NEWS: Novembro (07/11 - 13/11) - 45 Semana de 2021

Cyber Security and Information Security News - Daily Updates !!

13/11

Biden’s naivete about Russian cyber warfare puts America in danger - New York Post

Cyber Attack Halts Beer Production At Barcelona's Damm Brewery - The Olive Press

Data of Lister fertility clinic patients compromised in a ransomware attack - Teiss

Delete these 7 Android apps before it costs you big bucks; spot fake LinkedIn alerts - Phone Arena

Fake end-to-end encrypted chat app distributes Android spyware - Bleeping Computer

FBI system hacked to email 'urgent' warning about fake cyberattacks - Bleeping Computer

Gmail, Yahoo and Hotmail users warned they are at risk of new scam - The Northern Echo

Internet Explorer is still causing trouble, even from the grave - TechRadar Pro

Lidl scam warning: Britons urged to 'watch out' as fake email could put your money at risk - Express

More than 300 security bugs, including those from 2014, must be patched by all federal agencies in the United States. - Brinkwire

Netherlands Detains Russian Sought By U.S. Over 'Ryuk' Ransomware - Radio Free Europe

Phishing in Troubled Waters: How To Protect Yourself from Hacker Attacks? - RTD

Security and Compliance Risks Associated With the Merger and Acquisition Process - InfoSecurity Magazine

Small-town Japanese hospital struggling with 'disaster' after ransomware attack - The Mainichi

Surveillance firm pays $1 million fine after 'spy van' scandal - Bleeping Computer

Warning From Chief Of Defence Staff: Cyber Crime Increase By 500% In India; Stay Alert - Trak

12/11

As technology pervades, CIOs’ influence on business strategy grows - Help Net Security

Barracuda Networks Report Shows Spike in Bait Attacks - Security Boulevard

Booking.com was breached by a hacker with links to US intelligence services - Computing

Booking.com was reportedly hacked by a US intel agency but never told customers - ARS Technica

Costco customers complain of fraudulent charges before company confirms card skimming attack - ZDNet

Costco discloses data breach after finding credit card skimmer - Bleeping Computer

Critical RCE in Palo Alto Networks (PAN) firewalls revealed, patch ASAP! (CVE-2021-3064) - Help Net Security

Cyber attack 'paralyses' Estrella Damm brewery badly hitting beer production - Wales Online

Cyber attack turns off the taps at Barcelona's Damm brewery - Majorca Daily Bulletin

Cyber Attackers Hit Ohio Hospital, Library, TV Stations - Scioto County Daily News

Europol: Ransomware Gangs Focusing on High Profile Targets - InfoSecurity Magazine

FTC shares ransomware defense tips for small US businesses - Bleeping Computer

Fraudsters hack into IT agency CEO’s phone - The Hindu

Google warns hackers used macOS zero-day flaw, could capture keystrokes, screengrabs - ZDNet

Hackers Increasingly Using HTML Smuggling in Malware and Phishing Attacks - The Hacker News

Hospital nearly normal more than a month after attack - Daily Journal

Industrial cybersecurity market to reach $22.3 billion by 2026 - Help Net Security

Interpol Closes in on Global BEC Gang - InfoSecurity Magazine

iPhone Data Leak: Expert Reveals How 'Minecraft' Shares Your Data! - Itech Post

Karnataka Bitcoin scam: Arrested accused hacked Bitfinex exchange twice - ET Cio

Lack of resources and skills continues to challenge PKI deployment - Help Net Security

Leveraging social media background checks to balance friction and risk - Help Net Security

Major comics distributor regains access to its website following ransomware attack - Games Radar

Major Water Supplier Suffers Nine-Month Long Breach - InfoSecurity Magazine

Medical software firm urges password resets after ransomware attack - Intelligent CIO

Millions of Routers, IoT Devices at Risk from New Open-Source Malware - ThreatPost

Movistar suffers a cyber attack that exposes customer data - CVBJ

Pay-per-click fraud is costing top tech companies, and you, hundreds of millions of dollars - TechRepublic

Pentagon Set to Open Zero Trust Office in December - InfoSecurity Magazine

Ransomware experts question massive Pysa/Mespinoza victim dump - ZDNet

Researchers Discover 13 Medical Device Security Vulnerabilities - Health IT Security

Russians Who Bought Fake Vaccine Certificates Targeted in Data Leak – Kommersant - The Moscow Times

Security standards should be strengthened outside the federal government too - Help Net Security

Spanish Brewery “Paralyzed” by Cyber-Attack - InfoSecurity Magazine

The 5 Golden Rules of Cyber-War - InfoSecurity Magazine

This sneaky trick lets attackers smuggle malware onto your network - ZDNet

Top 10 Cybersecurity Best Practices to Combat Ransomware - ThreatPost

UK Funds Project to Teach Autistic Children Cybersecurity Skills - InfoSecurity Magazine

