IT Security News Daily Summary 2024-10-01

• Dotnet Source Generators in 2024 Part 1: Getting Started

• How to perform a proof of concept for automated discovery using Amazon Macie

• What Is Inside Microsoft’s Major Windows 11 Update?

• New security protocol shields data from attackers during cloud-based computation

• Law enforcement agencies arrest 4 alleged LockBit members

• News alert: Introducing Mayhem Security — ForAllSecure unveils name change, fresh focus

• ICE Signs $2 Million Contract With Spyware Maker Paragon Solutions

• How to Stop Advertisers From Tracking Your Teen Across the Internet

• API Gateways and API Protection: What’s the Difference?

• Workarounds for Oracle Restrictions on the Size of Expression Lists

• T-Mobile reaches $31.5M breach settlement with FCC

• UMC Health System diverted patients following a ransomware attack

• Euro cops arrest 4 including suspected LockBit dev chilling on holiday

• Building Your First Web Application with Yii Framework

• OpenAI’s DevDay 2024: 4 major updates that will make AI more accessible and affordable

• Meta Penalized $101 Million for Storing Passwords in Plaintext, Faces Heightened EU Oversight

• Top Tech Conferences & Events to Add to Your Calendar in 2024

• Notorious Evil Corp Hackers Targeted NATO Allies for Russian Intelligence

• DCRat Malware Propagates via HTML Smuggling

• Meta Fined €91 Million by EU Privacy Regulator for Improper Password Storage

• Ransomware Gangs Targeting CEOs with Stolen Data

• Embargo Ransomware Shifts Focus to Cloud Platforms

• AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition

• 8,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in WP Hotel Booking WordPress Plugin

• New PyPI Malware Poses as Crypto Wallet Tools to Steal Private Keys

• Risk & Repeat: Inside the Microsoft SFI progress report

• From security to AI: factors that are driving industrial networking investment

• British Hacker Charged in the US For $3.75m Insider Trading Scheme

• CISA Kicks Off 21st Anniversary of Cybersecurity Awareness Month

• Russia Cyber attack on Nato countries and ransomware attack on UMC Health System

• Get a waterproof Blink Mini 2 security camera for only $20 before October Prime Day

• Evil Corp’s deep ties with Russia and NATO member attacks exposed

• T-Mobile to Pay Millions to Settle With FCC Over Data Breaches

• Ransomware Attack Forces UMC to Divert Emergency Patients

• The complete agenda for the Disrupt Stage at TechCrunch Disrupt 2024

• How Payment Solutions Can Help CFOs Overcome Economic Challenges

• Evolving and Reimagining Cisco Marketing Velocity – introducing Jennifer Machgan

• Evil Corp’s LockBit Ties Exposed in Latest Phase of Operation Cronos

• Keep your firewall rules up-to-date with Network Firewall features

• Using AWS WAF Efficiently To Secure Your CDN, Load Balancers, and API Servers

• Spooky action: Phantom domains create hijackable hyperlinks

• AI and deepfakes: How to be AI-savvy

• Protecting your identity: Stay one step ahead of cybercriminals

• How the FBI and Mandiant caught a ‘serial hacker’ who tried to fake his own death

• U.S. CISA adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog

• Synopsys Software Integrity Group Rebrands as Black Duck – A New Era in Application Security

• Risk Management in Real Time with Safe Security

• Hurricane Helene Aftermath – Cyber Security Awareness Month, (Tue, Oct 1st)

• Introducing an Effortless Way to Deploy Akamai API Security

• capa Explorer Web: A Web-Based Tool for Program Capability Analysis

• Guarding Kubernetes From the Threat Landscape: Effective Practices for Container Security

• Android users targeted on Facebook and porn sites, served adware

• Global Cyber Attacks to Double from 2020 to 2024, Report Finds

• Vulnerability Recap 10/01/24 – NVIDIA, Ivanti & Newcomer Kia See Issues

• CISA Releases Two Industrial Control Systems Advisories

• Eon emerges from stealth with $127M to bring a fresh approach to backing up cloud infrastructure

