IT Security News Weekly Summary – Week 32

• IT Security News Daily Summary 2024-08-11

• DevSecOps Teams Face Regular Outages, Cyberattacks, and Data Breaches

• CrowdStrike accepts award for ‘most epic fail’ after global IT outage

• Foreign nation-state actors hacked Donald Trump’s campaign

• ‘0.0.0.0 Day’ Vulnerability Puts Chrome, Firefox, Mozilla Browsers at Risk

• CrowdStrike Explains Root Cause of Globat IT Outage

• Open source tools to boost your productivity

• Book Review: ‘Why Cybersecurity Fails in America’

• BlackSuit Ransomware: A New Threat on the Rise

• Samsung Announced New Bug Bounty Program For Galaxy Devices

• Researchers Demonstrate Windows Downgrade Attacks At Black Hat 2024

• National Public Data Hacked: Personal Information of Millions at Risk

• Exposing the Business of Doxing and Its Perils

• Unsolicited ‘Offensive’ Political Emails Stir Data Privacy Concerns in East London

• Maximizing Cybersecurity Impact Within Budget Constraints

• QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share

• Watch Out For The New BingoMod Android Trojan

• Latest MacOS Sequoia Update Restricts Gatekeeper Control

• Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys

• Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION

• SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6

• ADT disclosed a data breach that impacted more than 30,000 customers

• Week in review: Tips for starting your cybersecurity career, Patch Tuesday forecast

• Cybersecurity Insiders Q&A: SonicWall President and Chief Executive Officer Robert VanKirk

• Donald Trump’s Campaign Says Its Emails Were Hacked

• Shadow – 543,295 breached accounts

• Thousands of Corporate Secrets Were Left Exposed. This Guy Found Them All

• The Hacker Who Hunts Video Game Speedrunning Cheaters

• IT Security News Daily Summary 2024-08-10

• Black Hat USA 2024: All eyes on election security

• Black Hat USA 2024 recap – Week in security with Tony Anscombe

• Apple Prototypes and Corporate Secrets Are for Sale Online—If You Know Where to Look

• Is the INC ransomware gang behind the attack on McLaren hospitals?

• Researchers Uncover 10 Flaws in Google’s File Transfer Tool Quick Share

• USENIX Security ’23 – V1SCAN: Discovering 1-day Vulnerabilities in Reused C/C++ Open-Source Software Components Using Code Classification Techniques

• Illinois Amends Biometric Privacy Law to Limit Corporate Liability

• Ransomware and Extortionware: The Two Cybersecurity Dangers

• Global Breach of Mobile Guardian Wipes Data from 13,000 Students’ Devices in Singapore

• Need Intel’s Raptor Lake bug patch? You’ll have to download and install it yourself

• New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions

• Proton VPN Doubles Down on its Fight Against Online Censorship

• South Korea on High Alert as North Korean Hackers Eye Construction Sector Data

• Massive Email Address Exposure: SOCRadar.io Data Scraping Incident

• How North Korean Attackers Deployed Malware Via VPN Bug Exploit

• CSC ServiceWorks reveals 2023 data breach affecting thousands of people

• The Undeniable but Often Overlooked Human Element of Cybersecurity

• Russian Midnight Blizzard Breached UK Home Office via Microsoft

• After global IT meltdown, CrowdStrike courts hackers with action figures and gratitude

• Git-Syncing into Trouble: Exploring Command Injection Flaws in Kubernetes

• Crooks took control of a cow milking robot causing the death of a cow

• ‘0.0.0.0 Day’ Flaw Puts Chrome, Firefox, Mozilla Browsers at RCE Risk

• Cisco Warns of Critical RCE Zero-Days in End of Life IP Phones

• CISA Warns of Hackers Abusing Cisco Smart Install Feature

• Move From FedRAMP to DoD with Impact Level Assessment

• Hazy Issue in Entra ID Allows Privileged Users to Become Global Admins

• Russian Spies Hacked UK Government Systems Earlier This Year, Stole Data and Emails

• Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure

• Cyber Security Today – Week In Review: August 10, 2024

• Microsoft Warns of Unpatched Office Vulnerability Leading to Data Breaches

• Student raised security concerns in Mobile Guardian MDM weeks before cyberattack

• Sonos smart speakers flaw allowed to eavesdrop on users

• Google Researchers Found Nearly a Dozen Flaws in Popular Qualcomm Software for Mobile GPUs

• Experts Uncover Severe AWS Flaws Leading to RCE, Data Theft, and Full-Service Takeovers

• Cyber attacks 2024: The biggest attacks of the first half of 2024

• IT Security News Daily Summary 2024-08-09

• Intel has news – good, bad and ugly – about Raptor Lake bug patch. Here’s what to know

• How to ask Google to remove deepfake porn results from Google Search

• 6 VPN Security Best Practices for Secure Connection

• Australian Enterprises Coming 4th in 2024 Global Survey of Generative AI Usage

• Ecovacs home robots can be hacked to spy on their owners, researchers say

• USENIX Security ’23 – Cheesecloth: Zero-Knowledge Proofs of Real World Vulnerabilities

• ATM Software Flaws Left Piles of Cash for Anyone Who Knew to Look

• Friday Squid Blogging: SQUID Is a New Computational Tool for Analyzing Genomic AI

• Raptor Lake microcode limits Intel chips to a mere 1.55 volts to prevent CPU destruction

• Flaws in Ubiquitous ATM Software Could Have Let Attackers Take Over Cash Machines

• Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE

• 5 Types of IVR Testing Tools and When To Use Each

• Louvre and Top French Museums Fall Victim to Ransomware Attack, Including Olympic Sites

• Five zero-days impacts EoL Cisco Small Business IP Phones. Replace them with newer models asap!

• HPE Infuses AI Into Network Detection and Response Platform

• Have you used Cash App in the last 6 years? You might be eligible for $2,500

• How a cybersecurity researcher befriended, then doxed, the leader of LockBit ransomware gang

• Aqua Security Researchers Disclose Series of AWS Flaws

• Security company ADT announces security breach of customer data

• Microsoft Update Alert: 70% Of Windows Users Are Now At Risk

• #BHUSA: CISA Encourages Organizations to Adopt a ‘Secure by Demand’ Strategy

• Ransomware attack leads to death and Cow and Calf

• The Role of Microsegmentation in Kubernetes Environments

• Federal Watchdog Calls on EPA to Formulate Comprehensive Cybersecurity Plan for Water Systems

• Reddit CEO Hints At Subreddit Paywalls

• Evolving threat landscape influencing cyber insurance market

• MDR vs MSSP: Key Differences and Full Guide

• 0.0.0.0 Day Vulnerability: An 18-Year-Old Flaw Actively Exploited by Threat Actors

• Understanding escalating cyber threats

• Content Detection Technologies in Data Loss Prevention (DLP) Products

• Partnership in Action: Creating Connection through Community Impact

• Ransomware Attack on OneBlood Disrupts Florida Blood Supply Chain, Urgent Call for Donations

• New Ransomware Threat: Hunters International Deploys SharpRhino RAT

• Cryptojacking Attacks Soar 409% in India Amid a Global Shift in Cybersecurity Tactics

• New Flaws in Sonos Smart Speakers Allow Hackers to Eavesdrop on Users

• Ransomware Recovery: Steps to Take After an Attack

• StormBamboo Compromises ISP, Spreads Malware

• Applications are open: ENISA Cybersecurity Support Action Programme tender procedure

