IT Security News Daily Summary 2024-06-18

• Palo Alto Networks Excels in MITRE Managed Services Evaluation

• New ALPR Vulnerabilities Prove Mass Surveillance Is a Public Safety Threat

• Building Resilient Security Systems: Composable Security

• Recently Patched PHP Flaw Under Attack By TellYouThePass Ransomware

• Breadth vs. Depth in SaaS Security

• Understanding SOC Models: A 5-Minute Guide to Staffing, Technology, and Operations

• Top cybersecurity Substacks to follow

• malware

• Why Enterprise Editions of Open Source Databases Are Essential for Large Organizations

• Video Meta Data: DJI Drones, (Sun, Jun 16th)

• Security bug allows anyone to spoof Microsoft employee emails

• Designing a More Inclusive Web: DataDome’s Response Page Accessibility Upgrades

• BlackSuit Ransomware Leaks Kansas City Police Data in Failed Ransom Plot

• Explained: Android overlays and how they are used to trick people

• VMware fixed RCE and privilege escalation bugs in vCenter Server

• California Lawmakers Should Reject Mandatory Internet ID Checks

• Non-human Identity Lifecycle Firm Entro Security Raises $18 Million

• New BadSpace Backdoor Deployed in Drive-By Attacks

• Two Men Plead Guilty to Hacking Law Enforcement Database for Doxing

• Not Just Another 100% Score: MITRE ENGENIUTY ATT&CK

• Internet Computer Protocol Launches Walletless Verified Credentials for Public Trust

• CISA, SAFECOM and NCSWIC Publish SAFECOM Guidance on Emergency Communications Grants

• Deeper Service-centric Visibility Drives New Revenue and Simplifies Operations

• Ah, Steamboat Willie. It’s been too long. 🐭

• How to Clean Up Your Bluesky Feed

• Survey Surfaces Lack of Confidence in Security Tools

• Signal Foundation Warns Against EU’s Plan to Scan Private Messages for CSAM

• Los Angeles County suffers data breach impacting 200000 individuals

• CISA Releases the FY 2024 Rural Emergency Medical Communications Demonstration Project (REMCDP) Notice of Funding Opportunity

• Salt Security Survey Reveals 95% of Respondents Experienced API Security Problems in Past Year

• CHERI Alliance formed to promote memory security tech … but where’s Arm?

• Atsign NoPorts establishes an encrypted IP tunnel directly between devices

• 92% of Organizations Hit by Credential Compromise from Social Engineering Attacks

• The Difference Between API Gateway and WAAP ? and Why You Need Both

• Unmasking the Danger: 10 Ways AI Can Go Rogue (And How to Spot Them)

• RAD Data Communications SecFlow-2

• CISA and Partners Release Guidance for Modern Approaches to Network Access Security

• CISA Releases One Industrial Control Systems Advisory

• Campaign Spotlight: Driving Demand with Marketing Velocity Central and User Protection Campaign

• Navigating the Perilous Waters of Supply Chain Cybersecurity

• The TIDE: UNC5537, SCARLETEEL, new Threat Object Stubs, and now 303 defensive solution mappings (our biggest release yet!)

• Under Attack: How UHC and Kaiser Are Tackling Their Cybersecurity Ordeals

• Threat Actors Use Obscure or Self-Made Link Shortener Services for Credential Harvesting

• ASUS Router User? Patch ASAP!

• How Anthropic’s comprehensive red team methods close AI security gaps

• UK national accused of hacking dozens of US companies arrested in Spain

• Here’s How Technology is Enhancing the Immersive Learning Experience

• Medibank breach: Security failures revealed (lack of MFA among them)

• Cloaked and Covert: Uncovering UNC3886 Espionage Operations

• Vulnerability Recap 6/18/24 – Patch Tuesday, Plus More Ivanti Issues

• Microsoft & Google Offer Discounted Cybersecurity Solutions to Rural Hospitals

• New BadSpace Backdoor Deployed In Drive-By Attacks

• New TikTag Attack Targets Arm CPU Security Feature

• Encryption Is Deeply Threatening To Power

• Change Healthcare Attack Financial Support Ends

• Astronomers Witness A Supermassive Black Hole Roaring To Life

• Apple’s Private Cloud Compute: Enhancing AI with Unparalleled Privacy and Security

• Next DLP Secure Data Flow prevents data theft

• NinjaOne MDM provides visibility and control over mobile devices

• Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer

• Fake Meeting Software Spreads macOS Infostealer

• AMD Data Breach: IntelBroker Claims Theft of Employee and Product Info

• 43% of couples experience pressure to share logins and locations, Malwarebytes finds

• CrowdStrike vs Sophos (2024): Which Solution Is Better for Your Business?

