IT Security News Weekly Summary – Week 37

USENIX Security ’23 – Multiview: Finding Blind Spots in Access-Deny Issues Diagnosis

Fortifying The Digital Frontier: Everyday Habits That Shape Your Company’s Cybersecurity Posture

YARA-X’s Dump Command, (Sun, Sep 15th)

Port of Seattle shares ransomware attack details

Ford’s Latest Patent: A Step Toward High-Tech Advertising or Privacy Invasion?

TrickMo Android Trojan Abuses Accessibility Services for On-Device Financial Scam

Combating Telecom Fraud: Trai and DoT’s Joint Effort Against Spam Calls

Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack

Global Cybercrime Syndicate Falls in Singapore’s Largest-Ever Police Raid

Florida Healthcare Data Leak Exposes Thousands of Doctors and Hospitals

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 11

Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days

Games Box – 1,439,354 breached accounts

Security Affairs newsletter Round 489 by Pierluigi Paganini – INTERNATIONAL EDITION

Upcoming Speaking Engagements

YARA 4.5.2 Release, (Sat, Sep 14th)

IT Security News Daily Summary 2024-09-14

CosmicBeetle joins the ranks of RansomHub affiliates – Week in security with Tony Anscombe

USENIX Security ’23 – On the Feasibility of Malware Unpacking via Hardware-assisted Loop Profiling

RansomHub Ransomware: Exploiting Trusted Tools to Evade Detection

U.S. CISA adds Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

Ransomware Actors Refused to Provide Decryptor Even After Recieving Ransom Payment

London’s Transit System Suffers Through Prolonged Cyberattack; Data Security a Concern

Cryptocurrency Scams Surge in 2023, FBI Reports Record $5.6 Billion in Losses

A Creative Trick Makes ChatGPT Spit Out Bomb-Making Instructions

A new path for Kyber on the web

NoName Hackers Use RansomHub in Recent Cyber Campaigns

Ivanti Cloud Service Appliance flaw is being actively exploited in the wild

Security News This Week: A Creative Trick Makes ChatGPT Spit Out Bomb-Making Instructions

GitLab Warns of Critical Pipeline Execution Vulnerability

How an Asset Inventory Improves The Five Essential Steps of a Risk Management Program

Fileless Remcos RAT Campaign Leverages CVE-2017-0199 Flaw

SquareX: The Future of BYOD Security for Enterprises

The Role of Governance, Risk, and Compliance in Modern Cybersecurity Programs

Chinese-Made Port Cranes in US Included ‘Backdoor’ Modems, House Report Says

Innovator Spotlight: Cymulate

Innovator Spotlight: Illumio

Innovator Spotlight: Fortanix

Organizations Can’t Afford to Ignore the Security Risks of Proximity Technology

Citrix Workspace App Users Urged to Update Following Two Privilege Escalation Flaws

Update: Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities

New Vo1d Malware Infects 1.3 Million Android Streaming Boxes

Targeted Campaigns in Retail Sector Involve Domain Fraud, Brand Impersonation, and Ponzi Schemes

Hackers Have Sights Set on Four Microsoft Vulnerabilities, CISA Warns

Cyber Security Today Week in Review for September 14, 2024

GitLab fixed a critical flaw in GitLab CE and GitLab EE

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

Kubernetes attacks are growing: Why real-time threat detection is the answer for enterprises

CVE-2024-28986 – SolarWinds Web Help Desk Security Vulnerability – August 2024

Fortinet confirms data breach, extortion demand

IT Security News Daily Summary 2024-09-13

Antivirus vs. Anti-Malware: Which One Do I Need?

Microsoft’s Windows Agent Arena: Teaching AI assistants to navigate your PC

Friday Squid Blogging: Squid as a Legislative Negotiating Tactic

Apple Suddenly Drops NSO Group Spyware Lawsuit

Setting Up Secure Data Lakes for Starlight Financial: A Guide to AWS Implementation

Your data is under siege. How to protect your data and privacy.

At Microsoft’s security summit, experts debated how to prevent another global IT meltdown. Will it help?

The Role of Leadership in Cultivating a Resilient Cybersecurity Team

New Office of the CISO Paper: Organizing Security for Digital Transformation

Fundamentals of GraphQL-specific attacks

2024-09-12 – Approximately 11 days of server scans and probes

Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel

CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability

USENIX Security ’23 – Security Analysis of MongoDB Queryable Encryption

Randall Munroe’s XKCD ‘Monocaster’

Podcast: Empowering organizations to address their digital sovereignty requirements with AWS

Evolution of Fueling Partner Success

Try the New Security Sandbox for Cisco Defense Orchestrator

New Linux malware called Hadooken targets Oracle WebLogic servers

NextNav’s Callous Land-Grab to Privatize 900 MHz

Feeld dating app’s security too open-minded as private data swings into public view

Payment Gateway Slim CD Reports Major Data Breach Affecting 1.7 Million Users

How to Protect Your Accounts from 2FA Vulnerabilities: Avoid Common Security Pitfalls

Ford seeks patent for conversation-based advertising

5 Steps to Building a Robust Cyber Resilience Framework

Ivanti Releases Security Update for Cloud Services Appliance

Veeam Software Issues Fixes for Exploitable Security Flaws

Ransomware attacks are driving up costs to millions of dollars for schools and educational institutions

10 Cybersecurity Measures That Experts Follow (and You Should, Too!)

New Android Malware Ajina.Banker Steals 2FA Codes, Spreads via Telegram

The Critical Role of Data at Rest Encryption in Cybersecurity

iPhone 16 better thwarts hackers who use the camera or microphone to spy on you

‘Terrorgram’ Charges Show US Has Had Tools to Crack Down on Far-Right Terrorism All Along

AI in Cybersecurity: Experts Discuss Opportunities, Misconceptions and the Path Forward

Fortinet confirms customer data breach

Critical Severity Flaw Exposes Siemens Industrial Systems

Election Sabotage via Cyberattacks Increases

Hackers Use SonicWall Security Flaw in Ransomware Attacks

Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

Finding Honeypot Data Clusters Using DBSCAN: Part 2, (Fri, Sep 13th)

Akamai Prevents Record-Breaking DDoS Attack on Major U.S. Customer

Akamai?s Perspective on September?s Patch Tuesday 2024

Announcing the 11th Annual Flare-On Challenge

Kali Linux 2024.3 Released With New Hacking Tools

What can businesses learn from the rise of cyber espionage?

CISA Releases Analysis of FY23 Risk and Vulnerability Assessments

Lehigh Valley Health Network hospital network has agreed to a $65 million settlement after data breach

Navigating the Leap: My Journey from Software Engineering to Offensive Security

Fake Recruiter Coding Tests Target Developers With Malicious Python Packages

SolarWinds Reveals RCE Flaw in Access Rights Manager

Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid)

17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London

Malicious Actors Spreading False US Voter Registration Breach Claims

Reduce risks of user sign-up fraud and SMS pumping with Amazon Cognito user pools

BT Identifies 2,000 Potential Cyberattacks Signals Every Second

Putting AI Into AIOps: A Future Beyond Dashboards

Update: Hackers Target Apache OFBiz RCE Flaw CVE-2024-45195 After PoC Exploit Released

In Other News: Possible Adobe Reader Zero-Day, Hijacking Mobi TLD, WhatsApp View Once Exploit

Finding Honeypot Data Clusters Using DBSCAN: Part 2, (Fri, Aug 23rd)

Chinese-speaking Hackers Linked to DragonRank SEO Manipulator Service

Tips for Detecting and Preventing Multi-Channel Impersonation Attacks

CMA Cites Higher Prices Post Vodafone, Three Merger, Demands Changes

The Dark Nexus Between Harm Groups and ‘The Com’

Iranian APT Hackers Target Iraqi Government in New Espionage Campaign

Two Critical RCE Flaws Discovered in Docker Desktop

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw

TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Record $65m Settlement for Hacked Patient Photos

Microsoft Cuts Hundreds Of Gaming Staff

Hacker Tricks ChatGPT to Get Details for Making Homemade Bombs

New Linux Malware “Hadooken’ Targets Oracle WebLogic Applications

Adobe Completes Fix for Reader Bug with Known PoC Exploit

New ‘Hadooken’ Linux Malware Targets WebLogic Servers

Realm.Security Emerges to Tackle Cybersecurity Data Management

PREVIEW: CISO Series Podcast LIVE in Boca Raton, FL 9-21-24

MSSPs – Why You Need a SOC Product And How to Choose the Right One

Citrix Workspace App Vulnerable to Privilege Escalation Attacks

Keeper Security Expands Passphrase Generator Capability to Mobile Devices

Vo1d malware infected 1.3 Million Android-based TV Boxes in 197 countries

Real-Time Cyberattack Simulations Take Centre Stage at International Cyber Expo 2024 with CrisisCast

1.3 Million Android TV Boxes Infected by Vo1d Malware

Cyber Security in Banking: Threats, Solutions & Best Practices

Microsoft Vows to Prevent Future CrowdStrike-Like Outages

Cybersecurity News: Lazarus spoofs CapitalOne, Mastercard buys RecordedFuture, WordPress imposes 2FA

Beware Of Weaponized Excel Document That Delivers Fileless Remcos RAT

GitLab Updates Resolve Critical Pipeline Execution Vulnerability

Why Windows 11 Requires a TPM and How It Enhances Security

Rain Technology protects consumers against visual hackers and snoopers at ATM terminals

Hackers gain access to credit card details of approximately 1.7 million people in USA and Canada

Hackers Exploiting Apache OFBiz RCE Vulnerability in the Wild

Live Patching as a Growth Enabler for Your Infrastructure

Nudge Security unveils SSPM capabilities to strengthen SaaS security

From Open Networks to Zero Trust: A Paradigm Shift

Docker Desktop Vulnerabilities Let Attackers Execute Remote Code

Cybersecurity Compliance and Beyond: How Protocols Drive Innovation and Growth

How Secure is the “Password Protection” on Your Files and Drives?

20 dollars exposes a huge flaw in Internet security: Cyber Security Today for Friday the 13th September, 2024

Mastercard acquires Cyber Threat Intelligence firm Recorded Future for $2.58 Billion

Is Your Business Ready for the Quantum Cybersecurity Threat?

Cambodian senator sanctioned by US over alleged forced labor cyber-scam camps

Why Breaking into Cybersecurity Isn’t as Easy as You Think

New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

Fortinet Confirms Data Breach Following Hacker’s Claim of 440GB Data Theft

Android TV Box Malware, Vo1d, Infects Over a Million Devices Worldwide

Fortinet Confirms Data Breach

Australia’s government spent the week boxing Big Tech

How to make Infrastructure as Code secure by default

Application Security — The Complete Guide

Cyber insurance set for explosive growth

Organizations still don’t know how to handle non-human identities

Security measures fail to keep up with rising email attacks

SquareX, Awarded Rising Star Category in CybersecAsia Readers’ Choice Awards 2024

Comprehensive Guide to Infrastructure Robustness Metrics

New infosec products of the week: September 13, 2024

ISC Stormcast For Friday, September 13th, 2024 https://isc.sans.edu/podcastdetail/9136, (Fri, Sep 13th)

Feds pull plug on domains linked to import of Chinese gun conversion devices

The US is Preparing Criminal Charges in Iran Hack Targeting Trump, AP Sources Say

‘Hadooken’ Linux malware targets Oracle WebLogic servers

Fortinet admits miscreant got hold of customer data in the cloud

6 common Geek Squad scams and how to defend against them

White hat heroes—Your introduction to ethical hacking

CCNA: The foundation that built my IT career (can be yours, too)

Innovator Spotlight: Expel

IT Security News Daily Summary 2024-09-12

FBI and CISA Release Joint PSA, Just So You Know: False Claims of Hacked Voter Information Likely Intended to Sow Distrust of U.S. Elections

Fortinet Confirms Limited Data Breach After Hacker Leaks 440 GB of Data

Mastercard to acquire Recorded Future for $2.65B

Accelerating Partner Growth with PXP and Cisco Black Belt Academy

Cybersecurity giant Fortinet discloses a data breach

I stole 20GB of data from Capgemini – and now I’m leaking it, says cyber-crook

UK NCA arrested a teenager linked to the attack on Transport for London

Enhancing Security and Compliance in the Energy Sector: Imperva’s Cipher Suite Support

Navigating the Shared Responsibility Model: Lessons Learned from the Snowflake Cybersecurity Incident

We Called on the Oversight Board to Stop Censoring “From the River to the Sea” — And They Listened

Spotlight on Oleria

Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing

Mastercard splurges $2.65B on another big cyber purchase – Recorded Future

Microsoft’s September 2024 Patch Tuesday Addresses 4 Zero-Days, 79 Vulnerabilities

PREVIEW: CISO Series Podcast LIVE in Houston, TX 9-24-24

We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders

What is a Virtual Private Network (VPN)? VPN Security Explained

Randall Munroe’s XKCD ‘Water Filtration’

Proofpoint Adds Ability to Dynamically Apply Granular Security Controls

SpaceX Polaris Dawn Crew Carry Out First Commercial Spacewalk

Google Chrome adds 3 new security features to boost your online safety and privacy

Google Cloud Strengthens Backup Service With Untouchable Vaults

New Chrome Features Protect Users Against Threats, Provide More Control Over Personal Data

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

New Android Malware ‘Ajina.Banker’ Steals Financial Data and Bypasses 2FA via Telegram

New whitepaper available: Building security from the ground up with Secure by Design

Trending Cybersecurity news headlines on Google for today

Irish Watchdog Launches Inquiry Into Google AI Model

Government To Classify UK Data Centres As Critical Infrastructure

NCA Arrests Teenager in Walsall Over TfL Cyber Attack

Mastercard to Acquire Threat Intel Firm Recorded Future for $2.65 Billion

Designing a Secure Architecture for Distributed Systems

Scammers advertise fake AppleCare+ service via GitHub repos

Check Point’s Quantum Leap: Integrating NIST PQC Standards

Rockwell Automation FactoryTalk View Site

Rockwell Automation AADvance Trusted SIS Workstation

AutomationDirect DirectLogic H2-DM1E

Siemens SIMATIC SCADA and PCS 7 Systems

Siemens Industrial Edge Management

Cisco advances embedded cyber resilience in industrial routers

Microsoft Is Adding New Cryptography Algorithms

Google Chrome gets a mind of its own for some security fixes

Threat Actors Are Finding it Easier Than Ever to Breach Cyber-Defenses: Enter Data-Centric Security

Irish Data Protection Regulator to Investigate Google AI

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 2, 2024 to September 8, 2024)

Hackers Exploiting Progress WhatsUp RCE Vulnerability In The Wild

Critical Vulnerabilities in JPEG 2000 Library Let Attackers Execute Remote Code

PartnerLeak scam site promises victims full access to “cheating” partner’s stolen data

Facebook scrapes photos of kids from Australian user profiles to train its AI

WordPress Plugin and Theme Developers Told They Must Use 2FA

Rockwell Automation Pavilion8

Rockwell Automation 5015-U8IHFT

Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix 5380

Siemens Industrial Products

Siemens Tecnomatix Plant Simulation

How AI Challenges Sales to Be More Human

Ensuring Continuous Network Operations with Cisco Nexus Hitless Upgrades

Transport for London confirms 5,000 users’ bank data exposed, pulls large chunks of IT infra offline

Realm.Security Emerges From Stealth With $5 Million in Seed Funding

Aembit’s Vision for Non-Human Identity and Access Management Gains $25 Million in Backing

Blocking in Production Requires a Modern Security DevEx | Impart Security

Hacktivism: How Hacktivists are Using Digital Activism to Fight for Justice

Security Experts Detect SQL Injection to Bypass Airport TSA Security Checks

Suspect arrested over the Transport for London cyberattack

TfL Confirms Customer Data Breach, 17-Year-Old Suspect Arrested

Schools Face Million-Dollar Bills as Ransomware Rises

Protecting Multi-Cloud Resources in the Era of Modern Cloud-Based Cyberattacks

From Amazon to Target: Hackers Mimic Top Brands in Global Crypto Scam

How I got started: AI security executive

Hacker tricks ChatGPT into giving out detailed instructions for making homemade bombs

Cisco at IBC2024

Microsoft Defender Endpoint Security vs. SentinelOne Singularity : Which One Should You Choose?

CrowdStrike Falcon vs. ESET Endpoint Security : Which One Should You Choose?

CrowdStrike Falcon vs. Palo Alto Networks Cortex XDR : Which One Should You Choose?

CrowdStrike Falcon vs. IBM Security QRadar XDR : Which One Should You Choose?

CrowdStrike Falcon vs. Microsoft Defender Endpoint Security : Which One Should You Choose?

Global Cybersecurity Workforce Growth Flatlines, Stalling at 5.5 Million Pros

Evasion Tactics Used By Cybercriminals To Fly Under The Radar

Aembit Raises $25 Million in Series A Funding for Non-Human Identity and Access Management

Data Poisoning: The Hidden Threat to AI Models

Avis Data Breach Exposes Over 400,000 Customers’ Personal Information

Bitcoin ATM Emerges as Major Threat to Cryptocurrency

Dru Investigate simplifies cyber investigations and helps users uncover data threats

Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide

Mastercard Acquires Global Threat Intelligence Firm Recorded Future for $2.65bn

How Distributed Cloud Computing Meets Modern User Demand

Modern Authentication on .NET: OpenID Connect, BFF, SPA

Cisco AI Enhances Retail Operations

Saviynt Launches Innovative Intelligence Suite to Transform Identity Security

How to Strengthen and Improve Your Company’s Security Posture

NETSCOUT enhances Omnis Cyber Intelligence platform with MITRE ATT&CK behavioral analytics

Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking

Robot To Retrieve Fuel From Fukushima Nuclear Plant

Ransomware Disguised as a Game: Kransom’s Attack Through DLL Side-Loading

Threat Actors Using New Malware Toolkit That Involves IIS Backdoor, DNS Tunneling

CosmicBeetle Exploiting Old Vulnerabilities To Attacks SMBs All Over The World

New Loki Backdoor Attacking macOS Systems

The best VPN services for torrenting in 2024: Expert tested and reviewed

Inc Ransom Attack Analysis: Extortion Methodologies

DockerSpy: Search for Images on Docker Hub, Extract Sensitive Information

Lazarus Group Targets Developers in Fresh VMConnect Campaign

Singapore Police arrest six men allegedly involved in a cybercrime syndicate

India Needs Better Cybersecurity for Space Systems

EU kicks off an inquiry into Google’s AI model

The SBOM has a long history — but what’s next is what matters

Tines Leverages LLMs to Simplify Security Automation

Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)

OpenAI Valued At $150Bn In Funding Talks – Report

Microsoft Fixes Windows Smart App Control Zero-Day Exploited Since 2018

Cybersecurity is a Fundamental Component of Patient Care and Safety

About that Windows Installer ‘make me admin’ security hole. Here’s how it’s exploited

Cisco Patches High-Severity Vulnerabilities in Network Operating System

How Business Owners Can Evolve with a Changing Technological Landscape

Cyber Staffing Shortages Remain CISOs’ Biggest Challenge

Ireland’s Watchdog Launches Inquiry into Google’s AI Data Practices in Europe

Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack

Top 3 Threat Report Insights for Q2 2024

UK Recognizes Data Centers as Critical National Infrastructure

LUMI – The Most Powerful Supercomputer In Europe

Kali Linux 2024.3 Released: 11 New Tools, Qualcomm Snapdragon SDM845 SoC Support

New RansomHub Attack Uses TDSSKiller and LaZagne, Disables EDR

Iranian Hackers Targeting Iraqi Government: Security Firm

Losses due to cryptocurrency and BEC scams are soaring

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities

The 6 Best Penetration Testing Companies for 2024

Apple Vision Pro’s Eye Tracking Exposed What People Type

1-15 June 2024 Cyber Attacks Timeline

New PIXHELL Acoustic Attack Leaks Secrets From LCD Screen Noise

Microsoft Discloses Four Zero-Days in September Update

Healthcare Provider to Pay $65M Settlement Following Ransomware Attack

US Elections: Iranian Hackers Target Political Campaigns

Ubuntu 24.04.1 LTS Released: This is What’s New

BYOD Policies Fueling Security Risks

Business Email Compromise Costs $55bn Over a Decade

Who Is Responsible for Securing SaaS Tools?

Cybersecurity News: $20 WHOIS vulnerability, India’s Cyber Commandos, Word hits drone makers

Mind your header! There’s nothing refreshing about phishers’ latest tactic

Exploiting CI/CD Pipelines for Fun and Profit

ToneShell Backdoor Targets IISS Defence Summit Attendees in Latest Espionage Campaign

NIS2, DORA, and Tiber-EU expanding cybersecurity regulation

Open Source Updates Have 75% Chance of Breaking Apps

New Developer-As-A-Service In Hacking Forums Empowering Phishing And Cyberattacks

VirtualBox 7.1: This is a major update, here’s what’s new

Cloudera Private Link Network helps enterprises protect their data

Hackers Mimic Google, Microsoft & Amazon Domains for Phishing Attacks

Adobe Patch Tuesday security updates fixed multiple critical issues in the company’s products

Pokémon GO was an intelligence tool, claims Belarus military official

If HDMI screen rips aren’t good enough for you pirates, DeCENC is another way to beat web video DRM

News alert: Opus Security’s new ‘Advanced Multi-Layered Prioritization Engine’ elevates VM

News alert: Criminal IP partners with IPLocation.io to deliver new tech to mitigate IP address evasion

Google Enhances Cloud Security with New Ransomware resistant Backup Vault

How Can Individuals Protect Themselves from Ransomware Attacks?

Lazarus Group Targets Developers with Fake Coding Tests

DragonRank SEO Manipulator is Targeting Asia and Europe

WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers

Benefits and best practices of leveraging AI for cybersecurity

Top priorities for federal cybersecurity: Infrastructure, zero trust, and AI-driven defense

Criminal IP Teams Up with IPLocation.io to Deliver Unmatched IP Solutions to Global Audiences

Internal disconnects vs. cybersecurity: How connectivity shapes challenges

Healthcare giant to pay $65M settlement after crooks stole and leaked nude patient pics

Google’s AI Model Faces European Union Scrutiny From Privacy Watchdog

Flipper Zero gets a big firmware upgrade, and some amazing new features

Hygiene, Hygiene, Hygiene! (Guest Diary), (Wed, Sep 11th)

AI safety showdown: Yann LeCun slams California’s SB 1047 as Geoffrey Hinton backs new regulations

Imperva Protects Against Critical Apache OFBiz Vulnerability (CVE-2024-45195)

Microsoft: Zero-day vulnerability rolled back previous patches

Vulnerability handling requirements for NIS2 compliance

Cyber crooks shut down UK, US schools, thousands of kids affected

Uncovering a Prototype Pollution Regression in the Core Node.js Project

5 ideas to help you have the online safety talk with your kid

Connect in Cancún with Learning & Certifications

FFIEC Will Sunset the Cybersecurity Assessment Tool: Everything You Need to be Prepared

IT Security News Daily Summary 2024-09-11

10 Countries With the Fastest Internet in the World (2024)

2024-09-11 – Data dump: Remcos RAT and XLoader (Formbook)

Optimizing Data Management for AI Success: Industry Insights and Best Practices

Cybersecurity Hiring: How to Overcome Talent Shortages and Skills Gaps

Apple Intelligence Promises Better AI Privacy. Here’s How It Actually Works

The Unraveling of an Iranian Cyber Attack Against the Iraqi Government

Chinese DragonRank Hackers Exploit Global Windows Servers in SEO Fraud

Major sales and ops overhaul leads to much more activity … for Meow ransomware gang

Customer Story | Protecting Students and Data in Google Workspace at Santa Rita Union School District

Join Us 9-30-24 for a CISO Series Meetup in Washington, DC

Former Girlfriend of FTX’s Bankman-Fried Seeks To Avoid Prison

How to prevent vendor email compromise attacks

HTTP vs. HTTPS: What’s the difference?

Connect in Cancùn with Learning & Certifications

DoJ Distributes $18.5 Million to Western Union Fraud Victims

Tech Stack Uniformity has Become a Systemic Vulnerability

Stopping the Harms of Automated Decision Making | EFFector 36.12

Innovator Spotlight: Salt Security

Innovator Spotlight: HUMAN

Hunters International claims ransom on Chinese mega-bank’s London HQ

Google Introduces ‘Air-Gapped’ Backup Vault to Thwart Ransomware

Slim CD Data Breach Exposes Credit Card Information of 1.7 Million Customers

Kali Linux 2024.3 released: 11 new tools, Qualcomm Snapdragon SDM845 SoC support

Navigating the Risks of Namespace Collision: A Critical Security Challenge

Microsoft Fixes Four 0-Days — One Exploited for SIX YEARS

SpyAgent Malware Uses OCR Tech to Attack Crypto Wallets

Digital Dictatorship: The Dangers of Unchecked Spyware

Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances

Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API

Latest Cybersecurity News Headlines on Google

Samsung India Workers Strike, Amid Report Of Overseas Job Cuts

What is DuckDuckGo? If you’re into online privacy, try this popular Google alternative

Cyberattack shuts down 34 Highline Public Schools for 3 days

Security Budgets Continue Modest Growth, but Staff Hiring Slows Considerably, Research Finds

Innovator Spotlight: Tanium

Disney Data Breach Exposes Sensitive Corporate and Personal Information

‘TIDrone’ Cybercriminals Target Taiwan’s Drone Makers

Free Russia Foundation Investigates Potential Cyberattack Amid Leak of Sensitive Documents

DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

Operational Technology Leaves Itself Open to Cyber-Attack

Five ways to lose your data

Hold – Verify – Execute: Rise of malicious POCs targeting security researchers

AWS To Invest £8 Billion In UK, Amid Cloud AI Expansion

Researchers Hacked Car EV Chargers To Execute Arbitrary Code

Threat Actors Exploiting Legitimate Software For Stealthy Cyber Attacks

8 Practices Software Engineers Should Adopt and Champion for Cybersecurity

Managed Assurance: Transforming Digital Experience with ThousandEyes on Meraki MX

Innovator Spotlight: Keepnet Labs

Innovator Spotlight: Lineaje

SplxAI Raises $2 Million to Protect AI Chatbot Apps

ADCS Attack Paths in BloodHound — Part 3

Gallup: Pollster Acts to Close Down Security Threat

Trust, Teams, and Tragedy – The Ever-Present Risk of Insider Threats

Successful Hyperloop Test Completed In Holland

Celebrating Innovation and Connection: Cisco in Paris with NBC Sports

Highline Public Schools school district suspended its activities following a cyberattack

AI Cybersecurity Needs to be as Multi-Layered as the System it’s Protecting

Quad7 Botnet Targets More SOHO and VPN Routers, Media Servers

Britain Must Call for Release of British-Egyptian Activist and Coder Alaa Abd El Fattah

So you paid a ransom demand … and now the decryptor doesn’t work

Intel Informs Customers About Over a Dozen Processor Vulnerabilities

Mitiga Cloud MDR detects threats in SaaS and cloud environments

Hackers Use Fake Domains to Trick Trump Supporters in Trading Card Scam

This Senate Bill Could Improve Voting Machine Security

Common Phishing Attacks and How to Protect Against Them

RansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDR

CISA adds SonicWall SonicOS, ImageMagick, and Linux Kernel Bugs to its Known Exploited Vulnerabilities catalog

DHS Cyber Review Board Will Announce Next Investigation ‘Soon’

Chinese ‘Crimson Palace’ Espionage Campaign Keeps Hacking Southeast Asian Governments

GDPR & CCPA: A CIO’s Essential Guide to Email Compliance

PIXHELL Attack Allows Air-Gap Jumping via Noise From Screens

The SBOM Survival Guide: Why SBOM Compliance is Set to Ignite IoT Security

SpecterOps Extends Reach of BloodHound Tool for Mapping Microsoft AD Attacks

Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate

Crypto Scams Reach New Heights, FBI Reports $5.6bn in Losses

Join Us 09-27-24 for “Hacking Alerts” – Super Cyber Friday

Apple Ordered To Pay Ireland €13bn In Taxes

Check Point Software Recognised as a Leader in GigaOm Radar Report for Security Policy as Code

Siemens Issues Critical Security Advisory for User Management Component (UMC)

OpenZiti: Secure, Open-Source Networking for Your Applications

CosmicBeetle Upgrades Arsenal with New ScRansom Ransomware to Target SMBs

Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)

Why Is It So Challenging to Go Passwordless?

Cybersecurity Workforce Gap Rises by 19% Amid Budget Pressures

Google Must Pay €2.4bn Fine, EU Court Rules

Siemens Industrial Edge Management Vulnerable to Authorization Bypass Attacks

Evaluating the Effectiveness of Reward Modeling of Generative AI Systems

Slim CD Data Breach Exposes Financial Data of almost 1.7 million People

Windows Elevation of Privilege Flaw Exploited by QakBot Malware, PoC Published

FBI Report Says Cryptocurrency Scams Surged in 2023

Earth Preta Upgrades Attack Strategy via Removable Drives

How $20 and a lapsed domain allowed security pros to undermine internet integrity

Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library

Tenable AI Aware provides exposure insight into AI applications, libraries and plugins

Opus Security empowers organizations to prioritize the most critical vulnerabilities

Poland’s Supreme Court Blocks Pegasus Spyware Probe

Phishing Pages Delivered Through Refresh HTTP Response Header

Critical Command Injection Flaw in Zyxel NAS Devices, Hotfixes Released for End-of-Support Products

UK: National Crime Agency, Responsible for Fighting Cybercrime, ‘On Its Knees,’ Warns Report

Reputation Hijacking With JamPlus: A Maneuver To Bypass Smart App Control (SAC)

Mind the talent gap: Infosec vacancies abound, but hiring is flat

AI In Wrong Hands: The Underground Demand for Malicious LLMs

Tanium helps organizations automate complex tasks in real-time

Proofpoint expands platform capabilities for broader, adaptive human-centric security controls

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

Cybersecurity News: Slim CD data breach, International sextortion bust, TfL mixed messages

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)

Cato Networks Expands Board of Directors with Two Industry Leaders

Data Breach at Golf Course Management Firm KemperSports Impacts 62,000

UK’s ICO and NCA Sign Memorandum to Boost Reporting and Resilience

FreeBSD Issues Urgent Security Advisory for CVE-2024-43102 (CVSS 10)

Gallup Poll Bugs Open Door to XSS Attacks

6 Questions to Answer Before Choosing an Identity Provider

Saviynt Intelligence delivers identity security analytics through ML and AI capabilities

Trellix strengthens email security with DLP capabilities

Securing Gold : Hunting typosquatted domains during the Olympics

New Android Spyware As TV Streaming App Steals Sensitive Data From Devices

New RansomHub Attack Killing Kaspersky’s TDSSKiller To Disable EDR

Open XDR vs. Native XDR: A Selection Guide for Organizations

Experts Demonstrate How to Bypass WhatsApp View Once Feature

P0 Security raises $15 million to govern and secure cloud access for all identities

Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

Microsoft Fixes Four Actively Exploited Zero-Days

Python Libraries Used for Malicious Purposes, (Wed, Sep 11th)

Adobe Security Update, Multiple Vulnerabilities Patched

Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days

German Cyber Agency Investigating APT28 Phishing Campaign

1.7 million credit card records leaked by payment gateway. Cyber Security Today for Wednesday, September 11, 2024

Ransomware attacks on financial firms in USA increased in 2024

How to Curtail Cyber Risks in Complex Cloud Environments

Behind the Power of the Cloud

Unveiling Hidden APIs and Securing Vulnerabilities in the Healthcare Sector

RansomHub Serves Up LaZagne

India to train 5000 ‘Cyber Commandos’

DockerSpy: Search for images on Docker Hub, extract sensitive information

Cybersecurity is a fundamental component of patient care and safety

Opus Security Elevates Vulnerability Management With its AI-Powered Multi-Layered Prioritization Engine

Cybersecurity jobs available right now: September 11, 2024

How AI and zero trust are transforming resilience strategies

eBook: Keep assets secure after cloud migration

ISC Stormcast For Wednesday, September 11th, 2024 https://isc.sans.edu/podcastdetail/9134, (Wed, Sep 11th)

Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack

How SOAR Automation is Boosting MSSP Revenue Without Replacing Human Workers

Where Do I Start With SASE Evaluations? Gartner® Report

Microsoft September 2024 Patch Tuesday Fixes 79 Flaws, Including 4 Zero-Days

VERT Threat Alert: September 2024 Patch Tuesday Analysis

Bug Left Some Windows PCs Dangerously Unpatched

IT Security News Daily Summary 2024-09-10

Are you having the right conversations about online safety with your kids?

Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities

Was your Social Security number leaked to the dark web? Here’s how to find out

Ivanti Releases Security Updates for Endpoint Manager, Cloud Service Application, and Workspace Control

BPL Medical Technologies PWS-01-BT and BPL Be Well Android Application

Viessmann Climate Solutions SE Vitogate 300

Quad7 botnet evolves to more stealthy tactics to evade detection

Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes

Manufacturing, Industrial Sectors Are Under Siege

Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes

Join us at FAIRCON24 – 10-02-24 for CISO Series Game Show

Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score

Microsoft will start charging for Windows 10 updates next year. Here’s how much

JFrog connects key software supply chain management dots

8 key aspects of a mobile device security audit program

CISA Adds Four Known Exploited Vulnerabilities to Catalog

Microsoft Releases September 2024 Security Updates

CISA Releases Four Industrial Control Systems Advisories

iniNet Solutions SpiderControl SCADA Web Server

London’s transit agency drops claim it has ‘no evidence’ of customer data theft after hack

Three years of progress on the pathway to net zero

Microsoft September 2024 Patch Tuesday, (Tue, Sep 10th)

Insights on Cyber Threats Targeting Users and Enterprises in Mexico

Is Anthropic’s new ‘Workspaces’ feature the future of enterprise AI management?

DarkCracks Malware Exploits Vulnerabilities in GLPI and WordPress Systems

Microsoft is going to start charging for Windows 10 updates next year. Here’s how much

Secure Network Analytics 7.5.1 – Improving Operational Efficiencies and Providing Tighter Integrations with Cisco …

Adobe Patches Critical, Code Execution Flaws in Multiple Products

Delinea Survey Surfaces Spike in Cybersecurity Insurance Claims

CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub

Over 40,000 WordPress Sites Affected by Privilege Escalation Vulnerability Patched in Post Grid and Gutenberg Blocks Plugin

India plans to train about 5k Cyber Commandos

The RAMBO Attack Explained: Risks, Implications, & Mitigations for RSA Security

Cybercriminals Ramp Up Malvertising Schemes Through Google Searches

Adlumin Thwarts Fog Ransomware Attack Using Innovative Decoy Technology

Highline Public Schools Forced to Close By Cyber-Attack

Cyber-risk quantification challenges and tools that can help

Rockwell Automation SequenceManager

CISA Flags ICS Bugs in Baxter, Mitsubishi Products

Thanks, Edward Snowden: You propelled China to quantum networking leadership

Crypto scams rake in $5.6B a year for cyberscum lowlifes, FBI says

USENIX Security ’23 – Can a Deep Learning Model for One Architecture Be Used for Others? Retargeted-Architecture Binary Code Analysis

Continuous Threat Exposure Management: A Proactive Cybersecurity Approach

CyberVolk Ransomware: A Rising Threat to Global Cybersecurity

Adaptiva enables users to instantly control patch rollouts

Tufin improves security automation on Azure, GCP, and VMware clouds

LOKKER’s consent management solution blocks all unauthorized data collection on websites

China-Linked Threat Actors Target Taiwan Military Industry

Chinese Hackers Using Open Source Tools To Launch Cyber Attacks

ChatGPT 4 can exploit 87% of one-day vulnerabilities: Is it really that impressive?

Payment provider data breach exposes credit card information of 1.7 million customers

Microsoft Is Disabling Default ActiveX Controls in Office 2024 to Improve Security

Citrix Releases Security Updates for Citrix Workspace App for Windows

Study Finds Excessive Use of Remote Access Tools in OT Environments

Small Business, Big Threats: INE Security Launches Initiative to Train SMBs to Close a Critical Skills Gap

How to Detect Suspicious API Traffic

Poland Dismantles Cyber Sabotage Group Linked to Russia, Belarus

The Slim CD Data Breach: 1.7 Million Credit Cards Compromised

Netskope accelerates cloud networking and security operations

The Role of VPNs in Protecting Online Privacy

Your partner “is cheating on you” scam asks you to pay to see proof

August 2024’s Most Wanted Malware: RansomHub Reigns Supreme While Meow Ransomware Surges

JFrog announces new integrations with Github Copilot, Nvidia Microservices and unified ops platform

Kimsuky-linked Hackers Use Similar Tactics to Attack Russia and South Korea

No Ransom Demand by Rhysida Before Columbus Data Leak: City IT Chief

Galileo delivers real-time fraud detection for fintechs, banks and businesses

Ketch helps media brands enable privacy-safe data activation

Join CISO Series for a Game Show at FAIRCON24 – 10-02-24

Man Faces 20 Years in Prison for First-Ever AI Music Streaming Scam

Top Security Flaws Hiding in Your Code Right Now and How To Fix Them

Using Time in Your Favor During a Ransomware Attack

Predator Spyware Roars Back with New Infrastructure, Evasive Tactics

AI in Cybersecurity: Understanding Challenges, Opportunities and New Approaches

Fake recruiter coding tests target devs with malicious Python packages

Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia

Improving Operational Efficiencies and Providing Tighter Integrations with Cisco Security Products

Poland thwarted cyberattacks that were carried out by Russia and Belarus

Darkhive Raises $21 Million for Drones, Secure Code Delivery System

CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)

Chinese APT Group Abuses Visual Studio Code to Target Government in Asia

New PIXHELL Attack Exploits Screen Noise to Exfiltrates Data from Air-Gapped Computers

Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

New Chrome Zero-Day

Risk Assessment and Gap Analysis for Industrial Control System infrastructure: the core essentials

Looking Toward U.S. Federal Privacy Regulation, How Software Companies can Prepare

Underground Demand for Malicious LLMs is Robust

‘TIDrone’ Cyberattackers Target Taiwan’s Drone Manufacturers

Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware

China Delegation Visits Brussels Over EV Tariffs

Beware Of Malicious Chrome Extension That Delivers Weaponized ZIP Archive

Researchers Details Attacks On Air-Gaps Computers To Steal Data

Key Cyber Insurance Stakeholders Urge Government To Help Close $900B in Uncovered Risk

Just-in-Time Access: Key Benefits for Cloud Platforms

Our Cybersecurity Journey Starts With a Single Overworked Staffer

CISA Issues Warning About Three Actively Exploited Vulnerabilities in the Wild

Cybercriminals Target Latin American Banks with Mekotio, BBTok, and Grandoreiro Trojans

Slim CD Data Breach Impacts 1.7 Million Individuals

Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments

Cybersecurity News: Payment processing breach, dark web admins charged, Predator spyware resurges

Moody’s Ratings: Cyber Insurance Competition Up, Prices Down

AI-Powered Deepfake Scams Wreak Havoc on Businesses

CISA Identifies Industrial Cybersecurity Bugs in Baxter and Mitsubishi Products

Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)

DoJ Distributes $18.5m to Western Union Fraud Victims

Huawei Launches World’s First Double-Hinged Smartphone

Why developers, GraphRAG, and Open Source Should be Core to Your GenAI strategy

PoC Exploit Releases for Windows Elevation of Privilege Vulnerability (CVE-2024-26230)

Homeland Security Hopes to Scuttle Maritime Cyber-Threats

Seventh Sense Unveils Revolutionary Privacy-Preserving Face-Based Public Key Infrastructure and eID Solution

Critical SonicWall SSLVPN Bug Exploited By Ransomware Actors

China Says New Dutch Chip Export Rules Result Of ‘Coercion’

X Updates Grok AI Chatbot Over Election Misinformation

WhatsApp’s “View Once” Feature Flaw Exploited in the Wild

High School in London Forced to Sends Students Home Following Ransomware Attack

Want to keep getting Windows 10 updates next year? Here’s what it will cost

SOX Compliance in the Age of Cyber Threats

U.S. CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog

The Biggest Cyber Warfare Attacks in Global Geopolitics

Strengthening Healthcare Cybersecurity: Lessons from Recent Supplier Attacks

CAMO Unveiled: How Cybercriminals Exploit Legitimate Software for Stealthy Attacks

Musician Charged With $10M Streaming Royalties Fraud Using AI and Bots

iPhone 16 Gets Generative AI, Siri Upgrade

Threat Actors Allegedly Claiming Leak of Capgemini Data

Huntress launches Managed SIEM, eliminating the complexity of traditional SIEMs

Ransomware attack makes school children go home and Veeam Backup Vulnerability

Understanding the Differences Between Password Management and Passkeys

Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M individuals

Thanks, Edward Snowden: you propelled China to quantum networking leadership

Legal Impact of GDPR Data Policy Violations

Free SaaS Pulse tool from Wing Security enhances SaaS security posture

Most Common Cybersecurity Threats to Avoid!

Payment Gateway Breach Exposes 1.7 Million Customers

Tech stack uniformity has become a systemic vulnerability

How human-led threat hunting complements automation in detecting cyber threats

ISC Stormcast For Tuesday, September 10th, 2024 https://isc.sans.edu/podcastdetail/9132, (Tue, Sep 10th)

33 open-source cybersecurity solutions you didn’t know you needed

Singapore moots legislation to outlaw use of deepfakes during elections

Poland’s Cybersecurity Experts Foil Russian and Belarussian Attacks

Eclypsium Product Roadmap

Experts demonstrated how to bypass WhatsApp View Once feature

Threat Assessment: North Korean Threat Groups

WhatsApp’s ‘View Once’ could be ‘View Whenever’ due to a flaw

Why Investing in Quality Analysts is Investing in Your Future

IT Security News Daily Summary 2024-09-09

Emergency Fix Issued for 10/10 Severity Vulnerability in LoadMaster Products

Building Cyber Resilience: How Continuous Training Fortifies Organizational Security

Become a Certified Threat Hunter with OffSec’s New Foundational Threat Hunting Course (TH-200)

Randall Munroe’s XKCD ‘Slingshots’

FIPPA: Understanding Canada’s Information and Protection Privacy Law

USENIX Security ’23 – BunnyHop: Exploiting the Instruction Prefetcher

CISA Director Jen Easterly Remarks at the Election Center 39th Annual National Conference in Detroit

Russia’s top-secret military unit reportedly plots undersea cable ‘sabotage’

Google Pushes Rust in Legacy Firmware to Tackle Memory Safety Flaws

CISA Director Jen Easterly Remarks at the 39th Annual National Conference in Detroit

LightEval: Hugging Face’s open-source solution to AI’s accountability problem

How to create an AI acceptable use policy, plus template

New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks

Google’s Grip on Ad Tech: What the UK Competition Watchdog Discovered

Council of Europe Lunches First AI Treaty

CISA Releases Election Security Focused Checklists for Both Cybersecurity and Physical Security

Google Goes On Trial In US Over Ad Tech Dominance

Payment Gateway SLIM CD Data Breach: 1.7 Million Users Impacted

Avis alerts nearly 300k car renters that crooks stole their info

Empowering Cybersecurity on the Go: Nuspire’s Revolutionary Mobile App

Achieving Cyber Clarity: myNuspire for Unified Cybersecurity Management

Meet Nutron: Your AI-Driven Ally in Proactive Cyber Defense

Redefining Cyber Defense: Introducing the Nuspire Cybersecurity Experience

Introducing the Nuspire Cybersecurity Experience: A New Era of Intelligent Unification

Credit Card details of over 1.7 million USA customers exposed

What the arrest of Telegram’s CEO means, with Eva Galperin (Lock and Code S05E19)

Predator spyware operation is back with a new infrastructure

1.7M potentially pwned after payment services provider takes a year to notice break-in

TFL Hit by Cyberattack, Leaving Disabled Riders Stranded

Novel Android Malware Employs OCR to Steal Crypto Wallet Keys From Images

Technology Causes “Digital Entropy” as Firms Struggle With Governance

Akira Ransomware Actively Exploiting SonicWall firewall RCE Vulnerability

Vulnerability Recap 9/9/24 – Exploited Vulnerabilities Persist

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Cisco and BT Partner to Upskill Ukrainian Refugees in Ireland

Strengthening enterprise storage against cyber threats

300,000 Impacted by Data Breach at Car Rental Firm Avis

DDoS Attacks Double With Governments Most Targeted

How to Reduce API Sprawl with API Discovery

Surfshark vs NordVPN (2024): Which VPN Should You Choose?

Bug lets anyone bypass WhatsApp’s ‘View Once’ privacy feature

Cisco University: Elevate Your Cybersecurity, Network Security, Forensics, and Incident Response Skills

Cyber Threats vs. Risks: Building a Proactive Cyber Defense

Kremlin-linked COLDRIVER crooks take pro-democracy NGOs for phishy ride

Vulnerability Summary for the Week of September 2, 2024

Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks

Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT

One More Tool Will Do It? Reflecting on the CrowdStrike Fallout

Cyber-Attack on Payment Gateway Exposes 1.7 Million Credit Card Details

New RAMBO Attack Steals Data Using RAM in Air-Gapped Computers

Two Indicted in US for Running Dark Web Marketplaces Offering Stolen Information

TP-Link Omada Cloud Essentials: Centralized network management and monitoring

Man Charged in AI-Generated Music Fraud on Spotify and Apple Music

A glimpse into the Quad7 operators’ next moves and associated botnets

5 Ways to Mitigate Risk in Cybersecurity

New Veeam Vulnerability Puts Thousands of Backup Servers at Risk – PATCH NOW!

Surfshark vs. NordVPN: Which VPN Is Better in 2024?

An expert’s big-picture view of the state of SecOps

What Is Industrial Control System (ICS) Cyber Security?

Critical Kibana Flaws Expose Systems to Arbitrary Code Execution

What is Malware

Sextortion Scam Now Use Your “Cheating” Spouse’s Name as a Lure

The Weaponization of AI and ML is Complicating the Digital Battlefield

Protecting Against Fog Ransomware: Key Strategies and Insights

Webinar: How to Protect Your Company from GenAI Data Leakage Without Losing It’s Productivity Benefits

Wireshark 4.4’s IP Address Functions, (Mon, Sep 9th)

Thousands of Avis car rental customers had personal data stolen in cyberattack

HAProxy Vulnerability CVE-2024-45506 Under Active Exploit: Urgent Patching Required

Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks

Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)

Australia Threatens to Force Companies to Break Encryption

Critical GeoServer Flaw Enabling Global Hack Campaigns

What You Need to Know About Grok AI and Your Privacy

LummaC2 Stealer and Malicious Chrome Extension Wreak Havoc

Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor

Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

Man Arrested After ‘Earning Millions’ From AI Music Tracks

Australian Official Received Death Threats After Musk Criticism

Trump ‘To Appoint Musk’ To Gov’t Efficiency Role If Elected

US DOJ To Propose Google Penalties By End Of Year

10 Things You Should Do to Securely Dispose of Computers

Is Apple’s iCloud Keychain Safe to Use in 2024?

TIDRONE APT targets drone manufacturers in Taiwan

SonicWall SSLVPN Access Control Flaw is Now Exploited in Akira Ransomware Attacks

One Million US Kaspersky Customers Transferred to Pango’s UltraAV

Industry Moves for the week of September 9, 2024 – SecurityWeek

Predator Spyware Resurfaces With Fresh Infrastructure

Apache Addresses Severe RCE Vulnerability in OFBiz with an Urgent Patch

25 Ways to Make the SOC More Efficient and Avoid Team Burnout

Unmasking PackXOR: The FIN7 Packer Exposed

Why Legacy MFA is DOA

Best Practices for Enterprise Security

Old Habits, New Threats: Why More Phishing Attacks are Bypassing Outdated Perimeter Detection

Cybersecurity News: Avis rentals breach, Microsoft disables ActiveX, Wisconsin Medicare breach

Examining the Intersection of Cybersecurity and Automation in 5 Different Industries

Security Automation – As Easy As Making Tea?

Post-Quantum Cryptography Coalition Publishes Comparison of International PQC Standards

Absolute Purchases Syxsense to Tackle Cyber Vulnerabilities

Feds Indicted Two Alleged Administrators of WWH Club Dark Web Marketplace

Feds Warn Health Sector to Patch Apache Tomcat Flaws

Cybersecurity regulation stepping up

New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys

Car Giant Avis Reveals Breach Impacted 300,000 Customers

Earth Preta Evolves its Attacks with New Malware and Strategies

TfL Cuts Data Feeds Amidst Cyber-Attack Fallout

NCSC Calls Out Cyber-Attacks From Russia’s GRU

Young Gamers Under Attack, Here is the List of Games Targeted

A week in security (September 2 – September 8)

Critical Flaw in IBM webMethods Integration Demand Immediate Action

What is a TPM, and why does Windows 11 require one?

Red Hat Issues Critical Patch for Pulpcore Authentication Bypass Flaw (CVE-2024-7923)

The Foundation of Zero-Trust Security Architecture

Security Budget Growth Slows, but Spending Remains Elevated

TfL Admits Some Services Are Down Following Cyber-Attack

How to Protect Healthcare Data from Cyber Attacks

CMA Finds Google Abuses Ad Tech Dominance

Boeing’s Starliner Returns To Earth Without Crew

IBM webMethods Integration Server Vulnerabilities Exposes Systems to Arbitrary Command Execution

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Loki: a new private agent for the popular Mythic framework

The Role of SIEM in Regulatory Compliance

Advanced surveillance is key to countering emerging global threats

Red Hat Enterprise Linux AI extends innovation across the hybrid cloud

5.9 terabytes of sensitive medical data leaked: Cyber Security Today for Monday, September 9th, 2024

Malware spread via LinkedIn and EV Charging Stations prone to Quishing Attacks

Progress Software fixed a maximum severity flaw in LoadMaster

Predator Spyware Resurfaces: Renewed Threats and Global Implications

Prevalent, Indigocube Security Partner to Elevate Third-Party Risk Management Solutions in SA

TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign

OpenZiti: Secure, open-source networking for your applications

AI cybersecurity needs to be as multi-layered as the system it’s protecting

U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks

Predator spyware updated with dangerous new features, also now harder to track

Best practices for implementing the Principle of Least Privilege


Password Cracking & Energy: More Dedails, (Sun, Sep 8th)

ISC Stormcast For Monday, September 9th, 2024 https://isc.sans.edu/podcastdetail/9130, (Mon, Sep 9th)

End of an era: Security budget growth slows down

Phishing in focus: Disinformation, election and identity fraud

Predator spyware updated withn dangerous new features, also now harder to track

2024-09-04 – Traffic Analysis Exercise: Big Fish in a Little Pond

Lazarus Group Targets Blockchain Pros with Fake Video Conferencing, Job Scam

IT Security News Weekly Summary – Week 36

IT Security News Daily Summary 2024-09-08

USENIX Security ’23 – Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels

83% of Businesses Hit by Ransomware – Are You Next?

Cyberattack Targets Malaysian Officials with Babylon RAT Malware

Here’s Why Attackers Have a Upper Hand Against CISOs

Australia’s Proposed Mandatory Guardrails for AI: A Step Towards Responsible Innovation


Python & Notepad++, (Sat, Sep 7th)

Password Cracking & Energy: More Dedails, (Sun, Sep 8th)

Feds indicted two alleged administrators of WWH Club dark web marketplace

22,000 PyPI Packages Affected by Revival Hijack Supply-Chain Attack

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 10

Addressing Critical Challenges in Responsible Enterprise AI Adoption

Security Affairs newsletter Round 488 by Pierluigi Paganini – INTERNATIONAL EDITION

Cyber Resilience: Preparing for the Inevitable in a New Era of Cybersecurity

(Re)Building the Ultimate Homelab NUC Cluster – Part 1

How to integrate CTEM into your cybersecurity strategy for continuous threat monitoring and mitigation?

Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast

Vulnerabilities in IBM Products Let Attackers Exploit & Launch DOS Attack