IT Security News Weekly Summary – Week 03

• IT Security News Daily Summary 2024-01-21

• USENIX Security ’23 – Kaiming Cheng, Jeffery F. Tian, Tadayoshi Kohno, Franziska Roesner – Exploring User Reactions and Mental Models Towards Perceptual Manipulation Attacks in Mixed Reality

• Evolution of AI Assistants: Navigating Breakthroughs in Software Development

• LockBit ransomware gang claims the attack on the sandwich chain Subway

• Welcome to Data Privacy Week: Empowering Your Cybersecurity with BlackCloak

• More Than One Third Of Facebook Marketplace Ads Could Be Scams

• Empowering Global Cybersecurity: The Future with Dianoea Darwis Honeypot

• Classic Baggie: Part Three – the Romance Scam Victims

• Meta is Collecting Consumers Data from Thousands of Firms

• Microsoft Might Be Sharing Your Outlook Emails Without Your Knowledge

• MUN President Confirms: Ransomware was Behind Cyberattack on Their Grenfell Campus

• What is Biometric Security? Your Body Becomes Your Key

• The best VPN services for iPhone and iPad in 2024: Tested and reviewed

• Innovative Legal Move Restores Hospital’s Stolen Information

• Cybersecurity Challenges at the World Economic Forum

• Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

• Week in review: 10 cybersecurity frameworks you need to know, exploited Chrome zero-day fixed

• New Outlook Flaw Let Attackers Access Hashed Passwords

• Business Email Compromise (BEC) Scams: Prevention and Response

• Cloud Security Best Practices for Businesses

• Admin of the BreachForums hacking forum sentenced to 20 years supervised release

• IT Security News Daily Summary 2024-01-20

• Microsoft Executives’ Emails Breached by Russia Hackers

• DHS and FBI: Chinese Drones Pose Major Threat to U.S. Security

• Fujitsu Bugs That Sent Innocent People to Prison Were Known ‘From the Start’

• USENIX Security ’23 – Unique Identification of 50,000+ Virtual Reality Users from Head & Hand Motion Data

• Transforming the Creative Sphere With Generative AI

• Apple Faces New Security Dilemma as Infostealers Execute Stealthy Attacks

• Dawnofdevil Hackers on the Rise Again

• New AI System Aids Early Detection of Deadly Pancreatic Cancer Cases

• Midnight Blizzard: Russian Threat Actors Behind Microsoft Corporate Emails’ Breach

• Why many CISOs consider quitting – Week in security with Tony Anscombe

• Book Review: The Crypto Launderers: Crime and CryptoCurrencies

• US Agencies Urged to Patch Ivanti VPNs That Are Actively Being Hacked

• PixieFAIL – 9 UEFI Flaws Expose Computers to Remote Attacks

• Your data is under siege. Here’s how to win the war.

• Why T-POT Honeypot is the Premier Choice for Organizations

• Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails

• Chromecast End-of-Life Announcement Highlights Urgent Need for Patch Management Reform Among Hybrid Workers

• Common Pitfalls of Running On-Premises SIEM Solutions

• In Other News: WhatsApp Privacy Issue, Spying via Ambient Light Sensor, Bigpanzi Botnet

• Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years

• The best travel VPNs of 2024: Expert tested and reviewed

• Supply Chain Cybersecurity: Protecting Business Partners

• CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits

• Microsoft’s Top Execs’ Emails Breached in Sophisticated Russia-Linked APT Attack

• Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware

• USENIX Security ’23 – Habiba Farrukh, Reham Mohamed, Aniket Nare, Antonio Bianchi, Z. Berkay Celik – LocIn: Inferring Semantic Location from Spatial Maps in Mixed Reality

• Behind the Breach: Pass-The-Cookie Beyond IdPs

• Russians invade Microsoft exec mail while China jabs at VMware vCenter Server

• VF Corp December data breach impacts 35 million customers

• Hackers breached Microsoft to find out what Microsoft knows about them

• The No AI Fraud Act Creates Way More Problems Than It Solves

• Microsoft Says Russian Gov Hackers Stole Email Data from Senior Execs

• IT Security News Daily Summary 2024-01-19

• Chinese threat group exploited VMware vulnerability in 2021

• Friday Squid Blogging: New Foods from Squid Fins

• CISA Issues Emergency Directive on Ivanti Zero-Days

• Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard

• Five ripped off IT giant with $7M+ in bogus work expenses, prosecutors claim

• Database Security: Best Practices and What You Need to Know

• Threat Modeling

• Using Pen Tests to Protect Your Company From Digital Threats

• How to Build a Data Foundation for Generative AI

• 7 Best Vulnerability Scanning Tools & Software for 2024

• Parrot TDS: A Persistent and Evolving Malware Campaign

• Zelle Is Using My Name and Voice without My Consent

• Companies Make it Too Easy for Thieves to Impersonate Police and Steal Our Data

• Cyber Security Today, Week in Review for the week ending Friday, Jan. 19, 2024

• CISA Issues Emergency Directive Requiring Federal Agencies to Mitigate Ivanti Connect Secure and Policy Secure Vulnerabilities

• China-linked APT UNC3886 exploits VMware zero-day since 2021

• Randall Munroe’s XKCD ‘Net Rotations’

• CISA Issues Emergency Directive on Ivanti Vulnerabilities

• Securing Digital Frontiers: The Essential Role of Network Access Control in Modern Cybersecurity

• Building a More Inclusive Cybersecurity Strategy Requires Public and Private Cooperation

• Iran’s Mint Sandstorm APT Hits Universities with Hamas-Israel Phishing Scam

• Securing Applications in ROKS Cluster

• Protecting Privacy in the Age of Edge AI: The Role of Homomorphic Encryption

• Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082)

• Virtual kidnapping: How to see through this terrifying scam

• Critical Vulnerabilities Found in Open Source AI/ML Platforms

• Latest OpenPubkey Project Initiative Makes SSH More Secure

• Cloud Security Is Best Achieved With The Right Preparation

• The hidden costs of pirated software: A cautionary tale for small businesses

• USENIX Security ’23 – Hidden Reality: Caution, Your Hand Gesture Inputs in the Immersive Virtual World are Visible to All!

