IT Security News Daily Summary 2024-10-30

• Windows Themes zero-day bug exposes users to NTLM credential theft

• Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer

• The cybsecurity problems and opportunities facing open-source startups

• Sorry, Gas Companies – Parody Isn’t Infringement (Even If It Creeps You Out)

• Cloud Security Alliance Advocates Zero Trust for Critical Infrastructure

• How to create an incident response playbook with template

• The Frightening Stakes of this Halloween’s Net Neutrality Hearing

• OpenSSL Forms Business Advisory Committees – Shape the Future – Join Now!

• Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

• Triumphs, Trials, and Tangles From California’s 2024 Legislative Session

• Zero-Trust Log Intelligence: Safeguarding Data with Secure Access

• Russian Cozy Bear Hackers Phish Critical Sectors with Microsoft, AWS Lures

• Google’s AI system could change the way we write: InkSight turns handwritten notes digital

• Operation Magnus: Joint Law Enforcement Operation Targets Major Infostealer Networks

• Survey Surfaces Fundamental Weaknesses in API Security

• Citrix Boosts Security for Remote Application Accesses With “More Security Layers”

• Top AI security certifications to consider

• Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

• LiteSpeed Cache Plugin Vulnerability Poses Admin Access Risk

• 10,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in AI Power: Complete AI Pack WordPress Plugin

• Cyber Expert Points SMB Leaders to Patching as Important Tool for Avoiding Attacks

• Disastrous cyberattacks show organisations need to be more proactive in defence, says Oxylabs

• Elections and Financial Crime: Navigating a Shifting Landscape

• Establishing Security Guardrails in the Age of Shadow IT

• Compliance Automated Standard Solution (COMPASS), Part 7: Compliance-to-Policy for IT Operation Policies Using Auditree

• ‘We’re a Fortress Now’: The Militarization of US Elections Is Here

• No Matter What the Bank Says, It’s YOUR Money, YOUR Data, and YOUR Choice

• Why Did Snowflake Have a Target on It? Handling Data Warehouse Security Risks

• ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

• Avoiding Social Media Scams When Recovering a Locked Gmail Account

• When and Why to Consider a Data Removal Service

• Updated FakeCall Malware Targets Mobile Devices with Vishing

• Baby Reindeer—The dangers of real-life stalkers

• Diversity in leadership: Forge your own success

• ‘We’re a Fortress Now’: The Militarization of US Elections Is Here

• Fired Disney staffer accused of hacking menu to add profanity, wingdings, removes allergen info

• North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack

• Samsung Smart TVs gain FIPS 140-3 Certification related to data security

• Fired Disney staffer accused of hacking menu to add profanity, wingdings, while removing allergen info

• BOFHound: AD CS Integration

• Apple Rolls Out Major Security Update to Patch macOS and iOS Vulnerabilities

• New “Scary” FakeCall Malware Captures Photos and OTPs on Android

• Patch now! New Chrome update for two critical vulnerabilities

• Simpson Garfinkel on Spooky Cryptographic Action at a Distance

• Data Loss Prevention Startup MIND Emerges From Stealth With $11M in Funding

• XM Cyber Vulnerability Risk Management boosts prioritization with actual impact analysis

• Immuta Data Marketplace automates data access workflows

• Neon Authorize: Granular access controls at the database layer

• Ransomware hits web hosting servers via vulnerable CyberPanel instances

• 6 Steps for Cyber Resilience During the 2024 U.S. Presidential Election

• Cybersecurity Awareness Month: 5 new AI skills cyber pros need

• Change Healthcare Breach Hits 100M Americans

• The new Webroot PC Optimizer boosts computer performance

• Get Inspired and Go Beyond with Cisco Customer Experience at Cisco Live Melbourne

• Microsoft Warns of Russian Spear-Phishing Attacks Targeting Over 100 Organizations

• Webflow Sites Employed to Trick Users Into Sharing Login Details

• Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware

• Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information

• CISA Launches First International Cybersecurity Plan

• 7,500 Phishing Emails Use Interesting Obfuscation Method to Target Student Loan Holders

• Noma arrives to provide security from data storage to deployment for enterprise AI solutions

