IT Security News Daily Summary 2024-11-14

• What is identity governance and administration (IGA)?

• Is your iPhone rebooting after being inactive? It’s a feature, not a bug

• Meet Andy Zollo, SVP of APJ Sales

• Business Logic Attacks Target Election-Related Sites on Election Day

• Cybercriminal devoid of boundaries gets 10-year prison sentence

• Blinded by Silence

• Wordfence Intelligence Weekly WordPress Vulnerability Report (November 4, 2024 to November 10, 2024)

• Pirates in the Data Sea: AI Enhancing Your Adversarial Emulation

• Hate Speech Watchdog CCDH To Quit Musk’s X

• These 8 Apps on Google Play Store Contain Android/FakeApp Trojan

• Black Friday bots are coming—is your e-commerce site prepared?

• Building complex gen AI models? This data platform wants to be your one-stop shop

• The 10 most popular passwords of 2024 are also the worst: 5 easy ways to do better

• “Why Is It So Expensive To Repair My Devices?”

• Phishing Scams use Microsoft Visio Files to Steal Information

• Experts Uncover 70,000 Hijacked Domains in Widespread ‘Sitting Ducks’ Attack Scheme

• Elon Musk Rebuked By Italian President Over Migration Tweets

• Meta Fined €798m Over Alleged Facebook Marketplace Violations

• Bitsight buys dark web security specialist Cybersixgill for $115M

• New Apple security feature reboots iPhones after 3 days, researchers confirm

• Iranian Hackers Target Aerospace Industry in ‘Dream Job’ Campaign

• The CrowdStrike Incident: The Devil is in the Details, and Chaos is in the Code

• Silverfort Expands Cloud Identity Security with Acquisition of Rezonate, Creating First Comprehensive Identity Security Platform

• CISA and FBI: Chinese Hackers Compromised US Telecom Networks

• Anthropic’s new AI tools promise to simplify prompt writing and boost accuracy by 30%

• Securing the AI frontier: Protecting enterprise systems against AI-driven threats

• ShrinkLocker Ransomware: What You Need To Know

• Infoblox: 800,000 domains vulnerable to hijacking attack

• China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

• The Intersection of Marketing and Technology

• Fortifying the Future: AI Security Is The Cornerstone Of The AI And GenAI Ecosystem

• Bitsight to Acquire Cybersixgill for $115 Million

• NIST Clears Backlog of Known Security Flaws but Not All Vulnerabilities

• Microsoft Power Pages Misconfiguration Leads to Data Exposure

• Sitting Ducks DNS Attacks Put Global Domains at Risk

• World’s Top 200 Common Passwords continue to be incredibly weak

• 4,000,000 WordPress Sites Using Really Simple Security Free and Pro Versions Affected by Critical Authentication Bypass Vulnerability

• The Definitive Guide to Linux Process Injection

• Phorpiex Botnet Phishing Emails Linked to LockBit Black Ransomware Campaign

• VW, Rivian Launch Joint Venture, As Investment Rises To $5.8 Billion

• Smart holiday shopping—How to safely secure deals and discounts for the hottest gifts

• Spotlight on Iranian Cyber Group Emennet Pasargad’s Malware

• Siemens TeleControl Server

• Siemens OZW672 and OZW772 Web Server

• 2N Access Commander

• Siemens SIPORT

• Siemens SINEC INS

• BitSight buys dark web security specialist Cybersixgill for $115M

• Hot Topic Data Breach Exposes Private Data of 57 Million Users

• Addressing AI Risks: Best Practices for Proactive Crisis Management

• Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

• New educational campaign “Flex Your Cyber” launched

• The Elephant in AppSec Conference: 4 Key Takeaways

• Volt Typhoon rebuilds malware botnet following FBI disruption

• NIST is chipping away at NVD backlog

• Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes

• Lazarus Group Targets macOS with RustyAttr Trojan in Fake Job PDFs

• This startup’s AI platform could replace 90% of your accounting tasks—here’s how

• TunnelBear VPN Review 2024: Pricing, Ease of Use & Security

• 1.1 Million UK NHS Employee Records Exposed From Microsoft Power Pages Misconfiguration

• FBI confirms China-backed hackers breached US telecom giants to steal wiretap data

• 2025 Predictions — How One Year Will Redefine the Cybersecurity Industry

• Advertisers are pushing ad and pop-up blockers using old tricks

• Two Men Charged For Hacking US Tax Preparation Firms

• Google launches on-device AI to alert Android users of scam calls in real-time

• VersaONE unifies security and networking into a single, centrally managed platform

