IT Security News Daily Summary 2024-08-30

AI is growing faster than companies can secure it, warn industry leaders
Green Berets storm building after hacking its Wi-Fi
Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day
5 Key Cybersecurity Trends to Know in 2024
Fortra fixed two severe issues in FileCatalyst Workflow, including a critical flaw
Governments need to beef up cyberdefense for the AI era – and get back to the basics
US-China relationship remains ‘competitive’, as steps towards diplomacy strengthen
US CERT Alert AA24-242A (RansomHub Ransomware)
Twitch’s Drop Ins Feature Turned On VTubers’ Cameras Without Consent
Governments need to beef up cyberdefense for the AI era – and go back to the basics
USENIX Security ’23 – Pool-Party: Exploiting Browser Resource Pools For Web Tracking
Randall Munroe’s XKCD ‘Stranded’
Chinese Hackers Exploit Serious Flaw in Versa SD-WAN Systems
Bling Libra Shifts Focus to Extortion in Cloud-Based Attacks
Check Point Celebrates International Women in Cyber Day 2024
North Korean hackers exploited Chrome zero-day to steal crypto
US Offers $2.5 Million Reward for Hacker Linked to Angler Exploit Kit
The California Supreme Court Should Help Protect Your Stored Communications
Making Progress and Losing Ground
Automatically replicate your card payment keys across AWS Regions
Seven Deadly Myths of DDoS Protection
Durex data breach leaks sensitive details of customers
Iranian cybercriminals are targeting WhatsApp users in spear phishing campaign
Governments need to beef up cyberdefense for the AI era – which means going back to the basics
Simplify identity management with Red Hat IdM
Use cases and ecosystem for OpenShift confidential containers
Exploring the OpenShift confidential containers solution
RansomHub Breached Over 200 Victims, the FBI Says
What Is XDR Threat Hunting?
‘Store Now, Decrypt Later’: US Leaders Prep for Quantum Cryptography Concerns
Cybercriminals Capitalize on Travel Industry’s Peak Season
GitHub Copilot Security and Privacy Concerns: Understanding the Risks and Best Practices
Best Practices to Help Meet PCI DSS v4.0 API Security Compliance
FAA Grounds SpaceX Falcon 9 Rocket After Landing Failure
The Enterprise Guide to Cloud Security Posture Management
How Cisco AACPC Partner IP Consulting Transformed IT for Lowell Light and Power
Employee Arrested for Locking Windows Admins Out of 254 Servers in Extortion Plot
Innovator Spotlight: SNYK
Publishers Spotlight: Blumira
The Dual Nature of Telegram: From Protest Tool to Platform for Criminal Activity
Private Data of 950K Users Stolen in BlackSuit Ransomware Attack
Enhancing EU Cybersecurity: Key Takeaways from the NIS2 Directive
Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign
Apple, Nvidia In Talks To Join OpenAI Funding Round – Report
4 AI cybersecurity jobs to consider now and in the future
Third-Party Risk Management is Under the Spotlight
Top Travel Scams to Watch Out For: Protect Your Vacation from Common Fraud Schemes
Cyberattackers Exploit Google Sheets for Malware Control in Global Espionage Campaign
Russian APT29 Using NSO Group-Style Exploits in Attacks, Google
7 Smart Steps to Run Serverless Containers on Kubernetes
Ransomware Roundup – Underground
UK Labour Party Reprimanded Over Cyberattack Backlog by Privacy Regulator
Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers
Report: Ransomware Attacks on US Schools and Colleges Cost $9.45 Billion
In Other News: Automotive CTF, Deepfake Scams, Singapore’s OT Security Masterplan
Published Vulnerabilities Surge by 43%
Iranian Threat Group Attack US Organization via Ransomware
Wireshark 4.4 Released With New I/O Graphs, Flow Graph / VoIP Calls, TCP Stream
Radware Report Surfaces Increasing Waves of DDoS Attacks
How RansomHub went from zero to 210 victims in six months
Intel To Present Board With Strategic Options – Report
Voldemort Threat Actors Abusing Google Sheets to Attack Windows Users
Manufacturing Sector Under Fire From Microsoft Credential Thieves
Integrity360 Expands to South Africa with Grove Acquisition
Year-Long Malware Campaign Exploits NPM to Attack Roblox Developers
South Korea-linked group APT-C-60 exploited a WPS Office zero-day
The NIS2 Directive: How Far Does it Reach?
