IT Security News Weekly Summary – Week 33

USENIX Security ’23 – NVLeak: Off-Chip Side-Channel Attacks via Non-Volatile Memory Systems

How to freeze your credit – and how it can help protect you after data breaches

From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs

The Rise of Malvertising: How Scammers Target Google Products with Malicious Search Ads

Russian Disinformation Network Struggles to Survive Crackdown

Pro-Palestine Outfit Takes Responsibility for Hacking Donald Trump-Elon Musk Interview

Ransomware Attack on the Washington Times Leads to a Dark Web Data Auction

Navigating AI and GenAI: Balancing Opportunities, Risks, and Organizational Readiness

National Public Data Breach Exposes Millions: Threat of Identity Theft Looms

CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass – A Deep Dive

Getting Wins for Security Leaders: Strategies and Considerations for Success

Security Affairs newsletter Round 485 by Pierluigi Paganini – INTERNATIONAL EDITION

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 7

Large-scale extortion campaign targets publicly accessible environment variable files (.env)

Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions

OpenAI dismantled an Iranian influence operation targeting the U.S. presidential election

IT Security News Daily Summary 2024-08-17

Cyber Attack Disrupts Housing Services Across Greater Manchester

The SIEM Market is Ripe with Consolidation, But are We Delivering on its Intended Security Promise?

The Growing Threat of OTP-Stealing Malware: Insights from Zimperium’s zLabs

National Public Data confirms a data breach

USENIX Security ’23 – PROVIDENCE: a Flexible Round-by-Round Risk-Limiting Audit

Should Americans Share The Social Security Number? Experts Explain the Pros and Cons

Use Cash App? You may be eligible for a settlement payout – up to $2500

The Hidden Threat: Vulnerable App on Google Pixel Devices Puts Millions at Risk

Was your SSN leaked to the dark web? How to check for suspicious activity (and what to do next)

Did you get a fake McAfee or Norton invoice? How the scam works (and what not to do)

Geofence Warrants Ruled Unconstitutional—but That’s Not the End of It

Paris 2024 Olympics Faced Over 140 Cyberattacks, No Disruptions Reported

How a BEC scam cost a company $60 Million – Week in security with Tony Anscombe

How To Respond to The Rise of Banking Trojans

How the ransomware attack at Change Healthcare went down: A timeline

7-Year-Old Pre-Installed Google Pixel App Flaw Puts Millions at Risk

Vendor Reliance and M&A Surge Contribute to Heightened Ransomware Threat

ValleyRAT malware is targeting Chinese-speaking users

Dozens of Google Products Targeted by Scammers via Malicious Search Ads

A Deep Dive Into a New ValleyRAT Campaign Targeting Chinese Speakers

OpenAI Blocks Iranian Influence Operation Using ChatGPT for U.S. Election Propaganda

Cyber Security Today – Week In Review: The challenge of Deep Fakes and more

CISA Warns Critical Vulnerabilities in Vonets WiFi Bridge Devices, No Patch Available

Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities – Check Point Research

PrestaShop GTAG Websocket Skimmer

News alert: Implementing AI-powered ‘Cisco HyperShield’ requires proper cybersecurity training

Attackers Exploit Public .env Files to Breach Cloud Accounts in Extortion Campaign

How to Use 1Password: Guide to Getting Started

Sophos X-Ops: Ransomware gangs escalating tactics, going to ‘chilling’ lengths

TEST

North Korean cyber attacks: How to educate your team on this new scam trend

USENIX Security ’23 – Reversing, Breaking, and Fixing the French Legislative Election E-Voting Protocol

CISA adds SolarWinds Web Help Desk bug to its Known Exploited Vulnerabilities catalog

Assura, Inc Makes the Inc. 5000 Again for the 4th Year; Coming in at No. 2594!!

IT Security News Daily Summary 2024-08-16

Digital License Plates and the Deal That Never Had a Chance

OpenAI shuts down election influence operation that used ChatGPT

More Sustainable Mining with Cisco

After nearly 3B personal records leak online, Florida data broker confirms it was ransacked by cyber-thieves

OpenAI shuts down election influence operation using ChatGPT

Secure AI Access by Design — Enabling Safe Usage of GenAI Apps

Unicoin hints at potential data meddling after G-Suite compromise

Using Amazon GuardDuty Malware Protection to scan uploads to Amazon S3

The Slow-Burn Nightmare of the National Public Data Breach

Hacking Beyond .com — Enumerating Private TLDs

Russian national sentenced to 40 months for selling stolen data on the dark web

Massive Data Breach at National Public Data Exposes 2.7 Billion Records

Lawmakers Ask for Probe of Chinese Router Maker TP-Link

Why Training is Critical to Implementing Cisco HyperShield

Threat Actors Increasingly Target macOS, Report Finds

User mode vs. kernel mode: OSes explained

Doppelgänger Operation Rushes to Secure Itself Amid Ongoing Detections, German Agency Says

Akamai?s Perspective on August?s Patch Tuesday 2024

What Is SQL Injection and How Can It Be Avoided?

The best security keys of 2024: Expert tested

DigiCert Announces Acquisition of Vercara

Ransomware Surge Exploits Cybersecurity Gaps Caused by M&A

The Biggest Lesson From Crowdstrike’s Update Malfunction

Critical Security Flaw Discovered in Ivanti Virtual Traffic Manager

USENIX Security ’23 – Fact-Saboteurs: A Taxonomy of Evidence Manipulation Attacks against Fact-Verification Systems

Survey: Senior Executives Being Held More Accountable for Cybersecurity

Ukraine Faces New Phishing Campaign Targeting Government Computers, Warns CERT

Attackers Exploit Public .env Files to Breach Cloud and Social Media Accounts

Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove and their Big Reveal

Secure GenAI Applications by Design

Biotech Company Hacked in 2023 Pays States $4.5 Million Over Breached Data

Understanding Defense in Depth in IT Security

Never store credit cards or Social Security Numbers on your phone

What is an endpoint protection platform (EPP)?

