IT Security News Daily Summary 2024-06-07

• Microsoft’s Recall feature will now be opt-in and double encrypted after privacy outcry

• Cultivating a Secure Business-Led IT Environment | Grip

• Microsoft temporarily disables Recall on Copilot+ PCs amid security and privacy concerns

• Security and Human Behavior (SHB) 2024

• How AI-driven identity attacks are defining the new threatscape

• Senator: HHS Needs to Require Security Measures for Health Sector

• Snowflake’s customer breaches make 2024 the year of the identity siege

• Defiant Microsoft pushes ahead with controversial Recall – tho as an opt-in

• Windows Recall will be opt-in and the data more secure, Microsoft says

• Cyber Security Today, Week in Review for week ending June 7, 2024

• AI-Enabled ICT Workforce Consortium Expands to G7 Countries

• FCC Pushes Ahead with Internet Routing Security Requirements

• How to back up (and restore) your saved MacOS passwords

• After brutal critiques, Microsoft Recall will get these major privacy and security changes

• EFF Covers Secrets in Your Data on NOVA

• Frontier Communications: 750k people’s data stolen in April attack on systems

• Newfoundland TV Station Hit by Ransomware Attack

• electronic intelligence (ELINT)

• EFF Covers Secrets in Your Data on NOVΛ

• Organizations Move to Establish Dedicated SaaS Security Teams

• Microsoft Bows to Public Pressure, Disables Controversial Windows Recall by Default

• Google will start deleting location history

• NCSWIC releases the NCSWIC Video Series

• How to backup (and restore) your saved MacOS passwords

• After brutal privacy critiques, Microsoft Recall will get major privacy and security changes

• Imperva Protects Against Critical PHP Vulnerability CVE-2024-4577

• The UN Cybercrime Draft Convention Remains Too Flawed to Adopt

• LockBit Victim? Ask FBI for Your Ransomware Key

• Cisco Extends Cybersecurity Portfolio with Help from AI

• SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)

• Microsoft Will Switch Off Recall by Default After Security Backlash

• Surveillance Defense for Campus Protests

• Lockbit ransomware targets data of 400000 patients at Panorama Eyecare

• Industry Veterans and New Talent Recognised at European Cybersecurity Blogger Awards 2024

• In Other News: TikTok Zero-Day, DMM Bitcoin Hack, Free VPN App Analysis

• Tenable to Acquire Eureka Security to Boost DSPM Capabilities

• USENIX Security ’23 – Othered, Silenced and Scapegoated: Understanding the Situated Security of Marginalised Populations in Lebanon

• A Salt Security Perspective on the 2024 Gartner® Market Guide for API Protection

• CDW Survey Surfaces Cybersecurity Tool Sprawl Challenges

• SASE Threat Report:Evolving Threat Actors and the Need for Comprehensive Cyber Threat Intelligence

• LightSpy Spyware’s macOS Variant Found with Advanced Surveillance Capabilities

• Ultimate Cyber Hygiene Guide: Learn How to Simplify Your Security Efforts

• Elon Musk May Retreat From Tesla If Not Granted $56Bn Pay Package

• New Agent Tesla Campaign Targeting Spanish-Speaking People

• Meta Addresses AI Chatbot’s YouTube Training Data Assertion

• Embracing Responsible AI: Principles and Practices

• Cisco fixes WebEx flaw that allowed government, military meetings to be spied on

• How to navigate NIS2 and secure your vulnerabilities

• Securely Connect Everything Everywhere with a Unified SASE Platform

• It’s Not the Customer’s Job to Know What They Want

• Rising Ransomware Attacks Highlight Persistent Cybersecurity Challenges

• EU Accuses Microsoft of Secretly Harvesting Children’s Data

• Not a Science Fiction: What NVIDIA CEO Thinks About AI

• Open source, open risks: The growing dangers of unregulated generative AI

• Get 2 Lifetime Password Manager Subscriptions for Only $50

• proof of concept (PoC) exploit

• Pandabuy was extorted twice by the same threat actor

• Limits of Automation

• Finding End of Support Dates: UK PTSI Regulation, (Fri, Jun 7th)

• Emergency Response: A Harmony SASE Rapid Deployment Story

• Mozilla Launches 0Din Gen-AI Bug Bounty Program

• Insider Threat Detection: What You Need to Know

• Hotel Kiosks Vulnerability Exposed Guest Data, Room Access

• Muhstik Malware Attacking Apache RocketMQ To Execute Remote Code

• EmailGPT Exposed to Prompt Injection Attacks

• Summer Seasonal Businesses Can’t Afford to Ignore Ransomware Resilience

• North Korean Kimsuky Attacking Arms Manufacturer In Europe

• Hacktivist Groups Attacking Industrial Control Systems To Disrupt Services

• The Myth of “Fileless” Malware

• AirMDR Raises $5 Million for AI-Powered Managed Detection and Response

• FCC Proposes BGP Security Reporting for Broadband Providers

• Security, the cloud, and AI: building powerful outcomes while simplifying your experience

