IT Security News Daily Summary 2024-10-08

• Starting to Care About Security

• VERT Threat Alert: October 2024 Patch Tuesday Analysis

• Qualcomm urges device makers to push patches after ‘targeted’ exploitation

• How IT Does IT for an IT Company

• Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI™ study

• Harnessing AI for Enhanced Security

• Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI™ study

• GoldenJackal Targets Embassies, Steals Data from Air-Gapped Systems

• Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI™ study

• MoneyGram confirms customer data breach

• Why you don’t need to pay for antivirus software anymore

• The Zensory Partners with Brigantia to Bring Cyber Mindfulness to the Reseller Market

• Keeper Security Cybersecurity Action Month: The Importance of Phishing Awareness

• USENIX NSDI ’24 – Multitenant In-Network Acceleration with SwitchVM

• Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI™ study

• Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)

• Microsoft Patch Tuesday – October 2024, (Tue, Oct 8th)

• Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities

• Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer

• Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI™ study

• High-severity Qualcomm zero-day vulnerability under attack

• Chinese Hackers Breach US Wiretapping Data, Expose Vulnerabilities

• Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI™ study

• CISA and FBI Warn of Iranian-Backed Cyber Activity to Undermine U.S. Democratic Institutions

• Using iPhone Mirroring at work? You might have just overshared to your boss

• Kaspersky says it’s closing down its UK office and laying off dozens

• BTS #39 – The Art of Firmware Scraping – Edwin Shuttleworth

• Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)

• CISA and FBI Release Fact Sheet on Protecting Against Iranian Targeting of Accounts Associated with National Political Organizations

• Randall Munroe’s XKCD ‘University Commas’

• Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI™ study

• OpenBSD 7.6 released: security improvements, new hardware support, and more!

• FTC Findings on Commercial Surveillance Can Lead to Better Alternatives

• IBM X-Force Threat Report Still Indicates the Biggest Threat Is You

• Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines

• Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited

• Get Spooked By Huge Scope and Rewards in the Wordfence Bug Bounty Cybersecurity Month Spooktacular Haunt!

• Secure Organizations by Thinking Like a Hacker

• Job Scams Report – 2,670 Social Media Posts Reveal Scammers’ Top Tactics

• The X Corp. Shutdown in Brazil: What We Can Learn

• Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI™ study

• American Water Hit by Cyber-Attack, Billing Systems Disrupted

• Security at the Onset: Stabilizing CSPM and DevSecOps

• How to plan a cloud strategy: Complete guide and template

• Laying the foundation for Industry 4.0: crafting the ultimate industrial secure segmentation blueprint

• Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI™ study

• American Water Hit by Cyberattack, Billing Systems Disrupted

• Lua Malware Targeting Student Gamers via Fake Game Cheats

• Exposing the Facebook funeral livestream scam (Lock and Code S05E21)

• What Google’s U-Turn on Third-Party Cookies Means for Chrome Privacy

• Kasperksy says it’s closing down its UK office and laying off dozens

• Cloud Security Assessment: Checklist to Ensure Data Protection

• Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI™ study

• Comcast Ransomware attack and American Water Cyber Attack shutdown

• LemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos Servers

• Partnering for Success in an Evolving Technology Ecosystem

• Healthcare Cybersecurity: Taking a Proactive Route

• Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI™ study

• Cloud Security Risks Surge as 38% of Firms Face Exposures

• Critical Automative 0-Day Flaws Let Attackers Gain Full Control Over Cars

• Beyond Compliance: The Power of Proactive, Year-Round Network Pen Testing

• Google’s Latest Theft Protection for Android Devices

• Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI™ study

• Badge and CyberArk Announce Partnership to Redefine Privacy in PAM and Secrets Management

• Likho Hackers Using MeshCentral For Remotely Managing Victim Systems

• Secret Management and Rotation

• Avoid Scams After Disaster Strikes

• Qualcomm fixed a zero-day exploited limited, targeted attacks

• Trend Micro Extends NVIDIA Cybersecurity Alliance to Detect Threats in Real Time

• DoT Introduces New System to Block Spoofed Calls

• Encryption Battle: FBI’s Year-Long Struggle with Mayor’s Cellphone

• India Disconnects 1.77 Crore Mobile Connections Using AI Tools, Blocks 45 Lakh Spoofed Calls

• Hackers Exploit Visual Studio Code as a Remote Access Tool, Researchers Find

• Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI™ study

• Dashlane Credential Risk Detection prevents credential-based breaches

• Is AI saving jobs… or taking them?

