NEWS: Dezembro (19/12 - 25/12) - 51 Semana de 2021

Cyber Security and Information Security News - Daily Updates !!

25/12


AvosLocker Ransomware Uses AnyDesk in Safe Mode to Launch - The Headlines of Today


Cert-In discovered a new Ransomware virus disseminated via e-mail - The Digital Hacker


Deep Web vs Dark Web: Understanding the Differences - The Teal Mango


French IT Services Firm Hit by Ransomware Attack - Gov Info Security


Online Threat! Hackers are sending more and more SMS - Spark Chronicles


Should You Block All Monero-Related Domains? Crypto Scams Set To Rise in 2022 - Hacker Noon


Spiderman No Way Home Movie Download Could Land You in Phishing Trap - Sakshi post


There's no such thing as sensitive data - Data Center Dynamics



24/12


4 Ways To Strengthen Your Company’s Cybersecurity Infrastructure To Prevent An Attack - Forbes


5 cybersecurity trends to look out for in 2022 - ITP Net


Albania: Worries grow over personal data breach, as second leaked document distributed - Tirana Times


Albania's Prime Minister Issues Data Leak Apology - InfoSecurity Magazine


Android banking trojan spreads via fake Google Play Store page - Bleeping Computer


Attackers bypass Microsoft security patch to drop Formbook malware - HackRead


Blackmagic fixes critical DaVinci Resolve code execution flaws - Bleeping Computer


Consumer Data Breach Alert: Arthur J. Gallagher & Company - JD Supra


Cryptominers hit 'Spider-Man: No Way Home' fans while torrenting - Sify


Cybersecurity Considerations When Powering Retail IT Systems - Retail Touch Points


Data Breach Alert: Newbridge Securities Corporation - JD Supra

'Diavol' Ransomware Virus Hacks PC Via Email, And Blackmails You To Pay Money - India Times


Double check the message: Malicious actors are impersonating pharma companies - Digital journal


Five Eyes intelligence agencies warns millions at risk as hackers exploit mutating Log4Shell bug - 7News


Global IT services provider Inetum hit by ransomware attack - Bleeping Computer


Hellmann Warns Customers They Could Face Malicious Communications Following Attack - InfoSecurity Magazine


How AI-powered fraud and aggressive ransomware could dominate 2022 - Information Age


New BLISTER Malware Using Code Signing Certificates to Evade Detection - The Hacker News


New Ransomware Variants Flourish Amid Law Enforcement Actions - The Hacker News


NVIDIA apps affected by Log4j vulnerability - Bryt Fm online


Rook ransomware is yet another spawn of the leaked Babuk code - Bleeping Computer


Singapore: OCBC Bank cautions public about SMS phishing scams after customers lose $140,000 in 10 days - The Business Times


Steps you can take today to mitigate the potential of employee data breaches - News From Wales


T-Mobile says Scam Shield has blocked 21 billion scam calls in 2021 - Nation LK


Ubisoft Data breach hits Just Dance Players - Pro Privacy


Unique Cyber-Attacks Fall for First Time Since 2018 - InfoSecurity Magazine


Volvo Security Breach Led to R&D Data Theft by ‘Snatch’ Threat Actors - CPO Magazine


23/12


A flaw in Microsoft Azure App Service exposes customer source code - Security Affairs


Alibaba Suffers Government Crackdown Over Log4j - InfoSecurity Magazine


Apache's new security update for HTTP Server fixes two flaws - ZDNet


APWG’s eCrime 2021 Symposium Shows Cybercrime Evolving - Security Boulevard


Best of 2021 – Combating COMB: 3.2 billion credentials leaked in breach compilation - Security Boulevard


CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities - The Hacker News


CISA Releases Free Scanner to Spot Log4j Exposure - InfoSecurity Magazine


Consumers Warned of Surging Delivery Text Scams Ahead of Christmas - InfoSecurity Magazine


Correios viram alvo de hackers e site está fora do ar - Tudo Celular


Could passwordless be the solution to poor shopping sign-up processes? - Help Net Security


Five cybersecurity predictions for 2022 and beyond - Help Net Security


HackDHS bug bounty program accepts reports of Log4j-related flaws in DHS systems - Security Affairs


