IT Security News Daily Summary 2024-09-13

• Antivirus vs. Anti-Malware: Which One Do I Need?

• Microsoft’s Windows Agent Arena: Teaching AI assistants to navigate your PC

• Friday Squid Blogging: Squid as a Legislative Negotiating Tactic

• Apple Suddenly Drops NSO Group Spyware Lawsuit

• Setting Up Secure Data Lakes for Starlight Financial: A Guide to AWS Implementation

• Your data is under siege. How to protect your data and privacy.

• At Microsoft’s security summit, experts debated how to prevent another global IT meltdown. Will it help?

• The Role of Leadership in Cultivating a Resilient Cybersecurity Team

• New Office of the CISO Paper: Organizing Security for Digital Transformation

• Fundamentals of GraphQL-specific attacks

• 2024-09-12 – Approximately 11 days of server scans and probes

• Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel

• CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability

• USENIX Security ’23 – Security Analysis of MongoDB Queryable Encryption

• Randall Munroe’s XKCD ‘Monocaster’

• Podcast: Empowering organizations to address their digital sovereignty requirements with AWS

• Evolution of Fueling Partner Success

• Try the New Security Sandbox for Cisco Defense Orchestrator

• New Linux malware called Hadooken targets Oracle WebLogic servers

• NextNav’s Callous Land-Grab to Privatize 900 MHz

• Feeld dating app’s security too open-minded as private data swings into public view

• Payment Gateway Slim CD Reports Major Data Breach Affecting 1.7 Million Users

• How to Protect Your Accounts from 2FA Vulnerabilities: Avoid Common Security Pitfalls

• Ford seeks patent for conversation-based advertising

• 5 Steps to Building a Robust Cyber Resilience Framework

• Ivanti Releases Security Update for Cloud Services Appliance

• Veeam Software Issues Fixes for Exploitable Security Flaws

• Ransomware attacks are driving up costs to millions of dollars for schools and educational institutions

• 10 Cybersecurity Measures That Experts Follow (and You Should, Too!)

• New Android Malware Ajina.Banker Steals 2FA Codes, Spreads via Telegram

• The Critical Role of Data at Rest Encryption in Cybersecurity

• iPhone 16 better thwarts hackers who use the camera or microphone to spy on you

• ‘Terrorgram’ Charges Show US Has Had Tools to Crack Down on Far-Right Terrorism All Along

• AI in Cybersecurity: Experts Discuss Opportunities, Misconceptions and the Path Forward

• Fortinet confirms customer data breach

• Critical Severity Flaw Exposes Siemens Industrial Systems

• Election Sabotage via Cyberattacks Increases

• Hackers Use SonicWall Security Flaw in Ransomware Attacks

• Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

• Finding Honeypot Data Clusters Using DBSCAN: Part 2, (Fri, Sep 13th)

• Akamai Prevents Record-Breaking DDoS Attack on Major U.S. Customer

• Akamai?s Perspective on September?s Patch Tuesday 2024

• Announcing the 11th Annual Flare-On Challenge

• Kali Linux 2024.3 Released With New Hacking Tools

• What can businesses learn from the rise of cyber espionage?

• CISA Releases Analysis of FY23 Risk and Vulnerability Assessments

• Lehigh Valley Health Network hospital network has agreed to a $65 million settlement after data breach

• Navigating the Leap: My Journey from Software Engineering to Offensive Security

• Fake Recruiter Coding Tests Target Developers With Malicious Python Packages

• SolarWinds Reveals RCE Flaw in Access Rights Manager

• Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid)

• 17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London

• Malicious Actors Spreading False US Voter Registration Breach Claims

• Reduce risks of user sign-up fraud and SMS pumping with Amazon Cognito user pools

• BT Identifies 2,000 Potential Cyberattacks Signals Every Second

• Putting AI Into AIOps: A Future Beyond Dashboards

• Update: Hackers Target Apache OFBiz RCE Flaw CVE-2024-45195 After PoC Exploit Released

• In Other News: Possible Adobe Reader Zero-Day, Hijacking Mobi TLD, WhatsApp View Once Exploit

