IT Security News Daily Summary 2024-08-20

What is cloud detection and response (CDR)?
Building a Semantic Web Search App Using Resource Description Framework and Flask for Cyber Resilience
Czech Mobile Users Targeted in New Banking Credential Theft Scheme
Detecting AWS Account Compromise: Key Indicators in CloudTrail Logs for Stolen API Keys
Why you need to know about ransomware
Can someone tell if I block their number?
Darktrace Co-founder Mike Lynch Presumed Dead After Superyacht Sinks
Black Hat 2024, Day 2: Charting the Future of Cybersecurity
Cisco employees face a month of silence ahead of second layoff in 2024
Ransomware payments rose from $449.1 million to $459.8 million
U.S. agencies attribute Trump campaign hack to Iran
Should small businesses worry about the NIS2 Directive in Europe?
Previously unseen Msupedge backdoor targeted a university in Taiwan
Africa’s Economies Feel Pain of Cybersecurity Deficit
Major Backdoor in Millions of RFID Cards Allows Instant Cloning
Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #304 – Fail Fast
Agentless is a DAM Better Option for Securing Cloud Data
To Improve Your Cybersecurity Posture, Focus on the Data
AI-Enhanced Crypto Scams: A New Challenge for ASIC
Lessons for Banks from the Recent CrowdStrike Outage
Novel Phishing Method Used in Android/iOS Financial Fraud Campaigns
Germany offers Cybersecurity Labels for mobile devices
TodoSwift Malware Targets macOS, Disguised as Bitcoin PDF App
How Data Encryption Can Simplify Infrastructure Architecture
Strengthening Your Cyber Defenses: The Critical Role of Defensive Training
Hackers Linked to $14M Holograph Crypto Heist Arrested in Italy
Publishers Spotlight: ForAllSecure
Plane tracker FlightAware admits user passwords, SSNs exposed for years
New DNS-Based Backdoor Threat Discovered at Taiwanese University
Edge Computing and 5G: Emerging Technology Shaping the Future of IT
National Public Data Breach: Only 134 Million Unique Emails Leaked and Company Acknowledges Incident
How to Get a VPN on Any Device (+ Installation Tips)
US government accuses Iran of Trump campaign hack; Iran scoffs
Your Journey to Mastery with Black Belt Training: A Comprehensive Guide for Cisco Partners
Russia-linked Vermin Hackers Target Ukraine With new Malware Strain
UK: NCSC Opens Cyber Resilience Audit Scheme to Applicants
Plane-tracking app admits user passwords, SSNs exposed for over 3 years
Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover
USENIX Security ’23 – Pspray: Timing Side-Channel Based Linux Kernel Heap Exploitation Technique
INE Security Alert: The Steep Cost of Neglecting Cybersecurity Training
New Report Reveals Rising Attacks on macOS Systems
Here’s Why Ransomware Actors Have a Upper Hand Against Organisations
Timeline of the Ransomware Attack on Change Healthcare: How It Unfolded
Iranian Group TA453 Launches Phishing Attacks with BlackSmith
Where are we with CVE-2024-38063: Microsoft IPv6 Vulnerability, (Tue, Aug 20th)
Cost of a data breach: The industrial sector
Securing Catalyst Center: ISO Certified
OpenAI Kills Iranian Accounts Spreading Us Election Disinformation
Common API Security Issues: From Exposed Secrets To Unauthorized Access
Fortanix protects individual file systems on specified hosts
New phishing method targets Android and iPhone users
New Styx Stealer Attacking Users to Steal Login Passwords
“We will hold them accountable”: General Motors sued for selling customer driving data to third parties
Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds
Three-Quarters of Companies Retain An Increasing Amount of Sensitive Data, Report Finds
Bitdefender vs Kaspersky: Comparing Top EDR Solutions in 2024
Digital Wallets can Allow Purchases With Stolen Credit Cards
Publishers Spotlight: Endari
Your Company Culture Can Become A Powerful Cybersecurity Resource
Hackers Could Exploit Microsoft Teams on macOS to Steal Data
MegaMedusa, Highly Scalable Web DDoS Attack Tool Used By Hacker Groups
Backdoor MIFARE Smart Cards Exposes User-Defined Keys On Cards
Digital Wallets Bypassed To Allow Purchase With Stolen Cards
x64dbg: Open-Source Binary Debugger for Windows
All-in-One: How Cynet is Revolutionizing Cybersecurity for MSPs
Survey Surfaces Widespread Mishandling of Sensitive Data
0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)
Approach to mainframe penetration testing on z/OS
Chrome Will Redact Credit Cards, Passwords When You Share Android Screen
Xeon Sender Enables Large-Scale SMS Spam Attacks Using Legitimate SaaS Providers
Fabric Cryptography Raises $33 Million for VPU Chip
RansomHub Deploys EDRKillShifter Malware to Disable Endpoint Detection Using BYOVD Attacks
