IT Security News Daily Summary 2024-11-09

• FBI: Spike in Hacked Police Emails, Fake Subpoenas

• iPhones might be harder for police to unlock, thanks to new reboot feature

• Veeam Backup & Replication exploit reused in new Frag ransomware attack

• DEF CON 32 – Taming the Beast: Inside Llama 3 Red Team Process

• Chinese Botnet Quad7 Targets Global Organizations in Espionage Campaign

• Google Cloud to Enforce Multi-Factor Authentication for Enhanced Security in 2025

• Fake Invoices Spread Through DocuSign’s API in New Scam

• Hackers Use Excel Files to Deliver Remcos RAT Variant on Windows

• FBI Cautioned Gmail Users Regarding Cookie Theft

• Cisco Fixes Critical CVE-2024-20418 Vulnerability in Industrial Wireless Access Points

• Uncovering the Gaps in Cyberthreat Detection & the Hidden Weaknesses of SIEM

• Auto-Rebooting iPhones Are Causing Chaos for Cops

• It’s Award Season, Again

• Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns

• zipdump & Evasive ZIP Concatenation, (Sat, Nov 9th)

• Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering

• SANS Holiday Hack Challenge 2024, (Sat, Nov 9th)

• Mozilla’s GenAI Bug Bounty And Education Program – Serious Exploits: Interview With Marco Figueroa, GenAI Bug Bounty Program Manager for Mozilla’s ODIN Project. Cyber Security Today Weekend for Nov 9, 2024

• Celebrating a Milestone – Over 1.5 Billion Daily Queries on Our IP to ASN Mapping Service

• Identity management in 2025: 4 ways security teams can address gaps and risks

• Creators of This Police Location Tracking Tool Aren’t Vetting Buyers. Here’s How To Protect Yourself

• Flare-On 11 Challenge Solutions

• Upwind, an Israeli cloud cybersecurity startup, is raising $100M at a $850-900M valuation, say sources

• Celebrating the Life of Aaron Swartz: Aaron Swartz Day 2024

• Hello again, FakeBat: popular loader returns after months-long hiatus

• Texas oilfield supplier Newpark Resources suffered a ransomware attack

• EFF to Second Circuit: Electronic Device Searches at the Border Require a Warrant

• IT Security News Daily Summary 2024-11-08

• Friday Squid Blogging: Squid-A-Rama in Des Moines

• DEF CON 32 – Securing CCTV Cameras Against Blind Spots – Jacob Shams

• Week in Review: Sophos Chinese hacker warning, AI flaws and vulnerabilities

• HackerOne: Nearly Half of Security Professionals Believe AI Is Risky

• 3 key generative AI data privacy and security concerns

• The Human Side of Incident Response

• Closing 2024 with Style at Cisco Live Melbourne

• Palo Alto Networks warns of potential RCE in PAN-OS management interface

• DEF CON 32 – Smishing Smackdown: Unraveling the Threads of USPS Smishing and Fighting Back

• Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #312 – Appraisal

• How OpenAI’s New AI Agents Are Shaping the Future of Coding

• An explanation of ransomware

• Big Tech’s Data-Driven AI: Transparency, Consent, and Your Privacy

• US Gov Agency Urges Employees to Limit Phone Use After China ‘Salt Typhoon’ Hack

• 28,000 WordPress Sites Affected by Arbitrary File Read and Deletion Vulnerability in WPLMS WordPress Theme

• In Other News: China Hacked Singtel, GuLoader Attacks on Industrial Firms, Phone Use Warning in US Agency

• Hackers Can Access Mazda Vehicle Controls Via System Vulnerabilities

• TikTok ordered to close Canada offices following “national security review”

• FBI says hackers are sending fraudulent police data requests to tech giants to steal people’s private information

• IPConsul automates operations with Cisco’s industrial IoT secure networking

• Upcoming Webinar – Working with X.509 Keys and Certificates

• BlueOLEx 2024 exercise: EU-CyCLONe test its cyber crisis response preparedness

• Google To Make MFA Mandatory for Google Cloud in 2025

• How to maximize cybersecurity ROI

• Innovator Spotlight: Push Security

• Pro-Russian Hacktivists Target South Korea as North Korea Joins Ukraine War

• American Oilfield supplier Newpark Resources hit by ransomware attack

• Google Jarvis AI Extension Leaked On Chrome Store

• Cash App user have a few days left to claim up to a $2,500 settlement payout

• Clearing the Clutter: Simplifying Security Operations with Tool Consolidation

• AI Summit Vancouver 2024: Exploring AI’s Role, Risks, and Transformative Power

• Mastering the 3-2-1 Backup Approach: What It Is and Why It Works

• Finding Solutions to Meet PCI DSS v4.0 Requirements 6.4.3 and 11.6.1

• Smart holiday shopping—How to safely secure deals and discounts for the hottest gifts

