Cyber Security and Information Security News - Daily Updates !!

23/04

3 Common IoT Attacks that Compromise Security

Analysts flag China link to ‘India Post’ phishing scam

Animated QR codes: how do they work, and how to create your own?

Binance TAKES BACK $5 Million+ in Stolen Crypto from North Korean Hacker Group 'Lazarus'...

Cloud storage: Zero trust’s ultimate defense

Critical US Power Grid Hardware Wide Open With Backdoors, Warns CISA

Cyber attack shuts Costa Rica govt systems

Cyberattacks rise at oil firms as hackers step up their game

Dangerous malware is up 86%: Here’s how AI can help

Hacking Viruses Cause Criminal Activites

Hone your skills with lifetime access to a top-rated course library

How Vulnerable Are You To A Cyberattack? Here's How To Know

Knowledge Sharing: Breaking Down Real-World Attacks to Learn for the Future

LinkedIn users beware – scammers are targeting you

North Korean gang still accessing its $600 million crypto haul

Now Mandiant says 2021 was a record year for exploited zero-day security bugs

OWASP® Global AppSec US 2021 Virtual – Alexei Kojenov’s ‘Outside The Box: Pwning IoT Devices Through Their Applications’

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Royal Malaysia Police (PDRM): Beware of viral fake Petronas lucky draw link that is actually a phishing website

Russian malware planted from Nigeria in OIL cyber attack

Terra (LUNA) Network Addresses Scammed Out of $4,310,000 in Phishing Attack: Blockchain Security Firm SlowMist

Third-party company with D51 experienced data breach

U.S. Sanctions More North Korean ETH Addresses Over $600M Ronin Hack

Veracode Report Shows Signs of Progress in Securing Software Supply Chain

Warning over Amazon invoice scam as tech giant says hackers could steal your account information – signs to look out for

22/04

3 things you need to know about cryptocurrency scams

5 Signs of Phone Tracking You Should Look Out For

8 mln customers affected by Cash App security breach

Android security: Flaw in an audio codec left two-thirds of smartphones at risk of snooping, say researchers

Atlassian fixes critical Jira authentication bypass vulnerability

Backup is key for cyber recovery

Bolstering Security Standards: How A Consolidated IT Infrastructure Can Arm Businesses Against Cyber-Criminals

Chinese hackers behind most zero-day exploits during 2021

Costa Rica’s President Alvarado Says Cyber Attacks Seek to Destabilize Country as Government Transitions

Demand for Cybersecurity Skills Rises as Quantum Computing Threats Tighten

Developer snuck apps past Apple that forced users into subscriptions

Extra Online Security for your phone

FBI: Ransomware Attack Risk to Food and Ag Sector

FBI Warns US Farmers of Ransomware Surge

Hackers find 122 vulnerabilities — 27 deemed critical — during first round of DHS (Department of Homeland Security) bug bounty program

Hackers Use Malicious Google Ads to Steal $4 Million In Crypto Stablecoin

How Common Types of Cyberattacks Are Evolving

How Geopolitical Events Should Shape Data Security Posture

In a remote-work world, a zero-trust revolution is necessary

Indian Petroleum Refineries network faces enormous cyber attacks from October 2021 to April 2022

Keeping online payments safe

LemonDuck botnet plunders Docker cloud instances in cryptocurrency crime wave

Malware rouba quase 20 mil usuários de serviços estaduais

Managing Risk of Insider Threats in Healthcare Cybersecurity

Moving Beyond Security Culture Bottlenecks

Navigating a changing cyber security landscape

Optimizing Security in Data Collection Processes

Police issue warning over fake emails claiming to be from Martin Lewis after more than 1,000 reported in just three days

QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities

Ransomware attacks are hitting universities hard, and they are feeling the pressure

Remotely exploitable flaws found in codec used by many Android phones

Researcher Releases PoC for Recent Java Cryptographic Vulnerability

REvil resurrected? Ransomware crew appears to be back. Keyword: Appears

Russian hackers are seeking alternative money-laundering options

Skeletons in the Closet: Security 101 Takes a Backseat to 0-days

Snapshots vs backup: Use both for optimum RPOs

SuperCare Health Faces Lawsuits Over Data Breach

T-Mobile confirms Lapsus$ hackers breached internal systems

Tackling Cybersecurity Vulnerabilities in School Systems

The Great Resignation meets the Great Exfiltration: How to securely offboard security personnel