• Finding Honeypot Data Clusters Using DBSCAN: Part 2, (Fri, Aug 23rd)

• Chinese-speaking Hackers Linked to DragonRank SEO Manipulator Service

• Tips for Detecting and Preventing Multi-Channel Impersonation Attacks

• CMA Cites Higher Prices Post Vodafone, Three Merger, Demands Changes

• The Dark Nexus Between Harm Groups and ‘The Com’

• Iranian APT Hackers Target Iraqi Government in New Espionage Campaign

• Two Critical RCE Flaws Discovered in Docker Desktop

• Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw

• TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

• Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

• Record $65m Settlement for Hacked Patient Photos

• Microsoft Cuts Hundreds Of Gaming Staff

• Hacker Tricks ChatGPT to Get Details for Making Homemade Bombs

• New Linux Malware “Hadooken’ Targets Oracle WebLogic Applications

• Adobe Completes Fix for Reader Bug with Known PoC Exploit

• New ‘Hadooken’ Linux Malware Targets WebLogic Servers

• Realm.Security Emerges to Tackle Cybersecurity Data Management

• PREVIEW: CISO Series Podcast LIVE in Boca Raton, FL 9-21-24

• MSSPs – Why You Need a SOC Product And How to Choose the Right One

• Citrix Workspace App Vulnerable to Privilege Escalation Attacks

• Keeper Security Expands Passphrase Generator Capability to Mobile Devices

• Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

• Real-Time Cyberattack Simulations Take Centre Stage at International Cyber Expo 2024 with CrisisCast

• 1.3 Million Android TV Boxes Infected by Vo1d Malware

• Cyber Security in Banking: Threats, Solutions & Best Practices

• Microsoft Vows to Prevent Future CrowdStrike-Like Outages

• Cybersecurity News: Lazarus spoofs CapitalOne, Mastercard buys RecordedFuture, WordPress imposes 2FA

• Beware Of Weaponized Excel Document That Delivers Fileless Remcos RAT

• GitLab Updates Resolve Critical Pipeline Execution Vulnerability

• Why Windows 11 Requires a TPM and How It Enhances Security

• Rain Technology protects consumers against visual hackers and snoopers at ATM terminals

• Hackers gain access to credit card details of approximately 1.7 million people in USA and Canada

• Hackers Exploiting Apache OFBiz RCE Vulnerability in the Wild

• Live Patching as a Growth Enabler for Your Infrastructure

• Nudge Security unveils SSPM capabilities to strengthen SaaS security

• From Open Networks to Zero Trust: A Paradigm Shift

• Docker Desktop Vulnerabilities Let Attackers Execute Remote Code

• Cybersecurity Compliance and Beyond: How Protocols Drive Innovation and Growth

• How Secure is the “Password Protection” on Your Files and Drives?

• 20 dollars exposes a huge flaw in Internet security: Cyber Security Today for Friday the 13th September, 2024

• Mastercard acquires Cyber Threat Intelligence firm Recorded Future for $2.58 Billion

• Is Your Business Ready for the Quantum Cybersecurity Threat?

• Cambodian senator sanctioned by US over alleged forced labor cyber-scam camps

• Why Breaking into Cybersecurity Isn’t as Easy as You Think

• New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

• Fortinet Confirms Data Breach Following Hacker’s Claim of 440GB Data Theft

• Android TV Box Malware, Vo1d, Infects Over a Million Devices Worldwide

• Fortinet Confirms Data Breach

• Australia’s government spent the week boxing Big Tech

• How to make Infrastructure as Code secure by default

• Application Security — The Complete Guide

• Cyber insurance set for explosive growth

• Organizations still don’t know how to handle non-human identities

• Security measures fail to keep up with rising email attacks

• SquareX, Awarded Rising Star Category in CybersecAsia Readers’ Choice Awards 2024

• Comprehensive Guide to Infrastructure Robustness Metrics

• New infosec products of the week: September 13, 2024

• ISC Stormcast For Friday, September 13th, 2024 https://isc.sans.edu/podcastdetail/9136, (Fri, Sep 13th)

• Feds pull plug on domains linked to import of Chinese gun conversion devices

• The US is Preparing Criminal Charges in Iran Hack Targeting Trump, AP Sources Say

