IT Security News Daily Summary 2024-12-10

172 posts were published in the last hour

• 22:7 : Webhook security: Risks and best practices for mitigation
• 22:6 : Why software composition analysis is essential for open source security
• 21:5 : Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
• 21:4 : VERT Threat Alert: December 2024 Patch Tuesday Analysis
• 21:4 : Microsoft holds last Patch Tuesday of the year with 72 gifts for admins
• 21:4 : US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks
• 21:4 : Microsoft fixes exploited zero-day (CVE-2024-49138)
• 20:41 : Microsoft Patch Tuesday December 2024, 71 Vulnerabilities Fixed Including 1 Zero-day
• 20:41 : Microsoft Ships Urgent Patch for Exploited Windows CLFS Zero-Day
• 20:41 : Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down
• 20:5 : IT Security News Hourly Summary 2024-12-10 21h : 11 posts
• 20:2 : Introducing EFF’s New Video Series: Gate Crashing
• 19:39 : Cloud Native Firewall Tests Expose Critical Gaps: How Check Point Minimizes Security Impact
• 19:39 : US military grounds entire Osprey tiltrotor fleet over safety concerns
• 19:39 : Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #315 – Stickies
• 19:39 : Auguria Streamlines Management of Security Log Data
• 19:7 : Microsoft Patch Tuesday: December 2024, (Tue, Dec 10th)
• 19:7 : Black Basta Ransomware Uses MS Teams, Email Bombing to Spread Malware
• 19:7 : National Instruments LabVIEW
• 19:7 : Google Cloud expands vulnerability detection for Artifact Registry using OSV
• 19:7 : Speaking Freely: Tomiwa Ilori
• 19:6 : Adobe Patches Over 160 Vulnerabilities Across 16 Products
• 18:37 : Microsoft Patch Tuesday December 2024, Patch for 16 Critical Security Flaws
• 18:37 : A Practical Guide to Securing NodeJS APIs With JWT
• 18:37 : OpenAI’s Sora: Everything You Need to Know
• 18:37 : Microsoft enhanced Recall security, but will it be enough?
• 18:37 : US sanctions Chinese cybersecurity firm for firewall hacks targeting critical infrastructure
• 18:37 : Androxgh0st Malware Continues Targeting IoT Devices and Critical Infrastructure
• 18:37 : Introducing an enhanced version of the AWS Secrets Manager transform: AWS::SecretsManager-2024-09-16
• 18:2 : 3AM Ransomware: What You Need To Know
• 17:34 : Dell Urges Immediate Update to Fix Critical Power Manager Vulnerability
• 17:34 : GitGuardian Extends Reach to Manage Non-Human Identities
• 17:5 : Microsoft Challenge Will Test LLM Defenses Against Prompt Injections
• 17:5 : Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged
• 17:5 : IT Security News Hourly Summary 2024-12-10 18h : 17 posts
• 16:34 : US Senator announces new bill to secure telecom companies in wake of Chinese hacks
• 16:34 : SAP fixed critical SSRF flaw in NetWeaver’s Adobe Document Services
• 16:34 : Wald.ai Raises $4M in Seed Funding to Protect Data in Conversations With AI Assistants
• 16:34 : Critical OpenWrt Bug: Update Your Gear!
• 16:34 : Hackers Exploit AWS Misconfigurations in Massive Data Breach
• 16:34 : AWS-LC FIPS 3.0: First cryptographic library to include ML-KEM in FIPS 140-3 validation
• 16:7 : Ransomware related news trending on Google
• 16:7 : Hackers Exploit Visual Studio Code for Malicious Remote Access
• 16:7 : AMD secure VM tech undone by DRAM meddling
• 16:7 : Schneider Electric EcoStruxure Foxboro DCS Core Control Services
• 16:7 : CISA Releases Seven Industrial Control Systems Advisories
• 16:7 : Rockwell Automation Arena
• 16:7 : Horner Automation Cscape
• 16:7 : MOBATIME Network Master Clock
• 16:7 : Cato Networks Introduces Industry’s First SASE-native IoT/OT Security Solution
• 16:7 : Obsidian Security Achieves Snowflake Ready Validation and Financial Services Competency
• 16:7 : New Malware Campaign Attacks Manufacturing Industry
• 15:36 : What is user authentication?
• 15:36 : What is a stream cipher?
• 15:36 : What is a block cipher?
