DAILY NEWS: Janeiro/Fevereiro (29/01 - 04/02) - 05 Semana de 2023
Dia a Dia da Segurança da Informação !!!
Cyber Security and Information Security News
Daily Updates !! Weekly Review

04/02
8 Pros and Cons of Penetration Testing
Australian Medical Association (AMA) calls for stronger laws to protect patient data
Banner Health paid $1.25 million to resolve federal data breach probe
ChatGPT is used by cybercriminals to write better phishing emails
Cyber-attack results in more than $800K stolen from Houston business, lawsuit filed
Dark Web Developer Wanted: Malicious Actors Join IT Talent Hunt
Data Breach: Over 110,000 More Users Affected in ‘LG Uplus’ Data Breach
DHL Email Scams: How To Spot The Fakes
Digital Rights Ireland to sue for damages for Facebook users over dark web data leak
Dynamic Approaches seen in AveMaria's Distribution Strategy
Four more attacks on the healthcare sector, weekend edition
Infrastructure sectors hit hardest by ransomware
Iran Behind Cyber Attack On Charlie Hebdo: Microsoft
Massive Ransomware Campaign Targeting Unpatched VMware ESXi Servers
Massive Ransomware Campaign Targets VMware ESXi Servers
New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers
North Korean Hacker Group Targeted Medical & Energy Sectors
NY attorney general forces spyware vendor to alert victims
U.S. reverse-hacks cryptocurrencies stolen by N. Korea
Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT
What does it take to control cybercrime in Nepal?
03/02
16 Effective Ways Tech Leaders Can Increase Cybersecurity Standards
151 government websites hacked since 2020; 21 instances of data breaches
110,000 more users affected in LG Uplus' data breach
A four-day working week still requires seven days security
Adversares Using OpenAI’s ChatGPT Chatbot for Cyberattacks? Here are Some Clues
Africa must strengthen cyber defence in mining and energy
ALPHV Ransomware Hits UK Realty Firm McEwan Fraser Legal, 300GB Data On The Line
API Leaks: Understanding The Threats
Atlassian Patches Critical Authentication Flaw in Jira Software
Atlassian warns of critical Jira Service Management auth flaw
Atlassian's Jira Service Management Found Vulnerable to Critical Vulnerability
BlackCat ransomware gang targeted Indian weapons manufacturer, stole classified military secrets
Businesses Bolster Defenses as Data Breach Concerns Grow
Canon USA Settles with Employees Affected by 2020 Ransomware Attack
Charlie Hebdo Hit by Iranian Cyber Attack
CISA adds Oracle, SugarCRM bugs to exploited vulnerabilities list
CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack
Commodity Futures Trading Commission (CFTC) Chief Plots New Cyber Rules in Wake of ION Trading Hack
Credential Stuffing — Protection Techniques for Organisations and End-Users
Customizable new DDoS service already appears to have fans among pro-Russia hacking groups
Cyber Insurer Sees Remote Access, Cloud Databases Under Fire
EV Charging Stations at Risk of DoS Attacks
FBI Dismantles Hive Ransomware Network From the Inside, Thwarting Over $130m in Ransom Demands
Florida hospital takes IT systems offline after cyberattack
For Educational Institutions, Post-Ransomware Harassment Requires A+ Messaging
Former Ubiquiti employee pleads guilty to attempted extortion scheme
Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
GoAnywhere MFT zero-day vulnerability lets hackers breach servers
Google Fi Data Breach – Hackers May Carry Out SIM Swap Attacks
Hackers are using this new trick to deliver their phishing attacks
Hackers who breached ION say ransom paid; company declines comment
Home Title Theft: How To Protect Yourself
How ChatGPT will influence cybersecurity
How our school fought back after a cyberattack
ICO Relaxes Breach Reporting for Comms Providers
Inability to prevent bad things from happening seen as the worst part of a security job
Increased ransomware attacks on health care facilities impede patient care
Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations
Is Insurance the Solution to, or the Enabler of, Ransomware?
