IT Security News Weekly Summary – Week 35

New Version of Snake Keylogger Targets Victims Through Phishing Emails

Introducing the “World’s Most Private VPN” – Now Open for Testers

Wireshark 4.4: Converting Display Filters to BPF Capture Filters, (Sun, Sep 1st)

Happy United States Labor Day 2024 / Feliz Fin de Semana del Día del Trabajo de Estados Unidos 2024 / Joyeux Fin de Semaine de la Fête du Travail aux États-Unis 2024

The Corona Mirai Botnet: Exploiting End-of-Life IP Cameras

AT&T Claims It Has Fixed Software Bug That Caused An Outage For Some Wireless Users

New “sedexp” Linux Malware Remained Undetected For Two Years

Google Confirmed A Now-Patched Chrome Vulnerability As Zero-Day

Notion Announced Exiting Russia Following US Restrictions

Microsoft Patched Copilot Vulnerabilities That Could Expose Data

Malware Botnet Exploits Vulnerable AVTECH IP Cameras

7 password rules to live by in 2024, according to security experts

Massive Data Breach Exposes Sensitive Information Linked to ServiceBridge Platform

Guide to Securing Your Software Supply Chain: Exploring SBOM and DevSecOps Concepts for Enhanced Application Security

An air transport security system flaw allowed to bypass airport security screenings

The Evolution of Device Recognition to Attack Fraud at-Scale

Hacker Who Took Down North Korea’s Internet Reveals Key Insight

Security Affairs newsletter Round 487 by Pierluigi Paganini – INTERNATIONAL EDITION

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 9

Market Moveis – 28,220 breached accounts

Week in review: SonicWall critical firewalls flaw fixed, APT exploits WPS Office for Windows RCE

IT Security News Monthly Summary – September

IT Security News Daily Summary 2024-08-31

North Korea-linked APT Citrine Sleet exploit Chrome zero-day to deliver FudModule rootkit

Check your IP cameras: There’s a new Mirai botnet on the rise

Espionage Concerns Arise from Newly Discovered Voldemort Malware

Happy United States Labor Day Weekend 2024 / Feliz Fin de Semana del Día del Trabajo de Estados Unidos 2024 / Joyeux Fin de Semaine de la Fête du Travail aux États-Unis 2024

North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit

Three Major Issues Family Offices Face With Private Market Data

Choosing the Right Browser: Privacy Tips from Apple and Google

New Voldemort Malware Uses Google Sheets to Target Key Sectors Globally

Black Basta Cybersecurity Advisory: Endpoint Protection for Healthcare

4 Tips for Optimizing Your GRC Strategy

Modern Strategies for IoT Device Fingerprinting

Project Strawberry: Advancing AI with Q-learning, A* Algorithms, and Dual-Process Theory

Full-Stack Security Guide: Best Practices and Challenges of Securing Modern Applications

Taylor Swift Concert Terror Plot Was Thwarted by Key CIA Tip

Missing Guardrails, a Troubling Trend in Data Protection

Rocinante: The Trojan Horse That Wanted to Fly

FBI: RansomHub Ransomware Breached 210 Victims Since February 2024

New Snake Keylogger Variant Slithers Into Phishing Campaigns

Mastering AI & Cybersecurity: Navigating the Future – A Special Panel Discussion

Wireshark 4.4.0 is now available, (Sat, Aug 31st)

Godzilla Fileless Backdoors Targeting Atlassian Confluence

Suspected Espionage Campaign Delivers New Voldemort Malware

Operation DevilTiger: APT-Q-12’s Shadowy Tactics and Zero-Day Exploits Unveiled

Key Takeaways from SiRAcon ’24: An Axio Perspective

RansomHub hits 210 victims in just 6 months

ASPM and Modern Application Security

The French Detention: Why We’re Watching the Telegram Situation Closely

IT Security News Daily Summary 2024-08-30

AI is growing faster than companies can secure it, warn industry leaders

Green Berets storm building after hacking its Wi-Fi

Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day

5 Key Cybersecurity Trends to Know in 2024

Fortra fixed two severe issues in FileCatalyst Workflow, including a critical flaw

Governments need to beef up cyberdefense for the AI era – and get back to the basics

US-China relationship remains ‘competitive’, as steps towards diplomacy strengthen

US CERT Alert AA24-242A (RansomHub Ransomware)

Twitch’s Drop Ins Feature Turned On VTubers’ Cameras Without Consent

Governments need to beef up cyberdefense for the AI era – and go back to the basics

USENIX Security ’23 – Pool-Party: Exploiting Browser Resource Pools For Web Tracking

Randall Munroe’s XKCD ‘Stranded’

Chinese Hackers Exploit Serious Flaw in Versa SD-WAN Systems

Bling Libra Shifts Focus to Extortion in Cloud-Based Attacks

Check Point Celebrates International Women in Cyber Day 2024

North Korean hackers exploited Chrome zero-day to steal crypto

US Offers $2.5 Million Reward for Hacker Linked to Angler Exploit Kit

The California Supreme Court Should Help Protect Your Stored Communications

Making Progress and Losing Ground

Automatically replicate your card payment keys across AWS Regions

Seven Deadly Myths of DDoS Protection

Durex data breach leaks sensitive details of customers

Iranian cybercriminals are targeting WhatsApp users in spear phishing campaign

Governments need to beef up cyberdefense for the AI era – which means going back to the basics

Simplify identity management with Red Hat IdM

Use cases and ecosystem for OpenShift confidential containers

Exploring the OpenShift confidential containers solution

RansomHub Breached Over 200 Victims, the FBI Says

What Is XDR Threat Hunting?

