NEWS: Agosto (01/08 - 07/08) - 31 Semana de 2021
Cyber Security and Information Security News !!! Daily Updates

07/08
A Batch of 1 Million Credit Cards Is Shared for Free on New Dark Web Carding Site - TechNadu
Actively exploited bug bypasses authentication on millions of routers - Bleeping Computer
Black Hat USA 2021: Who will sell my data to spammers? - Market Research Telecast
Egress Reports Astonishing Figures In Light Of Increased Phishing And Scam - Digital Information World
GIGABYTE Admits Falling Victim to a Ransomware Attack - TechNadu
Go, Rust "net" library affected by critical IP address validation vulnerability - Bleeping Computer
Hackers' attack manual may have been leaked online - NHK World Japan
How New Alliance of US Spooks & Big Tech Using 'Russia Bugaboo' to Amplify Surveillance Powers - Sputnik News
Infamous DarkSide ransomware reborn as new cyber threat: reports - Fox News
Pegasus Cyberweapon and the Threat on Smartphones - La Progressive
RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE - Security Affairs
So Your PayPal Account Has Been Limited | What Do You Do Now? - Invest Records
Spammers Are Tricking Victims Into Calling Scam Support Centers - TechNadu
The Financial Cost of Data Breaches Soars to 6 Year High With $4.24 Million Recorded Losses in 2021 - The Fintech Times
Three random words better than more complex passwords – GCHQ - Evening Standard

06/08
162,000 patients exposed in ransomware attack on Texas medical group - Becker's Health IT
Apple to Scan Every Device for Child Abuse Content — But Experts Fear for Privacy - The Hacker News
Black Hat: BadAlloc bugs expose millions of IoT devices to hijack - ZDNet
Black Hat: How cybersecurity incidents can become legal minefields - ZDNet
BlackMatter ransomware also targets VMware ESXi servers - Security Affairs
Can the public cloud become confidential? - Help Net Security
Closing the endpoint security gap within government - Open Access Government
Conti Leak Indicators – What to block, in your SOC…. - Security Affairs
Data Breach at University of Kentucky - InfoSecurity
Data Breaches Exposed 18 Billion Records In First Half Of 2021 - Tech Co
Demystifying cybersecurity with a more human-centric approach - Help Net Security
How real-time computing can sound the kill chain alarm - Help Net Security
Increasing speed of vulnerability scans ultimately increases security fixes overall - Help Net Security
India's Koo, a Twitter-like Service, Found Vulnerable to Critical Worm Attacks - The Hacker News
Insurance Giant ‘Transamerica Corporation’ Announces Data Breach - TechNadu
Malicious e-Books Can Result in Amazon Kindle Take-Overs - TechNadu
New Amazon Kindle Bug Could've Let Attackers Hijack Your eBook Reader - The Hacker News
Patch bypass flaw in Pulse Secure VPNs can lead to total compromise (CVE-2021-22937) - Help Net Security
Patch Bypass PoC for Pulse Connect Secure Calls for Emergency Update - TechNadu
Phishing Actors Still Abusing ‘Google Translate’ to Evade Detection - TechNadu
Self-Destructing Messages on Telegram May Be Permanently Stored in macOS - TechNadu
StarHub suffers data breach, but says no system was compromised - ZDNet
Tokyo Olympics Suffers a Fujitsu-Related Breach - Cyber Security Hub
VMware addresses critical flaws in its products - Security Affairs
VMware Issues Patches to Fix Critical Bugs Affecting Multiple Products - The Hacker News
Washington D.C. and Singapore top the list for 10 best cities for cybersecurity experts - ZDNet

