DAILY NEWS: Agosto (06/08 - 12/08) - 32 Semana de 2023
Cyber Security and Information Security News --- Daily Updates !! Week Resume

12/08
CERT-In Issues High-Severity Warning for Google Chrome Vulnerabilities
Cumbria Police admits huge data breach as names and salaries of staff published online
Curve Finance Pledges Refunds Following $62 Million Hack
Curve Finance promete devolver dinheiro aos usuários após hack de US$ 62 milhões
CVE-2023-24329: Python urllib.parse Flaw Allows Attackers to Bypass Blocklisting
Cybersecurity Trends that Every Startup Needs to Know
Government Parivahan Website Data Breach: Source Code And 10,000 Records Exposed
Hackers Leak PII Data and Photos of Brazilian Plastic Surgery Patients
Hacking satellites remotely turned out to be surprisingly easy
Here are 5 critical security tips for your laptop you need to know
Intel Discovers Scary Vulnerability in Some Processors
Lolek Bulletproof Hosting Servers Seized, 5 Key Operators Arrested
MOVEit Hacks: Valuable Lesson for Software Industry | TechCrunch
New law makes govt equally liable for any data breach
New Python URL Parsing Flaw Could Enable Command Execution Attacks
Notorious phishing platform shut down, arrests in international police operation
PSNI data breach FOI passed through at least three departments
PSNI data breach: Officers looking over their shoulders
South Africa’s websites are under attack
The Evolution of Cyber Warfare: Understanding the Global Landscape of Cyber Threats
Threat Actors Increasingly Targeting Mac Users with Tailored Malware
US cyber safety board to probe Microsoft hack of govt emails
Victim of 90 ETH exploit set to claw funds back after hacker was blacklisted
Vítima que perdeu 90 ETH em ataque consegue bloquear o endereço do hacker
Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping
White House holds first-ever summit on the ransomware crisis plaguing the nation’s public schools
11/08
7 Machine Identity Management Best Practices For Strengthening API Security
16 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks
Amazon AWS distances itself from Moq amid data collection controversy
An email security vendor is leaving 2M domains open to phishing hacks, study finds
As Phishing Gets Even Sneakier, Browser Security Needs to Step Up
Attackers fooled by honeypot: researchers reveal five hacker factions
Average cost of UK data breach hits £3.2m
BHUSA: Security Risks to Boom in the Era of Widespread Generative AI Adoption
Billions of Intel CPUs are leaking passwords and killing performance
British Columbia LifeLabs patients could get $50 from data breach settlement
‘Bulletproof’ hosting site that allegedly enabled 400 ransomware attacks seized, founder indicted
CISA: New Whirlpool Backdoor Used in Barracuda ESG Campaign
CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation
CISA is Asking the IT Industry for Input in Securing Open Source Software
Connecticut school district lost more than $6 million in cyber attack, so far gotten about half back
'Cozy Bear' Russian hackers target Irish Embassy in Kyiv
Data breach at University of Utah Health Plans could impact members
Data breach exposes personal information of more than 700,000 Medicaid clients in Indiana
DHS to Review Microsoft’s Security in Chinese Email Hack
Dependency Confusion Attacks: New Research Into Which Businesses are At Risk
Downfall Vulnerability Affects Millions of Intel CPUs With Strong Data Leak Impact
DroxiDat-Cobalt Strike Duo Targets Power Generator Network
Email Hacking Reigns as Top Cybersecurity Threat, Indusface Study
