IT Security News Daily Summary 2024-10-17

• How to Attract Top Cybersecurity Talent

• Microsoft: Ransomware Attacks Growing More Dangerous, Complex

• 5 AI Security Takeaways featuring Forrester

• How to Mitigate the Impact of Rogue AI Risks

• California Attorney General Issues New Guidance on Military Equipment to Law Enforcement

• World Economic Forum: AI, Quantum Require ‘Paradigm Shift’ in Security

• Malvertising: What It Is and How to Protect Yourself

• Fake North Korean IT Workers Infiltrate Western Firms, Demand Ransom

• GitHub Copilot Security and Privacy Concerns: Understanding the Risks and Best Practices

• Email Aliasing is a Great Privacy Tool

• Scary cybersecurity stories to tell in the dark

• Microsoft said it lost weeks of security logs for its customers’ cloud products

• How to Choose the Best Analytics Tools for Mobile Apps

• Be Aware of These Eight Underrated Phishing Techniques

• What I’ve learned in my first 7-ish years in cybersecurity

• The CMMC Final Rule is Published: What Contractors Need to Know

• Microsoft blocked your Windows 11 upgrade? This trusty tool can fix that

• Number of Active Ransomware Groups Highest on Record, Cyberint’s Report Finds

• Feds arrest man who allegedly participated in hack of the SEC’s X account, boosting Bitcoin’s price

• AppOmni Achieves FedRAMP®️ “In Process” Status for Public Sector SaaS Security

• Linux Persistence Mechanisms and How to Find Them

• Ransomware Payouts Decline as Security Maturity Rises

• Want to Make the Most of ChatGPT? Here Are Some Go-To Tips

• Intel Denies Chinese Claims Of Security Issues

• The cybersecurity skills gap contributed to a $1.76 million increase in average breach costs

• Glimmer Of Good News On The Ransomware Front As Encryption Rates Plummet

• AppOmni Achieves FedRAMP®️ “In Process” Status for Public Sector SaaS Security

• CISA, FBI Seek Public Comment on Software Security Bad Practices Guidance

• AppOmni Achieves FedRAMP®️ “In Process” Status for Public Sector SaaS Security

• Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant

• Cicada3301 Ransomware Targets Critical Sectors in US and UK

• Amazon helps in nabbing Anonymous Sudan cyber criminals

• Prosecutors in Washington State Warn Police: Don’t Use Gen AI to Write Reports

• Wordfence Intelligence Weekly WordPress Vulnerability Report (October 7, 2024 to October 13, 2024)

• What Is a Social Media Threat? + 10 Examples

• Microsoft Settles Gamer Lawsuit Over Activision Purchase

• ClickFix Attack: Fake Google Meet Alerts Install Malware on Windows, macOS

• 10 steps to safeguarding your privacy online

• CISA Adds One Known Exploited Vulnerability to Catalog

• Kieback&Peter DDC4000 Series

• LCDS LAquis SCADA

• HMS Networks EWON FLEXY 202

• Elvaco M-Bus Metering Gateway CMe3100

• Award-winning Cisco Sustainability Data Foundation takes the stage as key to sustainability success

• USENIX NSDI ’24 – Towards Provably Performant Congestion Control

• Indonesian Government Asks Apple, Google to Block China’s Temu to Safeguard Small Merchants

• AI Tools Fueling Global Expansion of China-Linked Trafficking and Scamming Networks

• US Charges Anonymous Sudan Members in DDoS Cybercrime Case

• What is tailgating (piggybacking)?

• Hackers are extorting Globe Life with stolen customer data

• Iranian Hackers Target Critical Infrastructure with Brute Force Attacks

• Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

• The Newest PSR Protections

• Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program

• Meta Axes Staff At WhatsApp, Instagram, Reality Labs – Report

• Brazilian police claim they’ve cuffed serial cybercrook behind FBI and Airbus attacks

• Why Modern Layer 7 DDoS Protections Are Crucial for Web Security in 2024

• Check Point Research Unveils Q3 2024 Brand Phishing Trends: Microsoft Remains Most Imitated Brand as Alibaba and Adobe Enter Top 10

• Strategies for Building an Effective, Resilient Security Operations Center

• MFA Compromise: The Mechanics Behind This Escalating Threat Vector

• An unexpected discovery: Automated reasoning often makes systems more efficient and easier to maintain

• F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability

• US Halts Some Imports From Chinese Drone Maker DJI

• 23andMe will retain your genetic information, even if you delete the account

• Shadow IT risks are on the rise as GenAI tools gain popularity with employees

• NIS 2 Compliance Deadline Arrives: What You Need to Know

• Cisco’s Firewall Solution Recognized as a Leader in Forrester Wave™

• You’ve Heard the Security Service Edge (SSE) Story Before, but We Re-Wrote It!

• Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

• Ubuntu 24.10 “Oracular Oriole” Released: Find What’s New

• Fake Google Meet pages deliver infostealers

• Casio says ‘no prospect of recovery yet’ after ransomware attack

• Brazilian Police Arrest Notorious Hacker USDoD

• Schneider Electric Bolsters Data Centre Credentials With Motivair Acquisition

• This Prompt Can Make an AI Chatbot Identify and Extract Personal Details From Your Chats

• GPS Jamming Is Screwing With Norwegian Planes

• SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack

• 5 Ways to Reduce SaaS Security Risks

• North Korea Escalates Fake IT Worker Schemes to Extort Employers

• Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism

• Intel, AMD Form x86 Group To Tackle Challenge Posed By ARM

• Cyera acquires Trail Security for $162M; Cyera is now raising at a $3B valuation

• A critical flaw in Kubernetes Image Builder could allow attackers to gain root access

• SAS CTF and the many ways to persist a kernel shellcode on Windows 7

• UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants

• The Battle for Identity Security: Key Insights from the ManageEngine Identity Security Survey 2024

• AI Companies Are Not Meeting EU AI Act Standards

• Iranian Cyber Actors Compromise Critical Infrastructure Using Brute Force and Credential Access Tactics

• RansomHub Overtakes LockBit as Most Prolific Ransomware Group

• Android Set-top Box Lies about Its OS Version, Comes Pre-infected with Malware

• Anonymous Sudan DDoS Service Disrupted, Members Charged by US

• U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks

• Two-thirds of Attributable Malware Linked to Nation States

• ClickFix tactic: The Phantom Meet

• VMware HCX Platform Vulnerable to SQL Injection Attacks

• Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Hackers Turn to AI as Hardware Attacks Surge

• The role of compromised cyber-physical devices in modern cyberattacks

• CISA Seeks Feedback on Upcoming Product Security Flaws Guidance

• WeChat devs introduced security flaws when they modded TLS, say researchers

• Stronger Together: AI and Human Collaboration in the Battle Against Evolving Threats

• Anonymous Sudan isn’t any more: Two alleged operators named, charged

• Cognizant Neuro Cybersecurity enhances threat detection and response

• Authorities Indicted Two Anonymous Sudan Hackers Over Cyberattacks

• VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX

• Anonymous Sudan isn’t any more: two alleged operators named, charged

• NIS2 Confusion: Concerns Over Readiness as Deadline Reached

• AI models tested, breaking encryption, Intel security review

• 53% would switch banks if their institution had a data breach: Cyber Security Today for Thursday, October 17, 2024

• Microsoft blocked most ransomware attacks and about 600M Cyber attacks

• MongoDB Queryable Encryption now supports range queries on encrypted data

• Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk

• Pokémon game developer breached, TrickMo’s new variants, Ivanti zero-days exploited

• VW alleged data theft, Finland seizes Sipultie, Calgary library cyberattack

• Organization Hacked Following Accidental Hiring of North Korean Remote IT Worker

• AlpineReplay – 898,681 breached accounts

• GhostStrike: Open-source tool for ethical hacking

• US contractor pays $300K to settle accusation it didn’t properly look after Medicare users’ data

• How NIS2 will impact sectors from healthcare to energy

• AI data collection under fire

• USENIX NSDI ’24 – Finding Adversarial Inputs for Heuristics using Multi-level Optimization

• Why companies are struggling to keep up with SaaS data protection

• Navigating the NIS2 Directive: A comprehensive guide for UK businesses

• A Turning Point in Loyalty Fraud Prevention

• ISC Stormcast For Thursday, October 17th, 2024 https://isc.sans.edu/podcastdetail/9184, (Thu, Oct 17th)

• Nvidia just dropped a new AI model that crushes OpenAI’s GPT-4—no big launch, just big results

• Scanning Activity from Subnet 15.184.0.0/16, (Thu, Oct 17th)

• Anthropic flags AI’s potential to ‘automate sophisticated destructive cyber attacks’

• Brazil arrests USDoD hacker tied to FBI, National Public Data breaches

• Brazil’s Polícia Federal arrested the notorious hacker USDoD

• US contractor pays $300k to settle accusation it didn’t properly look after Medicare users’ data

• Keeper Security Appoints New CISO

• Critical default credential bug in Kubernetes Image Builder allows SSH root access