• Threat Actors Exploiting Windows Systems To Deploy Multiple Malwares

• How MSSPs Can Navigate the Regulatory Landscape: Ensuring Compliance

• People-Search Site Removal Services Largely Ineffective

• ADT Breached: Customer Data Leaked on a Hacking Forum

• How to Weaponize Microsoft Copilot for Cyberattackers

• Pro-Iran groups lay groundwork for ‘chaos and violence’ as US election meddling intensifies

• In Other News: KnowBe4 Product Flaws, SEC Ends MOVEit Probe, SOCRadar Responds to Hacking Claims

• Cybersecurity Insights with Contrast CISO David Lindner | 8/9/24

• North Korean Kimusky Group Attacking University Professors

• Iranian Hackers Targeting 2024 US Election Campaigns

• Confusion Attacks Vulnerability In Apache HTTP Server Allow Attackers To Gain Root Access Remotely

• 0.0.0.0 Day – 18 Yr Old Vulnerability Allow Attackers to Bypass All Browser Security

• Cisco Networking Academy honors International Day of the World’s Indigenous People

• US Offers $10 Million for Information on Iranian Hackers Behind CyberAv3ngers Water Utility Attacks

• Automated vs Manual: Web Penetration Testing

• Dell Begins Fresh Round Of Job Losses, Amid AI Move – Report

• New APT Actor240524 Weaponizing Official Documents To Deliver Malware

• Leaked MDM Credentials Exposes Commonly Laptops And Smartphones For Hacking

• ‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

• Transparency in Cybersecurity: The Importance of Accurate Vulnerability Disclosures

• Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)

• Critical Jenkins Vulnerabilities Expose Servers To RCE Attack

• Number of Incidents Affecting GitHub, Bitbucket, GitLab, and Jira Continues to Rise

• Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities

• Elon Musk Shares Fake News Of UK Rioters Being Deported To Falklands

• How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards

• Consumer Reports Study Finds Data Removal Services are Often Ineffective

• New Ransomware Groups Emerge Despite Crackdowns

• #BHUSA: CoSAI, Combating AI Risks Through Industry Collaboration

• CISA Warns of Cisco Smart Install Feature Actively Exploited by Hackers

• Ransomware Review: First Half of 2024

• Not SOCRadar – 282,478,425 breached accounts

• Russia’s Kursk Region Suffers ‘Massive’ DDoS Attack Amid Ukraine Offensive

• Ransomware Drill Targets Healthcare in Operation 911

• Entrust distrust: How to move to a new Certificate Authority

• OpenAI Leadership Split Over In-House AI Watermarking Technology

• RustScan: Open-Source Port Scanner

• August 2024 Patch Tuesday forecast: Looking for a calm August release

• “0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox

• Cybersecurity Headlines: Chameleon malware reappears, Rhysida hospital attack, Blacksuit’s $500m tally

• OpenWrt Dominates, but Vulnerabilities Persist in OT/IoT Router Firmware

• Vulnerability Allowed Eavesdropping via Sonos Smart Speakers

• PowerDMARC Integrates with SecLytics for Predictive Threat Intelligence Analysis

• Threat Actors Favor Rclone, WinSCP and cURL as Data Exfiltration Tools

• Windows Zero-day Flaw Let Hackers Downgrade Fully Updated Systems To Old Vulnerabilities

• GhostWrite Vulnerability Let Hackers Read And Write Any Part Of The Computer’s Memory

• DISPOSSESSOR And RADAR Ransomware Emerging With RaaS Model

• Hackers Exploit iOS Settings to Trigger Fake iOS Updates on Hijacked Devices

• DOJ Charges Nashville Man for Helping North Koreans Get U.S. Tech Jobs

• MongoDB Vulnerabilities Let Attackers Escalate Privileges

• Russian cyber spies stole data and emails from UK government systems

• CISA adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog

• Next-Gen Vehicle Technologies Present New Challenges for Cybersecurity Professionals

• One of the largest data breaches in history? Cyber Security Today for Friday, August 9th, 2024

• Security vulnerability in IT infrastructure of Ransomware gang saves six victimized companies

• Key Cloud Security Tools for 2024: A Comprehensive Overview

• Authorities Dismantled North Korean Remote IT Worker Laptop Farm

• CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature

• Proxmox Backup by NAKIVO: Powerful VM Data Protection

• The Olympic Games have been protected from cyber-attacks so far

• It’s 2024 and we’re just getting round to stopping browsers insecurely accessing 0.0.0.0

• Passwordless Prescription: The Cure for Healthcare Cybersecurity

• Vectra AI Expands XDR Platform

• Overcoming the 5 Biggest Challenges to Implementing Just-in-Time, Just Enough Privilege

• NIS2: A catalyst for cybersecurity innovation or just another box-ticking exercise?

• How Situational Awareness Enhances the Security of Your Facility

• Malware-as-a-Service and Ransomware-as-a-Service lower barriers for cybercriminals

• A Dive into Earth Baku’s Latest Campaign

• Shorter TLS certificate lifespans expected to complicate management efforts

• Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE

• New infosec products of the week: August 9, 2024

• Where internal audit teams are spending most of their time

• ISC Stormcast For Friday, August 9th, 2024 https://isc.sans.edu/podcastdetail/9090, (Fri, Aug 9th)

• Black Hat USA 2024: How cyber insurance is shaping cybersecurity strategies

• Hello? Are you talking on a Cisco SPA300 or SPA500 IP phone? Now’s the time to junk ’em

• Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE

• Computer Crash Reports Are an Untapped Hacker Gold Mine

• Delta: CrowdStrike’s offer to help in Falcon meltdown was too little, too late

• Security bugs in ransomware leak sites helped save six companies from paying hefty ransoms

• How to maximize the value of AI: Q&A with Cisco experts

• Sustainability 101: How Hybrid Work Can Advance Sustainability in the Workforce

• IT Security News Daily Summary 2024-08-08

• Stolen data from scraping service National Public Data leaked online

• Tricky Web Timing Attacks Are Getting Easier to Use—and Abuse

• Weak “Guardrails” on Police Face Recognition Use Make Things Worse

• Reintroducing the EFA

• US ‘laptop farm’ man accused of outsourcing his IT jobs to North Korea to fund weapons programs

• Humans are Top Factor in Cloud Security: CSA Study

• US ‘laptop farm’ man accused of outsourcing his IT jobs to North Koreans to raise funds for weapons

• Top 10 Valimail Alternatives and Competitors in 2024

• Top 10 DMARC Solutions in 2024

• HYPR and Microsoft Partner on Entra FIDO2 Provisioning APIs

• Introducing Secretless Identity and Access for Serverless with AWS Lambda

• USENIX Security ’23 – TAP: Transparent and Privacy-Preserving Data Services

• How to Offer Secure IVR Banking and Authenticate Callers

• How to Become a Cybersecurity Engineer

• Education Sector Common Breaches and Cyber Threats

• Black Hat and DEF CON Roundup 2024: AWS Patched a Vulnerability Affecting Six Cloud Services

• 0.0.0.0 Day flaw allows malicious websites to bypass security in major browsers

• #BHUSA: CISA Director Confident in US Election Security

• Wiz researchers hacked into leading AI infrastructure providers

• Zenity CTO on dangers of Microsoft Copilot prompt injections

• CrowdStrike Class Action Lawsuit for Massive Software Outage

• Microsoft’s AI Can Be Turned Into an Automated Phishing Machine

• The Guide to Zero Trust Data Detection & Response (DDR)

• The Need For A Vulnerability Operations Center (VOC) in Modern Cybersecurity

• The top stories coming out of the Black Hat cybersecurity conference

• Black Hat USA 2024: Chip Flaw ‘GhostWrite’ Steals Data from CPU Memory

• CrowdStrike Dismisses Claims of Exploitability in Falcon Sensor Bug

• How to Perform a Cloud Security Assessment: Checklist & Guide

• Salt Security Extends Scope of API Security Platform

• MCA to Strike Off 400 Chinese Companies for Fraud in India

• How Microsoft and NIST are collaborating to advance the Zero Trust Implementation

• UK To Investigate Amazon’s $4 Billion Investment In Anthropic

• LG unleashes South Korea’s first open-source AI, challenging global tech giants

• Over $40 Million Recovered and Arrests Made Within Days After Firm Discovers Business Email Compromise Scam

• Fake FIM: The Cybersecurity Lie That Could Cost You

• UK Watchdog Clears HPE’s Acquisition Of Juniper

• What is the Coalition for Secure AI (CoSAI)?

