IT Security News Weekly Summary – Week 44

• IT Security News Daily Summary 2024-11-03

• Half of Online Child Grooming Cases Now Happen on Snapchat, Reports UK Charity

• Redline And Meta Infostealers Targeted in Operation Magnus

• 6 IT contractors arrested for defrauding Uncle Sam out of millions

• Strava’s Privacy Flaws: Exposing Sensitive Locations of Leaders and Users Alike

• DEF CON 32 – Where’s The Money-Defeating ATM Disk Encryption

• Cybersecurity Beyond Phishing: Six Underrated Threats

• Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

• SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 18

• FBI Warns of Cybercriminals Stealing Cookies to Bypass Security

• Windows Recall Release Pushed Back, Microsoft Sets December Date

• Critical Security Vulnerability Found in LiteSpeed Cache Plugin: Urgent Update Advised for WordPress Users

• US Election 2024 – FBI warning about fake election videos

• Chinese threat actors use Quad7 botnet in password-spray attacks

• Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams

• ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA

• How to protect against supply chain cyber risk with automation

• 2024 Application Security Report -Fortinet

• Chenlun’s New Phishing Schemes Target Big-Name Brands

• IT Security News Daily Summary 2024-11-02

• FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info

• Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

• DEF CON 32 – On Your Ocean’s 11 Team, I’m The AI Guy (Technically Girl)

• Hacking Contest: How QNAP Overcame Critical Zero-Day Flaws

• Malvertising Campaign Hijacks Facebook Accounts to Propagate SYS01stealer

• Business Email Compromise Soars in Q3 2024 as Cybercriminals Refine Tactics: VIPRE Report

• ARPANET to Internet The First Connection That Changed the World

• qpdf: Extracting PDF Streams, (Sat, Nov 2nd)

• Noma Security Raises $32 Million to Safeguard Gen-AI Applications

• How Can FSOs Help with CMMC Compliance?

• Florida Man Accused of Hacking Disney World Menus, Changing Font to Wingdings

• Financial institutions told to get their house in order before the next CrowdStrike strikes

• CrossBarking Exploit in Opera Browser Exposes Users to Extensive Risks

• PTZOptics cameras zero-days actively exploited in the wild

• Cyber Security Today – The Weekend Panel Reviews Cyber Security Month: November 2, 2024

• The Human Toll of ALPR Errors

• IoT Security Failures Can Be Sh*tty

• Test Posting

• Sophos Warns Chinese Hackers Are Becoming Stealthier

• DEF CON 32 – Welcome to DEF CON 32

• Network Hacking Course Pairs with Cisco Modeling Labs

• IT Security News Daily Summary 2024-11-01

• TA Phone Home: EDR Evasion Testing Reveals Extortion Actor’s Toolkit

• Booking.com Phishers May Leave You With Reservations

• Friday Squid Blogging: Squid Sculpture in Massachusetts Building

• GreyNoise: AI’s Central Role in Detecting Security Flaws in IoT Devices

• Week in Review: Deepfake targets Wiz, Black Basta leverages Teams, Russia’s Linux plans

• New LightSpy spyware version targets iPhones with destructive capabilities

• Azure AI Vulnerabilities Allowed Attacks to Bypass Moderation Safeguards

• A new paradigm for control of quantum emitters

• How Ransomware Is Delivered and How to Prevent Attacks

• Red Hat Insights collaborated with Vulcan Cyber to provide a seamless integration for effective exposure management

• AI’s Impact in 2024 Elections and What Voters Can Do to Protect Themselves from Disinformation

• API security testing checklist: 7 key steps

• What is unified threat management (UTM)?

• Could SBOMs save lives? SecOps in critical infrastructure

• How to make open source software more secure

• LottieFiles confirmed a supply chain attack on Lottie-Player

• EU Adopts New Cybersecurity Rules for Critical Infrastructure Under NIS2 Directive

• ATT&CK v16: Worry-Free Updates in Tidal Cyber

• Anthropic warns of AI catastrophe if governments don’t regulate in 18 months

• The biggest underestimated security threat of today? Advanced persistent teenagers

• Randall Munroe’s XKCD ‘Wells’

• Microsoft’s Controversial Recall Feature Release Delayed Again

• How Incogni Helps Protect Your Digital Privacy and Reduces Spam

• India Cracks Down on Cybercrime with Warning Against Illegal Payment Gateways

• Joint ODNI, FBI, and CISA Statement on Russian Election Influence Efforts

• Data Governance Essentials: Glossaries, Catalogs, and Lineage (Part 5)

• Top Tech Conferences & Events to Add to Your Calendar

• Microsoft Reveals Chinese Threat Actors Use Quad7 Botnet to Steal Credentials

• Cybersecurity Insights with Contrast CISO David Lindner | 11/1/24

• Ô! China Hacks Canada too, Says CCCS

• 1,000+ web shops infected by “Phish ‘n Ships” criminals who create fake product listings for in-demand products

• EMERALDWHALE Steals 15,000+ Cloud Credentials, Stores Data in S3 Bucket

• Cybersecurity Snapshot: Apply Zero Trust to Critical Infrastructure’s OT/ICS, CSA Advises, as Five Eyes Spotlight Tech Startups’ Security

• Medusa Ransomware attack impacts 1.8 million patients

• China-based APTs waged 5-year campaign on Sophos firewalls

• The future of cloud computing: Top trends and predictions

• Changing the Game for our Customers and Partners with One Cisco

• ​​7 cybersecurity trends and tips for small and medium businesses to stay protected

