IT Security News Daily Summary 2024-08-22

• Innovator Spotlight: Cigent

• Innovator Spotlight: ExtraHop

• Innovator Spotlight: Upwind

• Innovator Spotlight: Normalyze

• Innovator Spotlight: Harmonic Security

• Inside the CCNA v1.1 exam update: AI, machine learning, and more

• Innovator Spotlight: AppSOC

• Setting Up CORS and Integration on AWS API Gateway Using CloudFormation

• U.S. CISA adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog

• Report: Manufacturing Remains Atop Cyberattack Leader Board

• No, not every Social Security number in the U.S. was stolen

• Tesla Gigafactory Near Berlin Saw 500,000 Trees Felled – Report

• Microsoft Delays Recall Launch for Windows Insider Members Until October

• Cyber Security and IT Leadership: A Growing Threat to Australia’s Renewable Energy Efforts

• CrowdStrike exec refutes Action1 acquisition reports

• Are virtual machines safe for end users?

• SolarWinds fixed a hardcoded credential issue in Web Help Desk

• CrowdStrike deja vu as ‘performance issue’ leaves systems sluggish

• Oil Giant Halliburton Confirms Cyber Incident, Details Scarce

• Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk

• Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide

• OpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?, (Thu, Aug 22nd)

• California Reaches Deal With Google Over Journalism Legislation

• Fur Affinity Website Hacked in DNS Hijacking Attack

• Ecovacs says it will fix bugs that can be abused to spy on robot owners

• Halliburton probes ‘an issue’ disrupting business ops

• China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches

• CISA Warns of Critical SolarWinds RCE Vulnerability Exploited in Attacks

• INE Security Launches Initiatives to Invest in the Education of Aspiring Cybersecurity Professionals

• Wordfence Intelligence Weekly WordPress Vulnerability Report (August 12, 2024 to August 18, 2024)

• Ransomware attack on Halliburton America

• Waymo Doubles Weekly Paid Robotaxi Trips Since May

• Protect Your Alerts: The Importance of Independent Incident Alert Management

• Hundreds of online stores hacked in new campaign

• I crashed my iPhone with these four characters so you don’t have to

• Incident Response by the Numbers

• Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware

• CNAPP and ASPM — Friends or Foes?

• Hackers Spread Disinformation to undermine Taiwan’s Military

• Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control

• How Securing APIs Factors into DORA Compliance

• Google patches actively exploited zero-day in Chrome. Update now!

• How to avoid common mistakes when adopting AI

• Understanding the ‘Morphology’ of Ransomware: A Deeper Dive

• Lawsuits Pile Up Against Florida-Based Data Firm After Security Breach

• QNAP releases QTS 5.2 to prevent data loss from ransomware threats

• New ‘ALBeast’ Vulnerability Exposes Weakness in AWS Application Load Balancer

• Cthulhu Stealer Malware Targets macOS With Deceptive Tactics

• PEAKLIGHT: Decoding the Stealthy Memory-Only Malware

• FlightAware Confirmed Data Breach Happened Due To Configuration Error

• Hackers Distribute FakeBat Loader Via Fake Software Installers

• Unpatched Vulnerabilities In Microsoft macOS Apps Pose Significant Threat

• Dr Mike Lynch Confirmed Dead, As Search For Daughter Continues

• As Microsoft breaks awkward silence around its controversial Recall feature, privacy questions remain

• The Linux security team issues 60 CVEs a week, but don’t stress. Do this instead

• How frictionless authentication works in online payments

• Cookie Theft: What Is It & How to Prevent It

• Rockwell Automation Emulate3D

• MOBOTIX P3 and Mx6 Cameras

• Rockwell Automation 5015 – AENFTXT

• Post-quantum Cryptography in 2024

• When Compliance Fails: Eye-Opening Incidents in GRC You Need to Know

• How AI and Machine Learning Are Revolutionizing Cybersecurity

• Critical LiteSpeed Cache Plugin Flaw CVE-2024-28000 Sparks a Surge in Cyberattacks

• Costa Rican Authorities Issue Warning as Social Media Identity Theft Cases Double

• Navigating Without GPS: Quantum Breakthroughs and Their Impact

• Enzoic for Active Directory enhancements help teams identify and remediate unsafe credentials

• FAA Admits Gaps in Aircraft Cybersecurity Rules: New Regulation Proposed

• Enhancing Phishing and Malware Detection with ssdeep Fuzzy Hashing

• The Skills Gap Leaves Organizations Open to New Threats and Vulnerabilities

• Prism Infosec PULSE bridges the gap between penetration testing and red teaming