• The best VPN routers of 2024: Expert researched

• Is Your Money Safe? SEC’s New Rules to Guard Against Cyber Threats

• 2023 ‘ASTORS’ Champ HID Enhances its PKI Offerings with ZeroSSL

• Canadian Man Stuck in Triangle of E-Commerce Fraud

• Ransomware attacks break records in 2023: the number of victims rose by 128%

• Ransomware attacks pushing suicidal tendencies among Cybersecurity professionals

• Innovation Unleashed: Indian AI and Robotics Giant Attains Level 5 Autonomy

• Lock down TeamViewer or pay a price

• Toronto to integrate IT systems after ransomware attacks on zoo, public library

• Top IT Trends in Australia for IT Pros to Prepare For in 2024

• U.S. CISA warns of actively exploited Ivanti EPMM flaw CVE-2023-35082

• US Charges Russian Involved in 2013 Hacking of Neiman Marcus, Michaels

• Anthropic Research Indicates That AI Algorithms May Turn Into “Sleeper Cell” Backdoors

• Bill Gates Explains How AI will be Transformative in 5 Years

• CISA & FBI released Incident Response Guide for WWS Sector

• 71 Million Emails Added to Have I Been Pwned From Naz.API Stolen Account List

• Ransomware Activity Surged in 2023, Likely to Evolve in 2024

• How to Shine in Your Next Cybersecurity Audit

• New Sophisticated NFT Airdrop Attack  Steals Funds From Victim’s Wallet

• What Do You Need to Know About DevOps Lifecycle Phases?

• Revolutionizing Kubernetes With K8sGPT: A Deep Dive Into AI-Driven Insights

• LoanDepot outage drags into second week after ransomware attack

• Driving a Cloud Operating Model in Education

• Thieves steal 35.5M customers’ data from Vans sneakers maker

• Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software

• How to Opt Out of Comcast’s Xfinity Storing Your Sensitive Data

• FTC bans another data broker from selling consumers’ location data

• Cyber Security Today, Jan. 19, 2024 – Vulnerabilities found in server firmware, a warning to Docker administrators, and more

• Google To Invest $1 Billion To Build UK Data Centre

• Critical “PixieFail” Flaws Expose Millions of Devices to Cyberattacks

• Black Hat Europe 2023 NOC: Threat Hunting

• VF Corp Says Data Breach Resulting From Ransomware Attack Impacts 35 Million

• Serious Vulnerability Spotted In Bosch Thermostat

• 5 Things to Consider Before Buying a File Integrity Monitoring (FIM) Solution

• US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities

• Amazon Lays Off 5 Percent Of Staff At ‘Buy With Prime’ Unit

• YouTube Crypto Con: Scammers Rake in $600K with Deepfakes and QR Codes

• VMware vCenter Server Vulnerability Exploited in Wild

• Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases

• Preventing Data Loss: Backup and Recovery Strategies for Exchange Server Administrators

• Ransomware Attacks Rose 128 Percent In 2023, Report Finds

• This Top-Rated Data Recovery Tool is More Than $100 Off Now

• Russian Coldriver Hackers Deploy Malware to Target Western Officials

• Kansas State University suffered a serious cybersecurity incident

• The Quantum Computing Cryptopocalypse – I’ll Know It When I See It

• Experts Urge Clearer Direction in South Africa’s Cyber Strategy

• Microsoft at Legalweek: Secure data and gain efficiencies with Microsoft Purview eDiscovery enhanced by generative AI

• Npm Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package

• OSINVGPT – A Tool For Open-source Investigations

• Orange Spain Outage: BGP Traffic Hijacked by Threat Actor

• FBI & CISA Warns of risk to critical infrastructure by Chinese Drones

• Bigpanzi Bot Hacks 170,000+ Android TVs to Launch DDoS Attacks

• IT consultant fined for daring to expose shoddy security

• Navigating Cyber Threats in the Era of AI Weaponization

• Out with the old and in with the improved: MFA needs a revamp

• Hackers steal $7.5 million funds from US Health Department via email spoofing cyber attack

• New infosec products of the week: January 19, 2024

• U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability

• Top Official Says Kansas Courts Need at Least $2.6 Million to Recover From Cyberattack

• Unlocking GenAI’s full potential through work reinvention

• Digital nomads amplify identity fraud risks

• Test Post

• US agencies warn made-in-China drones might help Beijing snoop on the world

• The Unseen Threats: Anticipating Cybersecurity Risks in 2024

• Unleashing the Power of OAuth Authentication in Computing

• The Role of AI in Business Operations

• CISA posts incident response guide for water utilities

• The Benefits of Using DCIM Software for Data Center Cable Management

• Vans, Supreme owner VF Corp says hackers stole 35 million customers’ personal data

