IT Security News Daily Summary 2024-08-29

High Fidelity Data: Balancing Privacy and Usage
Nvidia’s ‘Eagle’ AI sees the world in Ultra-HD, and it’s coming for your job
Cisco addressed a high-severity flaw in NX-OS software
The art and science behind Microsoft threat hunting: Part 3
Threat Actors Exploit Microsoft Sway to Host QR Code Phishing Campaigns
Oh, great. Attacks developed by spyware vendors are being re-used by Russia’s Cozy Bear cretins
10 ways to speed up your slow internet connection today
Cisco Umbrella for Government: DNS Security Integrated With CISA Protective DNS
The 25% off Blink Mini 2 is one of the best security cameras deals this Labor Day
Preventing counterfeiting by adding dye to liquid crystals to create uncrackable coded tags
The AppViewX Experience: A Journey to Seamless Solution Onboarding
CISA Launches New Portal to Improve Cyber Reporting
Fake Canva home page leads to browser lock
Feds claim sinister sysadmin locked up thousands of Windows workstations, demanded ransom
What kind of summer has it been?
OpenAI, Anthropic To Share AI Models With US Government
6 Principles for Use of AI in K12 Education
Top Cybersecurity Companies You Need to Know in 2024 (And How to Choose One)
Musk Row With Brazil Continues, As Supreme Court Threatens To Suspend X
#StopRansomware: RansomHub Ransomware
Flying through Seattle’s hacked airport
Key Strategies for Building Cyber Workforce Resilience
Gaps in Skills, Knowledge, and Technology Pave the Way for Breaches
Innovator Spotlight: ThreatLocker
Spotlight on Sysdig
Spotlight on Akto.ai
Rock Chrome hard enough and get paid half a million
USENIX Security ’23 – RøB: Ransomware over Modern Web Browsers
Elevating your secrets security hygiene: H1 roundup of our product innovations
Cyberattacks Skyrocket in India, Are We Ready for the Digital Danger Ahead?
Check Point Software acquires Cyberint Technologies
Google Mulling ‘Hyperscale’ Vietnam Data Centre – Report
The best free VPNs of 2024: Expert tested
2.5 Million Reward Offered For Cyber Criminal Linked To Notorious Angler Exploit Kit
Flying through Sea-Tac’s hacked airport
Stay in the H2 know – providing clean water with Cisco industrial IoT
Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published
Innovator Spotlight: Beyond Identity
Innovator Spotlight: Zenity
Innovator Spotlight: Traceable AI
Dick’s Sporting Goods Says Sensitive Data Exposed in Cyberattack
Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack
Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32
North Korean Hackers Launch New Wave of npm Package Attacks
Intel Questioned By US Senator Over Job Cuts After $20bn Grant, Loans
Hackers Calling Employees to Steal VPN Credentials from US Firms
Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs
Rockwell Automation ThinManager ThinServer
Delta Electronics DTN Soft
Zero touch provisioning with Cisco Firewall Management Center Templates
Customer Experience is a Learning Experience
Top Data Center Priorities—Evolving Needs for Scaling Infrastructure
The Power of Reporting at Cisco Black Belt Academy: Driving Success for Partners
Innovator Spotlight: Reco.ai
BlackByte Ransomware Outfit is Targeting More Orgs Than Previously Known
Snowflake Faces Declining Growth Amid Cybersecurity Concerns and AI Expansion
BlackByte Adopts New Tactics, Targets ESXi Hypervisors
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 19, 2024 to August 25, 2024)
Inside the NIST Cybersecurity Framework 2.0 and API Security
A Measure of Motive: How Attackers Weaponize Digital Analytics Tools
Shares In Nvidia Fall, Despite Record Profits, Sales
How to embrace Secure by Design principles while adopting AI
Powerful Spyware Exploits Enable a New String of ‘Watering Hole’ Attacks
Check Point Joins Esteemed Sponsors of Security Serious Unsung Heroes Awards 2024
International Cyber Expo’s 2024 Tech Hub Stage Agenda Showcases the Future of Cybersecurity Innovation, From AI to Automation
Dick’s Sporting Goods Discloses Cyberattack
What is Gift Card and Loyalty Program Abuse?
