NEWS: Agosto (21/08 - 27/08) - 34 Semana de 2022

Cyber Security and Information Security News - Daily Updates !! Weekly Review

27/08

Canada: Conservatives call for release of report on massive Afghan immigration data breach

CISA: Prepare now for quantum computers, not when hackers use them

Cloud Applications are The Major Catalyst for Cyber-Attacks: Microsoft

Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center

Cryptocurrency Exchange Hacks In History: An Updated List 2022

Cyber insurance price hikes have left local governments reeling

Facebook agrees to settle Cambridge Analytica data breach lawsuit

Fake 'Cthulhu World' P2E project used to push info-stealing malware

Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations

Palo Alto report reveals trends, recommendations on cybersecurity

Ransomware: Cyber Criminals Are Coming For The Global South

Scammers Made Deepfake AI Hologram of Binance Executive

Which Australian industries are most targeted by cyberattacks?

Your birthday is when you're most likely to be scammed - here's how to prevent it

26/08

A confusing data dump from Vice Society

Após ataque hacker, TJDFT retoma expediente regular na 2ª feira (29/8)

Ataque hacker: Prefeitura do Rio prorroga prazos de serviços da Fazenda; sistema segue há 11 dias fora do ar

Atlassian Bitbucket Server vulnerable to critical RCE vulnerability

Barely one in 10 Canadians worried about cyber attacks and that concerns authorities

Bits ‘n Pieces (Trozos y Piezas)

Block Faces Class Action Suit After 2021 Breach

CISA: Action required now to prepare for quantum computing cyber threats

Cosmetics giant Sephora first to be fined for violating California’s Consumer Privacy Act

Cosmetics Giant Sephora to Pay $1m+ Privacy Settlement

Cyber-Attack Disrupts Public Services in Fremont County, Colorado

Cyber attack targets New Hampshire Lottery

Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework

DoorDash discloses new data breach tied to Twilio hackers

Facebook é condenado a indenizar internauta com perfil invadido por hacker

GoldDragon campaign: North-Korea linked Kimsuky APT adopts victim verification technique

Hackers Breach LastPass Developer System to Steal Source Code

How complicated access management protocols have impacted cloud security

How fast is the financial industry fixing its software security flaws?

How to use confidential mode in Gmail to protect sensitive information

Iran-Based MuddyWater Targets Log4j 2 Vulnerabilities in SysAid Apps in Israel

Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access

Insurers May Not Cover ‘State-Sponsored’ Cyberattacks

IT leaders struggling to address identity sprawl

LastPass Breach Raises Disclosure Transparency Concerns

LastPass breach: Source code, proprietary tech info stolen

LastPass Hackers Stole Source Code

Microsoft: Iranian attackers are using Log4Shell to target organizations in Israel

Microsoft: Iranian hackers still exploiting Log4j bugs against Israel

Montenegro Accuses Russia of Cyber-Attacks on Govt Server

Montenegro reports massive Russian cyberattack against govt

Montenegro's state infrastructure hit by cyber attack -officials

New ‘Donut Leaks’ extortion gang linked to recent ransomware attacks

New Hampshire Lottery website experiences cyberattack

0ktapus Phishing Campaign Targets Okta Identity Credentials

0ktapus phishing campaign: Twilio hackers targeted other 136 organizations

ParkMobile Can’t Escape Data Breach Class Action

Portuguese Airline Foils Cyber Attack, But Experts Warn Criminal Hackers Have The Aviation Industry in Their Sights

San Diego American Indian Health Center: over 27,000 people are affected by data theft

TeamTNT Targeted Cloud Instances and Containerized Environments For Two Years

The Week in Ransomware - August 26th 2022 - Fighting back

This Week in Malware – 450 Packages and a Phishing Campaign Against PyPI Maintainers

Twilio breach let hackers gain access to Authy 2FA accounts

Why You Need a Third-Party Risk Management (TPRM) Program

25/08

Caught up in another password breach? Follow these 3 rules to protect yourself online

Chestermere Strathmore MLA cyber attacks being investigated

CIO Strategy Council wants to establish a national standard for cybersecurity workers

Conheça Peiter Zatko, o hacker que expôs os segredos do Twitter

GAIROSCOPE attack allows to exfiltrate data from Air-Gapped systems via ultrasonic tones

Hackers abuse Genshin Impact anti-cheat system to disable antivirus

Hackers adopt Sliver toolkit as a Cobalt Strike alternative

Hackers are attempting to steal millions of dollars from businesses by bypassing multi-factor authentication

HC3 Warns Healthcare Sector of Karakurt Ransomware Group

How CISOs can safeguard security in CI/CD environments

How to navigate payment regulations without compromising customer experience

KLAS Evaluates Healthcare Cybersecurity, Data Privacy Consulting Vendors

LastPass developer systems hacked to steal source code

Microsoft Attributes New Post-Compromise Capability to Nobelium

Microsoft: Russian hackers gain powerful 'MagicWeb' authentication bypass

Microsoft: Russian malware hijacks ADFS to log in as anyone in Windows

Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers

NHS Cyber Attack, August 2022: What’s the Fallout?

