DAILY NEWS: Junho (11/06 - 17/06) - 24 Semana de 2023
Cyber Security and Information Security News --- Daily Updates !! Weekly Resume

17/06
A Deep Dive into Email Security: Best Anti-Phishing Practices
Augusta mayor blames ‘threat actor’ for crippling cyberattack
Beware of these 4 Unassuming Mobile Threats
Combating ransomware: Strategies for defense
Cyberattacks on renewables: Europe power sector's dread in chaos of war
From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet
Hashflow Faces $600K Crypto Exploits Confirm Users to Retrieve
How hackers gained access to Minnesota Department of Education data
Massive data breach compromised 3.5M drivers licenses, ID cards in Oregon DMV system
Microsoft says early June disruptions to Outlook, Cloud Platform, were cyberattacks
MOVEit: o que você deve saber sobre o ataque ransomware
Over 100 Brands Were Impersonated in This Massive Phishing Campaign
Russian hackers claim responsibility for University System of Georgia data breach
SMS delivery reports can be used to infer recipient's location
The USDA is investigating a ‘possible data breach’ related to the global Russian cybercriminal hack
US govt offers $10 million bounty for info on Clop ransomware
Warning: Fake GitHub Repos Delivering Malware as PoCs
What Do Data Breaches Reveal About The Status Of Cybersecurity In India?
16/06
20-Year-Old Russian LockBit Ransomware Affiliate Arrested in Arizona
91% of Indian organisations experienced ransomware attacks in 2023: Report
A Russian ransomware gang breaches the Energy Department and other federal agencies
Activities in the Cybercrime Underground Require a New Approach to Cybersecurity
AI: data protection and privacy
Almost 16,000 state job applicants informed of possible data breach
Approximately 9 million dental patients in the USA affected by a data breach
Atrium Wake Forest Baptist reports data breach of patient records
Barracuda Zero-Day Exploited by Chinese Actor
Bots, phishing and server attacks making commerce a cybersecurity hotspot
Capita facing class action law suit over data breach involving GP patients
ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC
Clop Starts MOVEit Extortion as New Bug is Discovered
Cloud Mining Scams Spread Banking Trojans
Cyber-Criminals Are Using Mining Pools to Launder Crypto
Cybercriminals return to business as usual in a post-pandemic world
Cybersecurity culture improves despite the dark clouds of the past year
Darknet Parliament is now a thing
Development Bank of Southern Africa targeted by the Akira ransomware group
Every Louisiana driver’s license holder exposed in colossal cyber-attack
Federal Trade Commission (FTC) charges genetic testing organization for privacy concerns
Fortinet Discreetly Patches CVE-2023-27997, a Known Exploited Vulnerability
Fraud Alert: 40% Increase in Phishing, Smishing Attempts, Watch Out for IPFS Phishing
Genetic testing firm accused by FTC of violating customers’ privacy
Good Samaritan Hospital data breach class action settlement
Hacker Saps Russian Special Service Wallets, Transfers Everything To Ukraine
Hackers Using ChatGPT & GoogleBard to Launch Sophisticated Email Attacks
Illinois Hospital First To Shut Down Completely After Ransomware Attack
Infosecurity Europe: How DORA Will Force Financial Firms to Adopt Cyber Resilience
Infosecurity Europe: Preparing for Adversarial Machine Learning Attacks
Introducing the book: Visual Threat Intelligence
Johns Hopkins Health System Suffers Cyberattack
LockBit claims ransomware attack on pharma giant Granules India
Main Security Challenges of Cloud Computing
Manufacturing Industry Cybersecurity Best Practices
MercyOne faces lawsuit for May data breach affecting 20,000
Mondelēz Global LLC Announces Third-Party Data Breach Involving Employee’s Social Security Numbers
MOVEit Cyber Attack: Personal Data Of Millions Stolen From Oregon, Louisiana, U.S. Agency
New Version of Android GravityRAT Spyware Targets WhatsApp Backups
New Zealand’s Smartpay Hit With Ransomware in Latest Antipodean Cyber Attack
Oil and gas giant Shell is another victim of Clop ransomware attacks
Pentagon leaker indicted by federal grand jury
Phishing Attacks Are Becoming More Sophisticated. Here’s How to Bolster Email Security
Police cracks down on DDoS-for-hire service active since 2013
Red teaming can be the ground truth for CISOs and execs
Russia-affiliated Shuckworm Intensifies Cyber-Attacks on Ukraine
Russian National Arrested in Connection With LockBit Ransomware
