IT Security News Weekly Summary – Week 33

• IT Security News Daily Summary 2024-08-18

• USENIX Security ’23 – NVLeak: Off-Chip Side-Channel Attacks via Non-Volatile Memory Systems

• How to freeze your credit – and how it can help protect you after data breaches

• From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs

• The Rise of Malvertising: How Scammers Target Google Products with Malicious Search Ads

• Russian Disinformation Network Struggles to Survive Crackdown

• Pro-Palestine Outfit Takes Responsibility for Hacking Donald Trump-Elon Musk Interview

• Ransomware Attack on the Washington Times Leads to a Dark Web Data Auction

• Navigating AI and GenAI: Balancing Opportunities, Risks, and Organizational Readiness

• National Public Data Breach Exposes Millions: Threat of Identity Theft Looms

• CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass – A Deep Dive

• Getting Wins for Security Leaders: Strategies and Considerations for Success

• Security Affairs newsletter Round 485 by Pierluigi Paganini – INTERNATIONAL EDITION

• SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 7

• Large-scale extortion campaign targets publicly accessible environment variable files (.env)

• Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions

• OpenAI dismantled an Iranian influence operation targeting the U.S. presidential election

• IT Security News Daily Summary 2024-08-17

• Cyber Attack Disrupts Housing Services Across Greater Manchester

• The SIEM Market is Ripe with Consolidation, But are We Delivering on its Intended Security Promise?

• The Growing Threat of OTP-Stealing Malware: Insights from Zimperium’s zLabs

• National Public Data confirms a data breach

• USENIX Security ’23 – PROVIDENCE: a Flexible Round-by-Round Risk-Limiting Audit

• Should Americans Share The Social Security Number? Experts Explain the Pros and Cons

• Use Cash App? You may be eligible for a settlement payout – up to $2500

• The Hidden Threat: Vulnerable App on Google Pixel Devices Puts Millions at Risk

• Was your SSN leaked to the dark web? How to check for suspicious activity (and what to do next)

• Did you get a fake McAfee or Norton invoice? How the scam works (and what not to do)

• Geofence Warrants Ruled Unconstitutional—but That’s Not the End of It

• Paris 2024 Olympics Faced Over 140 Cyberattacks, No Disruptions Reported

• How a BEC scam cost a company $60 Million – Week in security with Tony Anscombe

• How To Respond to The Rise of Banking Trojans

• How the ransomware attack at Change Healthcare went down: A timeline

• 7-Year-Old Pre-Installed Google Pixel App Flaw Puts Millions at Risk

• Vendor Reliance and M&A Surge Contribute to Heightened Ransomware Threat

• ValleyRAT malware is targeting Chinese-speaking users

• Dozens of Google Products Targeted by Scammers via Malicious Search Ads

• A Deep Dive Into a New ValleyRAT Campaign Targeting Chinese Speakers

• OpenAI Blocks Iranian Influence Operation Using ChatGPT for U.S. Election Propaganda

• Cyber Security Today – Week In Review: The challenge of Deep Fakes and more

• CISA Warns Critical Vulnerabilities in Vonets WiFi Bridge Devices, No Patch Available

• Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities – Check Point Research

• PrestaShop GTAG Websocket Skimmer

• News alert: Implementing AI-powered ‘Cisco HyperShield’ requires proper cybersecurity training

• Attackers Exploit Public .env Files to Breach Cloud Accounts in Extortion Campaign

• How to Use 1Password: Guide to Getting Started

• Sophos X-Ops: Ransomware gangs escalating tactics, going to ‘chilling’ lengths

• TEST

• North Korean cyber attacks: How to educate your team on this new scam trend

• USENIX Security ’23 – Reversing, Breaking, and Fixing the French Legislative Election E-Voting Protocol

• CISA adds SolarWinds Web Help Desk bug to its Known Exploited Vulnerabilities catalog

• Assura, Inc Makes the Inc. 5000 Again for the 4th Year; Coming in at No. 2594!!

• IT Security News Daily Summary 2024-08-16

• Digital License Plates and the Deal That Never Had a Chance

• OpenAI shuts down election influence operation that used ChatGPT

• More Sustainable Mining with Cisco

• After nearly 3B personal records leak online, Florida data broker confirms it was ransacked by cyber-thieves

• OpenAI shuts down election influence operation using ChatGPT

• Secure AI Access by Design — Enabling Safe Usage of GenAI Apps

• Unicoin hints at potential data meddling after G-Suite compromise

• Using Amazon GuardDuty Malware Protection to scan uploads to Amazon S3

• The Slow-Burn Nightmare of the National Public Data Breach

• Hacking Beyond .com — Enumerating Private TLDs

• Russian national sentenced to 40 months for selling stolen data on the dark web

• Massive Data Breach at National Public Data Exposes 2.7 Billion Records

• Lawmakers Ask for Probe of Chinese Router Maker TP-Link

• Why Training is Critical to Implementing Cisco HyperShield

• Threat Actors Increasingly Target macOS, Report Finds

• User mode vs. kernel mode: OSes explained

• Doppelgänger Operation Rushes to Secure Itself Amid Ongoing Detections, German Agency Says

• Akamai?s Perspective on August?s Patch Tuesday 2024

• What Is SQL Injection and How Can It Be Avoided?

• The best security keys of 2024: Expert tested

• DigiCert Announces Acquisition of Vercara

• Ransomware Surge Exploits Cybersecurity Gaps Caused by M&A

• The Biggest Lesson From Crowdstrike’s Update Malfunction

• Critical Security Flaw Discovered in Ivanti Virtual Traffic Manager

• USENIX Security ’23 – Fact-Saboteurs: A Taxonomy of Evidence Manipulation Attacks against Fact-Verification Systems

• Survey: Senior Executives Being Held More Accountable for Cybersecurity

• Ukraine Faces New Phishing Campaign Targeting Government Computers, Warns CERT

• Attackers Exploit Public .env Files to Breach Cloud and Social Media Accounts

• Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove and their Big Reveal

• Secure GenAI Applications by Design

• Biotech Company Hacked in 2023 Pays States $4.5 Million Over Breached Data

• Understanding Defense in Depth in IT Security

• Never store credit cards or Social Security Numbers on your phone

• What is an endpoint protection platform (EPP)?