• MSPs must combat cybersecurity skills shortage with ongoing client training and support

• Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI™ study

• How to Use ITSM, SIEM, and SOAR to Remediate API Attacks

• Securing the Future of Home Networks: Heights Telecom and Check Point’s Revolutionary Partnership

• Three key strategies for organisations to protect themselves from deepfakes

• Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI™ study

• Data Theorem Code Secure helps security and DevOps teams secure their software

• 31 New Ransomware Groups Join the Ecosystem in 12 Months

• Improve security incident response times by using AWS Service Catalog to decentralize security notifications

• How Automation Can Help Security Policy Optimization

• Vulnerability Recap 10/8/24 – Thousands of Routers & Servers at Risk

• Palo Alto Networks Joins EU AI Pact for a Secure Digital Future

• Unmasking Shadow Apps to Secure Your SaaS Stack

• Juniper Secure AI-Native Edge accelerates detection of potential network threats

• OTAVA S.E.C.U.R.E. Score simplifies cybersecurity strategy for businesses

• You should protect your Windows PC data with strong encryption – here’s how and why

• 5 hurricane-tracking apps I’m using to keep an eye on Hurricane Milton

• Can a VPN Be Hacked?

• Top 10 Managed Service Providers in New Jersey for 2024

• Do More With Your SOAR

• Qualcomm zero-day under targeted exploitation (CVE-2024-43047)

• Why Software Updates Are Important

• Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI™ study

• US Warns of Foreign Interference in Congressional Races Ahead of Election

• Storm-1575 Threat Actor Deploys New Login Panels for Phishing Infrastructure

• MoneyGram discloses data breach following September cyberattack

• New Case Study: The Evil Twin Checkout Page

• Cyberattack Group ‘Awaken Likho’ Targets Russian Government with Advanced Tools

• Hackers Gained Unauthorized Network Access to Casio Networks

• China Possibly Hacking US “Lawful Access” Backdoor

• AlmaLinux vs. Rocky Linux: Comparing Enterprise Linux Distributions

• Microsoft Defender VPN Detects Unsafe WiFi Networks

• US Judge Orders Google To Allow Android App Store Competition

• US Supreme Court Rejects X’s Trump Appeal

• American Water shuts down systems after cyberattack

• GoldenJackal Target Embassies and Air-Gapped Systems Using Malware Toolsets

• Cyber Fraud Cost up to $37bn in Southeast Asia Last Year

• Global Police Track Human Traffickers in Online Crackdown

• Amazon Antitrust Case Gets Go-Ahead In US Court

• Ukraine Hackers Disrupt Russian Broadcaster On Putin’s Birthday

• Open-Source Scanner Released to Detect CUPS Vulnerability

• 3 iPhone settings I changed to thwart thieves – and what to do if your phone is stolen

• Nearly Half of UK Companies Are Missing Essential Cybersecurity Skills

• MoneyGram Reveals Data Breach After Incident Downed Services

• Indian Threat Actors Target South And East Asian Entities

• BreachLock Attack Surface Analytics strengthens enterprise CTEM capabilities

• ESA Sends Hera Probe Into Space On Planetary Defence Mission

• Huawei Ditches Android Apps With HarmonyOS Next

• American Water shut down some of its systems following a cyberattack

• Comcast Cyber Attack Impacts 237,000+ Users Personal Data

• Solving the Puzzle of RBAC with Red Hat Customer Portal

• SimSpace’s OT content enhancements improve critical infrastructure security

• Ubisoft Shares Skyrocket On Buyout Speculation

• Top EU Court Says Meta Must Limit Data For Ad Targeting

• American Water Works Cyber Attack Impacts IT Systems

• Happy birthday, Putin – you’ve been pwned

• Google Blocked Malicious Sideloading Apps for Indian Users

• Pro-Ukrainian Hackers Strike Russian State TV on Putin’s Birthday

• Ukraine Celebrates Vladimir Putin’s Birthday with Cyber Attack

• What to Do If Your Google Account Is Hacked or Compromised

• Lego Hacked by Crypto-Scammers

• From Zero Trust to Full Trust: How Remote Browser Isolation Shields Against Emerging Threats

