IT Security News Daily Summary 2024-09-25

OpenAI’s brain drain continues: CTO Mira Murati jumps ship
Simplifying SOAR Maintenance with D3’s Dynamic Data Normalization
Dell Hit by Third Data Leak in a Week Amid “grep” Cyberattacks
New variant of Necro Trojan infected more than 11 million devices
Nominations Now Open for the 2025 Cybersecurity Excellence Awards
A catastrophic browser flaw is patched almost immediately – here’s how
Tech Terror in Lebanon: The Fallout of Unrestrained Aggression
Star Health Data Breach: Sensitive Customer Information Exposed on Telegram Chatbots
CISA Releases Anonymous Threat Response Guidance and Toolkit for K-12 Schools
Elon Musk Seeks Lawsuit Dismal From Former CNN Anchor
Digital Asset Trading Platform UEEx Strengthens Digital Asset Security with New Protection Policy
‘Titanic Mindset’: Just 54% of UK IT Pros Confident in Data Recovery
Calls to Scrap Jordan’s Cybercrime Law Echo Calls to Reject Cybercrime Treaty
China claims Taiwan, not civilians, behind web vandalism
RansomHub genius tries to put the squeeze on Delaware Libraries
Webinar Today: Shield Your Data, Secure Your Future: A Multi-Layered Approach to Operational Resilience
Managing identity source transition for AWS IAM Identity Center
DNS Reflection Update and Odd Corrupted DNS Requests, (Wed, Sep 25th)
US DoJ Sues Visa For ‘Monopolising’ Debit Cards
Patient Rights and Consumer Groups Join EFF In Opposing Two Extreme Patent Bills
Decoding Generative AI’s Privacy Paradox
Anonymizing Your Data in Db2 for Better Testing and Development
Common Mark Certificates (CMC) for Google BIMI Adoption
Cybercrime Current Events: AWS Takeover Campaign, Ransomware Attack on Columbus, and City of Columbus Sues Ransomware Researcher Whistleblower
Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #307 – Types of Innovation
Why Hackers Are Collecting Encrypted Data for Future Attacks
Google’s Shift to Rust Programming Cuts Android Memory Vulnerabilities by 52%
OpenSSL Corporation’s Silver Sponsorship at ICMC 2024 – A Retrospective
90,000 WordPress Sites Affected by Arbitrary File Upload and Authentication Bypass Vulnerabilities in Jupiter X Core WordPress Plugin
Talos discovers denial-of-service vulnerability in Microsoft Audio Bus; Potential remote code execution in popular open-source PLC
Kaspersky causes new data security concerns while leaving the United States
CMA States “Concerns Remain” After Google’s Cookie U-Turn
secator – The Security Pentester Swiss Knife
Timeshare Owner? The Mexican Drug Cartels Want You
Citrix Releases Security Updates for XenServer and Citrix Hypervisor
Rev up to Recert: Power up Your Programming Skills
Safe and trustworthy AI is a shared responsibility
Cyberattack Forces Kansas Water Plant to Operate Manually
Cyber Founder Recipe for Success: Clear Vision and Trusted Experts
Telegram To Provide Law Enforcement With Suspect Data, If Requested
DragonForce Ransomware Expands RaaS, Targets Firms Worldwide
The Future of Application Security: Empowering Developers in the AI Era
Risk & Repeat: What’s next for Telegram and Pavel Durov?
Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means
Empowered Together: A Story of Hope and Partnership
A Leader in the 2024 Gartner Magic Quadrant for EPP
Tamnoon Raises $12 Million for Cloud Security Remediation Service
City Water Facility in Kansas Hit by Cyberattack
Microsoft Issues New Warnings For Windows Users
82% of Phishing Sites Now Target Mobile Devices
LummaC2: Obfuscation Through Indirect Control Flow
Top LMS Training Tips for Effective Learning
Don’t share the viral Instagram Meta AI “legal” post
How SMBs Can Implement Cyber-HDR for Increased Protection and Reduced Risk Harden-Detect-Respond
CEO Durov Says Telegram Will Provide More Data to Governments
Marko Polo Infostealer Campaigns Target Thousands Across Platforms
Malwarebytes Personal Data Remover protects user privacy
PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)
Cybersecurity Researchers Warn of New Rust-Based Splinter Post-Exploitation Tool
Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent
2024 H1 IRAP report is now available on AWS Artifact for Australian customers
Malwarebytes Personal Data Remover: A new way to help scrub personal data online
Romance scams costlier than ever: 10 percent of victims lose $10,000 or more
AI: The New Frontier in Safeguarding Critical Infrastructure
The 5 Best VPN Extensions for Chrome in 2024
Harnessing Technology for Conservation: An Interview with the Executive Director of Connected Conservation Foundation
Kaspersky Self-Deletes and Force-Installs UltraAV on Users’ Endpoints
Researcher Says Healthcare Facility’s Doors Hackable for Over a Year
Baffle Extends Reach to Ecrypt AWS S3 Data as Ingested
Onapsis expands security for SAP Business Technology Platform
US House Bill Addresses Growing Threat of Chinese Cyber Actors
CISO Series Podcast LIVE in La Jolla (10-30-24)
Multiple 0-Day Flaws in Automated Tank Gauge Systems Threaten Critical Infrastructure
Forrester Named Cisco a Leader in the 2024 Microsegmentation Wave
FTX’s Caroline Ellison Sentenced To Two Years In Prison
New Windows Malware Locks Computer in Kiosk Mode
Red Teaming in the age of EDR: Evasion of Endpoint Detection Through Malware Virtualisation
Second Pwn2Own Automotive Contest Offers Over $1 Million in Prizes
IntelBroker Leak Claims Involve Deloitte Communications
Tamnoon raises $12 million to reduce critical cloud exposures
How to check suspicious links fast?