Freeport hit by cyberattack; impact on production limited
Google search exposes academics using ChatGPT in research papers
Healthcare incurs highest data breach costs – for the 13th year in a row
Hillsborough County Confirms MOVEit Data Breach Leaks Information of 70k+
Hosting service used by criminals taken down in Poland
How executives’ personal devices threaten business security
How to handle API sprawl and the security threat it poses
How to Prevent Phishing Attacks with Multi-Factor Authentication
Indigo earnings hit by ransomware fallout, softer demand from price-wary consumers
Industrial PLCs worldwide impacted by CODESYS V3 RCE flaws
Lapsus$ Hacker Group Exposed in Latest CSRB Report
Lapsus$ hackers took SIM-swapping attacks to the next level
LOLEKHosted admin arrested for aiding Netwalker ransomware gang
Meet the Most (In)Famous Hacking Groups Active Today
Microsoft Exchange hack is focus of cyber board’s next review
Microsoft's role in data breach part of US cyber inquiry -Bloomberg News
‘MoustachedBouncer’ espionage hackers targeting embassies in Belarus
Multiple Flaws Found in the Avada WordPress Theme and Plugin
New SystemBC Malware Variant Targets Southern African Power Company
New Zealand intelligence report accuses China of cyber-enabled interference
Northern Ireland’s top police officer apologizes for ‘industrial scale’ data
Phishing 3.0: Crooks Leverage AWS in Deceptive Email Campaigns
Prudential joins the club of MOVEit victims
PSNI data breaches: Officer says he will leave Northern Ireland
Radius Global Solutions Reports Data Breach Due to MOVEit Vulnerability
Researchers Shed Light on APT31's Advanced Backdoors and Data Exfiltration Tactics
Researchers Suggest Ways to Tackle Thermal Attacks
Researchers Uncover Years-Long Cyber Espionage on Foreign Embassies in Belarus
Spear Phishing vs Phishing: How to Tell the Difference in a Cloud Infrastructure
Takedown of Lolek bulletproof hosting service includes arrests, NetWalker indictment
The Five Stages of Grief: Coping With a Data Breach
Threat intelligence’s key role in mitigating malware threats
UK Government Slammed For Encryption Mistruths
US government finally releases report on Lapsus$ gang
White House, CISA call for help with security of open source software
10/08
3 out of 4 Australians harmed by a data breach
37% of third-party applications have high-risk permissions
77% of financial firms saw an increase in cyberattack frequency
AMD and Intel CPU security bugs bring Linux patches
APT31 Linked to Recent Industrial Attacks in Eastern Europe
Atacado por hacker, site do Inpe com dados sobre queimadas fica fora do ar
Ataque hacker interrompe funcionamento de hospitais nos Estados Unidos e FBI abre investigação
BHUSA: DARPA Challenges AI Pros to Safeguard US Infrastructure
BHUSA: ESET Unmasks Cyber-Espionage Group Targeting Embassies in Belarus
BHUSA: Only 22% of Firms Have Mature Threat Intelligence Programs
California city investigating data theft after ransomware group’s claims
Canadian businesses hit hard by data breach costs
Chinese hackers stole US government emails
CISA: New Whirlpool backdoor used in Barracuda ESG hacks
Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives
Dallas Approves $8.6M in Ransomware Response Payments
Derby City Council: Names and addresses accessed in UK electoral roll cyber-attack
Dissident republicans claim to have PSNI data breach information as stolen laptop not recovered
Does the White House’s National Cyber Workforce and Education Strategy Go Far Enough?
