IT Security News Weekly Summary – Week 38

Hackers Claim Second Dell Data Breach in One Week

Security Flaw in Google Cloud Document AI Could Expose Sensitive Data, Experts Warn

Global Taskforce Dismantles Encrypted Criminal Platform ‘Ghost,’ Leading to 51 Arrests

Tor Project Assures Users It’ Safe Amid Controversy of Deanonymizing Users

USENIX NSDI ’24 – Jolteon: Unleashing the Promise of Serverless for Serverless Workflows

IT Leaders Raise Security Concerns Regarding Generative AI

Massive Chinese Botnet Infects SOHO Routers and IP Cameras

macOS Sequoia Interferes With VPNs And EDRs Following Update

Security Affairs newsletter Round 490 by Pierluigi Paganini – INTERNATIONAL EDITION

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 12

The TechCrunch Cyber Glossary

Noise Storms: Mysterious massive waves of spoofed traffic observed since 2020

The Great Ai Swindle

Tor Assured Safety Amidst Deanonymizing Claims From Authorities

Lumma Stealer Uses Fake CAPTCHA Pages to Distribute Malware

Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18

2024-09-19 – File downloader to Lumma Stealer

FBI, CISA warning over false claims of hacked voter data – Week in security with Tony Anscombe

IT Security News Daily Summary 2024-09-21

‘Harvest now, decrypt later’: Why hackers are waiting for quantum computing

Cloudflare Outage Disrupts Website Access in Multiple Regions, Affecting Global Users

Understanding the critical role of resilience in defending against ransomware

Technology Governance Needs A Rethink on Prioritizing Resilience Against Digital Threats

GitLab Addressed Critical SAML Auth Flaw With The Latest Release

Hackers stole over $44 million from Asian crypto platform BingX

Apple’s macOS Sequoia Update Breaks Security Tools

USENIX NSDI ’24 – Autothrottle: A Practical Bi-Level Approach to Resource Management for SLO-Targeted Microservices

Email Attacks Target 80% of Key Infrastructure Firms, Study Reveals

Ransomware Outfits Are Exploiting Microsoft Azure Tool For Data Theft

The Expanding PKfail Vulnerability in Secure Boot and Its Alarming Impact

Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks

OP KAERB: Europol dismantled phishing scheme targeting mobile users

Kawasaki Ransomware Attack: 500 GB Alleged Data Leaked, RansomHub Claims

Ukraine Bans Telegram Use for Government and Military Personnel

LinkedIn Halts AI Data Processing in UK Amid Privacy Concerns Raised by ICO

How Apple, Google, and Microsoft can save us from AI deepfakes

Modernizing and Applying FedRAMP Security Standards to Accelerate Safe AI

Watch Now: Attack Surface Management Summit – All Sessions on Demand

China Linked APT: Raptor Train Botnet Attacks IoT Devices

Iranian Hackers Tried to Give Hacked Trump Campaign Emails to Dems

Prime Day is approaching, and so are the scams surrounding it

2024 Cybersecurity Laws & Regulations

Earth Baxia Exploits GeoServer to Launch APAC Spear-Phishing Attacks

CISA Adds Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and MSSQL Server Bugs to its KEV Catalog

Patch this Critical Safeguard for Privileged Passwords Authentication Bypass Flaw

Microsoft Entra ID’s Administrative Units Weaponized to Gain Stealthy Persistence

Germany Seizes 47 Crypto Exchanges Used by Ransomware Gangs

Clever ‘GitHub Scanner’ Campaign Abusing Repositories to Push Malware

Ukraine bans Telegram for government agencies, military, and critical infrastructure

A hacker’s view of civic infrastructure: Cyber Security Today – Special Feature

Customer Story | Lanett City Schools Works Smarter With The Help Of Cloud Monitor

Friday Squid Blogging: Squid Game Season Two Teaser

Adversarial attacks on AI models are rising: what should you do now?

Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-45229

IT Security News Daily Summary 2024-09-20

Tor Project responded to claims that law enforcement can de-anonymize Tor users

USENIX NSDI ’24 – Revisiting Congestion Control for Lossless Ethernet

How Asset Discovery Tools Work

Seattle Port Suffers Data Breach, Rhysida Ransomware Suspected

Ukraine Bans Telegram Messenger App on State-Issued Devices Because of Russian Security Threat

Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #306 – My Door Is Always Open

Police Broke Tor Anonymity to Arrest Dark Web Users in Major CSAM Bust

Navigating the Regulatory Maze: Simplifying Data Compliance

How to prepare for post-quantum computing security

Internet surveillance firm Sandvine says it’s leaving 56 ‘non-democratic’ countries

From Burnout to Balance: How AI Supports Cybersecurity Professionals

US indicts two over socially engineered $230M+ crypto heist

Behavioral Baselining and its Critical Role in Cybersecurity

“Simply staggering” surveillance conducted by social media and streaming services, FTC finds

The best VPN routers of 2024

Automate detection and response to website defacement with Amazon CloudWatch Synthetics

Top data breach news headlines trending on Google

Is Telegram safer than WhatsApp when it comes to Data Security

Samsung Warns Striking Workers In India Of No Pay, Possible Termination

HackerOne: Nearly Half of Security Professionals Believe AI Is Risky

Clever Social Engineering Attack Using Captchas

Ivanti patches exploited admin command execution flaw

Google Expands Chrome Security and Privacy Capabilities

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

New cybersecurity advisory highlights defense-in-depth strategies

Innovations in Falcon Cloud Security at Fal.Con 2024

CrowdStrike Announces Falcon Identity Protection Innovations for Entra ID and Privileged Access

CrowdStrike Unveils AI Innovations to Expedite Security Operations and Upgrade the Analyst Experience

CrowdStrike Next-Gen SIEM Innovations Slash Response Time and Simplify SIEM Migrations

CrowdStrike Drives Cybersecurity Forward with New Innovations Spanning AI, Cloud, Next-Gen SIEM and Identity Protection

Simplify NIS2 compliance with Sonatype

Preparing Healthcare for Ransomware Attacks: A 12-Step Approach by Dr. Eric Liederman

Upgrading to MacOS Sequoia? Here’s why you may want to hold off

UNC1860 provides Iran-linked APTs with access to Middle Eastern networks

Hackers Deliver Popular Crypto-Miner Through Malicious Email Auto Replies, Researchers Say

