Study - Technical - LMS-SFC (EN) - Cyber Security - News

Cyber Security - News

Today and Yesterday, in cyber security news - January 2023


31.01.2023 - News from cyber security.

- Supporting Policy Developments to Achieve a High Common Level of Cybersecurity. (to the original material)

- CISA Releases One Industrial Control Systems Advisory. (to the original material)

- ESET APT Activity Report T3 2022. (to the original material)

- IT Army of Ukraine gained access to a 1.5GB archive from Gazprom. (to the original material)

- Experts released VMware vRealize Log RCE exploit for CVE-2022-31706. (to the original material)

- GitHub to revoke stolen code signing certificates for GitHub Desktop and Atom. (to the original material)

- Pro-Palestine hackers threaten Israeli chemical companies. (to the original material)

- Pro-Russia group Killnet targets US healthcare with DDoS attacks. (to the original material)

- Wheels of cyberjustice slowly crank. (to the original material)

- Checkmarx launches Supply Chain Threat Intelligence. (to the original material)

- GitHub hit by hackers; code signing certificates for GitHub Desktop and Atom applications stolen. (to the original material)

- How secure is your password manager? (to the original material)

- EFF Files Amicus Briefs in Two Important Geofence Search Warrant Cases. (to the original material)

- The FCC Broadband Maps: Meet the New Maps, Same as the Old Maps. (to the original material)

- Two Steps Forward, One Step Back on Vaccine Privacy in New York. (to the original material)

- EU to Use ePrivacy and GDPR to Tackle Illegal Cookie Walls. (to the original material)

- Three lessons for DevOps from the CircleCI breach. (to the original material)

- OpenEMR flaws detailed. (to the original material)

- JD Sports cyberattack compromises 10M customers. (to the original material)

- Indianapolis Housing Agency ransomware attack hits over 200K individuals. (to the original material)

- Data breaches hit Illinois social services firm, Washington behavioral health provider. (to the original material)

- GitHub code signing certificates compromised, to be revoked. (to the original material)

- New Titan Stealer malware examined. (to the original material)

- Novel malware leveraged in embassy-targeted APT29 attacks. (to the original material)

- Over 1.5 million records exposed by compromised TSA no-fly list. (to the original material)

- Enterprise XDR adoption still in early days, survey finds. (to the original material)

- GitHub Confirms Signing Certificates Stolen in Cyber-Attack, Revokes Them. (to the original material)

- DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000. (to the original material)

- Financial Services Targeted in 28% of UK Cyber-Attacks Last Year. (to the original material)

- Killnet Attackers DDoS US and Dutch Hospitals. (to the original material)

- Two US Doctors Convicted of $30m Medicare Fraud. (to the original material)

- QNAP: Patch Critical Remote Code Injection Bug. (to the original material)

30.01.2023 - News from cyber security.

- A Dutch hacker obtained the personal data of Austrian citizens. (to the original material)

- Vulnerability Summary for the Week of January 23, 2023. (to the original material)

- QNAP addresses a critical flaw impacting its NAS devices. (to the original material)

- JD Sports discloses a data breach impacting 10 million customers. (to the original material)

- Researcher received a $27,000 bounty for 2FA bypass bug in Facebook and Instagram. (to the original material)

- Sandworm APT group hit Ukrainian news agency with five data wipers. (to the original material)

- UNC2565 threat actors continue to improve the GOOTLOADER malware. (to the original material)

- New webinar: Cybersecurity predictions for 2023 (and beyond). (to the original material)

- WordPress Vulnerability & Patch Roundup January 2023. (to the original material)

- Why quantum computing threatens security as we know it [Q&A]. (to the original material)

- New privacy features in Apple devices. (to the original material)

- Five key cybersecurity lessons for your CEO. (to the original material)

- Stupid Patent of the Month: Digital Verification Systems Patents E-Signatures. (to the original material)

- California Law Says Electronic Search Data Must Be Posted Online. So Where Is It? (to the original material)

- The way to stop API breaches: reevaluate the company’s cybersecurity stack. (to the original material)

- Data breaches hit UCLA Health, UCHealth. (to the original material)

- Ukraine seeks ICC (International Criminal Court) probe on Russian cyberattacks. (to the original material)