• IT Security News Daily Summary 2024-10-16

• Volkswagen monitoring data dump threat from 8Base ransomware crew

• Preemption Playbook: Big Tech’s Blueprint Comes Straight from Big Tobacco

• Code Execution, Data Tampering Flaw in Nvidia NeMo Gen-AI Framework

• US Charges Duo Behind Anonymous Sudan for Over 35,000 DDoS Attacks

• Finnish Customs dismantled the dark web drugs market Sipulitie

• SolarWinds critical hardcoded credential bug under active exploit

• Zscaler Report: Mobile, IoT, and OT Cyber Threats Surge in 2024

• Microsoft: Nation-state activity blurring with cybercrime

• Courts Agree That No One Should Have a Monopoly Over the Law. Congress Shouldn’t Change That

• North Korean Hackers Deploy Linux FASTCash Malware for ATM Cashouts

• China’s infosec leads accuse Intel of NSA backdoor, cite chip security flaws

• 7 Security and Compliance Tips From ISC2 Security Congress

• VMware Patches High-Severity SQL Injection Flaw in HCX Platform

• AI-Powered Hack Poses Threat to Billions of Gmail Accounts

• Mistral AI’s new language models bring AI power to your phone and laptop

• Hacker Charged With Seeking to Kill Using Cyberattacks on Hospitals

• The Top 10 Not So Common SSH Usernames and Passwords, (Wed, Oct 16th)

• Amazon Signs Nuclear Power Deals For Small Modular Reactors

• New Tool DVa Detects and Removes Android Malware

• CISA and FBI Release Product Security Bad Practices for Public Comment

• Engaging Executives: How to Present Cybersecurity in a Way That Resonates

• Android 15 Rolling Out With New Theft, Application Protection Features

• Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity

• Data Poisoning threatens AI platforms raising misinformation concerns

• ASML Warning Sends Tremor Through Global Chip Market

• The best VPN trials of 2024: Expert tested and reviewed

• The critical need for cyber-resilient roadways

• Cisco Silicon One G200 AI/ML chip powers new systems for hyperscalers and enterprises

• CISA Urges Improvements in US Software Supply Chain Transparency

• How to build an incident response plan, with examples, template

• Experts slam Chinese research on quantum encryption attack

• Employees Are Not the Weakest Links

• EFF and IFPTE Local 20 Attain Labor Contract

• Fortinet Integrates Lacework CNAPP into Cybersecurity Portfolio

• Apple Enrages IT — 45-Day Cert Expiration Fury

• Here’s How to Stop Smart TV From Harvesting Your Personal Data

• Sevco Report Exposes Privacy Risks in iOS and macOS Due to Mirroring Bug

• New Coalition to Take Down Online Scams, Led by Google

• Ethical Hackers Embrace AI Tools Amid Rising Cyber Threats

• How to Use Call Detail Records to Detect Fraud

• Urban VPN Review (2024): Is it a Safe & Reliable VPN to Use?

• Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations

• CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force

• New OpenTofu Providers for Cisco Technologies Now Available!

• BT Openreach Names Latest Copper ‘Stop Sell’ Locations

• GenAI in Cybersecurity — Threats and Defenses

• At Nearly $1 Billion Global Impact, the Best Cloud Security Couldn’t Stop This Hybrid Attack Path. Lesson: Map and Close Viable Attack Paths Before Breaches Begin.

• More Ransoms Being Paid and More Data Being Lost: Hornetsecurity

• FIDO Alliance Drafts New Protocol to Simplify Passkey Transfers Across Different Platforms

• Coffee Lovers Warned of New Starbucks Phishing Scam

• Everything you need to know about NIST Security Compliance

• Okta helps protect business before, during and after authentication

• ExtraHop RevealX enhancements accelerate investigation workflows

• Simplify Security and Enhance WAAP with Detection and Control in the AI Era

• Navigating the ethics of AI in cybersecurity

• “Nudify” deepfake bots remove clothes from victims in minutes, and millions are using them

• How to secure your SaaS data?