• Report: 56% of Security Professionals Worry About AI-Powered Threats

• Cybersecurity Insights with Contrast CISO David Lindner | 8/16/24

• China To Limit Export Of Another Critical Mineral

• IT Stress Points For SMEs Identified By TalkTalk Business

• Security Experts Welcome NIST’s New Encryption Standards For Quantum Computers

• Banshee Stealer, a new macOS malware with a monthly subscription price of $3,000

• Navigating the future of cybersecurity

• Massive Data Leak Exposes Sensitive Information for Millions

• X Confronts EU Legal Action Over Alleged AI Privacy Missteps

• This Security Researcher Infiltrated the LockBit Ransomware Outfit and Exposed its Leader

• Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web

• 10,000 WordPress Sites Affected by Arbitrary File Read and Delete Vulnerability in InPost PL and InPost for WooCommerce WordPress Plugins

• Report: Ransomware Gangs Rake in More Than $450 Million in First Half of 2024

• Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign

• ESG Survey Report Finds AI, Secrets, and Misconfigurations Plague AppSec Teams

• Modernizing Identity Security Amid an Evolving Threat Landscape

• A ‘very large percentage’ of Pixel phones have a hidden security vulnerability

• SystemBC Malware Used to Target Users by Black Basta-Linked Threat Actors

• The AI Balancing Act: Unlocking Potential, Dealing with Security Issues, Complexity

• August 2024 Patch Tuesday: Six Zero-Days and Six Critical Vulnerabilities Amid 85 CVEs

• New Windows Vulnerability CVE-2024-6768 Triggers Blue Screen of Death on All Versions of Windows 10 and 11

• US Bipartisan Committee Urges Investigation Into Chinese Wi-Fi Routers

• The Relationship Between Performance and Security

• Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware

• Russian Citizen Sentenced in US for Selling Stolen Financial Data on Criminal Marketplace

• Consolidation vs. Optimization: Which Is More Cost-Effective for Improved Security?

• It’s Time to Stop Thinking of Threat Groups as Supervillains, Experts Say

• Addressing Cybersecurity Challenges in Healthcare: A Strategic Approach

• Microsoft Mandates MFA for All Azure Sign-Ins

• AI-powered cyber threats are too overpowering for over 50% of security teams

• Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics

• Meta Warns of Troll Networks From Russia, Iran Ahead of US Elections

• New Banshee Stealer macOS Malware Priced at $3,000 Per Month

• The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence?

• ArtiPACKED Flaw Exposed GitHub Actions to Token Leaks

• IBM to set up ‘full stack’ AI facility at university

• New Windows IPv6 Zero-Click Vulnerability

• DDoS Attack Volume Rises, Peak Power Reaches 1.7 Tbps

• Ransomware Attackers Introduce New EDR Killer to Disable Protection on Compromised Hosts

• Revolut Valued At $45 Billion, More Than Barclays, NatWest

• Tech support scammers impersonate Google via malicious search ads

• Florida-Based National Public Data Confirms Data Breach

• Ailurophile: New Infostealer sighted in the wild

• Google Warns of Iranian Hackers Targeting Affiliates of Both US Presidential Campaigns

• SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day

• How to use the Passwords app on your iPhone with iOS 18

• Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32

• Cybersecurity News: GitHub artifact warning, RansomHub’s EDR killer, SolarWinds latest hotfix

• Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

• M&A Activity can Amplify Ransomware Insurance Losses, Research Finds

• Ransomware Group Behind Major Indonesian Attack Wears Many Masks

• An Analysis of Common Malware Loaders

• Pindrop Pulse Inspect analyzes and verifies whether media files contain synthetic speech

• New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems

• Geopolitical Tensions Drive Explosion in DDoS Attacks

• Why you should remove the hard drive from your old computers

• VirusTotal += Huorong

• Microsoft urges customers to fix zero-click Windows RCE in the TCP/IP stack

• Highly-Personalized Phishing Campaign Targets Russian Government Dissidents

• Striking a Balance Between Business Growth, Risk Management and Cybersecurity

• Holding Trust for Ransom: What’s at Stake as Business Trust Erodes

• Critical Start helps organizations reduce cyber risk from vulnerabilities

• Massive Cyberattack Hit Central Bank of Iran

• Pool your Cybersecurity Resources to Build The Perfect Security Ecosystem

• Cybersecurity in Healthcare: A New Era of Regulation, Incentives, and Patient Safety

• Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk

• Deepfake Technology advancements pose a real and present threat: Cyber Security Today for Friday, August 16, 2024

• List of vulnerable states in America that are vulnerable to Cyber Attacks

• Can a CIO Avoid Cyber Threats and Data Breaches?

• 2024-08-15 – Traffic analysis exercise: WarmCookie

• Authentik: Open-source identity provider

• Business and tech consolidation opens doors for cybercriminals

• AI governance and clear roadmap lacking across enterprise adoption

• New infosec products of the week: August 16, 2024

• How NoCode and LowCode free up resources for cybersecurity

• ISC Stormcast For Friday, August 16th, 2024 https://isc.sans.edu/podcastdetail/9100, (Fri, Aug 16th)

• [Guest Diary] 7 minutes and 4 steps to a quick win: A write-up on custom tools, (Fri, Aug 16th)

• What’s Different About Data Security in the Cloud? Almost Everything.

• NationalPublicData.com Hack Exposes a Nation’s Data

• Publishers Spotlight: SquareX

• Publisher’s Spotlight: Syxsense

• IT Security News Daily Summary 2024-08-15

• A group linked to RansomHub operation employs EDR-killing tool EDRKillShifter

• 2 Fast 2 Legal: How EFF Helped a Security Researcher During DEF CON 32

• FBI and CISA Release Joint PSA, Just So You Know:  Ransomware Disruptions During Voting Periods Will Not Impact the Security and Resilience of Vote Casting or Counting

• The 5 different types of firewalls explained

• Hacking Beyond.com — Enumerating Private TLDs

• EFF Honored as DEF CON 32 Uber Contributor

• DARPA, ARPA-H award $14m to 7 AIxCC semifinalists, with a catch

• USENIX Security ’23 – TRIDENT: Towards Detecting and Mitigating Web-based Social Engineering Attacks

• Dozens of Google products targeted by scammers via malicious search ads

• July ransomware attacks slam public sector organizations

• CISA Adds One Known Exploited Vulnerability to Catalog

• PTC Kepware ThingWorx Kepware Server

• Siemens COMOS

• Siemens LOGO! V8.3 BM Devices

• Siemens INTRALOG WMS

• Google disrupted hacking campaigns carried out by Iran-linked APT42

• Here’s How Users Can Safeguard Themselves From E-Challan Scams

• North Miami Mayor’s Gmail Hacked; Ransomware Attack Disrupts City Services

• AI, election security headline discussions at Black Hat and DEF CON

• Google Confirms Iranian Hackers Behind US Presidential Hacks

• Region 10 Team Provides Vital Election Security Training for Idaho

• ReliaQuest: Watch Out for Info-Stealers and RATs

• Wordfence Intelligence Weekly WordPress Vulnerability Report (August 5, 2024 to August 11, 2024)

