IT Security News Daily Summary 2024-08-19

SOCI Act 2024: Thales report reveals breaches of critical infrastructure in Australia
Data Detection and Response (DDR) Guide
According to Microsoft, the Windows BitLocker recovery bug has been fixed
Announcing New EDR Capabilities for Webroot Endpoint Protection
CISA Adds Jenkins Command Line Interface (CLI) Bug to Its Catalog of Known Exploited Vulnerabilities
OpenAI removes Iranian accounts using ChatGPT to write disinformation about US elections
test
Your Android phone is getting an anti-theft upgrade, thanks to AI. Here’s how it works
Too Many Cloud Security Tools? Time to Consolidate
MSPs: The Cisco Meraki Approach to Addressing MDU Deployments
California Court: Try a Privacy Act, Not Online Censorship
NO FORGERIES – A lawyer’s dream, everyone else’s nightmare
Multiple bugs in Microsoft macOS apps not patched despite potential risks
Extortion group abuses cloud configurations, targets 110,000 domains
Mike Lynch and five others missing after yacht sinks off Sicily
SAFECOM and NCSWIC Develop Global Positioning System (GPS) for Public Safety Location Services: Use Cases and Best Practices
Citizen Service Number Data Breach: What You Need to Know
Researchers have discovered new infrastructure linked to the cybercrime group FIN7
‘The War for Port 80’ by Daniel Stori
Here’s What Businesses Can Learn From SEC’s $2 Million Ransomware Attack Settlement
Zero-Trust Security: The Critical Role of Trust and Human Integrity
Stolen, blocked debit cards can be used with digital wallet apps
Understanding Secrets Management on Amazon EKS for Regulated Institutions
CISA Warns of Active Exploitation of Vulnerability in SolarWinds Web Help Desk
FlightAware warns that some customers’ data has been ‘exposed’, including social security numbers
Vulnerability overview for the week of August 12, 2024
How We Transformed Akamai from a CDN to a Cloud and Security Company
AWS cyberattack exposes over 230 million unique cloud environments
Lessons Learned from the CrowdStrike Outage: Questions to Ask Vendors
National Public Data publishes its own passwords
Windows Zero-Day Attack Linked to North Korea’s Lazarus APT
FBI, CISA assure public of election ransomware protection
$4,998 Bounty Awarded and 100,000 WordPress Sites Protected from Unauthenticated Remote Code Execution Vulnerability in GiveWP WordPress Plugin
Data Security Solution for US Federal Customers
Hacked GPS tracker exposes customer location data
Dodging the Cyber Bullet: Early Signs of a Ransomware Attack
Cyber Stressed! Top 3 MSP Cybersecurity Challenges (And How to Solve Them)
Heimdal and ViroSafe collaborate to strengthen cybersecurity in Scandinavia
Mandatory MFA is coming to Microsoft Azure
USENIX Security ’23 – Cipherfix: Reducing Ciphertext Side-Channel Attacks in Software
The Rise of Manual Techniques in Ransomware Attacks: A Growing Threat
New Xeon Sender Tool Enables Large-Scale SMS Spam Attacks
“WireServing” Up Credentials: Escalating Privileges in Azure Kubernetes Services
AI SPERA and Hackers Central Partner to Expand the Mexican Security Market with ‘Criminal IP ASM’
If your BSN has been leaked online, you must freeze your credit: this is how you do it
Cyber insurance claims fall as companies refuse to pay ransoms and recover
National public data says breach affects 1.3 million people
Massive data breach exposes citizen service numbers of 2.9 billion people
Major FlightAware data breach exposes pilot and user information
Eigen proactively detects and saves data changes in Salesforce
Appian helps organizations prepare for current and future AI regulations
Microsoft apps for macOS exposed to library injection attacks
Announcing AWS KMS Elliptic Curve Diffie-Hellman (ECDH) Support
Lazarus Hacker Group Abuses Microsoft Windows Zero-Day
Getting to know Katrin Bauer
Azure Domains and Google abused to spread disinformation and malware
EFF and partners to EU Commissioner: Prioritize user rights, avoid politicized enforcement of DSA rules
National public data tells officials ‘only’ 1.3 million people affected by burglary
Cybercriminals are abusing popular software searches to spread FakeBat malware
New UULoader malware spreads Gh0st RAT and Mimikatz in East Asia
API Security: The Cornerstone of AI and LLM Protection
Internal and external threat intelligence
Crypto firm says hacker locked all employees out of Google products for four days
Mad Liberator Gang Uses Fake Windows Update Screen to Hide Data Theft
Hack at Oregon Zoo Ticketing Service Affects 118,000
How to Automate the Hardest Parts of Employee Offboarding
Microsoft Users Rush to Patch Zero-Click TCP/IP RCE Vulnerability
Ransomware resilience reduces cyber insurance claims
Linux Kernel Vulnerability Lets Attackers Bypass CPU, Gain Read/Write Access
Irreversible Microsoft Entra ID authentication bypass poses threat to hybrid IDs
The Essential Guide to Evaluating Competitive Identity Verification Solutions
Xeon Sender Tool leverages cloud APIs for large-scale SMS phishing attacks
How can you check if your BSN has been leaked on the dark web after the NPD breach?
