IT Security News Daily Summary 2024-12-11

138 posts were published in the last hour

• 22:32 : Microsoft Defender XDR demonstrates 100% detection coverage across all cyberattack stages in the 2024 MITRE ATT&CK® Evaluations: Enterprise​​
• 22:32 : Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine
• 22:4 : How Cryptocurrency Turns to Cash in Russian Banks
• 22:4 : Securing the future: building a culture of security
• 21:34 : Supreme Court Permits Nvidia Investor Lawsuit To Proceed
• 21:34 : CISA Updates Toolkit with Seven New Resources to Promote Public Safety Communications and Cyber Resiliency
• 21:34 : The best AirTag wallets of 2024: Expert tested
• 21:34 : Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others
• 21:34 : What is identity and access management? Guide to IAM
• 20:34 : Krispy Kreme Cyber Attack Disrupted Online Ordering in the US
• 20:5 : IT Security News Hourly Summary 2024-12-11 21h : 3 posts
• 20:4 : Apple Updates Everything (iOS, iPadOS, macOS, watchOS, tvOS, visionOS), (Wed, Dec 11th)
• 20:4 : Apple Pushes Major iOS, macOS Security Updates
• 19:32 : Brazil’s Internet Intermediary Liability Rules Under Trial: What Are the Risks?
• 19:4 : TikTok Files Challenge Against Canadian Shutdown Order
• 19:4 : Krispy Kreme Doughnut Corporation admits to hole in security
• 19:4 : December Patch Tuesday shuts down Windows zero-day
• 18:36 : US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack
• 18:36 : No Doughnuts Today? Cyberattack Puts Krispy Kreme in a Sticky Situation
• 18:36 : Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service
• 17:32 : Apple Intelligence Launches In UK, Siri Integrated With ChatGPT
• 17:32 : The Growing Threat of E-Skimming: Why March 2025’s PCI Deadline Matters
• 17:32 : Flare Raises $30M Series B Led by Base 10 Partners to Continue Growth in Security Intelligence and Threat Exposure Management Markets
• 17:5 : IT Security News Hourly Summary 2024-12-11 18h : 21 posts
• 17:2 : Russian government spies targeted Ukraine using tools developed by cybercriminals
• 17:2 : Why Medical Records Are Prime Targets for Cyberattacks and How to Stay Safe
• 17:2 : Here’s Why You Need A New App After Google RCS Issue
• 17:2 : Secret Blizzard Targets Ukrainian Military with Custom Malware
• 16:38 : US Awards Micron $6.1 Billion From US Chips Act
• 16:38 : Krispy Kreme discloses cyberattack that is disrupting online orders
• 16:38 : Cortex XDR Delivers Unmatched 100% Detection in MITRE Evals 2024
• 16:38 : Resecurity introduces Government Security Operations Center (GSOC) at NATO Edge 2024
• 16:38 : Operation Digital Eye Reveals Cybersecurity Breach
• 16:38 : Sophisticated Scam Targets UAE Residents with Fake Police Fines
• 16:7 : Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation
• 16:7 : Rising Cyber Extortion Threats Targeting Large Companies in 2024
• 16:7 : AuthQuake Flaw Allowed MFA Bypass Across Azure, Office 365 Accounts
• 16:7 : Hackers Deploy Weaponized LNK Files for Malicious Payload Delivery
• 16:7 : US Charged Chinese Hackers for Exploiting Thousands of Firewall
• 16:7 : Reserachers Uncovered Zloader DNS Tunneling Tactics For Stealthy C2 Communication
• 16:7 : Cortex XDR Delivers Unmatched 100% Detection in MITRE ATT&CK Round 6
• 16:7 : BadRAM Attack Uses $10 Equipment to Break AMD Processor Protections
• 16:7 : Brain Cipher Ransomware Group Claims Deloitte UK Data Breach
• 16:6 : New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools
• 16:6 : Cyber Incident Disrupting Krispy Kreme Online Orders
• 15:34 : MITRE ATT&CK® Evaluations Highlights Check Point Detection
• 15:34 : Google unveils AI coding assistant ‘Jules,’ promising autonomous bug fixes and faster development cycles
• 15:34 : Google’s new Trillium AI chip delivers 4X speed and powers Gemini 2.0
• 15:34 : Google Gemini 2.0: Could this be the beginning of truly autonomous AI?