Nobelium APT uses new Post-Compromise malware MagicWeb

Okta Hackers Behind Twilio and Cloudflare Breach Hit Over 130 Organizations

0ktapus: Twilio, Cloudflare phishers targeted 130+ organizations

Organizations changing cyber strategy in response to nation-state attacks

Phishing PyPI users: Attackers compromise legitimate projects to push malware

PyPI packages hijacked after developers fall for phishing emails

PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks

Ransomware dominates the threat landscape

Researchers Uncover Kimusky Infra Targeting South Korean Politicians and Diplomats

Scammers Create 'AI Hologram' of C-Suite Crypto Exec

Security pros fret about stress and promotion over cyber attacks

Site Nota Carioca volta a funcionar após sofrer ataque hacker

Talos Renews Cybersecurity Support For Ukraine on Independence Day

Threat actors are using the Tox P2P messenger as C2 server

Twilio hackers hit over 130 orgs in massive Okta phishing attack

US Firm Pays $16m to Settle Healthcare Fraud Claims

U.S. Government Spending Billions on Cybersecurity

We need to think about ransomware differently

Workplace Stress Worse than Cyber-Attack Fears for Security Pros

24/08

5 Keys To Successful Least Privilege Policy Implementation

Advanced updates on healthcare ransomware attack

Air-Gapped Devices Can Send Covert Morse Signals via Network Card LEDs

Another hospital in Europe falls victim to a cyberattack. This time with a US$10m ransom

Atenção utilizadores de Android: Relatório da ESET aponta para crescimento de malware em apps

Avast disponibiliza Ransomware Shield para soluções de empresa

Avast Ransomware Shield Offers New Layer of Protection For Businesses In Light of Evolving Threats

Barracuda threat report reveals spike in ransomware to more than 1.2 million per month

Calcium Products, Inc. Confirms Recent Data Breach

California Age-Appropriate Design Code Act (ADCA) bill aims to increase children’s data privacy

California corrections says potential data breach affected staff, inmates

CISOs see little need for a point solution to cover ransomware risk

Cloud Range Introduces Cognitive Assessment to Improve Cybersecurity Hiring

Community Loan Servicing, LLC Files Notice of Data Breach

Compliance Into The Weeds - HanesBrands Cyber Security Breach Disclosure

Construction firms offered new cyber security guidance

Critical Insight Finds Attackers Shifting Focus to Smaller Hospital Systems and Specialty Clinics in H1 2022 Healthcare Data Breach Report

Critical RCE bug in GitLab patched, update ASAP! (CVE-2022-2884)

Cyber Signals report highlights ransomware-as-a-service

Cyber Unit Announces Amalgamation with Techtone Merge to Become a Cyber Security Powerhouse

Digital transformation giant Orion Innovation hit by LockBit ransomware, hacker group claims

eCapital Corp. Announces June 2021 Data Breach in August 2022

Fake Chrome extension 'Internet Download Manager' has 200,000 installs

Fans heading to the World Cup in Qatar and firms involved in tournament warned about cybercrime risk

Finland scores highly for cybersecurity: Digital Nomads

Fort Wayne City Council Approves $5 Million For Cyber Security & Firefighter Breathing Equipment

Fremont County, Ohio, Extends Disaster After Cyber Attack

GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software

Google: An app that beeps when there is data breach

Greece's largest natural gas distributor suffers a Ragnar Locker ransomware attack

Grupos de ransomware Hive, LockBit e BlackCat atacam uma mesma rede consecutivamente

Hackers are attempting to steal millions of dollars from businesses by bypassing multi-factor authentication

Hackers attack the Dominican Agrarian Institute (IAD); they ask for about US$600 thousand to return data

Hackers Using Fake DDoS Protection Pages to Distribute Malware

Hacking gang Monster uses a graphical interface to deploy its ransomware

Healthcare is Disproportionately Susceptible to Extortion

How ransomware attacks target specific industries

IoT Vulnerability Disclosures Up 57% in Six Months, Claroty Reveals

Iranian cyberespionage group uses new Hyperscrape tool to extract emails from victims’ mailboxes

Is security becoming a priority for DevOps teams?

