IT Security News Weekly Summary – Week 19

• IT Security News Daily Summary 2024-05-12

• Ransomware negotiator weighs in on the extortion payment debate with El Reg

• Dell API Abused to Steal 49 Million Customer Records in Data Breach

• Pro-Russia hackers targeted Kosovo’s government websites

• USENIX Security ’23 – GigaDORAM: Breaking the Billion Address Barrier

• Key Takeaways from RSA Conference 2024: AI and Data Security in Focus | Eureka Security

• Understanding the Complexities of VPNs: Balancing Privacy and Security in the Digital Age

• Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware

• WordPress Vulnerabilities, Exploiting LiteSpeed Cache and Email Subscribers Plugins

• Cyber Crime Wave: Chinese Scammers Target Europe with Fake Designer Brands

• Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

• Invoke AI Introduces Refined Control Features for Image Generation

• DNS Suffixes on Windows, (Sun, May 12th)

• Hackers Moving To AI But Lacking Behind The Defenders In Adoption Rates

• As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

• Dell Data Breach Exposes Personal Information Of 49 Million

• Side-by-Side with HelloJackHunter: Unveiling the Mysteries of WinSxS

• Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast

• Critical infrastructure security will stay poor until everyone pulls together

• IT Security News Daily Summary 2024-05-11

• Ohio Lottery data breach impacted over 538,000 individuals

• Ascension Cyber Attack Heightens Focus on Healthcare Cybersecurity Measures

• Microsoft Introduces Innovative AI Model for Intelligence Analysis

• Critical infrastructure security will stay poor unless everyone pulls together

• USENIX Security ’23 – Don’t be Dense: Efficient Keyword PIR for Sparse Databases – Distinguished Paper Award Winner

• New Cuckoo Malware Targeting macOS Users to Steal Sensitive Data

• The Mask: A Resilient Espionage Group Returns After a Decade

• Notorius threat actor IntelBroker claims the hack of the Europol

• RSA Conference 2024: AI hype overload

• It’s a wrap! RSA Conference 2024 highlights – Week in security with Tony Anscombe

• In it to win it! WeLiveSecurity shortlisted for European Security Blogger Awards

• How to talk about climate change – and what motivates people to action: An interview with Katharine Hayhoe

• Unpatchable VPN Vulnerability Exposes Data to Attackers: What You Need to Know

• Latvian TV Channels Hacked to Broadcast Russian Victory Day Parade

• Spike in Layoffs Pose Serious Cybersecurity Concerns

• Thousands Of Women Sent Naked Photos To Facebook “Lactation Consultant” Scammer

• Microsoft Deploys Generative AI for US Spies

• A cyberattack hit the US healthcare giant Ascension

• Health Care Network in Crisis: Cyberattack Shuts Down Operations Across US

• PoC Released for Critical PuTTY Private Key Recovery Vulnerability

• GFTrace- A Command Line Windows API Tracing Tool For Golang Binaries

• Attack Makes Autonomous Vehicle Tech Ignore Road Signs

• How to Get PCI Compliance Certification? Steps to Obtain it

• FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT

• ‘The Mask’ Espionage Group Resurfaces After 10-Year Hiatus

• HackCar – Attack AND Defense Playground For Automotive System

• Scammers found planting online betting ads on Indian government websites

• Cisco reimagines cybersecurity at RSAC 2024 with AI and kernel-level visibility

• Europol Hacked? IntelBroker Claims Major Law Enforcement Breach

• 2024-05-09: GootLoader activity

• Ascension Healthcare Cyberattack: Disruptions and Emergency Service Diversions

• Cloud Monitor Scans For Risky Video Files in Google Drive/OneDrive

• Cyber Towns – and Interview with Francois Guay: Cyber Security Today Weekend for May 11, 2024

• IT Security News Daily Summary 2024-05-10

• The FBI is Playing Politics with Your Privacy

• New LLMjacking Attack Lets Hackers Hijack AI Models for Profit

• Nmap 7.95 Released: Enhanced Network Scanning with More OS and Service Detection Power

• Iran most likely to launch destructive cyber-attack against US – ex-Air Force intel analyst

• Analysis of CVE-2024-4671: A Critical Zero-Day in Google Chrome

• CISA and Partners Release Advisory on Black Basta Ransomware

• #StopRansomware: Black Basta

• Healthcare Software Company Gains Comprehensive Visibility with LogRhythm Axon

• Emerald Divide Uses GenAI to Exploit Social, Political Divisions in Israel Using Disinformation

• Cybercriminals hit jackpot as 500k+ Ohio Lottery lovers lose out on their personal data

• Dell Data Breach Could Affect 49 Million Customers

• Why Active Directory Is A Big Deal?

• Malware Lurking in Minecraft Source Packs

• Update your Chrome browser ASAP. Google has confirmed a zero-day exploited in the wild

• ‘TunnelVision’ Attack Leaves Nearly All VPNs Vulnerable to Spying

• Dell Hell: 49 Million Customers’ Information Leaked

• Apple updates its Platform Security Guide

• Threat actor says he scraped 49M Dell customer addresses before the company found out

• The 2023 USG Data Breach: 800 Accounts Compromised, A Closer Look

• Dell admits data breach of over 49 million customers via Cyber Attack

• Adaptive Shield Launches SaaS Security for AI at RSA Conference 2024 to Mitigate GenAI Revolution Risks

• New Attack Against Self-Driving Car AI

• The Top 7 IAM Tools in 2024

• Google Staff Question Layoffs After Record Earnings

• Patch Tuesday

• US officials optimistic on AI but warn of risks, abuse

• Leaked FBI Email Stresses Need For Warrantless Surveillance Of Americans

• FBI Working Towards Nabbing Scattered Spider Hackers, Official Says

• Ex-White House Election Threat Hunter Weighs In On What To Expect In November

• MoD Contractor Hacked By China Failed To Report Breach For Months

• 500,000 Impacted By Ohio Lottery Ransomware Attack

• USENIX Security ’23 – URET: Universal Robustness Evaluation Toolkit (for Evasion)

• Akamai Expands into API Security with $450 Million Noname Deal

• US Authorities Charge LockBit Ransomware Ringleader

• North Korean Hackers Deploy New Golang Malware ‘Durian’ Against Crypto Firms

• Microsoft’s Brad Smith summoned by Homeland Security committee over ‘cascade’ of infosec failures

• Telus Acquires Cybersecurity Services Firm Vumetric

• UK’s AI Safety Institute Unveils Platform to Accelerate Safe AI Development

• New LLMjacking Attack Uses Stolen Cloud Credentials to Target Cloud-Hosted AI Models

• Dell notifies customers about data breach

• Healthcare Giant Ascension Hacked, Hospitals Diverting Emergency Service

• DocGo Confirms Cyberattack: Patient Health Data Breach

• Defending Against Hackers in the Public Sector Is a Different Beast

• GhostStripe attack haunts self-driving cars by making them ignore road signs

• Android Remote Access Trojan Equipped to Harvest Credentials

• Update: Thwarted Cyberattack Targeted Library of Congress in Tandem With October British Library Breach

• PRODUCT REVIEW: SYXSENSE ENTERPRISE

• DDoS Attack Size Increased by 233.33%, UDP-Based are Popular

• How Can Businesses Defend Themselves Against Common Cyberthreats?

