IT Security News Daily Summary 2024-11-13

• Joint Statement from FBI and CISA on the People’s Republic of China (PRC) Targeting of Commercial Telecommunications Infrastructure

• Most widely exploited vulnerabilities in 2023 were zero days

• Biometrics in the Cyber World

• Data broker amasses 100M+ records on people – then someone snatches, sells it

• LastPass adds passkey support for free and premium users – but there’s a catch

• Lawyer allegedly hacked with spyware names NSO founders in lawsuit

• China’s Volt Typhoon botnet has re-emerged

• Mend.io is a Strong Performer in the Forrester Wave™ Software Composition Analysis, Q4 2024

• Randall Munroe’s XKCD ‘Number Shortage’

• DEF CON 32 – Splitting The Email Atom Exploiting Parsers To Bypass Access Controls

• Meta Must Face Antitrust Trial Over Instagram, WhatsApp Purchases

• Patch Tuesday: Four Critical Vulnerabilities Paved Over

• These Guys Hacked AirPods to Give Their Grandmas Hearing Aids

• Palo Alto Networks Emphasizes Hardening Guidance

• Safer with Google: New intelligent, real-time protections on Android to keep you safe

• Ransomware fiends boast they’ve stolen 1.4TB from US pharmacy network

• Mend.io is a Strong Performer in the Forrester Wave™ Software Composition Analysis, Q4 2024

• Bitcoin Surges To Above $93,000 For First Time

• A Security-First Approach to 6G

• Mend.io is a Strong Performer in the Forrester Wave™ Software Composition Analysis, Q4 2024

• Users Flock To Bluesky Post Election, As Guardian Leaves X

• The best travel VPNs of 2024: Expert tested and reviewed

• Tell Congress To Stop These Last-Minute Bills That Help Patent Trolls

• EFF Is Ready for What’s Next | EFFector 36.14

• Microsoft slips Task Manager and processor count fixes into Patch Tuesday

• Google Cloud to Assign CVEs to Critical Vulnerabilities

• PlatformEngineering.com: Strengthening Security in the Software Development Lifecycle

• These 20 D-Link Devices Have Critical RCE Bug — but NO Patch NEVER

• Hive0145 Targets Europe with Advanced Strela Stealer Campaigns

• Wrap Up the Year with the Biggest Scope and Rewards Yet: Join the Wordfence Bug Bounty Program End of Year Holiday Extravaganza!

• Zoom addressed two high-severity issues in its platform

• Black Duck Honoured as a Leading Provider in Software Composition Analysis by Top Research Firm

• DEF CON 32 – Sshamble Unexpected Exposures in the Secure Shell

• New TSA Rules to Boost Cybersecurity in Transport

• Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel

• AI Threat to Escalate in 2025, Google Cloud Warns

• Hacking Groups Collaborate for Double Ransom Scheme

• Apple To Launch AI Wall ‘Tablet’ – Report

• Hot Topic data breach exposed personal data of 57 million customers

• 5 Essential Features of an Effective Malware Sandbox

• Citrix, Cisco, Fortinet Zero-Days Among 2023s Most Exploited Vulnerabilities

• Protecting Your Clients During the Holiday Season: A Guide for Family Offices

• Black Alps 2024: Highlights from Switzerland Cybersecurity Ecosystem

• Chrome Extensions Continue to Pose a Threat, Even With Google’s Manifest V3

• Texas Oilfield Supplier Operations Impacted by Ransomware Incident

• Vectra AI adds AI-powered detections to help secure Microsoft customers

• Lazarus Group Uses Extended Attributes for Code Smuggling in macOS

• A three beats waltz: The ecosystem behind Chinese state-sponsored cyber threats

• Emerging Threats: Cybersecurity Forecast 2025

• Bitdefender Finds New ShrinkLocker Ransomware, Releases Its Decryptor Tool

• Finding The Right E-Commerce Platform – Comparing Reselling Solutions

• Automating Identity and Access Management for Modern Enterprises

• Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

• CISA’s ScubaGear Tool Improves Security for Organizations Using M365 and Surpasses 30,000 Downloads

• An explanation of ethical hackers

• CISA Warns Most 2023 Top Exploited Vulnerabilities Were 0-Days

• Absolute Security releases Enterprise Edition

• Cequence Security enables organizations to elevate their API defenses

• Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims

• Study Reveals Security Teams Feel the Impact of Rising API Threats

• The Role of Artificial Intelligence in Lead Generation

• Warning: Online shopping threats to avoid this Black Friday and Cyber Monday

• Chipmaker Patch Tuesday: Intel Publishes 44 and AMD Publishes 8 New Advisories

• WHO and Global Leaders Warn Against Rise of Ransomware Attacks Targeting Hospitals

