IT Security News Daily Summary 2024-10-15

• Acting Like We Care About Security

• Complete Guide to Cybersecurity for Small Businesses

• Kubernetes Security Best Practices 2024 Guide

• Cybercriminals Are Increasingly Helping Russia and China Target the US and Allies, Microsoft Says

• New EFF Report Provides Guidance to Ensure Human Rights are Protected Amid Government Use of AI in Latin America

• Randall Munroe’s XKCD ‘Ravioli-Shaped Objects’

• USENIX NSDI ’24 – Sprinter: Speeding Up High-Fidelity Crawling of the Modern Web

• New Trinity Ransomware Strain Targets U.S. Healthcare, Federal Officials Warn

• Anthropic just made it harder for AI to go rogue with its updated safety policy

• Election Day is Close, the Threat of Cyber Disruption is Real

• Generative AI in Security: Risks and Mitigation Strategies

• Analysis Process

• A new Linux variant of FASTCash malware targets financial systems

• Bringing new theft protection features to Android users around the world

• Safer with Google: Advancing Memory Safety

• Authorities Seize Dark Web Marketplaces Sipulitie and Tsätti

• Vital Signs of Software Dependencies: Understanding Package Health

• Chinese Quantum Computer Breaks Advanced Military Encryption

• Android 15 is here, and you should update your phone ASAP. Here’s why

• Passkeys take yet another big step towards killing off passwords

• GitHub Patches Critical Vulnerability in Enterprise Server

• TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns

• ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA

• Data at Rest Encryption: Protecting Stored Data

• This AI Tool Helped Convict People of Murder. Then Someone Took a Closer Look

• Microsoft says more ransomware stopped before reaching encryption

• This AI Tool Helped Convict People of Murder. Then People Took a Closer Look

• Some Americans are still using Kaspersky’s antivirus despite U.S. government ban

• Volkswagen Says IT Infrastructure Not Affected After Ransomware Gang Claims Data Theft

• New Telekopye Scam Toolkit Targeting Booking.com and Airbnb Users

• ErrorFather Hackers Attacking & Control Android Device Remotely

• HORUS Protector Delivering AgentTesla, Remcos, Snake, NjRat Malware

• Vulnerability Recap 10/15/24 – Patch Tuesday Posts 117 Vulnerabilities

• American Water Shuts Down Services After Cybersecurity Breach

• Navigating the Cybersecurity Risks of Shadow & Open-Source GenAI

• New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists

• New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT

• New ConfusedPilot Attack Targets AI Systems with Data Poisoning

• Angular-base64-update Demo Script Exploited (CVE-2024-42640), (Tue, Oct 15th)

• Cisco Data Breach and UK Government’s Free Cybersecurity Initiative for Schools

• Oracle CloudWorld 2024: Key Takeaways for Developers, Engineers and Architects

• Are Self-Driving Trucks the Future of Safety or a New Cause for Accidents?

• Embracing neurodiversity: The key to unlocking hidden talent in the workforce

• Fidelity Investments Data Breach Affects 77,099 Customers

• AI Deepfakes Pose New Threats to Cryptocurrency KYC Compliance

• Vulnerability Summary for the Week of October 7, 2024

• Darknet Activity Increases Ahead of 2024 Presidential Vote

• A Message to Election Officials from CISA Director Jen Easterly

• Schneider Electric Data Center Expert

• Siemens Siveillance Video Camera

• CISA Releases Two Industrial Control Systems Advisories

• CISA Adds Three Known Exploited Vulnerabilities to Catalog

• Supercharge Your AI Data Center Infrastructure with New Cisco Nexus 9000 Series Switches

• Scaling Cloud Network Infrastructure for the AI Era

• Cybersecurity Risk Assessment Best Practices | Kovrr

• Apple’s Latest iPhone Update: Bad News for Millions of Google Users

• How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends

• AI scammers target Gmail accounts, say they have your death certificate

• Microsoft blocked your Windows 11 upgrade? This tool can get the job done

• Attackers deploying red teaming tool for EDR evasion

• Bitdefender Scam Copilot detects and combats online scams

• UK: NCSC Offers Education Organizations Free Cyber Services

• Vulnerability in Jetpack – Affects 27 Million WordPress Sites

• CISO Conversations: Julien Soriano (Box) and Chris Peake (Smartsheet)