• 15:36 : Why Unified Endpoint Management Is Non-Negotiable for IT Teams in 2025
• 15:36 : Microsoft Challenges Hackers with $10,000 AI Cybersecurity Contest
• 15:5 : Bot Reporting: 4 Key Differences to Consider
• 15:5 : Hackers Target Job Seekers with AppLite Trojan Using Fake Job Emails
• 15:5 : Demystifying Kubernetes in 5 Minutes
• 15:5 : Cleo File Transfer Tool Vulnerability Exploited in Wild Against Enterprises
• 15:5 : AppLite: A New AntiDot Variant Targeting Mobile Employee Devices
• 15:5 : Decoding SMS Pumping Fraud: Protecting Your Communications
• 15:5 : Romania Annuls Elections After TikTok Campaign and Cyberattacks Linked to Russia
• 15:5 : Black Basta Ransomware: New Tactics and Growing Threats
• 15:5 : Stamus Networks Clear NDR uncovers unauthorized activity
• 15:4 : Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam
• 15:4 : Utility Companies Face 42% Surge in Ransomware Attacks
• 14:36 : RedLine Malware Weaponizing Pirated Corporate Softwares To Steal Logins
• 14:36 : Announcing the launch of Vanir: Open-source Security Patch Validation
• 14:36 : Novel iVerify Tool Detects Widespread Use of Pegasus Spyware
• 14:36 : Horizon3.ai NodeZero Insights enables executives to visualize changes in their security posture
• 14:5 : Visual Studio Tunnels Abused For Stealthy Remote Access
• 14:5 : Dashlane vs 1Password (2024): Which Password Manager Is Better?
• 14:5 : Cybersecurity News Round-Up 2024: 10 Biggest Stories That Dominated the Year
• 14:5 : EU Cyber Resilience Act: What You Need to Know
• 14:5 : Cohesity completes its merger with Veritas; here’s how they’ll integrate
• 14:5 : Axios and Unit 42’s Sam Rubin Discuss Disruptive Cyberattacks
• 14:5 : Fully patched Cleo products under renewed ‘zero-day-ish’ mass attack
• 14:5 : IT Security News Hourly Summary 2024-12-10 15h : 11 posts
• 14:4 : SAP Patches Critical Vulnerability in NetWeaver
• 14:4 : Versa Endpoint DLP prevents data exfiltration
• 14:4 : New AppLite Malware Targets Banking Apps in Phishing Campaign
• 13:36 : EU cybersecurity rules for smart devices enter into force
• 13:36 : Microsoft Bets $10,000 on Prompt Injection Protections of LLM Email Client
• 13:36 : Five Ways Spear Phishing Tactics are Evolving in 2025
• 13:36 : Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623)
• 13:36 : The Future of Network Security: Automated Internal and External Pentesting
• 13:36 : Scottish Parliament TV at Risk of Deepfake Attacks
• 13:5 : How Red Teaming Helps Meet DORA Requirements
• 13:5 : November 2024’s Most Wanted Malware: Androxgh0st Leads the Pack, Targeting IoT Devices and Critical Infrastructure
• 13:5 : Poker Cheaters Allegedly Use Tiny Hidden Cameras to Spot Dealt Cards
• 13:4 : A CISO’s Guide to Managing Risk as the World Embraces AI
• 13:4 : Heart surgery device maker’s security bypassed, data encrypted and stolen
• 13:4 : Astrix Security Banks $45M Series B to Secure Non-Human Identities
• 13:4 : China’s Surveillance System: Cracks in a Digital Panopticon
• 12:32 : Malware Analysis: A Kernel Land Rootkit Loader for FK_Undead
• 12:32 : Full-Face Masks to Frustrate Identification
• 12:32 : TikTok ban in US: Company seeks emergency injunction to prevent it
• 12:31 : Cisco Says Flaws in Industrial Routers, BGP Tool Remain Unpatched 8 Months After Disclosure
• 12:2 : Critical SAP Vulnerabilities Let Attackers Upload Malicious PDF Files
• 12:2 : Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage
• 12:2 : Phone Phishing Gang Busted: Eight Arrested in Belgium and Netherlands
• 12:2 : Heart Device Maker Artivion Suffers Ransomware Breach
• 12:2 : Court Ruling Provides Clarity on Appeals Against ICO Fines
• 11:36 : Tesla To Use Human Back-Up Drivers For Cybercab Fleet
• 11:36 : OpenAI Releases Sora Video-Generation Tool
• 11:36 : Former OpenAI Researcher Raises $40m For AI Voice Start-Up
• 11:36 : Reddit Introduces AI Search Tool
• 11:36 : You can boost your cybersecurity skills for free with this new initiative
• 11:36 : Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again
• 11:36 : Microsoft Rolls Out Default NTLM Relay Attack Mitigations
• 11:5 : IT Security News Hourly Summary 2024-12-10 12h : 7 posts
• 11:2 : Dell Warns of Critical Code Execution Vulnerability in Power Manager
• 11:2 : 21 years since its inception, GNU Shepherd 1.0.0 is released
• 10:34 : Maximizing Security Data in Splunk with Tripwire’s New App