• Infostealers increasingly impact global security

• GoIssue phishing tool targets GitHub developer credentials

• Waymo Opens Ride-Hailing Services In Los Angeles

• Fortinet Patches Critical Flaws That Affected Multiple Products

• Empowering Employees in the Age of AI: Strengthening Cyber Security through Training and Awareness

• ICE Started Ramping Up Its Surveillance Arsenal Immediately After Donald Trump Won

• Mapping License Plate Scanners in the US

• KnowBe4 Releases 2024 Holiday Kit to Boost Cyber Resilience

• Ivanti Patches 50 Vulnerabilities Across Several Products

• LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

• Trump Appoints Elon Musk To Lead Government Efficiency Department

• China-Nexus Actors Hijack Websites to Deliver Cobalt Strike malware

• DemandScience by Pure Incubation – 121,796,165 breached accounts

• 1-15 August 2024 Cyber Attacks Timeline

• CISO Forum Virtual Summit is Today

• Nirmata Control Hub automates security with policy-as-code

• Rakuten Viber unveils new security solutions for businesses

• Comprehensive Guide to Building a Strong Browser Security Program

• Global Companies Are Unknowingly Paying North Koreans: Here’s How to Catch Them

• The Rise of AI Voice Cloning

• How to add PGP support on Android for added security and privacy

• Threats in space (or rather, on Earth): internet-exposed GNSS receivers

• Volt Typhoon Gang and Botnet Re-Emerge Targeting Critical Infrastructure

• Citrix, Fortinet Patch High-Severity Vulnerabilities

• Cisco introduces Wi-Fi 7 access points to enhance employee and customer experiences

• Aerospace employees targeted with malicious “dream job” offers

• OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution

• Amazon MOVEit Leaker Claims to Be Ethical Hacker

• Emmenhtal Loader Uses Scripts to Deliver Lumma and Other Malware

• Ivanti Warns of Critical Vulnerabilities in Connect Secure, Policy Secure & Secure Access

• Chrome 131 Released with the Fix for Multiple Vulnerabilities

• Beyond the checkbox: Demystifying cybersecurity compliance

• Beats by bot: The AI remix revolution

• The Rising Cost of Cybersecurity: How Companies Can Effectively Communicate the Value of Protection

• CIS Control 13: Network Monitoring and Defense

• ICS Patch Tuesday: Security Advisories Released by CISA, Schneider, Siemens, Rockwell

• Splunk expands observability portfolio to provide organizations with deeper business context

• Bectran adds RSA encryption to protect the transmission of sensitive data

• Syteca Account Discovery strengthens privileged access management

• Microsoft Fixes Four More Zero-Days in November Patch Tuesday

• Iranian Hackers Use “Dream Job” Lures to Deploy SnailResin Malware in Aerospace Attacks

• Giant Food cyberattack, Snowflake suspects indicted, zero-day vulnerability surge

• China’s Volt Typhoon Rebuilding Botnet

• Cisco Hits A Perfect 10 With A Critical Flaw in Industrial Wireless Systems: Cyber Security Today for Wednesday, November 13, 2024

• Thousands of EOL D-Link Routers Vulnerable to Password Change Attacks

• Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs

• Satanic Threat Actor demands $100k ransom from Hot Topic

• How to Protect Your Smart Device from Spying Applications

• Sealing Entry Points and Weak Links in the Environment – How Dell is Building an Iron Wall of Defense

• CISOs in 2025: Balancing security, compliance, and accountability

• Sophisticated Infostealers Top Malware Rankings

• New Tool “GoIssue” Unleashes Advanced Phishing Threat to GitHub Users

• Social engineering scams sweep through financial institutions

• Tips for a successful cybersecurity job interview

• Cyber professionals face an IP loss reckoning in 2025

• Mastering Crypto Wallet Management: Secure Your Digital Assets With Confidence

• Maximise Crypto Mining Profitability: Strategies For Success In 2023

• Crypto Network Security: Essential Tips To Protect Your Digital Assets In 2023

• Understanding Crypto Macroeconomic Factors: Navigating Inflation, Rates, And Regulations

• Crafting A Successful Crypto Investment Thesis: Strategies For Long-Term Growth

• ISC Stormcast For Wednesday, November 13th, 2024 https://isc.sans.edu/podcastdetail/9220, (Wed, Nov 13th)

• Microsoft Patch Tuesday security updates for November 2024 fix two actively exploited zero-days

• China’s Volt Typhoon crew and its botnet surge back with a vengeance

• Admins can give thanks this November for dollops of Microsoft patches

• Air National Guardsman gets 15 years after splashing classified docs on Discord

• November Patch Tuesday release contains three critical remote code execution vulnerabilities

