IT Security News Daily Summary 2024-07-09

• CPR Warns Threat Actors are Leveraging Internet Explorer in New Zero-Day Spoofing Attack (CVE-2024-38112)

• The best tablets of 2024: Expert tested and reviewed

• 6 Best Cloud Data Management Software in 2024

• CISA Adds Three Known Exploited Vulnerabilities to Catalog

• VERT Threat Alert: July 2024 Patch Tuesday Analysis

• Neiman Marcus – 31,152,842 breached accounts

• The 10 best early Prime Day 2024 kitchen appliance deals

• Microsoft Patch Tuesday, July 2024 Edition

• The 20 best early Prime Day 2024 phone deals

• Microsoft Warns of Windows Hyper-V Zero-Day Being Exploited

• Randall Munroe’s XKCD ‘Alien Theories’

• USENIX Security ’23 – USENIX Security ’23 – AnimateDead: Debloating Web Applications Using Concolic Execution

• USENIX Security ’23 – Minimalist: Semi-automated Debloating of PHP Web Applications through Static Analysis

• China-Backed Threat Group Rapidly Exploits New Flaws: Agencies

• Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112)

• Last chance to save up to $1,500 on new Samsung Galaxy Z Fold 6 and Z Flip 6 phones – here’s how

• More than 31 million customer email addresses exposed following Neiman Marcus data breach

• Buy a 5-year subscription to AdGuard VPN for $35

• Beyond Pride Month: Protections for LGBTQ+ People All Year Round

• Strategies for achieving least privilege at scale – Part 1

• Strategies for achieving least privilege at scale – Part 2

• Microsoft Patch Tuesday July 2024, (Tue, Jul 9th)

• Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities

• Eldorado Ransomware Targeting Windows and Linux with New Malware

• Samsung Galaxy Ring: Features, price, launch date, and everything else we know

• Why You Need Network Detection & Response Now

• How to save money on groceries with Amazon Prime

• Join BJ’s Wholesale Club for $20 right now, down from $55

• CISA and Partner Agencies Join ASD’S ACSC to Release Advisory on APT40, a Chinese State-Sponsored Group

• Researchers Catch Yemeni Hackers Spying on Middle East Military Phones

• Adobe Issues Critical Patches for Multiple Products, Warns of Code Execution Risks

• Biggest Ever Password Leak — but is ObamaCare’s RockYou2024 Really NEW?

• 7,000 WordPress Sites Affected by Privilege Escalation Vulnerability in ProfileGrid WordPress Plugin

• Reverse-Engineering Ticketmaster’s Barcode System

• UN Draft Surveillance Treaty Dangerously Expands State Surveillance Powers Without Robust Privacy, Data Protection Safeguards

• Cyber-Attack on Evolve Bank Exposed Data of 7.6 Million Customers

• CISA Guidance Strengthens Data Security, Neglects Web Access Security

• Six months into new SEC rulings, can enterprises escape the crossfire?

• Why User Experience Matters In Security Awareness Training

• Trojanized jQuery Infiltrates npm, GitHub, and CDNs: Thousands of Packages at Risk

• The 25 best early Amazon Prime Day 2024 deals

• Learn a new language with a discounted Babbel subscription

• I put the free version of Perplexity.ai through my coding tests – here’s what happened

• Command Zero Emerges From Stealth Mode to Speed Up Cyber Investigations

• BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol

• Patelco Credit Union Working Diligently to Recover from Security Incident

• New Consumer Privacy Rights for Oregonians: What You Need to Know

• The Shift from VPNs to ZTNA

• Cyber Attack leads to 1.4GB NSA data breach

• Buy a Windows 11 Pro license for $23 – an all-time low price

• Palo Alto Networks a Leader Again in Gartner Single-Vendor SASE Report

• Here’s How to Change IP Address Without VPN

• Eldorado Ransomware Strikes Windows and Linux Networks

• Catch My Drift? How To Easily Manage Configuration Drift In Your Storage & Backup Systems

• SSID Meaning: What Is an SSID and How Can You Find Yours?

• Meta unveils a $25-per-month, interest-free Quest 3 payment plan. Is this deal worth it?

