IT Security News Daily Summary 2024-08-20

• What is cloud detection and response (CDR)?

• Building a Semantic Web Search App Using Resource Description Framework and Flask for Cyber Resilience

• Czech Mobile Users Targeted in New Banking Credential Theft Scheme

• Detecting AWS Account Compromise: Key Indicators in CloudTrail Logs for Stolen API Keys

• Why you need to know about ransomware

• Can someone tell if I block their number?

• Darktrace Co-founder Mike Lynch Presumed Dead After Superyacht Sinks

• Black Hat 2024, Day 2: Charting the Future of Cybersecurity

• Cisco employees face a month of silence ahead of second layoff in 2024

• Ransomware payments rose from $449.1 million to $459.8 million

• U.S. agencies attribute Trump campaign hack to Iran

• Should small businesses worry about the NIS2 Directive in Europe?

• Previously unseen Msupedge backdoor targeted a university in Taiwan

• Africa’s Economies Feel Pain of Cybersecurity Deficit

• Major Backdoor in Millions of RFID Cards Allows Instant Cloning

• Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #304 – Fail Fast

• Agentless is a DAM Better Option for Securing Cloud Data

• To Improve Your Cybersecurity Posture, Focus on the Data

• AI-Enhanced Crypto Scams: A New Challenge for ASIC

• Lessons for Banks from the Recent CrowdStrike Outage

• Novel Phishing Method Used in Android/iOS Financial Fraud Campaigns

• Germany offers Cybersecurity Labels for mobile devices

• TodoSwift Malware Targets macOS, Disguised as Bitcoin PDF App

• How Data Encryption Can Simplify Infrastructure Architecture

• Strengthening Your Cyber Defenses: The Critical Role of Defensive Training

• Hackers Linked to $14M Holograph Crypto Heist Arrested in Italy

• Publishers Spotlight: ForAllSecure

• Plane tracker FlightAware admits user passwords, SSNs exposed for years

• New DNS-Based Backdoor Threat Discovered at Taiwanese University

• Edge Computing and 5G: Emerging Technology Shaping the Future of IT

• National Public Data Breach: Only 134 Million Unique Emails Leaked and Company Acknowledges Incident

• How to Get a VPN on Any Device (+ Installation Tips)

• US government accuses Iran of Trump campaign hack; Iran scoffs

• Your Journey to Mastery with Black Belt Training: A Comprehensive Guide for Cisco Partners

• Russia-linked Vermin Hackers Target Ukraine With new Malware Strain

• UK: NCSC Opens Cyber Resilience Audit Scheme to Applicants

• Plane-tracking app admits user passwords, SSNs exposed for over 3 years

• Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover

• USENIX Security ’23 – Pspray: Timing Side-Channel Based Linux Kernel Heap Exploitation Technique

• INE Security Alert: The Steep Cost of Neglecting Cybersecurity Training

• New Report Reveals Rising Attacks on macOS Systems

• Here’s Why Ransomware Actors Have a Upper Hand Against Organisations

• Timeline of the Ransomware Attack on Change Healthcare: How It Unfolded

• Iranian Group TA453 Launches Phishing Attacks with BlackSmith

• Where are we with CVE-2024-38063: Microsoft IPv6 Vulnerability, (Tue, Aug 20th)

• Cost of a data breach: The industrial sector

• Securing Catalyst Center: ISO Certified

• OpenAI Kills Iranian Accounts Spreading Us Election Disinformation

• Common API Security Issues: From Exposed Secrets To Unauthorized Access

• Fortanix protects individual file systems on specified hosts

• New phishing method targets Android and iPhone users

• New Styx Stealer Attacking Users to Steal Login Passwords

• “We will hold them accountable”: General Motors sued for selling customer driving data to third parties

• Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds

• Three-Quarters of Companies Retain An Increasing Amount of Sensitive Data, Report Finds

• Bitdefender vs Kaspersky: Comparing Top EDR Solutions in 2024

• Digital Wallets can Allow Purchases With Stolen Credit Cards

• Publishers Spotlight: Endari

• Your Company Culture Can Become A Powerful Cybersecurity Resource

• Hackers Could Exploit Microsoft Teams on macOS to Steal Data

• MegaMedusa, Highly Scalable Web DDoS Attack Tool Used By Hacker Groups

• Backdoor MIFARE Smart Cards Exposes User-Defined Keys On Cards

• Digital Wallets Bypassed To Allow Purchase With Stolen Cards

• x64dbg: Open-Source Binary Debugger for Windows

• All-in-One: How Cynet is Revolutionizing Cybersecurity for MSPs

• Survey Surfaces Widespread Mishandling of Sensitive Data

• 0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)