• The AI Debate: Google’s Guidelines, Meta’s GDPR Dispute, Microsoft’s Recall Backlash

• Cyber Landscape is Evolving – So Should Your SCA

• Staff At Samsung Stage First Ever Walk Out

• UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces

• The Justice Department Took Down the 911 S5 Botnet

• Cybersecurity for Schools: Challenges, Threats, and Solutions

• Mike Lynch Cleared In HP Autonomy Fraud Trial

• SPECTR Malware Attacking Defense Forces of Ukraine With a batch script

• 750k Impacted by Frontier Communications Data Breach

• SolarWinds Patches High-Severity Vulnerability Reported by NATO Pentester

• Russian hacktivists vow mass attacks against EU elections

• Apple Says iPhones Will Get Security Updates for at Least 5 Years

• #Infosec2024: Cyber Resilience Means Being Willing to Learn From a Crisis

• Security Flaws Found in Popular WooCommerce Plugin

• Cybersecurity News: FCC moves forward with BGP security, LockBit victims get lifeline, Gitloker attacks target GitHub

• 5 Tips for Improving Your Business Security

• Cyber Security Today, June 7, 2024 – More news about Snowflake attacks, and a warning to better protect Docker containers

• Everything You Need to Know About Cross-Site Scripting

• Medical Software: Advancements and Security Concerns in 2024

• 5 Ways to Strengthen the Weak Link in Cybersecurity

• FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims

• In Bad Company: JScript RAT and CobaltStrike

• Chinese threat actor exploits old ThinkPHP flaws since October 2023

• #Infosec2024: Collaboration is Key to an Effective Security Culture

• 300+ Times Downloaded Package from PyPI Contains Wiper Components

• Easily integrate Secrets Management System with Ansible Automation Platform to update systems passwords

• Exploring security by design and loosening guides

• SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign

• Top Computer Security Risks and How to Stay Safe

• How to securely transfer files with presigned URLs

• Tenable Acquires Eureka Security To Provide Data Security Across Infrastructure

• Apple to launch app that will have ability to generate and store passwords

• Safeguarding the Fortress: Google’s Battle Against Cyber Attacks

• Microsoft Details On Using KQL To Hunt For MFA Manipulations

• Spam blocklist SORBS closed by its owner, Proofpoint

• Google Leak Reveals Concerning Privacy Practices

• Commando Cat Cryptojacking Attacks Target Misconfigured Docker Instances

• June 2024 Patch Tuesday forecast: Multiple announcements from Microsoft

• The job hunter’s guide: Separating genuine offers from scams

• NVD Update: Help Has Arrived

• Cyber insurance isn’t the answer for ransom payments

• Unpacking CISA’s AI guidelines

• My thoughts and experiences at Infosec EU 2024

• 26% of organizations lack any form of IT security training

• New infosec products of the week: June 7, 2024

• Microsoft’s Recall Feature Is Even More Hackable Than You Thought

• ISC Stormcast For Friday, June 7th, 2024 https://isc.sans.edu/podcastdetail/9014, (Fri, Jun 7th)

• Bangladeshi police agents accused of selling citizens’ personal information on Telegram

• Microsoft’s Recall Feature Is Even More Hackable Than You Thought

• POC exploit code published for 9.8-rated Apache HugeGraph RCE flaw

• Highlights from the ConnectWise IT Nation Secure Event 2024

• Critical Progress Telerik vulnerability under attack

• Important Security Update – Stay Protected Against VPN Information Disclosure (CVE-2024-24919)

• IT Security News Daily Summary 2024-06-06

• ChatGPT privacy tips: Two important ways to limit the data you share with OpenAI

• Google and Microsoft confirm Cyber Threat to 2024 Paris Olympics

• New EmailGPT Flaw Puts User Data at Risk: Remove the Extension NOW

• EU Council Presidency’s Last-Ditch Effort For Mass Scanning Must Be Rejected

• Why Do Hackers Love Cryptocurrency?

