IT Security News Daily Summary 2024-10-16

• Volkswagen monitoring data dump threat from 8Base ransomware crew

• Preemption Playbook: Big Tech’s Blueprint Comes Straight from Big Tobacco

• Code Execution, Data Tampering Flaw in Nvidia NeMo Gen-AI Framework

• US Charges Duo Behind Anonymous Sudan for Over 35,000 DDoS Attacks

• Finnish Customs dismantled the dark web drugs market Sipulitie

• SolarWinds critical hardcoded credential bug under active exploit

• Zscaler Report: Mobile, IoT, and OT Cyber Threats Surge in 2024

• Microsoft: Nation-state activity blurring with cybercrime

• Courts Agree That No One Should Have a Monopoly Over the Law. Congress Shouldn’t Change That

• North Korean Hackers Deploy Linux FASTCash Malware for ATM Cashouts

• China’s infosec leads accuse Intel of NSA backdoor, cite chip security flaws

• 7 Security and Compliance Tips From ISC2 Security Congress

• VMware Patches High-Severity SQL Injection Flaw in HCX Platform

• AI-Powered Hack Poses Threat to Billions of Gmail Accounts

• Mistral AI’s new language models bring AI power to your phone and laptop

• Hacker Charged With Seeking to Kill Using Cyberattacks on Hospitals

• The Top 10 Not So Common SSH Usernames and Passwords, (Wed, Oct 16th)

• Amazon Signs Nuclear Power Deals For Small Modular Reactors

• New Tool DVa Detects and Removes Android Malware

• CISA and FBI Release Product Security Bad Practices for Public Comment

• Engaging Executives: How to Present Cybersecurity in a Way That Resonates

• Android 15 Rolling Out With New Theft, Application Protection Features

• Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity

• Data Poisoning threatens AI platforms raising misinformation concerns

• ASML Warning Sends Tremor Through Global Chip Market

• The best VPN trials of 2024: Expert tested and reviewed

• The critical need for cyber-resilient roadways

• Cisco Silicon One G200 AI/ML chip powers new systems for hyperscalers and enterprises

• CISA Urges Improvements in US Software Supply Chain Transparency

• How to build an incident response plan, with examples, template

• Experts slam Chinese research on quantum encryption attack

• Employees Are Not the Weakest Links

• EFF and IFPTE Local 20 Attain Labor Contract

• Fortinet Integrates Lacework CNAPP into Cybersecurity Portfolio

• Apple Enrages IT — 45-Day Cert Expiration Fury

• Here’s How to Stop Smart TV From Harvesting Your Personal Data

• Sevco Report Exposes Privacy Risks in iOS and macOS Due to Mirroring Bug

• New Coalition to Take Down Online Scams, Led by Google

• Ethical Hackers Embrace AI Tools Amid Rising Cyber Threats

• How to Use Call Detail Records to Detect Fraud

• Urban VPN Review (2024): Is it a Safe & Reliable VPN to Use?

• Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations

• CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force

• New OpenTofu Providers for Cisco Technologies Now Available!

• BT Openreach Names Latest Copper ‘Stop Sell’ Locations

• GenAI in Cybersecurity — Threats and Defenses

• At Nearly $1 Billion Global Impact, the Best Cloud Security Couldn’t Stop This Hybrid Attack Path. Lesson: Map and Close Viable Attack Paths Before Breaches Begin.

• More Ransoms Being Paid and More Data Being Lost: Hornetsecurity

• FIDO Alliance Drafts New Protocol to Simplify Passkey Transfers Across Different Platforms

• Coffee Lovers Warned of New Starbucks Phishing Scam

• Everything you need to know about NIST Security Compliance

• Okta helps protect business before, during and after authentication

• ExtraHop RevealX enhancements accelerate investigation workflows

• Simplify Security and Enhance WAAP with Detection and Control in the AI Era

• Navigating the ethics of AI in cybersecurity

• “Nudify” deepfake bots remove clothes from victims in minutes, and millions are using them

• How to secure your SaaS data?