‘Store Now, Decrypt Later’: US Leaders Prep for Quantum Cryptography Concerns

Cybercriminals Capitalize on Travel Industry’s Peak Season

GitHub Copilot Security and Privacy Concerns: Understanding the Risks and Best Practices

Best Practices to Help Meet PCI DSS v4.0 API Security Compliance

FAA Grounds SpaceX Falcon 9 Rocket After Landing Failure

The Enterprise Guide to Cloud Security Posture Management

How Cisco AACPC Partner IP Consulting Transformed IT for Lowell Light and Power

Employee Arrested for Locking Windows Admins Out of 254 Servers in Extortion Plot

Innovator Spotlight: SNYK

Publishers Spotlight: Blumira

The Dual Nature of Telegram: From Protest Tool to Platform for Criminal Activity

Private Data of 950K Users Stolen in BlackSuit Ransomware Attack

Enhancing EU Cybersecurity: Key Takeaways from the NIS2 Directive

Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign

Apple, Nvidia In Talks To Join OpenAI Funding Round – Report

4 AI cybersecurity jobs to consider now and in the future

Third-Party Risk Management is Under the Spotlight

Top Travel Scams to Watch Out For: Protect Your Vacation from Common Fraud Schemes

Cyberattackers Exploit Google Sheets for Malware Control in Global Espionage Campaign

Russian APT29 Using NSO Group-Style Exploits in Attacks, Google

7 Smart Steps to Run Serverless Containers on Kubernetes

Ransomware Roundup – Underground

UK Labour Party Reprimanded Over Cyberattack Backlog by Privacy Regulator

Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers

Report: Ransomware Attacks on US Schools and Colleges Cost $9.45 Billion

In Other News: Automotive CTF, Deepfake Scams, Singapore’s OT Security Masterplan

Published Vulnerabilities Surge by 43%

Iranian Threat Group Attack US Organization via Ransomware

Wireshark 4.4 Released With New I/O Graphs, Flow Graph / VoIP Calls, TCP Stream

Radware Report Surfaces Increasing Waves of DDoS Attacks

How RansomHub went from zero to 210 victims in six months

Intel To Present Board With Strategic Options – Report

Voldemort Threat Actors Abusing Google Sheets to Attack Windows Users

Manufacturing Sector Under Fire From Microsoft Credential Thieves

Integrity360 Expands to South Africa with Grove Acquisition

Year-Long Malware Campaign Exploits NPM to Attack Roblox Developers

South Korea-linked group APT-C-60 exploited a WPS Office zero-day

The NIS2 Directive: How Far Does it Reach?

Fortra Patches Critical Vulnerability in FileCatalyst Workflow

INE Security Named 2024 SC Awards Finalist

Cybersecurity Insurance: Signals Maturity to Partners, Improved Security Response

Iranian Hackers Set Up New Network to Target U.S. Political Campaigns

Malware Masquerading as Palo Alto GlobalProtect Tool Targets Middle East Users

FBI: RansomHub Hits Over 200 Entities Since Feb

Top Cost-Effective Cybersecurity Strategies for SMBs

Philippines: Intel Fusion Center Eyed to Boost Cybersecurity

California Passes Landmark Bill Requiring Easier Data Sharing Opt-Outs for Consumers

PoorTry Windows Driver Deletes Crucial Files to Impairs Windows Computers

Veeam Widens Beam to MongoDB, Nutanix & Proxmox VE

New Malware Masquerades as Palo Alto VPN Targeting Middle East Users

Unpatchable Zero-Day in Surveillance Cameras is Being Exploited to Install Mirai

Cisco Bolsters AI Security by Buying Robust Intelligence

Russian Hackers Use Commercial Spyware Exploits to Target Victims

TLD Tracker: Exploring Newly Released Top-Level Domains

.NET-based Snake Keylogger Attack Windows Using Weaponized Excel Documents

LummaC2 Infostealer Resurfaces with Obfuscated PowerShell Tactics

Top 5 Cyber Security Companies in Mumbai

Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals

Cybersecurity News: DICK’S Sporting Goods cyberattack, Brain Cipher hacked Paris

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence

Threat actors exploit Atlassian Confluence bug in cryptomining campaigns

New Tickler Malware Used to Backdoor US Government, Defense Organizations

What is a QR Code Scam?

Attackers Spread Lumma Stealer Malware GitHub Comments

The top 10 most-searched data security terms in the US: Can you define them?

2 Men From Europe Charged With ‘Swatting’ Plot Targeting Former US President and Members of Congress

Hackers Exploited Digital Advertising Tools to Launch Malicious Campaigns

DMARC Deployment Phases: What to Expect and How to Prepare

Accenture expands partnership with Google Cloud to boost AI adoption and cybersecurity

Hackers Repeatedly Using Same iOS & Chrome Exploits to Attack Government Websites

US Election-Themed Phishing Scams Rely on Fake Donation Sites

Buffer Overflow Flaw in TP-Link Routers Opens Door to RCE

Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns

New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads

SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments

North Korean Hackers Target Developers with Malicious npm Packages

Deepfake Scams, Fake Global Protect Malware, and Russian Threats:Cybersecurity Today: for Friday, August 30th, 2024

Palo Alto Networks found to spread Malware

How Ransomware Is Evolving into a Geopolitical Weapon

Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

Lookiero – 4,981,760 breached accounts

Iran hunts down double agents with fake recruiting sites, Mandiant reckons

Sinon: Open-source automatic generative burn-in for Windows deception hosts

A macro look at the most pressing cybersecurity risks

New infosec products of the week: August 30, 2024

Cyber threats that shaped the first half of 2024

ISC Stormcast For Friday, August 30th, 2024 https://isc.sans.edu/podcastdetail/9120, (Fri, Aug 30th)

2024-08-30 – Approximately 11 days of server scans and probes

Simulating Traffic With Scapy, (Fri, Aug 30th)

2024-08-29 – Phishing email and traffic to fake webmail login page

US indicts duo over alleged Swatting spree that targeted elected officials

The Role of AI in Enhancing Patient Experience in HealthTech

Who Owns Implementation of California’s New Workplace Violence Prevention Law?

What a coincidence. Spyware makers, Russia’s Cozy Bear seem to share same exploits

IT Security News Daily Summary 2024-08-29

High Fidelity Data: Balancing Privacy and Usage

Nvidia’s ‘Eagle’ AI sees the world in Ultra-HD, and it’s coming for your job

Cisco addressed a high-severity flaw in NX-OS software

The art and science behind Microsoft threat hunting: Part 3

Threat Actors Exploit Microsoft Sway to Host QR Code Phishing Campaigns

Oh, great. Attacks developed by spyware vendors are being re-used by Russia’s Cozy Bear cretins

10 ways to speed up your slow internet connection today

Cisco Umbrella for Government: DNS Security Integrated With CISA Protective DNS

The 25% off Blink Mini 2 is one of the best security cameras deals this Labor Day

Preventing counterfeiting by adding dye to liquid crystals to create uncrackable coded tags

The AppViewX Experience: A Journey to Seamless Solution Onboarding

CISA Launches New Portal to Improve Cyber Reporting

Fake Canva home page leads to browser lock

Feds claim sinister sysadmin locked up thousands of Windows workstations, demanded ransom

What kind of summer has it been?

