NEWS: Janeiro (09/01 - 15/01) - 02 Semana de 2022

Cyber Security and Information Security News - Daily Updates !!

15/01

9 Times Hackers Targeted Cyberattacks on Industrial Facilities

Aditya Birla Fashion (ABFRL) Data Allegedly Leaked Online, Over 5 Million Email Addresses Breached

Brunei Postal Dept warns of phishing scams via WhatsApp

City of Tenino loses $280,309 to phishing email scam, state Auditor’s Office says

Considering a Move to Zero Trust Security? Keep these Identity Security Practices and Resources in Mind

Don’t download this COVID app! It’s spreading malware

Five cybersecurity myths that are compromising your data

‘Golden era’ for cyber attacks as criminals take advantage of pandemic

Hackers disrupt payroll for thousands of employers — including hospitals

Hackers Use Legitimate Adobe Emails to Harvest Credentials

Largest dark web market for stolen cards UniCC calls it quits

Linux malware sees 35% growth during 2021

macOS, Windows, Linux all targeted by new cross-platform exploit

NYC schools crippled by week-long data service systems outage

North Korean Hackers Carefully Stole $400 Million in Crypto Last Year

Qlocker ransomware returns to target QNAP NAS devices worldwide

Russia charges 8 suspected REvil ransomware gang members

SRT email service outage continues

The huge sums of money that explain why there are so many SMS and email phishing scams in Spain

U.S., France discuss measures to support Ukraine after cyberattack on govt websites – U.S. Department of State

14/01

3rd-party flaws allowed a teen hacker to track location of Tesla cars

2022 Cybersecurity Guide: The Security Gift For Your Loved Ones

A 'massive' hacking attack has hit government websites in Ukraine

Accellion to pay $8.1M in proposed data breach settlement

AWS Patches Glue Bug That Put Customer Data at Risk

Auto parts maker Denso targeted in ransomware cyberattack

Buckeye Broadband email accounts down due to ransomware attack

Clinic Breach Affecting 200,000 Tied to Vendor's 2020 Attack

Computer hackers apparently target City of North Port

Dark web carding platform UniCC shuts up shop after making millions

Data breach: Sheffield Council reprimanded after 8.6 million vehicle number plates were shared on the internet

Defense contractor Hensoldt confirms Lorenz ransomware attack

EHR vendor QRS sued over breach to patient portal server

Email Service Mail2World Reported Down

Flaw Found in Biometric ID Devices

Four Ways Retailers Can Prevent and Protect Customers from a Cyber Security Attack

Goodwill discloses data breach on its ShopGoodwill platform

Hacker group REvil arrested, dismantled at US request: Russian intelligence agency

Hacking Is the New Car Jacking: How To Secure Vehicle Data

How to protect yourself against Sim-swapping scams with mobile phone fraud on the rise

Husband and wife among ransomware operators arrested in Ukraine

In Government, Access Control Means Cybersecurity

Insider Threats are a Quiet Risk in your System

Lasting Effects of Kronos Cyberattack Ripple Through Healthcare

Magniber Ransomware is becoming a nightmare for Edge users

Maryland lawmaker: Officials misled on ransomware attack

‘Massive’ Cyberattack on Ukraine Cripples Gov’t Websites

Mitigating Insider Security Threats with Zero Trust

NatWest ‘new device registered’ scam texts: what to look out for

North Korea hackers stole US$400mln of crypto last year, report

North Korean Hackers Stole $400m in Cryptocurrency Last Year

OCBC Singapore scam victims, many who lost life savings, slam bank for underwhelming response

Oscar Health Plan of California Notice of Data Breach

Questions linger after MDH ransomware attack

Ransomware attack at Durham Johnston School

Ransomware sets its sights on IOT/OT

Researchers develop CAPTCHA solver to aid dark web research

Russia arrests REvil ransomware gang members at request of US officials

Russian authorities take down REvil ransomware gang

SSU Assures Of No Personal Data Breach Due To Cyberattack On Public Authorities

SnatchCrypto campaign plants backdoors in crypto startups, DeFi, blockchain networks

State police warn of new 'phishing' scam that involves parking meters

Tech Giants to Team-Up on Open Source Security After White House Meet

The future of security protocols for remote work

The race towards renewable energy is creating new cybersecurity risks

Three Plugins with Same Bug Put 84K WordPress Sites at Risk

Transport for NSW finds more customers, employees impacted by Accellion breach

Ukrainian Cops Bust Suspected $1m Cybercrime Ring

Watch out, that Microsoft Edge update is actually ransomware

What is ransomware and how does it work?

