NEWS: Janeiro (30/01 - 05/02) - 05 Semana de 2022

Cyber Security and Information Security News - Daily Updates !!

05/02

5 cybersecurity risks posed by ‘shadow IT’

Biden’s latest security message is based on ‘Zero Trust’

BlackCat (ALPHV) ransomware linked to BlackMatter, DarkSide gangs

Cyber attack on Gloucester City Council means more time for people to have say on Debenhams plans

FBI shares Lockbit ransomware technical details, defense tips

Federal Trade Commission (FTC) Announces Final Settlement Over Equifax’s 2017 Data Breach

Fortune 500 service provider says ransomware attack led to leak of more than 500k SSNs

Hackers hold Hula Hoops hostage in cyber-raid on Britain’s KP Snacks

HKTVmall Announces Data Breach

How the growing Russian ransomware threat is costing companies dear

Increasing Adoption of Phishing Kits Puts MFA at Risk

Iranian APT group uses previously undocumented Trojan for destructive access to organisations

LockBit ransomware gang claims PayBito crypto exchange as new victim

Microsoft intercepted 35.7 billion phishing attempts in 2021

New Argo CD Bug Could Let Hackers Steal Secret Info from Kubernetes Apps

News Corp reports cyber data breach

Ransomware attack bill advances in Senate

That Zoom invite might be a clever phishing trick – Red flags to watch for

The digital world – Cyberwars, rumours or war and chess

Tips on how to keep your family safe online

War in Ukraine could send 'cyber attacks' and 'refugees' to Estonia

Washington state agency discloses data breach impacting hundreds of thousands of licensed professionals

Wrong timing: Mumbai firm’s owner calls cyber fraudster’s bluff

04/02

3 Ways to Ensure Cybersecurity for Legacy Systems

A look at the new Sugar ransomware demanding low ransoms

Airport services firm Swissport reports ransomware incident

All Linux Distributions Affected by 12 Year-Old PwnKit Local Privilege Escalation Bug Allowing an Attacker to Execute Commands as Root

An ALPHV (BlackCat) representative discusses the group’s plans for a ransomware ‘meta-universe’

Another Israeli Firm, QuaDream, Caught Weaponizing iPhone Bug for Spyware

Argo CD releases patch for zero-day vulnerability

Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers

Attackers Target Intuit Users by Threatening to Cancel Tax Accounts

Bank executives mostly concerned about cybercrime

Beware of the Attacks of Zombie Botnet

Binance CEO Warns of ‘Massive’ SMS Phishing Scam

Business Services Firm Morley Discloses Data Breach Affecting 500,000 People

CISA issues advisory warning of critical vulnerabilities in Airspan Networks Mimosa

Consultation on Gloucester Debenhams redevelopment extended after 'cyber incident'

HHS: Conti ransomware encrypted 80% of Ireland's HSE IT systems

China is Entering a New Era in Data Protections

Critical Infrastructure Attacks Spur Cybersecurity Investment

Cyber attacks on European oil facilities spreading

Cyber crooks targeted The Sun in an attack backed by China

Cybercrime: Darknet Markets Live On, Even as Players Change

Cybercrime Gang Tied to Ransomware Attacks in Germany, Colonial Pipeline Hackers

Data Breach Alert: SI Group Inc.

Exposed corporate credentials threatening the pharma sector

FBI Warns Olympics/Paralympics Participants of Cyber “Activities”

Freeze out hackers during the 2022 Winter Olympic Games

Halton residents warned over latest Covid email scam

How MDR Helps MSPs Navigate an Unfriendly Cyber Landscape

How NGOs can better protect sensitive data

How to check if your Gmail, iPhone or Facebook has been HACKED in seconds

Intuit releases security notices, warns of phishing emails ahead of tax season

Investment in data privacy in Brazil falls below global average

KP Snacks supply chain shut down by Conti ransomware attack

Limited IP resources leave smaller ISPs vulnerable to judgement errors when making tough cybersecurity calls

Microsoft: Russian FSB hackers hitting Ukraine since October

Microsoft disables MSIX protocol handler abused in Emotet attacks

Moody’s warns on the costs of cyber crime

More companies are using multi-factor authentication. Hackers are looking for a way to beat it

NATO Chief Says Alliance Helping Ukraine Bolster Cyber Defenses Against Russia

Neenah school district's insurance policy limits out-of-pocket expenses in Jan. 10 ransomware attack