• Keeper vs LastPass (2024): Which Password Manager Is Better for Your Business?

• Meta delays training its AI using public content shared by EU users

• Reducing the significant risk of known exploitable vulnerabilities in Red Hat software

• Palo Alto Networks Hits the Mark in MITRE Managed Services Evaluation

• NHS boss says Scottish trust wouldn’t give cyberattackers what they wanted

• Uncle Sam ends financial support to orgs hurt by Change Healthcare attack

• Fraudely empowers SMBs to protect their employees against phishing attacks

• AWS HITRUST Shared Responsibility Matrix v1.4.3 for HITRUST CSF v11.3 now available

• Insurance Giant ‘Globe Life’ Data Breach Impacting Consumers and Policyholders

• 7 Best Penetration Testing Service Providers in 2024 Compared

• The Challenge of Combatting Threats Against Autonomous Vehicles

• Veritas Data Insight classifies and controls unstructured data

• VMware Discloses Critical Vulnerabilities, Urges Immediate Remediation

• How are attackers trying to bypass MFA?

• Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more

• How to Monitor Network Traffic: Findings from the Cisco Cyber Threat Trends Report

• The State of Cloud Security Platforms and DevSecOps

• Embracing Authenticity Beyond June: A Decade of Pride and Progress at Cisco

• Analysis of user password strength

• Rethinking Democracy for the Age of AI

• NHS boss says Scottish trust didn’t meet attackers’ demands

• Cyber Materiality Reporting for Smaller Companies | Kovrr

• Sysdig Bids to Bolster Brittle Cloud Infrastructure Layers

• Entro Security raises $18 million to scale its global operations

• The Annual SaaS Security Report: 2025 CISO Plans and Priorities

• Quarter of Firms Suffer an API-Related Breach

• The 5 Best VPNs With Free Trials in 2024

• YouTube Test Community ‘Notes’ Feature For Added Context

• Microsoft Xbox Marketing Chief Leaves For Roblox

• Singapore Police Arrested Two Individuals Involved in Hacking Android Devices

• Cybersecurity Checklist: 9 Ways to Stay Safe on Your Summer Travels

• Integrity and FIM: It’s More than Just Data Security

• Blackbaud Settles With California for $6.75 Million Over 2020 Data Breach

• Sandton Police Raid Uncovers Massive Counterfeit SIM Card Operation

• New Malware Targets Exposed Docker APIs for Cryptocurrency Mining

• The Post-it Note Clearly Says “Don’t Share” Right Under My Password

• Attack Paths Into VMs in the Cloud

• Managing Cloud Security Posture: Continuous Monitoring and Hardening for Visibility and Compliance

• Report Reveals Record Exploitation Rate For Load Balancers

• Cybersecurity News: Snowflake breach escalates, MITRE has a memo for the president, Velvet Ant persists

• Tencent To Ban AI Avatars From Livestream Commerce

• FTC Sues Adobe Over Hidden Fees, Termination ‘Resistance’

• Keytronic confirms data breach after ransomware attack

• Google Critical Security Alert Email

• Top 5 Ways To Protect Your Logistics Company From Fraud

• Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080)

• eBook: The Art & Science of Secure Software Development

• SUSE announces Liberty Linux Lite for CentOS 7

• TikTok US Ban Appeal Gets 16 September Court Date

• CISA Conducts First-Ever Tabletop Exercise Focused on AI Cyber Incident Response

• Datadog App Builder helps accelerate issue remediation

• VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi

• Trumped Up Crypto Scams – Criminals Deploy Trump Donation Scams

• Singapore Police Extradites Malaysians Linked to Android Malware Fraud

• US Surgeon General Calls For Warning Labels On Social Media

• The Financial Dynamics Behind Ransomware Attacks

• Podcast Episode: AI in Kitopia

• Are We Turning the Corner in the Fight Against Cybercrime? It’s Complicated.

