- IT Security News Daily Summary 2024-09-22
-
Security Flaw in Google Cloud Document AI Could Expose Sensitive Data, Experts Warn
-
Global Taskforce Dismantles Encrypted Criminal Platform ‘Ghost,’ Leading to 51 Arrests
-
Tor Project Assures Users It’ Safe Amid Controversy of Deanonymizing Users
-
USENIX NSDI ’24 – Jolteon: Unleashing the Promise of Serverless for Serverless Workflows
-
macOS Sequoia Interferes With VPNs And EDRs Following Update
-
Security Affairs newsletter Round 490 by Pierluigi Paganini – INTERNATIONAL EDITION
-
Noise Storms: Mysterious massive waves of spoofed traffic observed since 2020
-
Tor Assured Safety Amidst Deanonymizing Claims From Authorities
-
Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18
-
FBI, CISA warning over false claims of hacked voter data – Week in security with Tony Anscombe
-
‘Harvest now, decrypt later’: Why hackers are waiting for quantum computing
-
Cloudflare Outage Disrupts Website Access in Multiple Regions, Affecting Global Users
-
Understanding the critical role of resilience in defending against ransomware
-
Technology Governance Needs A Rethink on Prioritizing Resilience Against Digital Threats
-
GitLab Addressed Critical SAML Auth Flaw With The Latest Release
-
Hackers stole over $44 million from Asian crypto platform BingX
-
Email Attacks Target 80% of Key Infrastructure Firms, Study Reveals
-
Ransomware Outfits Are Exploiting Microsoft Azure Tool For Data Theft
-
The Expanding PKfail Vulnerability in Secure Boot and Its Alarming Impact
-
Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks
-
OP KAERB: Europol dismantled phishing scheme targeting mobile users
-
Kawasaki Ransomware Attack: 500 GB Alleged Data Leaked, RansomHub Claims
-
Ukraine Bans Telegram Use for Government and Military Personnel
-
LinkedIn Halts AI Data Processing in UK Amid Privacy Concerns Raised by ICO
-
How Apple, Google, and Microsoft can save us from AI deepfakes
-
Modernizing and Applying FedRAMP Security Standards to Accelerate Safe AI
-
Watch Now: Attack Surface Management Summit – All Sessions on Demand
-
Iranian Hackers Tried to Give Hacked Trump Campaign Emails to Dems
-
Prime Day is approaching, and so are the scams surrounding it
-
Earth Baxia Exploits GeoServer to Launch APAC Spear-Phishing Attacks
-
Patch this Critical Safeguard for Privileged Passwords Authentication Bypass Flaw
-
Microsoft Entra ID’s Administrative Units Weaponized to Gain Stealthy Persistence
-
Clever ‘GitHub Scanner’ Campaign Abusing Repositories to Push Malware
-
Ukraine bans Telegram for government agencies, military, and critical infrastructure
-
A hacker’s view of civic infrastructure: Cyber Security Today – Special Feature
-
Customer Story | Lanett City Schools Works Smarter With The Help Of Cloud Monitor
-
Adversarial attacks on AI models are rising: what should you do now?
-
Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-45229
-
Tor Project responded to claims that law enforcement can de-anonymize Tor users
-
USENIX NSDI ’24 – Revisiting Congestion Control for Lossless Ethernet
-
Seattle Port Suffers Data Breach, Rhysida Ransomware Suspected
-
Ukraine Bans Telegram Messenger App on State-Issued Devices Because of Russian Security Threat
-
Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #306 – My Door Is Always Open
-
Police Broke Tor Anonymity to Arrest Dark Web Users in Major CSAM Bust
-
Internet surveillance firm Sandvine says it’s leaving 56 ‘non-democratic’ countries
-
From Burnout to Balance: How AI Supports Cybersecurity Professionals
-
Behavioral Baselining and its Critical Role in Cybersecurity
-
“Simply staggering” surveillance conducted by social media and streaming services, FTC finds
-
Automate detection and response to website defacement with Amazon CloudWatch Synthetics
-
Is Telegram safer than WhatsApp when it comes to Data Security
-
Samsung Warns Striking Workers In India Of No Pay, Possible Termination
-
HackerOne: Nearly Half of Security Professionals Believe AI Is Risky
-
How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections
-
New cybersecurity advisory highlights defense-in-depth strategies
-
CrowdStrike Announces Falcon Identity Protection Innovations for Entra ID and Privileged Access
-
CrowdStrike Next-Gen SIEM Innovations Slash Response Time and Simplify SIEM Migrations
-
Preparing Healthcare for Ransomware Attacks: A 12-Step Approach by Dr. Eric Liederman