• Massive Telecom Hack Exposes US Officials to Chinese Espionage

• AMD Axes 4 Percent Of Staff, Amid AI Chip Focus

• How to make any password manager your autofill service on Android

• Organizations face mounting pressure to accelerate AI plans, despite lack of ROI

• New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones

• Scammer robs homebuyers of life savings in $20 million theft spree

• CISA, FBI Confirm China Hacked Telecoms Providers for Spying

• FBI confirms China-linked cyber espionage involving breached telecom providers

• 5 BCDR Oversights That Leave You Exposed to Ransomware

• Tesla Recalls 2,431 Cybertrucks Over Propulsion Issue

• Kids’ shoemaker Start-Rite trips over security again, spilling customer card info

• SSL Certificate Best Practices Policy

• Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions

• New PXA Stealer targets government and education sectors for sensitive information

• Chinese National Faces 20 Years of Jail Time for Laundering Millions in Crypto

• Google Unveils New Intelligent, Real-Time Protections for Android Users

• CEO: GenAI changes multi-cloud security, network equation

• More Spyware, Fewer Rules: What Trump’s Return Means for US Cybersecurity

• NatWest blocks bevy of apps in clampdown on unmonitorable comms

• Cybereason and Trustwave Announce Merger

• The Magic ITAM Formula for Navigating Oracle Java Licensing

• TikTok Pixel Privacy Nightmare: A New Case Study

• API Security in Peril as 83% of Firms Suffer Incidents

• Exploring the Security Risks of VR and AR

• US confirms China-backed hackers breached telecom providers to steal wiretap data

• Сrimeware and financial cyberthreats in 2025

• GoIssue Phishing Tool Reveals Hackers Set Sights on GitHub Users

• Asda security chief replaced, retailer sheds jobs during Walmart tech divorce

• Best 7 Compliance Risk Assessment Tools for 2024

• Red Hat Enterprise Linux 9.5 helps organizations simplify operations

• How a Windows zero-day was exploited in the wild for months (CVE-2024-43451)

• New RustyAttr Malware Targets macOS Through Extended Attribute Abuse

• Bank of England U-turns on Vulnerability Disclosure Rules

• Google to Issue CVEs for Critical Cloud Vulnerabilities

• Five Eyes infosec agencies list 2024’s most exploited software flaws

• Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure

• Microsoft Data Security Index annual report highlights evolving generative AI security needs

• Volt Typhoon’s new botnet, China APT hits Tibet, DoD leaker sentenced

• SeeMetrics Unveils Automated Executive Reporting Solution for Cybersecurity Boards

• GitLab Patches Critical Flaws Leads to Unauthorized Access to Kubernetes Cluster

• The Dark Side of Google Searches: How Simple keywords can Lead to Cyber Threats

• Optimizing Active Directory Security: How Security Audits and Continuous Monitoring Enhance One Another

• Windows 0-Day Exploited in Wild with Single Right Click

• ESET Research Podcast: Gamaredon

• OnDMARC by Red Sift Alternatives: Top Alternatives and Competitors

• Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails

• Zero-days dominate top frequently exploited vulnerabilities

• How Intel is making open source accessible to all developers

• Google Cloud Cybersecurity Forecast 2025: AI, geopolitics, and cybercrime take centre stage

• Machine Identities Outnumber Human Ones: 69% of Companies Face Rising Security Risks”

• Cyware Attains FedRAMP Ready Status

• Horizon3.ai Debuts NodeZero Kubernetes Pentesting to Strengthen Critical Infrastructure Defense

• How cybersecurity failures are draining business budgets

• What 2025 holds for user identity protection

• Reminder: China-backed crews compromised ‘multiple’ US telcos in ‘significant cyber espionage campaign’

• Teen Behind Hundreds of Swatting Attacks Pleads Guilty to Federal Charges

• China-backed crews compromised ‘multiple’ US telcos in ‘significant cyber espionage campaign’

• Bitdefender released a decryptor for the ShrinkLocker ransomware

• ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue

• Microsoft brings AI to the farm and factory floor, partnering with industry giants

• Top Bot Attack Predictions for Holiday Sales 2024

• 5 AI Security Takeaways featuring Forrester

• Temu must respect consumer protection laws, says EU

• IT Security News Daily Summary 2024-11-13

• Joint Statement from FBI and CISA on the People’s Republic of China (PRC) Targeting of Commercial Telecommunications Infrastructure

