IT Security News Weekly Summary – Week 43

• IT Security News Daily Summary 2024-10-27

• How Has Video Analytics Enhanced Security and Efficiency?

• The Imperative of Penetration Testing AI Systems

• Orchestrating Success: How Rehearsals in Music Mirror Cybersecurity Resiliency

• DEF CON 32 – AppSec Village – Ticking SQLi

• Two currently (old) exploited Ivanti vulnerabilities, (Sun, Oct 27th)

• UnitedHealth Confirms 100M Affected in Record-Breaking Change Healthcare Hack

• Microsoft: Healthcare Sector Sees 300% Surge in Ransomware Assaults

• Senator accuses sloppy domain registrars of aiding Russian disinfo campaigns

• Think You’re Safe? Cyberattackers Are Exploiting Flaws in Record Time

• Massive Data Breach in Mexican Health Care Sector Exposes 5.3 Million Users’ Data

• Adversarial SysAdmin – The Key to Effective Living off the Land

• Security Affairs newsletter Round 495 by Pierluigi Paganini – INTERNATIONAL EDITION

• SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 17

• Four REvil Ransomware members sentenced for hacking and money laundering

• FIPS 140-3 changes for PKCS #12

• Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE

• PRODUCT REVIEW: Fortra’s Digital Brand Protection Solution

• Beware of Shadow AI Haunting Organizations This Halloween

• Must-have security features in insurance policy management software

• Groundbreaking AI Engine to Transform Data Compliance and Security Management

• IT Security News Daily Summary 2024-10-26

• Mastering Cybersecurity: A Comprehensive Guide to Self-Learning

• How (and why) federated learning enhances cybersecurity

• Security Defenses Crippled by Embargo Ransomware

• CISA Proposes New Security Measures to Protect U.S. Personal and Government Data

• Artifact Tracking: Workstation Names

• Chinese cyber spies targeted phones used by Trump and Vance

• Lazarus Group Exploits Chrome Zero-Day Flaw Via Fake NFT Game

• Microsoft and Salesforce Clash Over AI Autonomy as Competition Intensifies

• New Attack Lets Hackers Downgrade Windows to Exploit Patched Flaws

• Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions

• Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining

• Irish Data Protection Commission fined LinkedIn €310M for GDPR infringement

• Cyber Security Research from CDW: Interview with Ivo Wiens, Field CTO Cybersecurity: Cyber Security Today Weekend for October 26, 2024

• The Club Penguin Experience – 6,342 breached accounts

• Worker surveillance must comply with credit reporting rules

• CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities

• Joint ODNI, FBI, and CISA Statement

• LinkedIn founder Reid Hoffman unveils ‘super agency’ vision at TED AI conference, takes subtle shot at Elon Musk

• The Real Monsters of Street Level Surveillance

• Week in Review: Solar Winds fines, Microsoft loses security logs, employee security awareness lacking

• IT Security News Daily Summary 2024-10-25

• Chinese Hackers Target Trump Campaign via Verizon Breach

• Innovator Spotlight: Legit Security

• Sophos Acquires Dell’s Secureworks for $859 Million

• 7 Best Attack Surface Management Software for 2025

• Friday Squid Blogging: Giant Squid Found on Spanish Beach

• How to mitigate bot traffic by implementing Challenge actions in your AWS WAF custom rules

• 12 Expert Tips for Secure Cloud Deployments

• Joint Statement by FBI and CISA on PRC Activity Targeting Telecommunications

• Pentest People Achieves CREST Cyber Security Incident Response (CSIR) Accreditation

• Apple will pay you up to $1 million if you can hack into Apple Intelligence servers

• Change Healthcare Cyberattack Exposed Data of Over 100 Million People

• Change Healthcare data breach impacted over 100 million people

• Relearning past lessons in assessing cloud risk

• WhatsApp Moves Toward Usernames, Phasing Out Phone Numbers

• Best Cybersecurity Software & Tools for 2025

• Prominent crypto critic says someone offered bribes to take down a blog post

• DDoS mitigation: How to stop DDoS attacks

• SonicWall Doubles Down on Edge Security With Risk-Based Connectivity and Threat Protection

• Intel To Invest More Than $28 Billion In Ohio Chip Factories – Report

• Data Breach Exposes 93,000 Transak Users Due to Employee’s Device Misuse

• Elon Musk reportedly chats regularly with Putin

• AWS Seizes Domains Used by Russian Threat Group APT29

• Australia government looses visa holders sensitive details in cyber attack

• How to Shift Your Cybersecurity Focus from Breach to Impact (& Manage Risk)

• Apple Returns To Top 5 Smartphone Ranks In China, Amid Tim Cook Visit

• 100 million US citizens officially impacted by Change Healthcare data breach

• The best AirTag wallets of 2024: Expert tested

• Cisco ASA and FTD zero day used in password spraying attacks

• The Three Pillars of Shift-Left API Security

• A Preemptive Guide to State Cybersecurity Compliance

• It’s Time to Take Action This Cybersecurity Awareness Month

• Unlocking Business Growth: The Need for Cyber Risk Quantification

• Linux Kernel Project Drops 11 Russian Developers Amid US Sanctions Concerns

• Cybercrime Atlas: An Effective Approach to Collaboration in Cybersecurity

• Just how private is Apple’s Private Cloud Compute? You can test it to find out

• 100 MILLION Americans in UnitedHealth PII Breach

• The Growing Role of AI in Ethical Hacking: Insights from Bugcrowd’s 2024 Report

• Enhancing Study with QR Codes: A Modern Educational Tool

• Enter the World of Ethical Hacking with Confidence

• How AI Will Help Empower SMB Cybersecurity

• New Qilin Ransomware Variant Spotted by Cybersecurity Researchers

• Cybersecurity Insights with Contrast CISO David Lindner | 10/25/24

• How LLMs could help defenders write better and faster detection

• Researchers Discover Command Injection Flaw in Wi-Fi Alliance’s Test Suite

• In Other News: CVE Turns 25, Henry Schein Data Breach, Reward for Shahid Hemmat Hackers

• Addressing growing concerns about cybersecurity in manufacturing

• Watermark for LLM-Generated Text

• UnitedHealth: 100 Million Individuals Affected by the Change Healthcare Data Breach

• LinkedIn Hit With 310 Million Euro Fine for Data Privacy Violations From Irish Watchdog

• Change Healthcare Breach Affects 100 Million Americans

• Worms vs. Viruses: What’s the Difference?

