IT Security News Daily Summary 2024-06-14

• Friday Squid Blogging: Squid Cartoon

• Meta won’t train AI on Euro posts after all, as watchdogs put their paws down

• Meta won’t train AI on Euro posts after all as watchdogs put their paws down

• Veeam executives discuss data protection trends, future IPO

• Nigerian faces up to 102 years in the slammer for $1.5M phishing scam

• USENIX Security ’23 – Keep Your Friends Close, but Your Routeservers Closer: Insights into RPKI Validation in the Internet

• The best VPN services for iPhone and iPad in 2024: Expert tested and reviewed

• Criminal IP Unveils Innovative Fraud Detection Data Products on Snowflake Marketplace

• Microsoft Delays Recall Launch, Seeking Community Feedback First

• chief trust officer

• Congress grills Microsoft president over security failures

• A New Tactic in the Rapid Evolution of QR Code Scams

• DORA Compliance Strategy for Business Leaders

• Ransomware Roundup – Shinra and Limpopo Ransomware

• Truist bank confirms data breach

• Proactive Intelligence Against Infostealers: Lessons from the Snowflake Data Breach

• Apple Introduces Exclusive AI Features for Newest Devices

• How to create a pipeline for hardening Amazon EKS nodes and automate updates

• Ransomware payments work in some cases say experts

• Upcoming Speaking Engagements

• Securing a Dynamic World: The Future of Cybersecurity Operations

• Musk’s X Lawsuit Against Nazi Report Author Slated For 2025 Trial

• 5 Tips for Making the Most Out of Your Next Business Trip

• Cisco Live 2024: Inspiring to Go Beyond

• What CISOs Need to Know About Secure By Design

• The UN Cybercrime Draft Convention is a Blank Check for Surveillance Abuses

• Conducting Third Party Security Assessment: A Step-by-Step Strategy

• Recall ‘Delayed Indefinitely’ — Microsoft Privacy Disaster is Cut from Copilot+ PCs

• How Healthcare Providers Should Think About Balancing Innovation Efforts with Cybersecurity Goals

• Akamai?s Perspective on June?s Patch Tuesday 2024

• How VPNs Will Adapt to Evolving Threats in the Future

• Microsoft President Grilled By US Lawmakers After China, Russia Hacks

• Building an Internal TLS and SSL Certificate Monitoring Agent: From Concept to Deployment

• Security review for Microsoft Edge version 125

• Security review for Microsoft Edge version 126

• In Other News: Fuxnet ICS Malware, Google User Tracking, CISA Employee Scams

• Ascension Says Personal, Health Information Stolen in Ransomware Attack

• Edge Devices: The New Frontier for Mass Exploitation Attacks

• OpenAI Appoints Former NSA Director Paul Nakasone to Board of Directors

• Pakistani Threat Actors Caught Targeting Indian Gov Entities

• TellYouThePass Ransomware Exploits Recent PHP RCE Vulnerability to Compromise Servers

• Ransomware Attackers Target Canada’s Largest School Board

• Dutch Intelligence Warns of Extensive Chinese Cyber-Espionage Campaign

• Google’s Privacy Sandbox Accused of User Tracking by Austrian Non-Profit

• A Bring Your Own Algorithms (BYOA) Approach to Crypto-Agility Addressing Quantum Threats

• Protect Yourself from Summer Vacation Scams: Stay Cyber Aware During Your Vacation

• Beware of Trading Bot Scams

• Ukrainian Cops Collar Kyiv Programmer Believed To Be Conti, LockBit Linchpin

• Microsoft Delaying Recall Feature To Improve Security

• Life360 Says Hacker Stole Customer Data

• GenAI An Enhancement For Cyberattackers And Defenders

• Ukraine busts SIM farms targeting soldiers with spyware

• UK General Election: Tech Policy Expert Calls for Law Overhaul to Combat Deepfakes

• CISA, JCDC, Government and Industry Partners Conduct AI Tabletop Exercise

• How can AI be used to keep customer data secure?

