IT Security News Daily Summary 2024-09-12

• FBI and CISA Release Joint PSA, Just So You Know: False Claims of Hacked Voter Information Likely Intended to Sow Distrust of U.S. Elections

• Fortinet Confirms Limited Data Breach After Hacker Leaks 440 GB of Data

• Mastercard to acquire Recorded Future for $2.65B

• Accelerating Partner Growth with PXP and Cisco Black Belt Academy

• Cybersecurity giant Fortinet discloses a data breach

• I stole 20GB of data from Capgemini – and now I’m leaking it, says cyber-crook

• UK NCA arrested a teenager linked to the attack on Transport for London

• Enhancing Security and Compliance in the Energy Sector: Imperva’s Cipher Suite Support

• Navigating the Shared Responsibility Model: Lessons Learned from the Snowflake Cybersecurity Incident

• We Called on the Oversight Board to Stop Censoring “From the River to the Sea” — And They Listened

• Spotlight on Oleria

• Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing

• Mastercard splurges $2.65B on another big cyber purchase – Recorded Future

• Microsoft’s September 2024 Patch Tuesday Addresses 4 Zero-Days, 79 Vulnerabilities

• PREVIEW: CISO Series Podcast LIVE in Houston, TX 9-24-24

• We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders

• What is a Virtual Private Network (VPN)? VPN Security Explained

• Randall Munroe’s XKCD ‘Water Filtration’

• Proofpoint Adds Ability to Dynamically Apply Granular Security Controls

• SpaceX Polaris Dawn Crew Carry Out First Commercial Spacewalk

• Google Chrome adds 3 new security features to boost your online safety and privacy

• Google Cloud Strengthens Backup Service With Untouchable Vaults

• New Chrome Features Protect Users Against Threats, Provide More Control Over Personal Data

• Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

• New Android Malware ‘Ajina.Banker’ Steals Financial Data and Bypasses 2FA via Telegram

• New whitepaper available: Building security from the ground up with Secure by Design

• Trending Cybersecurity news headlines on Google for today

• Irish Watchdog Launches Inquiry Into Google AI Model

• Government To Classify UK Data Centres As Critical Infrastructure

• NCA Arrests Teenager in Walsall Over TfL Cyber Attack

• Mastercard to Acquire Threat Intel Firm Recorded Future for $2.65 Billion

• Designing a Secure Architecture for Distributed Systems

• Scammers advertise fake AppleCare+ service via GitHub repos

• Check Point’s Quantum Leap: Integrating NIST PQC Standards

• Rockwell Automation FactoryTalk View Site

• Rockwell Automation AADvance Trusted SIS Workstation

• AutomationDirect DirectLogic H2-DM1E

• Siemens SIMATIC SCADA and PCS 7 Systems

• Siemens Industrial Edge Management

• Cisco advances embedded cyber resilience in industrial routers

• Microsoft Is Adding New Cryptography Algorithms

• Google Chrome gets a mind of its own for some security fixes

• Threat Actors Are Finding it Easier Than Ever to Breach Cyber-Defenses: Enter Data-Centric Security

• Irish Data Protection Regulator to Investigate Google AI

• Wordfence Intelligence Weekly WordPress Vulnerability Report (September 2, 2024 to September 8, 2024)

• Hackers Exploiting Progress WhatsUp RCE Vulnerability In The Wild

• Critical Vulnerabilities in JPEG 2000 Library Let Attackers Execute Remote Code

• PartnerLeak scam site promises victims full access to “cheating” partner’s stolen data

• Facebook scrapes photos of kids from Australian user profiles to train its AI

• WordPress Plugin and Theme Developers Told They Must Use 2FA

• Rockwell Automation Pavilion8

• Rockwell Automation 5015-U8IHFT

• Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix 5380

• Siemens Industrial Products

• Siemens Tecnomatix Plant Simulation

• How AI Challenges Sales to Be More Human

• Ensuring Continuous Network Operations with Cisco Nexus Hitless Upgrades

• Transport for London confirms 5,000 users’ bank data exposed, pulls large chunks of IT infra offline

• Realm.Security Emerges From Stealth With $5 Million in Seed Funding

• Aembit’s Vision for Non-Human Identity and Access Management Gains $25 Million in Backing

• Blocking in Production Requires a Modern Security DevEx | Impart Security

• Hacktivism: How Hacktivists are Using Digital Activism to Fight for Justice

• Security Experts Detect SQL Injection to Bypass Airport TSA Security Checks

• Suspect arrested over the Transport for London cyberattack

• TfL Confirms Customer Data Breach, 17-Year-Old Suspect Arrested

• Schools Face Million-Dollar Bills as Ransomware Rises

• Protecting Multi-Cloud Resources in the Era of Modern Cloud-Based Cyberattacks

• From Amazon to Target: Hackers Mimic Top Brands in Global Crypto Scam

• How I got started: AI security executive

• Hacker tricks ChatGPT into giving out detailed instructions for making homemade bombs

• Cisco at IBC2024

• Microsoft Defender Endpoint Security vs. SentinelOne Singularity : Which One Should You Choose?