Hacking Wireless Bicycle Shifters
How Exceptional CISOs Are Igniting the Security Fire in Their Development Team
Multi-Domain vs Wildcard SSL Certificates: Differences & Uses
Overturning of Chevron Deference’s Impact on Cybersecurity Regulation
Vermin Cyber-Attacks Target Ukraine, Exploiting Kursk Battle
Comprehensive Threat Protection Strategies for Microsoft 365 Environments
2GB variant of Raspberry Pi Launched for Just $50
Authentik: Open-Source Identity Provider
Multiple Microsoft Apps for macOS Vulnerable to Library Injection Attacks
Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera
Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware
Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters
Anatomy of an Attack
Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor
Iran Behind Trump Campaign Hack, US Government Confirms
The Metaverse Won’t Die: Embracing the Future of Work and Connection
Artificial intelligence, real anxiety: Why we can’t stop worrying and love AI
Update: Ransomware Attack on Indian Payment System Traced Back to Jenkins Bug
GuidePoint Security releases Phishing as a Service
I Said I Was Technically a CISO, Not a Technical CISO
Palo Alto Networks Forecasts Strong Security Demand
South Korean AI Chip Makers Sapeon, Rebellions To Merge
Update: US Agencies Attribute Presidential Campaign Cyberattacks to Iran
Ubuntu Addresses Multiple OpenJDK 8 Vulnerabilities
Cybersecurity News: National Public Data breach update, Flaws in macOS apps, FlightTracker configuration issue
UK Businesses Face New Cyber-Attacks Every 44 Seconds in Q2 2024
Securing Infrastructure as Code: Best Practices for State Management
Vulnerability Recap 8/20/24 – Microsoft Has the Spotlight This Week
Oracle NetSuite misconfiguration could lead to data exposure
Microsoft Mandates MFA for all Azure Sign-Ins
CISA Adds Jenkins CLI Bug to its Known Exploited Vulnerabilities Catalog
Jewish Home Lifecare Notifies 100,000 Victims of Ransomware Breach
Former Congressman Santos Admits Identity Theft and Fraud
Mike Lynch Co-Defendant Dies In Car Accident
2.9 Billion Records Exposed in NPD Breach: How to Stay Safe
Cybercriminals Exploit Paris Olympics With Fake Domains
Ukrainian Bank’s Service for Military Donations Targeted by ‘Massive’ DDoS Attack
Google Pixel Devices Found Vulnerable Due To Pre-Installed App
Google Pledges To Strengthen Privacy With Gemini AI
Shanghai Doubles Size Of Chip Investment Fund
AMD To Buy Server Maker ZT Systems Amidst AI Battle
Unauthenticated RCE in WordPress Plugin Exposes 100,000 WordPress Sites
Toyota disclosed a data breach after ZeroSevenGroup leaked stolen data on a cybercrime forum
10 Strategies for Safely Migrating a Data Center on a Limited Budget
NEWS ANALYSIS Q&A: The early going of Generative AI and LLMs impacting cybersecurity
X Closes Brazil Office Due To ‘Censorship’
Autodesk AutoCAD Vulnerability Let Attackers Execute Arbitrary Code
Iran named as source of Trump campaign phish, leaks
Google to launch threat detection AI powered feature to all Android phones
5 Emerging Malware Variants You Must Be Aware Of
CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks
Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information
Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America
Ransom Denied: Cyber Insurance Claims Shrink as Businesses Opt for DIY Recovery
Why a Savvy Security Strategy is Essential | Grip
Ransomware’s Record Year: 2024 Earnings Soar Amid Overall Cybercrime Dip
Organizations turn to biometrics to counter deepfakes
AI for application security: Balancing automation with human oversight
Strategies for security leaders: Building a positive cybersecurity culture
Cybercriminals exploit file sharing services to advance phishing attacks
ISC Stormcast For Tuesday, August 20th, 2024 https://isc.sans.edu/podcastdetail/9104, (Tue, Aug 20th)
Digital wallets can allow purchases with stolen credit cards
US Intelligence Officials Say Iran is to Blame for Hacks Targeting Trump, Biden-Harris Campaigns
Identity Protection That Spans the Entire Attack Lifecycle
USENIX Security ’23 – Side-Channel Attacks on Optane Persistent Memory
What You Missed About the CrowdStrike Outage:: The Next Strike Might Be Linux Due to eBPF
Crypto enthusiasts flood npm with more than 281,000 bogus packages overnight
Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts
IT Security News Daily Summary 2024-08-19
SOCI Act 2024: Thales Report Reveals Critical Infrastructure Breaches in Australia
Guide to data detection and response (DDR)
The Windows BitLocker recovery bug is fixed, according to Microsoft
Announcing new EDR capabilities for Webroot Endpoint Protection