• CensysGPT: AI-Powered Threat Hunting for Cybersecurity Pros (Webinar)

• Report: Global Ransomware Crisis Worsens

• Red Sea Crisis and the Risk of Cyber Fallout

• Microsoft to Enforce Executive Accountability for Cybersecurity

• How to Maintain Your Cyber Security Hygiene for a Vulnerability-free Environment

• ‘Four horsemen of cyber’ look back on 2008 DoD IT breach that led to US Cyber Command

• Ransomware Attacks Impact 20% of Sensitive Data in Healthcare Orgs

• Monday.com Removes “Share Update” Feature Abused for Phishing Attacks

• Exploited Chrome Zero-Day Patched by Google

• In Other News: European Parliament Breach, DocGo Hack, VMware Advisories Moved

• New LLMjacking Used Stolen Cloud Credentials to Attack Cloud LLM Servers

• Russia-linked APT28 targets government Polish institutions

• Google fixes fifth actively exploited Chrome zero-day this year

• BSidesSF 2024: A Community Event Anchored To Hope For The Future Of Security

• CISA Explains Why it Doesn’t Call Out Tech Vendors by Name

• OpenAI To Announce Google Search Competitor Next Week – Report

• Widely Used Telit Cinterion Modems Open to SMS-based Device Takeover Attacks

• RSAC: Experts Highlight Novel Cyber Threats and Tactics

• Cyber Security Headlines: F5 Big-IP warning, UK Army breach, BetterHelp pays out

• Citrix Warns Customers to Update PuTTY Version Installed on Their XenCenter System Manually

• Regulators are Coming for IoT Device Security

• Malicious Android Apps Pose as Google, Instagram, WhatsApp, Spread via Smishing

• What’s the Right EDR for You?

• Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability

• Biden Admin Set To Impose Tariffs On Chinese Electric Vehicles

• CISA Starts CVE “Vulnrichment” Program

• RSA Conference 2024 – Announcements Summary (Day 4)

• 500,000 Impacted by Ohio Lottery Ransomware Attack

• HijackLoader Malware Attack Windows Via Weaponized PNG Image

• Develop Valuable Cyber Security Skills Over a Lifetime for Only $56

• Cybercriminals are Getting Faster at Exploiting Vulnerabilities

• Google Fixes Fifth Chrome Zero-Day Exploited in Attacks This Year

• SocGholish Sets Sights on Victim Peers

• Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671)

• Cyber Security Today, May 10 ,2024 – Patches for F5’s Next Central Manager released, Dell discovers data theft covering millions of buyers, and more

• North Korean Hackers Abusing Facebook & MS Management Console

• Singapore updates cybersecurity law to expand regulatory oversight

• Transparency is sorely lacking amid growing AI interest

• How implementing a trust fabric strengthens identity and network

• RSAC 2024: AI hype overload

• Researchers Uncover ‘LLMjacking’ Scheme Targeting Cloud-Hosted AI Models

• Google Chrome Zero-day Exploited in the Wild, Patch Now

• Best Practices for Companies in protection of User Data

• Stack Overflow Users Delete Posts in Protest Over OpenAI Partnership

• Dell Hacked – Attackers Stolen 49 Million Customers Personal Information

• Britain NCSC faces Password Embarrassment

• Warning! Google Chrome Zero-day Vulnerability Exploited in Wild

• Citrix warns customers to update PuTTY version installed on their XenCenter system manually

• May 2024 Patch Tuesday forecast: A reminder of recent threats and impact

• How secure is the “Password Protection” on your files and drives?

• Researchers Hacked Apple Infrastructure Using SQL Injection

• Cybercriminals are getting faster at exploiting vulnerabilities

• Nmap 7.95 released: New OS and service detection signatures

• Selfie spoofing becomes popular identity document fraud technique

• GenAI enables cybersecurity leaders to hire more entry-level talent

• New infosec products of the week: May 10, 2024

• ISC Stormcast For Friday, May 10th, 2024 https://isc.sans.edu/podcastdetail/8976, (Fri, May 10th)

• Researchers Hacked into Apple Infrastructure Using SQL Injection

• The Post Millennial – 26,818,266 breached accounts

• 5 Reasons Structured Cabling Networks are Critical for IT Security Management

• Dell Discloses Data Breach As Hacker Sells 49 Million Customer Data

• NASA Must Improve Spacecraft Cybersecurity, GAO Report Finds

• IT Security News Daily Summary 2024-05-09

• How to inspire the next generation of scientists | Cybersecurity podcast

• Ex-White House election threat hunter weighs in on what to expect in November

• The Road to CTEM, Part 1: The Role of Validation

• Recent Breaches in Israel and Iran: A Closer Look at Cybersecurity Vulnerabilities

• TikTok To Label AI-Generated Content From Other Platforms

• No Country Should be Making Speech Rules for the World

• Why Reddit’s new content policy is a big win for your privacy

• Accenture Lands $789 Million Contract to Bolster U.S. Navy Cybersecurity

• Why Reddit’s new content policy is a big win for user privacy

• New Mexico Attorney General Blasts Facebook Again For Failing To Stop Child Exploitation

• US faith-based healthcare org Ascension says ‘cybersecurity event’ disrupted clinical ops

• Climate concerns: Personal advice on how to navigate eco-anxiety

• Cybersecurity Training and Cyber Insurance: Bridging the Gap with Continuous Improvement

• Massive Online Shopping Scam Racks Up 850,000 Victims

• New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation

• RSAC: How CISOs Should Protect Themselves Against Indictments

• RSAC: Why Cybersecurity Professionals Have a Duty to Secure AI

• One in Four Tech CISOs Unhappy with Compensation

• A new alert system from CISA seems to be effective — now we just need companies to sign up

• GitHub takes aim at software supply chain security

• Dell discloses data breach impacting millions of customers

• Global attackers targeting US critical infrastructure should be ‘wake-up call’

• Dell customer order database of ’49M records’ stolen, now up for sale on dark web

• Dell Says Customer Names, Addresses Stolen in Database Breach

• London Drugs cyber attack: What businesses can learn from their week-long shutdown

• #RSAC: Why Cybersecurity Professionals Have a Duty to Secure AI

• Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)

• Tesla Ordered To Provide NHTSA With Autopilot Recall Data

• Neuralink’s First Human Brain Implant Develops Malfunction

• FBI Warns US Retailers That Cybercriminals Are Targeting Their Gift Card Systems

• Answering Your Top 9 Questions About Monitoring in Kubernetes

• OpenAI and Stack Overflow Partnership: A Controversial Collaboration

• Crypto’s New Cybersecurity Initiative Led by Justine Bone

• #RSAC: How CISOs Should Protect Themselves Against Indictments

• Combatting foreign interference

• How Criminals Are Using Generative AI

• Network Security for Schools: Tools, Tips, And Best Practices

• Ascension suffers Cyber Attack

• Navigating the Future: Zero Trust and SSE in Cybersecurity Leadership Strategies

• The Top Four Things Tech Manufacturers can do to Bolster the Cybersecurity of Target-Rich, Cyber-Poor Organizations

• Graduation to Adulting: Navigating Identity Protection and Beyond!