• Narrowing the Stubborn Cybersecurity Worker Gap

• Galileo’s Luna redefines GenAI evaluation, boasting 97% lower costs and 11x faster speeds

• The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever

• Cisco AI Assistant for Managing Firewall Policies Is Now Available

• Security, Surveillance, and Government Overreach – the United States Set the Path but Canada Shouldn’t Follow It

• FBI encourages LockBit victims to step right up for free encryption keys

• How DataDome Protects AI Apps from Prompt Injection & Denial of Wallet Attacks

• Alphabet Names Anat Ashkenazi As CFO

• Microsoft Shows Venerable And Vulnerable NTLM Security Protocol The Door

• US Proposes To Boost Internet Security, Citing Chinese Carrier Action

• data splitting

• Singapore, US expand AI partnership to focus on upskilling youth and women

• The best travel VPNs of 2024: Expert tested and reviewed

• A new Linux version of TargetCompany ransomware targets VMware ESXi environments

• Insights from RSA Conference 2024: Transformative Innovations in Cybersecurity

• The sliding doors of misinformation that come with AI-generated search results

• Amazon’s Zoox Begins Testing In Austin, Miami

• Crimson Palace: Chinese Hackers Steal Military Secrets Over 2 Years

• Mocking Dependencies and AI Is the Next Frontier in Vue.js Testing

• Ethical hacker releases tool to exploit Microsoft’s Recall AI, says it’s not ‘rocket science’

• You’ll soon be able to text 911 via RCS on your Android phone. Here’s how it works

• Chinese Hackers Exploit Old ThinkPHP Vulnerabilities in New Attacks

• Microsoft Recall is a Privacy Disaster

• SpaceX Completes Fourth Starship Test Flight

• #Infosec2024: Ransomware Ecosystem Transformed, New Groups “Changing the Rules”

• #Infosec2024: CISOs Need to Move Beyond Passwords to Keep Up With Security Threats

• Why SAST + DAST can’t be enough

• Prompt Injection Vulnerability in EmailGPT Discovered

• Navigating Meta’s AI Data Training: Opt-Out Challenges and Privacy Considerations

• Google Faces Scrutiny Over Internal Database Leak Exposing Privacy Incidents

• Google n Microsoft confirm Cyber Threat to 2024 Paris Olympics

• The hidden pitfalls of travel apps

• Hit by LockBit? The FBI is waiting to help you with over 7,000 decryption keys

• Espionage with a Drone

• USENIX Security ’23 – Near-Ultrasound Inaudible Trojan (Nuit): Exploiting Your Speaker to Attack Your Microphone

• Automation Takes Off: A New Dawn for Enterprises to Guard Against the Cyberattack Barrage

• #Infosec2024: AI Red Teaming Provider Mindgard Named UK’s Most Innovative Cyber SME

• US Regulators To Open Antitrust Probes Into Microsoft, OpenAI, Nvidia

• Wordfence Intelligence Weekly WordPress Vulnerability Report (May 27, 2024 to June 2, 2024)

• Ransomware ravaged schools and cities in May

• Emerson Ovation

• Cryptographic Protocol Challenges

• Why Hackers Love Logs

• US Authorities Attempting to Recover $5.3 Million Stolen in BEC Scam

• First American Reveals Impact of December Cyberattack

• Some Generative AI Company Employees Pen Letter Wanting ‘Right to Warn’ About Risks

• Leveraging Escalation Attacks in Penetration Testing Environments – Part 2

• Leveraging Escalation Attacks in Penetration Testing Environments – Part 1

• TargetCompany’s Linux Variant is Targeting ESXi Environments

• Strengthening Healthcare Cybersecurity: A Collaborative Imperative

• Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks

• Nvidia Overtakes Apple As Second Most Valuable Tech Firm

• AI-driven compliance: The key to cloud security

• What Are the Benefits of Choosing an AI Trading Bot?

• Cybersecurity Concerns Facing the 2024 U.S. Elections

• Exploitation of Recent Check Point VPN Zero-Day Soars

• A Russian Cyber Gang Is Thought to Be Behind a Ransomware Attack That Hit London Hospitals

• Google, Microsoft: Russian Threat Actors Pose High Risk to 2024 Paris Olympics

• Darktrace MDR service improves cyber resilience for organizations

• 9 Malware Types Enterprise Professionals Need to Know

• Kali Linux 2024.2: A Security Powerhouse Unbound with t64 Transition and New Tools

• Getting to Know Natalia Vezhevatova

• Uncle Sam seeks to claw back $5M+ stolen from trade union through spoofed email

• #Infosec2024: Experts Share How CISOs Can Manage Change as the Only Constant

• Crypto Kaleidoscope: Investing in Colorful Coins, Living a Vibrant Life

• Advance Auto Parts customer data posted for sale

• 1Password Review (2024): Is It a Safe Password Manager?