Lionel Holdings, LLC Reports Data Breach After the Company Was Targeted in a Ransomware Attack

Lloyd's to exclude certain nation-state attacks from cyber insurance policies

LockBit ransomware group implicated in crippling attack on French hospital

Microsoft Active Directory as a Prime Target for Ransomware Operators

Mitigating Risk of Data Leaks in Investigations

Moon School District Suffers Cyber Attack

NCSC Shares Guidance to Help Secure Large Construction Projects

New ransomware HavanaCrypt poses as Google software update

Plex breached: Change your passwords now

Plex Data Breach Compromised Usernames, Emails & Passwords

Plex suffers data breach; third-party gains access to emails, usernames and more

Quantum ransomware attack disrupts govt agency in Dominican Republic

Ransomware-as-a-service industrializou cibercrime numa economia em ascensão com papéis bem definidos

Ransomware Surges to 1.2 Million Attacks Per Month

'Recuperei a maior parte dos fundos roubados da Nomad e tudo o que recebi foi esse NFT bobo', diz hacker white hat

Sacramento-area college has its system hacked — again

Saudi Arabia to Stimulate Local Cyber-security Industry

Seis meses de guerra: Porque os ciberataques russos são pouco eficazes na invasão à Ucrânia?

The Challenge of Shadow OT

The Ransomware Playbook Mistakes That Can Cost You Millions

Top 10 Cybersecurity Trends and Predictions to Look Out for in 2023

Twitter Dismisses Whistleblower's Claim Of Sensitive User Data Breach, Terms Allegation ‘False Narrative'

UK Water Supplier Suffered a Clop Ransomware Attack During Major Drought; Victim Initially Misidentified as UK’s Largest Water Utility

US Healthcare Sector Breaches 342m+ Records Since 2009

US, Israel sign deal to combat ransomware, protect critical financial infrastructure

US Orgs Have Suffered 5,000 Healthcare Data Breaches Since 2009

XCSSET malware authors devise new ways to target MacOS Monterey devices

WannaCry explained: A perfect ransomware storm

Why business email compromise still tops ransomware for total losses

Why Does Medical Imaging Equipment Need Better Cybersecurity?

23/08

7 open-source malware analysis tools you should try out

35 Apps de malware foram encontrados na Google Play Store

A closer look at identity crimes committed against individuals

Air-Gap Attack Exploits Gyroscope Ultrasonic Covert Channel to Leak Data

API security incidents occur at least once a month

CISA Adds Palo Alto Networks' PAN-OS Vulnerability to Catalog

Configuration Errors to Blame for 80% of Ransomware

Counterfeit Android Devices Revealed to Contain Backdoor Designed to Hack WhatsApp

CISA adds Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog

Counterfeit versions of popular mobile devices target WhatsApp and WhatsApp Business

Cyber attackers disrupt services at French hospital, demand $10 million ransom

DDoS attacks jump 203%, patriotic hacktivism surges

ETHERLED: Air-gapped systems leak data via network card LEDs

Ex-Apple engineer pleads guilty to stealing Apple's car secrets

Ex-Security Chief Accuses Twitter of Cybersecurity Negligence

FBI: Beware Residential IPs Hiding Credential Stuffing

French hospital hit by $10M ransomware attack, sends patients elsewhere

GitLab fixed a critical Remote Code Execution (RCE) bug in CE and EE releases

Google: Iranian hackers use new tool to steal email from victims

Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts

Hacker leva 1h12 min para acessar dados após ataque de phishing

Hackers perdem 5 Ethereum ao tentar atacar protocolo DeFi

Hacktivists in the DUMPS in Solidarity With Ukraine

Has ESG Become aWake-Up Call for Cybersecurity?

John Deere tractor hack reveals food supply vulnerable to cyber attacks

Lockbit leak sites hit by mysterious DDoS attack after Entrust hack

Major construction projects offered first-of-its-kind cyber security advice from government

Media Firms Twice as Vulnerable as Cross-Sector Average

New 'Donut Leaks' extortion gang linked to recent ransomware attacks

NSA to boost cyber security, announces Nigeria’s accession to Budapest Convention on Cybercrime

Oracle’s HUGE Ad Data Graph is ‘Illegal Panopticon’ — 5 BILLION People Big

Over 80,000 Hikvision cameras can be easily hacked

Páginas falsas de proteção contra DDoS distribuem malware

Poor healthcare cybersecurity is a threat to public health

Protocolo “vira o jogo” contra hackers e deixa invasores com prejuízo de R$ 40 mil

Ransomware-as-a-service industrializou cibercrime numa economia em ascensão com papéis bem definidos

Ransomware: Most attacks exploit these common cybersecurity mistakes - so fix them now, warns Microsoft

Smart meter data could be used for burglaries, claims some cyber security experts

Suspected Iranian Hackers Targeted Several Israeli Organizations for Espionage

Techstrong TV: Industry Powerhouse Releases Cybersecurity Conversations Report

Thai PM Gives Huawei Thailand Cybersecurity Excellence Award

The Rise of Data Exfiltration and Why It Is a Greater Risk Than Ransomware

UK: Major city car dealership hit by huge data theft cyber attack in July

XCSSET Malware Updates with Python 3 to Target macOS Monterey Users

What businesses can do to anticipate and mitigate ransomware threats

Why cybersecurity in the EU should matter to you

WP.29 and the future of automotive cyber security

22/08

4 Tips to Develop a Human-Layered Cybersecurity Defense

40% of Business Executives Are Worried About Getting Hacked, But Will They Do Anything About It?