OpenAI, Anthropic To Share AI Models With US Government

6 Principles for Use of AI in K12 Education

Top Cybersecurity Companies You Need to Know in 2024 (And How to Choose One)

Musk Row With Brazil Continues, As Supreme Court Threatens To Suspend X

#StopRansomware: RansomHub Ransomware

Flying through Seattle’s hacked airport

Key Strategies for Building Cyber Workforce Resilience

Gaps in Skills, Knowledge, and Technology Pave the Way for Breaches

Innovator Spotlight: ThreatLocker

Spotlight on Sysdig

Spotlight on Akto.ai

Rock Chrome hard enough and get paid half a million

USENIX Security ’23 – RøB: Ransomware over Modern Web Browsers

Elevating your secrets security hygiene: H1 roundup of our product innovations

Cyberattacks Skyrocket in India, Are We Ready for the Digital Danger Ahead?

Check Point Software acquires Cyberint Technologies

Google Mulling ‘Hyperscale’ Vietnam Data Centre – Report

The best free VPNs of 2024: Expert tested

2.5 Million Reward Offered For Cyber Criminal Linked To Notorious Angler Exploit Kit

Flying through Sea-Tac’s hacked airport

Stay in the H2 know – providing clean water with Cisco industrial IoT

Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published

Innovator Spotlight: Beyond Identity

Innovator Spotlight: Zenity

Innovator Spotlight: Traceable AI

Dick’s Sporting Goods Says Sensitive Data Exposed in Cyberattack

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32

North Korean Hackers Launch New Wave of npm Package Attacks

Intel Questioned By US Senator Over Job Cuts After $20bn Grant, Loans

Hackers Calling Employees to Steal VPN Credentials from US Firms

Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs

Rockwell Automation ThinManager ThinServer

Delta Electronics DTN Soft

Zero touch provisioning with Cisco Firewall Management Center Templates

Customer Experience is a Learning Experience

Top Data Center Priorities—Evolving Needs for Scaling Infrastructure

The Power of Reporting at Cisco Black Belt Academy: Driving Success for Partners

Innovator Spotlight: Reco.ai

BlackByte Ransomware Outfit is Targeting More Orgs Than Previously Known

Snowflake Faces Declining Growth Amid Cybersecurity Concerns and AI Expansion

BlackByte Adopts New Tactics, Targets ESXi Hypervisors

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 19, 2024 to August 25, 2024)

Inside the NIST Cybersecurity Framework 2.0 and API Security

A Measure of Motive: How Attackers Weaponize Digital Analytics Tools

Shares In Nvidia Fall, Despite Record Profits, Sales

How to embrace Secure by Design principles while adopting AI

Powerful Spyware Exploits Enable a New String of ‘Watering Hole’ Attacks

Check Point Joins Esteemed Sponsors of Security Serious Unsung Heroes Awards 2024

International Cyber Expo’s 2024 Tech Hub Stage Agenda Showcases the Future of Cybersecurity Innovation, From AI to Automation

Dick’s Sporting Goods Discloses Cyberattack

What is Gift Card and Loyalty Program Abuse?

Strata Identity to Host Tear Down and Modernization Webinar for Legacy Identity Infrastructures

Rain Technology Laptop Switchable Privacy protects against visual hackers and snoopers

Unpatched CCTV Cameras Exploited to Spread Mirai Variant

Corona Mirai botnet spreads via AVTECH CCTV zero-day

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites

Marketing Trends: How to Use Big Data Effectively

Russia’s APT29 using spyware exploits in new campaigns

Russian government hackers found using exploits made by spyware companies NSO and Intellexa

Critical Fortra FileCatalyst Workflow Vulnerability Patched (CVE-2024-6633)

Strengthening Your Cybersecurity Insurance Posture with Privileged Access Management (PAM) Solutions

Brain Cipher claims attack on Olympic venue, promises 300 GB data leak

Harmful ‘Nudify’ Websites Used Google, Apple, and Discord Sign-On Systems

Cisco Patches Multiple NX-OS Software Vulnerabilities

Iranian State Hackers Team Up with Ransomware Gangs in Attacks on US

Telegram CEO Pavel Durov charged with allowing criminal activity

AI Hype vs Hesitence

A Guide To Selecting The Best URL Filtering Software

Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks

How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back

U.S. Agencies Warn of Iranian Hacking Group’s Ongoing Ransomware Attacks

Surge in New Scams as Pig Butchering Dominates

Telegram’s Pavel Durov Charged For Allowing Criminal Activity On App

NordVPN vs Proton VPN (2024): Which VPN Should You Choose?

Telegram CEO Pavel Durov charged in France for facilitating criminal activities

May 2024 Cyber Attacks Statistics

Threat Group ‘Bling Libra’ Pivots to Extortion for Cloud Attacks

Iranian Hackers Secretly Aid Ransomware Attacks on US

The Emerging Dynamics of Deepfake Scam Campaigns on the Web

Google, Apple, and Discord Let Harmful AI ‘Undress’ Websites Use Their Sign-On Systems

Meeting the New Cyber Insurance Requirements

Hundreds of LLM Servers Expose Corporate, Health & Other Online Data

What’s Working With Third-Party Risk Management?

Exploring the VirusTotal Dataset | An Analyst’s Guide to Effective Threat Research

Scam Sites at Scale: LLMs Fueling a GenAI Criminal Revolution

Analysis of two arbitrary code execution vulnerabilities affecting WPS Office

Stealing cash using NFC relay – Week in Security with Tony Anscombe

Don’t Leave Your Digital Security to Chance: Get Norton 360

CISA Adds Google Chromium V8 Bug to its Known Exploited Vulnerabilities Catalog

AWS Load Balancer Plagued by Authentication Bypass Flaw

Iranian Hackers Use New Tickler Malware to Collect Intel From US, UAE

Cybersecurity News: Iran hacking, Labour Party backlog, more Telegram warrants

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

Sweat Sensors Raise Health Benefits and Privacy Concerns

Bitwarden introduces enhanced inline autofill feature for credit cards and identities

IT Engineer Charged For Attempting to Extort Former Employer

Check Point to Acquire Cyberint Technologies to Enhance Operations

US Sees Iranian Hackers Working Closely With Ransomware Groups

RISCPoint RADAR provides real-time vulnerability detection across multiple attack surfaces

Unifying Cyber Defenses: How Hybrid Mesh Firewalls Shape Modern Security

Change Management and File Integrity Monitoring – Demystifying the Modifications in Your Environment

Concentric AI unveils AI-based DSPM functionality that monitors user activity risk

Live Patching DLLs with Python, (Thu, Aug 29th)

Wireshark 4.4.0 Released – What’s New!