Hackers que invadiram Ministério de Saúde atacam Correios - Poder 360


Hackers raspam conta de ONG que cuida de dependentes químicos - Metropoles


How PYSA and Lockbit are Dominating the Ransomware Landscape - CISO Mag


If Your Disclosure of a Data Breach Was “Late,” You May Have to Litigate - Data Breaches Net


IoT SAFE — An Innovative Way to Secure IoT - The Hacker News


Log4Shell is a dumpster fire that should have been avoided - Help Net Security


Pain and Suffering for a Data Breach? German Court Issues First Decision of Its Kind in Europe - Data Breaches Net


PCI SSC updates its device security standard for HSMs - Help Net Security


This new ransomware has simple but very clever tricks to evade PC defenses - ZDNet


Three trivial bugs in Microsoft Teams Software remain unpatched - Security Affairs


Up to 120,000 Cops May Have Legal Claim Over 2019 Breach - InfoSecurity Magazine


Watch out for Christmas 2021 credential stuffing attacks! - Help Net Security



22/12


4-Year-Old Bug in Azure App Service Exposed Hundreds of Source Code Repositories - The Hacker News


A new version of the Abcbot bot targets Chinese cloud providers - Security Affairs


Attackers bypass Microsoft patch to deliver Formbook malware - Help Net Security


China suspends deal with Alibaba for not sharing Log4j 0-day first with the government - The Hacker News


CISA releases Apache Log4j scanner to find vulnerable apps - Bleeping Computer


Conti ransomware is exploiting the Log4Shell vulnerability to the tune of millions - TechRepublic


Cybercriminals shifting focus: IT sector most targeted in 2021 - Help Net Security


Dridex malware trolls employees with fake job termination emails - Bleeping Computer


DuckDuckGo developing a robust privacy-focused desktop browser - HackRead


Ghana govt agency exposed 700k citizens’ data in a database mess up - HackRead


How confident can organizations be in their managed services security? - Help Net Security


Iranian Nation-State Adversaries Exploit Log4j Flaw Against Israeli Firms - CISO Mag


“Melding IT and OT Systems Can Create New Attack Vectors and Surfaces” - CISO Mag


Meta warns 50,000 users about ‘surveillance-for-hire’ firms targeting them - The Digital Hacker


Microsoft Teams bug allowing phishing unpatched since March - Bleeping Computer


Monongalia Health System notifies patients and employees of data breach - Data Breaches Net


NIST Password Guidelines 2021: Challenging Traditional Password Management - Security Boulevard


NVIDIA discloses applications impacted by Log4j vulnerability - Bleeping Computer


Open-source software holds the key to solving Log4Shell-like problems - Help Net Security


PYSA ransomware gang is the most active group in November - Security Affairs


Ransomware Empire: Who might blackmail your company? - Help Net Security


Russian Cyber Exec Extradited After Alleged Trading Conspiracy - InfoSecurity Management


Salesforce CTO talks e-commerce cybersecurity threat trends for 2022 - Help Net Security


Security Operations Center (SOC) Performance Falling Short - Security Boulevard


Site da Prefeitura de Brumadinho é invadido por hackers, que deixam vídeo com ameaças a mineradora - G1


Software flaws in walk-through metal detectors made them hackable - HackRead


The gift that keeps on giving: 7 tips to avoid cyber security threats - Security Boulevard


This ransomware strain just started targeting lots more businesses - ZDNet


Ubisoft Reveals Player Data Breach Came from User Error - InfoSecurity Management


US Returns $150m to Sony After Employee BEC Attack - InfoSecurity Management



21/12


5 Application Security Standards You Should Know - Security Boulevard


6 top cybersecurity trends from 2021 and their impact on 2022 - Help Net Security


Belgian defense ministry admits attackers accessed its computer network by exploiting Log4j vulnerability - Data Breaches Net


Best of 2021 – 10 Major Cyber Attacks Witnessed Globally in Q1 2021 - Security Boulevard


Best of 2021 – Leaked Data of Domino’s India Available on Search Engine - Security Boulevard


Ca: Big White issues data breach alert - Data Breaches Net


Combating identity fraud: The key is to avoid stagnation - Help Net Security


Cyber insurance trends: Insurers and insurees must adapt equally to growing threats - Help Net Security


Cybersecurity budgets surge, as skills gap wreaks havoc on 2022 plans - Help Net Security


Data breaches reported so far this year have surpassed full-year 2020 - Data Breaches Net