• CrowdStrike Falcon vs. ESET Endpoint Security : Which One Should You Choose?

• CrowdStrike Falcon vs. Palo Alto Networks Cortex XDR : Which One Should You Choose?

• CrowdStrike Falcon vs. IBM Security QRadar XDR : Which One Should You Choose?

• CrowdStrike Falcon vs. Microsoft Defender Endpoint Security : Which One Should You Choose?

• Global Cybersecurity Workforce Growth Flatlines, Stalling at 5.5 Million Pros

• Evasion Tactics Used By Cybercriminals To Fly Under The Radar

• Aembit Raises $25 Million in Series A Funding for Non-Human Identity and Access Management

• Data Poisoning: The Hidden Threat to AI Models

• Avis Data Breach Exposes Over 400,000 Customers’ Personal Information

• Bitcoin ATM Emerges as Major Threat to Cryptocurrency

• Dru Investigate simplifies cyber investigations and helps users uncover data threats

• Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide

• Mastercard Acquires Global Threat Intelligence Firm Recorded Future for $2.65bn

• How Distributed Cloud Computing Meets Modern User Demand

• Modern Authentication on .NET: OpenID Connect, BFF, SPA

• Cisco AI Enhances Retail Operations

• Saviynt Launches Innovative Intelligence Suite to Transform Identity Security

• How to Strengthen and Improve Your Company’s Security Posture

• NETSCOUT enhances Omnis Cyber Intelligence platform with MITRE ATT&CK behavioral analytics

• Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking

• Robot To Retrieve Fuel From Fukushima Nuclear Plant

• Ransomware Disguised as a Game: Kransom’s Attack Through DLL Side-Loading

• Threat Actors Using New Malware Toolkit That Involves IIS Backdoor, DNS Tunneling

• CosmicBeetle Exploiting Old Vulnerabilities To Attacks SMBs All Over The World

• New Loki Backdoor Attacking macOS Systems

• The best VPN services for torrenting in 2024: Expert tested and reviewed

• Inc Ransom Attack Analysis: Extortion Methodologies

• DockerSpy: Search for Images on Docker Hub, Extract Sensitive Information

• Lazarus Group Targets Developers in Fresh VMConnect Campaign

• Singapore Police arrest six men allegedly involved in a cybercrime syndicate

• India Needs Better Cybersecurity for Space Systems

• EU kicks off an inquiry into Google’s AI model

• The SBOM has a long history — but what’s next is what matters

• Tines Leverages LLMs to Simplify Security Automation

• Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)

• OpenAI Valued At $150Bn In Funding Talks – Report

• Microsoft Fixes Windows Smart App Control Zero-Day Exploited Since 2018

• Cybersecurity is a Fundamental Component of Patient Care and Safety

• About that Windows Installer ‘make me admin’ security hole. Here’s how it’s exploited

• Cisco Patches High-Severity Vulnerabilities in Network Operating System

• How Business Owners Can Evolve with a Changing Technological Landscape

• Cyber Staffing Shortages Remain CISOs’ Biggest Challenge

• Ireland’s Watchdog Launches Inquiry into Google’s AI Data Practices in Europe

• Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack

• Top 3 Threat Report Insights for Q2 2024

• UK Recognizes Data Centers as Critical National Infrastructure

• LUMI – The Most Powerful Supercomputer In Europe

• Kali Linux 2024.3 Released: 11 New Tools, Qualcomm Snapdragon SDM845 SoC Support

• New RansomHub Attack Uses TDSSKiller and LaZagne, Disables EDR

• Iranian Hackers Targeting Iraqi Government: Security Firm

• Losses due to cryptocurrency and BEC scams are soaring

• Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities

• The 6 Best Penetration Testing Companies for 2024

• Apple Vision Pro’s Eye Tracking Exposed What People Type

• 1-15 June 2024 Cyber Attacks Timeline

• New PIXHELL Acoustic Attack Leaks Secrets From LCD Screen Noise

• Microsoft Discloses Four Zero-Days in September Update

• Healthcare Provider to Pay $65M Settlement Following Ransomware Attack

• US Elections: Iranian Hackers Target Political Campaigns

• Ubuntu 24.04.1 LTS Released: This is What’s New

• BYOD Policies Fueling Security Risks

• Business Email Compromise Costs $55bn Over a Decade

• Who Is Responsible for Securing SaaS Tools?