- Charter Communications impacted by third-party breach. (to the original material)

- Impact of Hive ransomware disruption assessed. (to the original material)

- TikTok proposal to allay national security fears detailed. (to the original material)

- Zero trust not a fix-all solution to cyber threats. (to the original material)

- Novel BIND9 DNS software bugs addressed. (to the original material)

- Remediating VMware vRealize Log RCE urged amid imminent exploit. (to the original material)

- Gootkit malware significantly updated. (to the original material)

- Removable USB devices targeted by PlugX malware. (to the original material)

- JD Sports Confirms Breach Affected 10 Million Customers. (to the original material)

- Hackers Use TrickGate Software to Deploy Emotet, REvil, Other Malware. (to the original material)

- Devs on Dark Web Forums Paid Up to $20,000 For Illicit Activities. (to the original material)

- Fake Money Apps Garner Millions of Android Downloads. (to the original material)

- New Yorker Gets Four Years for $9m COVID Fraud Scheme. (to the original material)

- Five Data Wipers Attack Ukrainian News Agency. (to the original material)

29.01.2023 - News from cyber security.

- Alleged member of ShinyHunters group extradited to the US, could face 116 years in jail. (to the original material)

- Pro-Russia group Killnet targets Germany due to its support to Ukraine. (to the original material)

- Security Affairs newsletter Round 404 by Pierluigi Paganini. (to the original material)

- Watch out! Experts plans to release VMware vRealize Log RCE exploit next week. (to the original material)

28.01.2023 - News from cyber security.

- Copycat Criminals mimicking Lockbit gang in northern Europe. (to the original material)

- Sandworm APT targets Ukraine with new SwiftSlicer wiper. (to the original material)

- ISC fixed high-severity flaws in DNS software suite BIND. (to the original material)

27.01.2023 - News from cyber security.

- US federal agencies have been targeted by attacks with ScreenConnect and AnyDesk. (to the original material)

- Protecting Data: Can we Engineer Data Sharing? (to the original material)

- ISC Releases Security Advisories for Multiple Versions of BIND 9. (to the original material)

- Scammers disguised as tech support agents still a common threat: Here's what to watch out for in 2023. (to the original material)

- Are you in control of your personal data? – Week in security with Tony Anscombe. (to the original material)

- SwiftSlicer: New destructive wiper malware strikes Ukraine. (to the original material)

- Patch management is crucial to protect Exchange servers, Microsoft warns. (to the original material)

- Hacker accused of having stolen personal data of all Austrians and more. (to the original material)

- CVE-2023-23560 flaw exposes 100 Lexmark printer models to hack. (to the original material)

- BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer. (to the original material)

- Trustwave updates its threat hunting to find unknown dangers. (to the original material)

- Secure your Untappd check-ins. (to the original material)

- Brazil's Telecom Operators Made Strides and Had Shortcomings in Internet Lab's New Report on User Privacy Practices. (to the original material)

- Threat Round up for January 20 to January 27. (to the original material)

- Three trends public and healthcare cyber defense teams should know about in 2023. (to the original material)

- Novel Mimic ransomware strain detailed. (to the original material)

- Google ads phishing takes aim on password managers. (to the original material)

- Cybersecurity layoffs in the past year examined. (to the original material)

- NIST risk management framework for AI issued. (to the original material)

- CISA’s Joint Cyber Defense Collaborative details priorities. (to the original material)

- New Abraham Ax operation linked to Iranian hacktivist group. (to the original material)

- Alarm on Russian, Iranian spear-phishing operations raised by UK. (to the original material)

- Report: ChatGPT presents critical cyber risks. (to the original material)

- Five ways security teams can more effectively manage identities in the cloud. (to the original material)

- Third-party risks: How to reduce them. (to the original material)

- How AI and DAST can mitigate security risks. (to the original material)

- Multiple Vulnerabilities Found In Healthcare Software OpenEMR. (to the original material)

- Black Basta Deploys PlugX Malware in USB Devices With New Technique. (to the original material)

- New 'Pig Butchering' Scam in West Africa Impersonates US Financial Advisors. (to the original material)

- Security is Key to Business Transformation, Say IT Chiefs. (to the original material)

- Global Action "Dismantles" Hive Ransomware Group. (to the original material)

- Microsoft: Update On-Premises Exchange Server Now. (to the original material)

26.01.2023 - News from cyber security.