• EFF and 12 Organizations Tell Bumble: Don’t Sell User Data Without Opt-In Consent

• Cybercriminals Impersonate Law Enforcement in New ‘Digital Detention’ Scam

• Hackers Steal 6 Terabytes Data, Sells on Dark Web

• University Professors Targeted by North Korean Cyber Espionage Group

• Wordfence Intelligence Weekly WordPress Vulnerability Report (July 29, 2024 to August 4, 2024)

• Meet the ransomware gang that demands $500 million

• Anthropic offers $15,000 bounties to hackers in push for AI safety

• The Critical Role of Data Center Technology in Transforming the Manufacturing Industry

• Google Discontinues Chromecast Portfolio

• Black Hat USA 2024: AWS ‘Bucket Monopoly’ Flaw Led to Account Takeover

• I tested 7 AI content detectors – they’re getting dramatically better at identifying plagiarism

• The Windows 10 clock is ticking: 5 ways to save your old PC in 2025 (most are free)

• Hackers Spreading Malicious Python Packages Through Popular Developer Q&A Platform

• Keytronic Lost Over $17 Million Due to a Ransomware Attack

• USPS Text Scammers Duped His Wife, So He Hacked Their Operation

• Home security giant ADT says it was hacked

• Critical Progress WhatsUp Gold RCE Flaw Now Under Active Exploitation

• Stolen Credentials Have Turned SaaS Apps Into Attackers’ Playgrounds

• #BHUSA: Ransomware Drill Targets Healthcare in Operation 911

• Dorsett Controls InfoScan

• How East Carolina University Uses LoRaWAN to Drive Regional Innovation

• 0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices

• Alibaba’s T-Head C910 RISC-V Chips Found Vulnerable to GhostWrite Attack

• Using 1Password on Mac? Patch up if you don’t want your Vaults raided

• Ransomware Attack Costs loanDepot Almost $27 Million

• SEC Investigation into Progress MOVEit Hack Ends Without Charges

• Security researcher discovered attack to downgrade Windows permanently

• What Is a Whaling Attack (Whale Phishing) + How Can You Prevent It?

• Tesla Issues Recall For 1.6 Million Cars In China

• STAC6451 Hacker Hijacking Microsoft SQL Servers to Compromise Organizations

• NIS2 Compliance Unveiled: Operational Managers’ Roadmap to Actionable Security Measures

• Cloud Storage From Microsoft, Google Used in Malware Attacks

• US Offering $10 Million Reward for Iranian ICS Hackers

• Operational Technology (OT) Security a Top Priority for CIOs

• Phishing Attack Exploits Google, WhatsApp to Steal Data

• Infinity Global Services and Cysurance Launch a Comprehensive Insurability Assessment Program

• NIS2 Directive in the EU: An imminent deadline, insufficient preparation

• PureHVNC Deployed via Python Multi-stage Loader

• FBI and CISA Uncover Updated TTPs and Activity of the BlackSuit Ransomware Group

• US elections have never been more secure, says CISA chief

• Web-Connected Industrial Control Systems Vulnerable to Attack

• Massive Data Breach Exposes Personal Information of 2.9 Billion People Worldwide

• Microsoft 365 anti-phishing alert “erased” with one simple trick

• Balancing the Scales: Addressing Privacy, Security, and Biases in AI based on the White House Blueprint for an AI Bill of Rights

• Intel Sued By Shareholders After Dividend Suspension, Stock Price Crash

• Thousands of Exposed Industrial Control Systems in US, UK Threaten Water Supplies

• Our Latest Product Updates

• Ronin Network Hacked, $12 Million Returned by “White Hat” Hackers

• Dude, Where’s My Documentation?

• BIND Vulnerabilities: Urgent Security Updates Released

• Automated Security Validation: One (Very Important) Part of a Complete CTEM Framework

• North Korea Kimsuky Launch Phishing Attacks on Universities

• As use of IoT devices grows, so do the associated security risks

• Proton Pass password manager adds identity data, biometric authentication

• One year later: The Flipper Zero is still cool. Here are 7 useful things you can do

• Watch How a Hacker’s Infrared Laser Can Spy on Your Laptop’s Keystrokes

• ISC Stormcast For Thursday, August 8th, 2024 https://isc.sans.edu/podcastdetail/9088, (Thu, Aug 8th)

• Can AI detectors save us from ChatGPT? I tried 7 online tools to find out

• Researcher Discovers Downgrade Attack Abusing Windows Update Process

• Report: Tech misconceptions plague the IT world

• Menlo Zero Trust Access enhancements boost enterprise browsing security

• New Phishing Scam Uses Google Drawings and WhatsApp Shortened Links

• Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

• YouTube Hit By Thousands Of Outages In Russia

• Record Breaking DDoS Attack 419 TB of Malicious Traffic Within 24-Hours

• Mule-as-a-Service Infrastructure Exposed

• Benefits of Adopting Zero-Trust Security

• Get a Lifetime of 1TB Cloud Storage for Only $70 With FolderFort

• SEC Ends Probe Into MOVEit Attacks Impacting 95 Million People

• AWS Patches Vulnerabilities Potentially Allowing Account Takeovers

• Should Deny By Default Be the Cornerstone of Zero Trust?

• Roundcube Flaws Allow Easy Email Account Compromise (CVE-2024-42009, CVE-2024-42008)

• Securonix and Cribl partner to enhance threat detection with advanced data integration

• “Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days

• BlackSuit/Royal Ransomware Group Has Demanded $500m

• Cybersecurity Headlines: McLaren hospitals disrupted, CrowdStrike improves processes, Ronin Network hacked

• Microsoft 365 Anti-Phishing Feature can be Bypassed with CSS

• Endor Labs launches Upgrade Impact Analysis and Magic Patches for SCA market

• FBI and CISA update a joint advisory on the BlackSuit Ransomware group

• Entrust faces years of groveling to regain browsers’ trust, say rival chiefs

• 7 Best Cyber Risk Management Platforms of 2024

• AI Remediation by ArmorCode reduces DevSecOps friction and accelerates security fixes

• Ethical Hackers Steal and Return $12m to Ronin Network

• AppViewX and Utimaco team up to enhance cloud security with new lifecycle management solutions

• Unlock the Future of Cybersecurity: Exclusive, Next Era AI Insights and Cutting-Edge Training at SANS Network Security 2024

• Optimizing AWS GuardDuty for Enhanced Security Monitoring

• Photos: Black Hat USA 2024 Arsenal

• Critical Cisco Small Business IP Phone Flaws Exposes Users to Remote Attacks

• MFA: Multi-Factor Annoyance? Why MFA’s Days Are Numbered.

