IT Security News Daily Summary 2024-09-23

• Inside SnipBot: The Latest RomCom Malware Variant

• How to prepare a system security plan, with template

• ​​Securing our future: September 2024 progress update on Microsoft’s Secure Future Initiative (SFI)

• 100 million+ US citizens have records leaked by background check service

• Some Kaspersky customers receive surprise forced-update to new antivirus software

• Reducing Infrastructure Misconfigurations With IaC Security

• EFF to Supreme Court: Strike Down Texas’ Unconstitutional Age Verification Law

• Randall Munroe’s XKCD ‘Tectonic Surfing’

• Join Us 10-04-24 for “Hacking Job Stagnation” – Super Cyber Friday

• Cyber Security Leader vs Cyber Security Tag-along: How to Tell the Difference

• The best VPN services for iPhone: Expert tested and reviewed

• Vulnerability Recap 9/23/24 – Remote Code Execution Steals the Show

• ESET fixed two privilege escalation flaws in its products

• US proposes ban on Chinese, Russian connected car tech over security fears

• Mandiant Offers Clues to Spotting and Stopping North Korean Fake IT Workers

• 2024 NIST Password Guidelines: Enhancing Security Practices

• Vice Society Shifts to Inc Ransomware in Latest Healthcare Cyberattack

• iCloud Storage fake warning leading to Phishing and Malware attacks

• Securing Cloud Native Apps: The Power of SSPM Essentials

• Dark Web Sales Fuel 32% Increase in Global Healthcare Cyberattacks

• San Francisco’s fight against deepfake porn, with City Attorney David Chiu (Lock and Code S05E20)

• Police are using AI to write crime reports. What could go wrong?

• First TikTok, now smart cars: How Biden’s new proposed ban will affect U.S. automakers

• Hacking the “Bike Angels” System for Moving Bikeshares

• Necro Trojan Infects Google Play Apps With Millions of Downloads

• Nearly Half of Security Experts Believe AI is Risky

• Kryptina Ransomware Resurfaces in Enterprise Attacks By Mallox

• [Free & Downloadable] Endpoint Security Policy Template – 2024

• Why DNS Security Is Important: 3 Real-life Use Cases

• So how’s Microsoft’s Secure Future Initiative going?

• Freemium Model Optimization for B2B SaaS: A Strategic Growth Approach

• USENIX NSDI ’24 – Can’t Be Late: Optimizing Spot Instance Savings under Deadlines

• Brave Browser: The Secure and Private Way to Surf the Web

• Vulnerability Summary for the Week of September 16, 2024

• Vulnerabilities Found in Popular Houzez Theme and Plugin

• Staying a Step Ahead: Mitigating the DPRK IT Worker Threat

• Relationship broken up? Here’s how to separate your online accounts

• ASPM vs. ASOC: How do they differ?

• Types of Cloud Security Controls & Their Uses

• FreeBSD Issues Critical Security Advisory for CVE-2024-41721 (CVSS 9.8)

• Innovator Spotlight: Qwiet

• Innovator Spotlight: ZINAD

• Ban Sought for Chinese, Russian Software and Hardware Used in Autonomous Vehicles on US Roads

• Small Trade Businesses Urged to Strengthen Security After Total Tools Data Breach

• RightCrowd SmartAccess platform enhancements boost enterprise security

• Cloudflare AI Audit helps websites control how their content is used by AI models

• Windows Server 2025 gets hotpatching option, without reboots

• Russian Cyber-Attacks Home in on Ukraine’s Military Infrastructure

• Hackers Posed as Google Support to Steal $243 Million in Crypto

• Hackers Mimic as Company’s HR to Trick Employees

• 10 Security Best Practices for SaaS

• SpaceX, CNN, and The White House internal data allegedly published online. Is it real?

• What Is Threat Hunting In Cybersecurity?

• North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages

• Critical Dragonfly2 Flaw Due to Hardcoded Key Threatens Admin Access

• One Year Later: CISA’s Secure by Design Initiative

• Public Sector Compliance: Passwords and Credentials Matter

• Organizations are changing cybersecurity providers in wake of Crowdstrike outage

• The secrets to Developing a High-Performing Data Team

• Three Key Considerations for Companies Implementing Ethical AI

• Beyond CISO Scapegoating: Cultivating Company-Wide Security Mindsets

• Demystifying AI Models: How to Choose the Right Ones

• Critical Grafana Plugin SDK Flaw Exposes Sensitive Information

• Innovator Spotlight: HyperCube

• UPS supplier’s password policy flip-flops from unlimited, to 32, then 64 characters

• Versa Networks Patches Vulnerability Exposing Authentication Tokens

• Why ‘Never Expire’ Passwords Can Be a Risky Decision

• THN Cybersecurity Recap: Last Week’s Top Threats and Trends (September 16-22)

• Publishers Spotlight: HackerOne

• How the Necro Trojan infiltrated Google Play, again

• Picus Security Raises $45M in Funding

• US DoJ Charged Two Men With Stealing and Laundering $230 Million Worth of Cryptocurrency

• More Than $44 Million in Cryptocurrency Stolen From Singaporean Platform Bingx

• DOJ, FBI Need Better Metrics for Tracking Ransomware Disruption Efforts, Audit Finds

• Keycloak Vulnerability Puts SAML Authentication at Risk

• The Importance of Cybersecurity Awareness and Insider Threat Management

• Will Smaller Companies Buckle Under the SEC’s Incident Reporting Requirements?