• Google fixed a critical vulnerability in Chrome browser

• Cato Networks Named to 2025 Fortune Cyber 60 List

• Russian spies use remote desktop protocol files in unusual mass phishing drive

• FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities

• Proofpoint Boosting Data Security with Normalyze Acquisition

• CHOROLOGY.ai Extends AI Reach to Classify Sensitive Data

• AI Cyberattacks Rise but Businesses Still Lack Insurance

• Product showcase: Shift API security left with StackHawk

• Over Half of US County Websites “Could Be Spoofed”

• No matter what the bank says, it’s YOUR money, YOUR data, and YOUR choice

• Voice of Practitioners 2024

• Securing AI Infrastructure for a More Resilient Future

• RCE Flaw Exposes 22,000 CyberPanel Instances to PSAUX Ransomware

• Embarking on a Compliance Journey? Here’s How Intruder Can Help

• Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code

• OpenAI Working With Broadcom, TSMC On First AI Chip

• AMD Reports Strong AI Chip Sales, Investors Unimpressed

• Master IT Fundamentals With This CompTIA Certification Prep Bundle

• WhiteRabbitNeo: High-Powered Potential of Uncensored AI Pentesting for Attackers and Defenders

• Midnight Blizzard Spearphishing Campaign Targets Thousands with RDP Files

• How AI Transforms the Employee Experience

• Back to the Future, Securing Generative AI

• Russian hackers deliver malicious RDP configuration files to thousands

• Robert Downey, Jr. Says He Would Sue Over AI Likeness

• Alphabet Sees Jump In Advertising, AI Cloud Revenues

• Trust Through Transparency: Regulation’s Role in Consumer Confidence

• APT29 Spearphishing Campaign Targets Thousands with RDP Files

• Writing a BugSleep C2 server and detecting its traffic with Snort

• Jumpy Pisces Engages in Play Ransomware

• Understanding SOX Requirements for IT and Cybersecurity Auditors

• 5 Steps to Assess the Cyber and Privacy Risk of Generative AI

• Why Does Every Retailer Need Penetration Testing to Ensure Customer Safety?

• Facial recognition is partially back to Facebook and Instagram

• TikTok Seeks ‘Trust’ In Global Markets

• EU Electric Vehicle Duties Come Into Force After China Talks Fail

• Google Patches Critical Chrome Vulnerability Reported by Apple

• Running JtR’s Tokenizer Attack

• Kaseya 365 User helps MSPs to protect user data

• New PySilon RAT Abusing Discord Platform to Maintain Persistence

• QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024

• Beijing claims it’s found ‘underwater lighthouses’ that its foes use for espionage

• Synology, QNAP, TrueNAS Address Vulnerabilities Exploited at Pwn2Own Ireland

• Seclore secures sensitive intellectual property and data in CAD files

• TikTok Parent Co-Founder Tops China Rich List

• Attacker Abuses Victim Resources to Reap Rewards from Titan Network

• Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

• Best Antivirus Software for Small Businesses in 2024

• VimeWorld – 3,118,964 breached accounts

• Five Eyes program, Chinese activity, Russian Linux

• US Elections 2024 are super prone to cyber attacks

• What to Do If Hit by Ransomware

• The Hidden Threat of Web Scraping and How to Fight Back

• 3 Key DSPM Takeaways from the Latest Gartner Report

• CRA Paid Millions in Bogus Refunds as Tens of Thousands of Tax Accounts Hacked: Cyber Security Today for Wednesday, October 30, 2024

• Stopping bad things from happening to good businesses

• Google Chrome Security, Critical Vulnerabilities Patched

• US Joins International Crackdown on RedLine and META Infostealers

• Simplifying decentralized identity systems for everyday use

• Risk hunting: A proactive approach to cyber threats

• 6 key elements for building a healthcare cybersecurity response plan

• How Security Automation Platforms Streamline SOC Operations

• ISC Stormcast For Wednesday, October 30th, 2024 https://isc.sans.edu/podcastdetail/9202, (Wed, Oct 30th)

• Italian Politicians Express Alarm at Latest Data Breach Allegedly Affecting 800,000 Citizens