• ‘Hadooken’ Linux malware targets Oracle WebLogic servers

• Fortinet admits miscreant got hold of customer data in the cloud

• 6 common Geek Squad scams and how to defend against them

• White hat heroes—Your introduction to ethical hacking

• CCNA: The foundation that built my IT career (can be yours, too)

• Innovator Spotlight: Expel

• IT Security News Daily Summary 2024-09-12

• FBI and CISA Release Joint PSA, Just So You Know: False Claims of Hacked Voter Information Likely Intended to Sow Distrust of U.S. Elections

• Fortinet Confirms Limited Data Breach After Hacker Leaks 440 GB of Data

• Mastercard to acquire Recorded Future for $2.65B

• Accelerating Partner Growth with PXP and Cisco Black Belt Academy

• Cybersecurity giant Fortinet discloses a data breach

• I stole 20GB of data from Capgemini – and now I’m leaking it, says cyber-crook

• UK NCA arrested a teenager linked to the attack on Transport for London

• Enhancing Security and Compliance in the Energy Sector: Imperva’s Cipher Suite Support

• Navigating the Shared Responsibility Model: Lessons Learned from the Snowflake Cybersecurity Incident

• We Called on the Oversight Board to Stop Censoring “From the River to the Sea” — And They Listened

• Spotlight on Oleria

• Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing

• Mastercard splurges $2.65B on another big cyber purchase – Recorded Future

• Microsoft’s September 2024 Patch Tuesday Addresses 4 Zero-Days, 79 Vulnerabilities

• PREVIEW: CISO Series Podcast LIVE in Houston, TX 9-24-24

• We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders

• What is a Virtual Private Network (VPN)? VPN Security Explained

• Randall Munroe’s XKCD ‘Water Filtration’

• Proofpoint Adds Ability to Dynamically Apply Granular Security Controls

• SpaceX Polaris Dawn Crew Carry Out First Commercial Spacewalk

• Google Chrome adds 3 new security features to boost your online safety and privacy

• Google Cloud Strengthens Backup Service With Untouchable Vaults

• New Chrome Features Protect Users Against Threats, Provide More Control Over Personal Data

• Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

• New Android Malware ‘Ajina.Banker’ Steals Financial Data and Bypasses 2FA via Telegram

• New whitepaper available: Building security from the ground up with Secure by Design

• Trending Cybersecurity news headlines on Google for today

• Irish Watchdog Launches Inquiry Into Google AI Model

• Government To Classify UK Data Centres As Critical Infrastructure

• NCA Arrests Teenager in Walsall Over TfL Cyber Attack

• Mastercard to Acquire Threat Intel Firm Recorded Future for $2.65 Billion

• Designing a Secure Architecture for Distributed Systems

• Scammers advertise fake AppleCare+ service via GitHub repos

• Check Point’s Quantum Leap: Integrating NIST PQC Standards

• Rockwell Automation FactoryTalk View Site

• Rockwell Automation AADvance Trusted SIS Workstation

• AutomationDirect DirectLogic H2-DM1E

• Siemens SIMATIC SCADA and PCS 7 Systems

• Siemens Industrial Edge Management

• Cisco advances embedded cyber resilience in industrial routers

• Microsoft Is Adding New Cryptography Algorithms

• Google Chrome gets a mind of its own for some security fixes

• Threat Actors Are Finding it Easier Than Ever to Breach Cyber-Defenses: Enter Data-Centric Security

• Irish Data Protection Regulator to Investigate Google AI

• Wordfence Intelligence Weekly WordPress Vulnerability Report (September 2, 2024 to September 8, 2024)

• Hackers Exploiting Progress WhatsUp RCE Vulnerability In The Wild

• Critical Vulnerabilities in JPEG 2000 Library Let Attackers Execute Remote Code

• PartnerLeak scam site promises victims full access to “cheating” partner’s stolen data