Report: 56% of Security Professionals Worry About AI-Powered Threats

Cybersecurity Insights with Contrast CISO David Lindner | 8/16/24

China To Limit Export Of Another Critical Mineral

IT Stress Points For SMEs Identified By TalkTalk Business

Security Experts Welcome NIST’s New Encryption Standards For Quantum Computers

Banshee Stealer, a new macOS malware with a monthly subscription price of $3,000

Navigating the future of cybersecurity

Massive Data Leak Exposes Sensitive Information for Millions

X Confronts EU Legal Action Over Alleged AI Privacy Missteps

This Security Researcher Infiltrated the LockBit Ransomware Outfit and Exposed its Leader

Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web

10,000 WordPress Sites Affected by Arbitrary File Read and Delete Vulnerability in InPost PL and InPost for WooCommerce WordPress Plugins

Report: Ransomware Gangs Rake in More Than $450 Million in First Half of 2024

Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign

ESG Survey Report Finds AI, Secrets, and Misconfigurations Plague AppSec Teams

Modernizing Identity Security Amid an Evolving Threat Landscape

A ‘very large percentage’ of Pixel phones have a hidden security vulnerability

SystemBC Malware Used to Target Users by Black Basta-Linked Threat Actors

The AI Balancing Act: Unlocking Potential, Dealing with Security Issues, Complexity

August 2024 Patch Tuesday: Six Zero-Days and Six Critical Vulnerabilities Amid 85 CVEs

New Windows Vulnerability CVE-2024-6768 Triggers Blue Screen of Death on All Versions of Windows 10 and 11

US Bipartisan Committee Urges Investigation Into Chinese Wi-Fi Routers

The Relationship Between Performance and Security

Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware

Russian Citizen Sentenced in US for Selling Stolen Financial Data on Criminal Marketplace

Consolidation vs. Optimization: Which Is More Cost-Effective for Improved Security?

It’s Time to Stop Thinking of Threat Groups as Supervillains, Experts Say

Addressing Cybersecurity Challenges in Healthcare: A Strategic Approach

Microsoft Mandates MFA for All Azure Sign-Ins

AI-powered cyber threats are too overpowering for over 50% of security teams

Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics

Meta Warns of Troll Networks From Russia, Iran Ahead of US Elections

New Banshee Stealer macOS Malware Priced at $3,000 Per Month

The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence?

ArtiPACKED Flaw Exposed GitHub Actions to Token Leaks

IBM to set up ‘full stack’ AI facility at university

New Windows IPv6 Zero-Click Vulnerability

DDoS Attack Volume Rises, Peak Power Reaches 1.7 Tbps

Ransomware Attackers Introduce New EDR Killer to Disable Protection on Compromised Hosts

Revolut Valued At $45 Billion, More Than Barclays, NatWest

Tech support scammers impersonate Google via malicious search ads

Florida-Based National Public Data Confirms Data Breach

Ailurophile: New Infostealer sighted in the wild

Google Warns of Iranian Hackers Targeting Affiliates of Both US Presidential Campaigns

SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day

How to use the Passwords app on your iPhone with iOS 18

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32

Cybersecurity News: GitHub artifact warning, RansomHub’s EDR killer, SolarWinds latest hotfix

Millions of Pixel devices can be hacked due to a pre-installed vulnerable app

M&A Activity can Amplify Ransomware Insurance Losses, Research Finds

Ransomware Group Behind Major Indonesian Attack Wears Many Masks

An Analysis of Common Malware Loaders

Pindrop Pulse Inspect analyzes and verifies whether media files contain synthetic speech

New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems

Geopolitical Tensions Drive Explosion in DDoS Attacks

Why you should remove the hard drive from your old computers

VirusTotal += Huorong

Microsoft urges customers to fix zero-click Windows RCE in the TCP/IP stack

Highly-Personalized Phishing Campaign Targets Russian Government Dissidents

Striking a Balance Between Business Growth, Risk Management and Cybersecurity

Holding Trust for Ransom: What’s at Stake as Business Trust Erodes

Critical Start helps organizations reduce cyber risk from vulnerabilities

Massive Cyberattack Hit Central Bank of Iran

Pool your Cybersecurity Resources to Build The Perfect Security Ecosystem

Cybersecurity in Healthcare: A New Era of Regulation, Incentives, and Patient Safety

Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk

Deepfake Technology advancements pose a real and present threat: Cyber Security Today for Friday, August 16, 2024

List of vulnerable states in America that are vulnerable to Cyber Attacks

Can a CIO Avoid Cyber Threats and Data Breaches?

2024-08-15 – Traffic analysis exercise: WarmCookie

Authentik: Open-source identity provider

Business and tech consolidation opens doors for cybercriminals

AI governance and clear roadmap lacking across enterprise adoption

New infosec products of the week: August 16, 2024

How NoCode and LowCode free up resources for cybersecurity

ISC Stormcast For Friday, August 16th, 2024 https://isc.sans.edu/podcastdetail/9100, (Fri, Aug 16th)

(Guest Diary) 7 minutes and 4 steps to a quick win: A write-up on custom tools, (Fri, Aug 16th)

What’s Different About Data Security in the Cloud? Almost Everything.

NationalPublicData.com Hack Exposes a Nation’s Data

Publishers Spotlight: SquareX

Publisher’s Spotlight: Syxsense

IT Security News Daily Summary 2024-08-15

A group linked to RansomHub operation employs EDR-killing tool EDRKillShifter

2 Fast 2 Legal: How EFF Helped a Security Researcher During DEF CON 32

FBI and CISA Release Joint PSA, Just So You Know:  Ransomware Disruptions During Voting Periods Will Not Impact the Security and Resilience of Vote Casting or Counting

The 5 different types of firewalls explained

Hacking Beyond.com — Enumerating Private TLDs

EFF Honored as DEF CON 32 Uber Contributor

DARPA, ARPA-H award $14m to 7 AIxCC semifinalists, with a catch

USENIX Security ’23 – TRIDENT: Towards Detecting and Mitigating Web-based Social Engineering Attacks

Dozens of Google products targeted by scammers via malicious search ads

July ransomware attacks slam public sector organizations

CISA Adds One Known Exploited Vulnerability to Catalog

PTC Kepware ThingWorx Kepware Server

Siemens COMOS

Siemens LOGO! V8.3 BM Devices

Siemens INTRALOG WMS

Google disrupted hacking campaigns carried out by Iran-linked APT42

Here’s How Users Can Safeguard Themselves From E-Challan Scams

North Miami Mayor’s Gmail Hacked; Ransomware Attack Disrupts City Services

AI, election security headline discussions at Black Hat and DEF CON

Google Confirms Iranian Hackers Behind US Presidential Hacks

Region 10 Team Provides Vital Election Security Training for Idaho

ReliaQuest: Watch Out for Info-Stealers and RATs

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 5, 2024 to August 11, 2024)

