IT Security News Daily Summary 2024-08-12

• SAFECOM Membership Spotlight ft. Red Grasso, North Carolina Department of Information Technology

• How to conduct a mobile app security audit

• FBI takes down ransomware gang that hacked dozens of companies

• Harnessing LLMs for Automating BOLA Detection

• The biggest data breaches in 2024: 1 billion stolen records and rising

• Federal Appeals Court Finds Geofence Warrants Are “Categorically” Unconstitutional

• USENIX Security ’23 – Automated Security Analysis of Exposure Notification Systems

• Disposing of an old Windows laptop? Here’s the safest way to erase your personal data (for free!)

• Attacker steals personal data of 200K+ people with links to Arizona tech school

• DOJ Shuts Down Another North Korean ‘Laptop Farm’

• A FreeBSD flaw could allow remote code execution, patch it now!

• The UK Erupts in Riots as Big Tech Stays Silent

• Apple’s ToolSandbox reveals stark reality: Open-source AI still lags behind proprietary models

• Black Hat and DEF CON Roundup 2024: CrowdStrike Accepts ‘Epic Fail’ Award

• Flashpoint CEO: Cyber, physical security threats converging

• Justice Department Disrupts North Korean ‘Laptop Farm’ Operation

• AppViewX Automated Certificate Management for PingAccess

• News alert: Criminal IP and Maltego team up to broaden threat intelligence data search

• India’s Largest Crypto Theft: INR 2,000 Crore Stolen from WazirX Exchange Wallet

• Vulnerability Summary for the Week of August 5, 2024

• AI girlfriends want to know all about you. So might ChatGPT (Lock and Code S05E17)

• Attacker steals personal data of 200k+ people with links to Arizona tech school

• Ransomware gangs doxing family members of victims

• Several Vulnerabilities Found in Google’s Quick Share Data Transfer Utility

• Data Fusion: Enhancing Interoperability, Privacy, and Security

• Secureworks Fills Australian Mid-Market Demand for Simplified Cyber Security Solutions

• 18-Year-Old Vulnerability in Firefox and Chrome Actively Exploited in Cyber Attacks

• Researchers Demonstrate How Attackers Can Exploit Microsoft Copilot

• Vulnerability in Windows Driver Leads to System Crashes

• 5,000 WordPress Sites Affected by Unauthenticated Remote Code Execution Vulnerability in JS Help Desk WordPress Plugin

• Telegram Bot Selling Phishing Tools to Bypass 2FA & Hack Microsoft 365 Accounts

• Google Manifest V3 and Malwarebytes Browser Guard

• Harnessing the Power of AI to Improve Operations

• HYAS Investigates Threat Actors Hidden In Gaming Services

• High-Risk Cloud Exposures Surge Due to Rapid Service Growth

• Taking Steps to Prepare for Quantum Advantage

• The Need for Application Security Testing

• Mega money, unfathomable violence pervade thriving underground doxxing scene

• The Value in Root Cause Analysis for Vulnerability Management

• Trump Campaign Hack Points to Growing U.S. Election Threats

• Russia Blocks Signal App Citing Violation Of Laws

• Criminal IP and Maltego Collaborate to Broaden Threat Intelligence Data Search

• Dashlane vs Lastpass: 2024 Password Manager Comparison

• Malware-as-a-Service and Ransomware-as-a-Service Lower Barriers for Cybercriminals

• DARPA Awards $14m to Seven Teams in AI Cyber Challenge

• Australian Gold Mining Company Reports Ransomware Attack

• Critical AWS Services Vulnerability Let Attackers Execute Remote Code

• Imperva Security Efficacy and Operational Efficiency Leads the Industry in SecureIQLab’s Cloud WAAP Comparative Report

• UN Cybercrime Treaty Passes in Unanimous Vote

• 200k Impacted by East Valley Institute of Technology Data Breach

• Chrome, Edge users beset by malicious extensions that can’t be easily removed

• Google Patches Critical Vulnerabilities in Quick Share After Researchers’ Warning

• Hackers Exploiting WinRAR Flaw To Attacks Windows & Linux(ESXi) Machines

• Check Point and Cybrary: Empowering Customers with Cutting-Edge Cyber Security Training

• Digital Pioneers: Why Today’s Youth is the Best Generation to Support Cyber Security of the Future

• Common Business-Related Phishing Scams Include Fake HR and IT Subject Lines

• Shorter TLS Certificate Lifespans Expected to Complicate Management Efforts

• Critical 1Password Flaws May Allow Hackers to Snatch Users’ Passwords

• Survey: Cybersecurity Teams Investing in Automation to Reduce Noise Levels

• How Phishing Attacks Adapt Quickly to Capitalize on Current Events

• UN Adopts Controversial Cybercrime Treaty

• Shedding Light on The Dark Web: Enhancing Cybersecurity Through Proactive Monitoring

• How to spot phishing in the age of AI

• What skills can cyber security experts develop to adapt to AI and quantum computing?

• Sonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on Users

• Researcher Saves Six Companies from Ransomware by Exploiting Security Flaws in Ransomware Gangs’ Infrastructure

• The Missing Piece of SASE — Prisma Access Browser — Now Available

• CrowdStrike Pursuing Deal to Buy Patch Management Specialist Action1

• Indirect prompt injection in the real world: how people manipulate neural networks

• SaaS Apps Present an Abbreviated Kill Chain for Attackers

• Microsoft Found OpenVPN Bugs That can be Chained to Achieve RCE and LPE

• Bipartisan Bill to Tighten Vulnerability Disclosure Rules for Federal Contractors

• FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability

• The AI Hangover is Here – The End of the Beginning

• Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems

• Worried about the Windows BitLocker recovery bug? 6 things you need to know

• The best hacks and security research from Black Hat and Def Con 2024

• Earth Baku’s Latest Campaign Expands its Reach to Europe, the Middle East, and Africa

• Russia Microsoft Hack Accessed Home Office Data

• Ransomware Group BlackSuit Upgrades Capabilities

• Starliner Astronauts May Use SpaceX For Return Trip

• Cisco ‘Planning Second Round’ Of Major Job Cuts

• Policing the Metaverse

• NCSC to Build Nation-Scale Evidence Base for Cyber Deception

• Multi-Factor Authentication Policy

• How Organizations Can Prevent Their Employees Falling for Cyber Scams

• Norton Secure VPN vs NordVPN (2024): Which VPN Is the Best?

• Taxonomy of Generative AI Misuse

• SSHamble: Open-Source Security Testing of SSH Services

• Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)

• How Network Segmentation can Strengthen Visibility in OT Networks

• Update: Exploit Released for Cisco SSM Bug Allowing Admin Password Changes

• Industry Moves for the week of August 12, 2024 – SecurityWeek

• The UN Is Moving to Fight Cybercrime but Privacy Groups Say Human Rights Will Be Violated

• AI Integration, Budget Pressures Challenge CISOs

• Cybersecurity News: Iran election interference, AMD SinkClose flaw, ADT break-in

• Google’s Quick Share Vulnerabilities Let Attackers Execute Remote Code

• Find Your Best Fit: Solving the Cybersecurity Framework Puzzle

• Scams: Understanding vulnerabilities and protective strategies

• EastWind campaign targets Russian organizations with sophisticated backdoors

• Nearly 200 Firms Have Signed Pledge to Build More Secure Software, Top Cyber Official Says

• Latrodectus and ACR Stealer Observed Spreading via Google Authenticator Phishing Site

• Resecurity unveils new AI-driven Fraud Prevention Platform

• Microsoft Reveals Iranian US Election Interference Ops

• Analysis of Data Exfiltration Tools Used by Threat Actors

• Evolve your cloud security knowledge

• Man in Dock Accused of Breaking Hi-Tech Export Controls

• Vulnerabilities in Solar Power Management Platform can Lead to Blackouts

• AI and the Legal Framework: A Critical Turning Point

• A week in security (August 5 – August 11)

• Empowering youth worldwide toward a more sustainable and digitally resilient future

• Botnet 7777: Are You Betting on a Compromised Router?

• Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

• Leeds Man Jailed For Inciting Violence On Facebook

• Emerging Exfiltration Tools Highlight Growing Threats to Enterprise Data

• New Malware Strains Pop Up in Threat Landscape

• Fake WinRar Websites Distributing Malware Payloads Hosted on GitHub

• New Widespread Extension Trojan Malware Campaign

• Experts Find Sinkclose Bug in Millions of AMD Processors, Hard to Patch

• Authorities Arrested Two Admins of WWH-Club Stolen Credit Card Marketplace

• Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE

• The Importance of APIs/API Security in Financial Services

• Over 15,000 hard coded secrets found by researcher at Defcon: Cyber Security Today for Monday, August 12, 2024

• Trump campaign cites Iran election phish claim as evidence leaked docs were stolen

• Microsoft issues alert against email phishing attack to influence US 2024 Elections

• The Importance of Zero Touch in Cloud Security

• 74% of ransomware victims were attacked multiple times in a year

• Scout Suite: Open-source cloud security auditing tool

• EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files

• Misconfigurations and IAM weaknesses top cloud security concerns

• Steps to improve quality engineering and system robustness

• The UN unanimously agrees that cybercrime is bad, mkay?

• ISC Stormcast For Monday, August 12th, 2024 https://isc.sans.edu/podcastdetail/9092, (Mon, Aug 12th)

• Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts

• Video: Same Origin, CORS, DNS Rebinding and Localhost, (Mon, Aug 12th)

• USENIX Security ’23 – VulChecker: Graph-based Vulnerability Localization in Source Code

• IT Security News Weekly Summary – Week 32

• IT Security News Daily Summary 2024-08-11

• DevSecOps Teams Face Regular Outages, Cyberattacks, and Data Breaches

• CrowdStrike accepts award for ‘most epic fail’ after global IT outage

• Foreign nation-state actors hacked Donald Trump’s campaign

• ‘0.0.0.0 Day’ Vulnerability Puts Chrome, Firefox, Mozilla Browsers at Risk

• CrowdStrike Explains Root Cause of Globat IT Outage

• Open source tools to boost your productivity

• Book Review: ‘Why Cybersecurity Fails in America’

• BlackSuit Ransomware: A New Threat on the Rise

• Samsung Announced New Bug Bounty Program For Galaxy Devices

• Researchers Demonstrate Windows Downgrade Attacks At Black Hat 2024

• National Public Data Hacked: Personal Information of Millions at Risk

• Exposing the Business of Doxing and Its Perils

• Unsolicited ‘Offensive’ Political Emails Stir Data Privacy Concerns in East London

• Maximizing Cybersecurity Impact Within Budget Constraints

• QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share

• Watch Out For The New BingoMod Android Trojan

• Latest MacOS Sequoia Update Restricts Gatekeeper Control

• Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys

• Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION

• SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6

• ADT disclosed a data breach that impacted more than 30,000 customers

• Week in review: Tips for starting your cybersecurity career, Patch Tuesday forecast

• Cybersecurity Insiders Q&A: SonicWall President and Chief Executive Officer Robert VanKirk

• Donald Trump’s Campaign Says Its Emails Were Hacked

• Shadow – 543,295 breached accounts

Generated on 2024-08-12 23:55:08.210416