• Voting Machine Company Involved in Bribing Scandal Has Long History of Controversy

• New ValleyRAT Malware Targets Chinese Windows Users in Multi-Stage Attack

• How to select an MDR security service

• National Public Data confirms breach, scope unknown

• Tusk: unraveling a complex infostealer campaign

• Amazon To Test Prime Air Drone Delivery In UK, Again

• Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw

• Windows TCP/IP RCE Impacts all Systems with IPv6 Enabled, Patch Now

• Google raps Iran’s APT42 for raining down spear-phishing attacks

• Cisco Confirms Second Round Of Major Job Cuts In 2024

• Wiping a Windows laptop? Here’s the safest free way to erase your personal data

• NIST Releases First Post-Quantum Encryption Algorithms

• USENIX Security ’23 – Strategies and Vulnerabilities of Participants in Venezuelan Influence Operations

• Don’t Mess With Texas Privacy: AG Sues GM for $18 BILLION

• Cyber-criminals Exploited Paris Olympics With Fake Domains

• Rhysida Ransomware selling The Washington Times data for $304,500

• Iranian APT42 Group Launch A Massive Phishing Campaign To Attack U.S. Presidential Election

• Benefits of a More Sustainable Learning Environment in Schools and Universities

• Ransomware Attacks on Industrial Firms Surged in Q2 2024

• FBI and Allies Dismantle Dispossessor Ransomware Network

• Microsoft Patches Critical SmartScreen Vulnerability Exploited by Attackers

• When Data Security Fails: The National Public Data Breach Explained

• The Noname Security 3.34 Update Includes Major Enhancements

• BT Details Plan To Launch First Symmetric Ultrafast FTTP Broadband

• Siemens SINEC Traffic Analyzer

• Siemens SCALANCE M-800, RUGGEDCOM RM1224

• Siemens NX

• Siemens SINEC NMS

• Siemens Teamcenter Visualization and JT2Go

• Comprehensive Hacker Toolkit Uncovered: A Deep Dive into Advanced Cyberattack Tools

• SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software

• Advanced ValleyRAT Campaign Hits Windows Users in China

• Benefits of a Sustainable Learning Environment in Schools and Universities

• Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom

• Cryptography: A Forgotten Part of Software Supply Chain Security

• Ransomware Group Added a New EDR Killer Tool to their arsenal

• CISOs list human error as their top cybersecurity risk

• The best AirTag wallets of 2024: Expert tested

• How to Maximize Network Security With AI and ML

• Hackers Exploit Dark Skippy Attacks to Steal Secret Keys from Secure Devices

• Earn Up to $31,200 Per Vulnerability: Introducing the WordPress Bug Bounty Superhero Challenge!

• Transforming Network Security for the Digital Age with SASE

• Rogue AI is the Future of Cyber Threats

• News Malspam Attacks AnyDesk and Microsoft Teams

• Simplify Your Data Center Security with Check Point’s Managed Firewall-as-a-Service (MFaaS)

• Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App

• How AI Innovation Will Elevate SMB Business Outcomes

• A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers

• SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability

• DEF CON Calls for Cybersecurity Volunteers to Defend Critical Infrastructure

• Russia’s FSB Behind Massive Phishing Espionage Campaign

• Enabling the Safe Use of GenAI Applications

• Choosing Security: Why Companies Should Reject Ransom Payments

• Google: Iranian Group APT42 Behind Trump, Biden Hack Attempts

• Russian-Linked Hackers Target Eastern European NGOs and Media

• Another Record Year For Ransomware Beckons as Crypto Profits Hit $460m

• Kim Dotcom “Has A Plan”, After NZ Signs Extradition Warrant

• Russian man who sold logins to nearly 3,000 accounts gets 40 months in jail

• Enabling Cybersecurity Incident Response

• Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR

• Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)

• South Korea Says DPRK Hackers Stole Spy Plane Technical Data

• RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks

• Identity Threat Detection and Response Solution Guide

• Google Warns of Iranian Cyber-Attacks on Presidential Campaigns

• Google Shows Off Pixel 9 Lineup, Plus AI Upgrades

• Microsoft patches bug that could have allowed an attacker to revert your computer back to an older, vulnerable version

• Ongoing Social Engineering Campaign Refreshes Payloads

• AutoCanada Hit by Cyberattack

• Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments

• Private Internet Access (PIA) vs ExpressVPN (2024): Which VPN Is Better?

• Mad Liberator extortion crew emerges on the cyber-crook scene

• Beyond Zero-Trust: The Impact of Adaptive Micro-Segmentation on Network Security

• Information Security vs. Cybersecurity

• CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations

• FBI Says it is Investigating Purported Trump Campaign Hack

• Human Error – An Overlooked Aspect of Cyber Risk

• Cybersecurity News: Gemini AI privacy, AI Risk Repository, Russian phishing

• NIST Finalizes 3 Algorithms to Combat Future Quantum Cyber Threats

• Black Basta ransomware gang linked to a SystemBC malware campaign

• GitHub Makes Copilot Autofix Generally Available

• Hackers Use BingoMod Android RAT For Fraudulent Transactions

• Patching Recent Linux Kernel Vulnerabilities with KernelCare

• Exploring the Impact of NIST SP 800-53 on Federal IT Systems

• SolarWinds Urges Upgrade After Revealing Critical RCE Bug

• Wireshark 4.4.0rc1’s Custom Columns, (Thu, Aug 15th)

• Was your Social Security number leaked to the dark web? Here’s how to know and what to do

• Opinion: More layers in malware campaigns are not a sign of sophistication

• New Cyber Threat Targets Azerbaijan and Israel Diplomats, Stealing Sensitive Data

• GitHub Vulnerability ‘ArtiPACKED’ Exposes Repositories to Potential Takeover

• Critical Vulnerabilities in IBM QRadar Allow Attackers to Execute Arbitrary Code Remotely

• Taming Identity Sprawl With a Least Privilege Approach

• Over 40 million Kakao Pay users’ data somehow ended up with Alipay

• CMIYC 2024: RAdmin3 Challenge

• New Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto Mining

• Now espionage through HDMI Cables say experts

• China-linked Attackers Target Russian Govt Entities

• Russian Sentenced to 40 Months for Selling Stolen Data on Dark Web

• 74% of IT professionals worry AI tools will replace them

• How passkeys eliminate password management headaches

• Log in to the ADSM Portal using Region User

• The AI balancing act: Unlocking potential, dealing with security issues, complexity

• China-linked cyber-spies infect Russian govt, IT sector

• Cisco Cuts Thousands of Jobs, 7% of Workforce, As It Shifts Focus to AI, Cybersecurity