Google Now Syncing Passkeys Across Desktop, Android Devices

Say Goodbye to Login Struggles with Apple’s New ‘Passwords App’

Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials

Ukraine Bans Telegram On State-Issued Devices

Construction Firms Targeted in Brute Force Assaults on Accounting Software

US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities

Brazil’s Judge Accuses X of ‘Willful’ Circumvention

Where’s your BitLocker recovery key? How to save a copy before the next Windows meltdown

-=TWELVE=- is back

In Other News: Disney Ditches Slack, Binance Malware Warning, Defense Conference Targeted

Red Hat OpenShift Users Urged to Patch Critical Build Flaws

CISA Releases Six Advisories for Industrial Control Systems

Synergizing Cybersecurity: The Benefits of Technology Alliances

Kubernetes Container Isolation Startup Edera Raises $5 Million

Passwordless AND Keyless: The Future of (Privileged) Access Management

Check The Out 7 Major Applications Of GPU Dedicated Server

Acronis Backup Plugins Hit by CVE-2024-8767: CVSS 9.9 Severity Alert

Silicon UK AI For Your Business Podcast: Turing’s Legacy

Hackers Allegedly Claim Breach of Dell Employee Database

US DoJ charged two men with stealing and laundering $230 Million worth of cryptocurrency

CVE-2023-48788 Exploited: Researcher Details Cyberattacks on Fortinet FortiClient EMS

Experts Warn of China-Linked APT’s Raptor Train IoT Botnet

Tor Responds to Reports of German Police Deanonymizing Users

Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East

Silicon UK In Focus Podcast: The State of E-commerce

Best of CrowdStrike Fal.Con 2024: Tackling Adversity with a Wave of Cybersecurity Innovation

Cybercriminals Exploit CAPTCHA to Deliver Malware: Experts Issue Warning

Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable

Cybersecurity News: INC targets healthcare, Providence schools cyberattack, Apple iPads bricked

Cybercrooks strut away with haute couture Harvey Nichols data

New Phishing Campaign Exploiting Google App Scripts: What Organizations Need to Know

The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector

Ivanti Warns of Second CSA Vulnerability Exploited in Attacks

Companies Often Pay Ransomware Attackers Multiple Times

AI Could Help Resolve IT/OT Integration Security Challenges

More Than Two Million Stolen VPN Passwords Discovered

Resecurity joins Cloud Security Alliance to help organizations secure cloud technologies

Protecting Yourself from Malicious Web Apps: What You Need to Know

Hertz Car Rental Platform Leaks 60,000 Insurance Claim Reports

GitLab Urges Organization to Patch for Authentication Bypass Vulnerability

Where’s your BitLocker recovery key? How and why to save a copy before the next Windows meltdown

U.S. CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog

The Supply Chain Conspiracy: Cyber Attacks Behind the Lebanon Explosions

Opnova emerges from stealth with $3.75 million in funding

Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature

Going for Gold: HSBC Approves Quantum-Safe Technology for Tokenized Bullions

Influencing the influencers | Unlocked 403 cybersecurity podcast (ep. 6)

FTC Sounds the Alarm on Social Media Spying on Children and Teenagers

7 Steps to Perform a Cyber Attack Simulation

U.S. Justice Department Disrupts China-Backed Botnet Targeting Thousands of Devices

Exploding pagers and the new face of asset-centric warfare

Striking the balance between cybersecurity and operational efficiency

How to detect and stop bot activity

Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

New infosec products of the week: September 20, 2024

Rising identity security risks: Why organizations must act now

Supply chain targets 3,000 users. Cyber Security Today for Friday, September 20, 2024

Nextcloud Hub 9 released: New features, more security, updated performance

ISC Stormcast For Friday, September 20th, 2024 https://isc.sans.edu/podcastdetail/9146, (Fri, Sep 20th)

CISA boss: Makers of insecure software are the real cyber villains

Valencia Ransomware explodes on the scene, claims California city, fashion giant, more as victims

The Hidden AI Risk Lurking In Your Business

Security review for Microsoft Edge version 129

Valencia Ransomware crew explodes on the scene, claims California city, fashion giant, more as victims

Chipmaker Qualcomm lays off hundreds of workers in San Diego

Prison Banned Books Week: Being in Jail Shouldn’t Mean Having Nothing to Read

No way? Big Tech’s ‘lucrative surveillance’ of everyone is terrible for privacy, freedom

IT Security News Daily Summary 2024-09-19

The time I almost got scammed from my college email

Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw

HuntStand – 2,795,947 breached accounts

Iran’s cyber-goons emailed stolen Trump info to Team Biden – which ignored them

Product Updates: Escape’s Advanced Jira Integration – Send Remediation Details to Your Developers

Compliance webinar series: Understanding the Cyber Resilience Act

Sonatype can help you navigate DORA compliance

Tackle Cyber Resilience Act requirements with our CRA checklist

Join us at Microsoft Ignite 2024 and learn to build a security-first culture with AI

Fake GitHub Site Targeting Developers, (Thu, Sep 19th)

How to block YouTube on your children’s school devices

Tor anonymity compromised by law enforcement. Is it still safe to use?

Test page title

This Windows PowerShell Phish Has Scary Potential

Square Peg, Meet Round Hole: Previously Classified TikTok Briefing Shows Error of Ban

Century-Long Innovation: A Legacy of Outpacing Cyber Threats

CISO Series Podcast LIVE in Los Angeles (10-09-24)

FTC report exposes massive data collection by social media brands – how to protect yourself

International law enforcement operation dismantled criminal communication platform Ghost

Wherever There’s Ransomware, There’s Service Account Compromise. Are You Protected?