Fortra Patches Critical Vulnerability in FileCatalyst Workflow
INE Security Named 2024 SC Awards Finalist
Cybersecurity Insurance: Signals Maturity to Partners, Improved Security Response
Iranian Hackers Set Up New Network to Target U.S. Political Campaigns
Malware Masquerading as Palo Alto GlobalProtect Tool Targets Middle East Users
FBI: RansomHub Hits Over 200 Entities Since Feb
Top Cost-Effective Cybersecurity Strategies for SMBs
Philippines: Intel Fusion Center Eyed to Boost Cybersecurity
California Passes Landmark Bill Requiring Easier Data Sharing Opt-Outs for Consumers
PoorTry Windows Driver Deletes Crucial Files to Impairs Windows Computers
Veeam Widens Beam to MongoDB, Nutanix & Proxmox VE
New Malware Masquerades as Palo Alto VPN Targeting Middle East Users
Unpatchable Zero-Day in Surveillance Cameras is Being Exploited to Install Mirai
Cisco Bolsters AI Security by Buying Robust Intelligence
Russian Hackers Use Commercial Spyware Exploits to Target Victims
TLD Tracker: Exploring Newly Released Top-Level Domains
.NET-based Snake Keylogger Attack Windows Using Weaponized Excel Documents
LummaC2 Infostealer Resurfaces with Obfuscated PowerShell Tactics
Top 5 Cyber Security Companies in Mumbai
Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals
Cybersecurity News: DICK’S Sporting Goods cyberattack, Brain Cipher hacked Paris
Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence
Threat actors exploit Atlassian Confluence bug in cryptomining campaigns
New Tickler Malware Used to Backdoor US Government, Defense Organizations
What is a QR Code Scam?
Attackers Spread Lumma Stealer Malware GitHub Comments
The top 10 most-searched data security terms in the US: Can you define them?
2 Men From Europe Charged With ‘Swatting’ Plot Targeting Former US President and Members of Congress
Hackers Exploited Digital Advertising Tools to Launch Malicious Campaigns
DMARC Deployment Phases: What to Expect and How to Prepare
Accenture expands partnership with Google Cloud to boost AI adoption and cybersecurity
Hackers Repeatedly Using Same iOS & Chrome Exploits to Attack Government Websites
US Election-Themed Phishing Scams Rely on Fake Donation Sites
Buffer Overflow Flaw in TP-Link Routers Opens Door to RCE
Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns
New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads
SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments
North Korean Hackers Target Developers with Malicious npm Packages
Deepfake Scams, Fake Global Protect Malware, and Russian Threats:Cybersecurity Today: for Friday, August 30th, 2024
Palo Alto Networks found to spread Malware
How Ransomware Is Evolving into a Geopolitical Weapon
Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa
Lookiero – 4,981,760 breached accounts
Iran hunts down double agents with fake recruiting sites, Mandiant reckons
Sinon: Open-source automatic generative burn-in for Windows deception hosts
A macro look at the most pressing cybersecurity risks
New infosec products of the week: August 30, 2024
Cyber threats that shaped the first half of 2024
ISC Stormcast For Friday, August 30th, 2024 https://isc.sans.edu/podcastdetail/9120, (Fri, Aug 30th)
2024-08-30 – Approximately 11 days of server scans and probes
Simulating Traffic With Scapy, (Fri, Aug 30th)
2024-08-29 – Phishing email and traffic to fake webmail login page
US indicts duo over alleged Swatting spree that targeted elected officials
The Role of AI in Enhancing Patient Experience in HealthTech
Who Owns Implementation of California’s New Workplace Violence Prevention Law?