• Anomali announces expanded capabilities for Copilot

• Over 3400 High and Critical Cyber Alerts Recorded in First Half of 2024

• From Crisis to Catalyst: A CEO’s Lessons Learned from A Cybersecurity Incident

• Typing just four characters could crash your iPhone

• Low Media Literacy: A Risk to Australia’s Cybersecurity Landscape

• Atlassian Patches Vulnerabilities in Bamboo, Confluence, Crowd, Jira

• Microsoft again ranked number one in modern endpoint security market share

• US Microchip Giant Hit by Cyberattack, Disrupting Operations

• The best free antivirus software of 2024: Expert tested

• Australian Digital ID: TEx System Poised to Boost Security By Sharing Less Data With Businesses

• Ransomware batters critical industries, but takedowns hint at relief

• How Multifactor Authentication (MFA) Can Reduce Your Cyber Attacks Risk?

• Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)

• Company Fined $1m for Fake Joe Biden AI Calls

• US Oilfield Firm Halliburton Hit By Cyberattack

• Wallarm API Attack Surface Management mitigates API leaks

• US Safety Probe Into GM’s Cruise Shut Down

• Transform Your CAD Workflow with Parametric Modeling

• Get Advanced Ad Blocking and Superior Data Privacy Tools for Just $11

• Entrepreneurs Must Be Value-Focussed, Tech-Positive, and People-Oriented

• Bridging the UK Skills Gap in the Tech Sector

• Ingress-NGINX Annotation Validation Bypass Flaw (CVE-2024-7646) Allows Command Injection

• This uni thought it would be a good idea to do a phishing test with a fake Ebola scare

• The Facts About Continuous Penetration Testing and Why It’s Important

• The Chiplet’s Path to Victory

• From The Ground Up – Addressing Core Inefficiencies in The UK Public Sector

• Memory corruption vulnerabilities in Suricata and FreeRDP

• Critical Flaw in LiteSpeed Cache Plugin Actively Exploited: Over 30,000 Attacks Blocked in 24 Hours

• Google Fixes Ninth Chrome Zero-Day Exploited in Attacks This Year

• Kick off early Octoberfest with an EUC-fest

• Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites

• Novel Android Malware Steals Card NFC Data For ATM Withdrawals

• Security Flaws in UK Political Party Donation Platforms Exposed

• What Triggers a CISO?

• Navigating the Challenges of AI in Software Development: A Call to Action to Comply with the EU AI Act

• The 8 Most Common Website Design Mistakes According to Pros

• MegaMedusa, RipperSec’s Public Web DDoS Attack Tool

• Securing the Future: FIPS 140-3 Validation and the DISA STIG for AlmaLinux OS

• Critical SLUBStick Exploitation Technique Threatens Linux Security

• Cybersecurity News: Japanese auto security, Feds tap encrypted messages, Microsoft breaks Linux dual-booting

• Google addressed the ninth actively exploited Chrome zero-day this year

• A cyberattack disrupted operations of US chipmaker Microchip Technology

• Android malware uses NFC to steal money at ATMs

• New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)

• Backdoor in Mifare Smart Cards Could Open Doors Around the World

• GitHub fixed a new critical flaw in the GitHub Enterprise Server

• The Surge of Identity and Access Management (IAM): Unveiling the Catalysts

• LibreOffice 24.8: More privacy, interoperability improvements

• How to recover deleted files on your Windows PC

• NCC Group: Ransomware down in June, July YoY

• Extortion Campaign Targets 110,000 Domains Using Exposed AWS Files

• Innovative Phishing Campaign Targets Mobile Users with PWAs

• Cisco calls for United Nations to revisit cyber crime Convention

• Google Cloud to offer enhanced security with Simplicity and Convergence

• 3 Cybersecurity Trends for 2025

• The Golden Age of Impersonation: The Dual Role of AI in Cyber Attacks & Cyber Defense

• GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges

• Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access

• Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild

• Palo Alto Networks Shines Light on Application Services Security Challenge

• A survival guide for data privacy in the age of federal inaction

• New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining

• WAF Cloud Authentication Issue Troubleshooting

• Why C-suite leaders are prime cyber targets

• Most ransomware attacks occur between 1 a.m. and 5 a.m.