IT Leaders Reveal Cyber Fears Around ChatGPT
Julius ‘zeekill’ Kivimäki, former Lizard Squad hacker, arrested in France
LockBit gang confirms Ion cyber attack as disruption continues
Major Florida hospital hit by possible ransomware attack
MalVirt Loaders Exploit .NET Virtualization to Deliver Malvertising Attacks
Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide
Metro Detroit police departments targeted in ransomware attacks
Microsoft accuses Iran’s government of cyber operation against Charlie Hebdo
More than 11,000 employees, students and former staff affected by cyber attack, QUT says
New Credential-Stealing Campaign By APT34 Targets Middle East Firms
New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products
North Ayrshire Council 'likely' to have breached data law with facial recognition tech in schools
OilRig Hackers Exfiltrate Data From Govt. Agencies Using New Backdoors
OpenSea serves as an example of why crypto security must improve
Patch your Jira Service Management Server and Data Center and check for compromise! (CVE-2023-22501)
Pembrokeshire: Top councillor accused of possible data breach
Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware
Quarter of CFOs Have Suffered $1m+ Breaches
Ransomware attack halts London trading
Royal Mail cyber attack is 'destroying' small businesses as overseas post still disrupted
Russia-linked hacking against national labs spurs inquiry from two House chairmen
Short-staffed SOCs struggle to gain visibility into cloud activities
Star Wars: The hackers fight back
Switzerland’s largest university confirms ‘serious cyberattack’
Tallahassee hospital diverting patients, canceling non-emergency surgeries after cyberattack
Tallahassee Memorial HealthCare knocked offline because of suspected ransomware attack
TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users
The dangers of public wifi computer connection
The future of cybersecurity: Hacking the cloud
The importance of data retention policies
TruthFinder, Instant Checkmate confirm data breach affecting 20M customers
University of Zurich hit with ‘serious’ cyberattack
US Man Charged in $110m Crypto Trading Scheme
Zero day affecting Fortra’s GoAnywhere file transfer tool is actively being exploited
We can’t rely on goodwill to protect our critical infrastructure
Web3 Wallet MetaMask Update Adds Third Party Phishing Detection
What Kind of Malware Is the Most Dangerous?
02/02
6 Ransomware Trends & Evolutions For 2023
40% of directors have experienced cyber-attack
50% of organizations have indirect relationships with 200+ breached fourth-party vendors
98% of organizations worldwide connected to breached third-party vendors
Acuity Brands allegedly failed to protect employee info during data breaches
Andersen Corporation leaks customer home photos and addresses
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage
Bad Faith: The Battle of IT Company and Insurer Over Ransomware Coverage Ends in Settlement
Beware The BlackCat: Cyber Criminals Threaten Healthcare Industry
Black and White Cabs booking service offline after cyber attack
British cybersecurity firm NCC Group to cut workforce by 7%
Budget 2023 | India allocates over Rs 600 crore to improve cybersecurity infra
Cisco fixes bug allowing backdoor persistence between reboots
City of London on High Alert After Ransomware Attack
City of London Trading Target of ‘Cybersecurity Event’
CUJO AI says over 67% of home networks face cybersecurity threats each month
Cyber Attack Campaign Targets Gambling and Gaming Companies, Israeli Cybersecurity Firm Warns
Cyberattack Impact “Catastrophic” for Third Parties
Cybersecurity budgets are going up. So why aren't breaches going down?