Critical Vulnerability in Perl Module Installer Let Attackers Intercept Traffic

Iran-linked group APT33 adds new Tickler malware to its arsenal

French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform

America witnesses $1.5 billion in Cyber Crime losses so far in 2024

National Public Data (NPD) Breach: Essential Guide to Protecting Your Identity

The NIS2 Directive: How far does it reach?

Ransomware Attacks Exposed 6.7 Million Records in US Schools

Deepfakes: Seeing is no longer believing

Why ransomware attackers target Active Directory

Durex India spilled customers’ private order data

CrowdStrike Estimates the Tech Meltdown Caused by Its Bungling Left a $60 Million Dent in Its Sales

Third-party risk management is under the spotlight

ISC Stormcast For Thursday, August 29th, 2024 https://isc.sans.edu/podcastdetail/9118, (Thu, Aug 29th)

CrowdStrike’s meltdown didn’t dent its market dominance … yet

BlackByte Ransomware Exploits New VMware Flaw in VPN-Based Attacks

When Get-Out-The-Vote Efforts Look Like Phishing

Are Java Users Making Bad Oracle Java Migration Decisions?

Chrome bug hunters can earn up to $250,000 for serious vulnerabilities now – here’s how

3CX Phone System Local Privilege Escalation Vulnerability

Spotlight on Simbian

Innovator Spotlight: DNSFilter

Microsoft hosts a security summit but no press, public allowed

Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations

Data Masking Challenges in Complex Data Environments and How to Tackle them

Choosing the Right DSPM Vendor: The Map is Not the Territory

Product Release: Selective Sync + Account Recovery

Exploits, Vulnerabilities and Payloads – Who Knew?

IT Security News Daily Summary 2024-08-28

Akamai Named a Leader in The Forrester Wave?: Microsegmentation Solutions, Q3 2024

I Spy With My Little Eye: Uncovering an Iranian Counterintelligence Operation

Types of hackers: Black hat, white hat, red hat and more

Chrome bug hunters can earn up to $250,000 for serious vulnerabilities now – how’s how

Bitdefender vs. McAfee: Comparing Features, Pricing, Pros & Cons

Young Consulting data breach impacts 954,177 individuals

U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog

Proof-of-concept code released for zero-click critical Windows vuln

GiveWP Plugin Vulnerability Risked 100,000+ Websites To RCE Attacks

WPML WP Plugin Vulnerability Risked 1M+ WordPress Websites

Microsoft Copilot Studio Vulnerability Could Expose Sensitive Data

Infosec experts applaud DOJ lawsuit against Georgia Tech

Simplifying the policy experience for today’s IT teams

Americans Are Uncomfortable with Automated Decision-Making

DataDome Releases Fastly Compute Server-Side Integration

Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day

Google Restarts Gemini AI’s Image Generation Of People

CODAC Behavioral Healthcare, US Marshalls are latest ransomware targets

Copyright Is Not a Tool to Silence Critics of Religious Education

Iran’s Pioneer Kitten hits US networks via buggy Check Point, Palo Alto gear

Google Now Offering Up to $250,000 for Chrome Vulnerabilities

Mike Lynch: Captain Of Bayesian Yacht Declines To Talk

Advanced Techniques in Automated Threat Detection

Google’s Gemini AI gets major upgrade with ‘Gems’ assistants and Imagen 3

Halliburton cyberattack explained: What happened?

Ex-Twitter CISO Lea Kissner appointed as LinkedIn security chief

Porsche – Executive & Security Ratings Snapshot Request

SOC 2 vs. SAS 70: A Comprehensive Comparison

China Cyberwar Coming? Versa’s Vice: Volt Typhoon’s Target

Bitcoin and Nostr: What Lies Beyond Decentralization and Freedom

Why AI-Driven Cybercrime Could Be Your Business’s Biggest Risk

Ransomware on the Rise: Key Steps to Safeguard Your Business from Cyber Threats

Pioneer Kitten: Iranian hackers partnering with ransomware affiliates

Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability

Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver

Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing

Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case

The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks

Hacktivists turning to ransomware spread

Cybersecurity Companies Join Microsoft to Discuss Safe Deployment Practices following CrowdStrike Outage

Innovator Spotlight: Gurucul

Dick’s Sporting Goods discloses cyberattack

LinkedIn Hires Former Twitter Security Chief Lea Kissner as New CISO

Top 10 Lessons Learned from Managing Kubernetes from the Trenches

LummaC2 Infostealer Resurfaces With Obfuscated PowerShell Tactics

HMD Launches ‘Barbie’ Flip Phone To Tackle Smartphone Addiction

Notorious Iranian Hackers Have Been Targeting the Space Industry With a New Backdoor

Cisco Smart Bonding for MSPs: Enhance Customer Experience and Streamline Support Workflows

BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085

WPS Office Zero-Day Exploited by South Korea-Linked Cyberspies

Georgia Tech Faces DOJ Lawsuit Over Alleged Lapses in Cybersecurity for Defense Contracts

Ukrainian Hackers Launch Coordinated Cyber Offensive on Russian Networks

Here’s How to Safeguard Yourself Against Phone Scams

AuthenticID enhances Smart ReAuth to combat AI-based attacks and account takeovers

Veeam Data Platform 12.2 extends data resilience to more platforms and applications

Iran-Backed Peach Sandstorm Hackers Deploy New Tickler Backdoor

New LummaC2 Malware Variant Uses PowerShell, Obfuscation to Steal Data

Now available on Microsoft Azure: Cisco AppDynamics provides more flexibility

BlackByte Blends Known Tactics With New Encryptor Variant and Vulnerability Exploits to Support Ongoing Attacks

Quantum Computing and the Risk to Classical Cryptography

APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor

The Advantages of Runtime Application Self-Protection

32 Million Sensitive Records Exposed From Service Management Provider

TDECU MOVEit Data Breach, 500,000+ members’ Personal Data Exposed

Overcoming Challenges in Defensive Cybersecurity Teams with an Offensive Mindset

Microsoft’s Sway Serves as Launchpad for ‘Quishing’ Campaign

Rezonate’s mid-market solution reduces the cloud identity attack surface

Diligent NIS2 Compliance Toolkit helps organizations bolster their cybersecurity resilience