• DDoS attack volume rises, peak power reaches 1.7 Tbps

• ISC Stormcast For Thursday, August 15th, 2024 https://isc.sans.edu/podcastdetail/9098, (Thu, Aug 15th)

• A massive cyber attack hit Central Bank of Iran and other Iranian banks

• Going Passwordless: 6 Tips to Navigate Passkey Adoption

• Publishers Spotlight: F5

• Risk Management Strategies: Incorporating Cloud WAFs into Your Plan

• A Single Iranian Hacker Group Targeted Both Presidential Campaigns, Google Says

• The Future of Search: AI-Powered Transformation

• BTS #36 – Supply Chain Policies – Stewart Scott, Trey Herr

• IT Security News Daily Summary 2024-08-14

• Microsoft Discovers Critical OpenVPN Vulnerabilities

• USENIX Security ’23 – Are You Spying on Me? Large-Scale Analysis on IoT Data Exposure through Companion Apps

• CrowdStrike’s Recovery Efforts in Focus After Global IT Outage

• Top Data Strategies to Better Protect Your Information from Hackers

• CBA’s x15ventures Set to Lead in Fintech AI Innovation

• Bringing Our Portfolio Together

• Safeguarding Democracy in the Digital Age: Insights from Day 1 at Black Hat 2024 and Las Vegas Officials

• Lessons learned from CrowdStrike’s automation errors

• Trump campaign hack-and-leak appears like a rerun of 2016. This time, media outlets are responding differently

• In These Five Social Media Speech Cases, Supreme Court Set Foundational Rules for the Future

• Microsoft Patched 6 Actively Exploited Zero-Day Flaws

• Google Pixel 9 is first Android phone to get satellite SOS messaging

• Russian cyber snoops linked to massive credential-stealing campaign

• Five Gartner Reports. Four Categories. What Does OX Security Do Anyway?

• Spotify To Add EU Pricing Info To iOS App

• Your Gym Locker May Be Hackable

• China-linked APT Earth Baku targets Europe, the Middle East, and Africa

• Texas sues GM for selling driver data to analytics, insurance companies

• Black Basta-Linked Attackers Target Users with SystemBC Malware

• August Patch Pileup: Microsoft’s Zero-Day Doozy Dump

• SolarWinds addressed a critical RCE in all Web Help Desk versions

• Enzo Biochem ordered to cough up $4.5 million over lousy security that led to ransomware disaster

• How to centrally manage secrets with AWS Secrets Manager

• California Permits Passenger Testing For Chinese Robotaxi Firm WeRide

• Texas Sues GM for Collecting Driving Data without Consent

• EFF Presses Federal Circuit To Make Patent Case Filings Public

• Talos discovers 11 vulnerabilities between Microsoft, Adobe software disclosed on Patch Tuesday

• PRODUCT REVIEW: TREND VISION ONE CLOUD SECURITY

• Upcoming Speaking Engagements

• Publishers Spotlight: Endace

• Cyber Attack Sparks Phishing Scam Across Greater Manchester

• Bluesky Signups Surge In UK After Musk Clash With British Government

• The best VPN for streaming in 2024: Expert tested and reviewed

• Tesserent Offers Mental Health Tips for Australian CISOs

• GitHub Copilot Autofix tackles vulnerabilities with AI

• Xapo Bank Aims To Boost Bitcoin Safety With Tech And Bunkers

• New Phishing Attack Uses Sophisticated Infostealer Malware

• Akamai Guardicore Platform: Microsegmentation Just Got a Whole Lot Better

• India’s Bharti Global To Acquire 24.5 Percent Of BT

• Ransomware Kingpin Who Called Himself “J P Morgan” Extradited to the United States

• Adobe Releases Security Updates for Multiple Products

• Texas firm says it lost $60M in a bank wire transfer scam

• 2.7 billion Leaked Data Records Expose Personal Information of US People

• Unconfirmed Hack of 2.9 Billion Records at National Public Data Sparks Media Frenzy Amid Lawsuits

• How Audit Procedures and Internal Controls Improve Your Compliance Posture

• GPS Spoofing Incidents Spike 400%: Here’s What You Should Know

• Manufacturing Firm Loses $60m in BEC Scam

• The Evolution of Secure Access: The Shift from VPNs to Zero Trust Network Access

• Creating Effective Exceptions in Java Code [Video]

• Research Uncovers New Microsoft Outlook Vulnerability

• Watch Out For The ‘0.0.0.0 Day’ Zero-Day Flaw Affecting Web Browsers

• CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM

• Have you ever used Cash App? You might be eligible for a $2,500 settlement payout

• Palo Alto Networks execs apologize for ‘hostesses’ dressed as lamps at Black Hat booth

• Dark Web Revealed: The Hidden Internet’s Role in Cybercrime and Digital Privacy

• Cloud Security Report Highlights Misconfiguration and IAM as Top Threats

• CISA’s Shields Up and Shields Ready Programs: A Proactive Approach to Cybersecurity for Critical Infrastructure

• Enabling Cyber Resiliency with NIST, Cisco Security, and Splunk

• New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands

• Prolific Malvertising Scammer Arrested and Extradited to US to Face Charges

• Update: New Windows SmartScreen Bypass Exploited as Zero-Day Since March

• Unit 42 Attack Surface Threat Research: Over 23% of Internet-Connected Exposures Involve Critical IT and Security Infrastructure

• X accused of unlawfully using personal data of 60 million+ users to train its AI

• We’re making it easier for you to protect your identity

• Server-Side Template Injection: A Critical Vulnerability Threatening Web Applications

• Defense in Diversity: A Strategy for Robust Cybersecurity

• Strobes Integrates with Azure Repos: Enhancing Code Security

• DigiCert Acquires Vercara to Extend Cybersecurity Services

• ClearSale introduces three solutions to protect businesses from fraud

• AI risks are everywhere – and now MIT is adding them all to one database

• ‘SinkClose’ AMD CPU vulnerability explained: How dangerous is it really?