• IT Security News Daily Summary 2024-01-18

• CISA and FBI Reveal Known Androxgh0st Malware IoCs and TTPs

• Akira Ransomware Attacks Surge. Finnish Companies Among Targets

• White House Revamps Cybersecurity Hiring Strategy

• Lawsuit Claims Over 100,000 Children On Facebook Are Sent Sex Abuse Material Every Day

• Cisco and Schneider Electric Are Creating Smarter, More Efficient Buildings

• Reduce Business Email Compromise with Collaboration

• USENIX Security ’23 – Xingman Chen, Yinghao Shi, Zheyu Jiang, Yuan Li, Ruoyu Wang, Haixin Duan, Haoyu Wang, Chao Zhang – MTSan: A Feasible and Practical Memory Sanitizer for Fuzzing COTS Binaries

• Defining Good: A Strategic Approach to API Risk Reduction

• A Q&A with Rubrik CEO and venture capitalist Bipul Sinha

• Significance of CMDB in Device Visibility To Control Unauthorized Access in Banks

• CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

• Is Temu safe? What to know before you ‘shop like a billionaire’

• Empowering Exceptional Digital Experiences at Cisco Live EMEA

• JPMorgan exec claims bank repels 45 billion cyberattack attempts per day

• What to do with that fancy new internet-connected device you got as a holiday gift

• Androxgh0st Malware Botnet Steals AWS, Microsoft Credentials and More

• Attackers Could Eavesdrop on AI Conversations on Apple, AMD, Imagination and Qualcomm GPUs

• Future of America’s Cyber Safety Review Board hangs in balance amid calls for rethink

• PixieFail Bugs in UEFI Open Source Implementation Threaten Computers

• Sam Altman Surprised At NYT Lawsuit

• Do you love or fear your smart home devices? For most Americans, it’s both

• Should the CIO be solely responsible for keeping AI in check? Info-Tech weighs in

• Web monitors say Gaza week-long internet outage is longest yet

• Court Bans Apple Watch Imports Amid Patent Dispute

• Meet Turbine Canvas and Embrace the Art of Powerful Simplicity

• Massive ‘New’ Leaked Credentials List: Naz.API Pwns Troy

• New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic

• TA866 Resurfaces in Targeted OneDrive Campaign

• Ransomware attacks hospitalizing security pros, as one admits suicidal feelings

• How Secure Is Cloud Storage? Features, Risks, & Protection

• Oracle Releases Critical Patch Update Advisory for January 2024

• AVEVA PI Server

• Incident Response Guide for the WWS Sector

• Spamhaus Blocklist (SBL) listings are moving

• Want to Justify Your IT Investments Faster? Measure Business Outcomes.

• Digitizing the Physical World: Insights from Cisco Live Melbourne and the Industrial IoT Industry Summit

• Time to bring order to Cyber Chaos

• Russian threat group spreading backdoor through phishing, says Google

• New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs

• New Microsoft Incident Response guides help security teams analyze suspicious activity

• 70 million account credentials were leaked in a massive password dump

• GCHQ Releases Unseen Photos Of WW2 Colossus Computer

• Anonymous Sudan’s DDoS Attacks Disrupt Network at Israeli BAZAN Group

• What is a TPM, and why does your PC need one?

• SolarWinds breach news center

• Chainalysis observes decrease in cryptocurrency crime in 2023

• Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks

• New Malware Campaign Exploits 9hits in Docker Assault

• CISA, FBI and EPA Release Incident Response Guide for Water and Wastewater Systems Sector

• How to lock a file or folder in MacOS Finder – to save you from yourself

• CISA Releases One Industrial Control Systems Advisory

• EFF’s 2024 In/Out List

• Protect AI Report Surfaces MLflow Security Vulnerabilities

• As Deepfake of Sachin Tendulkar Surface, India’s IT Minister Promises Tighter Rules

• Vercara UltraSecure offers protection from malicious attacks

• Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware

• Iranian Phishing Campaign Targets Israel-Hamas War Experts

• Students and teachers fight back cyber attack on University Network

• Sheryl Sandberg To Step Down From Meta’s Board

• Check Point Research Unfolds: Navigating the Deceptive Waters: Unmasking A Sophisticated Ongoing NFT Airdrop Scam

• Two more Citrix NetScaler bugs exploited in the wild

• GitHub, PyTorch and More Organizations Found Vulnerable to Self-Hosted Runner Attacks

• Creator of ‘Ready Player One’ Ventures into Launching Metaverse

• VulnCheck IP Intelligence identifies vulnerable internet-connected infrastructure

• Wordfence Intelligence Weekly WordPress Vulnerability Report (January 8, 2024 to January 14, 2024)

• Multichain Inferno Drainer Abuse Web3 Protocols To Connect Crypto Wallets

• AI trends: A closer look at machine learning’s role

• Drupal Releases Security Advisory for Drupal Core

• Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

• Software Supply Chain Security Startup Kusari Raises $8 Million

• Data is the Missing Piece in the AI Jigsaw, Here’s How to Bridge the Gap

• Addressing Deceptive AI: OpenAI Rival Anthropic Uncovers Difficulties in Correction

• N-able MDR ingests data from existing security and IT tools

• Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot

• ‘Stablecoins’ Enabled $40 Billion in Crypto Crime Since 2022

• Are You Ready for PCI DSS 4.0?

