NEWS: Abril/Maio (02/05 - 08/05) - 18 Semana de 2021

08/05

“Bulletproof Hosting” Operators Pleaded Guilty in American Court - TechNadu

Cryptocurrency Scammers Have Hijacked Twitter Account of Argentinian Politician - TechNadu

Microsoft removes remaining Windows 10 Conexant update blocks - Bleeping Computer

Researchers Find 19 Petabytes of Data Exposed Online and Accessible by Anyone - TechNadu

07/05

19 petabytes of data exposed across 29,000+ unprotected databases - Security Affairs

Acting on a security risk assessment of your organization’s use of Salesforce - Help Net Security

Be a “dumbass”, like some of the world’s best cyber investigators - Help Net Security

Bot Attacks a Top Cybersecurity Concern - InfoSecurity

Build the ultimate cybersecurity résumé with this 24-course bundle - Bleeping Computer

Connecting the Bots – Hancitor fuels Cuba Ransomware Operations - Security Affairs

Consumer views and behaviors on creating and using passwords - Help Net Security

Cuba Ransomware partners with Hancitor for spam-fueled attacks - Bleeping Computer

Cybersecurity warning: Russian hackers are targeting these vulnerabilities, so patch now - ZDNet

DefakeHop: A deepfake detection method that tackles adversarial threat detection and recognition - Help Net Security

Google teams up with Stop Scams to tackle financial fraud in the UK - ZDNet

IRS secures order to serve Kraken with customer data request on cryptocurrency traders - ZDNet

Lawsuit Filed Over Contact Tracing Data Breach - InfoSecurity

Microsoft Warns About New BEC Campaign Making Money Through Gift Card Scams - TechNadu

New Stealthy Rootkit Infiltrated Networks of High-Profile Organizations - The Hacker News

New TsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers - The Hacker News

New workloads are driving data protection modernization - Help Net Security

Possible attacks on the TCP/IP protocol stack and countermeasures - Security Affairs

Qualcomm chip vulnerability found in millions of Google, Samsung, and LG phones - ZDNet

Smart cities are a tempting target for cyberattacks, so it's time to secure them now - ZDNet

Suicide prevention body calls for gambling platform data-sharing practices to be reined in - ZDNet

The obvious and not-so-obvious data you wouldn’t want companies to have - Help Net Security

Three Marylanders Indicted Over BEC Scam - InfoSecurity

Well-Intended Hackers Broke Into Fermilab’s Network and Accessed Sensitive Data - TechNadu

06/05

A taste of the latest release of QakBot - Security Affairs

Best Practices for Securing Public Cloud Infrastructure - Security Boulevard

Bitglass Security Spotlight: Another Supply-Chain Attack, Microsoft Vulnerabilities, and More Data Breaches - Security Boulevard

ACIC believes there's no legitimate reason to use an encrypted communication platform - ZDNet

Chinese PLA Unit 61419 suspected to have purchased AVs for cyber-espionage - Security Affairs

Cisco fixes critical flaws in SD-WAN vManage and HyperFlex HX software - Security Affairs

Cloud native adoption increasing security concerns - Help Net Security

Creating an Effective Cybersecurity EO - Security Boulevard

Critical Flaws Hit Cisco SD-WAN vManage and HyperFlex Software - The Hacker News

Dispelling four myths about automating PKI certificate lifecycle management - Help Net Security

Email security is a human issue - Help Net Security

New Qualcomm Chip Bug Could Let Hackers Spy On Android Devices - The Hacker News

New Spectre Flaws in Intel and AMD CPUs Affect Billions of Computers - The Hacker News

New York Considers Proposal for the Regulation of Cryptocurrency Mining - TechNadu

Passwords a Threat to Public Infrastructure - Security Boulevard

Qualcomm vulnerability impacts nearly 40% of all mobile phones - Bleeping Computer

Ransomware Attack Disrupts Scripps Health - Security Boulevard

Ransomware: There's been a big rise in double extortion attacks as gangs try out new tricks - ZDNet

Ryuk ransomware finds foothold in bio research institute through student who wouldn’t pay for software - ZDNet

Security researchers found 21 flaws in this widely used email server, so update immediately - ZDNet

The Evolution of Ransomware Attacks - Security Boulevard

What contractors should start to consider with the DoD’s CMMC compliance standards - Help Net Security

05/05

21 vulnerabilities found in Exim, update your instances ASAP! - Help Net Security

61% of cybersecurity teams are understaffed - Help Net Security

ALERT — New 21Nails Exim Bugs Expose Millions of Email Servers to Hacking - The Hacker News

Banking Trojan evolves from distribution through porn to phishing schemes - ZDNet

BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide - The Hacker News

Defeating typosquatters: Staying ahead of phishing and digital fraud - Help Net Security

Enterprises Misplace Trust in Partners, Suppliers - Security Boulevard

Facebook bans Signal's attempt to run transparent Instagram ad campaign - ZDNet

Google Chrome: This new feature makes it tougher for hackers to attack Windows 10 PCs - ZDNet

How modern workflows can benefit from pentesting - Help Net Security

Is it OK to publish PoC exploits for vulnerabilities and patches? - Help Net Security

Justice Department seizes fake COVID-19 vaccine website stealing info from visitors - ZDNet

New Study Warns of Security Threats Linked to Recycled Phone Numbers - The Hacker News

Panda Stealer dropped in Excel files, spreads through Discord to steal user cryptocurrency - ZDNet

Pandemic accelerating need for insider risk management - Help Net Security

REvil ransomware to blame for UnitingCare Queensland's April attack - ZDNet

Social media feed simulator Fakey teaches users to recognize credible content - Help Net Security

Twitter kills 'Open for a surprise' tweets with new mobile feature - Bleeping Computer