• How to define cyber-risk appetite as a security leader

• The Identity Security Mirage: Unveiling the Hidden Risks in Your Digital Infrastructure

• Protecting major events: An incident response blueprint

• Microsoft Customers Facing 600 Million Cyber Attack Launched Every Day

• What open-source AI models should your enterprise use? Endor Labs analyzes them all

• OT Risk Management Firm DeNexus Raises $17.5 Million

• Hackers Abuse EDRSilencer Red Team Tool To Evade Detection

• Price Drop: This Complete Ethical Hacking Bundle is Now $40

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Using Artificial Intelligence to Catch Sneaky Images in Email

• Secure Team Collaboration in EKS with Gatekeeper

• Earned, Not Given: Cisco Firewall earns spot on Department of Defense Information Network Approved Product List

• Microsoft Patches Vulnerabilities in Power Platform, Imagine Cup Site

• Panduit Partners with Hyperview to Offer Clients Modern DCIM Software Tools

• Threat modeling and binary analysis: Supercharge your software risk strategy

• Defenders must adapt to shrinking exploitation timelines

• Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data

• Blackstone To Invest €7.5 Billion For Data Centres In Spain

• Tor Browser and Firefox users should update to fix actively exploited vulnerability

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Escalating cyber threats demand stronger global defense and cooperation

• Product showcase: Secure and scale your network with NordLayer’s advanced security solutions

• Lookout offers protection against social engineering and executive impersonation attacks

• Akamai launches Behavioral DDoS Engine for App & API Protection

• North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware

• From Misuse to Abuse: AI Risks and Attacks

• Cyber Threats Escalating Beyond Ability to Defend, New NCSC Head Warns

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• U.S. CISA adds Microsoft Windows Kernel, Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited Vulnerabilities catalog

• Cheating at Conkers

• Google Pays Out $36,000 for Severe Chrome Vulnerability

• Unit 42 Looks Toward the Threat Frontier: Preparing for Emerging AI Risks

• UK Mulls Common Charging Cable, After EU’s Long-Winded Move

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• AI Models in Cybersecurity: From Misuse to Abuse

• FIDO Alliance Proposes New Passkey Exchange Standard

• New Apple iPad Mini Looks To AI, With ‘Apple Intelligence’

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Organizations Warned of Exploited SolarWinds Web Help Desk Vulnerability

• Android 15 unveils new security features to protect sensitive data

• Swift launches AI-powered fraud detection service

• 5 Techniques for Collecting Cyber Threat Intelligence

• The Importance of Layered Cybersecurity Solutions

• CIS Control 17: Incident Response Management

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Oracle Patches Over 200 Vulnerabilities With October 2024 CPU

• Netskope extends data security with DSPM capabilities

• Chrome Security Update, 17 Vulnerabilities Patched

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Akeyless unveils Unified Secrets and Machine Identity Platform

• Experts Play Down Significance of Chinese Quantum “Hack”

• Compromised Chinese vacuum cleaners yell obscenities at families

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Strengthen your cybersecurity with automation

• Passkey News: FIDO Unveils New Specifications, Amazon Announces 175 Million Users

• Rubrik DSPM for Microsoft 365 Copilot reduces the risk of sensitive data exposure

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Arcserve UDP 10 accelerates disaster recovery processes

• UK Government Launches AI Safety Scheme to Tackle Deepfakes

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• GitHub addressed a critical vulnerability in Enterprise Server

• Internet Archive wobbles back online, with limited functionality

• CISA Releases ICS Advisories to Mitigate Cyber Attacks

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Cybersecurity concerns arise as Windows 10 support to end next year

• Do Passkeys Truly Boost Cybersecurity in the Future?

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability

• GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Chinese Researchers Use Quantum Computer to Hack Secure Encryption

• E.U. Court Restricts Meta’s Use of Facebook Data for Targeted Advertising

• New Threat Actor Tool EDRSilencer Repurposed for Malicious Use

• IBM acquires Indian SaaS startup Prescinto to shine a light on renewable energy assets

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Resilience over reliance: Preparing for IT failures in an unpredictable digital world

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• WhatsApp may expose the OS you use to run it – which could expose you to crooks

• Strengthening Kubernetes security posture with these essential steps

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Cybersecurity jobs available right now: October 16, 2024

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Unlocking the value of AI-powered identity security

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Nation-State Cyber Threats: The Hidden War on Infrastructure

• ISC Stormcast For Wednesday, October 16th, 2024 https://isc.sans.edu/podcastdetail/9182, (Wed, Oct 16th)

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• ACDS Appoints New Managing Director

• Keeper Security Cybersecurity Action Month: The Importance of MFA

• Cato Networks Expands SASE Platform (Again) with DEM for Complete User Experience Delivery

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Simplifying NIS2 Compliance with Eclypsium

• SimpliSafe’s new outdoor monitoring service combines AI with human agents

• Some Americans are still using Kaspersky’s antivirus despite US government ban

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• FIDO unveils new specifications to transfer passkeys

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Civil Rights Commission Pans Face Recognition Technology

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Cisco confirms ‘ongoing investigation’ after crims brag about selling tons of data

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• IT Security News Daily Summary 2024-10-15

• Acting Like We Care About Security

• Complete Guide to Cybersecurity for Small Businesses

• Kubernetes Security Best Practices 2024 Guide

• Cybercriminals Are Increasingly Helping Russia and China Target the US and Allies, Microsoft Says