• Cybersecurity News: $20 WHOIS vulnerability, India’s Cyber Commandos, Word hits drone makers

• Mind your header! There’s nothing refreshing about phishers’ latest tactic

• Exploiting CI/CD Pipelines for Fun and Profit

• ToneShell Backdoor Targets IISS Defence Summit Attendees in Latest Espionage Campaign

• NIS2, DORA, and Tiber-EU expanding cybersecurity regulation

• Open Source Updates Have 75% Chance of Breaking Apps

• New Developer-As-A-Service In Hacking Forums Empowering Phishing And Cyberattacks

• VirtualBox 7.1: This is a major update, here’s what’s new

• Cloudera Private Link Network helps enterprises protect their data

• Hackers Mimic Google, Microsoft & Amazon Domains for Phishing Attacks

• Adobe Patch Tuesday security updates fixed multiple critical issues in the company’s products

• Pokémon GO was an intelligence tool, claims Belarus military official

• If HDMI screen rips aren’t good enough for you pirates, DeCENC is another way to beat web video DRM

• News alert: Opus Security’s new ‘Advanced Multi-Layered Prioritization Engine’ elevates VM

• News alert: Criminal IP partners with IPLocation.io to deliver new tech to mitigate IP address evasion

• Google Enhances Cloud Security with New Ransomware resistant Backup Vault

• How Can Individuals Protect Themselves from Ransomware Attacks?

• Lazarus Group Targets Developers with Fake Coding Tests

• DragonRank SEO Manipulator is Targeting Asia and Europe

• WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers

• Benefits and best practices of leveraging AI for cybersecurity

• Top priorities for federal cybersecurity: Infrastructure, zero trust, and AI-driven defense

• Criminal IP Teams Up with IPLocation.io to Deliver Unmatched IP Solutions to Global Audiences

• Internal disconnects vs. cybersecurity: How connectivity shapes challenges

• Healthcare giant to pay $65M settlement after crooks stole and leaked nude patient pics

• Google’s AI Model Faces European Union Scrutiny From Privacy Watchdog

• Flipper Zero gets a big firmware upgrade, and some amazing new features

• Hygiene, Hygiene, Hygiene! [Guest Diary], (Wed, Sep 11th)

• AI safety showdown: Yann LeCun slams California’s SB 1047 as Geoffrey Hinton backs new regulations

• Imperva Protects Against Critical Apache OFBiz Vulnerability (CVE-2024-45195)

• Microsoft: Zero-day vulnerability rolled back previous patches

• Vulnerability handling requirements for NIS2 compliance

• Cyber crooks shut down UK, US schools, thousands of kids affected

• Uncovering a Prototype Pollution Regression in the Core Node.js Project

• 5 ideas to help you have the online safety talk with your kid

• Connect in Cancún with Learning & Certifications

• FFIEC Will Sunset the Cybersecurity Assessment Tool: Everything You Need to be Prepared

• IT Security News Daily Summary 2024-09-11

• 10 Countries With the Fastest Internet in the World [2024]

• 2024-09-11 – Data dump: Remcos RAT and XLoader (Formbook)

• Optimizing Data Management for AI Success: Industry Insights and Best Practices

• Cybersecurity Hiring: How to Overcome Talent Shortages and Skills Gaps

• Apple Intelligence Promises Better AI Privacy. Here’s How It Actually Works

• The Unraveling of an Iranian Cyber Attack Against the Iraqi Government

• Chinese DragonRank Hackers Exploit Global Windows Servers in SEO Fraud

• Major sales and ops overhaul leads to much more activity … for Meow ransomware gang

• Customer Story | Protecting Students and Data in Google Workspace at Santa Rita Union School District

• Join Us 9-30-24 for a CISO Series Meetup in Washington, DC

• Former Girlfriend of FTX’s Bankman-Fried Seeks To Avoid Prison

• How to prevent vendor email compromise attacks

• HTTP vs. HTTPS: What’s the difference?