• alpitronic Hypercharger EV Charger

• CISA Releases Four Industrial Control Systems Advisories

• Rockwell Automation FactoryTalk Historian SE

• Delta Electronics InfraSuite Device Master

• How Workforce Reductions Affect Cybersecurity Postures

• Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign

• New ‘LLMjacking’ Attack Exploits Stolen Cloud Credentials

• CrowdStrike Enhances Cloud Asset Visualization to Accelerate Risk Prioritization

• FBI Warns US Retailers That Cybercrimnals Are Targeting Their Gift Card Systems

• ‘Secure by design’ makes waves at RSA Conference 2024

• Dell discloses data breach of customers’ physical addresses

• Zscaler Investigates Hacking Claims After Data Offered For Sale

• TunnelVision DHCP Flaw Lets Attackers Bypass VPNs, Redirect Traffic

• UK Armed Forces’ Personal Data Hacked In MoD Breach

• LockBit Takes Credit For City Of Wichita Ransomware Attack

• AWS CloudQuarry: Digging For Secrets In Public AMIs

• CIOs and CFOs, two parts of the same whole

• Update: Boeing Confirms Attempted $200 Million Ransomware Extortion Attempt

• Criminal Use of AI Growing, But Lags Behind Defenders

• Chinese Attackers Deployed Backdoor Quintet to Down MITRE

• MITRE Links Recent Attack to China-Associated UNC5221

• Analyzing PDF Streams, (Thu, May 9th)

• How Data Fabric Architecture Helps Enhance Security Governance

• Microsoft Will Hold Executives Accountable for Cybersecurity

• Poland Says it was Targeted by Russian Military Intelligence Hackers

• With Nation-State Threats in Mind, Nearly 70 Software Firms Agree to Secure by Design Pledge

• Mobile Banking Malware Surges 32%

• Biden Admin Mulls Export Restrictions For AI Models – Report

• Social engineering in the era of generative AI: Predictions for 2024

• Generative AI is a Looming Cybersecurity Threat

• Empowering Indigenous Data Sovereignty: The TTP-Microsoft Partnership

• ASD’s ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies

• Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs

• Security Tools Fail to Translate Risks for Executives

• LockBit Takes Credit for City of Wichita Ransomware Attack

• F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026)

• Threat Actors Accessed Cancer Patients’ Data left Open by Testing Lab

• April 2024’s Most Wanted Malware: Surge in Androxgh0st Attacks and the Decline of LockBit3

• Five business use cases for evaluating Azure Virtual WAN security solutions

• Upgrade Your Cybersecurity With This VPN That’s Only $70 for Three Years

• Build a resilient network: What I learned from 5 thought leaders

• Mirai Botnet Exploits Ivanti Connect Secure Flaws for Payload Delivery

• Zscaler swats claims of a significant breach

• Threat Actors Accessed Cancer patients’ Data left Open by Testing Lab

• CISA Extends CIRCIA Rule Comment Period

• Quishing Campaign Exploits Microsoft Open Redirect Vulnerability

• BetterHelp Customers Begin Receiving Refund Notices From $7.8M Data Privacy Settlement, FTC Says

• CISA Announces CVE Enrichment Project ‘Vulnrichment’

• Ofcom Urges Tech Firms To Tame Toxic Algorithms

• Cyber Attack On Data Center Cooling Systems Leads To Disruption

• Report: 97% of Organizations Hit by Ransomware Turn to Law Enforcement

• AI-Powered Russian Network Pushes Fake Political News

• IntelBroker Hacker Leaks Alleged HSBC & Barclays Bank Data

• Zscaler is investigating data breach claims

• Fake E-commerce Network Scams $50M from American, European, Australian Shoppers

• Android App Security Alert: Proactive Measures to Prevent Unauthorized Control

• Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery

• New Guide: How to Scale Your vCISO Services Profitably

• Microsoft Passkey Authentication Now Available For Personal Accounts

• DocGo patient health data stolen in cyberattack

• F5 Patches Dangerous Vulnerabilities in BIG-IP Next Central Manager

• Cyber Security Headlines: Lockbit hit Wichita, AI export bans, Pathfinder on Intel

• Understanding the Zero-Trust Landscape

• SocGholish Attacks Enterprises Via Fake Browser Updates

• Pktstat: Open-Source Ethernet Interface Traffic Monitor

• FBI Warns of Gift Card Fraud Ring Targeting Retail Companies

• AuditBoard enhances InfoSec Solutions to reduce compliance fatigue across the organization

• How long does it take to crack a password in 2024?

• The Future of Phishing Email Training for Employees in Cybersecurity

• Data Classification Policy

• CISA starts CVE “vulnrichment” program

• Jack Dorsey Resigns From Bluesky Board, Calls X ‘Freedom Technology’

• Alert! Hackers Running Thousands of Fake Webshops : 850,000+ Cards Stolen

• APT trends report Q1 2024

• Silverfort Announces New Integration with Microsoft Entra ID EAM

• BigID equips security teams with AI-guided data security and risk remediation recommendations

• Secureworks Taegis NDR identifies malicious activity on the network

• Ransomware Criminals SIM Swap Executives’ Kids to Pressure Parents

• RSA Conference 2024 – Announcements Summary (Day 3)

• Critical Start adds multiple frameworks to Risk Assessments

• US Advances on Cyber Goals Amid Rapidly Changing Threat Environment, White House Says

• Crypto Mixer Money Laundering: Samourai Founders Arrested

• Veeam Fixes RCE Flaw in Backup Management Platform

• Two-Thirds of Organizations Failing to Address AI Risks, ISACA Finds

• AI Regulation in Finance: Steering the Future with Consumer Protection at the Helm

• Skyhigh Security boosts data protection measures with AI innovations

• Fake Online Stores Scam Over 850,000 Shoppers

• F5’s Next Central Manager Vulnerabilities Let Hackers Take Full Device Control Remotely

• Experts warn of two BIG-IP Next Central Manager flaws that allow device takeover

• Undetectable Threats Found in F5 BIG-IP Next Central Manager

• Zscaler Investigates Hacking Claims After Data Offered for Sale

• Polish Government Under Sophisticated Cyber Attack From APT28 Hacker Group

• Bangladesh IT Provider Database Compromise: 95k Email Addresses Leaked

• Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover

• How Nudge Security is useful in a merger or acquisition

• LockBit Ransomware Group demands $200 million ransom from Boeing

• Regulators are coming for IoT device security

• ISC Stormcast For Thursday, May 9th, 2024 https://isc.sans.edu/podcastdetail/8974, (Thu, May 9th)

• Global ransomware crisis worsens

• Why SMBs are facing significant security, business risks

• Ransomware attacks impact 20% of sensitive data in healthcare orgs

• Build Strong Information Security Policy: Template & Examples

• 3 CIS resources to help you drive your cloud cybersecurity

• Tappware – 94,734 breached accounts

• RSAC: Three Strategies to Boost Open-Source Security

• API Security and The Silent Menace of Unknown APIs

• What do Europeans, Americans and Australians have in common? Scammed $50M by fake e-stores

• CISA Announces Secure by Design Commitments from Leading Technology Providers

• Undersea cables must have high-priority protection before they become top targets

• IT Security News Daily Summary 2024-05-08

• Undersea cables are high-priority targets – it’s high time to make these global pathways more resilient

• IntelBroker Hacker Claims Breach of Top Cybersecurity Firm, Selling Access

• Facebook Accused Of Doing Nothing To Stop Taylor Swift Ticket Scams

• #RSAC: Three Strategies to Boost Open-Source Security

• Advantages of Adopting SOCaaS for Organizations

• Encrypted services Apple, Proton and Wire helped Spanish police identify activist