Cybersecurity company Cyren on verge of shut down after laying off entire workforce
Cybersecurity startup Peris.ai backed by East Ventures
Data breach at Vice Media involved SSNs, financial info
DirectLink Aims to Help Protect Members Online with New Cybersecurity Program
Electric Vehicle (EV) Charging Management System Vulnerabilities Allow Disruption, Energy Theft
Financial software firm Ion Group battles LockBit ransomware attack
Foreign states already using ChatGPT maliciously, UK IT leaders believe
Former Ubiquiti dev pleads guilty to trying to extort his employer
Four public schools in Nantucket closed due to a ransomware attack
Google bans 12 Android apps as millions urged to delete them immediately - see full list
Government cybersecurity boost in the works
Guardian Australia staff details compromised in cyberattack
Hackers demand several million pounds ransom from council in cyber attack
Hacker Exploits BonqDAO in $120 Million AllinaceBlock Heist
Hacker Group Releases 128GB Of Data Showing Russia's 'Wide-Ranging' Illegal Surveillance Of Citizens
Hackers weaponize Microsoft Visual Studio add-ins to push malware
How Practitioners Built Top 10 Shortlists for AI/ Hyperautomation, Cybersecurity, and Data
How To Ensure Vendors Are Keeping Your Data — And Your Firm — Safe
Hybrid cloud storage security challenges
ION Trading UK Indicates Cyber Attack Could Take 2-3 Days to Resolve
IOTW: Malicious actors gain access to GitHub source code
KillNet, Royal, LockBit: The cybercriminal groups on hospital CISOs' minds
Lazarus Group Attack Identified After Operational Security Fail
LockBit takes credit for the ransomware attack on Sacramento PBS station
Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware
New Cyber Threat Report from STM: Ransomware Attacks Increase 62 Percent
New GOOTLOADER Malware Uses Fileless Technique to Deploy Ransomware
New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers
North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign
North Korean hackers stole research data in two-month-long breach
Not All E-Signatures Are Created Equal – Don't Get Caught Out
Okanagan College ‘did not entertain conversations’ about paying ransom
Organizations Preparing for Cyberwar
Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw
Photos: Cybertech Tel Aviv 2023, part 2
Police in Maryland arrest man for phishing theft of $375,000 from Connecticut town
Pro-Russia Killnet group hit Dutch and European hospitals
Q4 2022 DDoS attack trends – Cloudflare report
QNAP warns of new bug prompting worries of potential Deadbolt ransomware exploitation
Ransomware attack on data firm ION could take days to fix -sources
Ransomware attacks on public sector persist in January
Ransomware gang attempts to extort UK school by posting files about at-risk children
Recently Laid Off? Consider a Cybersecurity Career
Record $3.8bn Stolen Via Crypto in 2022
Redcar & Cleveland Council ransomware attack could have cost millions
Researchers Warn of Crypto Scam Apps on Apple App Store
Securing the metaverse: 3 cyber concerns
Super Bock says 'cyber' nasty 'disrupting computer services'
The $10 Trillion Case For Decentralized Cybersecurity
The emergence of trinity attacks on APIs
The next cyber threat may come from within
Think of cyber risk as business risk
UK: Cyber attack on software provider disrupts trading of shares
Unsecure Messaging Platforms Put Enterprises At Risk For Huge Financial Burden
What Does a Spam Email Look Like? 8 Phishing Examples
Why are Company Ransomware Payments Dropping Dramatically?
01/02
70% of CIOs anticipate their involvement in cybersecurity to increase
Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software
Almost all Organizations are Working with Recently Breached Vendors
Anker admits Eufy security cameras were not natively encrypted
API Security Meets Government Regulators
Arnold Clark customer data stolen in attack claimed by Play ransomware
As the anti-money laundering perimeter expands, who needs to be compliant, and how?
Auditing Kubernetes with Open Source SIEM and XDR
BEC Group Uses Open Source Tactics in Hundreds of Attacks
ChatGPT: A New Wave of Cybersecurity Concerns?