-
Upgrading to MacOS Sequoia? Here’s why you may want to hold off
-
UNC1860 provides Iran-linked APTs with access to Middle Eastern networks
-
Hackers Deliver Popular Crypto-Miner Through Malicious Email Auto Replies, Researchers Say
-
Say Goodbye to Login Struggles with Apple’s New ‘Passwords App’
-
Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials
-
Construction Firms Targeted in Brute Force Assaults on Accounting Software
-
US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities
-
Where’s your BitLocker recovery key? How to save a copy before the next Windows meltdown
-
In Other News: Disney Ditches Slack, Binance Malware Warning, Defense Conference Targeted
-
Synergizing Cybersecurity: The Benefits of Technology Alliances
-
Kubernetes Container Isolation Startup Edera Raises $5 Million
-
Passwordless AND Keyless: The Future of (Privileged) Access Management
-
Acronis Backup Plugins Hit by CVE-2024-8767: CVSS 9.9 Severity Alert
-
US DoJ charged two men with stealing and laundering $230 Million worth of cryptocurrency
-
CVE-2023-48788 Exploited: Researcher Details Cyberattacks on Fortinet FortiClient EMS
-
Tor Responds to Reports of German Police Deanonymizing Users
-
Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East
-
Best of CrowdStrike Fal.Con 2024: Tackling Adversity with a Wave of Cybersecurity Innovation
-
Cybercriminals Exploit CAPTCHA to Deliver Malware: Experts Issue Warning
-
Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable
-
Cybersecurity News: INC targets healthcare, Providence schools cyberattack, Apple iPads bricked
-
Cybercrooks strut away with haute couture Harvey Nichols data
-
New Phishing Campaign Exploiting Google App Scripts: What Organizations Need to Know
-
Ivanti Warns of Second CSA Vulnerability Exploited in Attacks
-
Resecurity joins Cloud Security Alliance to help organizations secure cloud technologies
-
Protecting Yourself from Malicious Web Apps: What You Need to Know
-
Hertz Car Rental Platform Leaks 60,000 Insurance Claim Reports
-
GitLab Urges Organization to Patch for Authentication Bypass Vulnerability
-
Where’s your BitLocker recovery key? How and why to save a copy before the next Windows meltdown
-
The Supply Chain Conspiracy: Cyber Attacks Behind the Lebanon Explosions
-
Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature
-
Going for Gold: HSBC Approves Quantum-Safe Technology for Tokenized Bullions
-
Influencing the influencers | Unlocked 403 cybersecurity podcast (ep. 6)
-
FTC Sounds the Alarm on Social Media Spying on Children and Teenagers
-
U.S. Justice Department Disrupts China-Backed Botnet Targeting Thousands of Devices
-
Striking the balance between cybersecurity and operational efficiency
-
Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks
-
Rising identity security risks: Why organizations must act now
-
Supply chain targets 3,000 users. Cyber Security Today for Friday, September 20, 2024
-
Nextcloud Hub 9 released: New features, more security, updated performance
-
CISA boss: Makers of insecure software are the real cyber villains
-
Valencia Ransomware explodes on the scene, claims California city, fashion giant, more as victims
-
Chipmaker Qualcomm lays off hundreds of workers in San Diego
-
Prison Banned Books Week: Being in Jail Shouldn’t Mean Having Nothing to Read
-
No way? Big Tech’s ‘lucrative surveillance’ of everyone is terrible for privacy, freedom
-
Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw
-
Iran’s cyber-goons emailed stolen Trump info to Team Biden – which ignored them
-
Product Updates: Escape’s Advanced Jira Integration – Send Remediation Details to Your Developers
-
Compliance webinar series: Understanding the Cyber Resilience Act
-
Tackle Cyber Resilience Act requirements with our CRA checklist
-
Join us at Microsoft Ignite 2024 and learn to build a security-first culture with AI
-
Tor anonymity compromised by law enforcement. Is it still safe to use?
-
Square Peg, Meet Round Hole: Previously Classified TikTok Briefing Shows Error of Ban
-
Century-Long Innovation: A Legacy of Outpacing Cyber Threats
-
FTC report exposes massive data collection by social media brands – how to protect yourself
-
International law enforcement operation dismantled criminal communication platform Ghost
-
Wherever There’s Ransomware, There’s Service Account Compromise. Are You Protected?