• 10:34 : Unlocking the Value of DSPM: What You Need to Know
• 10:34 : Bitfinex heist gets the Netflix treatment after ‘cringey couple’ sentenced
• 10:34 : CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force
• 10:34 : Ongoing Phishing and Malware Campaigns in December 2024
• 10:4 : $50 Million Radiant Capital Heist Blamed on North Korean Hackers
• 9:35 : Google Announces Quantum Chip Error ‘Breakthrough’
• 9:35 : China Opens Nvidia Antitrust Probe After US Sanctions
• 9:35 : Researchers Uncovered Hackers Infrastructre Using Passive DNS Technique
• 9:35 : Given Today’s Data Complexity, a Platform Mindset is Crucial for Cyber Recovery
• 9:2 : Defending Against AI-Powered Attacks in a “Spy vs. Spy” World
• 9:2 : SecureAuth protects sensitive information with biometric continuous identity assurance
• 9:2 : Major Drop in Cyber-Attack Reports from Large UK Financial Businesses
• 8:32 : Aiming for Whales: Phishing Tactics Are Climbing the Corporate Ladder
• 8:32 : TikTok Asks For Emergency Pause On US Divestiture Law
• 8:32 : Let’s Encrypt to End Support for Online Certificate Status Protocol (OCSP)
• 8:31 : Cybersecurity Companies Must Practice What They Preach to Avoid the Data Paradox
• 8:31 : Romanian energy attack, medical device disruption, Deloitte responds to data theft claims
• 8:5 : IT Security News Hourly Summary 2024-12-10 09h : 12 posts
• 8:4 : Hackers Attacking Global Sporting Championships Via Fake Domains To Steal Logins
• 7:56 : Using E-Book Features to Enhance Learning and Retention
• 7:37 : Black Basta Ransomware Leverages Microsoft Teams To Deliver Malicious Payloads
• 7:37 : Hackers Target Android Users via WhatsApp to Steal Sensitive Data
• 7:37 : Mauri Ransomware Leverages Apache ActiveMQ Vulnerability to Deploy CoinMiners
• 7:37 : New Meeten Malware Attacking macOS And Windows Users To Steal Logins
• 7:37 : WhatsApp finally fixes View Once flaw that allowed theft of supposedly vanishing pics
• 7:37 : Massive Data Harvesting Operation Exploits AWS Customer Misconfigurations
• 7:37 : Ransomware Disrupts Operations at Leading Heart Surgery Device Maker
• 7:37 : PowerDMARC One-Click Auto DNS Publishing with Entri
• 7:37 : Balancing Security and Convenience With EV Charging
• 7:5 : Authorities Dismantled Hackers Who Stolen Millions Using AirBnB
• 7:4 : 50% of M&A Security Issues are Non-Malicious
• 7:4 : Brand Impersonations Surge 2000% During Black Friday
• 6:33 : Mysterious Drone-Like Objects Disrupting Electronics in New Jersey: Is It a New Cyber Threat or Something More?
• 6:33 : Cyber Threats in the Form of MS Office Email Attachments: A Growing Danger
• 6:33 : U.S. Subsidiary of a Japanese water Treatment Company Hit By Ransomware Attack
• 6:33 : APT-C-53 Weaponizing LNK Files To Deploy Malware Into Target Systems
• 6:33 : The Next Frontier: Predictions Driving Tech and Security in 2025
• 6:4 : Preventing data leakage in low-node/no-code environments
• 5:32 : Hackers Can Hijack Your Terminal Via Prompt Injection using LLM-powered Apps
• 5:31 : Strengthening security posture with comprehensive cybersecurity assessments
• 5:5 : IT Security News Hourly Summary 2024-12-10 06h : 5 posts
• 4:34 : Empowering Teams with Secure Cloud Environments
• 4:34 : How Secrets Security Boosts Business Value
• 4:34 : Leveraging NHI Lifecycle Management for Innovation
• 4:34 : Cybersecurity jobs available right now: December 10, 2024
• 4:34 : Neosync: Open-source data anonymization, synthetic data orchestration
• 4:4 : Hornetsecurity Enhances 365 Total Backup with Self-Service Recovery and Adds Microsoft OneNote Backup
• 4:4 : Electrica Group Under Cyber Attack, Systems Secure
• 2:5 : IT Security News Hourly Summary 2024-12-10 03h : 3 posts
• 2:4 : ISC Stormcast For Tuesday, December 10th, 2024 https://isc.sans.edu/podcastdetail/9248, (Tue, Dec 10th)
• 2:4 : ShinyHunters, Nemesis Linked to Hacks After Leaking Their AWS S3 Bucket
• 1:32 : Romanian energy supplier Electrica Group is facing a ransomware attack
• 1:3 : Police arrest suspect in murder of UnitedHealthcare CEO, with grainy pics the only tech involved
• 23:5 : IT Security News Hourly Summary 2024-12-10 00h : 4 posts
• 23:2 : Building Secure Containers: Reducing Vulnerabilities With Clean Base Images
• 23:2 : Police Arrest UnitedHealthcare CEO Shooting Suspect, App Developer Luigi Mangione