- Cybersecurity news of the week (26.01.2023). (to the original material)

- The National Directorate of Cyber Security and ING Bank call for vigilance: cyber attackers can use artificial intelligence to create phishing messages that look more genuine than ever. (to the original material)

- JCDC (Joint Cyber Defense Collaborative) Announces 2023 Planning Agenda. (to the original material)

- CISA Releases Eight Industrial Control Systems Advisories. (to the original material)

- CISA Has Added One Known Exploited Vulnerability to Catalog. (to the original material)

- The Hybrid Professional Life: How Social Media Apps Became a Professional Recruiting and Business Promotion Medium. (to the original material)

- Why your data is more valuable than you may realize. (to the original material)

- UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups. (to the original material)

- An unfaithful employee leaked Yandex source code repositories. (to the original material)

- Hive Ransomware Tor leak site apparently seized by law enforcement. (to the original material)

- Experts warn of a surge of attacks exploiting a Realtek Jungle SDK RCE (CVE-2021-35394). (to the original material)

- 3 Barracuda executives share security predictions for 2023. (to the original material)

- How to Fix the “Deceptive Site Ahead” Warning. (to the original material)

- Ransomware groups rebrand and claim more victims. (to the original material)

- Cybersecurity is a key first step in digital transformation. (to the original material)

- What Old is New Again and What's Old is Me? (to the original material)

- Vulnerability Spotlight: OS command injection, directory traversal and other vulnerabilities found in Siretta Quartz-Gold and FreshTomato. (to the original material)

- The Best Super Bowl Ads of All Time. (to the original material)

- The Next Arms Race: Empowering the next generation of cybersecurity workers. (to the original material)

- Cybersecurity budgets lacking amid rising threats. (to the original material)

- More data breach disclosures lacking information. (to the original material)

- Windows CryptoAPI vulnerability exploit issued. (to the original material)

- Report: Baltimore school system lacked defenses prior to 2020 cyberattack. (to the original material)

- Zacks Investment Research data breach impacts 820K individuals. (to the original material)

- Malware campaign compromises over 4,500 WordPress sites. (to the original material)

- Windows systems targeted by novel Python RAT malware. (to the original material)

- New attack techniques employed by North Korean APT. (to the original material)

- Google Ads exploited for network breaches. (to the original material)

- Iranian Group Cobalt Sapling Targets Saudi Arabia With New Persona. (to the original material)

- Zacks Investment Research Confirms Breach Affecting 820,000 Customers. (to the original material)

- CISA Warns Against Malicious Use of Legitimate RMM Software. (to the original material)

- NCSC: Iranian and Russian Groups Targeting Government, Activists and Journalists With Spearphishing. (to the original material)

- Dark Web Posts Advertising Counterfeit Cash Surge 90%. (to the original material)

- Near-Record Year for US Data Breaches in 2022. (to the original material)

- Lloyds Bank Warns of 80% Surge in Advance Fee Scams. (to the original material)

25.01.2023 - News from cyber security.

- CISA, NSA, and MS-ISAC Release Advisory on the Malicious Use of RMM Software. (to the original material)

- VMware Releases Security Updates for VMware vRealize Log Insight. (to the original material)

- Gaming and Video Games: How Much Is Too Much for Your Kids? (to the original material)

- Mastodon vs. Twitter: Know the differences. (to the original material)

- Zacks Investment Research data breach impacted hundreds of thousands of customers. (to the original material)

- Google Chrome 109 update addresses six security vulnerabilities. (to the original material)

- North Korea-linked TA444 group turns to credential harvesting activity. (to the original material)

- French rugby club Stade Français leaks source code. (to the original material)

- DragonSpark threat actor avoids detection using Golang source code Interpretation. (to the original material)

- Below the Surface: Innovations in security awareness training. (to the original material)

- Quality and security suffer in the push for digital transformation. (to the original material)

- Lookout launches unified security for endpoints and cloud. (to the original material)

