IT Security News Weekly Summary – Week 34

Traderie – 364,898 breached accounts

North Korea Exploited Windows Zero-Day Vulnerability to Install Fudmodule

The Port of Seattle and Sea-Tac Airport say they’ve been hit by ‘possible cyberattack’

Iranian Hackers Targeted WhatsApp Accounts of Staffers in Biden, Trump Administrations, Meta Says

Worried About Cash App Breach? These Three Steps Can Keep Your Financial Data Safe

16 Years of Cybercrime: The Story of Greasy Opal’s CAPTCHA Solver

New Styx Stealer Malware Targets Browsers and Instant Messaging for Data Theft

Sheltering From the Cyberattack Storm – Part Two

Beyond CVSS: Advanced Vulnerability Prioritization Strategies for Modern Threats

Dell Power Manager Privilege Escalation Vulnerability

Progress WhatsUp Gold Vulnerabilities Let Attackers Inject SQL Commands

Chrome Zero-day Vulnerability Actively Exploited in the Wild

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 8

France police arrested Telegram CEO Pavel Durov

U.S. CISA adds Versa Director bug to its Known Exploited Vulnerabilities catalog

Security Affairs newsletter Round 486 by Pierluigi Paganini – INTERNATIONAL EDITION

Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited

New Linux Malware ‘sedexp’ Hides Credit Card Skimmers Using Udev Rules

Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures

Telegram Founder Pavel Durov Reportedly Arrested in France

IT Security News Daily Summary 2024-08-24

USENIX Security ’23 – TRust: A Compilation Framework For In-Process Isolation To Protect Safe Rust Against Untrusted Code

Living with trust issues: The human side of zero trust architecture

Hackers can take over Ecovacs home robots to spy on their owners

PWA phishing on Android and iOS – Week in security with Tony Anscombe

Misconfigured Access Controls in NetSuite Stores Cause Major Data Breach

Cybercriminals Place 85-Year-Old Woman Under ‘Digital Arrest’ in Hyderabad, Cheat Her of ₹5.9 Crore

Oil Giant Halliburton Hit by Cyberattack, Certain Systems Affected

Cyble Research Reveals Near-Daily Surge in Supply Chain Attacks

Unicoin’s Four-Day Cyberattack: Disruption, Recovery, and Ongoing Investigation

The Limitations of Traditional Network-Based Vulnerability Scanning – And the Systematic Underestimation of Software Risks

Cybersecurity Strategy: Understanding the Benefits of Continuous Threat Exposure Management

Data Security Posture Management (DSPM) is an Important First Step in Deploying Gen AI and Copilot Tools

Iranian Threat Actor TA453 Targets Jewish Figure with Fake Podcast Invite in Malicious Campaign

Massive Data Breach Worsens as New Details Emerge Across US, UK, and Canada

Protecting Your Wallet: Understanding NGate Android Malware

Strategizing Compliance and Security In AI: A Hands-On Guide for IT Leaders

Qilin Ransomware Upgrades and Now Steals Google Chrome Credentials

The US Navy Has Run Out of Pants

NSA Issues Guidance for Better Logging, Threat Detection to Prevent LotL Incidents

CISA Adds Dahua IP Camera, Linux Kernel, and Microsoft Exchange Server Bugs to its KEV Catalog

Greasy Opal’s CAPTCHA Solver Still Serving Cybercrime After 16 Years

August 2024 Web Server Survey

Slack Patches AI Bug That Exposed Private Channels

Urgent Edge Security Update: Microsoft Patches Zero-day & RCE Vulnerabilities

PEAKLIGHT Downloader Deployed in Attacks Targeting Windows with Malicious Movie Downloads

Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September

China-linked APT Velvet Ant Exploited Zero-Day to Compromise Cisco Nexus Switches

Russian national arrested in Argentina for laundering money of crooks and Lazarus APT

Exploit for CVE-2024-38054 Released: Elevation of Privilege Flaw in Windows Kernel Streaming WOW Thunk

Hackers Now Use AppDomain Injection to Drop Cobalt Strike Beacons

Cyber Security Today Week In Review: Saturday, August 24th, 2024

Scammers are increasingly using messaging and social media apps to attack

CISA Adds One Known Exploited Vulnerability to Catalog for Versa Networks Director

Qilin ransomware steals credentials stored in Google Chrome

Enhancing School Safety with Cloud Monitor: A Powerful Cyber Safety Protection Tool

IT Security News Daily Summary 2024-08-23

Friday Squid Blogging: Self-Healing Materials from Squid Teeth

Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC)

# OffSec 500 – Community Update 1

Innovator Spotlight: ArmorCode

Audit: FBI is Losing Track of Storage Devices Holding Sensitive Data

Identities Aren’t for Sale: TSA Biometrics Technology and the Need for Consumer Consent

Fake funeral “live stream” scams target grieving users on Facebook

CrowdStrike 2024 report exposes North Korea’s covert workforce in U.S. tech firms

Phishing attacks target mobile users via progressive web applications (PWA)

NGate Android Malware Relays NFC Traffic to Steal Credit Card Data

Florida Medical Lab Data Breach Exposes 300,000 Individuals’ Sensitive Information

AI Revolutionizing Accounting: Experts Urge Accountants to Embrace Technology for Future Success

Google Assures Privacy with Gemini AI: No Data Sharing with Third Parties

Learn with Region 8’s Webinar Program

Halliburton shuts down systems after cyberattack

Member of cybercrime group Karakurt charged in the US

Toward a code-breaking quantum computer

Pig Butchering at Heart of Bank Failure — CEO Gets 24 Years in Jail

Pool Your Cybersecurity Resources to Build the Perfect Security Ecosystem

YouTube offers AI Chatbot assistance for hacked accounts

The Role of Data Governance in Data Strategy: Part 3

The best travel VPNs of 2024: Expert tested and reviewed

The best VPN services for iPhone and iPad in 2024: Expert tested and reviewed

How Immigration Can Solve America’s Cybersecurity Shortage

SonicWall Issues Urgent Patch for Critical Firewall Vulnerability

Qilin Ransomware Caught Stealing Credentials Stored in Google Chrome

New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads

GM’s Cruise To Offer Robotaxis On Uber Platform

The best VPN routers of 2024

Myth-Busting Assurance: Device-Centric vs. Service-Centric and Why Both Are Key

MoonPeak Malware From North Korean Actors Unveils New Details on Attacker Infrastructure