• Most widely exploited vulnerabilities in 2023 were zero days

• Biometrics in the Cyber World

• Data broker amasses 100M+ records on people – then someone snatches, sells it

• LastPass adds passkey support for free and premium users – but there’s a catch

• Lawyer allegedly hacked with spyware names NSO founders in lawsuit

• China’s Volt Typhoon botnet has re-emerged

• Mend.io is a Strong Performer in the Forrester Wave™ Software Composition Analysis, Q4 2024

• Randall Munroe’s XKCD ‘Number Shortage’

• DEF CON 32 – Splitting The Email Atom Exploiting Parsers To Bypass Access Controls

• Meta Must Face Antitrust Trial Over Instagram, WhatsApp Purchases

• Patch Tuesday: Four Critical Vulnerabilities Paved Over

• These Guys Hacked AirPods to Give Their Grandmas Hearing Aids

• Palo Alto Networks Emphasizes Hardening Guidance

• Safer with Google: New intelligent, real-time protections on Android to keep you safe

• Ransomware fiends boast they’ve stolen 1.4TB from US pharmacy network

• Mend.io is a Strong Performer in the Forrester Wave™ Software Composition Analysis, Q4 2024

• Bitcoin Surges To Above $93,000 For First Time

• A Security-First Approach to 6G

• Mend.io is a Strong Performer in the Forrester Wave™ Software Composition Analysis, Q4 2024

• Users Flock To Bluesky Post Election, As Guardian Leaves X

• The best travel VPNs of 2024: Expert tested and reviewed

• Tell Congress To Stop These Last-Minute Bills That Help Patent Trolls

• EFF Is Ready for What’s Next | EFFector 36.14

• Microsoft slips Task Manager and processor count fixes into Patch Tuesday

• Google Cloud to Assign CVEs to Critical Vulnerabilities

• PlatformEngineering.com: Strengthening Security in the Software Development Lifecycle

• These 20 D-Link Devices Have Critical RCE Bug — but NO Patch NEVER

• Hive0145 Targets Europe with Advanced Strela Stealer Campaigns

• Wrap Up the Year with the Biggest Scope and Rewards Yet: Join the Wordfence Bug Bounty Program End of Year Holiday Extravaganza!

• Zoom addressed two high-severity issues in its platform

• Black Duck Honoured as a Leading Provider in Software Composition Analysis by Top Research Firm

• DEF CON 32 – Sshamble Unexpected Exposures in the Secure Shell

• New TSA Rules to Boost Cybersecurity in Transport

• Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel

• AI Threat to Escalate in 2025, Google Cloud Warns

• Hacking Groups Collaborate for Double Ransom Scheme

• Apple To Launch AI Wall ‘Tablet’ – Report

• Hot Topic data breach exposed personal data of 57 million customers

• 5 Essential Features of an Effective Malware Sandbox

• Citrix, Cisco, Fortinet Zero-Days Among 2023s Most Exploited Vulnerabilities

• Protecting Your Clients During the Holiday Season: A Guide for Family Offices

• Black Alps 2024: Highlights from Switzerland Cybersecurity Ecosystem

• Chrome Extensions Continue to Pose a Threat, Even With Google’s Manifest V3

• Texas Oilfield Supplier Operations Impacted by Ransomware Incident

• Vectra AI adds AI-powered detections to help secure Microsoft customers

• Lazarus Group Uses Extended Attributes for Code Smuggling in macOS

• A three beats waltz: The ecosystem behind Chinese state-sponsored cyber threats

• Emerging Threats: Cybersecurity Forecast 2025

• Bitdefender Finds New ShrinkLocker Ransomware, Releases Its Decryptor Tool

• Finding The Right E-Commerce Platform – Comparing Reselling Solutions

• Automating Identity and Access Management for Modern Enterprises

• Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

• CISA’s ScubaGear Tool Improves Security for Organizations Using M365 and Surpasses 30,000 Downloads

• An explanation of ethical hackers

• CISA Warns Most 2023 Top Exploited Vulnerabilities Were 0-Days

• Absolute Security releases Enterprise Edition

• Cequence Security enables organizations to elevate their API defenses

• Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims

• Study Reveals Security Teams Feel the Impact of Rising API Threats

• The Role of Artificial Intelligence in Lead Generation

• Warning: Online shopping threats to avoid this Black Friday and Cyber Monday

• Chipmaker Patch Tuesday: Intel Publishes 44 and AMD Publishes 8 New Advisories

• WHO and Global Leaders Warn Against Rise of Ransomware Attacks Targeting Hospitals

• Infostealers increasingly impact global security

• GoIssue phishing tool targets GitHub developer credentials

• Waymo Opens Ride-Hailing Services In Los Angeles

• Fortinet Patches Critical Flaws That Affected Multiple Products

• Empowering Employees in the Age of AI: Strengthening Cyber Security through Training and Awareness

• ICE Started Ramping Up Its Surveillance Arsenal Immediately After Donald Trump Won

• Mapping License Plate Scanners in the US

• KnowBe4 Releases 2024 Holiday Kit to Boost Cyber Resilience

• Ivanti Patches 50 Vulnerabilities Across Several Products

• LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

• Trump Appoints Elon Musk To Lead Government Efficiency Department

• China-Nexus Actors Hijack Websites to Deliver Cobalt Strike malware

• DemandScience by Pure Incubation – 121,796,165 breached accounts

• 1-15 August 2024 Cyber Attacks Timeline

• CISO Forum Virtual Summit is Today

• Nirmata Control Hub automates security with policy-as-code

• Rakuten Viber unveils new security solutions for businesses

• Comprehensive Guide to Building a Strong Browser Security Program

• Global Companies Are Unknowingly Paying North Koreans: Here’s How to Catch Them

• The Rise of AI Voice Cloning

• How to add PGP support on Android for added security and privacy

• Threats in space (or rather, on Earth): internet-exposed GNSS receivers

• Volt Typhoon Gang and Botnet Re-Emerge Targeting Critical Infrastructure

• Citrix, Fortinet Patch High-Severity Vulnerabilities

• Cisco introduces Wi-Fi 7 access points to enhance employee and customer experiences

• Aerospace employees targeted with malicious “dream job” offers

• OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution

• Amazon MOVEit Leaker Claims to Be Ethical Hacker

• Emmenhtal Loader Uses Scripts to Deliver Lumma and Other Malware

• Ivanti Warns of Critical Vulnerabilities in Connect Secure, Policy Secure & Secure Access

• Chrome 131 Released with the Fix for Multiple Vulnerabilities

• Beyond the checkbox: Demystifying cybersecurity compliance

• Beats by bot: The AI remix revolution

• The Rising Cost of Cybersecurity: How Companies Can Effectively Communicate the Value of Protection

• CIS Control 13: Network Monitoring and Defense

• ICS Patch Tuesday: Security Advisories Released by CISA, Schneider, Siemens, Rockwell

• Splunk expands observability portfolio to provide organizations with deeper business context

• Bectran adds RSA encryption to protect the transmission of sensitive data

• Syteca Account Discovery strengthens privileged access management

• Microsoft Fixes Four More Zero-Days in November Patch Tuesday

• Iranian Hackers Use “Dream Job” Lures to Deploy SnailResin Malware in Aerospace Attacks

• Giant Food cyberattack, Snowflake suspects indicted, zero-day vulnerability surge

• China’s Volt Typhoon Rebuilding Botnet

• Cisco Hits A Perfect 10 With A Critical Flaw in Industrial Wireless Systems: Cyber Security Today for Wednesday, November 13, 2024

• Thousands of EOL D-Link Routers Vulnerable to Password Change Attacks

• Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs

• Satanic Threat Actor demands $100k ransom from Hot Topic

• How to Protect Your Smart Device from Spying Applications

• Sealing Entry Points and Weak Links in the Environment – How Dell is Building an Iron Wall of Defense

• CISOs in 2025: Balancing security, compliance, and accountability

• Sophisticated Infostealers Top Malware Rankings

• New Tool “GoIssue” Unleashes Advanced Phishing Threat to GitHub Users

• Social engineering scams sweep through financial institutions

• Tips for a successful cybersecurity job interview

• Cyber professionals face an IP loss reckoning in 2025

• Mastering Crypto Wallet Management: Secure Your Digital Assets With Confidence

• Maximise Crypto Mining Profitability: Strategies For Success In 2023

• Crypto Network Security: Essential Tips To Protect Your Digital Assets In 2023

• Understanding Crypto Macroeconomic Factors: Navigating Inflation, Rates, And Regulations

• Crafting A Successful Crypto Investment Thesis: Strategies For Long-Term Growth

• ISC Stormcast For Wednesday, November 13th, 2024 https://isc.sans.edu/podcastdetail/9220, (Wed, Nov 13th)

• Microsoft Patch Tuesday security updates for November 2024 fix two actively exploited zero-days

• China’s Volt Typhoon crew and its botnet surge back with a vengeance

• Admins can give thanks this November for dollops of Microsoft patches

• Air National Guardsman gets 15 years after splashing classified docs on Discord

• November Patch Tuesday release contains three critical remote code execution vulnerabilities

• Patch Tuesday Update – November 2024

Generated on 2024-11-14 23:55:04.873630