The most powerful hacking tools are no longer in the hands of governments alone

Ukraine ramps up cyber defences to slow surge in attacks

Vulnerability in AWS Log4Shell hot patch allowed full host takeover

Vulnerable infrastructure operators are 'switching off' security to avoid downtime

Wawa Sues Mastercard Over Data Breach Penalties

Zero-Day Exploit Use Exploded in 2021

Zero-Trust For All: A Practical Guide

21/04

60% of BYOD companies face serious security risks

Adaptive Health Integrations Data Breach Impacts 510K

Amazon's Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug

Another School District Says Student Data Breached Within an Illuminate Education Product

Austrac outlines how to spot ransomware and detect abuse of digital currencies

Beanstalk DeFi project robbed of $182 million in flash loan attack

Bob's Red Mill Reports Data Breach

Citibank, Wells Fargo, Chase… Watch Out for Fake Bank Text Messages — Phishing & Zelle Scams

Costa Rica's Alvarado says cyber​​attacks seek to destabilize country as government transitions

Critical bug in Android could allow access to users' media files

Critical Chipset Bugs Open Millions of Android Devices to Remote Spying

Cisco Umbrella default SSH key allows theft of admin credentials

CVE-2022-20685 flaw in the Modbus preprocessor of the Snort makes it unusable

Cybersecurity Advisory warns of Russian-backed cyber threats to infrastructure

Digging Into the Science of Behaviour to Tackle Cyber Extortion

Docker servers hacked in ongoing cryptomining malware campaign

FBI: BlackCat ransomware breached at least 60 entities worldwide

FBI Seeks Info on BlackCat

Feds warn of 'exceptionally aggressive' ransomware threat targeting healthcare

Financial leaders grappling with more aggressive and sophisticated attack methods

Five Eyes advisory warns more malicious Russian cyber activity incoming

Five Eyes Agencies Issue Detailed Russian Cyber-Threat Warning

Flash Loan Attack Takes Beanstalk Defi Platform for $182 Million, Largest Yet of Its Type

Google: Record Year for Zero Days in 2021

Hackers earn $400K for zero-day ICS exploits demoed at Pwn2Own

Hackers Sneak 'More_Eggs' Malware Into Resumes Sent to Corporate Hiring Managers

Hive hackers are exploiting Microsoft Exchange Servers in ransomware spree

How fast do cybercriminals capitalize on new security weaknesses?

How to Test Your Browser’s Security

International Data Corporation Confirms Recent Data Breach

Leaks Fail to Dent Conti's Successful Ransomware Operation

Lincoln College was already struggling. Then came ransomware

Microsoft Exchange Server users are being targeted by Hive ransomware attack

Mortgage servicer data breach affects 2.5 million; Crypto wallet provider warns iOS users

New Incident Report Reveals How Hive Ransomware Targets Organizations

North Korea Funding Nuclear Program with Cyber Activity

Paying Cyber Ransoms Won't Get Your Data Back, ESG Finds

Phishing Attacks Jumped 29 Percent in 2021, New Zscaler Research Finds

Phishing emails targeting LinkedIn accounts are on the rise. Here's what to watch out for

QNAP asks users to mitigate critical Apache HTTP Server bugs

Ransomware Targeting Virtualization Platforms on the Rise

REvil ransomware group's infrastructure comes back online hinting at fresh campaign

Slow deployment is hampering fraud prevention. What gives?

State Bank of India (SBI) warns customers of phishing scam: Here’s how to protect yourself

Static SSH host key in Cisco Umbrella allows stealing admin credentials

Strengthening the ability of public companies to combat cybersecurity threats

The state of open-source software supply chain security in 2022

Vulnerabilities that kept security leaders busy in Q1 2022

Two-Thirds of Global Banks Report Surge in Destructive Attacks

Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails

US, Australia, Canada, New Zealand, and the UK warn of Russia-linked threat actors’ attacks