• Approach to mainframe penetration testing on z/OS

• Chrome Will Redact Credit Cards, Passwords When You Share Android Screen

• Xeon Sender Enables Large-Scale SMS Spam Attacks Using Legitimate SaaS Providers

• Fabric Cryptography Raises $33 Million for VPU Chip

• RansomHub Deploys EDRKillShifter Malware to Disable Endpoint Detection Using BYOVD Attacks

• Hacking Wireless Bicycle Shifters

• How Exceptional CISOs Are Igniting the Security Fire in Their Development Team

• Multi-Domain vs Wildcard SSL Certificates: Differences & Uses

• Overturning of Chevron Deference’s Impact on Cybersecurity Regulation

• Vermin Cyber-Attacks Target Ukraine, Exploiting Kursk Battle

• Comprehensive Threat Protection Strategies for Microsoft 365 Environments

• 2GB variant of Raspberry Pi Launched for Just $50

• Authentik: Open-Source Identity Provider

• Multiple Microsoft Apps for macOS Vulnerable to Library Injection Attacks

• Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera

• Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware

• Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters

• Anatomy of an Attack

• Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor

• Iran Behind Trump Campaign Hack, US Government Confirms

• The Metaverse Won’t Die: Embracing the Future of Work and Connection

• Artificial intelligence, real anxiety: Why we can’t stop worrying and love AI

• Update: Ransomware Attack on Indian Payment System Traced Back to Jenkins Bug

• GuidePoint Security releases Phishing as a Service

• I Said I Was Technically a CISO, Not a Technical CISO

• Palo Alto Networks Forecasts Strong Security Demand

• South Korean AI Chip Makers Sapeon, Rebellions To Merge

• Update: US Agencies Attribute Presidential Campaign Cyberattacks to Iran

• Ubuntu Addresses Multiple OpenJDK 8 Vulnerabilities

• Cybersecurity News: National Public Data breach update, Flaws in macOS apps, FlightTracker configuration issue

• UK Businesses Face New Cyber-Attacks Every 44 Seconds in Q2 2024

• Securing Infrastructure as Code: Best Practices for State Management

• Vulnerability Recap 8/20/24 – Microsoft Has the Spotlight This Week

• Oracle NetSuite misconfiguration could lead to data exposure

• Microsoft Mandates MFA for all Azure Sign-Ins

• CISA Adds Jenkins CLI Bug to its Known Exploited Vulnerabilities Catalog

• Jewish Home Lifecare Notifies 100,000 Victims of Ransomware Breach

• Former Congressman Santos Admits Identity Theft and Fraud

• Mike Lynch Co-Defendant Dies In Car Accident

• 2.9 Billion Records Exposed in NPD Breach: How to Stay Safe

• Cybercriminals Exploit Paris Olympics With Fake Domains

• Ukrainian Bank’s Service for Military Donations Targeted by ‘Massive’ DDoS Attack

• Google Pixel Devices Found Vulnerable Due To Pre-Installed App

• Google Pledges To Strengthen Privacy With Gemini AI

• Shanghai Doubles Size Of Chip Investment Fund

• AMD To Buy Server Maker ZT Systems Amidst AI Battle

• Unauthenticated RCE in WordPress Plugin Exposes 100,000 WordPress Sites

• Toyota disclosed a data breach after ZeroSevenGroup leaked stolen data on a cybercrime forum

• 10 Strategies for Safely Migrating a Data Center on a Limited Budget

• NEWS ANALYSIS Q&A: The early going of Generative AI and LLMs impacting cybersecurity

• X Closes Brazil Office Due To ‘Censorship’

• Autodesk AutoCAD Vulnerability Let Attackers Execute Arbitrary Code

• Iran named as source of Trump campaign phish, leaks

• Google to launch threat detection AI powered feature to all Android phones

• 5 Emerging Malware Variants You Must Be Aware Of

• CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks

• Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information

• Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America

• Ransom Denied: Cyber Insurance Claims Shrink as Businesses Opt for DIY Recovery

• Why a Savvy Security Strategy is Essential | Grip

• Ransomware’s Record Year: 2024 Earnings Soar Amid Overall Cybercrime Dip

• Organizations turn to biometrics to counter deepfakes

• AI for application security: Balancing automation with human oversight

• Strategies for security leaders: Building a positive cybersecurity culture

• Cybercriminals exploit file sharing services to advance phishing attacks

• ISC Stormcast For Tuesday, August 20th, 2024 https://isc.sans.edu/podcastdetail/9104, (Tue, Aug 20th)

• Digital wallets can allow purchases with stolen credit cards

• US Intelligence Officials Say Iran is to Blame for Hacks Targeting Trump, Biden-Harris Campaigns

