IT Security News Daily Summary 2023-09-15

• Microsoft Flushes Out ‘Ncurses’ Gremlins

• Dariy Pankov, the NLBrute malware author, pleads guilty

• Friday Squid Blogging: Cleaning Squid

• Scattered Spider traps 100+ victims in its web as it moves into ransomware

• Google Account Sync Vulnerability Exploited to Steal $15M

• UX Is Critical for Zero-Trust

• How To Repair Failed Installations of Exchange Cumulative and Security Updates

• Ballistic Bobcat’s Sponsor backdoor – Week in security with Tony Anscombe

• Capslock: What is your code really capable of?

• Cyber Security Today, Week in Review for the week ending Friday, Sept. 15, 2023

• How to Free up RAM on Your Windows or Mac Device: 15+ Ways

• CISO Global Deepens Capabilities With Integrated Threat Intelligence Feed

• Enea Qosmos Threat Detection SDK Launched to Boost the Performance of Network-Based Cybersecurity

• LLM Summary of My Book Beyond Fear

• Casino’s have some of the worst cybersecurity, says TrustedSEC’s David Kennedy

• Securing Tomorrow: Unleashing the Power of Breach and Attack Simulation (BAS) Technology

• IT Trends: Observability Leaders 3x More Likely to Report ‘Extremely Well’

• Okta Flaw Involved in MGM Resorts Breach, Attackers Claim

• Armis Launches Armis Centrix™, the AI-powered Cyber Exposure Management Platform

• Attack surfaces still aren’t being managed fast enough by IT: Report

• Free Download Manager Site Pushed Linux Password Stealer

• 8 Best Linux Distros for Forensics & Pentesting for 2023

• Greater Manchester Police Hack Follows Third-Party Supplier Fumble

• Dangerous permissions detected in top Android health apps

• LockBit Ransomware Falters, Attackers Deploy New ‘3AM’ Malware

• Next-Gen Threat Hunting Techniques With SIEM-SOAR Integration

• Why You Shouldn’t Test on Rooted Devices

• Extradited Russian Hacker Behind ‘NLBrute’ Malware Pleads Guilty

• How DNS Layer Security Stops Ransomware and Other Cyberattacks

• Google throws California $93M to make location tracking lawsuit disappear

• Safeguarding Your Organization: Insights for IT Pros During National Insider Threat Awareness Month

• Securing Your Applications With Spring Security

• MidgeDropper Variant Targets Work-from-Home Employees on Windows PCs

• Microsoft: ‘Peach Sandstorm’ Cyberattacks Target Defense, Pharmaceutical Orgs

• Popular Resort and Casino Giant Experiences Cybersecurity Issue

• Pentagon’s 2023 Cyber Strategy Focuses on Helping Allies

• ICO issues warning over smart devices harvesting personal data

• Ransomware Access Broker Leverages Microsoft Teams Titles for Account Theft

• Apple says better keep data out of cloud

• Rockwell Automation Pavilion8

• Siemens RUGGEDCOM APE1808 Product Family

• Siemens SIMATIC, SIPLUS Products

• Fortinet Releases Security Updates for Multiple Products

• Trend Micro Protects Kingston University During Peak Clearing Period

• Two New York Hospitals Breached by the LockBit Ransomware Group

• In Other News: China Blames NSA for Hack, AI Jailbreaks, Netography Spin-Off

• California Settles With Google Over Location Privacy Practices for $93 Million

• NCSC: Why Cyber Extortion Attacks No Longer Require Ransomware

• Anticipating 2023: Emerging Cybersecurity Threats and Trends to Monitor

• MGM Resorts Breached by ‘Scattered Spider’ Hacking Group

• WhatsApp Boss Denies Chat App Is Exploring Ads

• Google Agrees $93m Location Tracking Settlement With California

• Cyber Stakes: The MGM Ransomware Roulette

• Cloud to Blame for Almost all Security Vulnerabilities

• How to Mitigate Cybersecurity Risks From Misguided Trust

• United Cloud, the Fastest Growing Innovation Centre in SEE Europe, Selects Verimatrix XTD for Mobile App Protection

• What Effect Does Firm Size Have on Ransomware Threats?