• UK unmasks LockBit ransomware affiliate as high-ranking hacker in Russia state-backed cybercrime gang

• Keeper Kicks Off Cybersecurity Action Month

• Why Is IT Forcing You to Patch Your Software? Understand the Importance of Patching

• BudTrader – 2,721,185 breached accounts

• PLANET Technology Switches Face Multiple Vulnerabilities, Urgent Firmware Updates Advised

• Cloud Security Firm Apono Raises $15.5 Million to Expand AI-Powered Access Management

• Windows 11, version 24H2 security baseline

• NCA unmasks man it suspects is both ‘Evil Corp kingpin’ and LockBit affiliate

• Microsoft Unveils Copilot Vision AI Tool, but Highlights Security After Recall Debacle

• OWASP Global AppSec SF 2024: Empowering Developer Security As A Community

• Veeam Recon Scanner identifies adversary tactics, techniques, and procedures

• Red Sift Radar diagnoses issues through AI-powered insights

• Exabeam introduces AI-driven LogRhythm Intelligence

• Halcyon offers ransomware protection for Linux environments

• T-Mobile to Pay $15.75m Penalty for Multiple Data Breaches

• Optigo Networks ONS-S8 Spectra Aggregation Switch

• The Art and Science of CX Success

• Check Point Software Completes Cyberint Acquisition

• Over Half of Cyber Professionals Feel Their Budget is Underfunded

• Building a Better Cybersecurity Awareness Program

• Authorities Warn of Growing Iranian Spear Phishing Threat Against Journalists and Diplomats

• Exabeam Brings AI Security Operations to On-Premises, Cloud Native and Hybrid Environments

• RSA and Swissbit join forces to secure government agencies

• Eon emerges from stealth with $127M to bring a fresh approach to back up cloud infrastructure

• Logpoint Strengthens SIEM by Acquiring Muninn AI-Powered NDR

• KartLANPwn Flaw Exploits Mario Kart 8 Deluxe LAN Play Feature for RCE

• Organizations Warned of Exploited SAP, Gpac and D-Link Vulnerabilities

• Why SMBs Have Become Easy Prey for Cyber Criminals

• The Rising Threat of Payment Fraud: How It Impacts Businesses and Ways to Counter It

• ConnectSecure unveils M365 Assessment Module to help MSPs identify security weaknesses

• Dragos acquires Network Perception to boost security in OT environments

• I’ve weathered a lot of hurricanes – these are my must-have storm tracking tools

• What Is Threat Hunting In Cybersecurity?

• Top 7 Cyber Threat Hunting Tools Reviewed by Experts for 2024

• CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog

• JPCERT Shares Windows Event Log Tips to Detect Ransomware Attacks

• What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help

• Five Eyes Agencies Put Focus on Active Directory Threats

• Researcher Details RCE Flaw (CVE-2024-36435) in Supermicro BMC IPMI Firmware

• Malicious Actors Use Infected PyPI Packages to Target Roblox Da Hood Game Cheaters