• Data Zoo ID Fraud & Risk Signals enhances fraud detection

• Nametag Deepfake Defense blocks AI-powered impersonation threats

• Secuvy unveils features designed to improve data security

• 99% of Large Businesses Faced Cyber Attacks in the Last Year

• SentinelOne CISO Identifies ‘Most Pressing Concern’ for Cyber Professionals

• Agile + DevOpsDays Des Moines 2024: Finding A Common Path With Empathy, Automation, And Security

• Most Organizations Unprepared for Post-Quantum Threat

• Election season raises fears for nearly a third of people who worry their vote could be leaked

• 99% of UK Businesses Faced Cyber Attacks in the Last Year

• Rundown

• Radically Simplifying Cybersecurity

• 70% of Enterprises Established SaaS Security Teams, Cloud Security Alliance Survey Finds

• Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities

• Nametag Adds Ability to Thwart Deep Fakes to Identity Verification Platform

• Cato DEM helps IT teams overcome network performance problems

• Microsoft: Nation-States Team Up with Cybercriminals for Attacks

• Germany wins first place in the European Cybersecurity Challenge 2024

• Sectigo SiteLock 2.0 simplifies website protection for SMBs

• The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short

• Cisco at EDUCAUSE: Powering the experience driven institution

• Top 3 Tips to Automate Your Data Center with Infrastructure as Code (IaC)

• Cisco Recognized as a Visionary in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Cisco’s Vision for an Inclusive Future

• 87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)

• Hackers Allegedly Selling Data Stolen from Cisco

• It Seemed Like an AI Crime-Fighting Super Tool. Then Defense Attorneys Started Asking Questions

• More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies

• Automated vs manual penetration testing – which is best?

• Cerberus Android Banking Trojan Deployed in New Multi-Stage Malicious Campaign

• Millions of People Are Using Abusive AI ‘Nudify’ Bots on Telegram

• I, Robot Filmmaker Says Tesla Copied His Designs

• Google Signs Nuclear Deal To Power AI Data Centres

• Fortigate SSLVPN Vulnerability Exploited in the Wild

• WordPress Jetpack plugin critical flaw impacts 27 million sites

• Beyond the Surface: the evolution and expansion of the SideWinder APT group

• H1 2024 Cyber Attacks Statistics

• Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack

• Five Challenges of National Information Assurance and How to Overcome Them

• Australia Considers Mandatory Reporting of Ransom Payments

• Free & Downloadable User Access Review Policy Template – 2024

• Industry Moves for the week of October 14, 2024 – SecurityWeek

• New CounterSEVeillance and TDXDown Attacks Target AMD and Intel TEEs

• Bob Lee Murder Suspect Argues Self-Defence As Trial Begins

• TikTok Aware Design Harmful To Children, Complaint Says

• Ubuntu Fixes Multiple PHP Vulnerabilities: Update Now

• Secure by Design: The (Necessary) Future of Hardware and Software

• China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns

• Insurer Aims to “Clawback” BEC Losses After £1.4m Success

• NASA Europa Clipper Mission Lifts Off To Seek Life In Space

• TSMC Plans Additional Plants In Europe, Official Says

• Are Password Managers Safe to Use? (Benefits, Risks & Best Practices)

• NIS 2 Directive: Key Facts Every Organization Needs to Know

• A Deep Dive into DDoS Carpet-Bombing Attacks

• How F5 BIG-IP Cookies Are Being Exploited for Network Snooping: A CISA Warning

• Eight Million Users Install 200+ Malicious Apps from Google Play

• Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions

• How DDoS Botent is used to Infect your Network?