White House confirms person behind Colonial Pipeline ransomware attack nabbed during Russian REvil raid

Why Third Parties are the Source of So Many Hacks

13/01

Adobe Cloud Abused to Steal Office 365, Gmail Credentials

All 2BILLION WhatsApp users warned of simple mistake that can get your account hacked

AWS fixes security flaws that exposed AWS customer data

BlueNoroff hackers steal crypto using fake MetaMask extension

Carding site UniCC retires after generating $358 million in sales

Consumer IAM market to reach $17.6 billion by 2026

Cops warn of increasing number of bank scams as fraudsters target residents in Spain’s Palma

Councillors refuse public release of IT audit of Hackney Psya ransomware attack

Cybersecurity Trends for 2022

DDoS Attacks Broke All Records in 2021

Delivering vulnerable signed kernel drivers remains popular among attackers

Fake Telegram App Distributes Purple Fox Malware

FBI Issues Warning on FIN7 USB Stick Exploit

FCC Proposes Stricter Data Breach Reporting Requirements

Fingers point to Lazarus, Cobalt, FIN7 as key hacking groups attacking finance industry

GootLoader Hackers Targeting Employees of Law and Accounting Firms

Hot wallet hack: Hackers steal $18.7m from Animoca’s Lympo NTF platform

Hotel chain switches to Chrome OS after Windows ransomware attack

How threat intelligence can help the financial industry prepare for cyber threats

How to ensure a Zero-Trust approach for remote workers

IBM predicting what 2022 holds for cybersecurity

Iranian Hackers Exploit Log4j Vulnerability to Deploy PowerShell Backdoor

Lazarus, Cobalt, and FIN7 have all been identified as major hacker organisations targeting the financial sector

Maryland Department of Health Systems Down 1 Month After Ransomware Attack

Massachusetts State Police warn of parking scam that uses QR codes to steal bank account, credit card information

Microsoft Defender weakness lets hackers bypass malware detection

Most Users Are Unaware That Their Passwords Are Compromised, New Study Shows

New GootLoader Campaign Targets Accounting, Law Firms

New "Undetected" Backdoor Runs Across Three OS Platforms

New Zealand: 5 cyber threats to look out for this year

NSO spyware found targeting journalists and NGOs in El Salvador

Norton's cynical crypto ploy: A dark harbinger of crapware to come?

OCBC phishing scam underscores trade-off between convenience and security, with bank customers at risk: Experts

Putting Skin in the Cyber Insurance Game

Ransomware attack impacts Buckeye Broadband email service vendor

Ransomware attack on New Mexico jail put prisoners in lockdown

Ransomware attack on vendor shuts down Buckeye email services

Ransomware locks down prison, knocks systems offline

Report Identifies Weaknesses in Online Banking Security

Researchers Decrypted Qakbot Banking Trojan's Encrypted Registry Keys

Singapore: 1,200 phishing scams since December; some culprits impersonate officials and use stolen data to set up e-wallet

The Human Resources Impact Of The Kronos Ransomware Attack

The public sector is more concerned about external than internal threats

The rising threat of cyber criminals targeting cloud infrastructure in 2022

The Rhode Island Public Transit Authority (RIPTA) Data Breach May Provide Valuable Lessons About Data Collection and Retention

UK jails man for spying on kids, adults with Remote Access Trojans

Ukrainian cops nab husband and wife suspected to be part of $1m ransomware operation

US Cyber Command links MuddyWater to Iranian intelligence

US: MuddyWater is Iranian State-Backed Group

What is ‘sextortion’ and why are cases on the rise?

What makes edge computing successful?

When it comes to banking security, there’s no silver bullet

When open-source developers go bad

Why You Need Pentesting-as-a-Service (PtaaS)

12/01

2022 promises to be a challenging year for cybersecurity professionals

A new multi-platform backdoor is leveraged by an advanced threat actor

Adobe fixes 4 critical Reader bugs that were demonstrated at Tianfu Cup

Attackers More Successful at Delivering Malware Payloads

Audit Your Active Directory with a free, read-only scan from Specops

Check your SPF records: Wide IP ranges undo email security and make for tasty phishes

CISA Adds 15 New Flaws to its Actively Exploited Vulnerabilities Catalog

Cisco Talos discovers a new malware campaign using the public cloud to hide its tracks

EA: 50 high-profile FIFA 22 accounts taken over by phishing actors

European Union to Launch Supply Chain Attack Simulation

Europol Ordered to Delete Vast Trove of Personal Information

FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure

Firefox 96 update focuses on noise improvements, main thread efficiency

Hackers take over diplomat's email, target Russian deputy minister

Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware

How safe are cloud applications?

