DAILY NEWS: Janeiro/Fevereiro (29/01 - 04/02) - 05 Semana de 2023
Dia a Dia da Segurança da Informação !!!
Cyber Security and Information Security News
Daily Updates !! Weekly Review

04/02
8 Pros and Cons of Penetration Testing
Australian Medical Association (AMA) calls for stronger laws to protect patient data
Banner Health paid $1.25 million to resolve federal data breach probe
ChatGPT is used by cybercriminals to write better phishing emails
Cyber-attack results in more than $800K stolen from Houston business, lawsuit filed
Dark Web Developer Wanted: Malicious Actors Join IT Talent Hunt
Data Breach: Over 110,000 More Users Affected in ‘LG Uplus’ Data Breach
DHL Email Scams: How To Spot The Fakes
Digital Rights Ireland to sue for damages for Facebook users over dark web data leak
Dynamic Approaches seen in AveMaria's Distribution Strategy
Four more attacks on the healthcare sector, weekend edition
Infrastructure sectors hit hardest by ransomware
Iran Behind Cyber Attack On Charlie Hebdo: Microsoft
Massive Ransomware Campaign Targeting Unpatched VMware ESXi Servers
Massive Ransomware Campaign Targets VMware ESXi Servers
New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers
North Korean Hacker Group Targeted Medical & Energy Sectors
NY attorney general forces spyware vendor to alert victims
U.S. reverse-hacks cryptocurrencies stolen by N. Korea
Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT
What does it take to control cybercrime in Nepal?
03/02
16 Effective Ways Tech Leaders Can Increase Cybersecurity Standards
151 government websites hacked since 2020; 21 instances of data breaches
110,000 more users affected in LG Uplus' data breach
A four-day working week still requires seven days security
Adversares Using OpenAI’s ChatGPT Chatbot for Cyberattacks? Here are Some Clues
Africa must strengthen cyber defence in mining and energy
ALPHV Ransomware Hits UK Realty Firm McEwan Fraser Legal, 300GB Data On The Line
API Leaks: Understanding The Threats
Atlassian Patches Critical Authentication Flaw in Jira Software
Atlassian warns of critical Jira Service Management auth flaw
Atlassian's Jira Service Management Found Vulnerable to Critical Vulnerability
BlackCat ransomware gang targeted Indian weapons manufacturer, stole classified military secrets
Businesses Bolster Defenses as Data Breach Concerns Grow
Canon USA Settles with Employees Affected by 2020 Ransomware Attack
Charlie Hebdo Hit by Iranian Cyber Attack
CISA adds Oracle, SugarCRM bugs to exploited vulnerabilities list
CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack
Commodity Futures Trading Commission (CFTC) Chief Plots New Cyber Rules in Wake of ION Trading Hack
Credential Stuffing — Protection Techniques for Organisations and End-Users
Customizable new DDoS service already appears to have fans among pro-Russia hacking groups
Cyber Insurer Sees Remote Access, Cloud Databases Under Fire
EV Charging Stations at Risk of DoS Attacks
FBI Dismantles Hive Ransomware Network From the Inside, Thwarting Over $130m in Ransom Demands
Florida hospital takes IT systems offline after cyberattack
For Educational Institutions, Post-Ransomware Harassment Requires A+ Messaging
Former Ubiquiti employee pleads guilty to attempted extortion scheme
Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
GoAnywhere MFT zero-day vulnerability lets hackers breach servers
Google Fi Data Breach – Hackers May Carry Out SIM Swap Attacks
Hackers are using this new trick to deliver their phishing attacks
Hackers who breached ION say ransom paid; company declines comment
Home Title Theft: How To Protect Yourself
How ChatGPT will influence cybersecurity
How our school fought back after a cyberattack
ICO Relaxes Breach Reporting for Comms Providers
Inability to prevent bad things from happening seen as the worst part of a security job
Increased ransomware attacks on health care facilities impede patient care
Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations
Is Insurance the Solution to, or the Enabler of, Ransomware?