• Tech Enthusiasts Discover New Frontiers in the Age of EVs

• VDI vs VPN vs RDP: Choosing a Secure Remote Access Solution

• Caesars Entertainment paid a ransom to avoid stolen data leaks

• Concordium Web3 ID prioritizes user privacy for both individuals and businesses

• 8 XSS Vulnerabilities in Azure HDInsight Allow Attackers to Deliver Malicious Payloads

• China’s Malicious Cyber Activity Informing War Preparations, Pentagon Says

• MGM and Caesars Casinos Suffer Massive Cyberattack

• Europol Warns of a Potent Criminal Economy Fostered by New Technological Tools

• MGM Hackers Broadening Targets, Monetization Strategies

• Deduce Raises $9 Million to Fight AI-Generated Identity Fraud

• Cyber Security Today, Sept. 13, 2023 – Warning: This group specializes in SMS texting scams

• What Is Privacy by Design?

• Google Agrees to $93 Million Settlement in California’s Location-Privacy Lawsuit

• The Interdependence between Automated Threat Intelligence Collection and Humans

• On Technologies for Automatic Facial Recognition

• Windows11 Themes vulnerability Let Attackers Execute Arbitrary Code

• DDoS 2.0: IoT Sparks New DDoS Alert

• NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers

• Google Feature Blamed for Retool Breach That Led to Cryptocurrency Firm Hacks

• Armis forges ahead into Cyber Exposure Management as it readies for IPO

• 5 Examples of DNS IoCs That Are Red Flags for Cyberattacks

• ARM Shares Soar 25 Percent After Nasdaq Listing

• Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads

• Greater Manchester Police ransomware attack another classic demo of supply chain challenges

• Pirated Software Likely Cause of Airbus Breach

• Iranian Threat Group Hits Thousands With Password Spray Campaign

• X launches account verification based on government ID

• Memory Corruption Flaw in ncurses API Library Exposes Linux and macOS Systems

• Caesars Entertainment Reveals Major Ransomware Breach

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows?

• Silicon UK Pulse: Your Tech News Update: Episode 18

• 3AM Ransomware Attack – Stop Services & Delete Shadow Copies Before Encrypting

• Free Download Manager backdoored to serve Linux malware for more than 3 years

• Modernizing fraud prevention with machine learning

• Cyber Attack news headlines trending on Google

• How Zero-Day Attacks Are Escalating the Cyber Threat Landscape

• Enterprises persist with outdated authentication strategies

• New infosec products of the week: September 15, 2023

• Trellix DLP Vulnerability Allows Attackers To Delete Unprivileged Files

• Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors

• Cybersecurity risks dampen corporate enthusiasm for tech investments

• Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets

• The cat and mouse game: Staying ahead of evolving cybersecurity threats

• Securing OTA with Harman International’s Michal Geva

• Generative AI lures DevOps and SecOps into risky territory

• Uncursing the ncurses: Memory corruption vulnerabilities found in library

• Researcher Finds GitHub Admin Credentials of Car Company Thanks to Misconfiguration

• ‘Don’t blame us for MGM Resorts disruption. We only installed ransomware,’ says gang

• US-Canada water org confirms ‘cybersecurity incident’ after ransomware crew threatens leak

• Watch out, this LastPass email with “Important information about your account” is a phish

• Malwarebytes wins every Q2 MRG Effitas award & scores 100% on new phishing test

• How the 9/11 Attacks Inspired Rajant to Solve Critical Comms Problems

• Why Identity Management Is the Key to Stopping APT Cyberattacks

• Zero-Click iPhone Exploit Drops Pegasus Spyware on Exiled Russian Journalist

• Microsoft Teams Hacks Are Back, As Storm-0324 Embraces TeamsPhisher

• Lockbit ransomware gang hit the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New York

• 7 Steps to Implement Secure Design Patterns – A Robust Foundation for Software Security