• ​​Microsoft now a Leader in three major analyst reports for SIEM

• Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network

• NCSC Details ‘Pygmy Goat’ Backdoor Planted on Hacked Sophos Firewall Devices

• Inside Iran’s Cyber Playbook: AI, Fake Hosting, and Psychological Warfare

• Microsoft Warns: Midnight Blizzard’s Ongoing Spear-Phishing Campaign with RDP Files

• Meta Infostealer Malware Network Taken Down by Authorities

• New Tool Circumvents Google Chrome’s New Cookie Encryption System

• Apple Sales Rise 6 Percent After Early iPhone 16 Demand

• What’s behind unchecked CVE proliferation, and what to do about it

• GreyNoise Credits AI for Spotting Exploit Attempts on IoT Livestream Cams

• X’s Community Notes Fails To Stem US Election Misinformation – Report

• Ransomware’s Evolving Threat: The Rise of RansomHub, Decline of Lockbit, and the New Era of Data Extortion

• Month in security with Tony Anscombe – October 2024 edition

• In Other News: FBI’s Ransomware Disruptions, Recall Delayed Again, CrowdStrike Responds to Bloomberg Article

• What are the key Threats to Global National Security?

• Google Fined More Than World’s GDP By Russia

• CISA Warns of Critical Software Vulnerabilities in Industrial Devices

• UK councils bat away DDoS barrage from pro-Russia keyboard warriors

• US, Israel Describe Iranian Hackers’ Targeting of Olympics, Surveillance Cameras

• Shared Intel Q&A: Foreign adversaries now using ‘troll factories’ to destroy trust in U.S. elections

• 5 SaaS Misconfigurations Leading to Major Fu*%@ Ups

• Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned

• US and Israel Warn of Iranian Threat Actor’s New Tradecraft

• Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack

• LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

• Passkeys are more popular than ever. This research explains why

• Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets

• Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns

• Hack Nintendo’s alarm clock to show cat pics? Let’s-a-go!

• TechRepublic Premium Editorial Calendar: Policies, Hiring Kits, and Glossaries for Download

• Bug Bounty Platform Bugcrowd Secures $50 Million in Growth Capital

• Peruvian bank heist, Task Manager error, CyberPanel vulnerabilities exploited

• Cyber Threats in Costume: When Attacks Hide Behind a Mask

• CISA Strategic Plan Targets Global Cooperation on Cybersecurity

• 50% of financial orgs have high-severity security flaws in their apps

• Deceptive Delight – A New AI Exploit: Cyber Security Today for Friday, November 1, 2024

• Cyber Atttack disrupts NISA DHL Delivery Operations: A Closer Look

• The Invisible Shield: Beyond Wrap-around Cyber Protection

• How open-source MDM solutions simplify cross-platform device management

• Redline Stealer Dominates: VIPRE’s Q3 Report Highlights Sophisticated BEC Tactics and Evolving Malware Trends

• OpenPaX: Open-source kernel patch that mitigates memory safety errors

• Threat actors are stepping up their tactics to bypass email protections

• New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites

• Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar

• Infosec products of the month: October 2024

• A Step-by-Step Guide to How Threat Hunting Works

• Gang gobbles 15K credentials from cloud and email providers’ garbage Git configs

• New AWS Secure Builder training available through SANS Institute

• Maestro

• IT Security News Monthly Summary – November

• IT Security News Daily Summary 2024-10-31

• Stalker Online – 1,385,472 breached accounts

• October 2024 Web Server Survey

• UnitedHealth Hires Longtime Cybersecurity Executive as CISO

• AI Pulse: Election Deepfakes, Disasters, Scams & more

• Microsoft delays its troubled AI-powered Recall feature yet again

• 6 Best Cybersecurity Training for Employees in 2025

• Lottie Player NPM package compromised in supply chain attack

• Nastiest Malware 2024

• 4 Essential Strategies for Enhancing Your Application Security Posture

• Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations

• Essential Open-Source Security Tools: From Vulnerability Scanning to AI Safety

• Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #311 – Come to the Office

• Why Ignoring Data Breaches Can Be Costly

• How Cypago’s Cyber GRC Automation Platform Helps Enterprises with Compliance Oversight

• Can’t quit Windows 10? Microsoft will charge for updates next year. Here’s how much

• “Is My Phone Listening To Me?”

• Evasive Panda Unfurls Cloud Services Under Siege

• India Faces Rising Ransomware Threat Amid Digital Growth

• Scammers Use Fake Centrelink Promises to Target Australians Online

• Unofficial Patches Published for New Windows Themes Zero-Day Exploit

• Preparing IT teams for the next AI wave

• Top 6 XDR Solutions & Vendors

• Android malware FakeCall intercepts your calls to the bank

• New Xiu Gou Phishing Kit Targets US, Other Countries with Mascot

• SecurityBridge Unveils Automated Virtual Patching to Protect SAP Systems from Vulnerabilities

• Misconfigured Git Configurations Targeted in Emeraldwhale Attack

• Threat actor says Interbank refused to pay the ransom after a two-week negotiation

• Shedding AI Light on Bank Wire Transfer Fraud

• How SSO and MFA Improves Identity Access Management (IAM)

• Misconfigured Git Configurations Targeted in EMERALDWHALE Attack

• Wordfence Intelligence Weekly WordPress Vulnerability Report (October 21, 2024 to October 27, 2024)

