NEWS: Agosto (21/08 - 27/08) - 34 Semana de 2022
Cyber Security and Information Security News - Daily Updates !! Weekly Review

27/08
Canada: Conservatives call for release of report on massive Afghan immigration data breach
CISA: Prepare now for quantum computers, not when hackers use them
Cloud Applications are The Major Catalyst for Cyber-Attacks: Microsoft
Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center
Cryptocurrency Exchange Hacks In History: An Updated List 2022
Cyber insurance price hikes have left local governments reeling
Facebook agrees to settle Cambridge Analytica data breach lawsuit
Fake 'Cthulhu World' P2E project used to push info-stealing malware
Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations
Palo Alto report reveals trends, recommendations on cybersecurity
Ransomware: Cyber Criminals Are Coming For The Global South
Scammers Made Deepfake AI Hologram of Binance Executive
Which Australian industries are most targeted by cyberattacks?
Your birthday is when you're most likely to be scammed - here's how to prevent it
26/08
A confusing data dump from Vice Society
Após ataque hacker, TJDFT retoma expediente regular na 2ª feira (29/8)
Atlassian Bitbucket Server vulnerable to critical RCE vulnerability
Barely one in 10 Canadians worried about cyber attacks and that concerns authorities
Bits ‘n Pieces (Trozos y Piezas)
Block Faces Class Action Suit After 2021 Breach
CISA: Action required now to prepare for quantum computing cyber threats
Cosmetics giant Sephora first to be fined for violating California’s Consumer Privacy Act
Cosmetics Giant Sephora to Pay $1m+ Privacy Settlement
Cyber-Attack Disrupts Public Services in Fremont County, Colorado
Cyber attack targets New Hampshire Lottery
Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework
DoorDash discloses new data breach tied to Twilio hackers
Facebook é condenado a indenizar internauta com perfil invadido por hacker
GoldDragon campaign: North-Korea linked Kimsuky APT adopts victim verification technique
Hackers Breach LastPass Developer System to Steal Source Code
How complicated access management protocols have impacted cloud security
How fast is the financial industry fixing its software security flaws?
How to use confidential mode in Gmail to protect sensitive information
Iran-Based MuddyWater Targets Log4j 2 Vulnerabilities in SysAid Apps in Israel
Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access
Insurers May Not Cover ‘State-Sponsored’ Cyberattacks
IT leaders struggling to address identity sprawl
LastPass Breach Raises Disclosure Transparency Concerns
LastPass breach: Source code, proprietary tech info stolen
LastPass Hackers Stole Source Code
Microsoft: Iranian attackers are using Log4Shell to target organizations in Israel
Microsoft: Iranian hackers still exploiting Log4j bugs against Israel
Montenegro Accuses Russia of Cyber-Attacks on Govt Server
Montenegro reports massive Russian cyberattack against govt
Montenegro's state infrastructure hit by cyber attack -officials
New ‘Donut Leaks’ extortion gang linked to recent ransomware attacks
New Hampshire Lottery website experiences cyberattack
0ktapus Phishing Campaign Targets Okta Identity Credentials
0ktapus phishing campaign: Twilio hackers targeted other 136 organizations
ParkMobile Can’t Escape Data Breach Class Action
San Diego American Indian Health Center: over 27,000 people are affected by data theft
TeamTNT Targeted Cloud Instances and Containerized Environments For Two Years
The Week in Ransomware - August 26th 2022 - Fighting back
This Week in Malware – 450 Packages and a Phishing Campaign Against PyPI Maintainers
Twilio breach let hackers gain access to Authy 2FA accounts
Why You Need a Third-Party Risk Management (TPRM) Program
25/08
Caught up in another password breach? Follow these 3 rules to protect yourself online
Chestermere Strathmore MLA cyber attacks being investigated
CIO Strategy Council wants to establish a national standard for cybersecurity workers
Conheça Peiter Zatko, o hacker que expôs os segredos do Twitter
GAIROSCOPE attack allows to exfiltrate data from Air-Gapped systems via ultrasonic tones
Hackers abuse Genshin Impact anti-cheat system to disable antivirus
Hackers adopt Sliver toolkit as a Cobalt Strike alternative
HC3 Warns Healthcare Sector of Karakurt Ransomware Group
How CISOs can safeguard security in CI/CD environments
How to navigate payment regulations without compromising customer experience
KLAS Evaluates Healthcare Cybersecurity, Data Privacy Consulting Vendors
LastPass developer systems hacked to steal source code
Microsoft Attributes New Post-Compromise Capability to Nobelium
Microsoft: Russian hackers gain powerful 'MagicWeb' authentication bypass
Microsoft: Russian malware hijacks ADFS to log in as anyone in Windows
Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers
NHS Cyber Attack, August 2022: What’s the Fallout?