• Windows 11 CLFS Driver Vulnerability Let Attackers Escalate Privileges – PoC Exploit Released

• Elon Musk reportedly chats often with Putin

• Safeguarding Corporate Secrets: Best Practices and Advanced Solutions

• Over $1 Million Paid Out at Pwn2Own Ireland 2024

• Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security

• CDK Cyber Attack

• 10 Best Linux Distributions In 2024

• Cloud Risk Management: The DevOps Guide

• US, Australia Release New Security Guide for Software Makers

• Protect Your Devices With Free Virus Removal

• Protecting Your Website From DDoS Attack

• SEC fines tech companies for misleading SolarWinds disclosures

• what is Malware

• UNC5820 Exploits FortiManager Zero-Day Vulnerability (CVE-2024-47575)

• CISOs Should Be Directing IAM Strategy — Here’s Why

• Worldwide IT Spending To Grow 9.3 Percent In 2025, Gartner Predicts

• AWS CDK Vulnerabilities Let Takeover S3 Bucket

• Landmark Admin Discloses Data Breach Impacting 800,000 People

• EDR Dependency: Ensuring Uninterrupted and Comprehensive Security Coverage

• Eliminating AI Deepfake Threats: Is Your Identity Security AI-Proof?

• OnePoint Patient Care data breach impacted 795916 individuals

• SEC Charges 4 Companies Over Misleading SolarWinds Cyberattack Disclosures

• Ukraine Warns of Mass Phishing Campaign Targeting Citizens Data

• Exploited: Cisco, SharePoint, Chrome vulnerabilities

• From Risk Assessment to Action: Improving Your DLP Response

• Why Is Privileged Access Management (PAM) Important?

• AWS Seizes Domains Used by Russia’s APT29

• Irish Data Protection Watchdog Fines LinkedIn $336m

• New Rules for US National Security Agencies Balance AI’s Promise With Need to Protect Against Risks

• Proof Verify reduces false positives and improves fraud detection accuracy

• NVIDIA Patch Multiple GPU Display Driver for Windows & Linux

• OnePoint Patient Care Data Breach Impacts Nearly 800,000 People

• 3 Tips for Organizations to Shore Up Their Cyber Resilience Strategies This Fall

• Cyberattacks Against Sporting Events are Growing More Calculated

• Inequity Challenges Women in Digital Trust, But Progress is Being Made

• Concentric AI raises $45 million to expand go-to-market strategies

• AuthenticID360 blocks AI-generated IDs during digital onboarding

• 7 essential password rules to follow in 2024, according to security experts

• U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

• MacOS-Focused Ransomware Attempts Leverage LockBit Brand

• Qiliin ransomware upgrade, Sharepoint KEV flaw, Rhysida ransoms Easterseals

• Ransomware threat to Apple MacOS devices

• Understanding NIS2 and DORA: What executives need to know

• Sysdig Predicts Global Cyberattacks Costs Will Exceed $100B in 2025

• Safely Scale Your Data Center With These Five Cybersecurity Measures

• Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations

• US Energy Sector Faces Growing Cybersecurity Threats

• A Dangerous Alliance: Scattered Spider, RansomHub Join Forces

• AI-Driven Deepfake Scams Cost Americans Billions in Losses

• Achieving peak cyber resilience

• ESET Research Podcast: CosmicBeetle

• How to fend off a quantum computer attack

• The future of cyber insurance: Meeting the demand for non-attack coverage

• How to Protect Against Ransomware Attacks?

• New infosec products of the week: October 25, 2024

• Unclear pricing for GRC tools creates market confusion

• ISC Stormcast For Friday, October 25th, 2024 https://isc.sans.edu/podcastdetail/9196, (Fri, Oct 25th)

• digiDirect – 304,337 breached accounts

• Putin’s pro-Trump trolls accuse Harris of poaching rhinos

• Have you stayed at a Marriott? Here’s what its settlement with the FTC means for you

• Is the Blockchain Secure? Yes, and Here’s Why

• AWS Cloud Development Kit flaw exposed accounts to full takeover

• 5 Security Considerations for Managing AI Agents and Their Identities

• Disability Rights Are Technology Rights

• IT Security News Daily Summary 2024-10-24

• How the ransomware attack at Change Healthcare went down: A timeline

• UnitedHealth says Change Healthcare data breach affects over 100 million people in America

• Pwn2Own Ireland 2024 Day 2: participants demonstrated an exploit against Samsung Galaxy S24

• Apple will pay security researchers up to $1 million to hack its private AI cloud

• White House Memo Puts the Focus of AI on National Security

• Apple Cuts Orders iPhone 16, Says Analyst

• Meta just beat Google and Apple in the race to put powerful AI on phones

• Apple Opens Private Cloud Compute for Public Security Inspection

• Emergency patch: Cisco fixes bug under exploit in brute-force attacks

• Lazarus Group Exploits Chrome 0-Day for Crypto with Fake NFT Game

• Development Features Enabled in Prodcution, (Thu, Oct 24th)

• Cisco Partner Summit 2024: Know Before You Go

• Confidential Containers with IBM Secure Execution for Linux

• Secure design principles in the age of artificial intelligence

• Strengthen DevSecOps with Red Hat Trusted Software Supply Chain

• How to Upskill and Fill Cybersecurity Skill Gaps on Your Team With Custom Learning Paths

• Beyond the Resume: Effective Techniques for Qualifying Top Cybersecurity Talent

• Modernizing Data Security: Imperva and IBM Z in Action

• Cybersecurity teams being excluded from AI implementation discussions, ISACA study shows

• Keeper Security Introduces New Updates to KeeperFill Browser Extension

• Evolving Email Threats and How to Protect Against Them

• The Rise of Cyberattacks on Critical Infrastructure: Are You Prepared?

• The Entrust Distrust Deadline is Closing In. Are you Prepared?