OpenAI disables accounts used by Iranian election influence group
Court limits injunction on California social media law
Millennials’ sense of privacy is uniquely tested in romantic relationships
Supply Chain Security Policy
CyberGhost vs ExpressVPN (2024): Which VPN is Better?
Pentagon plans drone ‘hell’ to defend Taiwan
Experts warn of exploit attempt for Ivanti vTM bug
BlindEagle flies high in Latin America
Industry Movements for the Week of August 19, 2024 – SecurityWeek
100,000 affected by data breach at Jewish Home Lifecare
Combining Continuous Pentesting with Attack Surface Management
How Multiple Vulnerabilities in Microsoft Apps for macOS Pave the Way for Permission Stealing
Tracki – 372,557 hacked accounts
Thousands of Oracle NetSuite ecommerce sites expose sensitive customer data
Update: Windows Zero-Day vulnerability exploited by Lazarus APT with North Korea links
Cybersecurity News: Entra Enforces MFA, New AnyDesk Heist, Google Pixel Vulnerability
TikTok says US data not linked to China
Texas Instruments Receives $1.6 Billion in Chip Financing from US Government
Duke of Sussex speaks out against online misinformation
Shares in EV maker Ola rise after motorcycle launch
Microsoft Zero-Day CVE-2024-38193 was exploited by Lazarus APT, a virus linked to North Korea
Rewrite Hysteria: Increasing Abuse of URL Rewriting in Phishing
Mandatory MFA for Azure logins is coming
NCSC opens Cyber Resilience Audit Scheme to applicants
Improving internal controls: correlation, mapping and risk mitigation
10 Authentication Trends in 2024 and Beyond
Fast Forward or Free Fall? Navigating the Rise of AI in Cybersecurity
Group-IB Partners with SecurityHQ to Enhance SOC Capabilities
AMD has patched the recently disclosed SinkClose CPU vulnerability
ProtonVPN Opens Browser Extension Feature to Free Users
A Week in Safety (August 12 – August 18)
Unicoin Staff Locked Out of G-Suite in Mysterious Attack
OpenAI Takes Action Against Iranian Disinformation Campaigns Using ChatGPT: Cyber Security Today for Monday, August 19, 2024
Epic Games’ Fortnite returns to smartphones after four years
Explore Talent (August 2024) – 8,929,384 hacked accounts
The Inefficiency of People Search Removal Tools, a Massive Data Breach Affecting US Citizens
Microsoft patches zero-day vulnerability exploited by North Korean Lazarus Group
Do you like Donuts? Here’s a Donut Shellcode Provided Via PowerShell/Python, (Mon, 19 Aug)
National public data leaks social security numbers of about 2.7 billion people
Countries with the highest salaries for cybersecurity experts
Researchers have found a new technique to defend against cache-side channel attacks
Ransomware Gangs Introduce New EDR Killing Tool
National Public Records Admits Leaking Millions of Social Security Numbers
Researchers Discover New Infrastructure Linked to FIN7 Cybercrime Group
BeaverTail malware attacks Windows users via weaponized games
Has Your Social Security Number Been Leaked to the Dark Web? Use This Tool to Find Out
Protecting Academic Assets: How Higher Education Can Improve Cybersecurity
x64dbg: Open-source binary debugger for Windows
To improve your cybersecurity posture, you need to focus on the data
Common API Security Issues: From Exposed Secrets to Unauthorized Access
ISC Stormcast for Monday, August 19, 2024 https://isc.sans.edu/podcastdetail/9102, (Monday, August 19)
Has your SSN been leaked to the dark web? Use this tool to find out
RansomHub-related EDR-killing malware spotted in the wild
The Mad Liberator ransomware group uses social engineering techniques
IT Security News Weekly Summary – Week 33
IT Security News Daily Summary 2024-08-18
USENIX Security ’23 – NVLeak: Off-Chip Side-Channel Attacks via Non-Volatile Memory Systems
How to Freeze Your Credit – and How It Can Help Protect You After a Data Breaches
From 2018: DeepMasterPrints: Tricks Fingerprint Recognition Systems with MasterPrints Generated with GANs
The Rise of Malvertising: How Scammers Target Google Products with Malicious Search Ads
Russian disinformation network struggles to survive repression
Pro-Palestine organization takes responsibility for hacking Donald Trump-Elon Musk interview
Washington Times Ransomware Attack Leads to Dark Web Data Auction
Navigating AI and GenAI: Balancing Opportunities, Risks, and Organizational Readiness
National Public Records Breach Exposes Millions: Identity Theft Threat Looms
CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass – Deep Dive
Achieving Wins for Security Leaders: Strategies and Considerations for Success
Newsletter Safety Affairs Round 485 by Pierluigi Paganini – INTERNATIONAL EDITION
NEWSLETTER ON MALWARE IN SECURITY CASES – ROUND 7
Large-scale extortion campaign targets publicly accessible environment variable (.env) files
Weekly Review: MS Office Flaw Could Leak NTLM Hashes, Malicious Chrome and Edge Browser Extensions