• Connect in Cancùn with Learning & Certifications

• DoJ Distributes $18.5 Million to Western Union Fraud Victims

• Tech Stack Uniformity has Become a Systemic Vulnerability

• Stopping the Harms of Automated Decision Making | EFFector 36.12

• Innovator Spotlight: Salt Security

• Innovator Spotlight: HUMAN

• Hunters International claims ransom on Chinese mega-bank’s London HQ

• Google Introduces ‘Air-Gapped’ Backup Vault to Thwart Ransomware

• Slim CD Data Breach Exposes Credit Card Information of 1.7 Million Customers

• Kali Linux 2024.3 released: 11 new tools, Qualcomm Snapdragon SDM845 SoC support

• Navigating the Risks of Namespace Collision: A Critical Security Challenge

• Microsoft Fixes Four 0-Days — One Exploited for SIX YEARS

• SpyAgent Malware Uses OCR Tech to Attack Crypto Wallets

• Digital Dictatorship: The Dangers of Unchecked Spyware

• Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances

• Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API

• Latest Cybersecurity News Headlines on Google

• Samsung India Workers Strike, Amid Report Of Overseas Job Cuts

• What is DuckDuckGo? If you’re into online privacy, try this popular Google alternative

• Cyberattack shuts down 34 Highline Public Schools for 3 days

• Security Budgets Continue Modest Growth, but Staff Hiring Slows Considerably, Research Finds

• Innovator Spotlight: Tanium

• Disney Data Breach Exposes Sensitive Corporate and Personal Information

• ‘TIDrone’ Cybercriminals Target Taiwan’s Drone Makers

• Free Russia Foundation Investigates Potential Cyberattack Amid Leak of Sensitive Documents

• DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

• Operational Technology Leaves Itself Open to Cyber-Attack

• Five ways to lose your data

• Hold – Verify – Execute: Rise of malicious POCs targeting security researchers

• AWS To Invest £8 Billion In UK, Amid Cloud AI Expansion

• Researchers Hacked Car EV Chargers To Execute Arbitrary Code

• Threat Actors Exploiting Legitimate Software For Stealthy Cyber Attacks

• 8 Practices Software Engineers Should Adopt and Champion for Cybersecurity

• Managed Assurance: Transforming Digital Experience with ThousandEyes on Meraki MX

• Innovator Spotlight: Keepnet Labs

• Innovator Spotlight: Lineaje

• SplxAI Raises $2 Million to Protect AI Chatbot Apps

• ADCS Attack Paths in BloodHound — Part 3

• Gallup: Pollster Acts to Close Down Security Threat

• Trust, Teams, and Tragedy – The Ever-Present Risk of Insider Threats

• Successful Hyperloop Test Completed In Holland

• Celebrating Innovation and Connection: Cisco in Paris with NBC Sports

• Highline Public Schools school district suspended its activities following a cyberattack

• AI Cybersecurity Needs to be as Multi-Layered as the System it’s Protecting

• Quad7 Botnet Targets More SOHO and VPN Routers, Media Servers

• Britain Must Call for Release of British-Egyptian Activist and Coder Alaa Abd El Fattah

• So you paid a ransom demand … and now the decryptor doesn’t work

• Intel Informs Customers About Over a Dozen Processor Vulnerabilities

• Mitiga Cloud MDR detects threats in SaaS and cloud environments

• Hackers Use Fake Domains to Trick Trump Supporters in Trading Card Scam

• This Senate Bill Could Improve Voting Machine Security

• Common Phishing Attacks and How to Protect Against Them

• RansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDR

• CISA adds SonicWall SonicOS, ImageMagick, and Linux Kernel Bugs to its Known Exploited Vulnerabilities catalog

• DHS Cyber Review Board Will Announce Next Investigation ‘Soon’

• Chinese ‘Crimson Palace’ Espionage Campaign Keeps Hacking Southeast Asian Governments

• GDPR & CCPA: A CIO’s Essential Guide to Email Compliance

• PIXHELL Attack Allows Air-Gap Jumping via Noise From Screens

• The SBOM Survival Guide: Why SBOM Compliance is Set to Ignite IoT Security

• SpecterOps Extends Reach of BloodHound Tool for Mapping Microsoft AD Attacks

• Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate

• Crypto Scams Reach New Heights, FBI Reports $5.6bn in Losses

• Join Us 09-27-24 for “Hacking Alerts” – Super Cyber Friday

• Apple Ordered To Pay Ireland €13bn In Taxes

• Check Point Software Recognised as a Leader in GigaOm Radar Report for Security Policy as Code

• Siemens Issues Critical Security Advisory for User Management Component (UMC)

• OpenZiti: Secure, Open-Source Networking for Your Applications

• CosmicBeetle Upgrades Arsenal with New ScRansom Ransomware to Target SMBs

• Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)

• Why Is It So Challenging to Go Passwordless?

