IT Security News Daily Summary 2024-10-11

• US lawmakers seek answers on alleged Salt Typhoon breach of telecom giants

• Indian Fishermen Are Catching Less Squid

• 11 Types of Cybercrime + How to Prevent Them

• Microsoft blocked your Windows 11 upgrade? This just-released tool can get the job done

• Firefox Update Patches Exploited Vulnerability

• Deepfakes Can Fool Facial Recognition on Crypto Exchanges

• DevOps Decoded: Prioritizing Security in a Dynamic World

• Apple Releases Draft Ballot to Shorten Certificate Lifespan to 45 Days

• An Overview of TCPCopy for Beginners

• More on My AI and Democracy Book

• Prevent Path Traversal Attacks with ADR | Contrast Security

• The Internet Archive Breach: Over 31 Million User Accounts Exposed

• GitLab fixed a critical flaw that could allow arbitrary CI/CD pipeline execution

• Modern TVs have “unprecedented capabilities for surveillance and manipulation,” group reveals

• Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA

• GitHub, Telegram Bots, and QR Codes Abused in New Wave of Phishing Attacks

• What are CPE (continuing professional education) credits?

• What Are Managed Security Services: Benefits and Solutions

• HyperRing Demonstrates Wearable Smart Device in Joint Venture With The College of Extraordinary Experiences

• Cybersecurity Awareness Lags as Global Workforce Engages in Risky AI Practices

• UN Report: Telegram joins the expanding cybercrime markets in Southeast Asia

• How Southeast Asian Cyber Syndicates Stole Billions

• Protect Yourself from Phishing Scams Involving Personal Data and Bitcoin Demands

• Fidelity data breach happens for the second time in this year

• Should I Use My State’s Digital Driver’s License?

• Chinese Hackers Breach US Telco Networks to Access US Court Wiretap Systems

• Windows 11 24H2 update plagued by file scanner bug – over and over again

• Fidelity breach exposed the personal data of 77,000 customers – what to do if you’re affected

• CISA: Threat Actors Exploit F5 BIG-IP Cookies for Network Reconnaissance

• Federal Agencies Move Against North Korea’s Cybercrime Profits

• Akamai?s Perspective on October?s Patch Tuesday 2024

• Financing regenerative agriculture: a pathway to healthier soil, cleaner water, and climate resilience

• (In)Fidelity Admits Data Breach 8 Weeks Ago — 77K PII Lost

• NHS England Warns of Critical Veeam Vulnerability Under Active Exploitation

• Marriott Agrees To Pay $52 Million To Settle Data Breaches

• How governance, risk and compliance (GRC) addresses growing data liability concerns

• Exploring Goldilocks: ‘Just Right’ Resource Management

• September 2024’s Most Wanted Malware: Notable AI-Driven Techniques and Persistent RansomHub Threats

• Strengthening Security

• Innovator Spotlight: Cyberseconomics

• Generative AI Fueling More Sophisticated Cyberattacks: Survey

• TikTok Cuts Hundreds Of Jobs In Favour Of AI – Report

• Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

• Network Guardians: Crafting a Spring Boot-Driven Anomaly Detection System

• How AI-Driven Cybersecurity Offers Both Promise and Peril for Enterprises

• Octo2 Malware Uses Fake NordVPN, Chrome Apps to Infect Android Devices

• RAC duo busted for stealing and selling crash victims’ data

• How Hybrid Password Attacks Work and How to Defend Against Them

• US Border Agency Under Fire for App’s Handling of Personal Data

• Iran and China-linked actors used ChatGPT for preparing attacks

• IronNet Has Shut Down

• Keir Starmer hands ex-Darktrace boss investment minister gig

• EU adopts Cyber Resilience Act to secure connected products

• Tesla Shares Drop After Cybercab Unveiling

• Silicon UK In Focus Podcast: Is Your Business Data Ready?

• Russia’s SVR Targets Zimbra, TeamCity Servers for Cyber Espionage

• Sonatype Reports 156% Increase in OSS Malicious Packages

• Cloud Ransomware Attack: Microsoft Sees Storm-0501 As Threat

• Passwordless Authentication without Secrets!

• CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance

• Earth Simnavaz Levies Advanced Cyberattacks Against UAE and Gulf Regions

• Internet Archive data breach impacted 31M users

• Ubuntu 24.10 Oracular Oriole brings tighter security controls

• New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution

• What is Digital Assurance and Why It’s Crucial in Today’s Business Landscape

• News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

• Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation

• North Korean sponsored hackers target tech job seekers with phoney job interviews. Cyber Security Today for Friday, October 11, 2024

• Protecting Privacy in a Data-Driven World: What should you look for in a DLP Solution?

