NEWS: Março-Abril (28/03 - 03/04) - 13 Semana de 2021
03/04
‘Asteelflash’ Hit by REvil and Asked $24 Million Ransom - TechNadu
Attackers are abusing GitHub infrastructure to mine cryptocurrency - Security Affairs
Automated attack abuses GitHub Actions to mine cryptocurrency - Bleeping Computer
Evolution and rise of the Avaddon Ransomware-as-a-Service - Security Affairs
FBI and CISA Warn About APTs Targeting FortiOS VPN Vulnerabilities - TechNadu
The ‘Phobos’ Ransomware Is Getting a Stealth-Boosting Upgrade - TechNadu
02/04
5 key cybersecurity risks in 2021, and how to address them now - Help Net Security
Airlift Express Fixes Vulnerabilities in Its E-commerce Store - Security Affairs
Applications Are Everything and Everywhere – Does Whack-a-Mole Security Work? - Security Boulevard
Asteelflash electronics maker hit by REvil ransomware attack - Bleeping Computer
Brown University hit by cyberattack, some systems still offline - Bleeping Computer
Capital One notifies more clients of SSNs exposed in 2019 data breach - Bleeping Computer
Conti Ransomware gang demanded $40 million ransom to Broward County Public Schools - Security Affairs
Death, taxes, and hacks: How to prevent cyberattacks during tax season - Help Net Security
FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers - Security Affairs
FBI and CISA warn of state hackers attacking Fortinet FortiOS servers - Bleeping Computer
Leaky Apps Heighten Supply Chain Risk - Security Boulevard
MacKenzie Scott Grant scam more widespread than initially thought - Bleeping Computer
Massachusetts Auto Inspection System Down Following Malware Attack - TechNadu
Mobile providers exposing sensitive data to leakage and theft - Help Net Security
Popular Twitch AdBlock shuts down after Twitch breaks extension - Bleeping Computer
Qualys says Accellion hackers did not breach production systems - Bleeping Computer
Ransomware gang wanted $40 million in Florida schools cyberattack - Bleeping Computer
Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs - Security Affairs
TIM’s Red Team Research (RTR) team found 5 zero-day flaws in the CA eHealth Performance Manager product - Security Affairs
01/04
80% of Global Enterprises Report Firmware Cyberattacks - ThreatPost
Albuquerque hospital releases details about data breach - The Business Journals
‘Boggi Milano’ Ripped by the Ragnarok Ransomware Actors - TechNadu
Booking.com fined €475,000 for late reporting of data breach - Computing
Booking.com fined $557K under GDPR for reporting data breach late - Compliance Week
Chinese Hackers Are Selling Footage From Home Security Cams for $3 - TechNadu
Cybersecurity bill grabs unanimous approval in second House committee - Florida Politics
Cybereason vs. DarkSide Ransomware - Cybereason
Dangerous Game Mods and Cheats Hide Malware Through a VB6 Cryptor - TechNadu
Data Breach Allegations: RBI Orders Forensic Audit Of Mobikwik Systems - BW Business World
Data Breach Impacts 900 University of Chicago Medical Center Patients - 5 Chicago
DeepDotWeb Admin Pleads Guilty to Money Laundering Charges - The Hacker News
DoJ charges man for hacking, tempering with public water facility - HackRead
Fight Online Crime with Grammar - Learning English
Gamers targeted in new malware attack with games cheat codes - HackRead
Google: North Korean hackers are targeting researchers through fake offensive security firm - ZDNet
Hacked companies had backup plans. But they didn't print them out before the attack. - ZDNet
Hackers demanded $17 million worth of bitcoin as ransom from city of Saint John - Atlantic CTV News
Hackers Steal YU Students’ and Employees’ Personal Information in Accellion Security Breach - The Commentator
Investigation underway into Stanford personal data breach - The Mercury News
J&B Importers falls victim to a ransomware attack - Bicycle Retailer
Large Florida school district hit by ransomware attack - ABC News
Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack - ThreatPost
List of data breaches and cyber attacks in March 2021 – 21 million records breached - IT Governance
Major Provider of Cloud IoT Devices Breached - Sonraí
Memorial Hermann patients' personal data may have been compromised, hospital says - ABC13
MobiKwik calls in external auditors to investigate alleged data breach - Fin Extra
Protecting employees from job offer scams can lead to awkward but important conversations - SC Magazine
Ragnarok Ransomware Hits Boggi Milano Menswear - ThreatPost
SolarWinds breach severity perception increasing over time - Help Net Security
SQA figures reveal intensifying threat of cyber-attack - Education Technology
Trillium Health Plan added to tally of healthcare organizations hit by Accellion data breach - Beckers Health IT
Ubiquiti confirms extortion attempt following security breach - Bleeping Computer
University of Maryland, Baltimore says private data published to internet following ransomware attack- Yahoo! News
US DOJ: Phishing attacks use vaccine surveys to steal personal info - Bleeping Computer
VMware patches critical vRealize Operations flaws that could lead to RCE - Help Net Security
Want to get around a CAPTCHA? That’ll be 0.00094c, please - Help Net Security
Why passwords are to blame for loss of revenue, identity attrition and poor customer experiences - Help Net Security
31/03
Arup data breach: Staff bank account numbers and addresses compromised in major data breach at global consultancy firm with office near Edinburgh - Edinburgh News
AFP Investigating “Worst Ever” Cyber Attack On Nine - Channel News
Board directors need to play an active role in protecting their org from cyber risks - Help Net Security