Building Cybersecurity Leadership Skills

Talk of election security is good, but we still need more money to solve the problem

YouTube Confirms Ads When Screen Is Paused

Hacker Claims “Minor” Data Breach at DELL; Leaks Over 10,000 Employee Details

Microsoft’s GRIN-MoE AI model takes on coding and math, beating competitors in key benchmarks

Apple’s new macOS Sequoia update is breaking some cybersecurity tools

Strong End-to-End Encryption Comes to Discord Calls

BMJ Warns: Deepfake Doctors Fueling Health Scams on Social Media

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 9, 2024 to September 15, 2024)

Beware of Google Street View Images Extortion Email Scams

AI Excites But Stresses CIOs, IDC Expereo Finds

EU Begins Proceedings To Force Apple To Open Up iOS, iPadOS

Fake CAPTCHA Verification Pages Spreading Lumma Stealer Malware

SambaSpy Using Weaponized PDF Files to Attack Windows Users

Threat Actors Forcing victims Into Entering Login Credentials For Stealing

Hackers Using Supershell Malware To Attack Linux SSH Servers

Researchers Detailed Raptor Train Botnet That 60,000+ Compromised Devices

Cybersecurity and Identity Verification Services: Safeguarding Personal Information in a Digital Age

Google Chrome just made it even easier to use passkeys across all your devices

The NSA advises you to turn off your phone once a week – here’s why

Digital Maturity Key to AI Success in Australian Cyber Security

Google rolls out automatic passkey syncing via Password Manager

Apple’s new macOS Sequoia update breaks cybersecurity tools, experts say

Re-Imagining Zero Trust With an In-Office Experience, Everywhere

U.S. CISA adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog

FBI Shuts Down Chinese Botnet

Thoughtworks and ACDS Partner to Advance Cybersecurity Solutions

Beyond A Buzzword: What Resilience in Cyber Really Means

Check Point Software is Recognised as a Leader in Email Security, Showcasing its Innovative AI-based Threat Intelligence Capabilities

Canada’s Leaders Must Reject Overbroad Age Verification Bill

Getting Out in Front of Post-Quantum Threats with Crypto Agility

1 in 10 orgs dumping their security vendors after CrowdStrike outage

Watch on Demand: 2024 Attack Surface Management Summit – All Sessions Available

What is the KEV Catalog?

The EU AI Act and the Need for Data-Centric Security

USENIX NSDI ’24 – Sifter: An Inversion-Free and Large-Capacity Programmable Packet Scheduler

North Korean Hackers Target Energy and Aerospace Industries in Novel Espionage Campaign

US Steps up Pressure on Intellexa Spyware Maker with New Sanctions

Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms

Infostealers Cause Surge in Ransomware Attacks, Just One in Three Recover Data

AWS renews its GNS Portugal certification for classified information with 66 services

Hacker group Handala Hack Team claim battery explosions linked to Israeli battery company.

UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks

Access To X In Brazil Temporarily Restored After Change

Webdav Malicious File Hosting Powering Stealthy Malware Attacks

PoC Exploit Released for CVE-2024-7965 Zero-Day Chrome Vulnerability

Threat Actor Allegedly Claims Breach of Federal Bank Customer Data

Tor Claims Network is Safe Following Enforcement Infiltration to Expose Criminals

Reporting on Threathunt 2030: Navigating the future of the cybersecurity threat landscape

Your Phone Won’t Be the Next Exploding Pager

First Israel’s Exploding Pagers Maimed and Killed. Now Comes the Paranoia

CISA Releases Six Industrial Control Systems Advisories

IDEC CORPORATION WindLDR and WindO/I-NV4

Kastle Systems Access Control System

IDEC PLCs

MegaSys Computer Technologies Telenium Online Web Application

Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations

UK Leads Global Cybersecurity Dialogue

Columbus Faces Scrutiny for Handling of Ransomware Attack and Lawsuit Against IT Consultant

Zenity unveils agent-less security solution for Microsoft 365 Copilot

Windows users targeted with fake human verification pages delivering malware

New TeamTNT Cryptojacking Campaign Targets CentOS Servers with Rootkit

New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails

Western Agencies Warn Risk from Chinese-Controlled Botnet

US Sanctions Intellexa Spyware Network Over Threat to National Security

CISA chief AI officer follow-up: Current state of the role (and where it’s heading)

DNS security best practices to implement now

Picus Security, founded by 3 Turkish mathematicians, raises $45M after simulating 1B cyber attacks

Europe’s Digital Decade Requires Audacious Connectivity Policies

CISA Warns of Actively Exploited Adobe Flash Player Vulnerabilities

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC Region

Microsoft Confirms CVE-2024-37985 as Zero-Day Bug in Windows

Security Validation Firm Picus Security Raises $45 Million

International Raids Shut Down Ghost Encrypted Messaging App

Aembit Unveils 2024 Survey Report Highlighting Major Gaps in Securing Non-Human Identities

Permiso Launches Universal Identity Graph to Advance Zero-Trust IT

Picus Security raises $45 million to help organizations reduce cyber risk

Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)

Juniper extends AI-Native Networking Platform to maximize the full potential of Wi-Fi 7

Picus Security, founded by Turkish 3 mathematicians, raises $45M after simulating 1B cyberattacks

UK activists targeted with Pegasus spyware ask police to charge NSO Group

Healthcare’s Diagnosis is Critical: The Cure is Cybersecurity Hygiene

The Evolution of Cyber Warfare: The Rise of Kinetic Attacks

Transport for London Cyberattack: Employee Passwords Reset; Teen Suspect Arrested

Chinese Hackers Failed To Defeat FBI Botnet Takedown

Astra Vulnerability Scanner Review (2024): How Good Is Astra?

Keeper Security Appoints James Edwards as Senior Director of Engineering

10 Best Huntress Alternatives & Competitors in 2024 (Features, Pricing & Reviews)

Rethinking TPRM: Managing Third-Party SaaS Risks | Grip

RansomHub Ransomware Targets 210 Victims Since February 2024

Best 10 Regulatory Change Management Software of 2024

Two QEMU Vulnerabilities Fixed in Ubuntu 24.04 LTS

Forescout for OT Security secures OT, IoT, and IT hybrid environments

FBI forced Flax Typhoon to abandon its botnet

8000 Claimants Sue Outsourcing Giant Capita Over 2023 Data Breach

Tor anonymity infiltrated: Law enforcement monitors servers successfully

Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool

Intel To Spin Off Foundry Unit As Independent Subsidiary

Solar Cybersecurity And The Nuances Of Renewable Energy Integration

SIEM for Small and Medium-Sized Enterprises: What you need to know

Ransomware Gangs Now Abuse Microsoft Azure Tool for Data Theft

Update: PoC Exploit Released for Unauthenticated RCE in Veeam Backup & Replication

GitLab Releases Critical Security Patch for CVE-2024-45409 (CVSS 10) Vulnerability

Update: PKfail Secure Boot Bypass Remains a Significant Risk Two Months Later

US Disrupts ‘Raptor Train’ Botnet of Chinese APT Flax Typhoon

Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector

FCC $200m Cyber Grant Pilot Opens Applications for Schools and Libraries

Cybersecurity News: Derailing Raptor Train, Volunteer Civil Cyber Defense, US AI safety summit

Are Phishing Tests Helping or Hurting Our Security Program?

