IT Security News Daily Summary 2024-09-26

• How hackers could have remotely controlled millions of cars

• Security compliance unicorn Drata lays off 9% of its workforce

• Unit 42 Incident Response Retainers Enhance Organizational Resilience

• Kryptina RaaS: From Unsellable Cast-Off to Enterprise Ransomware

• Patch for Critical CUPS vulnerability: Don’t Panic, (Thu, Sep 26th)

• The MDR That Sees It All

• HPE patches three critical security holes in Aruba PAPI

• Randall Munroe’s XKCD ‘Physics Lab Thermostat’

• USENIX NSDI ’24 – Understanding Routable PCIe Performance for Composable Infrastructures

• Old Vulnerability Rated 9.9 Impacts All GNU/Linux Systems, Researcher Claims

• HPE patches three critical flaws in Aruba proprietary access protocol Interface

• Doomsday ‘9.9 RCE bug’ might hit every Linux system

• X Releases Its First Transparency Report Since Elon Musk’s Takeover

• ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Are hardware supply chain attacks “cyber attacks?”

• Elon Musk’s X Asks Brazil’s Top Court To Reinstate Service

• Critical RCE vulnerability found in OpenPLC

• Doomsday ‘9.9 RCE bug’ could hit every Linux system

• The best VPN trials of 2024: Expert tested and reviewed

• Watch Now: Shield Your Data, Secure Your Future: A Multi-Layered Approach to Operational Resilience

• ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Comparing Top VPN Solutions: SurfShark vs ExpressVPN

• Kaspersky defends force-replacing its security software without users’ explicit consent

• Innovating Education: Cisco Philippines and Mapúa University Unveil AI-Led Digital Classrooms

• ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Microsoft claims China is spying on US ISPs and Users

• Cyber Attack on Wi-Fi networks of London Rail Network

• How to Evaluate and Choose the Best Web Hosting Service

• Mozilla Firefox Slapped With Privacy Complaint

• Blackstone To Invest £10bn For Blyth AI Data Centre

• OpenAI To Remove Non-Profit Control – Report

• Check Point Software Technologies: A Visionary Approach to Workspace Security

• Building and securing a governed AI infrastructure for the future

• USENIX NSDI ’24 – Cloudcast: High-Throughput, Cost-Aware Overlay Multicast in the Cloud

• ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates

• Is It Possible to Inject Integrity Into AI?

• Wordfence Intelligence Weekly WordPress Vulnerability Report (September 16, 2024 to September 22, 2024)

• UK Train Stations’ Wi-Fi Hacked, Displays Islamophobic Messages

• U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

• Cisco Releases Security Updates for IOS and IOS XE Software

• goTenna Pro ATAK Plugin

• Advantech ADAM-5630

• India’s Star Health says it’s investigating after hacker posts stolen medical data

• Navigating Change: The Power of Digital Resilience to Transform Networks

• China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

• FTC Report Confirms: Commercial Surveillance is Out of Control

• Securing intellectual property in AI-powered enterprises

• Remote Code Execution, DoS Vulnerabilities Patched in OpenPLC

• Here’s Why UltraAV Replaced Kaspersky Antivirus Software

• Understanding the Domain Name System (DNS): How It Works and Why It Matters

• Doxing: Is Your Personal Information at Risk?

• $65 Million Settlement for Health System After Nude Photos Leak

• ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Data Breach at MC2 Data Leaves 100 Million at Risk of Fraud

• Keep Your Tech Flame Alive: Akamai Trailblazer Sabine A. Sitterli

• Ransomware on the rise: Healthcare industry attack trends 2024

• ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises

• goTenna Pro X and Pro X2

• Advantech ADAM-5550

• CISA Releases Five Industrial Control Systems Advisories

• Atelmo Atemio AM 520 HD Full HD Satellite Receiver

• Victims lose $70k to one single wallet-draining app on Google’s Play Store

• Decoding the Pentesting Process: A Step-by-Step Guide

• ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Zilla Security simplifies identity governance and administration for organizations