• AI Can Bridge the Gap of Ineffective MDR Tools

• Microsoft delays Windows Recall rollout, more security testing needed

• Location Tracker Firm Tile Hit by Data Breach, Hackers Access Internal Tools

• Chinese Threats Aim for Government Sector

• Learn to Secure Petabyte-Scale Data in a Webinar with Industry Titans

• Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

• The UN Cybercrime Draft Convention is a Blank Check for Unchecked Surveillance Abuses

• French state bidding for piece of Atos, offers €700M

• SASE Market Growth Continues, Led by Cisco, Zscaler

• Why Regulated Industries are Turning to Military-Grade Cyber Defenses

• If Not Amended, States Must Reject the Flawed Draft UN Cybercrime Convention Criminalizing Security Research and Certain Journalism Activities

• Penetration-Testing-as-a-Service: An Essential Component of the Cybersecurity Toolkit

• Elon Musk Wins Shareholder Vote On Pay, Texas Incorporation

• Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

• Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

• SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

• Microsoft Delaying Recall Feature to Improve Security

• CISA Warns of Progress Telerik Vulnerability Exploitation

• Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE

• The “Spammification” of Business Email Compromise Spells Trouble for Businesses Around the Globe

• CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog

• YetiHunter: Open-source threat hunting tool for Snowflake environments

• Microsoft Admits Security Failings Allowed China to Access US Government Emails

• Cybersecurity News: Cyberinsurance claims increase, NATO’s Russia vigilance, Remcos RAT phishing

• Cyber Security Headlines Week in Review: New York Times theft, Club Penguin hack, NHS wants blood

• AI vs. Developers: A Modern-Day Conundrum

• IRONSCALES boosts email security with GPT-powered training feature

• Cyber Security Today, June 14, 2024 – Employee downloaded file that led to hospital chain’s ransomware attack

• Price Drop: This Complete Ethical Hacking Bundle is Now $40

• Survey Finds Growing Number of Tech Tools Makes Cybersecurity Professionals Feel “Out of Control”

• Oscilar’s AI-powered ACH Fraud Detection identifies and prevents fraudulent transactions

• Cyberattack on Swedish Gambling Site During Eurovision Highlights Strategic Threats

• CyberLink launches FaceMe Security version 7.15

• ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws

• Cloud Migration Strategy

• Ascension Hack Caused By an Employee Who Downloaded a Malicious File

• Watch Out! CISA Warns It Is Being Impersonated By Scammers

• FBI Botnet Takedown: 911 S5 With 19 Million Infected Devices

• North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics

• AWS Announces Authentication and Malware Protection Enhancements

• Event Preview: AI Risk Summit + CISO Forum at the Ritz-Carlton, Half Moon Bay | June 25-26, 2024

• Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools

• Pyte Raises $5 Million for Secure Data Collaboration Solutions

• French Bug Bounty Platform YesWeHack Raises $28 Million

• Microsoft email servers hack could have been prevented

• Understanding the Vital Role of Indicators of Compromise (IOCs) in Cybersecurity

• AWS Announced Malware Detection Tool For S3 Buckets

• A Deep Dive Into the Economics and Tactics of Modern Ransomware Threat Actors

• Arid Viper poisons Android apps with AridSpy

• Two Ukrainians accused of spreading Russian propaganda and hack soldiers’ phones

• City of Cleveland still working to fully restore systems impacted by a cyber attack

• Microsoft Delays AI-Powered Recall Feature for Copilot+ PCs Amid Security Concerns

• The biggest downsides of digital ID adoption

• Modern fraud detection need not rely on PII

• New infosec products of the week: June 14, 2024

• Solving the systemic problem of recurring vulnerabilities

• ISC Stormcast For Friday, June 14th, 2024 https://isc.sans.edu/podcastdetail/9024, (Fri, Jun 14th)

• Microsoft delays broad release of Recall AI feature due to security concerns

• Microsoft bigwig says the Feds catching Chinese spies in Exchange Online is the cloud working as intended

• AI Could Turn the Next Recession into a Major Economic Crisis, Warns IMF

• US Space Force wanted $77M to reinforce GPS – and Congress shot it down

• IT Security News Daily Summary 2024-06-13

• Unlock Advanced Threat Correlation

• Apple iOS 18 Cheat Sheet: Release Date, RCS Integration and More

• USENIX Security ’23 – ACORN: Input Validation for Secure Aggregati

• Intel 471 Sets New Standard in Intelligence-Driven Threat Hunting

• Oracle Ads have had it: $2B operation shuts down after dwindling to $300M

• How Sigma Is Empowering Devs, Engineers, and Architects With Cloud-Native Analytics

