IT Security News Daily Summary 2024-09-20

Tor Project responded to claims that law enforcement can de-anonymize Tor users
USENIX NSDI ’24 – Revisiting Congestion Control for Lossless Ethernet
How Asset Discovery Tools Work
Seattle Port Suffers Data Breach, Rhysida Ransomware Suspected
Ukraine Bans Telegram Messenger App on State-Issued Devices Because of Russian Security Threat
Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #306 – My Door Is Always Open
Police Broke Tor Anonymity to Arrest Dark Web Users in Major CSAM Bust
Navigating the Regulatory Maze: Simplifying Data Compliance
How to prepare for post-quantum computing security
Internet surveillance firm Sandvine says it’s leaving 56 ‘non-democratic’ countries
From Burnout to Balance: How AI Supports Cybersecurity Professionals
US indicts two over socially engineered $230M+ crypto heist
Behavioral Baselining and its Critical Role in Cybersecurity
“Simply staggering” surveillance conducted by social media and streaming services, FTC finds
The best VPN routers of 2024
Automate detection and response to website defacement with Amazon CloudWatch Synthetics
Top data breach news headlines trending on Google
Is Telegram safer than WhatsApp when it comes to Data Security
Samsung Warns Striking Workers In India Of No Pay, Possible Termination
HackerOne: Nearly Half of Security Professionals Believe AI Is Risky
Clever Social Engineering Attack Using Captchas
Ivanti patches exploited admin command execution flaw
Google Expands Chrome Security and Privacy Capabilities
How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections
New cybersecurity advisory highlights defense-in-depth strategies
Innovations in Falcon Cloud Security at Fal.Con 2024
CrowdStrike Announces Falcon Identity Protection Innovations for Entra ID and Privileged Access
CrowdStrike Unveils AI Innovations to Expedite Security Operations and Upgrade the Analyst Experience
CrowdStrike Next-Gen SIEM Innovations Slash Response Time and Simplify SIEM Migrations
CrowdStrike Drives Cybersecurity Forward with New Innovations Spanning AI, Cloud, Next-Gen SIEM and Identity Protection
Simplify NIS2 compliance with Sonatype
Preparing Healthcare for Ransomware Attacks: A 12-Step Approach by Dr. Eric Liederman
Upgrading to MacOS Sequoia? Here’s why you may want to hold off
UNC1860 provides Iran-linked APTs with access to Middle Eastern networks
Hackers Deliver Popular Crypto-Miner Through Malicious Email Auto Replies, Researchers Say
Google Now Syncing Passkeys Across Desktop, Android Devices
Say Goodbye to Login Struggles with Apple’s New ‘Passwords App’
Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials
Ukraine Bans Telegram On State-Issued Devices
Construction Firms Targeted in Brute Force Assaults on Accounting Software
US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities
Brazil’s Judge Accuses X of ‘Willful’ Circumvention
Where’s your BitLocker recovery key? How to save a copy before the next Windows meltdown
-=TWELVE=- is back
In Other News: Disney Ditches Slack, Binance Malware Warning, Defense Conference Targeted
Red Hat OpenShift Users Urged to Patch Critical Build Flaws
CISA Releases Six Advisories for Industrial Control Systems
Synergizing Cybersecurity: The Benefits of Technology Alliances
Kubernetes Container Isolation Startup Edera Raises $5 Million
Passwordless AND Keyless: The Future of (Privileged) Access Management
Check The Out 7 Major Applications Of GPU Dedicated Server
Acronis Backup Plugins Hit by CVE-2024-8767: CVSS 9.9 Severity Alert
Silicon UK AI For Your Business Podcast: Turing’s Legacy
Hackers Allegedly Claim Breach of Dell Employee Database
US DoJ charged two men with stealing and laundering $230 Million worth of cryptocurrency
CVE-2023-48788 Exploited: Researcher Details Cyberattacks on Fortinet FortiClient EMS
Experts Warn of China-Linked APT’s Raptor Train IoT Botnet
Tor Responds to Reports of German Police Deanonymizing Users
Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East
Silicon UK In Focus Podcast: The State of E-commerce
Best of CrowdStrike Fal.Con 2024: Tackling Adversity with a Wave of Cybersecurity Innovation