Kanister Vulnerability Opens Door to Cluster-Level Privilege Escalation

PG_MEM Malware Targets PostgreSQL Databases for Crypto Mining

US sues Georgia Tech over alleged cybersecurity failings as a Pentagon contractor

Ransomware Actors Extorted More Than $450 Million in First Half of 2024

USDoD Hacker Behind $3 Billion SSN Leak Reveals Himself as Brazilian Citizen

How Paris Olympic authorities battled cyberattacks, and won gold

Local Networks Go Global When Domain Names Collide

In Other News: FAA Improving Cyber Rules, Android Malware Enables ATM Withdrawals, Data Theft via Slack AI

Mac Users Targeted by Hackers Through Microsoft App Security Flaw

When Cybersecurity Fails: The Impact of the Microchip Technology Hack

Body Of Mike Lynch’s Daughter Recovered, Amid Allegations Of Crew Mistakes

The latest from Black Hat USA 2024

Georgia Tech Sued Over Cybersecurity Violations

Cyber-Informed Engineering – A New Perspective on OT Security

Escape vs Rapid7

Pandas Errors: What encoding are my logs in?, (Fri, Aug 23rd)

Webinar: Experience the Power of a Must-Have All-in-One Cybersecurity Platform

Firm That Sent Fake AI Robocalls Of Joe Biden Is To Pay $1m Fine

New Phishing Campaign Targets US Government Organizations

Hacker Tried to Dodge Child Support by Breaking Into Registry to Fake His Death, Prosecutors Say

Take a Selfie Using a NY Surveillance Camera

Leveraging Ancient Tactics for Modern Malware

Focus on What Matters Most: Exposure Management and Your Attack Surface

Best SEO Experts to Follow on Twitter (X) in 2025

Cybereason Unveils SDR Data Ramp Program: Analyse and Detect Threats in 1TB of Log Data for 90 Days

Qilin Caught Red-Handed Stealing Credentials in Google Chrome

Bling Libra’s Tactical Evolution: The Threat Actor Group Behind ShinyHunters Ransomware

New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data

BlackSuit Ransomware Threat Actors Demand Up To $500 Million

The Risks of Running an End Of Life OS – And How To Manage It

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)

Cybersecurity News: Russia’s questionable DDoS, FAA’s cybersecurity proposal, Windows Recall reappears

PoC Exploit Released for RCE 0-day CVE-2024-41992 in Arcadyan FMIMG51AX000J Model

Publisher’s Spotlight: Checkmarx

FBI Exposing Sensitive Data via Improper Handling of Storage Devices: Audit

YouTube Launches AI Tool to Recover Hacked Accounts

When War Came to Their Country, They Built a Map

New malware Cthulhu Stealer targets Apple macOS users

Fraudulent Slack Ad Shows Malvertiser’s Patience and Skills

Innovator Spotlight: DataBee™

Publisher’s Spotlight: Horizon3.ai

Innovator Spotlight: DataBee™

New Opportunistic Campaign Exploit Log4j Vulnerability for Cryptomining and System Compromise

China-linked APT Velvet Ant exploited zero-day to compromise Cisco switches

The Evolving Landscape of Identity and Access Management in 2024

Hardware Backdoor in Millions of Shanghai Fudan Microelectronics RFID Cards Allows Cloning

SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw

Drawbridge expands cyber risk assessment service

Report Finds 50% of Organizations Experienced Major Breaches in the Past Year

Critical GitHub Enterprise Server Flaw Patched, Admin Access at Risk

Cybercriminals Exploit File Sharing Services to Advance Phishing Attacks

Cyber Resilience Lacking, Organizations Overconfident

Liverpool Fans Lose Big in Premier League Ticket Scams

Popular search terms are leveraged in cyber attacks: Cyber Security Today for Friday, August 23, 2024

Ransomware hits in these specific timings and steals data from Google Chrome

Essential Topics to Study for a Career in Artificial Intelligence

FIDO Alliance Releases Authenticate 2024 Agenda

Latvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime Group

New macOS Malware “Cthulhu Stealer” Targets Apple Users’ Data

Qilin Targets Chrome-Stored Credentials in “Troubling” New Attack

Millions of Office and Hotel RFID Smart Cards Vulnerable to Instant Cloning Through Hidden Backdoor

The changing dynamics of ransomware as law enforcement strikes

Fraud tactics and the growing prevalence of AI scams

Vulnerability prioritization is only the beginning

Is your organisation at risk?

Innovator Spotlight: Reach Security

Innovator Spotlight: SecPod

Uniting the brightest minds in security, network and cloud

New infosec products of the week: August 23, 2024

ISC Stormcast For Friday, August 23rd, 2024 https://isc.sans.edu/podcastdetail/9110, (Fri, Aug 23rd)

Surveillance Watch

A cyberattack hit US oil giant Halliburton

How regulatory standards and cyber insurance inform each other

SolarWinds left critical hardcoded credentials in its Web Help Desk product

GuidePoint talks ransomware negotiations, payment bans

USENIX Security ’23 – ZBCAN: A Zero-Byte CAN Defense System

How Swimlane Can Help SOC Management

IT Security News Daily Summary 2024-08-22

Innovator Spotlight: Cigent

Innovator Spotlight: ExtraHop

Innovator Spotlight: Upwind

Innovator Spotlight: Normalyze

Innovator Spotlight: Harmonic Security

Inside the CCNA v1.1 exam update: AI, machine learning, and more

Innovator Spotlight: AppSOC

Setting Up CORS and Integration on AWS API Gateway Using CloudFormation

U.S. CISA adds Dahua IP Camera, Linux Kernel and Microsoft Exchange Server bugs to its Known Exploited Vulnerabilities catalog

Report: Manufacturing Remains Atop Cyberattack Leader Board

No, not every Social Security number in the U.S. was stolen

Tesla Gigafactory Near Berlin Saw 500,000 Trees Felled – Report

Microsoft Delays Recall Launch for Windows Insider Members Until October

Cyber Security and IT Leadership: A Growing Threat to Australia’s Renewable Energy Efforts

CrowdStrike exec refutes Action1 acquisition reports

Are virtual machines safe for end users?