Research Unveils Eight Android And iOS That Leaks Users Sensitive Data

The Jedi of Code: May CloudGuard Be with You

Deep Analysis of Snake Keylogger’s New Variant

From Copilot to Copirate: How data thieves could hijack Microsoft’s chatbot

Dragos Platform updates streamline OT threat and vulnerability workflows

Regardless of Market Fluctuation, Web3 Infrastructure Is Booming

Pootry EDR Killer Malware Wipes Out Security Tools From Windows Machine

Versa Director Zero-day Vulnerability Let Attackers Upload Malicious Files

Price Drop: This Complete Ethical Hacking Bundle is Now $40

Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

New Phishing Campaign Steals VPN Credentials Using Social Engineering Methods

The End of the Tunnel Vision: Why Companies Are Ditching VPNs for Zero Trust

Malware Delivered via Malicious Pidgin Plugin, Signal Fork

Beating MFA Fatigue and AI-Driven Attacks with DirectDefense

US offers $2.5M reward for Belarusian man involved in mass malware distribution

Check Point Acquires Cybersecurity Startup Cyberint

China’s Volt Typhoon Exploits Zero-Day Flaw in Versa’s SD-WAN Director Servers

Fortinet Debuts Sovereign SASE, Updates Unified SASE With FortiAI

F5 and Intel join forces to push the boundaries of AI deployment

Rising Tides: Runa Sandvik on Creating Work that Makes a Difference

The Risks Lurking in Publicly Exposed GenAI Development Services

Optimizing SBOM sharing for compliance and transparency

A misuse of Spamhaus blocklists: PART 2 – How to limit outbound spam

BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave

IDC Raises Smartphone Shipment Forecast Amid GenAI Optimism

CoinSwitch sues WazirX to recover trapped funds

FBI’s Internet Crime Complaint Center reports $1.6 billion in losses for Americans due to scams and fraud

Airtags Locator Device used to Grab the Stolen Parcel

Matthew Green on Telegram’s Encryption

South Korean APT Group Exploits WPS Office Zero-Day for Espionage

US Offering $2.5 Million Reward for Belarusian Malware Distributor

Apple Axes Jobs In Digital Services Group – Report

What Is Cybersecurity Awareness Training? Why Your Business Needs it

GDPR Data Breach Notification Letter (Free Download)

Park’N Fly Data Breach Compromised Sensitive Data of 1 Million Customers

BlackByte affiliates use new encryptor and new TTPs

Join Us 09-13-24 for “Hacking Leadership Skills” – Super Cyber Friday

Join Us 09-06-24 for “Hacking Tabletop Exercises” – Super Cyber Friday

BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks

Nasdaq Seeks Permission For Bitcoin Index Listing Option

A Guide on 5 Common LinkedIn Scams

The Invisible Shield: Exploring the Silent Guardians of IoT Security

Fortinet introduces sovereign SASE and GenAI capabilities

Money Laundering Dominates UK Fraud Cases

Cybersecurity News: Another MOVEit incident, U.S. Marshals disputes breach, Park’N Fly data swiped

The ultimate dual-use tool for cybersecurity

Patchwork Actors Using Weaponized Encrypted Zip Files to Attack Orgs

Researchers Disclosed 20 Vulnerabilities Exploited To Attack ML Used In Orgs

Broadcom Extends VMware Cybersecurity Portfolio

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)

HYCU for Microsoft Entra ID provides organizations with automated, policy-driven backups

South Korean Spies Exploit WPS Office Zero-Day

Three Reasons for Cisco Umbrella for Government

U.S. CISA adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog

Sport 2000 – 3,189,643 breached accounts

Woman uses AirTags to nab alleged parcel-pinching scum

Microsoft Security Update: 90 Critical Vulnerabilities Fixed

What is binary compatibility, and what does it mean for Linux distributions?

Expel partners with Wiz to enhance security for cloud environments

Top 7 Questions to Ask Cybersecurity Service Providers

BlackSuit Ransomware targets software firm and steals data of about 950k individuals

Largest Healthcare Data Breaches of 2023

Rockwell Automation ThinManager Flaw Let Attackers Execute Remote Code

MacOS Version of HZ Rat Backdoor Discovered Targeting DingTalk and WeChat Users

Watchdog Criticizes FBI for Inadequate Digital Storage and Destruction Practices

CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports

Four Internet Service Providers are breached by sophisticated cyber attack. Cyber Security Today for Wednesday, August 28, 2024

Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem

Cyberattacks on UK Law Firms Surge by 77% Amid Rising Ransomware Threat

Cryptomator: Open-source cloud storage encryption

MFP security: How Can Resellers Ensure Customers Have The Proper Protection?

Cybercriminals capitalize on travel industry’s peak season

Cybersecurity jobs available right now: August 28, 2024

Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution

Old methods, new technologies drive fraud losses

ISC Stormcast For Wednesday, August 28th, 2024 https://isc.sans.edu/podcastdetail/9116, (Wed, Aug 28th)

Chinese broadband satellites may be Beijing’s flying spying censors, think tank warns

Not a SOC FAQ! This is SOC FMD!

Scott Kannry on the What’s Up with Tech? Podcast

Vega-Lite with Kibana to Parse and Display IP Activity over Time, (Tue, Aug 27th)

Critical flaw in WPML WordPress plugin impacts 1M websites

Facebook Whistleblower Fears Election Abuse

IT Security News Daily Summary 2024-08-27

Election Security Partners Host 7th Annual Tabletop the Vote Exercise for 2024

CVE-2024-38063 – Remotely Exploiting The Kernel Via IPv6

How to use Tor — and whether you should — in your enterprise

China-linked APT Volt Typhoon exploited a zero-day in Versa Director

Intel’s Software Guard Extensions broken? Don’t panic

Windows Downdate Attacks, Quick Share Vulnerability Exploit, and More: Hacker’s Playbook Threat Coverage Round-up: August 2024

Innovator Spotlight: Cyversity

The Urgent Need to Get MOVING for PCI DSS v4.0 Compliance

How fernao magellan Customized 140 Automation Use Cases

The US military’s latest psyop? Advertising on Tinder

Report: A Third of Organizations Suffer SaaS Data Breaches Last Year

What Is the Dark Web? + 6 Tips to Access It Safely

LibreOffice now removes personal data from documents. Why that matters

Vulnerability Recap 8/27/24 – Wide Range of Vulnerabilities This Week

Lateral Movement: Clearest Sign of Unfolding Ransomware Attack

Volt Typhoon suspected of exploiting Versa SD-WAN bug since June

Scammers Exploit Messaging Apps and Social Media in Singapore

CMMC vs DFARS vs NIST: What Are the Differences?