• Nokia claims Cyber Vulnerabilities in the Telecom Sector

• The New Geopolitical Weapon: The Impact of Cyberattacks Against Critical Infrastructure

• Data loss incidents impact patient care

• The “Mongolian Skimmer” Uses Unicode to Conceal Its Malicious Intent

• Podcast Episode Rerelease: So You Think You’re A Critical Thinker

• FBI created a cryptocurrency so it could watch it being abused

• DORA regulation’s nuts and bolts

• 31 Million Records Exposed Online by Sports Technology Company TrackMan

• The Hidden Price of DevSecOps: How Security Tasks Are Sapping Developer Productivity and Jeopardizing Competitive Edge

• Unlocking the power of cryptographic agility in a quantum world

• A Holistic Approach to Security: 6 Strategies to Safeguard Against DDoS Attacks

• Generative AI software and features are being shoehorned in across all industries

• Scammers target Airbnb and Booking.com users

• One Year Later: The Israeli Tradition of Resilience

• New infosec products of the week: October 11, 2024

• Healthcare attacks spread beyond US – just ask India’s Star Health

• What you need to know to select the right GRC framework, North American Edition

• How to setup passkeys in Apple Passwords app

• ISC Stormcast For Friday, October 11th, 2024 https://isc.sans.edu/podcastdetail/9176, (Fri, Oct 11th)

• Innovator Spotlight: Zendata

• How AI is being used this 2024 election season

• Top 6 Best Enpass Alternatives: Features & Reviews

• ADDO session: Building observability to increase resiliency

• How to spot scammers when making political donations

• Crooks stole personal info of 77k Fidelity Investments customers

• IT Security News Daily Summary 2024-10-10

• Lynx Ransomware: A Rebranding of INC Ransomware

• Remediation vs. Mitigation: The Choice Between Instant or Indirect Action

• How the Auth0 and Aembit Integration Boosts Non-Human Access Security

• Fidelity Data Breach Exposes Data of Over 77,000 Customers

• New IPANDETEC Report Shows Panama’s ISPs Still Lag in Protecting User Data

• Tonic.ai Product Updates: October 2024

• Fidelity Data Breach Exposes Data From Over 77,000 Customers

• OpenAI details how threat actors are abusing ChatGPT

• Coalition: Ransomware severity up 68% in first half of 2024

• Top 11 Cybersecurity Questions Every CISO Should Be Ready to Answer

• What NIST’s latest password standards mean, and why the old ones weren’t working

• AMD Launches New AI, Server Chips To Expand Nvidia Challenge

• Qantas Employee Data Misuse: Over 800 Bookings Affected by Rogue Staff

• Downside of Tech: Need for Upgraded Security Measures Amid AI-driven Cyberattacks

• Microsoft Urges Millions to Upgrade as Windows Support Ends, Security Risks Increase

• Why Trust Drives the Future of Cybersecurity Marketing

• Apple Patches VoiceOver Flaw That Could Read Passwords Aloud

• Chinese Hackers Breach US Wiretap Systems – Report

• Apple’s iPhone Mirroring bug could expose your personal apps to your employer

• How to encrypt a file on Linux, MacOS, and Windows – and why

• Deloitte: Why Only a Quarter of Cybersecurity Professionals are Women

• Wordfence Intelligence Weekly WordPress Vulnerability Report (September 30, 2024 to October 6, 2024)

• Fisker Unable To Migrate EV Data To New Owner’s Server

• Using Chrome’s accessibility APIs to find security bugs

• Disinformation Campaign Targets Moldova Ahead of EU Referendum

• Strengthening security in the era of generative AI: Must-attend sessions at re:Invent 2024

• Marriott agrees to pay $50 million to its users of 50 states for data breach

• Internet Archive (Archive.Org) Hacked: 31 Million Accounts Compromised

• USENIX NSDI ’24 – MegaScale: Scaling Large Language Model Training to More Than 10,000 GPUs

• Qualys Unfurls Risk Operations Center Platform

• Internet Archive breach compromises 31 million accounts – what you need to know

• Rockwell Automation ControlLogix

• The Next Wave of Service Assurance: Driving Revenue and Customer Experience

• Partners who use Cisco Marketing Velocity can generate 5.2x more pipeline

• E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer

• Over 10m Conversations Exposed in AI Call Center Hack

• Elon Musk’s X To Avoid EU’s Tough DMA – Report

• Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

• Best Anti-Malware Software for Mac 2025

• Siemens SIMATIC S7-1500 and S7-1200 CPUs

• Best Practices to Configure BIG-IP LTM Systems to Encrypt HTTP Persistence Cookies

• EU Adopts Cyber Resilience Act for Connected Devices

• Risk, reward and reality: Has enterprise perception of the public cloud changed?

• What is extended detection and response (XDR)?