Verizon’s Data Breach Report – Insights for Cloud Security Professionals

Warrior Trading forced to pay $3 million for 'misleading' day trading scheme

Why Uploading Your Personal Data on Social Media is a Bad Idea

20/04

60% of Healthcare Orgs Say Third-Party Risk Management Needs Improvement

Adaptive Health Integrations Data Breach Affects More than 510,000 Individuals

Amazon Web Services fixes container escape in Log4Shell hotfix

Anonymous "OpRussia" Reports Metro System Hack, Counter-Disinformation Milestone

Behind the push to finally eliminate passwords

Beware of Fake Windows 11 Update Delivering Malware

Brave adds Discussions to enrich its search results

Check Your Messages: Scam Texts on the Rise

Crypto-related phishing and how to avoid it

Cyber-Attackers Hit Sunwing Airlines

Cybercriminals are finding new ways to target cloud environments

DDoS and Ransomware: A Prevalent and Potent Blend

Develop projects more efficiently with this certification bundle deal

Discover the top three cybersecurity essentials for universities

Double extortion ransomware surges

FBI Releases AvosLocker Ransomware Advisory

FBI Warns of Ransomware Attacks on Farming Co-ops During Planting, Harvest Seasons

FBI warns of ransomware attacks targeting US agriculture sector

Five ransomware attacks in 2022 so far you should know about

Global Dwell Time Drops but EMEA Lags

Google: 2021 was a Banner Year for Exploited 0-Day Bugs

Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021

Google: We're spotting more zero-day bugs than ever. But hackers still have it too easy

HHS sounds alarm on 'exceptionally aggressive' ransomware group

How ready are organizations to manage and recover from a ransomware attack?

IT leaders require deeper security insights to confidently manage multi-cloud workloads

Kaspersky offers free decryptor tool to deal with Yanluowang ransomware

LAZARUS APT Using TraderTraitor Malware to Target Blockchain Orgs, Users

Microsoft Defender flags Google Chrome updates as suspicious

Microsoft Exchange servers hacked to deploy Hive ransomware

Modern Bank Heists 5.0: The Escalation from Dwell to Destruction

More than 42 million people in UK have had their financial data hacked

New Global Research Reveals that 90 Percent of Organizations Have Suffered One or More Successful Email Breaches in the Last 12 Months

New Zscaler Research Shows Over 400% Increase in Phishing Attacks with Retail and Wholesale Industries at Greatest Risk

Okta: Just Two Customers Impacted by Lapsus Breach

Okta: Lapsus$ breach lasted only 25 minutes, hit 2 customers

Okta says Lapsus$ breach hit just two customers

Phishing alert: How cybercriminals are using India Post to steal money from gullible citizens

Ransomware: This gang is getting a lot quicker at encrypting networks

Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System

REvil's TOR sites come alive to redirect to new ransomware operation

Russian state hackers hit Ukraine with new malware variants

Scam apps on Apple’s macOS App Store won’t let you quit until you pay a subscription

The Basics of Cloud Security for Your Business

The evolving role of the lawyer in cybersecurity

The New Cyberthreat To Healthcare: Killware

The Top 5 Security Orchestration Myths

Time to get patching: Oracle's quarterly Critical Patch Update arrives with 520 fixes

UK Government Staff Hit with Billions of Malicious Emails in 2021

US and allies warn of Russian hacking threat to critical infrastructure

US Government: North Korean Threat Actors Are Targeting Cryptocurrency Organizations

Vermont Eyecare Practice Suffers Data Breach Affecting 30K Patients

‘Zero-Day’ Hacks Hit Record in 2021, Google Researchers Say

What’s a vCISO and why does your company need one?

19/04

81% of codebases contain known open source vulnerabilities

Attacker Accessed Dozens of Repositories After OAuth Token Theft

Blockchain warning: Hackers are targeting developers and DevOps teams

‘CatalanGate’ Spyware Infections Tied to NSO Group

Comelec withholds payment to Smartmatic amid data breach controversy

Corvus Insurance finds 2021 average ransoms paid by quarter were down 44.2%

Court rules that data scraping is legal in LinkedIn appeal

Cyberattacks Pose ‘Existential Risk’ To Colleges—And Sealed One Small College’s Fate

Cybersecurity a boardroom blindspot

Data Breach Resolution 22% Faster in 2021 for Organizations Embracing Intelligent Automation

Digital ID verification: Using a mobile device to prove your identity

Don't Want Your Phone Carrier Tracking Your Personal Data? You Can Tell It to Stop

Double Extortion Ransomware Increased Almost 500% in 2021, CipherTrace Reports

Experts Uncover Spyware Attacks Against Catalan Politicians and Activists

Funky Pigeon pauses all orders after 'security incident'

Funky Pigeon shuts website and pauses orders after cyber attack – are you at risk?

