NEWS: Dezembro (12/12 - 18/12) - 50 Semana de 2021
Cyber Security and Information Security News - Daily Updates !!
18/12
Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability - The Hacker News
Apache Log4j: New Attack Vectors, Ransomware Seen - Bank Info Security
Conti Ransomware Group Exploiting Log4j Vulnerability - HackRead
German audio tech giant Sennheiser exposed 55GB of customers’ data - HackRead
Hall County’s ‘crippling’ cyberattack last year cost $1.7M. Here’s what else we’ve learned since then - Gainesville Times
How to Successfully Handle Press Releases After a Data Breach - Purple Revolver
Mean Time To Detect (MTTD) - Business 2 Community
New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability - The Hacker News
Privacy Commissioner Notified After Data Breach At Five Counties Children’s Centre - Kawartha 411
Ransomware persists even as high-profile attacks have slowed - Independent
Rising ransomware attacks doubles premium for cyber cover - The Times Of India
Telcos Are on Phishers’ Radar, Who Is at Risk? - CircleID
The game of fraud also runs in the name of Cryptocurrency! In this way you can make safe investments - Enter 21st
Three-fourths of organisations in India have been hit by ransomware threat this year: Report - The Hindu Business Line
Upgraded to log4j 2.16? Surprise, there's a 2.17 fixing DoS - Bleeping Computer
17/12
All Log4j, logback bugs we know so far and why you MUST ditch 2.15 - Bleeping Computer
Attacks on UK Firms Increase Five-Fold During Pandemic - InfoSecurity Magazine
B&K Issues Cyber-attack Notice - InfoSecurity Magazine
CISA: Federal agencies must immediately mitigate Log4J vulnerabilities - ZDNet
CISA: Prepare Now for Holiday Cyber Onslaught - InfoSecurity Magazine
Conti ransomware uses Log4j bug to hack VMware vCenter servers - Bleeping Computer
Credit card info of 1.8 million people stolen from sports gear sites - Bleeping Computer
Digital IDs don’t have to impinge on civil liberties and privacy - Help Net Security
Facebook Bans 7 'Cyber Mercenary' Companies for Spying on 50,000 Users - The Hacker News
Google unleashes security 'fuzzer' on Log4Shell bug in open source software - ZDNet
How to Prevent Customer Support Help Desk Fraud Using VPN and Other Tools - The Hacker News
Immudb: Open-source database, built on a zero trust model - Help Net Security
Log4j: Major IT vendors rush out fixes for this flaw and more ahead of Christmas - ZDNet
Logistics giant warns of BEC emails following ransomware attack - Bleeping Computer
Meta: Surveillance-for-Hire Firms Hit 50,000 Victims - InfoSecurity Magazine
New PseudoManuscrypt Malware Infected Over 35,000 Computers in 2021 - The Hacker News
Ole Miss Students Charged with Cyber-stalking - InfoSecurity Magazine
Ransomware affects the entire retail supply chain this holiday season - ZDNet
Security firm Blumira discovers major new Log4j attack vector - ZDNet
Spider-Man Fans Warned About Scams Leveraging New Movie - InfoSecurity Magazine
TellYouThePass ransomware revived in Linux, Windows Log4j attacks - Bleeping Computer
This company was hit with ransomware, but didn't have to pay up. Here's how they did it - ZDNet
This image looks very different on Apple devices — see for yourself - Bleeping Computer
US emergency directive orders govt agencies to patch Log4j bug - Bleeping Computer
Want to assemble a cyber Dream Team? Look back at the ‘92 Olympics - Help Net Security
Why is a well thought-out approach to cloud migration imperative? - Help Net Security
16/12
3 Ways ZTNA Improves Remote Access Security - Security Boulevard
4 Ways IP Data Can Help Fight Cybercrime - Security Boulevard
60% of UK Workers Have Been Victim of a Cyber-Attack, Yet Awareness Remains Low - InfoSecurity Magazine
Adoption of private 5G networks accelerates, as organizations look to improve security and speed - Help Net Security
All Change at the Top as New Ransomware Groups Emerge - InfoSecurity Magazine
Brazil investigates use of staff credentials in cyberattacks against government bodies - ZDNet
CISA, White House urge organizations to get ready for holiday cyberattacks - ZDNet
CVE-2021-44228: The Log4Shell Vulnerability - Security Boulevard
Europe’s quantum communication plans: Defending against state-sponsored cyber attacks - Help Net Security
Experts: All Breach Victims Should Freeze Credit - InfoSecurity Magazine
Facebook has taken a significant step to combat data scraping vulnerabilities - The Digital Hacker
Firefox users can't reach Microsoft.com — here's what to do - Bleeping Computer
Flaws in Lenovo laptops allow escalating to admin privileges - Security Affairs
France Orders Clearview AI to Delete Data - InfoSecurity Magazine
