IT Security News Daily Summary 2024-09-10

• Are you having the right conversations about online safety with your kids?

• Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities

• Was your Social Security number leaked to the dark web? Here’s how to find out

• Ivanti Releases Security Updates for Endpoint Manager, Cloud Service Application, and Workspace Control

• BPL Medical Technologies PWS-01-BT and BPL Be Well Android Application

• Viessmann Climate Solutions SE Vitogate 300

• Quad7 botnet evolves to more stealthy tactics to evade detection

• Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes

• Manufacturing, Industrial Sectors Are Under Siege

• Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes

• Join us at FAIRCON24 – 10-02-24 for CISO Series Game Show

• Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score

• Microsoft will start charging for Windows 10 updates next year. Here’s how much

• JFrog connects key software supply chain management dots

• 8 key aspects of a mobile device security audit program

• CISA Adds Four Known Exploited Vulnerabilities to Catalog

• Microsoft Releases September 2024 Security Updates

• CISA Releases Four Industrial Control Systems Advisories

• iniNet Solutions SpiderControl SCADA Web Server

• London’s transit agency drops claim it has ‘no evidence’ of customer data theft after hack

• Three years of progress on the pathway to net zero

• Microsoft September 2024 Patch Tuesday, (Tue, Sep 10th)

• Insights on Cyber Threats Targeting Users and Enterprises in Mexico

• Is Anthropic’s new ‘Workspaces’ feature the future of enterprise AI management?

• DarkCracks Malware Exploits Vulnerabilities in GLPI and WordPress Systems

• Microsoft is going to start charging for Windows 10 updates next year. Here’s how much

• Secure Network Analytics 7.5.1 – Improving Operational Efficiencies and Providing Tighter Integrations with Cisco …

• Adobe Patches Critical, Code Execution Flaws in Multiple Products

• Delinea Survey Surfaces Spike in Cybersecurity Insurance Claims

• CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub

• Over 40,000 WordPress Sites Affected by Privilege Escalation Vulnerability Patched in Post Grid and Gutenberg Blocks Plugin

• India plans to train about 5k Cyber Commandos

• The RAMBO Attack Explained: Risks, Implications, & Mitigations for RSA Security

• Cybercriminals Ramp Up Malvertising Schemes Through Google Searches

• Adlumin Thwarts Fog Ransomware Attack Using Innovative Decoy Technology

• Highline Public Schools Forced to Close By Cyber-Attack

• Cyber-risk quantification challenges and tools that can help

• Rockwell Automation SequenceManager

• CISA Flags ICS Bugs in Baxter, Mitsubishi Products

• Thanks, Edward Snowden: You propelled China to quantum networking leadership

• Crypto scams rake in $5.6B a year for cyberscum lowlifes, FBI says

• USENIX Security ’23 – Can a Deep Learning Model for One Architecture Be Used for Others? Retargeted-Architecture Binary Code Analysis

• Continuous Threat Exposure Management: A Proactive Cybersecurity Approach

• CyberVolk Ransomware: A Rising Threat to Global Cybersecurity

• Adaptiva enables users to instantly control patch rollouts

• Tufin improves security automation on Azure, GCP, and VMware clouds

• LOKKER’s consent management solution blocks all unauthorized data collection on websites

• China-Linked Threat Actors Target Taiwan Military Industry

• Chinese Hackers Using Open Source Tools To Launch Cyber Attacks

• ChatGPT 4 can exploit 87% of one-day vulnerabilities: Is it really that impressive?