Cybercriminals Exploit CAPTCHA to Deliver Malware: Experts Issue Warning
Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable
Cybersecurity News: INC targets healthcare, Providence schools cyberattack, Apple iPads bricked
Cybercrooks strut away with haute couture Harvey Nichols data
New Phishing Campaign Exploiting Google App Scripts: What Organizations Need to Know
The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector
Ivanti Warns of Second CSA Vulnerability Exploited in Attacks
Companies Often Pay Ransomware Attackers Multiple Times
AI Could Help Resolve IT/OT Integration Security Challenges
More Than Two Million Stolen VPN Passwords Discovered
Resecurity joins Cloud Security Alliance to help organizations secure cloud technologies
Protecting Yourself from Malicious Web Apps: What You Need to Know
Hertz Car Rental Platform Leaks 60,000 Insurance Claim Reports
GitLab Urges Organization to Patch for Authentication Bypass Vulnerability
Where’s your BitLocker recovery key? How and why to save a copy before the next Windows meltdown
U.S. CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog
The Supply Chain Conspiracy: Cyber Attacks Behind the Lebanon Explosions
Opnova emerges from stealth with $3.75 million in funding
Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature
Going for Gold: HSBC Approves Quantum-Safe Technology for Tokenized Bullions
Influencing the influencers | Unlocked 403 cybersecurity podcast (ep. 6)
FTC Sounds the Alarm on Social Media Spying on Children and Teenagers
7 Steps to Perform a Cyber Attack Simulation
U.S. Justice Department Disrupts China-Backed Botnet Targeting Thousands of Devices
Exploding pagers and the new face of asset-centric warfare
Striking the balance between cybersecurity and operational efficiency
How to detect and stop bot activity
Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks
New infosec products of the week: September 20, 2024
Rising identity security risks: Why organizations must act now
Supply chain targets 3,000 users. Cyber Security Today for Friday, September 20, 2024
Nextcloud Hub 9 released: New features, more security, updated performance
ISC Stormcast For Friday, September 20th, 2024 https://isc.sans.edu/podcastdetail/9146, (Fri, Sep 20th)
CISA boss: Makers of insecure software are the real cyber villains
Valencia Ransomware explodes on the scene, claims California city, fashion giant, more as victims
The Hidden AI Risk Lurking In Your Business
Security review for Microsoft Edge version 129
Valencia Ransomware crew explodes on the scene, claims California city, fashion giant, more as victims
Chipmaker Qualcomm lays off hundreds of workers in San Diego
Prison Banned Books Week: Being in Jail Shouldn’t Mean Having Nothing to Read
No way? Big Tech’s ‘lucrative surveillance’ of everyone is terrible for privacy, freedom
IT Security News Daily Summary 2024-09-19
The time I almost got scammed from my college email
Ivanti warns of a new actively exploited Cloud Services Appliance (CSA) flaw
HuntStand – 2,795,947 breached accounts
Iran’s cyber-goons emailed stolen Trump info to Team Biden – which ignored them
Product Updates: Escape’s Advanced Jira Integration – Send Remediation Details to Your Developers
Compliance webinar series: Understanding the Cyber Resilience Act
Sonatype can help you navigate DORA compliance
Tackle Cyber Resilience Act requirements with our CRA checklist
Join us at Microsoft Ignite 2024 and learn to build a security-first culture with AI
Fake GitHub Site Targeting Developers, (Thu, Sep 19th)
How to block YouTube on your children’s school devices
Tor anonymity compromised by law enforcement. Is it still safe to use?
Test page title
This Windows PowerShell Phish Has Scary Potential
Square Peg, Meet Round Hole: Previously Classified TikTok Briefing Shows Error of Ban
Century-Long Innovation: A Legacy of Outpacing Cyber Threats
CISO Series Podcast LIVE in Los Angeles (10-09-24)
FTC report exposes massive data collection by social media brands – how to protect yourself
International law enforcement operation dismantled criminal communication platform Ghost
Wherever There’s Ransomware, There’s Service Account Compromise. Are You Protected?