CISA adds Jenkins Command Line Interface (CLI) bug to its Known Exploited Vulnerabilities catalog
OpenAI kills Iranian accounts using ChatGPT to write US election disinfo
test
Your Android phone is getting an anti-theft upgrade, thanks to AI. How it works
Too many cloud security tools? Time for consolidation
MSPs: The Cisco Meraki Approach to Addressing MDU Deployments
Court to California: Try a Privacy Law, Not Online Censorship
NO FAKES – A Dream for Lawyers, a Nightmare for Everyone Else
Multiple flaws in Microsoft macOS apps unpatched despite potential risks
Extortion Group Exploits Cloud Misconfigurations, Targets 110,000 Domains
Mike Lynch, Five Others Missing After Yacht Sinks Off Sicily
SAFECOM and NCSWIC Develop Global Positioning System (GPS) for Public Safety Location Services: Use Cases and Best Practices
Social Security number data breach: What you need to know
Researchers uncovered new infrastructure linked to the cybercrime group FIN7
Daniel Stori’s ‘The War For Port 80’
Here’s What Businesses Can Learn From a $2 Million Ransomware Attack SEC Settlement
Zero-Trust Security: The Critical Role of Trust And Human Integrity
Stolen, locked payment cards can be used with digital wallet apps
Making sense of secrets management on Amazon EKS for regulated institutions
CISA Warns Of Active Exploitation Of SolarWinds Web Help Desk Vulnerability
FlightAware warns that some customers’ info has been ‘exposed,’ including Social Security numbers
Vulnerability Summary for the Week of August 12, 2024
How We Transformed Akamai from a CDN to a Cloud and Security Company
AWS cyber attack exposes over 230 million unique cloud environments
CrowdStrike outage lessons learned: Questions to ask vendors
National Public Data Published Its Own Passwords
Windows Zero-Day Attack Linked to North Korea’s Lazarus APT
FBI and CISA Assure Public on Election Ransomware Security
$4,998 Bounty Awarded and 100,000 WordPress Sites Protected Against Unauthenticated Remote Code Execution Vulnerability Patched in GiveWP WordPress Plugin
Data Security Solution for US Federal Customers
Hacked GPS tracker reveals location data of customers
Dodging the Cyber Bullet: Early Signs of a Ransomware Attack
Cyber Stressed! Top 3 MSP Cybersecurity Challenges (And How to Fix Them)
Heimdal and ViroSafe Partner to Strengthen Nordic Cybersecurity
Mandatory MFA is Coming to Microsoft Azure
USENIX Security ’23 – Cipherfix: Mitigating Ciphertext Side-Channel Attacks in Software
The Rise of Manual Techniques in Ransomware Attacks: A Growing Threat
New Tool Xeon Sender Enables Large-Scale SMS Spam Attacks
“WireServing” Up Credentials: Escalating Privileges in Azure Kubernetes Services
AI SPERA and Hackers Central Partner to Expand Mexico’s Security Market with ‘Criminal IP ASM’
If your SSN was leaked online, you should freeze your credit: Here’s how to do that
Cyber insurance claims fall as businesses refuse ransom payments and recover themselves
National Public Data Says Breach Impacts 1.3 Million People
Massive Data Breach Exposes Social Security Numbers of 2.9 Billion People
Major Data Breach at FlightAware Exposes Pilots and Users’ Information
Own proactively detects and stores data changes in Salesforce
Appian helps organizations prepare for current and forthcoming AI regulations
Microsoft Apps for macOS Exposed to Library Injection Attacks
Announcing AWS KMS Elliptic Curve Diffie-Hellman (ECDH) support
Lazarus Hacker Group Exploited Microsoft Windows Zero-day
Getting to Know Katrin Bauer
Azure Domains and Google Abused to Spread Disinformation and Malware
EFF and Partners to EU Commissioner: Prioritize User Rights, Avoid Politicized Enforcement of DSA Rules
National Public Data tells officials ‘only’ 1.3M people affected by intrusion
Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware
New UULoader Malware Distributes Gh0st RAT and Mimikatz in East Asia
API Security: The Cornerstone of AI and LLM Protection
Internal And External Threat Intelligence
Crypto Firm Says Hacker Locked All Employees Out of Google Products for Four Days
Mad Liberator Gang Uses Fake Windows Update Screen to Hide Data Theft
Oregon Zoo Ticketing Service Hack Impacts 118,000
How to Automate the Hardest Parts of Employee Offboarding
Microsoft Users Rush To Patch Zero-Click TCP/IP RCE Flaw
Ransomware Resilience Drives Down Cyber Insurance Claims
Linux Kernal Vulnerability Let Attackers Bypass CPU & Gain Read/Write Access
Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs
The Essential Guide to Evaluating Competitive Identity Verification Solutions
Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks
How can you check if your SSN was leaked on the dark web after the NPD breach?
