IT Security News Daily Summary 2024-09-07

• USENIX Security ’23 – (M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels

• Surge in Ransomware Groups Amid Law Enforcement Disruptions in 2024

• U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog

• Can VPN Conceal Torrenting? Is it Safe to Torrent With a VPN?

• Planned Parenthood Cyberattack: How Bad Actors Are Targeting Medical Institutions

• OpenStack Ironic Users Advised to Patch Critical Security Vulnerability

• Critical Security Flaw Discovered in LiteSpeed Cache Plugin for WordPress

• Python & Notepad++, (Sat, Sep 7th)

• Bitcoin ATM scams skyrocket – Week in security with Tony Anscombe

• Enterprise Resilience in the Face of Cyber Risk

• Irish Data Protection Commission Halts AI Data Practices at X

• For security, we have to stop picking up the phone

• Despite cyberattacks, water security standards remain a pipe dream

• Hackers Threaten to Leak Planned Parenthood Data

• A flaw in WordPress LiteSpeed Cache Plugin allows account takeover

• Apache fixes critical OFBiz remote code execution vulnerability

• Veeam Backup & Replication Faces RCE Flaw Allows Full System Takeover

• North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams

• New Stealthy Malware Campaign Dubbed DarkCracks Exploits GLPI and WordPress Sites

• Fog Ransomware Now Targeting the Financial Sector

• FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals

• CyberVolk Ransomware: A New and Evolving Threat to Global Cybersecurity

• Penpie DeFi platform files reports with FBI, Singapore police after $27 million crypto theft

• Protecting NATO Secret and Foreign Government Information

• Talking DSPM: Episode 4 – Dr. Mohit Tiwari

• Chinese APT Abuses VSCode to Target Government in Asia

• Car rental company Avis discloses a data breach

• School Monitoring Software Sacrifices Student Privacy for Unproven Promises of Safety

• My Journey To CTO for Imperva App Sec

• Google says replacing C/C++ in firmware with Rust is easy

• IT Security News Daily Summary 2024-09-06

• Critical GeoServer Vulnerability Exploited in Global Malware Campaign

• Live Video of Promachoteuthis Squid

• Cyber Security Today – Week In Review for the September 7th, 2024

• Top API risks and how to mitigate them

• Cisco merch shoppers stung in Magecart attack

• Ransomware attacks continue to increase in the US, UK, and Canada

• CISO Series Podcast LIVE in Houston (09-24-24)

• Tenable: 26,500 Cyber Vulnerabilities Risk SE Asia’s Banks

• SonicWall warns that SonicOS bug exploited in attacks

• Top 5 Best Talks from Black Hat USA 2024

• Key Takeaways from the Fortinet Skills Gap Report: Why Cybersecurity Training is Crucial for Mitigating Cyber Risk

• Cyber Insurers Are Not Your Friend – Why a Warranty May Be a Better Option

• Threat Actors Abuse Red Team Tool MacroPack to Deliver Malware

• How to Use A Password Manager: Setup, Benefits & Best Practices in 2024

• You Really Do Have Some Expectation of Privacy in Public

• US Gov Removing Four-Year-Degree Requirements for Cyber Jobs

• Mozilla Released Firefox 130 With Handy AI Chatbot Feature And Security Fixes

• Zyxel Patched Numerous Security Flaws Across Different Products

• AI Firm’s Misconfigured Server Exposed 5.3 TB of Mental Health Records

• One million US Kaspersky customers to be migrated to this lesser-known alternative

• Russian ‘WhisperGate’ Hacks: 5 More Indicted

• Halliburton Hit by Cyberattack, Data Stolen

• Iran Cyber Attack: Fox Kitten Aids Ransomware Operations in the U.S

• SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation

• Critical Arbitrary File Deletion Vulnerability in MP3 Audio Player WordPress Plugin Affects Over 20,000 Sites

• Alternative search engines to Google for achieving data privacy

• Elon Musk’s X Head Of Global Affairs Resigns

• Principles of Modern Data Infrastructure

• The Windows 10 clock is ticking: here are 5 ways to save your old PC in 2025 (most are free)