F-Secure uses flaw in at-home COVID-19 test to fake results - Tech Republic


FBI: Hackers are actively exploiting this flaw on ManageEngine Desktop Central servers - ZDNet


Garrett walk-through metal detectors can be remotely manipulated - Bleeping Computer


Hackers invadem sites do governo e vendem senhas de servidores de órgãos públicos - Agora Notícias Brasil


Hackers invadem sites do governo e vendem senhas de servidores de órgãos públicos - O Globo


How familiar are consumers with data protection best practices? - Help Net Security


HSE given stolen data, including medical records, taken by criminals during cyber attack in May - Data Breaches Net


Joker Malware Resurfaces; Over 500,000 Android Users Affected - CISO Mag


Log4j flaw: 10 questions you need to be asking - ZDNet


Log4j Vulnerability Aftermath - Security Affairs


Log4Shell enumeration, mitigation and attack detection tool - Help Net Security


Meta Platforms processa hackers que se passavam por Facebook, Instagram e WhatsApp - Olhar Digital


Meta Sues to Disrupt Prolific Phishing Campaign - InfoSecurity Magazine


Microsoft Warns of Active Directory Vulnerabilities - CISO Mag


More than 35,000 Java packages impacted by Log4j flaw, Google warns - Security Affairs


New Zero Day in ManageEngine Desktop Central Servers Identified - CISO Mag


Patch these 2 Active Directory flaws to prevent the takeover of Windows domains - Security Affairs


Police found 225 million stolen passwords hidden on a hacked cloud server. Is yours one of them? - ZDNet


Police National Computer not pwned by Clop ransomware crims, insists Home Office - Data Breaches Net


Rethinking cybersecurity becomes imperative as devices and apps move away from physical offices - Help Net Security


Russian hackers made millions by stealing SEC earning reports - Bleeping Computer


Scam Phishing Network Costs Victims $80m Per Month - InfoSecurity Magazine


Secret Backdoors Found in German-made Auerswald VoIP System - The Hacker News


The Analyst Prompt #42: Ransomware Attacks Not Letting Up as 2021 Draws to a Close - Security Boulevard

Top 7 common Cybersecurity Myths — Busted - The Hacker News


Tropic Trooper Cyber Espionage Hackers Targeting Transportation Sector - The Hacker News


Two backdoors detected in Auerswald VoIP ystem - HackRead


Ubisoft confirms Just Dance data breach amid developer exodus - ZDNet


UK British Council Struck by Two Ransomware Attacks in Five Years - InfoSecurity Magazine


UK Cyber Cops Share 225 Million Passwords with Breach Site - InfoSecurity Magazine


Understanding Software Supply Chain and How to Secure It - HackRead


US returns $154 Million in bitcoins stolen by Sony employee - Bleeping Computer


Why the updated OWASP Top 10 list can’t be addressed by WAF? - Help Net Security


Windows 10 21H2 adds ransomware protection to security baseline - Bleeping Computer



20/12


4 Ways Cybercriminals Exploit Remote Teams - HackRead


14 cybersecurity predictions for 2022 and beyond - MIT Technology Review


$30 million stolen from Grim Finance, audit firm blames new hire for vulnerability - ZDNet


After ransomware attack, global logistics firm Hellmann warns of scam calls and mail - ZDNet


Ataque de hackers derruba sistemas e exclui dados da PF e PRF - R7


Avast found backdoor in US Federal Agency Network - HackRead


Belgian Defense Ministry confirms cyberattack through Log4j exploitation - ZDNet


CISA Issues Emergency Directive on Log4j - Security Boulevard


Conveyancing IT crash - company slammed for ‘wall of silence’ - Estate Agent Today


Cyber-Attack Impacts Aussie Companies - InfoSecurity Magazine


Cybercriminals exploit Spiderman: No Way Home popularity to spread malware, push phishing scams: Report - The Hindu Business Line


Cybersecurity company identifies months-long attack on US federal commission - ZDNet


DarkWatchman RAT uses Windows Registry fileless storage mechanism - Security Affairs


Data stolen from Police National Database disappears from dark web - Tech Monitor


Desjardins settles data breach suit for a maximum CA$201m - Coop News


Execs Get 16+ Years After SBA Fraud Scheme - InfoSecurity Magazine


Experts Discover Backdoor Deployed on the U.S. Federal Agency's Network - The Hacker News


FBI: State hackers exploiting new Zoho zero-day since October - Bleeping Computer