Shell latest victim in Cl0p MOVEit hacking spree
Sturdy Finance reopens after $800,000 hack
Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack
Third MOVEit vulnerability raises alarms as US Agriculture Department says it may be impacted
Understanding Data Security In The Digital Age
Zacks Investment Research Firm Data Breach Expands, Nearly Nine Million Impacted
WannaCry 3.0 Ransomware Aims At Enlisted Russian-speaking Players
15/06
3CX data exposed, third-party to blame
5 best practices to ensure the security of third-party APIs
Agências governamentais dos EUA são atingidas por onda global de ataques hackers
Android GravityRAT malware now steals your WhatsApp backups
As Nova Scotia investigates data breach, expert says no software is infallible
Barracuda ESG zero-day attacks linked to suspected Chinese hackers
Chinese UNC4841 Group Exploits Zero-Day Flaw in Barracuda Email Security Gateway
CISA and NSA Publish BMC Hardening Guidelines
CISA releases information on LockBit ransomware
City of Richmond warns of phishing emails mimicking city correspondence
Clop ransomware gang starts extorting MOVEit data-theft victims
Corretora perde R$ 72 milhões em criptomoedas e congela saques
Countering ransomware attacks to restaurants and retail
Cyber debt levels reach tipping point
Cybersecurity agencies published a joint LockBit ransomware advisory
Fiddler Auditor: Open-source tool evaluates the robustness of large language models
Grupo hacker russo cria malware que se espalha em dispositivos USB para roubar dados da Ucrânia
Hacker groups reportedly team up to destroy European Banks in ‘world’s biggest cyber attack’
Hacker que vendeu músicas inéditas de Ed Sheeran é obrigado a devolver bitcoins
How cybercriminals target energy companies
How secure is your vehicle with digital key technology?
How Third-party Risks Increase Data Breach Vulnerabilities
Illinois hospital links closing to ransomware attack
Infosecurity Europe: Breaches Down as Security Culture Improves
Infosecurity Europe: Cost-of-Living Crisis Drives Insider Threat Concerns
Infosecurity Europe: EMEA Retailers Experience Surge in Web Attacks, With Germany Heavily Targeted
Infosecurity Europe: New Study Takes a Deep Dive Into Lookalike Attacks
Killer - Is A Tool Created To Evade AVs And EDRs Or Security Tools
LockBit Makes $91m From US Victims in Two Years
LockBit Ransomware Extorts $91 Million from U.S. Companies
Medical Device Security: Securing IT and OT Healthcare
Microsoft Names Russian Threat Actor "Cadet Blizzard"
Microsoft sued for alleged misuse of stolen Dark Web credentials
Microsoft Warns of New Russian State-Sponsored Hacker Group with Destructive Intent
New Report Reveals Shuckworm's Long-Running Intrusions on Ukrainian Organizations
New Research: 6% of Employees Paste Sensitive Data into GenAI tools as ChatGPT
New Supply Chain Attack Exploits Abandoned S3 Buckets to Distribute Malicious Binaries
Nota de esclarecimento sobre ataque hacker
Ofcom Becomes the Latest Victim of MOVEit Supply Chain Attack
Oil and gas giant Shell confirms it was impacted by Clop ransomware attacks
Passkeys Can Make Passwords a Thing of the Past
Public sector application flaws increased in last 12 months
Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency
Ransomware tops malware-as-a-service offered on the dark web
Reverse Engineering Terminator aka Zemana AntiMalware/AntiLogger Driver
Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine
Russian aviation authority denies data breach speculations
Russian hackers use PowerShell USB malware to drop backdoors
Security culture improving in businesses despite factors holding teams back
Small organizations outpace large enterprises in MFA adoption
South African state-owned DBSA confirms ransomware attack by Akira Group
Stephen F. Austin University (SFA) communication tool back online as cyber attack recovery continues
Study Reveals Ransomware as Most Popular Cybercrime Service
Suspected LockBit ransomware affiliate arrested, charged in US
Traditional Pen Testing vs. PTaaS with Web Application Security
Understanding Malware-as-a-Service
University of Georgia Likely Affected by Data Breach
Vidar Malware Using New Tactics to Evade Detection and Anonymize Activities
VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887)
Warning: GravityRAT Android Trojan Steals WhatsApp Backups and Deletes Files
What Are the Ramifications of the Meta GDPR fine for UK Businesses?
