NEWS: Setembro (26/09 - 02/10) - 39 Semana de 2021
Cyber Security and Information Security News - Daily Updates !!!

02/10
Australia: Top tips to help you avoid the latest scams - WA Today
Banking fraud: tips to avoid becoming a victim - Fin24
Criminals using NHS Covid Pass to scam money out of Warwickshire residents - Rugby Observer
FCC Unveils New Plans to Stop SIM Swapping and Robocalls Fraud - TechNadu
Federal lawsuit filed against Paxton Media Group after data breach of nearly 21k employees - The Owensboro Times
Fortinet reveals two-thirds of organizations hit by ransomware - Back End News
Here are ransomware groups that businesses need to watch our for - AME Info
How SIM-Swapping Scams Work, And How To Protect Yourself - Screen Rant
Instagram account hacked? Here’s what to do - Wired
Over 55s issued fresh warning as fraudsters become ‘more sophisticated’ – how to stay safe - Express
Passwords Leaked in Data Breach 2021: Study Reveals Shocking Superhero Passcodes Used! - ITech Post
Watch out - that Android security update may be malware - TechRadar Pro
Why trying to watch James Bond No Time to Die free online could end up being costly - Express

01/10
3.1M Neiman Marcus Customer Card Details Breached - ThreatPost
4.6 Million Neiman Marcus Customers Linked to Data Breach - Sourcing Journal
Anonymous leaks more EPIK host data; ‘larger than previous leak’ - HackRead
Apple AirTags can be used as trojan for credential hacking - HackRead
Apple Pay Can be Abused to Make Contactless Payments From Locked iPhones - The Hacker News
Beware of Fake Amnesty International Antivirus for Pegasus that Hacks PCs with Malware - The Hacker News
Business Leaders Admit Willingness to Pay Five-Figure Ransoms - InfoSecurity
Chief exec of cybersecurity Group-IB arrested on treason charge - ZDNet
Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users - The Hacker News
Coinbase Discloses That 6,000 Customers Got Hacked This Spring - PC Magazine
Coinbase sends out breach notification letters after 6,000 accounts had cryptocurrency stolen - ZDNet
Content sprawl is increasing the risk of data breaches and leaks - Help Net Security
Crypto platform mistakenly gives $90M to users, asks for refund - Bleeping Computer
Cybercrime awareness heightened, yet people still engage in risky online behaviors - Help Net Security
‘Declined’: 18.8 million Telstra customers ‘at risk’ - Yahoo! Finance
DeepMind faces legal action over NHS data use - BBC News
Elon Musk Crypto-Phishing Scam Puts Emails at Risk - TechRound
ESET Threat Report: Trending Vulns and Configuration Flaws - My Tech Decisions
Eskenazi Health now says some patient, employee information stolen in cyber attack - IndyStar
Everything You Need to Know About the MyFitnessPal Data Breach - UK Today News
Evolving beyond RBAC: Why ABAC is the future - Help Net Security
FCC aggressively moves to block spam calls - ZDNet
Federal Officials Emphasize Understanding Goals in Move to Zero Trust - Meri Talk
Flubot Android malware now spreads via fake security updates - Bleeping Computer
Fortinet survey: Two-thirds of organisations have been a target of one ransomware attack - Intelligent CIO
Google just patched these two Chrome zero-day bugs that are under attack right now - ZDNet
Hackers rob thousands of Coinbase customers using MFA flaw - Bleeping Computer
Healthcare organizations remain at risk despite proper HIPAA compliance - MedCity News
Hospital ransomware attack led to infant's death, lawsuit alleges - Healthcare IT News
How cybercrime hurts some groups more than others - Help Net Security
Hydra malware targets customers of Germany's second largest bank - Bleeping Computer
If You Get This Message From Apple, Don't Click on It - Best Life
Improper Offboarding Poses Significant Security Risks - Jumpcloud
Infant Fatality Could Be First Recorded Ransomware Death - InfoSecurity Magazine
Internet safety guide for college students - ZDNet
iOS 15: Ultimate privacy and security - ZDNet
Irish university computer systems taken offline after cyber attack - Computing
JVCKenwood hit by Conti ransomware attack - Computer Weekly
Lawsuit: Hospital's Ransomware Attack Led to Baby's Death - GovInfo Security
Lawsuit blames baby’s death on ransomware attack at Alabama hospital - Fox6 Milwaukee
Lincolnshire Police forced to pay out £10k after PC’s illegal data breach - The Lincolnite
Major Data Breach Hits Neiman Marcus - InfoSecurity Magazine
MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed - Threatpost
Mozilla: Superman, Batman, Spider-Man dominate list of passwords leaked in breaches - ZDNet
Nearly 5 million customers affected in Neiman Marcus data breach - The Denver Gazette
Neiman Marcus Discloses Data Breach Impacting Millions of Online Customers - NBC DFW
Neiman Marcus says 3.1 million payment and gift cards compromised in breach - CNet
New APT ChamelGang Targets Russian Energy, Aviation Orgs - Threatpost
OFAC Ransomware Guidance: Prepare, Report, and (Preferably) Don’t Pay the Ransom! - JD Supra
Organizations need to better manage backup data to ensure effective ransomware incident response - Continuity Central
Pandemic drives rising risk of cyber attacks - The Supply Chain Quarterly
Ransomware attacks put availability of medical devices at risk: FDA cyber chief - MedTech Dive
Ransomware Expected to Increase 150% This Year - Campus Technology
Ransomware vulnerabilities will last another two years - Technology Decisions
Superhero passwords may be your kryptonite wherever you go online - Blog Mozilla
Swiping the page: Ebook sellers shutdown by cyberattack - Digital Journal
The FCC proposes rules to fight SIM swap and port-out fraud - Bleeping Computer
The Real Cost of a Data Breach: How Much Does the U.S. Spend? - Clearance Jobs
Three areas legal leaders should focus their technology efforts in - Help Net Security
Today’s cars are mobile data centers, and that data needs to be protected - Help Net Security
U.S. Lawmakers Seek Answers from FBI On Delayed Release of Kaseya Ransomware Decryptor - Toolbox
White House plans 30-country meeting on cyber crime and ransomware - The Jerusalem Post