TikTok Removes Russian State Media Accounts
From 12 to 21: how we discovered connections between the Twelve and BlackJack groups
Mobile Phishing Attacks Explode, Enterprise Devices Targeted
Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)
Portnox enhances passwordless risk-based access for enterprise applications
Nudge Security introduces automated SaaS spend discovery capabilities
ChatGPT macOS Flaw Could’ve Enabled Long-Term Spyware via Memory Function
Agentic AI in SOCs: A Solution to SOAR’s Unfulfilled Promises
Thousands of US Congress Emails Exposed to Takeover
CrowdStrike Apologizes for IT Outage, Defends Microsoft Kernel Access
Cybersecurity News: Kansas water targeted, CrowdStrike apology, MoneyGram goes dark
Understanding Network Attacks: Types, Trends, and Mitigation Strategies
Navigating the Privacy Paradox: How Organizations Can Secure Customer Data While Ensuring Convenience
Iran Was Behind Thousands of Text Messages Calling for Revenge Over Quran Burnings, Sweden Says
ManageEngine Analytics Plus 6.0 identifies key inefficiencies in IT operations
NETSCOUT’s nGeniusONE notification center streamlines and automates alerts
Critical Ivanti Authentication Bypass Bug Exploited in Wild
U.S. CISA adds Ivanti Virtual Traffic Manager flaw to its Known Exploited Vulnerabilities catalog
Bitwarden inline autofill empowers users to fill passkeys directly from their vault
OneTrust helps organizations operationalize DORA compliance
Arkansas City water treatment facility switched to manual operations following a cyberattack
Commvault acquires Clumio to accelerate cyber resilience capabilities for AWS
Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware
SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites
US Capitol data breach and MoneyGram Cyber Attack details
The Importance of Healthcare Data to Ransomware Hackers
MoneyGram Confirms Cyberattack Following Outage
Kansas County Ransomware Attack Exposed Nearly 30,000 Residents’ Sensitive Data
New Android banking trojan Octo2 targets European banks
CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns
Evilginx – an open source program to bypass MFA: Cyber Security Today for Wednesday, September 25, 2024
Underfunding and Leadership Gaps Weaken Cybersecurity Defenses
Securing non-human identities: Why fragmented strategies fail
NetAlertX: Open-source Wi-Fi intruder detector
Necro Trojan Strikes Google Play Again, Infecting Popular Apps
Generative AI Fuels New Wave of Cyberattacks, HP Warns
Symmetry Systems Shines as Finalist in Cloud Security Alliance Startup Pitchapalooza
Cybersecurity jobs available right now: September 25, 2024
Organizations are making email more secure, and it’s paying off
41% concerned about job security due to skill gaps
ISC Stormcast For Wednesday, September 25th, 2024 https://isc.sans.edu/podcastdetail/9152, (Wed, Sep 25th)
CrowdStrike apologizes to Congress for ‘perfect storm’ that caused global IT outage
China claims Taiwan, not civilian hackers, behind website vandalism
PDiddySploit Malware Hidden in Files Claiming to Reveal Deleted Diddy Posts
Hacker group Handala Hack Team claim battery explosions linked to Israeli battery company.