• Ransomware related news headlines trending on Google

• Europol Taken Down 13 Websites Linked to Terrorist Operations

• VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug

• Runtime Enforcement: Software Security After the Supply Chain Ends

• New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems

• Anthropic’s red team methods are a needed step to close AI security gaps

• How to create your cybersecurity “Google Maps”: A step-by-step guide for security teams

• Enhancing security through collaboration with the open-source community

• Mass exploitation is the new primary attack vector for ransomware

• Preparing for a post-quantum future

• Key Takeaways From Horizon3.ai’s Analysis of an Entra ID Compromise

• 42% plan to use API security for AI data protection

• ISC Stormcast For Tuesday, June 18th, 2024 https://isc.sans.edu/podcastdetail/9028, (Tue, Jun 18th)

• Arm security defense shattered by speculative execution 95% of the time

• Enhancing Enterprise Browser Security

• Generative AI Not Replacing UK Jobs, Study Finds

• Suspected bosses of $430M dark-web Empire Market charged in US

• Shoddy infosec costs PwC spinoff and NMA $11.3M in settlement with Uncle Sam

• Suspected dark-web Empire Market bosses charged in US

• Empire Market owners charged with operating $430M dark web marketplace

• Apple embraces open-source AI with 20 Core ML models on Hugging Face platform

• Chariot Continuous Threat Exposure Management (CTEM) Updates

• IT Security News Daily Summary 2024-06-17

• Suspected underworld Empire Market bosses face possible life behind bars

• APIs: The Silent Heroes of Data Center Management

• China-linked Velvet Ant uses F5 BIG-IP malware in cyber espionage campaign

• California’s Facial Recognition Bill Is Not the Solution We Need

• Feds cuff suspected bosses of underworld Empire Market

• The Future of Pi Coin: Potential and Predictions

• The Surgeon General’s Fear-Mongering, Unconstitutional Effort to Label Social Media

• CISA Releases Guide to Enhance Election Security Through Public Communications

• The best travel VPNs of 2024: Expert tested and reviewed

• Leveraging ASNs and Pivoting to Uncover Malware Campaigns

• Truist Bank Confirms Data Breach After Information Surfaces on Hacking Forum

• SaaS tenant isolation with ABAC using AWS STS support for tags in JWT

• Blackbaud has to cough up a few million dollars more over 2020 ransomware attack

• Microsoft Recommends ‘Always On VPN’ As It Deprecates Windows DirectAccess

• Mitigating SSRF Vulnerabilities Impacting Azure Machine Learning

• Defending your ever-changing attack surface

• Critical Vulnerabilities Exposing Chinese Biometric Readers to Unauthorized Access

• (Almost) everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13

• Malicious emails tricking users to make donations for elections

• 7 cool and useful things I do with my Flipper Zero

• Open Source Licensing 101: Everything You Need to Know

• Vulnerability Summary for the Week of June 10, 2024

• US Surgeon General Wants Social Media Warning Labels

• Microsoft Patches Zero-Click Outlook Vulnerability

• UK Man Suspected Of Being Scattered Spider Leader Arrested

• Notorious Cyber Gang UNC3944 Attacks vSphere And Azure To Run VMs Inside Victims’ Infrastructure

• Ransomware Attackers Are Weaponizing PHP Flaw to Infect Web Servers

• Los Angeles Public Health Department Discloses Large Data Breach

• Mastering Nutanix Hyperconverged Infrastructure on Cisco’s Black Belt Academy

• ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models

• Microsoft Recall delayed after privacy and security concerns

• Aim Security Raises $18M to Secure Customers’ Implementation of AI Apps

• Insurance Company Globe Life Investigating Data Breach

• Keytronic Says Personal Information Stolen in Ransomware Attack

• CISA Conducts First AI Cyber Incident Response Exercise

• Tech Leaders to Gather for AI Risk Summit at the Ritz-Carlton, Half Moon Bay June 25-26, 2024

• Metomic’s Google User Groups feature alerts users when sensitive data might be at risk

• AI Development at Risk: Critical Vulnerability Discovered in Popular Python Library

• A Deep Dive into SELinux

• Testing Banking Website Security: What You Need to Know

• Why ransomware is still important to business resilience

• LA County’s Department of Public Health (DPH) data breach impacted over 200,000 individuals

• Using LLMs to Exploit Vulnerabilities

• The Ultimate Guide to Troubleshooting Vulnerability Scan Failures

• Malware peddlers love this one social engineering trick!

• Academics Develop Testing Benchmark for LLMs in Cyber Threat Intelligence

• Why Hybrid Cloud Security is the Future

• Exclusive: Parallel Domain launches PD Replica for high-fidelity digital twins in autonomous vehicle testing

• Exclusive: Kong launches AI Gateway to help enterprises govern and scale generative AI

• Cops cuff 22-year-old Brit suspected of being Scattered Spider leader

• Stop playing games with online security, Signal president warns EU lawmakers

• Emerging Technology Review and Needs

• Operation Celestial Force Employing Android And Windows Malware To Attack Indian Users

• China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices

• How deepfakes threaten biometric security controls

• Privacy app maker Proton transitions to non-profit foundation structure

• Co-innovating with Historically Black Colleges and Universities

• Stay Compliant: Cisco Secure Workload Introduces State-of-the-art, Persona-based Reporting

• Spotlight on Scribe Security

• Argus Cyber Security and Microsoft partner to secure automotive fleets throughout the vehicle lifecycle

• Microsoft Reconsiders Windows Recall Release Amidst Privacy Concerns

• The Role of Cybersecurity in Modern Waste Management Systems

• What is DevSecOps and Why is it Essential for Secure Software Delivery?

• Spanish police arrested an alleged member of the Scattered Spider group

• AWS is pushing ahead with MFA for privileged accounts. What that means for you …

• Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

• UK’s Total Fitness exposed nearly 500k images of members and staff through unprotected database

• The Indispensable Role of the CISO in Navigating Cybersecurity Regulations

• Google Must Face Trial In Ad Tech Monopoly Case

• Zero Trust Policy

• Outpost24 Launches Exposure Management Platform To Help Organizations Reduce Attack Surface Risk

• Meta Pauses European GenAI Development Over Privacy Concerns

• How Does Generative AI Help and Hurt Cybersecurity?

• Apple, Meta Likely To Face EU Antitrust Charges

• Silicon In Focus Podcast: Feeding the Machine

• Major Data Breach at CUHK Affects Over 20,000 Students and Staff

• Cybersecurity News: CISA tabletop exercise, Keytronic confirms breach, Linux emoji malware

• Cyber Security Today, June 17, 2024 – Microsoft faces heat in Congress, alleged cybercrook arrested, and more

• Adobe Shares Jump On AI Success

• Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake

• China Attempted Covert Military Drone Tie-Up With UK University – Report

• Winklevoss’ Gemini To Pay $50m In Crypto Fraud Settlement

• The Seven Things You Need to Know About Cyber Insurance

• London Ransomware Attack Led to 1500 Cancelled Appointments and Operations

• Meta Delays EU AI Launch After Privacy Complaints

• Online job offers, the reshipping and money mule scams

• Hackers Employing New Techniques To Attack Docker API

• New NetSupport Campaign Delivered Through MSIX Packages, (Mon, Jun 17th)

• AI Fuels Local Memory Chip Demand For China’s Sanctioned YMTC

• Hidden Backdoor in D-Link Routers Let Attacker Login as Admin

• A week in security (June 10 – June 16)

• Amazon-Powered AI Cameras Used to Detect Emotions of Unwitting UK Train Passengers

• Exploring the Three Types of Web Development

• Zadig & Voltaire – 586,895 breached accounts

• Notorious cyber gang UNC3944 attacks vSphere and Azure to run VMs inside victims’ infrastructure

• Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

• Telenor establishes Telenor Cyberdefense

• How cars can pose a cyber threat to user privacy

• FBI Arrested U.K. Hacker Linked to Scattered Spider Hacking Group

• NiceRAT Malware Targets South Korean Users via Cracked Software

• Low code, high stakes: Addressing SQL injection

• The rise of SaaS security teams

• Ghidra: Open-source software reverse engineering framework

• AI’s impact on data privacy remains unclear

• Malicious emails trick consumers into false election contributions

• ISC Stormcast For Monday, June 17th, 2024 https://isc.sans.edu/podcastdetail/9026, (Mon, Jun 17th)

• That didn’t take long: replacement for SORBS spam blacklist arises … sort of

• Can governments turn AI safety talk into action?

• Japan’s space junk cleaner hunts down major target

• USENIX Security ’23 – We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets

Generated on 2024-06-18 23:55:11.139946