• Payment provider data breach exposes credit card information of 1.7 million customers

• Microsoft Is Disabling Default ActiveX Controls in Office 2024 to Improve Security

• Citrix Releases Security Updates for Citrix Workspace App for Windows

• Study Finds Excessive Use of Remote Access Tools in OT Environments

• Small Business, Big Threats: INE Security Launches Initiative to Train SMBs to Close a Critical Skills Gap

• How to Detect Suspicious API Traffic

• Poland Dismantles Cyber Sabotage Group Linked to Russia, Belarus

• The Slim CD Data Breach: 1.7 Million Credit Cards Compromised

• Netskope accelerates cloud networking and security operations

• The Role of VPNs in Protecting Online Privacy

• Your partner “is cheating on you” scam asks you to pay to see proof

• August 2024’s Most Wanted Malware: RansomHub Reigns Supreme While Meow Ransomware Surges

• JFrog announces new integrations with Github Copilot, Nvidia Microservices and unified ops platform

• Kimsuky-linked Hackers Use Similar Tactics to Attack Russia and South Korea

• No Ransom Demand by Rhysida Before Columbus Data Leak: City IT Chief

• Galileo delivers real-time fraud detection for fintechs, banks and businesses

• Ketch helps media brands enable privacy-safe data activation

• Join CISO Series for a Game Show at FAIRCON24 – 10-02-24

• Man Faces 20 Years in Prison for First-Ever AI Music Streaming Scam

• Top Security Flaws Hiding in Your Code Right Now and How To Fix Them

• Using Time in Your Favor During a Ransomware Attack

• Predator Spyware Roars Back with New Infrastructure, Evasive Tactics

• AI in Cybersecurity: Understanding Challenges, Opportunities and New Approaches

• Fake recruiter coding tests target devs with malicious Python packages

• Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia

• Improving Operational Efficiencies and Providing Tighter Integrations with Cisco Security Products

• Poland thwarted cyberattacks that were carried out by Russia and Belarus

• Darkhive Raises $21 Million for Drones, Secure Code Delivery System

• CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)

• Chinese APT Group Abuses Visual Studio Code to Target Government in Asia

• New PIXHELL Attack Exploits Screen Noise to Exfiltrates Data from Air-Gapped Computers

• Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

• New Chrome Zero-Day

• Risk Assessment and Gap Analysis for Industrial Control System infrastructure: the core essentials

• Looking Toward U.S. Federal Privacy Regulation, How Software Companies can Prepare

• Underground Demand for Malicious LLMs is Robust

• ‘TIDrone’ Cyberattackers Target Taiwan’s Drone Manufacturers

• Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware

• China Delegation Visits Brussels Over EV Tariffs

• Beware Of Malicious Chrome Extension That Delivers Weaponized ZIP Archive

• Researchers Details Attacks On Air-Gaps Computers To Steal Data

• Key Cyber Insurance Stakeholders Urge Government To Help Close $900B in Uncovered Risk

• Just-in-Time Access: Key Benefits for Cloud Platforms

• Our Cybersecurity Journey Starts With a Single Overworked Staffer

• CISA Issues Warning About Three Actively Exploited Vulnerabilities in the Wild

• Cybercriminals Target Latin American Banks with Mekotio, BBTok, and Grandoreiro Trojans

• Slim CD Data Breach Impacts 1.7 Million Individuals

• Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments

• Cybersecurity News: Payment processing breach, dark web admins charged, Predator spyware resurges

• Moody’s Ratings: Cyber Insurance Competition Up, Prices Down

• AI-Powered Deepfake Scams Wreak Havoc on Businesses

• CISA Identifies Industrial Cybersecurity Bugs in Baxter and Mitsubishi Products

• Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)

• DoJ Distributes $18.5m to Western Union Fraud Victims

• Huawei Launches World’s First Double-Hinged Smartphone

• Why developers, GraphRAG, and Open Source Should be Core to Your GenAI strategy

• PoC Exploit Releases for Windows Elevation of Privilege Vulnerability (CVE-2024-26230)

• Homeland Security Hopes to Scuttle Maritime Cyber-Threats

• Seventh Sense Unveils Revolutionary Privacy-Preserving Face-Based Public Key Infrastructure and eID Solution

• Critical SonicWall SSLVPN Bug Exploited By Ransomware Actors

• China Says New Dutch Chip Export Rules Result Of ‘Coercion’