• Energy Department to Invest $30 Million in Clean Energy Cybersecurity Solutions

• Russian APT Known for Phishing Attacks Is Also Developing Malware, Google Warns

• SOC-as-a-Service: The Five Must-Have Features

• Oleria raises $33 million to accelerate its product innovation

• Google TAG: Kremlin cyber spies move into malware with a custom backdoor

• Google says Russian espionage crew behind new malware campaign

• How AI-Powered Security Capabilities Implement Real-Time Cybersecurity

• Illicit Cryptocurrency Flows Drop 39% in 2023

• Reduce API Security Risk by Fixing Runtime Threats in Code Faster

• What is the Windows Security Account Manager (SAM)?

• List Containing Millions of Credentials Distributed on Hacking Forum, but Passwords Old

• Oleria Secures $33M Investment to Grow ID Authentication Business

• ESET launches MDR service to improve cybersecurity for SMBs

• Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers

• How Do You Protect Your APIs From DDoS Attacks?

• MFA Spamming and Fatigue: When Security Measures Go Wrong

• TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks

• Cisco Secure Equipment Access wins “IoT Security Innovation of the Year” in the 2024 IoT Breakthrough Awards

• Samsung Embeds Google’s AI Tech In S24 Smartphones

• Canadian Citizen Gets Phone Back from Police

• Customer Information of Toyota Insurance Company Exposed Due to Misconfigurations

• Malware Exploits 9Hits, Turns Docker Servers into Traffic Boosted Crypto Miners

• PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

• DevOps’ Big Challenge: Limiting Risk Without Impacting Velocity

• Webinar: Managing Without Governing? Why Your Organization Needs a Management System to Govern Your Information Resilience Program

• ChatGPT For Enterprises Is Here – But CEOs First Want Data Protections

• Why is data security important?

• Swimlane enhances Turbine platform to alleviate the pressure on SecOps teams

• Google CEO Warns Staff To Expect More Job Cuts – Report

• Ransomware Group Targets Foxconn Subsidiary Foxsemicon

• Outsmarting Ransomware’s New Playbook

• Sourcepoint introduces sensitive data opt-in feature to prepare users for privacy changes

• FBI: Androxgh0st Malware Building Mega-Botnet for Credential Theft

• Vast botnet hijacks smart TVs for prime-time cybercrime

• VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063)

• Citrix NetScaler 0-day Vulnerability Exploited In The Wild, CISA Urges Patching

• Enter the era of platform-based cloud security

• PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft

• NCSC Builds New “Cyber League” Threat Tracking Community

• Confessions on MFA and Security Best Practices

• JinxLoader Malware: Next-Stage Payload Threats Revealed

• HealthEC Data Breach Impacts 4.5 Million Patients

• Navigating the Debian 10 EOL: A Guide to the Future

• Hackers Deploying Androxgh0st Botnet Malware that Steals AWS, Microsoft Credentials

• iShutdown lightweight method allows to discover spyware infections on iPhones

• Your iPhone is at risk – Signs of Viruses You Shouldn’t Ignore!

• Attribute-based encryption could spell the end of data compromise

• Fujitsu issues apology for IT and Data Privacy scandal of UK Post Offices

• Skytrack: Open-source aircraft reconnaissance tool

• Ransomware negotiation: When cybersecurity meets crisis management

• Iranian Hackers Masquerade as Journalists to Spy on Israel-Hamas War Experts

• Adversaries exploit trends, target popular GenAI apps

• The power of AI in cybersecurity

• Business Continuity Planning: Ensuring Tech Resilience

• Navigating the Dark Web: Business Risks and Precautions

• Insurance website’s buggy API leaked Office 365 password and a giant email trove

• A fortified approach to preventing promo, bonus, and other multi-account abuse

• Embracing a risk-based cybersecurity approach with ASRM

• The Perils of Platformization

• USENIX Security ’23 – FloatZone: Accelerating Memory Error Detection using the Floating Point Unit

• Calling Home, Get Your Callbacks Through RBI

• Apple, AMD, Qualcomm GPU security hole lets miscreants snoop on AI training and chats

• Vulnerability Summary for the Week of January 8, 2024

• IT Security News Daily Summary 2024-01-17

• Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 (Updated)

• Google DeepMind’s AI system solves geometry problems like a math Olympian

• phishing

• Over 178K SonicWall Firewalls Vulnerable to DoS, Potential RCE Attacks

• Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

• CISOs are both anxious and see opportunities: Report

• The Role of Zero-Knowledge Proofs in LLM Chains for Data Privacy

• Kaspersky’s iShutdown Tool Detects Pegasus Spyware on iOS Devices

• How to Use Ansible with CML

• Vulnerability Management Firm Vicarius Raises $30 Million

• Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #275 — Comic Agilé Consulting

• 5 Best VPNs for Android in 2024

• Elon Musk Seeks Larger Tesla Stake Ahead Of AI, Robotics Push

• Alphabet’s Wing Unveils Larger Drone For Bigger Payloads

• How To Ensure Cloud Application Security: Compromises and Best Practices

• 16 top ERM software vendors to consider in 2024

• Swiss Govt Websites Hit by Pro-Russia Hackers After Zelensky Visit

• Microsoft: Iranian APT Impersonating Prominent Journalist in Clever Spear-Phishing Attacks