• IBM Data Breach 2024 might be fake

• New Xiū gǒu Phishing Kit Hits UK, US, Japan, Australia Across Key Sectors

• How to remove your personal information from Google Search results

• FTSCon

• Roger Grimes on Prioritizing Cybersecurity Advice

• EFF Launches Digital Rights Bytes to Answer Tech Questions that Bug Us All

• Application Detection and Response (ADR): A Game-changing SOC Analyst Tool | Contrast Security

• Safeguarding Cyber Insurance Policies With Security Awareness Training

• NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities

• Fraudsters Exploit US General Election Fever, FBI Warns

• Tracking World Leaders Using Strava

• Distributing Ownership of an Organization’s Cybersecurity Risks

• Sophos Used Custom Implants to Surveil Chinese Hackers Targeting Firewall Zero-Days

• Small Businesses Boosting Cybersecurity as Threats Grow: ITRC

• New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics

• How To Create a Complete GitHub Backup

• Why you should update Chrome and Firefox right now

• CISA Releases Four Industrial Control Systems Advisories

• Rockwell Automation FactoryTalk ThinManager

• LottieFiles Issues Warning About Compromised “lottie-player” npm Package

• Cato Networks Joins MITRE AI Incident Sharing Initiative to Improve AI Defences

• How to Implement Patch Management Software

• Understanding DNS MX Records and Their Role in Email Security

• CJIS v5.9.5

• Threat actors use copyright infringement phishing lure to deploy infostealers

• Quishing: A growing threat hiding in plain sight

• 5 Best Cybersecurity Certifications to Get in 2025

• Bridging the Digital Divide: Cisco’s Commitment to the BEAD Program

• Keeper Security Expands Leadership Team in Japan

• Sophos mounted counter-offensive operation to foil Chinese attackers

• Canadian Government Data Stolen By Chinese Hackers

• Halloween Frights of the Digital Age: Cyber Threats Haunting Us in 2024

• What is a Passkey? Definition, How It Works and More

• Defending Democracy From Cyber Attacks in 2024

• North Korean Hackers Team Up with Play Ransomware in Global Attack

• Inside Sophos’ 5-Year War With the Chinese Hackers Hijacking Its Devices

• Beyond Philanthropy: The Cisco Foundation’s Commitment to Thriving Communities

• Banking on AI to Defend the Financial Services Sector

• Yahoo Discloses NetIQ iManager Flaws Allowing Remote Code Execution

• Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups

• Google on scaling differential privacy across nearly three billion devices

• North Korean Hackers Collaborate with Play Ransomware

• How Agentic AI Became the Newest Form of Business Investment

• Noma is building tools to spot security issues with AI apps

• dope.security Embeds LLM in CASB to Improve Data Security

• New EU Law Expands Digital Resilience to Third-Party Dependencies: What is the Impact on Businesses

• 2024 looks set to be another record-breaking year for ransomware — and it’s likely going to get worse

• LottieFiles supply chain attack exposes users to malicious crypto wallet drainer

• Government Sector Suffers 236% Surge in Malware Attacks

• Meta Warns Of Accelerating AI Infrastructure Costs

• Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

• So long, SaaS: Klarna is right, DIY is the Future for AI-Enabled Businesses

• Mystic Valley Elder Services Data Breach Impacts 87,000 People

• Cynet enables 426% ROI in Forrester Total Economic Impact Study

• Russian Actor Midnight Blizzard Conducts Massive Spear-Phishing Campaign Using RDP Files

• A Halloween Haunting: Unveiling Cybersecurity’s Scary Stats

• API Security Matters: The Risks of Turning a Blind Eye

• North Korean hackers pave the way for Play ransomware

• Enterprise Identity Threat Report 2024: Unveiling Hidden Threats to Corporate Identities

• Trump Media Briefly Worth More Than X

• AI Helps Boost Microsoft Cloud Revenues By 33 Percent

• CyberPanel Vulnerabilities Exploited in Ransomware Attacks Shortly After Disclosure

• LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites

• Every Doggo Has Its Day: Unleashing the Xiū Gǒu Phishing Kit

• The best password manager for iPhone in 2024: Expert tested

• The Untold Story of Trump’s Failed Attempt to Overthrow Venezuela’s President

• QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024

• Loose-lipped neural networks and lazy scammers

• Lottie Player compromised in supply chain attack — all you need to know

• Over 80% of US Small Businesses Have Been Breached

• Federal agency confirms that a health data breach affects a third of Americans

• Russia Carrying Out Targeted Attacks In UK, Microsoft Warns

• Reddit Shares Surge On First-Ever Profit

• ExpressVPN rolls out three new ID theft tools to help you before, during, and after an incident

• Claro Enterprise Solutions helps organizations identify vulnerabilities within Microsoft 365

• Autumn Budget Hikes Business Taxes, Seeks Growth

• Tower PC case used as ‘creative cavity’ by drug importer

• A Wave of Identity Security Reports Defines a Big Problem

• CISA’s plan, North Korea comes to Play, FakeCall’s new tricks

• The evolution of open source risk: Persistent challenges in software security

• Facebook alerts users about the ongoing Malvertising Campaign

• Chinese attackers accessed Canadian government networks – for five years

• IoT needs more respect for its consumers, creations, and itself

• How agentic AI handles the speed and volume of modern threats

• 99% of CISOs work extra hours every week

• Why cyber tools fail SOC teams

• Simson Garfinkel on Spooky Cryptographic Action at a Distance

• ISC Stormcast For Thursday, October 31st, 2024 https://isc.sans.edu/podcastdetail/9204, (Thu, Oct 31st)