• Active Directory compromise: Cybersecurity agencies provde guidance

• Over a Third of Employees Secretly Sharing Work Info with AI

• The Cryptocurrency Drainer Hiding on Google Play

• CISA Warns of Hackers Targeting Industrial Systems with “Unsophisticated Methods” Amid Lebanon Water Hack Claims

• Ransomware Task Force finds 73% attack increase in 2023

• Cisco Patches High-Severity Vulnerabilities in IOS Software

• ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• DoControl introduces security product suite for Google Workspace

• How to migrate 3DES keys from a FIPS to a non-FIPS AWS CloudHSM cluster

• Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam

• Privacy watchdog files complaint over Firefox quietly enabling its Privacy Preserving Attribution

• Ensemble raises $3.3M to bring ‘dark matter’ tech to enterprise AI

• Fortifying The Digital Frontier: Everyday Habits That Shape Your Company’s Cybersecurity Posture

• ‘Good, fast, cheap… Pick two’: Software quality dilemma forces risky decisions

• How to Stop Online Gambling Fraud from Eating Into Your Profits

• ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks

• Overloaded with SIEM Alerts? Discover Effective Strategies in This Expert-Led Webinar

• NIST Scraps Passwords Complexity and Mandatory Changes in New Guidelines

• First Mobile Crypto Drainer Found on Google Play

• More OpenAI Exec Departures Amid Fundraising, Restructuring

• Fake League of Legends Download Ads Spread Lumma Stealer Malware

• Advanced Threat Protection Solutions: Our Top Picks for 2024

• Amid Air Strikes and Rockets, an SMS From the Enemy

• The Tor Project merges with Tails, a Linux-based portable OS focused on privacy

• ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• The number of Android memory safety vulnerabilities has tumbled, and here’s why

• End-to-End Security for APIs: From Development Through Retirement

• Telegram will hand over user details to law enforcement

• Top 10 Managed Service Providers in New York for 2024

• Police Are Probing a Cyberattack on Wi-Fi Networks at UK Train Stations

• China-Backed Salt Typhoon Targets U.S. Internet Providers: Report

• ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware

• EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization?

• Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug

• An Analysis of the EU’s Cyber Resilience Act

• ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Salt Security provides improved API protection with Google Cloud

• CrowdStrike Apologises For Global IT Outage In House Hearing

• Don’t panic and other tips for staying safe from scareware

• Get Real-World Cybersecurity Skills for $30

• Privacy non-profit noyb claims that Firefox tracks users with privacy preserving feature

• 16-30 June 2024 Cyber Attacks Timeline

• The UN General Assembly and the Fight Against the Cybercrime Treaty

• ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Public Wi-Fi operator investigating cyberattack at UK’s busiest train stations

• Harnessing The Benefits of The Thales and Imperva Partner Ecosystem

• ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy

• Latest Octo Malware Variant Mimics Popular Apps Like NordVPN, Chrome

• Necro Malware Attacks Google Play Store, Again. Infects 11 Million Devices

• Cybersecurity News: DragonForce ransomware, Salt Typhoon hits ISPs, ChatGPT SpAIware

• Octo2 Android Malware Attacking To Steal Banking Credentials

• RansomHub Ransomware Using Multiple Techniques To Disable EDR And Antivirus

• Researchers Backdoored Azure Automation Account Packages And Runtime Environments

• TWELVE Threat Attacks Windows To Encrypt Then Deleting Victims’ Data

• Google Warns Of North Korean IT Workers Have Infiltrated The U.S. Workforce

• Beware Of Fake Verify You Are A Human Request That Delivers Malware

• New Mallox Ransomware Linux Variant Attacking Enterprise Linux Servers

• BBTok Targeting Brazil: Deobfuscating the .NET Loader with dnlib and PowerShell

• ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• New MIT protocol protects sensitive data during cloud-based computation

• Navigating the NIS2 Directive: Key insights for cybersecurity compliance and how Sekoia.io can help