Google Calendar now lets you block invitation phishing attempts - Bleeping Computer
Google: This zero-click iPhone attack was incredible and terrifying - ZDNet
Gumtree classifieds site leaked personal info via the F12 key - Bleeping Computer
Hive ransomware enters big league with hundreds breached in four months - Bleeping Computer
How to implement security into software design from the get-go - Help Net Security
Lenovo laptops vulnerable to bug allowing admin privileges - Bleeping Computer
Log4j flaw: This new threat is going to affect cybersecurity for a long time - ZDNet
Microsoft: Khonsari ransomware hits self-hosted Minecraft servers - Bleeping Computer
New Fileless Malware Uses Windows Registry as Storage to Evade Detection - The Hacker News
New Jersey Cancer Care Providers Settle Data Breach Claim - InfoSecurity Magazine
Online Shoppers Could Face Eight Million Credential Stuffing Attacks Per Day Over Christmas - InfoSecurity Magazine
Online shopping at risk: Mobile application and API cyber attacks at critical high - Help Net Security
Phorpiex botnet returns with new tricks making it harder to disrupt - Bleeping Computer
Regulator: Venues Must Protect User Privacy During COVID19 Checks - InfoSecurity Magazine
Researchers Uncover New Coexistence Attacks On Wi-Fi and Bluetooth Chips - The Hacker News
Security priorities are geared toward ongoing remote and hybrid work - Help Net Security
Suspected Iranian hackers target airline with new backdoor - ZDNet
The Guide to Automating Security Training for Lean Security Teams - The Hacker News
The impact of the Log4j vulnerability on OT networks - Help Net Security
Trust in Legacy Vendors Sinks as Ransomware Spikes - Security Boulevard
US and Australia Enter CLOUD Act Agreement - InfoSecurity Magazine
Variant of Phorpiex botnet used for cryptocurrency attacks in Ethopia, Nigeria, India and more - ZDNet
15/12
After theft of $77.7 million, victim AscendEX to reimburse customers - ZDNet
DHS announces its ‘Hack DHS’ bug bounty program - Security Affairs
DHS Launches Bug Bounty Program - InfoSecurity Magazine
ExpressVPN Now Comes with Protection Against Log4Shell Vulnerability - TechNadu
Find Hidden AirTags Using Apple’s New Android Tracker Detect App - TechNadu
Foundational cloud security with CIS Benchmarks - Help Net Security
Government Experts in Last Minute Seasonal Scam Warning - InfoSecurity Magazine
Grindr Fined €6.5m for Selling User Data Without Explicit Consent - InfoSecurity Magazine
How healthcare providers handle safeguards to protect payment and PII - Help Net Security
How to Determine if Your Network Security is Working - Security Boulevard
Leveraging AIOps for a holistic view of network performance and security - Help Net Security
Log4j flaw: Now state-backed hackers are using bug as part of attacks, warns Microsoft - ZDNet
Log4j Looms Large Over Patch Tuesday - InfoSecurity Magazine
Log4j vulnerability: Why your hot take on it is wrong - TechRepublic
Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations - Help Net Security
Meta targets user information, database scraping in bug bounty expansion - ZDNet
Multiple Nation-State actors are exploiting Log4Shell flaw - Security Affairs
New "Hack DHS" program will pay up to $5,000 for discovered vulnerabilities - ZDNet
Owowa, a malicious IIS Server module used to steal Microsoft Exchange credentials - Security Affairs
Password offenders: Who’s the naughtiest of them all? - Help Net Security
Passwordless verification API transforms every mobile phone into a security token for zero trust access - Help Net Security
Ransomware in 2022: We're all screwed - ZDNet
Singapore-South Korea digital economy deal to sync up on data, payments - ZDNet
The cyber risk future doesn’t look good, but organizations are ready - Help Net Security
UK's New Cyber Strategy Designed to Boost Position as "Global Cyber Power" - InfoSecurity Magazine
U.S. Consumers Lost $148 million to Gift Card Scams in 2021 - CISO Mag
Victims awarded $18 million in GirlsDoPorn online video case, boss on the run - ZDNet
Web App Attacks Surge 251% in Two Years - InfoSecurity Magazine
When Not to Trust Zero-Trust - Security Boulevard
While attackers begin exploiting a second Log4j flaw, a third one emerges - Security Affairs
Why are data professionals investing in data governance programs? - Help Net Security
14/12
Adobe addresses over 60 vulnerabilities in multiple products - Security Affairs
Além da Saúde, CGU, PRF e IFPR também confirmaram invasão por grupo hacker - G1
Anubis Android malware returns to target 394 financial apps - Bleeping Computer
Apple AirTag Android App is Absolutely Awful—Tracker Detect Fail - Security Boulevard