SYXSENSE ENTERPRISE

Meeting the New Cyber Insurance Requirements

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC

Authorities Seized Ghost Communication Platform Used by Cyber Criminals

Antivirus firm Dr.Web disconnected all servers following a cyberattack

Emerging Technologies in Cloud Security for Enhanced Protection Against Cyber Threats

Cyber Warfare: A Growing Concern for the British Public

Tenable Enclave Security enables discovery, assessment and analysis of IT assets

Strivacity AI Assist optimizes digital identity management

Cryptojacking Gang TeamTNT Makes a Comeback

WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution

Cyber Attack on Dr.Web Forces Servers Disconnection

Understanding cyber-incident disclosure

Tor insists its network is safe after German cops convict CSAM dark-web admin

Edera raises $5 million to improve Kubernetes security

Insecure APIs and Bot Attacks Cost Global Firms $186bn

The Top 7 Enterprise VPN Solutions for 2024

More Hezbollah Devices Explode in Lebanon, Heightening Fears of Regional Conflict

How digital wallets work, and best practices to use them safely

Differential privacy in AI: A solution creating more problems for developers?

GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions

NIST’s Dioptra Platform is a Critical Step Forward in Making AI Safer

Hezbollah Pager Attack: A Wake-up Call to Tech Manufacturers to Secure their Supply Chains?

Data disposal and cyber hygiene: Building a culture of security within your organization

Essential metrics for effective security program assessment

Security leaders consider banning AI coding due to security risks

ISC Stormcast For Thursday, September 19th, 2024 https://isc.sans.edu/podcastdetail/9144, (Thu, Sep 19th)

Time-to-Live Analysis of DShield Data with Vega-Lite, (Wed, Sep 18th)

Craig Newmark pledges $100M to fight hacking by foreign governments

FBI Dismantles Chinese-Linked Botnet of 260,000 IoT Devices

Joint ODNI, FBI, and CISA Statement

Everything you need to know about VPN tracking

Human Rights Claims Against Cisco Can Move Forward (Again)

How comprehensive security simplifies the defense of your digital estate

IT Security News Daily Summary 2024-09-18

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors

Fal.Con 2024: CrowdStrike unveils resilient-by-design framework to bolster global cybersecurity

Deja blues… LockBit boasts once again of ransoming IRS-authorized eFile.com

FBI boss says China ‘burned down’ 260,000-device botnet when confronted by Feds

AT&T to Pay $13 Million to Settle FCC Case of 2023 Data Breach

Webroot SecureAnywhere Internet Security Ranks #1 Among 8 Competitors for Overall Performance

Experts warn of China-linked APT’s Raptor Train IoT Botnet

Putin really wants Trump back in the White House

LockBit boasts of ransoming IRS-authorized eFile.com

Global Crime Hit as Europol Shuts Down Encrypted Chat App Ghost

Singapore mandates face authentication for ‘higher risk’ bank transactions

US government ‘took control’ of a botnet run by Chinese government hackers, says FBI director

FBI Disrupts Another Massive Chinese-Linked Botnet

Refine unused access using IAM Access Analyzer recommendations

Securing Your Enterprise With an Identity-First Security Strategy

Lebanon now hit with deadly walkie-talkie blasts as Israel declares ‘new phase’ of war

Pulumi Adds Cloud Security Intelligence Tool to Portfolio

23andMe Agrees to $30 Million Settlement Over Data Breach Impacting 6.9 Million Customers

Microsoft’s Hiring Of Inflection AI Staff Does Not Meet EU Merger Thresholds

Censys Uncovers Hidden Infrastructure of Iranian Fox Kitten Group

Senate Vote Tomorrow Could Give Helping Hand To Patent Trolls

Chinese spies spent months inside aerospace engineering firm’s network via legacy IT

Chinese Spies Built Massive Botnet of IoT Devices to Target US, Taiwan Military

E2EE is MIA in iPhone/Android Chat — GSMA Gonna Fix it

New “Raptor Train” IoT Botnet Compromises Over 200,000 Devices Worldwide

Rising Threat of Ransomware Targeting Cloud Services

US To Host International Network of AI Safety Institutes In November

Google Urges London Tribunal To Dismiss Mass Lawsuit

Walmart customers scammed via fake shopping lists, threatened with arrest

Two-Thirds of Security Leaders Consider Banning AI-Generated Code, Report Finds

Walkie-Talkies Explode in New Attack on Hezbollah

CISA Adds Five Known Exploited Vulnerabilities to Catalog

Apple Releases Security Updates for Multiple Products

U.S. government ‘took control’ of a botnet run by Chinese government hackers, says FBI director

Critical Infrastructure at Risk From Email Security Breaches

Using Amazon Detective for IAM investigations

Server Misconfiguration at Fuel Industry Software Provider Exposes SSNs, PII Data

Nobody Cares About Security

What is email spam and how to fight it?

The best secure browsers for privacy in 2024: Expert tested

Windows MSHTML Platform Spoofing Vulnerability Exploited as Zero-Day

The Perils of Settling: Why ‘Good Enough’ Fails in Modern Cybersecurity

SecurityWeek to Host 2024 Attack Surface Management Summit Today

North Korean Group Uses Fake Job Offers to Target Energy, Aerospace Sectors

Here’s How to Remove Malware From Your Chromebook

Six Hackers Linked to Worldwide Cyber Attacks Arrested in Singapore

Kawasaki Motors Europe Targeted by RansomHub Ransomware Attack

E-commerce Threat: The WooCommerce Skimming Attacks

Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military

Google Street View Images Used For Extortion Scams

Qualcomm Loses Appeal Over EU Antitrust Fine

LibreOffice Repair Mode Vulnerability Let Attackers Mark the Document as Not Valid

Ransomware Groups Abusing Azure Storage Explorer For Stealing Data

Exploiting Windows MiniFilter to Bypass EDR Protection

Cybersecurity risks in healthcare are an ongoing crisis

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Credential Flusher, understanding the threat and how to protect your login data

The Rising Cost of Vulnerable APIs and Bot Attacks – A $186 Billion Wake-Up Call for Businesses

10 Best Attack Surface Management Tools

Post-Quantum Cryptography: The Future of Secure Communications and the Role of Standards

