NEWS: Janeiro (09/01 - 15/01) - 02 Semana de 2022

Cyber Security and Information Security News - Daily Updates !!

14/01


3rd-party flaws allowed a teen hacker to track location of Tesla cars


2022 Cybersecurity Guide: The Security Gift For Your Loved Ones


A 'massive' hacking attack has hit government websites in Ukraine


Accellion to pay $8.1M in proposed data breach settlement


AWS Patches Glue Bug That Put Customer Data at Risk


Auto parts maker Denso targeted in ransomware cyberattack


Buckeye Broadband email accounts down due to ransomware attack


Clinic Breach Affecting 200,000 Tied to Vendor's 2020 Attack


Computer hackers apparently target City of North Port


Dark web carding platform UniCC shuts up shop after making millions


Data breach: Sheffield Council reprimanded after 8.6 million vehicle number plates were shared on the internet


Defense contractor Hensoldt confirms Lorenz ransomware attack


EHR vendor QRS sued over breach to patient portal server


Email Service Mail2World Reported Down


Flaw Found in Biometric ID Devices


Four Ways Retailers Can Prevent and Protect Customers from a Cyber Security Attack


Goodwill discloses data breach on its ShopGoodwill platform


Hacker group REvil arrested, dismantled at US request: Russian intelligence agency


Hacking Is the New Car Jacking: How To Secure Vehicle Data


How to protect yourself against Sim-swapping scams with mobile phone fraud on the rise


Husband and wife among ransomware operators arrested in Ukraine


In Government, Access Control Means Cybersecurity


Insider Threats are a Quiet Risk in your System


Lasting Effects of Kronos Cyberattack Ripple Through Healthcare


Magniber Ransomware is becoming a nightmare for Edge users


Maryland lawmaker: Officials misled on ransomware attack


‘Massive’ Cyberattack on Ukraine Cripples Gov’t Websites


Mitigating Insider Security Threats with Zero Trust


NatWest ‘new device registered’ scam texts: what to look out for


North Korea hackers stole US$400mln of crypto last year, report


North Korean Hackers Stole $400m in Cryptocurrency Last Year


OCBC Singapore scam victims, many who lost life savings, slam bank for underwhelming response


Oscar Health Plan of California Notice of Data Breach


Questions linger after MDH ransomware attack


Ransomware attack at Durham Johnston School


Ransomware sets its sights on IOT/OT


Researchers develop CAPTCHA solver to aid dark web research


Russia arrests REvil ransomware gang members at request of US officials


Russian authorities take down REvil ransomware gang


SSU Assures Of No Personal Data Breach Due To Cyberattack On Public Authorities


SnatchCrypto campaign plants backdoors in crypto startups, DeFi, blockchain networks


State police warn of new 'phishing' scam that involves parking meters


Tech Giants to Team-Up on Open Source Security After White House Meet


The future of security protocols for remote work


The race towards renewable energy is creating new cybersecurity risks


Three Plugins with Same Bug Put 84K WordPress Sites at Risk


Transport for NSW finds more customers, employees impacted by Accellion breach


Ukrainian Cops Bust Suspected $1m Cybercrime Ring


Watch out, that Microsoft Edge update is actually ransomware


What is ransomware and how does it work?


White House confirms person behind Colonial Pipeline ransomware attack nabbed during Russian REvil raid


Why Third Parties are the Source of So Many Hacks



13/01


Adobe Cloud Abused to Steal Office 365, Gmail Credentials


All 2BILLION WhatsApp users warned of simple mistake that can get your account hacked


AWS fixes security flaws that exposed AWS customer data


BlueNoroff hackers steal crypto using fake MetaMask extension


Carding site UniCC retires after generating $358 million in sales


Consumer IAM market to reach $17.6 billion by 2026


Cops warn of increasing number of bank scams as fraudsters target residents in Spain’s Palma


Councillors refuse public release of IT audit of Hackney Psya ransomware attack


Cybersecurity Trends for 2022


DDoS Attacks Broke All Records in 2021


Delivering vulnerable signed kernel drivers remains popular among attackers


Fake Telegram App Distributes Purple Fox Malware


FBI Issues Warning on FIN7 USB Stick Exploit


FCC Proposes Stricter Data Breach Reporting Requirements


Fingers point to Lazarus, Cobalt, FIN7 as key hacking groups attacking finance industry


GootLoader Hackers Targeting Employees of Law and Accounting Firms


Hot wallet hack: Hackers steal $18.7m from Animoca’s Lympo NTF platform


Hotel chain switches to Chrome OS after Windows ransomware attack


How threat intelligence can help the financial industry prepare for cyber threats