• Mastering Cyber Risk Quantification Methods: A Strategic Approach

• Listen up: 10 cybersecurity podcasts you can learn from

• #Infosec2024: How to Change Security Behaviors Beyond Awareness Training

• #Infosec2024: Third of Web Traffic Comes from Malicious Bots, Veracity Says

• Cybersecurity Jobs: The Demand Grows, but Supply Falls Short, Report

• Husband stalked ex-wife with seven AirTags, indictment says

• Vulnerabilities Patched in Kiuwan Code Security Products After Long Disclosure Process

• Third-Party Cyber Attacks: The Threat No One Sees Coming – Here’s How to Stop Them

• #Infosec2024: Mandatory Ransomware Reporting Would Be Positive Move, Say Experts

• Microsoft Recall snapshots can be easily grabbed with TotalRecall tool

• Microsoft shows venerable and vulnerable NTLM security protocol the door

• Securing Meraki Networks with Cisco XDR

• Multiple Chinese APTs Targeted Southeast Asian Government for Two Years

• Upleveling the State of SMB Cybersecurity

• Interpol and FBI Break Up a Cyber Scheme in Moldova to Get Asylum for Wanted Criminals

• Zyxel patches critical flaws in EOL NAS devices

• Digital natives are not cybersecurity natives

• Windows AI’s Screenshot Feature Labeled a ‘Disaster’ for Security

• FORTIGATE CLOUD NATIVE FIREWALL (FORTIGATE CNF)

• 1Password Review: Features, Pricing & Security

• 7-year-old Oracle WebLogic bug under active exploitation

• #Infosec2024: Supply Chains Remain Hidden Threat to Business

• The Lords of Silicon Valley Are Thrilled to Present a ‘Handheld Iron Dome’

• FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

• Hackers Exploit Legitimate Packer Software to Spread Malware Undetected

• Prevent Account Takeover with Better Password Security

• We Want a Solution to Remediate, Not Just Detect Problems

• Salesforce Opens First AI Centre In London

• Fog Ransomware Attacking Windows Servers Administrators To Steal RDP Logins

• UNC1151 Hackers Weaponizing Excel Documents To Attack Windows Machine

• FBI Says It Has 7,000 LockBit Ransomware Decryption Keys

• Cybersecurity News: Psychology vs. threat actors, AI leveling up, Qilin hit Synnovis

• Malicious Python Script with a “Best Before” Date, (Thu, Jun 6th)

• Hackers Attacking Banking Customers Using Phishing-As-A-Service V3B Toolkit

• Python Developers Beware! Russian Hackers Targeting You With Malicious Packages

• Pester Power – How Hackers Wear Down Your Defences

• Parrot Security OS 6.1 Released – What’s New

• What is the Standard of Good Practice for Information Security?

• What Is the Difference between FIM and DLP?

• RansomHub operation is a rebranded version of the Knight RaaS

• Tenable partners with Deloitte to help organizations reduce cyber risk

• Google Maps Timeline Data to be Stored Locally on Your Device for Privacy

• Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers

• Apple Refused to Pay $1 Million Bounty to Kaspersky Lab for iOS Zero-days

• How to Lead an Army of Digital Sleuths in the Age of AI

• Microsoft Research chief scientist has no issue with Windows Recall

• Symmetry Systems Recognized as a Strong Performer in the 2024 Gartner® Peer Insights™ Voice of the Customer for Data Security Posture Management report

• GHOSTENGINE Exploit: Vulnerable Drivers Facing Attack

• HYPR raises $30 million to combat threats posed by generative AI

• Webinar: Exposure management and your attack surface

• #Infosec2024: Small Firms Need to Work Smarter to Stretch Security Budgets

• Buffalo Man Pleads Guilty To Buying Stolen Data From Genesis Market

• IoT Security Means Remediation Not Mitigation

• Hackers Target Python Developers with Fake “Crytic-Compilers” Package on PyPI

• Spain defense company servers hacked

• Bitcoin Heist Hits Japanese Exchange DMM Bitcoin

• Kali Linux 2024.2 Released With New Hacking Tools

• Sniffnet: Free, open-source network monitoring

• 90% of threats are social engineering

• Chinese attackers leverage previously unseen malware for espionage

• 78% of SMBs fear cyberattacks could shut down their business

• ISC Stormcast For Thursday, June 6th, 2024 https://isc.sans.edu/podcastdetail/9012, (Thu, Jun 6th)

• BTS #31 – Managing Complex Digital Supply Chains – Cassie Crossley

Generated on 2024-06-07 23:55:11.342411