How to Make API Security an Integral Part of Your Application Security Strategy

Interview: Open Banking Opens Customer Data to Third Parties

Iran-linked APT35 group exploits Log4Shell flaw to deploy a new PowerShell backdoor

Log4j: How hackers are using the flaw to deliver this new 'modular' backdoor

Magniber ransomware using signed APPX files to infect systems

Maryland Department Of Health Confirms Ransomware Attack Caused Disruption In COVID-19 Data Last Month

Microsoft Starts 2022 with 97 CVEs in January Patch Tuesday

New RedLine malware version distributed as fake Omicron stat counter

New SysJoker Espionage Malware Targeting Windows, macOS, and Linux Users

New Windows KB5009543, KB5009566 updates break L2TP VPN connections

OceanLotus hackers turn to web archive files to deploy backdoors

Oxeye Tool Can Counter Log4j Obfuscation Attacks

Remote Access Trojans spread through Microsoft Azure, AWS cloud service abuse

Researchers Uncover NetUSB RCE Flaw Affecting Millions of Routers

SMEs still an easy target for cybercriminals

South African justice department clueless about hacked data

TellYouThePass ransomware returns as a cross-platform Golang threat

This new malware wants to create backdoors and targets Windows, Linux and macOS

Two Years for Man Who Used RATs to Spy on Women and Children

UK Launches Initiative to Develop Global AI Standards

US government urges organizations to prepare for Russian-sponsored cyber threats

XDR: Redefining the game for MSSPs serving SMBs and SMEs

Zero-Trust for Health Care in the Age of Ransomware

Who is the Network Access Broker ‘Wazawaka?’

Why 2022 Should be a Year of Cybersecurity Optimism

WI: Neenah schools investigating apparent cyber attack; classes canceled Wednesday

11/01

9 ways that cybersecurity may change in 2022

2021 was a terrible year for cybersecurity. Without action, 2022 could be even worse

2022 Cybersecurity Predictions from Lookout: Work From Anywhere Ends On-Premises Security

A Missouri Reporter Is (Still) Getting Blamed For the Security Flaw He Exposed

A psicologia reversa do MITRE ATT&CK – Parte 1

AvosLocker ransomware now targets Linux systems, including ESXi servers

BADNEWS for Hackers! Patchwork Group Expose Themselves in Malware Campaign

Banks Still Struggling to Spot the Signs of Human Trafficking

Brasil tem 77% mais ataques em 2021 do que em 2020

CISA adds 15 exploited vulnerabilities from Google, IBM, Microsoft, Oracle and more to catalog

Connecticut company that hosts school websites recovering from ransomware attack

DDoS attacks that come combined with extortion demands are on the rise

Corporate Cyber-Attacks Spike 50% in 2021

Critical SonicWall NAC Vulnerability Stems from Apache Mods

Cybersecurity in 2022: Addressing Insider Threats

Cybersecurity: Last year was a record year for attacks, and Log4J made it worse

Data security in the age of insider threats: A primer

EU data watchdog to Europol: You've helped yourself to too much data

FIN7 Mailing Malicious USB Sticks to Drop Ransomware

Focus On Protecting Critical Infrastructure and Supply Chains

Four million outdated Log4j downloads were served from Apache Maven Central alone despite vuln publicity blitz

‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS

Google Drive accounted for the most malware downloads from cloud storage sites in 2021

How the pandemic fueled enterprise digital transformation

How to Prevent Steganography Attacks

Incident Management: Benefits, KPIs and Best Practices

Indian APT exposes its Modus Operandi by infecting their own devices

JumpCloud Makes Built In Colorado’s 2022 Best Places to Work List

KCodes NetUSB bug exposes millions of routers to RCE attacks

KCodes NetUSB kernel remote code execution flaw impacts millions of devices

Major Indian fashion retailer hacked and data leaked

Many users don’t know how to protect their broadband Wi-Fi routers

Microsoft January 2022 Patch Tuesday fixes 6 zero-days, 97 flaws

Microsoft January 2022 Patch Tuesday: Six zero-days, over 90 vulnerabilities fixed

Millions of Routers Exposed to RCE by USB Kernel Bug

Missouri school district’s employee data dumped by ransomware group

New KCodes NetUSB Bug Affect Millions of Routers from Different Vendors

New RedLine malware version spread as fake Omicron stat counter

New SysJocker backdoor targets Windows, macOS, and Linux

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Night Sky ransomware uses Log4j bug to hack VMware Horizon servers

Ransomware: Hackers are using Log4j flaw as part of their attacks, warns Microsoft

Romance Scammers Stole £92m From Victims Last Year

Secure boot for UK electric car chargers isn't mandatory until 2023 – but why the delay?