Coalition Forecasts CVE Disclosure Spike in 2023
Counter-attacking ransomware hackers
Crypto scam apps infiltrate Apple App Store and Google Play
Everything You Need To Know About The Latest Imperva Online Fraud Prevention Feature Release
Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry
‘Finish Him!’ US Kills Huawei With Final Tech Ban
Firms fear software stack breach as attack surface widens
Flipper Zero: How to install third-party firmware (and why you should)
GitHub Reports Code-Signing Certificate Theft in Security Breach
Google Fi Confirms Data Breach, Hints At Link to T-Mobile Hack
Google Fi data breach let hackers carry out SIM swap attacks
Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts
Hackers brasileiros criam vírus que permite golpe em pagamento com aproximação
Hackers use new IceBreaker malware to breach gaming companies
IT Army of Ukraine gained access to a 1.5GB archive from Gazprom
LockBit ransomware goes 'Green,' uses new Conti-based encryptor
Microsoft warning: These phishing attackers used fake OAuth apps to steal email
Mix of legacy OT and connected technologies creates security gaps
Nearly 30,000 QNAP Devices Exposed Via New Bug
Nevada Ransomware Has Released Upgraded Locker
New DDoS-as-a-Service platform used in recent attacks on hospitals
New HeadCrab malware infects 1,200 Redis servers to mine Monero
New LockBit Green ransomware variant borrows code from Conti ransomware
New Nevada Ransomware targets Windows and VMware ESXi systems
New Prilex PoS Malware evolves to target NFC-enabled credit cards
New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices
Over 1,800 Android phishing forms for sale on cybercrime market
Photos: Cybertech Tel Aviv 2023
Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards
Ransomware Attack Forces Closure of Nantucket Schools
Researchers Claim High-Risk Vulnerabilities Found in 87% of All Container Images
Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility
Singapore, EU digital pact to cover 'all areas' of bilateral cooperation
The dark side of Optimize Mac Storage: What you need to know if you rely on it
The future of vulnerability management and patch compliance
Thriving Dark Web Trade in Fake Security Certifications
TrickGate, a packer used by malware to evade detection since 2016
Video walkthrough: Cybertech Tel Aviv 2023
Vulnerability in Cisco industrial appliances is a potential nightmare (CVE-2023-20076)
Zero-Trust Alone Won’t Save You
31/01
3 ways to stop cybersecurity concerns from hindering utility infrastructure modernization efforts
7 Ways To Improve Data Security In Your Organization
8 companies per day have data uploaded to dedicated leak sites
56% of Internet Users Fall for Phishing Scams, CUJO AI Reports
A guide to investing in cybersecurity stocks
Are we Losing the War Against Ransomware?
As hackers increase ransomware attacks, Michigan schools try to respond
Attackers used malicious “verified” OAuth apps to infiltrate organizations’ O365 email accounts
British government minister told council to keep quiet after ransomware attack
Budget constraints force cybersecurity teams to do more with less
Conheça o novo golpe que frauda cartão de crédito por aproximação
CPX’s robust cyber security solutions will transform your business in 2023
Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596)
Cyber Insurance: Could Rising Premiums be a Step in the Right Direction?
Cyber risk alert raised in Denmark after Russian attacks
Cybersecurity Training to Beat the Enemy Within the Gates
Cybertech Global 2023: Abraham Accords Countries Expand Cooperation to Cybersecurity
Dangers of cyber hacking in 2023
DigiCert releases new unified approach to trust management
DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000
EU Council moves to adjust product lifecycle, reporting in new cybersecurity law
Expel Releases Annual Great eXpeltations Report on Cybersecurity Trends and Predictions
Exploit released for critical VMware vRealize RCE vulnerability
Falha permitia a invasão de contas do Facebook e Instagram
FanDuel says Mailchimp data breach compromised its users' names and email addresses
FBI Takes Down Hive Criminal Ransomware Group
GitHub Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom
GitHub Confirms Signing Certificates Stolen in Cyber-Attack, Revokes Them
Google Fi Customers Caught Up in T-Mobile Data Breach
Guarantee Trust Bank (GTB), Zenith Bank Under Investigation Over Alleged Data Breach
Guardz Launches to Secure and Insure Small Businesses from Rising Cybersecurity Threats
Hackers Made Cyber-Attack at Riot Games, Steal Game Source Codes and Demanded Ransom
Hospital Investigating Significant ‘Ransomware Event’
How the war in Ukraine has strengthened the Kremlin’s ties with cybercriminals
Is President Biden’s National Cybersecurity Strategy a good idea?