Hackers breaching construction firms via specialized accounting software

Snapchat wants to put your AI-generated face in its ads

Check Point SASE: Triple Threat Protection for the New Perimeter

Orca: AI services, models falling short on security

CREST CAMP: A Catalyst for Global Cyber Security Growth

Unveiling Venezuela’s Repression: A Legacy of State Surveillance and Control

SpyCloud Unveils Massive Scale of Identity Exposure Due to Infostealers, Highlighting Need for Advanced Cybersecurity Measures

Analysis Identifies Web Servers as Weakest Cybersecurity Link

Komodor Klaudia identifies the root cause of issues in Kubernetes

PREVIEW: CISO Series Game Show LIVE in Washington, DC 10-2-24

Get to know Amazon GuardDuty Runtime Monitoring for Amazon EC2

Microsoft Windows Kernel Vulnerability Exploited in the Wild

UNC2970 Hackers Attacking Job Seekers Using Weaponized PDF Reader

Routed Optical Networking Continues to Transform the Industry

Sandbox scores are not an antivirus replacement

Cops across the world arrest 51 in orchestrated takedown of Ghost crime platform

Australian Police Infiltrate Encrypted Messaging App Ghost and Arrest Dozens

Ghost: Criminal communication platform compromised, dismantled by international law enforcement

Why Pay A Pentester?

Vulnerabilities in Cellular Packet Cores Part IV: Authentication

Meta Bans Russian State Media Networks

EU Court Rules Google’s €1.49bn Fine Should Be Annulled

Discord Announces End-to-End Encryption for Audio & Video Chats

U.S. Treasury issued fresh sanctions against entities linked to the Intellexa Consortium

CISA Urges Software Developers to Weed Out XSS Vulnerabilities

Red Hat OpenShift Receives Patches for Two Critical Flaws

INE Security Wins 2024 SC Excellence Award

Critical VMware vCenter Server bugs fixed (CVE-2024-38812)

Fivetran Hybrid Deployment keeps sensitive data within the customer’s environment

North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware

Problems in the Parking Lot: Threat Actors Use IRL Quishing to Target Travelers

Uber launches new rider verification program as a safety measure for drivers across the US

Build Your Network Skills With the 2024 Network Fundamentals Bundle — Only $39.99

Exotic SambaSpy is now dancing with Italian users

US Indicts Chinese National for Phishing for NASA Tech

Data Theft Risk in Salesforce by Manipulating Public Links

Valid Accounts Remain Top Access Point for Critical Infrastructure Attacks, Officials Say

Construction Companies Potentially Vulnerable Through Accounting Software

Russian Security Firm Doctor Web Hacked

PlainID introduces identity security for Zscaler

Rapid7 launches Vector Command for continuous red teaming and security gap identification

Europol Taskforce Disrupts Global Criminal Network Through Supply Chain Attack

Cybersecurity News: Exploding pager analysis, construction company vulnerability, cyberattack job loss

Apple released iOS 18, check out the new features

RAMBO Attack: Electromagnetic Waves Steal Data from Air-Gapped Systems

Threat Actor Allegedly Selling Bharat Petroleum Database

The Role of Zero Trust Architecture in Enhancing SSO Security

NESA Standard Ensures Security of UAE’s Cyberspace

Critical Flaws Found in VICIdial Contact Center Suite, PoC Published

Despite Russia warnings, Western critical infrastructure remains unprepared

Intezer raises $33 million to further develop its AI-based security operations solution

Verimatrix XTD Network Monitoring provides real-time detection of malicious activities

Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing

AT&T Agrees $13m FCC Settlement Over Cloud Data Breach

Python Infostealer Patching Windows Exodus App, (Wed, Sep 18th)

VMware vCenter Server Vulnerability Let Attackers Escalate Privileges

Chrome 129 Released with Fix for Multiple Security Vulnerabilities

Did a Chinese University Hacking Competition Target a Real Victim?

Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812

Cyware Joins Coalition for Secure AI (CoSAI) to Advance Safe and Ethical AI Technologies

Deadly Pager Explosions in Lebanon Linked to Possible Supply Chain Attack

Apache Flaw: High Severity Vulnerability Fix Via Update

Building a Secure Linux Environment for Enterprise Applications

Hydden raises $4.4 million to improve identity security

CISA Issues Advice to Help Eliminate XSS Bugs

Big Tech Prioritizes Security with Zuckerberg at the Helm

GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging

London Transport requires in person password validation for 30,000 employees, Cyber Security Today for Wednesday, September 18, 2024

Binance issues malware threat to Bitcoins users

What to do if a Ransomware Decryptor Doesn’t Work Even After Paying the Ransom

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

Fair Ball or Foul Play?  EU’s Digital Markets Act Puts App Security on Shaky Ground

CrowdSec: Open-source security solution offering crowdsourced protection

Cybersecurity jobs available right now: September 18, 2024

The proliferation of non-human identities

Detecting vulnerable code in software dependencies is more complex than it seems

Australian Police conducted supply chain attack on criminal collaborationware

Organizations overwhelmed by numerous and insecure remote access tools

ISC Stormcast For Wednesday, September 18th, 2024 https://isc.sans.edu/podcastdetail/9142, (Wed, Sep 18th)

The New U.S. House Version of KOSA Doesn’t Fix Its Biggest Problems

WhatsApp fix to make View Once chats actually disappear is beaten in less than a week

Remote attack on pagers used by Hezbollah caused 9 deaths and thousands of injuries

Data Detection & Response (DDR): Not the Dance Revolution It Claims

VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation

Hundreds of Pagers Exploded in Lebanon and Syria in a Deadly Attack. Here’s What We Know.

IT Security News Daily Summary 2024-09-17

2024-09-16 – Snake KeyLogger (VIP Recovery) infection, SMTP exfil

2024-09-17 – Snake KeyLogger (VIP Recovery) infection, FTP exfil

Discord launches end-to-end encrypted voice and video chats

VMware patches over remote make-me-root holes in vCenter Server, Cloud Foundation

AI and Technical Debt: Balancing Innovation and Sustainability

The best AirTag wallets of 2024: Expert tested

Lebanon: At least nine dead, thousands hurt after Hezbollah pagers explode

Google Cloud Document AI flaw (still) allows data theft despite bounty payout

USENIX NSDI ’24 – Fast Vector Query Processing for Large Datasets Beyond GPU Memory with Reordered Pipelining

Did ChatGPT just message you? Relax – it’s a bug, not a feature (for now)

WordPress To Require Two-Factor Authentication for Plugin Developers

The Mystery of Hezbollah’s Deadly Exploding Pagers

KOSA’s Online Censorship Threatens Abortion Access

At least nine dead, thousands hurt in Lebanon after Hezbollah pagers explode

VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest

Avoiding The “No Responsibility” Cloud Security Model

Part 1: Can Just Anyone Access Your ServiceNow Articles?