IT Leaders Reveal Cyber Fears Around ChatGPT
Julius ‘zeekill’ Kivimäki, former Lizard Squad hacker, arrested in France
LockBit gang confirms Ion cyber attack as disruption continues
Major Florida hospital hit by possible ransomware attack
MalVirt Loaders Exploit .NET Virtualization to Deliver Malvertising Attacks
Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide
Metro Detroit police departments targeted in ransomware attacks
Microsoft accuses Iran’s government of cyber operation against Charlie Hebdo
More than 11,000 employees, students and former staff affected by cyber attack, QUT says
New Credential-Stealing Campaign By APT34 Targets Middle East Firms
New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products
North Ayrshire Council 'likely' to have breached data law with facial recognition tech in schools
OilRig Hackers Exfiltrate Data From Govt. Agencies Using New Backdoors
OpenSea serves as an example of why crypto security must improve
Patch your Jira Service Management Server and Data Center and check for compromise! (CVE-2023-22501)
Pembrokeshire: Top councillor accused of possible data breach
Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware
Quarter of CFOs Have Suffered $1m+ Breaches
Ransomware attack halts London trading
Royal Mail cyber attack is 'destroying' small businesses as overseas post still disrupted
Russia-linked hacking against national labs spurs inquiry from two House chairmen
Short-staffed SOCs struggle to gain visibility into cloud activities
Star Wars: The hackers fight back
Switzerland’s largest university confirms ‘serious cyberattack’
Tallahassee hospital diverting patients, canceling non-emergency surgeries after cyberattack
Tallahassee Memorial HealthCare knocked offline because of suspected ransomware attack
TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users
The dangers of public wifi computer connection
The future of cybersecurity: Hacking the cloud
The importance of data retention policies
TruthFinder, Instant Checkmate confirm data breach affecting 20M customers
University of Zurich hit with ‘serious’ cyberattack
US Man Charged in $110m Crypto Trading Scheme
Zero day affecting Fortra’s GoAnywhere file transfer tool is actively being exploited
We can’t rely on goodwill to protect our critical infrastructure
Web3 Wallet MetaMask Update Adds Third Party Phishing Detection
What Kind of Malware Is the Most Dangerous?
02/02
6 Ransomware Trends & Evolutions For 2023
40% of directors have experienced cyber-attack
50% of organizations have indirect relationships with 200+ breached fourth-party vendors
98% of organizations worldwide connected to breached third-party vendors
Acuity Brands allegedly failed to protect employee info during data breaches
Andersen Corporation leaks customer home photos and addresses
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage
Bad Faith: The Battle of IT Company and Insurer Over Ransomware Coverage Ends in Settlement
Beware The BlackCat: Cyber Criminals Threaten Healthcare Industry
Black and White Cabs booking service offline after cyber attack
British cybersecurity firm NCC Group to cut workforce by 7%
Budget 2023 | India allocates over Rs 600 crore to improve cybersecurity infra
Cisco fixes bug allowing backdoor persistence between reboots
City of London on High Alert After Ransomware Attack
City of London Trading Target of ‘Cybersecurity Event’
CUJO AI says over 67% of home networks face cybersecurity threats each month
Cyber Attack Campaign Targets Gambling and Gaming Companies, Israeli Cybersecurity Firm Warns
Cyberattack Impact “Catastrophic” for Third Parties
Cybersecurity budgets are going up. So why aren't breaches going down?