05/08
A Wide Range of Cyber Attacks Leveraging Prometheus TDS Malware Service - The Hacker News
Audit finds some former WA government staff still have systems access after termination - ZDNet
Austrian Data Protection Authority Fines ‘Unser Ö-Bonus Club GmbH’ €2,000,000 - TechNadu
Blocked DDoS attack volumes up, tech, healthcare and finance most targeted - Help Net Security
CISA to partner with Amazon, Google, Microsoft, Verizon, AT&T and more for cyberdefense initiative - ZDNet
Cisco fixes critical, high severity vulnerabilities in VPN routers - Security Affairs
Cybercriminals are manipulating reality to reshape the modern threat landscape - Help Net Security
Cybercrime Ransomware 'Ban' is No Match for Threat Actors - InfoSecurity
Data breach is ‘taken seriously’ after patient file was found - Wex
Defunct marketing firm exposed 32GB worth of records, customers data - HackRead
How to build a zero-trust cloud data architecture - Help Net Security
How to Protect Your CRM Information from Security Threats - HackRead
Italian energy company ERG hit by LockBit 2.0 ransomware gang - Security Affairs
Looking to survive a ransomware attack - Professional Security
Microsoft Edge just got a 'Super Duper Secure Mode' upgrade - ZDNet
More than 12,500 vulnerabilities disclosed in first half of 2021: Risk Based Security - ZDNet
New PayPal Credential Phishing Scam Spotted - Softpedia News
PJCIS asks for Australia's 'hacking' Bill to gain judicial oversight and sunset clauses - ZDNet
Prometheus TDS: The $250 service behind recent malware attacks - Bleeping Computer
‘Prophet Spider’ Now Targeting Old Oracle WebLogic RCE Vulnerabilities - TechNadu
Ransom demands are getting larger and larger - IT Pro Portal
Ransomware – the growing cybersecurity scourge - Smart Energy International
Researchers turn the spotlight on the hidden workers of the cybercrime world - ZDNet
RIP guest access, long live shared channels! - Help Net Security
Salesforce Release Updates — A Cautionary Tale for Security Teams - The Hacker News
Schools and colleges on the Isle of Wight hit by ransomware - IT Pro
Security company warns of Mitsubishi industrial control vulnerabilities - ZDNet
South Korea to Step Up Support to Fight Ransomware Attacks - The Korea Bizwire
The destructive power of supply chain attacks and how to secure your code - Help Net Security
There's been a rise in stalkerware. And the tech abuse problem goes beyond smartphones - ZDNet
Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks - The Hacker News
White House backs away from banning ransomware payments - Computing
White House cyber official says 'commitment' by ransomware gang suggests Biden's warnings are being heard - CNN Politics
With Double Extortion, We Can’t Outplay Ransomware So We Need To Outwit It - ITWire

04/08
A clever phishing campaign is targeting Office 365 users - Help Net Security
A New Set of ‘INFRA:HALT’ Vulnerabilities Is Coming for Your OT Devices - TechNadu
Advanced Technology Ventures discloses ransomware attack and data breach - Security Affairs
AWS S3 can be a security risk for your business - Help Net Security
Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms - ThreatPost
Demystifying the 18 Checks for Secure Scorecards - Security Boulevard
Energy group ERG reports minor disruptions after ransomware attack - ZDNet
Fresh ‘APT31’ Activity Surfaces, Including Russian Targets for the First Time Ever - TechNadu
Google's One Tap lets you sign into websites and apps without a password - ZDNet
Implications for ATE insurance after data breach ‘privacy’ claim struck out - Pinsent Masons
INFRA:HALT security bugs impact critical industrial control devices - Bleeping Computer
Moving toward a reality where breaches are not a given - Help Net Security
Multiple Chinese Hacking Groups Targeted Telecommunication Service Providers in Asia - TechNadu
New Chinese Spyware Being Used in Widespread Cyber Espionage Attacks - The Hacker News
New Cobalt Strike bugs allow takedown of attackers’ servers - Bleeping Computer
NSA and CISA share Kubernetes security recommendations - Bleeping Computer
Partners in Crime: How Ransomware Gangs Are Working Together - Security Boulevard
‘Raccoon Stealer’ Now Comes With a Crypto-Transaction Grabber and a Malware Dropper - TechNadu
Remote work and its lasting impact: What our global research uncovered - Security Boulevard
Report Finds Software Supply Chains Rife with Vulnerabilities - Security Boulevard
Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus - The Hacker News
Sanford Health target of attempted cyber attack - Inforum
Security BSides Athens 2021 – Talk 5: Y. Koukouras D. Tsikopoulos – maraki1982: ‘A Management Tool for OAuth2 Phishing’ - Security Boulevard
Security researchers warn of TCP/IP stack flaws in operational technology devices - ZDNet
Supply chain attacks expected to multiply by 4 in 2021 - Help Net Security
There’s a New “FatalRAT” in Town Using Telegram Channels to Move About - TechNadu
Vulnerable TCP/IP stack is used by almost 200 device vendors - Help Net Security
Waikato DHB wins injunction to stop Radio NZ using hacked data - Stuff
What is DataSecOps and why it matters - Help Net Security
Yet Another Massive Data Leak From a Marketing Company Exposes 126 Million U.S. Citizens - TechNadu
YouTube Scam Baiter Tricked by Revengeful Scammers to Delete His Own Channel - TechNadu