Billion-dollar natural gas supplier Superior Plus hit with ransomware - ZDNet
Brazilian Ministry of Health hit by second cyberattack in less than a week - ZDNet
Christmas Payroll Fears After Ransomware Hits Software Provider - InfoSecurity Magazine
CISA orders federal agencies to patch Log4Shell by December 24th - Bleeping Computer
Cyberattacks in 2022 Will Look Familiar - Security Boulevard
Cyberattack on BHG opioid treatment network disrupts patient care - Bleeping Computer
Employees think they’re safe from cyberthreats on company devices - Help Net Security
Enterprise email encryption without friction? Yes, it’s possible - Help Net Security
EU Parliament adopts Digital Services Act, but concerns persist - Bleeping Computer
Experts: Log4j Bug Could Be Exploited for “Years” - InfoSecurity Magazine
Google fixed the 17th zero-day in Chrome since the start of the year - Security Affairs
Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware - The Hacker News
Hackers steal Microsoft Exchange credentials using IIS module - Bleeping Computer
How Extended Security Posture Management Optimizes Your Security Stack - The Hacker News
How organizations analyze data to source insights that inform business decisions - Help Net Security
How to thwart SIM swapping attacks? - Help Net Security
Hybrid work is dead, long live “work” - Help Net Security
iOS 15.2’s App Privacy Report: How to turn it on, and what it all means - ZDNet
LastPass to Become Standalone Company - InfoSecurity Magazine
Log4j flaw could be a problem for industrial networks 'for years to come' - ZDNet
Log4j flaw puts hundreds of millions of devices at risk, says US cybersecurity agency - ZDNet
Log4j: List of vulnerable products and vendor advisories - Bleeping Computer
Log4j zero-day flaw: What you need to know and how to protect yourself - ZDNet
Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flaws - Bleeping Computer
Microsoft December 2021 Patch Tuesday: Zero-day exploited to spread Emotet malware - ZDNet
Microsoft fixes Windows AppX Installer zero-day used by Emotet - Bleeping Computer
Microsoft releases end-to-end encryption for Teams calls - ZDNet
Modern cars: A growing bundle of security vulnerabilities - Help Net Security
Police Arrest Suspected Ransomware Actor in Romania - InfoSecurity Magazine
Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation - Security Affairs
Preparing for Evolving Phishing Scams - Security Boulevard
Ransomware hits HR solutions provider Kronos, locking customers out of vital services - Help Net Security
Significant Disconnect Between SOC Leaders and Staff - InfoSecurity Magazine
TAG to Open New Global Headquarters - InfoSecurity Magazine
Teleport Adds Windows Support to Infrastructure Security Gateway - Security Boulevard
TinyNuke banking malware targets French organizations - Security Affairs
US CISA orders federal agencies to fix Log4Shell by December 24th - Security Affairs
WAF, RASP and Log4Shell - Security Boulevard
WhatsApp New Privacy Update Hides Your Status and Activity From Strangers - TechNadu
Windows 11 KB5008215 update released with application, VPN fixes - Bleeping Computer
13/12
7 Cloud Vulnerabilities Endangering Your Data! - Security Boulevard
Arrest in Romania of a ransomware affiliate scavenging for sensitive data - Data Breaches Net
Ascendex has lost $77 million worth of RC20, BSC, and Polygon tokens to cyberattack - HackRead
Attackers can get root by crashing Ubuntu’s AccountsService - Bleeping Computer
Bugs in billions of WiFi, Bluetooth chips allow password, data theft - Bleeping Computer
Building Blocks of the Widely Used Qakbot Banking Trojan outlined by Microsoft - The Digital Hacker
Can Your IAST Do This? - Security Boulevard
Canadian federal privacy commissioner says BMO security breach in 2017 affected 113,000 client accounts - Data Breaches Net
CISA adds Log4Shell Log4j flaw to the Known Exploited Vulnerabilities Catalog - Security Affairs
CSAM Found on LSU Professor’s Computer - InfoSecurity Magazine
Darknet operators of “cyber bunker” convicted and sentenced in Germany - Data Breaches Net
Database security market to reach $16,273.8 million by 2028 - Help Net Security
Did Snatch Ransomware Snitch Volvo Cars R&D Data? - CISO Mag
Digital Payment Platform might go through changes as indicated by the RBI Governor - The Digital Hacker
Discerning the scope of a serious Log4j security flaw - The Digital Hacker
EV certificate usage declining: Is the internet becoming more secure? - Help Net Security
Hackers Compromise PM Modi’s Twitter Account To Publish a Bitcoin Post - CISO Mag
Hacker-powered pentests gaining momentum - Help Net Security