Cybersecurity company Cyren on verge of shut down after laying off entire workforce
Cybersecurity startup Peris.ai backed by East Ventures
Data breach at Vice Media involved SSNs, financial info
DirectLink Aims to Help Protect Members Online with New Cybersecurity Program
Electric Vehicle (EV) Charging Management System Vulnerabilities Allow Disruption, Energy Theft
Financial software firm Ion Group battles LockBit ransomware attack
Foreign states already using ChatGPT maliciously, UK IT leaders believe
Former Ubiquiti dev pleads guilty to trying to extort his employer
Four public schools in Nantucket closed due to a ransomware attack
Google bans 12 Android apps as millions urged to delete them immediately - see full list
Government cybersecurity boost in the works
Guardian Australia staff details compromised in cyberattack
Hackers demand several million pounds ransom from council in cyber attack
Hacker Exploits BonqDAO in $120 Million AllinaceBlock Heist
Hacker Group Releases 128GB Of Data Showing Russia's 'Wide-Ranging' Illegal Surveillance Of Citizens
Hackers weaponize Microsoft Visual Studio add-ins to push malware
How Practitioners Built Top 10 Shortlists for AI/ Hyperautomation, Cybersecurity, and Data
How To Ensure Vendors Are Keeping Your Data — And Your Firm — Safe
Hybrid cloud storage security challenges
ION Trading UK Indicates Cyber Attack Could Take 2-3 Days to Resolve
IOTW: Malicious actors gain access to GitHub source code
KillNet, Royal, LockBit: The cybercriminal groups on hospital CISOs' minds
Lazarus Group Attack Identified After Operational Security Fail
LockBit takes credit for the ransomware attack on Sacramento PBS station
Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware
New Cyber Threat Report from STM: Ransomware Attacks Increase 62 Percent
New GOOTLOADER Malware Uses Fileless Technique to Deploy Ransomware
New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers
North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign
North Korean hackers stole research data in two-month-long breach
Not All E-Signatures Are Created Equal – Don't Get Caught Out
Okanagan College ‘did not entertain conversations’ about paying ransom
Organizations Preparing for Cyberwar
Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw
Photos: Cybertech Tel Aviv 2023, part 2
Police in Maryland arrest man for phishing theft of $375,000 from Connecticut town
Pro-Russia Killnet group hit Dutch and European hospitals
Q4 2022 DDoS attack trends – Cloudflare report
QNAP warns of new bug prompting worries of potential Deadbolt ransomware exploitation
Ransomware attack on data firm ION could take days to fix -sources
Ransomware attacks on public sector persist in January
Ransomware gang attempts to extort UK school by posting files about at-risk children
Recently Laid Off? Consider a Cybersecurity Career
Record $3.8bn Stolen Via Crypto in 2022
Redcar & Cleveland Council ransomware attack could have cost millions
Researchers Warn of Crypto Scam Apps on Apple App Store
Securing the metaverse: 3 cyber concerns
Super Bock says 'cyber' nasty 'disrupting computer services'
The $10 Trillion Case For Decentralized Cybersecurity
The emergence of trinity attacks on APIs
The next cyber threat may come from within
Think of cyber risk as business risk
UK: Cyber attack on software provider disrupts trading of shares
Unsecure Messaging Platforms Put Enterprises At Risk For Huge Financial Burden
What Does a Spam Email Look Like? 8 Phishing Examples
Why are Company Ransomware Payments Dropping Dramatically?
01/02
70% of CIOs anticipate their involvement in cybersecurity to increase
Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software
Almost all Organizations are Working with Recently Breached Vendors
Anker admits Eufy security cameras were not natively encrypted
API Security Meets Government Regulators
Arnold Clark customer data stolen in attack claimed by Play ransomware
As the anti-money laundering perimeter expands, who needs to be compliant, and how?
Auditing Kubernetes with Open Source SIEM and XDR
BEC Group Uses Open Source Tactics in Hundreds of Attacks
ChatGPT: A New Wave of Cybersecurity Concerns?