• Hackers Building AndroxGh0st Botnet to Target AWS, O365, Feds Warn

• Google Incognito Mode: New Disclaimer Reveals Data Tracking

• How to conduct incident response tabletop exercises

• E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

• AI, Gaming, FinTech Named Major Cybersecurity Threats For Kids

• CISOs on alert following SEC charges against SolarWinds

• VMware Releases Security Advisory for Aria Operations

• CISA Adds Three Known Exploited Vulnerabilities to Catalog

• 2024 Tech Predictions: Hybrid Collaboration is Here to Stay

• US Gov Issues Warning for Androxgh0st Malware Attacks

• Apple Smashes Ban Hammer on Beeper iMessage Users

• Release Cybersecurity Guidance on Chinese-Manufactured UAS for Critical Infrastructure Owners and Operators

• Hidden iPhone Spyware iShutdown Unveiled – Research

• Badge Makes Device-Independent Authentication Platform Available

• Vendor Email Attacks Surged by 137% in Financial Sector in 2023

• OpenAI to use ChatGPT to curtail fake news and Deepfakes

• Come Together Right Now, IT Operations Teams

• What’s worse than paying an extortion bot that auto-pwned your database?

• Atlassian Warns of Critical RCE Vulnerability in Outdated Confluence Instances

• Kaspersky Details Method for Detecting Spyware in iOS

• Surge in Police Adoption of Private Cameras for Video Evidence Raises Privacy Concerns

• Holidays are over, but don’t let employees’ guard drop over fake shipping emails

• Skyhigh Security’s AI-driven DLP Assistant prevents critical data loss

• Apple To Drop Sensor From Some Watch Models – Report

• London Calling: Hey, US, Let’s Chat About Cyber AI – The Next WannaCry

• Unused Apps Could Still be Tracking and Collecting User’s Data

• Wing Security unveils automated protection against AI-SaaS risks

• New Phishing Scam Hooks META Businesses with Trademark Threats

• SMB Security Pack

• Transmission of Sensitive Data Policy

• Github rotated credentials after the discovery of a vulnerability

• China Backed Actors are Employing Generative AI to Breach US infrastructure

• Combating IP Leaks into AI Applications with Free Discovery and Risk Reduction Automation

• PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions

• Website Takeover Campaign Takes Advantage of Unauthenticated Stored Cross-Site Scripting Vulnerability in Popup Builder Plugin

• Twitter Appeal Against Search Warrant For Trump’s DMs Denied

• JFrog, AWS team up for machine learning in the cloud

• PSA: Anyone can tell if you are using WhatsApp on your computer

• Naz.API – 70,840,771 breached accounts

• Living Security Unify Power Insights identifies vulnerable members within an organization

• AI in Security — Ready for Prime Time

• Keeper Security Adds Support for Hardware Security Keys as Sole 2FA Method

• New research reveals disconnect between global university education and recruitment standards

• Salt Security Delivers another Technology Breakthrough with Industry’s only API Posture Governance Engine

• Shifting Paradigms: Cloud Security in the Post-Pandemic Era

• GitHub Rotates Credentials in Response to Vulnerability

• Achieving “Frictionless Defense” in the Age of Hybrid Networks

• AI Data Exposed to ‘LeftoverLocals’ Attack via Vulnerable AMD, Apple, Qualcomm GPUs

• What is the Difference Between Cyberstalking and Cyberbullying?

• AI’s Role in Cybersecurity for Attackers and Defenders in 2024

• Salt Security Adds Governance Engine to API Security Platform

• Cyber Security Today, Jan. 17, 2024 – Security updates issued for Atlassian, Citrix, VMware and Chrome products

• Vicarius raises $30 million to accelerate the development of new AI capabilities

• Consumer Tech in Business

• As hacks worsen, SEC turns up the heat on CISOs

• FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation

• OpenAI Announces Plans to Combat Misinformation Amid 2024 Elections

• US Supreme Court Snubs Apple App Store Appeal

• macOS Infostealers That Actively Involve in Attacks Evade XProtect Detection

• Citrix warns admins to immediately patch NetScaler for actively exploited zero-days

• Lessons learned upgrading to React 18 in SonarQube

• Windows Server 2022 patch is breaking apps for some users

• Opera Browser Users Beware: MyFlaw Bug Allows Hackers to Run Any File Remotely

• Kaspersky releases utility to detect iOS spyware infections

• Webinar: The Art of Privilege Escalation – How Hackers Become Admins

• Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials

• 75% of Organizations Hit by Ransomware in 2023

• Google Axes Hundreds Of Staff In Ad Sales Team

• Google Chrome Browser Zero-Day Vulnerability Exploited in Wild – Emergency Patch!

• Mastering Docker Networking Drivers: Optimizing Container Communication

• How to create a CSIRT: 10 best practices

• How a 27-Year-Old Codebreaker Busted the Myth of Bitcoin’s Anonymity

• Oracle Patches 200 Vulnerabilities With January 2024 CPU

• Here’s How ChatGPT Maker OpenAI Plans to Deter Election Misinformation in 2024

• US Government Urges Action to Mitigate Androxgh0st Malware Threat

• Industrial Defender collaborates with Dragos to enhance outcomes for OT operators

• New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone

• Print on Demand Power: Tech Accessories Driving Shopify Sales

• Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation

• Majorca Tourist Hotspot Hit With $11m Ransom Demand

• Dark web threats and dark market predictions for 2024

• Home improvement marketers dial up trouble from regulator

• Google fixes actively exploited Chrome zero-day (CVE-2024-0519)