How C-suite executives perceive their organizations’ readiness for ransomware attacks - Help Net Security
How Cybersecurity Awareness Shifted in 2021 - Security Boulevard
How SASE Enables and Secures 5G Networks - Security Boulevard
How worried should organizations be about their phishing click rate? - Help Net Security
Karakurt: A New Emerging Data Theft and Cyber Extortion Hacking Group - The Hacker News
Latest Apple iOS Update Patches Remote Jailbreak Exploit for iPhones - The Hacker News
Lewis & Clark Community College to resume classes from Tuesday in the midst of ransomware attack - The Digital Hacker
Log4j flaw: Attackers are making thousands of attempts to exploit this severe vulnerability - ZDNet
Log4j zero-day flaw: What you need to know and how to protect yourself - ZDNet
Log4Shell was in the wild at least nine days before public disclosure - Security Affairs
Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation - Help Net Security
Log4Shell was in the wild at least nine days before public disclosure - Security Affairs
Malicious PyPI packages with over 10,000 downloads taken down - Bleeping Computer
Microsoft Details Building Blocks of Widely Active Qakbot Banking Trojan - The Hacker News
Police arrests ransomware affiliate behind high-profile attacks - Bleeping Computer
Ransomware Affiliate Arrested in Romania; 51 Stolen Data Brokers Arrested in Ukraine - The Hacker News
“Sadistic” Online Extortionist Jailed for 32 Years - InfoSecurity Magazine
Site da Câmara de Vereadores do Rio sai do ar após ataque hacker - G1
Świętokrzyskie: Personal data leaked from the commune office in Nowiny - Data Breaches Net
Top 3 SaaS Security Threats for 2022 - The Hacker News
Two Linux botnets already exploit Log4Shell flaw in Log4j - Security Affairs
Ukraine arrests 51 for selling data of 300 million people in US, EU - Bleeping Computer
Ultimate guide to the CCSP: Build the most needed skill in cybersecurity - Help Net Security
Unused identities: A growing security threat - Help Net Security
Virginia legislative agencies and commissions hit with ransomware attack - ZDNet
Why is trust in legacy vendors on shaky ground? - Help Net Security
Woman finds medical records stacked next to recycling bin in Sharpstown neighborhood - Data Breaches Net
Worldwide Log4j Attacks That Can Deploy Malware Affect Steam, Minecraft, and iCloud - TechNadu
“Worst-Case Scenario” Log4j Exploit Travels the Globe - InfoSecurity Magazine
12/12
4 Philippine government agencies among prime targets of ‘China-sponsored’ spies, says US cyber firm - Manila Bulletin
5 tips to help seniors avoid scams this holiday season - Boston Herald
Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack - The Hacker News
BadgerDAO reveals cause behind exploit, details recovery plan - AMBCrypto
BDO clients lose money due to alleged online banking hack - Rappler
Beware! New Gmail email threat is here along with Omicron! Know how to avoid - Hindu Time
Brazil Health Ministry Website Targeted by Hackers, COVID-19 Vaccine Data At Risk - News18
Crypto Bot Trading Alert - San Francisco Examiner
Cyber security breach could target nearly all companies: Cyber watchdog - NL Times
Cybersecurity firm gives tips to confidently shop online - SunStar
Digital Assets Are Facing An Increasing Security Threat; How Can Corporations and Individuals Mitigate this Risk? - Recently Heard
DVLA scam: DVLA issues urgent warning to motorists - North Wales Chronicle
How to protect your financial data as the Cabinet Office is fined £500k for address leaks - Express
Log4j RCE activity began on December 1 as botnets start using vulnerability - ZDNet
Log4Shell: This dangerous exploit can affect everything from Apple to Minecraft - Giz China
Main cyber security technology predictions for 2022 - InfoTech Lead
Microsoft Asks Windows Users to Share Potentially Insecure Drivers - PC Magazine
Phishing attacks in Brazil grow 41% in 2021 - Play Crazy Game
Quebec shuts down thousands of sites as disclosure of the Log4Shell flaw - Security Affairs
Russian National Sentenced for Providing Crypting Service for Kelihos Botnet - Imperial Valley News
Schools face increasing risk of cyberattacks - Riverhead News Review
The Brazilian Ministry of Health’s website was hacked, and vaccination data was stolen - Nokia News
The Ongoing Evolution of Modern Ransomware - Tahawultech
Top 10 Cybersecurity Challenges to be Prepared for in 2022 - Analytics Insight
Trickbot rebirths Emotet: 140,000 Victims in 149 countries in 10 months - Zawya
Types of Cyber Threats and How to Prevent Them - The Next Hint
Understanding Cybersecurity in a Work From Home World - My Background Check
Volvo Data Breach: A Cause for Concern? - Pirate Press