• 5 cybersecurity risks and challenges in supply chain

• Japan Passes Law To Allow Third Party App Stores, Payments

• How Singapore is creating more inclusive AI

• Top Takeaways from the Cisco Live 2024 DevNet Zone: AI, Programmability, and More

• Top Developer Takeaways from Cisco Live 2024: AI, Programmability, and More

• Netcraft Uses Its AI Platform to Trick and Track Online Scammers

• How we can separate botnets from the malware operations that rely on them

• X (Twitter) Now Hides Posts Liked By Users

• Securing the Future: The Role of Post-Quantum Cryptography

• Q1 2024: A Wake-up Call for Insider Threats

• Tile/Life360 Breach: ‘Millions’ of Users’ Data at Risk

• Navigating the API Threat Landscape in Finance

• Chinese ‘Smishing Triad’ Group Targets Pakistanis with SMS Phishing

• secure access service edge (SASE)

• Excellence in the essentials of cybersecurity – below the ‘poverty line’

• Ukrainian cops collar Kyiv programmer believed to be Conti, LockBit linchpin

• The Road to CTEM, Part 2: The Role of Continuous Validation

• USENIX Security ’23 – DiffSmooth: Certifiably Robust Learning via Diffusion Models and Local Smoothing

• AI-Powered Transformation: Optimizing B2B SaaS for Efficiency and Growth (Without Sacrificing Your Team)

• Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)

• Switzerland government websites hit by DDoS Cyber Attack

• The Rise of Universal ZTNA

• Expert comment: Apple AI safety & security

• US Mulls Additional AI Chip Restrictions For China – Report

• Top 4 use cases of non-human identity security: Live event recap

• Effortless Credential Management in Azure: The Power of Managed Identities

• Motorola Solutions Vigilant License Plate Readers

• Guest Blog: Ox Security on learning from the Recent GitHub Extortion Campaigns

• Here’s How to Solve Top Challenges in Data Storage

• SpaceX, Elon Musk Sued By Engineers For Unfair Firings, Sex Bias

• Siemens Mendix Applications

• Siemens TIA Administrator

• Siemens SIMATIC S7-200 SMART Devices

• Revelations from Cisco Live: The Future of AI and Integrated Security

• Ascension Attack Caused by Employee Downloading Malicious File

• Exploring the Role of Data Analytics in SOC Alert Tuning

• Google fixed an actively exploited zero-day in the Pixel Firmware

• How Fear Tactics Led to a Pune Woman’s Financial Ruin: Insights into Cyber Fraud

• From Civilians to Cyber Warriors: China’s MCF Program Ignites a Western Typhoon

• Signs Your Home Network Has Been Hacked and How to Protect Yourself

• Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware

• New Attack Technique ‘Sleepy Pickle’ Targets Machine Learning Models

• Arid Viper Hackers Spy in Egypt and Palestine Using Android Spyware

• UNC3944 Targets SaaS Applications

• Why Security Awareness Training is Your Best Defense

• Update now! Google Pixel vulnerability is under active exploitation

• Men’s Mental Health Week: Resource Guide

• How ThreatCloud AI’s Threat Emulation Engine Prevents DLL Sideloading (Trojan) Attacks

• Google’s Privacy Sandbox more like a privacy mirage, campaigners claim

• VMware Carbon Black vs CrowdStrike Falcon (2024): Which Tool Is Best For Your Business?

• Eclypsium Joins the Joint Cyber Defense Collaborative

• Connecticut Has Highest Rate of Health Care Data Breaches: Study

• Tech Giants Aid Rural Hospitals in Cybersecurity Battle

• SailPoint introduces AI-powered application onboarding capability

• Beware WARMCOOKIE Backdoor Knocking Your Inbox

• 0-day Vulnerability In 10,000 Web Apps Exploited Using XSS Payloads

• Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

• Keeper vs 1Password: 2024 Password Manager Comparison

• Education 4.0: The Role of AI in Transforming Education

• White House Report Dishes Deet On All 11 Major Government Breaches From 2023

• Apple Patches Possibly The First Ever Spatial Computing Hack

• Prevalence And Impact Of Password Exposure Vulns In ICS/OT

• Kaspersky Researchers Punch Holes In Biometrics Hardware Security

• Black Basta Exploits Patched Windows Privilege Escalation Bug

• The “Non-Trend” of “Full Automation” Workflows in Cybersecurity: A Reality Check