How to ensure a Zero-Trust approach for remote workers


IBM predicting what 2022 holds for cybersecurity


Iranian Hackers Exploit Log4j Vulnerability to Deploy PowerShell Backdoor


Lazarus, Cobalt, and FIN7 have all been identified as major hacker organisations targeting the financial sector


Maryland Department of Health Systems Down 1 Month After Ransomware Attack


Massachusetts State Police warn of parking scam that uses QR codes to steal bank account, credit card information


Microsoft Defender weakness lets hackers bypass malware detection


Most Users Are Unaware That Their Passwords Are Compromised, New Study Shows


New GootLoader Campaign Targets Accounting, Law Firms


New "Undetected" Backdoor Runs Across Three OS Platforms


New Zealand: 5 cyber threats to look out for this year


NSO spyware found targeting journalists and NGOs in El Salvador


Norton's cynical crypto ploy: A dark harbinger of crapware to come?


OCBC phishing scam underscores trade-off between convenience and security, with bank customers at risk: Experts


Putting Skin in the Cyber Insurance Game


Ransomware attack impacts Buckeye Broadband email service vendor


Ransomware attack on New Mexico jail put prisoners in lockdown


Ransomware attack on vendor shuts down Buckeye email services


Ransomware locks down prison, knocks systems offline


Report Identifies Weaknesses in Online Banking Security


Researchers Decrypted Qakbot Banking Trojan's Encrypted Registry Keys


Singapore: 1,200 phishing scams since December; some culprits impersonate officials and use stolen data to set up e-wallet


The Human Resources Impact Of The Kronos Ransomware Attack


The public sector is more concerned about external than internal threats


The rising threat of cyber criminals targeting cloud infrastructure in 2022


The Rhode Island Public Transit Authority (RIPTA) Data Breach May Provide Valuable Lessons About Data Collection and Retention


UK jails man for spying on kids, adults with Remote Access Trojans


Ukrainian cops nab husband and wife suspected to be part of $1m ransomware operation


US Cyber Command links MuddyWater to Iranian intelligence


US: MuddyWater is Iranian State-Backed Group


What is ‘sextortion’ and why are cases on the rise?


What makes edge computing successful?


When it comes to banking security, there’s no silver bullet


When open-source developers go bad


Why You Need Pentesting-as-a-Service (PtaaS)



12/01


2022 promises to be a challenging year for cybersecurity professionals


A new multi-platform backdoor is leveraged by an advanced threat actor


Adobe fixes 4 critical Reader bugs that were demonstrated at Tianfu Cup


Attackers More Successful at Delivering Malware Payloads


Audit Your Active Directory with a free, read-only scan from Specops


Check your SPF records: Wide IP ranges undo email security and make for tasty phishes


CISA Adds 15 New Flaws to its Actively Exploited Vulnerabilities Catalog


Cisco Talos discovers a new malware campaign using the public cloud to hide its tracks


EA: 50 high-profile FIFA 22 accounts taken over by phishing actors


European Union to Launch Supply Chain Attack Simulation


Europol Ordered to Delete Vast Trove of Personal Information


FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure


Firefox 96 update focuses on noise improvements, main thread efficiency


Hackers take over diplomat's email, target Russian deputy minister


Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware


How safe are cloud applications?


How to Make API Security an Integral Part of Your Application Security Strategy


Interview: Open Banking Opens Customer Data to Third Parties


Iran-linked APT35 group exploits Log4Shell flaw to deploy a new PowerShell backdoor


Log4j: How hackers are using the flaw to deliver this new 'modular' backdoor


Magniber ransomware using signed APPX files to infect systems


Maryland Department Of Health Confirms Ransomware Attack Caused Disruption In COVID-19 Data Last Month


Microsoft Starts 2022 with 97 CVEs in January Patch Tuesday


New RedLine malware version distributed as fake Omicron stat counter


New SysJoker Espionage Malware Targeting Windows, macOS, and Linux Users


New Windows KB5009543, KB5009566 updates break L2TP VPN connections


OceanLotus hackers turn to web archive files to deploy backdoors


Oxeye Tool Can Counter Log4j Obfuscation Attacks


Remote Access Trojans spread through Microsoft Azure, AWS cloud service abuse


Researchers Uncover NetUSB RCE Flaw Affecting Millions of Routers


SMEs still an easy target for cybercriminals


South African justice department clueless about hacked data


TellYouThePass ransomware returns as a cross-platform Golang threat


This new malware wants to create backdoors and targets Windows, Linux and macOS


Two Years for Man Who Used RATs to Spy on Women and Children


UK Launches Initiative to Develop Global AI Standards


US government urges organizations to prepare for Russian-sponsored cyber threats


XDR: Redefining the game for MSSPs serving SMBs and SMEs


Zero-Trust for Health Care in the Age of Ransomware


Who is the Network Access Broker ‘Wazawaka?’