JD Sports Server Hacked – Over 10M Customer’s Information Stolen
Killnet Attackers DDoS US and Dutch Hospitals
Latvia blames Russian hacking group for phishing attacks against its MoD
Maximizing Cybersecurity Savings through Tool Consolidation: A Guide for Enterprises
Microsoft Defender can now isolate compromised Linux endpoints
Microsoft disables verified partner accounts used for OAuth phishing
Mount Lilydale Mercy College caught up in data breach hack
Nantucket Public Schools Close After Ransomware Attack
New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector
Omnipod DASH Insulin Pump Users Fall Victim to Data Breach
Phishing attacks are getting scarily sophisticated. Here's what to watch out for
QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates
QNAP: Patch Critical Remote Code Injection Bug
Quad cyber group meets in New Delhi to strengthen cybersecurity cooperation
Record News volta à ativa e tem "vida quase normal" após ataque hacker
Redcar and Cleveland Council admits 'catastrophic' ransomware attack cost £7m
Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years
“Restrictions” with Super Bock after cyber attack
Safe Systems Alerts Financial Institutions of Major Phishing Scam
Simone Biles, Cybersecurity And Foster Care: Why The Best Collaborations Are Often Unexpected
Southern Arizona’s largest school district hit by cyber attack
The Abraham Accords expand with cybersecurity collaboration
The Hidden Threat: 1Password Password Manager Phishing Ads on Google
Three Ways Organizations Can Improve Their Cybersecurity Posture Without Spending Money
Two US Doctors Convicted of $30m Medicare Fraud
What UAE businesses need to know about cybersecurity
Why cybersecurity teams are central to organizational trust
Why Traditional Approaches Don’t Work for API Security
You Don't Know Where Your Secrets Are
30/01
A glut of wiper malware hits Ukrainian targets
Active U.S. health care hackers 'Hive' disrupted by feds
Atlantic General Hospital experiences ransomware event
Atrium Health reportedly part of widespread cyber attack
Britain's JD Sports says customer data accessed by cyber attack
Building efficiency into SMEs’ cybersecurity investments
Business Reporter: More businesses need to become cyber-security skills leaders
Critical OpenEMR vulnerabilities may allow attackers to access patients’ health records
Critical Realtek Vulnerability Impacting IoT Devices Worldwide
'Cyber attack' at Galashiels Doggy Day Care Centre leads police to home of 'disgruntled' worker
Cyber-attack targets University of Michigan Health
Cyber threat takes down Tucson Unified School District's internet network
Devs on Dark Web Forums Paid Up to $20,000 For Illicit Activities
Dutch hacker obtained virtually all Austrians' personal data, police say
Fake Money Apps Garner Millions of Android Downloads
Fight Back Against Ransomware Attacks
Five Data Wipers Attack Ukrainian News Agency
Gen-3 Cybersecurity: Solutions Built For The Modern User
GitHub revokes code signing certificates stolen in repo hack
Governing cybersecurity from the top as a strategic business enabler
Hacker intercepts carpet company’s emails, retains customer’s $5000 deposit
Hackers Use TrickGate Software to Deploy Emotet, REvil, Other Malware
Hackurity is 'raising the bar' within the cybersecurity industry
How organizations can keep themselves secure whilst cutting IT spending
How to survive below the cybersecurity poverty line
ICS vulnerabilities: Insights from advisories, how CVEs are reported
ICYMI – Late December in privacy and cybersecurity
IL Hospital Reaches $380K Settlement to Resolve Lawsuit Over Healthcare Data Breach
IL Social Services Organization Notifies 184K of Healthcare Ransomware Attack
Indonesia’s antivirus reliance: A cybersecurity blindspot