• ESET Research Podcast: HotPage

• Keeper Security Named a Value Leader in EMA’s 2024 PAM Radar™ Report

• Gen Alpha: Navigating Cybersecurity in an AI-Native World

• Microchip Technology Confirms Private Data Stolen in Ransomware Attack

• GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code

• GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware

• AI Innovation in the Spotlight at Fal.Con 2024

• New global standard aims to build security around large language models

• Ransomware rocked healthcare, public services in August

• 7 Best User & Entity Behavior Analytics (UEBA) Tools

• Transport for London outages drag into weekend after cyberattack

• Building a New Service Offering around Cisco ThousandEyes: A Guide for Managed Service Providers

• YubiKey Side-Channel Attack

• Keeper Security Named a Value Leader in EMA’s 2024 PAM Radar™ Report

• CISA Launches Major Effort to Secure the 2024 U.S. Elections

• Protecting Your Digital Identity: The Impact of EUCLEAK on FIDO Devices

• Predator Spyware Exploiting “one-click” & “zero-click” Flaws

• BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

• How cyber criminals are compromising AI software supply chains

• Keeper Security Named a Value Leader in EMA’s 2024 PAM Radar™ Report

• Microchip Technology Confirms Data Was Stolen in August Cyberattack

• Sami Khoury, Head of Canada’s Cyber Agency, Starts New Role in Government

• New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition

• OpenStack Ironic Users Urged to Patch Critical Vulnerability

• Exposed: Russian military Unit 29155 does digital sabotage, espionage

• The 2024 Threat Landscape State of Play

• The NSA Has a Podcast—Here’s How to Decode It

• Keeper Security Named a Value Leader in EMA’s 2024 PAM Radar™ Report

• US Posts Indictments, Rewards in Russia’s WhisperGate Hacks Against Ukraine

• Critical Foreman Flaw Exposes Red Hat Satellite to Unauthorized Access

• Hackers Linked to Russia and Belarus Increasingly Target Latvian Websites, Officials Say

• MuddyWater Hijacks RMM Software for Espionage

• Report: 83% of Organizations Experienced at Least One Ransomware Attack in the Last Year

• Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild

• WazirX Hacker Starts Moving Stolen Ether Anonymously Using Tornado Cash

• Sophos X-Ops Uncovers Major Qilin Ransomware Breach Targeting Chrome Browser Credentials

• Spyware Vendors’ Nebulous Ecosystem Helps Them Evade Sanctions

• CMA Halts Probe Into Microsoft’s Inflection AI Staff Hiring

• 1Password review: A premium password manager well worth the money

• Keeper Security Named a Value Leader in EMA’s 2024 PAM Radar™ Report

• Goffloader: In-Memory Execution, No Disk Required

• CVE-2024-26581 PoC Exploit Released: Linux Systems at Risk of Root Compromise

• Respotter: Open-Source Responder Honeypot

• White House Launches Cybersecurity Hiring Sprint To Help Fill 500,000 Job Openings

• Malvertising Campaign Phishes Lowe’s Employees

• Apache Makes Another Attempt at Patching Exploited RCE in OFBiz

• BIMI Setup Guide for Zoho Mail – Getting the Blue Verified Checkmark

• Therapy Sessions Exposed by Mental Health Care Firm’s Unsecured Database

• Keeper Security Named a Value Leader in EMA’s 2024 PAM Radar™ Report

• Russian Threat Actors Target Critical Infrastructure in the U.S. and Across the World

• Critical Vulnerability Discovered in Progress LoadMaster

• Infosec Spending to Hit 3-Year Growth Peak, Reach $212B Next Year: Gartner

• Use of Predator Spyware Rebounds After a Dip From Biden Sanctions, Researchers Say

• Vulnerability in Tencent WeChat custom browser could lead to remote code execution

• Goodbye Windows Control Panel?