03/08
73% of orgs were victims of phishing attacks in the last year - Venture Beat
92% of pharmaceutical companies have at least one exposed database - Help Net Security
A Silicon Valley VC firm with $1.8B in assets was hit by ransomware - Tech Crunch
Auditor finds WA Police accessed SafeWA data 3 times and the app was flawed at launch - ZDNet
Chinese Hackers Target Major Southeast Asian Telecom Companies - The Hacker News
Constant review of third-party security critical as ransomware threat climbs - ZDNet
Critical Flaws Affect Embedded TCP/IP Stack Widely Used in Industrial Control Devices - The Hacker News
DDoS attacks largely target the US and the computers and internet sectors - Tech Republic
DeadRinger: Chinese APTs strike major telecommunications companies - ZDNet
Google Cloud Security joins Exabeam-led cybersecurity alliance - ZDNet
Harris County Health Data Breach Exposes PHI of 26K - Health IT Security
Homewood Health confirms data breach hit - Business Canada
Insurance Broker Gallagher Sued Over Ransomware Attack - Claims Journal
Isle of Wight schools hit by ransomware attack - BBC News
Italian vaccination registration system down in apparent ransomware attack - NBC News
Loss of unencrypted disks behind National Lottery Community Fund data breach - ThirdSector
Nearly 3 in 4 Organizations Suffered Data Breaches Due to Phishing - NextGov
Olympic-themed passwords put people at risk - TechRepublic
Raccoon stealer-as-a-service will now try to grab your cryptocurrency - ZDNet
Ransom demands reaching $1.2M, smaller companies increasingly targeted - Help Net Security
Ransomware attacks skyrocketed in H1 2021 - Help Net Security
Ransomware is wreaking havoc in Hackney - Coda Story
Regulations against ransomware payment not ideal solution - ZDNet
SAP applications more vulnerable than users might think - Help Net Security
Save an extra 60% on these 10 top coding course bundles - Bleeping Computer
Supply chain attacks are getting worse, and you are not ready for them - ZDNet
The importance of compute lifecycle assurance in a zero-trust world - Help Net Security
With Crime-as-a-Service, anyone can be an attacker - Help Net Security

02/08
A digital shift requires a new approach to asset management: How to reduce security risks - Help Net Security
CISA launches US federal vulnerability disclosure platform - Help Net Security
Critical vulnerabilities may allow attackers to compromise hospitals’ pneumatic tube system - Help Net Security
Gamification can redefine the cybersecurity demo experience - Help Net Security
Google Chrome to no longer show secure website indicators - Bleeping Computer
Italy’s Lazio Region Hit by Ransomware Actors Who Crippled Vaccination Process - TechNadu
Navigating the 2021 threat landscape: Security operations, cybersecurity maturity - Help Net Security
New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits - The Hacker News
Organizations still rely on weak security for remote workers - Help Net Security
PwnedPiper critical bug set impacts major hospitals in North America - Bleeping Computer
PwnedPiper PTS Security Flaws Threaten 80% of Hospitals in the U.S. - The Hacker News
PyPI Python Package Repository Patches Critical Supply Chain Flaw - The Hacker News
Ransomware operators love them: Key trends in the Initial Access Broker space - ZDNet
Scientists Prove Tricking Sophisticated Voice Authentication Systems Is Feasible - TechNadu
Solarmarker InfoStealer Malware Once Again Making its Way Into the Wild - The Hacker News
SolarWinds attackers breached email of US prosecutors, says Department of Justice - ZDNet
Stop ignore this iPhone warning - ZDNet
Zoom to pay $85m to set aside privacy violation and zoombombing allegations - ZDNet

01/08
Bot protection now generally available in Azure Web Application Firewall - Bleeping Computer
Calgary Parking Authority exposed sensitive data of residents - HackRead
Five Essential Ways To Prepare For A Future Ransomware Attack - Forbes
How to put a stop to Russia’s new form of organized crime - Telecom
Ransomware attacks hit record 300 million in 1st half of 2021: Report - The Tribune India
U.S. Government launches first business, community one-stop ransomware resource website - Corridor News