• X Updates Grok AI Chatbot Over Election Misinformation

• WhatsApp’s “View Once” Feature Flaw Exploited in the Wild

• High School in London Forced to Sends Students Home Following Ransomware Attack

• Want to keep getting Windows 10 updates next year? Here’s what it will cost

• SOX Compliance in the Age of Cyber Threats

• U.S. CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog

• The Biggest Cyber Warfare Attacks in Global Geopolitics

• Strengthening Healthcare Cybersecurity: Lessons from Recent Supplier Attacks

• CAMO Unveiled: How Cybercriminals Exploit Legitimate Software for Stealthy Attacks

• Musician Charged With $10M Streaming Royalties Fraud Using AI and Bots

• iPhone 16 Gets Generative AI, Siri Upgrade

• Threat Actors Allegedly Claiming Leak of Capgemini Data

• Huntress launches Managed SIEM, eliminating the complexity of traditional SIEMs

• Ransomware attack makes school children go home and Veeam Backup Vulnerability

• Understanding the Differences Between Password Management and Passkeys

• Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M individuals

• Thanks, Edward Snowden: you propelled China to quantum networking leadership

• Legal Impact of GDPR Data Policy Violations

• Free SaaS Pulse tool from Wing Security enhances SaaS security posture

• Most Common Cybersecurity Threats to Avoid!

• Payment Gateway Breach Exposes 1.7 Million Customers

• Tech stack uniformity has become a systemic vulnerability

• How human-led threat hunting complements automation in detecting cyber threats

• ISC Stormcast For Tuesday, September 10th, 2024 https://isc.sans.edu/podcastdetail/9132, (Tue, Sep 10th)

• 33 open-source cybersecurity solutions you didn’t know you needed

• Singapore moots legislation to outlaw use of deepfakes during elections

• Poland’s Cybersecurity Experts Foil Russian and Belarussian Attacks

• Eclypsium Product Roadmap

• Experts demonstrated how to bypass WhatsApp View Once feature

• Threat Assessment: North Korean Threat Groups

• WhatsApp’s ‘View Once’ could be ‘View Whenever’ due to a flaw

• Why Investing in Quality Analysts is Investing in Your Future

• IT Security News Daily Summary 2024-09-09

• Emergency Fix Issued for 10/10 Severity Vulnerability in LoadMaster Products

• Building Cyber Resilience: How Continuous Training Fortifies Organizational Security

• Become a Certified Threat Hunter with OffSec’s New Foundational Threat Hunting Course (TH-200)

• Randall Munroe’s XKCD ‘Slingshots’

• FIPPA: Understanding Canada’s Information and Protection Privacy Law

• USENIX Security ’23 – BunnyHop: Exploiting the Instruction Prefetcher

• CISA Director Jen Easterly Remarks at the Election Center 39th Annual National Conference in Detroit

• Russia’s top-secret military unit reportedly plots undersea cable ‘sabotage’

• Google Pushes Rust in Legacy Firmware to Tackle Memory Safety Flaws

• CISA Director Jen Easterly Remarks at the 39th Annual National Conference in Detroit

• LightEval: Hugging Face’s open-source solution to AI’s accountability problem

• How to create an AI acceptable use policy, plus template

• New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks

• Google’s Grip on Ad Tech: What the UK Competition Watchdog Discovered

• Council of Europe Lunches First AI Treaty

• CISA Releases Election Security Focused Checklists for Both Cybersecurity and Physical Security

• Google Goes On Trial In US Over Ad Tech Dominance

• Payment Gateway SLIM CD Data Breach: 1.7 Million Users Impacted

• Avis alerts nearly 300k car renters that crooks stole their info

• Empowering Cybersecurity on the Go: Nuspire’s Revolutionary Mobile App

• Achieving Cyber Clarity: myNuspire for Unified Cybersecurity Management

• Meet Nutron: Your AI-Driven Ally in Proactive Cyber Defense

• Redefining Cyber Defense: Introducing the Nuspire Cybersecurity Experience

• Introducing the Nuspire Cybersecurity Experience: A New Era of Intelligent Unification

• Credit Card details of over 1.7 million USA customers exposed

• What the arrest of Telegram’s CEO means, with Eva Galperin (Lock and Code S05E19)

• Predator spyware operation is back with a new infrastructure

• 1.7M potentially pwned after payment services provider takes a year to notice break-in

• TFL Hit by Cyberattack, Leaving Disabled Riders Stranded

• Novel Android Malware Employs OCR to Steal Crypto Wallet Keys From Images

• Technology Causes “Digital Entropy” as Firms Struggle With Governance

• Akira Ransomware Actively Exploiting SonicWall firewall RCE Vulnerability

• Vulnerability Recap 9/9/24 – Exploited Vulnerabilities Persist

• CISA Adds Three Known Exploited Vulnerabilities to Catalog

• Cisco and BT Partner to Upskill Ukrainian Refugees in Ireland

• Strengthening enterprise storage against cyber threats

• 300,000 Impacted by Data Breach at Car Rental Firm Avis

• DDoS Attacks Double With Governments Most Targeted

• How to Reduce API Sprawl with API Discovery

• Surfshark vs NordVPN (2024): Which VPN Should You Choose?

• Bug lets anyone bypass WhatsApp’s ‘View Once’ privacy feature

• Cisco University: Elevate Your Cybersecurity, Network Security, Forensics, and Incident Response Skills

• Cyber Threats vs. Risks: Building a Proactive Cyber Defense

• Kremlin-linked COLDRIVER crooks take pro-democracy NGOs for phishy ride

• Vulnerability Summary for the Week of September 2, 2024

• Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks

• Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT

• One More Tool Will Do It? Reflecting on the CrowdStrike Fallout

• Cyber-Attack on Payment Gateway Exposes 1.7 Million Credit Card Details

• New RAMBO Attack Steals Data Using RAM in Air-Gapped Computers

• Two Indicted in US for Running Dark Web Marketplaces Offering Stolen Information

• TP-Link Omada Cloud Essentials: Centralized network management and monitoring

• Man Charged in AI-Generated Music Fraud on Spotify and Apple Music

• A glimpse into the Quad7 operators’ next moves and associated botnets

• 5 Ways to Mitigate Risk in Cybersecurity

• New Veeam Vulnerability Puts Thousands of Backup Servers at Risk – PATCH NOW!

• Surfshark vs. NordVPN: Which VPN Is Better in 2024?

• An expert’s big-picture view of the state of SecOps

• What Is Industrial Control System (ICS) Cyber Security?

• Critical Kibana Flaws Expose Systems to Arbitrary Code Execution

• What is Malware

• Sextortion Scam Now Use Your “Cheating” Spouse’s Name as a Lure

• The Weaponization of AI and ML is Complicating the Digital Battlefield

• Protecting Against Fog Ransomware: Key Strategies and Insights

• Webinar: How to Protect Your Company from GenAI Data Leakage Without Losing It’s Productivity Benefits

• Wireshark 4.4’s IP Address Functions, (Mon, Sep 9th)

• Thousands of Avis car rental customers had personal data stolen in cyberattack

• HAProxy Vulnerability CVE-2024-45506 Under Active Exploit: Urgent Patching Required

• Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks

• Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)

• Australia Threatens to Force Companies to Break Encryption

• Critical GeoServer Flaw Enabling Global Hack Campaigns

• What You Need to Know About Grok AI and Your Privacy

• LummaC2 Stealer and Malicious Chrome Extension Wreak Havoc

• Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor

• Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

• Man Arrested After ‘Earning Millions’ From AI Music Tracks

• Australian Official Received Death Threats After Musk Criticism

• Trump ‘To Appoint Musk’ To Gov’t Efficiency Role If Elected

• US DOJ To Propose Google Penalties By End Of Year

• 10 Things You Should Do to Securely Dispose of Computers

• Is Apple’s iCloud Keychain Safe to Use in 2024?

• TIDRONE APT targets drone manufacturers in Taiwan

• SonicWall SSLVPN Access Control Flaw is Now Exploited in Akira Ransomware Attacks

• One Million US Kaspersky Customers Transferred to Pango’s UltraAV

• Industry Moves for the week of September 9, 2024 – SecurityWeek

• Predator Spyware Resurfaces With Fresh Infrastructure

• Apache Addresses Severe RCE Vulnerability in OFBiz with an Urgent Patch

• 25 Ways to Make the SOC More Efficient and Avoid Team Burnout

• Unmasking PackXOR: The FIN7 Packer Exposed

• Why Legacy MFA is DOA

• Best Practices for Enterprise Security

• Old Habits, New Threats: Why More Phishing Attacks are Bypassing Outdated Perimeter Detection

• Cybersecurity News: Avis rentals breach, Microsoft disables ActiveX, Wisconsin Medicare breach

• Examining the Intersection of Cybersecurity and Automation in 5 Different Industries

• Security Automation – As Easy As Making Tea?

• Post-Quantum Cryptography Coalition Publishes Comparison of International PQC Standards

• Absolute Purchases Syxsense to Tackle Cyber Vulnerabilities

• Feds Indicted Two Alleged Administrators of WWH Club Dark Web Marketplace

• Feds Warn Health Sector to Patch Apache Tomcat Flaws

• Cybersecurity regulation stepping up

• New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys

• Car Giant Avis Reveals Breach Impacted 300,000 Customers

• Earth Preta Evolves its Attacks with New Malware and Strategies

• TfL Cuts Data Feeds Amidst Cyber-Attack Fallout

• NCSC Calls Out Cyber-Attacks From Russia’s GRU

• Young Gamers Under Attack, Here is the List of Games Targeted

• A week in security (September 2 – September 8)

• Critical Flaw in IBM webMethods Integration Demand Immediate Action

• What is a TPM, and why does Windows 11 require one?

• Red Hat Issues Critical Patch for Pulpcore Authentication Bypass Flaw (CVE-2024-7923)

• The Foundation of Zero-Trust Security Architecture

• Security Budget Growth Slows, but Spending Remains Elevated

• TfL Admits Some Services Are Down Following Cyber-Attack

• How to Protect Healthcare Data from Cyber Attacks

• CMA Finds Google Abuses Ad Tech Dominance

• Boeing’s Starliner Returns To Earth Without Crew

• IBM webMethods Integration Server Vulnerabilities Exposes Systems to Arbitrary Command Execution

• Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

• Loki: a new private agent for the popular Mythic framework

• The Role of SIEM in Regulatory Compliance

• Advanced surveillance is key to countering emerging global threats

• Red Hat Enterprise Linux AI extends innovation across the hybrid cloud

• 5.9 terabytes of sensitive medical data leaked: Cyber Security Today for Monday, September 9th, 2024

• Malware spread via LinkedIn and EV Charging Stations prone to Quishing Attacks

• Progress Software fixed a maximum severity flaw in LoadMaster

• Predator Spyware Resurfaces: Renewed Threats and Global Implications

• Prevalent, Indigocube Security Partner to Elevate Third-Party Risk Management Solutions in SA

• TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign

• OpenZiti: Secure, open-source networking for your applications

• AI cybersecurity needs to be as multi-layered as the system it’s protecting

• U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks

• Predator spyware updated with dangerous new features, also now harder to track

• Best practices for implementing the Principle of Least Privilege

• 
Password Cracking & Energy: More Dedails, (Sun, Sep 8th)

• ISC Stormcast For Monday, September 9th, 2024 https://isc.sans.edu/podcastdetail/9130, (Mon, Sep 9th)

• End of an era: Security budget growth slows down

• Phishing in focus: Disinformation, election and identity fraud

• Predator spyware updated withn dangerous new features, also now harder to track

• 2024-09-04 – Traffic Analysis Exercise: Big Fish in a Little Pond

Generated on 2024-09-10 23:55:10.724181