Vulnerable Web Applications Prevalent in EU Pharma Companies - InfoSecurity Magazine

Why younger people are at higher risk for falling for phishing attacks - Standard Examiner

11/11

12 notorious ransomware actors nabbed in major Europol-led operation - Teiss

Are you less capable of innovation or more vulnerable to threats than you thought? - Help Net Security

As the holiday season approaches, threats to supply chain, e-commerce and travel soar - Help Net Security

Back-to-Back PlayStation 5 Hacks Hit on the Same Day - ThreatPost

BotenaGo botnet targets millions of IoT devices with 33 exploits - Bleeping Computer

Careful: 'Smart TV remote' Android app on Google Play is malware - Bleeping Computer

City of Moline confirms it was victim of phishing scam in December - KWQC

Critical WordPress plugin vulnerability allowed wiping databases - HackRead

CVE-2021-3064: Easily exploitable RCE flaw in Palo Alto Networks in GlobalProtect VPN - Security Affairs

DDoS attacks were a more serious threat in Q3 2021 than ever before - Help Net Security

EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login forms - Help Net Security

Flaw Exposing Data of 44 Million Indian Investors Patched - GovInfo Security

Gmail accounts are used in 91% of all baiting email attacks - Bleeping Computer

Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant - The Hacker News

Hackers undetected on Queensland water supplier server for 9 months - Bleeping Computer

Humanizing hackers: Entering the minds of those behind the attacks - Help Net Security

Iran's Lyceum Hackers Target Telecoms, ISPs in Israel, Saudi Arabia, and Africa - The Hacker News

Legal action against Sky Betting and Gaming being explored following data breach - Gambling Insider

Magniber ransomware gang now exploits Internet Explorer flaws in attacks - Bleeping Computer

Microsoft: New security updates trigger Windows Server auth issues - Bleeping Computer

Navigating The Threat Landscape 2021 – From Ransomware to Botnets - The Hacker News

New BazarBackdoor Attack Discovered - InfoSecurity Magazine

Phishing attacks grow 31.5% over 2020, social media attacks continue to climb - Help Net Security

Post-Graff Hacking, Ransomware Group Says It Won’t Leak Dictator Data - JCK Online

Ransomware Attack Hits UK Fertility Clinic - InfoSecurity Magazine

Ransomware attacks target German companies at the same time - EuraCTIV

Researchers Uncover Prolific Hacker-for-Hire Group - InfoSecurity Magazine

Robinhood crippled by trading outage two days after data breach - Finance Feeds

Scam PACs Allegedly Stole $3.5m from Trump Voters - InfoSecurity Magazine

Sophisticated Android spyware PhoneSpy infected thousands of Korean phones - Security Affairs

The world’s worst kept secret and the truth behind passwordless technology - Help Net Security

‘Thoughtless’ flaw on DFA website leaves thousands vulnerable to phishing attacks — cybersecurity expert - Business World

TrickBot Operators Partner with Shatak Attackers for Conti Ransomware - The Hacker News

US Firms Hit with Largest Ransoms Globally - InfoSecurity Magazine

Waikato DHB cyberattack: Board prewarned security was severely compromised - NZHerald

10/11

13 New Flaws in Siemens Nucleus TCP/IP Stack Impact Safety-Critical Equipment - The Hacker News

14 New Security Flaws Found in BusyBox Linux Utility for Embedded Devices - The Hacker News

2022 Cybersecurity Predictions From RSA Conference’s Advisory Board - Security Boulevard

A stalker's wishlist: PhoneSpy malware destroys Android privacy - ZDNet

Anglers Redirected to Pornhub - InfoSecurity Magazine

As the move to the cloud accelerates, data privacy and security remain critical - Help Net Security

Businesses don't know how to manage VPN security properly - and cyber criminals are taking advantage - ZDNet

Class Action Against Google Blocked - InfoSecurity Magazine

Cybersecurity: This prolific hacker-for-hire operation has targeted thousands of victims around the world - ZDNet

Dallas Police Surveillance Footage Leaked - InfoSecurity Magazine

Dependency Combobulator: Open source toolkit to combat dependency confusion attacks - Help Net Security

Europol Practices Post-Terror Incident Response - InfoSecurity Magazine

Exchange Server bug: Patch now, but multi-factor authentication might not stop these attacks, warns Microsoft - ZDNet

Experts tout $2 billion in cybersecurity funding in Biden's infrastructure bill - ZDNet

Healthcare security: IT pros warn of vulnerable HVAC systems, imaging machines, check-in kiosks and more - ZDNet