• Foiling bot attacks with AI-powered telemetry

• The Great Cloud Security Debate: CSP vs. Third-Party Security Tools

• GenAI models are easily compromised

• ISC Stormcast For Thursday, August 22nd, 2024 https://isc.sans.edu/podcastdetail/9108, (Thu, Aug 22nd)

• Bangladeshi Hackers Deface India’s Zee Media Website for Mocking Floods

• You probably want to patch this critical GitHub Enterprise Server bug now

• Best Practices for Event Logging and Threat Detection

• How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack

• Fraudulent Slack ad shows malvertiser’s patience and skills

• Authentication and Authorization in Red Hat OpenShift and Microservices Architectures

• IT Security News Daily Summary 2024-08-21

• From Offices to Hotels: Backdoor in Contactless Key Cards Enables Mass Cloning

• My child had her data stolen—here’s how to protect your kids from identity theft

• Publisher’s Spotlight: Cyera

• What Gartner’s 2024 hype cycle forecast tells us about the future of AI (and other tech)

• Stadiums Are Embracing Face Recognition. Privacy Advocates Say They Should Stick to Sports

• Experts disclosed a critical information-disclosure flaw in Microsoft Copilot Studio

• New PG_MEM Malware Targets PostgreSQL Databases to Mine Cryptocurrency

• An explanation of cybersecurity

• The ultimate contact center security checklist

• Geofence Warrants Are ‘Categorically’ Unconstitutional | EFFector 36.11

• Gartner Report: Implement a Continuous Threat Exposure Management (CTEM) Program

• Backdoor in RFID Cards for Offices, Hotels Can Lead to Instant Cloning

• CMA Drops Apple, Google App Store Investigations

• Ford Pulls Back On EV Spending

• Securing Federal Systems

• Typing these four characters could crash your iPhone

• North Korea-linked APT used a new RAT called MoonPeak

• Publisher’s Spotlight: Cranium

• What’s New in CodeSonar 8.2

• Randall Munroe’s XKCD ‘Ferris Wheels’

• The best identity theft protection and credit monitoring services of 2024

• CISA Adds Four Known Exploited Vulnerabilities to Catalog

• 110K domains targeted in ‘sophisticated’ AWS cloud extortion campaign

• Critical Authentication Flaw Haunts GitHub Enterprise Server

• Fintechs Encouraged to Join National Cyber Fraud Reporting System

• North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign

• Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data

• Telegram and WhatsApp suffer downtime in Russia due to DDoS

• Four Bodies Found In Yacht Wreck Amid Search For Mike Lynch

• More than 3 in 4 Tech Leaders Worry About SaaS Security Threats, New Survey Reveals

• AI in OT Security — Balancing Industrial Innovation and Cyber Risk

• Cyberattack Disrupts Microchip Technology’s Activity

• How Should Your MSP Deal With the ‘Small Client Problem’?

• Critical LiteSpeed Cache Plugin Flaw Exposes WordPress Sites

• New MoonPeak RAT Linked to North Korean Threat Group UAT-5394

• Shaping the legacy of partnership between government and private sector globally: JCDC

• The US Government Wants You—Yes, You—to Hunt Down Generative AI Flaws

• Translating Cybersecurity Jargon into Business Speak

• Publishers Spotlight: Cranium

• Russia tells citizens to switch off home surveillance because the Ukrainians are coming

• Arden Claims Service Reports Data Breach, 139,000 Affected

• Patch Tuesday not Done ’til LINUX Won’t Run?

• How Pen Testing is Evolving and Where it’s Headed Next

• Flight Aware User Data Leaked Following Misconfiguration

• Chemical Giant Orion Loses $60 Million in Email Scam

• Encryption in transit over external networks: AWS guidance for NYDFS and beyond

• Over 5,000,000 Site Owners Affected by Critical Privilege Escalation Vulnerability Patched in LiteSpeed Cache Plugin

• Anthropic Sued For Copyright Infringement By Authors

• Man certifies his own (fake) death after hacking into registry system using stolen identity

• Don’t panic! It’s only 60 Linux CVE security bulletins a week

• How to Use LastPass: Complete Guide for Beginners

• Why the UN Convention Against Cybercrime Requires a Second Look

• Story of an Undercover CIA Agent who Penetrated Al Qaeda

• Rethinking Cyber-Physical Systems Security in the Age of Industry 4.0

• T-Mobile Customers Alarmed by Unfamiliar Support Links, But They Are Legitimate

• Bangladeshi SIM Box Fraud Uncovered in Major Odisha Operation

• Critical Jenkins RCE Vulnerability: A New Target for Ransomware Attacks

• Entrust KeyControl as a Service provides organizations with control of their cryptographic keys

• HITRUST unveils AI Risk Management Assessment solution

• Oregon Zoo Warns Over 100,000 Customers of Payment Card Compromise

• Australia Calls Off Clearview AI Investigation Despite Lack of Compliance

• Embed API Security into Regulatory Compliance: Six Examples to Watch

• Introducing Automatic URL Categorization: Enhanced Security and Efficiency

• The AI Revolution: Transforming Technology and Reshaping Cybersecurity

• Critical Remote Code Execution Vulnerability Addressed in GiveWP Plugin

• PostgreSQL databases under attack

• National Public Data leaked passwords online

• McAfee unleashes AI deepfake audio detector – but how reliable can it be?

• TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset

• Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue

• Survey Surfaces Growing SaaS Application Security Concerns

• CISA to Get New Headquarters as $524M Contract Awarded

• 1-15 May 2024 Cyber Attacks Timeline

• Researcher Details Microsoft Outlook Zero-Click Vulnerability (CVE-2024-38021)

• Four Essential Tips for Building a Robust REST API in Java

• Critical Heap Overflow Vulnerability Discovered in FFmpeg, PoC Published

• TLS Bootstrap Attack on Azure Kubernetes Services can Leak Sensitive Credentials

• Google Cloud Unveils New Security Services and Capabilities

• Tesla To Receive Lower EU Tariff For Chinese-Made EVs

• ALBeast: Misconfiguration Flaw Exposes 15,000 AWS Load Balancers to Risk

• CISA Adds One Known Exploited Vulnerability to Catalog

• RightCrowd introduces Mobile Credential Management feature

• New macOS Malware TodoSwift Linked to North Korean Hacking Groups

• Styx Stealer Creator’s OPSEC Fail Leaks Client List and Profit Details

• It’s Time To Untangle the SaaS Ball of Yarn

• Microchip Technology apparently impacted by ransomware attack

• The Rise of Kerberoasting: A New Cyber Threat on the Horizon

• Exploits and vulnerabilities in Q2 2024

• New Msupedge Backdoor Targeting Taiwan Employs Stealthy Communications

• Healthcare Hit by a Fifth of Ransomware Incidents

• Sky Signs Full Fibre Broadband Partnership With CityFibre

• Toyota confirms customer and employee data stolen, says breach at third party to blame

• The 6 Best Malware Removal Software Providers for 2024

• RCE Vulnerability in Atlassian Bamboo Data Center and Server

• Mastering Data Visibility for Secure AI Adoption with Cyera

• MoonPeak malware from North Korean actors unveils new details on attacker infrastructure

• Autoencoder Is All You Need: Profiling and Detecting Malicious DNS Traffic

• Microchip Technology manufacturing facilities impacted by cyberattack

• Cybersecurity News: Toyota third-party breach, Hawaii registry hack, Iran disrupting campaigns

• Pro-Russia group Vermin targets Ukraine with a new malware family

• Spring Security Flaw Leaves Applications Open to Unauthorized Access

• Cyberattack Disrupts Microchip Technology Manufacturing Facilities

• Most Ransomware Attacks Now Happen at Night

• Tips to Help Leaders Improve Cyber Hygiene

• Understanding Managed Service Providers (MSPs): Choosing the Right Provider

• Rising Abuse of URL Rewriting in Phishing

• Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove

• Microchip Technology Says IT Incident Impacted Operations

• Over 10,000 WordPress Sites at Risk: Critical File Deletion Flaw Found in InPost Plugins

• Deadbeat dad faked his own death by hacking government databases

• McAfee Deepfake Detector combats AI scams and misinformation

• How to Use BitDefender VPN on Any Device: 2024 Tutorial

• Transforming underserved communities and fostering sustainable growth through entrepreneurial endeavors

• A backdoor in millions of Shanghai Fudan Microelectronics RFID cards allows cloning

• McAfee Unveils Tool to Identify Potential Deep Fakes

• CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait

• Ransomware hits record high amounts: Cyber Security Today for Tuesday, August 21, 2024

• US Intelligence Agencies Warn of Iranian Election Influence Efforts

• FlightAware Notifies Users of Data Security Incident

• Cyberattack Forces Microchip Technology to Scale Back Amid Global Chip Race

• Publishers Spotlight: Bedrock Security

• OpenCTI: Open-source cyber threat intelligence platform

• GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk

• Experts Weigh In on the NPD Breach and Its Implications

• The Hidden Threat of Shadow AI

• Food security: Accelerating national protections around critical infrastructure

• Cybersecurity jobs available right now: August 21, 2024

• Why I Joined Balbix: Embracing the AI-Powered Future of Cybersecurity

• Average DDoS attack costs $6,000 per minute

• ISC Stormcast For Wednesday, August 21st, 2024 https://isc.sans.edu/podcastdetail/9106, (Wed, Aug 21st)

• Singapore updates OT security blueprint to focus on data sharing and cyber resilience

• Chipmaker Microchip reveals cyber attack whacked manufacturing capacity

• Mapping Threats with DNSTwist and the Internet Storm Center [Guest Diary], (Tue, Aug 20th)

Generated on 2024-08-22 23:55:09.900364