NEWS: Janeiro (09/01 - 15/01) - 02 Semana de 2022
Cyber Security and Information Security News - Daily Updates !!

15/01
9 Times Hackers Targeted Cyberattacks on Industrial Facilities
Aditya Birla Fashion (ABFRL) Data Allegedly Leaked Online, Over 5 Million Email Addresses Breached
Brunei Postal Dept warns of phishing scams via WhatsApp
City of Tenino loses $280,309 to phishing email scam, state Auditor’s Office says
Don’t download this COVID app! It’s spreading malware
Five cybersecurity myths that are compromising your data
‘Golden era’ for cyber attacks as criminals take advantage of pandemic
Hackers disrupt payroll for thousands of employers — including hospitals
Hackers Use Legitimate Adobe Emails to Harvest Credentials
Largest dark web market for stolen cards UniCC calls it quits
Linux malware sees 35% growth during 2021
macOS, Windows, Linux all targeted by new cross-platform exploit
NYC schools crippled by week-long data service systems outage
North Korean Hackers Carefully Stole $400 Million in Crypto Last Year
Qlocker ransomware returns to target QNAP NAS devices worldwide
Russia charges 8 suspected REvil ransomware gang members
SRT email service outage continues
The huge sums of money that explain why there are so many SMS and email phishing scams in Spain
14/01
3rd-party flaws allowed a teen hacker to track location of Tesla cars
2022 Cybersecurity Guide: The Security Gift For Your Loved Ones
A 'massive' hacking attack has hit government websites in Ukraine
Accellion to pay $8.1M in proposed data breach settlement
AWS Patches Glue Bug That Put Customer Data at Risk
Auto parts maker Denso targeted in ransomware cyberattack
Buckeye Broadband email accounts down due to ransomware attack
Clinic Breach Affecting 200,000 Tied to Vendor's 2020 Attack
Computer hackers apparently target City of North Port
Dark web carding platform UniCC shuts up shop after making millions
Defense contractor Hensoldt confirms Lorenz ransomware attack
EHR vendor QRS sued over breach to patient portal server
Email Service Mail2World Reported Down
Flaw Found in Biometric ID Devices
Four Ways Retailers Can Prevent and Protect Customers from a Cyber Security Attack
Goodwill discloses data breach on its ShopGoodwill platform
Hacker group REvil arrested, dismantled at US request: Russian intelligence agency
Hacking Is the New Car Jacking: How To Secure Vehicle Data
How to protect yourself against Sim-swapping scams with mobile phone fraud on the rise
Husband and wife among ransomware operators arrested in Ukraine
In Government, Access Control Means Cybersecurity
Insider Threats are a Quiet Risk in your System
Lasting Effects of Kronos Cyberattack Ripple Through Healthcare
Magniber Ransomware is becoming a nightmare for Edge users
Maryland lawmaker: Officials misled on ransomware attack
‘Massive’ Cyberattack on Ukraine Cripples Gov’t Websites
Mitigating Insider Security Threats with Zero Trust
NatWest ‘new device registered’ scam texts: what to look out for
North Korea hackers stole US$400mln of crypto last year, report
North Korean Hackers Stole $400m in Cryptocurrency Last Year
OCBC Singapore scam victims, many who lost life savings, slam bank for underwhelming response
Oscar Health Plan of California Notice of Data Breach
Questions linger after MDH ransomware attack
Ransomware attack at Durham Johnston School
Ransomware sets its sights on IOT/OT
Researchers develop CAPTCHA solver to aid dark web research
Russia arrests REvil ransomware gang members at request of US officials
Russian authorities take down REvil ransomware gang
SSU Assures Of No Personal Data Breach Due To Cyberattack On Public Authorities
SnatchCrypto campaign plants backdoors in crypto startups, DeFi, blockchain networks
State police warn of new 'phishing' scam that involves parking meters
Tech Giants to Team-Up on Open Source Security After White House Meet
The future of security protocols for remote work
The race towards renewable energy is creating new cybersecurity risks
Three Plugins with Same Bug Put 84K WordPress Sites at Risk
Transport for NSW finds more customers, employees impacted by Accellion breach
Ukrainian Cops Bust Suspected $1m Cybercrime Ring
Watch out, that Microsoft Edge update is actually ransomware
What is ransomware and how does it work?