Beyond the Campaign Trail: Strengthening Your Business’s Cyber Defenses for Election Season

Chip Veteran Resigns From Intel’s Board, Amid Turnaround Plan Clash

Klarna Says AI Chatbots Helped Remove 1,200 Positions

New Unicode QR Code Phishing Scam Bypasses Traditional Security

The U.S. military’s latest psyop? Advertising on Tinder

Google Tags a Tenth Chrome Zero-Day as Exploited This Year

India’s Critical Infrastructure Suffers Spike in Cyberattacks

New Cheana Stealer Threat Targets VPN Users Across Multiple Operating Systems

Backyard Privacy in the Age of Drones

5 Key Takeaways: Ransomware Attacks on Healthcare, Education, and Public Sector

What is RBAC (Role-Based Access Control) and Why is it Important?

Ghostwriter ❤ Tool Integration

One-Third Of Companies Suffered SaaS Breach This Year

‘Terrorgram’ Telegram Terrorists Trash Transformers — Grid in Peril

Cybersecurity boost by AI based Firewalls

Meta To Use Geothermal Power In US Data Centres

Beyond the Obvious: Uncovering the Hidden Challenges in Cybersecurity

macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users

Chinese government hackers targeted US internet providers with zero-day exploit, researchers say

MSSPs: Why You Need a SOC And How to Choose the Right One for Your Business

Two Strategies to Protect Your Business From the Next Large-Scale Tech Failure

SonicWall Patches Critical Flaw Affecting its Firewalls (CVE-2024-40766)

Top Universities to Battle in Cybersecurity at UNSW’s Upcoming Australian Cybersecurity Games

DigitalOcean unveils enhanced role-based access control

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)

Microsoft 365 Copilot Vulnerability Exposes User Data Risks

Complete Guide to Protecting Seven Attack Vectors

2024-08-26 – GuLoader for Remcos RAT

Cisco Support Services Enters its GenAI Era

The Future of Data Center Operations Is Here: Work Smarter, Not Harder

Chemical Solutions Org Reduces the Time to Integrate Acquired Companies by 80% with Cato SASE Cloud Platform

Cribl Raises $319 Million at $3.5 Billion Valuation

Beyond Prioritization: Security Journey for Organizations

MOVEit Hack Exposed Personal Data of Half Million TDECU Users

Biden Administration Pressured Meta To Censor Covid-19 Content, Admits Zuck

Cybersecurity Career Paths: Bridging the Gap Between Red and Blue Team Roles

Cost of data breaches: The business case for security AI and automation

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

NordLayer Review: Pricing, Features & Specs

Chinese government hackers targeted U.S. internet providers with zero-day exploit, researchers say

NASA IV&V Facility Expands Cybersecurity Work and Educational Outreach

Microsoft security tools questioned for treating employees as threats

FBI Director Christopher Wray Highlights Unprecedented Threat Landscape and Importance of Law Enforcement Partnerships

DMM Bitcoin Hack: 500 BTC Transfer Linked to $305 Million Theft Raises New Concerns

US Authorities Charge Alleged Key Member of Russian Karakurt Ransomware Outfit

Hillstone Networks unveils StoneOS 5.5R11 to enhance threat protection

CTEM in the Spotlight: How Gartner’s New Categories Help to Manage Exposures

Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors

FBI Flawed Data Handling Raises Security Concerns

Telegram’s Pavel Durov Remains In Custody Amid Investigation

Microsoft 365 Flags Emails with Images as Malware: A Growing Concern for Users

Join SASE Converge — Where the Future of SASE Comes Together

TDECU data breach affects half a million people

SMS scammers use toll fees as a lure

How Does a VPN Work? A Comprehensive Beginner’s Overview

Unleashing the Power of AI in the Enterprise

EDR vs NGAV: Which Works Better for Your Organization?

Cybersecurity Solutions for Small and Medium Businesses (SMBs)

Uber Hit With $324m GDPR Fine

Nuclei: Open-Source Vulnerability Scanner

Encryption of Data at Rest: The Cybersecurity Last Line of Defense

When Convenience Costs: CISOs Struggle With SaaS Security Oversight

LockBit, RansomHub Lead Ransomware Attacks in July

RSA Authenticator App improves cybersecurity for federal agencies

Suspected Cyber-Attack Causes Travel Chaos at Seattle Airport

TDECU Data Breach: 500,000+ Members Affected by MOVEit Exploit

Microsoft Copilot Prompt Injection Vulnerability Let Hackers Exfiltrate Sensitive Data

AI Unveiled: Decoding the Future with Cisco

Researchers unmasked the notorious threat actor USDoD

Zimbabwe Government Places Priority on Cybersecurity Training for Public Servants

Update: Researcher Publishes PoC Exploit for Zero-Click Windows RCE Threat

Researchers Warn of Text Scams That Send Drivers Fake Bills for Highway Tolls

Cisco to Acquire AI Security Firm Robust Intelligence

Critical wpa_supplicant Vulnerability Addressed

Canada Imposes 100 Percent Tariffs On Chinese EVs

PythonAnywhere Cloud Platform Abused for Hosting Ransomware

The 5 Best Free Endpoint Protection Platforms for 2024

Contact center outsourcing: What businesses need to know

The Present and Future of TV Surveillance

Researchers Discover Over 20 Supply Chain Vulnerabilities in MLOps Platforms

The Changing Dynamics of Ransomware as Law Enforcement Strikes

McDonald’s Instagram Hacked by Crypto Scammers to Steal $700,000

Fake macOS Apps Infect Devices, Steal Sensitive Data in the Latest Malware Attack

Why Is Python so Popular to Infect Windows Hosts?, (Tue, Aug 27th)

HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat

Pidgin Users Beware! Malicious Plugin Discovered with Keylogger

Seattle Airport Blames Outages on Possible Cyberattack

Well, I Think My Relationship With the CIO Improved When I Took Their Job

Researchers Discover Several Potential Attack Vectors in Bicycles With Shimano Di2 Wireless Gear-Shifting System

