IT Security News Daily Summary 2024-10-21

• Vulnerability Recap 10/21/24 – Immediate Patching Is Critical

• FedRAMP Certification and Compliance: What It Is and Why It Matters

• Types of Security Audits: Overview and Best Practices

• Internet Archive (Archive.org) Hacked for Second Time in a Month

• How to Implement Client-Side Load Balancing With Spring Cloud

• Cisco confirms attackers stole data from DevHub environment

• The billionaire behind Trump’s ‘unhackable’ phone is on a mission to fight Tesla’s FSD

• Survey Surfaces Depth and Scope of Identity Management Challenge

• ICE’s $2 Million Contract With a Spyware Vendor Is Under White House Review

• Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

• VMware Struggles to Fix Flaw Exploited at Chinese Hacking Contest

• USENIX NSDI ’24 – Parcae: Proactive, Liveput-Optimized DNN Training on Preemptible Instances

• Randall Munroe’s XKCD ‘Experimental Astrophysics’

• Is It Time to Move on from Your Legacy GRC Solution?

• USENIX NSDI ’24 – Accelerating Neural Recommendation Training with Embedding Scheduling

• DEF CON 32 – AppSec Village – Web2 Meets Web3 Hacking Decentralized Applications

• How to Lower Ping: 11 Practical Tips

• Securing Financial Operations: Know Your SaaS

• HM Surf Bug in macOS Raises Data Privacy Concerns

• Study outlines ‘severe’ security issues in cloud providers

• Apple Offering Hackable iPhones to Universities

• ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks

• Data Breach Statistics [2024] : Penalties and Fines for Major regulations

• Akira ransomware continues to evolve

• Hacker Advertises “Top Secret US Space Force (USSF) Military Technology Archive”

• Living Our Purpose Through Pro Bono

• Cybersecurity Action Month: When Awareness Must Lead to Action

• What is Incident Response?

• Vietnamese Hackers Target Digital Marketers in Malware Attack

• Innovator Spotlight: Interpres Security

• AWS Tells Staff To Leave If They Don’t Wish To Return To Office

• Hacker Advertises “Top Secret US Space Force Military Technology Archive”

• How to Secure Your Raspberry Pi and Enable Safe, Resilient Updates

• Gartner: 2025 will see the rise of AI agents (and other top trends)

• Why you should power off your phone at least once a week – according to the NSA

• U.S. Border Surveillance Towers Have Always Been Broken

• Innovator Spotlight: Concentric

• Innovator Spotlight: Keepnet Labs

• USENIX NSDI ’24 – OPPerTune: Post-Deployment Configuration Tuning of Services Made Easy

• North Korean Hackers Develop Linux Variant of FASTCash Malware Targeting Financial Systems

• A Network Nerd’s Take on Emergency Preparedness, (Tue, Oct 15th)

• Sophos to acquire Secureworks

• Attackers Target Exposed Docker Remote API Servers With perfctl Malware

• Eutelsat Launches First Satellites Since OneWeb Merger

• Get 9 Courses on Ethical Hacking for Just $50

• Fortinet Training Institute Wins Industry Accolades

• The Ugly Truth about Your Software Vendor which CISOs Won’t Want (But Do Need) to Hear

• This industry profits from knowing you have cancer, explains Cody Venzke (Lock and Code S05E22)

• Microsoft Builds Fictitious Azure Tenants to Lure Phishers to Honeypots

• Stolen Access Tokens Lead to New Internet Archive Breach

• Zero-Trust Endpoint Security

• More of Internet Archive is back online, despite hackers infiltrating its helpdesk

• Sophos to Acquire SecureWorks in $859 Million All-Cash Deal

• 50,000 Files Exposed in Nidec Ransomware Attack

• Samsung Delays ASML Deliveries For Texas Chip Factory – Report

• Internet Archive was breached twice in a month

• Seven Cybersecurity Tips to Protect Your Retail Business This Holiday Season

• Internet Archive attackers email support users: “Your data is now in the hands of some random guy”

• Vulnerability Summary for the Week of October 14, 2024

• Netskope Reports Possible Bumblebee Loader Resurgence

• Australia’s New Scam Prevention Laws: What You Need to Know

• macOS HM Surf vuln might already be under exploit by major malware family

• Fortinet releases patches for undisclosed critical FortiManager vulnerability

• Graylog enables organizations to make more informed decisions about their security posture

• Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain

• How In-Person Meetings Fast-Tracked Our vPPA Negotiations in Europe

• TikTok’s ByteDance Fires Intern For Allegedly Sabotaging AI Project

• Strengthening Cloud Defenses: Key Strategies

• ESET Distributor’s Systems Abused to Deliver Wiper Malware

• Chinese Research Using Quantum System to Crack Encryption a ‘Cautionary Tale’