• Patch Tuesday Update – November 2024

• VERT Threat Alert: November 2024 Patch Tuesday Analysis

• Amazon employee data leaked from MoveIt Transfer attack

• DEF CON 32 – The Hack, The Crash And Two Smoking Barrels

• IT Security News Daily Summary 2024-11-12

• WordPress Database Scanning For Malware Released in Wordfence CLI 5.0.1

• Microsoft’s November Patch Tuesday Fixes 91 Vulnerabilities, 4 Zero-Days

• Microsoft Patch Tuesday, November 2024 Edition

• Ahold Delhaize experienced a cyber incident affecting several of its U.S. brands

• Here’s what we know about the suspected Snowflake data extortionists

• Pentagon Secrets Leaker Jack Teixeira Sentenced to 15 Years in Prison by a Federal Judge

• Discover duplicate AWS Config rules for streamlined compliance

• Qwen2.5-Coder just changed the game for AI programming—and it’s free

• Signal offers an encrypted alternative to Zoom – see how it works

• Scaling Global Protection: DataDome Expands to Over 30 Points of Presence (PoP) Worldwide

• Context is King: Using API Sessions for Security Context

• Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)

• Data Vigilante Leaks 8 Million Employee Records from Amazon, HP and Others

• Singapore wants police to stop stubborn victims from sending money to scammers

• Norton vs McAfee: Compare Antivirus Software 2025

• Ivanti Releases Security Updates for Multiple Products

• OpenSSL in Red Hat Enterprise Linux 10: From engines to providers

• ‘Cybersecurity issue’ at Food Lion parent blamed for US grocery mayhem

• Microsoft Confirms Zero-Day Exploitation of Task Scheduler Flaw

• Microsoft November 2024 Patch Tuesday, (Tue, Nov 12th)

• Get NordVPN free for three months with this early Black Friday deal

• Patch Tuesday: Critical Flaws in Adobe Commerce, Photoshop, InDesign, Illustrator

• Protecting Critical Infrastructure: A Collaborative Approach to Security for ICS, OT, and IIoT

• ARMO selected by Orange Business to Secure its Managed Kubernetes Services

• Explore Tidal Cyber with our Demo Video Library

• Is the latest book on “Pentesting APIs” any good?

• Critical Security Flaw in SEIKO EPSON Devices Allows Unauthorized Access

• Toward greater transparency: Publishing machine-readable CSAF files

• Hamas-linked Threat Group Expands Espionage and Destructive Operations

• Snowflake hackers identified and charged with stealing 50 billion AT&T records

• Exceptional User Experience — Every Application, Every Transaction

• How to Prevent Phishing Attacks

• Citrix Releases Security Updates for NetScaler and Citrix Session Recording

• A cyberattack on payment systems blocked cards readers across stores and gas stations in Israel

• Expert Insight: The digital pandemic: How cyber threats are threatening life as we know it

• HTTP your way into Citrix’s Virtual Apps and Desktops with fresh exploit code

• Vulnerability Summary for the Week of November 4, 2024

• TA455’s Iranian Dream Job Campaign Targets Aerospace with Malware

• UK Senior Citizens should be cautious with SMS Scams for winter heating pay

• Microsoft blocked your Windows 11 upgrade? This trusty tool can (probably) fix that

• CISA, FBI, NSA, and International Partners Release Joint Advisory on 2023 Top Routinely Exploited Vulnerabilities

• CISA Releases Five Industrial Control Systems Advisories

• Hitachi Energy TRO600

• Rockwell Automation FactoryTalk View ME

• 2023 Top Routinely Exploited Vulnerabilities

• Managing third-party risks in complex IT environments

• North Korean Hackers Employ macOS Malware to Target Crypto Firms

• Global Companies Targeted by “CopyR(ight)hadamantys” Phishing Scam Using Advanced Infostealer Malware

• New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns

• New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration

• Phishing Tool GoIssue Targets Developers on GitHub

• Important Update: IP Address Change for VirusTotal

• Bitdefender vs. Malwarebytes: Which antivirus is best?

• Top 5 Google Authenticator Alternatives in 2024

• SIEM vs. SOAR vs. XDR: Evaluate the key differences

• GitLoker Strikes Again: New “Goissue” Tool Targets GitHub Developers and Corporate Supply Chains

• Druva empowers businesses to secure data throughout Microsoft environments

• Akamai App Platform reduces the complexity associated with managing Kubernetes clusters

• BlackFog platform enhancements boost data loss prevention

• CISOs Turn to Indemnity Insurance as Breach Pressure Mounts

• Man Gets 25 Years for Online Dating Hostage Scams Targeting Americans

• New GitLoker-Linked GoIssue Tool Targets GitHub Users for Phishing

• 6 Principles of Operational Technology Cybersecurity released by joint NSA initiative

• Amazon confirms employee data exposed in leak linked to MOVEit vulnerability

• Ahold Delhaize Cybersecurity Incident Impacts Giant Food, Hannaford

• GUEST ESSAY: The promise and pitfalls of using augmented reality– ‘AR’ — in cybersecurity

• 5 Best Vendor Risk Management Solutions

• Insurance Firm Introduces Liability Coverage for CISOs

• Hot Topic breach: Has your credit card info been compromised?

