DAILY NEWS: Setembro (25/09 - 01/10) - 39 Semana de 2022

Cyber Security and Information Security News - Daily Updates !! Weekly Review

01/10

3 types of potential business liability associated with data breaches

A Security Expert Tells Us How To Protect Your Personal Data From Hackers

Chinese Hackers Hiding Malware in Windows Logo

CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability

Eight Shangri-La hotels in Asia hit by data breach, potentially exposing guest information

Electricity Company of Ghana (ECG) systems hacked with ransomware

Guacamaya hacktivists stole sensitive data from Mexico and Latin American countries

Hackers targeted 8 Shangri-La hotels between May and July, guests' data potentially leaked

Hotel Booking App Ordered to Compensate 300 Customers for Data Breach

How to mitigate the risk of the Optus data breach

Lazarus hackers abuse Dell driver bug using new FudModule rootkit

Microsoft to let Office 365 users report Teams phishing messages

"Phishing" scam warning

Protecting online data has never been more vital

'Shangri-La hack may affect over 290,000 HK guests'

State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations

The true costs of a breach — and does your business really have to pay the ransom?

What businesses need to know about investigating, remediating and reporting a data breach

What Is SIM Jacking and What Can You Do to Protect Yourself?

30/09

7 Ways to Prevent a Smartphone Data Breach

90% of companies affected by ransomware in 2022

2,857 Geisinger patients affected by 3rd-party data breach

Attackers use novel technique, malware to compromise hypervisors and virtual machines

BlackCat said they breached US Department of Defense contractor and went offline

Business Email Compromise (BEC) – One of the most common yet Dangerous Attacks

Capital One to pay $190m to settle a class-action lawsuit on 2019 data breach

CISA: Hackers exploit critical Bitbucket Server flaw in attacks

City council's planning system back up and running nine months after hack

Country Doctor Community Clinic Files Official Notice of a Data Breach with the Federal Government

Cyber attack: Gloucester City Council planning site mostly restored

Cyber Attacks Against Middle East Governments Hide Malware in Windows logo

Cybercriminals See Allure in BEC Attacks Over Ransomware

Data breach at border agency contractor involved up to 1.38 million licence plates

Data breach fears make older borrowers reluctant to share home loan data online

Fake US govt job offers push Cobalt Strike in phishing attacks

Financial phishing still on the rise

Germany arrests hacker for stealing €4 million via phishing attacks

Hacker groups assist Iranian protestors

Hackers Backdoor Pirated Windows OS With Cryptominer and Xtreme RAT

Hackers Hide Malware in Windows Logo, Target Middle East Governments

Hacking Attack Narrowly Misses Davenport, Iowa, School District

Hotel booking app ordered to compensate 300 customers for data breach

How a Data Breach Could Sink an SME

How Public Agencies Can Reduce Risk of Data Breaches

HSE cyber attack cost taxpayers at least €101m, with a further €657m to be spent safeguarding against repeat attacks

If you get an email warning your info is on the Dark Web, here’s what to do

Internal Revenue Service (IRS) reports significant increase in texting scams; warns taxpayers to remain vigilant

Lazarus-Associated Hackers Weaponize Open-Source Tools Against Several Countries

LeakBase Announces Swachhata Platform Breached, 16 Million User PII Records Exposed

LA School District Ransomware Attackers Now Threaten to Leak Stolen Data

Magellan Health settles for $1.43M after data breach, delayed notification

MI5 website briefly knocked offline by possible cyber attack

Microsoft Confirms 2 New Exchange Zero-Day Flaws Being Used in the Wild

Microsoft Confirms Two 0-Days Being Exploited Against Exchange Servers

Microsoft Exchange Server Vulnerabilities CVE-2022-41040 and CVE-2022-41082

Mysterious Optus hacker suddenly DISAPPEARS from the site where they posted their chilling threats after issuing a grovelling apology to the telco

Neurology Center of Nevada Reports Recent Data Breach Affecting 11k+ Patients

New Malware Campaign Targeting Job Seekers with Cobalt Strike Beacons

New Malware Families Found Targeting VMware ESXi Hypervisors

North Korean Hackers Weaponizing Open-Source Software in Latest Cyber Attacks

Northern California Fertility Medical Center Announces Data Breach Leaking Patients’ Protected Health Information

Optus breach victims will get "supercharged" fraud protection

Optus to pay for new passports

Organizations Battle Ransomware Targeting Supply Chains

Over 145,000 customers' data was exposed in agency data breach incident – report

Physician’s Business Office Files Notice of Data Breach Affecting Over 196k Patients