-
Talk of election security is good, but we still need more money to solve the problem
-
Hacker Claims “Minor” Data Breach at DELL; Leaks Over 10,000 Employee Details
-
Microsoft’s GRIN-MoE AI model takes on coding and math, beating competitors in key benchmarks
-
Apple’s new macOS Sequoia update is breaking some cybersecurity tools
-
BMJ Warns: Deepfake Doctors Fueling Health Scams on Social Media
-
Fake CAPTCHA Verification Pages Spreading Lumma Stealer Malware
-
Threat Actors Forcing victims Into Entering Login Credentials For Stealing
-
Hackers Using Supershell Malware To Attack Linux SSH Servers
-
Researchers Detailed Raptor Train Botnet That 60,000+ Compromised Devices
-
Cybersecurity and Identity Verification Services: Safeguarding Personal Information in a Digital Age
-
Google Chrome just made it even easier to use passkeys across all your devices
-
The NSA advises you to turn off your phone once a week – here’s why
-
Digital Maturity Key to AI Success in Australian Cyber Security
-
Google rolls out automatic passkey syncing via Password Manager
-
Apple’s new macOS Sequoia update breaks cybersecurity tools, experts say
-
Re-Imagining Zero Trust With an In-Office Experience, Everywhere
-
Thoughtworks and ACDS Partner to Advance Cybersecurity Solutions
-
Canada’s Leaders Must Reject Overbroad Age Verification Bill
-
Getting Out in Front of Post-Quantum Threats with Crypto Agility
-
1 in 10 orgs dumping their security vendors after CrowdStrike outage
-
Watch on Demand: 2024 Attack Surface Management Summit – All Sessions Available
-
USENIX NSDI ’24 – Sifter: An Inversion-Free and Large-Capacity Programmable Packet Scheduler
-
North Korean Hackers Target Energy and Aerospace Industries in Novel Espionage Campaign
-
US Steps up Pressure on Intellexa Spyware Maker with New Sanctions
-
Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms
-
Infostealers Cause Surge in Ransomware Attacks, Just One in Three Recover Data
-
AWS renews its GNS Portugal certification for classified information with 66 services
-
Hacker group Handala Hack Team claim battery explosions linked to Israeli battery company.
-
UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks
-
Webdav Malicious File Hosting Powering Stealthy Malware Attacks
-
PoC Exploit Released for CVE-2024-7965 Zero-Day Chrome Vulnerability
-
Threat Actor Allegedly Claims Breach of Federal Bank Customer Data
-
Tor Claims Network is Safe Following Enforcement Infiltration to Expose Criminals
-
Reporting on Threathunt 2030: Navigating the future of the cybersecurity threat landscape
-
First Israel’s Exploding Pagers Maimed and Killed. Now Comes the Paranoia
-
MegaSys Computer Technologies Telenium Online Web Application
-
Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations
-
Columbus Faces Scrutiny for Handling of Ransomware Attack and Lawsuit Against IT Consultant
-
Zenity unveils agent-less security solution for Microsoft 365 Copilot
-
Windows users targeted with fake human verification pages delivering malware
-
New TeamTNT Cryptojacking Campaign Targets CentOS Servers with Rootkit
-
New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails
-
US Sanctions Intellexa Spyware Network Over Threat to National Security
-
CISA chief AI officer follow-up: Current state of the role (and where it’s heading)
-
Picus Security, founded by 3 Turkish mathematicians, raises $45M after simulating 1B cyber attacks
-
Europe’s Digital Decade Requires Audacious Connectivity Policies
-
CISA Warns of Actively Exploited Adobe Flash Player Vulnerabilities
-
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC Region
-
Microsoft Confirms CVE-2024-37985 as Zero-Day Bug in Windows
-
Aembit Unveils 2024 Survey Report Highlighting Major Gaps in Securing Non-Human Identities
-
Permiso Launches Universal Identity Graph to Advance Zero-Trust IT
-
Picus Security raises $45 million to help organizations reduce cyber risk
-
Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)
-
Juniper extends AI-Native Networking Platform to maximize the full potential of Wi-Fi 7
-
Picus Security, founded by Turkish 3 mathematicians, raises $45M after simulating 1B cyberattacks
-
UK activists targeted with Pegasus spyware ask police to charge NSO Group
-
Healthcare’s Diagnosis is Critical: The Cure is Cybersecurity Hygiene
-
Transport for London Cyberattack: Employee Passwords Reset; Teen Suspect Arrested
-
Astra Vulnerability Scanner Review (2024): How Good Is Astra?