• New version of Android malware FakeCall redirects bank calls to scammers

• TNAFlix – 1,374,344 breached accounts

• October 2024 Activity with Username chenzilong, (Thu, Oct 31st)

• Microsoft Ignite: Sessions and demos to improve your security strategy

• Scans for RDP Gateways, (Wed, Oct 30th)

• IT Security News Daily Summary 2024-10-30

• Windows Themes zero-day bug exposes users to NTLM credential theft

• Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer

• The cybsecurity problems and opportunities facing open-source startups

• Sorry, Gas Companies – Parody Isn’t Infringement (Even If It Creeps You Out)

• Cloud Security Alliance Advocates Zero Trust for Critical Infrastructure

• How to create an incident response playbook with template

• The Frightening Stakes of this Halloween’s Net Neutrality Hearing

• OpenSSL Forms Business Advisory Committees – Shape the Future – Join Now!

• Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

• Triumphs, Trials, and Tangles From California’s 2024 Legislative Session

• Zero-Trust Log Intelligence: Safeguarding Data with Secure Access

• Russian Cozy Bear Hackers Phish Critical Sectors with Microsoft, AWS Lures

• Google’s AI system could change the way we write: InkSight turns handwritten notes digital

• Operation Magnus: Joint Law Enforcement Operation Targets Major Infostealer Networks

• Survey Surfaces Fundamental Weaknesses in API Security

• Citrix Boosts Security for Remote Application Accesses With “More Security Layers”

• Top AI security certifications to consider

• Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

• LiteSpeed Cache Plugin Vulnerability Poses Admin Access Risk

• 10,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in AI Power: Complete AI Pack WordPress Plugin

• Cyber Expert Points SMB Leaders to Patching as Important Tool for Avoiding Attacks

• Disastrous cyberattacks show organisations need to be more proactive in defence, says Oxylabs

• Elections and Financial Crime: Navigating a Shifting Landscape

• Establishing Security Guardrails in the Age of Shadow IT

• Compliance Automated Standard Solution (COMPASS), Part 7: Compliance-to-Policy for IT Operation Policies Using Auditree

• ‘We’re a Fortress Now’: The Militarization of US Elections Is Here

• No Matter What the Bank Says, It’s YOUR Money, YOUR Data, and YOUR Choice

• Why Did Snowflake Have a Target on It? Handling Data Warehouse Security Risks

• ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

• Avoiding Social Media Scams When Recovering a Locked Gmail Account

• When and Why to Consider a Data Removal Service

• Updated FakeCall Malware Targets Mobile Devices with Vishing

• Baby Reindeer—The dangers of real-life stalkers

• Diversity in leadership: Forge your own success

• ‘We’re a Fortress Now’: The Militarization of US Elections Is Here

• Fired Disney staffer accused of hacking menu to add profanity, wingdings, removes allergen info

• North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack

• Samsung Smart TVs gain FIPS 140-3 Certification related to data security

• Fired Disney staffer accused of hacking menu to add profanity, wingdings, while removing allergen info

• BOFHound: AD CS Integration

• Apple Rolls Out Major Security Update to Patch macOS and iOS Vulnerabilities

• New “Scary” FakeCall Malware Captures Photos and OTPs on Android

• Patch now! New Chrome update for two critical vulnerabilities

• Simpson Garfinkel on Spooky Cryptographic Action at a Distance

• Data Loss Prevention Startup MIND Emerges From Stealth With $11M in Funding

• XM Cyber Vulnerability Risk Management boosts prioritization with actual impact analysis

• Immuta Data Marketplace automates data access workflows

• Neon Authorize: Granular access controls at the database layer

• Ransomware hits web hosting servers via vulnerable CyberPanel instances

• 6 Steps for Cyber Resilience During the 2024 U.S. Presidential Election

• Cybersecurity Awareness Month: 5 new AI skills cyber pros need

• Change Healthcare Breach Hits 100M Americans

• The new Webroot PC Optimizer boosts computer performance

• Get Inspired and Go Beyond with Cisco Customer Experience at Cisco Live Melbourne

• Microsoft Warns of Russian Spear-Phishing Attacks Targeting Over 100 Organizations

• Webflow Sites Employed to Trick Users Into Sharing Login Details

• Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware

• Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information

• CISA Launches First International Cybersecurity Plan

• 7,500 Phishing Emails Use Interesting Obfuscation Method to Target Student Loan Holders

• Noma arrives to provide security from data storage to deployment for enterprise AI solutions

• Google fixed a critical vulnerability in Chrome browser

• Cato Networks Named to 2025 Fortune Cyber 60 List

• Russian spies use remote desktop protocol files in unusual mass phishing drive

• FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities

• Proofpoint Boosting Data Security with Normalyze Acquisition

• CHOROLOGY.ai Extends AI Reach to Classify Sensitive Data

• AI Cyberattacks Rise but Businesses Still Lack Insurance

• Product showcase: Shift API security left with StackHawk

• Over Half of US County Websites “Could Be Spoofed”

• No matter what the bank says, it’s YOUR money, YOUR data, and YOUR choice

• Voice of Practitioners 2024

• Securing AI Infrastructure for a More Resilient Future

• RCE Flaw Exposes 22,000 CyberPanel Instances to PSAUX Ransomware

• Embarking on a Compliance Journey? Here’s How Intruder Can Help

• Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code

• OpenAI Working With Broadcom, TSMC On First AI Chip

• AMD Reports Strong AI Chip Sales, Investors Unimpressed

• Master IT Fundamentals With This CompTIA Certification Prep Bundle

• WhiteRabbitNeo: High-Powered Potential of Uncensored AI Pentesting for Attackers and Defenders