Quantifying the risk of cybersecurity

Ransomware, identity theft and virtual attacks fast becoming growing threats in Asia

SaaS Data targetted by half of Ransomware Attacks in last 12 months

Seattle Children's notifies 6,750 patients of third-party data breach

Solana PayPal Invoice Scam

South Korea: ATM Withdrawals Capped to Thwart Phishing Scams

Texas healthcare provider FMC Services suffers a ransomware attack

The Coeur Group notifies patients of data breach

The Psychological Effects of Getting Your Data Leaked That No One Talks About

Toolkit, formerly employed for cybersecurity is now made accessible to hacker communities

Top issues driving cybersecurity: Growing number of cybercriminals, variety of attacks

Vice Society raises ransomware pressure on Los Angeles school district

Warning over new ‘Erbium’ malware that steals credit card details and personal data

What Proof of Stake Means for the Future of Blockchain Security

29/09

5 Things You Need To Know About Data Privacy

65% of companies are considering adopting VPN alternatives

75% of AU companies had cloud security incident in past year

Anxious wait: Optus victims unsure of data hack fallout

Assistant Treasurer Stephen Jones says Optus hacker 'appears' to be individual criminal amid massive data breach

Australia flags tough new data protection laws this year

Australian Electoral Commissioner (AEC) says no need to update enrolment information after Optus data breach

Backup as last line of defense against HK ransomware threats

Black Friday shoppers warned to be vigilant as online scams are on the rise

Brazilian Prilex Hackers Resurfaced With Sophisticated Point-of-Sale Malware

Business Email Compromise (BEC) attacks: Most victims aren't using multi-factor authentication – apply it now and stay safe

Canberrans most at risk to receive new, free driver licence

Chaos IoT malware taps Go language to harvest Windows, Linux for DDoS attacks

Crypto-Thieves Cost Victims 53 Times What They Make

Cybersecurity expertise needs to be incorporated into Bangladeshi company boards

Data of 72% of local, state govt bodies encrypted after ransomware attacks: report

Data security trends: 7 statistics you need to know

DJVU: The Ransomware That Seems Strangely Familiar…

Effects of Optus breach will linger: Jones

Fancy Bear Hackers Distributing Graphite Malware using PowerPoint Files

Fears of long impact from Optus breach

Financial Phishing Cyberattacks Significantly Increase in Kenya and Nigeria in Q2 of 2022

Fired admin cripples former employer's network using old credentials

Former Virgin Mobile, Gomo customers could also be victims of Optus data hack

Government, Union-Themed Lures Used to Deliver Cobalt Strike Payloads

GTA 6 Hacker Allegedly Sold GTA 5 Source Code Before Arrest

Hackers Aid Protests Against Iranian Government with Proxies, Leaks and Hacks

Hackers turn to Signal, Telegram and Dark Web to assist Iranian protestors

Hacking group hides backdoor malware inside Windows logo image

Half of adults in England and Wales receive ‘phishing’ messages, ONS data reveals

Holiday Inn owner says booking systems fully restored after cyber attack

Hong Kong, Aoyuan Healthy Life Group hit by PT_Moisha ransomware group

How is SOVA virus infecting your phone? State Bank of India (SBI), Punjab National Bank (PNB) customers beware

Ignorance isn’t bliss: How tech users lack fundamental cybersecurity knowledge

Internal Revenue Service (IRS) Warns of "Industrial Scale" Smishing Surge

It takes the average hacker less than 10 hours to find vulnerabilities

Lazarus Hacker Group Targets MacOS Users Through Crypto Jobs

Magellan Health settles data breach lawsuit for $1.43M

Malware builder uses fresh tactics to hit victims with Agent Tesla RAT

Matrix: Install security update to fix end-to-end encryption flaws

Microsoft: Lazarus hackers are weaponizing open-source software

Mid Sussex councillor calls for Housing Ombudsman to investigate Clarion Housing Association after cyber attack

Mobile, Cloud and Email Are Top Threat Vectors For 2023

Moody's says hospitals, utilities face high hacking risks

Multifactor authentication isn't perfect, passwordless is better

Nearly 75% of local and state government organizations attacked by ransomware had their data encrypted, Sophos survey finds