• US Patent and Trademark Office confirms another leak of filers’ address data

• LockBit gang claimed responsibility for the attack on City of Wichita

• Token Security Raises $7 Million Seed Funding for Machine-First Identity Security

• Ransomware Attacks are Up, but Profits are Down: Chainalysis

• Looking for reliable AI? Enkrypt identifies safest LLMs with new tool

• RSAC: Researchers Share Lessons from the World’s First AI Security Incident Response Team

• RSAC: CISA Launches Vulnrichment Program to Address NVD Challenges

• New TunnelVision technique can bypass the VPN encapsulation

• Big Vulnerabilities in Next-Gen BIG-IP

• Aembit Launches Terraform Provider to Enable Infrastructure as Code

• Implementing Zero Trust: Beyond Internal Network Models

• US Revokes Some Intel, Qualcomm China Export Licences – Report

• FTX To Repay Creditors In Full, $11 Billion

• SAFECOM Publishes 2024 SAFECOM Strategic Plan

• Desperate Taylor Swift Fans Defrauded by Ticket Scams

• Blackwell Security Raises $13M in Funding

• Shields Up: How to Minimize Ransomware Exposure

• FBI Investigates Thousands of Fake Emails Warning of Cyber Threat You Must Do 1 Thing

• Top FBI Official Urges Agents to Use Warrantless Wiretaps on US Soil

• Heimdal Welcomes Jesper Frederiksen as Its New Chief Executive Officer

• Akamai to Acquire Noname for $450 Million

• Debating the Risks and Realities of Artificial General Intelligence

• #RSAC: CISA Launches Vulnrichment Program to Address NVD Challenges

• How Does ANY RUN Sandbox Protect Enterprise Users By Utilizing Advanced Tools

• #RSAC: Researchers Share Lessons from the World’s First AI Security Incident Response Team

• LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites

• Patch management vs. vulnerability management: Key differences

• What Can Go Wrong When Police Use AI to Write Reports?

• Free Speech Around the World | EFFector 36.6

• TrustRadius recognises KnowBe4 for fifth year running in Security Awareness Training

• BetterHelp Agrees to $7.8 Million Settlement for Health Data Sharing with 800,000 Users

• Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution

• How to prevent social media data leak

• EU Requests Content Moderation Data From X

• CISA boss: Secure code is the ‘only way to make ransomware a shocking anomaly’

• Six Austrians Arrested in Multi-Million Euro Crypto Scheme

• The best VPN for Mac in 2024: Expert tested and reviewed

• How Tech Can Help you Obtain a Building Passport: Net-Zero Building Certification Guide

• Press Release: OX Security and HCLSoftware Announce Strategic Partnership to Launch AppScan Supply Chain Security

• LAPD Website Unexpectedly Offline; Ransomware Ruled Out, Cause Unclear

• Chinese Hack Exposes Ministry Of Defence Payroll Data

• Go Beyond at Cisco Live with Cisco Customer Experience

• Secure Firewall & Multicloud Defense: Secure Connectivity With Simplified Policy Across Clouds

• Is Your iPhone at Risk? Understanding iPhone Spyware Issue

• New Spectre-Style ‘Pathfinder’ Attack Targets Intel CPU, Leak Encryption Keys and Data

• A SaaS Security Challenge: Getting Permissions All in One Place

• 10,000 Customers’ Data Exposed in UK Government Breaches

• Breaking down Microsoft’s pivot to placing cybersecurity as a top priority

• CISA Unveils New Public Service Announcement – We Can Secure Our World

• Findings Show MFA Bypass in Microsoft Azure Entra ID Using Seamless SSO

• Microsoft touts expansion of Secure Future Initiative

• 20+ Xiaomi Vulnerabilities Put Users’ Data and Devices at Risk

• Desperate Taylor Swift fans defrauded by ticket scams

• One year on, universities org admits MOVEit attack hit data of 800k people

• Free Workshop from Security Risk Advisors Empowers Organizations to Select Optimal OT Security Tools

• New Attack Renders Most VPN Apps Vulnerable

• SentinelOne Singularity Cloud Native Security simulates harmless attacks on cloud infrastructure

• Akamai Recognized as a Customers? Choice for Cloud WAAP for the 5th Year

• Expert Insight: ‘Minding the gap’: how can we work to make cyber accessible for women?

• Healthcare Cybersecurity Firm Blackwell Raises $13 Million

• New ‘TunnelVision’ Technique Leaks Traffic From Any VPN System

• News alert: Hunters announces full adoption of OCSF, introduces OCSF-native search

• Harnessing the Power of the Kraken: A Deep Dive into the Kraken Model of Innovation

• TikTok Ban — ByteDance Sues US to Kill Bill

• A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities

• Fortinet and NATO’s Annual “Exercise Locked Shields” Cyber Wargames

• Overcoming Common Data Security Challenges

• Cado Security launches solution for forensic investigations in distroless container environments

• Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)

• CrushFTP Vulnerability Exploited in Wild to Execute Remote Code

• Double Threat to WordPress- Patch Now to Stay Secure

• Stop Chasing Breaches: Build a Resilient Security Architecture

• 1-15 February 2024 Cyber Attacks Timeline

• CyberSaint releases NIST CSF Benchmarking Feature

• Is fear slowing down the adoption of self-driving cars?

• Apple ‘Let Loose’ Event Updates iPad Air, iPad Pro, Accessories

• Sophos vs. Palo Alto: Intercept X vs. Cortex XDR (Comparison, Reviews, And Alternatives)

• RSA Conference 2024 – Announcements Summary (Day 2)

• Android Update Patches Critical Vulnerability

• Brandywine Realty Trust Hit by Ransomware

• Assessing F Society’s Latest Ransomware Targets: Are They at Risk?

• Scattered Spider: Hackers Attacking Commercial Sectors, Cops Troubled

• Hackers Abuse Google Search Ads to Deliver MSI-Packed Malware

• LiteSpeed Cache WordPress plugin actively exploited in the wild

• BetterHelp to Pay $7.8 Million to 800,000 in Health Data Sharing Settlement

• Ghost Security Phantasm detects attackers targeting APIs

• UK opens investigation of MoD payroll contractor after confirming attack

• MITRE breach details reveal attackers’ successes and failures

• Traceable launches Generative AI API Security to combat AI integration risks

• Photos: RSA Conference 2024

• Cyber Security Headlines: LockBit ringleader indicted, DocGo cyberattack, UK military data compromise

• Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version

• The Fundamentals of Cloud Security Stress Testing

• Registration Opens for International Cyber Expo 2024: Where Cyber Leaders Converge to Shape Tomorrow’s Defences

• Report: Log4J Still Among Top Exploited Vulnerabilities

• Certificate Lifecycle Management Best Practices

• MITRE and NVIDIA build AI supercomputer for federal agency use

• Cloudflare for Unified Risk Posture identifies cyber threats

• TikTok Sues To Halt US Divest Or Ban Law

• Veeam RCE Flaws Let Hackers Gain Access To VSPC Servers

• Salt Security Unveils First AI-Infused API Security Platform to Address Proliferation of GenAI Application Development

• University System of Georgia Says 800,000 Impacted by MOVEit Hack

• Inpher SecurAI protects the privacy of user inputs on large language models

• nodeQ launches PQtunnel to simplify the migration to PQC for both SMEs and large enterprises