• Calix enhances SmartHome to improve protection for residential subscribers

• Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates

• SpaceX Starship First Stage Returns To Launch Pad In Milestone Test

• European cyber insurance startup Stoïk secures $27M

• Unlocking Proactive Compliance with Adobe’s Common Controls Framework

• Netwrix appoints Grady Summers as CEO

• How to Protect Yourself from Deceitful Identity Theft Trends

• Splunk Enterprise Vulnerabilities let Attackers Execute Remote Code

• Pokemon dev Game Freak discloses data breach

• Ransomware news headlines trending on Google

• Enhance Cyber Resilience to Secure Your Organization

• The NHI management challenge: When employees leave

• European cyber insurance startup Stoïk secures $27 million

• TrickMo’s Latest Trick –  Stealing PINs and Unlock Patterns

• How nation-states exploit political instability to launch cyber operations

• WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites

• Veeam Vulnerability Actively Exploited by Ransomware Gangs

• Imperva Defends Against Targeted Exploits Used By APT29 Hackers

• AI amplifies systemic risk to financial sector, says India’s Reserve Bank boss

• The dark side of API security

• Data breaches trigger increase in cyber insurance claims

• How to create verification codes in Apple Passwords app

• ISC Stormcast For Tuesday, October 15th, 2024 https://isc.sans.edu/podcastdetail/9180, (Tue, Oct 15th)

• China again claims Volt Typhoon hack gang was invented by the US to discredit it

• Canadian Quantum computing used in Chinese researcher’s early advances to break military level encryption: Cyber Security Today for Tuesday, October 14, 2024

• Intel Broker Claims Cisco Breach, Selling Stolen Data from Major Firms

• US healthcare org admits up to 400,000 people’s personal info was snatched

• IT Security News Daily Summary 2024-10-14

• U.S. CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog

• USENIX NSDI ’24 – CHISEL: An Optical Slice of the Wide-Area Network

• Decoding DORA: EU’s Unified Approach to ICT Risk Governance

• Gmail users, beware of new AI scam that looks very authentic

• U.S. Lawmakers, White House Move to Stem China Cyberthreat

• Tech Trends for 2025 with Brian Jackson, Principal Research Director for Info-Tech: Cyber Security Today Weekend for October 12, 2024

• Central Tickets Confirms Data Breach as Hacker Leaks Data of 1 Million Users

• How to Set up OAuth JWT Flow and mTLS in the Salesforce Connector for a MuleSoft App

• The biggest data breaches in 2024: 1 billion stolen records and rising

• Can AI and automation properly manage the growing threats to the cybersecurity landscape?

• Nation-state actor exploited three Ivanti CSA zero-days

• OpenAI’s Disruption of Foreign Influence Campaigns Using AI

• Biometric Data Theft and Cyberterrorism Are The Major Future Threats

• Upcoming Speaking Engagements

• Robot vacuum cleaners hacked to spy on, insult owners

• IBM X-Force Security Report Spotlights Lack of Cloud Security Fundamentals

• Telekopye Scammers Target Booking.com and Airbnb Users

• Lack of Cyber Talent is creating new opportunities to Cyber Threat Actors

• TrickMo Malware Targets Android Devices to Steal Unlock Patterns and PINs

• CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address

• OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

• Internet Archive’s Wayback Machine is back up after data breach – with a catch

• Transforming Security Testing With AI: Benefits and Challenges

• DOJ Created NexFundAI Crypto Firm in Crypto Scamming Sting

• Surfshark VPN Review (2024): Is it a Safe and Trustworthy VPN?

• National Public Data, the hacked data broker that lost millions of Social Security numbers and more, files for bankruptcy

• CISA Urges Encryption of Cookies in F5 BIG-IP Systems

• What We Learned About Secrets Security at AppSec Village at DEF CON 32

• Leveraging AI/ML for next-gen SOC environments

• Trump campaign arms up with ‘unhackable’ phones after Iranian intrusion

• The War on Passwords Is One Step Closer to Being Over

• Zero-day Flaws Exposed EV Chargers to Shutdowns and Data Theft

• Casio confirms customer data compromised in ransomware attack

• OneSpan strenghtens banking security with phishing-resistant authentication

• Ridge Security delivers enhanced capabilities for web application security

• Researchers Win $70K for Reporting Zero-Day Flaws in EV Chargers

• October Cyber Awareness | IoT security – beyond connectivity into risk

• KnowBe4 announces 2024 EMEA Partner Programme Award winners

• Juniper Networks Patches Dozens of Vulnerabilities

• Iranian Cyberspies Exploiting Recent Windows Kernel Vulnerability

• Chinese State Hackers Main Suspect in Recent Ivanti CSA Zero-Day Attacks

• Gryphon Healthcare, Tri-City Medical Center Disclose Significant Data Breaches

• Watch Now: Zero Trust Strategies Summit – All Sessions Available on Demand

• Make Deployments Great Again: How to Use Helm with Continuous Deployment (CD)