Coalition Forecasts CVE Disclosure Spike in 2023
Counter-attacking ransomware hackers
Crypto scam apps infiltrate Apple App Store and Google Play
Everything You Need To Know About The Latest Imperva Online Fraud Prevention Feature Release
Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry
‘Finish Him!’ US Kills Huawei With Final Tech Ban
Firms fear software stack breach as attack surface widens
Flipper Zero: How to install third-party firmware (and why you should)
GitHub Reports Code-Signing Certificate Theft in Security Breach
Google Fi Confirms Data Breach, Hints At Link to T-Mobile Hack
Google Fi data breach let hackers carry out SIM swap attacks
Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts
Hackers brasileiros criam vírus que permite golpe em pagamento com aproximação
Hackers use new IceBreaker malware to breach gaming companies
IT Army of Ukraine gained access to a 1.5GB archive from Gazprom
LockBit ransomware goes 'Green,' uses new Conti-based encryptor
Microsoft warning: These phishing attackers used fake OAuth apps to steal email
Mix of legacy OT and connected technologies creates security gaps
Nearly 30,000 QNAP Devices Exposed Via New Bug
Nevada Ransomware Has Released Upgraded Locker
New DDoS-as-a-Service platform used in recent attacks on hospitals
New HeadCrab malware infects 1,200 Redis servers to mine Monero
New LockBit Green ransomware variant borrows code from Conti ransomware
New Nevada Ransomware targets Windows and VMware ESXi systems
New Prilex PoS Malware evolves to target NFC-enabled credit cards
New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices
Over 1,800 Android phishing forms for sale on cybercrime market
Photos: Cybertech Tel Aviv 2023
Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards
Ransomware Attack Forces Closure of Nantucket Schools
Researchers Claim High-Risk Vulnerabilities Found in 87% of All Container Images
Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility
Singapore, EU digital pact to cover 'all areas' of bilateral cooperation
The dark side of Optimize Mac Storage: What you need to know if you rely on it
The future of vulnerability management and patch compliance
Thriving Dark Web Trade in Fake Security Certifications
TrickGate, a packer used by malware to evade detection since 2016
Video walkthrough: Cybertech Tel Aviv 2023
Vulnerability in Cisco industrial appliances is a potential nightmare (CVE-2023-20076)
Zero-Trust Alone Won’t Save You
31/01
3 ways to stop cybersecurity concerns from hindering utility infrastructure modernization efforts
7 Ways To Improve Data Security In Your Organization
8 companies per day have data uploaded to dedicated leak sites
56% of Internet Users Fall for Phishing Scams, CUJO AI Reports
A guide to investing in cybersecurity stocks
Are we Losing the War Against Ransomware?
As hackers increase ransomware attacks, Michigan schools try to respond
Attackers used malicious “verified” OAuth apps to infiltrate organizations’ O365 email accounts
British government minister told council to keep quiet after ransomware attack
Budget constraints force cybersecurity teams to do more with less
Conheça o novo golpe que frauda cartão de crédito por aproximação
CPX’s robust cyber security solutions will transform your business in 2023
Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596)
Cyber Insurance: Could Rising Premiums be a Step in the Right Direction?
Cyber risk alert raised in Denmark after Russian attacks
Cybersecurity Training to Beat the Enemy Within the Gates
Cybertech Global 2023: Abraham Accords Countries Expand Cooperation to Cybersecurity
Dangers of cyber hacking in 2023
DigiCert releases new unified approach to trust management
DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000
EU Council moves to adjust product lifecycle, reporting in new cybersecurity law
Expel Releases Annual Great eXpeltations Report on Cybersecurity Trends and Predictions
Exploit released for critical VMware vRealize RCE vulnerability
Falha permitia a invasão de contas do Facebook e Instagram
FanDuel says Mailchimp data breach compromised its users' names and email addresses
FBI Takes Down Hive Criminal Ransomware Group
GitHub Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom
GitHub Confirms Signing Certificates Stolen in Cyber-Attack, Revokes Them
Google Fi Customers Caught Up in T-Mobile Data Breach
Guarantee Trust Bank (GTB), Zenith Bank Under Investigation Over Alleged Data Breach
Guardz Launches to Secure and Insure Small Businesses from Rising Cybersecurity Threats
Hackers Made Cyber-Attack at Riot Games, Steal Game Source Codes and Demanded Ransom
Hospital Investigating Significant ‘Ransomware Event’
How the war in Ukraine has strengthened the Kremlin’s ties with cybercriminals
Is President Biden’s National Cybersecurity Strategy a good idea?
JD Sports Server Hacked – Over 10M Customer’s Information Stolen
Killnet Attackers DDoS US and Dutch Hospitals
Latvia blames Russian hacking group for phishing attacks against its MoD
Maximizing Cybersecurity Savings through Tool Consolidation: A Guide for Enterprises
Microsoft Defender can now isolate compromised Linux endpoints