-
Keeper Security Appoints James Edwards as Senior Director of Engineering
-
10 Best Huntress Alternatives & Competitors in 2024 [Features, Pricing & Reviews]
-
RansomHub Ransomware Targets 210 Victims Since February 2024
-
Forescout for OT Security secures OT, IoT, and IT hybrid environments
-
8000 Claimants Sue Outsourcing Giant Capita Over 2023 Data Breach
-
Tor anonymity infiltrated: Law enforcement monitors servers successfully
-
Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool
-
Solar Cybersecurity And The Nuances Of Renewable Energy Integration
-
SIEM for Small and Medium-Sized Enterprises: What you need to know
-
Ransomware Gangs Now Abuse Microsoft Azure Tool for Data Theft
-
Update: PoC Exploit Released for Unauthenticated RCE in Veeam Backup & Replication
-
GitLab Releases Critical Security Patch for CVE-2024-45409 (CVSS 10) Vulnerability
-
Update: PKfail Secure Boot Bypass Remains a Significant Risk Two Months Later
-
US Disrupts ‘Raptor Train’ Botnet of Chinese APT Flax Typhoon
-
Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector
-
FCC $200m Cyber Grant Pilot Opens Applications for Schools and Libraries
-
Cybersecurity News: Derailing Raptor Train, Volunteer Civil Cyber Defense, US AI safety summit
-
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC
-
Authorities Seized Ghost Communication Platform Used by Cyber Criminals
-
Antivirus firm Dr.Web disconnected all servers following a cyberattack
-
Emerging Technologies in Cloud Security for Enhanced Protection Against Cyber Threats
-
Tenable Enclave Security enables discovery, assessment and analysis of IT assets
-
WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution
-
Tor insists its network is safe after German cops convict CSAM dark-web admin
-
More Hezbollah Devices Explode in Lebanon, Heightening Fears of Regional Conflict
-
How digital wallets work, and best practices to use them safely
-
Differential privacy in AI: A solution creating more problems for developers?
-
GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions
-
NIST’s Dioptra Platform is a Critical Step Forward in Making AI Safer
-
Hezbollah Pager Attack: A Wake-up Call to Tech Manufacturers to Secure their Supply Chains?
-
Data disposal and cyber hygiene: Building a culture of security within your organization
-
Security leaders consider banning AI coding due to security risks
-
Time-to-Live Analysis of DShield Data with Vega-Lite, (Wed, Sep 18th)
-
Craig Newmark pledges $100M to fight hacking by foreign governments
-
How comprehensive security simplifies the defense of your digital estate
-
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors
-
Fal.Con 2024: CrowdStrike unveils resilient-by-design framework to bolster global cybersecurity
-
Deja blues… LockBit boasts once again of ransoming IRS-authorized eFile.com
-
FBI boss says China ‘burned down’ 260,000-device botnet when confronted by Feds
-
AT&T to Pay $13 Million to Settle FCC Case of 2023 Data Breach
-
Webroot SecureAnywhere Internet Security Ranks #1 Among 8 Competitors for Overall Performance
-
Global Crime Hit as Europol Shuts Down Encrypted Chat App Ghost
-
Singapore mandates face authentication for ‘higher risk’ bank transactions
-
US government ‘took control’ of a botnet run by Chinese government hackers, says FBI director
-
Refine unused access using IAM Access Analyzer recommendations
-
Securing Your Enterprise With an Identity-First Security Strategy
-
Lebanon now hit with deadly walkie-talkie blasts as Israel declares ‘new phase’ of war
-
23andMe Agrees to $30 Million Settlement Over Data Breach Impacting 6.9 Million Customers
-
Microsoft’s Hiring Of Inflection AI Staff Does Not Meet EU Merger Thresholds
-
Censys Uncovers Hidden Infrastructure of Iranian Fox Kitten Group
-
Senate Vote Tomorrow Could Give Helping Hand To Patent Trolls
-
Chinese spies spent months inside aerospace engineering firm’s network via legacy IT
-
Chinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan Military
-
New “Raptor Train” IoT Botnet Compromises Over 200,000 Devices Worldwide
-
US To Host International Network of AI Safety Institutes In November
-
Walmart customers scammed via fake shopping lists, threatened with arrest
-
Two-Thirds of Security Leaders Consider Banning AI-Generated Code, Report Finds
-
U.S. government ‘took control’ of a botnet run by Chinese government hackers, says FBI director
-
Critical Infrastructure at Risk From Email Security Breaches
-
Server Misconfiguration at Fuel Industry Software Provider Exposes SSNs, PII Data
-
Windows MSHTML Platform Spoofing Vulnerability Exploited as Zero-Day
-
The Perils of Settling: Why ‘Good Enough’ Fails in Modern Cybersecurity
-
SecurityWeek to Host 2024 Attack Surface Management Summit Today
-