GoTestWAF: Open-source project for evaluating web application security solutions - Help Net Security


Hackers, bogus charities and ‘phishing’ emails among Christmas scams reported in Warwickshire - Rugby Observer


Hackers são condenados por falsificação de documento em sistema processual - Consultor Juridico


Healthcare provider Texas ENT alerts 535,000 patients to data breach - The Daily Swig


How can AI be made more secure and trustworthy? - Help Net Security


How likely are employees to fall prey to a phishing attack? - Help Net Security


How will cyber threats evolve in 2022? Here’s what experts say - Mint Lounge


Insider Threats: Protecting from Within - InfoSecurity Magazine


Introducing ‘killware’ — malware designed to contaminate, disrupt critical services - The Last Watchdog


IoT, cryptocurrency may spur more attacks in 2022 — Palo Alto Networks - Back End News


Log4j vulnerability now used to install Dridex banking malware - Bleeping Computer


Meta Sues Hackers Behind Facebook, WhatsApp and Instagram Phishing Attacks - The Hacker News


Microsoft warns of easy Windows domain takeover via Active Directory bugs - Bleeping Computer


New DarkWatchman malware spread through phishing emails on Windows machines: What we know so far - India Today


New Hancitor Malware Loader Delivers Malware Via Clipboard - LHN


New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G - The Hacker News


New Log4j Patch Released to Fix DoS Flaw - InfoSecurity Magazine


Over 300 victims lose $760,000 to phishing scams related to delivery firms - The Straits Times


Phishing Attacks Getting Sneakier - Ericom Blog


Ransomware attack on Kronos impacts paychecks, log-in timesheets of employees of several firms - India Today


Ransomware Gang Publish Confidential Police Data on the Dark Web - InfoSecurity Magazine


Rise in Ottawa-area cyberattacks tied to dark web and new wave of criminals - Ottawa Citizens


Robocalls More Than Doubled in 2021, Cost Victims $30B - ThreatPost


Ruled by algorithms, gig workers remain powerless against automated decision-making - ZDNet


Scammers grabbed $7.7 billion worth of cryptocurrency in 2021, say researchers - ZDNet


Shifting security further left: DevSecOps becoming SecDevOps - Help Net Security


Synthetic identity fraud: What is it, and why is it harmful? - Tech Republic


The cybersecurity executive order is not all it’s cracked up to be - Help Net Security


The Log4j saga: New vulnerabilities and attack vectors discovered - Help Net Security


Tech Companies to Protect Data on Undersea Cable - InfoSecurity Magazine


UK govt shares 585 million passwords with Have I Been Pwned - Bleeping Computer


Ukrainian War Games Test Electricity Grid - InfoSecurity Magazine


Zero trust isn’t just for IT, it can also protect targeted critical infrastructure - Help Net Security



19/12


2021 Cyber Review: The Year Ransomware Disrupted Infrastructure - Government Technology


Blackmail group Conti uses “Log4Shell” vulnerability for its ransomware - Market Research Telecast


Caution: Log4j and TellYouThePass ransomware are attacking your servers! - Best Gaming Pro


Correos explains how to avoid being scammed this Christmas - Euro Weekly


Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes - Crypto News


Crypto Users Should Prepare For More Security Threats In 2022 - Bankless Times


Difficult to determine full blast radius of Internet bugs: Google - The Siasat Daily


Facebook Bans Delhi-based IT Firm BellTroX for Hacking Accounts of Senior Govt Officials, Journalists and Others - India com


Grim Finance hacked – $30 million worth of tokens stolen - HackRead


Hackensack Healthcare Providers Settle Investigation with OAG Following Two Data Breaches - Tap into Hackensack


Hive: A terribly lively ransomware franchise - Tech Gaming Report


Lessons India Can Draw From Sri Lanka’s Efforts With Data Protection Legislation - Wire


Meta bans cyber spying firms from its platforms - KBC


NASA: Mars helicopter Ingenuity does not use Log4j - Market Research Telecast


New cyberespionage campaign discovered, possibly linked to Iran - Israel Defense


New stealthy DarkWatchman malware hides in the Windows Registry - Bleeping Computer


Pro Wrestling Tees Issues Out Statement To Customers Following Data Breach - Wrestling Inc


Pro Wrestling Tees Suffers Security Breach, Statement Released - EWrestling News