SolarWinds fixed a hardcoded credential issue in Web Help Desk

CrowdStrike deja vu as ‘performance issue’ leaves systems sluggish

Oil Giant Halliburton Confirms Cyber Incident, Details Scarce

Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk

Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide

OpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?, (Thu, Aug 22nd)

California Reaches Deal With Google Over Journalism Legislation

Fur Affinity Website Hacked in DNS Hijacking Attack

Ecovacs says it will fix bugs that can be abused to spy on robot owners

Halliburton probes ‘an issue’ disrupting business ops

China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches

CISA Warns of Critical SolarWinds RCE Vulnerability Exploited in Attacks

INE Security Launches Initiatives to Invest in the Education of Aspiring Cybersecurity Professionals

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 12, 2024 to August 18, 2024)

Ransomware attack on Halliburton America

Waymo Doubles Weekly Paid Robotaxi Trips Since May

Protect Your Alerts: The Importance of Independent Incident Alert Management

Hundreds of online stores hacked in new campaign

I crashed my iPhone with these four characters so you don’t have to

Incident Response by the Numbers

Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware

CNAPP and ASPM — Friends or Foes?

Hackers Spread Disinformation to undermine Taiwan’s Military

Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control

How Securing APIs Factors into DORA Compliance

Google patches actively exploited zero-day in Chrome. Update now!

How to avoid common mistakes when adopting AI

Understanding the ‘Morphology’ of Ransomware: A Deeper Dive

Lawsuits Pile Up Against Florida-Based Data Firm After Security Breach

QNAP releases QTS 5.2 to prevent data loss from ransomware threats

New ‘ALBeast’ Vulnerability Exposes Weakness in AWS Application Load Balancer

Cthulhu Stealer Malware Targets macOS With Deceptive Tactics

PEAKLIGHT: Decoding the Stealthy Memory-Only Malware

FlightAware Confirmed Data Breach Happened Due To Configuration Error

Hackers Distribute FakeBat Loader Via Fake Software Installers

Unpatched Vulnerabilities In Microsoft macOS Apps Pose Significant Threat

Dr Mike Lynch Confirmed Dead, As Search For Daughter Continues

As Microsoft breaks awkward silence around its controversial Recall feature, privacy questions remain

The Linux security team issues 60 CVEs a week, but don’t stress. Do this instead

How frictionless authentication works in online payments

Cookie Theft: What Is It & How to Prevent It

Rockwell Automation Emulate3D

MOBOTIX P3 and Mx6 Cameras

Rockwell Automation 5015 – AENFTXT

Post-quantum Cryptography in 2024

When Compliance Fails: Eye-Opening Incidents in GRC You Need to Know

How AI and Machine Learning Are Revolutionizing Cybersecurity

Critical LiteSpeed Cache Plugin Flaw CVE-2024-28000 Sparks a Surge in Cyberattacks

Costa Rican Authorities Issue Warning as Social Media Identity Theft Cases Double

Navigating Without GPS: Quantum Breakthroughs and Their Impact

Enzoic for Active Directory enhancements help teams identify and remediate unsafe credentials

FAA Admits Gaps in Aircraft Cybersecurity Rules: New Regulation Proposed

Enhancing Phishing and Malware Detection with ssdeep Fuzzy Hashing

The Skills Gap Leaves Organizations Open to New Threats and Vulnerabilities

Prism Infosec PULSE bridges the gap between penetration testing and red teaming

Anomali announces expanded capabilities for Copilot

Over 3400 High and Critical Cyber Alerts Recorded in First Half of 2024

From Crisis to Catalyst: A CEO’s Lessons Learned from A Cybersecurity Incident

Typing just four characters could crash your iPhone

Low Media Literacy: A Risk to Australia’s Cybersecurity Landscape

Atlassian Patches Vulnerabilities in Bamboo, Confluence, Crowd, Jira

Microsoft again ranked number one in modern endpoint security market share

US Microchip Giant Hit by Cyberattack, Disrupting Operations

The best free antivirus software of 2024: Expert tested

Australian Digital ID: TEx System Poised to Boost Security By Sharing Less Data With Businesses

Ransomware batters critical industries, but takedowns hint at relief

How Multifactor Authentication (MFA) Can Reduce Your Cyber Attacks Risk?

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)

Company Fined $1m for Fake Joe Biden AI Calls

US Oilfield Firm Halliburton Hit By Cyberattack

Wallarm API Attack Surface Management mitigates API leaks

US Safety Probe Into GM’s Cruise Shut Down

Transform Your CAD Workflow with Parametric Modeling

Get Advanced Ad Blocking and Superior Data Privacy Tools for Just $11

Entrepreneurs Must Be Value-Focussed, Tech-Positive, and People-Oriented

Bridging the UK Skills Gap in the Tech Sector

Ingress-NGINX Annotation Validation Bypass Flaw (CVE-2024-7646) Allows Command Injection

This uni thought it would be a good idea to do a phishing test with a fake Ebola scare

The Facts About Continuous Penetration Testing and Why It’s Important

The Chiplet’s Path to Victory

From The Ground Up – Addressing Core Inefficiencies in The UK Public Sector

Memory corruption vulnerabilities in Suricata and FreeRDP

Critical Flaw in LiteSpeed Cache Plugin Actively Exploited: Over 30,000 Attacks Blocked in 24 Hours

Google Fixes Ninth Chrome Zero-Day Exploited in Attacks This Year

Kick off early Octoberfest with an EUC-fest

Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites

Novel Android Malware Steals Card NFC Data For ATM Withdrawals

Security Flaws in UK Political Party Donation Platforms Exposed

What Triggers a CISO?