• Iranian-Linked Group Facilitates APT Attacks on Middle East Networks

• Complexity: Research Offers Solution for Healthcare Security Amid Rising Cyberattacks

• AI Development Needs Global Oversight, UN Experts State

• Discord Introduces DAVE Protocol for End-to-End Encryption in Audio and Video Calls

• Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk

• When Can AI Take Over Decision Making in the SOC?

• SEC To Seek Sanctions After Musk Fails To Appear In Court

• Sky Glass Televisions Disabled By Tech Fault

• It’s Never Too Late: Transitioning to a Career in Cybersecurity

• Industry Moves for the week of September 23, 2024 – SecurityWeek

• Videos: Attack Surface Management Summit – All Sessions Available on Demand

• The Problem With Third-Party Breaches: A Data Protection Dilemma

• Cybersecurity News: LinkedIn halts AI training, Ukraine bans Telegram, hack-for-hire lawsuit

• Apple Previews AI Features As iPhone 16 Sales Begin

• Trump Media Shares Fall To All-Time Low

• Aligning Your Cybersecurity Strategy with the NIST CSF 2.0

• The Latest Email Scams: Key Trends to Look Out For

• What is Cybersecurity Automation? Benefits & Challenges

• Quishing 2.0: QR Code Phishing Evolves with Two-Step Attacks and SharePoint Abuse

• SambaSpy RAT Targets Italian Users in a Unique Malware Campaign

• Lumma Stealer Malware Campaign Exploits Fake CAPTCHA Pages

• Police Dismantles Phone Unlocking Ring Linked to 483,000 Victims

• Germany Seizes Leak Site of ‘Vanir’ Ransomware Operation

• Bitdefender debuts GravityZone PHASR, enhancing security through user behavior analysis

• LinkedIn Pauses GenAI Training Following ICO Concerns

• Geely’s Zeekr Slashes Electric SUV Price In Latest Threat To Tesla

• Huawei’s Mate XT Launches On Same Day As iPhone 16

• Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

• Cloud Security Risk Prioritization is Broken. Here’s How to Fix It.

• PIPEDA

• German Police Shutter 47 Criminal Crypto Exchanges

• Phishing links with @ sign and the need for effective security awareness building, (Mon, Sep 23rd)

• Qualcomm ‘Offers To Buy Intel’

• FreeBSD RCE Vulnerability Let Attackers Execute Malicious Code

• macOS Sequoia Update Breaks Multiple Security Tools

• A week in security (September 16 – September 22)

• Privacy and API security: What’s at stake?

• Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town

• New PondRAT Malware Hidden in Python Packages Targets Software Developers

• Google Chrome gets rid of Password menace

• Benefits of Data Protection and GDPR Compliance for Businesses

• Hacktivist group Twelve is back and targets Russian entities

• Analysis of ENISA’s 2024 Threat Landscape Report: Key Takeaways and Implications

• Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware

• Tor browser anonymity cracked by German police: Cyber Security Today for Monday, September 23, 2024

• Certainly: Open-source offensive security toolkit

• GameVN – 1,369,485 breached accounts

• Paid open-source maintainers spend more time on security

• Offensive cyber operations are more than just attacks

• Tor Project Assures Users It’s Safe Amid Controversy of Deanonymizing Users

• The surge in cyber insurance and what it means for your business

• ISC Stormcast For Monday, September 23rd, 2024 https://isc.sans.edu/podcastdetail/9148, (Mon, Sep 23rd)

• Apple’s latest macOS release is breaking security software, network connections

• IT Security News Weekly Summary – Week 38

• IT Security News Daily Summary 2024-09-22

• Hackers Claim Second Dell Data Breach in One Week

• Security Flaw in Google Cloud Document AI Could Expose Sensitive Data, Experts Warn

• Global Taskforce Dismantles Encrypted Criminal Platform ‘Ghost,’ Leading to 51 Arrests

• Tor Project Assures Users It’ Safe Amid Controversy of Deanonymizing Users

• USENIX NSDI ’24 – Jolteon: Unleashing the Promise of Serverless for Serverless Workflows

• IT Leaders Raise Security Concerns Regarding Generative AI

• Massive Chinese Botnet Infects SOHO Routers and IP Cameras

• macOS Sequoia Interferes With VPNs And EDRs Following Update

• Security Affairs newsletter Round 490 by Pierluigi Paganini – INTERNATIONAL EDITION

• SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 12

• The TechCrunch Cyber Glossary

• Noise Storms: Mysterious massive waves of spoofed traffic observed since 2020

• The Great Ai Swindle

• Tor Assured Safety Amidst Deanonymizing Claims From Authorities

• Lumma Stealer Uses Fake CAPTCHA Pages to Distribute Malware

• Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18

• 2024-09-19 – File downloader to Lumma Stealer

Generated on 2024-09-23 23:55:08.794267