• DEF CON 32 – AppSec Village – Securing Frontends at Scale;Paving our Way to Post XSS World

• Randall Munroe’s XKCD ‘RNAWorld’

• Blackwire Labs AI Cybersecurity Platform Incorporates Blockchain to Validate Data

• New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics

• LinkedIn Fined €310m By Irish Data Protection Commission

• Cisco fixed tens of vulnerabilities, including an actively exploited one

• Nvidia Patches High-Severity Flaws in Windows, Linux Graphics Drivers

• Security Risks Discovered in Popular End-to-End Encrypted Cloud Storage Platforms

• Lounge Scam at Bengaluru Airport Costs Woman ₹ 87,000

• Infostealer-Injecting Plugins infect Thousands of WordPress Sites

• How Ignoring These Wi-Fi Settings Can Leave You Vulnerable to Hackers

• Amazon identified internet domains abused by APT29

• Fake IT Workers: How HYPR Stopped a Fraudulent Hire

• DMARC MSP Case Study: CloudTech24 Simplies Domain Security Management for Clients with PowerDMARC

• WhatsApp offers new contact management for data security

• CMA Begins Probe Into Alphabet Partnership With Anthropic

• From Uptime to Outcome: New Paths for Managed Services Success

• Lazarus Group Exploits Google Chrome Flaw in New Campaign

• Wordfence Intelligence Weekly WordPress Vulnerability Report (October 14, 2024 to October 20, 2024)

• The Most Secure Payment Solutions in the USA: Zelle, MoneyGram, CashApp, and Venmo

• NotLockBit: Ransomware Discovery Serves As Wake-Up Call For Mac Users

• 2024 Report: Insider Threat

• Accelerating Connection Handshakes in Trusted Network Environments

• Penn State Settles for $1.25M Over Cybersecurity Violations

• TSMC Stops Supplying Customer, After Discovery Of Restricted Chip

• 3 proven use cases for AI in preventative cybersecurity

• Deep Sea Electronics DSE855

• VIMESA VHF/FM Transmitter Blue Plus

• iniNet Solutions SpiderControl SCADA PC HMI Editor

• CISA Releases Four Industrial Control Systems Advisories

• AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks

• Exploring digital sovereignty: learning opportunities at re:Invent 2024

• Get it Done Faster with AI Copilot for Harmony SASE

• Pinterest tracks users without consent, alleges complaint

• North Korean Hackers Exploited Chrome Zero-Day for Cryptocurrency Theft

• White House Issues AI National Security Memo

• Misconfigured UN Database Exposes 228GB of Gender Violence Victims’ Data

• The 3 Questions at the Core of Every Cybersecurity Compliance Mandate

• ‘Deceptive Delight’ Jailbreak Tricks Gen-AI by Embedding Unsafe Topics in Benign Narratives

• SEC Fines Four Tech Firms for Downplaying SolarWinds Impacts

• Strengthening Critical Infrastructure Defense: Shifting to an Exposure Management Mindset

• Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack

• What is the difference between a data leak and a data breach?

• Hook’d: How HookBot Malware Impersonates Known Brands to Steal Customer Data

• The best travel VPNs of 2024: Expert tested and reviewed

• What Is PCI Compliance? A Simple Guide for Businesses

• FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024

• Phishing for Votes in the Upcoming US Election

• Bitwarden’s FOSS halo slips as new SDK requirement locks down freedoms

• New Fortinet Zero-Day Exploited for Months Before Patch

• Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA

• How to use the Private Space feature in Android 15 – and secure your sensitive data

• Equipment to include in a computer forensic toolkit

• Top Court Sides With Intel Over EU Antitrust Fine

• Ransomware’s ripple effect felt across ERs as patient care suffers

• Penn State Settles for $1.25M Over Failure to Comply With DoD, NASA Cybersecurity Requirements

• Fortinet Confirms Exploitation of Critical FortiManager Zero-Day Vulnerability

• GitLab Patches HTML Injection Flaw Leads to XSS Attacks

• 16-31 July 2024 Cyber Attacks Timeline

• The UK Must Act: Alaa Abd El-Fattah Still Imprisoned 25 Days After Release Date

• New Scoring System Helps Secure the Open Source AI Model Supply Chain

• Exploring the Transformative Potential of AI in Cybersecurity

• Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices

• UK Government Introduces New Data Governance Legislation

• Talos IR trends Q3 2024: Identity-based operations loom large

• Perplexity Boss Surprised After New Corp Sues

• Get Advanced Ad Blocking and Superior Data Privacy Tools for Just $11

• Cybersecurity Teams Largely Ignored in AI Policy Development

• Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis

• Technologist Bruce Schneier on security, society and why we need ‘public AI’ models

• Meet ZachXBT, the Masked Vigilante Tracking Down Billions in Crypto Scams and Thefts

• NotLockBit Ransomware Targets Both Windows and MacOS

• Cisco Patches Vulnerability Exploited in Large-Scale Brute-Force Campaign

• Majority of SaaS Applications, AI Tools Unmanaged

• Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)

• Xerox Printers Vulnerable to Remote Code Execution Attacks

• Samsung Galaxy S24 Hacked at Pwn2Own Ireland 2024

• Blending Traditional and Emerging Cybersecurity Practices for a Holistic Approach

• Nucleus Security unveils POAM Process Automation for federal agencies

• F5 BIG-IP Next for Kubernetes reduces the complexity of AI deployments

• Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation

• Guarding Digital Assets By Understanding Third-Party Access Risks

• UK Government Urges Organizations to Get Cyber Essentials Certified

• Cisco ASA Devices Vulnerable to SSH Remote Command Injection Flaw

• CISA data rules, Fortinet zero-day, UK Cyber Essentials

• Ransomware hackers using cloud service platforms as their playgrounds

• Google Patches Multiple Chrome Security Vulnerabilities

• Voice-enabled AI agents can automate everything, even your phone scams

• SEC Fines Four Companies $7 Million for Misleading Cybersecurity Disclosures: Cyber Security Today for Thursday, October 23, 2024

• U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog

• Cybersecurity Awareness Month 2024: Wrapping Up with Actionable Insights to Secure Our World

• WhatsApp Debuts New Features for Contact Management with Enhanced Privacy Protections

• The Lazarus APT Strikes Again: New Zero-Day Exploit Targets Investors through DeFi Games

• China’s top messaging app WeChat banned from Hong Kong government computers

• Enhancing national security: The four pillars of the National Framework for Action

• What’s more important when hiring for cybersecurity roles?

• Anthropic’s latest Claude model can interact with computers – what could go wrong?