How to Create a Safe and Democratic Digital Infrastructure - InfoSecurity Magazine

iPhone users don't care about sideloading - ZDNet

Ironic twist: WP Reset PRO bug lets hackers wipe WordPress sites - Bleeping Computer

Lazarus hackers target researchers with trojanized IDA Pro - Bleeping Computer

Leveraging Behavioral Psychology to Improve Teamwork in Cybersecurity - InfoSecurity Magazine

Microsoft patches Excel zero-day used in attacks, asks Mac users to wait - Bleeping Computer

Microsoft: Patch Zoho Bug Now to Stop Chinese Hackers - InfoSecurity Magazine

Most CIOs and CISOs underestimate the risk of an OT breach - Help Net Security

Most cybersecurity leaders use microsegmentation to augment corporate network security - Help Net Security

New Android malware targets Netflix, Instagram, and Twitter users - Bleeping Computer

Organizations believe they are ready for ransomware attacks - Help Net Security

Over 80% of CNI Firms Have Been Breached in Past 36 Months - InfoSecurity Magazine

Palo Alto Networks patches zero-day affecting firewalls using GlobalProtect Portal VPN - ZDNet

PhoneSpy: Android spyware campaign targeting South Korean users - Bleeping Computer

Ransomware is The New Terrorism, Contends Cyber Expert - InfoSecurity Magazine

Researchers Discover PhoneSpy Malware Spying on South Korean Citizens - The Hacker News

Researchers show that Apple’s CSAM scanning can be fooled easily - Bleeping Computer

Security Basics in a Hybrid Environment - Security Boulevard

The role of visibility and analytics in zero trust architectures - Help Net Security

These invisible characters could be hidden backdoors in your JS code - Bleeping Computer

TrickBot teams up with Shatak phishers for Conti ransomware attacks - Bleeping Computer

Utah legislature awards two universities with $5 million for cybersecurity and tech programs - Help Net Security

Void Balaur hackers-for-hire sell stolen mailboxes and private data - Bleeping Computer

Vulnerabilities associated with ransomware increased 4.5% in Q3 2021s - Help Net Security

Vulnerabilities in Nucleus NET TCP/IP stack could lead to real-world damage - Help Net Security

Zero Trust Protects Against Ransomware, Claims Engineer - InfoSecurity Magazine

Why XDR is a ‘Must Have’ for Organizations of Every Size - Security Boulevard

09/11

81% of Organizations Experienced Increased Cyber-Threats During COVID-19 - InfoSecurity Magazine

API sprawl: A threat you might want to address later, but you can’t ignore it - Help Net Security

Average ransomware payment for US victims more than $6 million, survey says - ZDNet

Banking malware threats are increasing sharply - Help Net Security

Clop gang exploiting SolarWinds Serv-U flaw in ransomware attacks - Bleeping Computer

Cloud adoption growing steadily, but cost and regulatory challenges remain - Help Net Security

DomainTools Acquires Farsight Security - InfoSecurity Magazine

EU Commission takes on challenge to improve the cybersecurity of wireless devices - Help Net Security

Euro Police Arrest Two More REvil Affiliates as US Issues Sanctions - InfoSecurity Magazine

Free Cybersecurity Training for SMBs - InfoSecurity Magazine

Iranian state hackers use upgraded malware in attacks on ISPs, telcos - Bleeping Computer

McAfee Sold to Investor Group for $14bn - InfoSecurity Magazine

Medical software firm urges password resets after ransomware attack - Bleeping Computer

Meet Lyceum: Iranian hackers targeting telecoms, ISPs - ZDNet

Micro-Segmentation Used by 83% of Cybersecurity Leaders - InfoSecurity Magazine

Microsoft: Chinese hackers are targeting Zoho ManageEngine software - ZDNet

Microsoft November 2021 Patch Tuesday: 55 bugs squashed, two under active exploit - ZDNet

Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws - Bleeping Computer

Microsoft patches actively exploited Exchange, Excel zero-days (CVE-2021-42321, CVE-2021-42292) - Help Net Security

Microsoft urges Exchange admins to patch bug exploited in the wild - Bleeping Computer

Retail industry security incidents soaring, worsened by the supply chain crisis - Help Net Security

Robinhood Data Breach Hits Seven Million Customers - InfoSecurity Magazine

Robinhood Trading App Suffers Data Breach Exposing 7 Million Users' Information - The Hacker News

Rust-proofing the internet with ISRG's Prossimo - ZDNet

Singapore embraces Zero Trust: A prediction comes true - ZDNet

TeamTNT hackers target your poorly configured Docker servers - Bleeping Computer

The cyber insurance dilemma: The risks of a safety net - Help Net Security

These cybersecurity vulnerabilities could leave millions of connected medical devices open to attack - ZDNet

