IT Security News Daily Summary 2025-01-23

148 posts were published in the last hour

• 22:13 : Secure Your Frontend: Practical Tips for Developers
• 22:13 : OpenAI says it may store deleted Operator data for up to 90 days
• 22:13 : Pwn2Own Automotive 2025 Day 2: organizers awarded $335,500
• 21:4 : Chinese PlushDaemon APT Targets S. Korean IPany VPN with Backdoor
• 21:4 : Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug
• 20:31 : SOC vs MSSP: Which is Right for Your Business?
• 20:9 : Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks
• 20:9 : What is SSL (Secure Sockets Layer)?
• 20:9 : Hidden Waymo feature let researcher customize robotaxi’s display
• 20:8 : AI-Driven Security by Palo Alto Networks and IBM
• 20:8 : Speaking Freely: Lina Attalah
• 20:5 : IT Security News Hourly Summary 2025-01-23 21h : 6 posts
• 19:34 : Everything is connected to security
• 19:34 : OpenAI’s ‘Operator’ Agent Automates Online Tasks
• 19:34 : Meet GhostGPT: The Malicious AI Chatbot Fueling Cybercrime and Scams
• 19:34 : New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies
• 19:34 : Phishing Emails Targeting Australian Firms Rise by 30% in 2024
• 19:34 : Randall Munroe’s XKCD ‘Chemical Formulas’
• 19:2 : Multi-Tenant Data Isolation and Row Level Security
• 19:2 : For anonymous browsing, these extensions are the next best thing to Tor
• 19:2 : Android enhances theft protection with Identity Check and expanded features
• 18:34 : Pakistan’s Parliament Passes Bill For Strict Control On Social Media
• 18:34 : 2025-01-22: Traffic Analysis Exercise – Download from fake software site
• 18:9 : Juniper enterprise routers backdoored via “magic packet” malware
• 17:39 : Protecting the Backbone of Modern Development: Scanning Secrets in Container Registries
• 17:39 : ETW Threat Intelligence and Hardware Breakpoints
• 17:39 : An Overview​​ of Cyber Risk Modeling | Kovrr
• 17:38 : EU Mandates Tougher Cybersecurity for Banking Sector
• 17:38 : CCN releases guide for Spain’s ENS landing zones using Landing Zone Accelerator on AWS
• 17:9 : Do backup vendor guarantees pay off?
• 17:9 : SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix
• 17:9 : Cyber Insights 2025: Malware Directions
• 17:5 : IT Security News Hourly Summary 2025-01-23 18h : 5 posts
• 16:36 : Passwordless Authentication: The Next Frontier
• 16:36 : UK’s CMA Begins Probe Into Apple, Google Mobile Ecosystems
• 16:36 : Indian Tribunal Suspends Meta’s Data Sharing Ban
• 16:36 : 9 Internal Data Breach Examples to Learn From
• 16:36 : Chained Vulnerabilities Exploited in Ivanti Cloud Service Appliances
• 16:4 : Wordfence Intelligence Weekly WordPress Vulnerability Report (January 13, 2025 to January 19, 2025)
• 16:4 : Google Ads Phishing Scam Reaches New Extreme, Experts Warn of Ongoing Threat
• 15:39 : Top 5 Signs Hackers are in Your Network (and What to Do about It)
• 15:39 : Cyber Threat from Bonnie Blue and Lilly Phillips of OnlyFans
• 15:39 : The best secure browsers for privacy in 2025: Expert tested
• 15:39 : Meta’s pay-or-consent model under fire from EU consumer group
• 15:39 : Schneider Electric Easergy Studio
• 15:38 : Schneider Electric EVlink Home Smart and Schneider Charge
• 15:38 : mySCADA myPRO Manager
• 15:38 : Hitachi Energy RTU500 Series Product
• 15:38 : Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks
• 15:38 : Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits
• 15:38 : Bookmakers Ramp Up Efforts to Combat Arbitrage Betting Fraud
• 15:12 : Warning: Don’t sell or buy a second hand iPhone with TikTok already installed
• 15:12 : GhostGPT: Uncensored Chatbot Used by Cyber Criminals for Malware Creation, Scams
• 15:11 : Chinese threat actors used two advanced exploit chains to hack Ivanti CSA
• 15:11 : Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024)
• 15:11 : The Power of Many: Crowdsourcing as A Game-Changer for Modern Cyber Defense
• 15:11 : FortiGate config leaks: Victims’ email addresses published online
• 14:33 : What is threat modeling?