New research reveals vicious tactics of ransomware groups

News Corp discloses hack from "persistent" nation state cyber attacks

NFT Wash Trading Made Scammers at Least $9m in 2021

Oil shipments in European oil hub delayed after cyber attacks

Operation EmailThief: Zero-day XSS vulnerability in Zimbra email platform revealed

Phishing and stealers dominate dark web forums (but don't mention ransomware)

Phishing kits that bypass MFA protection are growing in popularity

Rhode Island AG opens investigation into UnitedHealthCare after data breach

Russian Gamaredon Hackers Targeted 'Western Government Entity' in Ukraine

Seems Phishy? It Probably Is: Debunking 4 Myths That Put Your Clients at Risk

SEPA still unclear of cyber-attack financial impact

Swissport ransomware attack delays flights, disrupts operations

Tennessee College Hit with Ransomware

That Email About an Equifax Data Breach Settlement Is Real

The Alpha and Omega of software supply chain security

Trio of RCE CVSS 10 vulnerabilities among 15 CVEs in Cisco small business routers

What Prescott, Ariz., Learned 'Dodging a [Ransomware] Bullet'

What your organization can learn from the $324 million Wormhole blockchain hack

White House Issues Further Guidance for Federal Agencies on Cybersecurity Priorities

Why Cybersecurity is a Major Concern for Food Firms in 2022

Wormhole restores stolen $326 million after major crypto bailout

03/02

3D printed guns, underground markets, bomb manuals: police crackdown continues

A Majority Of Surveyed Companies Were Hit By Ransomware Attacks In 2021—And Paid Ransom Demands

Bring a burner to the Olympics, and other mobile device travel safety tips

Building confidence in your system’s security with chaos engineering

China condemns US ban on telco, urges need for fair treatment

CISA Warns of Critical Vulnerabilities Discovered in Airspan Networks Mimosa

Cisco plugs critical flaws in small business routers

Companies woefully unprepared for CCPA compliance

Crisp supply shortage looms after KP Snacks hit by ransomware

Critical Flaws Discovered in Cisco Small Business RV Series Routers

Cybersecurity: Many managers just don't want to understand the risks

Data Breach Alert: Professional Personnel Services dba Luttrell Staffing Group

Data Breach Alert: Unum Group

Data breach at ICRC

European oil port terminals hit by cyberattack

Financially Motivated Hackers Use Leaked Conti Ransomware Techniques in Attacks

Growing Number of Phish Kits Bypass MFA

Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users

Home Improvement Firm Fined £200k for Nuisance Calls

How are collaboration apps fairing in remote work environments?

How organizations are arming themselves to combat threats

How Phishers Are Slinking Their Links Into LinkedIn

How SSPM Simplifies Your SOC2 SaaS Security Posture Audit

Hula Hoops, Space Raiders and nuts shortage warning after KP Snacks ransomware attack

Insurance Company Refuses to Pay Ransomware Claim

Intuit warns of phishing emails threatening to delete accounts

KP Snacks cyber attack could lead to a shortage of nuts, crisps and popular snacks

KP Snacks Hit by Cyber-attack

Kronos Still Dragging Itself Back From Ransomware Hell

Law enforcement pressure forces ransomware groups to refine tactics in Q4 2021

Menlo Security Identifies New HEAT Cyberthreats

MFA adoption pushes phishing actors to reverse-proxy solutions

Microsoft: This Mac malware is getting smarter and more dangerous

New SEO Poisoning Campaign Distributing Trojanized Versions of Popular Software

New Variant of UpdateAgent Malware Infects Mac Computers with Adware

New Wave of Cyber Attacks Target Palestine with Political Bait and Malware

Online Thieves Steal $320m from Crypto Firm Wormhole

People working in IT related roles equally susceptible to phishing attempts as the general population

Phishing kits' use of man-in-the-middle reverse proxies is growing, warns Proofpoint

PowerPoint Files Abused to Take Over Computers

Ransomware Often Hits Industrial Systems, With Significant Impact: Survey

Shortage of KP Nuts and Hula Hoops looms after cyber-attack

St. Clair County Data Breach Impacted More Than 600 People

State hackers' new malware helped them stay undetected for 250 days

Symantec finds evidence of continued Russian hacking campaigns in Ukraine

Target open sources scanner for digital credit card skimmers

UEFI firmware vulnerabilities affecting Fujitsu, Intel and more discovered

What Does an Internal Attack Resulting in a Data Breach Look Like in Today’s Threat Landscape?