Why Third Parties are the Source of So Many Hacks
13/01
Adobe Cloud Abused to Steal Office 365, Gmail Credentials
All 2BILLION WhatsApp users warned of simple mistake that can get your account hacked
AWS fixes security flaws that exposed AWS customer data
BlueNoroff hackers steal crypto using fake MetaMask extension
Carding site UniCC retires after generating $358 million in sales
Consumer IAM market to reach $17.6 billion by 2026
Cops warn of increasing number of bank scams as fraudsters target residents in Spain’s Palma
Councillors refuse public release of IT audit of Hackney Psya ransomware attack
DDoS Attacks Broke All Records in 2021
Delivering vulnerable signed kernel drivers remains popular among attackers
Fake Telegram App Distributes Purple Fox Malware
FBI Issues Warning on FIN7 USB Stick Exploit
FCC Proposes Stricter Data Breach Reporting Requirements
Fingers point to Lazarus, Cobalt, FIN7 as key hacking groups attacking finance industry
GootLoader Hackers Targeting Employees of Law and Accounting Firms
Hot wallet hack: Hackers steal $18.7m from Animoca’s Lympo NTF platform
Hotel chain switches to Chrome OS after Windows ransomware attack
How threat intelligence can help the financial industry prepare for cyber threats
How to ensure a Zero-Trust approach for remote workers
IBM predicting what 2022 holds for cybersecurity
Iranian Hackers Exploit Log4j Vulnerability to Deploy PowerShell Backdoor
Maryland Department of Health Systems Down 1 Month After Ransomware Attack
Microsoft Defender weakness lets hackers bypass malware detection
Most Users Are Unaware That Their Passwords Are Compromised, New Study Shows
New GootLoader Campaign Targets Accounting, Law Firms
New "Undetected" Backdoor Runs Across Three OS Platforms
New Zealand: 5 cyber threats to look out for this year
NSO spyware found targeting journalists and NGOs in El Salvador
Norton's cynical crypto ploy: A dark harbinger of crapware to come?
Putting Skin in the Cyber Insurance Game
Ransomware attack impacts Buckeye Broadband email service vendor
Ransomware attack on New Mexico jail put prisoners in lockdown
Ransomware attack on vendor shuts down Buckeye email services
Ransomware locks down prison, knocks systems offline
Report Identifies Weaknesses in Online Banking Security
Researchers Decrypted Qakbot Banking Trojan's Encrypted Registry Keys
The Human Resources Impact Of The Kronos Ransomware Attack
The public sector is more concerned about external than internal threats
The rising threat of cyber criminals targeting cloud infrastructure in 2022
UK jails man for spying on kids, adults with Remote Access Trojans
Ukrainian cops nab husband and wife suspected to be part of $1m ransomware operation
US Cyber Command links MuddyWater to Iranian intelligence
US: MuddyWater is Iranian State-Backed Group
What is ‘sextortion’ and why are cases on the rise?
What makes edge computing successful?
When it comes to banking security, there’s no silver bullet
When open-source developers go bad
Why You Need Pentesting-as-a-Service (PtaaS)
12/01
2022 promises to be a challenging year for cybersecurity professionals
A new multi-platform backdoor is leveraged by an advanced threat actor
Adobe fixes 4 critical Reader bugs that were demonstrated at Tianfu Cup
Attackers More Successful at Delivering Malware Payloads
Audit Your Active Directory with a free, read-only scan from Specops
Check your SPF records: Wide IP ranges undo email security and make for tasty phishes
CISA Adds 15 New Flaws to its Actively Exploited Vulnerabilities Catalog
Cisco Talos discovers a new malware campaign using the public cloud to hide its tracks
EA: 50 high-profile FIFA 22 accounts taken over by phishing actors
European Union to Launch Supply Chain Attack Simulation
Europol Ordered to Delete Vast Trove of Personal Information
FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure
Firefox 96 update focuses on noise improvements, main thread efficiency
Hackers take over diplomat's email, target Russian deputy minister
Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware
How safe are cloud applications?