• TIDRONE Targets Military and Satellite Industries in Taiwan

• Telegram’s Pavel Durov Speaks Out Against French Charges

• Keeper Security Named a Value Leader in EMA’s 2024 PAM Radar™ Report

• Webmin/Virtualmin Vulnerability Opens Door to Loop DoS Attacks

• Head Mare Hacktivist Group Targets Russia and Belarus

• LiteSpeed Cache Plugin Vulnerability Exposes Millions of WordPress Sites to Attacks

• Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)

• The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025

• US and Allies Accuse Russian Military of Destructive Cyber-Attacks

• Cybersecurity News: Planned Parenthood cyberattack, DoJ propaganda takedown, Microchip Technology theft

• SonicWall Access Control Vulnerability Exploited in the Wild

• Fog Ransomware Now Targeting the Financial Sector; Adlumin Thwarts Attack

• NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

• Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

• Keeper Security Named a Value Leader in EMA’s 2024 PAM Radar™ Report

• Critical Zero-Click Exploit Discovered in Popular Wi-Fi Chipsets, PoC Published

• Cequence Security partners with Netskope to provide protection for business-critical APIs

• Apache OFBiz for Linux & Windows Vulnerability Allows Unauthenticated Remote Code Execution

• Apache fixed a new remote code execution flaw in Apache OFBiz

• Keeper Security Named a Value Leader in EMA’s 2024 PAM Radar™ Report

• Why and How to Secure GenAI Investments From Day Zero

• Veza and HashiCorp join forces to help prevent credential exposure

• Resecurity gains recognition in Frost & Sullivan’s 2024 Cyber Threat Intelligence report

• Russian Military Hackers Attacking US and Global Critical Infrastructure

• To patch this server, we need to get someone drunk

• Russia-linked GRU Unit 29155 targeted critical infrastructure globally

• Tropic Trooper Expands Targeting: Middle East Government Entity Hit in Strategic Cyber Attack

• Bitdefender Debuts Security Solution for YouTube Content Creators and Influencers

• Keeper Security Named a Value Leader in EMA’s 2024 PAM Radar™ Report

• Frustration Trying to Opt-Out After the National Public Data Breach

• Is Cloud Security Ready for a Pivot to Behavioral Detection & Response

• Overcoming the Challenges of Zero-Trust

• Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress

• Sales Force acquires cloud based data security startup Own for $1.9 billions

• A Deep Dive into IoT Communication Protocols

• New PyPI Supply Chain Attack Technique Puts 22,000 Packages at Risk

• Keeper Security Named a Value Leader in EMA’s 2024 PAM Radar™ Report

• Fake OnlyFans Tool Backstabs Cybercriminals, Steals Passwords

• Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

• Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution

• AI – What did you miss this summer? Hasthtag Trending for Friday, September 5th, 2024

• Keeper Security Named a Value Leader in EMA’s 2024 PAM Radar™ Report

• Respotter: Open-source Responder honeypot

• Human firewalls are essential to keeping SaaS environments safe

• September 2024 Patch Tuesday forecast: Downgrade is the new exploit

• Identity verification: The key to the security of sporting events

• Championing the Wins to Improve Wellbeing in the Cyber Workplace

• UK Public Worried About Global Over Reliance on IT Systems

• The GRC Group Strengthens Cybersecurity Offering with Acquisition of Pentest People, Expanding Its Global Reach and Expertise

• Keeper Security Named a Value Leader in EMA’s 2024 PAM Radar™ Report

• 83% of organizations experienced at least one ransomware attack in the last year

• The true cost of cybercrime for your business

• Researchers Unpacked AvNeutralizer EDR Killer Used By FIN7 Group

• Why Are Organizations Losing the Ransomware Battle?

• New infosec products of the week: September 6, 2024

• ISC Stormcast For Friday, September 6th, 2024 https://isc.sans.edu/podcastdetail/9128, (Fri, Sep 6th)

• Enrichment Data: Keeping it Fresh, (Fri, Sep 6th)

• Homeland security hopes to scuttle maritime cyber-threats with port infosec testbed

• Understanding Quantum Threats and How to Secure Data with Post-Quantum Cryptography

• Randall Munroe’s XKCD ‘Lava Lakes’

• Managing Certificate Chaos After Google’s Entrust Distrust

• An Introduction to Trackers and the Data They Collect

• USENIX Security ’23 – UnGANable: Defending Against GAN-based Face Manipulation

Generated on 2024-09-07 23:55:07.888279