IT Security News Daily Summary 2024-08-02

• Friday Squid Blogging: Treating Squid Parasites

• EFF to Ninth Circuit: Don’t Shield Foreign Spyware Company from Human Rights Accountability in U.S. Court

• What’s in a Secret? Best Practices for Static, Rotated and Dynamic Secrets

• Akeyless Universal Secrets Connector: A Secrets Manager of Managers

• Investors sued CrowdStrike over false claims about its Falcon platform

• How blockchain can support third-party risk management

• Federal Appeals Court Rules That Fair Use May Be Narrowed to Serve Hollywood Profits

• USENIX Security ’23 – ARMore: Pushing Love Back Into Binaries

• Cybersecurity Compass: An Integrated Cyber Defense Strategy

• Optus and Medibank Data Breach Cases Allege Cyber Security Failures

• Even Linux users should take a look at this Microsoft KB article., (Fri, Aug 2nd)

• Here Are EFF’s Sacramento Priorities Right Now

• Hackers Exploit Security Flaws to Access Millions of UK Voters’ Details

• Randall Munroe’s XKCD ‘Chili Tornado Quake’

• Scammers are impersonating cryptocurrency exchanges, FBI warns

• Sensitive Illinois Voter Data Exposed by Contractor’s Unsecured Databases

• New Panamorfi DDoS Attack Exploits Misconfigured Jupyter Notebooks

• How to prepare for a secure post-quantum future

• Sensitive Illinois Voter Data Exposed by Contractor’s Unsecured Databases

• Israeli hacktivist group brags it took down Iran’s internet

• APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure

• APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack

• MSSP vs. SOC – Key Considerations When Deciding Your Strategy

• New Jersey City University Targeted by ransomware Outfit Demanding $700K

• Russian ransomware criminals earn $500 million

• What is endpoint security? How does it work?

• TechCrunch Minute: Why did Wiz walk away from $23 billion?

• Remote SMB Security—Protect Your Business While Traveling

• USENIX Security ’23 – SpectrEM: Exploiting Electromagnetic Emanations During Transient Execution

• Prisoner Swap: Huge Russian Hackers Freed — Seleznev and Klyushin

• Apple Beats Expectations, Despite Falling iPhone Sales

• Respect your data, and protect it

• Report: macOS Most Vulnerable to Endpoint Attacks Compared to Windows and Linux

• Hacking Group Exposes Pentagon IT Provider’s Documents

• Domain Validation Bug: DigiCert Revokes TLS Certificates

• Pharma giant Cencora is alerting millions about its data breach

• Avtech camera vulnerability actively exploited in the wild, CISA warns

• Sitting Ducks DNS Attacks Used to Hijack Over 35,000 Domains

• How Advanced Data Protection Revolutionizes Security Analysts’ Workflow

• Google Breaks Promise to Block Third-Party Cookies

• The European Union’s World-First Artificial Intelligence Rules Are Officially Taking Effect

• Opal Security Extends Scope and Reach of Platform for Managing Privileges

• Social Media Firms Fail to Protect Children’s Privacy, Says ICO

• Getting to Know Tim Otis

• OSPAR 2024 report now available with 163 services in scope

• Disaster Recovery Steps Up With New Cisco NERVs

• Iranian Internet Attacked by Israeli Hacktivist Group: Reports

• The Rise of AI: New Cybersecurity Threats and Trends in 2023

• EPA Told to Address Cyber Risks to Water Systems

• Fortune 50 biz coughed up record-breaking $75M ransom to halt leak of stolen data

• Protect AI Raises $60 Million in Series B Funding

• Webinar: Discover the All-in-One Cybersecurity Solution for SMBs

• Government Shelves £1.3 Billion UK Tech, AI Plan

• The C̶a̶k̶e̶ User Location Is a Lie!!!

• StackExchange Abused to Spread Malicious PyPI Packages as Answers

• Looking Past DevOps: AI, ClickOps and Platform Engineering

• Leaked GitHub Python Token

• CrowdStrike Investors File Class Action Suit Following Global IT Outage

• Intel To Cut 15 Percent Of Workforce, Suspends Dividend

• U.S. released Russian cybercriminals in diplomatic prisoner exchange

• UK plans to revamp national cyber defense tools are already in motion

• Cloudflare Tunnels Abused for Malware Delivery

• New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication

• Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal

• Fighting Ursa Luring Targets With Car for Sale

• Microsoft Patched a Critical Edge Flaw that Led to Arbitrary Code Execution

• Homebrew Security Audit Finds 25 Vulnerabilities

• Suspects in ‘Russian Coms’ Spoofing Service Arrested in London, as NCA Announces Takedown

• Google Chrome Adds App-Bound Encryption to Block Infostealer Malware

• Threat Intelligence: A Blessing and a Curse?