• Identity Protection That Spans the Entire Attack Lifecycle

• USENIX Security ’23 – Side-Channel Attacks on Optane Persistent Memory

• What You Missed About the CrowdStrike Outage:: The Next Strike Might Be Linux Due to eBPF

• Crypto enthusiasts flood npm with more than 281,000 bogus packages overnight

• Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts

• IT Security News Daily Summary 2024-08-19

• SOCI Act 2024: Thales Report Reveals Critical Infrastructure Breaches in Australia

• Guide to data detection and response (DDR)

• The Windows BitLocker recovery bug is fixed, according to Microsoft

• Announcing new EDR capabilities for Webroot Endpoint Protection

• CISA adds Jenkins Command Line Interface (CLI) bug to its Known Exploited Vulnerabilities catalog

• OpenAI kills Iranian accounts using ChatGPT to write US election disinfo

• test

• Your Android phone is getting an anti-theft upgrade, thanks to AI. How it works

• Too many cloud security tools? Time for consolidation

• MSPs: The Cisco Meraki Approach to Addressing MDU Deployments

• Court to California: Try a Privacy Law, Not Online Censorship

• NO FAKES – A Dream for Lawyers, a Nightmare for Everyone Else

• Multiple flaws in Microsoft macOS apps unpatched despite potential risks

• Extortion Group Exploits Cloud Misconfigurations, Targets 110,000 Domains

• Mike Lynch, Five Others Missing After Yacht Sinks Off Sicily

• SAFECOM and NCSWIC Develop Global Positioning System (GPS) for Public Safety Location Services: Use Cases and Best Practices

• Social Security number data breach: What you need to know

• Researchers uncovered new infrastructure linked to the cybercrime group FIN7

• Daniel Stori’s ‘The War For Port 80’

• Here’s What Businesses Can Learn From a $2 Million Ransomware Attack SEC Settlement

• Zero-Trust Security: The Critical Role of Trust And Human Integrity

• Stolen, locked payment cards can be used with digital wallet apps

• Making sense of secrets management on Amazon EKS for regulated institutions

• CISA Warns Of Active Exploitation Of SolarWinds Web Help Desk Vulnerability

• FlightAware warns that some customers’ info has been ‘exposed,’ including Social Security numbers

• Vulnerability Summary for the Week of August 12, 2024

• How We Transformed Akamai from a CDN to a Cloud and Security Company

• AWS cyber attack exposes over 230 million unique cloud environments

• CrowdStrike outage lessons learned: Questions to ask vendors

• National Public Data Published Its Own Passwords

• Windows Zero-Day Attack Linked to North Korea’s Lazarus APT

• FBI and CISA Assure Public on Election Ransomware Security

• $4,998 Bounty Awarded and 100,000 WordPress Sites Protected Against Unauthenticated Remote Code Execution Vulnerability Patched in GiveWP WordPress Plugin

• Data Security Solution for US Federal Customers

• Hacked GPS tracker reveals location data of customers

• Dodging the Cyber Bullet: Early Signs of a Ransomware Attack

• Cyber Stressed! Top 3 MSP Cybersecurity Challenges [And How to Fix Them]

• Heimdal and ViroSafe Partner to Strengthen Nordic Cybersecurity

• Mandatory MFA is Coming to Microsoft Azure

• USENIX Security ’23 – Cipherfix: Mitigating Ciphertext Side-Channel Attacks in Software

• The Rise of Manual Techniques in Ransomware Attacks: A Growing Threat

• New Tool Xeon Sender Enables Large-Scale SMS Spam Attacks

• “WireServing” Up Credentials: Escalating Privileges in Azure Kubernetes Services

• AI SPERA and Hackers Central Partner to Expand Mexico’s Security Market with ‘Criminal IP ASM’

• If your SSN was leaked online, you should freeze your credit: Here’s how to do that

• Cyber insurance claims fall as businesses refuse ransom payments and recover themselves

• National Public Data Says Breach Impacts 1.3 Million People

• Massive Data Breach Exposes Social Security Numbers of 2.9 Billion People

• Major Data Breach at FlightAware Exposes Pilots and Users’ Information

• Own proactively detects and stores data changes in Salesforce

• Appian helps organizations prepare for current and forthcoming AI regulations

• Microsoft Apps for macOS Exposed to Library Injection Attacks

• Announcing AWS KMS Elliptic Curve Diffie-Hellman (ECDH) support

• Lazarus Hacker Group Exploited Microsoft Windows Zero-day

• Getting to Know Katrin Bauer

• Azure Domains and Google Abused to Spread Disinformation and Malware

• EFF and Partners to EU Commissioner: Prioritize User Rights, Avoid Politicized Enforcement of DSA Rules