Nobelium APT uses new Post-Compromise malware MagicWeb
Okta Hackers Behind Twilio and Cloudflare Breach Hit Over 130 Organizations
0ktapus: Twilio, Cloudflare phishers targeted 130+ organizations
Organizations changing cyber strategy in response to nation-state attacks
Phishing PyPI users: Attackers compromise legitimate projects to push malware
PyPI packages hijacked after developers fall for phishing emails
PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks
Ransomware dominates the threat landscape
Researchers Uncover Kimusky Infra Targeting South Korean Politicians and Diplomats
Scammers Create 'AI Hologram' of C-Suite Crypto Exec
Security pros fret about stress and promotion over cyber attacks
Site Nota Carioca volta a funcionar após sofrer ataque hacker
Talos Renews Cybersecurity Support For Ukraine on Independence Day
Threat actors are using the Tox P2P messenger as C2 server
Twilio hackers hit over 130 orgs in massive Okta phishing attack
US Firm Pays $16m to Settle Healthcare Fraud Claims
U.S. Government Spending Billions on Cybersecurity
We need to think about ransomware differently
Workplace Stress Worse than Cyber-Attack Fears for Security Pros
24/08
5 Keys To Successful Least Privilege Policy Implementation
Advanced updates on healthcare ransomware attack
Air-Gapped Devices Can Send Covert Morse Signals via Network Card LEDs
Another hospital in Europe falls victim to a cyberattack. This time with a US$10m ransom
Atenção utilizadores de Android: Relatório da ESET aponta para crescimento de malware em apps
Avast disponibiliza Ransomware Shield para soluções de empresa
Avast Ransomware Shield Offers New Layer of Protection For Businesses In Light of Evolving Threats
Barracuda threat report reveals spike in ransomware to more than 1.2 million per month
Calcium Products, Inc. Confirms Recent Data Breach
California Age-Appropriate Design Code Act (ADCA) bill aims to increase children’s data privacy
California corrections says potential data breach affected staff, inmates
CISOs see little need for a point solution to cover ransomware risk
Cloud Range Introduces Cognitive Assessment to Improve Cybersecurity Hiring
Community Loan Servicing, LLC Files Notice of Data Breach
Compliance Into The Weeds - HanesBrands Cyber Security Breach Disclosure
Construction firms offered new cyber security guidance
Critical RCE bug in GitLab patched, update ASAP! (CVE-2022-2884)
Cyber Signals report highlights ransomware-as-a-service
Cyber Unit Announces Amalgamation with Techtone Merge to Become a Cyber Security Powerhouse
Digital transformation giant Orion Innovation hit by LockBit ransomware, hacker group claims
eCapital Corp. Announces June 2021 Data Breach in August 2022
Fake Chrome extension 'Internet Download Manager' has 200,000 installs
Fans heading to the World Cup in Qatar and firms involved in tournament warned about cybercrime risk
Finland scores highly for cybersecurity: Digital Nomads
Fort Wayne City Council Approves $5 Million For Cyber Security & Firefighter Breathing Equipment
Fremont County, Ohio, Extends Disaster After Cyber Attack
GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software
Google: An app that beeps when there is data breach
Greece's largest natural gas distributor suffers a Ragnar Locker ransomware attack
Grupos de ransomware Hive, LockBit e BlackCat atacam uma mesma rede consecutivamente
Hackers Using Fake DDoS Protection Pages to Distribute Malware
Hacking gang Monster uses a graphical interface to deploy its ransomware
Healthcare is Disproportionately Susceptible to Extortion
How ransomware attacks target specific industries
IoT Vulnerability Disclosures Up 57% in Six Months, Claroty Reveals
Iranian cyberespionage group uses new Hyperscrape tool to extract emails from victims’ mailboxes
Is security becoming a priority for DevOps teams?
