Materials Over Alleged China Shipments

• China Premier Welcomes Foreign Tech Investment

• Cloud Sprawl: How to Tidy It Up

• Measuring the Effectiveness of File Integrity Monitoring Tools

• Take two APIs and call me in the morning: How healthcare research can cure cyber crime

• White House Announces Plans to Revamp Data Routing Security by Year-End

• #Infosec2024: Why Human Risk Management is Cybersecurity’s Next Step for Awareness

• Human Error Still Perceived as the Achilles’ Heel of Cybersecurity

• #Infosec2024: Charity Bridges Digital Divide and Fuels New Cyber Talent

• China Forms Biggest-Ever Chip Investment Fund

• TP-Link Archer C5400X gaming router is affected by a critical flaw

• Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling

• Black Basta Ransomware Attack: Microsoft Quick Assist Flaw

• TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks

• WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites

• ATM malware developed to target Europe

• How to combat alert fatigue in cybersecurity

• The evolution of security metrics for NIST CSF 2.0

• D3 Is Security Automation that Makes Your Team Better

• Current State of Transport Layer Security (TLS) Post-Quantum Cryptography

• Cybersecurity teams gear up for tougher challenges in 2024

• Widespread data silos slow down security response times

• 34% of organizations lack cloud cybersecurity skills

• ISC Stormcast For Tuesday, May 28th, 2024 https://isc.sans.edu/podcastdetail/8998, (Tue, May 28th)

• Best Practices for Cloud Computing Security

• IT Security News Daily Summary 2024-05-27

• Sav-Rx data breach impacted over 2.8 million individuals

• Jumpstart your studies for ENNA with Network Assurance Prep

• Analysis of BloodAlchemy Malware: A New Evolution of Deed RAT

• Alert: Google Chrome Zero-Day Patch Fixes Critical Flaw

• City of Helsinki Data Breach: What You Need to Know

• Vulnerability Recap 5/27/24 – Google, Microsoft & GitLab Fixes

• Microsoft to roll out AI powered PCs concerningly in coming years

• Fake Antivirus websites now delivering malware

• Securing Cloud Environments: Safeguarding Against Cyber Threats

• How’s Uncle Sam getting on with Biden’s AI exec order? Pretty good, we’re told

• Ascension Cyber Attack Leaves Healthcare Sector Reeling

• New Apple Wi-Fi Vulnerability Exposes Real-Time Location Data

• Massive Data Breach Exposes Sensitive Information of Indian Law Enforcement Officials

• New Ransomware Uses BitLocker To Encrypt Victim Data

• Bayer And Other Drug Companies Caught Up In Cencora Data Loss

• Best Buy / Geek Squad Most Impersonated By Scammers In 2023

• Man Behind Deepfake Biden Robocall Indicted On Felony Charges, Faces $6 Million Fine

• Beyond Code: Harnessing AI for Advanced Cybersecurity Solutions

• Rising Like A Phoenix, ShowMeCon 2024 Resurrects A Security Community In The Midwest

• Continuous Threat Exposure Management (CTEM) – The Ultimate Guide for CISOs

• GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

• Get 9 Courses on Ethical Hacking for Just $50

• New ShrinkLocker Ransomware Exploits BitLocker to Encrypt Files

• Machine Identities Pose Major Threat to Indian Organizations: CyberArk

• SentinelOne vs Palo Alto: Compare EDR software

• TikTok Cuts ‘Hundreds’ Of Jobs

• Elon Musk’s xAI In Funding Round Valuing It At $24bn

• Travel, Retail Firms Say EU Rules Slash Their Google Traffic

• Boeing Starliner Set For 1 June Crewed Launch

• Google Invests $350m In India’s Flipkart

• Hajj Pilgrimage Hit by Extensive Phishing and Data Theft Scams

• The Impact of Remote Work and Cloud Migrations on Security Perimeters

• Australian Telecom Watchdog Sues Optus Over 2022 Data Breach

• Detectify platform enhancements address growing attack surface complexity

• Essential Features of Cybersecurity Management Software for MSPs

• Kesakode: A Remote Hash Lookup Service To Identify Malware Samples

• Empowering Women Through Mentoring: Meet Rebecca Frizzarin

• Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud

• Message board scams

• Best Password Generators of 2024 to Secure Your Accounts

• Important Security Update – Enhance your VPN Security Posture!

• New ATM Malware family emerged in the threat landscape

• Worried About Job Security, Cyber Teams Hide Security Incidents

• Malicious PyPI Packages Targeting Highly Specific MacOS Machines

• One in Three Healthcare Providers at Risk, Report Finds

• Guarding Against SQL Injection: Securing Your Cisco Firepower Management Center

• Hackers Phish Finance Organizations in the US and Europe Using Trojanized Minesweeper Clone

• Report: The Dark Side of Phishing Protection

• Seizing Control of the Cloud Security Cockpit

• EU Wants Universities to Work with Intelligence Agencies to Protect Their Research

• Fake Antivirus Websites Used to Distribute Info-Stealer Malware

• Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

• Ebury: A Long-Lived Linux Botnet Still Lurking in the Shadows

• Arc Browser’s Windows Launch Targeted by Google Ads Malvertising

• Threat landscape for industrial automation systems, Q1 2024

• New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI

• Cybersecurity News: Arc browser sabotaged, Cencora pharma breach, Albany County breach

• AI Governance

• Cyber Security Today, May 27, 2024 – Security controversy over a new Microsoft tool, a new open source threat intelligence service

• How Criminals Are Leveraging AI to Create Convincing Scams

• Achieving Automated TISAX Compliance

• High-Severity Flaw Affects Cisco Firepower Management Center

• The Importance of Patching Vulnerabilities in Cybersecurity

• Learn how to Protect your Business with this $30 Cybersecurity Training

• CISA’s travel cybersecurity tips

• Hackers Exploit WordPress Plugin to Steal Credit Card Data

• Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets

• Frustration Mounts Over False Results In Google’s ‘AI Overviews’

• A high-severity vulnerability affects Cisco Firepower Management Center

• A week in security (May 20 – May 26)

• Files with TXZ extension used as malspam attachments, (Mon, May 27th)

• Google Patches Chrome Zero-Day: Type Confusion in V8 JavaScript

• Human error still perceived as the Achilles’ heel of cybersecurity

• Chronon: Open-source data platform for AI/ML applications

• Digital ID adoption: Implementation and security concerns

• Hackers Created Rogue VMs in Recent MITRE’s Cyber Attack

• Bayer and 12 other major drug companies caught up in Cencora data loss

• Ransomware operators shift tactics as law enforcement disruptions increase

Generated on 2024-05-28 23:55:11.818285