Navigating the Challenges of AI in Software Development: A Call to Action to Comply with the EU AI Act

The 8 Most Common Website Design Mistakes According to Pros

MegaMedusa, RipperSec’s Public Web DDoS Attack Tool

Securing the Future: FIPS 140-3 Validation and the DISA STIG for AlmaLinux OS

Critical SLUBStick Exploitation Technique Threatens Linux Security

Cybersecurity News: Japanese auto security, Feds tap encrypted messages, Microsoft breaks Linux dual-booting

Google addressed the ninth actively exploited Chrome zero-day this year

A cyberattack disrupted operations of US chipmaker Microchip Technology

Android malware uses NFC to steal money at ATMs

New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)

Backdoor in Mifare Smart Cards Could Open Doors Around the World

GitHub fixed a new critical flaw in the GitHub Enterprise Server

The Surge of Identity and Access Management (IAM): Unveiling the Catalysts

LibreOffice 24.8: More privacy, interoperability improvements

How to recover deleted files on your Windows PC

NCC Group: Ransomware down in June, July YoY

Extortion Campaign Targets 110,000 Domains Using Exposed AWS Files

Innovative Phishing Campaign Targets Mobile Users with PWAs

Cisco calls for United Nations to revisit cyber crime Convention

Google Cloud to offer enhanced security with Simplicity and Convergence

3 Cybersecurity Trends for 2025

The Golden Age of Impersonation: The Dual Role of AI in Cyber Attacks & Cyber Defense

GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges

Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access

Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild

Palo Alto Networks Shines Light on Application Services Security Challenge

A survival guide for data privacy in the age of federal inaction

New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining

WAF Cloud Authentication Issue Troubleshooting

Why C-suite leaders are prime cyber targets

Most ransomware attacks occur between 1 a.m. and 5 a.m.

Foiling bot attacks with AI-powered telemetry

The Great Cloud Security Debate: CSP vs. Third-Party Security Tools

GenAI models are easily compromised

ISC Stormcast For Thursday, August 22nd, 2024 https://isc.sans.edu/podcastdetail/9108, (Thu, Aug 22nd)

Bangladeshi Hackers Deface India’s Zee Media Website for Mocking Floods

You probably want to patch this critical GitHub Enterprise Server bug now

Best Practices for Event Logging and Threat Detection

How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack

Fraudulent Slack ad shows malvertiser’s patience and skills

Authentication and Authorization in Red Hat OpenShift and Microservices Architectures

IT Security News Daily Summary 2024-08-21

From Offices to Hotels: Backdoor in Contactless Key Cards Enables Mass Cloning

My child had her data stolen—here’s how to protect your kids from identity theft

Publisher’s Spotlight: Cyera

What Gartner’s 2024 hype cycle forecast tells us about the future of AI (and other tech)

Stadiums Are Embracing Face Recognition. Privacy Advocates Say They Should Stick to Sports

Experts disclosed a critical information-disclosure flaw in Microsoft Copilot Studio

New PG_MEM Malware Targets PostgreSQL Databases to Mine Cryptocurrency

An explanation of cybersecurity

The ultimate contact center security checklist

Geofence Warrants Are ‘Categorically’ Unconstitutional | EFFector 36.11

Gartner Report: Implement a Continuous Threat Exposure Management (CTEM) Program

Backdoor in RFID Cards for Offices, Hotels Can Lead to Instant Cloning

CMA Drops Apple, Google App Store Investigations

Ford Pulls Back On EV Spending

Securing Federal Systems

Typing these four characters could crash your iPhone

North Korea-linked APT used a new RAT called MoonPeak

Publisher’s Spotlight: Cranium

What’s New in CodeSonar 8.2

Randall Munroe’s XKCD ‘Ferris Wheels’

The best identity theft protection and credit monitoring services of 2024

CISA Adds Four Known Exploited Vulnerabilities to Catalog

110K domains targeted in ‘sophisticated’ AWS cloud extortion campaign

Critical Authentication Flaw Haunts GitHub Enterprise Server

Fintechs Encouraged to Join National Cyber Fraud Reporting System

North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign

Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data

Telegram and WhatsApp suffer downtime in Russia due to DDoS

Four Bodies Found In Yacht Wreck Amid Search For Mike Lynch

More than 3 in 4 Tech Leaders Worry About SaaS Security Threats, New Survey Reveals

AI in OT Security — Balancing Industrial Innovation and Cyber Risk

Cyberattack Disrupts Microchip Technology’s Activity

How Should Your MSP Deal With the ‘Small Client Problem’?

Critical LiteSpeed Cache Plugin Flaw Exposes WordPress Sites

New MoonPeak RAT Linked to North Korean Threat Group UAT-5394

Shaping the legacy of partnership between government and private sector globally: JCDC

The US Government Wants You—Yes, You—to Hunt Down Generative AI Flaws

Translating Cybersecurity Jargon into Business Speak

Publishers Spotlight: Cranium

Russia tells citizens to switch off home surveillance because the Ukrainians are coming

Arden Claims Service Reports Data Breach, 139,000 Affected

Patch Tuesday not Done ’til LINUX Won’t Run?

How Pen Testing is Evolving and Where it’s Headed Next

Flight Aware User Data Leaked Following Misconfiguration

Chemical Giant Orion Loses $60 Million in Email Scam

Encryption in transit over external networks: AWS guidance for NYDFS and beyond

Over 5,000,000 Site Owners Affected by Critical Privilege Escalation Vulnerability Patched in LiteSpeed Cache Plugin

Anthropic Sued For Copyright Infringement By Authors

Man certifies his own (fake) death after hacking into registry system using stolen identity

Don’t panic! It’s only 60 Linux CVE security bulletins a week

How to Use LastPass: Complete Guide for Beginners

Why the UN Convention Against Cybercrime Requires a Second Look

Story of an Undercover CIA Agent who Penetrated Al Qaeda

Rethinking Cyber-Physical Systems Security in the Age of Industry 4.0

T-Mobile Customers Alarmed by Unfamiliar Support Links, But They Are Legitimate

Bangladeshi SIM Box Fraud Uncovered in Major Odisha Operation

Critical Jenkins RCE Vulnerability: A New Target for Ransomware Attacks

Entrust KeyControl as a Service provides organizations with control of their cryptographic keys

HITRUST unveils AI Risk Management Assessment solution

Oregon Zoo Warns Over 100,000 Customers of Payment Card Compromise

Australia Calls Off Clearview AI Investigation Despite Lack of Compliance

Embed API Security into Regulatory Compliance: Six Examples to Watch

Introducing Automatic URL Categorization: Enhanced Security and Efficiency

The AI Revolution: Transforming Technology and Reshaping Cybersecurity

Critical Remote Code Execution Vulnerability Addressed in GiveWP Plugin

PostgreSQL databases under attack

National Public Data leaked passwords online

McAfee unleashes AI deepfake audio detector – but how reliable can it be?

TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset

Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue

Survey Surfaces Growing SaaS Application Security Concerns

CISA to Get New Headquarters as $524M Contract Awarded

1-15 May 2024 Cyber Attacks Timeline

Researcher Details Microsoft Outlook Zero-Click Vulnerability (CVE-2024-38021)

Four Essential Tips for Building a Robust REST API in Java

Critical Heap Overflow Vulnerability Discovered in FFmpeg, PoC Published

TLS Bootstrap Attack on Azure Kubernetes Services can Leak Sensitive Credentials

Google Cloud Unveils New Security Services and Capabilities

Tesla To Receive Lower EU Tariff For Chinese-Made EVs

ALBeast: Misconfiguration Flaw Exposes 15,000 AWS Load Balancers to Risk

CISA Adds One Known Exploited Vulnerability to Catalog

RightCrowd introduces Mobile Credential Management feature

New macOS Malware TodoSwift Linked to North Korean Hacking Groups

Styx Stealer Creator’s OPSEC Fail Leaks Client List and Profit Details

It’s Time To Untangle the SaaS Ball of Yarn

Microchip Technology apparently impacted by ransomware attack

The Rise of Kerberoasting: A New Cyber Threat on the Horizon

Exploits and vulnerabilities in Q2 2024

New Msupedge Backdoor Targeting Taiwan Employs Stealthy Communications

Healthcare Hit by a Fifth of Ransomware Incidents

Sky Signs Full Fibre Broadband Partnership With CityFibre

Toyota confirms customer and employee data stolen, says breach at third party to blame

The 6 Best Malware Removal Software Providers for 2024

RCE Vulnerability in Atlassian Bamboo Data Center and Server

Mastering Data Visibility for Secure AI Adoption with Cyera

MoonPeak malware from North Korean actors unveils new details on attacker infrastructure

Autoencoder Is All You Need: Profiling and Detecting Malicious DNS Traffic

Microchip Technology manufacturing facilities impacted by cyberattack

Cybersecurity News: Toyota third-party breach, Hawaii registry hack, Iran disrupting campaigns

Pro-Russia group Vermin targets Ukraine with a new malware family

Spring Security Flaw Leaves Applications Open to Unauthorized Access

Cyberattack Disrupts Microchip Technology Manufacturing Facilities

Most Ransomware Attacks Now Happen at Night

Tips to Help Leaders Improve Cyber Hygiene

Understanding Managed Service Providers (MSPs): Choosing the Right Provider

Rising Abuse of URL Rewriting in Phishing

Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove

Microchip Technology Says IT Incident Impacted Operations

Over 10,000 WordPress Sites at Risk: Critical File Deletion Flaw Found in InPost Plugins

Deadbeat dad faked his own death by hacking government databases

McAfee Deepfake Detector combats AI scams and misinformation

How to Use BitDefender VPN on Any Device: 2024 Tutorial

Transforming underserved communities and fostering sustainable growth through entrepreneurial endeavors

A backdoor in millions of Shanghai Fudan Microelectronics RFID cards allows cloning

McAfee Unveils Tool to Identify Potential Deep Fakes

CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait

Ransomware hits record high amounts: Cyber Security Today for Tuesday, August 21, 2024

US Intelligence Agencies Warn of Iranian Election Influence Efforts

FlightAware Notifies Users of Data Security Incident

Cyberattack Forces Microchip Technology to Scale Back Amid Global Chip Race

Publishers Spotlight: Bedrock Security

OpenCTI: Open-source cyber threat intelligence platform

GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk

Experts Weigh In on the NPD Breach and Its Implications

The Hidden Threat of Shadow AI

Food security: Accelerating national protections around critical infrastructure

Cybersecurity jobs available right now: August 21, 2024

Why I Joined Balbix: Embracing the AI-Powered Future of Cybersecurity

Average DDoS attack costs $6,000 per minute

ISC Stormcast For Wednesday, August 21st, 2024 https://isc.sans.edu/podcastdetail/9106, (Wed, Aug 21st)

Singapore updates OT security blueprint to focus on data sharing and cyber resilience

Chipmaker Microchip reveals cyber attack whacked manufacturing capacity

Mapping Threats with DNSTwist and the Internet Storm Center (Guest Diary), (Tue, Aug 20th)

New Phishing Attacks Target Eastern European Bank Users on iOS and Android

An AWS Configuration Issue Could Expose Thousands of Web Apps

Black Hat USA 2024: Key Takeaways from the Premier Cybersecurity Event

IT Security News Daily Summary 2024-08-20

What is cloud detection and response (CDR)?

Building a Semantic Web Search App Using Resource Description Framework and Flask for Cyber Resilience

Czech Mobile Users Targeted in New Banking Credential Theft Scheme

Detecting AWS Account Compromise: Key Indicators in CloudTrail Logs for Stolen API Keys

Why you need to know about ransomware

Can someone tell if I block their number?

Darktrace Co-founder Mike Lynch Presumed Dead After Superyacht Sinks

Black Hat 2024, Day 2: Charting the Future of Cybersecurity

Cisco employees face a month of silence ahead of second layoff in 2024

Ransomware payments rose from $449.1 million to $459.8 million

U.S. agencies attribute Trump campaign hack to Iran

Should small businesses worry about the NIS2 Directive in Europe?