White House creates board to review cybersecurity incidents, members to start with Log4J

Wormhole hack – Hackers steal $320M in one of the largest crypto heists

Zimbra zero-day vulnerability actively exploited to steal emails

02/02

1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Info — Mandiant

Analysts Uncover New Iranian Hacking Campaign Targeting Turkish Users

Arid Viper hackers strike Palestine with political lures and Trojans

Automation is the Future of (Digital Certificate) Security

Automotive cybersecurity market size to reach $5.3 billion by 2026

BlackCat ransomware implicated in attack on German oil companies

Business services provider Morley discloses ransomware incident

CareSouth Carolina hit with proposed class action lawsuit

CVSS 9.9-Rated Samba Bug Requires Immediate Patching

Cyber-attack strikes German fuel supplies

E-mail com @gov.br é usado em golpes porque governo não registrou domínio

ESET releases fixes for local privilege escalation bug in Windows Applications

Experts warn of a spike in APT35 activity and a possible link to Memento ransomware op

Fake Influencer Flags Hacking Tactics

FBI warning: Scammers are posting fake job ads on networking sites to steal your money and identity

GitHub outage impacts Actions, Codespaces, Issues, Pull Requests

How to measure security efforts and have your ideas approved

How to protect a corporate Wi-Fi network

IAB Prophet Spider Seizes Opportunity to Exploit Log4j Vulnerability

Intel unveils Circuit Breaker bug bounty expansion for elite hackers

Keep current on modern cybersecurity with an Infosec4TC membership

KP Snacks giant hit by Conti ransomware, deliveries disrupted

KP Snacks hit with ransomware attack

Meet CoinStomp: New cryptojacking malware targets Asian cloud service providers

Microsoft Defender for Endpoint now spots unpatched bugs in iOS and Android devices

Microsoft Sentinel adds threat monitoring for GitHub repos

New Malware Used by SolarWinds Attackers Went Undetected for Years

NordVPN and Surfshark announce merger

Ninety Percent of Security Leaders Warn of Skills Shortage

Office 365 boosts email security against MITM, downgrade attacks

Online Ad Association Fined for Privacy Violation

Orange County Launches Cybercrime Initiative

Persistent data breaches fueling developer interest in cybersecurity

Researcher found an Information Disclosure in the Brave browser

Rush to remote work left sysadmins struggling to keep businesses safe

Samba bug may allow code execution as root on Linux machines, NAS devices (CVE-2021-44142)

Scottish Agency Still Recovering from 2020 Ransomware Attack

SEO poisoning pushes malware-laced Zoom, TeamViewer, Visual Studio installers

Sugar Ransomware, a new RaaS in the threat landscape

The definition of modern Zero Trust

Third of Employees Admit to Exfiltrating Data When Leaving Their Job

Top concerns for operating cloud-native technologies

Two initiatives that can move the needle for cybersecurity in 2022

UEFI firmware vulnerabilities affect at least 25 computer vendors

Update: Pellissippi State notifies individuals of data breach

What You Need to Do Today to Protect Against Account Takeover Attacks

What is driving NaaS adoption?

Windows 10 optional updates fix performance problems introduced last month

Your morning reminder that health data breaches are … everywhere

01/02

A cyber attack severely impacted the operations of German petrol distributor Oiltanking GmbH

Após ataque hacker, contas serão entregues com correção de valores, diz Sanesul

Beyond the Gas Station: Cybersecurity and Industrial Infrastructure

British Council exposed 144,000 files containing student details

British Council exposed more than 100,000 files with student records

British Council Students' Data Exposed in Major Breach

California Passes FLASH Act

CISA Tells Organizations to Patch CVEs Dating Back to 2014

Civil rights groups launch effort to stop IRS use of 'flawed' ID.me facial recognition

Cyber-Attack on Oil Firms

Cyberspies linked to Memento ransomware use new PowerShell malware

Data Leak Exposes IDs of Airport Security Workers

Dozens of Security Flaws Discovered in UEFI Firmware Used by Several Vendors

FBI: Olympic Athletes Should Leave Devices at Home

Forescout acquires healthcare cybersecurity provider CyberMDX

German petrol supply firm Oiltanking paralyzed by cyber attack

How ready are federal agencies for zero trust implementation?