Cybersecurity News: SonicWall access flaw, Microsoft security summit, Telegram details

16-31 May 2024 Cyber Attacks Timeline

Tech Support Scam Found Hijacking Microsoft Search Queries Through Google Ads

5 Key Findings from the 2024 State of Bot Mitigation Survey

Uber Hit With €290m GDPR Fine

News Chrome 0-Day Vulnerability (CVE-2024-7965) Actively Exploited in the Wild

Life in Cybersecurity: Expert Tips and Insights from a Cybersecurity Recruiter

How Automation and AI are Transforming GRC Management

Why Companies Need Real-Time Compliance

Centreon Issues Critical Security Update to Fix SQL Injection Vulnerabilities That Threaten IT Monitoring

Critical SSTI Flaw in WPML Plugin Exposes Millions of WordPress Sites to RCE Attacks

A Third of Organizations Suffer SaaS Data Breaches

Vesra File Type Upload Vulnerability Lets Attackers Gain Sys-Admin Access from MSP

Exploiting the Windows Kernel via Malicious IPv6 Packets (CVE-2024-38063)

Global Field Service Management Provider Exposes Nearly 32 Million Documents Online

Gafgyt Botnet: Weak SSH Passwords Targeted For GPU Mining

Ransomware news headlines trending on Google

Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation

Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot

How to prioritize data privacy in core customer-facing systems

The Dutch Data Protection Authority (DPA) has fined Uber a record €290M

Flights Disrupted at Seattle-Tacoma Airport Due to Possible Cyberattack

Evolving Cybersecurity: Aligning Strategy with Business Growth

Half of enterprises suffer breaches despite heavy security investments

Behind the scenes of Serious Cryptography

Lateral movement: Clearest sign of unfolding ransomware attack

ISC Stormcast For Tuesday, August 27th, 2024 https://isc.sans.edu/podcastdetail/9114, (Tue, Aug 27th)

Stop paying for antivirus software. Here’s why you don’t need it

How AI is helping cut the risks of breaches with patch management

Slack AI Vulnerability Exposed Data From Private Channels

Google Patched A Chrome Zero-Day With Multiple Vulnerabilities

FAA Proposed New Cybersecurity Rules Addressing Threats To Airplanes

Digital Wallets Found Vulnerable To Fraudulent Payments

LiteSpeed Cache Plugin Vulnerability Risked 5+ Million WordPress Websites

Google addressed the tenth actively exploited Chrome zero-day this year

Telegram CEO Pavel Durov’s Arrest Linked to Sweeping Criminal Investigation

IT Security News Daily Summary 2024-08-26

Maximizing Enterprise Data: Unleashing the Productive Power of AI With the Right Approach

5 open source Mitre ATT&CK tools

How to use the NIST CSF and AI RMF to address AI risks

Telegram CEO Pavel Durov’s Arrest Linked to Sweeping Criminal Investigation

Recognizing Women Driving Innovation

Axiad Takes a Leading Role in Microsoft’s FIDO Provisioning API Upgrade

2024 ISO and CSA STAR certificates now available with three additional services

PSA: These ‘Microsoft Support’ ploys may just fool you

Why the NSA advises you to turn off your phone once a week

Fortifying the future of Security for AI: Cisco Announces intent to acquire Robust Intelligence

Microsoft mistake blows up admins’ inboxes with fake malware alerts

Slack Fixes AI Security Flaw After Expert Warning

CISA Adds One Known Exploited Vulnerability to Catalog

Audit Finds Notable Security Gaps in FBI’s Storage Media Management

Seattle airport ‘possible cyberattack’ snarls travel yet again

Watchdog warns FBI is sloppy on secure data storage and destruction

Vulnerability Summary for the Week of August 19, 2024

SonicWall addressed an improper access control issue in its firewalls

Marketing Data Security Threats Are Rising: Where CMOs See Gaps

Vulnerability Prioritization is Only the Beginning

Chinese APT Volt Typhoon Caught Exploiting Versa Networks SD-WAN Zero-Day

Navigating PCI DSS 4.0: Insights from Industry Experts on Client-Side Security

SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)

Summer 2024 SOC report now available with 177 services in scope

1,000,000 WordPress Sites Protected Against Unique Remote Code Execution Vulnerability in WPML WordPress Plugin

Fraud Tactics and the Growing Prevalence of AI Scams

AMD internal data reportedly offered for sale

DoJ Files Complaint Against Georgia Tech Under False Claims Act

Getting Started With SPIFFE For Multi-Cloud Secure Workload Authentication

Password creation tips for enhanced security

Apple Targets 10 September iPhone 16 Launch Event – Report

2 TB of Sensitive “ServiceBridge” Records Exposed in Cloud Misconfiguration

Over 3400 High and Critical Cyber Alerts Recorded in First Half 2024

US Charges Alleged Member of Russian Karakurt Ransomware Group

Georgia Tech Sued Over Alleged False Cybersecurity Reports to Win DoD Contracts

Dutch Regulator Fines Uber €290 Million for GDPR Violations in Data Transfers to U.S.

SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access

Uber Fined $324m For Transferring European Data To US

Move over malware: Why one teen is more worried about AI (re-air) (Lock and Code S05E18)

How does DMARC affect email marketing?

CrowdStrike Competitors for 2024: Top Alternatives Reviewed

Celebrating Women’s Equality Day: Innovating for Inclusion

WordPress Websites Used to Distribute ClearFake Trojan Malware

Russian Laundering Millions for Lazarus Hackers Arrested in Argentina

Fake Funeral Live Stream Scams Target Grieving Users on Facebook

Cyber Security: A Rising Threat to Australia’s Renewable Energy Campaign

Newly Discovered Group Offers CAPTCHA-Solving Services to Cybercriminals

Meta Says Iranian Hackers Targetted Biden, Trump WhatsApp Accounts

Cheana Stealer Attacking Windows & macOS VPN Users to Deploy Malware Payloads

EDR vs NGAV: Which One Is Better For Your Organization?