Chinese government-run facial recognition system hacked by tax fraudsters: report - South China Morning Post
Cl0p ransomware gang leaks sensitive data from 6 US universities - HackRead
Cybersecurity groups ask CERT-IN to investigate reported Mobikwik data breach - CNBC TV18
Don't give hackers a home run by using these baseball team names in your passwords - TechRepublic
Fake jQuery files infect WordPress sites with malware - Bleeping Computer
FBI alert on Egregor ransomware highlighted affiliate cybercrime model - CyberScoop
Gaming mods, cheat engines are spreading Trojan malware and planting backdoors - ZD Net
Holding the news to ransom? What we know so far about the Channel 9 cyber attack - Mumbrella
Indian Mobile Phone Gateway MobiKwik Looks Into 110 Million User Data Breach - PYMNTS
Inter-Parliamentary Alliance on China’s website suffers cyber attack - The Sydney Morning Herald
Most Global Chip Companies Show Signs of Compromise - InfoSecurity
NHS Reduces Cyber-Skills Shortages but Breach Problems Remain - InfoSecurity
Organizations suffer downtime despite following cybersecurity recommendations - Help Net Security
Refunds Offered to Victims of Ziggy Ransomware Gang - Digit
Tax refund phishing scam targets university students and staffers - TechRepublic
Three-Quarters of Legal Breaches Caused by Insiders - InfoSecurity
Ubiquiti’s Data Breach Incident May Be a Lot More Catastrophic Than We Thought - TechNadu
UK Cyber Security Council Officially Launches as Independent Body - InfoSecurity
VMware patches critical vRealize Operations platform vulnerabilities - ZDNet
World Backup Day: Why Should Businesses Have this ‘Plan B?’ - CXO Today
30/03
30 Docker images downloaded 20M times in cryptojacking attacks - Security Affairs
93% of consumers concerned about data security when filling out online forms - Help Net Security
A highly sophisticated ransomware attack leaves 36,000 students without email - ZDNet
Cloud security experts wanted: You can be one of them - Help Net Security
Department of Homeland Security email accounts exposed in SolarWinds hack - ZDNet
Facial recognition camera projects raise concerns in Eastern Europe - ZDNet
How much of the data created and replicated should be stored? - Help Net Security
How Sky Global was Indicted for Selling Security - Security Boulevard
Leaders need to find ways to increase internal audit capacity without increasing budgets - Help Net Security
Leading Indian fintech platform MobiKwik denies data breach - Bleeping Computer
Microsoft Exchange attacks increase while WannaCry gets a restart - Bleeping Computer
Panasonic, McAfee team up to tackle vehicle cybersecurity - ZDNet
Ransomware group targets universities in Maryland, California in new data leaks - ZDNet
Ransomware: Why we're now facing a perfect storm - ZDNet
Reflected XSS Vulnerability In “Ivory Search” WP Plugin Impact Over 60K sites - Security Affairs
Scammers target universities in ongoing IRS phishing attacks - Bleeping Computer
Scammers Trick Steam Users with “Accidental Reports” - TechNadu
US govt warns that buying fake COVID-19 vaccine cards is a crime - Bleeping Computer
VMware addresses SSRF flaw in vRealize Operations that allows stealing admin credentials - Security Affairs
VMware fixes bug allowing attackers to steal admin credentials - Bleeping Computer
29/03
Attackers tried to insert backdoor into PHP source code - Help Net Security
Brian Krebs: No, I didn’t hack your Microsoft Exchange server - ZDNet
China-linked RedEcho APT took down part of its C2 domains - Security Affairs
Como o cadastro único criado pelo governo pode colocar seus dados em risco? - Tilt
Docker Hub images downloaded 20M times come with cryptominers - Bleeping Computer
Flaws in Ovarro TBox RTUs Could Open Industrial Systems to Remote Attacks - The Hacker News
Harris Federation hit by ransomware attack affecting 50 schools - Bleeping Computer
How do I select a bot protection solution for my business? - Help Net Security
How to Effectively Prevent Email Spoofing Attacks in 2021? - The Hacker News
London-based academies Harris Federation hit by ransomware attack - Security Affairs
Microsoft working to fix Windows 10 21H1 update install issue - Bleeping Computer
MobiKwik Suffers Major Breach — KYC Data of 3.5 Million Users Exposed - The Hacker News
New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems - The Hacker News
Official PHP Git server targeted in attempt to bury malware in code base - ZDNet
Securing Vaccine Passport Applications - Security Boulevard
Stop using your employees as scapegoats: Change their behavior - Help Net Security
The importance of a zero trust-based approach to identity security - Help Net Security
This Android malware hides as a System Update app to spy on you - ZDNet
Why certificate automation is no longer just “nice to have” - Help Net Security
Will AI Short Circuit Cybersecurity? - Security Boulevard
28/03
CompuCom MSP expects over $20M in losses after ransomware attack - Bleeping Computer
Critical netmask networking bug impacts thousands of applications - Bleeping Computer
Crypto ransomware is a threat the average American is concerned about, says cybersecurity expert - TokenPost
Cyber insurance giant CNA hit by ransomware attack - Graham Cluley
Data breach reported at Lexington-based senior care service - The Dispatch
FBI: Cybercrime losses topped US$4.2 billion in 2020 - MenaFN
Multiple cyber threats lurking compromised systems, says Microsoft - Business Standard
New data reveals 150,000% increase in Royal Mail and DPD scams in the past year - Lancashire Telegraph
Oil And Gas Giant Shell The Latest Victim Of The Accellion Hack - Wonderful Engineering
Ransomware admin is refunding victims their ransom payments - Bleeping Computer