Tor Browser 11 removes V2 Onion URL support, adds new UI - Bleeping Computer

Unique Challenges to Cyber-Security in Healthcare and How to Address Them - The Hacker News

US to Charge Suspects Over Kaseya Ransomware Attack - InfoSecurity Magazine

Why are we still asking KBA questions to authenticate identity? - Help Net Security

08/11

$55M Stolen from Crypto Company - InfoSecurity Magazine

70% of Dev Teams Admit to Skipping Security Steps - Security Boulevard

80% of organizations experienced employees misusing and abusing access to business apps - Help Net Security

BlackBerry Uncovers Initial Access Broker Linked to 3 Distinct Hacker Groups - The Hacker News

Chinese Spy Faces Decades in Jail After Conviction - InfoSecurity Magazine

Criminal group dismantled after forcing victims to be money mules - Bleeping Computer

Critical Flaws in Philips TASY EMR Could Expose Patient Data - The Hacker News

DNS Hijacking: What You Need to Know - Security Boulevard

DOJ charges and sanctions REvil leaders behind Kaseya attack, seizes $6 million in ransoms - ZDNet

Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit - The Hacker News

FBI warns of fraudulent schemes using cryptocurrency ATMs and QR for payments - Security Affairs

Google will kill Chrome sync support on Chrome 48 and earlier - Bleeping Computer

Healthcare – Patient or Perpetrator? – The Cybercriminals Within - Security Affairs

Hungarian official confirms Hungary used NSO Group Pegasus spyware - Security Affairs

Insurers Tap Cyber “Opportunity” as Rates Continue to Rise - InfoSecurity Magazine

Interpol Hunts for Remaining Clop Ransomware Members - InfoSecurity Magazine

Investor group acquires McAfee for more than $14 billion - ZDNet

MediaMarkt hit by Hive ransomware, initial $240 million ransom - Bleeping Computer

Mobile phishing exposure in the energy industry surged 161% in 2021 - Help Net Security

Nation-state actors target critical sectors by exploiting the CVE-2021-40539 flaw - Security Affairs

Operation Cyclone targets Clop Ransomware affiliates - Security Affairs

Passport Scammers Spoof Texas HSI - InfoSecurity Magazine

Ransom Denied, Black Shadow Leaks Israeli Medical Data - Security Boulevard

Ransomware attack disrupted store operations in the Netherlands and Germany - Security Affairs

Ransomware: Suspected REvil ransomware affiliates arrested - ZDNet

REvil ransomware affiliates arrested in Romania and Kuwait - Bleeping Computer

Robinhood breach leaks information of 7 million people - ZDNet

Security teams need to become more proactive and risk-driven - Help Net Security

Sitecore XP RCE flaw patched last month now actively exploited - Bleeping Computer

Softbank plans to charge electronic gadgets using 5G antennas - Bleeping Computer

State hackers breach defense, energy, healthcare orgs worldwide - Bleeping Computer

Types of Penetration Testing - The Hacker News

UK Cyber Skills Shortage Rises by Over a Third - InfoSecurity Magazine

US sanctions Chatex cryptoexchange used by ransomware gangs - Bleeping Computer

US seizes $6 million from REvil ransomware, arrest Kaseya hackers - Bleeping Computer

Unseen gatekeepers: Industrial software providers’ role securing global infrastructure - Help Net Security

Younger generations care little about cybersecurity - Help Net Security

Why integrating SIEM tools is crucial to managing threats - Help Net Security

07/11

Attack on library system was attack on us all - The Blade

'Consumers need to be vigilant' - Black Friday scam warning issued as sales start early - Express

Credit Card Fraud Prevention: How to Protect Your Credit Card Online - UNB

Cybersecurity firms provide threat intel for Clop ransomware group arrests - ZDNet

Dangerous malicious code has just been discovered infecting smartphones, users must urgently remove these apps! - Tech Gaming Report

Data breach at CDSL's KYC arm exposed 4.39 cr investors' data twice within 10 days: CyberX9 - DEVDiscourse

Experts spotted a phishing campaign impersonating security firm Proofpoint - Security Affairs

Labor wants new anti-scam centre and code of practice for fighting against scams - ZDNet

Minecraft Players are under Attack, but it’s Not All Bad - Best Gaming Pro

Operation Cyclone deals blow to Clop ransomware operation - Bleeping Computer

The Dangers of Buying Fake Justin Bieber Tickets - Best Gaming Pro

Two NPM Packages With 22 Million Weekly Downloads Found Backdoored - The Hacker News

NEWS: Outubro - Novembro (31/10 - 06/11) - 44 Semana de 2021