Part 2: Can Just Anyone Access Your ServiceNow Articles?

Randall Munroe’s XKCD ‘Craters’

GPU Hosting and Open Source AI Will Revolutionize or Kill WordPress

Hezbollah claims dozens dead as its pagers go boom, not beep

80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year

The Mystery of Hezbollah’s Deadly Exploding Pagers

Port of Seattle Battles Ransomware Attack, Refuses to Pay

Fortinet Confirms Data Breach Involving Limited Number of Customers, Linked to Hacker “Fortibitch”

Global telcos pledge to adopt responsible AI guidelines

Australian IT Spending to Surge in 2025: Cybersecurity & AI Focus

Rhysida ransomware gang ships off Port of Seattle data for $6M

Intezer Raises $33M to Extend AI-Powered SOC Platform

Cyber attack on Telecom companies triggers explosions of Pagers in Lebanon

2024-09-16 – Snake KeyLogger activity

Yokogawa Dual-redundant Platform for Computer (PC2CKM)

CISA Adds Four Known Exploited Vulnerabilities to Catalog

Remotely Exploding Pagers

How to Scale Your MSP from a Firm That Grew Revenue 440%

How MSPs Can Use the ‘Four Kinds of Luck’ to Succeed

EchoStrike: Generate Undetectable Reverse Shells, Perform Process Injection

Update: PoC Exploit Released for Windows Hyper-V Zero-Day Vulnerability

US Hits Intellexa Spyware Maker With More Sanctions

C/side Raises $6 Million to Secure the Browser Supply Chain

5 Ways to Reduce Information Security Risk in a Mobile Workplace

USENIX NSDI ’24 – Horus: Granular In-Network Task Scheduler for Cloud Datacenters

US Looks to Align Security Across Government

Millbeck Communications Proroute H685t-w

CISA Releases Three Industrial Control Systems Advisories

Siemens SIMATIC S7-200 SMART Devices

Chinese man charged for spear-phishing against NASA and US Government

Assessing Apple’s Update to Rotating MAC Addresses

Secure your organization

Global Bot Security Report Findings: 2 in 3 Websites Are Unprotected

A Future of Security Free from CNAPP – Keynote Interview with James Berthoty

Can a Bot Farm Damage Your Business? What You Need to Know About Bot Farms

Here’s How Criminals Are Targeting Users and Enterprises in Mexico

ICO Acts Against Sky Betting and Gaming Over Cookies

An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader

CVE backlog update: The NVD struggles as attackers change tactics

Best Kaspersky Alternatives in 2024

CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities

Cisco’s second layoff of 2024 affects thousands of employees

Phishing Campaigns Surge with New Header Refresh Technique, Targeting Financial and Government Sectors

TfL Employees Face In-Person Identity Verification Following Cyberattack

23andMe Pledges $30 Million to the 6.4 Million People Affected by Data Breach

Zero-Click Calendar Invite: Critical macOS Vulnerability Chain Uncovered

Rising Clipper Malware Attacks Target Cryptocurrency Users

Critical Vulnerability in AutoGPT Puts Over 166,000 Projects at Risk

Predator spyware kingpins added to US sanctions list

Software Security Firm RunSafe Raises $12 Million in Series B Funding

Most Cyber Leaders Fear AI-Generated Code Will Increase Security Risks

iOS 18 is out. Here are the new privacy and security features

Cyber predators target vulnerable victims: Hackers blackmail hospitals, trade patient data and find partners through darknet ads

The cybersecurity labor gap now stands at 4M+ open jobs. Intezer has raised $33M for AI tools to plug it

Top Tips and Risks Ahead of the 2024 Olympic Games

Protecting Against Malicious Open Source Packages

Hydden Raises $4.4M in Seed Funding for Identity Security Platform

Email Security Breaches Rampant Among Critical Infrastructure Organizations

Apple releases iOS 18, with security and privacy improvements

WTW Indigo Vault secures business sensitive files

U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation

Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense

LastPass Review 2024: Is it Still Safe and Reliable?

D-Link Fixes Critical RCE, Hardcoded Credential Flaws in WiFi 6 Routers

Metabase Q Raises $11M in Series A Extension Funding

The Dark Nexus Between Harm Groups and ‘The Com’ – Krebs on Security

Strider Secures $55M to Fuel AI Growth and Global Expansion

CosmicBeetle Exploits Vulnerabilities in Small Businesses Globally

F5 NGINX One improves app delivery and security functions

Veritas unveils AI-driven features to simplify cyber recovery

Beware the Rising Tide: Financial Services Is Awash in Attacks

Hackers Exploiting Selenium Grid Tool To Deploy Exploit Kit & Proxyjacker

CISA Warns of Windows MSHTML & Progress WhatsUp Gold Flaw Exploited Widely

September 2024 Web Server Survey

Forget AirTags: Tile’s new trackers come in all shapes and sizes (and an SOS button)

Python Developers Targeted with Malware During Fake Job Interviews

Performance Testing Vs Load Testing: Know the Key differences

From Fragmentation to Integration: Establishing a Cyber Risk Management Program

RunSafe Security raises $12 million to reduce attack surface in critical infrastructure

How to Investigate ChatGPT activity in Google Workspace

Singapore Launches Accelerator for International Cybersecurity Startups

Intel ‘Lost PlayStation 6 Chip Bid To AMD’

Intel, AWS To Collaborate On AI Chip In Major Win

Master IT Fundamentals With This CompTIA Certification Prep Bundle

U.S. CISA adds Microsoft Windows MSHTML Platform and Progress WhatsUp Gold bugs to its Known Exploited Vulnerabilities catalog

‘Cyber Wellbeing Corner’ Returns to International Cyber Expo

DoJ: Chinese Man Used Spear-Phishing to Obtain Software From NASA, Military

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)

Gcore WAAP protects websites, web applications, and APIs

Cybersecurity News: Intellexa faces new sanctions, London hospitals impact, Apple releases update

Our Guardrails Only Fail When You Try To Go Around Them (LIVE in Seattle)

Pioneering Researcher Raises $230m For ‘Spatial’ AI Start-Up

US Sanctions Commercial Spyware Group

Creating An AI Honeypot To Engage With Attackers Sophisticatedly

North Korean Hackers Attacking LinkedIn Users to Deliver RustDoor Malware

England and Wales Report a Spike in Computer Misuse

What’s Changed in CIS Critical Security Controls v8.1?