• Fore-get about privacy, golf tech biz leaves 32M data records on the fairway

• Secure your AI initiatives

• Understanding Security Needs at Security Field Day 12

• Internet Archive is Attacked and 31 Million Files Stolen

• How Americaneagle.com Thwarted a Massive DNS DDoS Attack with Akamai Shield NS53

• Beyond the Edge: Complementing WAAP with Always-On API Security

• Why ‘never expire’ passwords are a security nightmare

• Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

• Shaping the Future: Announcing the U.S. Fast Future Innovation Awards

• CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame

• CIOs Sound Alarm on Network Security in AI Era

• Overly Complex Passwords Could Weaken Security Measures

• Simbian unveils AI Agents to address the top pain points for SOC analysts

• ESET updates Vulnerability and Patch Management module

• SpyCloud Adds Identity Analytics to Cybercrime Investigation Solution for Insider Risk

• Casio Hit by Major Cyberattack AGAIN

• Hispanic Heritage Month Spotlight: Priscilla Ramis

• Worried about Insider Risk? Pay More Attention to Offboarding

• Ketch Third Party Risk Intelligence provides control over trackers, tags, and cookies

• OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation

• How AWS uses active defense to help protect customers from security threats

• Nobel Prizes Awarded To Current and Former Google Scientists

• SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

• List of Cybersecurity Initiatives by the Government of India

• Attacks on GenAI Models Can Take Seconds, Often Succeed: Report

• Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems

• Marriott Agrees $52m Settlement for Massive Data Breach

• Internet Archive suffers data breach and DDoS

• U.S. CISA adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog

• Is Local Government the Latest Big Target for Phishing?

• Fivecast Discovery drives better analytical outputs

• Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)

• watchTowr raises $19 million to accelerate global growth

• Fidelity says data breach exposed personal data of 77,000 customers

• Relyance lands $32M to help companies comply with data regulations

• Introducing Cisco’s AI Security Best Practice Portal

• 6 Simple Steps to Eliminate SOC Analyst Burnout

• Mozilla patches critical Firefox vuln that attackers are already exploiting

• Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI

• 1-15 July 2024 Cyber Attacks Timeline

• Internet Archive Breached, 31 Million Records Exposed

• Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

• Meta AI Chatbot Launches In UK On Facebook, Instagram, WhatsApp

• Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem

• 7 Privileged Access Management (PAM) deployment mistakes to avoid

• Mastering SOC complexity: Optimizing access management with Sekoia Defend

• Ghidra data type archive for Windows driver functions

• Secure Your World with Phishing Resistant Passkeys

• Internet Archive data breach, defacement, and DDoS: Users’ data compromised

• Wireshark 4.4.1 Released, What’s new!

• Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

• AI anxiety afflicts 90% of consumers and businesses – see what worries them most

• The Role of the NIST CSF in Cyber Resilience

• CIS Control 18 Penetration Testing

• AI Most Serious Threat to Orgs, According to Security Professionals

• Former RAC Employees Get Suspended Sentence for Data Theft

• International Cyber Expo 2024 A Success, Sees 16% Growth in Visitors

• Qualys Enterprise TruRisk Management unifies asset inventory and risk factors

• Malware by the (Bit)Bucket: Unveiling AsyncRAT

• Mozilla issued an urgent Firefox update to fix an actively exploited flaw

• Adaptiva improves collaboration between IT and security teams with vulnerability dashboards

• Over 240 Million US Breach Victims Recorded in Q3

• Multiple VMware NSX Vulnerabilities Let Attackers Gain Root Access

• How to enable secure use of AI

• Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms

• How should CISOs respond to the rise of GenAI?

• Massive Breach at Internet Archive’s Wayback Machine – Millions of user records compromised

• Dutch cops reveal takedown of ‘world’s largest dark web market’

• CISA Added Fortinet & Ivanti Vulnerabilities that Exploited in the Wild

• Palo Alto fixed critical flaws in PAN-OS firewalls that allow for full compromise of the devices

• Cyber Attack on Internet Archives: A Major Breach and DDoS Assault

• Palo Alto Networks Warns of Exploitable Firewall Hijack Vulnerabilities

• No Silver Bullet, Just Smarter Security: More Expert Tips for Cyber Defense

• CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches

• The Internet Archive slammed by DDoS attack and data breach

• Disinformation Campaign Targets Moldova Ahead of Presidential Elections and EU Membership Referendum

• Widening talent pool in cyber with on-demand contractors

• Firefox Zero-Day Under Attack: Update Your Browser Immediately

• Network Penetration Testing Checklist – 2024

• File hosting services misused for identity phishing

• Balancing legal frameworks and enterprise security governance

• Investing in Privacy by Design for long-term compliance

• Consumers have trust issues regarding how AI collects their data

• GPTHoney: A new class of honeypot [Guest Diary], (Thu, Oct 10th)

• What lies ahead for AI in cybersecurity

• Internet Archive Breach Exposes 31 Million Users

• ISC Stormcast For Thursday, October 10th, 2024 https://isc.sans.edu/podcastdetail/9174, (Thu, Oct 10th)

• Internet Archive leaks user info and succumbs to DDoS

• Third-Party Pitfalls: Securing Private Data in Government Operations

Generated on 2024-10-11 23:55:11.228343