Voting Machine Company Involved in Bribing Scandal Has Long History of Controversy

New ValleyRAT Malware Targets Chinese Windows Users in Multi-Stage Attack

How to select an MDR security service

National Public Data confirms breach, scope unknown

Tusk: unraveling a complex infostealer campaign

Amazon To Test Prime Air Drone Delivery In UK, Again

Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw

Windows TCP/IP RCE Impacts all Systems with IPv6 Enabled, Patch Now

Google raps Iran’s APT42 for raining down spear-phishing attacks

Cisco Confirms Second Round Of Major Job Cuts In 2024

Wiping a Windows laptop? Here’s the safest free way to erase your personal data

NIST Releases First Post-Quantum Encryption Algorithms

USENIX Security ’23 – Strategies and Vulnerabilities of Participants in Venezuelan Influence Operations

Don’t Mess With Texas Privacy: AG Sues GM for $18 BILLION

Cyber-criminals Exploited Paris Olympics With Fake Domains

Rhysida Ransomware selling The Washington Times data for $304,500

Iranian APT42 Group Launch A Massive Phishing Campaign To Attack U.S. Presidential Election

Benefits of a More Sustainable Learning Environment in Schools and Universities

Ransomware Attacks on Industrial Firms Surged in Q2 2024

FBI and Allies Dismantle Dispossessor Ransomware Network

Microsoft Patches Critical SmartScreen Vulnerability Exploited by Attackers

When Data Security Fails: The National Public Data Breach Explained

The Noname Security 3.34 Update Includes Major Enhancements

BT Details Plan To Launch First Symmetric Ultrafast FTTP Broadband

Siemens SINEC Traffic Analyzer

Siemens SCALANCE M-800, RUGGEDCOM RM1224

Siemens NX

Siemens SINEC NMS

Siemens Teamcenter Visualization and JT2Go

Comprehensive Hacker Toolkit Uncovered: A Deep Dive into Advanced Cyberattack Tools

SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software

Advanced ValleyRAT Campaign Hits Windows Users in China

Benefits of a Sustainable Learning Environment in Schools and Universities

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom

Cryptography: A Forgotten Part of Software Supply Chain Security

Ransomware Group Added a New EDR Killer Tool to their arsenal

CISOs list human error as their top cybersecurity risk

The best AirTag wallets of 2024: Expert tested

How to Maximize Network Security With AI and ML

Hackers Exploit Dark Skippy Attacks to Steal Secret Keys from Secure Devices

Earn Up to $31,200 Per Vulnerability: Introducing the WordPress Bug Bounty Superhero Challenge!

Transforming Network Security for the Digital Age with SASE

Rogue AI is the Future of Cyber Threats

News Malspam Attacks AnyDesk and Microsoft Teams

Simplify Your Data Center Security with Check Point’s Managed Firewall-as-a-Service (MFaaS)

Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App

How AI Innovation Will Elevate SMB Business Outcomes

A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers

SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability

DEF CON Calls for Cybersecurity Volunteers to Defend Critical Infrastructure

Russia’s FSB Behind Massive Phishing Espionage Campaign

Enabling the Safe Use of GenAI Applications

Choosing Security: Why Companies Should Reject Ransom Payments

Google: Iranian Group APT42 Behind Trump, Biden Hack Attempts

Russian-Linked Hackers Target Eastern European NGOs and Media

Another Record Year For Ransomware Beckons as Crypto Profits Hit $460m

Kim Dotcom “Has A Plan”, After NZ Signs Extradition Warrant

Russian man who sold logins to nearly 3,000 accounts gets 40 months in jail

Enabling Cybersecurity Incident Response

Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)

South Korea Says DPRK Hackers Stole Spy Plane Technical Data

RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks

Identity Threat Detection and Response Solution Guide

Google Warns of Iranian Cyber-Attacks on Presidential Campaigns

Google Shows Off Pixel 9 Lineup, Plus AI Upgrades

Microsoft patches bug that could have allowed an attacker to revert your computer back to an older, vulnerable version

Ongoing Social Engineering Campaign Refreshes Payloads

AutoCanada Hit by Cyberattack

Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments

Private Internet Access (PIA) vs ExpressVPN (2024): Which VPN Is Better?

Mad Liberator extortion crew emerges on the cyber-crook scene

Beyond Zero-Trust: The Impact of Adaptive Micro-Segmentation on Network Security

Information Security vs. Cybersecurity

CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations

FBI Says it is Investigating Purported Trump Campaign Hack

Human Error – An Overlooked Aspect of Cyber Risk

Cybersecurity News: Gemini AI privacy, AI Risk Repository, Russian phishing

NIST Finalizes 3 Algorithms to Combat Future Quantum Cyber Threats

Black Basta ransomware gang linked to a SystemBC malware campaign

GitHub Makes Copilot Autofix Generally Available

Hackers Use BingoMod Android RAT For Fraudulent Transactions

Patching Recent Linux Kernel Vulnerabilities with KernelCare

Exploring the Impact of NIST SP 800-53 on Federal IT Systems

SolarWinds Urges Upgrade After Revealing Critical RCE Bug

Wireshark 4.4.0rc1’s Custom Columns, (Thu, Aug 15th)

Was your Social Security number leaked to the dark web? Here’s how to know and what to do

Opinion: More layers in malware campaigns are not a sign of sophistication

New Cyber Threat Targets Azerbaijan and Israel Diplomats, Stealing Sensitive Data

GitHub Vulnerability ‘ArtiPACKED’ Exposes Repositories to Potential Takeover

Critical Vulnerabilities in IBM QRadar Allow Attackers to Execute Arbitrary Code Remotely

Taming Identity Sprawl With a Least Privilege Approach

Over 40 million Kakao Pay users’ data somehow ended up with Alipay

CMIYC 2024: RAdmin3 Challenge

New Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto Mining

Now espionage through HDMI Cables say experts

China-linked Attackers Target Russian Govt Entities

Russian Sentenced to 40 Months for Selling Stolen Data on Dark Web

74% of IT professionals worry AI tools will replace them

How passkeys eliminate password management headaches

Log in to the ADSM Portal using Region User

The AI balancing act: Unlocking potential, dealing with security issues, complexity

China-linked cyber-spies infect Russian govt, IT sector

Cisco Cuts Thousands of Jobs, 7% of Workforce, As It Shifts Focus to AI, Cybersecurity