North Korean Group Uses Fake Job Offers to Target Energy, Aerospace Sectors
-
Six Hackers Linked to Worldwide Cyber Attacks Arrested in Singapore
-
Kawasaki Motors Europe Targeted by RansomHub Ransomware Attack
-
Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military
-
LibreOffice Repair Mode Vulnerability Let Attackers Mark the Document as Not Valid
-
Ransomware Groups Abusing Azure Storage Explorer For Stealing Data
-
Credential Flusher, understanding the threat and how to protect your login data
-
The Rising Cost of Vulnerable APIs and Bot Attacks – A $186 Billion Wake-Up Call for Businesses
-
Post-Quantum Cryptography: The Future of Secure Communications and the Role of Standards
-
Hackers breaching construction firms via specialized accounting software
-
Check Point SASE: Triple Threat Protection for the New Perimeter
-
Unveiling Venezuela’s Repression: A Legacy of State Surveillance and Control
-
Analysis Identifies Web Servers as Weakest Cybersecurity Link
-
Komodor Klaudia identifies the root cause of issues in Kubernetes
-
PREVIEW: CISO Series Game Show LIVE in Washington, DC 10-2-24
-
Get to know Amazon GuardDuty Runtime Monitoring for Amazon EC2
-
Microsoft Windows Kernel Vulnerability Exploited in the Wild
-
UNC2970 Hackers Attacking Job Seekers Using Weaponized PDF Reader
-
Routed Optical Networking Continues to Transform the Industry
-
Cops across the world arrest 51 in orchestrated takedown of Ghost crime platform
-
Australian Police Infiltrate Encrypted Messaging App Ghost and Arrest Dozens
-
Ghost: Criminal communication platform compromised, dismantled by international law enforcement
-
Vulnerabilities in Cellular Packet Cores Part IV: Authentication
-
Discord Announces End-to-End Encryption for Audio & Video Chats
-
U.S. Treasury issued fresh sanctions against entities linked to the Intellexa Consortium
-
CISA Urges Software Developers to Weed Out XSS Vulnerabilities
-
Fivetran Hybrid Deployment keeps sensitive data within the customer’s environment
-
North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware
-
Problems in the Parking Lot: Threat Actors Use IRL Quishing to Target Travelers
-
Uber launches new rider verification program as a safety measure for drivers across the US
-
Build Your Network Skills With the 2024 Network Fundamentals Bundle — Only $39.99
-
Valid Accounts Remain Top Access Point for Critical Infrastructure Attacks, Officials Say
-
Construction Companies Potentially Vulnerable Through Accounting Software
-
Rapid7 launches Vector Command for continuous red teaming and security gap identification
-
Europol Taskforce Disrupts Global Criminal Network Through Supply Chain Attack
-
RAMBO Attack: Electromagnetic Waves Steal Data from Air-Gapped Systems
-
The Role of Zero Trust Architecture in Enhancing SSO Security
-
Critical Flaws Found in VICIdial Contact Center Suite, PoC Published
-
Despite Russia warnings, Western critical infrastructure remains unprepared
-
Intezer raises $33 million to further develop its AI-based security operations solution
-
Verimatrix XTD Network Monitoring provides real-time detection of malicious activities
-
Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing
-
Python Infostealer Patching Windows Exodus App, (Wed, Sep 18th)
-
VMware vCenter Server Vulnerability Let Attackers Escalate Privileges
-
Chrome 129 Released with Fix for Multiple Security Vulnerabilities
-
Did a Chinese University Hacking Competition Target a Real Victim?
-
Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812
-
Cyware Joins Coalition for Secure AI (CoSAI) to Advance Safe and Ethical AI Technologies
-
Deadly Pager Explosions in Lebanon Linked to Possible Supply Chain Attack
-
Building a Secure Linux Environment for Enterprise Applications
-
GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging
-
What to do if a Ransomware Decryptor Doesn’t Work Even After Paying the Ransom
-
Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution
-
Fair Ball or Foul Play? EU’s Digital Markets Act Puts App Security on Shaky Ground
-
CrowdSec: Open-source security solution offering crowdsourced protection
-
Detecting vulnerable code in software dependencies is more complex than it seems
-
Australian Police conducted supply chain attack on criminal collaborationware
-
Organizations overwhelmed by numerous and insecure remote access tools
-
The New U.S. House Version of KOSA Doesn’t Fix Its Biggest Problems
-
WhatsApp fix to make View Once chats actually disappear is beaten in less than a week
-
Remote attack on pagers used by Hezbollah caused 9 deaths and thousands of injuries
-
Data Detection & Response (DDR): Not the Dance Revolution It Claims
-
VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation
-
Hundreds of Pagers Exploded in Lebanon and Syria in a Deadly Attack. Here’s What We Know.