New Chaos malware spreads over multiple architectures

New malware backdoors VMware ESXi servers to hijack virtual machines

New Microsoft Exchange zero-days actively exploited in attacks

New Royal Ransomware emerges in multi-million dollar attacks

Nigeria and Kenya Records High Rate of Financial Phishing Cyberattacks in Q2 of 2022 According to Kaspersky Report

Office exploits continue to spread more than any other category of malware

Optus tells former Virgin Mobile and Gomo customers they could also be part of data breach

Personal App Use on the Rise – And So Are Cloud Security Risks

Police say hacker concealed ID in Australian privacy breach

Ransomware attack on Suffolk County heightens importance of cybersecurity for local municipalities

Researchers Discover Chaos, a Golang Multipurpose Botnet

Researchers Uncover Covert Attack Campaign Targeting Military Contractors

Russian hackers' lack of success against Ukraine shows that strong cyber defences work, says cybersecurity chief

SaaS data was the target of half of recent ransomware attacks

Singapore firms see 54 cybersecurity incidents daily, struggle to keep up

Sussex MPs warn about energy bills phishing scam

Swachh City Platform Suffers Data Breach Leaking 16 Million User Records

The Increasing Concern of Public-Sector Cybersecurity in State and Local Government

The rise of the dark web corporation

Training can help swing odds against ransomware in favor of financial industry

Trend Micro blocked and detected over 55mln threats in Saudi Arabia

UK is a top three ransomware target

Upgraded Prilex Point-of-Sale malware bypasses credit card security

US Defense Contractor Victimized by Ransomware Attack

What Is Vishing? And How to Protect Against It

What Telcos Should Learn from the Optus Breach

White House Releases Software Supply Chain Security Guidance

28/09

3 types of attack paths in Microsoft Active Directory environments

A personal perspective on investing in cybersecurity

American Airlines Data Breach Linked to a Phishing Campaign Exposed Sensitive Customer and Employee Personal Information

API Security Incidents Rise, Despite Confidence in Protection

APT28 relies on PowerPoint Mouseover to deliver Graphite malware

Auth0 warns that some source code repos may have been stolen

Bl00dy ransomware gang started using leaked LockBit 3.0 builder in attacks

Businesses find remote work security risks less daunting than before

Cost of a Data Breach: Infrastructure

Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely

Cryptominers hijack $53 worth of system resources to earn $1

Cyber Criminals Using Quantum Builder Sold on Dark Web to Deliver Agent Tesla Malware

Cyber-Threats Top Business Leaders' Biggest Concerns

Ethernet VLAN Stacking flaws let hackers launch DoS, MiTM attacks

Facebook Shuts Down Covert Political 'Influence Operations' from Russia and China

Google to test disabling Chrome Manifest V2 extensions in June 2023

GTA 6 teen hacker pleads not guilty in court

Hacker breaches Fast Company systems to send offensive Apple News notifications

Hacker shares how they allegedly breached Fast Company’s site

Hackers are making DDoS attacks sneakier and harder to protect against

Hackers Use Telegram and Signal to Assist Protestors in Iran

Hackers Using PowerPoint Mouseover Trick to Infect System with Malware

How to lock active incognito tabs on Android Chrome for more privacy

How To Protect Your Reputation After A Hack Or Data Breach

ICO Reprimands UK Organizations for GDPR Failings

Initial Access Brokers and Blocking the Continued March of Ransomware

Intruder alert! How one hacker infiltrated Uber

IRS warns Americans of massive rise in SMS phishing attacks

Is Microsoft really going to cut off security updates for your 'unsupported' Windows 11 PC?

Leaked LockBit 3.0 builder used by ‘Bl00dy’ ransomware gang in attacks

MEV bot earns $1M but loses everything to a hacker an hour later

Meta Takes Down Russian "Smash-and-Grab" Disinformation Campaign

Multi-platform Chaos malware threatens to live up to its name

New Chaos malware infects Windows, Linux devices for DDoS attacks

NUVOLA: the new Cloud Security tool

Optus confirms 14,900 active Medicare details exposed in data breach

Paying the ransom is still the most common response to a ransomware attack

Researchers Warn of New Go-based Malware Targeting Windows and Linux Systems

Russia demands answers after Apple kicks VK apps from App Store

Stealthy hackers target military and weapons contractors in recent attack

The holy trifecta for developing a secure API

The Optus hacker is being treated as the real deal by the government. Its apology can’t be trusted

There's been a big rise in hackers targeting Google Chrome - doing this one thing can help protect you

These advanced phishing tactics should put all businesses on high alert

Threat actors use Quantum Builder to deliver Agent Tesla malware

What to do if you’re impacted by a data breach

WatchGuard Report: Malware Decreases but Encrypted Malware Up in Q2 2022

Wolfi Linux provides the control needed to fix modern supply chain threats

27/09

46 percent of ransomware attacks happen in the US but who are the targets?