• Indian Ex-Employee Jailed for Wiping 180 Virtual Servers in Singapore

• cloud security

• NetSPI acquires Hubble to address asset and exposure management challenges

• Operationalizing our custom “SOC in a Box” at the RSA Conference 2024

• Bolster SaaS Security Posture Management with Zero Trust Architecture

• Embracing New Additions With Cisco’s Child Bonding Leave

• Strength in Unity: The Power of Cybersecurity Partnerships

• PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)

• Why SaaS Security is Suddenly Hot: Racing to Defend and Comply

• JetBrains GitHub Plugin Vulnerability Affects IntelliJ IDEs

• SEC Reaches $4.5bn Settlement With Bankrupt Terraform Labs

• Ivanti EPM SQL Injection Flaw Let Attackers Execute Remote Code

• Student’s flimsy bin bags blamed for latest NHS data breach

• Fortinet: CVE 2024-21754: Passwords on a Silver Platter

• Kaspersky Finds 24 Flaws in Chinese Biometric Hardware Provider

• The Security Step Too Many Companies Ignore: Tips for Micro-Segmenting into Your Network

• AI and the Indian Election

• Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware

• Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS

• WeWork Emerges From Bankruptcy Protection

• Cyber Insurance Claims Hit Record High in North America

• Cybersecurity News: Life360 faces extortion attempt, White House reports increase in federal attacks, Black Basta exploits zero-day flaw in windows

• What Makes a Successful CISO?

• Operation Celestial Force employs mobile and desktop malware to target Indian entities

• The future of online document signing in the era of digital transformation

• CISA Warns of Scammers Impersonating as CISA Employees

• Flipping the script on pig butchering – $45 million is just the tip of the iceberg

• Cinterion EHS5 3G UMTS/HSPA Module Research

• Elevating SaaS App Security in an AI-Driven Era

• Multiple flaws in Fortinet FortiOS fixed

• Netskope extends security and data protection for Google Workspace users

• Urgently needed: AI governance in cyber warfare

• Ukrainian Cyber Police Identify Suspected LockBit and Conti Member

• UK Strengthens Cybersecurity with New Law Targeting Default Passwords

• Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

• The Team Sport of Cloud Security: Breaking Down the Rules of the Game

• Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups

• 5 Ways to Thwart Ransomware With an Identity-First Zero Trust Model

• Prosimo and Palo Alto Networks join forces to improve cloud infrastructure security

• CISA Warns Phone Scammers Are Impersonating its Staff

• Don’t fall for the trap: The sneaky tactics of business email scammers revealed

• Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day

• How to Analyze Malware in 5 Steps

• Hand me the flashlight. I’ll be right back…

• New Surge in Risky Business Email Compromise Phishing Attacks

• 256,000+ Publicly Exposed Windows Servers Vulnerable to MSMQ RCE Flaw

• New Cross-Platform Malware ‘Noodle RAT’ Targets Windows and Linux Systems

• Indian National Jailed For Hacked Servers Of Company That Fired Him

• Ascension Ransomware attack occurred due to employee mistake

• Microsoft Incident Response tips for managing a mass password reset

• How businesses can integrate token technology into existing payment systems

• Time to zero in on Zero Trust?

• GenAI keeps cybersecurity pros on high alert

• Maximizing productivity with Copilot for Microsoft 365: A security perspective

• The Next Big Thing in Identity Security: Identity Fabrics

• The Art of JQ and Command-line Fu [Guest Diary], (Thu, Jun 13th)

• ISC Stormcast For Thursday, June 13th, 2024 https://isc.sans.edu/podcastdetail/9022, (Thu, Jun 13th)

• Crooks crack customer info at tracking device vendor Tile, issue ‘extortion’ demands

• What is Continuous Authority to Operate (cATO)?

• What is ISO 27001 Compliance?

• 2024-06-11 – Traffic example of a CVE-2024-4577 probe

• 2024-06-12 – KoiLoader/KoiStealer infection

Generated on 2024-06-14 23:55:10.700647