• TeamTNT Hackers Attacking VPS Servers Running CentOS

• UK government’s bank data sharing plan slammed as ‘financial snoopers’ charter’

• Threat landscape for industrial automation systems, Q2 2024

• Malicious Ads Hide Infostealer in League of Legends ‘Download’

• Open Source C3 Frameworks Used In Red Teaming Assessments Vulnerable To RCE Attacks

• Microsoft Warns Of Vanilla Tempest Hackers Attacking Healthcare Sector

• Beware Of Fake Captcha Attacks That Delivers Lumma Stealer Malware

• Russian Hackers Registering Domains Targeting US Tech Brands

• 5 obscure web browsers that will finally break your Chrome addiction

• Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities

• Critical Arc Browser Vulnerability Let Attackers Execute Remote Code

• Flax Typhoon’s Botnet Actively Exploiting 66 Vulnerabilities In Various Devices

• Data of 3,191 congressional staffers leaked in the dark web

• AI use: 3 essential questions every CISO must ask

• Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign

• CISA Releases Guide to Empower Software Buyers in Creating a Secure Tech Ecosystem

• PECB Conference 2024: A Global Forum for IT, Security, and Privacy Professionals

• Cybersecurity in E-Commerce

• Rethinking privacy: A tech expert’s perspective

• Compliance management strategies for protecting data in complex regulatory environments

• Companies mentioned on the dark web at higher risk for cyber attacks

• ISC Stormcast For Thursday, September 26th, 2024 https://isc.sans.edu/podcastdetail/9154, (Thu, Sep 26th)

• WordPress.org denies service to WP Engine, potentially putting sites at risk

• CISOs: The one question your board will NEVER ask you

• Activate your data responsibly in the era of AI with Microsoft Purview

• ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• OpenAI Chief Technology Officer Mira Murati and 2 Other Execs Are Leaving the ChatGPT Maker

• OSINT – Image Analysis or More Where, When, and Metadata [Guest Diary], (Wed, Sep 25th)

• Digital ID Isn’t for Everybody, and That’s Okay

• MoneyGram Cyberattack: Global Service Disruptions Enter Day 5

• Q&A With Axiad’s New CFO: Brian Szeto

• Building a Zero Trust API With ASP.NET Core: A Developer’s Guide

• Why Windows 11 requires a TPM – and how to get around that

• China’s Salt Typhoon cyber spies are deep inside US ISPs

• OpenAI Exec Mira Murati Says She’s Leaving Artificial Intelligence Company

• Choosing the Best Data Anonymization Tools: A Guide for Secure DevOps

• The Strategic Impact of Mastercard’s Recorded Future Acquisition

• IT Security News Daily Summary 2024-09-25

• OpenAI’s brain drain continues: CTO Mira Murati jumps ship

• Simplifying SOAR Maintenance with D3’s Dynamic Data Normalization

• Dell Hit by Third Data Leak in a Week Amid “grep” Cyberattacks

• New variant of Necro Trojan infected more than 11 million devices

• Nominations Now Open for the 2025 Cybersecurity Excellence Awards

• A catastrophic browser flaw is patched almost immediately – here’s how

• ​Tech Terror in Lebanon: The Fallout of Unrestrained Aggression

• Star Health Data Breach: Sensitive Customer Information Exposed on Telegram Chatbots

• CISA Releases Anonymous Threat Response Guidance and Toolkit for K-12 Schools

• Elon Musk Seeks Lawsuit Dismal From Former CNN Anchor

• Digital Asset Trading Platform UEEx Strengthens Digital Asset Security with New Protection Policy

• ‘Titanic Mindset’: Just 54% of UK IT Pros Confident in Data Recovery

• Calls to Scrap Jordan’s Cybercrime Law Echo Calls to Reject Cybercrime Treaty

• China claims Taiwan, not civilians, behind web vandalism

• RansomHub genius tries to put the squeeze on Delaware Libraries

• Webinar Today: Shield Your Data, Secure Your Future: A Multi-Layered Approach to Operational Resilience