What a coincidence. Spyware makers, Russia’s Cozy Bear seem to share same exploits
IT Security News Daily Summary 2024-08-29
High Fidelity Data: Balancing Privacy and Usage
Nvidia’s ‘Eagle’ AI sees the world in Ultra-HD, and it’s coming for your job
Cisco addressed a high-severity flaw in NX-OS software
The art and science behind Microsoft threat hunting: Part 3
Threat Actors Exploit Microsoft Sway to Host QR Code Phishing Campaigns
Oh, great. Attacks developed by spyware vendors are being re-used by Russia’s Cozy Bear cretins
10 ways to speed up your slow internet connection today
Cisco Umbrella for Government: DNS Security Integrated With CISA Protective DNS
The 25% off Blink Mini 2 is one of the best security cameras deals this Labor Day
Preventing counterfeiting by adding dye to liquid crystals to create uncrackable coded tags
The AppViewX Experience: A Journey to Seamless Solution Onboarding
CISA Launches New Portal to Improve Cyber Reporting
Fake Canva home page leads to browser lock
Feds claim sinister sysadmin locked up thousands of Windows workstations, demanded ransom
What kind of summer has it been?
OpenAI, Anthropic To Share AI Models With US Government
6 Principles for Use of AI in K12 Education
Top Cybersecurity Companies You Need to Know in 2024 (And How to Choose One)
Musk Row With Brazil Continues, As Supreme Court Threatens To Suspend X
#StopRansomware: RansomHub Ransomware
Flying through Seattle’s hacked airport
Key Strategies for Building Cyber Workforce Resilience
Gaps in Skills, Knowledge, and Technology Pave the Way for Breaches
Innovator Spotlight: ThreatLocker
Spotlight on Sysdig
Spotlight on Akto.ai
Rock Chrome hard enough and get paid half a million
USENIX Security ’23 – RøB: Ransomware over Modern Web Browsers
Elevating your secrets security hygiene: H1 roundup of our product innovations
Cyberattacks Skyrocket in India, Are We Ready for the Digital Danger Ahead?
Check Point Software acquires Cyberint Technologies
Google Mulling ‘Hyperscale’ Vietnam Data Centre – Report
The best free VPNs of 2024: Expert tested
2.5 Million Reward Offered For Cyber Criminal Linked To Notorious Angler Exploit Kit
Flying through Sea-Tac’s hacked airport
Stay in the H2 know – providing clean water with Cisco industrial IoT
Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published
Innovator Spotlight: Beyond Identity
Innovator Spotlight: Zenity
Innovator Spotlight: Traceable AI
Dick’s Sporting Goods Says Sensitive Data Exposed in Cyberattack
Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack
Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32
North Korean Hackers Launch New Wave of npm Package Attacks
Intel Questioned By US Senator Over Job Cuts After $20bn Grant, Loans
Hackers Calling Employees to Steal VPN Credentials from US Firms
Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs
Rockwell Automation ThinManager ThinServer
Delta Electronics DTN Soft
Zero touch provisioning with Cisco Firewall Management Center Templates
Customer Experience is a Learning Experience
Top Data Center Priorities—Evolving Needs for Scaling Infrastructure
The Power of Reporting at Cisco Black Belt Academy: Driving Success for Partners
Innovator Spotlight: Reco.ai
BlackByte Ransomware Outfit is Targeting More Orgs Than Previously Known
Snowflake Faces Declining Growth Amid Cybersecurity Concerns and AI Expansion
BlackByte Adopts New Tactics, Targets ESXi Hypervisors
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 19, 2024 to August 25, 2024)
Inside the NIST Cybersecurity Framework 2.0 and API Security
A Measure of Motive: How Attackers Weaponize Digital Analytics Tools
Shares In Nvidia Fall, Despite Record Profits, Sales
How to embrace Secure by Design principles while adopting AI
Powerful Spyware Exploits Enable a New String of ‘Watering Hole’ Attacks
Check Point Joins Esteemed Sponsors of Security Serious Unsung Heroes Awards 2024
International Cyber Expo’s 2024 Tech Hub Stage Agenda Showcases the Future of Cybersecurity Innovation, From AI to Automation
Dick’s Sporting Goods Discloses Cyberattack
What is Gift Card and Loyalty Program Abuse?