• New EFF Report Provides Guidance to Ensure Human Rights are Protected Amid Government Use of AI in Latin America

• Randall Munroe’s XKCD ‘Ravioli-Shaped Objects’

• USENIX NSDI ’24 – Sprinter: Speeding Up High-Fidelity Crawling of the Modern Web

• New Trinity Ransomware Strain Targets U.S. Healthcare, Federal Officials Warn

• Anthropic just made it harder for AI to go rogue with its updated safety policy

• Election Day is Close, the Threat of Cyber Disruption is Real

• Generative AI in Security: Risks and Mitigation Strategies

• Analysis Process

• A new Linux variant of FASTCash malware targets financial systems

• Bringing new theft protection features to Android users around the world

• Safer with Google: Advancing Memory Safety

• Authorities Seize Dark Web Marketplaces Sipulitie and Tsätti

• Vital Signs of Software Dependencies: Understanding Package Health

• Chinese Quantum Computer Breaks Advanced Military Encryption

• Android 15 is here, and you should update your phone ASAP. Here’s why

• Passkeys take yet another big step towards killing off passwords

• GitHub Patches Critical Vulnerability in Enterprise Server

• TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns

• ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA

• Data at Rest Encryption: Protecting Stored Data

• This AI Tool Helped Convict People of Murder. Then Someone Took a Closer Look

• Microsoft says more ransomware stopped before reaching encryption

• This AI Tool Helped Convict People of Murder. Then People Took a Closer Look

• Some Americans are still using Kaspersky’s antivirus despite U.S. government ban

• Volkswagen Says IT Infrastructure Not Affected After Ransomware Gang Claims Data Theft

• New Telekopye Scam Toolkit Targeting Booking.com and Airbnb Users

• ErrorFather Hackers Attacking & Control Android Device Remotely

• HORUS Protector Delivering AgentTesla, Remcos, Snake, NjRat Malware

• Vulnerability Recap 10/15/24 – Patch Tuesday Posts 117 Vulnerabilities

• American Water Shuts Down Services After Cybersecurity Breach

• Navigating the Cybersecurity Risks of Shadow & Open-Source GenAI

• New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists

• New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT

• New ConfusedPilot Attack Targets AI Systems with Data Poisoning

• Angular-base64-update Demo Script Exploited (CVE-2024-42640), (Tue, Oct 15th)

• Cisco Data Breach and UK Government’s Free Cybersecurity Initiative for Schools

• Oracle CloudWorld 2024: Key Takeaways for Developers, Engineers and Architects

• Are Self-Driving Trucks the Future of Safety or a New Cause for Accidents?

• Embracing neurodiversity: The key to unlocking hidden talent in the workforce

• Fidelity Investments Data Breach Affects 77,099 Customers

• AI Deepfakes Pose New Threats to Cryptocurrency KYC Compliance

• Vulnerability Summary for the Week of October 7, 2024

• Darknet Activity Increases Ahead of 2024 Presidential Vote

• A Message to Election Officials from CISA Director Jen Easterly

• Schneider Electric Data Center Expert

• Siemens Siveillance Video Camera

• CISA Releases Two Industrial Control Systems Advisories

• CISA Adds Three Known Exploited Vulnerabilities to Catalog

• Supercharge Your AI Data Center Infrastructure with New Cisco Nexus 9000 Series Switches

• Scaling Cloud Network Infrastructure for the AI Era

• Cybersecurity Risk Assessment Best Practices | Kovrr

• Apple’s Latest iPhone Update: Bad News for Millions of Google Users

• How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends

• AI scammers target Gmail accounts, say they have your death certificate

• Microsoft blocked your Windows 11 upgrade? This tool can get the job done

• Attackers deploying red teaming tool for EDR evasion

• Bitdefender Scam Copilot detects and combats online scams

• UK: NCSC Offers Education Organizations Free Cyber Services

• Vulnerability in Jetpack – Affects 27 Million WordPress Sites

• CISO Conversations: Julien Soriano (Box) and Chris Peake (Smartsheet)

• Data Zoo ID Fraud & Risk Signals enhances fraud detection

• Nametag Deepfake Defense blocks AI-powered impersonation threats

• Secuvy unveils features designed to improve data security

• 99% of Large Businesses Faced Cyber Attacks in the Last Year

• SentinelOne CISO Identifies ‘Most Pressing Concern’ for Cyber Professionals

• Agile + DevOpsDays Des Moines 2024: Finding A Common Path With Empathy, Automation, And Security

• Most Organizations Unprepared for Post-Quantum Threat

• Election season raises fears for nearly a third of people who worry their vote could be leaked