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware - Security Affairs

04/05

Apple fixes four zero-days under attack - Help Net Security

Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack - The Hacker News

Data breaches spike - The Strait Times

Digital transformation investments a top priority for most CFOs - Help Net Security

Financial institutions experiencing jump in new pandemic-related threats - Help Net Security

Healthcare organizations implementing zero trust to tackle cyberattacks - Help Net Security

Kubestriker: A security auditing tool for Kubernetes clusters - Help Net Security

List of data breaches and cyber attacks in April 2021 – 1 billion records breached - IT Governance

Microsoft's new open-source tool could stop your AI from getting hacked - ZDNet

New FluBot Android Banking Trojan Spread Via SMS Phishing - LHN

New Pingback Malware Using ICMP Tunneling to Evade C&C Detection - The Hacker News

New Windows 'Pingback' malware uses ICMP for covert communication - Bleeping Computer

OSG did not tell privacy watchdog about recent data breach - Inquirer

OSG probes online data breach - Philstar Global

Problems installing iOS 14.5.1? Here's what you need to know - ZDNet

Pulse Secure Patches Critical Zero-Day Flaw - InfoSecurity

Ransomware targeting Asean SMEs drops - Bangkok Post

Secure your cloud: Remove the human vulnerabilities - Help Net Security

‘ShinyHunters’ Is Sharing the Entire WedMeGood Stolen Database for Free - TechNadu

Third Parties Caused Data Breaches at 51% of Organizations - InfoSecurity

Three new malware families found in global finance phishing campaign - ZDNet

U.S. Agency for Global Media data breach caused by a phishing attack - Bleeping Computer

Use longitudinal learning to reduce risky user behavior - Help Net Security

Users increasingly putting password security best practices into play - Help Net Security

Virgin Active SA Suffers Cyber-Attack - InfoSecurity

03/05

58% of orgs predict remote workers will expose them to data breach risk - Help Net Security

A Rust-based Buer Malware Variant Has Been Spotted in the Wild - The Hacker News

Apple fixes 2 iOS zero-day vulnerabilities actively used in attacks - Bleeping Computer

Apple Releases Urgent Security Patches For Zero‑Day Bugs Under Active Attacks - The Hacker News

Articulating DMARC as a key defence against phishing - ITWeb

Chinese hackers targeting Russian nuclear submarine design firm with PortDoor malware - Teiss

Contact Tracer Breach Hits the Keystone State - InfoSecurity

Cybersecurity control failures listed as top emerging risk - Help Net Security

Data breach alerts in S'pore up on new reporting rules, more cyber threats: Experts - The Straits Time

DDoS attackers stick to their target even if they are unsuccessful - Help Net Security

Deepfake Attacks Are About to Surge, Experts Warn - ThreatPost

DHS, White House turn spotlight on ransomware - GCN

eCommerce fraud losses to surpass $20 billion this year - Help Net Security

Eliminating man-in-the-middle attacks - Secure Link

Facebook, Google, Twitter caution Australia against a blanket terrorism content ban - ZDNet

Fresh Royal Mail scam warning issued to millions of Brits - Manchester Evening News

Gifford says vendor had data breach - Valley News

Hacker leaks 150 million user records from Iranian Raychat app - HackRead

Health care giant Scripps Health hit by ransomware attack - Bleeping Computer

Home Office Cybersecurity Best Practices - Los Angeles Business Journal

How do I select a DLP solution for my business? - Help Net Security

How organizations can optimize cloud spend - Help Net Security

Iran suspected of being behind ransomware attacks against Israeli organizations - Israel Defense

Large-Scale ‘Instacart’ Hacks Pushing Gig Workers in Despair - TechNadu

MITRE ATT&CK v9 is out and includes ATT&CK for Containers - Help Net Security

N3TW0RM ransomware emerges in wave of cyberattacks in Israel - Bleeping Computer

New Buer Malware Downloader Rewritten in E-Z Rust Language - ThreatPost

New Chinese Malware Targeted Russia's Largest Nuclear Submarine Designer - The Hacker News

Northern Cape municipality battles devastating ransomware attack - ITWeb

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys - The Hacker News

Philippines Solicitor General data breach flagged by security firm - Channel Asia

PoC exploit released for Microsoft Exchange bug discovered by NASA - Bleeping Computer

Popular Turkish Software Site ‘Gezginler’ Appears to Have Been Breached - TechNadu

Pulse Secure fixes VPN zero-day used to hack high-value targets - Bleeping Computer

Ransomware Attack On Midwest Transplant Network Affects More Than 17,000 - KCUR

Ransomware shutdown continues to be a problem for Scripps Health - La Jolla Light

Researchers Uncover Iranian State-Sponsored Ransomware Operation - The Hacker News

Risk-based vulnerability management has produced demonstrable results - Help Net Security

Shlayer Malware Exploited macOS Zero-Day To Bypass Apple Security - LHN

Social Engineering: Watch Out for These Threats Against Cybersecurity Experts - Security Intelligence

Spike in data breaches sends firms scrambling for cybersecurity cover - Times Of India

These breached "Star Wars"-themed passwords need more than the force to save them - TechRepublic

Toronto reveals potential cyber breach - Insurance Business Magazine

TurgenSec finds 345,000 files from Filipino solicitor-general's office were breached - ZDNet

02/05

Bol.com mistakenly deposited € 750,000 into an oplic account - Cheraw Chronicle

Flash Loan Attack on Binance Smart Chain, $30 Million Stolen From Spartan Protocol Using BNB - CoinGape

Introducing COLT – Compromise To Leak Time - Vulnerability

New bogus Royal Mail text message being sent out by phishing fraudsters - Wales Online

Personal Data Of Illinois Residents May Have Been Exposed After Ransomware Attack - Effingham Radio