IT Security News Daily Summary 2024-11-04

• FIDO: Consumers are Adopting Passkeys for Authentication

• DEF CON 32 – OH MY DC Abusing OIDC All The Way To Your Cloud

• MDR vs. MSSP: Making the Right Choice for Your Business

• Vulnerability Recap 11/4/24 – Fourteen-Year Bug Finally Gets Patched

• UC San Diego, Tsinghua University researchers just made AI way better at knowing when to ask for help

• Software Makers Encouraged to Stop Using C/C++ by 2026

• Randall Munroe’s XKCD ‘Disposal’

• Hackers Leak 300,000 MIT Technology Review Magazine User Records

• Exploring Artificial Intelligence: Is AI Overhyped?

• How AI Is Changing the Cloud Security and Risk Equation

• Gartner Report: How to Respond to the Threat Landscape in a Volatile, Complex and Ambiguous World

• Celebrating Connections and Launching the New Cisco 360 Partner Program

• DEF CON 32 – The Edges Of Surveillance System And Its Supply Chain

• PCI DSS v4.0.1 Changes | Application Security PCI Compliance Requirements | Contrast Security

• Vulnerability Summary for the Week of October 28, 2024

• Columbus Ransomware Attack Exposes Data of 500,000 Residents

• City of Columbus breach affects around half a million citizens

• Why your vote can’t be “hacked,” with Cait Conley of CISA (Lock and Code S05E23)

• Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack

• Crooks bank on Microsoft’s search engine to phish customers

• Cambodia-Based Cybercriminals Exploit Digital Arrest Scam on Indian Victims

• Meta Struggles to Curb Misleading Ads on Hacked Facebook Pages

• Behind the Search Bar: How Google Algorithm Shapes Our Perspectives

• CISA Adds Two Known Exploited Vulnerabilities to Catalog

• KnowBe4 Named as One of Newsweek’s Top UK Most Loved Workplaces For 2024

• Cybercriminals Exploit DocuSign APIs to Send Fake Invoices

• ChatGPT new search engine features cause data sanctity concerns

• Hackers Claim Access to Nokia Internal Data, Selling for $20,000

• 10 API security testing tools to mitigate risk

• Partnering for Purpose Winners: 7th Global Partner Innovation Challenge

• Nigerian Handed 26-Year Sentence for Real Estate Phishing Scam

• Nigerian man Sentenced to 26+ years in real estate phishing scams

• Wild, Weird, and Secure: SecureWV 2024’s Cryptid-Themed Conference

• Misinformation is Ruining our Elections. Here’s How we can Rescue Them.

• Google Researchers Claim First Vulnerability Found Using AI

• ENISA Cybersecurity Resilience and Market Conference: Joining forces for a cyber-secure and resilient digital single market

• Columbus says ransomware gang stole personal data of 500,000 Ohio residents

• Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning

• 210,000 Impacted by Saint Xavier University Data Breach

• Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

• Unauthorized tactic spotlight: Initial access through a third-party identity provider

• Scammers Use DocuSign API to Evade Spam Filters with Phishing Invoices

• Microsoft Warns of Russian Spear-Phishing Campaign Targeting Multiple Organizations

• US Says Russia Behind Fake Haitian Voters Video

• Is the Digital Transformation of Businesses Complete?

• How the 2024 US presidential election will determine tech’s future

• Overview of Cybersecurity Regulations in the Middle East Region, Part 1

• US Sentences Nigerian to 26 Years in Prison for Stealing Millions Through Phishing

• Monitoring Distributed Microservices

• New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine

• Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

• Sophisticated Phishing Attack Targeting Ukraine Military Sectors

• Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

• Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

• The Evolution of Transparent Tribe’s New Malware

• SYS01 InfoStealer Malware Attacking Meta Business Page To Steal Logins

• THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 – Nov 03)

• German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested

• Sophos Versus the Chinese Hackers

• FBI Seeking Information on Chinese Hackers Targeting Sophos Firewalls

• Singapore’s Government Directed ISPs To Block Access To Ten Inauthentic Websites

• Embargo Ransomware Actors Abuses Safe Mode To Disable Security Solutions

• Russian Hackers Attacking Ukraine Military With Malware Via Telegram

• A Massive Hacking Toolkit From “You Dun” Threat Group Developed To Lauch Massive Cyber Attack

• Russia, Iran, And China Influence U.S. Elections, Microsoft Warns

• Top Traceable API Security Alternative: Escape vs. Traceable

• What is Enterprise Compliance and Why is It Important?