Building Cybersecurity Leadership Skills
Talk of election security is good, but we still need more money to solve the problem
YouTube Confirms Ads When Screen Is Paused
Hacker Claims “Minor” Data Breach at DELL; Leaks Over 10,000 Employee Details
Microsoft’s GRIN-MoE AI model takes on coding and math, beating competitors in key benchmarks
Apple’s new macOS Sequoia update is breaking some cybersecurity tools
Strong End-to-End Encryption Comes to Discord Calls
BMJ Warns: Deepfake Doctors Fueling Health Scams on Social Media
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 9, 2024 to September 15, 2024)
Beware of Google Street View Images Extortion Email Scams
AI Excites But Stresses CIOs, IDC Expereo Finds
EU Begins Proceedings To Force Apple To Open Up iOS, iPadOS
Fake CAPTCHA Verification Pages Spreading Lumma Stealer Malware
SambaSpy Using Weaponized PDF Files to Attack Windows Users
Threat Actors Forcing victims Into Entering Login Credentials For Stealing
Hackers Using Supershell Malware To Attack Linux SSH Servers
Researchers Detailed Raptor Train Botnet That 60,000+ Compromised Devices
Cybersecurity and Identity Verification Services: Safeguarding Personal Information in a Digital Age
Google Chrome just made it even easier to use passkeys across all your devices
The NSA advises you to turn off your phone once a week – here’s why
Digital Maturity Key to AI Success in Australian Cyber Security
Google rolls out automatic passkey syncing via Password Manager
Apple’s new macOS Sequoia update breaks cybersecurity tools, experts say
Re-Imagining Zero Trust With an In-Office Experience, Everywhere
U.S. CISA adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog
FBI Shuts Down Chinese Botnet
Thoughtworks and ACDS Partner to Advance Cybersecurity Solutions
Beyond A Buzzword: What Resilience in Cyber Really Means
Check Point Software is Recognised as a Leader in Email Security, Showcasing its Innovative AI-based Threat Intelligence Capabilities
Canada’s Leaders Must Reject Overbroad Age Verification Bill
Getting Out in Front of Post-Quantum Threats with Crypto Agility
1 in 10 orgs dumping their security vendors after CrowdStrike outage
Watch on Demand: 2024 Attack Surface Management Summit – All Sessions Available
What is the KEV Catalog?
The EU AI Act and the Need for Data-Centric Security
USENIX NSDI ’24 – Sifter: An Inversion-Free and Large-Capacity Programmable Packet Scheduler
North Korean Hackers Target Energy and Aerospace Industries in Novel Espionage Campaign
US Steps up Pressure on Intellexa Spyware Maker with New Sanctions
Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms
Infostealers Cause Surge in Ransomware Attacks, Just One in Three Recover Data
AWS renews its GNS Portugal certification for classified information with 66 services
Hacker group Handala Hack Team claim battery explosions linked to Israeli battery company.
UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks
Access To X In Brazil Temporarily Restored After Change
Webdav Malicious File Hosting Powering Stealthy Malware Attacks
PoC Exploit Released for CVE-2024-7965 Zero-Day Chrome Vulnerability
Threat Actor Allegedly Claims Breach of Federal Bank Customer Data
Tor Claims Network is Safe Following Enforcement Infiltration to Expose Criminals
Reporting on Threathunt 2030: Navigating the future of the cybersecurity threat landscape
Your Phone Won’t Be the Next Exploding Pager
First Israel’s Exploding Pagers Maimed and Killed. Now Comes the Paranoia
CISA Releases Six Industrial Control Systems Advisories
IDEC CORPORATION WindLDR and WindO/I-NV4
Kastle Systems Access Control System
IDEC PLCs
MegaSys Computer Technologies Telenium Online Web Application
Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations
UK Leads Global Cybersecurity Dialogue
Columbus Faces Scrutiny for Handling of Ransomware Attack and Lawsuit Against IT Consultant
Zenity unveils agent-less security solution for Microsoft 365 Copilot
Windows users targeted with fake human verification pages delivering malware
New TeamTNT Cryptojacking Campaign Targets CentOS Servers with Rootkit
New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails
Western Agencies Warn Risk from Chinese-Controlled Botnet
US Sanctions Intellexa Spyware Network Over Threat to National Security
CISA chief AI officer follow-up: Current state of the role (and where it’s heading)
DNS security best practices to implement now
Picus Security, founded by 3 Turkish mathematicians, raises $45M after simulating 1B cyber attacks
Europe’s Digital Decade Requires Audacious Connectivity Policies
CISA Warns of Actively Exploited Adobe Flash Player Vulnerabilities
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC Region
Microsoft Confirms CVE-2024-37985 as Zero-Day Bug in Windows
Security Validation Firm Picus Security Raises $45 Million
International Raids Shut Down Ghost Encrypted Messaging App
Aembit Unveils 2024 Survey Report Highlighting Major Gaps in Securing Non-Human Identities
Permiso Launches Universal Identity Graph to Advance Zero-Trust IT
Picus Security raises $45 million to help organizations reduce cyber risk
Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)
Juniper extends AI-Native Networking Platform to maximize the full potential of Wi-Fi 7
Picus Security, founded by Turkish 3 mathematicians, raises $45M after simulating 1B cyberattacks
UK activists targeted with Pegasus spyware ask police to charge NSO Group
Healthcare’s Diagnosis is Critical: The Cure is Cybersecurity Hygiene
The Evolution of Cyber Warfare: The Rise of Kinetic Attacks
Transport for London Cyberattack: Employee Passwords Reset; Teen Suspect Arrested
Chinese Hackers Failed To Defeat FBI Botnet Takedown
Astra Vulnerability Scanner Review (2024): How Good Is Astra?