Previously unseen Msupedge backdoor targeted a university in Taiwan

Africa’s Economies Feel Pain of Cybersecurity Deficit

Major Backdoor in Millions of RFID Cards Allows Instant Cloning

Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #304 – Fail Fast

Agentless is a DAM Better Option for Securing Cloud Data

To Improve Your Cybersecurity Posture, Focus on the Data

AI-Enhanced Crypto Scams: A New Challenge for ASIC

Lessons for Banks from the Recent CrowdStrike Outage

Novel Phishing Method Used in Android/iOS Financial Fraud Campaigns

Germany offers Cybersecurity Labels for mobile devices

TodoSwift Malware Targets macOS, Disguised as Bitcoin PDF App

How Data Encryption Can Simplify Infrastructure Architecture

Strengthening Your Cyber Defenses: The Critical Role of Defensive Training

Hackers Linked to $14M Holograph Crypto Heist Arrested in Italy

Publishers Spotlight: ForAllSecure

Plane tracker FlightAware admits user passwords, SSNs exposed for years

New DNS-Based Backdoor Threat Discovered at Taiwanese University

Edge Computing and 5G: Emerging Technology Shaping the Future of IT

National Public Data Breach: Only 134 Million Unique Emails Leaked and Company Acknowledges Incident

How to Get a VPN on Any Device (+ Installation Tips)

US government accuses Iran of Trump campaign hack; Iran scoffs

Your Journey to Mastery with Black Belt Training: A Comprehensive Guide for Cisco Partners

Russia-linked Vermin Hackers Target Ukraine With new Malware Strain

UK: NCSC Opens Cyber Resilience Audit Scheme to Applicants

Plane-tracking app admits user passwords, SSNs exposed for over 3 years

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover

USENIX Security ’23 – Pspray: Timing Side-Channel Based Linux Kernel Heap Exploitation Technique

INE Security Alert: The Steep Cost of Neglecting Cybersecurity Training

New Report Reveals Rising Attacks on macOS Systems

Here’s Why Ransomware Actors Have a Upper Hand Against Organisations

Timeline of the Ransomware Attack on Change Healthcare: How It Unfolded

Iranian Group TA453 Launches Phishing Attacks with BlackSmith

Where are we with CVE-2024-38063: Microsoft IPv6 Vulnerability, (Tue, Aug 20th)

Cost of a data breach: The industrial sector

Securing Catalyst Center: ISO Certified

OpenAI Kills Iranian Accounts Spreading Us Election Disinformation

Common API Security Issues: From Exposed Secrets To Unauthorized Access

Fortanix protects individual file systems on specified hosts

New phishing method targets Android and iPhone users

New Styx Stealer Attacking Users to Steal Login Passwords

“We will hold them accountable”: General Motors sued for selling customer driving data to third parties

Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds

Three-Quarters of Companies Retain An Increasing Amount of Sensitive Data, Report Finds

Bitdefender vs Kaspersky: Comparing Top EDR Solutions in 2024

Digital Wallets can Allow Purchases With Stolen Credit Cards

Publishers Spotlight: Endari

Your Company Culture Can Become A Powerful Cybersecurity Resource

Hackers Could Exploit Microsoft Teams on macOS to Steal Data

MegaMedusa, Highly Scalable Web DDoS Attack Tool Used By Hacker Groups

Backdoor MIFARE Smart Cards Exposes User-Defined Keys On Cards

Digital Wallets Bypassed To Allow Purchase With Stolen Cards

x64dbg: Open-Source Binary Debugger for Windows

All-in-One: How Cynet is Revolutionizing Cybersecurity for MSPs

Survey Surfaces Widespread Mishandling of Sensitive Data

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)

Approach to mainframe penetration testing on z/OS

Chrome Will Redact Credit Cards, Passwords When You Share Android Screen

Xeon Sender Enables Large-Scale SMS Spam Attacks Using Legitimate SaaS Providers

Fabric Cryptography Raises $33 Million for VPU Chip

RansomHub Deploys EDRKillShifter Malware to Disable Endpoint Detection Using BYOVD Attacks

Hacking Wireless Bicycle Shifters

How Exceptional CISOs Are Igniting the Security Fire in Their Development Team

Multi-Domain vs Wildcard SSL Certificates: Differences & Uses

Overturning of Chevron Deference’s Impact on Cybersecurity Regulation

Vermin Cyber-Attacks Target Ukraine, Exploiting Kursk Battle

Comprehensive Threat Protection Strategies for Microsoft 365 Environments

2GB variant of Raspberry Pi Launched for Just $50

Authentik: Open-Source Identity Provider

Multiple Microsoft Apps for macOS Vulnerable to Library Injection Attacks

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera

Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware

Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters

Anatomy of an Attack

Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor

Iran Behind Trump Campaign Hack, US Government Confirms

The Metaverse Won’t Die: Embracing the Future of Work and Connection

Artificial intelligence, real anxiety: Why we can’t stop worrying and love AI

Update: Ransomware Attack on Indian Payment System Traced Back to Jenkins Bug

GuidePoint Security releases Phishing as a Service

I Said I Was Technically a CISO, Not a Technical CISO

Palo Alto Networks Forecasts Strong Security Demand

South Korean AI Chip Makers Sapeon, Rebellions To Merge

Update: US Agencies Attribute Presidential Campaign Cyberattacks to Iran

Ubuntu Addresses Multiple OpenJDK 8 Vulnerabilities

Cybersecurity News: National Public Data breach update, Flaws in macOS apps, FlightTracker configuration issue

UK Businesses Face New Cyber-Attacks Every 44 Seconds in Q2 2024

Securing Infrastructure as Code: Best Practices for State Management

Vulnerability Recap 8/20/24 – Microsoft Has the Spotlight This Week

Oracle NetSuite misconfiguration could lead to data exposure

Microsoft Mandates MFA for all Azure Sign-Ins

CISA Adds Jenkins CLI Bug to its Known Exploited Vulnerabilities Catalog

Jewish Home Lifecare Notifies 100,000 Victims of Ransomware Breach

Former Congressman Santos Admits Identity Theft and Fraud

Mike Lynch Co-Defendant Dies In Car Accident

2.9 Billion Records Exposed in NPD Breach: How to Stay Safe

Cybercriminals Exploit Paris Olympics With Fake Domains

Ukrainian Bank’s Service for Military Donations Targeted by ‘Massive’ DDoS Attack