• The best smart rings of 2024: Expert tested and reviewed

• Buy the MacBook Air M1 for just $649 – the lowest price we’ve seen

• The 5 best early Prime Day 2024 security camera deals

• Risk & Repeat: Hacks, lies and LockBit

• The Critical Intersection of AI and Security: A Partnership Imperative

• Limitations of current automatic specification generation tools

• Akamai Launches Early Hints to Further Boost User Experience and SEO

• Enhancing Security With ZTNA in Hybrid and Multi-Cloud Deployments

• This Is How SSL Certificates Work: HTTPS Explained in 15 Minutes

• Ticketmaster says stolen Taylor Swift Eras Tour tickets are useless

• Best Buy dropped the M1 MacBook Air to $649, and you can still grab these savings

• Elexon’s Insight into UK electricity felled by expired certificate

• SAP Patches High-Severity Vulnerabilities in PDCE, Commerce

• Optiv MDR accelerates threat detection and response

• Samsung Galaxy Watch Ultra: The best specs, features, and everything else we know

• The best projectors of 2024: Expert tested and reviewed

• Apple launches iOS 18 Beta 3 – here’s everything you need to know

• Mitsubishi Electric MELIPC Series MI5122-VW

• Johnson Controls Software House C●CURE 9000

• Delta Electronics CNCSoft-G2

• Johnson Controls Illustra Pro Gen 4

• Evolve Bank & Trust confirms LockBit stole 7.6 million people’s data

• Analyzing Ticketmaster Sample Data Breach: Key Insights and Implications

• Supreme Court Directive Mandates Self-Declaration Certificates for Advertisements

• AttackIQ Mission Control simplifies security testing for distributed teams

• A decade of global cyberattacks, and where they left us

• Protecting Your Codebase: Best Practices for Secure Secret Management

• Ransomware Gang Leaks Data Allegedly Stolen from Florida Department of Health

• Evolve Bank Data Breach Impacts 7.6 Million People

• RADIUS Protocol Vulnerability Exposes Networks to MitM Attacks

• Top four ways to improve your Security Hub security score

• I tested Motorola’s new $699 flip phone and it’s full of nostalgic goodness

• Oura unveils AI health advisor a day before Samsung Galaxy Ring’s likely debut

• Evolve Bank says ransomware gang stole personal data on millions of customers

• Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK

• How to Add Cloudflare DMARC, SPF, and DKIM Records? Easy Setup Guide

• Research: Only 61% of top manufacturers have adopted DMARC despite rising cyber attacks

• Skillsoft partners with Microsoft to develop GenAI skilling program

• Nine IT Experts Weigh in On Managed File Transfer (MFT)

• Implementing Digital Rights Management Systems To Safeguard Against Unauthorized Access Of Protected Content

• How to Prepare for ISO 27001:2022’s Threat Intelligence Requirements

• Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack

• GuardZoo spyware used by Houthis to target military personnel

• Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks

• Chinese State Actor APT40 Exploits N-Day Vulnerabilities “Within Hours”

• How do cryptocurrency drainer phishing scams work?

• New Golang Botnet “Zergeca” Discovered, Delivers Brutal DDoS Attacks

• Use these 6 user authentication types to secure networks

• Around the World with Cisco: From Student to Intern to CX Consulting Engineer

• New Mirai Botnet Variants Observed: How to Identify a Mirai-Style DDoS Attack

• UN Cybercrime Draft Convention Dangerously Expands State Surveillance Powers Without Robust Privacy, Data Protection Safeguards

• Chinese APT40 group swifly leverages public PoC exploits

• Nearly 10 Billion Passwords Leaked in Biggest Compilation of All Time

• Develop Valuable Security and Risk Management Skills for Just $30 Through 7/21

• RockYou2024: 10 BILLION unique passwords exposed – what now?

• Scammers Double-Dip by Offering Prior Victims Help to Recover Stolen Funds

• How to Fix a Dysfunctional Security Culture

• Global Coalition Blames China’s APT40 for Hacking Government Networks

• How to use Copilot Pro to write, edit, and analyze your Word documents

• GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel

• HUMINT: Diving Deep into the Dark Web

• Q1 2024 Cyber Attacks Statistics

• Apache Fixed a Source Code Disclosure Flaw in Apache HTTP Server

• Houthi rebels are operating their own GuardZoo spyware

• Hackers Leak 10 Billion Passwords How Users Should Respond

• Avast Provides DoNex Ransomware Decryptor to Victims

• How to add more eye candy to the GNOME desktop

• The 6 Best Governance, Risk & Compliance (GRC) Tools for 2024

• Cato Networks Named a Leader in the 2024 Gartner Magic Quadrant for Single-Vendor SASE

• Staying Safe During Amazon Prime Day

• How to Get the Most for Yourself Through Altruism

• Universal Code Execution Vulnerability In Browsers Puts Millions Of Users At Risk