• Cybersecurity Workforce Gap Rises by 19% Amid Budget Pressures

• Google Must Pay €2.4bn Fine, EU Court Rules

• Siemens Industrial Edge Management Vulnerable to Authorization Bypass Attacks

• Evaluating the Effectiveness of Reward Modeling of Generative AI Systems

• Slim CD Data Breach Exposes Financial Data of almost 1.7 million People

• Windows Elevation of Privilege Flaw Exploited by QakBot Malware, PoC Published

• FBI Report Says Cryptocurrency Scams Surged in 2023

• Earth Preta Upgrades Attack Strategy via Removable Drives

• How $20 and a lapsed domain allowed security pros to undermine internet integrity

• Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library

• Tenable AI Aware provides exposure insight into AI applications, libraries and plugins

• Opus Security empowers organizations to prioritize the most critical vulnerabilities

• Poland’s Supreme Court Blocks Pegasus Spyware Probe

• Phishing Pages Delivered Through Refresh HTTP Response Header

• Critical Command Injection Flaw in Zyxel NAS Devices, Hotfixes Released for End-of-Support Products

• UK: National Crime Agency, Responsible for Fighting Cybercrime, ‘On Its Knees,’ Warns Report

• Reputation Hijacking With JamPlus: A Maneuver To Bypass Smart App Control (SAC)

• Mind the talent gap: Infosec vacancies abound, but hiring is flat

• AI In Wrong Hands: The Underground Demand for Malicious LLMs

• Tanium helps organizations automate complex tasks in real-time

• Proofpoint expands platform capabilities for broader, adaptive human-centric security controls

• Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

• Cybersecurity News: Slim CD data breach, International sextortion bust, TfL mixed messages

• Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)

• Cato Networks Expands Board of Directors with Two Industry Leaders

• Data Breach at Golf Course Management Firm KemperSports Impacts 62,000

• UK’s ICO and NCA Sign Memorandum to Boost Reporting and Resilience

• FreeBSD Issues Urgent Security Advisory for CVE-2024-43102 (CVSS 10)

• Gallup Poll Bugs Open Door to XSS Attacks

• 6 Questions to Answer Before Choosing an Identity Provider

• Saviynt Intelligence delivers identity security analytics through ML and AI capabilities

• Trellix strengthens email security with DLP capabilities

• Securing Gold : Hunting typosquatted domains during the Olympics

• New Android Spyware As TV Streaming App Steals Sensitive Data From Devices

• New RansomHub Attack Killing Kaspersky’s TDSSKiller To Disable EDR

• Open XDR vs. Native XDR: A Selection Guide for Organizations

• Experts Demonstrate How to Bypass WhatsApp View Once Feature

• P0 Security raises $15 million to govern and secure cloud access for all identities

• Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities

• Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

• Microsoft Fixes Four Actively Exploited Zero-Days

• Python Libraries Used for Malicious Purposes, (Wed, Sep 11th)

• Adobe Security Update, Multiple Vulnerabilities Patched

• Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days

• German Cyber Agency Investigating APT28 Phishing Campaign

• 1.7 million credit card records leaked by payment gateway. Cyber Security Today for Wednesday, September 11, 2024

• Ransomware attacks on financial firms in USA increased in 2024

• How to Curtail Cyber Risks in Complex Cloud Environments

• Behind the Power of the Cloud

• Unveiling Hidden APIs and Securing Vulnerabilities in the Healthcare Sector

• RansomHub Serves Up LaZagne

• India to train 5000 ‘Cyber Commandos’

• DockerSpy: Search for images on Docker Hub, extract sensitive information

• Cybersecurity is a fundamental component of patient care and safety

• Opus Security Elevates Vulnerability Management With its AI-Powered Multi-Layered Prioritization Engine

• Cybersecurity jobs available right now: September 11, 2024

• How AI and zero trust are transforming resilience strategies

• eBook: Keep assets secure after cloud migration

• ISC Stormcast For Wednesday, September 11th, 2024 https://isc.sans.edu/podcastdetail/9134, (Wed, Sep 11th)

• Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack

• How SOAR Automation is Boosting MSSP Revenue Without Replacing Human Workers

Generated on 2024-09-12 23:55:12.861825