Strata Identity to Host Tear Down and Modernization Webinar for Legacy Identity Infrastructures
Rain Technology Laptop Switchable Privacy protects against visual hackers and snoopers
Unpatched CCTV Cameras Exploited to Spread Mirai Variant
Corona Mirai botnet spreads via AVTECH CCTV zero-day
Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites
Marketing Trends: How to Use Big Data Effectively
Russia’s APT29 using spyware exploits in new campaigns
Russian government hackers found using exploits made by spyware companies NSO and Intellexa
Critical Fortra FileCatalyst Workflow Vulnerability Patched (CVE-2024-6633)
Strengthening Your Cybersecurity Insurance Posture with Privileged Access Management (PAM) Solutions
Brain Cipher claims attack on Olympic venue, promises 300 GB data leak
Harmful ‘Nudify’ Websites Used Google, Apple, and Discord Sign-On Systems
Cisco Patches Multiple NX-OS Software Vulnerabilities
Iranian State Hackers Team Up with Ransomware Gangs in Attacks on US
Telegram CEO Pavel Durov charged with allowing criminal activity
AI Hype vs Hesitence
A Guide To Selecting The Best URL Filtering Software
Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks
How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back
U.S. Agencies Warn of Iranian Hacking Group’s Ongoing Ransomware Attacks
Surge in New Scams as Pig Butchering Dominates
Telegram’s Pavel Durov Charged For Allowing Criminal Activity On App
NordVPN vs Proton VPN (2024): Which VPN Should You Choose?
Telegram CEO Pavel Durov charged in France for facilitating criminal activities
May 2024 Cyber Attacks Statistics
Threat Group ‘Bling Libra’ Pivots to Extortion for Cloud Attacks
Iranian Hackers Secretly Aid Ransomware Attacks on US
The Emerging Dynamics of Deepfake Scam Campaigns on the Web
Google, Apple, and Discord Let Harmful AI ‘Undress’ Websites Use Their Sign-On Systems
Meeting the New Cyber Insurance Requirements
Hundreds of LLM Servers Expose Corporate, Health & Other Online Data
What’s Working With Third-Party Risk Management?
Exploring the VirusTotal Dataset | An Analyst’s Guide to Effective Threat Research
Scam Sites at Scale: LLMs Fueling a GenAI Criminal Revolution
Analysis of two arbitrary code execution vulnerabilities affecting WPS Office
Stealing cash using NFC relay – Week in Security with Tony Anscombe
Don’t Leave Your Digital Security to Chance: Get Norton 360
CISA Adds Google Chromium V8 Bug to its Known Exploited Vulnerabilities Catalog
AWS Load Balancer Plagued by Authentication Bypass Flaw
Iranian Hackers Use New Tickler Malware to Collect Intel From US, UAE
Cybersecurity News: Iran hacking, Labour Party backlog, more Telegram warrants
Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool
Sweat Sensors Raise Health Benefits and Privacy Concerns
Bitwarden introduces enhanced inline autofill feature for credit cards and identities
IT Engineer Charged For Attempting to Extort Former Employer
Check Point to Acquire Cyberint Technologies to Enhance Operations
US Sees Iranian Hackers Working Closely With Ransomware Groups
RISCPoint RADAR provides real-time vulnerability detection across multiple attack surfaces
Unifying Cyber Defenses: How Hybrid Mesh Firewalls Shape Modern Security
Change Management and File Integrity Monitoring – Demystifying the Modifications in Your Environment
Concentric AI unveils AI-based DSPM functionality that monitors user activity risk
Live Patching DLLs with Python, (Thu, Aug 29th)
Wireshark 4.4.0 Released – What’s New!