OpenAI Deactivates Accounts Used By Iran Election Influence Group
Court Narrows Injunction On California Social Media Law
Millennials’ sense of privacy uniquely tested in romantic relationships
Supply Chain Security Policy
CyberGhost vs ExpressVPN (2024): Which VPN Is Better?
The Pentagon Is Planning a Drone ‘Hellscape’ to Defend Taiwan
Experts warn of exploit attempt for Ivanti vTM bug
BlindEagle flying high in Latin America
Industry Moves for the week of August 19, 2024 – SecurityWeek
100,000 Impacted by Jewish Home Lifecare Data Breach
Combining Continuous Pentesting with Attack Surface Management
How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions
Tracki – 372,557 breached accounts
Thousands of Oracle NetSuite E-Commerce Sites Expose Sensitive Customer Data
Update: Windows Zero-Day Flaw was Exploited by North Korea-linked Lazarus APT
Cybersecurity News: Entra forces MFA, another AnyDesk heist, Google Pixel vulnerability
TikTok Says US Data Not Linked To China
Texas Instruments Receives $1.6bn In US Gov’t Chip Funding
Duke of Sussex Speaks Against Online Misinformation
Shares In EV Maker Ola Spike After Motorcycle Launch
Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus APT
Rewriting Hysteria: Rising Abuse of URL Rewriting in Phishing
Mandatory MFA for Azure sign-ins is coming
NCSC Opens Cyber Resilience Audit Scheme to Applicants
Enhancing Internal Controls: Correlation, Mapping, and Risk Mitigation
10 Authentication Trends in 2024 and Beyond
Fast Forward or Freefall? Navigating the Rise of AI in Cybersecurity
Group-IB partners with SecurityHQ to enhance SOC capabilities
AMD Patched The Newly Disclosed SinkClose CPU Vulnerability
ProtonVPN Opens Up Browser Extension Feature To Free Users
A week in security (August 12 – August 18)
Unicoin Staff Locked Out of G-Suite in Mystery Attack
OpenAI takes action against Iranian disinformation campaigns using ChatGPT: Cyber Security Today for Monday, August 19th, 2024
Epic Games’s Fortnite Returns To Smartphones After Four Years
Explore Talent (August 2024) – 8,929,384 breached accounts
The Inefficiency of People-Search Removal Tools, Massive Data Breach Impacting U.S. Citizens
Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group
Do you Like Donuts? Here is a Donut Shellcode Delivered Through PowerShell/Python, (Mon, Aug 19th)
National Public Data Leaks Social Security Numbers of about 2.7 billion populaces
Top Paying Countries for Cybersecurity Experts
Researchers Found a New Technique to Defend Cache Side Channel Attacks
Ransomware Gangs Introduce New EDR-Killing Tool
National Public Data Admits to Breach Leaking Millions of Social Security Numbers
Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group
BeaverTail Malware Attacking Windows Users Via Weaponized Games
Was your Social Security number leaked to the dark web? Use this tool to find out
Protecting academic assets: How higher education can enhance cybersecurity
x64dbg: Open-source binary debugger for Windows
To improve your cybersecurity posture, focus on the data
Common API security issues: From exposed secrets to unauthorized access
ISC Stormcast For Monday, August 19th, 2024 https://isc.sans.edu/podcastdetail/9102, (Mon, Aug 19th)
Was your SSN leaked to the dark web? Use this tool to find out
RansomHub-linked EDR-killing malware spotted in the wild
The Mad Liberator ransomware group uses social-engineering techniques