• 14:33 : FBI Warning: Avoid Installing Malicious Apps to Safeguard Your Financial Data
• 14:32 : Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads
• 14:5 : XSS Attempts via E-Mail, (Thu, Jan 23rd)
• 14:5 : IT Security News Hourly Summary 2025-01-23 15h : 17 posts
• 14:4 : Fortinet Collaborates with Global Leaders at World Economic Forum Annual Meeting 2025
• 14:4 : Axoflow Raises $7 Million for Security Data Curation Platform
• 14:4 : Trump Has Had a Light Touch on Cybersecurity – So Far
• 14:4 : Memcyco Announces Next-Gen, AI Solution to Combat Fraud and Impersonation Attacks in Real Time
• 13:34 : Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques
• 13:34 : Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection
• 13:34 : GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits
• 13:34 : Homebrew macOS Users Targeted With Information Stealer Malware
• 13:9 : Samsung Touts AI Features With Galaxy S25 Smartphones
• 13:9 : You are Not Alone, ChatGPT is Down
• 13:9 : Microsoft Unveils New Identity Secure Score Recommendations in General Availability
• 13:9 : Expanding Cyber Security Education Globally: SecureAcademy Partners with Nonprofits
• 13:9 : Operational Security: The Backbone of Effective Police Communication
• 13:9 : Tesla Charger Exploits Earn Hackers $129,000 at Pwn2Own
• 13:9 : Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw
• 13:9 : CISOs Dramatically Increase Boardroom Influence but Still Lack Soft Skills
• 12:34 : January 2025 Web Server Survey
• 12:34 : Subaru Security Flaws Exposed Its System for Tracking Millions of Cars
• 12:34 : Cisco Fixes Critical Vulnerability in Meeting Management
• 12:11 : Hackers Deliver Ransomware on Windows Via Microsoft Teams Voice Calls
• 12:11 : The best security keys of 2025: Expert tested
• 12:11 : Cisco Patches Critical Vulnerability in Meeting Management
• 12:11 : How SASE Empowers CISOs to Combat Stress and Burnout
• 12:11 : QakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering Features
• 12:11 : New Research: The State of Web Exposure 2025
• 12:11 : SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation
• 12:11 : How to Eliminate Identity-Based Threats
• 11:34 : LinkedIn Sued Over Alleged Use Of Private Messages To Train AI
• 11:34 : SonicWall Arbitrary OS Commands Execution Vulnerability Exploited in Attacks
• 11:34 : Under Trump, US Cyberdefense Loses Its Head
• 11:34 : SonicWall Learns From Microsoft About Potentially Exploited Zero-Day
• 11:34 : Taking a Threat Adapted Approach to Vulnerability Management
• 11:34 : New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing
• 11:5 : Privacy Teams Understaffed, Under Resourced and Under Stress, Research Finds
• 11:5 : IT Security News Hourly Summary 2025-01-23 12h : 9 posts
• 11:5 : Future-Proof Your WordPress Site: Essential Plugins for 2025
• 11:4 : Trump Pardons Silk Road Founder Ulbricht
• 10:32 : Bashe Ransomware strikes ICICI Bank
• 10:32 : AI Assistant Jailbreaked to Reveal its System Prompts
• 10:32 : Who is DDoSing you? Rivals, probably, or cheesed-off users
• 10:32 : QakBot-Linked BC Malware Adds Enhanced DNS Tunneling and Remote Access Features
• 10:8 : Murdoc Botnet Exploiting AVTECH Cameras & Huawei Routers to Gain Complete Control