• The role of self-sovereign identity in enterprises

• Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits

• American Water Hit by Cyberattack

• Gorilla Botnet Launches Over 300,000 DDoS Attacks

• How hybrid workforces are reshaping authentication strategies

• Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI™ study

• Google brings better bricking to Androids, to curtail crims

• Websites are losing the fight against bot attacks

• SaaS Application Security | The Missing Component of Cyber Risk in the Cloud

• Webinar: ManageEngine Log360 product demo

• Shaping Tomorrow’s Cyber-Guardians: A Hackathon for Kids

• ISC Stormcast For Tuesday, October 8th, 2024 https://isc.sans.edu/podcastdetail/9170, (Tue, Oct 8th)

• A Modern Playbook for Ransomware

• American Water rinsed in cyberattack, turns off app

• Feds reach for sliver of crypto-cash nicked by North Korea’s notorious Lazarus Group

• Cyberattack on American Water Shuts Down Customer Portal, Halts Billing

• Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI™ study

• MoneyGram says hackers stole customers’ personal information and transaction data

• IT Security News Daily Summary 2024-10-07

• 2024-10-07 – Data dump (Formbook, possible Astaroth/Guildma, Redline Stealer, unidentified malware)

• American Water stops billing for H2O due to ‘cybersecurity incident’

• 7,000 WordPress Sites Affected by Unauthenticated Critical Vulnerabilities in LatePoint WordPress Plugin

• Integrate Spring Boot With jOOQ, Liquibase, and Testcontainers

• Timeline: 15 Notable Cyberattacks and Data Breaches

• Germany Rushes to Expand Biometric Surveillance

• USENIX NSDI ’24 – Reverie: Low Pass Filter-Based Switch Buffer Sharing for Datacenters with RDMA and TCP Traffic

• Okta Fixes Critical Vulnerability Allowing Sign-On Policy Bypass

• Comcast and Truist Bank customers impacted by debt collector’s breach

• Cops love facial recognition, and withholding info on its use from the courts

• Need to manage Linux passwords on the command line? No GUI, no problem!

• The 30-year-old internet backdoor law that came back to bite

• Universal Music data breach impacted 680 individuals

• American Water discloses breach, utilities unaffected

• Massive Global Fraud Campaign Exploits Fake Trading Apps on Apple and Google Platforms

• MC2 Data Breach Exposes Millions: Stay Protected

• Cryptomining and Proxyjacking: The Rise of Perfctl Malware

• The waterproof Blink Mini 2 security camera is down to $20 this October Prime Day

• Large scale Google Ads campaign targets utility software

• The Past Month in Stolen Data

• DOJ Wants to Claw Back $2.67 Million Stolen by Lazarus Group

• Apple fixes bugs in macOS Sequoia that broke some cybersecurity tools

• Chinese cyberspies reportedly breached Verizon, AT&T, Lumen

• Vulnerability Summary for the Week of September 30, 2024

• Leveling Up Security: Understanding Cyber Threats in the Gaming Industry

• Universal Music Group Admits Data Breach

• macOS Sequoia: System/Network Admins, Hold On!, (Mon, Oct 7th)

• American Water warns of billing outages after finding hackers in its systems

• Simplifying SBOM compliance with Sonatype under India’s cybersecurity framework

• New FakeUpdate Cyber Campaign Spreads Updated WarmCookie Backdoor in France

• Insurance Companies May Halt Ransomware Payment Coverage Amid White House Push

• Kyiv’s hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin’s birthday

• MoneyGram: No Proof Ransomware Was Behind The Recent Cyber Attack

• Harvard Student Uses Meta Ray-Ban 2 Glasses and AI for Real-Time Data Scraping

• Advanced Threat Group GoldenJackal Exploits Air-Gapped Systems

• Cisco IOS XE Automation at Cisco Live APJC 2024

• PTaaS vs. Bug Bounty Programs: Complementary or Competing Approaches?

• Board-CISO Mismatch on Cyber Responsibility, NCSC Research Finds

• Learn Cybersecurity Essentials for Just $40 from Home

• ICO Releases New Data Protection Audit Framework

• OpenSSL 3.4 beta released

• Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

• iPhone flaw could read your saved passwords out loud. Update now!