What is a browser doing at Infosecurity Europe 2023?
You can get a share of Google's $23 million dollar settlement. Here's how
14/06
3 ways we’ve made the CIS Controls more automation-friendly
33,000 patients caught in data breach at Maimonides Medical Center
A hospital in the US closes after a cyber attack: an unprecedented case
Assessing Third-Party InfoSec Risk Management
Beyond MFA: 3 steps to improve security and reduce customer authentication friction
Biopharma Confronts a Rising Tide of Ransomware Attacks
BreachForums is back – for real this time
Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems
Chinese hackers use DNS-over-HTTPS for Linux malware communication
CISA, FBI Publish LockBit Ransomware Advisory
Coinbase users urged to change passwords amid complex phishing scam
Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin
Cyber liability insurance vs. data breach insurance: What's the difference?
Cyberattacks on Plastic Surgeons: An Emerging Frontline in Cybersecurity
Dozens of healthcare providers affected by Virginia debt collector breach
Enhancing security team capabilities in tough economic times
EU Passes Landmark Artificial Intelligence Act
Europol Warns of Metaverse and AI Terror Threat
Fake Researcher Profiles Spread Malware through GitHub Repositories as PoC Exploits
Five Ways to Educate the National Workforce on Cyber Hygiene
Generations Federal Credit Union Files Notice of Data Breach Affecting Thousands of Customers
Hackers create fake GitHub profiles to deliver malware through repositories
Hackers Swap Extortion Tactics as Police Bring the Heat
Hardware Hacking to Bypass BIOS Passwords
HWL Ebsworth data breach: Hackers claim huge data leak
Ignoring digital transformation is more dangerous than a recession
Illinois, Missouri latest states to investigate MOVEit incidents
Infosecurity Europe: Cyber Leaders’ Plea to Tackle the Industry’s Mental Health Crisis
Infosecurity Europe: How to Make the Most of this Year's Show
Infosecurity Europe: (ISC)² and CIISec Release Guide to Inclusive Language in Cybersecurity
IT providers become go-to for cybersecurity advice
Jailed hacker told to pay £100,000 after stealing unreleased Ed Sheeran music
Lack of trust reported as top security challenge
LockBit behind 1 in 6 ransomware attacks on US gov't in 2022
LockBit ransomware extorted $91 million in 1,700 U.S. attacks
Malicious Actors Exploit GitHub to Distribute Fake Exploits
Massive impersonation campaign targets apparel firms including Nike and Adidas
Massive Phishing Campaign Uses 6,000 Sites to Mimic Popular Brands
Mercer University class action claims data breach compromised data of over 93K individuals
MFA Bypass Kits Account For One Million Monthly Messages
Microsoft Releases Updates to Patch Critical Flaws in Windows and Other Software
Montclair township says cyber attack took down IT systems and disrupted public services
NetSPI Breach and Attack Simulation (BAS) platform demo
New Golang-based Skuld Malware Stealing Discord and Browser Data from Windows PCs
New ‘Shampoo’ Chromeloader malware pushed via fake warez sites
New trap: Fraudsters send phishing email under garb of flight ticket
No Zero-Days but PGM Flaws Cause Patch Tuesday Concern
North Korea creates fake phishing site to steal South Koreans' personal data, says spy agency
PII Exposed: Unauthenticated IDOR in WooCommerce Stripe Plugin
Queensland government agencies have 'more to do' to be ready for future data breach reporting
Ransomware attack forces closure of St. Margaret's Health facilities
Researchers Uncover XSS Vulnerabilities in Azure Services
Setting Strong and Unique Passwords: The First Line of Defense for PS5 Security
Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry
Someone is posing as a fake security company to create malicious GitHub repositories
T-Mobile retailer suffers data breach affecting potentially thousands of customers
The psychological impact of phishing attacks on your employees
Threat actors back to cyber “big game hunting”
Trinity Health faces lawsuit for March data breach
Two Prudential Subsidiaries In Malaysia Hit By Data Breach
Xplain data breach impacts Swiss national railway FSS and canton of Aargau
WannaCry ransomware impersonator targets Russian "Enlisted" FPS players
Where from, Where to — The Evolution of Network Security
Windows Users Alert: Skuld Malware Steals Discord and Browser Data
13/06
47% of organizations struggle with detecting and mitigating threats
68% of organizations expect employee churn-driven cyber issues in 2023
99% of organizations expect identity-related compromise this year
A Zero-Day Should Not Be a Crisis
Adversary-in-the-Middle Attack Campaign Hits Dozens of Global Organizations
AI and tech innovation, economic pressures increase identity attack surface
API Security: Unveiling Best Practices for a Secure Digital Ecosystem
Are smartphone thermal cameras sensitive enough to uncover PIN codes?
Artificial intelligence is coming to Windows: Are your security policy settings ready?
Beware: New DoubleFinger Loader Targets Cryptocurrency Wallets with Stealer
Bolloré subsidiary attack exposes Thales, Alibaba data
Building a hyper-connected future with 6G networks
Bulletproof hoster gets 3 years for pushing Urfsnif, Zeus malware
Chinese hackers used VMware ESXi zero-day to backdoor VMs
CISA orders federal agencies to secure Internet-exposed network devices
COSMICENERGY Malware May be Artifact of Russian Emergency Response Exercises
CoWIN Data Leak: Hacker explains how he managed to get Aadhaar, PAN, address, other details of users
Critical FortiOS and FortiProxy Vulnerability Likely Exploited - Patch Now!
Crypto Wallets Under Attack By DoubleFinger Malware
CyberArk Survey Surfaces Identity Security Challenges
DDoS threats and defense: How certain assumptions can lead to an attack
FIIG Securities sees data stolen in Russian cyber attack
Fortinet Addresses Critical FortiGate SSL-VPN Vulnerability
França denuncia campanha de desinformação e ação de hackers ligados aos russos
Harvard Pilgrim Health Care Plan Sued After Massive Data Breach
Historic Zacks Breach Impacts Nearly Nine Million
How to achieve cyber resilience?
How to hack Facebook with just a phone number
Incorporating cloud security teams into the SOC enhances operational efficiencies
Infosecurity Europe: Armis Highlights Riskiest Devices in Critical Infrastructure
Infosecurity Europe: Leading Cybersecurity Providers to Share Insights on Breach Containment
Infosecurity Europe: Top Five Things to Check Out at This Year’s Event
Infosecurity Europe: What TechUK's New Plan Means for Cybersecurity
Many Forces Want To Undermine CoWIN: Union Minister On Data Breach
Massive database leak exposes IDs of vaccinated Indians
Massive phishing campaign uses 6,000 sites to impersonate 100 brands
Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs
Microsoft Pays $20m to Settle Another FTC COPPA Case
Microsoft says Azure outage was caused by ‘anomalous’ traffic spike
MOVEit Transfer developer patches more critical flaws after security audit
Ofcom Latest MOVEit Victim as Exploit Code Released
Okta aims to unify IAM for Windows, macOS devices in hybrid work environments
Open-Source RATs Leveraged By APT Groups
Over Half of Security Leaders Lack Confidence in Protecting App Secrets, Study Reveals
Padding Users’ Defenses Against ChatGPT
Phishing Attacks Statistics & Facts 2023 – Techopedia
PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362)
Quantum computing’s threat to national security
RDP honeypot targeted 3.5 million times in brute-force attacks
Report highlights key threats disrupting businesses
Spotify fined $5M+ for GDPR violations
Strava heatmap might reveal your home address, researchers claim
Two Russian Nationals Charged for Masterminding Mt. Gox Crypto Exchange Hack
UK’s Ofcom confirms cyber attack as PoC exploit for MOVEit is released
Understanding the Role of Identities in Cloud Breaches
Unveiling the Balada injector: a malware epidemic in WordPress
UPS latest Anonymous Sudan target, Microsoft time-out
Windows 10 KB5026435 and KB5027215 updates released
Windows 11 KB5027231 cumulative update released with 34 changes
WordPress Stripe payment plugin bug leaks customer order details
12/06
18,000+ Ascension patients caught in data breach
A deep dive into the Petaluma Health Center data breach
An Illinois hospital is the first health care facility to link its closing to a ransomware attack
Apple's Safari Private Browsing Now Automatically Removes Tracking Parameters in URLs
Bank fraud warnings are the most common text scam
Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme
Building a culture of security awareness in healthcare begins with leadership
Carrington, Alvaria class action claims data breach exposed data of millions
CIBT, Inc. Notifies Employees and Customers of Recent Data Breach
Clop ransomware group knew about the MOVEit zero-day vulnerability since at least July 2021: Kroll
Columbus Regional Healthcare System Reportedly Experienced Data Breach Following Ransomware Attack
Confidential data downloaded from UK regulator Ofcom in cyberattack
CoWIN app or database not breached directly: Union minister after data leak claims
Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls - Patch Now!
Cyber attack hits University of Manchester
Cyber attack on Californian healthcare clinic compromised patients' personal and medical information
Cyber extortion hits all-time high
Cyber security experts warn of a rise in money scams on WhatsApp
Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable
Cycode’s free CI/CD monitoring tool offers new DevOps visibility
Data Flows Between UK and US to be Simplified Under New Agreement
Development Bank of Southern Africa (DBSA): Notification of Security Compromise
Didn't breach CoWIN, exploited linked platform’s holes, says hacker behind data leak row
Every 10th German company hit by cyber attack in 2022, says survey
Examining the long-term effects of data privacy violations
Exploit released for MOVEit RCE bug used in data theft attacks
Fortinet: New FortiOS RCE bug "may have been exploited" in attacks
Fortinet urges to patch a critical RCE flaw in Fortigate firewalls
FUD Malware obfuscation engine BatCloak continues to evolve
Global Median Dwell Time Drops to Record Low
Globe warns vs phishing attempts targeting customers with fake SIM Registration email
Hackers Impersonate Journalists to Steal Millions via Twitter and Discord
Half of businesses were victims of spear-phishing in 2022
Halifax Water customer information part of data breach
Have I Been Pwned warns of new Zacks data breach impacting 8 million
Have You Been Pwned? What Should You Do?
Health Service Ireland latest victim of MOVEit cyber attack
How to Break Into a Cybersecurity Career – Phillip Wylie
How To: Create and Maintain SBOMs
Illinois Impacted by Wide-Ranging Ransomware Attack
India denies massive data breach involving Covid vaccine website
Intellihartx data breach exposed the personal and health info of 490,000 individuals
It’s time to patch your MOVEit Transfer solution again!
JBS’s cybersecurity was poor prior to 2021 ransomware attack, homeland security records show
Lack of adequate investments hinders identity security efforts
LockBit group claims ransomware attack on Japanese zipper maker YKK
Log4J exploits may rise further as Microsoft continues war on
Massive CoWIN Data Breach; Personal Details Of Vaccine Recipients Available In Telegram: Report
Massive ransomware attack hits National Securities Commission
Microsoft: Azure Portal outage was caused by traffic “spike”
Microsoft OneDrive fica fora do ar por várias horas após sofrer ataque DDoS de grupo hacker
Minnesota Department of Education swept up in global MOVEit cyberattack
MOVEit hack: Media watchdog Ofcom latest victim of mass hack
New Banking AitM Phishing and BEC Attacks Financial Organisations – Microsoft
New BlackFog research: 61% of SMBs were victims of a cyberattack in the last year
Nova Scotia government reveals details of cyber attack
Ofcom Confirms Cyber-Attack by Russian Ransomware Group
Ofcom, UK’s media watchdog, was breached
OLX paga ‘hacker do bem’ para identificar falhas de segurança
One month after ransomware attack, Dallas reports 90% of its network has been restored
Palo Alto Networks Finds Cyberattack Patterns Changing
Password Reset Hack Exposed in Honda's E-Commerce Platform, Dealers Data at Risk
Pink Drainer Posed as Journalists, Stole $3M from Discord and Twitter Users
Pioneer Valley Ophthalmic Consultants, PC Files Notice of Third-Party Data Breach
Proactive protection: five steps for businesses and homes to mitigate cyber threats
Ransomware remains single biggest threat: Nclose
Researchers Report First Instance of Automated SaaS Ransomware Extortion
Researchers Uncover Publisher Spoofing Bug in Microsoft Visual Studio Installer
Russian hackers claim responsibility for theft of data from Australian bond broker FIIG
SaaS Challenges and Security Risks
Sextortion, Deepfakes, and AI Scams: How to Protect Children from Cyberattacks
'Staff training is crucial to reducing cyber attack risk'
'Stealth Soldier' Attacks Target Libyan Government Entities With Surveillance Malware
Stephen F. Austin State University (SFA) reports online system targeted in cyber attack
Strategic Intelligence Guidance for Adopting AI Models in Your Organization
Swiss Government Targeted by Series of Cyber-Attacks
Swiss government warns of ongoing DDoS attacks, data leak
The Answer to Optimizing Your Security Infrastructure? Consolidation
The Biggest Risks to the Software Supply Chain
The Dangers of AI Chatbots – And How to Counter Them
The key differences between ‘information privacy’ vs. ‘information security’
Threat intelligence programs poised for growth
Two Russian Nationals Charged in Connection with Mt Gox Hack
Ukrainian hackers claim attack on Russian banks
Ukrainian Hackers Take Out Russian Banking Infrastructure
Use of multi-factor authentication nearly doubles since 2020
Xplain data breach also impacted the national Swiss railway FSS
Why Healthcare Cybersecurity Requires a Multi-Layer Approach
Why Now? The Rise of Attack Surface Management
11/06
A Closer Look at Data Breaches in the US
Android Malware Mimics VPN, Netflix and Over 60k of Other Apps
Beyond Passwords: The Future of Authentication in Cybersecurity
Disruption to people's lives is Gloucester council chief's biggest frustration over cyber attack
Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now
Fortinet patches pre-auth RCE, update your Fortigate firewalls ASAP! (CVE-2023-27997)
Hacked Documents Show Hectares Of Land Given To Iran Atomic Org.
Honda eCommerce Platform Flaw Exposes Customers’ Data
iPhones are the target of a new and malicious malware
Is Fighting Cyber-Espionage Against Dissidents Getting Difficult?
Is It Safe to Allow Pop-Ups in Your Browser?
JamaicaEye hit by cyber attack - Security Ministry
Spyware Could End Malta’s Golden Passports
Strava heatmap feature can be abused to find home addresses
The Ukrainian Robin Hood: a hacker drains Russian wallets and transfers bitcoins to volunteers
Top 12 tips to keep your business safe from cyberattacks
Why is cybersecurity always an important factor to consider when browsing the web?