• Midnight Blizzard Spearphishing Campaign Targets Thousands with RDP Files

• How AI Transforms the Employee Experience

• Back to the Future, Securing Generative AI

• Russian hackers deliver malicious RDP configuration files to thousands

• Robert Downey, Jr. Says He Would Sue Over AI Likeness

• Alphabet Sees Jump In Advertising, AI Cloud Revenues

• Trust Through Transparency: Regulation’s Role in Consumer Confidence

• APT29 Spearphishing Campaign Targets Thousands with RDP Files

• Writing a BugSleep C2 server and detecting its traffic with Snort

• Jumpy Pisces Engages in Play Ransomware

• Understanding SOX Requirements for IT and Cybersecurity Auditors

• 5 Steps to Assess the Cyber and Privacy Risk of Generative AI

• Why Does Every Retailer Need Penetration Testing to Ensure Customer Safety?

• Facial recognition is partially back to Facebook and Instagram

• TikTok Seeks ‘Trust’ In Global Markets

• EU Electric Vehicle Duties Come Into Force After China Talks Fail

• Google Patches Critical Chrome Vulnerability Reported by Apple

• Running JtR’s Tokenizer Attack

• Kaseya 365 User helps MSPs to protect user data

• New PySilon RAT Abusing Discord Platform to Maintain Persistence

• QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024

• Beijing claims it’s found ‘underwater lighthouses’ that its foes use for espionage

• Synology, QNAP, TrueNAS Address Vulnerabilities Exploited at Pwn2Own Ireland

• Seclore secures sensitive intellectual property and data in CAD files

• TikTok Parent Co-Founder Tops China Rich List

• Attacker Abuses Victim Resources to Reap Rewards from Titan Network

• Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

• Best Antivirus Software for Small Businesses in 2024

• VimeWorld – 3,118,964 breached accounts

• Five Eyes program, Chinese activity, Russian Linux

• US Elections 2024 are super prone to cyber attacks

• What to Do If Hit by Ransomware

• The Hidden Threat of Web Scraping and How to Fight Back

• 3 Key DSPM Takeaways from the Latest Gartner Report

• CRA Paid Millions in Bogus Refunds as Tens of Thousands of Tax Accounts Hacked: Cyber Security Today for Wednesday, October 30, 2024

• Stopping bad things from happening to good businesses

• Google Chrome Security, Critical Vulnerabilities Patched

• US Joins International Crackdown on RedLine and META Infostealers

• Simplifying decentralized identity systems for everyday use

• Risk hunting: A proactive approach to cyber threats

• 6 key elements for building a healthcare cybersecurity response plan

• How Security Automation Platforms Streamline SOC Operations

• ISC Stormcast For Wednesday, October 30th, 2024 https://isc.sans.edu/podcastdetail/9202, (Wed, Oct 30th)

• Italian Politicians Express Alarm at Latest Data Breach Allegedly Affecting 800,000 Citizens

• Uncle Sam outs a Russian accused of developing Redline infostealing malware

• Cast a hex on ChatGPT to trick the AI into writing exploit code

• What Is Secrets Management? Best Practices and Challenges

• PCI DSS Compliance Levels and Requirements: A Complete Guide

• PCI DSS Self-Assessment Questionnaires: Choosing the Right Type

• 2024 Startup Battlefield Top 20 Finalists: ForceField

• How to jailbreak ChatGPT and trick the AI into writing exploit code using hex encoding

• IT Security News Daily Summary 2024-10-29

• International law enforcement operation dismantled RedLine and Meta infostealers

• Master Incident Response with Hands-On Training in IR-200: Foundational Incident Response

• Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files

• Tony Fadell: Innovating to save our planet | Starmus highlights

• DEF CON 32 – AppSec Village – Got 99 Problems But Prompt Injection Ain’t Watermelon

• REvil convictions unlikely to curb Russian cybercrime

• CISA Releases Its First Ever International Strategic Plan

• You’re going to get hacked. But here’s how to avoid a cybersecurity disaster

• How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware

• Operation Magnus: Police Dismantles RedLine and META Infostealer Infrastructure

• GitHub Copilot Autofix expands as AI snags software delivery

• Daniel Stori’s Turnoff.US: ‘Security Engineer Interview’

• New LightSpy Spyware Targets iOS with Enhanced Capabilities

• Unifying SecOps and Observability for Enhanced Cloud Security in Azure

• The 8 Best Network Monitoring Tools for 2024

• Comparing Antivirus Software 2025: Avast vs. AVG

• Belgian cops cuff 2 suspected cybercrooks in Redline, Meta infostealer sting

• TikTok ‘Infinite Money Glitch’ — Idiots Chased by JPMorgan

• US charges suspected Redline infostealer developer, admin

• Chenlun’s Evolving Phishing Tactics Target Trusted Brands

• Navigating Privacy Concerns on Google Maps: Understanding the Blurring Feature

• Russian Malware Attack Targets Ukrainian Military Recruits via Telegram

• The Internet Archive is finally mostly back online after a series of cyberattacks

• The story behind the Health Infrastructure Security and Accountability Act

• Power Your GenAI Ambitions with New Cisco AI-Ready Data Center Infrastructure

• Artificial Intelligence (AI) Takes the Spotlight in Cisco’s 7th Annual Global Partner Innovation Challenge

• The Zensory and POPP3R Cybersecurity Partner to Boost Mindful Security Behaviour in North America