How to Make API Security an Integral Part of Your Application Security Strategy
Interview: Open Banking Opens Customer Data to Third Parties
Iran-linked APT35 group exploits Log4Shell flaw to deploy a new PowerShell backdoor
Log4j: How hackers are using the flaw to deliver this new 'modular' backdoor
Magniber ransomware using signed APPX files to infect systems
Microsoft Starts 2022 with 97 CVEs in January Patch Tuesday
New RedLine malware version distributed as fake Omicron stat counter
New SysJoker Espionage Malware Targeting Windows, macOS, and Linux Users
New Windows KB5009543, KB5009566 updates break L2TP VPN connections
OceanLotus hackers turn to web archive files to deploy backdoors
Oxeye Tool Can Counter Log4j Obfuscation Attacks
Remote Access Trojans spread through Microsoft Azure, AWS cloud service abuse
Researchers Uncover NetUSB RCE Flaw Affecting Millions of Routers
SMEs still an easy target for cybercriminals
South African justice department clueless about hacked data
TellYouThePass ransomware returns as a cross-platform Golang threat
This new malware wants to create backdoors and targets Windows, Linux and macOS
Two Years for Man Who Used RATs to Spy on Women and Children
UK Launches Initiative to Develop Global AI Standards
US government urges organizations to prepare for Russian-sponsored cyber threats
XDR: Redefining the game for MSSPs serving SMBs and SMEs
Zero-Trust for Health Care in the Age of Ransomware
Who is the Network Access Broker ‘Wazawaka?’
Why 2022 Should be a Year of Cybersecurity Optimism
WI: Neenah schools investigating apparent cyber attack; classes canceled Wednesday
11/01
9 ways that cybersecurity may change in 2022
2021 was a terrible year for cybersecurity. Without action, 2022 could be even worse
2022 Cybersecurity Predictions from Lookout: Work From Anywhere Ends On-Premises Security
A Missouri Reporter Is (Still) Getting Blamed For the Security Flaw He Exposed
A psicologia reversa do MITRE ATT&CK – Parte 1
AvosLocker ransomware now targets Linux systems, including ESXi servers
BADNEWS for Hackers! Patchwork Group Expose Themselves in Malware Campaign
Banks Still Struggling to Spot the Signs of Human Trafficking
Brasil tem 77% mais ataques em 2021 do que em 2020
CISA adds 15 exploited vulnerabilities from Google, IBM, Microsoft, Oracle and more to catalog
Connecticut company that hosts school websites recovering from ransomware attack
DDoS attacks that come combined with extortion demands are on the rise
Corporate Cyber-Attacks Spike 50% in 2021
Critical SonicWall NAC Vulnerability Stems from Apache Mods
Cybersecurity in 2022: Addressing Insider Threats
Cybersecurity: Last year was a record year for attacks, and Log4J made it worse
Data security in the age of insider threats: A primer
EU data watchdog to Europol: You've helped yourself to too much data
FIN7 Mailing Malicious USB Sticks to Drop Ransomware
Focus On Protecting Critical Infrastructure and Supply Chains
‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS
Google Drive accounted for the most malware downloads from cloud storage sites in 2021
How the pandemic fueled enterprise digital transformation
How to Prevent Steganography Attacks
Incident Management: Benefits, KPIs and Best Practices
Indian APT exposes its Modus Operandi by infecting their own devices
JumpCloud Makes Built In Colorado’s 2022 Best Places to Work List
KCodes NetUSB bug exposes millions of routers to RCE attacks
KCodes NetUSB kernel remote code execution flaw impacts millions of devices
Major Indian fashion retailer hacked and data leaked
Many users don’t know how to protect their broadband Wi-Fi routers
Microsoft January 2022 Patch Tuesday fixes 6 zero-days, 97 flaws
Microsoft January 2022 Patch Tuesday: Six zero-days, over 90 vulnerabilities fixed
Millions of Routers Exposed to RCE by USB Kernel Bug
Missouri school district’s employee data dumped by ransomware group
New KCodes NetUSB Bug Affect Millions of Routers from Different Vendors
New RedLine malware version spread as fake Omicron stat counter
New SysJocker backdoor targets Windows, macOS, and Linux
Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers
Night Sky ransomware uses Log4j bug to hack VMware Horizon servers
Ransomware: Hackers are using Log4j flaw as part of their attacks, warns Microsoft
Romance Scammers Stole £92m From Victims Last Year
Secure boot for UK electric car chargers isn't mandatory until 2023 – but why the delay?