• Uncle Sam outs a Russian accused of developing Redline infostealing malware

• Cast a hex on ChatGPT to trick the AI into writing exploit code

• What Is Secrets Management? Best Practices and Challenges

• PCI DSS Compliance Levels and Requirements: A Complete Guide

• PCI DSS Self-Assessment Questionnaires: Choosing the Right Type

• 2024 Startup Battlefield Top 20 Finalists: ForceField

• How to jailbreak ChatGPT and trick the AI into writing exploit code using hex encoding

• IT Security News Daily Summary 2024-10-29

• International law enforcement operation dismantled RedLine and Meta infostealers

• Master Incident Response with Hands-On Training in IR-200: Foundational Incident Response

• Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files

• Tony Fadell: Innovating to save our planet | Starmus highlights

• DEF CON 32 – AppSec Village – Got 99 Problems But Prompt Injection Ain’t Watermelon

• REvil convictions unlikely to curb Russian cybercrime

• CISA Releases Its First Ever International Strategic Plan

• You’re going to get hacked. But here’s how to avoid a cybersecurity disaster

• How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware

• Operation Magnus: Police Dismantles RedLine and META Infostealer Infrastructure

• GitHub Copilot Autofix expands as AI snags software delivery

• Daniel Stori’s Turnoff.US: ‘Security Engineer Interview’

• New LightSpy Spyware Targets iOS with Enhanced Capabilities

• Unifying SecOps and Observability for Enhanced Cloud Security in Azure

• The 8 Best Network Monitoring Tools for 2024

• Comparing Antivirus Software 2025: Avast vs. AVG

• Belgian cops cuff 2 suspected cybercrooks in Redline, Meta infostealer sting

• TikTok ‘Infinite Money Glitch’ — Idiots Chased by JPMorgan

• US charges suspected Redline infostealer developer, admin

• Chenlun’s Evolving Phishing Tactics Target Trusted Brands

• Navigating Privacy Concerns on Google Maps: Understanding the Blurring Feature

• Russian Malware Attack Targets Ukrainian Military Recruits via Telegram

• The Internet Archive is finally mostly back online after a series of cyberattacks

• The story behind the Health Infrastructure Security and Accountability Act

• Power Your GenAI Ambitions with New Cisco AI-Ready Data Center Infrastructure

• Artificial Intelligence (AI) Takes the Spotlight in Cisco’s 7th Annual Global Partner Innovation Challenge

• The Zensory and POPP3R Cybersecurity Partner to Boost Mindful Security Behaviour in North America

• Proofpoint to Acquire Data Security Posture Management Firm Normalyze

• Amazon Identified Internet domains Exploited by Russian APT29

• Prometei Botnet: The Persistent Threat Targeting Global Systems

• CISA Releases Three Industrial Control Systems Advisories

• Siemens InterMesh Subscriber Devices

• Delta Electronics InfraSuite Device Master

• Solar-Log Base 15

• Building Resilience: A Post-Breach Security Strategy for Any Organization

• Admins better Spring into action over latest critical open source vuln

• DigiCert – It’s a Matter of Trust

• Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

• The Cloud Latency Map measures latency across 100+ cloud regions

• Why safeguarding sensitive data is so crucial

• Revolutionizing Dairy Farming with Digital Solutions

• RedLine and Meta Infostealers Disrupted by Law Enforcement

• Securiti Gencore AI accelerates GenAI adoption in the enterprise

• Researchers Uncover Vulnerabilities in Open-Source AI and ML Models

• Law Enforcement Operation Takes Down Redline and Meta Infostealers

• Hackers Use Fog Ransomware To Attack SonicWall VPNs And Breach Corporate Networks

• New Windows Downgrade Attack Let Hackers Downgrade Patched Systems To Exploits

• Notorious WrnRAT Delivered Mimic As Gambling Games

• Best AI Security Tools: Top Solutions, Features & Comparisons

• MoneyGram replaces CEO weeks after massive customer data breach

• Cisco Crisis Response: Reinstating Connectivity to Communities Impacted by Hurricane Helene

• Enhancing Cybersecurity Skills in the U.S. Military and Department of Defense: The Cisco Winning Path to Certification

• Court Orders Google (a Monopolist) To Knock It Off With the Monopoly Stuff

• Update your iPhone, Mac, Watch: Apple issues patches for several vulnerabilities