Strata Identity to Host Tear Down and Modernization Webinar for Legacy Identity Infrastructures
Rain Technology Laptop Switchable Privacy protects against visual hackers and snoopers
Unpatched CCTV Cameras Exploited to Spread Mirai Variant
Corona Mirai botnet spreads via AVTECH CCTV zero-day
Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites
Marketing Trends: How to Use Big Data Effectively
Russia’s APT29 using spyware exploits in new campaigns
Russian government hackers found using exploits made by spyware companies NSO and Intellexa
Critical Fortra FileCatalyst Workflow Vulnerability Patched (CVE-2024-6633)
Strengthening Your Cybersecurity Insurance Posture with Privileged Access Management (PAM) Solutions
Brain Cipher claims attack on Olympic venue, promises 300 GB data leak
Harmful ‘Nudify’ Websites Used Google, Apple, and Discord Sign-On Systems
Cisco Patches Multiple NX-OS Software Vulnerabilities
Iranian State Hackers Team Up with Ransomware Gangs in Attacks on US
Telegram CEO Pavel Durov charged with allowing criminal activity
AI Hype vs Hesitence
A Guide To Selecting The Best URL Filtering Software
Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks
How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back
U.S. Agencies Warn of Iranian Hacking Group’s Ongoing Ransomware Attacks
Surge in New Scams as Pig Butchering Dominates
Telegram’s Pavel Durov Charged For Allowing Criminal Activity On App
NordVPN vs Proton VPN (2024): Which VPN Should You Choose?
Telegram CEO Pavel Durov charged in France for facilitating criminal activities
May 2024 Cyber Attacks Statistics
Threat Group ‘Bling Libra’ Pivots to Extortion for Cloud Attacks
Iranian Hackers Secretly Aid Ransomware Attacks on US
The Emerging Dynamics of Deepfake Scam Campaigns on the Web
Google, Apple, and Discord Let Harmful AI ‘Undress’ Websites Use Their Sign-On Systems
Meeting the New Cyber Insurance Requirements
Hundreds of LLM Servers Expose Corporate, Health & Other Online Data
What’s Working With Third-Party Risk Management?
Exploring the VirusTotal Dataset | An Analyst’s Guide to Effective Threat Research
Scam Sites at Scale: LLMs Fueling a GenAI Criminal Revolution
Analysis of two arbitrary code execution vulnerabilities affecting WPS Office
Stealing cash using NFC relay – Week in Security with Tony Anscombe
Don’t Leave Your Digital Security to Chance: Get Norton 360
CISA Adds Google Chromium V8 Bug to its Known Exploited Vulnerabilities Catalog
AWS Load Balancer Plagued by Authentication Bypass Flaw
Iranian Hackers Use New Tickler Malware to Collect Intel From US, UAE
Cybersecurity News: Iran hacking, Labour Party backlog, more Telegram warrants
Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool
Sweat Sensors Raise Health Benefits and Privacy Concerns
Bitwarden introduces enhanced inline autofill feature for credit cards and identities
IT Engineer Charged For Attempting to Extort Former Employer
Check Point to Acquire Cyberint Technologies to Enhance Operations
US Sees Iranian Hackers Working Closely With Ransomware Groups
RISCPoint RADAR provides real-time vulnerability detection across multiple attack surfaces
Unifying Cyber Defenses: How Hybrid Mesh Firewalls Shape Modern Security
Change Management and File Integrity Monitoring – Demystifying the Modifications in Your Environment
Concentric AI unveils AI-based DSPM functionality that monitors user activity risk
Live Patching DLLs with Python, (Thu, Aug 29th)
Wireshark 4.4.0 Released – What’s New!
Critical Vulnerability in Perl Module Installer Let Attackers Intercept Traffic
Iran-linked group APT33 adds new Tickler malware to its arsenal
French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform
America witnesses $1.5 billion in Cyber Crime losses so far in 2024
National Public Data (NPD) Breach: Essential Guide to Protecting Your Identity
The NIS2 Directive: How far does it reach?
Ransomware Attacks Exposed 6.7 Million Records in US Schools
Deepfakes: Seeing is no longer believing
Why ransomware attackers target Active Directory
Durex India spilled customers’ private order data
CrowdStrike Estimates the Tech Meltdown Caused by Its Bungling Left a $60 Million Dent in Its Sales
Third-party risk management is under the spotlight
ISC Stormcast For Thursday, August 29th, 2024 https://isc.sans.edu/podcastdetail/9118, (Thu, Aug 29th)
CrowdStrike’s meltdown didn’t dent its market dominance … yet
BlackByte Ransomware Exploits New VMware Flaw in VPN-Based Attacks
When Get-Out-The-Vote Efforts Look Like Phishing
Are Java Users Making Bad Oracle Java Migration Decisions?