Alleged Optus Hacker Apologizes, Deletes Customers' Exposed Data

Australian police probe purported hacker's ransom demand

CISOs Have Lost Confidence in Ability to Quash Ransomware

Defense Giant Elbit Confirms Data Breach After Ransomware Gang Claims Hack

Evolving ransomware requires a modern approach to data management and protection

Experts Uncover 85 Apps with 13 Million Downloads Involved in Ad Fraud Scheme

Extortion Economics: Ransomware’s New Business Model

Federal government under pressure to reveal Optus data breach plan as FBI called in to help

Fintech Company Suffers Data Breach

Fraudsters adapt phishing scams to exploit cost-of-living crisis

Fulcrum Utility Services hit by cyber attack but no data breached

Global Firms Deal with 51 Security Incidents Each Day

Hacker Behind Optus Breach Releases 10,200 Customer Records in Extortion Scheme

Hackers are testing a destructive new way to make ransomware attacks more effective

Lazarus Group Targets MacOS Users Seeking Crypto Jobs

Lazarus hackers drop macOS malware via Crypto.com job offers

Legacy tech is undermining responses to ransomware in UK

Machines make up 43% of digital identities on enterprise networks

Malicious Oauth app enables attackers to send spam through corporate cloud tenants

Meaningful Learnings from the Uber Breach

Meta dismantles massive Russian network spoofing Western news sites

Microsoft Sway Pages Weaponized to Perform Phishing and Malware Delivery

MS SQL servers are getting hacked to deliver ransomware to orgs

New NullMixer Malware Campaign Stealing Users' Payment Data and Credentials

North Korea's Lazarus Hackers Targeting macOS Users Interested in Crypto Jobs

Observing the Changing Nature of Security within Organizations

Open source projects under attack, with enterprises as the ultimate targets

Optus data breach: an update for APRA regulated entities

Optus hacker apologizes and allegedly deletes all stolen data

Optus under further fire for cyber breach, purported hacker claims data deleted

Oxford Health: Cyber attack continues to hit NHS trust's services

Phishing Attacks Are At Their Highest As Figures Quadruple From 2020, Claims New Study

Ransomware Attacks Fall as Groups Restructure

Ransomware report finds reduction in percentage of organizations with disaster recovery plans in place

Retail and Wholesale Saw Over 400% Increase in Phishing Attacks

RiskLens Fast Facts on Cyber Risk for Local Governments – Suffolk County, NY, Ransomware Attack

Suffolk County Data Breach Puts Contracts On Back Burner

The Dire Warnings in the Lapsus$ Hacker Joyride

The Grand Tour’s Jeremy Clarkson Targeted By Russia-Based Hacker Group

The Guide To Dealing With A Ransomware Crisis For Businesses

TikTok Facing £27m UK Regulatory Fine

Ukraine Busts Pro-Russia Hackers Who Stole 30M Accounts of EU Citizens

Ukraine Says Russia Planning Massive Cyberattacks on its Critical Infrastructures

US branch of Israeli defense contractor Elbit hit by data breach

Why Continuous Security Testing is a Must for Organizations Today

Why zero trust should be the foundation of your cybersecurity ecosystem

26/09

3 ways to gauge your company’s preparedness to recover from data loss

5 Network Security Threats And How To Protect Yourself

6 Healthcare Cybersecurity, Operational Strategies For Successful CISOs

75% of fraudulent online banking payments originate from trusted devices

A third of Irish firms surveyed have paid cyber ransoms, paying out an average of €22,773 each

A world without cybersecurity

Adware on Google Play and Apple Store installed 13 million times

American Airlines phishing attack involved unauthorized access to Microsoft 365

Apex Capital Corp. Reports Data Breach That Compromised Individuals’ Social Security Numbers

Australia flags privacy overhaul after huge cyber attack on Optus

Australia mulls tougher cybersecurity laws after data breach

BlackCat Ransomware Attackers Spotted Fine-Tuning Their Malware Arsenal

Calgary Parking investigation reveals more than 145,000 customers exposed during data breach

Caught up in the Optus data breach? Here's what to do immediately

Chinese Espionage Hackers Target Tibetans Using New LOWZERO Backdoor

CI Fuzz CLI: Open-source tool simplifies fuzz testing for C++

Criminals are using QR codes to scam people in restaurants!