Google Pixel Devices Found Vulnerable Due To Pre-Installed App

Google Pledges To Strengthen Privacy With Gemini AI

Shanghai Doubles Size Of Chip Investment Fund

AMD To Buy Server Maker ZT Systems Amidst AI Battle

Unauthenticated RCE in WordPress Plugin Exposes 100,000 WordPress Sites

Toyota disclosed a data breach after ZeroSevenGroup leaked stolen data on a cybercrime forum

10 Strategies for Safely Migrating a Data Center on a Limited Budget

NEWS ANALYSIS Q&A: The early going of Generative AI and LLMs impacting cybersecurity

X Closes Brazil Office Due To ‘Censorship’

Autodesk AutoCAD Vulnerability Let Attackers Execute Arbitrary Code

Iran named as source of Trump campaign phish, leaks

Google to launch threat detection AI powered feature to all Android phones

5 Emerging Malware Variants You Must Be Aware Of

CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks

Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information

Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America

Ransom Denied: Cyber Insurance Claims Shrink as Businesses Opt for DIY Recovery

Why a Savvy Security Strategy is Essential | Grip

Ransomware’s Record Year: 2024 Earnings Soar Amid Overall Cybercrime Dip

Organizations turn to biometrics to counter deepfakes

AI for application security: Balancing automation with human oversight

Strategies for security leaders: Building a positive cybersecurity culture

Cybercriminals exploit file sharing services to advance phishing attacks

ISC Stormcast For Tuesday, August 20th, 2024 https://isc.sans.edu/podcastdetail/9104, (Tue, Aug 20th)

Digital wallets can allow purchases with stolen credit cards

US Intelligence Officials Say Iran is to Blame for Hacks Targeting Trump, Biden-Harris Campaigns

Identity Protection That Spans the Entire Attack Lifecycle

USENIX Security ’23 – Side-Channel Attacks on Optane Persistent Memory

What You Missed About the CrowdStrike Outage:: The Next Strike Might Be Linux Due to eBPF

Crypto enthusiasts flood npm with more than 281,000 bogus packages overnight

Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts

IT Security News Daily Summary 2024-08-19

SOCI Act 2024: Thales Report Reveals Critical Infrastructure Breaches in Australia

Guide to data detection and response (DDR)

The Windows BitLocker recovery bug is fixed, according to Microsoft

Announcing new EDR capabilities for Webroot Endpoint Protection

CISA adds Jenkins Command Line Interface (CLI) bug to its Known Exploited Vulnerabilities catalog

OpenAI kills Iranian accounts using ChatGPT to write US election disinfo

test

Your Android phone is getting an anti-theft upgrade, thanks to AI. How it works

Too many cloud security tools? Time for consolidation

MSPs: The Cisco Meraki Approach to Addressing MDU Deployments

Court to California: Try a Privacy Law, Not Online Censorship

NO FAKES – A Dream for Lawyers, a Nightmare for Everyone Else

Multiple flaws in Microsoft macOS apps unpatched despite potential risks

Extortion Group Exploits Cloud Misconfigurations, Targets 110,000 Domains

Mike Lynch, Five Others Missing After Yacht Sinks Off Sicily

SAFECOM and NCSWIC Develop Global Positioning System (GPS) for Public Safety Location Services: Use Cases and Best Practices

Social Security number data breach: What you need to know

Researchers uncovered new infrastructure linked to the cybercrime group FIN7

Daniel Stori’s ‘The War For Port 80’

Here’s What Businesses Can Learn From a $2 Million Ransomware Attack SEC Settlement

Zero-Trust Security: The Critical Role of Trust And Human Integrity

Stolen, locked payment cards can be used with digital wallet apps

Making sense of secrets management on Amazon EKS for regulated institutions

CISA Warns Of Active Exploitation Of SolarWinds Web Help Desk Vulnerability

FlightAware warns that some customers’ info has been ‘exposed,’ including Social Security numbers

Vulnerability Summary for the Week of August 12, 2024

How We Transformed Akamai from a CDN to a Cloud and Security Company

AWS cyber attack exposes over 230 million unique cloud environments

CrowdStrike outage lessons learned: Questions to ask vendors

National Public Data Published Its Own Passwords

Windows Zero-Day Attack Linked to North Korea’s Lazarus APT

FBI and CISA Assure Public on Election Ransomware Security

$4,998 Bounty Awarded and 100,000 WordPress Sites Protected Against Unauthenticated Remote Code Execution Vulnerability Patched in GiveWP WordPress Plugin

Data Security Solution for US Federal Customers

Hacked GPS tracker reveals location data of customers

Dodging the Cyber Bullet: Early Signs of a Ransomware Attack

Cyber Stressed! Top 3 MSP Cybersecurity Challenges (And How to Fix Them)

Heimdal and ViroSafe Partner to Strengthen Nordic Cybersecurity

Mandatory MFA is Coming to Microsoft Azure

USENIX Security ’23 – Cipherfix: Mitigating Ciphertext Side-Channel Attacks in Software

The Rise of Manual Techniques in Ransomware Attacks: A Growing Threat

New Tool Xeon Sender Enables Large-Scale SMS Spam Attacks

“WireServing” Up Credentials: Escalating Privileges in Azure Kubernetes Services

AI SPERA and Hackers Central Partner to Expand Mexico’s Security Market with ‘Criminal IP ASM’

If your SSN was leaked online, you should freeze your credit: Here’s how to do that

Cyber insurance claims fall as businesses refuse ransom payments and recover themselves