• How to define cyber-risk appetite as a security leader

• The Identity Security Mirage: Unveiling the Hidden Risks in Your Digital Infrastructure

• Protecting major events: An incident response blueprint

• Microsoft Customers Facing 600 Million Cyber Attack Launched Every Day

• What open-source AI models should your enterprise use? Endor Labs analyzes them all

• OT Risk Management Firm DeNexus Raises $17.5 Million

• Hackers Abuse EDRSilencer Red Team Tool To Evade Detection

• Price Drop: This Complete Ethical Hacking Bundle is Now $40

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Using Artificial Intelligence to Catch Sneaky Images in Email

• Secure Team Collaboration in EKS with Gatekeeper

• Earned, Not Given: Cisco Firewall earns spot on Department of Defense Information Network Approved Product List

• Microsoft Patches Vulnerabilities in Power Platform, Imagine Cup Site

• Panduit Partners with Hyperview to Offer Clients Modern DCIM Software Tools

• Threat modeling and binary analysis: Supercharge your software risk strategy

• Defenders must adapt to shrinking exploitation timelines

• Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data

• Blackstone To Invest €7.5 Billion For Data Centres In Spain

• Tor Browser and Firefox users should update to fix actively exploited vulnerability

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Escalating cyber threats demand stronger global defense and cooperation

• Product showcase: Secure and scale your network with NordLayer’s advanced security solutions

• Lookout offers protection against social engineering and executive impersonation attacks

• Akamai launches Behavioral DDoS Engine for App & API Protection

• North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware

• From Misuse to Abuse: AI Risks and Attacks

• Cyber Threats Escalating Beyond Ability to Defend, New NCSC Head Warns

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• U.S. CISA adds Microsoft Windows Kernel, Mozilla Firefox and SolarWinds Web Help Desk bugs to its Known Exploited Vulnerabilities catalog

• Cheating at Conkers

• Google Pays Out $36,000 for Severe Chrome Vulnerability

• Unit 42 Looks Toward the Threat Frontier: Preparing for Emerging AI Risks

• UK Mulls Common Charging Cable, After EU’s Long-Winded Move

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• AI Models in Cybersecurity: From Misuse to Abuse

• FIDO Alliance Proposes New Passkey Exchange Standard

• New Apple iPad Mini Looks To AI, With ‘Apple Intelligence’

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Organizations Warned of Exploited SolarWinds Web Help Desk Vulnerability

• Android 15 unveils new security features to protect sensitive data

• Swift launches AI-powered fraud detection service

• 5 Techniques for Collecting Cyber Threat Intelligence

• The Importance of Layered Cybersecurity Solutions

• CIS Control 17: Incident Response Management

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Oracle Patches Over 200 Vulnerabilities With October 2024 CPU

• Netskope extends data security with DSPM capabilities

• Chrome Security Update, 17 Vulnerabilities Patched

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Akeyless unveils Unified Secrets and Machine Identity Platform

• Experts Play Down Significance of Chinese Quantum “Hack”

• Compromised Chinese vacuum cleaners yell obscenities at families

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Strengthen your cybersecurity with automation

• Passkey News: FIDO Unveils New Specifications, Amazon Announces 175 Million Users

• Rubrik DSPM for Microsoft 365 Copilot reduces the risk of sensitive data exposure

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Arcserve UDP 10 accelerates disaster recovery processes

• UK Government Launches AI Safety Scheme to Tackle Deepfakes

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• GitHub addressed a critical vulnerability in Enterprise Server

• Internet Archive wobbles back online, with limited functionality

• CISA Releases ICS Advisories to Mitigate Cyber Attacks

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Cybersecurity concerns arise as Windows 10 support to end next year

• Do Passkeys Truly Boost Cybersecurity in the Future?

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability

• GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Chinese Researchers Use Quantum Computer to Hack Secure Encryption

• E.U. Court Restricts Meta’s Use of Facebook Data for Targeted Advertising

• New Threat Actor Tool EDRSilencer Repurposed for Malicious Use

• IBM acquires Indian SaaS startup Prescinto to shine a light on renewable energy assets

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Resilience over reliance: Preparing for IT failures in an unpredictable digital world

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• WhatsApp may expose the OS you use to run it – which could expose you to crooks

• Strengthening Kubernetes security posture with these essential steps

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Cybersecurity jobs available right now: October 16, 2024

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Unlocking the value of AI-powered identity security

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Nation-State Cyber Threats: The Hidden War on Infrastructure

• ISC Stormcast For Wednesday, October 16th, 2024 https://isc.sans.edu/podcastdetail/9182, (Wed, Oct 16th)

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• ACDS Appoints New Managing Director

• Keeper Security Cybersecurity Action Month: The Importance of MFA

• Cato Networks Expands SASE Platform (Again) with DEM for Complete User Experience Delivery

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• Simplifying NIS2 Compliance with Eclypsium

• SimpliSafe’s new outdoor monitoring service combines AI with human agents

• Some Americans are still using Kaspersky’s antivirus despite US government ban

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

• FIDO unveils new specifications to transfer passkeys

• Cisco Is a Five-Time Leader in the 2024 Gartner® Magic Quadrant™ for SD-WAN

Generated on 2024-10-17 23:55:11.747000