• White House Post-Quantum Announcement: What It Means for Cybersecurity

• Microsoft Patched SmartScreen Zero-Day Without Announcing

• Secure Data Sharing Company Kiteworks Raises $456 Million

• How to Augment Your Password Security with EASM

• Belarusian-Ukrainian Hacker Extradited to U.S. for Ransomware and Cybercrime Charges

• Understanding AI Bias and Security with NetSPI

• Face Check With Microsoft Entra Verified ID Is Now Generally Available, Microsoft

• Earth Baku Using Customized Tools To Maintain Persistence And Steal Data

• Iranian APT42 Actors Conducting World Wide Surveillance Operations

• BYOVDLL – A New Exploit That Is Bypassing LSASS Protection

• EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

• Intel Sells Stake In British Chip Designer ARM

• Hackers Exploited by GraphQL Vulnerabilities to Compromise Organizations

• Vulnerability Recap 8/13/24 – Old Vulnerabilities Unexpectedly Emerge

• Seamless Secure Work on a Plane

• How CIOs, CTOs, and CISOs View Cyber Risks Differently

• Phishing Campaign Poses as Ukraine’s Security Service to Spread ANONVNC Malware

• Microsoft August Patch Tuesday Fixed 10 Zero-Day Vulnerabilities

• Proton has a plan to boost your online privacy. And your friend can benefit, too

• Want to Win a Bike Race? Hack Your Rival’s Wireless Shifters

• Improved vulnerability reporting on Quay.io

• test post for author

• Critical Vulnerability Found in Microsoft’s AI Healthcare Chatbot

• DoJ Considers Google Breakup After Landmark Monopoly Ruling

• iProov: 70% of organizations will be greatly impacted by gen AI deepfakes

• Kiteworks captures $456M at a $1B+ valuation to help secure sensitive data

• Microsoft Discloses 10 Zero-Day Bugs in Patch Tuesday Update

• Biden Administration Pledges $11 Million to Open Source Security Initiative

• Feds Seize Radar/Dispossessor Ransomware Gang Servers in US and Europe

• Chipmaker Patch Tuesday: Intel, AMD Address Over 110 Vulnerabilities

• NIST Releases Post Quantum Cryptography Standards

• Putting Threat Modeling Into Practice: A Guide for Business Leaders

• Cyber-Attack Spreads Phishing Scam Across Greater Manchester Areas

• 0-Click Outlook RCE Vulnerability Triggered When Email is Clicked – Technical Analysis

• The AMD SinkClose security hole is dangerous. Here’s how to protect your systems

• Report: 35% of Exposed API Keys Still Active, Posing Major Security Risks

• Critical SAP Flaw Allows Remote Attackers to Bypass Authentication

• Cybercriminal Duo Attracts FBI Notice by Spending Big & Living Large

• Is Lenovo a blind spot in US anti-China security measures?

• How LLMs are Revolutionizing Data Loss Prevention

• Cybersecurity News: FBI shutters Radar, NIST post-quantum standards, 2.7B record leaked

• Dark Web Marketplace Admins Busted Following Luxury Life

• Kootenai Health data breach impacted 464,000 patients

• NCSC Calls on UK Firms to Join Mass Cyber-Deception Initiative

• Updates and Evolution of the NIST Cybersecurity Framework: What’s New?

• Train for Entry-Level or Advanced IT Positions for Just $50

• Manufacturer Orion SA says scammers conned it out of $60M

• DeathGrip: Emergence of a new Ransomware-as-a-Service

• ICS Patch Tuesday: Advisories Released by Siemens, Schneider, Rockwell, Aveva

• Will GitOps Solve Configuration Security Issues?

• 2.7 Billion Data Records Leaked Including Social Security Numbers

• Microsoft Fixes Nine Zero-Days on Patch Tuesday

• Multiple Malware Dropped Through MSI Package, (Wed, Aug 14th)

• Clickbait PDFs, An Entry point For Multiple Web Based Attacks

• Microsoft Patch Tuesday security updates for August 2024 addressed six actively exploited bugs

• GraphQL Vulnerabilities and Common Attacks: Seen in the Wild

• Ivanti Neurons for Patch Management enhancements automate patching process

• Hackers Toolkit Unveiled, Comprehensive Tools For Various Cyber Attacks

• Exploiting pfsense Flaw for Remote Code Execution

• New Banshee MacOS Stealer Attacking Users to Steal Keychain Data

• DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals

• Indian telcos to cut off scammy, spammy, telemarketers for two whole years

• Elon Musk’s claim of DDoS attack greeted with skepticism: Cyber Security Today for Wednesday, August 14th, 2024

• Zoom Fixes Critical Vulnerabilities Allowing Privilege Escalation

• Malware Loaders Dominate Cybersecurity Threats in 2024

• Mobile security settings useful to block thieves in extracting data and money

• Can Hackers Track Down a User Based on Google Maps Usage?

• When Disinformation Floods the Internet, Preserving Truth Requires Proper Equipment

• China-Backed Earth Baku Expands Cyber Attacks to Europe, Middle East, and Africa

• Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access

• Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Day Exploits

• Email Breach Report 2024: The Most Vulnerable Names and Providers Exposed

• IntelOwl: Open-source threat intelligence management

• Delta vs. CrowdStrike: The duties vendors owe to customers – or do they?

• NIST Debuts First Set of Finalized Post-Quantum Encryption Standards

• Cybersecurity jobs available right now: August 14, 2024

• Current attacks, targets, and other threat landscape trends

• What We Know About Suspected Iranian Cyber Intrusion in the US Presidential Race

• NIST releases finalized post-quantum encryption standards

• A Letter From Our CEO

• ISC Stormcast For Wednesday, August 14th, 2024 https://isc.sans.edu/podcastdetail/9096, (Wed, Aug 14th)

• NIST finalizes trio of post-quantum encryption standards

• Patch Tuesday brings 90 new Microsoft CVEs, six already under exploit

• Transform Your MSP’s Financial Future

• VERT Threat Alert: August 2024 Patch Tuesday Analysis

• Chris Leong – 27,096 breached accounts

• Why Badge’s device independent MFA is core to the future of identity security

• Six 0-Days Lead Microsoft’s August 2024 Patch Push

• IT Security News Daily Summary 2024-08-13

• LDLC – 1,266,026 breached accounts

• Cloud infrastructure entitlement management in AWS

• Back to school: Managing your high schooler’s digital milestones

• Six ransomware gangs behind over 50% of 2024 attacks

• FBI Disrupts Operations of the Dispossessor Ransomware Group

• Microsoft fixes 6 zero-days under active attack

• Microsoft August 2024 Patch Tuesday, (Tue, Aug 13th)

• 16 Women in Cybersecurity Who Are Reshaping the Industry [2024]

• What the Delta-Crowdstrike lawsuit may mean for IT contracts

• Microsoft Warns of Six Windows Zero-Days Being Actively Exploited

• Gartner® Insights: Navigating the Evolving API Protection Market and Taking Action

• Talos discovers Microsoft kernel mode driver vulnerabilities that could lead to SYSTEM privileges; Seven other critical issues disclosed

