DAILY NEWS: Outubro/Novembro (30/10 - 05/11) - 44 Semana de 2022
Cyber Security and Information Security News - Daily Updates !! Weekly Review

05/11
27% Of Global Companies Suffer Data Breaches In 3 Years – PwC
Amazon Data Breaches History and Complete Timeline up to 2022
‘Cyber security must be preventive’
Cybersecurity Is Collective Responsibility, Says Stanbic IBTC
Hackers Abusing Microsoft Dynamics 365 Customer Voice to Steal Credentials
Hackers sending govt officials phishing mails for T-20 World Cup bets, claims cybersecurity firm
'It's a nightmare.' Expert weighs in on ransomware attack facing Norman Public Schools
Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities
NHS cyber attack still believed to be affecting patients’ records three months on
Password attacks rise to 921 per second: Microsoft
Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer
Technology group providing services to Victorian government departments hit by cyber attack
04/11
5 use cases for MDR to fight ransomware
Action Steps to Enhance 911 System Cybersecurity
As Twitter brings on $8 fee, phishing emails target verified accounts
At $2 mn-plus, manufacturing sector paid the biggest ransom after cyberattacks
Ataque hacker derruba telescópio mais poderoso do mundo
Attackers leverage Microsoft Dynamics 365 to phish users
Australia sees rise in cybercrimes on back of 'destructive' ransomware, state actors
Black Basta Ransomware Attacks Linked to FIN7 Threat Actor
Black Basta Ransomware Linked to FIN7 Cybercrime Group
Business Email Compromise (BEC) Group Crimson Kingsnake Linked to 92 Malicious Domains
CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software
Cisco addressed several high-severity flaws in its products
Cyber attack disrupts Norman school district
Cyber Insurance and Cybersecurity Policy: An Interconnected History
Cyber security experts reveal the most common password misconceptions
Defensics adds gRPC support for distributed web and mobile application security testing
“Disturbing” Rise in Nation State Activity, Microsoft Reports
Dropbox Data Breach Another Multifactor Fail
Eight Best Practices For Ransomware Threat Hunting
Hacker volta a atacar e rouba R$ 4 milhões em NFTs
Hacking Google: Lessons From the Security Team, Part Two
Honeywell weighs in on OT cybersecurity challenges, evolution
ICO Slashes Government Data Breach Fine
Investigadores usaram um satélite desativado para transmitir TV hacker
Iran poses major cyber-security threat to Gulf
Is Monkey Drainer Contract the Biggest Phishing Business in Crypto Right Now?
LockBit Claims Ransomware Attack on Continental
Microsoft says “it’s just too difficult” to effectively disrupt ransomware
National Guard Leaders Warn More Cyber Security Spending Needed to Help Protect Elections
New CISA Goals Tackle Critical Infrastructure Cybersecurity
NHS cyber attack hits patient care with records left in ‘chaos’ three months on
November 2022 Patch Tuesday forecast: Wrapping up loose ends?
OakBend Medical Center Provides Healthcare Data Breach Notice
One-third of organizations changed leadership after a cyberattack
Outmaneuvering cybercriminals by recognizing mobile phishing threats’ telltale markers
Path traversal in Java web applications – announcing the Invicti technical paper
Phishers Abuse Microsoft Voicemail Service to Trick Users
Prep for a career in cybersecurity with this $49 CompTIA boot camp
Privacy, compliance challenges businesses face after Roe v. Wade repeal
Ransomware and CISOs’ balancing act
Ransomware Group Threatens to Leak Data Stolen From Car Parts Giant Continental
Red Cross Wants Shielding from Hacks via Digital Emblem
Researchers Detail New Malware Campaign Targeting Indian Government Employees
Robin Banks phishing service returns to steal banking accounts
RomCom RAT campaigns abuses popular brands like KeePass and SolarWinds NPM
St. Luke's suffers 3rd-party data breach
The 10th edition of the ENISA Threat Landscape (ETL) report is out!