• Rancher Government Solutions introduces Harvester Government

• US DoD Tightens Cybersecurity Standards for Defense Contractors

• Thousands of Fortinet instances vulnerable to actively exploited flaw

• The new Catalyst ESS9300: Transforming critical military communications through open standards

• Delivering Modernized Security for Government Agencies: The Vital Role of FedRAMP

• THN Cybersecurity Recap: Top Threats, Tools and Trends (Oct 7 – Oct 13)

• Supply Chain Attacks Exploit Entry Points in Python, npm, and Open-Source Ecosystems

• 5 Steps to Boost Detection and Response in a Multi-Layered Cloud

• Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration

• The Power of Tomorrow: Technologies that Will Revolutionise Digital Transformation in the Next Decade

• pac4j Java Framework Vulnerable to RCE Attacks

• Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

• Perfectl Malware

• Pokémon Developer Game Freak Suffers Data Breach

• Beware of Fake AI Scam calls that Takeover your Gmail Account

• Northvolt In Talks For 200m Euros In Short-Term Funding

• US Lawmakers Seek Answers From Telcos Over China Hack

• X Drops Unilever From Advertiser Lawsuit

• US Regulator Approves SpaceX Falcon 9 Return To Service

• Breaking into Cybersecurity: It’s Never Too Late

• Blockchain Innovation Drives Payroll and Employee Data Security in HR

• How to head off data breaches with CIAM

• Casio Confirms Ransomware Outage and Data Breach

• Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware

• Advanced Tips for Leveraging the NIST Cybersecurity Framework for Compliance

• Analyzing the Latest APWG Phishing Activity Trends Report: Key Findings and Insights

• Whispers from the Dark Web Cave. Cyberthreats in the Middle East

• Toxic Triad of Cloud Vulnerabilities Puts Businesses at Risk

• Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware

• Securing Your Online Accounts: A Comprehensive Guide

• Huawei Beats Apple In Mainland China Shipments

• US Labour Board Accuses Apple Of Slack Restrictions

• Zendesk Email Spoofing Flaw Let Attackers Access Support Tickets

• Fidelity Investments suffered a second data breach this year

• GitGuardian Visual Studio Code extension helps developers protect their sensitive information

• Skills Shortages Now a Top-Two Security Risk for SMBs

• A week in security (October 7 – October 13)

• Check Point’s threat index emphasizes the shift towards AI-driven malware tactics in the current cyber landscape

• Phishing Page Delivered Through a Blob URL, (Mon, Oct 14th)

• Apple Opens Major Research Hub In China

• OpenAI says bad actors are using ChatGPT to write malware, sway elections

• Emergency Satellite Messaging, Stagnation in User Cybersecurity Habits

• Gmail Users Targeted by AI-Driven Cyber Attacks and OpenAI-Generated Malware

• How to Effectively Handle Mobile Device Cyber Risks

• 18 Individuals Charged for Widespread Manipulation Cryptocurrency Markets

• Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption

• 4 Frightening Things Coming for Security this Season

• The quantum dilemma: Game-changer or game-ender

• CIOs want a platform that combines AI, networking, and security

• CISSP and CompTIA Security+ lead as most desired security credentials

• CISOs’ strategies for managing a growing attack surface

• Breaking down the numbers: Q3 2024 cybersecurity funding activity recap

• ISC Stormcast For Monday, October 14th, 2024 https://isc.sans.edu/podcastdetail/9178, (Mon, Oct 14th)

• RegreSSHion, Critical RCE Vulnerabilities, and When Should You Be Scared?

Generated on 2024-10-15 23:55:10.507749