• 15:34 : Ivanti fixed a maximum severity vulnerability in its CSA solution
• 15:34 : Google Pays $55,000 for High-Severity Chrome Browser Bug
• 15:34 : BT Group Confirms Cyberattack by Black Basta Ransomware Group
• 15:2 : CrowdStrike vs Wiz: Which Offers Better Cloud Security and Value?
• 15:2 : Researchers uncover Chinese spyware used to target Android devices
• 15:2 : Oasis Security Details MFA Security Flaw Found in Microsoft Cloud Services
• 15:2 : ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms
• 15:2 : Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts
• 15:2 : South Korea Takes Down Fraudulent Online Trading Network Used to Extort $6.3M
• 14:34 : APT-C-60 Hackers Penetrate Org’s Network Using a Weapanized Google Drive link
• 14:34 : Now on Demand: Inside a Hacker’s Playbook – How Cybercriminals Use Deepfakes
• 14:34 : Microsoft Azure MFA Flaw Allowed Easy Access Bypass
• 14:5 : IT Security News Hourly Summary 2024-12-11 15h : 6 posts
• 14:4 : AMD Chip VM Memory Protections Broken by BadRAM
• 14:4 : DMD Diamond Launches Open Beta for v4 Blockchain Ahead of 2025 Mainnet
• 13:34 : Operation Digital Eye: China-linked relies on Visual Studio Code Remote Tunnels to spy on Europen entities
• 13:5 : California Mulls Health Warnings For Social Media Sites
• 13:5 : Global Ongoing Phishing Campaign Targets Employees Across 12 Industries
• 13:5 : CIS Control 09: Email and Web Browser Protections
• 13:4 : A Cloud Reality Check for Federal Agencies
• 13:4 : Atlassian, Splunk Patch High-Severity Vulnerabilities
• 13:4 : Microsoft enforces defenses preventing NTLM relay attacks
• 12:36 : Jailbreaking LLM-Controlled Robots
• 12:36 : Three more vulns spotted in Ivanti CSA, all critical, one 10/10
• 12:36 : Google’s Willow Chip Signals the Urgency of Post-Quantum Cryptography Migration
• 12:36 : Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia
• 12:36 : What is Nudge Security and How Does it Work?
• 12:36 : Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017
• 12:7 : GM Kills Cruise Robotaxi Business, After Funding Is Pulled
• 12:7 : Windows RDP Service Flaw let Hackers Execute Remote Code
• 12:7 : KnowBe4 Report Finds 44% of HR Professionals Have Encountered Fraudulent or Scam Job Applications
• 12:7 : 446,000 Impacted by Center for Vein Restoration Data Breach
• 12:6 : Operation PowerOFF Takes Down DDoS Boosters
• 11:32 : Chinese national charged for hacking thousands of Sophos firewalls
• 11:32 : ICS Patch Tuesday: Security Advisories Released by Siemens, Schneider, CISA, Others
• 11:32 : Top 10 Web Design Security Best Practices to Follow in 2025
• 11:32 : BadRAM: $10 hack unlocks AMD encrypted memory
• 11:31 : US Sanctions Chinese Firm at Center of Global Firewall Hack
• 11:5 : IT Security News Hourly Summary 2024-12-11 12h : 9 posts
• 11:2 : US Charges, Sanctions Chinese Man Accused of Sophos Firewall Hacking
• 11:2 : Cybersecurity Products or Platforms – Which is More Effective?
