IT Security News Daily Summary 2024-08-17

Cyberattack disrupts housing services in Greater Manchester
The SIEM market is in full swing with consolidation, but are we delivering on the intended security promise?
The Growing Threat of OTP-Stealing Malware: Insights from Zimperium’s zLabs
National Public Data confirms data breach
USENIX Security ’23 – PROVIDENCE: A flexible, round-by-round risk-mitigation audit
Should Americans Share Their Social Security Number? Experts Explain the Pros and Cons
Using Cash App? You May Be Eligible for a Settlement Payout – Up to $2,500
The Hidden Threat: Vulnerable App on Google Pixel Devices Puts Millions at Risk
Was Your SSN Leaked to the Dark Web? How to Check for Suspicious Activity (and What to Do Next)
Did you get a fake McAfee or Norton invoice? How the scam works (and what not to do)
Geofence orders declared unconstitutional, but that’s not all
Paris 2024 Olympic Games faced more than 140 cyberattacks, no disruptions reported
How a BEC scam cost a company $60 million – Week in Security with Tony Anscombe
How to respond to the rise of banking trojans
How the Ransomware Attack at Change Healthcare Played Out: A Timeline
7-year-old bug in pre-installed Google Pixel app puts millions at risk
Vendor lock-in and increase in mergers and acquisitions contribute to increased ransomware threat
ValleyRAT malware targets Chinese speaking users
Dozens of Google products targeted by scammers via malicious search ads
A deep dive into a new ValleyRAT campaign targeting Chinese speakers
OpenAI blocks Iranian influence operation using ChatGPT for US election propaganda
Cyber Security Today – Weekly Review: The Challenge of Deep Fakes and More
CISA warns of critical vulnerabilities in Vonets WiFi Bridge devices, no patch available
Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities – Check Point Research
PrestaShop GTAG Websocket Skimmer
News item: Implementing AI-powered ‘Cisco HyperShield’ requires the right cybersecurity training
Attackers abuse public .env files to hack cloud accounts in extortion campaign
How to Use 1Password: Getting Started Guide
Sophos X-Ops: Ransomware gangs expand tactics, reach ‘chilling’ heights
TEST
Cyberattacks on North Korea: How to Educate Your Team About This New Scam Trend
USENIX Security ’23 – Reversing, Breaking, and Fixing the French e-Voting Protocol for Legislative Elections
CISA Adds SolarWinds Web Help Desk Bug to Its Catalog of Known Exploited Vulnerabilities
Assura, Inc. has been named to the Inc. 5000 for the 4th consecutive year, ranking #2,594!!
IT Security News Daily Summary 2024-08-16
Digital License Plates and the Deal That Never Had a Chance
OpenAI shuts down election interference operation that used ChatGPT
More sustainable mining with Cisco
After nearly 3 billion personal records leaked online, Florida data broker confirms they were plundered by cyber thieves
OpenAI stops influencing elections using ChatGPT
Secure AI Access by Design — Enabling Safe Use of GenAI Apps
Unicoin Hints at Possible Data Interference After G-Suite Compromise
Using Amazon GuardDuty Malware Protection to Scan Uploads to Amazon S3
The Slow-Moving Nightmare of the National Data Breach
Hacking Beyond .com — Listing Private TLDs
Russian citizen sentenced to 40 months in prison for selling stolen data on dark web
Massive National Public Data Breach Exposes 2.7 Billion Records
Lawmakers call for investigation into Chinese router maker TP-Link
Why Training is Critical to Cisco HyperShield Implementation
Report shows threat actors increasingly targeting macOS
User Mode vs Kernel Mode: OSes Explained
Doppelgänger operation rushes to secure itself amid ongoing detections, German agency says
Akamai’s Perspective on Patch Tuesday 2024 in August
What is SQL Injection and How to Avoid It?
The best security keys of 2024: tested by experts
DigiCert Announces Acquisition of Vercara
Ransomware surge exploits cybersecurity vulnerabilities caused by mergers and acquisitions
The biggest lesson from the Crowdstrike update outage
Critical security flaw discovered in Ivanti Virtual Traffic Manager
USENIX Security ’23 – Fact Saboteurs: A Taxonomy of Evidence Manipulation Attacks on Fact Verification Systems
Survey: Senior executives held more accountable for cybersecurity
Ukraine faces new phishing campaign targeting government computers, CERT warns
Attackers abuse public .env files to break into cloud and social media accounts
Unmasking the Styx Thief: How a Hacker Mistake Led to a Treasure Trove of Intelligence and Its Big Reveal
Secure GenAI applications by design
Biotech company hacked in 2023 to pay states $4.5 million for leaked data
Understanding IT Security Defense in Depth
Never save credit cards or social security numbers on your phone
What is an Endpoint Protection Platform (EPP)?