-
2024-09-16 – Snake KeyLogger (VIP Recovery) infection, SMTP exfil
-
2024-09-17 – Snake KeyLogger (VIP Recovery) infection, FTP exfil
-
VMware patches over remote make-me-root holes in vCenter Server, Cloud Foundation
-
AI and Technical Debt: Balancing Innovation and Sustainability
-
Lebanon: At least nine dead, thousands hurt after Hezbollah pagers explode
-
Google Cloud Document AI flaw (still) allows data theft despite bounty payout
-
Did ChatGPT just message you? Relax – it’s a bug, not a feature (for now)
-
WordPress To Require Two-Factor Authentication for Plugin Developers
-
At least nine dead, thousands hurt in Lebanon after Hezbollah pagers explode
-
VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest
-
GPU Hosting and Open Source AI Will Revolutionize or Kill WordPress
-
Hezbollah claims dozens dead as its pagers go boom, not beep
-
80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year
-
Fortinet Confirms Data Breach Involving Limited Number of Customers, Linked to Hacker “Fortibitch”
-
Australian IT Spending to Surge in 2025: Cybersecurity & AI Focus
-
Rhysida ransomware gang ships off Port of Seattle data for $6M
-
Cyber attack on Telecom companies triggers explosions of Pagers in Lebanon
-
EchoStrike: Generate Undetectable Reverse Shells, Perform Process Injection
-
Update: PoC Exploit Released for Windows Hyper-V Zero-Day Vulnerability
-
5 Ways to Reduce Information Security Risk in a Mobile Workplace
-
USENIX NSDI ’24 – Horus: Granular In-Network Task Scheduler for Cloud Datacenters
-
Chinese man charged for spear-phishing against NASA and US Government
-
Global Bot Security Report Findings: 2 in 3 Websites Are Unprotected
-
A Future of Security Free from CNAPP – Keynote Interview with James Berthoty
-
Can a Bot Farm Damage Your Business? What You Need to Know About Bot Farms
-
Here’s How Criminals Are Targeting Users and Enterprises in Mexico
-
An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader
-
CVE backlog update: The NVD struggles as attackers change tactics
-
CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities
-
Cisco’s second layoff of 2024 affects thousands of employees
-
TfL Employees Face In-Person Identity Verification Following Cyberattack
-
23andMe Pledges $30 Million to the 6.4 Million People Affected by Data Breach
-
Zero-Click Calendar Invite: Critical macOS Vulnerability Chain Uncovered
-
Critical Vulnerability in AutoGPT Puts Over 166,000 Projects at Risk
-
Software Security Firm RunSafe Raises $12 Million in Series B Funding
-
Most Cyber Leaders Fear AI-Generated Code Will Increase Security Risks
-
iOS 18 is out. Here are the new privacy and security features
-
Hydden Raises $4.4M in Seed Funding for Identity Security Platform
-
Email Security Breaches Rampant Among Critical Infrastructure Organizations
-
Apple releases iOS 18, with security and privacy improvements
-
U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation
-
Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense
-
D-Link Fixes Critical RCE, Hardcoded Credential Flaws in WiFi 6 Routers
-
The Dark Nexus Between Harm Groups and ‘The Com’ – Krebs on Security
-
CosmicBeetle Exploits Vulnerabilities in Small Businesses Globally
-
Veritas unveils AI-driven features to simplify cyber recovery
-
Beware the Rising Tide: Financial Services Is Awash in Attacks
-
Hackers Exploiting Selenium Grid Tool To Deploy Exploit Kit & Proxyjacker
-
CISA Warns of Windows MSHTML & Progress WhatsUp Gold Flaw Exploited Widely
-
Forget AirTags: Tile’s new trackers come in all shapes and sizes (and an SOS button)
-
Python Developers Targeted with Malware During Fake Job Interviews
-
Performance Testing Vs Load Testing: Know the Key differences
-
From Fragmentation to Integration: Establishing a Cyber Risk Management Program
-
RunSafe Security raises $12 million to reduce attack surface in critical infrastructure
-
Singapore Launches Accelerator for International Cybersecurity Startups
-
Master IT Fundamentals With This CompTIA Certification Prep Bundle
-
‘Cyber Wellbeing Corner’ Returns to International Cyber Expo
-
DoJ: Chinese Man Used Spear-Phishing to Obtain Software From NASA, Military
-
PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)
-