Insider attacks becoming more frequent, more difficult to detect
Israeli chemical factories targeted by hacker group in massive cyberattack
Jamaican cybersecurity firm plans to train, hire Guyanese analysts
JD Sports Confirms Breach Affected 10 Million Customers
JD Sports hit by cyber-attack that leaked 10m customers’ data
JD Sports says hackers stole data of 10 million customers
JD Sports targeted by hackers in cybersecurity breach
KeePass disputes vulnerability allowing stealthy password theft
Local cybersecurity firm inks deal with Simcoe County; aims to help businesses in the community
LockBit green: Ransomware gang releases new malware and targets cloud
Mailchimp Falls Victim to Another Data Breach
Malaysia, Singapore sign MoU on data protection, cybersecurity and digital economy
Market for Cybersecurity Specialists Remains Strong
Microsoft warning: Protect this critical piece of your tech infrastructure
Mobile Banking Scam; Expert Urges Govt to Boost Cybersecurity Measures
Most data breach notices lacked detail in 2022
Mounting pressure is creating a ticking time bomb for railway cybersecurity
New Yorker Gets Four Years for $9m COVID Fraud Scheme
Omnipod DASH Insulin Pump Users Affected By Data Breach
Pak minister says cyber attack could be behind nationwide power breakdown
Porsche halts NFT launch, phishing sites fill the void
QNAP fixes critical bug letting hackers inject malicious code
Qulliq Energy stops short of labelling cyberattack another Nunavut ransomware incident
Ransomware attack on Indianapolis Housing Agency leaks sensitive info on 200,000 residents
Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices
Researcher received a $27,000 bounty for 2FA bypass bug in Facebook and Instagram
Sandworm APT group hit Ukrainian news agency with five data wipers
Schools don't pay, but ransomware attacks still increasing
Secure code training ruled better investment than code scanning tools
Software’s ‘intangible’ nature raises insurance concerns in court ruling
The Hidden Threat: Bitwarden Password Manager Targeted by Phishing Scams
The way to stop API breaches: reevaluate the company’s cybersecurity stack
Third-party data breach round-up: mscripts, Diligent, Mailchimp
Titan Stealer: A New Golang-Based Information Stealer Malware Emerges
Tokyo Police Start Cybersecurity Drill
UNC2565 threat actors continue to improve the GOOTLOADER malware
US extradites French ShinyHunters hacker, faces 123 years in prison
U.S. No Fly list shared on a hacking forum, government investigating
What’s the Best Threat Protection Against Ransomware?
Yandex data breach reveals source code littered with racist language
29/01
Data Privacy Day: Ransomware’s effect on privacy
DocMorris: Hackers capture data from tens of thousands of customer accounts
NFT collector who fell for a phishing scam takes OpenSea to court
Gootkit Malware Continues to Evolve with New Components and Obfuscations
Hackers invadem site do PT e incluem foto de Kid Bengala
Hackers obstruct govt sites for four hours (Nepal)
LockBit’s ethical guidelines: can hacking gangs ever be the good guys?
Nationwide Data Leaks Raise Security Concerns
Open season on hacking into gov.np
Over £3.9 BILLION has been lost to fraud and cybercrimes in the last 13 months across the UK
Security tip: Are you making this huge Wi-Fi mistake?
Shady reward apps on Google Play amass 20 million downloads
Site do PT sofre ataque hacker
Site do PT sofre ataque hacker durante a madrugada de domingo
SMEs In Bahrain Faced 348% Jump In Cyberattacks
The 9 top trends driving electric vehicle security in 2023
The Basics of Cloud Security For SMBs: Zero Trust, CNAAP, and More
Ultimate Guide to Blockchain Security
Yandex Source Code Online Leaked, Company Denies Hack