• The 2023 Global Cybercrime Report: A look at the key takeaways

• Tips for Ensuring HIPAA Compliance

• GitHub Rotates Credentials and Patches New Bug

• Unified security operations with Microsoft Sentinel and Microsoft Defender XDR

• GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials

• Microsoft eases up data security framework for users of European Union

• How 5G Technology offers a secure network

• Combination of cheap .cloud domains and fake Shark Tank news fuel unhealthy wellness scams

• Key Considerations for Successful Cybersecurity Supply Chain Risk Management (C-SCRM)

• Top Insider Risk Management Predictions for 2024

• Security considerations during layoffs: Advice from an MSSP

• The 7 deadly cloud security sins and how SMBs can do things better

• CISOs’ crucial role in aligning security goals with enterprise expectations

• The right strategy for effective cybersecurity awareness

• Best practices to mitigate alert fatigue

• Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!

• PentestGPT – A ChatGPT Powered Automated Penetration Testing Tool

• IT teams unable to deliver data fast enough to match the speed of business

• Nokia walks the walk about its RAN to play on Uncle Sam’s China fears

• Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability

• FBI: Beware of thieves building Androxgh0st botnets using stolen creds

• Secure Your Secrets With .env

• Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887

• Atlassian fixed critical RCE in older Confluence versions

• Google fixed the first actively exploited Chrome zero-day of 2024

• VulnRecap 1/16/24 – Major Firewall Issues Persist

• IT Security News Daily Summary 2024-01-16

• Tokyo startup Sakana AI lands $30M to forge new path with compact AI models

• Netcraft Report Surfaces Spike in Online Healthcare Product Scams

• Google Warns of Chrome Browser Zero-Day Being Exploited

• A New Breed Of Security Leadership: How the Digital Age Is Transforming the Security Professional

• Facebook Bans Ads For Board Game About Voting Over “Sensitive Social Issues”

• Singapore seeks expanded governance framework for generative AI

• Cisco Automation Developer Days 2024 in Stockholm – Call for Speakers

• Locking down the edge

• WEF 2024 Report: Cybersecurity at the forefront, zero trust seen as critical for trust rebuilding

• Ivanti zero-day flaws under ‘widespread’ exploitation

• FCC adopts lead generation rules to protect consumer privacy

• Patch now: Critical VMware, Atlassian flaws found

• Inferno Drainer Phishing Nets Scammers $80M from Crypto Wallets

• Rethinking Threat Detection and Response in Cloud-Native Ecosystems

• Deepen Your Security Acumen with OffSec’s OWASP Top 10:2021 Learning Path

• Double trouble for VMware and Atlassian admins – critical flaws to fix

• Randall Munroe’s XKCD ‘Sheet Bend’

• Baidu denies any ties to reported Chinese military training on its GenAI chatbot

• VMware fixed a critical flaw in Aria Automation. Patch it now!

• Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)

• Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks

• More than 178,000 SonicWall firewalls are exposed to old denial of service bugs

• OpenAI: We’ll Stop GPT Misuse for Election Misinfo

• Phemedrone Stealer Targets Windows Defender Flaw Despite Patch

• WebCopilot – Automation Scanner To Find Latest Web Vulnerabilities

• A Flaw in Millions of Apple, AMD, and Qualcomm GPUs Could Expose AI Data

• Hackers begin mass exploiting Ivanti VPN zero-day flaws

• Snyk acquires Helios to bolster its AppSec platform

• MSSPs: Differentiate your Managed Security Offerings with Cisco XDR

• How Wi-Fi 7 Is About to Transform Business As We Know It

• Partnering with Government to Strengthen Cyber Resilience in Poland

• Comprehensive Guide to Patch Management Templates

• Vulnerabilities Expose PAX Payment Terminals to Hacking

• Ho, Ho, Hoooold on a Minute: A New Year Resolution That IoT Isn’t a Gift That Keeps on Taking

• SonicWall firewall admins urged to update to prevent devices from being compromised

• Fortinet unveils networking solution integrated with Wi-Fi 7

• New Tool Identifies Pegasus and Other iOS Spyware

• Dawnofdevil hacker group claims to steal Indian Income Tax department data

• How To Start Using Passkeys?

• Known Indicators of Compromise Associated with Androxgh0st Malware

• CISA and FBI Release Known IOCs Associated with Androxgh0st Malware

• A Symphony of Network Success: Simplify, Secure, and Scale with Cisco SD-WAN Enhancements

• Microsoft ‘Cherry-picked’ Examples to Make its AI Seem Functional, Leaked Audio Revealed

• The CISO’s guide to accelerating quantum-safe readiness

• Understanding Cloud Workload Protection: Technologies and Best Practices

• Ahead of Regulatory Wave: Google’s Pivotal Announcement for EU Users

• Skopenow Grid detects the earliest signals of critical risks

• 1,700 Ivanti VPN devices compromised. Are yours among them?