• Facebook scrapes photos of kids from Australian user profiles to train its AI

• WordPress Plugin and Theme Developers Told They Must Use 2FA

• Rockwell Automation Pavilion8

• Rockwell Automation 5015-U8IHFT

• Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix 5380

• Siemens Industrial Products

• Siemens Tecnomatix Plant Simulation

• How AI Challenges Sales to Be More Human

• Ensuring Continuous Network Operations with Cisco Nexus Hitless Upgrades

• Transport for London confirms 5,000 users’ bank data exposed, pulls large chunks of IT infra offline

• Realm.Security Emerges From Stealth With $5 Million in Seed Funding

• Aembit’s Vision for Non-Human Identity and Access Management Gains $25 Million in Backing

• Blocking in Production Requires a Modern Security DevEx | Impart Security

• Hacktivism: How Hacktivists are Using Digital Activism to Fight for Justice

• Security Experts Detect SQL Injection to Bypass Airport TSA Security Checks

• Suspect arrested over the Transport for London cyberattack

• TfL Confirms Customer Data Breach, 17-Year-Old Suspect Arrested

• Schools Face Million-Dollar Bills as Ransomware Rises

• Protecting Multi-Cloud Resources in the Era of Modern Cloud-Based Cyberattacks

• From Amazon to Target: Hackers Mimic Top Brands in Global Crypto Scam

• How I got started: AI security executive

• Hacker tricks ChatGPT into giving out detailed instructions for making homemade bombs

• Cisco at IBC2024

• Microsoft Defender Endpoint Security vs. SentinelOne Singularity : Which One Should You Choose?

• CrowdStrike Falcon vs. ESET Endpoint Security : Which One Should You Choose?

• CrowdStrike Falcon vs. Palo Alto Networks Cortex XDR : Which One Should You Choose?

• CrowdStrike Falcon vs. IBM Security QRadar XDR : Which One Should You Choose?

• CrowdStrike Falcon vs. Microsoft Defender Endpoint Security : Which One Should You Choose?

• Global Cybersecurity Workforce Growth Flatlines, Stalling at 5.5 Million Pros

• Evasion Tactics Used By Cybercriminals To Fly Under The Radar

• Aembit Raises $25 Million in Series A Funding for Non-Human Identity and Access Management

• Data Poisoning: The Hidden Threat to AI Models

• Avis Data Breach Exposes Over 400,000 Customers’ Personal Information

• Bitcoin ATM Emerges as Major Threat to Cryptocurrency

• Dru Investigate simplifies cyber investigations and helps users uncover data threats

• Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide

• Mastercard Acquires Global Threat Intelligence Firm Recorded Future for $2.65bn

• How Distributed Cloud Computing Meets Modern User Demand

• Modern Authentication on .NET: OpenID Connect, BFF, SPA

• Cisco AI Enhances Retail Operations

• Saviynt Launches Innovative Intelligence Suite to Transform Identity Security

• How to Strengthen and Improve Your Company’s Security Posture

• NETSCOUT enhances Omnis Cyber Intelligence platform with MITRE ATT&CK behavioral analytics

• Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking

• Robot To Retrieve Fuel From Fukushima Nuclear Plant

• Ransomware Disguised as a Game: Kransom’s Attack Through DLL Side-Loading

• Threat Actors Using New Malware Toolkit That Involves IIS Backdoor, DNS Tunneling

• CosmicBeetle Exploiting Old Vulnerabilities To Attacks SMBs All Over The World

• New Loki Backdoor Attacking macOS Systems

• The best VPN services for torrenting in 2024: Expert tested and reviewed

• Inc Ransom Attack Analysis: Extortion Methodologies

• DockerSpy: Search for Images on Docker Hub, Extract Sensitive Information

• Lazarus Group Targets Developers in Fresh VMConnect Campaign

• Singapore Police arrest six men allegedly involved in a cybercrime syndicate

• India Needs Better Cybersecurity for Space Systems

• EU kicks off an inquiry into Google’s AI model

• The SBOM has a long history — but what’s next is what matters

• Tines Leverages LLMs to Simplify Security Automation

• Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)

• OpenAI Valued At $150Bn In Funding Talks – Report

• Microsoft Fixes Windows Smart App Control Zero-Day Exploited Since 2018

• Cybersecurity is a Fundamental Component of Patient Care and Safety

• About that Windows Installer ‘make me admin’ security hole. Here’s how it’s exploited