• US Government, Microsoft Aim to Disrupt Russian threat actor ‘Star Blizzard’

• Multi-cloud Strategies Making DDI and DNS Cumbersome to Manage

• Reachability and Risk: Prioritizing Protection in a Complex Security Landscape

• EU Urged to Harmonize Incident Reporting Requirements

• China’s Salt Typhoon Hacks AT&T and Verizon, Accessing Wiretap Data: Report

• FBCS data breach impacted 238,000 Comcast customers

• Tips for Cybersecurity Awareness Month

• Action1 offers extended endpoint management capabilities for macOS devices

• Tech Professionals Highlight Critical AI Security Skills Gap

• Mamba 2FA: A new contender in the AiTM phishing ecosystem

• Beyond Fines: The Real Value of Achieving Cybersecurity Compliance

• Linux systems targeted with stealthy “Perfctl” cryptomining malware

• An anti-theft upgrade is coming to Android phones. Here’s how to see if you have it yet

• Australian Cybersecurity Professionals Confess To Growing Job Stress

• Comcast says customer data stolen in ransomware attack on debt collection agency

• Akamai Embeds API Security Connector in CDN Platform

• Critical Vulnerabilities Expose Nearly 1 Million DrayTek Routers Globally

• Top 10 SentinelOne Competitors & Alternatives in 2024 [Features, Pricing & Reviews]

• Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually

• Critical Apache Avro SDK RCE flaw impacts Java applications

• Largest Recorded DDoS Attack is 3.8 Tbps

• Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

• RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

• New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries

• Modernization of Authentication: Webinar on MFA, Passwords, and the Shift to Passwordless

• The Age of Virtual Assistants

• Google Threatens New Zealand News Ban Over Law

• EU States Approve China EV Tariffs In Split Vote

• US Think Tank Probes NASA Staff Over Trump, Musk Criticism

• Meta Shows Sound-Capable AI Video Generation Tool

• Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

• WordPress Security Checklist

• Exploring GenAI in Cybersecurity: Gemini for Malware Analysis

• Awaken Likho is awake: new techniques of an APT group

• Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection

• THN Cybersecurity Recap: Top Threats and Trends (Sep 30 – Oct 6)

• Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

• Fraud Repayment Rules Could Leave Victims Struggling, CTSI Claims

• Critical Skills Gap in AI, Cloud Security

• CosmicSting Exploit Targets Adobe Commerce and Magento Stores

• Fraud Repayment Rules Could Leave Victims Struggling – Non-Profit

• How to Prepare Identity Stack to Adopt the Zero-Trust Model

• Get Safe Online Launches New Scam Detector

• A week in security (September 30 – October 6)

• Embattled users worn down by privacy options? Let them eat code

• What is Command Prompt, what is Terminal and which is better?

• Musk Remains Silent Over SEC Interview

• An anti-theft upgrade is coming to Android phones. Here’s how to see if you have it

• Justifying Compliance Tools Before a Breach Occurs

• Are Your Containers Secure? Answer These 5 Questions and Find Out

• Man pleads guilty to stealing over $37 Million worth of cryptocurrency

• VIPRE Introduces All-in-one Endpoint EDR+MDR Package for  24/7 Managed Security

• Russia finally cracks down on cyber crimes: Cyber Security Today for Monday, October 7th, 2024

• New DDoS Attack Vector Discovered in CUPS, Exposing 58,000+ Vulnerable Devices Online

• E.U. Court Limits Meta’s Use of Personal Facebook Data for Targeted Ads

• Tools for Cyber Threat Hunting: Enhancing Security Posture

• Chinese Group Hacked US Court Wiretap Systems

• U.S. CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalog

• CloudSEK Debuts Free Deep Fake Detection Technology

• DHS tracks down $ 4.3 billion ransomware payments

• Check Point Software Acquires Cyberint

• The Future of Network Access Control: Transitioning to Universal ZTNA

• 19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

• Transforming cloud security with real-time visibility

• The case for enterprise exposure management

• SOC teams are frustrated with their security tools

• Rspamd: Open-source spam filtering system

• Meet the shared responsibility model with new CIS resources

• ISC Stormcast For Monday, October 7th, 2024 https://isc.sans.edu/podcastdetail/9168, (Mon, Oct 7th)

Generated on 2024-10-08 23:55:10.956834