Funky Pigeon suspends orders after cyber-attack

Funky Pigeon Suspends Orders Following Cyber-Attack

GitHub notifies owners of private repos stolen using OAuth tokens

Google fixes Chrome zero day being used in exploits in the wild

How much are cyber breaches costing UK businesses?

India is among the top five countries with the most data breaches

Lazarus Gets Banned by Tornado Cash for Hacking $600 Million From Axie Infinity’s Ronin Bridge

Lenovo patches UEFI firmware vulnerabilities impacting millions of users

LinkedIn Becomes the Most Impersonated Brand for Phishing Attacks

LinkedIn brand takes lead as most impersonated in phishing attacks

March 2022 Healthcare Data Breach Report

March 2022’s most wanted malware: Revenge RAT asserts its dominance in the UAE followed by Emotet

MetaMask Asks Apple Users to Disable iCloud Backup for Wallet After User Lost $650,000

Microsoft: We're boosting our bug bounties for these high-impact security flaws

Mismanaged IAM Can Lead to Data Breaches

Moving towards defense in depth under the gray skies of conflict

New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops

New Security Priorities Report Details What Security Leaders Need to Plan for Next

New stealthy BotenaGo malware variant targets DVR devices

Night Sky: A Short-Lived Threat from a Long-Lived Threat Actor

North Korea aims 'TraderTraitor' malware at cryptocurrency workers

Northern Ireland law firms urged to prioritise defences against cyber attacks

Pegasus Spyware Targeted UK Prime Minister, Say Researchers

Ransomware Evolves from “Spray and Pray” to Multi-billion Mega Industry

Ransomware needs to form part of any business disaster recovery planning

Rethinking Cyber-Defense Strategies in the Public-Cloud Age

Ronin Crypto Heist of $618m Traced to North Korea

Secret Attempt to “Buy Back” Customer Data From T-Mobile Hack Failed, Criminals Sold Information in Spite of $200,000 Payment

Social Media Network LinkedIn Ranks First in List of Brands Most Likely to be Imitated in Phishing Attempts in Q1 2022

State of Pentesting 2022 report: Interactive event and open discussion

The changing role of the CCO: Champion of innovation and business continuity

The state of coordinated vulnerability disclosure policies in EU

Thousands of furious customers left without birthday cards and gifts as Funky Pigeon SUSPENDS orders after being hit by a cyber-attack amid fears personal details may have been exposed

UK: Prime Minister Johnson's office hacked? Research group claims Pegasus spyware behind attack

US Officials Increase Warnings About Russian Cyber-Attacks

WH Smith Says Its Funky Pigeon Was Victim of Cyberattack

What is Adaptive Security?

Why you shouldn’t reply to this ATO scam text message

18/04

4 steps for building an orchestrated authorization policy for zero trust

9 types of password hacking attacks and how to avoid them

16 Essential Early Steps In Creating An Effective Zero-Trust Environment

Apple Users Warned By MetaMask Over Potential Phishing Attacks Via iCloud

Apr 10 – Apr 16 Ukraine – Russia the silent cyber conflict

Bangko Sentral ng Pilipinas (BSP) urges public to turn on multi-factor authentication for online transactions

Beanstalk DeFi platform loses $182 million in flash-load attack

Blue Earth County releases report on insider data breach that began in 2020

Can GitOps Improve Application Security?

Can you predict ransomware attacks before they happen?

CISA adds VMware, Chrome flaws to its Known Exploited Vulnerabilities Catalog

Currency.com Evades Russian DDoS Cyber Attack

Cyber Security Education Firm Aware Force Reports on Most Dangerous Phishing E-mails and Texts Cyber Thieves Sent in Q1 2022

Data Breach Update: Cytometry Specialists, Inc. d/b/a CSI Laboratories

Data Breaches: Current Open Lawsuits and Settlements

DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii

Escalation of Cybercrime-As-A-Service Has Major Ramifications

Federal Motor Carrier Safety Administration (FMCSA) warns Commercial Driver’s License (CDL) drivers to be alert to phishing scam

Here Are 5 Cloud Security Predictions for 2022

How Cloud-Based Solutions Might Mitigate EMR Security Risks

HowTo: Create a Cyber Maturity Strategy

It’s Time To Protect The Most Unprotected Part Of The Modern Workforce: Humans

New SolarMarker Malware Variant Using Updated Techniques to Stay Under the Radar