Cybersecurity News: Intellexa faces new sanctions, London hospitals impact, Apple releases update
-
Our Guardrails Only Fail When You Try To Go Around Them (LIVE in Seattle)
-
Pioneering Researcher Raises $230m For ‘Spatial’ AI Start-Up
-
Creating An AI Honeypot To Engage With Attackers Sophisticatedly
-
North Korean Hackers Attacking LinkedIn Users to Deliver RustDoor Malware
-
Misconfigured ServiceNow Knowledge Bases Expose Confidential Information
-
Enterprise ServiceNow Knowledge Bases at Risk: Extensive Data Exposures Uncovered
-
AppOmni Surfaces Configuration Flaw in ServiceNow SaaS Platform
-
Key Russian Hacker Group Attacking Users With .NET Built Ransomware
-
How Google and Yahoo’s shift to stricter email standards proved a windfall for this Armenian startup
-
Qilin ransomware attack on Synnovis impacted over 900,000 patients
-
Taking Control Online: Ensuring Awareness of Data Usage and Consent
-
All Smoke, no Fire: The Bizarre Trend of Fake Data Breaches and How to Protect Against Them
-
Making the Complex Simple: Authorization for the Modern Enterprise
-
Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users
-
Woo Skimmer Uses Style Tags and Image Extension to Steal Card Details
-
MSSPs Say Client Communication Is Too Hard. Here’s How We’re Helping.
-
Google Chrome browser users given 72 hour deadline to adopt Cybersecurity patches
-
Securing Data from Espionage: The Role of Confidential Computing
-
Chinese Hackers Charged for Multi-Year Spear-Phishing Attacks
-
China claims Starlink signals can reveal stealth aircraft – and what that really means
-
SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks
-
How to Prepare Your Organization for the Future with Continuous Security Testing
-
The Human Element in Non-Human Identity Security: Bridging the Gap in Modern Cybersecurity
-
The growing danger of visual hacking and how to protect against it
-
Securing SAP Systems: Essential Strategies to Protect Against Hackers
-
The cybersecurity workforce of the future requires diverse hiring practices
-
Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day
-
Chinese national accused by Feds of spear-phishing for NASA, military source code
-
Instituto Nacional de Deportes de Chile – 319,613 breached accounts
-
US government expands sanctions against spyware maker Intellexa
-
CISA Releases Plan to Align Operational Cybersecurity Priorities for Federal Agencies
-
D-Link addressed three critical RCE in wireless router models
-
Unveiling Venezuela’s Repression: Surveillance and Censorship Following July’s Presidential Election
-
After CrowdStrike Crash, Microsoft Mulls New Windows Security Tools
-
Methodology for incident response on generative AI workloads
-
Tile Trackers now include an SOS feature – here’s how they compare with Apple’s AirTags
-
Point Product vs. CDN for Bot Protection: Striking the Right Balance
-
RansomHub Ransomware Gang Leaks 487GB of Alleged Kawasaki Europe Data
-
Crypto Mining and DDoS Threats: How Hadooken Malware Targets Oracle Web Logic Servers
-
Deployment considerations for Red Hat OpenShift Confidential Containers solution
-
How Red Hat is integrating post-quantum cryptography into our products
-
Cursor’s Magic Comes with a Catch: The Trust Setting You’re Missing
-
Snowflake slams ‘more MFA’ button again – months after Ticketmaster, Santander breaches
-
SecurityWeek to Host 2024 Attack Surface Management Summit on Wednesday
-
Is Google Spying on You? EU Investigates AI Data Privacy Concerns
-
Create security observability using generative AI with Security Lake and Amazon Q in QuickSight
-
Google Enhances Data Security with Confidential Computing Technology
-
U.S. government expands sanctions against spyware maker Intellexa
-
Five Tools That Can Help Organizations Combat AI-powered Deception
-
Preventing Credit Card Fraud in 2024: Tips to Avoid Declined Transactions and Fraud Alerts
-
Vulnerability Recap 9/16/24 – Critical Endpoint Flaws Emerged
-
Forward as One: Embracing the Future of Partnering with Cisco
-
Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024
-
Germany’s CDU still struggling to restore data months after June cyberattack
-
DORA Compliance Checklist: From Preparation to Implementation
-
Why Are So Many Public Sector Organizations Getting Attacked?