• Law enforcement disrupts Radar/Dispossessor ransomware group

• A PoC exploit code is available for critical Ivanti vTM bug

• National Public Data (unverified) – 133,957,569 breached accounts

• Vulnerability Recap 8/12/24 – Old Vulnerabilities Unexpectedly Emerge

• Ewon Cosy+ Industrial Devices Vulnerable to Serious Security Exploits

• StickmanCyber Report: A Look Inside Australia’s Cybersecurity Skills Crisis

• Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix, Compact GuardLogix 5380

• Rockwell Automation FactoryTalk View Site Edition

• Rockwell Automation GuardLogix/ControlLogix 5580 Controller

• CISA Adds Six Known Exploited Vulnerabilities to Catalog

• US accuses man of being ‘elite’ ransomware pioneer they’ve hunted for years

• Adobe Calls Attention to Massive Batch of Code Execution Flaws

• WTH? DPRK WFH Ransomware Redux: 3rd Person Charged

• SIEM vs. SOAR vs. XDR: Evaluate the key differences

• The UN General Assembly and the Fight Against the Cybercrime Treaty

• Check Point Research Warns Every Day is a School Day for Cyber Criminals with the Education Sector as the Top Target in 2024

• US appeals court rules geofence warrants are unconstitutional

• Biden-Harris Campaign, Trump Operative Stone Also Target of Hackers

• Rhysida Ransomware Takes Responsibility for Bayhealth Hospital Breach

• Malwarebytes awarded Parent Tested Parent Approved Seal of Approval

• Digital Apartheid in Gaza: Big Tech Must Reveal Their Roles in Tech Used in Human Rights Abuses

• Australian gold producer targeted by ransomware gang

• What Does It Take to Manage an On-Premise vs Cloud Data Security Product?

• Rockwell Automation AADvance Standalone OPC-DA Server

• Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix, and Compact GuardLogix 5380

• Rockwell Automation Micro850/870

• Rockwell Automation Pavilion8

• AVEVA SuiteLink Server

• Lead with simplicity: A guide for strengthening security in logistics

• US Unseals Charges Against Three Eastern Europeans Over Ransomware, Malvertising

• Gold Mining Firm in Australia Reports Ransomware Breach

• EDR Importance: Why Is EDR Important? (With Use Cases)

• Feds bust minor league Radar/Dispossessor ransomware gang

• Sleeping With the Phishes

• USENIX Security ’23 – Formal Analysis of SPDM: Security Protocol and Data Model Version 1.2

• NIST Formalizes World’s First Post-Quantum Cryptography Standards

• Hacktivism’s Role in Political Conflict: The Renewed Campaign of #OpVenezuela

• Check Point Research Warns Every Day is a School Day for Cybercriminals with the Education Sector as the Top Target in 2024

• New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity

• Massive Data Breach in Columbus Over 3TB Files Leaked by Rhysida Ransomware Group

• East Valley Institute of Technology Data Breach Exposes Over 200,000 Records

• Cost of a data breach 2024: Financial industry

• National Public Data Breach: 2.7bn Records Leaked on Dark Web

• Guardio Critical Security Alerts monitors and analyzes scam activities

• Suspected head of Reveton, Ransom Cartel RaaS groups arrested

• Researchers Uncover Vulnerabilities in AI-Powered Azure Health Bot Service

• GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

• The great location leak: Privacy risks in dating apps

• Reframing the ZTNA vs. SASE Debate

• Cequence Storms Black Hat with API Security Testing for Generative AI Applications

• Cato Network Reports Spike in Attempts to Exploit Log4j Vulnerabilities

• Scammers dupe chemical company into wiring $60 million

• Phishing Campaign Compromises 100+ Ukrainian Government Computers

• Twitter’s AI Ambitions Face GDPR Backlash: Nine New Complaints Filed

• Preparation Is Not Optional: 10 Incident Response Readiness Considerations for Any Organization

• Stellar strengthens security for remote teams

• Prolific Belarusian Cybercriminal Arrested in Spain

• Help Desks Under Siege: Bolstering Cyber Defenses

• CryptoScam Strikes Misusing Trump & Musk Interview

• McAfee vs Kaspersky (2024): Which Solution Is Best for Your Team?

• Urgent Call for EPA Cyber Strategy to Safeguard Water Infrastructure

• A refresher on Talos’ open-source tools and the importance of the open-source community

• Hackers Leak 1.4 Billion Tencent User Accounts Online

• APT trends report Q2 2024

• Misconfigurations and IAM Weaknesses Top Cloud Security Concerns

• Post-Quantum Cryptography Standards Officially Announced by NIST – a History and Explanation

• Italy Demands Cybersecurity Safeguards from Dongfeng for New Auto Plant Investment

• What Happens When Your House Burns Down Right Before a Meeting?

• How to Prepare for SOC 2 and ISO 27001 Audit? Tips for Jira Admins

• Why Hardsec Matters: From Protecting Critical Services to Enhancing Resilience

• Data theft forum admins busted after flashing their cash in a life of luxury

• On the Voynich Manuscript

• New Dark Skippy Attack Let Hackers Steal Secret Keys From Signing Devices

• Orion SA says scammers conned company out of $60 million

• Three Reasons to Take a New Cyber-Resilient Approach to Data Protection

• Australian gold mining company hit with ransomware

• Fake X Content Warnings on Ukraine War, Earthquakes Used as Clickbait

• Scout Suite: Open-Source Cloud Security Auditing Tool

• Who uses LLM prompt injection attacks IRL? Mostly unscrupulous job seekers, jokesters and trolls

• Ransomware Hits Australian Gold Mining Firm Evolution Mining

• ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts

• Volocopter Tests eVTOL ‘Air Taxi’ At Versailles

• Polish Billionaire, Wife To Sue Meta Over Misinformation

• Privacy Group Files GDPR Complaints Over X AI Data Plans

• Trump Returns To X For Live Interview

• FBI Investigates After Trump Campaign Hacked By Iranians

• Kicking cyber security down the road can come back to bite you

• Britain and France to Discuss Misuse of Commercial Cyber Intrusion Tools

• The Crucial Role of Firewall Rule Histories

• Why Are Fortune 500 Companies Swiping Right on 3-Person Startups?

• Authorities Seized Dispossessor Ransomware Servers

• Understanding Social Engineering Tactics: 8 Attacks to Watch Out For

• What is the Critical Pathway to Insider Risk (CPIR)?

• FBI Shuts Down Dispossessor Ransomware Group’s Servers Across U.S., U.K., and Germany

• Cybersecurity News: U.S. “laptop farm” shut down, Ukranian computers compromised, Trump campaign hacked

• CERT-UA warns of a phishing campaign targeting government entities

• NIS2: A Catalyst for Cybersecurity Innovation or Just Another Box-Ticking Exercise?