• IT Security News Daily Summary 2023-09-14

• MGM, Caesars File SEC Disclosures on Cybersecurity Incidents

• Cybercriminals Use Webex Brand to Target Corporate Users

• Hackers Claiming to Jailbreak AI Chatbots to Write Phishing Emails

• More malicious attachments found by researchers

• Caesars says cyber-crooks stole customer data as MGM casino outage drags on

• DDoS attack hampers PEI websites

• Developer platform Retool breached in vishing attack

• UK Greater Manchester Police disclosed a data breach

• Microsoft Fixed 59 Bugs With September 2023 Patch Tuesday

• 3 Strategic Insights from Cybersecurity Leader Study

• Contractor Data Breach Impacts 8k Greater Manchester Police Officers

• The Promise of Personal Data for Better Living

• New DarkGate Malware Campaign Hits Companies Via Microsoft Teams

• Zero-Day Security Vulnerability Found in Chrome, Firefox and Other Browsers

• Caesars Confirms Ransomware Hack, Stolen Loyalty Program Database

• A Second Major British Police Force Suffers a Cyberattack in Less Than a Month

• Google Cloud Next focuses on generative AI for security

• Facebook-Owned Threads Censors Searches Related To COVID

• Stealer Thugs Behind RedLine & Vidar Pivot to Ransomware

• Cuba Ransomware Gang Continues to Evolve With Dangerous Backdoor

• Diligent One allows users to analyze and report disparate data from any information source

• Caesars paid millions in ransom to cybercrime group prior to MGM hack

• How to defend your organization against deepfake content

• Bitwarden adds passwordless SSO to make enterprise customer lives easier

• Manchester Police Officer Data Compromised In Supplier Attack

• A One-Two Punch for Security ROI

• How to Transform Security Awareness Into Security Culture

• Canadian weather websites still struggling after supplier attack

• Mind the trust gap: Data concerns prompt customer caution over generative AI

• CertiK launches SkyInsights to simplify crypto compliance and risk management

• Attackers hit software firm Retool to get to crypto companies and assets

• CloudBees unveils a new DevSecOps platform

• Getting ready for a post-quantum world

• Alphabet Cutting Hundreds Of Jobs In Recruitment Unit

• Siemans WIBU Systems CodeMeter

• Siemans QMS Automotive

• CISA Releases Seven Industrial Control Systems Advisories

• Siemens SIMATIC IPCs

• Siemens Parasolid

• Overcoming the Escalating Challenge Posed by Session Hijacking

• Two Ransomware Attack Stories currently trending on Google

• Tech Leaders Gather For Closed Senate Summit On AI

• BLASTPASS: Government agencies told to secure iPhones against spyware attacks

• Companies Affected by Ransomware [Updated 2023]

• Using Generative AI to Revolutionize Your Small Business

• Guarding Against DMARC Evasion: The Google Looker Studio Vulnerability

• Resort Giant Hacked: MGM Resorts Experiences a “Cybersecurity Issue”

• Rollbar might be good at tracking bugs, uninvited guests not so much

• ICS Computers in Western Countries See Increasing Attacks: Report

• Manchester Police Officers’ Data Breached in Third-Party Attack

• Mideast Retailers Dogged by Scam Facebook Pages Offering ‘Investment’ Opportunities

• Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems

• BianLian Ransomware Gang Siphons 6.8TB of Data from Save The Children

• How to spot a fake online review

• How to Backup Data from NAS: A Complete Guide

• Selecting Sales Intelligence Software in 2023: A Comprehensive Guide

• Eleven of the Best Open Source Hypervisor Technologies

• Spectro Cloud Palette EdgeAI builds and manages Kubernetes-based AI software stacks

• AtData collaborates with Persona to strengthen fraud prevention

• Claroty’s VRM enhancements empower security teams to quantify CPS risk posture

• California Assembly Passes Right To Repair Bill

• How to use Norton’s free AI-powered scam detector

• Kubernetes Vulnerability Leads to Remote Code Execution

• How to Tell if Active Directory is Compromised

• Cybersecurity and Compliance in the Age of AI

• Free Download Manager Site Compromised to Distribute Linux Malware to Users for 3+ Years

• Caesars Entertainment says customer data stolen in cyberattack

• Read it right! How to spot scams on Reddit

• Thales & Prime Factors’ 30 Year Collaboration Continues to Deliver Simplicity, Flexibility, and Security for Payment Applications

• Hackers claim MGM cyberattack as outage drags into fourth day

• Azure HDInsight Flaws Allow Data Access, Session Hijacking, Payload Delivery

• North Korean Hackers Steal $53 Million In Cryptocurrency From CoinEx

• Conversational AI Company Uniphore Leverages Red Box Acquisition for New Data Collection Tool

• LockBit Affiliate Deploys New 3AM Ransomware in Recent Attack

• Azure HDInsight Flaws Allowed Data Access, Session Hijacking, Payload Delivery

• Professional Sports: The Next Frontier of Cybersecurity?