The biggest threat to America’s election system? Ourselves
The most frequently reported vulnerability types and severities
‘Wake-up call for real estate agencies’: Harcourts hit by data breach
Web3 Domain Alliance Emerges to Address Cybersecurity Concerns
What the Growth of Ransomware Variants Says About the Evolving Cybercrime Ecosystem
White House Convenes Ransomware Summit as Reported Incidents Soar By Over 50%
Windows 11 22H2 blocked on systems using Xbox Game Bar Capture
World's Most Expensive Observatory Floored by Cyber-Attack
Your OT Is No Longer Isolated: Act Fast to Protect It
03/11
ALMA Observatory shuts down operations due to a cyberattack
An iPhone VPN can secure your connection and unlock streaming content
Black Basta ransomware gang linked to the FIN7 hacking group
BWX subsidiary Flora & Fauna hit with data breach
Bot Warning for Retailers Ahead of Busy Shopping Season
Businesses want technologies that allow for passwordless workflows
Cyber Threat Landscape Shaped by Ukraine Conflict, ENISA Report Reveals
Cybersecurity recovery is a process that starts long before a cyberattack occurs
Cyberwar is Changing – is Your Organization Ready?
Danish train standstill on Saturday caused by cyber attack
From Online Fraud to DDoS and API Abuse: The State of Security Within eCommerce in 2022
Global coalition reaffirms commitment to fight ransomware
Hacker Charged With Extorting Online Psychotherapy Service
Hackers teriam pirateado beta do The Sims 5 e criado tokens de acesso
Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT
Healthcare data breach affects millions; Google releases security patch for Chrome
How to manage data lifecycle: Data retention for compliance
IoT cybersecurity is slowly gaining mainstream attention
LockBit repeats 'PR stunt' as Thales ransomware investigation reveals no breach
Low-Code, Citizen Development Will Lead to Major Data Breach in 2023
Malware, Ransomware, IoT Pose Major IT Security Challenges
Manufacturing sector pays highest average ransomware payment
Melbourne real estate agency data breach leaves details of renters and landlords exposed
New clipboard hijacker replaces crypto wallet addresses with lookalikes
New TikTok Privacy Policy Confirms Chinese Staff Can Access European Users' Data
Open-source software fosters innovation, but only with the right controls in place
OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa
Optus promises to pay cost of replacing foreign passports compromised in data breach
Ransomware attack on Osaka General's network stalls critical surgeries & daily operations
Ransomware attack strikes US hospital's legacy network, impacts over 77,000 patients
Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers
RomCom Weaponized KeePass and SolarWinds Instances to Target Ukraine, Maybe UK
Royal Mail customer data leak shutters online Click and Drop
See Tickets Suffers Credit Card Skimming Data Breach
The metaverse ushers in a new era of cyber threats
Threat Actor "OPERA1ER" Steals Millions from Banks and Telcos
TikTok Confirms Chinese Staff Can Access UK and EU User Data
Top 4 priorities for cloud data protection
UK Security Agency to Scan the Country for Bugs
US Banks should prepare to spend big on cyberdefenses as ransomware payments reach record levels
Zurich and Mondelez Reach NotPetya Settlement, but Cyber-Risk May Increase
Why Identity & Access Management Governance is a Core Part of Your SaaS Security
02/11
32% of cybersecurity leaders considering quitting their jobs
130 Dropbox code repos plundered after successful phishing attack
A Third of Security Leaders Considering Quitting Their Current Role
Alma radio telescope in Chile taken down by cyber attack
Almost half of phishing attacks target gov employees, research says
Alternatives to a lift-and-shift cloud migration strategy
Android Apps With a Million Downloads Led Users to Phishing Sites
Are Mobile Phones Becoming A Hacker's Dream?
Bed Bath & Beyond reviewing data breach
Chester, Pa., Lost $400K to Phishing Scheme Over Summer
Countries band together to better fight ransomware, set ‘priority targets’
Cyber Security Today, Nov. 2, 2022 – Unhappy infosec leaders, a list not to be on and more
Dozens of PyPI packages caught dropping 'W4SP' info-stealing malware
Dropbox Breach: Hackers Unauthorizedly Accessed 130 GitHub Source Code Repositories
Dropbox discloses unauthorized access to 130 GitHub source code repositories
Dropbox Suffers Breach, 130 GitHub Repositories Compromised
Emotet botnet starts blasting malware again after 5 month break
Experts Warn of SandStrike Android Spyware Infecting Devices via Malicious VPN App
Eye Care Leaders Data Breach Impacts 15K at Oklahoma Eye Care Practice
French defense firm denies ransomware attack after leak site posting
GitHub Flaw Underscores Risks of Open Source, RepoJacking
Group indicted for breaching CPA, tax preparation firms via stolen credentials
Hackers Stole 130 Source Code GitHub Repos In Dropbox Data Breach
Harcourts Melbourne City real estate agency advises customers of data breach
How to deal with burnout when you’re the CISO
How to Prevent Ransomware Attacks
Huawei Malaysia wins CyberSecurity Malaysia special award
Hundreds of U.S. news sites push malware in supply-chain attack
ID Authentication Bypass and the Next Evolution in Phishing Campaigns
IDC Analyst Brief reveals how passwords aren’t going away
IIT-K offers eMasters degree program on cyber security
IoT devices can undermine your security. Here are four ways to boost your defences
Macros could be the key to a cyber attack
Meet fundamental cybersecurity needs before aiming for more
Mobile Phishing Attacks on Government Staff Soar
MODE Global, LLC Reports Data Breach Affecting 11k Individuals
Multi-Color Corporation Reports Data Breach Affecting Sensitive Employee and Dependent Information
Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software
New London Hospital data breach class action lawsuit settlement
Next Generation of Phishing Attacks Uses Unexpected Delivery Methods to Steal Data
OakBend Medical Center Confirms Data Breach Following Encryption Event
OpenSSL fixed two high-severity vulnerabilities
OpenSSL Security Advisory Downgraded to High Severity
Osaka hospital hit by ransomware: report
Osaka Hospital services disrupted after a ransomware attack
Phishing attacks aimed at government personnel up 30% in 2021
Presidential Cybersecurity Education Award given to Lakota teacher
Public and private sector cooperation is vital in controlling cybersecurity threats
Ransomware Attack Disrupts Japanese Hospital for 2nd Day
Ransomware cost US banks $1.2 billion last year
Ransomware Remains Top Cyber Threat To Businesses, Deep Instinct Finds
Royal Mail Admits Data Breach After IT Glitch
SandStrike Spyware Infecting Android Devices through VPN Apps
SHELT responds to cybersecurity problems of Nigerian businesses with SOC
These Android Apps with a Million Play Store Installations Redirect Users to Malicious Sites
Top malware and ransomware trends and tactics from the first half of 2022: Report
Twitter Verified Status Users Flooded with Scams
UK NCSC responded to 63 “nationally significant” cyber incidents in past year
US Hacker Group Indicted For Million-Dollar RICO Conspiracy
Vodafone Italy discloses data breach after reseller hacked
WakeMed Faces Data Breach Lawsuit Over Meta Pixel Use
Whitepaper: Shared responsibility model for cloud security
Workshop on Digital Literacy and Cyber Security held for media personnel
Yanluowang ransomware leaks suggest pseudo Chinese persona, REvil links
01/11
86% of cloud attacks in healthcare result in financial consequences
Bed Bath & Beyond Investigating Data Breach After Employee Falls for Phishing Attack
Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware
CISA Publishes Multi-Factor Authentication Guidelines to Tackle Phishing
Confusion Over Twitter’s Blue Tick Verification Badges Gives Rise to Phishing Scams
Critical RCE Vulnerability Reported in ConnectWise Server Backup Solution
Federal Trade Commission (FTC) Takes Enforcement Action Against EdTech Giant Chegg
Following Log4j: Supporting the developer community to secure IT
Fraudulent Instruction Losses Spike in 2022
Google ad for GIMP.org served info-stealing malware via lookalike site
High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786)
Hospital de Osaka sofre ataque hacker: pacientes não podem ser atendidos
Interactive Malware Sandbox in Your Security System
Last Years Open Source - Tomorrow's Vulnerabilities
List of Data Breaches and Cyber Attacks in October 2022 – 9.9 Million Records Breached
LockBit Dominates Ransomware Campaigns in 2022: Deep Instinct
Microsoft fixes critical RCE flaw affecting Azure Cosmos DB
Most missed area of zero trust: Unmanageable applications
National Cyber Security Centre (NCSC) Issued 34 Million Cyber Alerts in Past Year
New SandStrike spyware infects Android devices via malicious VPN app
One in 42 Healthcare Organizations are Impacted by Ransomware
OpenSSL fixes two high severity vulnerabilities, what you need to know
OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities
Osaka Hospital Halts Services After Ransomware Attack
Outubro bate recorde com quase R$ 4 bilhões roubados em ataques hackers
Phishing Attacks Increase by 61 Percent in 2022
Public Wi-Fi safety tips: Protect yourself against malware and security threats
Quantum ransomware group targeted Australian Clinical Labs, posted stolen data on the Dark Web
Ransomware activity and network access sales in Q3 2022
Ransomware: Not enough victims are reporting attacks, and that's a problem for everyone
Researchers Disclose Details of Critical 'CosMiss' RCE Flaw Affecting Azure Cosmos DB
Royal Mail Data Breach: Here’s What You Need to Know
Student Suspected of Running Germany’s Largest Dark Web Market DiDW
Thales Probes Data-Leak Threat by Hacker Group
Twilio admits to falling victim to a second cyber attack in the Summer
Unofficial fix emerges for Windows bug abused to infect home PCs with ransomware
US banks report more than $1 billion in potential ransomware payments in 2021
U.S. Treasury thwarted attack by Russian hacker group last month-official
What developers want and how to keep them on your team
You can up software supply chain security by implementing these measures
31/10
A dangerous game of hide and seek
Active Raspberry Robin Worm Launch a ‘Hands-on-Keyboard’ Attacks To Hack Entire Networks
Analysis-In Australia, a hacking frenzy spurred by an undersized cybersecurity workforce
Another White Hat Hacker Returns Funds From Platform Exploit
Australian Defence Force confirm data breach hack
Australian Defence Department caught up in ransomware attack
Australian Federal Police (AFP) urge victims to report cybercrime following ransomware disruption
Australia's Department of Defence becomes latest victim of regional ransomware attacks
Azov Ransomware Runs Riot, Calls for Cyber Security Recheck
Be Alert! HTML Email Attachments Used in Phishing
Bed Bath & Beyond Are Currently Reviewing their Possible Data Breach
Bed Bath & Beyond reviewing data breach
Case study: Why cybersecurity insurance is essential for your business
Chartered Insurance Institute (CII) issues apology after data breach
Chegg sued by FTC after suffering four data breaches within 3 years
CISA, FBI, MS-ISAC Publish Guidelines For Federal Agencies on DDoS Attacks
CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication
ConnectWise backup solutions open to RCE, patch ASAP!
Cyber minister needed as attacks ramp up, says security expert
Cyberattacks in healthcare sector more likely to carry financial consequences
Data Breach of Missile Maker MBDA May Have Been Real: CloudSEK
Don’t Fall for This Yahoo Mail Phishing Scam
European defense contractor allegedly hit with ransomware
Europe's Biggest Copper Producer Hit by Cyber-Attack
FBI and CISA: Here's what you need to know about DDoS attacks
Five of the most dangerous RansomOps attacks
Fodcha DDoS Botnet Resurfaces with New Capabilities
German copper smelter Aurubis in cyber attack
GitHub Repojacking Bug Could've Allowed Attackers to Takeover Other Users' Repositories
Gold Coast Based Strata Management Firm SSKB Becomes Australia’s Latest Ransomware Attack Victim
Hacker da Team Finance devolve US$ 7 milhões para projetos associados após exploração
Hacker vendem acessos de 576 empresas por 4 milhões de dólares
Hackers selling access to 576 corporate networks for $4 million
Hackers Target Australian Defense Communications Platform With Ransomware
Hacking group abuses antivirus software to launch LODEINFO malware
How to fortify elections and electoral campaigns against human hacking
How To Respond To A Business Data Breach In Under 60 Minutes
Instagram confirms outage following stream of user suspensions
Investigation Launched Into Ransomware Attack On Australian Defence Force
Keystone Health Faces Lawsuit Over Healthcare Data Breach
King’s Seafood data breach $350K class action settlement
Malicious dropper apps on Play Store totaled 30.000+ installations
Manufacturing sector has highest ransomware payments
Microsoft Warns Attackers Now Leveraging Raspberry Robin to Distribute Clop Ransomware
Most Online Shoppers Would Leave Retailer Following Breach
Mozilla Firefox fixes freezes caused by new Windows 11 feature
NSA shares supply chain security tips for software suppliers
OT/ICS cybersecurity threats remain high
PF busca financiadores de jovem apontado como hacker que atacou ConecteSus
Phishing volumes increase 31% in third quarter : Report
Queenslanders at risk of increased scam attacks
Ransomware: 'Amateur' Tactics Lead Fewer Victims to Pay
Ransomware attack on Dialog also took down defence app ForceNet
Ransomware hackers hit Australian defence communications platform
Russia Suspected in Truss Phone Hacking Scandal
Samsung Galaxy Store Bug Could've Let Hackers Secretly Install Apps on Targeted Devices
Scams targeting cryptocurrency enthusiasts are getting more prevalent
Serious breach of cellphone users’ data
State of Incident Response: APAC
Team Finance hacker returns $7M to associated projects after exploit
Telefonica suffers cyber-attack and tells its customers to do this urgently
This stealthy hacking campaign uses a new trick to deliver its malware
Tips for Choosing a Pentesting Company
Unofficial Patch Released for New Actively Exploited Windows MotW Vulnerability
U.S. Bank data breach impacts 11K customers
White House invites dozens of nations for ransomware summit
Will cyber saber-rattling drive us to destruction?
Will deepfake cybercrime ever go mainstream?
World’s Leading Copper Producer Aurubis Suffers Crippling Cyberattack
Young Finnish man detained in absentia over data breach at Vastaamo
30/10
5 cybersecurity mistakes that will haunt you
10 Ways to Take a Security-First Approach to Database Management
Actively exploited Windows MoTW zero-day gets unofficial patch
Air New Zealand warns of an ongoing credential stuffing attack
Binance Hacked; Nearly $600 Million in BNB Stolen
Cost of living scams warning - the common ploys fraudsters are using to steal thousands
Drinik banking malware returns: Things you can do to keep your data safe
Driver licences with additional security measures to be issued in Victoria after Optus data breach
Former Army boss blasts Liz Truss 'ill discipline' over Kremlin phone hack
Former British Prime Minister Liz Truss ‘s phone was allegedly hacked by Russian spies
How AI can protect water and electricity networks
How to protect yourself from identity fraud during Cybersecurity Awareness Month
Inside a US military cyber team’s defence of Ukraine
Interpol Issues Security Warning Against Metaverse Being Unsafe For Children
Malware: A Problematic Evolution
Ministers creating ‘wild west’ conditions with use of personal phones
Multi-factor authentication fatigue attacks: How to shield your users?
New Azov data wiper tries to frame researchers and BleepingComputer
Sacked Sky employee demanded £40,000 or he would post details of 11,000 customer
Status of Pendragon’s data unclear after hackers issue revised ultimatum
The 13 Most Common Website Security Attacks
VicRoads says issuing new licences for Optus data breach victims
Weakness: Employees – the reason they are vulnerable to cyber attacks
What Is an Infostealer? Is It Dangerous?
What Is Riskware? Here's Everything You Need to Know
What Is Zero-Knowledge Encryption and Why Should You Use It?