Microsoft Trustworthy AI: Unlocking human potential starts with trust
IT Security News Daily Summary 2024-09-24
Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz
A generative artificial intelligence malware used in phishing attacks
AI Adoption Set to Unravel Years of Cyber Resilience
EFF to Federal Trial Court: Section 230’s Little-Known Third Immunity for User-Empowerment Tools Covers Unfollow Everything 2.0
Congressional Staffers’ Data Leaked on Dark Web: Report
AI can now solve reCAPTCHA tests as accurately as you can
What Is EDR in Cyber Security: Overview & Capabilities
NormCyber Introduces Digital Risk Protection For Enhanced Cyber Resilience
Who’s watching you the closest online? Google, duh
CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes
CrowdStrike Gets Grilled By U.S. Lawmakers Over Faulty Software Update
Arkansas City water treatment facility hit by cyberattack
Russia’s digital warfare on Ukraine shows no signs of slowing: Malware hits surge
Randall Munroe’s XKCD ‘Maslow’s Pyramid’
SBOM-a-Rama Fall 2024: Sonatype’s top 5 takeaways
CRQ Loss Exceedance Curves for Risk Management | Kovrr
USENIX NSDI ’24 – A Large-Scale Deployment of DCTCP
PREVIEW: CISO Series Podcast LIVE in Los Angeles, CA 10-9-24
20,000 WordPress Sites Affected by Privilege Escalation Vulnerability in WCFM – WooCommerce Frontend Manager WordPress Plugin
Automatic Tank Gauges Used in Critical Infrastructure Plagued by Critical Vulnerabilities
We analyzed 2,670 posts and comments from social media platforms. Here’s what we learned about job scams
Spotlight on DeepKeep.ai
10 nasty software bugs put thousands of fuel storage tanks at risk of cyberattacks
AI-Generated Malware Found in the Wild
GUEST ESSAY: Massive NPD breach tells us its high time to replace SSNs as an authenticator
Microsoft Pushes Governance, Sheds Unused Apps in Security Push
Necro Android Malware Found in Popular Camera and Browser Apps on Play Store
How AWS WAF threat intelligence features help protect the player experience for betting and gaming customers
NetApp Secure Data Storage offers resilience against ransomware attacks
How AIOps enhances operational resilience in the face of IT complexity
Leveraging LLMs for Malware Analysis: Insights and Future Directions
Harnessing the Power of Cloud App Development and DevOps for Modern Businesses
A new wave of personalized sextortion scams—Using Google Street View images to startle targets
US Kaspersky customers startled by forced switch to ‘rando’ AV software
Formula 1 looks to AI to fuel efficiencies and improve sustainability scorecard
Warnings After New Valencia Ransomware Group Strikes Businesses and Leaks Data
2024 Exposed: The Alarming State of Australian Data Breaches
Microsoft Initiative the ‘Largest Cybersecurity Engineering Effort in History’
Layered Protection for RADIUS With Cisco
Microsoft Names Deputy CISOs, Governance Council to Manage Security Push
FTC Report Exposes Mass Data Surveillance by Some of the Social Media Giants in the World
Cybersecurity Incident Affects Arkansas City Water Treatment Facility
Threat Actors Shift to JavaScript-Based Phishing Attacks
The best VPN services for torrenting in 2024: Expert tested and reviewed
10 nasty bugs put thousands of fuel storage tanks at risk of attacks
PC Matic vs Norton Antivirus: Feature Comparisons
OMNTEC Proteus Tank Monitoring
Franklin Fueling Systems TS-550 EVO
A cyberattack on MoneyGram caused its service outage
Building Cyber Resilience
Osano reduces complexity for data privacy professionals
Transportation, logistics companies targeted with lures impersonating fleet management software
New Octo2 Malware Variant Threatens Mobile Banking Security
Exploitation of RAISECOM Gateway Devices Vulnerability CVE-2024-7120, (Tue, Sep 24th)
Exploring the Sidecar Pattern in Cloud-Native Architecture
Alisonic Sibylla
OPW Fuel Management Systems SiteSentinel
MoneyGram blames ‘cybersecurity issue’ for ongoing days-long outage
You Don’t Need an Agent to Secure Your Browser
Forrester Names Palo Alto Networks a Leader in Attack Surface Management
Cyberattack Causes MoneyGram Service Outage
Anatomy of an Attack | ADR vs WAF and EDR Technology | Contrast Security
Specops Unearths Millions of Compromised VPN Passwords
Arlo Secure 5 boosts smart home security
Cloudflare helps secure popular messaging applications
KELA Identity Guard detects and intercepts compromised assets
U.S. Proposes Ban on Connected Vehicles Using Chinese and Russian Tech
Six tips to improve the security of your AWS Transfer Family server
Telegram to Share User IPs and Phone Numbers on Legal Request
SANS Institute: Top 5 dangerous cyberattack techniques in 2024
With 23andMe in crisis, strengthening DNA security has never been more urgent
Torq, which automates cybersecurity workflows, raises $70M in new capital
Gamuda Transforms IT Operations with Cato Networks
Privileged Access Management Features: What You Need in Your PAM Solutions
NETGEAR announces three WIFI 7 routers to secure connectivity for homes of any size
US-based Kaspersky users startled by unexpected UltraAV installation
NetApp enhances security directly within enterprise storage
Absolute AI Threat Insights monitors, detects, and prioritizes suspicious activity
HPE unveils AI insights and third-party network device monitoring capabilities
14 Million Patients Impacted by US Healthcare Data Breaches in 2024
Russia-Backed Media Outlets Are Under Fire in the US—but Still Trusted Worldwide
Did Israel infiltrate Lebanese telecoms networks?