• Forcepoint ONE Data Security simplifies data protection with zero-trust principles for all organizations

• Critical PDF.js & React-PDF Vulnerabilities Threaten Millions Of PDF Users

• A (Strange) Interview the Russian-Military-Linked Hackers Targeting US Water Utilities

• Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606

• State of ransomware in 2024

• CyberSmart announces expansion into the Australian market with HAT Distribution partnership

• Update: MITRE Attributes the Recent Attack to China-linked UNC5221

• Ransomware Operations are Becoming Less Profitable

• Red Hat launches RHEL AI for streamlined GenAI model testing and deployment

• Theori unveils Xint to automate security operations in cloud and hybrid environments

• Stephen Khan Receives Infosecurity Europe Hall of Fame Award, to Deliver Keynote on Four Essential Attributes CISOs Need to Succeed

• Netcraft Announces New AI-Powered Innovations to Disrupt and Expose Criminal Financial Infrastructure

• Combatting Deepfakes in Australia: Content Credentials is the Start

• Scattered Spider Group a Unique Challenge for Cyber Cops, FBI Leader Says

• Eclypsium offers protection for GenAI hardware infrastructure

• Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)

• AppOmni introduces ZTPM for enhanced cisibility in SaaS security

• A Third of Tech CISOs Are Unhappy With Their Income

• Cyber Security Today, May 8, 2024 – Alleged LockBit ransomware leader is identified, the gang makes false claims of new victims

• Hackers Employing Steganography Methods to Deliver Notorious RemcosRAT

• Hackers Actively Exploiting Ivanti Pulse Secure Vulnerabilities

• Price Drop: This Complete Ethical Hacking Bundle is Now $40

• Hackers Exploit LiteSpeed Cache Flaw to Create WordPress Admins

• ExtraHop releases AI tools to automate SOC workflows

• MedStar Health and DocGo Reveal Data Breaches

• ANSI and the International Society of Automation Explained

• Hey, You. Get Off of My Cloud

• Over 50,000 Tinyproxy Servers Vulnerable to Critical RCE Flaw

• Law Enforcement Agencies Identified LockBit Ransomware Admin and Sanctioned Him

• Forgepoint Capital boosts Nudge Security’s seed round

• AppViewX AVX ONE provides visibility, automation and control of certificates and keys

• New Relic introduces Secure Developer Alliance for enhanced security insights

• Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

• UK Ministry of Defense disclosed a third-party data breach exposing military personnel data

• Ten years since the first corp ransomware, Mikko Hyppönen sees no end in sight

• Liongard unveils Managed Attack Surface Solution for SMBs, mid-market, and enterprise clients

• Accenture partners with Mandiant to improve cybersecurity operations

• Bitwarden adds mobile passkey support for everyone

• Global Cybercrime Report 2024: Which Countries Face the Highest Risk?

• Relyance AI release Asset Intelligence and DSPM for data visibility and compliance

• Analyzing Synology Disks on Linux, (Wed, May 8th)

• Ransomware hackers calling parents from their Children mobile phone numbers

• Safeguarding Your Family: Strategies for Achieving Data Security

• Google Simplifies Two-Factor Authentication Setup Process

• 97% of organizations hit by ransomware turn to law enforcement

• Best API Security Product: Wallarm wins 2024 Cybersecurity Excellence Award

• Security tools fail to translate risks for executives

• ISC Stormcast For Wednesday, May 8th, 2024 https://isc.sans.edu/podcastdetail/8972, (Wed, May 8th)

• Cybersecurity jobs available right now: May 8, 2024

• Pktstat: Open-source ethernet interface traffic monitor

• From infosec to skunks, RSA Conference SVP spills the tea

• UnitedHealth’s ‘egregious negligence’ led to Change Healthcare ransomware infection

• The complexities of third-party risk management

• Kaseya Connect Global 2024 Day 3 Recap

• How workforce reductions affect cybersecurity postures

• UnitedHealth’s ‘egregious negligence’ led to Change Healthcare infection

• How to inspire the next generation of scientists | Unlocked 403: Cybersecurity podcast

• Detecting XFinity/Comcast DNS Spoofing, (Mon, May 6th)

• America’s War on Drugs and Crime will be AI powered, says Homeland Security boss

• #RSAC: Two-Thirds of Organizations Failing to Address AI Risks, ISACA Finds

• Major UK Security Provider Leaks Trove of Guard and Suspect Data

• Watch out for rogue DHCP servers decloaking your VPN connections

• IT Security News Daily Summary 2024-05-07

• Brandywine Realty Trust says data stolen in ransomware attack

• Law enforcement agencies identified LockBit ransomware admin and sanctioned him

• Google Continues Mixing Generative AI into Cybersecurity

• RSAC: Decoding US Government Plans to Shift the Software Security Burden

• INFRAM24: Measuring your IT strategy and capabilities to drive adoption and improve outcomes

• CISA’s early-warning system helped critical orgs close 852 ransomware holes

• The UK Says a Huge Payroll Data Breach by a ‘Malign Actor’ Has Exposed Details of Military Personnel

• #RSAC: Decoding US Government Plans to Shift the Software Security Burden

• 2024 OWASP Mobile Top Ten Risks

• HYPR and Microsoft Partner on Entra ID External Authentication Methods

• RSAC: Log4J Still Among Top Exploited Vulnerabilities, Cato Finds

• Security researchers say this scary exploit could render all VPNs useless

• TikTok sues America to undo divest-or-die law

• Danile Stori’s ‘Vulnerable Code’

• Google Makes Implementing 2FA Simpler

• Rising Threat: Hackers Exploit Microsoft Graph for Command-and-Control Operations

• Brokewell Malware Spreads Via Fake Chrome Updates On Mobile Devices

• Code Execution Vulnerability Found In R Language

• Android Ruins VPN Use Due To Its DNS Leak Flaw

• Feds Unmask LockBit Ransomware Leader as Dmitry Yuryevich Khoroshev

• The best travel VPNs of 2024: Expert tested and reviewed

• U.S. Charges Russian Man as Boss of LockBit Ransomware Group

• AT&T Splits Cybersecurity Services Business, Launches LevelBlue

• Speaking Freely : Nompilo Simanje

• LockBit Ransomware Mastermind Unmasked, Charged

• Microsoft Uncovers Major Security Flaw in Android Apps with Billions of Downloads

• What we learned from the indictment of LockBit’s mastermind

• TXOne Networks Scores $51M Series B Extension

• Check Point Protects Enterprises by Accelerating Security for Networks and AI Cloud Infrastructure, in Collaboration with NVIDIA

• Cops finally unmask ‘LockBit kingpin’ after two-month tease

• Germany Recalls Ambassador to Russia Over Cyberattacks

• Detect and Destroy Cyber Threats with Red Piranha

• Authorities identify, sanction LockBit ransomware ringleader

• Report: Only 45% of Organizations Use MFA to Protect Against Fraud

• ATM Card Trap Scam: How to Stay Safe

• #RSAC: Log4J Still Among Top Exploited Vulnerabilities, Cato Finds

• UK Military data breach and LockBit admin identified

• How to configure sudo privilege and access control settings

• New Attack on VPNs

• Niobium Raises $5.5M for Zero Trust Computing Hardware Acceleration

• LockBit leader unmasked: US charges Russian national

• Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator

• SUBNET Substation Server

• PTC Codebeamer

• CISA Releases Two Industrial Control Systems Advisories

• Cisco Observability Platform is a game changer for digital-first organizations

• Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training

• Cybereason Announces the Availability of Cybereason Mobile Threat Defence in Response to Increases in Sophisticated Mobile Device Attacks