Report: 56% of security professionals concerned about AI-driven threats
Cybersecurity Insights with Contrast CISO David Lindner | 08/16/24
China limits exports of another crucial mineral
IT Stress Points for SMEs Identified by TalkTalk Business
Security experts welcome new encryption standards from NIST for quantum computers
Banshee Stealer, a new macOS malware with a monthly subscription fee of $3,000
Navigating the Future of Cybersecurity
Massive data breach exposes sensitive information for millions
X faces legal action from EU over alleged AI privacy missteps
This security researcher infiltrated the LockBit ransomware organization and unmasked its leader
Russian hacker gets 3+ years in prison for selling stolen login credentials on Dark Web
10,000 WordPress sites affected by arbitrary read and file deletion vulnerability in InPost PL and InPost for WooCommerce WordPress plugins
Report: Ransomware Gangs to Earn Over $450 Million in First Half of 2024
Cloud misconfigurations expose 110,000 domains to extortion in widespread campaign
ESG Survey Report Finds AI, Secrets, and Misconfigurations Plague AppSec Teams
Modernizing Identity Security in a Changing Threat Landscape
A ‘very large percentage’ of Pixel phones have a hidden security hole
SystemBC malware is being used by threat actors linked to Black Basta to target users
The AI Balance: Unlocking Potential, Dealing with Security Issues and Complexity
Patch Tuesday August 2024: Six Zero-Days and Six Critical Vulnerabilities Among 85 CVEs
New Windows vulnerability CVE-2024-6768 causes Blue Screen of Death on all versions of Windows 10 and 11
US bipartisan commission urges investigation into Chinese Wi-Fi routers
The relationship between performance and security
Russian hackers use fake brand websites to spread DanaBot and StealC malware
Russian citizen convicted in US for selling stolen financial data on criminal marketplace
Consolidation vs. Optimization: Which is More Cost-Effective for Improved Security?
It’s time to stop treating threat groups as supervillains, experts say
Addressing Cybersecurity Challenges in Healthcare: A Strategic Approach
Microsoft requires MFA for all Azure logins
AI-driven cyber threats are too overwhelming for more than 50% of security teams
Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics
Meta warns of troll networks from Russia and Iran ahead of US elections
New Banshee Stealer macOS malware costs $3,000 per month
The Hidden Vulnerabilities in Your SaaS Apps: Are You Doing the Necessary Due Diligence?
ArtiPACKED flaw exposed GitHub actions to token leaks
IBM to set up ‘full stack’ AI facility at university
New Windows IPv6 Zero-Click Vulnerability
DDoS attack volume increases, peak capacity reaches 1.7 Tbps
Ransomware attackers introduce new EDR killer to disable protection on compromised hosts
Revolut valued at $45 billion, bigger than Barclays and NatWest
Tech support scammers are impersonating Google through malicious search ads
National Florida Public Records Confirm Data Breach
Ailurophile: New Infostealer Spotted in the Wild
Google warns of Iranian hackers targeting partners of both US presidential campaigns
SolarWinds Web Help Desk vulnerability potentially exploited as zero-day
How to Use the Passwords App on Your iPhone with iOS 18
Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32
Cybersecurity News: GitHub Artifact Alert, RansomHub’s EDR Killer, SolarWinds Latest Hotfix
Millions of Pixel devices could be hacked due to a pre-installed vulnerable app
Research shows mergers and acquisitions can increase ransomware insurance losses
Ransomware group behind major Indonesian attack wears many masks
An analysis of common malware loaders
Pindrop Pulse Inspect analyzes and verifies whether media files contain synthetic speech
New Banshee Stealer Targets Over 100 Browser Extensions on Apple macOS Systems
Geopolitical tensions fuel explosion in DDoS attacks
Why You Should Remove the Hard Drive from Your Old Computer
VirusTotal += Huorong
Microsoft urges customers to fix zero-click Windows RCE in TCP/IP stack
Highly personalized phishing campaign targets Russian government dissidents
Balancing Business Growth, Risk Management and Cybersecurity
Trust for Ransom: What’s at Stake as Business Trust Erodes?
Critical Start helps organizations reduce cyber risks resulting from vulnerabilities
Massive cyberattack hits Iran’s central bank
Bundle your cybersecurity resources to create the perfect security ecosystem
Cybersecurity in Healthcare: A New Era of Regulation, Incentives, and Patient Safety
Google Pixel devices shipped with vulnerable app, putting millions at risk
Deepfake technology advances pose a real and present threat: Cyber Security Today for Friday, August 16, 2024
List of Vulnerable States in America that are Vulnerable to Cyber Attacks
Can a CIO prevent cyber threats and data breaches?
2024-08-15 – Traffic analysis exercise: WarmCookie
Authentik: Open-source identity provider
Business and technology consolidation opens doors for cybercriminals
AI governance and a clear roadmap are missing across enterprise adoption
New Infosec Products of the Week: August 16, 2024
How NoCode and LowCode Free Up Resources for Cybersecurity
ISC Stormcast for Friday, August 16, 2024 https://isc.sans.edu/podcastdetail/9100, (Friday, August 16)
(Guest Diary) 7 Minutes and 4 Steps to a Quick Win: A Description of Custom Tools (Friday, August 16)