IT Security News Daily Summary 2023-09-24

• EDRaser – Tool For Remotely Deleting Access Logs, Windows Event Logs, Databases, And Other Files

• Canada cyber centre issues caution after group from India issues threat

• FBI and CISA Issue Joint Advisory on Snatch Ransomware Threat

• Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

• Sandman Hackers: Threat Actors use LuaDream Info-stealing Malware

• Report: Insider Cybersecurity Threats have Increased 40% Over the Past Four Years

• Unlocking the Future: Passkeys, the Next Frontier in Online Security

• Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars

• Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition

• Six Tips to Ensure a Strong Patch Management Strategy

• Ransomware Nightmare: FBI and CISA Issue Dire Warning on Menacing New Strain

• Don’t make this USB mistake! Protect your data with this encrypted gadget instead

• Popular Thesaurus Website Used in Sneaky Cryptojacking Scheme

• National Student Clearinghouse data breach impacted approximately 900 US schools

• Week in review: 18 free Microsoft Azure cybersecurity resources, K8 vulnerability allows RCE

• Samsung Mobile Processor Exynos 2200 denial of service | CVE-2023-42482

• Mobile Security Framework information disclosure | CVE-2023-42261

• Contribsys faktory denial of service | CVE-2023-37279

• Ivanti Endpoint Manager file disclosure | CVE-2023-38344

• Ivanti Endpoint Manager information disclosure | CVE-2023-38343

• Cyber Security Management System (CSMS) for the Automotive Industry

• Most Important Network Penetration Testing Checklist

• Unveiling the Power and Beast Practices of Data Encryption – Your Weekly Cybersecurity Tip

• Evasive Gelsemium hackers spotted in attack against Asian govt

• National Student Clearinghouse data breach impacts 890 schools

• Air Canada discloses data breach of employee and ‘certain records’

• New stealthy and modular Deadglyph malware used in govt attacks

• Researchers Discover Attempt to Infect Leading Egyptian Opposition Politician With Predator Spyware

• Kaspersky Reveals Alarming IoT Threats and Dark Web DDoS Boom

• IT Security News Daily Summary 2023-09-23

• HTMLSmuggler – HTML Smuggling Generator And Obfuscator For Your Red Team Operations

• Facebook Now Lets You Create Alt Accounts For Improved Privacy

• India Strengthens Crypto Crime Vigilance with Dark Net Monitor Deployment

• DeFi Concerns Rise as Balancer’s Web Front End Battles Ongoing Attack

• Musk’s Neuralink Seeks People for Human Trials: Brain-Implant Trials may Start Soon

• If you wouldn’t take advice from a parrot, don’t listen to ChatGPT: Putting the tool to the test

• Government of Bermuda blames Russian threat actors for the cyber attack

• TransUnion Refutes Data Breach Reports Amid Hacker’s Claims

• T-Mobile App Glitch Exposes Users to Data Breach

• CISA: CISA Adds One Known Exploited Vulnerability to Catalog

• CISA: ISC Releases Security Advisories for BIND 9

• CISA: FBI and CISA Release Advisory on Snatch Ransomware

• Medusa Locker Ransomware Victim: Franktronics, Inc

• Medusa Locker Ransomware Victim: Philippine Health Insurance

• Three Ways to Protect the Data Powering Summer Vacations

• The Shocking Data on Kia and Hyundai Thefts in the US

• ESET’s cutting-edge threat research at LABScon – Week in security with Tony Anscombe

• Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics

• LockBit 3.0 Ransomware Victim: pelmorex[.]com

• LockBit 3.0 Ransomware Victim: precisionpractice[.]com

• LockBit 3.0 Ransomware Victim: marshallindtech[.]com

• City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

• Unveiling Decentralized Websites: Understanding the Inner Workings of the Decentralized Web

• Hestiacp cross-site scripting | CVE-2023-5084

• Charts Plugin for WordPress cross-site scripting | CVE-2023-5062

• Skyworth directory traversal | CVE-2023-40930

• VMware Tanzu Spring for GraphQL information disclosure | CVE-2023-34047

• Widget Responsive for Youtube Plugin for WordPress cross-site scripting | CVE-2023-5063

• New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware

• Build or Buy your own antivirus product

• 8 Base Ransomware Victim: FabricATE Engineering

• 8 Base Ransomware Victim: The Envelope Works Ltd

• Apple and Chrome Zero-Days Exploited to Hack Egyptian ex-MP with Predator Spyware

• Karakurt Ransomware Victim: Yakima Valley Radiology

• Karakurt Ransomware Victim: Hospice of Huntington

• Government of Bermuda links cyberattack to Russian hackers

• Crypto firm Nansen asks users to reset passwords after vendor breach

• Recently patched Apple, Chrome zero-days exploited in spyware attacks

• Hotel hackers redirect guests to fake Booking.com to steal cards

• T-Mobile denies new data breach rumors, points to authorized retailer

• Zero-Day iOS Exploit Chain Infects Devices with Predator Spyware

• Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers

• Ukrainian Hacker Suspected to be Behind “Free Download Manager” Malware Attack

• T-Mobile spills billing information to other customers

• Emergency update! Apple patches three zero-days

• LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

• MITRE ATT&CK Evaluations 2023: Palo Alto, Microsoft, CrowdStrike & Cybereason Lead the Way

• Barracuda SecureEdge SASE Review 2023

Generated on 2023-09-24 23:55:32.898067