• Cybersecurity and AI Challenges: How Companies Must Evolve to Stay Secure and Competitive

• Supply Chain Attack Uses Smart Contracts for C2 Ops

• Huawei Sees Sales Surge, But Profits Fall

• Google Maps Steers Into Local Information With AI Chat

• OpenAI Adds ChatGPT Search Features

• Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

• Inside the Massive Crime Industry That’s Hacking Billion-Dollar Companies

• Russian disinformation campaign active ahead of 2024 US election

• Why the long name? Okta discloses auth bypass bug affecting 52-character usernames

• Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

• Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It)

• City of Columbus Ransomware Attack Impacts 500,000 People

• Okta Verify Agent for Windows Flaw Let Attackers Steal User Passwords

• Strategies for Implementing Effective Threat Detection in IIoT

• What Is the ISA/IEC 62443 Framework?

• Public sector cyber break-ins: Our money, our lives, our right to know

• Binance Co-Founder CZ Does Not Want To Return To Company

• Apple Posts China Sales Decline, Ramping Pressure On AI Strategy

• Siemens and Rockwell Tackle Industrial Cybersecurity, but Face Customer Hesitation

• UK Council Sites Recover Following Russian DDoS Blitz

• MediaTek High Severity Vulnerabilities Let Attackers Escalate Privileges

• A week in security (October 28 – November 3)

• Industry Moves for the week of November 4, 2024 – SecurityWeek

• Businesses Worldwide Targeted in Large-Scale ChatGPT Phishing Campaign

• China’s BYD Overtakes Tesla On Quarterly Sales

• Entra MFA mandatory, German pharma cyberattack, LightSpy iPhone enhancements

• DSPM vs. Traditional Data Protection: What’s the Difference?

• Heimdal® Supports MSP Compliance Efforts with Fourth Consecutive ISAE 3000 SOC 2 Type II Certification

• IRISSCON 2024 to address AI’s dual impact on cybersecurity

• China is an increasing threat in Cyber Security: Cyber Security Today for Monday, November 4, 2024

• International law enforcement operation shut down DDoS-for-hire platform Dstat.cc

• Proactive Ways To Bridge The Cybersecurity Talent Gap

• New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls

• Analyzing an Encrypted Phishing PDF, (Mon, Nov 4th)

• Threat Actors Allegedly Claiming Leak of Dell Partner Portal Data

• Advanced Variant of FakeCall Malware Targets Mobile Users with Sophisticated Vishing Attacks

• Gmail Security Challenges Amid Rising Phishing Scams

• How Safe Are AI-Powered Laptops When It Comes to Onboard Data Security?

• Securing Your SaaS Application Security

• Microsoft Warns of Major Credential Theft by Chinese Hackers Via Covert Network Attacks

• Hiring guide: Key skills for cybersecurity researchers

• Cybersecurity in crisis: Are we ready for what’s coming?

• Whispr: Open-source multi-vault secret injection tool

• Z-lib – 9,737,374 breached accounts

• Quadrant Launches Free Dark Web Reports to Help Organizations Identify Leaked Credentials and Sensitive Information

• Strong privacy laws boost confidence in sharing information with AI

• ISC Stormcast For Monday, November 4th, 2024 https://isc.sans.edu/podcastdetail/9206, (Mon, Nov 4th)

• NAKIVO Backup for MSP: Best Backup Solution for MSPs

• IT Security News Weekly Summary – Week 44

• IT Security News Daily Summary 2024-11-03

• Half of Online Child Grooming Cases Now Happen on Snapchat, Reports UK Charity

• Redline And Meta Infostealers Targeted in Operation Magnus

• 6 IT contractors arrested for defrauding Uncle Sam out of millions

• Strava’s Privacy Flaws: Exposing Sensitive Locations of Leaders and Users Alike

• DEF CON 32 – Where’s The Money-Defeating ATM Disk Encryption

• Cybersecurity Beyond Phishing: Six Underrated Threats

• Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

• SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 18

• FBI Warns of Cybercriminals Stealing Cookies to Bypass Security

• Windows Recall Release Pushed Back, Microsoft Sets December Date

• Critical Security Vulnerability Found in LiteSpeed Cache Plugin: Urgent Update Advised for WordPress Users

• US Election 2024 – FBI warning about fake election videos

• Chinese threat actors use Quad7 botnet in password-spray attacks

• Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams

• ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA

• How to protect against supply chain cyber risk with automation

• 2024 Application Security Report -Fortinet

• Chenlun’s New Phishing Schemes Target Big-Name Brands

Generated on 2024-11-04 23:55:04.464797