Critical Vulnerability in Perl Module Installer Let Attackers Intercept Traffic
Iran-linked group APT33 adds new Tickler malware to its arsenal
French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform
America witnesses $1.5 billion in Cyber Crime losses so far in 2024
National Public Data (NPD) Breach: Essential Guide to Protecting Your Identity
The NIS2 Directive: How far does it reach?
Ransomware Attacks Exposed 6.7 Million Records in US Schools
Deepfakes: Seeing is no longer believing
Why ransomware attackers target Active Directory
Durex India spilled customers’ private order data
CrowdStrike Estimates the Tech Meltdown Caused by Its Bungling Left a $60 Million Dent in Its Sales
Third-party risk management is under the spotlight
ISC Stormcast For Thursday, August 29th, 2024 https://isc.sans.edu/podcastdetail/9118, (Thu, Aug 29th)
CrowdStrike’s meltdown didn’t dent its market dominance … yet
BlackByte Ransomware Exploits New VMware Flaw in VPN-Based Attacks
When Get-Out-The-Vote Efforts Look Like Phishing
Are Java Users Making Bad Oracle Java Migration Decisions?
Chrome bug hunters can earn up to $250,000 for serious vulnerabilities now – here’s how
3CX Phone System Local Privilege Escalation Vulnerability
Spotlight on Simbian
Innovator Spotlight: DNSFilter
Microsoft hosts a security summit but no press, public allowed
Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations
Data Masking Challenges in Complex Data Environments and How to Tackle them
Choosing the Right DSPM Vendor: The Map is Not the Territory
Product Release: Selective Sync + Account Recovery
Exploits, Vulnerabilities and Payloads – Who Knew?
IT Security News Daily Summary 2024-08-28
Akamai Named a Leader in The Forrester Wave?: Microsegmentation Solutions, Q3 2024
I Spy With My Little Eye: Uncovering an Iranian Counterintelligence Operation
Types of hackers: Black hat, white hat, red hat and more
Chrome bug hunters can earn up to $250,000 for serious vulnerabilities now – how’s how
Bitdefender vs. McAfee: Comparing Features, Pricing, Pros & Cons
Young Consulting data breach impacts 954,177 individuals
U.S. CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog
Proof-of-concept code released for zero-click critical Windows vuln
GiveWP Plugin Vulnerability Risked 100,000+ Websites To RCE Attacks
WPML WP Plugin Vulnerability Risked 1M+ WordPress Websites
Microsoft Copilot Studio Vulnerability Could Expose Sensitive Data
Infosec experts applaud DOJ lawsuit against Georgia Tech
Simplifying the policy experience for today’s IT teams
Americans Are Uncomfortable with Automated Decision-Making
DataDome Releases Fastly Compute Server-Side Integration
Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day
Google Restarts Gemini AI’s Image Generation Of People
CODAC Behavioral Healthcare, US Marshalls are latest ransomware targets
Copyright Is Not a Tool to Silence Critics of Religious Education
Iran’s Pioneer Kitten hits US networks via buggy Check Point, Palo Alto gear
Google Now Offering Up to $250,000 for Chrome Vulnerabilities
Mike Lynch: Captain Of Bayesian Yacht Declines To Talk
Advanced Techniques in Automated Threat Detection
Google’s Gemini AI gets major upgrade with ‘Gems’ assistants and Imagen 3
Halliburton cyberattack explained: What happened?