• Patronus AI conjures up an LLM evaluation tool for regulated industries

• Deduce raises $9 million to tackle AI-generated identity fraud

• Viavi Solutions and Google Cloud unlock new opportunities for network optimization

• ‘Scattered Spider’ Behind MGM Cyberattack, Targets Casinos

• Microsoft Releases September 2023 Updates

• CISA Releases Three Industrial Control Systems Advisories

• CISA Adds Two Known Vulnerabilities to Catalog

• Mozilla Releases Security Updates for Multiple Products

• CISA Adds Three Known Vulnerabilities to Catalog

• CISA Announces Open Source Software Security Roadmap

• Readout from CISA’s 2023 Third Quarter Cybersecurity Advisory Committee Meeting

• Avoid These 5 IT Offboarding Pitfalls

• The iPhone of a Russian journalist was infected with the Pegasus spyware

• Banking Cybersecurity: The Risks Faced by Financial Institutions

• A Weekend Getaway in Ohio: Where to Go and What to See

• Ransomware Gang Takes Credit for Disruptive MGM Resorts Cyberattack

• North Korean Hackers Steal $53 Million in Cryptocurrency From CoinEx

• Elon Musk in Hot Water With FTC Over Twitter Privacy Issues

• Fake Signal and Telegram Apps in the Google Play Store

• SecurityScorecard and Measured Analytics and Insurance strengthen proactive cybersecurity strategies

• Attackers use fallback ransomware if LockBit gets blocked

• Lacework expands partnership with Snowflake to drive secure cloud growth

• Ivanti collaborates with Catchpoint to detect and troubleshoot remote connectivity issues

• N-Able’s Take Control Agent Vulnerability Exposes Windows Systems to Privilege Escalation

• Data — The Lifeblood of Security and Detection Engineering

• Meet AI-Powered Prisma SASE at SASE Converge 2023

• China Denies Issuing Ban On Apple iPhones

• Next-Gen Email Firewalls: Beyond Spam Filters to Secure Inboxes Checklist

• Palo Alto Networks: 80% of security exposures exist in cloud

• Stealing More Than Towels: The New InfoStealer Campaign Hitting Hotels and Travel Agencies

• MalindoAir – 4,328,232 breached accounts

• ARM Holdings IPO Values Firm At £43.6 Billion

• Microsoft Teams as a Tool for Storm-0324 Threat Group to Hack Corporate Networks

• Check Point Infinity Global Services Saved Financial Services Organization up to 80% on Insurance Costs

• Ensuring Data Security and Confidentiality in IT Staffing Augmentation

• Cisco IOS Verification Flaw Let Attackers Execute Arbitrary Code

• Lazarus Group Blamed For $53m Heist at CoinEx

• Access Management Policy

• Wake-Up Call as 3AM Ransomware Variant Is Discovered

• Russian Journalist’s iPhone Compromised by NSO Group’s Zero-Click Spyware

• Access control in cloud-native applications in multi-location environments (NIST SP 800-207)

• How to Use DNS IoCs to Prevent Ransomware Attacks

• Guarding Against Fileless Malware: Types and Prevention

• P2P File Sharing Policy

• Cloud Vulnerabilities Surge 200% in a Year

• Kubernetes flaws could lead to remote code execution on Windows endpoints

• Librem 11 tablet sets new standard for privacy and security with Linux-based PureOS

• Update your browsers ASAP

• SolarWinds Platform Vulnerability Let Attackers Execute Arbitrary Commands

• Do you know what your supply chain is and if it is secure?

• Great security training is a real challenge

• Threat actor leaks sensitive data belonging to Airbus

• MGM Hotel Resorts Cyber attack by Scattered Spider or BlackCat Ransomware

• Mobile Verification Toolkit: Forensic analysis of Android and iOS devices to identify compromise

• The critical role of authorization in safeguarding financial institutions

• Keeping cybersecurity regulations top of mind for generative AI use

• Download: Ultimate guide to Certified in Cybersecurity

• Rising OT/ICS cybersecurity incidents reveal alarming trend

• Tech Industry Leaders Endorse Regulating Artificial Intelligence at Rare Summit in Washington

• Bridging the Widening Gap in Cybersecurity Talent: Addressing the Urgent Need for Skilled Professionals

• FBI Hacker Dropped Stolen Airbus Data on 9/11

• PSA: Ongoing Webex malvertising campaign drops BatLoader

• Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days

• 3 reasons why your endpoint security is not enough

• iPhone 15 launch: Wonderlust scammers rear their heads

Generated on 2023-09-15 23:55:16.565989