Why 2022 Should be a Year of Cybersecurity Optimism


WI: Neenah schools investigating apparent cyber attack; classes canceled Wednesday



11/01


9 ways that cybersecurity may change in 2022


2021 was a terrible year for cybersecurity. Without action, 2022 could be even worse


2022 Cybersecurity Predictions from Lookout: Work From Anywhere Ends On-Premises Security


A Missouri Reporter Is (Still) Getting Blamed For the Security Flaw He Exposed


A psicologia reversa do MITRE ATT&CK – Parte 1


AvosLocker ransomware now targets Linux systems, including ESXi servers


BADNEWS for Hackers! Patchwork Group Expose Themselves in Malware Campaign


Banks Still Struggling to Spot the Signs of Human Trafficking


Brasil tem 77% mais ataques em 2021 do que em 2020


CISA adds 15 exploited vulnerabilities from Google, IBM, Microsoft, Oracle and more to catalog


Connecticut company that hosts school websites recovering from ransomware attack


DDoS attacks that come combined with extortion demands are on the rise


Corporate Cyber-Attacks Spike 50% in 2021


Critical SonicWall NAC Vulnerability Stems from Apache Mods


Cybersecurity in 2022: Addressing Insider Threats


Cybersecurity: Last year was a record year for attacks, and Log4J made it worse


Data security in the age of insider threats: A primer


EU data watchdog to Europol: You've helped yourself to too much data


FIN7 Mailing Malicious USB Sticks to Drop Ransomware


Focus On Protecting Critical Infrastructure and Supply Chains


Four million outdated Log4j downloads were served from Apache Maven Central alone despite vuln publicity blitz


‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS


Google Drive accounted for the most malware downloads from cloud storage sites in 2021


How the pandemic fueled enterprise digital transformation


How to Prevent Steganography Attacks


Incident Management: Benefits, KPIs and Best Practices


Indian APT exposes its Modus Operandi by infecting their own devices


JumpCloud Makes Built In Colorado’s 2022 Best Places to Work List


KCodes NetUSB bug exposes millions of routers to RCE attacks


KCodes NetUSB kernel remote code execution flaw impacts millions of devices


Major Indian fashion retailer hacked and data leaked


Many users don’t know how to protect their broadband Wi-Fi routers


Microsoft January 2022 Patch Tuesday fixes 6 zero-days, 97 flaws


Microsoft January 2022 Patch Tuesday: Six zero-days, over 90 vulnerabilities fixed


Millions of Routers Exposed to RCE by USB Kernel Bug


Missouri school district’s employee data dumped by ransomware group


New KCodes NetUSB Bug Affect Millions of Routers from Different Vendors


New RedLine malware version spread as fake Omicron stat counter


New SysJocker backdoor targets Windows, macOS, and Linux


Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers


Night Sky ransomware uses Log4j bug to hack VMware Horizon servers


Ransomware: Hackers are using Log4j flaw as part of their attacks, warns Microsoft


Romance Scammers Stole £92m From Victims Last Year


Secure boot for UK electric car chargers isn't mandatory until 2023 – but why the delay?


‘Shame on You, Moxie Marlinspike’—Fake Cash Scheme Pollutes Signal Nonprofit


Signal CEO Resigns, WhatsApp Co-Founder Takes Over as Interim CEO


Small businesses are most vulnerable to growing cybersecurity threats


Suspected Chinese hackers use Log4j flaw to deploy Night Sky ransomware, Microsoft warns


The Final Count: Vulnerabilities Up Almost 10% in 2021


This engineer broke enterprise applications for not donating for his open-source project


This is the Year to Create a Cybersecurity Culture


Tracking Adversaries in AWS using Anomaly Detection, Part 1


Tracking Adversaries in AWS using Anomaly Detection, Part 2


US govt warns of Russian hackers targeting critical infrastructure


What to Include in a Cybersecurity Disaster Recovery Plan


World Economic Forum: Cybersecurity an Increasing Global Threat


WordPress 5.8.3 Security Release fixes four vulnerabilities



10/01


6 cloud security trends to watch for in 2022