• F5 AI Gateway secures and optimizes access to AI applications

• North Korean Hackers Target macOS Using Flutter-Embedded Malware

• New Citrix Zero-Day Vulnerability Allows Remote Code Execution

• Bitwarden vs. 1Password: Which password manager is best?

• Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

• Criminals Exploiting FBI Emergency Data Requests

• The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance

• Embracing Proactive Fraud Management with Real-Time Orchestration

• DNA testing company vanishes along with its customers’ genetic data

• Form I-9 Compliance Data Breach Impacts Over 190,000 People

• Supreme Court Weighs Shareholder Lawsuit Against Meta Over Data Disclosure

• Zscaler Zero Trust Segmentation prevents lateral movement from ransomware attacks

• North Korea Hackers Leverage Flutter to Deliver macOS Malware

• Japan To Invest $65bn In Chip Industry

• Huawei Asks Judge To Dismiss Charges In US Federal Case

• The Real Problem With Banning Masks at Protests

• The WIRED Guide to Protecting Yourself From Government Surveillance

• Ymir ransomware, a new stealthy ransomware grow in the wild

• Top 10 Flexera Competitors and Alternatives for Patch Management

• The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance

• Amazon Employee Data Leaked by Hacker

• Eurotech ReliaGATE 15A-14 enables organizations to meet regulatory standards

• Immersive Labs AI Scenario Generator improves cyber skills against various attack types

• 5 Ways Behavioral Analytics is Revolutionizing Incident Response

• ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI

• FTX Sues Binance Over Alleged $1.8bn Fraud

• IT Security Terms: Regulations, Standards, Controls, Frameworks, and Policies – Where to Start!?

• Winter Fuel Payment Scam Targets UK Citizens Via SMS

• The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance

• Massive troves of Amazon, HSBC employee data leaked

• Australian States Support Social Media Ban For Under-16s

• Amazon Developing Smart Glasses For Delivery Drivers

• VMware Workstation & Fusion Now Available for Free to All Users

• The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance

• New iOS Security Feature Reboots Devices to Protect User Data: Reports

• Browser Warning: Fake Websites Steal Millions from Users

• Energy Giant Halliburton Reveals $35m Ransomware Loss

• Rising Threat of Malware and DDoS Attacks on Government Organizations

• US Orders TSMC To Halt AI Chip Sales To China

• Dell Enterprise SONiC Flaw Let Attackers Hijack the System

• The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance

• Halliburton cyberattack costs, Israel credit card DDoS, Forth announces breach

• New Wave of Phishing Attacks Exploits Microsoft Visio Files for Two-Step Credential Theft

• The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance

• Fraudsters Abuse DocuSign API for Legit-Looking Invoices

• DoD Zero Trust Strategy proves security benchmark years ahead of schedule with Microsoft collaboration

• New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

• Apple iPhone inactivity reboot data security feature and Amazon data breach 2024

• The Growing Threat of Ransomware in 2024: What You Need to Know

• Best Practices in Penetration Testing: Ensuring Robust Security

• 5 Identity Theft Challenges Every Business Needs to Tackle

• Amazon Confirms Employee Data Breach Via Third-party Vendor

• The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance

• 2025 Global State of API Security Report – New Data Shows API Breaches Continue to Rise Due to Fraud, Bot Attacks, and GenAI Risks

• The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance

• Veeam RCE Bug Now a Target for Frag Ransomware Operators

• Powerpipe: Open-source dashboards for DevOps

• Evaluating your organization’s application risk management journey

• The changing face of identity security

• New Phishing Campaign Delivers Advanced Remcos RAT Variant

• Six Questions to Ask Your Would-Be SIEM Provider

• The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance

• Cybersecurity jobs available right now: November 12, 2024

• 10 Best DNS Management Tools – 2025

• The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance

• The Ultimate Guide to the CGRC

• Ambitious cybersecurity regulations leave companies in compliance chaos

• The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance

• ISC Stormcast For Tuesday, November 12th, 2024 https://isc.sans.edu/podcastdetail/9218, (Tue, Nov 12th)

• The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance

• The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance

• Amazon discloses employee data breach after May 2023 MOVEit attacks

• The PANCCD™ Model: Strengthening Cyber Resiliency and Compliance

Generated on 2024-11-13 23:55:05.646520