• Kia Dealer Portal Vulnerability Risked Millions of Cars

• AFP News Agency’s Content Delivery Systems Hit by Cyberattack

• Apono Raises $15.5 Million for Cloud Access Platform

• 5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage

• US Grounds SpaceX Falcon After Second-Stage Issue

• Facebook and Instagram passwords were stored in plaintext, Meta fined

• Windows 11 users, beware: A recent update has been causing constant reboots

• News agency AFP hit by cyberattack, client services impacted

• GitLab Patches: Severe SAML Authentication Bypass Flaw Fixed

• CISA and FBI Issue Alert on XSS Vulnerabilities

• Use Windows event logs for ransomware investigations, JPCERT/CC advises

• Google Workspace Announced New Password Policies, What is Changing

• We’re Lowering the Requirement for Entry Level to Just 8 Years of Experience

• Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning

• China Telecom Trains 1 Trillion-Parameter AI Model Using Domestic Chips

• Judge Adds New Terms For X Brazil Re-Entry

• US Moves To Facilitate AI Chip Shipments To Middle East

• Key Takeaways from the 2024 Crypto Crime Mid-Year Update

• Monitoring Your Files for Security and Compliance

• Key Group: another ransomware group using leaked builders

• June 2024 Cyber Attacks Statistics

• UMC Health System Diverts Patients Following Ransomware Attack

• Cybersecurity Awareness Month 2024: The Top Four Ways to Secure Our World

• Cybersecurity News: T-Mobile data breach fines, Iranian hackers charged, Deepfake scam hits U.S. senate

• How to Create a Secure Password: 7 Best Practices for 2024

• Ten Million Brits Hit By Fraud in Just Three Years

• TechRepublic Premium Editorial Calendar: Policies, Hiring Kits, and Glossaries for Download

• OWG Parallax Private Cloud Desktop simplifies business operations

• California Governor Vetoes AI Safety Bill

• Epic Sues Google, Samsung Over App Store Barriers

• Digitally Curious

• Sick of ads on Android? Change these 5 settings for more privacy – fast

• North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence

• Phishing Attacks on Australia Disguised as Atlassian

• DragonForce Ransomware Expands RaaS, Targets Firms Worldwide

• PoC Exploit Shows Local Privilege Escalation Risk in Linux

• Critical XSS Flaw Discovered in Filament Necessitates Urgent Update for Laravel Developers

• Multiple Vulnerabilities Discovered in PHP, Prompting Urgent Security Updates

• Apono raises $15.5 million to accelerate product development

• Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials

• ISACA: European Security Teams Are Understaffed and Underfunded

• Top Paying Countries for Cybersecurity Experts

• SpaceX Capsule Docks With ISS For Starliner Rescue Mission

• Password Advice for the Rest of Us

• Top Trending Cybersecurity news headlines on Google for today

• CISA Warns of Four Vulnerabilities that Exploited Actively in the Wild

• Ambulances Still Diverted as UMC Faces Ongoing Cybersecurity Incident

• Book Review: “Premier CISO – Board & C-Suite” by Michael S. Oberlaender

• Three Iranian Cyber Actors Indicted for Election Interference and Hacking Campaign

• Critical Infrastructure at Risk: Vulnerabilities Discovered in Automatic Tank Gauging

• 3 easy microsegmentation projects

• New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet

• Password management habits you should unlearn

• Reducing credential complexity with identity federation

• Infosec products of the month: September 2024

• U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails

• ISC Stormcast For Tuesday, October 1st, 2024 https://isc.sans.edu/podcastdetail/9160, (Tue, Oct 1st)

• The 5 Best VoIP Routers (Wired, Wireless, and Mesh)

• Splunk Urges Australian Organisations to Secure LLMs

• Crooked Cops, Stolen Laptops & the Ghost of UGNazi

• Trouble in Da Hood: Malicious Actors Use Infected PyPI Packages to Target Roblox Cheaters

• T-Mobile US to cough up $31.5M after that long string of security SNAFUs

• Ransomware forces hospital to turn away ambulances

• Rackspace monitoring systems hit by zero-day

• Australian e-tailer digiDirect customers’ info allegedly stolen and dumped online

• Microsoft Readies a More Secure Recall Feature for Release

• IT Security News Monthly Summary – October

• IT Security News Daily Summary 2024-09-30

• Network Sniffing: A Critical Concept in Network Security

• CISA Announces the FY 2024 Rural Emergency Medical Communications Demonstration Project (REMCDP) Cooperative Agreement Recipient

• Google’s new Workspace password policy starts today: How to know if you’re affected

• Cybersecurity In Critical Infrastructure: Protecting Power Grids and Smart Grids

• Patelco Credit Union data breach impacted over 1 million people

• What is WPA3 (Wi-Fi Protected Access 3)?