Electoral annual canvass not affected by Electoral Commission data breach
Electoral Commission subject to cyber-attack
Email Phishing Tempts 33% of Employees to Click on Suspicious Links: KnowBe4 Report
Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization
Encryption Flaws in Popular Chinese Language App Put Users' Typed Data at Risk
Ernst & Young (EY) breach exposes Bank of America customer credit card numbers
EvilProxy Campaign Fires Out 120,000 Phishing Emails
EvilProxy Phishing Kit Hits 100+ Firms, Bypasses MFA via Reverse Proxy
Ex-employee claims Paycom failed to protect against hacker's data breach of MOVEit software
Feds Seize Bulletproof Hosting Service ”Lolek Hosted”
Fresh Blow to PSNI Security as Second Data Breach Disclosed
Gafgyt malware exploits five-years-old flaw in EoL Zyxel router
German military procurement officer arrested on suspicion of spying for Russia
Gibraltar: GHA data breach - 273 patients affected
Google just made its Chrome browser more secure by cutting 'patch gap' in half
Hacker stole more than $6 million from New Haven Public Schools
How to repel ransomware using recent data
INPE sofre ataque hacker e tira site do ar para auditoria e atualização dos sistemas
Interpol Busts Phishing-as-a-Service Platform '16Shop,' Leading to 3 Arrests
Learning from past healthcare breaches to fortify future cybersecurity strategies
Michigan State University data breach linked to global ransomware attack
Michigan State University says third-party data breach could impact MSU community
Microsoft 365 accounts of execs, managers hijacked through EvilProxy
MoustachedBouncer hackers use AiTM attacks to spy on diplomats
New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks
New Statc Stealer Malware Emerges: Your Sensitive Data at Risk
NIST Expands Cybersecurity Framework with New Pillar
Northern Ireland data breach is 'terrible,' says former assistant chief constable
Police Service of Northern Ireland discloses second data breach in as many days
Polícia prende hacker suspeito de atacar o sistema da PCDF
Potent Trojans Targeting MacOS Users
Private network adoption grows as enterprises seek greater control and security
PSNI chief constable faces questions on data breaches
PSNI officers move in with relatives as data breach could cost police force £100m
Regulator: “Harmful” Web Design Could Break Data Protection Laws
'Sufficient protections not in place' to prevent data breach, regulator admits
We know the risks of policing Northern Ireland, but this data breach exposes us as never before
What to know about FedRAMP Rev. 5 Baselines
White House launches AI Cyber Challenge to make software more secure
Will AI kill cybersecurity jobs?
09/08
Adopted children's names were disclosed on Scotland's People website
Android 14: Google permite que usuário desligue o 2G para evitar invasão hacker
BHUSA: New Zero-Day Vulnerabilities Could Instantly Drain Crypto Wallets
Breach Connected to MOVEit Flaw Affects Missouri Medicaid Recipients
China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign
Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs
Continuous Security Validation with Penetration Testing as a Service (PTaaS)
Cyber fraudster jailed over internet scam that provoked suicide
Data exfiltration is now the go-to cyber extortion strategy
DBS Bank uncovers big data challenges with AI use - and solutions, too
Downfall attacks can gather passwords, encryption keys from Intel processors
EvilProxy phishing campaign targets 120,000 Microsoft 365 users
Good news for fraudsters: we cannot reliably detect speech deepfakes
Google to fight hackers with weekly Chrome security updates
Google unveils stronger cellular security for Android 14
Hackers invadem Tesla e liberam recursos que custam 10 mil reais
Hackers use open source Merlin post-exploitation toolkit in attacks
High-Severity Access Control Vulnerability Found in Spring WebFlux
How safe is my data after a hack or leak?
Interpol takes down phishing-as-a-service platform used by 70,000 people
Malicious Campaigns Exploit Weak Kubernetes Clusters for Crypto Mining
Microsoft Patches 80+ Flaws Including Two Zero-Days
Microsoft Releases Patches for 74 New Vulnerabilities in August Update
Missouri warns that health info was stolen in IBM MOVEit data breach
New Android 14 Security Feature: IT Admins Can Now Disable 2G Networks
New BitForge cryptocurrency wallet flaws lets hackers steal crypto
New Report Exposes Vice Society's Collaboration with Rhysida Ransomware
Northern Ireland Police Officers Vulnerable After Data Leak
Northern Irish police accidentally exposes data of all its staff
Notorious Phishing-as-a-Service Platform Shuttered
Novel ‘Inception’ Attack Exposes Sensitive Data in CPUs
Popular open source project Moq criticized for quietly collecting data
Preventative medicine for securing IoT tech in healthcare organizations
Recent ransomware attacks share curiously similar tactics
Rhysida ransomware behind recent attacks on healthcare
Rhysida Ransomware Analysis Reveals Vice Society Connection
SandboxAQ launches open-source meta-library of cryptographic algorithms
Summer Spending Pressure Fuels Loan Fee Fraud Fears
TD Ameritrade reveals that MOVEit attacks exposed thousands
The ransomware rollercoaster continues as criminals advance their business models
U.K. Electoral Commission Breach Exposes Voter Data of 40 Million Britons
Using creative recruitment strategies to tackle the cybersecurity skills shortage
Zoom is entangled in an AI privacy mess
What to know about Police Service of Northern Ireland (PSNI) ‘major data breach'
Why cybersecurity is a blue-collar job
08/08
5 Tips To Secure Your Crypto From Getting Hacked In 2023
43 Android apps in Google Play with 2.5M installs loaded ads when a phone screen was off
Android 14 to let you block connections to unencrypted cellular networks
Apple Users See Big Mac Attack, Says Accenture
Are capture-the-flag participants obligated to report zero days?