30/09
API Flaw Exposes Elastic Stack Users to Data Theft and DoS - InfoSecurity Magazine
Apple Pay with Visa Hacked to Make Payments via Unlocked iPhones - ThreatPost
Are user records of 3.8 billion Clubhouse and Facebook users for sale? - Avast
Banking app fraud rockets due to phone snatching - Fin24
C-level execs confident in their software supply chain security, but challenges remain - Help Net Security
Cyber Second Only to Climate Change as Biggest Global Risk - InfoSecurity Magazine
Cybersecurity CEO Arrested in Russia on Treason Charges - InfoSecurity Magazine
Cybersecurity Firm Group-IB's CEO Arrested Over Treason Charges in Russia - The Hacker News
Easily Exploited Elastic Stack API Security Flaw Exposes Data - Security Boulevard
Fears surrounding Pegasus spyware prompt new Trojan campaign - ZDNet
Global cyber threats jump 47% y-o-y in 1H21, says Trend Micro - The Edge Markets
How much trust should we place in the security of biometric data? - Help Net Security
Incentivizing Developers is the Key to Better Security Practices - The Hacker News
IoT vulnerabilities should be a wake-up call for organisations - Information Age
Ireland a soft touch for cyber attacks, say tech leaders - Independent IE
JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data - Bleeping Computer
Nation-state attacks fears grow, execs don't trust governments to protect them from cyber threats - Help Net Security
New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught - The Hacker News
New Tomiris Backdoor Found Linked to Hackers Behind SolarWinds Cyberattack - The Hacker News
NSA, CISA partner for guide on safe VPNs amid widespread exploitation by nation-states - ZDNet
OFAC Ransomware Guidance Reflects Resolve to Fight Attacks - Bloomberg Law
Pegasus spyware ramifications - Philstar Global
RansomEXX ransomware Linux encryptor may damage victims' files - Bleeping Computer
Rates of ransomware attacks continue to rise, impacting mortality rates - Medical Device Network
Remote workers “one click away” from cyberattack - The HR Director
Researchers discover bypass 'bug' in iPhone Apple Pay, Visa to make contactless payments - ZDNet
Supply Chain Emerging as Cloud Security Threat - Security Boulevard
The Shocking DDoS Attack Statistics That Prove You Need Protection - InfoSecurity Magazine
These systems are facing billions of attacks every month as hackers try to guess passwords - ZDNet
Third-party risk prevention strategies inadequate despite organizations being aware of the threats - Help Net Security
Thousands of University Wi-Fi Networks Expose Log-In Credentials - ThreatPost
Vulnerability Exposes iPhone Users to Payment Fraud - InfoSecurity Magazine
WireX DDoS botnet admin charged for attacking hotel chain - Bleeping Computer

29/09
Akamai acquires cybersecurity firm Guardicore for $600 million - ZDNet
Beware! This Android Trojan Stole Millions of Dollars from Over 10 Million Users - The Hacker News
CDO role not yet recognized, expectations too high and misinformed - Help Net Security
Certificates volume growing, most enterprises considering PKI automation to reduce risks - Help Net Security
CISA and NSA Deliver New Security Guidance for VPNs - InfoSecurity Magazine
Experts observed for the first time FinFisher infections involving usage of a UEFI bootkits - Security Affairs
GriftHorse malware infected more than 10 million Android phones from 70 countries - Security Affairs
Google launches new reward program for Tsunami Security Scanner - ZDNet
Group-IB CEO was put under arrest on treason charges - Security Affairs
Hackers Targeting Brazil's PIX Payment System to Drain Users' Bank Accounts - The Hacker News
ICO Reveals 60% Rise in Nuisance Contact Reports - InfoSecurity Magazine
IT executives do not believe their business can have both a flexible and usable Kubernetes environment - Help Net Security
Leveraging threat intelligence to tackle supply chain vulnerabilities - Help Net Security
Most Third-Party Cloud Containers Have Vulnerabilities - InfoSecurity Magazine
New FinSpy Malware Variant Infects Windows Systems With UEFI Bootkit - The Hacker News
NSA, CISA release guidance on hardening remote access via VPN solutions - Security Affairs
Ransomware attacks against hospitals are having some very grim consequences - ZDNet
Ransomware attacks on healthcare organizations may have life-or-death consequences - Help Net Security
Ransomware attacks on the rise – How to counter them? - Help Net Security
SolarWinds Attackers Develop New FoggyWeb Backdoor - InfoSecurity Magazine
Telegram bots are trying to steal your one-time passwords - ZDNet
This dangerous mobile Trojan has stolen a fortune from over 10 million victims - ZDNet

28/09
1Password partners with Fastmail for 'masked email' project allowing users to generate email aliases - ZDNet
A cloud company asked security researchers to look over its systems. Here's what they found - ZDNet
Assessing subsidiary risk a top priority for most enterprises, yet they still lack proper visibility - Help Net Security
Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns - The Hacker News
CNP transaction fraud costing merchants millions in revenue, fraudsters getting more sophisticated - Help Net Security
Credential Spear-Phishing Uses Spoofed Zix Encrypted Email - ThreatPost
Crypto Developer Pleads Guilty to North Korean Plot - InfoSecurity Magazine
Cybersecurity posture validation: Fireside chat with Arkadiy Goykhberg, CISO of DMGT - Help Net Security
Enterprise security challenges and increased cloud usage fueled by remote work - Help Net Security
FCC: Applications Open Soon for Huawei/ZTE Replacement Fund - InfoSecurity Magazine
FinFisher malware hijacks Windows Boot Manager with UEFI bootkit - Bleeping Computer
FinSpy surveillance malware is now spreading through UEFI bootkits - ZDNet
Gamers Beware: Malware Hunts Steam, Epic and EA Origin Accounts - ThreatPost
Half of Regulated Firms See Pandemic Spike in Financial Crime - InfoSecurity Magazine
Microsoft 365 MFA outage locks users out of their accounts - Bleeping Computer
Microsoft warning: This malware creates a 'persistent' backdoor for hackers - ZDNet
New BloodyStealer Trojan Steals Gamers' Epic Games and Steam Accounts - The Hacker News
New Emergency Fraud Hotline Launched in UK - InfoSecurity Magazine
New Microsoft Exchange service mitigates high-risk bugs automaticallys - Bleeping Computer
New Windows 11 install script bypasses TPM, system requirements - Bleeping Computer
SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor - ThreatPost
The biggest problem with ransomware is not encryption, but credentials - Help Net Security
The relationship between development and security teams affects speed to market - Help Net Security
To avoid cyberattacks, companies need to think like hackers - Help Net Security
Twitter web client outage forces users to log out, blocks logins - Bleeping Computer
Working exploit released for VMware vCenter CVE-2021-22005 bug - Bleeping Computer

27/09
3 ways any company can guard against insider threats this October - Help Net Security
A multi-party data breach creates 26x the financial damage of single-party breach - Help Net Security
Consumers will abandon a brand that can’t balance convenience and privacy - Help Net Security
Corporate attack surface exploding as a result of remote work - Help Net Security
Ethereum dev admits to helping North Korea evade crypto sanctions - Bleeping Computer
EU Slams Russia Over Disinformation Hacking Campaign - InfoSecurity Magazine
Expert found RCE flaw in Visual Studio Code Remote Development Extension - Security Affairs
German Federal Office for Information Security (BSI) investigates Chinese mobile phones - Security Affairs
Groove threat actors claim to have hit Robinwood Orthopaedic - Data Breach Net
How CISO roles will change as customer trust becomes imperative - ZDNet
How to avoid the pitfalls of multi-cloud strategy deployment - Help Net Security
How to find and remove spyware from your phone - ZDNet
Huawei CFO Released After Admitting She Misled Bank - InfoSecurity Magazine
Huawei CFO, US DoJ Reach Deferred Prosecution Agreement - Security Boulevard
IAM for Multi-Cloud Environments - Security Boulevard
Jupyter infostealer continues to evolve and is distributed via MSI installers - Security Affairs
Malicious Life Podcast: Should the U.S. Ban Chinese and Russian Technology? - Security Boulevard
Malicious 'Safepal Wallet' Firefox add-on stole cryptocurrency - Bleeping Computer
Mexico: El Instituto Nacional de Medicina Genómica (Inmegen) hit by cyberattack - Data Breach Net
Microsoft: Nobelium uses custom malware to backdoor Windows domains - Bleeping Computer
New Android Malware Steals Financial Data from 378 Banking and Wallet Apps - The Hacker News
New malware steals Steam, Epic Games Store, and EA Origin accounts - Bleeping Computer
Pradeo’s mobile application security suite extends its coverage with new app shielding service - Help Net Security
Proper password security falling short despite increase in online presence - Help Net Security
QNAP fixes critical bugs in QVR video surveillance solution - Bleeping Computer
Russian Turla APT Group Deploying New Backdoor on Targeted Systems - The Hacker News
Secure those Macs: Apple must step up and support older machines - ZDNet
Singapore to link up with Malaysia on cross-border payment transfers - ZDNet
Telegram is becoming the paradise of cyber criminals - Security Affairs
The iPhone 13 means the end to cheap screen repairs - ZDNet
US-Led Quad Launches New Cyber Group - InfoSecurity Magazine
Vazamento no Facebook: o que novo escândalo revela sobre práticas da empresa - G1 Globo
Your Apple Watch might not unlock your iPhone 13, but a fix is coming - ZDNet

26/09
2021 Sets the Bar for DDoS Cyber Attacks; Latest NETSCOUT Report Finds - The Fintech Times
A Brief Guide to Understanding and Preventing Cyber Attacks - Co Founder
A New Jupyter Malware Version is Being Distributed via MSI Installers - The Hacker News
Australians are losing over AU$6.6 million each month to cryptoscams - ZDNet
Desorden Group claims to have stolen 200 GB of data from ABX Express - Data Breach Net
How to Make Sure Your Business is Cyber Secure - Tech Spective
JSC GREC Makeyev and other Russian entities under attack - Security Affairs
Microsoft will disable Basic Auth in Exchange Online in October 2022 - Bleeping Computer
More than 130,000 malicious IP addresses were blocked during Census 2021: AWS - ZDNet
Port of Houston was hit by an alleged state-sponsored attack - Security Affairs
Privacy is not for sale - The Hans India
Quad countries announce slew of tech initiatives including shared cyber standards - ZDNet
Ransomware attacks are another tool in the political warfare toolbox - The Hill
Ransomware shame: More than half of business owners conceal cyber-breach - Fox Business
Scam hitting accounts 20 times had helpline ‘hopping’ on Saturday - Extra Ie
Scan QR-code menus with a side of caution, say privacy experts - CBC
SIM card registration deemed inadequate for fraud deterrence - Business World
The Ever-Growing Iranian Cyber Threat - Besa
The Top 7 Ways Cyberscammers and Malware Operators Abuse Google Forms, According to Sophos Research - Albawaba
Thief stealing thief: REvil sells security breach ransomware and scams hackers - Play Crazy Game
Tips to keep safe from scams - Times Of Malta
Tracking stolen crypto is a booming business: How blockchain sleuths recover digital loot - The Philadelphia Inquirer
US imposes sanctions against Russian cryptocurrency exchange - The Coin Republic
Why Implementing Ethical Phishing Campaigns Aren’t Enough to Protect Against Data Breaches - TechSpective