• zEus Stealer Distributed via Crafted Minecraft Source Pack

• White House in Talks With Industry to Build Legal Framework for Software Liability

• Investigators finally unmask LockBit kingpin after two-month tease

• Scammers Targeting WhatsApp Groups in UK

• Ransomware Strikes Wichita, Services Disrupted

• Hunters Announces Full Adoption of OCSF and Introduces OCSF-Native Search

• NCA Unmasks and Sanctions Leader of Notorious LockBit Ransomware Group

• Google unveils new threat intelligence service at RSAC 2024

• How to detect deepfakes manually and using AI

• US, UK police identify and charge Russian leader of LockBit ransomware gang

• Cisco Co-Selling Made Simple: Accelerate

• Digital Empowerment on Display at the Cisco Broadband Innovation Center

• MITRE attributes the recent attack to China-linked UNC5221

• DBIR: Supply Chain Breaches up 68% Year Over Year

• Akamai to Acquire API Protection Startup Noname Security for $450 Million

• Wiz Raises $1 Billion at $12 Billion Valuation

• LockBit Leader aka LockBitSupp Identity Revealed

• The Australian Government’s Manufacturing Objectives Rely on IT Capabilities

• The Alleged LockBit Ransomware Mastermind Has Been Identified

• Abnormal extends Account Takeover Protection to cloud apps, introduces AI Security Mailbox

• #RSAC: Three Battle-Tested Tips for Surviving a Cyber-Attack

• Accelerating Zero Trust Outcomes with Generative AI, Part 2: Guardicore AI

• How Effectively Are You Deploying Segmentation to Mitigate Cyberattack Risks?

• Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709

• Wiz raises $1B at a $12B valuation to expand its cloud security platform through acquisitions

• Cyber Threat Research: Poor Patching Practices and Unencrypted Protocols Continue to Haunt Enterprises

• Securing the Vault: ASPM’s Role in Financial Software Protection

• Mend.io and Sysdig Launch Joint Solution for Container Security

• China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion

• APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

• Honoring our Unsung Heroes – Celebrating Public Service Recognition Week

• BigID announces new AI data security features for Microsoft Copilot

• Synopsys to Sell its Software Integrity Business to Clearlake Capital and Francisco Partners

• Are The New AI PCs Worth The Hype?

• Dynatrace enhances its platform with new Kubernetes Security Posture Management capabilities

• Report Shows AI Fraud, Deepfakes Are Top Challenges For Banks

• Revolutionizing Cybersecurity Recruitment and Networking: The Cyberr.ai Approach

• China Suspected in Major Cyberattack on UK’s Ministry of Defence (MoD)

• Weaponized Windows Shortcut Files Deploying Fileless RokRat Malware

• Trend Micro Antivirus One Let Attacker Inject Malicious Code Into Application

• Exclusive: AI startup Tenyx’s fine-tuned open-source Llama 3 model outperforms GPT-4

• Espresso AI emerges from stealth with $11M to tackle the cloud cost crisis

• AT&T Launches New Managed Cybersecurity Services Business LevelBlue

• RSA Conference 2024 – Announcements Summary (Day 1)

• Dangerous Scammers From the Yahoo Boys Group Operate Openly on Social Media

• US Sets Sights on Partnerships to Counter Cyberthreats, Secure AI in New Global Cyber Strategy

• API Vulnerabilities Found Across AI Infrastructure Projects at NVIDIA, Mercedes

• Hackers Leak COVID-19 Data of 820K Dominicans, Including Vaccination Info

• How VISA is using generative AI to battle account fraud attacks

• Akamai confirms acquisition of Noname for $450M

• How I Found Work-Life Balance Through Fitness at Cisco

• Accelerating SaaS security certifications to maximize market access

• Counter AI Attacks with AI Defense

• Copilots in Cybersecurity — Realizing the Promise of Precision

• Accelerating Real Time Security Outcomes with Precision AI

• Krebs, Luber Added to Cyber Safety Review Board

• The truth about KEV: CISA’s vuln deadlines good influence on private-sector patching

• Microsoft Revamps Security Leadership, Empowering Deputy CISOs

• Here’s Why You Shouldn’t Trust VPNs Blindly

• Akamai to acquire Noname for $450 million

• New Case Study: The Malicious Comment

• TunnelVision attack against VPNs breaks anonymity and bypasses encryption

• Can VPNs Be Tracked by the Police?

• Global Fraud Prevention Leader BioCatch Valued at $1.3bn in Permira Takeover

• Ransomware Activity is Back on Track Despite Law Enforcement Efforts

• Germany Recalls Its Ambassador in Russia for a Week in Protest Over a Hacker Attack

• US Releases International Cyberspace Strategy

• From Warnings to Action: Preparing America’s Infrastructure for Imminent Cyber Threats

• White House Cybersecurity Workforce Initiative Backed by Tech Titans

• Can’t Talk, I’m Onboarding My Kids To Their First Soccer Practice (Live in Mountain View, CA)

• Novel TunnelVision Attack Against Impacts Virtually All VPN Apps Through DHCP Server Manipulation

• Physical security biz exposes 1.2M files via unprotected database

• Ransomware operations are becoming less profitable

• BTC-e $9bn Crypto-Money Launderer Pleads Guilty

• Grayscale Bitcoin Shares Surge On First Inflow Since January

• Tesla Fires Software, Service, Engineering Staff

• Multiple Samsung Mobile Devices Flaw Let Attackers Execute Arbitrary Code

• Google AI-Powered Threat Intelligence Tool With Mandiant Expertise Released

• 10 Myths about Cybersecurity You Shouldn’t Believe

• Vectra AI Platform enhancements combat GenAI attacks

• Google Simplifies 2-Factor Authentication Setup (It’s More Important Than Ever)

• Exploits and vulnerabilities in Q1 2024

• Mastodon Delays Firm Fix to Solve Link Preview DDoS Issue

• What are Cyber Essentials? Requirements, Preparation Process & Certification

• BigID introduces dual-scanning capabilities for cloud native workloads

• Russian Operator of BTC-e Crypto Exchange Pleads Guilty to Money Laundering

• US Crypto Campaign Funding Groups Raise $102m

• WordPress Plugin Exploit Impacts Over 90,000 Websites

• Cranium AI Exposure Management Solution helps organizations secure internal and third-party AI systems

• Synopsys Spins Off App Security Unit In $2.1bn Deal

• Robinhood Served With SEC Crypto Enforcement Notice

• Silicon In Focus Podcast: A New Age of Cybersecurity?

• Does cloud security have a bad reputation?

• Data Brokers: What They Are and How to Safeguard Your Privacy

• Datadog Event Management helps teams reduce alert fatigue

• China Suspected After Major MoD Payroll Breach

• MITRE Hack: China-Linked Group Breached Systems in December 2023

• RSAC: Antony Blinken Highlights Urgency in Securing Foundational Tech

• Being Cybersmart is Always in Style

• Why Is Cyber Resilience Essential and Who’s Responsible for It?

• Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

• Citrix Addresses High-Severity NetScaler Servers Flaw

• Elastic’s Search AI to transform SOCs with AI-driven SIEM solutions

• Sumo Logic’s analytics capabilities allow security teams to find insights within their data

• Forescout AI enables security leaders to make confident, informed decisions

• Notorious Finnish Hacker Jailed Over Patient Records Hack

• New TunnelVision Attack Lets Attackers Snoop on VPN Traffic

• Anetac Raises $16M in Funding

• NATO and the EU Formally Condemned APT28 Cyber Espionage

• Podcast Episode: Building a Tactile Internet

• Code42 unveils source code exfiltration detection and protection capabilities

• Citrix NetScaler ADC & Gateway Flaw Lets Attackers Obtain Sensitive Data Remotely

• Empowering Cybersecurity with AI: The Future of Cisco XDR

• Trellix Database Security protects sensitive data

• Arctic Wolf Cyber Resilience Assessment helps organizations advance business resilience

• User Behavior Analytics: Why False Positives are NOT the Problem

• Ekran System to Participate in Gartner Security & Risk Management Summit 2024

• Top Endpoint Security Tips Organizations Should Know In 2024

• ISC Stormcast For Tuesday, May 7th, 2024 https://isc.sans.edu/podcastdetail/8970, (Tue, May 7th)

• Google using Gemini AI to fight Cyber Threats

• Reality Defender Triumphs at RSAC 2024 with AI at the Forefront

• Elevating Cybersecurity: How CybeReady Transforms Threat Intelligence for Businesses

• Cybercrime stats you can’t ignore

• 6 tips to implement security gamification effectively

• The strategic advantages of targeted threat intelligence

• Pew Research Data Privacy Statistics 2024

• Ransomware activity is back on track despite law enforcement efforts

• Only 45% of organizations use MFA to protect against fraud

• Ransomware evolves from mere extortion to ‘psychological attacks’

• RSAC: Securing Foundational Tech Critical to Upholding Democratic Values, Says Blinken

• Google, Meta, Spotify break Apple’s device fingerprinting rules – new claim

• Accelerating Zero Trust Outcomes with Generative AI, Part 1: AI Labeling

• Fed-run LockBit site back from the dead and vows to really spill the beans on gang

• Mastodon delays firm fix for link previews DDoSing sites

• VERITI Wins Four Global InfoSec Awards during RSA Conference 2024

• RSAC: Law Enforcement Takedowns Force Ransomware Affiliates to Diversify

• RSAC: Threat Actors Weaponize Hacktivism for Financial Gain

• #RSAC: Threat Actors Weaponizing Hacktivism for Financial Gain

• Cuckoo Mac Malware Mimics Music Converter to Steals Passwords and Crypto

• Add Bluetooth to the Long List of Border Surveillance Technologies

• USENIX Security ’23 – Detecting API Post-Handling Bugs Using Code and Description in Patches

• IT Security News Daily Summary 2024-05-06

• Police resurrect LockBit’s site and troll the ransomware gang

• The waterproof Blink Mini 2 is the best Wyze Cam alternative available

• SSPM vs. CSPM: What’s the difference?

• Colorado Passes Law To Stop Facebook From Reading Your Thoughts

• Vulnerability Recap 5/6/24 – Aruba, Dropbox, GitLab Bugs

• How to Block a Program in a Firewall (Windows & Mac)

• VR may pose privacy risks for kids: A new study finds parents aren’t as worried as they should be

• RSA: Google Enhances its Enterprise SecOps Offerings With Gemini AI

• risk-based vulnerability management (RBVM)

• Mastodon delays fix for link previews DDoSing websites

• Vulnerability Summary for the Week of April 29, 2024

• RSAC: 70% of Businesses Prioritize Innovation Over Security in Generative AI Projects

• #RSAC: Law Enforcement Takedowns Force Ransomware Affiliates to Diversify

• Smart, Secure and Sustainable Manufacturing with Cisco + Splunk at Hannover Messe 2024

• Key Insights from the OpenText 2024 Threat Perspective

• AT&T Spins Out Its Cybersecurity Business to Create LevelBlue

• Fortinet Report Sees Faster Exploitations of New Vulnerabilities

• Boeing Starliner Set For First Crewed Flight After Delays

• Top 7 Multicloud Security Providers for 2024

• Google Steps Up The Battle Against Gmail Spam

• Google Debuts New Security Products, Hyping AI and Mandiant Expertise

• Germany Warns Russia: Hacking Will Have Consequences

• DHS, CISA Announce Membership Changes to the Cyber Safety Review Board

• Recorded Future observes ‘concerning’ hacktivism shift

• NiceCurl and TameCat Custom Backdoors Leveraged by Damselfly APT

• HijackLoader Evolves with New Evasion Techniques

• Belgium’s Aikido Lands $17M Series A for its Security Platform Aimed at Developers

• Randall Munroe’s XKCD ‘Software Testing Day’

• Consultant charged over $1.5M extortion scheme against IT giant

• Continuing to support cybersecurity teams with Award winning & innovative training in April

• Russian GRU Hackers Compromised German, Czech Targets

• The Evolution of Sports Fans: From Game Day to Experience Day

• BlackBasta Ransomware targets Synlab Italia

• cloud infrastructure entitlement management (CIEM)

• Splunk details Sqrrl ‘screw-ups’ that hampered threat hunting

• Police resurrect Lockbit’s site and troll the ransomware gang

• Android Flaw Exposes DNS Queries Despite VPN Kill Switch

• Microsoft Introduces Passkey Authentication for Personal Microsoft Accounts

• APT42 Hackers Posing As Event Organizers To Hijack Victim Network

• New Atomic Stealer Malware Copies Passwords & Wallets from Infected Macs

• EFF Zine on Surveillance Tech at the Southern Border Shines Light on Ever-Growing Spy Network

• Tracing what went wrong in 2012 for today’s teens, with Dr. Jean Twenge: Lock and Code S04E10

• Synopsys Sells Software Integrity Business in $2.1 Billion Deal

• USENIX Security ’23 – Remote Code Execution from SSTI in the Sandbox: Automatically Detecting and Exploiting Template Escape Bugs

• Experts Warn Criminals Could Exploit Jogging Apps for Targeting People

• $563 Bounty Awarded for Reflected Cross-Site Scripting Vulnerability Patched in Yoast SEO WordPress Plugin

• RSAC: Partners Make The Art of Possible, Possible

• City of Wichita hit by a ransomware attack

• Backdoor Malware: Iranian Hackers Disguised as Journalists

• Are Big Tech Companies Getting Rich from AI?

• Data of Domestic Violence Victims Leaked in ZircoDATA Hack

• Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution

• Best SIEM Tools List For SOC Team – 2024

• Why Your VPN May Not Be As Secure As It Claims

• Swimlane Marketplace simplifies automation for security teams

• VirusTotal’s Mission Continues: Sharing Knowledge, Protecting Together

• Beware of Phishing Attacks Targeting AmericanExpress Card Users

• StateRAMP: Understanding Authorization of Cisco’s Security Solutions

• MS Overhauls Cybersecurity Strategy After Scathing CSRB Report

• RSA Conference 2024: What To Expect

• What Palo Alto Networks and CrowdStrike Teach us About Using a Mobile Defense Platform

• Strengthening Cyber Defense with Threat Intelligence Operations

• CISA says ‘no more’ to decades-old directory traversal bugs

• New Cuttlefish Malware Hijacks Router Connections, Cloud Data Stolen

• China-Linked Hackers Suspected in ArcaneDoor Cyberattacks Targeting Network Devices

• Indonesia Emerging As A Hub For Highly Invasive Spyware

• What to know about hybrid data center security strategies

• IBM study shows security for GenAI projects is an afterthought

• Key Findings from the 2H 2023 FortiGuard Labs Threat Report

• Anetac Emerges From Stealth Mode With $16 Million in Funding

• CyberNut Emerges From Stealth With K-12 Security Awareness Training Solution

• Iranian Cyberspies Hit Targets With New Backdoors

• Identity, Credential Misconfigurations Open Worrying Security Gaps

• Tidal Cyber unveils customizations and integrations that improve data-driven defense

• Anomali introduces AI-powered Security Operations Platform

• #RSAC: 70% of Businesses Prioritize Innovation Over Security in Generative AI Projects

• Organizational Cybersecurity Hinges on End-User Satisfaction

• Critical Cybersecurity Loopholes Found in Paris 2024 Olympics Infrastructure

• New Gemini-powered Google Threat Intelligence platform fuses data from Mandiant, VirusTotal

• Gen AI innovation race is leading to security gaps, according to IBM and AWS

• Splunk Asset and Risk Intelligence accelerates security investigations

• Stanford AI Scientist Working On ‘Spatial Intelligence’ Start-Up

• Google, DOJ Closing Arguments Clash Over Search ‘Monopoly’

• Organizations Patch CISA KEV List Bugs 3.5 Times Faster Than Others, Researchers Find

• Apple’s iPhone Spyware Problem Is Getting Worse. Here’s What You Should Know

• Cisco & Splunk: A Complete SOC Platform Purpose-Built for the AI-Driven Future

• Cisco Hypershield – Our Vision to Combat Unknown Vulnerabilities

• Outshift Leads the Way with AI at RSA Conference 2024

• El Salvador suffered a massive leak of biometric data

• Finland Warns of Android Malware Attacks Breaching Bank Accounts

• Tracking CVE-2024-2876: Why does the latest WordPress exploit compromise over 90,000 websites?

• NinjaOne platform enhancements help security teams identify potential vulnerabilities

• It Costs How Much?!? The Financial Pitfalls of Cyberattacks on SMBs

• New Lawsuit Attempting to Make Adversarial Interoperability Legal

• Law Enforcement Seized LockBit Group’s Website Again

• Ransom Recovery Costs Reach $2.73 Million

• Cybersecurity M&A Roundup: 33 Deals Announced in April 2024

• US Cyber Command Appoints Morgan Adamski as Executive Director

• BlackBasta claims Synlab attack, leaks some stolen documents

• Cyber Security Headlines: Neuberger proposes improvements, Olympic cybersecurity preparations, North Korea DMARC warning

• Hackers Use Custom Backdoor & Powershell Scripts to Attack Windows Machines

• LayerX Raises $26 Million for its Browser Security Platform

• Proofpoint enhances email security with pre-delivery social engineering and link protection

• Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components

• Financial cyberthreats in 2023

• Biden Vetoes Republican Measure In Row Over Contractors’ Unions

• Apple Shares Surge Ahead Of New AI Hardware Launches

• Europe’s Most Wanted Teenage Hacker Arrested

• Microsoft, Google Widen Passkey Support for Its Users

• Cisa Warned 1,750 Organizations of Ransomware Vulnerabilities Last Year. Only Half Took Action.

• Permira to Acquire Majority Stake in BioCatch at $1.3 Billion Valuation

• City of Wichita Shuts Down Network Following Ransomware Attack

• Cyber Security Today, May 6, 2024 – Ransomware gang claims responsibility for attacking Italian healthcare service, Russian gang blamed for attacks in Europe, and more

• Russia-Linked APT28 and Crooks are Still Using the Moobot Botnet

• European Raids Shut Down Call Centers Used to ‘Shock and Cheat’ Victims

• A week in security (April 29 – May 5)

• Taylor Swift tickets – how not to be scammed

• London Black Cabs Sue Uber In Latest Legal Tangle

• Lawyers Say Strict Child Controls In China Show TikTok Could Do Better

• New ‘Cuckoo’ Persistent macOS Spyware Targeting Intel and Arm Macs

• McAfee and Intel collaborate to combat deepfakes with Deepfake Detector

• Ensuring Privacy in the Age of AI: Exploring Solutions for Data Security and Anonymity in AI

• The Impact of NIST SP 800-171 on SMBs

• Finland authorities warn of Android malware campaign targeting bank users

• Electric Vehicle Turned Away From Hospital Car Park

• Crypto Recovery Scams – And How They Add Insult to Injury

• Linksys Router Flaw Let Attackers Perform Command Injection, PoC Released

• Tinyproxy Flaw Let Attackers Execute Remote Code

• Understanding GitGuardian’s Self-Hosted Solution

• KnowBe4 to acquire Egress Email Security

• Dealing with Stolen Data in Ransomware Attacks: A Comprehensive Guide

• Using MITM to bypass FIDO2 phishing-resistant protection

• Strategies for preventing AI misuse in cybersecurity

• How to prepare for the CISSP exam: Tips from industry leaders

• Organizations go ahead with AI despite security risks

• How MFA can improve your online security

• Privacy requests increased 246% in two years

• Germany points finger at Fancy Bear for widespread 2023 hacks, DDoS attacks

• eBook: CISSP fundamentals in focus

• ISC Stormcast For Monday, May 6th, 2024 https://isc.sans.edu/podcastdetail/8968, (Mon, May 6th)

• Ransomware drama: Law enforcement seized Lockbit group’s website again

• Top 9 Compliance Automation Software in 2024

• Celebrating our 12th Anniversary at RSA conference 2024

• Fully Offline Electronic Cash: Is It an Intractable Problem?

• IT Security News Weekly Summary – Week 18

• IT Security News Daily Summary 2024-05-05

• USENIX Security ’23 – A Bug’s Life: Analyzing the Lifecycle and Mitigation Process of Content Security Policy Bugs – Distinguished Paper Award Winner

• Don’t Overlook the Cyber Risks for Operational Technology

• Lineaje Tackles Open-Source Management with New Solution

• The Quantum Security Challenge: Data Resilience Around the Unknown

• AI Could Transform Detection and Response as Legacy MDRs Lack

• Report: Spanish Authorities Discover CPF Nomination Note on iPad of Slain Singaporean Woman in Spain

• Hackers are Targeting Routers Across the Globe

• NATO and the EU formally condemned Russia-linked APT28 cyber espionage

• Offensive Awakening: The 2024 Shift from Defensive to Proactive Security

• End-to-end encryption may be the bane of cops, but they can’t close that Pandora’s Box

• Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION

• Navigating the Digital Age: AI’s Crucial Role in Cybersecurity Reinforcement

• CISA Ask Companies to Fix Path Traversal Vulnerabilities

• NSW Cybercrime Squad Arrests Suspect in Million-Person Data Breach Case

• GenAI Continues to Dominate CIO and CISO Conversations

• RSAC 2024 Innovation Sandbox | Reality Defender: Deepfake Detection Platform

• Insect Farmers Embrace AI to Drive Down Production Costs

• Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks

• nslookup’s Debug Options, (Sun, May 5th)

Generated on 2024-05-12 23:58:23.782223