DDoS attack volume rises, peak power reaches 1.7 Tbps

ISC Stormcast For Thursday, August 15th, 2024 https://isc.sans.edu/podcastdetail/9098, (Thu, Aug 15th)

A massive cyber attack hit Central Bank of Iran and other Iranian banks

Going Passwordless: 6 Tips to Navigate Passkey Adoption

Publishers Spotlight: F5

Risk Management Strategies: Incorporating Cloud WAFs into Your Plan

A Single Iranian Hacker Group Targeted Both Presidential Campaigns, Google Says

The Future of Search: AI-Powered Transformation

BTS #36 – Supply Chain Policies – Stewart Scott, Trey Herr

IT Security News Daily Summary 2024-08-14

Microsoft Discovers Critical OpenVPN Vulnerabilities

USENIX Security ’23 – Are You Spying on Me? Large-Scale Analysis on IoT Data Exposure through Companion Apps

CrowdStrike’s Recovery Efforts in Focus After Global IT Outage

Top Data Strategies to Better Protect Your Information from Hackers

CBA’s x15ventures Set to Lead in Fintech AI Innovation

Bringing Our Portfolio Together

Safeguarding Democracy in the Digital Age: Insights from Day 1 at Black Hat 2024 and Las Vegas Officials

Lessons learned from CrowdStrike’s automation errors

Trump campaign hack-and-leak appears like a rerun of 2016. This time, media outlets are responding differently

In These Five Social Media Speech Cases, Supreme Court Set Foundational Rules for the Future

Microsoft Patched 6 Actively Exploited Zero-Day Flaws

Google Pixel 9 is first Android phone to get satellite SOS messaging

Russian cyber snoops linked to massive credential-stealing campaign

Five Gartner Reports. Four Categories. What Does OX Security Do Anyway?

Spotify To Add EU Pricing Info To iOS App

Your Gym Locker May Be Hackable

China-linked APT Earth Baku targets Europe, the Middle East, and Africa

Texas sues GM for selling driver data to analytics, insurance companies

Black Basta-Linked Attackers Target Users with SystemBC Malware

August Patch Pileup: Microsoft’s Zero-Day Doozy Dump

SolarWinds addressed a critical RCE in all Web Help Desk versions

Enzo Biochem ordered to cough up $4.5 million over lousy security that led to ransomware disaster

How to centrally manage secrets with AWS Secrets Manager

California Permits Passenger Testing For Chinese Robotaxi Firm WeRide

Texas Sues GM for Collecting Driving Data without Consent

EFF Presses Federal Circuit To Make Patent Case Filings Public

Talos discovers 11 vulnerabilities between Microsoft, Adobe software disclosed on Patch Tuesday

PRODUCT REVIEW: TREND VISION ONE CLOUD SECURITY

Upcoming Speaking Engagements

Publishers Spotlight: Endace

Cyber Attack Sparks Phishing Scam Across Greater Manchester

Bluesky Signups Surge In UK After Musk Clash With British Government

The best VPN for streaming in 2024: Expert tested and reviewed

Tesserent Offers Mental Health Tips for Australian CISOs

GitHub Copilot Autofix tackles vulnerabilities with AI

Xapo Bank Aims To Boost Bitcoin Safety With Tech And Bunkers

New Phishing Attack Uses Sophisticated Infostealer Malware

Akamai Guardicore Platform: Microsegmentation Just Got a Whole Lot Better

India’s Bharti Global To Acquire 24.5 Percent Of BT

Ransomware Kingpin Who Called Himself “J P Morgan” Extradited to the United States

Adobe Releases Security Updates for Multiple Products

Texas firm says it lost $60M in a bank wire transfer scam

2.7 billion Leaked Data Records Expose Personal Information of US People

Unconfirmed Hack of 2.9 Billion Records at National Public Data Sparks Media Frenzy Amid Lawsuits

How Audit Procedures and Internal Controls Improve Your Compliance Posture

GPS Spoofing Incidents Spike 400%: Here’s What You Should Know

Manufacturing Firm Loses $60m in BEC Scam

The Evolution of Secure Access: The Shift from VPNs to Zero Trust Network Access

Creating Effective Exceptions in Java Code (Video)

Research Uncovers New Microsoft Outlook Vulnerability

Watch Out For The ‘0.0.0.0 Day’ Zero-Day Flaw Affecting Web Browsers

CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM

Have you ever used Cash App? You might be eligible for a $2,500 settlement payout

Palo Alto Networks execs apologize for ‘hostesses’ dressed as lamps at Black Hat booth

Dark Web Revealed: The Hidden Internet’s Role in Cybercrime and Digital Privacy

Cloud Security Report Highlights Misconfiguration and IAM as Top Threats

CISA’s Shields Up and Shields Ready Programs: A Proactive Approach to Cybersecurity for Critical Infrastructure

Enabling Cyber Resiliency with NIST, Cisco Security, and Splunk

New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands

Prolific Malvertising Scammer Arrested and Extradited to US to Face Charges

Update: New Windows SmartScreen Bypass Exploited as Zero-Day Since March

Unit 42 Attack Surface Threat Research: Over 23% of Internet-Connected Exposures Involve Critical IT and Security Infrastructure

X accused of unlawfully using personal data of 60 million+ users to train its AI

We’re making it easier for you to protect your identity

Server-Side Template Injection: A Critical Vulnerability Threatening Web Applications

Defense in Diversity: A Strategy for Robust Cybersecurity

Strobes Integrates with Azure Repos: Enhancing Code Security

DigiCert Acquires Vercara to Extend Cybersecurity Services

ClearSale introduces three solutions to protect businesses from fraud

AI risks are everywhere – and now MIT is adding them all to one database

‘SinkClose’ AMD CPU vulnerability explained: How dangerous is it really?

White House Post-Quantum Announcement: What It Means for Cybersecurity

Microsoft Patched SmartScreen Zero-Day Without Announcing

Secure Data Sharing Company Kiteworks Raises $456 Million

How to Augment Your Password Security with EASM

Belarusian-Ukrainian Hacker Extradited to U.S. for Ransomware and Cybercrime Charges

Understanding AI Bias and Security with NetSPI

Face Check With Microsoft Entra Verified ID Is Now Generally Available, Microsoft

Earth Baku Using Customized Tools To Maintain Persistence And Steal Data

Iranian APT42 Actors Conducting World Wide Surveillance Operations

BYOVDLL – A New Exploit That Is Bypassing LSASS Protection

EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

Intel Sells Stake In British Chip Designer ARM

Hackers Exploited by GraphQL Vulnerabilities to Compromise Organizations

Vulnerability Recap 8/13/24 – Old Vulnerabilities Unexpectedly Emerge

Seamless Secure Work on a Plane

How CIOs, CTOs, and CISOs View Cyber Risks Differently

Phishing Campaign Poses as Ukraine’s Security Service to Spread ANONVNC Malware

Microsoft August Patch Tuesday Fixed 10 Zero-Day Vulnerabilities

Proton has a plan to boost your online privacy. And your friend can benefit, too

Want to Win a Bike Race? Hack Your Rival’s Wireless Shifters

Improved vulnerability reporting on Quay.io

test post for author

Critical Vulnerability Found in Microsoft’s AI Healthcare Chatbot

DoJ Considers Google Breakup After Landmark Monopoly Ruling

iProov: 70% of organizations will be greatly impacted by gen AI deepfakes

Kiteworks captures $456M at a $1B+ valuation to help secure sensitive data

Microsoft Discloses 10 Zero-Day Bugs in Patch Tuesday Update

Biden Administration Pledges $11 Million to Open Source Security Initiative

Feds Seize Radar/Dispossessor Ransomware Gang Servers in US and Europe

Chipmaker Patch Tuesday: Intel, AMD Address Over 110 Vulnerabilities

NIST Releases Post Quantum Cryptography Standards

Putting Threat Modeling Into Practice: A Guide for Business Leaders

Cyber-Attack Spreads Phishing Scam Across Greater Manchester Areas

0-Click Outlook RCE Vulnerability Triggered When Email is Clicked – Technical Analysis

The AMD SinkClose security hole is dangerous. Here’s how to protect your systems

Report: 35% of Exposed API Keys Still Active, Posing Major Security Risks

Critical SAP Flaw Allows Remote Attackers to Bypass Authentication

Cybercriminal Duo Attracts FBI Notice by Spending Big & Living Large

Is Lenovo a blind spot in US anti-China security measures?

How LLMs are Revolutionizing Data Loss Prevention

Cybersecurity News: FBI shutters Radar, NIST post-quantum standards, 2.7B record leaked

Dark Web Marketplace Admins Busted Following Luxury Life

Kootenai Health data breach impacted 464,000 patients

NCSC Calls on UK Firms to Join Mass Cyber-Deception Initiative

Updates and Evolution of the NIST Cybersecurity Framework: What’s New?

Train for Entry-Level or Advanced IT Positions for Just $50

Manufacturer Orion SA says scammers conned it out of $60M

DeathGrip: Emergence of a new Ransomware-as-a-Service

ICS Patch Tuesday: Advisories Released by Siemens, Schneider, Rockwell, Aveva

Will GitOps Solve Configuration Security Issues?

2.7 Billion Data Records Leaked Including Social Security Numbers

Microsoft Fixes Nine Zero-Days on Patch Tuesday

Multiple Malware Dropped Through MSI Package, (Wed, Aug 14th)

Clickbait PDFs, An Entry point For Multiple Web Based Attacks

Microsoft Patch Tuesday security updates for August 2024 addressed six actively exploited bugs

GraphQL Vulnerabilities and Common Attacks: Seen in the Wild

Ivanti Neurons for Patch Management enhancements automate patching process

Hackers Toolkit Unveiled, Comprehensive Tools For Various Cyber Attacks

Exploiting pfsense Flaw for Remote Code Execution

New Banshee MacOS Stealer Attacking Users to Steal Keychain Data

DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals

Indian telcos to cut off scammy, spammy, telemarketers for two whole years

Elon Musk’s claim of DDoS attack greeted with skepticism: Cyber Security Today for Wednesday, August 14th, 2024

Zoom Fixes Critical Vulnerabilities Allowing Privilege Escalation

Malware Loaders Dominate Cybersecurity Threats in 2024

Mobile security settings useful to block thieves in extracting data and money

Can Hackers Track Down a User Based on Google Maps Usage?

When Disinformation Floods the Internet, Preserving Truth Requires Proper Equipment

China-Backed Earth Baku Expands Cyber Attacks to Europe, Middle East, and Africa

Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access

Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Day Exploits

Email Breach Report 2024: The Most Vulnerable Names and Providers Exposed

IntelOwl: Open-source threat intelligence management

Delta vs. CrowdStrike: The duties vendors owe to customers – or do they?

NIST Debuts First Set of Finalized Post-Quantum Encryption Standards

Cybersecurity jobs available right now: August 14, 2024

Current attacks, targets, and other threat landscape trends

What We Know About Suspected Iranian Cyber Intrusion in the US Presidential Race

NIST releases finalized post-quantum encryption standards

A Letter From Our CEO

ISC Stormcast For Wednesday, August 14th, 2024 https://isc.sans.edu/podcastdetail/9096, (Wed, Aug 14th)

NIST finalizes trio of post-quantum encryption standards

Patch Tuesday brings 90 new Microsoft CVEs, six already under exploit

Transform Your MSP’s Financial Future

VERT Threat Alert: August 2024 Patch Tuesday Analysis

Chris Leong – 27,096 breached accounts

Why Badge’s device independent MFA is core to the future of identity security

Six 0-Days Lead Microsoft’s August 2024 Patch Push

IT Security News Daily Summary 2024-08-13

LDLC – 1,266,026 breached accounts

Cloud infrastructure entitlement management in AWS

Back to school: Managing your high schooler’s digital milestones

Six ransomware gangs behind over 50% of 2024 attacks

FBI Disrupts Operations of the Dispossessor Ransomware Group

Microsoft fixes 6 zero-days under active attack

Microsoft August 2024 Patch Tuesday, (Tue, Aug 13th)

16 Women in Cybersecurity Who Are Reshaping the Industry (2024)

What the Delta-Crowdstrike lawsuit may mean for IT contracts

Microsoft Warns of Six Windows Zero-Days Being Actively Exploited

Gartner® Insights: Navigating the Evolving API Protection Market and Taking Action

Talos discovers Microsoft kernel mode driver vulnerabilities that could lead to SYSTEM privileges; Seven other critical issues disclosed

Law enforcement disrupts Radar/Dispossessor ransomware group

A PoC exploit code is available for critical Ivanti vTM bug

National Public Data (unverified) – 133,957,569 breached accounts

Vulnerability Recap 8/12/24 – Old Vulnerabilities Unexpectedly Emerge

Ewon Cosy+ Industrial Devices Vulnerable to Serious Security Exploits

StickmanCyber Report: A Look Inside Australia’s Cybersecurity Skills Crisis

Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix, Compact GuardLogix 5380

Rockwell Automation FactoryTalk View Site Edition

Rockwell Automation GuardLogix/ControlLogix 5580 Controller

CISA Adds Six Known Exploited Vulnerabilities to Catalog

US accuses man of being ‘elite’ ransomware pioneer they’ve hunted for years

Adobe Calls Attention to Massive Batch of Code Execution Flaws

WTH? DPRK WFH Ransomware Redux: 3rd Person Charged

SIEM vs. SOAR vs. XDR: Evaluate the key differences

The UN General Assembly and the Fight Against the Cybercrime Treaty

Check Point Research Warns Every Day is a School Day for Cyber Criminals with the Education Sector as the Top Target in 2024

US appeals court rules geofence warrants are unconstitutional

Biden-Harris Campaign, Trump Operative Stone Also Target of Hackers

Rhysida Ransomware Takes Responsibility for Bayhealth Hospital Breach

Malwarebytes awarded Parent Tested Parent Approved Seal of Approval

Digital Apartheid in Gaza: Big Tech Must Reveal Their Roles in Tech Used in Human Rights Abuses

Australian gold producer targeted by ransomware gang

What Does It Take to Manage an On-Premise vs Cloud Data Security Product?

Rockwell Automation AADvance Standalone OPC-DA Server

Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix, and Compact GuardLogix 5380

Rockwell Automation Micro850/870

Rockwell Automation Pavilion8

AVEVA SuiteLink Server

Lead with simplicity: A guide for strengthening security in logistics

US Unseals Charges Against Three Eastern Europeans Over Ransomware, Malvertising

Gold Mining Firm in Australia Reports Ransomware Breach

EDR Importance: Why Is EDR Important? (With Use Cases)

Feds bust minor league Radar/Dispossessor ransomware gang

Sleeping With the Phishes

USENIX Security ’23 – Formal Analysis of SPDM: Security Protocol and Data Model Version 1.2

NIST Formalizes World’s First Post-Quantum Cryptography Standards

Hacktivism’s Role in Political Conflict: The Renewed Campaign of #OpVenezuela

Check Point Research Warns Every Day is a School Day for Cybercriminals with the Education Sector as the Top Target in 2024

New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity

Massive Data Breach in Columbus Over 3TB Files Leaked by Rhysida Ransomware Group

East Valley Institute of Technology Data Breach Exposes Over 200,000 Records

Cost of a data breach 2024: Financial industry

National Public Data Breach: 2.7bn Records Leaked on Dark Web

Guardio Critical Security Alerts monitors and analyzes scam activities

Suspected head of Reveton, Ransom Cartel RaaS groups arrested

Researchers Uncover Vulnerabilities in AI-Powered Azure Health Bot Service

GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

The great location leak: Privacy risks in dating apps

Reframing the ZTNA vs. SASE Debate

Cequence Storms Black Hat with API Security Testing for Generative AI Applications

Cato Network Reports Spike in Attempts to Exploit Log4j Vulnerabilities

Scammers dupe chemical company into wiring $60 million

Phishing Campaign Compromises 100+ Ukrainian Government Computers

Twitter’s AI Ambitions Face GDPR Backlash: Nine New Complaints Filed

Preparation Is Not Optional: 10 Incident Response Readiness Considerations for Any Organization

Stellar strengthens security for remote teams

Prolific Belarusian Cybercriminal Arrested in Spain

Help Desks Under Siege: Bolstering Cyber Defenses

CryptoScam Strikes Misusing Trump & Musk Interview

McAfee vs Kaspersky (2024): Which Solution Is Best for Your Team?

Urgent Call for EPA Cyber Strategy to Safeguard Water Infrastructure

A refresher on Talos’ open-source tools and the importance of the open-source community

Hackers Leak 1.4 Billion Tencent User Accounts Online

APT trends report Q2 2024

Misconfigurations and IAM Weaknesses Top Cloud Security Concerns

Post-Quantum Cryptography Standards Officially Announced by NIST – a History and Explanation

Italy Demands Cybersecurity Safeguards from Dongfeng for New Auto Plant Investment

What Happens When Your House Burns Down Right Before a Meeting?

How to Prepare for SOC 2 and ISO 27001 Audit? Tips for Jira Admins

Why Hardsec Matters: From Protecting Critical Services to Enhancing Resilience

Data theft forum admins busted after flashing their cash in a life of luxury

On the Voynich Manuscript

New Dark Skippy Attack Let Hackers Steal Secret Keys From Signing Devices

Orion SA says scammers conned company out of $60 million

Three Reasons to Take a New Cyber-Resilient Approach to Data Protection

Australian gold mining company hit with ransomware

Fake X Content Warnings on Ukraine War, Earthquakes Used as Clickbait

Scout Suite: Open-Source Cloud Security Auditing Tool

Who uses LLM prompt injection attacks IRL? Mostly unscrupulous job seekers, jokesters and trolls

Ransomware Hits Australian Gold Mining Firm Evolution Mining

ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts

Volocopter Tests eVTOL ‘Air Taxi’ At Versailles

Polish Billionaire, Wife To Sue Meta Over Misinformation

Privacy Group Files GDPR Complaints Over X AI Data Plans

Trump Returns To X For Live Interview

FBI Investigates After Trump Campaign Hacked By Iranians

Kicking cyber security down the road can come back to bite you

Britain and France to Discuss Misuse of Commercial Cyber Intrusion Tools

The Crucial Role of Firewall Rule Histories

Why Are Fortune 500 Companies Swiping Right on 3-Person Startups?

Authorities Seized Dispossessor Ransomware Servers

Understanding Social Engineering Tactics: 8 Attacks to Watch Out For

What is the Critical Pathway to Insider Risk (CPIR)?

FBI Shuts Down Dispossessor Ransomware Group’s Servers Across U.S., U.K., and Germany

Cybersecurity News: U.S. “laptop farm” shut down, Ukranian computers compromised, Trump campaign hacked

CERT-UA warns of a phishing campaign targeting government entities

NIS2: A Catalyst for Cybersecurity Innovation or Just Another Box-Ticking Exercise?

South Korea Warns Pyongyang Has Stolen Spy Plane Details

DeathGrip Ransomware Expanding Services Using RaaS Service

Unmasking the Overlap Between Golddigger and Gigabud Android Malware

Radar/Dispossessor Ransomware Operation Disrupted by Authorities

Black Hat Fireside Chat: Here’s how ‘Active ASPM’ is helping to triage and remediate coding flaws

International investigation shuts down Radar/Dispossessor ransomware group

FBI Leads Effort to Dismantle Radar/Dispossessor Ransomware

In search of the foolproof AI watermark

US DoJ dismantled remote IT worker fraud schemes run by North Korea

Government says to add cybersecurity to your back-to-school list

Understanding Defense in Depth in IT Security

PostgreSQL Vulnerability Allows Hackers To Execute Arbitrary SQL Functions

This new fully encrypted messenger app is serious about privacy

PostgreSQL Vulnerability Hackers Execute Arbitrary SQL Functions

Email Security Risk Remains Alarmingly High

Publishers Spotlight: DigitalXForce

‘Digital arrest’ scams are big in India and may be spreading

Ukraine Warns of New Phishing Campaign Targeting Government Computers

Donald Trump interview with Elon Musk disrupted by DDoS Cyber Attack

Browser backdoors: Securing the new frontline of shadow IT

Six Reasons Healthcare Organizations Need Robust Cybersecurity

How CIOs, CTOs, and CISOs view cyber risks differently

Key metrics for monitoring and improving ZTNA implementations

AMD won’t patch Sinkclose security bug on older Zen CPUs

35% of exposed API keys still active, posing major security risks

ISC Stormcast For Tuesday, August 13th, 2024 https://isc.sans.edu/podcastdetail/9094, (Tue, Aug 13th)

FBI Says It Is Investigating After Trump Campaign Said Sensitive Documents Were Hacked by Iran

Risk & Repeat: Recapping Black Hat USA 2024

Ransomware Attack Fetched A Record $75 Million

IT Security News Daily Summary 2024-08-12

SAFECOM Membership Spotlight ft. Red Grasso, North Carolina Department of Information Technology

How to conduct a mobile app security audit

FBI takes down ransomware gang that hacked dozens of companies

Harnessing LLMs for Automating BOLA Detection

The biggest data breaches in 2024: 1 billion stolen records and rising

Federal Appeals Court Finds Geofence Warrants Are “Categorically” Unconstitutional

USENIX Security ’23 – Automated Security Analysis of Exposure Notification Systems

Disposing of an old Windows laptop? Here’s the safest way to erase your personal data (for free!)

Attacker steals personal data of 200K+ people with links to Arizona tech school

DOJ Shuts Down Another North Korean ‘Laptop Farm’

A FreeBSD flaw could allow remote code execution, patch it now!

The UK Erupts in Riots as Big Tech Stays Silent

Apple’s ToolSandbox reveals stark reality: Open-source AI still lags behind proprietary models

Black Hat and DEF CON Roundup 2024: CrowdStrike Accepts ‘Epic Fail’ Award

Flashpoint CEO: Cyber, physical security threats converging

Justice Department Disrupts North Korean ‘Laptop Farm’ Operation

AppViewX Automated Certificate Management for PingAccess

News alert: Criminal IP and Maltego team up to broaden threat intelligence data search

India’s Largest Crypto Theft: INR 2,000 Crore Stolen from WazirX Exchange Wallet

Vulnerability Summary for the Week of August 5, 2024

AI girlfriends want to know all about you. So might ChatGPT (Lock and Code S05E17)

Attacker steals personal data of 200k+ people with links to Arizona tech school

Ransomware gangs doxing family members of victims

Several Vulnerabilities Found in Google’s Quick Share Data Transfer Utility

Data Fusion: Enhancing Interoperability, Privacy, and Security

Secureworks Fills Australian Mid-Market Demand for Simplified Cyber Security Solutions

18-Year-Old Vulnerability in Firefox and Chrome Actively Exploited in Cyber Attacks

Researchers Demonstrate How Attackers Can Exploit Microsoft Copilot

Vulnerability in Windows Driver Leads to System Crashes

5,000 WordPress Sites Affected by Unauthenticated Remote Code Execution Vulnerability in JS Help Desk WordPress Plugin

Telegram Bot Selling Phishing Tools to Bypass 2FA & Hack Microsoft 365 Accounts

Google Manifest V3 and Malwarebytes Browser Guard

Harnessing the Power of AI to Improve Operations

HYAS Investigates Threat Actors Hidden In Gaming Services

High-Risk Cloud Exposures Surge Due to Rapid Service Growth

Taking Steps to Prepare for Quantum Advantage

The Need for Application Security Testing

Mega money, unfathomable violence pervade thriving underground doxxing scene

The Value in Root Cause Analysis for Vulnerability Management

Trump Campaign Hack Points to Growing U.S. Election Threats

Russia Blocks Signal App Citing Violation Of Laws

Criminal IP and Maltego Collaborate to Broaden Threat Intelligence Data Search

Dashlane vs Lastpass: 2024 Password Manager Comparison

Malware-as-a-Service and Ransomware-as-a-Service Lower Barriers for Cybercriminals

DARPA Awards $14m to Seven Teams in AI Cyber Challenge

Australian Gold Mining Company Reports Ransomware Attack

Critical AWS Services Vulnerability Let Attackers Execute Remote Code

Imperva Security Efficacy and Operational Efficiency Leads the Industry in SecureIQLab’s Cloud WAAP Comparative Report

UN Cybercrime Treaty Passes in Unanimous Vote

200k Impacted by East Valley Institute of Technology Data Breach

Chrome, Edge users beset by malicious extensions that can’t be easily removed

Google Patches Critical Vulnerabilities in Quick Share After Researchers’ Warning

Hackers Exploiting WinRAR Flaw To Attacks Windows & Linux(ESXi) Machines

Check Point and Cybrary: Empowering Customers with Cutting-Edge Cyber Security Training

Digital Pioneers: Why Today’s Youth is the Best Generation to Support Cyber Security of the Future

Common Business-Related Phishing Scams Include Fake HR and IT Subject Lines

Shorter TLS Certificate Lifespans Expected to Complicate Management Efforts

Critical 1Password Flaws May Allow Hackers to Snatch Users’ Passwords

Survey: Cybersecurity Teams Investing in Automation to Reduce Noise Levels

How Phishing Attacks Adapt Quickly to Capitalize on Current Events

UN Adopts Controversial Cybercrime Treaty

Shedding Light on The Dark Web: Enhancing Cybersecurity Through Proactive Monitoring

How to spot phishing in the age of AI

What skills can cyber security experts develop to adapt to AI and quantum computing?

Sonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on Users

Researcher Saves Six Companies from Ransomware by Exploiting Security Flaws in Ransomware Gangs’ Infrastructure

The Missing Piece of SASE — Prisma Access Browser — Now Available

CrowdStrike Pursuing Deal to Buy Patch Management Specialist Action1

Indirect prompt injection in the real world: how people manipulate neural networks

SaaS Apps Present an Abbreviated Kill Chain for Attackers

Microsoft Found OpenVPN Bugs That can be Chained to Achieve RCE and LPE

Bipartisan Bill to Tighten Vulnerability Disclosure Rules for Federal Contractors

FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability

The AI Hangover is Here – The End of the Beginning

Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems

Worried about the Windows BitLocker recovery bug? 6 things you need to know

The best hacks and security research from Black Hat and Def Con 2024

Earth Baku’s Latest Campaign Expands its Reach to Europe, the Middle East, and Africa

Russia Microsoft Hack Accessed Home Office Data

Ransomware Group BlackSuit Upgrades Capabilities

Starliner Astronauts May Use SpaceX For Return Trip

Cisco ‘Planning Second Round’ Of Major Job Cuts

Policing the Metaverse

NCSC to Build Nation-Scale Evidence Base for Cyber Deception

Multi-Factor Authentication Policy

How Organizations Can Prevent Their Employees Falling for Cyber Scams

Norton Secure VPN vs NordVPN (2024): Which VPN Is the Best?

Taxonomy of Generative AI Misuse

SSHamble: Open-Source Security Testing of SSH Services

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)

How Network Segmentation can Strengthen Visibility in OT Networks

Update: Exploit Released for Cisco SSM Bug Allowing Admin Password Changes

Industry Moves for the week of August 12, 2024 – SecurityWeek

The UN Is Moving to Fight Cybercrime but Privacy Groups Say Human Rights Will Be Violated

AI Integration, Budget Pressures Challenge CISOs

Cybersecurity News: Iran election interference, AMD SinkClose flaw, ADT break-in

Google’s Quick Share Vulnerabilities Let Attackers Execute Remote Code

Find Your Best Fit: Solving the Cybersecurity Framework Puzzle

Scams: Understanding vulnerabilities and protective strategies

EastWind campaign targets Russian organizations with sophisticated backdoors

Nearly 200 Firms Have Signed Pledge to Build More Secure Software, Top Cyber Official Says

Latrodectus and ACR Stealer Observed Spreading via Google Authenticator Phishing Site

Resecurity unveils new AI-driven Fraud Prevention Platform

Microsoft Reveals Iranian US Election Interference Ops

Analysis of Data Exfiltration Tools Used by Threat Actors

Evolve your cloud security knowledge

Man in Dock Accused of Breaking Hi-Tech Export Controls

Vulnerabilities in Solar Power Management Platform can Lead to Blackouts

AI and the Legal Framework: A Critical Turning Point

A week in security (August 5 – August 11)

Empowering youth worldwide toward a more sustainable and digitally resilient future

Botnet 7777: Are You Betting on a Compromised Router?

Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

Leeds Man Jailed For Inciting Violence On Facebook

Emerging Exfiltration Tools Highlight Growing Threats to Enterprise Data

New Malware Strains Pop Up in Threat Landscape

Fake WinRar Websites Distributing Malware Payloads Hosted on GitHub

New Widespread Extension Trojan Malware Campaign

Experts Find Sinkclose Bug in Millions of AMD Processors, Hard to Patch

Authorities Arrested Two Admins of WWH-Club Stolen Credit Card Marketplace

Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE

The Importance of APIs/API Security in Financial Services

Over 15,000 hard coded secrets found by researcher at Defcon: Cyber Security Today for Monday, August 12, 2024

Trump campaign cites Iran election phish claim as evidence leaked docs were stolen

Microsoft issues alert against email phishing attack to influence US 2024 Elections

The Importance of Zero Touch in Cloud Security

74% of ransomware victims were attacked multiple times in a year

Scout Suite: Open-source cloud security auditing tool

EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files

Misconfigurations and IAM weaknesses top cloud security concerns

Steps to improve quality engineering and system robustness

The UN unanimously agrees that cybercrime is bad, mkay?

ISC Stormcast For Monday, August 12th, 2024 https://isc.sans.edu/podcastdetail/9092, (Mon, Aug 12th)

Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts

Video: Same Origin, CORS, DNS Rebinding and Localhost, (Mon, Aug 12th)

USENIX Security ’23 – VulChecker: Graph-based Vulnerability Localization in Source Code

IT Security News Weekly Summary – Week 32

IT Security News Daily Summary 2024-08-11

DevSecOps Teams Face Regular Outages, Cyberattacks, and Data Breaches

CrowdStrike accepts award for ‘most epic fail’ after global IT outage

Foreign nation-state actors hacked Donald Trump’s campaign

‘0.0.0.0 Day’ Vulnerability Puts Chrome, Firefox, Mozilla Browsers at Risk

CrowdStrike Explains Root Cause of Globat IT Outage

Open source tools to boost your productivity

Book Review: ‘Why Cybersecurity Fails in America’

BlackSuit Ransomware: A New Threat on the Rise

Samsung Announced New Bug Bounty Program For Galaxy Devices

Researchers Demonstrate Windows Downgrade Attacks At Black Hat 2024

National Public Data Hacked: Personal Information of Millions at Risk

Exposing the Business of Doxing and Its Perils

Unsolicited ‘Offensive’ Political Emails Stir Data Privacy Concerns in East London

Maximizing Cybersecurity Impact Within Budget Constraints

QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share

Watch Out For The New BingoMod Android Trojan

Latest MacOS Sequoia Update Restricts Gatekeeper Control

Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys

Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6

ADT disclosed a data breach that impacted more than 30,000 customers

Week in review: Tips for starting your cybersecurity career, Patch Tuesday forecast

Cybersecurity Insiders Q&A: SonicWall President and Chief Executive Officer Robert VanKirk

Donald Trump’s Campaign Says Its Emails Were Hacked

Shadow – 543,295 breached accounts