Ex-Twitter CISO Lea Kissner appointed as LinkedIn security chief
Porsche – Executive & Security Ratings Snapshot Request
SOC 2 vs. SAS 70: A Comprehensive Comparison
China Cyberwar Coming? Versa’s Vice: Volt Typhoon’s Target
Bitcoin and Nostr: What Lies Beyond Decentralization and Freedom
Why AI-Driven Cybercrime Could Be Your Business’s Biggest Risk
Ransomware on the Rise: Key Steps to Safeguard Your Business from Cyber Threats
Pioneer Kitten: Iranian hackers partnering with ransomware affiliates
Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability
Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver
Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing
Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case
The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks
Hacktivists turning to ransomware spread
Cybersecurity Companies Join Microsoft to Discuss Safe Deployment Practices following CrowdStrike Outage
Innovator Spotlight: Gurucul
Dick’s Sporting Goods discloses cyberattack
LinkedIn Hires Former Twitter Security Chief Lea Kissner as New CISO
Top 10 Lessons Learned from Managing Kubernetes from the Trenches
LummaC2 Infostealer Resurfaces With Obfuscated PowerShell Tactics
HMD Launches ‘Barbie’ Flip Phone To Tackle Smartphone Addiction
Notorious Iranian Hackers Have Been Targeting the Space Industry With a New Backdoor
Cisco Smart Bonding for MSPs: Enhance Customer Experience and Streamline Support Workflows
BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085
WPS Office Zero-Day Exploited by South Korea-Linked Cyberspies
Georgia Tech Faces DOJ Lawsuit Over Alleged Lapses in Cybersecurity for Defense Contracts
Ukrainian Hackers Launch Coordinated Cyber Offensive on Russian Networks
Here’s How to Safeguard Yourself Against Phone Scams
AuthenticID enhances Smart ReAuth to combat AI-based attacks and account takeovers
Veeam Data Platform 12.2 extends data resilience to more platforms and applications
Iran-Backed Peach Sandstorm Hackers Deploy New Tickler Backdoor
New LummaC2 Malware Variant Uses PowerShell, Obfuscation to Steal Data
Now available on Microsoft Azure: Cisco AppDynamics provides more flexibility
BlackByte Blends Known Tactics With New Encryptor Variant and Vulnerability Exploits to Support Ongoing Attacks
Quantum Computing and the Risk to Classical Cryptography
APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor
The Advantages of Runtime Application Self-Protection
32 Million Sensitive Records Exposed From Service Management Provider
TDECU MOVEit Data Breach, 500,000+ members’ Personal Data Exposed
Overcoming Challenges in Defensive Cybersecurity Teams with an Offensive Mindset
Microsoft’s Sway Serves as Launchpad for ‘Quishing’ Campaign
Rezonate’s mid-market solution reduces the cloud identity attack surface
Diligent NIS2 Compliance Toolkit helps organizations bolster their cybersecurity resilience
Research Unveils Eight Android And iOS That Leaks Users Sensitive Data
The Jedi of Code: May CloudGuard Be with You
Deep Analysis of Snake Keylogger’s New Variant
From Copilot to Copirate: How data thieves could hijack Microsoft’s chatbot
Dragos Platform updates streamline OT threat and vulnerability workflows
Regardless of Market Fluctuation, Web3 Infrastructure Is Booming
Pootry EDR Killer Malware Wipes Out Security Tools From Windows Machine
Versa Director Zero-day Vulnerability Let Attackers Upload Malicious Files
Price Drop: This Complete Ethical Hacking Bundle is Now $40
Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
New Phishing Campaign Steals VPN Credentials Using Social Engineering Methods
The End of the Tunnel Vision: Why Companies Are Ditching VPNs for Zero Trust
Malware Delivered via Malicious Pidgin Plugin, Signal Fork
Beating MFA Fatigue and AI-Driven Attacks with DirectDefense
US offers $2.5M reward for Belarusian man involved in mass malware distribution
Check Point Acquires Cybersecurity Startup Cyberint
China’s Volt Typhoon Exploits Zero-Day Flaw in Versa’s SD-WAN Director Servers