• Apple Becomes Top Smartphone Vendor By Volume For First Time

• Ivanti zero-day exploits explode as bevy of attackers get in on the act

• eBay Settles Blogger Harassment Case with $3 Million Fine

• Ivanti Patches Connect Secure Zero-day Flaws Under Attack

• GitLab Addressed A Critical Zero-Click Vulnerability With Latest Updates

• Nadella Says Microsoft ‘Comfortable’ With OpenAI Governance

• Check Point Research: 2023 – The year of Mega Ransomware attacks with unprecedented impact on global organizations

• Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits – Act Now

• VMware Urges Customers to Patch Critical Aria Automation Vulnerability

• 180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE

• Remote Code Execution Vulnerability Found in Opera File Sharing Feature

• Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation

• The Evolving Threat Landscape: Where Out-of-Band Communications Fit – Part One

• Volkswagen ‘In Talks’ With Blue Solutions For Solid-State EV Battery

• Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023

• Simplifying Kubernetes Deployments: An In-Depth Look at Helm

• How to Create an End-to-End Privileged Access Management Lifecycle

• GitLab Fixes Password Reset Bug That Allows Account Takeover

• Remcos RAT Spreading Through Adult Games in New Attack Wave

• Navigating the new frontier of cryptocurrency futures

• My Journey with Cisco: A Decade of Growth, Opportunity, and Empowerment

• Hacker Conversations: HD Moore and the Line Between Black and White

• Apple Supplier Goertek To Set Up Vietnam Unit

• Data Management for Small Businesses

• The Sad Truth of the FTC’s Location Data Privacy Settlement

• Crypto Heists Surge in 2023, $16.93m Already Stolen in 2024

• Microsoft Adds Copilot AI Subscriptions For Consumers, Small Business

• Case Study: The Cookie Privacy Monster in Big Global Retail

• 13 incident response best practices for your organization

• Accenture and SandboxAQ offer protection against quantum-based decryption attacks

• Multiple mortgage companies hit by cyber attacks

• New Year, New Scams – Health product scam campaigns abusing cheap TLDs

• Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

• Nominations Open for The Most Inspiring Women in Cyber Awards 2024

• Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins

• US Export Controls Fuel Revenue Surge For Chip-Tool Maker Nuara

• Why Therapists need Data Protection and Cybersecurity

• Shining Light on Employee Cybersecurity Awareness in Retail

• Ivanti Zero-Days Exploited By Multiple Actors Globally

• A lightweight method to detect potential iOS malware

• Crypto Firm HashKey Attains Unicorn Status With $100m Funding Round

• Hackers Abuse GitHub to Host Malicious Infrastructure

• Inferno Drainer Spoofs Over 100 Crypto Brands to Steal $80m+

• Integrating Zscaler ZIA with Sekoia.io

• Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims

• Russian Hackers Orchestrate Ukrainian Telecom Giant Attack

• Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer

• Mastermind Hacker Behind $2 Million Crypto Scam Arrested

• Cyber Attack on Telecommunications Company

• How does technology impact well-being? Cisco and OECD will launch a global study to find out.

• Experts warn of a vulnerability affecting Bosch BCC100 Thermostat

• Ransomware attacks witnessed 55% surge in 2023

• Critical Apache OFBiz Zero-day AuthBiz (CVE-2023-49070 and CVE-2023-51467)

• 10 cybersecurity frameworks you need to know about

• 3 ways to combat rising OAuth SaaS attacks

• Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations

• Geopolitical tensions combined with technology will drive new security risks

• China’s gambling crackdown spawned wave of illegal online casinos and crypto-crime in Asia

• Ontario city the latest to temporarily lose control of its X account

• Warren (Ohio) PD Launches Mark43 Records Management System

• The Cyber Risk Nightmare and Financial Risk Disaster of Using Personal Messaging Apps in The Workplace

• IT Security News Daily Summary 2024-01-15

• Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

• Anonymous Sudan Claims London Internet Exchange Attack Over Yemen Strikes

• More Than 100 Deepfake Ads Featuring British Prime Minister Spread On Facebook

• Thousands of Juniper Networks devices vulnerable to critical RCE bug

• IT World Canada strikes partnership with Canadian Cybersecurity Network

• Windows Defender SmartScreen Vulnerability Exploited with Phemedrone Stealer

• Revolutionizing Commerce With AI: Trends and Predictions

• Spot Technologies, now with $2M, will see AI security tech go into Mexico Walmarts

• Top 19 Network Security Threats + Defenses for Each

• EDRSilencer

• Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers

• British Cosmetics Retailer Lush Investigating Cyber Attack

• Honeytokens for Peace of Mind: Using Cyber Deception To Buy Time to Remediate at Scale

• What Is Compliance Monitoring for Remote Developers?

• How to secure APIs built with Express.js

• What is Identity Threat Detection and Response?

• GitHub Faces Rise in Malicious Use

• Navigating the Paradox: Bitcoin’s Self-Custody and the Privacy Challenge

• Researchers Uncover Major Surge in Global Botnet Activity

• Senators Demand Probe into SEC Hack After Bitcoin Price Spike

• Python-Based Tool FBot Disrupts Cloud Security

• Quantum Radiology ransomware attack turns nightmare to patients

• Ransomware: From Origins to Defense – How Zero Trust Holds the Key

• FTC secures first databroker settlement banning sale of sensitive location data

• Hacker Behind $2 Million Cryptocurrency Mining Scheme Arrested in Ukraine

• Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S.