• Zenity Raises $38 Million to Secure Agentic AI

• Aviatrix unveils features to simplify network security management

• Beyond the Login ? Keeping Accounts Secure with Lifecycle Protection

• Augmenting Training Datasets Using Generative AI

• Fitness App Strava Gives Away Location of Biden, Trump and other Leaders, French Newspaper Says

• Connected car security: Software complexity creates bumps in the road

• Zenity raises $38 million to secure agentic AI

• Phishers reach targets via Eventbrite services

• NIS2 Compliance Puts Strain on Business Budgets

• RedLine and META Infostealers Infrastructure Seized by Authorities

• 10 Reflections and Learnings From My Transformative First Year and a Half at Cisco

• Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

• Corero CORE turns isolated security events into actionable intelligence

• Akamai strenghtens protection against account abuse

• Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus

• A Sherlock Holmes Approach to Cybersecurity: Eliminate the Impossible with Exposure Validation

• Suspicious Social Media Accounts Deployed Ahead of COP29

• White House Finalises China Tech Investment Curbs

• QR Codes Enable New Enterprise Phishing Threat

• How to configure and customize Kali Linux settings

• Law Enforcement Deanonymizes Tor Users

• July 2024 Cyber Attacks Statistics

• Spooky Spam, Scary Scams: Halloween Threats Rise

• What’s New with the TSA’s Oil and Gas Security Directives?

• CIS Control 15: Service Provider Management

• Merde! Macron’s bodyguards reveal his location by sharing Strava data

• Latest Funding Round Values Start-Up Sierra AI At $4.5bn

• Toyota, NTT Invest $3bn In Autonomous Driving

• Chinese Hackers Scanning Canadian IT Systems for Vulnerabilities

• Lumma/Amadey: fake CAPTCHAs want to know if you’re human

• How to Improve the Security of AI-Assisted Software Development

• Patching problems: The “return” of a Windows Themes spoofing vulnerability

• Canada Says Chinese Reconnaissance Scans Targeting Government Organizations

• Five Eyes Agencies Launch Startup Security Initiative

• Intel Invests $300m To Expand China Chip Processing Plant

• Apple Rolls Out First iPhone AI Features In Software Update

• SMB Force-Authentication Vulnerability Impacts All OPA Versions For Windows

• Apple Patches Over 70 Vulnerabilities Across iOS, macOS, Other Products

• October Cybersecurity Awareness Month: Ensuring Data Security and Compliance is an Ongoing Concern

• PIXM protects MSPs from credential theft and phishing attacks

• ICO: 55% of UK Adults Have Had Data Lost or Stolen

• ClickFix Malware Infect Website Visitors Via Hacked WordPress Websites

• Hardcoded Creds in Popular Apps Put Millions of Android and iOS Users at Risk

• Latrodectus Employs New anti-Debugging And Sandbox Evasion Techniques

• Nadella’s Microsoft Pay Jumps 63 Percent In Spite Of Incentive Cut

• New ChatGPT-4o Jailbreak Technique Enabling to Write Exploit Codes

• Five Eyes nations tell tech startups to take infosec seriously. Again

• Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

• U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing

• 49% of Enterprises Fail to Identify SaaS Vulnerabilities

• RedLine and Meta infostealer takedown, Russian-backed malware, French telecom breach

• Apple iPhone Users Urged to Upgrade to iOS 18.1 for Enhanced Security

• Understanding Cloud Identity Security (CIS)

• Nintendo Warns of Phishing Attack Mimics Company Email Address

• Innovator Spotlight: Cloud Range

• Wanted. Top infosec pros willing to defend Britain on shabby salaries

• New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors

• Inside console security: How innovations shape future hardware protection

• Cybersecurity jobs available right now: October 29, 2024

• OT PCAP Analyzer: Free PCAP analysis tool

• Cyware and ECS Partner to Enhance Government Cybersecurity with Advanced Threat Intel Exchange

• Malicious npm Packages Found to Distribute BeaverTail Malware

• The state of password security in 2024

• Combatting Human Error: How to Safeguard Your Business Against Costly Data Breaches

• Trust and risk in the AI era

• Armis Raises $200M at $4.2B Valuation, Eyes IPO

• ISC Stormcast For Tuesday, October 29th, 2024 https://isc.sans.edu/podcastdetail/9200, (Tue, Oct 29th)

Generated on 2024-10-30 23:55:04.798099