Lionel Holdings, LLC Reports Data Breach After the Company Was Targeted in a Ransomware Attack
Lloyd's to exclude certain nation-state attacks from cyber insurance policies
LockBit ransomware group implicated in crippling attack on French hospital
Microsoft Active Directory as a Prime Target for Ransomware Operators
Mitigating Risk of Data Leaks in Investigations
Moon School District Suffers Cyber Attack
NCSC Shares Guidance to Help Secure Large Construction Projects
New ransomware HavanaCrypt poses as Google software update
Plex breached: Change your passwords now
Plex Data Breach Compromised Usernames, Emails & Passwords
Plex suffers data breach; third-party gains access to emails, usernames and more
Quantum ransomware attack disrupts govt agency in Dominican Republic
Ransomware-as-a-service industrializou cibercrime numa economia em ascensão com papéis bem definidos
Ransomware Surges to 1.2 Million Attacks Per Month
Sacramento-area college has its system hacked — again
Saudi Arabia to Stimulate Local Cyber-security Industry
Seis meses de guerra: Porque os ciberataques russos são pouco eficazes na invasão à Ucrânia?
The Ransomware Playbook Mistakes That Can Cost You Millions
Top 10 Cybersecurity Trends and Predictions to Look Out for in 2023
US Healthcare Sector Breaches 342m+ Records Since 2009
US, Israel sign deal to combat ransomware, protect critical financial infrastructure
US Orgs Have Suffered 5,000 Healthcare Data Breaches Since 2009
XCSSET malware authors devise new ways to target MacOS Monterey devices
WannaCry explained: A perfect ransomware storm
Why business email compromise still tops ransomware for total losses
Why Does Medical Imaging Equipment Need Better Cybersecurity?
23/08
7 open-source malware analysis tools you should try out
35 Apps de malware foram encontrados na Google Play Store
A closer look at identity crimes committed against individuals
Air-Gap Attack Exploits Gyroscope Ultrasonic Covert Channel to Leak Data
API security incidents occur at least once a month
CISA Adds Palo Alto Networks' PAN-OS Vulnerability to Catalog
Configuration Errors to Blame for 80% of Ransomware
Counterfeit Android Devices Revealed to Contain Backdoor Designed to Hack WhatsApp
CISA adds Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog
Counterfeit versions of popular mobile devices target WhatsApp and WhatsApp Business
Cyber attackers disrupt services at French hospital, demand $10 million ransom
DDoS attacks jump 203%, patriotic hacktivism surges
ETHERLED: Air-gapped systems leak data via network card LEDs
Ex-Apple engineer pleads guilty to stealing Apple's car secrets
Ex-Security Chief Accuses Twitter of Cybersecurity Negligence
FBI: Beware Residential IPs Hiding Credential Stuffing
French hospital hit by $10M ransomware attack, sends patients elsewhere
GitLab fixed a critical Remote Code Execution (RCE) bug in CE and EE releases
Google: Iranian hackers use new tool to steal email from victims
Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts
Hacker leva 1h12 min para acessar dados após ataque de phishing
Hackers perdem 5 Ethereum ao tentar atacar protocolo DeFi
Hacktivists in the DUMPS in Solidarity With Ukraine
Has ESG Become aWake-Up Call for Cybersecurity?
John Deere tractor hack reveals food supply vulnerable to cyber attacks
Lockbit leak sites hit by mysterious DDoS attack after Entrust hack
Major construction projects offered first-of-its-kind cyber security advice from government
Media Firms Twice as Vulnerable as Cross-Sector Average
New 'Donut Leaks' extortion gang linked to recent ransomware attacks
NSA to boost cyber security, announces Nigeria’s accession to Budapest Convention on Cybercrime
Oracle’s HUGE Ad Data Graph is ‘Illegal Panopticon’ — 5 BILLION People Big
Over 80,000 Hikvision cameras can be easily hacked
Páginas falsas de proteção contra DDoS distribuem malware
Poor healthcare cybersecurity is a threat to public health
Protocolo “vira o jogo” contra hackers e deixa invasores com prejuízo de R$ 40 mil
Ransomware-as-a-service industrializou cibercrime numa economia em ascensão com papéis bem definidos
Smart meter data could be used for burglaries, claims some cyber security experts
Suspected Iranian Hackers Targeted Several Israeli Organizations for Espionage
Techstrong TV: Industry Powerhouse Releases Cybersecurity Conversations Report
Thai PM Gives Huawei Thailand Cybersecurity Excellence Award
The Rise of Data Exfiltration and Why It Is a Greater Risk Than Ransomware
UK: Major city car dealership hit by huge data theft cyber attack in July
XCSSET Malware Updates with Python 3 to Target macOS Monterey Users
What businesses can do to anticipate and mitigate ransomware threats
Why cybersecurity in the EU should matter to you
WP.29 and the future of automotive cyber security
22/08
4 Tips to Develop a Human-Layered Cybersecurity Defense
40% of Business Executives Are Worried About Getting Hacked, But Will They Do Anything About It?