• Gaming Industry Faces 94% Surge in DDoS Attacks

• NCSC Unveils Advanced Cyber Defence 2.0 to Combat Evolving Threats

• Cybersecurity News: Cencora patient breach, OneDrive phishing campaign, Argentina’s crime predictions

• Credo AI Raises $21M to Help Enterprises Deploy AI Safely and Responsibly

• APT41 Likely Compromised Taiwanese Government-Affiliated Research Institute with ShadowPad and Cobalt Strike

• Malicious Package Hidden in PyPI Discovered

• Over 35k Domains Hijacked in ‘Sitting Ducks’ Attacks

• Hackers Actively Exploiting WordPress Plugin Arbitrary File Upload Vulnerability

• U.S. Releases High-Profile Russian Hackers in Diplomatic Prisoner Exchange

• Russia, Moldova Targeted by Obscure Hacking Group in New Cyberespionage Campaign

• Securonix unveils Cyber Data Fabric and Noise Canceling SIEM in EON suite

• How Cyberthreats Could Disrupt the Olympics

• Cybercriminals Abusing Cloudflare Tunnels to Evade Detection and Spread Malware

• Dark web offers botnets as low as $99

• The Need for Budget Boosts to Combat AI-Generated Cyber Attacks

• NCA Shuts Down Major Fraud Platform that Triggers 1.8 Million Scam Calls

• Infosec Institute Partners with Career.io to Help Students Launch Cybersecurity Careers

• UK crimebusters shut down global call-spoofing outfit that claimed 170K-plus victims

• Microsoft confirms cyber attack cause outage and it’s own defences may have made the impact worse: Cybersecurity Today for Friday, August 2, 2024

• DNS Vulnerability: ‘Sitting Ducks’ Exposes Millions of Domains to Hijacking

• Japan mandates app to ensure national ID cards aren’t forged

• Sitting Ducks attack technique exposes over a million domains to hijacking

• Navigating Indispensable Cybersecurity Practices for Hybrid Working Professionals

• CSMA Starts with Identity A Comprehensive Approach to Modern Cybersecurity

• The Unbreakable Bond: Why Identity and Data Security are Inseparable

• Organizations fail to log 44% of cyber attacks, major exposure gaps remain

• Record-breaking $75 million ransom paid to cybercrime group

• LuLu – 190,506 breached accounts

• Open-source project enables Raspberry Pi Bluetooth Wi-Fi network configuration

• India contemplates compulsory dynamic 2FA for digital payments

• New infosec products of the week: August 2, 2024

• ISC Stormcast For Friday, August 2nd, 2024 https://isc.sans.edu/podcastdetail/9080, (Fri, Aug 2nd)

• U.S. Trades Cybercriminals to Russia in Prisoner Swap

• Victory! D.C. Circuit Rules in Favor of Animal Rights Activists Censored on Government Social Media Pages

• US sends cybercriminals back to Russia in prisoner swap that freed WSJ journo, others

• U.S. Trades 5 Cybercriminals to Russia in Prisoner Swap

• Protect your mini-me—How to prevent child identity theft

• IT Security News Daily Summary 2024-08-01

• The One-Pixel Threat: How Minuscule Changes Can Fool Deep Learning Systems

• The cyberthreat that drives businesses towards cyber risk insurance

• Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085

• How to assess SOC-as-a-service benefits and challenges

• InfoSec community sounds off on CrowdStrike outage, next steps

• Widespread OTP-Stealing Campaign Targets Android Users

• Federated access to Amazon Athena using AWS IAM Identity Center

• I tested the 3 best VPNs for streaming the Summer Olympics

• Convicted Cybercriminals Included in Russian Prisoner Swap

• Security Risk Advisors Announces Launch of VECTR Enterprise Edition

• CISA Releases Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle

• What Is OAuth? Meaning + How It Works

• SENIX Security ’23 – Hot Pixels: Frequency, Power, and Temperature Attacks on GPUs and Arm SoCs

• Fraud in the Travel Industry & How to Prevent It

• Too late now for canary updates, says pension fund suing CrowdStrike

• EU Approves Hewlett Packard Enterprise’s $14bn Juniper Acquisition

• What is dynamic application security testing (DAST)?