• Cisco Patches High-Severity Vulnerabilities in Network Operating System

• How Business Owners Can Evolve with a Changing Technological Landscape

• Cyber Staffing Shortages Remain CISOs’ Biggest Challenge

• Ireland’s Watchdog Launches Inquiry into Google’s AI Data Practices in Europe

• Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack

• Top 3 Threat Report Insights for Q2 2024

• UK Recognizes Data Centers as Critical National Infrastructure

• LUMI – The Most Powerful Supercomputer In Europe

• Kali Linux 2024.3 Released: 11 New Tools, Qualcomm Snapdragon SDM845 SoC Support

• New RansomHub Attack Uses TDSSKiller and LaZagne, Disables EDR

• Iranian Hackers Targeting Iraqi Government: Security Firm

• Losses due to cryptocurrency and BEC scams are soaring

• Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities

• The 6 Best Penetration Testing Companies for 2024

• Apple Vision Pro’s Eye Tracking Exposed What People Type

• 1-15 June 2024 Cyber Attacks Timeline

• New PIXHELL Acoustic Attack Leaks Secrets From LCD Screen Noise

• Microsoft Discloses Four Zero-Days in September Update

• Healthcare Provider to Pay $65M Settlement Following Ransomware Attack

• US Elections: Iranian Hackers Target Political Campaigns

• Ubuntu 24.04.1 LTS Released: This is What’s New

• BYOD Policies Fueling Security Risks

• Business Email Compromise Costs $55bn Over a Decade

• Who Is Responsible for Securing SaaS Tools?

• Cybersecurity News: $20 WHOIS vulnerability, India’s Cyber Commandos, Word hits drone makers

• Mind your header! There’s nothing refreshing about phishers’ latest tactic

• Exploiting CI/CD Pipelines for Fun and Profit

• ToneShell Backdoor Targets IISS Defence Summit Attendees in Latest Espionage Campaign

• NIS2, DORA, and Tiber-EU expanding cybersecurity regulation

• Open Source Updates Have 75% Chance of Breaking Apps

• New Developer-As-A-Service In Hacking Forums Empowering Phishing And Cyberattacks

• VirtualBox 7.1: This is a major update, here’s what’s new

• Cloudera Private Link Network helps enterprises protect their data

• Hackers Mimic Google, Microsoft & Amazon Domains for Phishing Attacks

• Adobe Patch Tuesday security updates fixed multiple critical issues in the company’s products

• Pokémon GO was an intelligence tool, claims Belarus military official

• If HDMI screen rips aren’t good enough for you pirates, DeCENC is another way to beat web video DRM

• News alert: Opus Security’s new ‘Advanced Multi-Layered Prioritization Engine’ elevates VM

• News alert: Criminal IP partners with IPLocation.io to deliver new tech to mitigate IP address evasion

• Google Enhances Cloud Security with New Ransomware resistant Backup Vault

• How Can Individuals Protect Themselves from Ransomware Attacks?

• Lazarus Group Targets Developers with Fake Coding Tests

• DragonRank SEO Manipulator is Targeting Asia and Europe

• WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers

• Benefits and best practices of leveraging AI for cybersecurity

• Top priorities for federal cybersecurity: Infrastructure, zero trust, and AI-driven defense

• Criminal IP Teams Up with IPLocation.io to Deliver Unmatched IP Solutions to Global Audiences

• Internal disconnects vs. cybersecurity: How connectivity shapes challenges

• Healthcare giant to pay $65M settlement after crooks stole and leaked nude patient pics

• Google’s AI Model Faces European Union Scrutiny From Privacy Watchdog

• Flipper Zero gets a big firmware upgrade, and some amazing new features

• Hygiene, Hygiene, Hygiene! [Guest Diary], (Wed, Sep 11th)

• AI safety showdown: Yann LeCun slams California’s SB 1047 as Geoffrey Hinton backs new regulations

• Imperva Protects Against Critical Apache OFBiz Vulnerability (CVE-2024-45195)

Generated on 2024-09-13 23:55:10.411203