• Proofpoint to Acquire Data Security Posture Management Firm Normalyze

• Amazon Identified Internet domains Exploited by Russian APT29

• Prometei Botnet: The Persistent Threat Targeting Global Systems

• CISA Releases Three Industrial Control Systems Advisories

• Siemens InterMesh Subscriber Devices

• Delta Electronics InfraSuite Device Master

• Solar-Log Base 15

• Building Resilience: A Post-Breach Security Strategy for Any Organization

• Admins better Spring into action over latest critical open source vuln

• DigiCert – It’s a Matter of Trust

• Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

• The Cloud Latency Map measures latency across 100+ cloud regions

• Why safeguarding sensitive data is so crucial

• Revolutionizing Dairy Farming with Digital Solutions

• RedLine and Meta Infostealers Disrupted by Law Enforcement

• Securiti Gencore AI accelerates GenAI adoption in the enterprise

• Researchers Uncover Vulnerabilities in Open-Source AI and ML Models

• Law Enforcement Operation Takes Down Redline and Meta Infostealers

• Hackers Use Fog Ransomware To Attack SonicWall VPNs And Breach Corporate Networks

• New Windows Downgrade Attack Let Hackers Downgrade Patched Systems To Exploits

• Notorious WrnRAT Delivered Mimic As Gambling Games

• Best AI Security Tools: Top Solutions, Features & Comparisons

• MoneyGram replaces CEO weeks after massive customer data breach

• Cisco Crisis Response: Reinstating Connectivity to Communities Impacted by Hurricane Helene

• Enhancing Cybersecurity Skills in the U.S. Military and Department of Defense: The Cisco Winning Path to Certification

• Court Orders Google (a Monopolist) To Knock It Off With the Monopoly Stuff

• Update your iPhone, Mac, Watch: Apple issues patches for several vulnerabilities

• Zenity Raises $38 Million to Secure Agentic AI

• Aviatrix unveils features to simplify network security management

• Beyond the Login ? Keeping Accounts Secure with Lifecycle Protection

• Augmenting Training Datasets Using Generative AI

• Fitness App Strava Gives Away Location of Biden, Trump and other Leaders, French Newspaper Says

• Connected car security: Software complexity creates bumps in the road

• Zenity raises $38 million to secure agentic AI

• Phishers reach targets via Eventbrite services

• NIS2 Compliance Puts Strain on Business Budgets

• RedLine and META Infostealers Infrastructure Seized by Authorities

• 10 Reflections and Learnings From My Transformative First Year and a Half at Cisco

• Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

• Corero CORE turns isolated security events into actionable intelligence

• Akamai strenghtens protection against account abuse

• Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus

• A Sherlock Holmes Approach to Cybersecurity: Eliminate the Impossible with Exposure Validation

• Suspicious Social Media Accounts Deployed Ahead of COP29

• White House Finalises China Tech Investment Curbs

• QR Codes Enable New Enterprise Phishing Threat

• How to configure and customize Kali Linux settings

• Law Enforcement Deanonymizes Tor Users

• July 2024 Cyber Attacks Statistics

• Spooky Spam, Scary Scams: Halloween Threats Rise

• What’s New with the TSA’s Oil and Gas Security Directives?

• CIS Control 15: Service Provider Management

• Merde! Macron’s bodyguards reveal his location by sharing Strava data

• Latest Funding Round Values Start-Up Sierra AI At $4.5bn

• Toyota, NTT Invest $3bn In Autonomous Driving

• Chinese Hackers Scanning Canadian IT Systems for Vulnerabilities

• Lumma/Amadey: fake CAPTCHAs want to know if you’re human

• How to Improve the Security of AI-Assisted Software Development

• Patching problems: The “return” of a Windows Themes spoofing vulnerability

• Canada Says Chinese Reconnaissance Scans Targeting Government Organizations

• Five Eyes Agencies Launch Startup Security Initiative

• Intel Invests $300m To Expand China Chip Processing Plant

• Apple Rolls Out First iPhone AI Features In Software Update

• SMB Force-Authentication Vulnerability Impacts All OPA Versions For Windows

• Apple Patches Over 70 Vulnerabilities Across iOS, macOS, Other Products

• October Cybersecurity Awareness Month: Ensuring Data Security and Compliance is an Ongoing Concern

• PIXM protects MSPs from credential theft and phishing attacks

• ICO: 55% of UK Adults Have Had Data Lost or Stolen

• ClickFix Malware Infect Website Visitors Via Hacked WordPress Websites

• Hardcoded Creds in Popular Apps Put Millions of Android and iOS Users at Risk

• Latrodectus Employs New anti-Debugging And Sandbox Evasion Techniques

• Nadella’s Microsoft Pay Jumps 63 Percent In Spite Of Incentive Cut

• New ChatGPT-4o Jailbreak Technique Enabling to Write Exploit Codes

• Five Eyes nations tell tech startups to take infosec seriously. Again

• Russia-linked espionage group UNC5812 targets Ukraine’s military with malware

• U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing

• 49% of Enterprises Fail to Identify SaaS Vulnerabilities

• RedLine and Meta infostealer takedown, Russian-backed malware, French telecom breach

• Apple iPhone Users Urged to Upgrade to iOS 18.1 for Enhanced Security

• Understanding Cloud Identity Security (CIS)