Attackers Targeting Inexperienced Hackers With New Malware Campaign
Attackers use Cloudflare Tunnel to proxy into victim networks
August 2023 Patch Tuesday: Microsoft fixes critical bugs in Teams, MSMQ
Australia’s Banking Industry Mulls Better Cross-Collaboration to Defeat Scam Epidemic
Average Cost of a Data Breach Has Reached an All-Time High: IBM Report
BAE offers advice to those hit by Capita cyber attack
BHUSA: Identity Compromise the Cause of Most Breaches
BHUSA: Ransomware Threat Activity Cluster Uncovered
Brits urged not to take photos of boarding passes at the airport over security risk
BSides Leeds 2023 – Leum Dunn – AI AIEEEEEE! (Redux): Further Adventures In AI
BSides Leeds 2023 – Liam Follin – How To Get Away With Hacking
China hacked Japan’s sensitive defense networks, officials say
Code42’s Incydr identifies source and destination of source code
Collaboration between public and private sectors is crucial for defence against cyber threats
Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnarav – #254 – The Psychological Safety Self-Assessment
Cryptomining and Malware Flourish on Misconfigured Kubernetes Clusters
Cyber attack cost Interserve more than £11m
Cyber attack paralyzes Israeli hospital's computer systems
Cybersecurity Tips to Protect Your Phone from Hackers
Dark web activity targeting the financial sector
Education dept in US state reveals data breach spanning 16 years
Electoral Commission apologises for data breach affecting millions of voters
Electoral Commission apologises for security breach involving UK voters’ data
ExtraHop reveals financial impact of high-profile data breaches
For TSA’s updated Pipeline Security Directive, consistency and collaboration are key
GDPR compliance is not cybersecurity, says analyst
German Firms Scramble to Outwit Cybercriminals
Getting the best possible outcome in ransomware negotiation
Hackers Abusing Cloudflare Tunnels for Covert Communications
Hospitality staffer breach exposed over 100,000 people
How LLMs are making red and blue teams more efficient
How to get started with ongoing configuration assessments
Identity-based security threats are growing rapidly: report
Instagram Scam Alert: Fake/Cloned Accounts Reaching Out To You On DMs? Here’s What You Should Do
Interpol takes down 16shop phishing-as-a-service platform
Israeli Hospital Under Cyber Attack
Japan refuses to confirm if China hacked its defence networks
Kubernetes clusters under attack in hundreds of organizations
LOLBAS in the Wild: 11 Living-Off-The-Land Binaries That Could Be Used for Malicious Purposes
Managing human cyber risks matters now more than ever
Miami law firm subject of data breach
Microsoft August 2023 Patch Tuesday warns of 2 zero-days, 87 flaws
Microsoft Office update breaks actively exploited RCE attack chain
Morgan & Morgan targets Tampa General Hospital in lawsuit over data hack
Most businesses to ban ChatGPT, generative AI apps on work devices
New Acoustic Attack Records Laptop Keystrokes With Nearby Phone
New Downfall attacks on Intel CPUs steal encryption keys, data
New Inception attack leaks sensitive data from all AMD Zen CPUs
New Yashma Ransomware Variant Targets Multiple English-Speaking Countries
North Korea hacked into Russian missile company: Report
North Korean hackers breached Russian missile development firm
North Korean Hackers Compromise Russian Missile Maker
North Korean hackers had access to Russian missile maker for months, say researchers
Over 200 Million Brits Have Data Compromised in Four Years
Phishing-resistant authentication a key to breach prevention
Positive Technologies reveals 10 worst cyberattacks in the Middle East in the last 18 months
Probe launched into cyber-attack on UK’s election registers
Prospect Medical Holdings said cyber attack impacted multiple hospital networks
PSNI apologises to officers and civilian staff after major data breach lasted nearly three hours