• SpyAgent malware targets crypto wallets by stealing screenshots

• Scattered Spider, BlackCat claw their way back from criminal underground

• Threat Actors Hijack Windows Systems Using the New SteelFox Malware

• Malwarebytes Acquires VPN Provider AzireVPN

• Check Point Uncover Pakistan-Linked APT36’s New Malware Targeting Indian Systems

• Why Small Businesses Are Major Targets for Cyberattacks and How to Defend Against Them

• AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

• New Campaign Uses Remcos RAT to Exploit Victims

• Unpatched Vulnerabilities Allow Hacking of Mazda Cars: ZDI

• Operation Synergia II: A Global Effort to Dismantle Cybercrime Networks

• Ciso Playbook: Cyber Resilience Strategy

• Nokia Says Impact of Recent Source Code Leak Is Very Limited

• Amazon Mulls New Multi-Billion Dollar Investment In Anthropic – Report

• Incident Response Readiness Journey

• Leveraging Threat Intelligence in Cisco Secure Network Analytics, Part 2

• Converge Your WAN and Security With Cisco Firewall

• The AT&T Phone Records Stolen

• IcePeony and Transparent Tribe Target Indian Entities with Cloud-Based Tools

• FTX’s Caroline Ellison Begins Her Two Year Prison Sentence

• iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

• AI Industry is Trying to Subvert the Definition of “Open Source AI”

• US Prison Sentences for Nigerian Cybercriminals Surge in Recent Months

• Opera Browser Vulnerability Could Allow Exploits Via Browser Extensions

• HPE Patches Critical Vulnerabilities in Aruba Access Points

• UIUC Researchers Expose Security Risks in OpenAI’s Voice-Enabled ChatGPT-4o API, Revealing Potential for Financial Scams

• Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910)

• The vCISO Academy: Transforming MSPs and MSSPs into Cybersecurity Powerhouses

• Major Oilfield Supplier Hit by Ransomware Attack

• How to Evaluate and Improve Your Organisation’s Data Security Posture

• AI can drive business growth in Southeast Asia. But some big challenges remain

• How to Build a Healthy Patch Management Program

• Why having too many cybersecurity point solutions is risky

• Palo Alto Networks Expedition Vulnerability Exploited in Attacks, CISA Warns

• Observability in Security: Strategies for the Modern Enterprise

• Webinar: Learn How Storytelling Can Make Cybersecurity Training Fun and Effective

• North Korean Actor Deploys Novel Malware Campaign Against Crypto Firms

• QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns

• Recent improvements in Red Hat Enterprise Linux CoreOS security data

• Secure cloud bursting: Leveraging confidential computing for peace of mind

• More value, less risk: How to implement generative AI across the organization securely and responsibly

• Breaking Down Earth Estries’ Persistent TTPs in Prolonged Cyber Operations

• Steps Organizations Can Take to Improve Cyber Resilience

• The CISO Evolution: From Tactical Defender to Strategic Business Partner

• Columbus Data Breach Affects 500,000 in Recent Cyberattack

• Mirantis provides support offerings for Harbor Registry and KubeVirt

• Top Vulnerability Management Tools: Reviews & Comparisons 2024

• AppOmni partners with Cisco to extend zero trust to SaaS

• Interlock targets healthcare, Canada dissolves TikTok, HP critical flaws

• New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus

• Canada Orders TikTok To Close Operations: Cyber Security Today for Friday, November 8th, 2024

• Digital Arrest: How Even The Educated Become Victims

• CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

• Apple’s 45-day certificate proposal: A call to action

• New Malware “ToxicPanda” Targets Android Devices to Steal Banking Information

• Credential Abuse Market Flourishes Despite Setbacks

• Large-Scale Phishing Campaign Exposed Using New Version of Rhadamanthys Malware

• Am I Isolated: Open-source container security benchmark

• CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability

• A closer look at the 2023-2030 Australian Cyber Security Strategy

• Why AI-enhanced threats and legal uncertainty are top of mind for risk executives

• New infosec products of the week: November 8, 2024

• Driving social impact at work: A rewarding collaboration with WWF-Australia

• Winos4.0 abuses gaming apps to infect, control Windows machines

• DEF CON 32 – QuickShell Sharing Is Caring About RCE Attack Chain On QuickShare – Or Yair, Shmuel Cohen

• Highlights from the InCyber Montreal Forum

• ISC Stormcast For Friday, November 8th, 2024 https://isc.sans.edu/podcastdetail/9214, (Fri, Nov 8th)

• Imperva: A Leader in WAAP

• New SteelFox Malware Posing as Popular Software to Steal Browser Data

• EFF to Court: Reject X’s Effort to Revive a Speech-Chilling Lawsuit Against a Nonprofit

Generated on 2024-11-09 23:55:04.547238