• How to build a Security Guardians program to distribute security ownership

• How To Secure Your Raspberry Pi and Enable Safe, Resilient Updates

• A Trump Win Could Unleash Dangerous AI

• Big Rewards Offered in Dedicated Google Cloud Bug Bounty Program

• Cisco Confirms Security Incident After Hacker Offers to Sell Data

• Phishing Attacks Snare Security, IT Leaders

• THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 – Oct 20)

• Guide:  The Ultimate Pentest Checklist for Full-Stack Security

• Safeguard OT Environments with the Power of Precision AI

• Former OpenAI Mira Murati Raising Capital For New AI Startup – Report

• Silicon UK AI For Your Business Podcast: Government and AI

• AI and the SEC Whistleblower Program

• Australia’s Privacy Watchdog Publishes Guidance on Commercial AI Products

• Hackers Use Bumblebee Malware to Gain Access to Corporate Networks

• FBI Arrested Hacker Behind the Takeover of the U.S. SEC X account

• Nearly half (44%) of CISOs Fail to Detect Breaches

• Atlassian Patches Vulnerabilities in Bitbucket, Confluence, Jira

• Escape vs Qualys

• Western Digital Fined $316m For Infringing Data Security Patent

• The 6 Best Antivirus Software Providers for Mac in 2024

• US Government Says Relying on Chinese Lithium Batteries Is Too Risky

• How a Trump Win Could Unleash Dangerous AI

• Stealer here, stealer there, stealers everywhere!

• AI and Hardware Hacking on the Rise

• Roundcube Webmail Vulnerability Exploited in Government Attack

• Ataccama ONE v15.3 empowers data teams to monitor, manage, and utilize data

• The Internet Archive breach continues

• Genomics company 23andMe to pay up to $10,000 per person to victims of data breach

• Industry Moves for the week of October 21, 2024 – SecurityWeek

• Internet Archive Hacked Again During Service Restoration Efforts

• Hackers Mimic as ESET to Deliver Wiper Malware

• Preventing Breaches Using Indicators of Compromise

• Cybersecurity at Ports Gets a Boost with New Bipartisan Bill

• Half of Organizations Have Unmanaged Long-Lived Cloud Credentials

• A week in security (October 14 – October 20)

• FBI’s Most Wanted Hacker Arrested in Malpensa

• Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign

• Fortra Report Reveals Surge in Domain Impersonation, Social Media Attacks, and Dark Web Activity

• Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers

• Microsoft logs lost, Omni Family breach, Internet Archive Zendesk breach

• Fair Vote Canada – 134,336 breached accounts

• Fair Vote Canada Data Leak: 34k Email Addresses Leaked

• FBI Arrests Alabama Man in Connection to SEC Social Media Hack: Cyber Security Today for Monday, October 21st, 2024

• Windows 11 passkey transformation will say goodbye to Passwords

• Understanding AI and ML Security in Telecommunication Networks

• Tesla, Intel, deny they’re the foreign company China just accused of making maps that threaten national security

• Policy as code in Kubernetes: security with seccomp and network policies

• Building secure AI with MLSecOps

• Evolving cybercriminal tactics targeting SMBs

• Should the CISOs role be split into two functions?

• Aranya: Open-source toolkit to accelerate secure by design concepts

• These 7 Practices Are Building Cybersecurity Safeguards in the Construction Industry

• ISC Stormcast For Monday, October 21st, 2024 https://isc.sans.edu/podcastdetail/9188, (Mon, Oct 21st)

• Internet Archive exposed again – this time through Zendesk

• Ransomware Rising – Understanding, Preventing and Surviving Cyber Extortion

• BSides Exeter – Ross Bevington’s Turning The Tables: Using Cyber Deception To Hunt Phishers At Scale

• Cyprus Thwarted a Digital Attack Against the Government’s Main Online Portal

• IT Security News Daily Summary 2024-10-20

• “HM Surf” macOS Flaw Lets Attackers Access Camera and Mic – Patch Now!

• The AI edge in cybersecurity: Predictive tools aim to slash response times

• Cyber Threats by Nation-States Surge Beyond Control

• USENIX NSDI ’24 – Reasoning About Network Traffic Load Property at Production Scale

• DEF CON 32 – AppSec Considerations From The Casino Industry

• Mirai-Inspired Gorilla Botnet Hits 0.3 Million Targets Across 100 Countries

• Brazil’s Federal Police Arrests ‘USDoD,’ Hacker in FBI Infragard Breach

• How to Enhance Your Windows Security with Memory Integrity

• The Cybersecurity Burnout Crisis: Why CISOs Are Considering Quitting

• SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16

• Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

• F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP

• Open source LLM tool primed to sniff out Python zero-days

• Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials

• Week in review: 87k+ Fortinet devices still open to attack, red teaming tool used for EDR evasion

• Microsoft Introduces AI Solution for Erasing Ex from Memories

• Microsoft Fixed 100+ Vulnerabilities With October Patch Tuesday

Generated on 2024-10-21 23:55:08.027950