• 10:8 : Biz tax rises, inflation and high interest. Why fewer UK tech firms started in 2024
• 10:8 : Record Number of Ransomware Attacks in December 2024
• 9:32 : Japanese Companies Threatened by DPRK IT Workers
• 9:7 : Cisco addresses a critical privilege escalation bug in Meeting Management
• 9:7 : SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)
• 9:7 : Appdome Threat Dynamics analyzes and ranks mobile threats
• 8:36 : Open-Source ClamAV Releases Security Update for Buffer Overflow Vulnerability – Patch Now
• 8:36 : Rails Apps Arbitrary File Write Vulnerability Let Attackers Execute Code Remotely
• 8:36 : Bitsight Instant Insights accelerates vendor risk assessments
• 8:36 : DigitalOcean Per-Bucket Access Keys boosts object storage security
• 8:36 : DHS terminates the Cyber Security Review Board, Major cybersecurity vendors’ credentials found on Dark Web, Trump pardons creator of Silk Road
• 8:5 : IT Security News Hourly Summary 2025-01-23 09h : 6 posts
• 8:2 : New Supply Chain Attack Targeting Chrome Extensions to Inject Malicious Code
• 8:2 : NSFOCUS Licensed for SOC and Pentest Service in Malaysia in Accordance with Cyber Security Act 2024
• 7:36 : Asus lets processor security fix slip out early, AMD confirms patch in progress
• 7:36 : Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)
• 7:9 : New Cookie Sandwich Technique Allows Stealing of HttpOnly cookies
• 7:9 : U.S. President Donald Trump granted a “full and unconditional pardon” to Ross Ulbricht, Silk Road creator
• 6:34 : Connecting an LLM to Your Database Is Risky Business
• 6:34 : TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware
• 6:7 : WordPress Plugin Vulnerability Exposes 23k+ Websites to Hacking
• 6:7 : 2025-01-21: Quick post for Koi Loader/Koi Stealer activity
• 6:6 : Defense strategies to counter escalating hybrid attacks
• 5:34 : Cisco Warns of Meeting Management API Privilege Escalation Vulnerability
• 5:34 : Can’t Start a Fire Without a Spark
• 5:34 : Prevent Data Breaches with Advanced IAM
• 5:34 : Is Your Automation Exposing Critical Data?
• 5:34 : Empowering Teams with Secure API Management
• 5:34 : Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning
• 5:7 : Mac Users Targeted: Fake Google Ads Exploit Homebrew in Malware Campaign
• 5:6 : CISOs are juggling security, responsibility, and burnout
• 4:2 : Funding soars in a milestone year for Israeli cybersecurity
• 2:5 : IT Security News Hourly Summary 2025-01-23 03h : 3 posts
• 1:34 : Imperva Protects Against the Exploited CVEs in the Cleo Data Theft Attacks
• 1:17 : Oracle emits 603 patches, names one it wants you to worry about soon
• 1:17 : FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know
• 0:4 : ISC Stormcast For Thursday, January 23rd, 2025 https://isc.sans.edu/podcastdetail/9292, (Wed, Jan 22nd)
• 23:34 : Trump ‘waved a white flag to Chinese hackers’ as Homeland Security axed cyber advisory boards
• 23:34 : UK Mail Check: DMARC Reporting Changes to Know
• 23:9 : Cyber Safety Review Board axed in DHS cost-cutting move
• 23:9 : Pwn2Own Automotive 2025 Day 1: organizers awarded $382,750 for 16 zero-days
• 23:9 : Texas Is Enforcing Its State Data Privacy Law. So Should Other States.
• 23:5 : IT Security News Hourly Summary 2025-01-23 00h : 5 posts
• 22:55 : IT Security News Daily Summary 2025-01-22