• Mozilla Faces GDPR Complaint Over New Firefox Tracking Feature

• How to Safeguard Your Systems from Linux CUPS Vulnerabilities

• North Korea Hackers Linked to Breach of German Missile Manufacturer

• Storm-0501 Gang Targets US Hybrid Clouds with Ransomware

• How to implement relationship-based access control with Amazon Verified Permissions and Amazon Neptune

• Tool update: mac-robber.py and le-hex-to-ip.py, (Mon, Sep 30th)

• A (Beta) Audio Roundup of September’s WordPress Vulnerabilities

• Check Point Harmony Endpoint: Strategic Leader in Real-World Endpoint Protection

• LINUX CUPS VULNERABILITIES

• 5 Reasons Why Developers Should Attend Security Conferences

• EFF Awards Night: Celebrating Digital Rights Founders Advancing Free Speech and Access to Information Around the World

• Randall Munroe’s XKCD ‘Late Cenozoic’

• Our New Carbon Calculator Report Supports 400 Days of Data

• Google to use Gemini AI to secure Gmail from spam and malware

• Britain teachers need Cyber security training on an urgent note

• The Most Misunderstood Data Security Terms in the United States

• CISA Adds Four Known Exploited Vulnerabilities to Catalog

• Everything you need to know about VPNs

• We are skeptical of VPN providers, and you should be, too

• VPN providers don’t protect your privacy online. Here’s what can.

• How to make your own encrypted VPN server in 15 minutes

• Think you need a VPN? Start here.

• Zen and the Art of Modern Patch Management: How to Eliminate Stress, Improve Security, and Streamline IT Operations

• Central Tickets – 722,860 breached accounts

• Patelco Credit Union Data Breach Impacts Over 1 Million People

• Kia’s Huge Security Hole: FIXED (Finally)

• NVIDIA Container Toolkit Vulnerability Exposes AI Systems to Risk

• MDR in Action: Preventing The More_eggs Backdoor From Hatching

• DCRAt Attacking Users Via HTML Smuggling To Steal Login Credentials

• GorillaBot Emerged As King For DDoS Attacks With 300,000+ Commands

• North Korean Hackers Attempted To Steal Sensitive Military Data

• Why Haven’t You Upgraded to HTTP/2?

• Barracuda SPF and DKIM Configuration: Step By Step

• Avanan’s SPF and DKIM configuration: Step By Step Guideline

• Apono Secures $15.5M Series A Funding to Revolutionize Cloud Access Security

• ChatGPT Vulnerability Exploited: Hacker Demonstrates Data Theft via ‘SpAIware

• Critical RCE Vulnerabilities Found in Common Unix Printing System

• Darktrace AI Halts Thread Hijacking Attack Targeting Major Company

• Community Clinic of Maui discloses a data breach following May Lockbit ransomware attack

• If you’re holding important data, Iran is probably trying spearphish it

• Hawaii Health Center Discloses Data Breach After Ransomware Attack

• Meta Unveils its First Open AI Model That Can Process Images

• Shocking Ways Hackers Can Exploit Your IP Address – You’re Not as Safe as You Think

• Vulnerability Summary for the Week of September 23, 2024

• Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts

• US State CISOs Struggling with Insufficient Cybersecurity Funding

• Artisan raises $11.5M to deploy AI ’employees’ for sales teams

• THN Cybersecurity Recap: Last Week’s Top Threats and Trends (September 23-29)

• EDR vs. SIEM: Key Differences, Features, Functionality Gaps, and More

• Remote ID verification tech is often biased, bungling, and no good on its own

• Celebrating 6 Years with CISO Series

• Facial DNA provider leaks biometric data via WordPress folder

• Nigeria Hackers Sentenced for Selling Financial Information on Dark Web

• Maximizing Cloud Network Security With Next-Generation Firewalls (NGFWs): Key Strategies for Performance and Protection