• Chinese Organisations ‘Buy Nvidia AI Chips’ In Spite Of Restrictions

• US House ‘Asks Intel, Nvidia, Micron CEOs’ To Testify On China

• Critical flaw found in WordPress plugin used on over 300,000 websites

• Phemedrone info stealer campaign exploits Windows smartScreen bypass

• DDoS Attackers Put Environmental Services Firms in Their Crosshairs

• Beware of Malicious YouTube Channels Propagating Lumma Stealer

• AI-Driven Phishing on the Rise: NSA Official Stresses Need for Cyber Awareness

• ‘BIN’ Attacks: Cybercriminals are Using Stolen ‘BIN’ Details for Card Fraud

• Apple Offers iPhone Discounts In China Amidst Stiff Competition

• Fueling the Future: How Tech Funding Empowers IT Consultants in AI/ML and Cybersecurity

• Embedding Security Into Cloud Operations: 5 Key Considerations

• 3 Ransomware Group Newcomers to Watch in 2024

• Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows

• Cyber Security Today, Jan. 15, 2024 – Three warnings to application developers

• Tesla To Halt Production At Berlin Plant Amidst Red Sea Disruption

• HelloFresh Fined £140,000 for 80 Million Spam Messages

• Stupid Human Tricks: Top 10 Cybercrime Cases of 2023

• Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025)

• Environmental Websites Hit by DDoS Surge in COP28 Crossfire

• Information Stealer Exploits Windows SmartScreen Bypass

• How to Create Roles in PostgreSQL

• Beijing Court Rules AI Artwork Can By Copyrighted

• Setting Up a Docker Swarm Cluster and Deploying Containers: A Comprehensive Guide

• eBay Pays $3m Fine Over Harassment Campaign

• Expert Insight for Securing Your Critical Infrastructure

• GitLab Patches Critical Password Reset Vulnerability

• Forescout Report Uncovers New Details in Danish Energy Hack

• Juniper Networks Patches Critical Remote Code Execution Flaw in Firewalls, Switches

• Cloud Server Abuse Leads to Huge Spike in Botnet Scanning

• Trellix XDR Platform for RDR strengthens operational resilience

• British Library Catalogue Back Online After Ransomware Attack

• AI Challenges Notion That All Fingerprints Are Unique

• Network Penetration Testing Checklist – 2024

• Balada Injector continues to infect thousands of WordPress sites

• Trellix XDR Platform for RDR strengthens operational resilience for customers

• Security Experts Urge IT to Lock Down GitHub Services

• IMF: AI Could Impact 40 Percent Of Jobs Worldwide

• Ohio’s New Social Media Law, Meta’s Link History Feature, 175 Million Passcode Guesses

• 2024: Reflecting on a Dynamic, Tumultuous Cyber Year

• Dr. Martin Luther King, Jr. Day 2024

• Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)

• HelloFresh Fined £140K After Sending 80 Million Spam Messages

• China loathes AirDrop so much it’s publicized an old flaw in Apple’s P2P protocol

• Attackers target Apache Hadoop and Flink to deliver cryptominers

• Ransomware protection deconstructed

• Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

• High-Severity Flaws Uncovered in Bosch Thermostats and Smart Nutrunners

• DDoS Attacks on the Environmental Services Industry Surge by 61,839% in 2023

• Medusa Ransomware Unleashes New Tactics: Data Sale, Time Extension, and AI Threats

• A Comprehensive Guide to Penetration Testing in Public Clouds

• How To Combat the Mounting ‘Hacktivist’ Threat

• OT Cybersecurity: Safeguarding Building Operations in a Digitized World

• Flipping the BEC funnel: Phishing in the age of GenAI

• Adalanche: Open-source Active Directory ACL visualizer, explorer

• Preventing insider access from leaking to malicious actors

• Key elements for a successful cyber risk management strategy

• Government organizations’ readiness in the face of cyber threats

• The Top 10 Ransomware Groups of 2023

• China loathes AirDrop so much it’s publicized an old flaw in Apple’s P2P protocol

• Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic

• IT Security News Weekly Summary – Week 02

• IT Security News Daily Summary 2024-01-14

• Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Guarding the Digital Fortress: A Comprehensive Guide to Intrusion Detection and Prevention Systems

• Why Companies Are Moving Back to On-Premise From the Cloud

• Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Aussie Travel Agency Data Leak Puts Thousands of Tourists at Risk

• USENIX Security ’23 – Giulia Scaffino, Lukas Aumayr, Zeta Avarikioti, Matteo Maffei – Glimpse: On-Demand PoW Light Client With Constant-Size Storage For DeFi

• Researchers Claim Apple Was Aware of AirDrop User Identification and Tracking Risks Since 2019

• Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Attacks against Denmark ‘s energy sector were not carried out by Russia-linked APT

• Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Bengaluru Woman Escapes a Cyber-scam Attempt, After Indigo’s Bogus ‘Agents’ Cancel Rs.15,600 Tickets

• Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Strengthening Cybersecurity: The Role of Digital Certificates and PKI in Authentication

• Mastermind behind 1.8 million cryptojacking scheme arrested in Ukraine

• Here’s Why the World is Investing So Much in Semiconductors

• Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Tensorflow Supply Chain Compromise via Self-Hosted Runner Attack

• Morrisons’ ‘Robocop’ Pods Spark Shopper Backlash: Are Customers Feeling Like Criminals?

• Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• AI Unravels the Mystery of Fingerprints: Are We Truly Unique?

• Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• 3 Things to Ensure your start-up’s success

• New Findings Challenge Attribution in Denmark’s Energy Sector Cyberattacks

• Classic Baggie: Part 2 – How to run a Money Laundering Operation

• Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days

• Classic Baggie: A Delaware BEC Case calls him the leader of an International Criminal Organization

• Who’s Behind GoatRAT?

• Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

• Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Generated on 2024-01-22 00:00:12.666282