Keeper Security Appoints James Edwards as Senior Director of Engineering
10 Best Huntress Alternatives & Competitors in 2024 (Features, Pricing & Reviews)
Rethinking TPRM: Managing Third-Party SaaS Risks | Grip
RansomHub Ransomware Targets 210 Victims Since February 2024
Best 10 Regulatory Change Management Software of 2024
Two QEMU Vulnerabilities Fixed in Ubuntu 24.04 LTS
Forescout for OT Security secures OT, IoT, and IT hybrid environments
FBI forced Flax Typhoon to abandon its botnet
8000 Claimants Sue Outsourcing Giant Capita Over 2023 Data Breach
Tor anonymity infiltrated: Law enforcement monitors servers successfully
Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool
Intel To Spin Off Foundry Unit As Independent Subsidiary
Solar Cybersecurity And The Nuances Of Renewable Energy Integration
SIEM for Small and Medium-Sized Enterprises: What you need to know
Ransomware Gangs Now Abuse Microsoft Azure Tool for Data Theft
Update: PoC Exploit Released for Unauthenticated RCE in Veeam Backup & Replication
GitLab Releases Critical Security Patch for CVE-2024-45409 (CVSS 10) Vulnerability
Update: PKfail Secure Boot Bypass Remains a Significant Risk Two Months Later
US Disrupts ‘Raptor Train’ Botnet of Chinese APT Flax Typhoon
Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector
FCC $200m Cyber Grant Pilot Opens Applications for Schools and Libraries
Cybersecurity News: Derailing Raptor Train, Volunteer Civil Cyber Defense, US AI safety summit
Are Phishing Tests Helping or Hurting Our Security Program?
SYXSENSE ENTERPRISE
Meeting the New Cyber Insurance Requirements
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC
Authorities Seized Ghost Communication Platform Used by Cyber Criminals
Antivirus firm Dr.Web disconnected all servers following a cyberattack
Emerging Technologies in Cloud Security for Enhanced Protection Against Cyber Threats
Cyber Warfare: A Growing Concern for the British Public
Tenable Enclave Security enables discovery, assessment and analysis of IT assets
Strivacity AI Assist optimizes digital identity management
Cryptojacking Gang TeamTNT Makes a Comeback
WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution
Cyber Attack on Dr.Web Forces Servers Disconnection
Understanding cyber-incident disclosure
Tor insists its network is safe after German cops convict CSAM dark-web admin
Edera raises $5 million to improve Kubernetes security
Insecure APIs and Bot Attacks Cost Global Firms $186bn
The Top 7 Enterprise VPN Solutions for 2024
More Hezbollah Devices Explode in Lebanon, Heightening Fears of Regional Conflict
How digital wallets work, and best practices to use them safely
Differential privacy in AI: A solution creating more problems for developers?
GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions
NIST’s Dioptra Platform is a Critical Step Forward in Making AI Safer
Hezbollah Pager Attack: A Wake-up Call to Tech Manufacturers to Secure their Supply Chains?
Data disposal and cyber hygiene: Building a culture of security within your organization
Essential metrics for effective security program assessment
Security leaders consider banning AI coding due to security risks
ISC Stormcast For Thursday, September 19th, 2024 https://isc.sans.edu/podcastdetail/9144, (Thu, Sep 19th)
Time-to-Live Analysis of DShield Data with Vega-Lite, (Wed, Sep 18th)
Craig Newmark pledges $100M to fight hacking by foreign governments
FBI Dismantles Chinese-Linked Botnet of 260,000 IoT Devices