• The Cisco Store Retail Roundup, Volume 2

• There is no real fix to the security issues recently found in GitHub and other similar software

• HealthEquity Data Breach Exposes Personal Information

• Tracking Proxy Scans with IPv4.Games, (Thu, Aug 1st)

• Google Using Enhanced Encryption to Protect Cookies

• An Analysis of the Rising Cyber Crime Levels Across the Globe

• Elon Musk Sued By Former CNN Anchor Over Cancelled X Deal

• New BingoMod Android Malware Posing as Security Apps, Wipes Data

• The best VPN for streaming in 2024: Expert tested and reviewed

• Microsoft Confirms Global Azure Outage Caused by DDoS Attack

• CrowdStrike, Antitrust, and the Digital Monoculture

• 8 Essential Considerations for Post-Quantum Cryptography Migration

• OAuth and XSS Bugs: Exposing Data of Millions of Users

• Progress Introduces Chef Courier for Simplified Job Management Across Corporate Software Ecosystems

• Top 6 Cloud Computing Certifications Worth Taking

• 8 EDR Best Practices You Need to Pay Attention to in 2024

• Inaugural Pentagon Cyber Policy Chief Nominee Sails Through Senate Armed Services Committee

• Alex Stamos Named CISO at SentinelOne

• Ransomware news trending on Google for this day

• Synchron Embeds Apple Vision Pro With Brain Interface

• Cyber A.I. Group Announces LOI to Acquire Prominent North American Cybersecurity Firm

• Top 39 Cybersecurity Companies You Need to Know 2024

• Pharma Giant Cencora confirmed the theft of personal and health information

• Innovative Approach Promises Faster Bug Fixes

• Scam Platform Shut Down by UK Authorities After 1.8 Million Fraudulent Calls

• Cyber A.I. Group Announces LOI to Acquire Prominent North American Cyber Security Company

• Navigating BNPL Integration: Key Steps and Best Practices for Developers

• $75 Million Record-Breaking Ransom Paid To Cybercriminals, Say Researchers

• Vonets WiFi Bridges

• Johnson Controls exacqVision Web Service

• Johnson Controls exacqVision Server Web Service

• Fortinet’s Progress on its Secure by Design Pledge Commitments

• RansomEXX Group Targets Indian Banking With New Tactics

• CISA Names First Chief Artificial Intelligence Officer

• How to counter adversarial AI

• FBI, CISA remind US voters that DDoS attacks can’t touch election systems

• He Was an FBI Informant—and Inspired a Generation of Violent Extremists

• A Commander’s-Intent-driven Network – Enabling Cyberspace Operations from the Tactical Edge and Beyond

• India’s Digital Sovereignty: Balancing Control and Freedom in the Internet Age

• Here’s How to Safeguard Your Smart Home Connected Devices

• Cicada3301’s Cyberattack on Tri-Star Display Exposes 95GB of Sensitive Data

• Over 1 Million Domains at Risk of ‘Sitting Ducks’ Domain Hijacking Technique

• Wordfence Intelligence Weekly WordPress Vulnerability Report (July 22, 2024 to July 28, 2024)

• Akamai?s Strategic and Transparent Implementation of AI

• Meta Posts Strong Q2 Amid Heavy AI Spending

• How Smart Tech is Teaching Us About Our Oceans, One Catch at a Time

• How Cyberthreats Could Disrupt the Olypmics

• DigiCert Mass-Revoking TLS Certificates Due to Domain Validation Bug

• Hackers Distributing Malicious Python Packages via Popular Developer Q&A Platform

• TgRAT Malware Attacking Linux Servers with New Variant

• Over 20,000 Ubiquiti Cameras and Routers are Vulnerable to Amplification Attacks and Privacy Risks

• US Senate Passes Landmark Bill Protecting Children’s Online Safety and Privacy

• Exploited Vulnerability Could Impact 20k Internet-Exposed VMware ESXi Instances

• Strata Identity to Demonstrate How to Modernize Legacy Identity Systems to Microsoft Entra ID at Black Hat 2024

• New Android Banking Trojan BingoMod Steals Money, Wipes Devices

• AWS completes the first GDV joint audit with participant insurers in Germany

• Insecure File-Sharing Practices in Healthcare Put Patient Privacy at Risk

• The Kaiser Data Breach Should Be a Wake-Up Call for Cybersecurity in Healthcare

• Why geographical diversity is critical to build effective and safe AI tools

• Cisco Innovating a New Era of Security at Black Hat 2024

• Ransomware Attack On Service Provider Hits 300 Small Banks Across India

• Mozilla follows Google in losing trust in Entrust’s TLS certificates

• BingoMod Android RAT Wipes Devices After Stealing Money

• kvmCTF: Google’s $250K Bounty for KVM Zero-Day Vulnerabilities

• Applying Vulnerability Management to Zero Trust: Insights from Fortra’s Tyler Reguly

• APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike

• AI Plans Hampered By Lack Of Skills, Governance Challenges

• CrowdStrike Sued By Shareholders After Huge IT Outage

• New “Sitting Ducks” DNS Attack Lets Hackers Easy Domain Takeover

• Bitdefender Flaw Let Attackers Trigger Server-Side Request Forgery Attacks

• How To Fix the OWASP Top 10 Vulnerability in Angular 18.1.1v

• The Top 7 NordVPN Alternatives for 2024

• A $500 Open-Source Tool Lets Anyone Hack Computer Chips With Lasers

• Obfuscation: There Are Two Sides To Everything

• How “professional” ransomware variants boost cybercrime groups

• Education in Secure Software Development

• Some Companies Pay Ransomware Attackers Multiple Times, Survey Finds

• Multiplayer.it – 503,957 breached accounts

• SMS Stealer Targeting Several Countries with Over 100,000 Malicious Android Apps

• Cado platform enhances SOC efficiency with AI-driven workflow automation

• Detecting evolving threats: NetSupport RAT campaign

• Beware Of Malicious Crypto Management App That Drains Your Wallet

• April 2024 Cyber Attacks Statistics

• Secretive: Open-Source App for Storing and Managing SSH Keys in the Secure Enclave

• Microsoft Confirms Azure, 365 Outage Linked to DDoS Attack

• Security Flaws at UK Elections Agency Left Door Open for Chinese Hackers, Privacy Watchdog Finds

• DigiCert Revoking 83,000 Certificates of 6,800 Customers

• Best 5 SOC 2 Compliance Software in 2024

• Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware

• Cencora Confirms Patient Data Stolen in Cyber-Attack

• Cybersecurity News: Elections and DDoS, dating apps leak locations, Germany blames China

• What Is a Field CISO?

• Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft

• Get an Extensive Education in Cybersecurity for Just $40

• Apple Extends Zero-Day Patch to Older Macs, Urges Immediate Update

• E-Commerce Fraud Campaign Uses 600+ Fake Sites

• Where to find Talos at BlackHat 2024

• CrowdStrike & Microsoft to Face Lawsuit from Delta Air Lines Following System Crash

• Voice Over Wi-Fi Vulnerability Let Attackers Eavesdrop Calls And SMS

• EvilProxy Phishing Kit Used in Over One Million Attacks Monthly

• Lineaje Secures $20 Million in Funding To Address Software Supply Chain Issues

• Synack PTaaS platform offers complete security testing suite

• New Microsoft whitepaper shares how to prepare your data for secure AI adoption

• BEC Attacks Surge 20% Annually Thanks to AI Tooling

• Beware of Fake AI Tools Masking a Very Real Malware Threat

• Threat Actor Impersonates Google via Fake Ads for Authenticator

• How SquareX is Redefining Web Security: An In-Depth Discussion with Chief Architect Jeswin Mathai

• Wing Security unveils custom SaaS Threat Intelligence for direct dashboard integration

• Tycoon 2FA Phishing Kit Exploits Amazon SES to Steal User Credentials

• How to spot signs of ransomware in your school district

• Nucleus Vulnerability Intelligence Platform enhances threat assessment and remediation speed

• Facebook Ads Lead to Fake Websites Stealing Credit Card Information

• Germany has accused China of Attack on Critical Infrastructure Since 2021

• BingoMod Android RAT steals money from victims’ bank accounts and wipes data

• Stealer Logs Posted to Telegram – 26,105,473 breached accounts

• Android Mobile Security alert against SMS Stealer Malware

• Germany names China as source of attack on government geospatial agency

• Why CISOs face greater personal liability

• Threat intelligence: A blessing and a curse?

• Practical strategies to mitigate risk and secure SAP environments

• Maritime Cybersecurity: Avoiding the Next DALI

• Airlines are flying blind on third-party risks

• OAuth Vulnerability Exposes 1 Million Websites To XSS Attacks

• Join the Fight: Calling Fintech Leaders to Unite With Federated Learning for Superior Fraud Detection

• Infosec products of the month: July 2024

• ISC Stormcast For Thursday, August 1st, 2024 https://isc.sans.edu/podcastdetail/9078, (Thu, Aug 1st)

• Ransomware infection cuts off blood supply to 250+ hospitals

• Cosmic Bomber is like Bomberman multiplayer meets Web3

• Ransomware infection cuts off blood supply to 250 hospitals

Generated on 2024-08-02 23:55:11.510292