• 10:34 : New DCOM Attack Exploits Windows Installer for Backdoor Access
• 10:34 : Ivanti CSA Vulnerabilities Let Attackers Gain Admin Access
• 10:34 : SOC 2 Policies: What They Should Include and Why They Matter
• 10:34 : Leveraging Crypto Agility to Meet DORA Requirements in Financial Services by January 2025
• 10:34 : Microsoft Fixes 71 CVEs Including Actively Exploited Zero-Day
• 10:6 : Under-16s Social Media Ban: A UK Government Proposal
• 10:6 : ChatGPT Two Years On: Experts Weigh In
• 9:32 : New Microsoft Purview features help protect and govern your data in the era of AI
• 9:32 : Picus provides automated pentesting testing to help uncover critical risks
• 9:32 : Zero Day in Cleo File Transfer Software Exploited En Masse
• 9:7 : 6 Tips to Protect Your New Devices During the Holiday Season | Avast
• 9:7 : CyTwist’s detection engine combats AI-generated malware
• 9:7 : Trellix Drive Encryption enhances security against insider attacks
• 9:7 : Cato Networks extends SASE-based protection to IoT/OT environments
• 9:7 : Snowflake Pledges to Make MFA Mandatory
• 8:36 : Telecom security bill, Google’s quantum chip, Chinese cyber firm sanctions
• 8:5 : IT Security News Hourly Summary 2024-12-11 09h : 7 posts
• 8:4 : Chrome Security Update, Patch For Multiple Vulnerabilities
• 8:4 : Disclosure Rules Lead To Less Disclosure: Cyber Security Today for Wednesday, December 11, 2024
• 7:37 : Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE – Smishing Triad in Action
• 7:37 : FCC Responds to telecoms attack dubbed ‘worst in our nation’s history’
• 7:37 : Phishers Nabbed in International Sting
• 7:37 : Decrypting Full Disk Encryption with Dissect
• 7:37 : Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability
• 7:2 : Apple iPhone Users Warned About Data-Stealing Vulnerability in TCC Feature
• 7:2 : Pros and Cons of Differentiating Cloud Security Tools
• 7:2 : Massive Data Breach Hits Senior Dating Website, Exposing Over 765,000 Users
• 7:2 : U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls
• 6:32 : WPForms Vulnerability Let Users Issues Subscription Payments
• 6:32 : Are pre-owned smartphones safe? How to choose a second-hand phone and avoid security risks
• 6:32 : Patch Tuesday Update – December 2024
• 5:34 : Open source malware up 200% since 2023
• 5:7 : US names Chinese national it alleges was behind 2020 attack on Sophos firewalls
• 5:7 : Cybersecurity in the Digital Frontier: Reimagining Organizational Resilience
• 5:7 : Why crisis simulations fail and how to fix them
• 5:5 : IT Security News Hourly Summary 2024-12-11 06h : 1 posts
• 4:32 : Containers have 600+ vulnerabilities on average
• 3:34 : Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities
• 2:34 : Patch Tuesday, December 2024 Edition
• 2:34 : The ‘Ghost Gun’ Linked to Luigi Mangione Shows Just How Far 3D-Printed Weapons Have Come
• 2:5 : IT Security News Hourly Summary 2024-12-11 03h : 5 posts
• 2:2 : Vulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813 [Guest Diary], (Wed, Dec 11th)
• 2:2 : ISC Stormcast For Wednesday, December 11th, 2024 https://isc.sans.edu/podcastdetail/9250, (Wed, Dec 11th)
• 2:2 : Post-Quantum Cryptography: The Implications of Google’s Willow and Other Quantum Computers for Cybersecurity
• 2:2 : Staying Ahead: The Role of NHIDR in Modern Cybersecurity
• 1:32 : U.S. CISA adds Microsoft Windows CLFS driver flaw to its Known Exploited Vulnerabilities catalog
• 23:34 : Microsoft December 2024 Patch Tuesday addressed actively exploited zero-day
• 23:5 : IT Security News Hourly Summary 2024-12-11 00h : 3 posts