• Managing identity source transition for AWS IAM Identity Center

• DNS Reflection Update and Odd Corrupted DNS Requests, (Wed, Sep 25th)

• US DoJ Sues Visa For ‘Monopolising’ Debit Cards

• Patient Rights and Consumer Groups Join EFF In Opposing Two Extreme Patent Bills

• Decoding Generative AI’s Privacy Paradox

• Anonymizing Your Data in Db2 for Better Testing and Development

• Common Mark Certificates (CMC) for Google BIMI Adoption

• Cybercrime Current Events: AWS Takeover Campaign, Ransomware Attack on Columbus, and City of Columbus Sues Ransomware Researcher Whistleblower

• Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #307 – Types of Innovation

• Why Hackers Are Collecting Encrypted Data for Future Attacks

• Google’s Shift to Rust Programming Cuts Android Memory Vulnerabilities by 52%

• OpenSSL Corporation’s Silver Sponsorship at ICMC 2024 – A Retrospective

• 90,000 WordPress Sites Affected by Arbitrary File Upload and Authentication Bypass Vulnerabilities in Jupiter X Core WordPress Plugin

• Talos discovers denial-of-service vulnerability in Microsoft Audio Bus; Potential remote code execution in popular open-source PLC

• Kaspersky causes new data security concerns while leaving the United States

• CMA States “Concerns Remain” After Google’s Cookie U-Turn

• secator – The Security Pentester Swiss Knife

• Timeshare Owner? The Mexican Drug Cartels Want You

• Citrix Releases Security Updates for XenServer and Citrix Hypervisor

• Rev up to Recert: Power up Your Programming Skills

• Safe and trustworthy AI is a shared responsibility

• Cyberattack Forces Kansas Water Plant to Operate Manually

• Cyber Founder Recipe for Success: Clear Vision and Trusted Experts

• Telegram To Provide Law Enforcement With Suspect Data, If Requested

• DragonForce Ransomware Expands RaaS, Targets Firms Worldwide

• The Future of Application Security: Empowering Developers in the AI Era

• Risk & Repeat: What’s next for Telegram and Pavel Durov?

• Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means

• Empowered Together: A Story of Hope and Partnership

• A Leader in the 2024 Gartner Magic Quadrant for EPP

• Tamnoon Raises $12 Million for Cloud Security Remediation Service

• City Water Facility in Kansas Hit by Cyberattack

• Microsoft Issues New Warnings For Windows Users

• 82% of Phishing Sites Now Target Mobile Devices

• LummaC2: Obfuscation Through Indirect Control Flow

• Top LMS Training Tips for Effective Learning

• Don’t share the viral Instagram Meta AI “legal” post

• How SMBs Can Implement Cyber-HDR for Increased Protection and Reduced Risk Harden-Detect-Respond

• CEO Durov Says Telegram Will Provide More Data to Governments

• Marko Polo Infostealer Campaigns Target Thousands Across Platforms

• Malwarebytes Personal Data Remover protects user privacy

• PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)

• Cybersecurity Researchers Warn of New Rust-Based Splinter Post-Exploitation Tool

• Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent

• 2024 H1 IRAP report is now available on AWS Artifact for Australian customers

• Malwarebytes Personal Data Remover: A new way to help scrub personal data online

• Romance scams costlier than ever: 10 percent of victims lose $10,000 or more

• AI: The New Frontier in Safeguarding Critical Infrastructure

• The 5 Best VPN Extensions for Chrome in 2024

• Harnessing Technology for Conservation: An Interview with the Executive Director of Connected Conservation Foundation

• Kaspersky Self-Deletes and Force-Installs UltraAV on Users’ Endpoints

• Researcher Says Healthcare Facility’s Doors Hackable for Over a Year

• Baffle Extends Reach to Ecrypt AWS S3 Data as Ingested

• Onapsis expands security for SAP Business Technology Platform

• US House Bill Addresses Growing Threat of Chinese Cyber Actors

• CISO Series Podcast LIVE in La Jolla (10-30-24)