Infosec products of the month: January 2022

Iran-linked MuddyWater APT group campaign targets Turkish entities

Iranian Hackers Using New PowerShell Backdoor in Cyber Espionage Attacks

Island Unveils More Secure Enterprise Browser

Malicious CSV text files used to install BazarBackdoor malware

Microsoft Defender now detects Android and iOS vulnerabilities

Mozilla adding multi-account containers to VPN offering

MuddyWater hacking group targets Turkey in new campaign

One in seven ransomware extortion attempts leak key operational tech records

OpenSSF Launches Project to Secure Open Source Software

Organizations neglecting Microsoft 365 cybersecurity features

Powerful new Oski variant ‘Mars Stealer’ grabbing 2FAs and crypto

Ransomware: Is the party almost over for the cyber crooks?

RCE in WordPress plugin Essential Addons for Elementor impacts hundreds of thousands of websites

Real-Time Threat Detection in the Cloud

Review: Group-IB Threat Intelligence & Attribution (TI&A)

Shell forced to reroute supplies after cyberattack on two German oil companies

Social Security Numbers Most Targeted Sensitive Data

SolarMarker Malware Uses Novel Techniques to Persist on Hacked Systems

State-sponsored Iranian hackers attack Turkish government, private organizations

Telco fined €9 million for hiding cyberattack impact to customers

These hackers are hitting victims with ransomware in an attempt to cover their tracks

Top attack trends every organization should build resilience against

Ukraine Continues to Face Cyber Espionage Attacks from Russian Hackers

Understaffing persistently impacting enterprise privacy teams

31/01

277,000 routers exposed to Eternal Silence attacks via UPnP

Americans lost $770 million from social media fraud in 2021, FTC reports

Aussie Tech Entrepreneur Extradited Over SMS Fraud

Banking Trojan in Google Play App Store—‘2FA Authenticator’ drops Vultur RAT

CISA adds 8 vulnerabilities to list of actively exploited bugs

Crypto Finance Firm Offers $2m Bug Bounty to Hackers

Cybersecurity staff turnover and burnout: How worried should organizations be?

DeepDotWeb admin sentenced to 97 months in prison for money laundering scheme

Expert earned $100,500 bounty to hack Apple MacBook webcam and microphone

German Court Rules Websites Embedding Google Fonts Violates GDPR

Hackers stole $80M worth of cryptocurrency from the Qubit DeFi platform

How costly is an insider threat?

Microsoft: Here's how we stopped the biggest ever DDoS attack

Microsoft Office 365 to add better protection for priority accounts

Number of COVID-19 Testing Scams Jumps Sharply

Number of data compromises reaching all-time high

PDF Generator’s Eternal Bond with SSRF

Prison for Dark Overlord Collaborator

QNAP Ransomware: Thousands Infected with DeadBolt

Ransomware Gangs are Recruiting Your Employees

Ransomware: Over half of attacks are targeting these three industries

Reducing the blast radius of credential theft

Russian 'Gamaredon' hackers use 8 new malware payloads in attacks

The top reasons countries ask Google to remove content

Unsecured AWS server exposed 3TB in airport employee records

US Revokes China Unicom's License

Why vulnerability scanners aren’t enough to prevent a ransomware attack on your business

Your Graphics Card Fingerprint Can Be Used to Track Your Activities Across the Web

30/01

Apple Pays $100,500 Bounty to Hacker Who Found Way to Hack MacBook Webcam

Can Data Breaches Be GOOD For Some Corporate Brands?

China's Olympic apps may have security flaw

DeepDotWeb News Site Operator Sentenced to 8 Years for Money Laundering

Federal Trade Commission (FTC): Americans lost $770 million from social media fraud surge

FirstWatch reports sudden, sharp increase in cyberattacks against public safety

Hackers do Lapsus Group anunciam ataque ao site do Parlamento

Hackers que atacaram SIC e Expresso dizem ter pirateado site do Parlamento

Health care sector's cybersecurity threats

How to protect yourself as data breaches hit record levels

LandBank welcomes NBI probe on alleged phishing scam

OCBC reimburses SMS scam victims S$13.7 mil in goodwill payouts

Pakistan: How to leap forward in data protection

Ransomware attack took down R2 trillion investment company for five days

Researchers use GPU fingerprinting to track users online

Researchers Use Natural Silk Fibers to Generate Secure Keys for Strong Authentication

Russia cyber attacks warning: UK at risk from meddling linked to Ukraine conflict

The LockBit group claims to have stolen data from the Ministry of Justice of France

UK told to brace itself for Russian cyber attacks as Ukraine tensions escalate

Urgent Microsoft alert: New bug lets strangers take complete control of your emails

What Is a Software-Defined Perimeter?

NEWS: Janeiro (23/01 - 29/01) - 04 Semana de 2022