• Nintendo Warns of Phishing Attack Mimics Company Email Address

• Innovator Spotlight: Cloud Range

• Wanted. Top infosec pros willing to defend Britain on shabby salaries

• New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors

• Inside console security: How innovations shape future hardware protection

• Cybersecurity jobs available right now: October 29, 2024

• OT PCAP Analyzer: Free PCAP analysis tool

• Cyware and ECS Partner to Enhance Government Cybersecurity with Advanced Threat Intel Exchange

• Malicious npm Packages Found to Distribute BeaverTail Malware

• The state of password security in 2024

• Combatting Human Error: How to Safeguard Your Business Against Costly Data Breaches

• Trust and risk in the AI era

• Armis Raises $200M at $4.2B Valuation, Eyes IPO

• ISC Stormcast For Tuesday, October 29th, 2024 https://isc.sans.edu/podcastdetail/9200, (Tue, Oct 29th)

• 2024 Startup Battlefield Top 20 Finalists: DGLegacy

• IT Security News Daily Summary 2024-10-28

• Adding threat detection to custom authentication flow with Amazon Cognito advanced security features

• Vulnerability Recap 10/28/24 – Phishing, DoS, RCE & a Zero-Day

• France’s second-largest telecoms provider Free suffered a cyber attack

• The SaaS Governance Gap | Grip Security

• Exploring AAA and TACACS Configuration with Cisco Modeling Labs

• Apple Updates Everything, (Mon, Oct 28th)

• How to identify and prevent insecure output handling

• Top 10 Governance, Risk & Compliance (GRC) Tools

• Leading through learning with Cisco 360 Partner Program

• JPMorgan Chase sues scammers following viral ‘infinite money glitch’

• Spring 2024 PCI DSS and 3DS compliance packages available now

• Apple Launches ‘Apple Intelligence’ and Offers $1M Bug Bounty for Security

• The most secure browser on the web just got a major update – what’s new

• Feds investigate China’s Salt Typhoon amid campaign phone hacks

• INE Launches Initiative to Optimize Year-End Training Budgets with Enhanced Cybersecurity and Networking Programs

• India’s New SMS Traceability Rules to Combat Fraud Begin November 1, 2024

• Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

• Check Point Software Celebrates Irish Partner Success

• Russian Court Jails Four REvil Ransomware Gang Members

• What is authentication, authorization and accounting (AAA)?

• Wiz CEO says company was targeted with deepfake attack that used his voice

• Wiz CEO explains why he turned down a $23 billion deal

• Cop Companies Want All Your Data and Other Takeaways from This Year’s IACP Conference

• Data Masking Challenges: Overcoming Complexities in Multi-Database Environments

• NTT Data Taps Palo Alto Networks for MXDR Service

• The Evolution of Phishing Emails: From Simple Scams to Sophisticated Cyber Threats

• Insider threat hunting best practices and tools

• Delta sues CrowdStrike over IT outage fallout

• How a CISO Should Brief the Board of Directors

• DEF CON 32 – AppSec Village – Transforming AppSec Protecting ‘Everything as Code

• DEF CON 32 – AppSec Village – 0 0 0 0 Day Exploiting Localhost APIs From The Browser

• Randall Munroe’s XKCD ‘Sandwich Helix’

• Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services

• How to implement trusted identity propagation for applications protected by Amazon Cognito

• NEW Qilin Ransomware Variant Emerges with Improved Evasion Techniques

• Embargo Ransomware Uses Custom Rust-Based Tools for Advanced Defense Evasion

• UnitedHealth Claims Data of 100 Million Siphoned in Change Healthcare Breach

• Evasive Panda’s CloudScout Toolset Targets Taiwan

• Black Basta operators phish employees via Microsoft Teams

• Types of cybersecurity controls and how to place them

• Criminals Are Blowing up ATMs in Germany

• New Type of Job Scam Targets Financially Vulnerable Populations

• Educated people becoming prime targets to Cyber Frauds

• Advanced CI/CD Pipeline Optimization Techniques Using GitHub Actions

• Europol warns about counterfeit goods and the criminals behind them

• Brazen crims selling stolen credit cards on Meta’s Threads

• Google Invests in Alternative Neutral Atom Quantum Technology

• Vulnerability Summary for the Week of October 21, 2024

• BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers

• Russian Espionage Group Targets Ukrainian Military with Malware via Telegram

• Russian Malware Campaign Targets Ukrainian Recruits Via Telegram

• You’re Invited: Rampant Phishing Abuses Eventbrite

• Strengthening Cyber Preparedness through Collaborative Efforts

• Google: Russia Targeting Ukrainian Military Recruits With Android, Windows Malware

• Armis raises $200 million to fuel growth strategy

• Using AUTHID Parameter in Oracle PL/SQL

• A crime ring compromised Italian state databases reselling stolen info

• EU to Apple: “Let Users Choose Their Software”; Apple: “Nah”

• Bad Bots: 6 Common Bot Attacks and Why They Happen

• CrowdStrike outage explained: What caused it and what’s next

• Police operation claims takedown of prolific Redline and Meta password stealers

• Delta officially launches lawyers at $500M CrowdStrike problem

• How To Find & Delete Specific Emails in Gmail using Cloud Monitor by ManagedMethods

• Energy Sector Faces Heightened Supply Chain Risks Amid Growing Dependence on IT and Software Vendors

• Police hacks, disrupts Redline, Meta infostealer operations

• Filigran Secures $35M Investment to Disrupt Threat Intel

• Entrust helps banks fight fraud during account opening

• Cybercriminals Pose a Greater Threat of Disruptive US Election Hacks Than Russia or China

• Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives

• 2024 Cloud Security Report Trend Micro

• Protecting university students with robust network solutions

• TeamTNT Exploits 16 Million IPs in Malware Attack on Docker Clusters

• 2025 Cyber Security Predictions – The Rise of AI-Driven Attacks, Quantum Threats, and Social Media Exploitation

• Abstract Security Raises $15 Million in Series A Funding

• THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 – Oct 27)

• Dutch cops pwn the Redline and Meta infostealers, leak ‘VIP’ aliases

• Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

• ExtremeCloud Universal ZTNA enhancements boost visibility and security

• CISA Launches #PROTECT2024 Election Threat Updates Webpage

• China Hackers Targeted Harris, Trump, Vance Phones

• Norwegian Investor Dumps Palantir Over AI Surveillance

• Microsoft Brings Call Of Duty To Game Pass In Major Bet

• Vulnerabilities in Realtek SD Card Reader Driver Impacts Dell, Lenovo, & Others Laptops

• AP Sources: Chinese Hackers Targeted Phones of Trump, Vance, People Associated With Harris Campaign

• PwC Survey Surfaces Lack of Focus on Cyber Resiliency

• Sailing the Seven Seas Securely from Port to Port – OT Access Security for Ships and Cranes

• Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials

• Four REvil Ransomware Group Members Sentenced to Prison in Russia

• Jumio Liveness detects various sophisticated spoofing attacks

• Trending Cybersecurity News Headlines on Google

• Key Cybersecurity Trends Every CISO Should be well aware off

• Nvidia Surpasses Apple As World’s Most Valuable Company

• Meta Adds Reuters Content To AI Chatbot

• Why Security Configuration Management (SCM) Matters

• 5 Things to Learn About COBIT

• Hiring Kit: Computer Forensic Analyst

• Is Firefox Password Manager Secure?

• Researchers Discover Over 70 Zero-Day Bugs at Pwn2Own Ireland

• A week in security (October 21 – October 27)

• TSMC Arizona Chip Plant Yields 4 Percent Higher Than Taiwan

• Huawei Begins Staffing Massive New Research Campus

• AI-Powered BEC Scams Zero in on Manufacturers

• Black Basta affiliates used Microsoft Teams in recent attacks

• Delta Sues Cybersecurity Firm CrowdStrike Over Tech Outage That Canceled Flights

• Shein Profits Drop 70 Percent

• Silicon In Focus Podcast: A New Age of Cyberculture?

• Internet Archive Hacked, Introducing The AI Toilet Camera

• Filigran raises $35 million to drive global expansion

• Integrating Password Managers with Other Tools

• Self-contained HTML phishing attachment using Telegram to exfiltrate stolen credentials, (Mon, Oct 28th)

• Critical WhatsUp Gold Authentication Flaw Exposes Organizations to Cyber Attack

• Industry Moves for the week of October 28, 2024 – SecurityWeek

• Cyber Guru Raises $25 Million for Training Platform

• Historic Change Healthcare breach, Telcom hacks investigation, Delta sues CrowdStrike

• Filigran secures $35M for its cybersecurity threat management suite

• Apple Offers 1 Million Dollar Bug Bounty For It’s Apple Intelligence Services: Cyber Security Today for Monday, October 28, 2024

• WordPress forces user conf organizers to share social media credentials, arousing suspicions

• A good cyber leader prioritizes the greater good

• Four Evil Ransomware Operators Sentenced For Hacking Enterprises

• How isolation technologies are shaping the future of Kubernetes security

• Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel

• Fraudsters revive old tactics mixed with modern technology

• Cloud Security Essentials

• Enhancing Email Security: The Pivotal Role of AI in Defending Against Evolving Cyber Threats

• Adversarial groups adapt to exploit systems in new ways

• Top 10 strategic technology trends shaping the future of business

• Antivirus Software

• ISC Stormcast For Monday, October 28th, 2024 https://isc.sans.edu/podcastdetail/9198, (Mon, Oct 28th)

• Inside the Open Directory of the “You Dun” Threat Group

• StreamCraft – 1,772,620 breached accounts

• IT Security News Weekly Summary – Week 43

• IT Security News Daily Summary 2024-10-27

• How Has Video Analytics Enhanced Security and Efficiency?

• The Imperative of Penetration Testing AI Systems

• Orchestrating Success: How Rehearsals in Music Mirror Cybersecurity Resiliency

• DEF CON 32 – AppSec Village – Ticking SQLi

• Two currently (old) exploited Ivanti vulnerabilities, (Sun, Oct 27th)

• UnitedHealth Confirms 100M Affected in Record-Breaking Change Healthcare Hack

• Microsoft: Healthcare Sector Sees 300% Surge in Ransomware Assaults

• Senator accuses sloppy domain registrars of aiding Russian disinfo campaigns

• Think You’re Safe? Cyberattackers Are Exploiting Flaws in Record Time

• Massive Data Breach in Mexican Health Care Sector Exposes 5.3 Million Users’ Data

• Adversarial SysAdmin – The Key to Effective Living off the Land

• Security Affairs newsletter Round 495 by Pierluigi Paganini – INTERNATIONAL EDITION

• SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 17

• Four REvil Ransomware members sentenced for hacking and money laundering

• FIPS 140-3 changes for PKCS #12

• Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE

• PRODUCT REVIEW: Fortra’s Digital Brand Protection Solution

• Beware of Shadow AI Haunting Organizations This Halloween

• Must-have security features in insurance policy management software

• Groundbreaking AI Engine to Transform Data Compliance and Security Management

Generated on 2024-11-03 23:58:08.652896