• Tor Browser 13.5.2 Released: What’s New!

• Cloud Data Storage Raises New Security Issues

• Photos: Black Hat USA 2024 Startup City

• Provisional £6m Fine Imposed on Software Provider Following NHS Ransomware Attack

• Police Recover Over USD 40 Million from International Email Scam

• RAD Security Combines AI With Behavioral Analytics to Improve Cybersecurity

• SSHamble: Open-source security testing of SSH services

• Critical Security Flaw in WhatsUp Gold Under Active Attack – Patch Now

• FBI and CISA Warn of BlackSuit Ransomware That Demands Up to $500 Million

• The three pillars of the next generation in data security: PostgreSQL, zero trust and web3

• Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

• Ransomware Attack Targets Grand Palais, Paris

• INC Ransomware targets McLaren Health Care Hospitals

• New APT Group Actor240524: A Closer Look at Its Cyber Tactics Against Azerbaijan and Israel

• Traceeshark: Open-source plugin for Wireshark

• Why tech-savvy leadership is key to cyber insurance readiness

• AI security 2024: Key insights for staying ahead of threats

• How network segmentation can strengthen visibility in OT networks

• Securing against GenAI weaponization

• Download: CIS Critical Security Controls v8.1

• Ransomware operators continue to innovate

• Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware

• New APK Scam: Protect Your Bank Account from Fraudsters

• Samsung boosts bug bug bounty to a cool million for cracks of the Knox Vault subsystem

• Inside the Dark World of Doxing for Profit

• Critical XSS bug in Roundcube Webmail allows attackers to steal emails and sensitive data

• IT Security News Daily Summary 2024-08-07

• Nexera DeFi Protocol Hacked: $1.8M Stolen in Major Smart Contract Exploit

• From Cybersecurity Practitioner to Advocacy: My Journey Back to Cisco

• Veracode highlights security risks of GenAI coding tools

• Atari Asteroids Hack Sparks Debate on Blockchain Gaming Transparency

• Cybercrime Rapper Sues Bank over Fraud Investigation

• Democracy’s Challenge: Secure Elections Worldwide

• Over 40,000 Internet-Exposed ICS Devices Found in US: Censys

• #BHUSA: CrowdStrike Outage Serves as Dress Rehearsal for China-Led Cyber-Attacks

• AI PCs bring new security protections and risks. Here’s what users need to know

• D3 Introduces Program to Help SOC Teams Migrate Successfully from Legacy SOAR

• Living off the VPN ? Exploring VPN Post-Exploitation Techniques

• Elon Musk Says “No Choice” But To Close X’s San Francisco HQ

• Jumpstart Your Meraki Auto-VPN Journey in the Multi-Cloud Environment

• Student Devices Wiped — Mobile Guardian Hacked AGAIN

• Docker vs. Podman: Exploring Container Technologies for Modern Web Development

• Nvidia AI security architect discusses top threats to LLMs

• Researchers unveil AWS vulnerabilities, ‘shadow resource’ vector

• Announcing BlueHat 2024: Call for Papers now open

• Waymo Expands Ride-Hailing Service, Amid Growing Demand

• A Flaw in Windows Update Opens the Door to Zombie Exploits

• EFF Tells Yet Another Court to Ensure Everyone Has Access to the Law and Reject Private Gatekeepers

• Faulty instructions in Alibaba’s T-Head C910 RISC-V CPUs blow away all security

• Randall Munroe’s XKCD ‘Matter’

• OpenAI’s Tool Can Detect Chat-GPT Written Texts

• Increase in Magniber Ransomware Attacks Affects Home Users Globally

• #BHUSA: New Ransomware Groups Emerge Despite Crackdowns

• Ireland’s DPC Takes Twitter to Court Over AI User Data Concerns

• Recent ProtonVPN Update Brings Discreet Icons, Stealth Protocol

• Can Deaf and Hard of Hearing People Thrive in IT and Tech Careers?

• How To Check and Update Newer Versions for Dependencies in Maven Projects

• Hackers could spy on cell phone users by abusing 5G baseband flaws, researchers say

• UK ICO Fines NHS Supplier For Medical Records Breach

• 12 types of endpoint security

• Cloud Security Strategy: Building a Robust Policy in 2024

• RaaS Group Targets Corporate Networks with SharpRhino RAT

• Windows Update Flaws Allow Undetectable Downgrade Attacks

• Tenable Adds Ability to Prioritize Vulnerabilities by Threat Level

• What Is Encryption and How Does It Work?

• Critical Solar Power Grid Vulnerabilities Risk Global Blackouts

• How You Can Avoid a CrowdStrike Fiasco

• CISA Adds Two Known Exploited Vulnerabilities to Catalog

• Microsoft 365 Phishing Alert Can Be Hidden with CSS

• Fortinet acquires Next DLP

• Musk Hits Out At UK Justice System, Amid War Of Words

• Data Breaches Are Costing Australian Organisations, IBM Report Reveals

• Black Hat and DEF CON Roundup 2024: What to Expect From This Week’s Security Events

• Hackers could spy on cellphone users by abusing 5G baseband flaws, researchers say

• New and Emerging Cybersecurity Threats and Attacker Tactics

• Report: Email Attacks Skyrocket 293%

• Fighting AI fire with AI fire

• Researcher Sounds Alarm on Windows Update Flaws Allowing Undetectable Downgrade Attacks

• USENIX Security ’23 – Squirrel: A Scalable Secure Two-Party Computation Framework for Training Gradient Boosting Decision Tree

• Hackers are Employing Real Estate Fraud to Target North Dakota Citizens

• Hackers Breach ISP to Poison Software Updates With Malware

• Akamai Blocked 419 TB of Malicious Traffic in a 24-Hour DDoS Attack

• Examine a captured packet using Wireshark

• European IT Professionals Want Training on AI, Poll Finds

• Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords

• New Linux Kernel Exploit Technique ‘SLUBStick’ Discovered by Researchers

• CISA Releases Guide to Enhance Software Security Evaluations

• Attack Vectors at a Glance

• The Best MSSP Software You Should Consider Looking At in 2024

• Federal Watchdog Urges EPA to Develop Comprehensive Cyber Strategy to Protect Water Systems

• Sysdig Adds Ability to Correlate Identities to Cloud Computing Breaches

• This Caller Does Not Exist: Using AI to Conduct Vishing Attacks

• #BHUSA: The Board Needs to Understand AI Deployment Risks

• Phishing Attacks Can Bypass Microsoft 365 Email Safety Warnings

• How CIRCIA is changing crisis communication

• Expert Insight: Cyber Security Resilience Act: A game-changer for industry standards

• Women in CyberSecurity (WiCyS) Announces 5th Annual Security Training Scholarship

• NHS Software Supplier Advanced Faces $7.6 Million Fine Over Ransomware Attack Failings

• Network perimeter security protections for generative AI

• Unlock the Power of GenAI with Check Point Software Technologies

• Black Hat Roundup 2024: What to Expect From This Week’s Security Events

• Small CSS tweaks can help nasty emails slip through Outlook’s anti-phishing net

• Rubrik Allies With Mandiant to Increase Cyber Resiliency Capability

• Google Ads Glitch Exposes Sensitive Competitor Data, Causes Reporting Disruption

• #BHUSA: DARPA’s AI Cyber Challenge Heats Up as Healthcare Sector Watches

• How NetSPI Built a Proactive Security Platform

• What is Captcha?