-
Flare’s FTSOv2 Launch Sets A New Standard For Decentralized Data
-
Obfuscation vs Encryption: How To Protect Your .NET Code the Right Way
-
BT Uncovers 2,000 Potential Cyberattacks Signals Every Second
-
ICBC London Branch Hit by Ransomware Attack, Hackers Steal 6.6TB of Sensitive Data
-
Sourcepoint helps companies mitigate vulnerabilities across various privacy regulations
-
Introducing the APRA CPS 230 AWS Workbook for Australian financial services customers
-
Critical Vulnerabilities Impact Million of D-Link Routers, Patch Now!
-
23andMe to pay $30 million in settlement over 2023 data breach
-
Entro Security Labs Releases Non-Human Identities Research Security Advisory
-
North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware
-
Google Fixes GCP Composer Flaw That Could’ve Led to Remote Code Execution
-
Modernizing Enterprise Security for An Application-Centric World
-
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
-
DeltaPrime Suffers $5.98M Loss as Hacker Exploits Admin Key on Arbitrum
-
Prison just got rougher as band of heinously violent cybercrims sentenced to lengthy stints
-
Master Your PCI DSS v4 Compliance with Innovative Smart Approvals
-
From Breach to Recovery: Designing an Identity-Focused Incident Response Playbook
-
Medusa Ransomware Exploiting Fortinet Flaw For Sophisticated Ransomware Attacks
-
Azure API Management Vulnerability Let Attackers Escalate Privileges
-
SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager
-
Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day
-
Unlock FCC Pilot Program Funding with Cloud Monitor and Content Filter
-
Brazil Unfreezes Starlink, X Bank Accounts After Funds Transfer
-
Largest Crypto Exchange in Indonesia Suffers $22 Million Theft
-
Hackers Can Bypass WhatsApp ‘View Once’ Due To Feature Vulnerability
-
Spring Framework Vulnerability Let Attackers obtain Any Files from the System
-
Hackers Target Selenium Grid Servers for Proxyjacking and Cryptomining Attacks
-
US Port Security Threatened by Chinese-Made Cranes, Says House Report
-
North Korean Hackers Attacking Crypto Industry, Billions at Risk
-
Hacker Claims Breach of UK’s Experience Engine, Data Sold Online
-
Windows Vulnerability Abused Braille “Spaces” in Zero-Day Attacks
-
Cybersecurity News: Fortinet breach, RansomHub extorts Kawasaki, TfL password resets
-
Cyber Threats Intensify in Mexico; Espionage and Extortion Risks Grow
-
Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure
-
Industry Moves for the week of September 16, 2024 – SecurityWeek
-
SolarWinds Patches Critical Vulnerability in Access Rights Manager
-
CISA Urges Agencies to Upgrade or Remove End-of-Life Ivanti Appliance
-
China’s quantum* crypto tech may be unhackable, but it’s hardly a secret
-
SOC 2 Compliance Provides AppViewX Customers Security and Data Protection Assurance
-
Musk Calls Australia ‘Fascists’ Over Social Media Regulation
-
Is Microsoft really going to cut off security updates for your ‘unsupported’ Windows 11 PC?
-
Hacker tricked ChatGPT into providing detailed instructions to make a homemade bomb
-
Aembit Raises $25M to Tackle Nonhuman Identity Security Challenges
-
Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure
-
The Rise of AI Voicemail Scams, Political Donation Privacy Concerns
-
Microsoft Windows 10 support end and Crowdstrike Global Outage details
-
EchoStrike: Generate undetectable reverse shells, perform process injection
-
Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks
-
New Environmental Policies and Practices Raise Unexpected Cybersecurity Challenges
-
Compliance frameworks and GenAI: The Wild West of security standards
-
USENIX Security ’23 – Multiview: Finding Blind Spots in Access-Deny Issues Diagnosis
-
Fortifying The Digital Frontier: Everyday Habits That Shape Your Company’s Cybersecurity Posture
-
Ford’s Latest Patent: A Step Toward High-Tech Advertising or Privacy Invasion?
-
TrickMo Android Trojan Abuses Accessibility Services for On-Device Financial Scam
-
Combating Telecom Fraud: Trai and DoT’s Joint Effort Against Spam Calls
-
Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack
-
Global Cybercrime Syndicate Falls in Singapore’s Largest-Ever Police Raid
-
Florida Healthcare Data Leak Exposes Thousands of Doctors and Hospitals
-
Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days
-
Security Affairs newsletter Round 489 by Pierluigi Paganini – INTERNATIONAL EDITION
Generated on 2024-09-22 23:58:20.126540