• South Korea Warns Pyongyang Has Stolen Spy Plane Details

• DeathGrip Ransomware Expanding Services Using RaaS Service

• Unmasking the Overlap Between Golddigger and Gigabud Android Malware

• Radar/Dispossessor Ransomware Operation Disrupted by Authorities

• Black Hat Fireside Chat: Here’s how ‘Active ASPM’ is helping to triage and remediate coding flaws

• International investigation shuts down Radar/Dispossessor ransomware group

• FBI Leads Effort to Dismantle Radar/Dispossessor Ransomware

• In search of the foolproof AI watermark

• US DoJ dismantled remote IT worker fraud schemes run by North Korea

• Government says to add cybersecurity to your back-to-school list

• Understanding Defense in Depth in IT Security

• PostgreSQL Vulnerability Allows Hackers To Execute Arbitrary SQL Functions

• This new fully encrypted messenger app is serious about privacy

• PostgreSQL Vulnerability Hackers Execute Arbitrary SQL Functions

• Email Security Risk Remains Alarmingly High

• Publishers Spotlight: DigitalXForce

• ‘Digital arrest’ scams are big in India and may be spreading

• Ukraine Warns of New Phishing Campaign Targeting Government Computers

• Donald Trump interview with Elon Musk disrupted by DDoS Cyber Attack

• Browser backdoors: Securing the new frontline of shadow IT

• Six Reasons Healthcare Organizations Need Robust Cybersecurity

• How CIOs, CTOs, and CISOs view cyber risks differently

• Key metrics for monitoring and improving ZTNA implementations

• AMD won’t patch Sinkclose security bug on older Zen CPUs

• 35% of exposed API keys still active, posing major security risks

• ISC Stormcast For Tuesday, August 13th, 2024 https://isc.sans.edu/podcastdetail/9094, (Tue, Aug 13th)

• FBI Says It Is Investigating After Trump Campaign Said Sensitive Documents Were Hacked by Iran

• Risk & Repeat: Recapping Black Hat USA 2024

• Ransomware Attack Fetched A Record $75 Million

• IT Security News Daily Summary 2024-08-12

• SAFECOM Membership Spotlight ft. Red Grasso, North Carolina Department of Information Technology

• How to conduct a mobile app security audit

• FBI takes down ransomware gang that hacked dozens of companies

• Harnessing LLMs for Automating BOLA Detection

• The biggest data breaches in 2024: 1 billion stolen records and rising

• Federal Appeals Court Finds Geofence Warrants Are “Categorically” Unconstitutional

• USENIX Security ’23 – Automated Security Analysis of Exposure Notification Systems

• Disposing of an old Windows laptop? Here’s the safest way to erase your personal data (for free!)

• Attacker steals personal data of 200K+ people with links to Arizona tech school

• DOJ Shuts Down Another North Korean ‘Laptop Farm’

• A FreeBSD flaw could allow remote code execution, patch it now!

• The UK Erupts in Riots as Big Tech Stays Silent

• Apple’s ToolSandbox reveals stark reality: Open-source AI still lags behind proprietary models

• Black Hat and DEF CON Roundup 2024: CrowdStrike Accepts ‘Epic Fail’ Award

• Flashpoint CEO: Cyber, physical security threats converging

• Justice Department Disrupts North Korean ‘Laptop Farm’ Operation

• AppViewX Automated Certificate Management for PingAccess

• News alert: Criminal IP and Maltego team up to broaden threat intelligence data search

• India’s Largest Crypto Theft: INR 2,000 Crore Stolen from WazirX Exchange Wallet

• Vulnerability Summary for the Week of August 5, 2024

• AI girlfriends want to know all about you. So might ChatGPT (Lock and Code S05E17)

• Attacker steals personal data of 200k+ people with links to Arizona tech school

• Ransomware gangs doxing family members of victims

• Several Vulnerabilities Found in Google’s Quick Share Data Transfer Utility

• Data Fusion: Enhancing Interoperability, Privacy, and Security

• Secureworks Fills Australian Mid-Market Demand for Simplified Cyber Security Solutions

• 18-Year-Old Vulnerability in Firefox and Chrome Actively Exploited in Cyber Attacks

• Researchers Demonstrate How Attackers Can Exploit Microsoft Copilot

• Vulnerability in Windows Driver Leads to System Crashes

• 5,000 WordPress Sites Affected by Unauthenticated Remote Code Execution Vulnerability in JS Help Desk WordPress Plugin

• Telegram Bot Selling Phishing Tools to Bypass 2FA & Hack Microsoft 365 Accounts

• Google Manifest V3 and Malwarebytes Browser Guard

• Harnessing the Power of AI to Improve Operations

• HYAS Investigates Threat Actors Hidden In Gaming Services

• High-Risk Cloud Exposures Surge Due to Rapid Service Growth

• Taking Steps to Prepare for Quantum Advantage

• The Need for Application Security Testing

• Mega money, unfathomable violence pervade thriving underground doxxing scene

• The Value in Root Cause Analysis for Vulnerability Management

• Trump Campaign Hack Points to Growing U.S. Election Threats

• Russia Blocks Signal App Citing Violation Of Laws

• Criminal IP and Maltego Collaborate to Broaden Threat Intelligence Data Search

• Dashlane vs Lastpass: 2024 Password Manager Comparison

• Malware-as-a-Service and Ransomware-as-a-Service Lower Barriers for Cybercriminals

• DARPA Awards $14m to Seven Teams in AI Cyber Challenge

• Australian Gold Mining Company Reports Ransomware Attack

• Critical AWS Services Vulnerability Let Attackers Execute Remote Code

• Imperva Security Efficacy and Operational Efficiency Leads the Industry in SecureIQLab’s Cloud WAAP Comparative Report

• UN Cybercrime Treaty Passes in Unanimous Vote

• 200k Impacted by East Valley Institute of Technology Data Breach

• Chrome, Edge users beset by malicious extensions that can’t be easily removed

• Google Patches Critical Vulnerabilities in Quick Share After Researchers’ Warning

• Hackers Exploiting WinRAR Flaw To Attacks Windows & Linux(ESXi) Machines

• Check Point and Cybrary: Empowering Customers with Cutting-Edge Cyber Security Training

• Digital Pioneers: Why Today’s Youth is the Best Generation to Support Cyber Security of the Future

• Common Business-Related Phishing Scams Include Fake HR and IT Subject Lines

• Shorter TLS Certificate Lifespans Expected to Complicate Management Efforts

• Critical 1Password Flaws May Allow Hackers to Snatch Users’ Passwords

• Survey: Cybersecurity Teams Investing in Automation to Reduce Noise Levels

• How Phishing Attacks Adapt Quickly to Capitalize on Current Events

• UN Adopts Controversial Cybercrime Treaty

• Shedding Light on The Dark Web: Enhancing Cybersecurity Through Proactive Monitoring

• How to spot phishing in the age of AI

• What skills can cyber security experts develop to adapt to AI and quantum computing?

• Sonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on Users

• Researcher Saves Six Companies from Ransomware by Exploiting Security Flaws in Ransomware Gangs’ Infrastructure

• The Missing Piece of SASE — Prisma Access Browser — Now Available

• CrowdStrike Pursuing Deal to Buy Patch Management Specialist Action1

• Indirect prompt injection in the real world: how people manipulate neural networks

• SaaS Apps Present an Abbreviated Kill Chain for Attackers

• Microsoft Found OpenVPN Bugs That can be Chained to Achieve RCE and LPE

• Bipartisan Bill to Tighten Vulnerability Disclosure Rules for Federal Contractors

• FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability

• The AI Hangover is Here – The End of the Beginning

• Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems

• Worried about the Windows BitLocker recovery bug? 6 things you need to know

• The best hacks and security research from Black Hat and Def Con 2024

• Earth Baku’s Latest Campaign Expands its Reach to Europe, the Middle East, and Africa

• Russia Microsoft Hack Accessed Home Office Data

• Ransomware Group BlackSuit Upgrades Capabilities

• Starliner Astronauts May Use SpaceX For Return Trip

• Cisco ‘Planning Second Round’ Of Major Job Cuts

• Policing the Metaverse

• NCSC to Build Nation-Scale Evidence Base for Cyber Deception

• Multi-Factor Authentication Policy

• How Organizations Can Prevent Their Employees Falling for Cyber Scams

• Norton Secure VPN vs NordVPN (2024): Which VPN Is the Best?

• Taxonomy of Generative AI Misuse

• SSHamble: Open-Source Security Testing of SSH Services

• Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)

• How Network Segmentation can Strengthen Visibility in OT Networks

• Update: Exploit Released for Cisco SSM Bug Allowing Admin Password Changes

• Industry Moves for the week of August 12, 2024 – SecurityWeek

• The UN Is Moving to Fight Cybercrime but Privacy Groups Say Human Rights Will Be Violated

• AI Integration, Budget Pressures Challenge CISOs

• Cybersecurity News: Iran election interference, AMD SinkClose flaw, ADT break-in

• Google’s Quick Share Vulnerabilities Let Attackers Execute Remote Code

• Find Your Best Fit: Solving the Cybersecurity Framework Puzzle

• Scams: Understanding vulnerabilities and protective strategies

• EastWind campaign targets Russian organizations with sophisticated backdoors

• Nearly 200 Firms Have Signed Pledge to Build More Secure Software, Top Cyber Official Says

• Latrodectus and ACR Stealer Observed Spreading via Google Authenticator Phishing Site

• Resecurity unveils new AI-driven Fraud Prevention Platform

• Microsoft Reveals Iranian US Election Interference Ops

• Analysis of Data Exfiltration Tools Used by Threat Actors

• Evolve your cloud security knowledge

• Man in Dock Accused of Breaking Hi-Tech Export Controls

• Vulnerabilities in Solar Power Management Platform can Lead to Blackouts

• AI and the Legal Framework: A Critical Turning Point

• A week in security (August 5 – August 11)

• Empowering youth worldwide toward a more sustainable and digitally resilient future

• Botnet 7777: Are You Betting on a Compromised Router?

• Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

• Leeds Man Jailed For Inciting Violence On Facebook

• Emerging Exfiltration Tools Highlight Growing Threats to Enterprise Data

• New Malware Strains Pop Up in Threat Landscape

• Fake WinRar Websites Distributing Malware Payloads Hosted on GitHub

• New Widespread Extension Trojan Malware Campaign

• Experts Find Sinkclose Bug in Millions of AMD Processors, Hard to Patch

• Authorities Arrested Two Admins of WWH-Club Stolen Credit Card Marketplace

• Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE

• The Importance of APIs/API Security in Financial Services

• Over 15,000 hard coded secrets found by researcher at Defcon: Cyber Security Today for Monday, August 12, 2024

• Trump campaign cites Iran election phish claim as evidence leaked docs were stolen

• Microsoft issues alert against email phishing attack to influence US 2024 Elections

• The Importance of Zero Touch in Cloud Security

• 74% of ransomware victims were attacked multiple times in a year

• Scout Suite: Open-source cloud security auditing tool

• EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files

• Misconfigurations and IAM weaknesses top cloud security concerns

• Steps to improve quality engineering and system robustness

• The UN unanimously agrees that cybercrime is bad, mkay?

• ISC Stormcast For Monday, August 12th, 2024 https://isc.sans.edu/podcastdetail/9092, (Mon, Aug 12th)

• Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts

• Video: Same Origin, CORS, DNS Rebinding and Localhost, (Mon, Aug 12th)

• USENIX Security ’23 – VulChecker: Graph-based Vulnerability Localization in Source Code

• IT Security News Weekly Summary – Week 32

• IT Security News Daily Summary 2024-08-11

• DevSecOps Teams Face Regular Outages, Cyberattacks, and Data Breaches

• CrowdStrike accepts award for ‘most epic fail’ after global IT outage

• Foreign nation-state actors hacked Donald Trump’s campaign

• ‘0.0.0.0 Day’ Vulnerability Puts Chrome, Firefox, Mozilla Browsers at Risk

• CrowdStrike Explains Root Cause of Globat IT Outage

• Open source tools to boost your productivity

• Book Review: ‘Why Cybersecurity Fails in America’

• BlackSuit Ransomware: A New Threat on the Rise

• Samsung Announced New Bug Bounty Program For Galaxy Devices

• Researchers Demonstrate Windows Downgrade Attacks At Black Hat 2024

• National Public Data Hacked: Personal Information of Millions at Risk

• Exposing the Business of Doxing and Its Perils

• Unsolicited ‘Offensive’ Political Emails Stir Data Privacy Concerns in East London

• Maximizing Cybersecurity Impact Within Budget Constraints

• QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share

• Watch Out For The New BingoMod Android Trojan

• Latest MacOS Sequoia Update Restricts Gatekeeper Control

• Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys

• Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION

• SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6

• ADT disclosed a data breach that impacted more than 30,000 customers

• Week in review: Tips for starting your cybersecurity career, Patch Tuesday forecast

• Cybersecurity Insiders Q&A: SonicWall President and Chief Executive Officer Robert VanKirk

• Donald Trump’s Campaign Says Its Emails Were Hacked

• Shadow – 543,295 breached accounts

Generated on 2024-08-18 23:58:21.322082