• Multiple 0-Day Flaws in Automated Tank Gauge Systems Threaten Critical Infrastructure

• Forrester Named Cisco a Leader in the 2024 Microsegmentation Wave

• FTX’s Caroline Ellison Sentenced To Two Years In Prison

• New Windows Malware Locks Computer in Kiosk Mode

• Red Teaming in the age of EDR: Evasion of Endpoint Detection Through Malware Virtualisation

• Second Pwn2Own Automotive Contest Offers Over $1 Million in Prizes

• IntelBroker Leak Claims Involve Deloitte Communications

• Tamnoon raises $12 million to reduce critical cloud exposures

• How to check suspicious links fast?

• TikTok Removes Russian State Media Accounts

• From 12 to 21: how we discovered connections between the Twelve and BlackJack groups

• Mobile Phishing Attacks Explode, Enterprise Devices Targeted

• Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)

• Portnox enhances passwordless risk-based access for enterprise applications

• Nudge Security introduces automated SaaS spend discovery capabilities

• ChatGPT macOS Flaw Could’ve Enabled Long-Term Spyware via Memory Function

• Agentic AI in SOCs: A Solution to SOAR’s Unfulfilled Promises

• Thousands of US Congress Emails Exposed to Takeover

• CrowdStrike Apologizes for IT Outage, Defends Microsoft Kernel Access

• Cybersecurity News: Kansas water targeted, CrowdStrike apology, MoneyGram goes dark

• Understanding Network Attacks: Types, Trends, and Mitigation Strategies

• Navigating the Privacy Paradox: How Organizations Can Secure Customer Data While Ensuring Convenience

• Iran Was Behind Thousands of Text Messages Calling for Revenge Over Quran Burnings, Sweden Says

• ManageEngine Analytics Plus 6.0 identifies key inefficiencies in IT operations

• NETSCOUT’s nGeniusONE notification center streamlines and automates alerts

• Critical Ivanti Authentication Bypass Bug Exploited in Wild

• U.S. CISA adds Ivanti Virtual Traffic Manager flaw to its Known Exploited Vulnerabilities catalog

• Bitwarden inline autofill empowers users to fill passkeys directly from their vault

• OneTrust helps organizations operationalize DORA compliance

• Arkansas City water treatment facility switched to manual operations following a cyberattack

• Commvault acquires Clumio to accelerate cyber resilience capabilities for AWS

• Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware

• SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites

• US Capitol data breach and MoneyGram Cyber Attack details

• The Importance of Healthcare Data to Ransomware Hackers

• MoneyGram Confirms Cyberattack Following Outage

• Kansas County Ransomware Attack Exposed Nearly 30,000 Residents’ Sensitive Data

• New Android banking trojan Octo2 targets European banks

• CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns

• Evilginx – an open source program to bypass MFA: Cyber Security Today for Wednesday, September 25, 2024

• Underfunding and Leadership Gaps Weaken Cybersecurity Defenses

• Securing non-human identities: Why fragmented strategies fail

• NetAlertX: Open-source Wi-Fi intruder detector

• Necro Trojan Strikes Google Play Again, Infecting Popular Apps

• Generative AI Fuels New Wave of Cyberattacks, HP Warns

• Symmetry Systems Shines as Finalist in Cloud Security Alliance Startup Pitchapalooza

• Cybersecurity jobs available right now: September 25, 2024

• Organizations are making email more secure, and it’s paying off

• 41% concerned about job security due to skill gaps

• ISC Stormcast For Wednesday, September 25th, 2024 https://isc.sans.edu/podcastdetail/9152, (Wed, Sep 25th)

• CrowdStrike apologizes to Congress for ‘perfect storm’ that caused global IT outage

• China claims Taiwan, not civilian hackers, behind website vandalism

• PDiddySploit Malware Hidden in Files Claiming to Reveal Deleted Diddy Posts

Generated on 2024-09-26 23:55:10.277719