Hundreds of Online Stores Hacked in New Campaign

CISA’s $524M headquarters slated for DHS campus in 2027

Lessons from the CrowdStrike Falcon Sensor Defect: Enhancing Ransomware Recovery and Business Continuity

Hitachi Vantara and Broadcom help organizations modernize their cloud infrastructure

NSA Releases Guide to Combat Living Off the Land Attacks

Cyber Hacktivist Campaign “FreeDurov” Emerges Following Arrest of Telegram CEO

Pavel Durov’s Arrest Leaves Telegram Hanging in the Balance

US Authorities Warn Healthcare Sector of Everest Ransomware Threats

Telecom Company Hit with $1 Million Penalty Over AI-Generated Fake Robocalls

31.5M invoices, contracts, patient consent forms, and more exposed to the internet

SonicWall Patches Critical SonicOS Vulnerability

Everest Gang Poses New Cybersecurity Threat to US Healthcare

QR Code Phishing: How Cybercriminals Exploit Trust via Quishing

Port of Seattle Hit by Cyberattack, Services & Websites Down

Striking a Balance Between the Risks and Rewards of AI Tools

Microsoft To Host Cybersecurity Summit After CrowdStrike IT Outage

Patelco Credit Union Ransomware Attack, Customers & Employees Data Stolen

NIST Hands Off Post-Quantum Cryptography Work to Cyber Teams

Two Remote Code Execution Vulnerabilities Discovered in Traccar GPS Tracking System

NTLM Credential Theft Risk in Python Apps Threaten Windows Security

Securing the Future: Defending LLM-Based Applications in the Age of AI

Stealthy ‘sedexp’ Linux Malware Evaded Detection for Two Years

Russian National Arrested for Laundering Crypto Payments from Lazarus Group

CyberGhost vs NordVPN (2024): Which VPN Should You Choose?

How to tell if your online accounts have been hacked

US Federal Court Rules Against Geofence Warrants

Stealthy Memory-Only Dropper Delivers PEAKLIGHT Loader on Windows Systems

GenAI Models are Easily Compromised

Uber to Appeal Dutch €290 Million GDPR Fine

Miggio Uncovers AWS Load Balancer Security Flaw

Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms

Unpacking Slack Hacks: 6 Ways to Protect Sensitive Data with Secure Collaboration

Halliburton, Law Enforcement Investigates Cyberattack Impact

Hackers can Take Over Ecovacs Home Robots to Spy on Device Owners

Kremlin Blames Widespread Website Disruptions on DDoS Attack; Digital Experts Disagree

Telegram Founder Pavel Durov Arrested At French Airport – Report

Industry Moves for the week of August 26, 2024 – SecurityWeek

Patelco Credit Union Says Breach Impacts 726k After Ransomware Gang Auctions Data

Cybersecurity News: Halliburton suffers cyberattack, Telegram CEO arrested, Georgia Tech lawsuit

A cyberattack impacted operations at the Port of Seattle and Sea-Tac Airport

Stealthy Linux Malware “sedexp” Exploits udev Rules for Persistence and Evasion

CISA Adds Versa Director Bug to its Known Exploited Vulnerabilities Catalog

C-Suite Involvement in Cybersecurity is Little More Than Lip Service

Global Cyber Insurance Premiums Decline Despite Ransomware Surge

Forensic Cyberpsychology: Profiling the Next-Generation Cybercriminal

Another Critical SolarWinds Web Help Desk Bug Fixed (CVE-2024-28987)

Why C-Suite Leaders are Prime Cyber Targets

Telegram Founder Arrested at France Airport

A week in security (August 19 – August 25)

Gartner Spotlights AI, Security in 2024 Hype Cycle for Emerging Tech

Financial Firm Fined $850K for Violating SEC Cyber Rules

Critical Flaws in Traccar GPS System Expose Users to Remote Attacks

Chinese Velvet Ant Uses Cisco Zero-Day to Deploy Custom Malware

From Highly Obfuscated Batch File to XWorm and Redline, (Mon, Aug 26th)

Nokia dumbphones make a comeback

Telegram Founder Arrested Arrested at France Airport

Linux malware sedexp uses udev rules for persistence and evasion

Discovering The Importance of Cybersecurity Advisory Boards (CABs)

FAA Proposes New Cybersecurity Rules for Airplanes

Most Ransomware Attacks Occur Between 1 AM and 5 AM

Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers

Seattle port systems shut down due to possible cyber attack: Cyber Security Today for Monday August 26, 2024

Cyber Attack disrupts operations at Seattle Tacoma International Airport

How Chaos Engineering Makes Corporate Networks Resilient to Cyber Attacks

New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards

Event Logging Key to Detecting LOTL Attacks, Security Agencies Say

Two strategies to protect your business from the next large-scale tech failure

Ransomware Attacks, Demands, and Payments Rise in Q2

Prism Infosec Debuts Red Team Engagement Service

Secure Web Gateway Vulnerabilities Exposed: SquareX’s Research Stirs the Industry

Adversaries love bots, short-lived IP addresses, out-of-band domains

Rebrand, regroup, ransomware, repeat

Nuclei: Open-source vulnerability scanner

ISC Stormcast For Monday, August 26th, 2024 https://isc.sans.edu/podcastdetail/9112, (Mon, Aug 26th)

Alleged Karakut ransomware scumbag charged in US

GenAI buzz fading among senior executives

BlackSuit Ransomware

Pavel Durov’s Arrest Leaves Telegram Hanging in the Balance

IT Security News Weekly Summary – Week 34

IT Security News Daily Summary 2024-08-25

Traderie – 364,898 breached accounts

North Korea Exploited Windows Zero-Day Vulnerability to Install Fudmodule

The Port of Seattle and Sea-Tac Airport say they’ve been hit by ‘possible cyberattack’

Iranian Hackers Targeted WhatsApp Accounts of Staffers in Biden, Trump Administrations, Meta Says

Worried About Cash App Breach? These Three Steps Can Keep Your Financial Data Safe

16 Years of Cybercrime: The Story of Greasy Opal’s CAPTCHA Solver

New Styx Stealer Malware Targets Browsers and Instant Messaging for Data Theft

Sheltering From the Cyberattack Storm – Part Two

Beyond CVSS: Advanced Vulnerability Prioritization Strategies for Modern Threats

Dell Power Manager Privilege Escalation Vulnerability

Progress WhatsUp Gold Vulnerabilities Let Attackers Inject SQL Commands

Chrome Zero-day Vulnerability Actively Exploited in the Wild

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 8

France police arrested Telegram CEO Pavel Durov

U.S. CISA adds Versa Director bug to its Known Exploited Vulnerabilities catalog

Security Affairs newsletter Round 486 by Pierluigi Paganini – INTERNATIONAL EDITION

Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited

New Linux Malware ‘sedexp’ Hides Credit Card Skimmers Using Udev Rules

Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures