IT Security News Daily Summary 2024-08-16

Digital License Plates and the Deal That Never Had a Chance
OpenAI shuts down election influence operation that used ChatGPT
More Sustainable Mining with Cisco
After nearly 3B personal records leak online, Florida data broker confirms it was ransacked by cyber-thieves
OpenAI shuts down election influence operation using ChatGPT
Secure AI Access by Design — Enabling Safe Usage of GenAI Apps
Unicoin hints at potential data meddling after G-Suite compromise
Using Amazon GuardDuty Malware Protection to scan uploads to Amazon S3
The Slow-Burn Nightmare of the National Public Data Breach
Hacking Beyond .com — Enumerating Private TLDs
Russian national sentenced to 40 months for selling stolen data on the dark web
Massive Data Breach at National Public Data Exposes 2.7 Billion Records
Lawmakers Ask for Probe of Chinese Router Maker TP-Link
Why Training is Critical to Implementing Cisco HyperShield
Threat Actors Increasingly Target macOS, Report Finds
User mode vs. kernel mode: OSes explained
Doppelgänger Operation Rushes to Secure Itself Amid Ongoing Detections, German Agency Says
Akamai?s Perspective on August?s Patch Tuesday 2024
What Is SQL Injection and How Can It Be Avoided?
The best security keys of 2024: Expert tested
DigiCert Announces Acquisition of Vercara
Ransomware Surge Exploits Cybersecurity Gaps Caused by M&A
The Biggest Lesson From Crowdstrike’s Update Malfunction
Critical Security Flaw Discovered in Ivanti Virtual Traffic Manager
USENIX Security ’23 – Fact-Saboteurs: A Taxonomy of Evidence Manipulation Attacks against Fact-Verification Systems
Survey: Senior Executives Being Held More Accountable for Cybersecurity
Ukraine Faces New Phishing Campaign Targeting Government Computers, Warns CERT
Attackers Exploit Public .env Files to Breach Cloud and Social Media Accounts
Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove and their Big Reveal
Secure GenAI Applications by Design
Biotech Company Hacked in 2023 Pays States $4.5 Million Over Breached Data
Understanding Defense in Depth in IT Security
Never store credit cards or Social Security Numbers on your phone
What is an endpoint protection platform (EPP)?
Report: 56% of Security Professionals Worry About AI-Powered Threats
Cybersecurity Insights with Contrast CISO David Lindner | 8/16/24
China To Limit Export Of Another Critical Mineral
IT Stress Points For SMEs Identified By TalkTalk Business
Security Experts Welcome NIST’s New Encryption Standards For Quantum Computers
Banshee Stealer, a new macOS malware with a monthly subscription price of $3,000
Navigating the future of cybersecurity
Massive Data Leak Exposes Sensitive Information for Millions
X Confronts EU Legal Action Over Alleged AI Privacy Missteps
This Security Researcher Infiltrated the LockBit Ransomware Outfit and Exposed its Leader
Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web
10,000 WordPress Sites Affected by Arbitrary File Read and Delete Vulnerability in InPost PL and InPost for WooCommerce WordPress Plugins
Report: Ransomware Gangs Rake in More Than $450 Million in First Half of 2024
Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign
ESG Survey Report Finds AI, Secrets, and Misconfigurations Plague AppSec Teams
Modernizing Identity Security Amid an Evolving Threat Landscape
A ‘very large percentage’ of Pixel phones have a hidden security vulnerability
SystemBC Malware Used to Target Users by Black Basta-Linked Threat Actors
The AI Balancing Act: Unlocking Potential, Dealing with Security Issues, Complexity
August 2024 Patch Tuesday: Six Zero-Days and Six Critical Vulnerabilities Amid 85 CVEs
New Windows Vulnerability CVE-2024-6768 Triggers Blue Screen of Death on All Versions of Windows 10 and 11
US Bipartisan Committee Urges Investigation Into Chinese Wi-Fi Routers
The Relationship Between Performance and Security
Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware
Russian Citizen Sentenced in US for Selling Stolen Financial Data on Criminal Marketplace
Consolidation vs. Optimization: Which Is More Cost-Effective for Improved Security?
It’s Time to Stop Thinking of Threat Groups as Supervillains, Experts Say
Addressing Cybersecurity Challenges in Healthcare: A Strategic Approach
Microsoft Mandates MFA for All Azure Sign-Ins
AI-powered cyber threats are too overpowering for over 50% of security teams
Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics
Meta Warns of Troll Networks From Russia, Iran Ahead of US Elections
New Banshee Stealer macOS Malware Priced at $3,000 Per Month
The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence?
ArtiPACKED Flaw Exposed GitHub Actions to Token Leaks
IBM to set up ‘full stack’ AI facility at university
New Windows IPv6 Zero-Click Vulnerability
DDoS Attack Volume Rises, Peak Power Reaches 1.7 Tbps
Ransomware Attackers Introduce New EDR Killer to Disable Protection on Compromised Hosts
Revolut Valued At $45 Billion, More Than Barclays, NatWest
Tech support scammers impersonate Google via malicious search ads
Florida-Based National Public Data Confirms Data Breach
Ailurophile: New Infostealer sighted in the wild
Google Warns of Iranian Hackers Targeting Affiliates of Both US Presidential Campaigns
SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day
How to use the Passwords app on your iPhone with iOS 18
Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32
Cybersecurity News: GitHub artifact warning, RansomHub’s EDR killer, SolarWinds latest hotfix
Millions of Pixel devices can be hacked due to a pre-installed vulnerable app
M&A Activity can Amplify Ransomware Insurance Losses, Research Finds
Ransomware Group Behind Major Indonesian Attack Wears Many Masks
An Analysis of Common Malware Loaders
Pindrop Pulse Inspect analyzes and verifies whether media files contain synthetic speech
New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems
Geopolitical Tensions Drive Explosion in DDoS Attacks
Why you should remove the hard drive from your old computers
VirusTotal += Huorong
Microsoft urges customers to fix zero-click Windows RCE in the TCP/IP stack
Highly-Personalized Phishing Campaign Targets Russian Government Dissidents
Striking a Balance Between Business Growth, Risk Management and Cybersecurity
Holding Trust for Ransom: What’s at Stake as Business Trust Erodes
Critical Start helps organizations reduce cyber risk from vulnerabilities
Massive Cyberattack Hit Central Bank of Iran
Pool your Cybersecurity Resources to Build The Perfect Security Ecosystem
Cybersecurity in Healthcare: A New Era of Regulation, Incentives, and Patient Safety
Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk
Deepfake Technology advancements pose a real and present threat: Cyber Security Today for Friday, August 16, 2024
List of vulnerable states in America that are vulnerable to Cyber Attacks
Can a CIO Avoid Cyber Threats and Data Breaches?
2024-08-15 – Traffic analysis exercise: WarmCookie
Authentik: Open-source identity provider
Business and tech consolidation opens doors for cybercriminals
AI governance and clear roadmap lacking across enterprise adoption
New infosec products of the week: August 16, 2024
How NoCode and LowCode free up resources for cybersecurity
ISC Stormcast For Friday, August 16th, 2024 https://isc.sans.edu/podcastdetail/9100, (Fri, Aug 16th)
(Guest Diary) 7 minutes and 4 steps to a quick win: A write-up on custom tools, (Fri, Aug 16th)
What’s Different About Data Security in the Cloud? Almost Everything.
NationalPublicData.com Hack Exposes a Nation’s Data
Publishers Spotlight: SquareX
Publisher’s Spotlight: Syxsense
IT Security News Daily Summary 2024-08-15
A group linked to RansomHub operation employs EDR-killing tool EDRKillShifter
2 Fast 2 Legal: How EFF Helped a Security Researcher During DEF CON 32
FBI and CISA Release Joint PSA, Just So You Know: Ransomware Disruptions During Voting Periods Will Not Impact the Security and Resilience of Vote Casting or Counting
The 5 different types of firewalls explained
Hacking Beyond.com — Enumerating Private TLDs
EFF Honored as DEF CON 32 Uber Contributor
DARPA, ARPA-H award $14m to 7 AIxCC semifinalists, with a catch
USENIX Security ’23 – TRIDENT: Towards Detecting and Mitigating Web-based Social Engineering Attacks
Dozens of Google products targeted by scammers via malicious search ads
July ransomware attacks slam public sector organizations
CISA Adds One Known Exploited Vulnerability to Catalog
PTC Kepware ThingWorx Kepware Server
Siemens COMOS
Siemens LOGO! V8.3 BM Devices
Siemens INTRALOG WMS
Google disrupted hacking campaigns carried out by Iran-linked APT42
Here’s How Users Can Safeguard Themselves From E-Challan Scams
North Miami Mayor’s Gmail Hacked; Ransomware Attack Disrupts City Services
AI, election security headline discussions at Black Hat and DEF CON
Google Confirms Iranian Hackers Behind US Presidential Hacks
Region 10 Team Provides Vital Election Security Training for Idaho
ReliaQuest: Watch Out for Info-Stealers and RATs
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 5, 2024 to August 11, 2024)
Voting Machine Company Involved in Bribing Scandal Has Long History of Controversy
New ValleyRAT Malware Targets Chinese Windows Users in Multi-Stage Attack
How to select an MDR security service
National Public Data confirms breach, scope unknown
Tusk: unraveling a complex infostealer campaign
Amazon To Test Prime Air Drone Delivery In UK, Again
Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw
Windows TCP/IP RCE Impacts all Systems with IPv6 Enabled, Patch Now
Google raps Iran’s APT42 for raining down spear-phishing attacks
Cisco Confirms Second Round Of Major Job Cuts In 2024
Wiping a Windows laptop? Here’s the safest free way to erase your personal data
NIST Releases First Post-Quantum Encryption Algorithms
USENIX Security ’23 – Strategies and Vulnerabilities of Participants in Venezuelan Influence Operations
Don’t Mess With Texas Privacy: AG Sues GM for $18 BILLION
Cyber-criminals Exploited Paris Olympics With Fake Domains
Rhysida Ransomware selling The Washington Times data for $304,500
Iranian APT42 Group Launch A Massive Phishing Campaign To Attack U.S. Presidential Election
Benefits of a More Sustainable Learning Environment in Schools and Universities
Ransomware Attacks on Industrial Firms Surged in Q2 2024
FBI and Allies Dismantle Dispossessor Ransomware Network
Microsoft Patches Critical SmartScreen Vulnerability Exploited by Attackers
When Data Security Fails: The National Public Data Breach Explained
The Noname Security 3.34 Update Includes Major Enhancements
BT Details Plan To Launch First Symmetric Ultrafast FTTP Broadband
Siemens SINEC Traffic Analyzer
Siemens SCALANCE M-800, RUGGEDCOM RM1224
Siemens NX
Siemens SINEC NMS
Siemens Teamcenter Visualization and JT2Go
Comprehensive Hacker Toolkit Uncovered: A Deep Dive into Advanced Cyberattack Tools
SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software
Advanced ValleyRAT Campaign Hits Windows Users in China
Benefits of a Sustainable Learning Environment in Schools and Universities
Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom
Cryptography: A Forgotten Part of Software Supply Chain Security
Ransomware Group Added a New EDR Killer Tool to their arsenal
CISOs list human error as their top cybersecurity risk
The best AirTag wallets of 2024: Expert tested
How to Maximize Network Security With AI and ML
Hackers Exploit Dark Skippy Attacks to Steal Secret Keys from Secure Devices
Earn Up to $31,200 Per Vulnerability: Introducing the WordPress Bug Bounty Superhero Challenge!
Transforming Network Security for the Digital Age with SASE
Rogue AI is the Future of Cyber Threats
News Malspam Attacks AnyDesk and Microsoft Teams
Simplify Your Data Center Security with Check Point’s Managed Firewall-as-a-Service (MFaaS)
Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App
How AI Innovation Will Elevate SMB Business Outcomes
A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers
SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability
DEF CON Calls for Cybersecurity Volunteers to Defend Critical Infrastructure
Russia’s FSB Behind Massive Phishing Espionage Campaign
Enabling the Safe Use of GenAI Applications
Choosing Security: Why Companies Should Reject Ransom Payments
Google: Iranian Group APT42 Behind Trump, Biden Hack Attempts
Russian-Linked Hackers Target Eastern European NGOs and Media
Another Record Year For Ransomware Beckons as Crypto Profits Hit $460m
Kim Dotcom “Has A Plan”, After NZ Signs Extradition Warrant
Russian man who sold logins to nearly 3,000 accounts gets 40 months in jail
Enabling Cybersecurity Incident Response
Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR
Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)
South Korea Says DPRK Hackers Stole Spy Plane Technical Data
RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks
Identity Threat Detection and Response Solution Guide
Google Warns of Iranian Cyber-Attacks on Presidential Campaigns
Google Shows Off Pixel 9 Lineup, Plus AI Upgrades
Microsoft patches bug that could have allowed an attacker to revert your computer back to an older, vulnerable version
Ongoing Social Engineering Campaign Refreshes Payloads
AutoCanada Hit by Cyberattack
Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments
Private Internet Access (PIA) vs ExpressVPN (2024): Which VPN Is Better?
Mad Liberator extortion crew emerges on the cyber-crook scene
Beyond Zero-Trust: The Impact of Adaptive Micro-Segmentation on Network Security
Information Security vs. Cybersecurity
CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations
FBI Says it is Investigating Purported Trump Campaign Hack
Human Error – An Overlooked Aspect of Cyber Risk
Cybersecurity News: Gemini AI privacy, AI Risk Repository, Russian phishing
NIST Finalizes 3 Algorithms to Combat Future Quantum Cyber Threats
Black Basta ransomware gang linked to a SystemBC malware campaign
GitHub Makes Copilot Autofix Generally Available
Hackers Use BingoMod Android RAT For Fraudulent Transactions
Patching Recent Linux Kernel Vulnerabilities with KernelCare
Exploring the Impact of NIST SP 800-53 on Federal IT Systems
SolarWinds Urges Upgrade After Revealing Critical RCE Bug
Wireshark 4.4.0rc1’s Custom Columns, (Thu, Aug 15th)
Was your Social Security number leaked to the dark web? Here’s how to know and what to do
Opinion: More layers in malware campaigns are not a sign of sophistication
New Cyber Threat Targets Azerbaijan and Israel Diplomats, Stealing Sensitive Data
GitHub Vulnerability ‘ArtiPACKED’ Exposes Repositories to Potential Takeover
Critical Vulnerabilities in IBM QRadar Allow Attackers to Execute Arbitrary Code Remotely
Taming Identity Sprawl With a Least Privilege Approach
Over 40 million Kakao Pay users’ data somehow ended up with Alipay
CMIYC 2024: RAdmin3 Challenge
New Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto Mining
Now espionage through HDMI Cables say experts
China-linked Attackers Target Russian Govt Entities
Russian Sentenced to 40 Months for Selling Stolen Data on Dark Web
74% of IT professionals worry AI tools will replace them
How passkeys eliminate password management headaches
Log in to the ADSM Portal using Region User
The AI balancing act: Unlocking potential, dealing with security issues, complexity
China-linked cyber-spies infect Russian govt, IT sector
Cisco Cuts Thousands of Jobs, 7% of Workforce, As It Shifts Focus to AI, Cybersecurity
DDoS attack volume rises, peak power reaches 1.7 Tbps
ISC Stormcast For Thursday, August 15th, 2024 https://isc.sans.edu/podcastdetail/9098, (Thu, Aug 15th)
A massive cyber attack hit Central Bank of Iran and other Iranian banks
Going Passwordless: 6 Tips to Navigate Passkey Adoption