Misconfigured ServiceNow Knowledge Bases Expose Confidential Information

Enterprise ServiceNow Knowledge Bases at Risk: Extensive Data Exposures Uncovered

AppOmni Surfaces Configuration Flaw in ServiceNow SaaS Platform

US Ramps Up Sanctions on Spyware-Maker Intellexa

Over Half of Breached UK Firms Pay Ransom

China Touts ‘Significant’ Advances In Chipmaking Tools

China ‘Closing Gap’ With West In AI

Key Russian Hacker Group Attacking Users With .NET Built Ransomware

How Google and Yahoo’s shift to stricter email standards proved a windfall for this Armenian startup

Qilin ransomware attack on Synnovis impacted over 900,000 patients

Taking Control Online: Ensuring Awareness of Data Usage and Consent

All Smoke, no Fire: The Bizarre Trend of Fake Data Breaches and How to Protect Against Them

Making the Complex Simple: Authorization for the Modern Enterprise

Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users

23:59, Time to Exfiltrate!, (Tue, Sep 17th)

TikTok Tells US Court Ban Would Have ‘Staggering’ Effects

Woo Skimmer Uses Style Tags and Image Extension to Steal Card Details

MSSPs Say Client Communication Is Too Hard. Here’s How We’re Helping.

The New Era of SOCs: Simplifying Cybersecurity for SMBs

Google Chrome browser users given 72 hour deadline to adopt Cybersecurity patches

Securing Data from Espionage: The Role of Confidential Computing

Chinese Hackers Charged for Multi-Year Spear-Phishing Attacks

Unlocking Secure Communications 101: The Fundamentals

China claims Starlink signals can reveal stealth aircraft – and what that really means

Gateways to havoc: Overprivileged dormant service accounts

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

The Day the IT World Stood Still

How to Prepare Your Organization for the Future with Continuous Security Testing

The Human Element in Non-Human Identity Security: Bridging the Gap in Modern Cybersecurity

Beyond human IAM: The rising tide of machine identities

The growing danger of visual hacking and how to protect against it

Securing SAP Systems: Essential Strategies to Protect Against Hackers

The cybersecurity workforce of the future requires diverse hiring practices

ISC Stormcast For Tuesday, September 17th, 2024 https://isc.sans.edu/podcastdetail/9140, (Tue, Sep 17th)

Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day

Chinese national accused by Feds of spear-phishing for NASA, military source code

Instituto Nacional de Deportes de Chile – 319,613 breached accounts

Apple Patches Major Security Flaws With iOS 18 Refresh

IT Security News Daily Summary 2024-09-16

Elon Musk Is a National Security Risk

US government expands sanctions against spyware maker Intellexa

CISA Releases Plan to Align Operational Cybersecurity Priorities for Federal Agencies

The empire of C++ strikes back with Safe C++ blueprint

NordPass Review (2024): Is it a Safe Password Manager?

D-Link addressed three critical RCE in wireless router models

Unveiling Venezuela’s Repression: Surveillance and Censorship Following July’s Presidential Election

Apple Patches Major Security Flaws with iOS 18 Refresh

A Personally Identifiable Cyber Jihadist Domain Portfolio

After CrowdStrike Crash, Microsoft Mulls New Windows Security Tools

CISO Series Podcast LIVE at Stanford University (10-17-24)

Methodology for incident response on generative AI workloads

Tile Trackers now include an SOS feature – here’s how they compare with Apple’s AirTags

Point Product vs. CDN for Bot Protection: Striking the Right Balance

RansomHub Ransomware Gang Leaks 487GB of Alleged Kawasaki Europe Data

Crypto Mining and DDoS Threats: How Hadooken Malware Targets Oracle Web Logic Servers

The best travel VPNs of 2024: Expert tested and reviewed

Windows spoofing flaw exploited in earlier zero-day attacks

Deployment considerations for Red Hat OpenShift Confidential Containers solution

How Red Hat is integrating post-quantum cryptography into our products

Cursor’s Magic Comes with a Catch: The Trust Setting You’re Missing

Snowflake slams ‘more MFA’ button again – months after Ticketmaster, Santander breaches

SecurityWeek to Host 2024 Attack Surface Management Summit on Wednesday

Is Google Spying on You? EU Investigates AI Data Privacy Concerns

Rhysida Ransomware Hits Seattle Port in August Attack

Create security observability using generative AI with Security Lake and Amazon Q in QuickSight

Google Enhances Data Security with Confidential Computing Technology

DuckDuckGo Joins AI Chat, Promises Enhanced Anonymity

Apple’s New Passwords App May Solve Your Login Nightmares

U.S. government expands sanctions against spyware maker Intellexa

The Climate Has a Posse – And So Does Political Satire

EasyDMARC Lands $20M for Email Security Authentication Tech

Five Tools That Can Help Organizations Combat AI-powered Deception

Apple Seeks to Drop Its Lawsuit Against Spyware Maker NSO

Preventing Credit Card Fraud in 2024: Tips to Avoid Declined Transactions and Fraud Alerts

Vulnerability Recap 9/16/24 – Critical Endpoint Flaws Emerged

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Forward as One: Embracing the Future of Partnering with Cisco

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

Legacy Ivanti Cloud Service Appliance Being Exploited

Germany’s CDU still struggling to restore data months after June cyberattack

DORA Compliance Checklist: From Preparation to Implementation

Why Are So Many Public Sector Organizations Getting Attacked?

Vulnerability Summary for the Week of September 9, 2024

Half of UK Firms Lack Basic Cybersecurity Skills

White House to Tackle AI-Generated Sexual Abuse Images

Flare’s FTSOv2 Launch Sets A New Standard For Decentralized Data

Obfuscation vs Encryption: How To Protect Your .NET Code the Right Way

AI and Cyber Security: Innovations & Challenges

How to Create & Implement a Cloud Security Policy

FBI, CISA Warn of Fake Voter Data Hacking Claims

BT Uncovers 2,000 Potential Cyberattacks Signals Every Second

ICBC London Branch Hit by Ransomware Attack, Hackers Steal 6.6TB of Sensitive Data

Sourcepoint helps companies mitigate vulnerabilities across various privacy regulations

Advanced Phishing Attacks Put X Accounts at Risk

Introducing the APRA CPS 230 AWS Workbook for Australian financial services customers

The Curious Case Of MutantBedrog’s Trusted-Types CSP Bypass

Critical Vulnerabilities Impact Million of D-Link Routers, Patch Now!