• 99% of UK Businesses Faced Cyber Attacks in the Last Year

• Rundown

• Radically Simplifying Cybersecurity

• 70% of Enterprises Established SaaS Security Teams, Cloud Security Alliance Survey Finds

• Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities

• Nametag Adds Ability to Thwart Deep Fakes to Identity Verification Platform

• Cato DEM helps IT teams overcome network performance problems

• Microsoft: Nation-States Team Up with Cybercriminals for Attacks

• Germany wins first place in the European Cybersecurity Challenge 2024

• Sectigo SiteLock 2.0 simplifies website protection for SMBs

• The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short

• Cisco at EDUCAUSE: Powering the experience driven institution

• Top 3 Tips to Automate Your Data Center with Infrastructure as Code (IaC)

• Cisco Recognized as a Visionary in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Cisco’s Vision for an Inclusive Future

• 87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)

• Hackers Allegedly Selling Data Stolen from Cisco

• It Seemed Like an AI Crime-Fighting Super Tool. Then Defense Attorneys Started Asking Questions

• More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies

• Automated vs manual penetration testing – which is best?

• Cerberus Android Banking Trojan Deployed in New Multi-Stage Malicious Campaign

• Millions of People Are Using Abusive AI ‘Nudify’ Bots on Telegram

• I, Robot Filmmaker Says Tesla Copied His Designs

• Google Signs Nuclear Deal To Power AI Data Centres

• Fortigate SSLVPN Vulnerability Exploited in the Wild

• WordPress Jetpack plugin critical flaw impacts 27 million sites

• Beyond the Surface: the evolution and expansion of the SideWinder APT group

• H1 2024 Cyber Attacks Statistics

• Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack

• Five Challenges of National Information Assurance and How to Overcome Them

• Australia Considers Mandatory Reporting of Ransom Payments

• Free & Downloadable User Access Review Policy Template – 2024

• Industry Moves for the week of October 14, 2024 – SecurityWeek

• New CounterSEVeillance and TDXDown Attacks Target AMD and Intel TEEs

• Bob Lee Murder Suspect Argues Self-Defence As Trial Begins

• TikTok Aware Design Harmful To Children, Complaint Says

• Ubuntu Fixes Multiple PHP Vulnerabilities: Update Now

• Secure by Design: The (Necessary) Future of Hardware and Software

• China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns

• Insurer Aims to “Clawback” BEC Losses After £1.4m Success

• NASA Europa Clipper Mission Lifts Off To Seek Life In Space

• TSMC Plans Additional Plants In Europe, Official Says

• Are Password Managers Safe to Use? (Benefits, Risks & Best Practices)

• NIS 2 Directive: Key Facts Every Organization Needs to Know

• A Deep Dive into DDoS Carpet-Bombing Attacks

• How F5 BIG-IP Cookies Are Being Exploited for Network Snooping: A CISA Warning

• Eight Million Users Install 200+ Malicious Apps from Google Play

• Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions

• How DDoS Botent is used to Infect your Network?

• Calix enhances SmartHome to improve protection for residential subscribers

• Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates

• SpaceX Starship First Stage Returns To Launch Pad In Milestone Test

• European cyber insurance startup Stoïk secures $27M

• Unlocking Proactive Compliance with Adobe’s Common Controls Framework

• Netwrix appoints Grady Summers as CEO

• How to Protect Yourself from Deceitful Identity Theft Trends

• Splunk Enterprise Vulnerabilities let Attackers Execute Remote Code

• Pokemon dev Game Freak discloses data breach

• Ransomware news headlines trending on Google

• Enhance Cyber Resilience to Secure Your Organization

• The NHI management challenge: When employees leave

• European cyber insurance startup Stoïk secures $27 million

• TrickMo’s Latest Trick –  Stealing PINs and Unlock Patterns

• How nation-states exploit political instability to launch cyber operations

• WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites

• Veeam Vulnerability Actively Exploited by Ransomware Gangs

• Imperva Defends Against Targeted Exploits Used By APT29 Hackers

• AI amplifies systemic risk to financial sector, says India’s Reserve Bank boss

• The dark side of API security

• Data breaches trigger increase in cyber insurance claims

• How to create verification codes in Apple Passwords app

• ISC Stormcast For Tuesday, October 15th, 2024 https://isc.sans.edu/podcastdetail/9180, (Tue, Oct 15th)

• China again claims Volt Typhoon hack gang was invented by the US to discredit it

• Canadian Quantum computing used in Chinese researcher’s early advances to break military level encryption: Cyber Security Today for Tuesday, October 14, 2024

Generated on 2024-10-16 23:55:12.371882