• Threat Actors Announced Doubleface Ransomware, Claims Fully Undetectable

• Ransomware Swells Despite Collective Push to Curb Attacks

• Scamnetic Emerges From Stealth With AI-Based Scam Detection Solution

• CrowdStrike engages external experts, details causes of massive outage

• AWS Launches Mithra To Detect Malicious Domains Across Systems

• Researchers Proposed MME Framework To Enhance API Sequence-Based Malware Detection

• Cyber Training Organization Pledges $15 Million in Education Programs

• The Art of Possible: Redefining Cybersecurity in the Age of Data as the New Perimeter

• Microsoft, CrowdStrike Hit Back At Delta’s Compensation Bid

• Microsoft 365 Vulnerability Let Hackers Bypass Anti-phishing Feature

• Cisco ISE 3.4 – Here and Now!

• Abnormal Security Raises $250M on $5.1B Valuation to Enhance AI-Driven Cyber Protection

• North Korean Hackers Leverage Malicious NPM Packages for Initial Access

• Police take just 2 days to recover $40M stolen in business email scam

• Hunters International RaaS Group Points SharpRhino at IT Workers

• Problems with Georgia’s Voter Registration Portal

• Chameleon Malware Now Targeting Employees Masquerading as a CRM app

• Cyberattack On Mobile Guardian MDM Wiped Connected Devices

• Apple Tightens macOS Gatekeeper Controls in macOS Sequoia

• Replacement for Action Fraud, UK’s Cybercrime Reporting Service, Delayed Again Until 2025

• The Role of AI in Cybersecurity Operations

• CrowdStrike Reveals Root Cause of Global System Outages

• New Go-based Backdoor GoGra Targets South Asian Media Organization

• Elon Musk’s X Sues Advertisers Over “Massive Advertiser Boycott”

• Have You Heard About the New PCI 4.0 Section 1.2 Spec? Tripwire Makes Compliance Easy

• Reliable Baseline Management with Fortra’s Tripwire Enterprise

• StormCloud Hacks ISP to Spread Malware Posing as Software Updates

• EQT buys majority share in Swiss cybersecurity biz Acronis

• Ransomware Attack Cost LoanDepot $27 Million

• Join Us 08-23-24 for “Hacking the Future of Pentesting” – Super Cyber Friday

• New Zola Ransomware Using Multiple Tools to Disable Windows Defender

• New Android spyware LianSpy relies on Yandex Cloud to avoid detection

• UK Managers Improve Cyber Knowledge but Staff Lack Training

• Cybersecurity Headlines: Google kernel zero-day, voter portal flaw, ransomware as terrorism

• Microsoft’s Security Efforts Leave Much To Be Desired, Especially For Email Security

• Contrast Security Introduces ADR to Help Organisations Combat Zero Days and Secure Applications from Within

• CISA Adds Microsoft COM for Windows Bug to its Known Exploited Vulnerabilities Catalog

• Veza introduces Access AI to streamline risk management and access control

• ICO Prepares £6m Fine for NHS Supplier Advanced

• What Does the EU AI Act Mean for Cybersecurity?

• Masterclass in CIAM for Insurance: Balancing Security, Experience, and Consent

• Attackers Use Multiple Techniques to Bypass Reputation-Based Security

• Police Shield Communications from Public Scrutiny with Encryption

• Elastic automates SIEM data onboarding with Automatic Import

• Cequence Unified API Protection defends against attacks targeting AI applications

• AppSOC launches new AI security capabilities for enhanced governance and protection

• Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)

• Tech Contractor Exposes Data of 4.6 Million US Voters

• UK health services call-handling vendor faces $7.7M fine over 2022 ransomware attack

• Chrome, Firefox Updates Patch Serious Vulnerabilities

• Flashpoint Ignite and Echosec deliver threat intelligence for enhanced protection

• D3 enhances Smart SOAR Platform with Ace AI

• EQT takes a majority stake in cybersecurity firm Acronis at $3.5B+ valuation

• Cymulate AI Copilot validates security against real-time threats

• Contrast Security ADR enables teams to identify vulnerabilities, detect threats, and stop attacks

• XDSpy Hackers Attacking Users to Steal Sensitive Data

• EQT takes a majority stake in cybersecurity firm Acronis at a $3.5B+ valuation

• Chameleon Android Banking Trojan Targets Users Through Fake CRM App

• Britain NHS Software provider to face Ransomware penalty of £ 6 million

• Can a Bitcoin Ban Help Stop Ransomware Attacks

• Chrome Security Update: Patch for Multiple Vulnerabilities

• The C-Suite Conundrum: Are Senior Executives the Achilles’ Heel of Cybersecurity?

• OpenWrt dominates, but vulnerabilities persist in OT/IoT router firmware

• Apple’s New macOS Sequoia Tightens Gatekeeper Controls to Block Unauthorized Software

• SharpRhino malware targets IT admins – Hunters International gang suspected

• Securing Data in the AI Era: Introducing Check Point Harmony Endpoint DLP

• Georgia’s voter portal gets a crash course in client versus backend input validation

• RustScan: Open-source port scanner

• Sports venues must vet their vendors to maintain security

• AWS’ Mithra Neural Network Detects, Ranks Malicious Domains

• Breaking down FCC’s proposal to strengthen BGP security

• Microsoft punches back at Delta Air Lines and its legal threats

• Hackers breached MDM firm Mobile Guardian and wiped thousands of devices

• Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise

• Is shadow IT being brought in to organizations by security professionals? Cyber Security Today for Wednesday, August 7th, 2024

• CrowdStrike hires outside security outfits to review troubled Falcon code

• Microsoft Hits Back at Delta After the Airline Said Last Month’s Tech Outage Cost It $500 Million

• ISC Stormcast For Wednesday, August 7th, 2024 https://isc.sans.edu/podcastdetail/9086, (Wed, Aug 7th)

• How AHEAD Enhanced SecOps Efficiency with Low-code Security Automation

• CrowdStrike hires outside security outfits to review Falcon code

• Same Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary], (Wed, Aug 7th)

• CrowdStrike hires outside security firms to review Falcon code

• UK data watchdog to fine NHS vendor Advanced for security failures prior to LockBit ransomware attack

• UK data watchdog fines NHS vendor Advanced for security failures prior to LockBit ransomware attack

• Lasso Security sets new standard in LLM safety with Context-Based Access Controls

• What is torrenting? BitTorrent, legal issues, how it works, and more

• Proton VPN rolls out anti-censorship protocol to Windows, plus other updates

• IT Security News Daily Summary 2024-08-06

• Why You Should Use Buildpacks Over Docker

• OpenAI’s meltdown: Inside the summer that could redefine artificial intelligence

• Spring 2024 SOC 2 report now available in Japanese, Korean, and Spanish

• Daniel Stori’s ‘The chroot Case’

• USENIX Security ’23 – Prime Match: A Privacy-Preserving Inventory Matching System

• The best travel VPNs of 2024: Expert tested and reviewed

• CISA Releases Secure by Demand Guidance

• A ransomware attack hit French museum network

• Fortigate Cloud Native Firewall (FORTIGATE CNF)

• How ‘Shifting Left’ speeds compliance processes

• Google splats device-hijacking exploited-in-the-wild Android kernel bug among others

• CrowdStrike Releases Root Cause Analysis of Falcon Sensor BSOD Crash

• Massive Exposure of Illinois Voter Data Raises Security Concerns

• CISA Releases Secure by Demand Guide

• Security framework to determine whether defenders are winning

• Palo Alto Networks Zero Trust Platform Featured in New NIST Guidance

• Breach Debrief Series: EchoSpoofing Phishing Campaign Exploiting Proofpoint’s Email Protection

• The rise of RaaS; how Copilot can safeguard SMEs from the growing storm of AI-boosted cyberattacks

• How cybersecurity training can break the cyber impact chain

• Data Breach: 3 Billion National Public Data Records with SSNs Dumped Online

• Not All MFA Is Equal: Lessons From MFA Bypass Attacks

• A New Plan to Break the Cycle of Destructive Critical Infrastructure Hacks

• On the Cyber Safety Review Board

• Congratulations to the MSRC 2024 Most Valuable Security Researchers!

• New Study Shows GenAI Apps Are Vulnerable To PromptWare Threats

• Top Technology Sector Breaches and Threats

• Sonic Automotive says ransomware-linked CDK software outage cost it $30M

• Stop Using AI for Medical Diagnosis: Experts

• Sitting Ducks DNS Attack Hijack 35,000 Domains

• INTERPOL Recovers $41 Million in Largest Ever BEC Scam in Singapore

• What if a cyber attack takes place on a human body

• Cyberattack Wipes 13,000 School Devices in Mobile Guardian Breach

• Harnessing DevOps Potential: Why Backup Is a Missing Piece

• Cyberattack knocks Mobile Guardian MDM offline and wipes thousands of student devices

• French Museum Network Hit by Ransomware Attack, but No Disruptions Are Reported at Olympic Events

• The Prevalence of DarkComet in Dynamic DNS

• Indonesia Bans Search Engine DuckDuckGo

• #BHUSA: 17.8m Phishing Emails Detected in First Half of 2024

• Hardening the RAG chatbot architecture powered by Amazon Bedrock: Blueprint for secure design and anti-pattern mitigation

• 9 AI-proof IT jobs, plus how to be irreplaceable

• AI in Education: Balancing Innovation with Security

• MSPs: Capitalize on the Expanding Opportunities in the Booming MDU Market

• International Cyber Expo Announces Global Cyber Summit Theme: Resilience

• Bloody Wolf Strikes Organizations in Kazakhstan with STRRAT Commercial Malware

• Bad apps bypass Windows security alerts for six years using newly unveiled trick

• Meet BIX: Your New AI Ally in Cyber Risk and Exposure Management

• A Survey of Scans for GeoServer Vulnerabilities, (Tue, Aug 6th)

• Cost of a data breach: The healthcare industry

• Android vulnerability used in targeted attacks patched by Google

• CISA Releases One Industrial Control Systems Advisory

• Delta Electronics DIAScreen

• Sneaky SnakeKeylogger Slithers Into Windows Email Inboxes

• China’s National Digital ID System Trials Begin Across 80 Internet Service Applications

• NPCI Announces Full Recovery of Banking Services After Ransomware Incident

• Cryptonator Seized for Laundering Ransom Payments and Stolen Cryptocurrency

• What Is an Event-Driven Microservices Architecture?

• Panamorfi TCP flood DDoS Attack Targeting Jupyter Notebooks

• North Korean Hackers Exploit VPN Update Flaw To Breach Networks

• Chameleon Device-Takeover Malware Attacking IT Employees

• CISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog

• Salt Security Enhances API Platform with AI-Powered Insights

• EDR Implementation: Essential Features, Considerations, And Best Practices

• Fighting Back Against Multi-Staged Ransomware Attacks Crippling Businesses

• Ransomware gang targets IT workers with new RAT masquerading as IP scanner

• Men report more pressure and threats to share location and accounts with partners, research shows

• New Generative AI-Powered Solutions to Secure the Workspace

• Securing Data in the AI Era: Introducing Check Point Harmony DLP

• Cyberattack Cost More Than $17 Million, Key Tronic Tells Regulators

• North Korean Hackers Exploit VPN Update Flaw to Install Malware

• Navigating the DORA Landscape with AttackIQ’s Automated Assessment

• Ransomware gang targets IT workers with new RAT maquerading as IP scanner

• CVEs Surge 30% in 2024, Only 0.91% Weaponized

• #BHUSA: Ransom Payments Surge, Organizations Pay Average of $2.5m

• Hardening the RAG chatbot architecture powered by Amazon Bedrock: Blueprint for secure design and anti-pattern migration

• KnowBe4 establishes 6th August as National Social Engineering Day to honour late Kevin Mitnick

• Ransomware Gang Targets IT Workers With New SharpRhino Malware

• Orca Security Extends Visibility Into the Cloud Security

• Building a Resilient Network and Workload Security Architecture from the Ground Up

• My Journey of Conservation and Fulfillment: Time2Give with Sea Turtles

• Cyberattacks Still Ravage Schools, Defying White House Efforts Launched Last Year

• Safeguarding The Backbone: The Critical Imperative to Protect Operational Technology (OT) Devices

• Users call on Microsoft to update Outlook’s friendly name feature

• Abnormal Security Raises $250 Million at $5.1 Billion Valuation

• Minimizing the Impact of Ransomware in the Cloud

• North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry

• Suspicious Minds: Insider Threats in The SaaS World

• Google warns of an actively exploited Android kernel flaw

• 5 Best Practices for Managing Endpoints On a Global Scale

• France Olympics venue hit by a ransomware attack

• 40 French Museums IT Systems Hit by Ransomware Attack

• Stellar Cyber launches Multi-Layer AI platform to enhance threat detection

• Researchers unearth MotW bypass technique used by threat actors for years

• Hero AI by Swimlane enhances security with context-aware recommendations

• More Developers are Learning to Code Using AI tools – But That Doesn’t Mean They Trust Them

• Non-Profit Blood Center OneBlood Recovering from Cripping Ransomware Attack

• Magniber ransomware targets home users

• #BHUSA: 99% of Global 2000 Firms Have Recently Breached Vendors

• UK Needs to Chart its Own Course Towards AI legislation

• Internet Resource Access Policy

• Mullvad vs NordVPN (2024): Which VPN Should You Choose?

• Around 20K Ubiquiti IoT Cameras & Routers are Sitting Ducks for Hackers

• Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year

• SentinelOne unveils AI and cloud innovations on Singularity Platform

• New Android Spyware LianSpy Evades Detection Using Yandex Cloud

• Mobile Guardian Hack Leads to 13,000 Student Devices Wiped in Singapore

• Cybersecurity Headlines: CrowdStrike strikes back against Delta, Keytronic loses millions to ransomware, Flaw in Apache OFBiz

• We Make Threat Actors Read Our Resiliency Policy Before Attacking Us

• French Museums Hit By Ransomware Attack

• TikTok Asks Court To Reject Secret Court Filings In Ban Challenge

• Tripwire Patch Priority Index for July 2024

• Hurricane Season Scams: What you need to know

• Google Fixes Android Kernel Zero-Day Exploited in Targeted Attacks

• APIs, Web Applications Under Siege as Attack Surface Expands

• Police Recover Over $40m Headed to BEC Scammers

• Mercedes-Benz To Test Fully Autonomous Vehicles In Beijing

• Musk Files New Lawsuit Against Altman, OpenAI

• TikTok Withdraws Rewards Programme From EU After DSA Probe

• Researchers Warn of a New Critical Apache OFBiz Flaw

• Mint Stealer: New MaaS Malware Threatens Confidential Data

• North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks

• Should Organizations Pay Ransom Demands?

• Google Patches Android Zero-Day Exploited in Targeted Attacks

• Mobile Device Management Vendor Mobile Guardian Hacked

• EFF at the Las Vegas Hacker Conferences

• Support Justice for Digital Creators and Tech Users

• How to Secure Your Organization from Shadow IT?

• Authorities have Uncovered USD 40 Million from Hackers

• The Illusion of Reputational Damage

• Billion-dollar bust as international op shutters Cryptonator wallet

• 7 Data Security Systems & Products Driving Value

• Resecurity to introduce Context AI, a specialized generative AI framework

• MDM vendor Mobile Guardian attacked, leading to remote wiping of 13,000 devices

• Google Patches New Android Kernel Vulnerability Exploited in the Wild

• Proficio Unveils ProBAS Breach and Attack Simulation Service

• New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution

• LianSpy Spyware ‘LianSpy’ Targets Android Users

• Mobile Guardian attacked, leading to remote wiping of 13,000 devices

• ITSM concerns when integrating new AI services

• Scaling data security solutions: What you need to know

• Email attacks skyrocket 293%

• Illinois relaxes biometric privacy law so snafus won’t cost businesses billions

• Whitepaper: Tools to tackle the multicloud environment

• AI-fueled phishing scams raise alarm ahead of U.S. presidential election

• ISC Stormcast For Tuesday, August 6th, 2024 https://isc.sans.edu/podcastdetail/9084, (Tue, Aug 6th)

• Protecting Your Digital Footprint: A Guide to Data Protection and Privacy Consulting

• NFL to begin using face scanning tech across all of its stadiums

• Shoe Zone – 46,140 breached accounts

• Fake Google Authenticator Sites Exploit Google Ads To Deliver Malware

• Google Chrome uBlock Origin Users Need To Switch Ad Blocker

• Elon Musk sues OpenAI again, alleging ‘Shakespearean’ betrayal of AI mission

• Physicists develop new method to combine conventional internet with the quantum internet

• To Fight Surveillance Pricing, We Need Privacy First

• MSN: Russia takes aim at Sitting Ducks domains, bags 30,000+

• IT Security News Daily Summary 2024-08-05

• US Judge Finds Google ‘Is Monopolist’ In Landmark Ruling

• Cisco IOS XE Automation from Cisco Live AMEA 2024

• How Using a VPN May Benefit Your Privacy

• USENIX Security ’23 – Gradient Obfuscation Gives a False Sense of Security in Federated Learning

• AWS Deploying ‘Mithra’ Neural Network to Predict and Block Malicious Domains

• StormBamboo APT Targets ISPs, Spreads Malware via Software Updates

• Schools will remove app from students’ Chromebooks and iPads following security breach

• Low-Drama ‘Dark Angels’ Reap Record Ransoms

• Vulnerability Recap 8/5/24 – Already-Fixed Flaws Are Still Targeted

• Vulnerability Summary for the Week of July 29, 2024

• Reimagining AI: Ensuring Trust, Security, and Ethical Use

• US Senate Confirms First DOD Cyber Policy Chief

• Why Did Turkey Suddenly Ban Instagram? The Shocking Reason Revealed

• Microsoft Bounty Program Year in Review: $16.6M in Rewards

• Bitcoin Plummets As Investors Dump Risky Assets

• More Legal Records Stolen in 2023 Than Previous 5 Years Combined

• That cyber-heist of 2.9B personal records? There’s a class-action lawsuit looming for that

• Randall Munroe’s XKCD ‘Exam Numbers’

• Generative AI Set To Transform Automotive Industry

• IBM Consulting Cybersecurity Assistant helps clients accelerate alert investigation

• It?s a New World: APIs Protected by the Power of N

• TryCloudflare Exploited In Malicious Campaigns Spreading Malware

• Google Chrome 127 Stable Release Addressed Multiple Security Bugs

• Google Chrome To Block Infostealers With App-Bound Encryption

• Government Takes Social Media To Task Over Violence

• How To Setup OAuth JWT in the Salesforce Connector

• Researchers warn of a new critical Apache OFBiz flaw

• Israeli Hacktivist Group Claims it Took Down Iran’s Internet

• Organizations Fail to Log 44% of Cyberattacks, Major Exposure Gaps Remain

• AppOmni unveils SaaS-aware ITDR capabilities

• Cisco takes a quantum leap ahead to build a more inclusive future

• 10 Best Fortinet Competitors and Alternatives

• US Sues TikTok for Violating Children Privacy Protection Laws

• National Public Data Sued for Hack that Exposed Data of 2.9 Billion People

• Black Hat Fireside Chat: Token’s wearable MFA solution combines PKI, biometrics — in a ring

• TikTok Abuses Kids, say DoJ and FTC

• #BHUSA: Nation-State Attacks Target Hardware Supply Chains

• SaaS authentication: Identity management with Amazon Cognito user pools

• Malware induction into Windows and MacOS devices via ISP

• 332 Million Email Addresses Scraped from SOCRadar.io Published Online

• Tips to provide network support for remote workers

• CrowdStrike fires back at Delta over outage allegations

• CISA Adds One Known Exploited Vulnerability to Catalog

• Surge in Magniber Ransomware Attacks Impact Home Users Worldwide

• Hackers Exploit Bytecode Interpreters to Inject Malicious Code

• Getting to Know Check Point Olympian: Ron Darmon

• Top Tech Conferences & Events to Add to Your Calendar in 2024

• CrowdStrike Outage Renews Supply Chain Concerns, Federal Officials Say

• Your copilot for improved cyber protection

• Black Basta Unleashes Custom Malware Following Qakbot Takedown

• Dark Web Actor Claims Responsibility of ADT Data Breach

• Critical Vulnerability in Apache OFBiz Requires Immediate Patching

• AWS unveils Mithra to identify and mitigate malicious domains across its massive system

• White House Officials Meet with Allies, Industry on Connected Car Risks

• Leveraging CRQ to Comply With DORA Regulations | Kovrr

• Novel SLUBStick Linux Exploit Gives Attackers Full System Control

• Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets

• Linux Kernel Impacted by New SLUBStick Cross-Cache Attack

• Cisco Umbrella for Government Achieves FedRAMP® “Authority to Operate”

• Mozilla Follows Google in Distrusting Entrust’s TLS Certificates

• AI in the Enterprise: Cutting Through the Hype and Assessing Real Risks

• Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)

• Apple Unveils Homomorphic Encryption Package for Secure Cloud Computing

• Cryptonator Seized for Laundering Ransom Payments, Stolen Crypto

• Salt Security Provides Free Scans for XXS Vulnerabilities Involving OAuth Protocol

• Kazakh Organizations Targeted by ‘Bloody Wolf’ Cyber Attacks

• Researchers Uncover Flaws in Windows Smart App Control and SmartScreen

• 86% of Firms Identify Unknown Cyber-Risks as Top Concern

• How AWS tracks the cloud’s biggest security threats and helps shut them down

• Threat Actor Claiming Breach of Gregory’s Foods 400Gb Database

• New LianSpy Attacking Android Users to Steal Sensitive Data

• Threat Actor Allegedly Claims Leak of SisaCloud Database

• AWS launches Mithra to identify and mitigate malicious domains across its massive system

• Keytronic incurred approximately $17 million of expenses following ransomware attack

• Who’s Minding the Store? Why Operational Technology Security Has Become a Top Priority for Federal Security Leaders

• CrowdStrike unhappy about Delta’s ‘litigation threat,’ claims airline refused ‘free on-site help’

• 7 features to look for in a PII Data Discovery Software: A guide for infosec and devops Professionals

• Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) released

• CrowdStrike trying to use legal threats to suppress criticism and parody of global IT outage

• The Pros and Cons of Bitcoin

• Beware Of Fake AI Editor Website That Steals Your Login Credentials

• Cisco XDR: Open Ecosystem Accelerated at Black Hat Events

• Protect AI Raises $60M in Series B Financing

• Abuse of Cloudflare Tunnel Service for Malware Campaigns Delivering RATs

• Rapid7 releases Command Platform, unified attack defense and response

• Ryan Pentney reflects on 10 years of Talos and his many roles from the Sourcefire days

• New BlankBot Android Malware Targets Users’ Banking Data

• Australian Companies Will Soon Need to Report Ransom Payments

• Apache OFBiz Users Warned of New and Exploited Vulnerabilities

• The Loper Bright Decision: How it Impacts Cybersecurity Law

• TikTok Withdraws Lite Rewards Program from EU Over Child Safety Fears

• Hackers Abused StackExchange Platform To Deliuver Malicious Python Package

• Mirai Botnet Attacking Apache OFBiz Directory Traversal Vulnerability

• Hackers Infect Windows With Backdoor Malware Via “Car For Sale” Ad

• Exodus Underground Market Place Emerging As A Heaven For Cybercriminals

• Mint-stealer Targeting web browsers, VPN clients & messaging apps to Steal Logins

• How Project 2025 Would Put US Elections at Risk

• US Releases Russian Hackers and Spies as Part of Prisoner Swap

• Chinese hackers compromised an ISP to deliver malicious software updates

• Amazon Shares Plummet On Slowing Sales

• Google Hires Character.AI Staff, Licenses Tech

• Coinbase Chief Executive Sees Political ‘Shift’ On Crypto

• Customers Flock To Shein South Africa Pop-Up Store

• The Top 6 Urban VPN Alternatives for 2024

• Newly Identified BITSLOTH Backdoor Uses Novel C2 Communication Channel

• FBI Warns of Scammers Posing as Crypto Exchange Employees

• Airlines are Flying Blind on Third-Party Risks

• Tech Support Scam Ring Leader Gets Seven Years in Prison, $6M Fine

• Security Bypass Vulnerability Exposed in Rockwell Automation Logix Controllers

• Enhancing Incident Response Readiness with Wazuh

• White House and EC-Council Launch $15m Cybersecurity Scholarship Program

• Hackers Hijacked ISP Service Provider To Poison Software Updates

• A flaw in Rockwell Automation ControlLogix 1756 could expose critical control systems to unauthorized access

• LianSpy: new Android spyware targeting Russian users

• Justice Department Sues TikTok, Accusing the Company of Illegally Collecting Children’s Data

• Cybersecurity Headlines: Software update malware, investors sue CrowdStrike, cybercriminals in prisoner swap

• Beware Of New BingoMod Android Malware Steals Money & Formats Device

• 5 Amazon Alexa privacy settings you should change right away

• US Sues TikTok For Children’s Law Violations

• Researchers Details How Hackers Can Steal Passwords via HDMI Cables

• 3 Types of Bot Attacks to Guard Against

• Cybersecurity: The Unsung Hero of SOX Compliance

• New Discord DDoS Campaign Called Panamorfi Targets Vulnerable Jupyter Notebooks

• US Senate Panel Advances Cyber Regulatory Harmonization Bill

• Germany Summons Chinese Ambassador Over Cyberattack on Cartography Agency

• APT Group StormBamboo Attacks ISP Customers Via DNS Poisoning

• US Sues TikTok Over ‘Massive’ Children’s Privacy Breach

• Google Project Astra: The AI Assistant We Have Been Waiting for?

• Is Australia’s Public Sector Ready for a Major Cyber Security Incident?

• Strategies for Mitigating LLM Risks in Cybersecurity

• DSPM: A Cybersecurity Approach Tailor-Made for This AI Era

• SEC Charges IRL Founder With Investor Fraud

• Intel, Nvidia Stocks Slide Amidst Chip Turmoil

• Leaked Wallpaper Vulnerability Exposes Windows Users to Privilege Escalation Attacks

• A week in security (July 29 – August 4)

• HP Wolf: Not just software attacks; hackers are coming for enterprise hardware, too

• Effective Third-Party Risk Management Under PCI DSS 4.0

• Industry Moves for the week of August 5, 2024 – SecurityWeek

• Ransomware Attack Cost Keytronic Over $17 Million

• Google Dark Web Monitoring goes free – so what?

• Authorities Seized Cryptonator Site & Charged the Admin

• China-linked APT41 breached Taiwanese research institute

• Wristband Releases Public Beta of its B2B Authentication Platform

• Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access

• Script obfuscation using multiple instances of the same function, (Mon, Aug 5th)

• Threat Actor offers Car Selling Phishing lure

• Safeguarding Data in Container Security Environments

• Evasive Panda Compromises ISP to Distribute Malicious Software Updates

• China starts testing national cyber-ID before consultation on the idea closes

• The Great CrowdStrike Crash, AI’s Role in Employee Smiles

• The role of AI in cybersecurity operations

• China-Linked Hackers Compromise ISP to Deploy Malicious Software Updates

• New Android Trojan “BlankBot” Targets Turkish Users’ Financial Data

• How to start your cybersecurity career: Expert tips and guidance

• MISP: Open-source threat intelligence and sharing platform

• AI expected to improve IT/OT network management

• How life sciences companies use AI to fill the cybersecurity skills gap

• Google gamed into advertising a malicious version of Authenticator

• ISC Stormcast For Monday, August 5th, 2024 https://isc.sans.edu/podcastdetail/9082, (Mon, Aug 5th)

• IT Security News Weekly Summary – Week 31

• IT Security News Daily Summary 2024-08-04

• Google Delays Plan to Replace Cookies, Leaving Users and Industry in Limbo

• USENIX Security ’23 – NeuroPots: Realtime Proactive Defense against Bit-Flip Attacks in Neural Networks

• World’s First AI Law: A Tough Blow for Tech Giants

• Why Automated Incident Response is Essential for Your SOC

• Chinese StormBamboo APT compromised ISP to deliver malware

• Generative AI is Closing The Tech Gap Between Security Teams And Threat Actors

• New Android Malware BingoMod Targets Financial Data and Wipes Devices

• Basta Ransomware Culprits Revealed by Mandiant Investigation

• DoJ and FTC Sue TikTok for Violating Children’s Privacy Laws

• The Value of Trust: How Companies Can Harness Data Responsibly to Drive Growth

• Hackers attempt to sell the personal data of 3 billion people resulting from an April data breach

• Security Affairs newsletter Round 483 by Pierluigi Paganini – INTERNATIONAL EDITION

• Security Affairs Malware Newsletter – Round 5

• New Veeam Data Cloud release delivers Microsoft 365 backup and recovery

• Votiro introduces enhanced data privacy features and integrations

• Binary Defense releases MDR Plus managed security solution

• OOXML Spreadsheets Protected By Verifier Hashes, (Sat, Aug 3rd)

• Week in review: VMware ESXi zero-day exploited, SMS Stealer malware targeting Android users

• Bringing Security Back into Balance

• Top 10 Red Sift OnDMARC Alternatives & Competitors in 2024

• Top 10 Mimecast DMARC Analyzer Alternatives and Competitors in 2024

• Top 10 PowerDMARC Alternatives and Competitors in 2024

• Top 10 Proofpoint Alternatives and Competitors in 2024

Generated on 2024-08-11 23:58:24.483089