Fortinet Debuts Sovereign SASE, Updates Unified SASE With FortiAI
F5 and Intel join forces to push the boundaries of AI deployment
Rising Tides: Runa Sandvik on Creating Work that Makes a Difference
The Risks Lurking in Publicly Exposed GenAI Development Services
Optimizing SBOM sharing for compliance and transparency
A misuse of Spamhaus blocklists: PART 2 – How to limit outbound spam
BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave
IDC Raises Smartphone Shipment Forecast Amid GenAI Optimism
CoinSwitch sues WazirX to recover trapped funds
FBI’s Internet Crime Complaint Center reports $1.6 billion in losses for Americans due to scams and fraud
Airtags Locator Device used to Grab the Stolen Parcel
Matthew Green on Telegram’s Encryption
South Korean APT Group Exploits WPS Office Zero-Day for Espionage
US Offering $2.5 Million Reward for Belarusian Malware Distributor
Apple Axes Jobs In Digital Services Group – Report
What Is Cybersecurity Awareness Training? Why Your Business Needs it
GDPR Data Breach Notification Letter (Free Download)
Park’N Fly Data Breach Compromised Sensitive Data of 1 Million Customers
BlackByte affiliates use new encryptor and new TTPs
Join Us 09-13-24 for “Hacking Leadership Skills” – Super Cyber Friday
Join Us 09-06-24 for “Hacking Tabletop Exercises” – Super Cyber Friday
BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks
Nasdaq Seeks Permission For Bitcoin Index Listing Option
A Guide on 5 Common LinkedIn Scams
The Invisible Shield: Exploring the Silent Guardians of IoT Security
Fortinet introduces sovereign SASE and GenAI capabilities
Money Laundering Dominates UK Fraud Cases
Cybersecurity News: Another MOVEit incident, U.S. Marshals disputes breach, Park’N Fly data swiped
The ultimate dual-use tool for cybersecurity
Patchwork Actors Using Weaponized Encrypted Zip Files to Attack Orgs
Researchers Disclosed 20 Vulnerabilities Exploited To Attack ML Used In Orgs
Broadcom Extends VMware Cybersecurity Portfolio
Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)
APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)
HYCU for Microsoft Entra ID provides organizations with automated, policy-driven backups
South Korean Spies Exploit WPS Office Zero-Day
Three Reasons for Cisco Umbrella for Government
U.S. CISA adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog
Sport 2000 – 3,189,643 breached accounts
Woman uses AirTags to nab alleged parcel-pinching scum
Microsoft Security Update: 90 Critical Vulnerabilities Fixed
What is binary compatibility, and what does it mean for Linux distributions?
Expel partners with Wiz to enhance security for cloud environments
Top 7 Questions to Ask Cybersecurity Service Providers
BlackSuit Ransomware targets software firm and steals data of about 950k individuals
Largest Healthcare Data Breaches of 2023
Rockwell Automation ThinManager Flaw Let Attackers Execute Remote Code
MacOS Version of HZ Rat Backdoor Discovered Targeting DingTalk and WeChat Users
Watchdog Criticizes FBI for Inadequate Digital Storage and Destruction Practices
CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports
Four Internet Service Providers are breached by sophisticated cyber attack. Cyber Security Today for Wednesday, August 28, 2024
Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem
Cyberattacks on UK Law Firms Surge by 77% Amid Rising Ransomware Threat
Cryptomator: Open-source cloud storage encryption
MFP security: How Can Resellers Ensure Customers Have The Proper Protection?
Cybercriminals capitalize on travel industry’s peak season
Cybersecurity jobs available right now: August 28, 2024
Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution
Old methods, new technologies drive fraud losses
ISC Stormcast For Wednesday, August 28th, 2024 https://isc.sans.edu/podcastdetail/9116, (Wed, Aug 28th)
Chinese broadband satellites may be Beijing’s flying spying censors, think tank warns
Not a SOC FAQ! This is SOC FMD!
Scott Kannry on the What’s Up with Tech? Podcast
Vega-Lite with Kibana to Parse and Display IP Activity over Time, (Tue, Aug 27th)