Diodes Incorporated Confirms Recent Data Breach Affecting SSNs and Health Information

‘Don’t pay cyber ransoms’ – Garda warning as it’s revealed a third of SMEs have paid criminal groups this year

Fraud crimes up by 25% in two years, figures suggest

GTA 6 hacker update: Now charged with violation of bail and computer misuse

Hackers leak French hospital patient data in ransom fight

Hackers Use NullMixer and SEO to Spread Malware More Efficiently

Hackers use PowerPoint files for 'mouseover' malware delivery

HC3 Details APT41 Cyberattack Tactics, Risks to Healthcare Cybersecurity

How confident are IT pros in their tech career?

How the CIO’s relationship to IT security is changing

How To Defend Against Ransomware Attacks: Where Security Automation Fits In

Keep Universities Secure in Today’s Cyber Threat Environment

Major Berry Producer, Reiter Affiliated Companies, LLC, Confirms Leaked SSNs in the Wake of Recent Data Breach

Microsoft SQL Server targeted by ransomware

Nearly 150K customer records accessed during 2021 data breach: Calgary Parking Authority

New Erbium password-stealing malware spreads as game cracks, cheats

North Macedonia Ministry Denies Covering up Ransomware Attack

Notice of Phishing Incident from CSI Laboratories

Online fraudsters adapt tactics to exploit UK cost of living crisis

Optus Faces $1Million Ransom Due to Cloud Misconfiguration

Optus has not covered itself in glory in handling of breach

Phishing attacks skyrocketing, over 1 million observed

Ransomware Affiliates Adopt Data Destruction

Ransomware attacks continue increasing: 20% of all reported attacks occurred in the last 12 months – new survey

RCE in Sophos Firewall is being exploited in the wild (CVE-2022-3236)

ReasonLabs Unveils Multimillion Dollar Global Credit Card Scam

Researchers Identify 3 Hacktivist Groups Supporting Russian Interests

Richemont’s Watchfinder Reports Customer Data Breach

Russian hackers leak personal data of Ukraine intelligence agents

Security Priorities Are Shifting as 90% Of Organizations Fail To Address Cybersecurity Risks

Simple Yet Vital Ways to Safeguard Yourself Against Online Threats

SQL Server admins warned about Fargo ransomware

Suffolk Civil Service Exams Canceled For Saturday After Cyberattack

T-Mobile has agreed to pay $350 million to settle complaints from last year’s data breach

The biggest cyber attacks of 2022

TikTok may be fined £27m for failing to protect children

Tomorrow’s connected car technologies: risk or reward?

Uber Hack Not Just A Reputational Damage But Reveals Basic Security Flaws

UK Teen Arrested on Computer Misuse Charges

US Duo Plead Guilty to $30m Forex Fraud Scheme

Vanity Addresses in the Spotlight Again as Hacker Gets Away With $950,000

Vice Society claims ransomware attack that hit six UK schools in Scholars’ Education Trust

What Are Disassociation Attacks?

What does the Optus data breach mean for you and how can you protect yourself? A step-by-step guide

25/09

3-2-1-1-0 rule to stay ahead of ransomware

Attackers impersonate CircleCI platform to compromise GitHub accounts

Australia: Cyber-attack on wireless firm exposes data belonging to 40% of this country's population

“BlackCat” attempts to up the pressure on Suffolk County; starts to leak data?

Covid antigen test results of 1.7m Indian and foreign nationals leaked online

Federal government to unveil new security measures following massive Optus data breach

GTA 6 and Uber hacker reportedly caught by London police: Know details

How Malware Hides in Images and What You Can Do About It

Metador: A New Hacking Group Hiding in Telecoms and ISPs For Months

New hacking group ‘Metador’ lurking in ISP networks for months

Noberus ransomware gets info-stealing upgrades, targets Veeam backup software

Optus data breach: Cybersecurity reforms expected to enable companies to rapidly inform financial institutions

Optus faces a customer exodus, calls for compensation amid anger over leaked data

Personal details of stars including Sir David Attenborough & Sarah Ferguson leaked after Russian cons hack organic shop

Ransomware data theft tool may show a shift in extortion tactics

UK Police nab alleged 'GTA VI' footage leaker

Warning over scam Ofgem emails claiming to offer energy bill rebate

DAILY NEWS: Setembro (18/09 - 24/09) - 38 Semana de 2022