PSNI respond to major data breach which identified thousands of officers
Putting cybersecurity on the executive radar
QakBot Malware Operators Expand C2 Network with 15 New Servers
Radiant Security Emerges to Apply AI to Cybersecurity
Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits
Russia ‘tops list of suspects’ in cyber attack which exposed data of 40m UK voters
Say goodbye to SMS 2FA – we won’t see it around much longer
Seasoned cyber pros are more complacent in their skills than junior staff
Sophos Uncovers New Connections Between Hive, Royal, and Black Basta Ransomware
'Successful' cyber attack on elections body put details of more than 40 million voters at risk
Tampa General Hospital Sued Over Data Breach
Tax Professionals Warn toStay Vigilant Against Phishing and Cloud-based Attacks
The dark side of the cloud: How cloud is becoming prey to sophisticated forms of cyber attack
The Rhysida Ransomware: Activity Analysis and Ties to Vice Society
Today’s Toughest Questions Answered: Cybersecurity in Transit
TOP 5 OWASP API Attacks in 2023
Two-Thirds of UK Sites Vulnerable to Bad Bots
UK election watchdog failed to discover system hack for 15 months
UK Electoral Commission Admits Major Data Breach Spanning Over a Year
UK Electoral Commission data breach exposes 8 years of voter data
UK Electoral Commission discloses a data breach
UK Voters’ Data Exposed in Electoral Commission Cyber-Attack
UK voter data hacked in cyber attack on election watchdog
Understanding Active Directory Attack Paths to Improve Security
Understanding the Role of Runtime Application Self-Protection in Cybersecurity
Using Automation to Hunt for the Elusive LOLBAS
Vandals messing up your metaverse? Apple's new patent lets you delete virtual graffiti
Vectra AI unveils XDR platform with real-time attack signal intelligence
Vietnamese-Origin Ransomware Operation Mimics WannaCry Traits
Zero-day, one-day vulnerabilities led to over 200% increase in ransomware attacks: Report
Windows 10 KB5029244 and KB5029247 updates released
Windows 11 KB5029263 cumulative update released with 27 fixes
07/08
8 free cybersecurity documentaries you can watch right now
A new sophisticated SkidMap variant targets unsecured Redis servers
AI Flagged as “Chronic Risk” in UK Government’s Risk Register 2023 Report
AI Model Listens to Typing, Potentially Compromising Sensitive Data
As cars hoover up more and more driver data, is it time to regulate the industry?
Ataque hacker afeta sistemas de hospitais nos EUA; FBI investiga caso
Ataque hacker fecha hospitais nos EUA
Budget constraints threaten cybersecurity in government bodies
CISA Outlines Plan to Get Ahead of Cyberthreat Groups
Clop Gang Offers Data Downloads Via Torrents
Colorado education department admits data breach
Colorado Education Department Suffers Ransomware Breach
Com instabilidade no sistema, Itaú nega que tenha sofrido ataque hacker
Curve Finance oferece recompensa de 1,85 milhão de dólares para identificar hacker
Elite North Korean Hackers Breach Russian Missile Developer
Enhancing Security Operations Using Wazuh: Open Source XDR and SIEM
FBI Alert: Crypto Scammers are Masquerading as NFT Developers
FBI Warns Against Criminals Posing as NFT Developers
FBI warns of crooks posing as NFT developers in fraudulent schema
Five most common cybersecurity vulnerabilities in 2023
Google Play apps with 2.5M installs load ads when screen's off
Hacker rouba R$ 300 milhões facilmente, mas toma decisão inusitada que surpreende até vítimas
Hackers accessed 16 years of Colorado public school student data in June ransomware attack
Hackers da Coreia do Norte invadiram uma das principais empresas de mísseis da Rússia
Hospitals deal with ransomware fallout: 5 Prospect Medical updates
How To: Challenge Deepfake Fraud
Invisible Ad Fraud Targets Korean Android Users
Is Cybersecurity Having an Identity Crisis?