How to spot a North Korean agent before they get comfy inside payroll
Kansas Water Facility Switches to Manual Operations Following Cyberattack
Modernize your chaos engineering with commercial software transparency
NICE Actimize Fraud Investigation combats fraud and financial crime
The SSPM Justification Kit
Discover Latest Ransomware Tactics and Zero Trust Strategies in This Expert Webinar
EU Digital Identity Wallet: A leap towards secure and trusted electronic identification through certification
Israel’s Pager Attacks and Supply Chain Vulnerabilities
Users Quick to Remove UltraAV After Silent Transition From Kaspersky Antivirus
HTTP Headers Phishing Campaigns Used For Credential Theft
TuxCare Expands Presence in South America through New Strategic Partnership
Ubuntu 22.04.5 LTS Released with Linux Kernel 6.8
Malvertising and Cybercrime in Online Advertising
FBI Shuts Down Chinese Linked Botnet Campaign in a Joint Operation
Port of Seattle Faces $5.9 Million Ransom Demand in Rhysida Cyberattack
New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities
US Mulls Ban on Russian, Chinese Parts in Connected Vehicles
#GartnerSEC: Zero Failure Tolerance, A Cybersecurity Myth Holding Back Organizations
Google Launches Passkeys Sync With Google Password Manager
Coinbase Challenges SEC Over Crypto Rules
OpenAI Backers ‘Betting It Will Be Worth Trillions’
How to Create an Effective Cybersecurity Awareness Program
Web tracking report: who monitored users’ online activities in 2023–2024 the most
Telegram will share IP addresses, phone numbers of criminal suspects with cops
Cybersecurity News: Proposed ban on autonomous vehicles, updated Telegram policy, Necro infects Android devices
… And the Business Listened to the CISO and Everyone Lived Happily Ever After
US Proposes Ban On Chinese, Russian Components In Cars
Xiaomi Asks For Recall Of India Antitrust Report
The Relation Between Breaches and Stock Price Drops
A data leak and a data breach
Deloitte Says No Threat to Sensitive Data After Hacker Claims Server Breach
How to Choose the Right VMDR Tool?
Guardsquare strenghtens mobile application security for developers
Europol: GenAI Offers “Treasure Trove of Possibilities”
Telegram Boss Agrees to Closer Police Cooperation
LinkedIn Suspends Use Of UK Data For AI
Jony Ive Confirms Working With OpenAI’s Altman On Device
Researcher Details Cisco Smart Licensing that Lets Attacker Control Device
ArmorCode unveils two modules to help reduce software-based risks
Telegram Agrees to Share User Data With Authorities for Criminal Investigations
Meta AI Chatbot To Offer Voices Of Judi Dench, Other Celebrities
MC2 Data leak Exposes 100 million+ US Citizens Data
Telegram will provide user data to law enforcement in response to legal requests
Addressing Data Security Concerns in Cloud Migrations
UN Report on Governing AI for Humanity – Key Recommendations and Insights
ColorTokens Acquires PureID to Advance Zero-Trust IT
Clothes less photos of patients land on dark web after ransomware attack
Red Canary’s Midyear Threat Report Highlights Infostealer Surge Targeting macOS Devices
Discover how online fraud can impact your business
Future-proofing cybersecurity: Why talent development is key
65% of websites are unprotected against simple bot attacks
How cyber compliance helps minimize the risk of ransomware infections
MFA bypass becomes a critical security issue as ransomware tactics advance
ISC Stormcast For Tuesday, September 24th, 2024 https://isc.sans.edu/podcastdetail/9150, (Tue, Sep 24th)
Some US Kaspersky customers find their security software replaced by ‘UltraAV’
OpenAI tackles global language divide with massive multilingual AI dataset release