• Just a Fifth of Manufacturers Have Strongest Anti-Phishing Protection

• Cybersecurity News: Billions of stolen passwords, cybersecurity regulations even trickier, Apple removes popular apps

• A Deeper Dive into DISA’s Cybersecurity Initiatives

• SQR Wins Isle of Man Government Contract

• Splunk Addresses Critical Vulnerabilities in Enterprise and Cloud Platforms

• UN Cybercrime Draft Convention Dangerously Expands State Surveillance Powers Without Robust Privacy and Data Protection Safeguards

• Stellar Cyber Open XDR platform now supports BYODL

• How to watch Samsung Unpacked Paris 2024 and what we’re expecting to be unveiled

• Avast released a decryptor for DoNex Ransomware and its predecessors

• Update: Network Segmentation Hobbled Midnight Blizzard’s Attack on TeamViewer

• Egnyte Copilot accelerates enterprise content collaboration

• Ticketmaster Extortion Continues, Threat Actor Claims New Ticket Leak

• Critical Infrastructure Providers Seek Guardrails on Scope, Timeline for CIRCIA Rules

• Increase in the Exploitation of Microsoft SmartScreen Vulnerability

• Align strengthens defense against double-extortion ransomware tactics

• Ghostscript Rendering Platform Vulnerability Let Attackers Execute Remote Code

• Outpost24 appoints Ido Erlichman as CEO

• As Cyber Command Evolves, Its Novel Malware Alert System Fades Away

• Microsoft China staff can’t log on with an Android, so Redmond buys them iThings

• Cybersecurity Agencies Warn of China-linked APT40’s Rapid Exploit Adaptation

• Turla Hackers Weaponizing LNK-Files To Deploy Fileless Malware

• HCL Domino Vulnerability Let Attackers obtain Sensitive information

• Unleashing the Power of Next-Gen Agents for Robust Cloud-Native Security

• Scammers double-scam victims by offering to help recover from scams

• China’s APT40 gang is ready to attack vulns within hours or days of public release

• Navigating Authentication Challenges: A Closer Look at Contemporary CIAM

• Minimize Data Breaches with Planning, Transparency and Technology

• Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories

• Cyber Attack to impact 1.5 billion Apple devices

• Exploring the root causes of the cybersecurity skills gap

• Microsoft’s cybersecurity dilemma: An open letter to Satya Nadella

• Shadow engineering exposed: Addressing the risks of unauthorized engineering practices

• China’s APT40 gang is ready to attack vulns within hours or days of public release.

• ISC Stormcast For Tuesday, July 9th, 2024 https://isc.sans.edu/podcastdetail/9044, (Tue, Jul 9th)

• Samsung Galaxy Ring’s best feature would be to not lock my data behind a paywall

• Level Up Your ATO Defenses: Account Protect Delivers Advanced Threat Detection

• What is “Events Ripper”?

• People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action

• CISA and Partners join ASD’S ACSC to Release Advisory on PRC State-Sponsored Group, APT 40

• AI stack attack: Navigating the generative tech maze

• OpenAI Secrets Stolen in 2023 After Internal Forum Was Hacked

• Microsoft drops ‘MInference’ demo, challenges status quo of AI processing

• Automated Indicator Sharing: Other Ways to Connect

• Exploring Cross-Chain Compatibility in dApp Development

• Enhancing Cloud Security: Integrating DevSecOps Practices Into Monitoring

• Understanding and Mitigating IP Spoofing Attacks

• RockYou2024 compilation containing 10 billion passwords was leaked online

• LockBit’s latest attack shows why fintech needs more zero trust

• IT Security News Daily Summary 2024-07-08

• Buy a Samsung Galaxy Watch 6 on sale and save $130 on a pair of Galaxy Buds 2 Pro

• Save up to $1,500 on new Samsung Galaxy Z Fold 6 and Z Flip 6 phones – here’s how

• The best early Prime Day deals on the weirdest tech we could find

• The best iPhone 15 screen protectors of 2024: Expert tested

• Ransomware hits CDK Global, public sector targets in June

• The best Prime Day 2024 tablet deals

• The 20 best Prime Day 2024 deals under $25

• Microsoft Banning Android Phones for Staff in China

• Context window overflow: Breaking the barrier

• How to Get Rid of a Computer Virus [Mac and PC]

• Stacks L2 Security Soars with Hypernative’s Ecosystem-Wide Protection

• Shopify says stolen customer data was taken in third-party breach

• The best MagSafe wallets of 2024: Expert tested and reviewed

• How AI-driven SOC tech eased alert fatigue: Case study

• How API attacks work, plus 5 common types

• Mastering Efficient Data Processing for LLMs, Generative AI, and Semantic Search

• An In-Depth Look at Crypto-Crime in 2023 Part 1

• The 45+ best Walmart deals right now

• 5 Linux commands for managing users

• $3,094 Bounty Awarded and 150,000 WordPress Sites Protected Against Arbitrary File Upload Vulnerability Patched in Modern Events Calendar WordPress Plugin

• Ticketmaster Hackers Leak 30K Ticket Barcodes, Share Counterfeit Tutorial

• FTC’s non-compete ban almost certainly dead, based on a Texas federal court decision

• The 8 best early Amazon Prime Day Kindle deals

• Apple removes VPN apps at request of Russian authorities, say app makers

• Critical Ghostscript flaw exploited in the wild. Patch it now!

• The best early Amazon Prime Day laptop deals

• The 26 best early Prime Day 2024 Nintendo deals

• Vulnerability Recap 7/8/24 – Intel, Cisco & More Face Risks

• Mandiant Highlights Russian and Chinese Cyber Threats to NATO on Eve of 75th Anniversary Summit

• New Golang-Based Botnet ‘Zergeca’ Discovered

• Proton Docs Arrives As An Encrypted Document Sharing Platform

• The best business internet providers of 2024

• You can get Amazon’s new Echo Spot alarm clock at 40% off through Prime Day

• Grab a Microsoft Visual Studio Pro license for $35

• On the CSRB’s Non-Investigation of the SolarWinds Attack

• Get Microsoft Office for Windows or Mac for $25 right now

• Windows Notepad gets spellcheck and autocorrect, after 41 years

• Amazon’s new Echo Spot makes nightstand clocks cool again with a smart home twist

• Take Your ST 2110 Workflow to the Next Level

• Hundreds of Tech Companies Want to Cash In on Homeland Security Funding. Here’s Who They Are and What They’re Selling.

• TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack

• How to switch from a Microsoft account to a local account, and tricks to avoid a Microsoft account

• What Is a Cybersecurity Platform?

• New APT Group “CloudSorcerer” Targets Russian Government Entities

• Kaspersky Flags Cyberespionage APT ‘CloudSorcerer’ Targeting Russian Government

• Hacked Ethereum Foundation Account Used to Send 35,000 Phishing Emails

• USENIX Security ’23 – Lost in Conversion: Exploit Data Structure Conversion with Attribute Loss to Break Android Systems

• OpenAI Hack Exposes Hidden Risks in AI’s Data Goldmine

• New APT CloudSorcerer Malware Hits Russian Targets

• Twitter Data breach and 10 billion password leak details

• Industrial Cyber Security Basics Can Help Protect APAC Operational Technology Operators: Dragos

• Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse Sites

• Mekotio Trojan Targets Latin American Banking Credentials

• Apple Removes VPN Apps from Russian App Store as Censorship Tightens

• Continued Progress Towards a Secure Open Source Ecosystem

• New Ghostscript Vulnerability Alarms Experts as Major Breach Threat

• Robot ‘Suicide’ in South Korea Raises Questions About AI Workload

• FIA Confirms Cyberattack Compromising Email Accounts

• BianLian Ransomware Strikes: US Companies Grapple with Data Breach Fallout

• Vulnerability Summary for the Week of July 1, 2024

• New Ransomware-as-a-Service ‘Eldorado’ Targets Windows and Linux Systems

• Microsoft forgets about SwiftKey’s support site

• Cisco Warns regreSSHion Vulnerability Impacts Multiple Products

• AI SPERA Partners with Devcons to Expand ‘Criminal IP’ into the Middle Eastern Market

• Former Nuance Employee Arrested After Geisinger Data Breach Exposed 1.2 Million Records

• Supreme Court Ruling Threatens the Framework of Cybersecurity Regulation

• IoT Vulnerabilities and BotNet Infections: What Executives Need to Know

• Russia Blocks VPN Services in Information Crackdown

• Defend Against Account Abuse in Financial Services

• Check Point – ISC2 Partnership Cross the 4,000 Hours of Training Milestone

• 7 Tips on Keeping Your Data Private When Using AI

• Indian Government Issues Serious Warning on Phishing Scams Alleging Sexual Offenses

• Decryptor for DoNex, Muse, DarkRace, (fake) LockBit 3.0 Ransomware Released

• Avast secretly gave DoNex ransomware decryptors to victims before crims vanished

• Eldorado Ransomware is Targeting Windows, VMware ESXi VMs

• Centrally manage VPC network ACL rules to block unwanted traffic using AWS Firewall Manager

• Major ISP Accused of Mass Malware Attack on Customers

• Apple Removed VPN Services from the Russian AppStore

• New Variation of WordFence Evasion Malware Discovered

• Cloudy with a Chance of Cyberattack: Understanding LOTC Attacks and How ZTNA Can Prevent Them

• Attackers Exploiting Remote Code Execution Vulnerability in Ghostscript

• OWASP Penetration Testing: Methodology, Kit, Checklist (Downloadable)

• Database Penetration Testing: Secure Your Data

• Apple removed 25 VPN apps from the App Store in Russia following Moscow’s requests

• Optimizing IT Team Collaboration – An Innovative Approach to Enhancing Productivity

• Why SPRS Matters and 4 Steps to Improve Your Security Posture

• 5 Key Questions CISOs Must Ask Themselves About Their Cybersecurity Strategy

• Crypto Thefts Double to $1.4 Billion, TRM Labs Finds

• Made in the UK

• ‘RockYou2024’: Nearly 10 billion passwords leaked online

• Cybersecurity Glossary Pack

• Experts Warn of Mekotio Banking Trojan Targeting Latin American Countries

• Answering SEC’s Question of Materiality of a Breach

• Emboldened and Evolving: A Snapshot of Cyber Threats Facing NATO

• Guarding Health: Errol Weiss on Protecting the Healthcare Sector from Cyber Threats

• GAO Urges Stronger Federal Cybersecurity Measures Amid Rising Threats

• AI-Powered Super Soldiers Are More Than Just a Pipe Dream

• Vinted Fined $2.6m Over Data Protection Failure

• Gogs Vulnerabilities May Put Your Source Code at Risk

• Report: 47% of Corporate Data Stored in the Cloud Is Sensitive

• Balancing Security and Convenience with EV Charging

• Decryptor for DoNex, Muse, DarkRace, (fake) LockBit 3.0 ransomware released

• 10 Billion Passwords Leaked on Hacking Forum

• Cybersecurity News: Alabama Education breach, OpenAI secrets breach, Florida Health breach

• Egyptian Health Department Data Breach: 120,000 Users’ Data Exposed

• Europol Concerns Over Privacy Enhancing Technologies Challenge Lawful Interception

• Report: 99% of IoT Exploitation Attempts Rely on Previously Known CVEs

• Cyber Security Today, July 8, 2024 – A New Ransomware Group Is Discovered

• GootLoader is Still Active and Efficient

• Infostealing Malware Masquerading as Generative AI Tools

• Pro-Bangladeshi Hacktivists Enter Global Stage with Matryoshka 424 Alliance

• Navigating Europe’s digital identity crossroads

• Human Vigilance is Required Amid AI-Generated Cybersecurity Threats

• Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service

• Orcinius Trojan Attacking Users Via Dropbox & Google Docs

• CISA adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog

• PSA: This Microsoft Update is essential

• A week in security (July 1 – July 7)

• Kunai: Keep an Eye on your Linux Hosts Activity, (Mon, Jul 8th)

• CloudSorcerer – A new APT targeting Russian government entities

• Apple Removes VPN Apps from Russian App Store Amid Government Pressure

• Roblox Data Breach: Email & IP address Details Exposed

• Mobile based cyber threats to watch out for at Paris Olympic Games 2024

• Top 5 Mobile Security Benefits with Samsung Knox

• Selfie-based authentication raises eyebrows among infosec experts

• Continuous Threat Exposure Management for Google Cloud

• July 2024 Patch Tuesday forecast: The end of an AV giant in the US

• How nation-state cyber attacks disrupt public services and undermine citizen trust

• Monocle: Open-source LLM for binary analysis search

• Organizations change recruitment strategies to find cyber talent

• ISC Stormcast For Monday, July 8th, 2024 https://isc.sans.edu/podcastdetail/9042, (Mon, Jul 8th)

• Not-so-OpenAI allegedly never bothered to report 2023 data breach

• Paperclip Maximizers, Artificial Intelligence and Natural Stupidity

• A decade after collapsing, crypto exchange Mt Gox repays some investors

Generated on 2024-07-09 23:55:12.764187