• Facing the uncertainty of cyber insurance claims

• How to enable Safe Browsing in Google Chrome on Android

• AI and deepfakes fuel phishing scams, making detection harder

• Perfctl malware strikes again as crypto-crooks target Docker Remote API servers

• 2024-10-17 – Two days of server scans and probes and web traffic

• 2024-10-23 – Redline Stealer infection

• ISC Stormcast For Thursday, October 24th, 2024 https://isc.sans.edu/podcastdetail/9194, (Thu, Oct 24th)

• Hackers Leak 180,000 Esport North Africa User Records a Day Before Tournament Begins

• Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)

• Samsung phone users under attack, Google warns

• Deep web horror stories from the dark side of the internet

• Penn State pays DoJ $1.25M to settle cybersecurity compliance case

• CVE-2024-47575: Frequently Asked Questions About FortiJump Zero-Day in FortiManager and FortiManager Cloud

• Warning! FortiManager critical vulnerability under active attack

• Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #310 – The Day After PI Planning

• DEF CON 32 – AppSec Village – Speed Bumps and Speed HacksP: Adventures in Car Mfg Security

• IT Security News Daily Summary 2024-10-23

• Deceptive Google Meet Invites Lure Users Into Malware Scams

• ‘Satanic’ data thief claims to have slipped into 350M Hot Topic shoppers info

• Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action

• Critical Flaw in Open Policy Agent Exposed NTLM Credentials, Patch Released

• OpenAI scientist Noam Brown stuns TED AI Conference: ’20 seconds of thinking worth 100,000x more data’

• Microsoft SharePoint RCE flaw exploits in the wild – you’ve had 3 months to patch

• Fortinet Confirms Zero-Day Exploit Targeting FortiManager Systems

• CISA Adds One Known Exploited Vulnerability to Catalog

• Are Automatic License Plate Scanners Constitutional?

• Apple ‘Sharply Cuts’ Production For Vision Pro Headset – Report

• How Federal Agencies Are Achieving Zero Trust With Automation

• Digital Echo Chambers and Erosion of Trust – Key Threats to the US Elections

• Google SynthID Adding Invisible Watermarks to AI-Generated Content

• WeChat’s Updated Encryption System Prone to Threats for its Users

• New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection

• Congratulations to the Top MSRC 2024 Q3 Security Researchers!

• Wiz hopes to hit $1B in ARR in 2025 before an IPO, after turning down Google’s $23B

• TA866 Group Linked to New WarmCookie Malware in Espionage Campaign

• Google Messages adds nudity blur option, plus other new security upgrades

• The best VPN for streaming in 2024: Expert tested and reviewed

• After concerns of handing Facebook taxpayer info, four companies found to have improperly shared data

• Unveiling Hidden Connections: JA4 Client Fingerprinting on VirusTotal

• Hong Kong Bans WhatsApp, Google Drive On Government Devices

• Threat Actors Are Exploiting Vulnerabilities Faster Than Ever

• Microsoft Warns Foreign Disinformation Is Hitting the US Election From All Directions

• CISA Proposes Stronger Security Requirements to Protect Sensitive Data

• API Vulnerabilities Jump 21% in Third Quarter

• Everybody Loves Bash Scripts. Including Attackers., (Wed, Oct 23rd)

• Deceptive Delight: Jailbreak LLMs Through Camouflage and Distraction

• Trick or Treat? Your Infrastructure Might Be Haunted by Zombie and Shadow APIs

• DdoS Attack on Russian Foreign Ministry during BRICS summit

• Unmasking Prometei: A Deep Dive Into Our MXDR Findings

• Ofcom Finds Online Posts Were Clearly Connected To UK Riots

• ARM Cancels Qualcomm Chip Design Licence – Report

• Nigerian Court Orders Release Of Binance Executive

• Millions of iOS and Android Users at Risk as Popular Apps Expose Cloud Keys

• Attackers Use Encoded JavaScript to Deliver Malware

• Threat Actors Allegedly Selling Database of 1,000 NHS Email Accounts

• Grayscale Investments Data Breach Exposes 693K User Records Reportedly Affected

• AI hallucinations can pose a risk to your cybersecurity

• Engaging with Security Researchers: Embracing a “See Something, Say Something” Culture

• Defending Against Ransom DDoS Attacks

• CIS Control 16 Application Software Security

• Is a VPN Really Worth It in 2024?

• The Global Surveillance Free-for-All in Mobile Ad Data

• Nigeria Drops Charges Against Tigran Gambaryan, Jailed Binance Exec and Former IRS Agent

• How Cisco is Using Apple Vision Pro to Create the Next Evolution of Spatial Collaboration

• Crooks are targeting Docker API servers to deploy SRBMiner

• U.S. CISA adds Microsoft SharePoint flaw to its Known Exploited Vulnerabilities catalog

• The Crypto Game of Lazarus APT: Investors vs. Zero-days

• Democratising Cybersecurity

• ShadyShader: Crashing Apple Devices with a Single Click

• Modernizing Data Security: Imperva and IBM zSystems in Action

• Securing E-commerce

• LinkedIn bots and spear phishers target job seekers

• Reality Defender Banks $33M to Tackle AI-Generated Deepfakes

• Bolstering CTEM with AI and Purple Team Security

• Keep your secrets secret: 5 core tips — and a call to action on modernizing

• IBM Addresses AI, Quantum Security Risks with New Platform

• FortiJump: Yet Another Critical Fortinet 0-Day RCE

• The Impact of Google’s Manifest V3 on Chrome Extensions

• Old Redbox Kiosks Hacked to Expose Customers’ Private Details

• Cofense improves visibility of dangerous email-based threats

• Ransomware Gangs Use LockBit’s Fame to Intimidate Victims in Latest Attacks

• Think You’re Secure? 49% of Enterprises Underestimate SaaS Risks

• Researchers Reveal ‘Deceptive Delight’ Method to Jailbreak AI Models

• CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

• Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

• Internet Archive Secures Zendesk Account, Works Toward Full-Service Restoration

• 70% of Leaders See Cyber Knowledge Gap in Employees

• Former British PM Cameron Calls for Tech Engagement with China Despite Cyber Threats

• Embargo Ransomware Gang Deploys Customized Defense Evasion Tools

• New Malware WarmCookie Targets Users with Malicious Links

• Everybody Loves Bash Scripts. Including Attackers., (Wed, Oct 23rd)

• Deceptive Delight: Jailbreak LLMs Through Camouflage and Distraction

• Trick or Treat? Your Infrastructure Might Be Haunted by Zombie and Shadow APIs

• DdoS Attack on Russian Foreign Ministry during BRICS summit

• Unmasking Prometei: A Deep Dive Into Our MXDR Findings

• Ofcom Finds Online Posts Were Clearly Connected To UK Riots

• ARM Cancels Qualcomm Chip Design Licence – Report

• Nigerian Court Orders Release Of Binance Executive

• Millions of iOS and Android Users at Risk as Popular Apps Expose Cloud Keys

• Attackers Use Encoded JavaScript to Deliver Malware

• Threat Actors Allegedly Selling Database of 1,000 NHS Email Accounts

• Grayscale Investments Data Breach Exposes 693K User Records Reportedly Affected

• AI hallucinations can pose a risk to your cybersecurity

• Engaging with Security Researchers: Embracing a “See Something, Say Something” Culture

• Defending Against Ransom DDoS Attacks

• CIS Control 16 Application Software Security

• Is a VPN Really Worth It in 2024?

• The Global Surveillance Free-for-All in Mobile Ad Data

• Nigeria Drops Charges Against Tigran Gambaryan, Jailed Binance Exec and Former IRS Agent

• How Cisco is Using Apple Vision Pro to Create the Next Evolution of Spatial Collaboration

• Crooks are targeting Docker API servers to deploy SRBMiner

• U.S. CISA adds Microsoft SharePoint flaw to its Known Exploited Vulnerabilities catalog

• The Crypto Game of Lazarus APT: Investors vs. Zero-days

• Democratising Cybersecurity

• ShadyShader: Crashing Apple Devices with a Single Click

• Modernizing Data Security: Imperva and IBM zSystems in Action

• Securing E-commerce

• LinkedIn bots and spear phishers target job seekers

• Reality Defender Banks $33M to Tackle AI-Generated Deepfakes

• Bolstering CTEM with AI and Purple Team Security

• Keep your secrets secret: 5 core tips — and a call to action on modernizing

• IBM Addresses AI, Quantum Security Risks with New Platform

• FortiJump: Yet Another Critical Fortinet 0-Day RCE

• The Impact of Google’s Manifest V3 on Chrome Extensions

• Old Redbox Kiosks Hacked to Expose Customers’ Private Details

• Cofense improves visibility of dangerous email-based threats

• Ransomware Gangs Use LockBit’s Fame to Intimidate Victims in Latest Attacks

• Think You’re Secure? 49% of Enterprises Underestimate SaaS Risks

• Researchers Reveal ‘Deceptive Delight’ Method to Jailbreak AI Models

• CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

• Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

• US Government Pledges to Cyber Threat Sharing Via TLP Protocol

• Internet Archive Secures Zendesk Account, Works Toward Full-Service Restoration

• 70% of Leaders See Cyber Knowledge Gap in Employees

• Former British PM Cameron Calls for Tech Engagement with China Despite Cyber Threats

• Embargo Ransomware Gang Deploys Customized Defense Evasion Tools

• Highlighting TA866/Asylum Ambuscade Activity Since 2021

• Threat Spotlight: WarmCookie/BadSpace

• Complex controls: Addressing PCI DSS by 2025

• Why DSPM is Essential for Achieving Data Privacy in 2024

• ESET HOME Security enhancements strengthen protection against AI-driven threats

• UK Government Weighs Review of Computer Misuse Act to Combat Cybercrime

• Building a Cyber Resilience Framework for Credit Unions

• BT Switches On First Self-Powered Cell Tower

• Dutch Police Infiltrate Telegram Groups, Arrest 4 for Illegal Data Trading

• AI is Revolutionizing Cybersecurity — But Not in the Ways You Might Think

• Mallox Ransomware Vulnerability Lets Victims Decrypt Files

• SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

• Election Security: Here’s What We Should Really Be Worried About

• Western Digital Fined Over $310 Million for Patent Infringement

• AI Data Breach Reveals Trust Issues with Personal Information

• Reality Defender secures $33 million to enhance AI detection capabilities

• Cohesity Gaia brings the power of generative AI to enterprise data

• Stream.Security raises $30 million to boost cloud security

• White Hat Hackers Earn $500,000 on First Day of Pwn2Own Ireland 2024

• US Energy Sector Vulnerable to Supply Chain Attacks

• Red Hat NetworkManager Flaw Allows Hackers to Gain Root Access

• SolarWinds disclosure fines, Zendesk helps Internet Archive, Samsung zero-day

• Grandoreiro, the global trojan with grandiose goals

• Can Offline Data Storage Curb Ransomware Attacks?

• Tor Browser 14.0 Released With New Android Circuit Options

• CISA Proposes New Security Measures to Safeguard Sensitive Data from Adversary States

• Britain online users should be aware of this Online Job Scam

• Five Ways to Improve Your Security Posture, Fast

• Effective strategies for measuring and testing cyber resilience

• Argus: Open-source information gathering toolkit

• Evolving cloud threats: Insights and recommendations

• Cybersecurity jobs available right now: October 23, 2024

• Showcasing our Industry-First BDR Solution in Singapore

• Most women in IT work overtime to advance in their careers

• ISC Stormcast For Wednesday, October 23rd, 2024 https://isc.sans.edu/podcastdetail/9192, (Wed, Oct 23rd)

• Millions of Android and iOS users at risk from hardcoded creds in popular apps

• US lawmakers push DoJ to prosecute tax prep firms for leaking taxpayer data to big tech

• US lawmakers push DOJ to prosecute tax prep firms for leaking taxpayer data to big tech

• USENIX NSDI ’24 – Accelerating Skewed Workloads With Performance Multipliers in the TurboDB Distributed Database

• DEF CON 32 – AppSec Village – Lessons Learned from Building and Defending LLM Applications

• How Security Automation Platforms Streamline SOC Operations

• USENIX NSDI ’24 – SIEVE is Simpler than LRU: An Efficient Turn-Key Eviction Algorithm for Web Caches

• Deceptive Google Meet Invites Lures Users Into Malware Scams

• IT Security News Daily Summary 2024-10-22

• SEC fines four companies $7M for ‘misleading cyber disclosures’ regarding SolarWinds hack

• Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs

• Implement Hibernate Second-Level Cache With NCache

• The best VPN for Mac in 2024: Expert tested and reviewed

• In Appreciation of David Burnham

• How to use the Amazon Detective API to investigate GuardDuty security findings and enrich data in Security Hub

• CISA and USPIS Release Two Election Mail Security Resources

• Elon Musk, Tesla Sued By Blade Runner 2049 Producers

• 5 Best Rootkit Scanners and Removers: Anti-Rootkit Tools

• Elevating SaaS Security: The Strategic Role of Bug Bounty Programs

• Announcing the BlueHat 2024 Sessions

• Understanding WhatsApp Check Marks: One or Two, Gray or Blue

• The best VPN services for iPhone: Expert tested and reviewed

• Bluesky Gains After X Changes How Blocking Works

• Fake CAPTCHA Pages Used by Lumma Stealer to Spread Fileless Malware

• Grandoreiro, the global trojan with grandiose ambitions

• Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans

• Wiping your Windows laptop? Here’s the simplest way to erase all personal data

• Exposed United Nations Database Left Sensitive Information Accessible Online

• TSMC blows whistle on potential sanctions-busting shenanigans from Huawei

• USENIX NSDI ’24 – THC: Accelerating Distributed Deep Learning Using Tensor Homomorphic Compression

• Randall Munroe’s XKCD ‘Temperature Scales’

• UK Government Signs Five Year Deal With Microsoft

• 5 new protections on Google Messages to help keep you safe

• How Many U.S. Persons Does Section 702 Spy On? The ODNI Needs to Come Clean.

• VMware fixes critical RCE, make-me-root bugs in vCenter – for the second time

• SEC Charges Four Companies Over Misleading Disclosures on SolarWinds Hack

• How much HTTP (not HTTPS) Traffic is Traversing Your Perimeter?, (Tue, Oct 22nd)

• Critical Vulnerability Patched In Jetpack WordPress Plugin

• SEC fines four companies $7 million for ‘misleading cyber disclosures’ regarding SolarWinds hack

• Keeper Security Calls for Action: Week Four

• KnowBe4 Launches Complimentary Training Module Following Thwarted North Korean Infiltration Attempt

• Tech firms to pay millions in SEC penalties for misleading SolarWinds disclosures

• Meta Restarts Use Of Facial Recognition For ‘Celebrity Scam Ad’ Crackdown

• Dark Web Anti-Bot Services Let Phishers Bypass Google’s Red Page

• What NIST’s post-quantum cryptography standards mean for data security

• Researchers link Polyfill supply chain attack to huge network of copycat gambling sites

• Team-Based Training and the Power of Simulation

• Nidec Corporation Ransomware Attack: Data Leak on Dark Web

• Security Experts Downplay the Significance of the Chinese Quantum “Hack”

• LLMjacking and Open-Source Tool Abuse Surge in 2024 Cloud Attacks

• Samsung zero-day flaw actively exploited in the wild

• Akira ransomware is encrypting victims again following pure extortion fling

• SEC Charges Tech Firms Over Misleading SolarWinds Hack Disclosures

• Dutch central bank says to keep cash on hand and Hackers targeting US Elections 2024 with domains

• TSMC Alerts US Of Attempt To Circumvent China AI Chip Restriction

• Skills shortage persists in cybersecurity with many jobs going unfilled

• MixMode Recognized By USA Today As One Of The Top 10 AI Companies To Watch in 2024

• Best Cybersecurity Metrics to Use in the Boardroom | Kovrr

• INE Security Launches New Training Solutions to Enhance Cyber Hygiene for SMBs

• Anthropic’s new AI can use computers like a human, redefining automation for enterprises

• The Shitposting Cartoon Dogs Sending Trucks, Drones, and Weapons to Ukraine’s Front Lines

• US Police Detective Charged With Purchasing Stolen Credentials

• Cranium Detect AI accelerates AI governance

• 75% of US Senate Campaign Websites Fail to Implement DMARC

• OpenSSL 3.4 Final Release Live

• ICONICS and Mitsubishi Electric Products

• CISA Releases One Industrial Control Systems Advisory

• ShadyShader: Crashing Apple M-Series Devices with a Single Click

• SailPoint Machine Identity Security reduces the risk associated with unmanaged machine identities

• Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks

• Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers

• RecoverPy : To Find And Recover Deleted Or Overwritten Files From Terminal

• Experts warn of a new wave of Bumblebee malware attacks

• Russian Disinformation Group Behind Bogus Walz Conspiracy: Report

• Kusari helps organizations gain visibility into their software

• Can Security Experts Leverage Generative AI Without Prompt Engineering Skills?

• Putting the “R” back in GRC – Insights from Gartner on Emerging Cyber GRC Technologies

• SailPoint Adds Raft of Capabilities to Better Manage Privileges

• How to use interface VPC endpoints to meet your security objectives

• Generative AI grows 17% in 2024, but data quality plummets: Key findings from Appen’s State of AI Report

• Cloud Security — Maturing Past the Awkward Teenage Years

• Upload a video selfie to get your Facebook or Instagram account back

• Stream.Security Secures $30 Million Series B

• IBM Guardium Data Security Center protects hybrid cloud and AI

• OpenSSL is hiring Communities Manager

• Beware Of Callback Phishing Attacks Google Groups That Steal Login Details

• Socket lands a fresh $40M to scan software for security flaws

• SOC Findings Report From RSA Conference 2024

• New AI Tool To Discover 0-Days At Large Scale With A Click Of A Button

• GHOSTPULSE Hides Within PNG File Pixel Structure To Evade Detections

• NordVPN Review (2024): Is NordVPN Worth the Cost?

• Critical Vulnerabilities Expose mbNET.mini, Helmholz Industrial Routers to Attacks

• Proofpoint Alternatives and Competitors: Find the Best

• Critical Chrome Vulnerabilities Let Malicious Apps Run Shell Command on Your PC

• IcePeony Hackers Exploiting Public Web Servers To Inject Webshells

• No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer

• BlackCat Ransomware Successor Cicada3301 Emerges

• Packet Capture cStor 200S enables organizations to capture, analyze, and optimize network traffic

• A Comprehensive Guide to Finding Service Accounts in Active Directory

• Russia-Linked Hackers Attacking Governmental And Political Organizations

• Threat intelligence vs. threat hunting: Better together

• Latrodectus Malware Increasingly Used by Cybercriminals

• VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)

• Phishing Attack Impacts Over 92,000 Transak Users

• Threat actor abuses Gophish to deliver new PowerRAT and DCRAT

• Astaroth Banking Malware Runs Actively Targets Users In Brazil

• Sophos Expands Cybersecurity With $860m Secureworks Purchase

• Best practices on securing your AI deployment

• What Is Secure Access Service Edge?

• Bumblebee Malware Loader Resurfaces Following Law Enforcement Takedown

• Malicious npm Packages Target Developers’ Ethereum Wallets with SSH Backdoor

• Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies

• Meta to Fight Celeb-Bait Scams with Facial Recognition

• Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach

• The Past, Present, and Future of File Integrity Monitoring

• Palo Alto Networks extends security into harsh industrial environments

• U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog

• Palo Alto Networks Adds New Capabilities to OT Security Solution

• Ivanti Neurons for App Control strengthens endpoint security

• Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)

• Pharma Giant Johnson & Johnson Discloses Data Breach

• Fastly DDoS Protection blocks malicious traffic

• Think Tanks Urge Action to Curb Misuse of Spyware and Hack-for-Hire

• FBI & CISA Warns of Tactics Used by Hackers Targeting 2024 U.S. General Election

• VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

• AI-Powered Attacks Flood Retail Websites

• VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability

• U.S. rule on selling sensitive data, Cisco data stolen, Nidec breach

• Cyber Attackers Set Their Sights on the Manufacturing Industry

• OWASP Mobile Top 10 2024: Update Overview

• Winnebago Public Schools Suffers Cyber Attack, Services Shut Down

• Attackers Exploit Roundcube Webmail Vulnerability

• Cyber Attackers Set Their Sights on Manufacturing

• Ransomware group demands $30k for not leaking Transak user data

• Best Programming Languages for Hacking in 2025

• Google Mandiant: Time-to-Exploit Falls, Zero Day Exploits Rise

• Pixel perfect Ghostpulse malware loader hides inside PNG image files

• NHS App to Provide Full Medical Records Under Digital Overhaul Plan

• IT security and government services: Balancing transparency and security

• CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack

• Phishing scams and malicious domains take center stage as the US election approaches

• Myths holding women back from cybersecurity careers

• Hackers are finding new ways to leverage AI

• Whitepaper: Securing GenAI

• Severe Flaws Discovered in Major E2EE Cloud Storage Services

• ISC Stormcast For Tuesday, October 22nd, 2024 https://isc.sans.edu/podcastdetail/9190, (Tue, Oct 22nd)

• Inside the Dark Web: How Threat Actors Are Selling Access to Corporate Networks

• USENIX NSDI ’24 – DISTMM: Accelerating Distributed Multimodal Model Training

• Are Leaders Ready to Break the Ransomware Cycle

• China’s Spamouflage cranks up trolling of US Senator Rubio as election day looms

• Meta tests facial recognition for spotting ‘celeb-bait’ ads scams and easier account recovery

• Sophos to snatch Secureworks in $859M buyout: Why fight when you can just buy?

• 170 AWS services achieve HITRUST certification

• IT Security News Daily Summary 2024-10-21

• Vulnerability Recap 10/21/24 – Immediate Patching Is Critical

• FedRAMP Certification and Compliance: What It Is and Why It Matters

• Types of Security Audits: Overview and Best Practices

• Internet Archive (Archive.org) Hacked for Second Time in a Month

• How to Implement Client-Side Load Balancing With Spring Cloud

• Cisco confirms attackers stole data from DevHub environment

• The billionaire behind Trump’s ‘unhackable’ phone is on a mission to fight Tesla’s FSD

• Survey Surfaces Depth and Scope of Identity Management Challenge

• ICE’s $2 Million Contract With a Spyware Vendor Is Under White House Review

• Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

• VMware Struggles to Fix Flaw Exploited at Chinese Hacking Contest

• USENIX NSDI ’24 – Parcae: Proactive, Liveput-Optimized DNN Training on Preemptible Instances

• Randall Munroe’s XKCD ‘Experimental Astrophysics’

• Is It Time to Move on from Your Legacy GRC Solution?

• USENIX NSDI ’24 – Accelerating Neural Recommendation Training with Embedding Scheduling

• DEF CON 32 – AppSec Village – Web2 Meets Web3 Hacking Decentralized Applications

• How to Lower Ping: 11 Practical Tips

• Securing Financial Operations: Know Your SaaS

• HM Surf Bug in macOS Raises Data Privacy Concerns

• Study outlines ‘severe’ security issues in cloud providers

• Apple Offering Hackable iPhones to Universities

• ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks

• Data Breach Statistics [2024] : Penalties and Fines for Major regulations

• Akira ransomware continues to evolve

• Hacker Advertises “Top Secret US Space Force (USSF) Military Technology Archive”

• Living Our Purpose Through Pro Bono

• Cybersecurity Action Month: When Awareness Must Lead to Action

• What is Incident Response?

• Vietnamese Hackers Target Digital Marketers in Malware Attack

• Innovator Spotlight: Interpres Security

• AWS Tells Staff To Leave If They Don’t Wish To Return To Office

• Hacker Advertises “Top Secret US Space Force Military Technology Archive”

• How to Secure Your Raspberry Pi and Enable Safe, Resilient Updates

• Gartner: 2025 will see the rise of AI agents (and other top trends)

• Why you should power off your phone at least once a week – according to the NSA

• U.S. Border Surveillance Towers Have Always Been Broken

• Innovator Spotlight: Concentric

• Innovator Spotlight: Keepnet Labs

• USENIX NSDI ’24 – OPPerTune: Post-Deployment Configuration Tuning of Services Made Easy

• North Korean Hackers Develop Linux Variant of FASTCash Malware Targeting Financial Systems

• A Network Nerd’s Take on Emergency Preparedness, (Tue, Oct 15th)

• Sophos to acquire Secureworks

• Attackers Target Exposed Docker Remote API Servers With perfctl Malware

• Eutelsat Launches First Satellites Since OneWeb Merger

• Get 9 Courses on Ethical Hacking for Just $50

• Fortinet Training Institute Wins Industry Accolades

• The Ugly Truth about Your Software Vendor which CISOs Won’t Want (But Do Need) to Hear

• This industry profits from knowing you have cancer, explains Cody Venzke (Lock and Code S05E22)