National Public Data Says Breach Impacts 1.3 Million People

Massive Data Breach Exposes Social Security Numbers of 2.9 Billion People

Major Data Breach at FlightAware Exposes Pilots and Users’ Information

Own proactively detects and stores data changes in Salesforce

Appian helps organizations prepare for current and forthcoming AI regulations

Microsoft Apps for macOS Exposed to Library Injection Attacks

Announcing AWS KMS Elliptic Curve Diffie-Hellman (ECDH) support

Lazarus Hacker Group Exploited Microsoft Windows Zero-day

Getting to Know Katrin Bauer

Azure Domains and Google Abused to Spread Disinformation and Malware

EFF and Partners to EU Commissioner: Prioritize User Rights, Avoid Politicized Enforcement of DSA Rules

National Public Data tells officials ‘only’ 1.3M people affected by intrusion

Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware

New UULoader Malware Distributes Gh0st RAT and Mimikatz in East Asia

API Security: The Cornerstone of AI and LLM Protection

Internal And External Threat Intelligence

Crypto Firm Says Hacker Locked All Employees Out of Google Products for Four Days

Mad Liberator Gang Uses Fake Windows Update Screen to Hide Data Theft

Oregon Zoo Ticketing Service Hack Impacts 118,000

How to Automate the Hardest Parts of Employee Offboarding

Microsoft Users Rush To Patch Zero-Click TCP/IP RCE Flaw

Ransomware Resilience Drives Down Cyber Insurance Claims

Linux Kernal Vulnerability Let Attackers Bypass CPU & Gain Read/Write Access

Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs

The Essential Guide to Evaluating Competitive Identity Verification Solutions

Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks

How can you check if your SSN was leaked on the dark web after the NPD breach?

OpenAI Deactivates Accounts Used By Iran Election Influence Group

Court Narrows Injunction On California Social Media Law

Millennials’ sense of privacy uniquely tested in romantic relationships

Supply Chain Security Policy

CyberGhost vs ExpressVPN (2024): Which VPN Is Better?

The Pentagon Is Planning a Drone ‘Hellscape’ to Defend Taiwan

Experts warn of exploit attempt for Ivanti vTM bug

BlindEagle flying high in Latin America

Industry Moves for the week of August 19, 2024 – SecurityWeek

100,000 Impacted by Jewish Home Lifecare Data Breach

Combining Continuous Pentesting with Attack Surface Management

How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions

Tracki – 372,557 breached accounts

Thousands of Oracle NetSuite E-Commerce Sites Expose Sensitive Customer Data

Update: Windows Zero-Day Flaw was Exploited by North Korea-linked Lazarus APT

Cybersecurity News: Entra forces MFA, another AnyDesk heist, Google Pixel vulnerability

TikTok Says US Data Not Linked To China

Texas Instruments Receives $1.6bn In US Gov’t Chip Funding

Duke of Sussex Speaks Against Online Misinformation

Shares In EV Maker Ola Spike After Motorcycle Launch

Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus APT

Rewriting Hysteria: Rising Abuse of URL Rewriting in Phishing

Mandatory MFA for Azure sign-ins is coming

NCSC Opens Cyber Resilience Audit Scheme to Applicants

Enhancing Internal Controls: Correlation, Mapping, and Risk Mitigation

10 Authentication Trends in 2024 and Beyond

Fast Forward or Freefall? Navigating the Rise of AI in Cybersecurity

Group-IB partners with SecurityHQ to enhance SOC capabilities

AMD Patched The Newly Disclosed SinkClose CPU Vulnerability

ProtonVPN Opens Up Browser Extension Feature To Free Users

A week in security (August 12 – August 18)

Unicoin Staff Locked Out of G-Suite in Mystery Attack

OpenAI takes action against Iranian disinformation campaigns using ChatGPT: Cyber Security Today for Monday, August 19th, 2024

Epic Games’s Fortnite Returns To Smartphones After Four Years

Explore Talent (August 2024) – 8,929,384 breached accounts

The Inefficiency of People-Search Removal Tools, Massive Data Breach Impacting U.S. Citizens

Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group

Do you Like Donuts? Here is a Donut Shellcode Delivered Through PowerShell/Python, (Mon, Aug 19th)

National Public Data Leaks Social Security Numbers of about 2.7 billion populaces

Top Paying Countries for Cybersecurity Experts

Researchers Found a New Technique to Defend Cache Side Channel Attacks

Ransomware Gangs Introduce New EDR-Killing Tool

National Public Data Admits to Breach Leaking Millions of Social Security Numbers

Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group

BeaverTail Malware Attacking Windows Users Via Weaponized Games

Was your Social Security number leaked to the dark web? Use this tool to find out

Protecting academic assets: How higher education can enhance cybersecurity

x64dbg: Open-source binary debugger for Windows

To improve your cybersecurity posture, focus on the data

Common API security issues: From exposed secrets to unauthorized access

ISC Stormcast For Monday, August 19th, 2024 https://isc.sans.edu/podcastdetail/9102, (Mon, Aug 19th)

Was your SSN leaked to the dark web? Use this tool to find out

RansomHub-linked EDR-killing malware spotted in the wild

The Mad Liberator ransomware group uses social-engineering techniques

IT Security News Weekly Summary – Week 33

IT Security News Daily Summary 2024-08-18

USENIX Security ’23 – NVLeak: Off-Chip Side-Channel Attacks via Non-Volatile Memory Systems

How to freeze your credit – and how it can help protect you after data breaches

From 2018: DeepMasterPrints: deceive fingerprint recognition systems with MasterPrints generated with GANs

The Rise of Malvertising: How Scammers Target Google Products with Malicious Search Ads

Russian Disinformation Network Struggles to Survive Crackdown

Pro-Palestine Outfit Takes Responsibility for Hacking Donald Trump-Elon Musk Interview

Ransomware Attack on the Washington Times Leads to a Dark Web Data Auction

Navigating AI and GenAI: Balancing Opportunities, Risks, and Organizational Readiness

National Public Data Breach Exposes Millions: Threat of Identity Theft Looms

CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass – A Deep Dive

Getting Wins for Security Leaders: Strategies and Considerations for Success

Security Affairs newsletter Round 485 by Pierluigi Paganini – INTERNATIONAL EDITION

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 7

Large-scale extortion campaign targets publicly accessible environment variable files (.env)

Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions