NEWS: Setembro (05/09 - 11/09) - 36 Semana de 2021
Cyber Security and Information Security News - Daily Updates !!!

11/09
Assume breach position does not mean firms get to skip due diligence in cybersecurity - ZDNet
Cisco released security patches for High-Severity flaws in IOS XR software - Security Affairs
Mēris Botnet Hit Russia's Yandex With Massive 22 Million RPS DDoS Attack - The Hacker News
‘MyRepublic’ Singapore Announced a Customer-Affecting Data Breach Incident - TechNadu
New SOVA Android Banking trojan is rapidly growing - Security Affairs
Oklahoma Man Sentenced to 4 Years in Prison for Laundering Romance Scam Money - TechNadu
Ransomware groups continue assault on healthcare orgs as COVID-19 infections increase - ZDNet
REvil ransomware is back in full attack mode and leaking data - Bleeping Computer
WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud - The Hacker News

10/09
A zero-trust future: Why cybersecurity should be prioritized for the hybrid working world - Help Net Security
Application Security a Growing Priority Among Security Pros - Dark Reading
AZ Ransomware Attack Leads to Unrecoverable EHRs, Data Loss - Health IT Security
Beware! These Google Play Store apps can leak your personal data - Mint
Building a Unified BCDR Strategy to Protect Data - Security Boulevard
Cannabis companies considered ripe targets for ransomware attacks - MJ Biz Daily
Colorado County Clerk Charged with Cybercrime - InfoSecurity Magazine
DDoS Attacks Overwhelming Mitigations Through Short and Sharp Doses - TechNadu
DEF CON 29 Main Stage – Guillaume Fournier’s, Sylvain Afchain’s and Sylvain Baubeau’s ‘eBPF, I Thought We Were Friends!’ - Security Boulevard
DEF CON 29 Main Stage – Yuhao Weng’s, Steven Seeley’s & Zhiniang Peng’s ‘An Attack Surface Tour Of SharePoint Server’ - Security Boulevard
Employee Email Misuse Puts Patient PHI in Jeopardy in CA, Florida - Health IT Security
Evil Corp: A Deep Dive Into One of the World’s Most Notorious Hacker Groups - Make Use Of
Four critical data storage security questions CIOs must ask - Intelligent CIO
Germany probes claims of pre-election MP hacking by Russia - Euractiv
Google debuts new Private Compute features in ramp up of Android security - ZDNet
Hackers are leaking children’s data — and there’s little parents can do - NBC News
Hackers get data trove in U.N. breach - Northwest Arkansas Online
HAProxy urges users to update after HTTP request smuggling vulnerability found - ZDNet
Incident Of The Week: Medical data of more than 73,000 patients shared in Singapore breach - Cyber Security Hub
IoT interest is growing, but so are cybersecurity concerns - Help Net Security
IT leaders facing backlash from remote workers over cybersecurity measures: HP study - ZDNet
Justice Department assures South Africa there was no breach of data in cyberattack - EWN
KrebsOnSecurity Hit By Huge New IoT Botnet “Meris” - Security Boulevard
McDonald’s Email Blast Includes Password to Monopoly Game Database - Threatpost
MyRepublic customer data compromised in third-party security breach - ZDNet
National cyber director says hospitals under attack have no choice but to pay ransom - Becker's Health IT
Personal Information of Nearly 80,000 MyRepublic Customers Accessed After Breach - InfoSecurity Magazine
Phishing attempts: Employees can be the first line of defense - Help Net Security
Protecting businesses from ransomware at the edge - Continuity Central
Ransomware: Hot or Not? Here's Attackers' Ideal Target - Bank Info Security
SANSA Responds to Data Leak Incident Saying It’s Nothing Serious - TechNadu
Sensitive Data Exposure: What Do Hackers Want the Most? - iLounge
SOVA, Worryingly Sophisticated Android Trojan, Takes Flight - Threatpost
T-Mobile’s Hack Of 50 Million Users Leaves Black Community At Risk - Forbes
The impact of ransomware on cyber insurance driving the need for broader cybersecurity knowledge - Help Net Security
Ukrainian man extradited to the US to face botnet, data theft charges - ZDNet
UN Data Breach: Expert Commentary on a High-Profile Attack - Solutions Review
US military reservist lands himself prison sentence for operating romance scams - ZDNet

09/09
91% of IT teams have felt 'forced' to trade security for business operations - ZDNet
ANZ New Zealand back online after outage from DDoS attack - ZDNet
Attacker releases credentials for 87,000 FortiGate SSL VPN devices - ZDNet
Avoid Third-Party Breaches with DLP - Security Boulevard
‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise - Threatpost
Berners-Lee Joins ProtonMail Following Privacy Debacle - InfoSecurity Magazine
BlackMatter Ransomware Attacks Threaten Healthcare, HC3 Says - Health IT Security
Breach Clarity Data Breach Report: Week of Sept. 6 - Security Boulevard
Business Associate Ransomware Attack Impacts 115K in CA - Health IT Security
Cloud computing: Microsoft fixes Azure container flaw that could have leaked data - ZDNet
Compliance failures caused by lack of embedded controls into employee processes - Help Net Security
Department of Justice victim of latest security breach - Bollyinside
Fighting the Rogue Toaster Army: Why Secure Coding in Embedded Systems is Our Defensive Edge - The Hacker News
GitHub tackles severe vulnerabilities in Node.js packages - ZDNet
Groove ransomware gang is a motley crew of disgruntled hackers, researchers say - Cyberscoop
Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices - The Hacker News
Hackers Steal Data from United Nations - Info Security Magazine
Howard University’s Devastating Ransomware Attack Can Teach Other Colleges a Valuable Lesson - Slate
Infamous criminal ransomware group REvil is back - IT Brief
Manufacturers face a significant cybersecurity risk from ransomware - The Manufacture
Microsoft Warns Azure Customers of Flaw That Could Have Led to Data Breach - News18
New Mēris botnet breaks DDoS record with 21.8 million RPS attack - Bleeping Computer
Organizations struggling to develop cloud applications that meet security requirements - Help Net Security
Protecting your company from fourth-party risk - Help Net Security
Ransomware Attack Disrupts Online, Hybrid Classes at Howard University - Campus Technology
Ransomware attack wipes out Arizona clinic's EHR, corrupts 35,000 patients' records - Becker's Health IT
Ransomware Attacks Preparation And Off-line READ-ONLY Storage Saves The Day - is Buzz News
Ransomware attacks up by 518% in the last year - Today's Conveyancer
Researchers Add More Pieces to the ‘EGoManiac’ Turkish Actor Puzzle - TechNadu
Russian Ransomware Group REvil Back Online After 2-Month Hiatus - The Hacker News
SANSA breach: International hacker group claims responsibility for Space Agency leak - News Chant South Africa
SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’ - Threatpost
Sophos Releases Phishing Insights 2021 Report - Solution Review
Texas Now Publicly Posting Names Of Companies That Lose Personal Data In Cyberattack - CBS DFW
The role of automation in staying on top of the evolving threat landscape - Help Net Security
Virginia National Guard confirms cyberattack hit Virginia Defense Force email accounts - ZDNet
When a scammer calls: 3 strategies to protect customers from call spoofing - Help Net Security
Yandex is battling the largest DDoS in Russian Internet history - Bleeping Computer
Zoho ManageEngine Password Manager Zero-Day Gets a Fix, Amid Attacks - Threatpost

08/09
3 Ways to Secure SAP SuccessFactors and Stay Compliant - The Hacker News
A Widely Deployed Mitsubishi Industrial Controller Is Vulnerable to Remote Exploitation - TechNadu
Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444) - Help Net Security
BladeHawk attackers spy on Kurds with fake Android apps - ZDNet
Crypto exchanges and their customers must protect themselves as attacks continue - Help Net Security
Data Breach Lawsuit Against Sonic Will Proceed - InfoSecurity Magazine
Experts Uncover Mobile Spyware Attacks Targeting Kurdish Ethnic Group - The Hacker News
Facebook believes accountability and investment signals it is taking privacy seriously - ZDNet
Germany protests to Russia over attacks ahead of the upcoming election - Security Affairs
Groove gang leaks list of 500k credentials of compromised Fortinet appliances - Security Affairs
Hackers leak passwords for 500,000 Fortinet VPN accounts - Bleeping Computer
HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack - The Hacker News
How do I select a container security solution for my business? - Help Net Security
Howard University shuts down network after ransomware attack - Bleeping Computer
Indian Taxpayers Targeted by Fake App Distributed by Phishing Actors- TechNadu
Microsoft Releases Mitigations and Workarounds for Office Zero-Day RCE Flaw- TechNadu
Microsoft warns of a zero-day in Internet Explorer that is actively exploited - Security Affairs
New Zealand Suffering From a Wave of Massive DDoS Attacks Again - TechNadu
Of course we were prepared for the pandemic, say modest, honest IT pros - ZDNet
Operation Chimaera: TeamTNT hacking group strikes thousands of victims worldwide - ZDNet
Pro-Chinese government propaganda campaign spurs on COVID-19 protests in the US - ZDNet
Ransomware attacks: The power of adaptation - Help Net Security
Ransomware: Take these three steps to protect yourself from attacks and make it easier to recover - ZDNet
Report: The State of Password Security in the Enterprise - Help Net Security
Researchers pinpoint ransomware gangs’ ideal enterprise victims - Help Net Security
Russia Planning to Introduce Facial Recognition in Schools by 2022 - TechNadu
Russian communications watchdog Roskomnadzor blocks access to 6 VPNs - Security Affairs
The Guide for Speeding Time to Response for Lean IT Security Teams - The Hacker News
Top tips for preventing SQL injection attacks - Help Net Security
Zoho patches actively exploited critical ADSelfService Plus bug - Bleeping Computer

07/09
39% of all internet traffic is from bad bots - Help Net Security
Alexa, OK Google, Siri—Sued for Spying - Security Boulevard
Audit effectiveness and talent retention at risk as hybrid auditing becomes the new norm - Help Net Security
Credit unions demand assurances from Central Bank after data leak blunder - Independent
Cyber-Attack on Washington DC University - InfoSecurity Magazine
Cybersecurity Student Scams Senior Out of $55K - InfoSecurity Magazine
DEF CON 29 Main Stage – Adam Zabrocki’s & Alex Matrosov’s ‘Glitching RISC-V Chips: MTVEC Corruption For Hardening ISA’ - Security Boulevard
DEF CON 29 Main Stage – Agent X’s ‘A Look Inside Security At The New York Times’ - Security Boulevard
Elon Musk's top-secret 'full self-driving' AI car software leaked to hackers - Daily Star
Germany Accuses Russia of Election Meddling Through Cyber-Attacks - InfoSecurity Magazine
Hacker claims to have stolen information of 7 million Israelis - The Jerusalem Post
Home security: ADT vs Ring - ZDNet
Howard University announces ransomware attack, shuts down classes on Tuesday - ZDNet
ICO Requests International Support to Tackle Cookie Pop-Ups - InfoSecurity Magazine
ID Theft Couple on the Run - InfoSecurity Magazine
Jenkins project's Confluence server hacked to mine Monero - Bleeping Computer
Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server - The Hacker News
McDonald's leaks password for Monopoly VIP database to winners - Bleeping Computer
Microsoft shares temp fix for ongoing Office 365 zero-day attacks - Bleeping Computer
Pakistani Software Firm ‘We Code Solutions’ Linked With Underground Spam Operations - TechNadu
Personal Details of 8,700 French Visa Applicants Exposed by Cyber-Attack - InfoSecurity Magazine
ProtonMail CEO says services must comply with laws unless based 15 miles offshore - ZDNet
ProtonMail logged IP address of French activist after foreign request approved by Swiss authorities - Security Affairs
Ragnar Locker gang threatens to leak data if victim contacts law enforcement - Security Affairs
Ransomware attack under investigation at Howard U, online classes canceled Sept 8 - 7News
Ransomware gang threatens to leak data if victim contacts FBI, police - Bleeping Computer
REvil ransomware group resurfaces after brief hiatus - ZDNet
REvil ransomware's servers mysteriously come back online - Bleeping Computer
Safe connectivity tips for domestic violence victims - ZDNet
Securing Networks in a Perimeterless World - Security Boulevard
Securing your WordPress website against ransomware attacks - Help Net Security
Traditional SIEM platforms no longer meet the needs of security practitioners - Help Net Security
You can use your home security system to prevent teens from sneaking out, but should you? - ZDNet

06/09
3 ways to protect yourself from cyberattacks in the midst of an IT security skill shortage - Help Net Security
Apple slams the brakes on plans to scan user images for child abuse content - ZDNet
Consumers satisfied with mobile security, yet account privacy and protection concerns remain - Help Net Security
Climate Activist Arrested After ProtonMail Was Forced to Give Away User’s IP Address - TechNadu
Critical Auth Bypass Bug Affect NETGEAR Smart Switches — Patch and PoC Released - The Hacker News
Cybersecurity is tough work, so beware of burnout - ZDNet
Enterprises are missing the warning signs of insider threats - Help Net Security
Enterprising criminals are selling direct access to cloud accounts - Help Net Security
FBI IC3 warns of a spike in sextortion attacks - Security Affairs
Healthcare cybersecurity under attack: How the pandemic affected rural hospitals - Help Net Security
HSE Ransomware Actors’ Infrastructure Disrupted by Irish Authorities - TechNadu
Malware found pre-installed in cheap push-button mobile phones sold in Russia - Security Affairs
Massive Pack Containing Details of 39 Million French Is for Sale on the Darkweb - TechNadu
Netgear addresses severe security flaws in 20 of its products - Security Affairs
Netgear fixes severe security bugs in over a dozen smart switches - Bleeping Computer
New Chainsaw tool helps IR teams analyze Windows event logs - Bleeping Computer
Popular Voice Assistant Companion Apps Are a Hazard for User Privacy - TechNadu
ProtonMail Logs Activist's IP Address With Authorities After Swiss Court Order - The Hacker News
Ransomware attacks increased by 288% in H1 2021 - Help Net Security
Ransomware gangs target companies using these criteria - Bleeping Computer
The healthcare cybersecurity market to grow steadily by 2026 - Help Net Security
This is the perfect ransomware victim, according to cybercriminals - ZDNet
This NPM package with millions of weekly downloads has fixed a remote code execution flaw - ZDNet
Traffic Exchange Networks Distributing Malware Disguised as Cracked Software - The Hacker News
TrickBot gang developer arrested at the Seoul international airport - Security Affairs
TrickBot gang developer arrested when trying to leave Korea - Bleeping Computer
Zero trust and cybersecurity: Here's what it means and why it matters - ZDNet
WhatsApp Flaw Casts Doubt on End-to-End Encryption - Security Boulevard

05/09
4 Ransomware Trends That Companies Should Be Aware Of - Albawaba
Sophos: 70% of IT staff reported a rise in phishing emails throughout 2020 - Venture Beat
Back-to-School internet safety - OA Online
Conti ransomware gang is targeting unpatched Microsoft Exchange servers - Silicon Angle
Dark Web vs. Deep Web: What's the Difference? - Make Use Of
EDR Reaches Wide Adoption Paving Way for XDR, SASE - SDX Central
Garda National Cyber Crime Bureau seizes websites used in ransomware attacks - Donegal Live
Google's TensorFlow drops YAML support due to code execution flaw - Bleeping Computer
Irony at its peak, Marketo gang claims to have bids on stolen data of an IT service company, Fujitsu - The Digital Hacker
Lock down your Microsoft 365 account and keep hackers out in 5 easy steps - CNet
Mass. Lawmakers Set To Examine Cybersecurity After Recent Attacks - Wbur
One in three Indians stores confidential info digitally: Survey Read more - Deccan Herald
Scamdemic Britain: how we’re being conned out of billions - Mail Online
Source code of extortion trojan “Babuk Locker” leaked - Market Research Telecast
The big reason the spam in your inbox is about to get a lot more convincing - Kim Komando
‘This is a scam!’ National Insurance warning as Britons told 'number will be cancelled' - Express
UC Refuses To Disclose Information Regarding Accellion Data Hack - Daily Nexus
Welsh Government Broke Data Protection Laws at Least 300 Times Since 2019: Report - Tech Times
Windows 11 Alpha: New Scam Deceives Users With Word Document - Somag News