67% of organizations had identity-related data breaches last year

A 'nightmare scenario': Data-tampering attacks are hard to detect, with devastating consequences

"As Nasty as Dirty Pipe" — 8 Year Old Linux Kernel Vulnerability Uncovered

Attackers using fake Cloudflare DDoS protection popups to distribute malware

Before Portland lost $1.4 million in cyber breach, city treasurer raised red flag

Car Dealership Hit by Major Ransomware Attack

Caribbean Airlines warns of scam circulating in WhatsApp

CISA is warning of high-severity PAN-OS DDoS flaw used in attacks

CISA Warns of Active Exploitation of Palo Alto Networks' PAN-OS Vulnerability

Cookie theft threat: When Multi-Factor authentication is not enough

DDoS Protection Weaponized to Deliver RATs

DDoS tales from the SOC

Disk wiping malware knows no borders

Donot Team cyberespionage group updates its Windows malware framework

Endpoint Security: How To Protect Your Business From Hackers

Escanor malware delivered in weaponized Microsoft Office documents

Escanor RAT Malware Deployed Via Microsoft Office and PDF Documents

Essential Cybersecurity Guide For New Startups

Estonia's Battle Against a Deluge of DDoS Attacks

Fake DDoS protection pages are delivering malware!

FBI warns of residential proxies used in credential stuffing attacks

Fileless malware: how does it work?

Greek natural gas operator suffers ransomware-related data breach

Hackers are using this sneaky exploit to bypass Microsoft's multi-factor authentication

Hackers Target ATM Maker for Bitcoins

Half of UK businesses only recognising cyber threats after an attack - report

Hampshire's Hantec Systems say hundreds of UK businesses at risk of cyber attack

How many breaches has Overlake Medical Center & Clinics experienced in the past few years?

How to protect your organization from ransomware-as-a-service attacks

How vulnerable supply chains threaten cloud security

HowTo: Prove Identity Security ROI to Boards as a CISO

In-app browsers on Meta and TikTok can ‘track everything’; Report

LockBit ransomware group targeted with DDoS attack after Entrust data leak

Mac users beware: North Korean hacking group Lazarus exploiting the weak job market with malicious fake job emails

Meet Borat RAT, a New Unique Triple Threat

Microsoft: How we unearthed a critical flaw in ChromeOS, and how Google fixed it

Middle East take 2nd place in data breach defeats

Misconfigured Meta Pixel exposed healthcare data of 1.3M patients

Mysterious Hackers Revealed: Who Are The Most Dangerous Black Hat Hackers?

New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data

North Korean Lazarus hacker group is phishing Mac users with fake job posts: How to protect yourself | Digit

Over 80,000 exploitable Hikvision cameras exposed online

Protecting an organisation’s most valuable asset: why a solid data management and protection strategy is non-negotiable

Ransomware attack on medical billing provider affected 942K patients and 28 hospitals

Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts

RTLS Systems Found Vulnerable to MiTM Attacks and Location Tampering

The allure of fraud – and how to

The underestimated impact of enterprise cyberattacks on individual consumers

Threat Actor Deploys Raven Storm Tool to Perform DDoS Attacks

TikTok’s In-App Browser Can Monitor Your Activity on External Websites

UK Drinking Water Supplier Falls Victim to Clop Ransomware Gang

VIASAT hack impacted French critical services

What type of fraud enables attackers to make a living?

21/08

4 Ways to Protect against Business Email Compromise

Após ataque hacker, Previ-Rio vai abrir novo prazo para servidor municipal aderir ao plano de saúde

Before paying a ransom, hacked companies should consider their ethics and values

Bringing lessons from cybersecurity to the fight against disinformation

CISA adds more 7 vulnerabilities to 'Known Exploited Vulnerabilities Catalog' List

Grandoreiro banking malware targets Mexico and Spain

Hackers Stole Crypto from Bitcoin ATMs by Exploiting Zero-Day Vulnerability

Hackers target hotel and travel companies with fake reservations

Here’s why you should bet on cybersecurity

Hong Kong firms want stronger cybersecurity, but the city lacks IT talent

How secure are SMS verifications?

Israeli cybersecurity co Tufin lays off 55

White hat hackers broadcasted talks and hacker movies through a decommissioned satellite

NEWS: Agosto (14/08 - 20/08) - 33 Semana de 2022