• Accounting Firm WMDDH Discloses Data Breach Impacting 127,000

• Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA

• Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks

• How Open-Source Tools Can Help Keep Your Computer Secure

• Tor And Tails OS Announce Merger For Streamlined Operations

• Cloud threats have execs the most freaked out because they’re not prepared

• A British national has been charged for his execution of a hack-to-trade scheme

• Storm-0501 Expands Ransomware Attacks to Hybrid Cloud Environments

• The Path of Least Resistance to Privileged Access Management

• Growing Focus on Data Privacy Among GenAI Professionals in 2024

• Microsoft revised the controversial Copilot+ Recall feature

• A Hacker’s Era: Why Microsoft 365 Protection Reigns Supreme

• Cyber-Attacks Hit Over a Third of English Schools

• UK Competition Regulator Clears $4bn Amazon Anthropic AI Deal

• Apple Must Face Reduced Claims In Device Privacy Case

• Hacktivist Groups Operating Together! Connection Ober TTPs Uncovered

• GDPR Security Pack

• Meet Team Europe for International Cybersecurity Challenge 2024!

• The Pig Butchering Invasion Has Begun

• Critical WatchGuard Vulnerabilities Discovered: CVE-2024-6592 and CVE-2024-6593

• British National Arrested, Charged for Hacking US Companies

• PwC Urges Boards to Give CISOs a Seat at the Table

• Cybersecurity News: Recall redesigned, Embargo attacks cloud, Dallas suburb cyberattack

• Why it’s time to replace your legacy SIEM with a SOC platform

• Microsoft Relaunches Controversial AI Snapshot Tool

• Musk Lashes Out At UK Government After Investment Summit Snub

• International Tensions, AI Drive Record Chip Spending

• Google Expert Argues US Ad Case Is Too Narrow

• The Growing Threat Of Fake Job Applicants

• Data Security Best Practices for Cloud CRM Systems as Adoption Surges

• Promoting security in the digital world during the European Cybersecurity Month

• Critical NVIDIA Container Toolkit flaw could allow access to the underlying host

• Heimdal and emt Distribution Aim to Dominate the Middle East Cybersecurity Market

• DCRat Targets Users with HTML Smuggling

• Unpatched SQLi Flaw in TI WooCommerce Wishlist Threatens 100,000+ Sites

• Hadooken and K4Spreader: The 8220 Gang’s Latest Arsenal

• Some Americans are finally able to renew their passports online

• UK and US Warn of Growing Iranian Spear Phishing Threat

• Facebook Parent Fined £75m Over Password Storage

• A week in security (September 23 – September 29)

• The Rise of API Security Automation: Defending the Digital Frontlines with AI and Machine Learning

• Meta Fined €91 Million for Storing Millions of Facebook and Instagram Passwords in Plaintext

• NIST issues new password guidelines: Cyber Security Today for Monday, September 30, 2024

• Israeli Army Hacked Beirut Airport to Threaten Civilians

• CISA Urges Action as Attackers Exploit Critical Systems Using Basic Tactics

• Kia Vulnerability Enables Remote Access to Millions of Cars Using Just a License Plate

• Escape vs Salt Security

• Eliminating Memory Safety Vulnerabilities at the Source

• SCCMSecrets: Open-source SCCM policies exploitation tool

• Could APIs be the undoing of AI?

• AI code helpers just can’t stop inventing package names

• Open source maintainers: Key to software health and security

• What Are the Main Types of Cybersecurity Risks That Should Be Accepted?

• Forget the Kia Boyz: Hackers could hijack your car with just a smartphone

• Industry Moves for the week of September 30, 2024 – SecurityWeek

• California Governor Vetoes Bill to Create First-in-Nation AI Safety Measures

• The most common authentication method is also the least secure

• Businesses turn to private AI for enhanced security and data management

• ISC Stormcast For Monday, September 30th, 2024 https://isc.sans.edu/podcastdetail/9158, (Mon, Sep 30th)

• Binance claims it helped to bust Chinese crypto scam app in India

• Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware

Generated on 2024-10-01 23:55:11.798240