‘Shame on You, Moxie Marlinspike’—Fake Cash Scheme Pollutes Signal Nonprofit

Signal CEO Resigns, WhatsApp Co-Founder Takes Over as Interim CEO

Small businesses are most vulnerable to growing cybersecurity threats

Suspected Chinese hackers use Log4j flaw to deploy Night Sky ransomware, Microsoft warns

The Final Count: Vulnerabilities Up Almost 10% in 2021

This engineer broke enterprise applications for not donating for his open-source project

This is the Year to Create a Cybersecurity Culture

Tracking Adversaries in AWS using Anomaly Detection, Part 1

Tracking Adversaries in AWS using Anomaly Detection, Part 2

US govt warns of Russian hackers targeting critical infrastructure

What to Include in a Cybersecurity Disaster Recovery Plan

World Economic Forum: Cybersecurity an Increasing Global Threat

WordPress 5.8.3 Security Release fixes four vulnerabilities

10/01

6 cloud security trends to watch for in 2022

Abcbot and Xanthe botnets have the same origin, experts discovered

Abcbot Botnet Linked to Operators of Xanthe Cryptomining malware

Abcbot botnet is linked to Xanthe cryptojacking group

Ataque hacker no Ministério da Saúde completa um mês e pasta ainda convive com ‘apagão’ de dados

Ataque hacker: sistema de dados voltou ao ar, diz Ministério da Saúde

Attackers aren’t finished using Log4Shell, says Microsoft and FTC

California town announces data breach involving police department, loan provider

CISA director: 'We have not seen significant intrusions' from Log4j -- yet

Connecticut Nerds Report CSAM

Cyber-Thieves Raid Grass Valley

Detect and identify IoT malware by analyzing electromagnetic signals

Eight resolutions to help navigate the new hybrid office model

Europol ordered to erase data on those not linked to crime

Finalsite: All School Sites Now Restored After Ransomware Attack

FlexBooker Reveals Major Customer Data Breach

Forensics Expert Kept Murder Snaps on PC

How to lock down your Microsoft account and keep it safe from outside attackers

Indian-linked Patchwork APT infected its own system revealing its ops

Indian Patchwork hacking group infects itself with remote access Trojan

Linux Mint 20.3 released promising security updates until 2025

Malware Hide-in-SSD Firmware gets a makeover found

Microsoft: powerdir bug gives access to protected macOS user data

New Paper: “Future Of The SOC: Process Consistency and Creativity: a Delicate Balance” (Paper 3 of 4)

New ZLoader malware campaign hit more than 2000 victims across 111 countries

npm Libraries ‘colors’ and ‘faker’ Sabotaged in Protest by their Maintainer—What to do Now?

On-premises cloud: The worst of both worlds?

Oops: Cyberspies infect themselves with their own malware

Over Half of SMEs Have Experienced a Cybersecurity Breach

Ransomware warning: Cyber criminals are mailing out USB drives that install malware

Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries

Securing Onboarding and Offboarding in the Cloud

Several EA Sports FIFA 22 players have been hacked

Sonrai Security Enters 2022 with Exponential Revenue Growth and Strong Customer Acquisition and Retention

The Number 1 Enemy of XDR and SIEM: Dwell Time

Um mês após ataque hacker, Ministério da Saúde diz que integração entre sistema de dados foi restabelecida na sexta

Unified communications market size to reach $344.84 billion by 2028

US Issues Warning Over Commercial Spyware

What to expect in 2022 privacy wise?

WordPress 5.8.3 security update fixes SQL injection, XSS flaws

09/01

BADNEWS! Patchwork APT Hackers Score Own Goal in Recent Malware Attacks

Beware! Flubot Android Malware is Back

Cyber Defense Magazine – January 2022 has arrived. Enjoy it!

Cybersecurity crucial for ongoing digitisation of banking industry: researchers

Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps

FBI warning: FIN7 gang sends USB sticks containing ransomware

Google docs malware warning as cybercriminals send bogus links to users in spear-phishing scam

Medical Review Institute of America Notifies Patients of Data Breach

QNAP issues ransomware warning to users: secure your devices or disconnect unprotected NAS

Ransomware attack shuts school websites

Rhode Island Public Transit Authority (RIPTA) data breach linked to file wrongly stored on employee's hard drive, unions told

Scheduling platform Flexbooker hacked, 3.7 mn users’ data stolen

Thieves steal NFTs collection valued at $2.2 million

Warning: “Lots of reports about scam NHS Covid Pass text message” says North Wales Police Cyber Crime Team

NEWS: Janeiro (02/01 - 08/01) - 01 Semana de 2022