• National Public Data tells officials ‘only’ 1.3M people affected by intrusion

• Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware

• New UULoader Malware Distributes Gh0st RAT and Mimikatz in East Asia

• API Security: The Cornerstone of AI and LLM Protection

• Internal And External Threat Intelligence

• Crypto Firm Says Hacker Locked All Employees Out of Google Products for Four Days

• Mad Liberator Gang Uses Fake Windows Update Screen to Hide Data Theft

• Oregon Zoo Ticketing Service Hack Impacts 118,000

• How to Automate the Hardest Parts of Employee Offboarding

• Microsoft Users Rush To Patch Zero-Click TCP/IP RCE Flaw

• Ransomware Resilience Drives Down Cyber Insurance Claims

• Linux Kernal Vulnerability Let Attackers Bypass CPU & Gain Read/Write Access

• Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs

• The Essential Guide to Evaluating Competitive Identity Verification Solutions

• Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks

• How can you check if your SSN was leaked on the dark web after the NPD breach?

• OpenAI Deactivates Accounts Used By Iran Election Influence Group

• Court Narrows Injunction On California Social Media Law

• Millennials’ sense of privacy uniquely tested in romantic relationships

• Supply Chain Security Policy

• CyberGhost vs ExpressVPN (2024): Which VPN Is Better?

• The Pentagon Is Planning a Drone ‘Hellscape’ to Defend Taiwan

• Experts warn of exploit attempt for Ivanti vTM bug

• BlindEagle flying high in Latin America

• Industry Moves for the week of August 19, 2024 – SecurityWeek

• 100,000 Impacted by Jewish Home Lifecare Data Breach

• Combining Continuous Pentesting with Attack Surface Management

• How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions

• Tracki – 372,557 breached accounts

• Thousands of Oracle NetSuite E-Commerce Sites Expose Sensitive Customer Data

• Update: Windows Zero-Day Flaw was Exploited by North Korea-linked Lazarus APT

• Cybersecurity News: Entra forces MFA, another AnyDesk heist, Google Pixel vulnerability

• TikTok Says US Data Not Linked To China

• Texas Instruments Receives $1.6bn In US Gov’t Chip Funding

• Duke of Sussex Speaks Against Online Misinformation

• Shares In EV Maker Ola Spike After Motorcycle Launch

• Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus APT

• Rewriting Hysteria: Rising Abuse of URL Rewriting in Phishing

• Mandatory MFA for Azure sign-ins is coming

• NCSC Opens Cyber Resilience Audit Scheme to Applicants

• Enhancing Internal Controls: Correlation, Mapping, and Risk Mitigation

• 10 Authentication Trends in 2024 and Beyond

• Fast Forward or Freefall? Navigating the Rise of AI in Cybersecurity

• Group-IB partners with SecurityHQ to enhance SOC capabilities

• AMD Patched The Newly Disclosed SinkClose CPU Vulnerability

• ProtonVPN Opens Up Browser Extension Feature To Free Users

• A week in security (August 12 – August 18)

• Unicoin Staff Locked Out of G-Suite in Mystery Attack

• OpenAI takes action against Iranian disinformation campaigns using ChatGPT: Cyber Security Today for Monday, August 19th, 2024

• Epic Games’s Fortnite Returns To Smartphones After Four Years

• Explore Talent (August 2024) – 8,929,384 breached accounts

• The Inefficiency of People-Search Removal Tools, Massive Data Breach Impacting U.S. Citizens

• Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group

• Do you Like Donuts? Here is a Donut Shellcode Delivered Through PowerShell/Python, (Mon, Aug 19th)

• National Public Data Leaks Social Security Numbers of about 2.7 billion populaces

• Top Paying Countries for Cybersecurity Experts

• Researchers Found a New Technique to Defend Cache Side Channel Attacks

• Ransomware Gangs Introduce New EDR-Killing Tool

• National Public Data Admits to Breach Leaking Millions of Social Security Numbers

• Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group

• BeaverTail Malware Attacking Windows Users Via Weaponized Games

• Was your Social Security number leaked to the dark web? Use this tool to find out

• Protecting academic assets: How higher education can enhance cybersecurity

• x64dbg: Open-source binary debugger for Windows

• To improve your cybersecurity posture, focus on the data

• Common API security issues: From exposed secrets to unauthorized access

• ISC Stormcast For Monday, August 19th, 2024 https://isc.sans.edu/podcastdetail/9102, (Mon, Aug 19th)

• Was your SSN leaked to the dark web? Use this tool to find out

• RansomHub-linked EDR-killing malware spotted in the wild

• The Mad Liberator ransomware group uses social-engineering techniques

Generated on 2024-08-20 23:55:09.970568