Keystroke sounds can betray passwords
Lazarus hack Russian missile maker as Moscow pleas for shells
LetMeSpy spyware maker shuts down over data breach
Moscow civil servant and politicians’ addresses leaked say pro-Ukrainian attackers
Navigating the gray zone of ransomware payment practices
New 'Deep Learning Attack' Deciphers Laptop Keystrokes with 95% Accuracy
New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs
New SkidMap Redis Malware Variant Targeting Vulnerable Redis Servers
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya
North Korean hackers 'ScarCruft' breached Russian missile maker
North Korean Hackers Targets Russian Missile Engineering Firm
PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143)
Protecting your data center from the ransomware menace
Ransom attack forces multiple US hospitals to suspend services in northeast
Ransomware victim numbers surge as attackers target zero-day vulnerabilities
Russia scrambles to hide sensitive data from investigative journalists
Russian Hacktivists Overwhelm Spanish Sites With DDoS
Unraveling the importance of software supply chain security
US hospital network hit with ransomware attack
US Primary Care Services Shuttered After Cyber-Attack
US suffers 49.8M leaked accounts in Q2
Zoom CISO Michael Adams discusses cybersecurity threats, solutions, and the future
What is the dark web? Everything you need to know before you access it
White House to roll out array of cyber initiatives to bolster K-12 defenses
Will CVSS 4.0 be a vulnerability-scoring breakthrough or is it broken?
06/08
AI tools like ChatGPT increasingly used by cybercriminals for phishing, experts warn
Anger after Hastings Council mistakenly reveal hundreds of personal email addresses
BlueCharlie changes attack infrastructure in response to reports on its activity
Calls to investigate blacklisted spyware firm with offices in Dublin
Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack
Curve Finance recovers all stolen funds from hacker
Cyberattack disrupts California based health-care system’s services
DeFi Lender Alchemix Says Vyper Hacker Returned Stolen Crypto
FBI Investigating Ransomware Attack on RI Hospital Group
FBI warns of phishing scams and social media account hijackers
Fortifying cybersecurity to combat threats
From Passwords to Phone Verification: The Evolution of Authentication Solutions in the Digital Age
Global Ransomware Attack: Cyber Attacks at All-Time High, US Primary Target, Says Report
How AI is Enhancing Database Security for a Safer Digital World
Insider Threat Statistics 2023: Insider Threats Cause 60% of Data Breaches
O2 issues urgent warning over new elaborate 'one time code' scam fraudsters are using
Package undelivered: Kaspersky warns of scams targeting courier service users in the Middle East
Protecting Passwords in the Age of Artificial Intelligence
Public Charging Scam: How To Know If Your Phone Has Been Hacked
Ransomware cyber attack disrupts hospitals and clinics in Pennsylvania, four other states
Salesforce Zero-Day Flaw Exploited In Facebook Phishing Attacks
Securing Our Connected World: Cybersecurity Challenges and Solutions for Global Smart Homes
Social Security Number: What can someone do with your SSN?
Spyware maker LetMeSpy to close shop after hacker trashes server
The Cost of Ransomware in Europe: Evaluating the Impact on Telecom and Internet Industries
The Role of Internet Security Services in Shaping Africa and the Middle East’s Digital Landscape
Using AI to predict and prevent AI-powered job scams
What Is a Pass-the-Cookie Attack? How to Stay Logged In to Websites Safely
Years later, the Ashley Madison hack remains an unsolved internet mystery