‘Shame on You, Moxie Marlinspike’—Fake Cash Scheme Pollutes Signal Nonprofit
Signal CEO Resigns, WhatsApp Co-Founder Takes Over as Interim CEO
Small businesses are most vulnerable to growing cybersecurity threats
Suspected Chinese hackers use Log4j flaw to deploy Night Sky ransomware, Microsoft warns
The Final Count: Vulnerabilities Up Almost 10% in 2021
This engineer broke enterprise applications for not donating for his open-source project
This is the Year to Create a Cybersecurity Culture
Tracking Adversaries in AWS using Anomaly Detection, Part 1
Tracking Adversaries in AWS using Anomaly Detection, Part 2
US govt warns of Russian hackers targeting critical infrastructure
What to Include in a Cybersecurity Disaster Recovery Plan
World Economic Forum: Cybersecurity an Increasing Global Threat
WordPress 5.8.3 Security Release fixes four vulnerabilities
10/01
6 cloud security trends to watch for in 2022
Abcbot and Xanthe botnets have the same origin, experts discovered
Abcbot Botnet Linked to Operators of Xanthe Cryptomining malware
Abcbot botnet is linked to Xanthe cryptojacking group
Ataque hacker no Ministério da Saúde completa um mês e pasta ainda convive com ‘apagão’ de dados
Ataque hacker: sistema de dados voltou ao ar, diz Ministério da Saúde
Attackers aren’t finished using Log4Shell, says Microsoft and FTC
California town announces data breach involving police department, loan provider
CISA director: 'We have not seen significant intrusions' from Log4j -- yet
Cyber-Thieves Raid Grass Valley
Detect and identify IoT malware by analyzing electromagnetic signals
Eight resolutions to help navigate the new hybrid office model
Europol ordered to erase data on those not linked to crime
Finalsite: All School Sites Now Restored After Ransomware Attack
FlexBooker Reveals Major Customer Data Breach
Forensics Expert Kept Murder Snaps on PC
How to lock down your Microsoft account and keep it safe from outside attackers
Indian-linked Patchwork APT infected its own system revealing its ops
Indian Patchwork hacking group infects itself with remote access Trojan
Linux Mint 20.3 released promising security updates until 2025
Malware Hide-in-SSD Firmware gets a makeover found
Microsoft: powerdir bug gives access to protected macOS user data
New ZLoader malware campaign hit more than 2000 victims across 111 countries
npm Libraries ‘colors’ and ‘faker’ Sabotaged in Protest by their Maintainer—What to do Now?
On-premises cloud: The worst of both worlds?
Oops: Cyberspies infect themselves with their own malware
Over Half of SMEs Have Experienced a Cybersecurity Breach
Ransomware warning: Cyber criminals are mailing out USB drives that install malware
Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries
Securing Onboarding and Offboarding in the Cloud
Several EA Sports FIFA 22 players have been hacked
The Number 1 Enemy of XDR and SIEM: Dwell Time
Unified communications market size to reach $344.84 billion by 2028
US Issues Warning Over Commercial Spyware
What to expect in 2022 privacy wise?
WordPress 5.8.3 security update fixes SQL injection, XSS flaws
09/01
BADNEWS! Patchwork APT Hackers Score Own Goal in Recent Malware Attacks
Beware! Flubot Android Malware is Back
Cyber Defense Magazine – January 2022 has arrived. Enjoy it!
Cybersecurity crucial for ongoing digitisation of banking industry: researchers
Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
FBI warning: FIN7 gang sends USB sticks containing ransomware
Google docs malware warning as cybercriminals send bogus links to users in spear-phishing scam
Medical Review Institute of America Notifies Patients of Data Breach
QNAP issues ransomware warning to users: secure your devices or disconnect unprotected NAS