67% of organizations had identity-related data breaches last year
A 'nightmare scenario': Data-tampering attacks are hard to detect, with devastating consequences
"As Nasty as Dirty Pipe" — 8 Year Old Linux Kernel Vulnerability Uncovered
Attackers using fake Cloudflare DDoS protection popups to distribute malware
Before Portland lost $1.4 million in cyber breach, city treasurer raised red flag
Car Dealership Hit by Major Ransomware Attack
Caribbean Airlines warns of scam circulating in WhatsApp
CISA is warning of high-severity PAN-OS DDoS flaw used in attacks
CISA Warns of Active Exploitation of Palo Alto Networks' PAN-OS Vulnerability
Cookie theft threat: When Multi-Factor authentication is not enough
DDoS Protection Weaponized to Deliver RATs
Disk wiping malware knows no borders
Donot Team cyberespionage group updates its Windows malware framework
Endpoint Security: How To Protect Your Business From Hackers
Escanor malware delivered in weaponized Microsoft Office documents
Escanor RAT Malware Deployed Via Microsoft Office and PDF Documents
Essential Cybersecurity Guide For New Startups
Estonia's Battle Against a Deluge of DDoS Attacks
Fake DDoS protection pages are delivering malware!
FBI warns of residential proxies used in credential stuffing attacks
Fileless malware: how does it work?
Greek natural gas operator suffers ransomware-related data breach
Hackers are using this sneaky exploit to bypass Microsoft's multi-factor authentication
Hackers Target ATM Maker for Bitcoins
Half of UK businesses only recognising cyber threats after an attack - report
Hampshire's Hantec Systems say hundreds of UK businesses at risk of cyber attack
How many breaches has Overlake Medical Center & Clinics experienced in the past few years?
How to protect your organization from ransomware-as-a-service attacks
How vulnerable supply chains threaten cloud security
HowTo: Prove Identity Security ROI to Boards as a CISO
In-app browsers on Meta and TikTok can ‘track everything’; Report
LockBit ransomware group targeted with DDoS attack after Entrust data leak
Meet Borat RAT, a New Unique Triple Threat
Microsoft: How we unearthed a critical flaw in ChromeOS, and how Google fixed it
Middle East take 2nd place in data breach defeats
Misconfigured Meta Pixel exposed healthcare data of 1.3M patients
Mysterious Hackers Revealed: Who Are The Most Dangerous Black Hat Hackers?
New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data
Over 80,000 exploitable Hikvision cameras exposed online
Ransomware attack on medical billing provider affected 942K patients and 28 hospitals
Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts
RTLS Systems Found Vulnerable to MiTM Attacks and Location Tampering
The allure of fraud – and how to
The underestimated impact of enterprise cyberattacks on individual consumers
Threat Actor Deploys Raven Storm Tool to Perform DDoS Attacks
TikTok’s In-App Browser Can Monitor Your Activity on External Websites
UK Drinking Water Supplier Falls Victim to Clop Ransomware Gang
VIASAT hack impacted French critical services
What type of fraud enables attackers to make a living?
21/08
4 Ways to Protect against Business Email Compromise
Após ataque hacker, Previ-Rio vai abrir novo prazo para servidor municipal aderir ao plano de saúde
Before paying a ransom, hacked companies should consider their ethics and values
Bringing lessons from cybersecurity to the fight against disinformation
CISA adds more 7 vulnerabilities to 'Known Exploited Vulnerabilities Catalog' List
Grandoreiro banking malware targets Mexico and Spain
Hackers Stole Crypto from Bitcoin ATMs by Exploiting Zero-Day Vulnerability
Hackers target hotel and travel companies with fake reservations
Here’s why you should bet on cybersecurity
Hong Kong firms want stronger cybersecurity, but the city lacks IT talent
How secure are SMS verifications?
Israeli cybersecurity co Tufin lays off 55
White hat hackers broadcasted talks and hacker movies through a decommissioned satellite