23andMe to pay $30 million in settlement over 2023 data breach

Hispanic Heritage Month Spotlight: Bill Diaz

Entro Security Labs Releases Non-Human Identities Research Security Advisory

North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware

Google Fixes GCP Composer Flaw That Could’ve Led to Remote Code Execution

Modernizing Enterprise Security for An Application-Centric World

Windows MSHTML Zero-Day Vulnerability Exploited In The Wild

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)

DeltaPrime Suffers $5.98M Loss as Hacker Exploits Admin Key on Arbitrum

Prison just got rougher as band of heinously violent cybercrims sentenced to lengthy stints

Master Your PCI DSS v4 Compliance with Innovative Smart Approvals

From Breach to Recovery: Designing an Identity-Focused Incident Response Playbook

Medusa Ransomware Exploiting Fortinet Flaw For Sophisticated Ransomware Attacks

Azure API Management Vulnerability Let Attackers Escalate Privileges

SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager

Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day

Unlock FCC Pilot Program Funding with Cloud Monitor and Content Filter

Uber To Offer Waymo Robotaxi Rides In Austin, Atlanta

Brazil Unfreezes Starlink, X Bank Accounts After Funds Transfer

Largest Crypto Exchange in Indonesia Suffers $22 Million Theft

Apple to Drop Spyware Lawsuit Over Security Concerns

Microsoft September Patch Tuesday Patched 4 Zero-Day Flaws

Hackers Can Bypass WhatsApp ‘View Once’ Due To Feature Vulnerability

Spring Framework Vulnerability Let Attackers obtain Any Files from the System

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Hackers Target Selenium Grid Servers for Proxyjacking and Cryptomining Attacks

US Port Security Threatened by Chinese-Made Cranes, Says House Report

North Korean Hackers Attacking Crypto Industry, Billions at Risk

Cloud Access Security Broker Policy

Hacker Claims Breach of UK’s Experience Engine, Data Sold Online

Is your Windows license legal? Should you even care?

Windows Vulnerability Abused Braille “Spaces” in Zero-Day Attacks

Cybersecurity News: Fortinet breach, RansomHub extorts Kawasaki, TfL password resets

US House Passes Bill Targeting Chinese EV Battery Tech

GenAI Shopping: Revolutionising Retail Experiences

Cyber Threats Intensify in Mexico; Espionage and Extortion Risks Grow

Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure

Industry Moves for the week of September 16, 2024 – SecurityWeek

SolarWinds Patches Critical Vulnerability in Access Rights Manager

Meta Goes Ahead With Controversial AI Training in UK

NASA Mission To Jupiter’s Europa Gets Go-Ahead

CISA Urges Agencies to Upgrade or Remove End-of-Life Ivanti Appliance

Navigating the Cloud Chaos: 2024’s Top Threats Revealed

Mitigating Alert Fatigue in SecOps Teams

Applications are Open for IoT Device Cyber Certifiers

China’s quantum* crypto tech may be unhackable, but it’s hardly a secret

SOC 2 Compliance Provides AppViewX Customers Security and Data Protection Assurance

Musk Calls Australia ‘Fascists’ Over Social Media Regulation

Stephen Fry Calls X, Meta Cultural ‘Polluters’

Police Arrest Youth Over London Transport Hack

Crimson Palace Returns With New Hacking Tolls And Tactics

Is Microsoft really going to cut off security updates for your ‘unsupported’ Windows 11 PC?

Hacker tricked ChatGPT into providing detailed instructions to make a homemade bomb

Python Libraries Exploited for Malicious Intent

Aembit Raises $25M to Tackle Nonhuman Identity Security Challenges

Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure

23andMe Agrees to $30m Data Breach Settlement

A week in security (September 9 – September 15)

The Rise of AI Voicemail Scams, Political Donation Privacy Concerns

UK Hosts International Cyber Skills Conference

Managing PE Files With Overlays, (Mon, Sep 16th)

Microsoft Windows 10 support end and Crowdstrike Global Outage details

Benefits of Using Blockchain in Cybersecurity

Hunters International Claims Breach of ICBC London

Fortinet experiences another major breech with hacker claiming 440 GB of data stolen. Cyber Security Today for Monday, September 16, 2024

Researchers Discover New Variant of TrickMo Banking Trojan

EchoStrike: Generate undetectable reverse shells, perform process injection

Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

New Environmental Policies and Practices Raise Unexpected Cybersecurity Challenges

U.S. Tax Reform Can Fuel AI and Cybersecurity Innovation

The ripple effects of regulatory actions on CISO reporting

Compliance frameworks and GenAI: The Wild West of security standards

23andMe settles class-action breach lawsuit for $30 million

eBook: Navigating compliance with a security-first approach

Trends and dangers in open-source software dependencies

ISC Stormcast For Monday, September 16th, 2024 https://isc.sans.edu/podcastdetail/9138, (Mon, Sep 16th)

IT Security News Weekly Summary – Week 37

IT Security News Daily Summary 2024-09-15

USENIX Security ’23 – Multiview: Finding Blind Spots in Access-Deny Issues Diagnosis

Fortifying The Digital Frontier: Everyday Habits That Shape Your Company’s Cybersecurity Posture

YARA-X’s Dump Command, (Sun, Sep 15th)

Port of Seattle shares ransomware attack details

Ford’s Latest Patent: A Step Toward High-Tech Advertising or Privacy Invasion?

TrickMo Android Trojan Abuses Accessibility Services for On-Device Financial Scam

Combating Telecom Fraud: Trai and DoT’s Joint Effort Against Spam Calls

Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack

Global Cybercrime Syndicate Falls in Singapore’s Largest-Ever Police Raid

Florida Healthcare Data Leak Exposes Thousands of Doctors and Hospitals

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 11

Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days

Games Box – 1,439,354 breached accounts

Security Affairs newsletter Round 489 by Pierluigi Paganini – INTERNATIONAL EDITION

Upcoming Speaking Engagements