• Microsoft Builds Fictitious Azure Tenants to Lure Phishers to Honeypots

• Stolen Access Tokens Lead to New Internet Archive Breach

• Zero-Trust Endpoint Security

• More of Internet Archive is back online, despite hackers infiltrating its helpdesk

• Sophos to Acquire SecureWorks in $859 Million All-Cash Deal

• 50,000 Files Exposed in Nidec Ransomware Attack

• Samsung Delays ASML Deliveries For Texas Chip Factory – Report

• Internet Archive was breached twice in a month

• Seven Cybersecurity Tips to Protect Your Retail Business This Holiday Season

• Internet Archive attackers email support users: “Your data is now in the hands of some random guy”

• Vulnerability Summary for the Week of October 14, 2024

• Netskope Reports Possible Bumblebee Loader Resurgence

• Australia’s New Scam Prevention Laws: What You Need to Know

• macOS HM Surf vuln might already be under exploit by major malware family

• Fortinet releases patches for undisclosed critical FortiManager vulnerability

• Graylog enables organizations to make more informed decisions about their security posture

• Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain

• How In-Person Meetings Fast-Tracked Our vPPA Negotiations in Europe

• TikTok’s ByteDance Fires Intern For Allegedly Sabotaging AI Project

• Strengthening Cloud Defenses: Key Strategies

• ESET Distributor’s Systems Abused to Deliver Wiper Malware

• Chinese Research Using Quantum System to Crack Encryption a ‘Cautionary Tale’

• How to build a Security Guardians program to distribute security ownership

• How To Secure Your Raspberry Pi and Enable Safe, Resilient Updates

• A Trump Win Could Unleash Dangerous AI

• Big Rewards Offered in Dedicated Google Cloud Bug Bounty Program

• Cisco Confirms Security Incident After Hacker Offers to Sell Data

• Phishing Attacks Snare Security, IT Leaders

• THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 – Oct 20)

• Guide:  The Ultimate Pentest Checklist for Full-Stack Security

• Safeguard OT Environments with the Power of Precision AI

• Former OpenAI Mira Murati Raising Capital For New AI Startup – Report

• Silicon UK AI For Your Business Podcast: Government and AI

• AI and the SEC Whistleblower Program

• Australia’s Privacy Watchdog Publishes Guidance on Commercial AI Products

• Hackers Use Bumblebee Malware to Gain Access to Corporate Networks

• FBI Arrested Hacker Behind the Takeover of the U.S. SEC X account

• Nearly half (44%) of CISOs Fail to Detect Breaches

• Atlassian Patches Vulnerabilities in Bitbucket, Confluence, Jira

• Escape vs Qualys

• Western Digital Fined $316m For Infringing Data Security Patent

• The 6 Best Antivirus Software Providers for Mac in 2024

• US Government Says Relying on Chinese Lithium Batteries Is Too Risky

• How a Trump Win Could Unleash Dangerous AI

• Stealer here, stealer there, stealers everywhere!

• AI and Hardware Hacking on the Rise

• Roundcube Webmail Vulnerability Exploited in Government Attack

• Ataccama ONE v15.3 empowers data teams to monitor, manage, and utilize data

• The Internet Archive breach continues

• Genomics company 23andMe to pay up to $10,000 per person to victims of data breach

• Industry Moves for the week of October 21, 2024 – SecurityWeek

• Internet Archive Hacked Again During Service Restoration Efforts

• Hackers Mimic as ESET to Deliver Wiper Malware

• Preventing Breaches Using Indicators of Compromise

• Cybersecurity at Ports Gets a Boost with New Bipartisan Bill

• Half of Organizations Have Unmanaged Long-Lived Cloud Credentials

• A week in security (October 14 – October 20)

• FBI’s Most Wanted Hacker Arrested in Malpensa

• Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign

• Fortra Report Reveals Surge in Domain Impersonation, Social Media Attacks, and Dark Web Activity

• Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers

• Microsoft logs lost, Omni Family breach, Internet Archive Zendesk breach

• Fair Vote Canada – 134,336 breached accounts

• Fair Vote Canada Data Leak: 34k Email Addresses Leaked

• FBI Arrests Alabama Man in Connection to SEC Social Media Hack: Cyber Security Today for Monday, October 21st, 2024

• Windows 11 passkey transformation will say goodbye to Passwords

• Understanding AI and ML Security in Telecommunication Networks

• Tesla, Intel, deny they’re the foreign company China just accused of making maps that threaten national security

• Policy as code in Kubernetes: security with seccomp and network policies

• Building secure AI with MLSecOps

• Evolving cybercriminal tactics targeting SMBs

• Should the CISOs role be split into two functions?

• Aranya: Open-source toolkit to accelerate secure by design concepts

• These 7 Practices Are Building Cybersecurity Safeguards in the Construction Industry

• ISC Stormcast For Monday, October 21st, 2024 https://isc.sans.edu/podcastdetail/9188, (Mon, Oct 21st)

• Internet Archive exposed again – this time through Zendesk

• Ransomware Rising – Understanding, Preventing and Surviving Cyber Extortion

• BSides Exeter – Ross Bevington’s Turning The Tables: Using Cyber Deception To Hunt Phishers At Scale

• Cyprus Thwarted a Digital Attack Against the Government’s Main Online Portal

• IT Security News Daily Summary 2024-10-20

• “HM Surf” macOS Flaw Lets Attackers Access Camera and Mic – Patch Now!

• The AI edge in cybersecurity: Predictive tools aim to slash response times

• Cyber Threats by Nation-States Surge Beyond Control

• USENIX NSDI ’24 – Reasoning About Network Traffic Load Property at Production Scale

• DEF CON 32 – AppSec Considerations From The Casino Industry

• Mirai-Inspired Gorilla Botnet Hits 0.3 Million Targets Across 100 Countries

• Brazil’s Federal Police Arrests ‘USDoD,’ Hacker in FBI Infragard Breach

• How to Enhance Your Windows Security with Memory Integrity

• The Cybersecurity Burnout Crisis: Why CISOs Are Considering Quitting

• SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16

• Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

• F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP

• Open source LLM tool primed to sniff out Python zero-days

• Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials

• Week in review: 87k+ Fortinet devices still open to attack, red teaming tool used for EDR evasion

• Microsoft Introduces AI Solution for Erasing Ex from Memories

• Microsoft Fixed 100+ Vulnerabilities With October Patch Tuesday

Generated on 2024-10-27 23:58:08.954296