- Dealing with the threat of social engineering [Q&A]. (to the original material)

- Newly-discovered Signal vulnerabilities - how dangerous are they? (to the original material)

- EFF Tells Supreme Court: User Speech Must Be Protected. (to the original material)

- What security pros need to know about the FTC’s proposed non-compete rule. (to the original material)

- New detection bypass methods accompany Emotet revival. (to the original material)

- Cyberwarfare concern amid Russia-Ukraine conflict examined. (to the original material)

- CISA sheds light on K-12 cybersecurity in review. (to the original material)

- New cyber, workforce subcommittees expected at House Oversight panel. (to the original material)

- Riot Games rejects paying $10M ransom for breach. (to the original material)

- Zendesk hit by phishing-related data breach. (to the original material)

- GoTo breach compromised encrypted backups. (to the original material)

- Significant updates likely in upcoming NIST cybersecurity framework. (to the original material)

- Novel Blank Image phishing technique detailed. (to the original material)

- Cyber testing gaps, staffing shortfall compromising DoD (Department of Defence) cyber posture. (to the original material)

- LatAm hacktivist collective Guacamaya examined. (to the original material)

- GAO (Government Accountability Office): Most cyber recommendations ignored by federal agencies. (to the original material)

- North Korean Group TA444 Shows 'Startup' Culture, Tries Numerous Infection Methods. (to the original material)

- Yahoo Overtakes DHL As Most Impersonated Brand in Q4 2022. (to the original material)

- Ticketmaster Claims Bot Attack Disrupted Taylor Swift Tour Sales. (to the original material)

- Regulator Stress Test Highlights Cyber Insurance Concerns. (to the original material)

- New Cheats May Emerge After Riot Games Hack. (to the original material)

- Just Half of Firms Have Sufficient Cybersecurity Budget. (to the original material)

24.01.2023 - News from cyber security.

- Apple Releases Security Updates for Multiple Products. (to the original material)

- CISA Releases Two Industrial Control Systems Advisories. (to the original material)

- CISA Releases Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats. (to the original material)

- Protect your digital identity in 2023. (to the original material)

- 5 valuable skills your children can learn by playing video games. (to the original material)

- VMware warns of critical code execution bugs in vRealize Log Insight. (to the original material)

- Pakistan hit by nationwide power outage, is it the result of a cyber attack? (to the original material)

- GoTo revealed that threat actors stole customers’ backups and encryption key for some of them. (to the original material)

- FBI confirms that North Korea-linked Lazarus APT is behind Harmony Horizon Bridge $100 million cyber heist. (to the original material)

- Meta Platforms expands features for EE2E on Messenger App. (to the original material)

- CISA added Zoho ManageEngine RCE (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog. (to the original material)

- Researcher found US ‘No Fly List’ on an unsecured server. (to the original material)

- Secured.22: Backing Up Your Microsoft 365 Environment. (to the original material)

- Cybersecurity Threat Advisory: NortonLifeLock compromised. (to the original material)

- Massive Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network. (to the original material)

- Insider threats become more frequent and harder to deal with. (to the original material)

- Organizations not prepared for cyberwarfare. (to the original material)

- How ChatGPT will change cybersecurity. (to the original material)

- The Next Stage in Security Expert’s Trial Set for January 31. (to the original material)

- Podcast Episode: Don't Be Afraid to Poke the Tigers. (to the original material)

- Threat Landscape Topic Summary Report: Cisco Talos Year in Review 2022. (to the original material)

- By reframing talent, we can meet the cybersecurity skills gap. (to the original material)

- New NSA security guidelines for IPv6 transition issued. (to the origina material)

- Massive app-spoofing malvertising scheme disrupted. (to the original material)

- Russia hit with record high DDoS attacks last year. (to the original material)

- Sliver C2 framework gaining traction among threat actors. (to the original material)

- Global anti-ransomware task force begins operations. (to the original material)

- DellOro Group predicts SASE to overtake SD-WAN. (to the original material)

- Dell touts new servers with advanced security, efficiencies. (to the original material)

- Remote.It updates networking platform with zero-trust features. (to the original material)

- Threat intelligence: Security pros share key challenges. (to the original material)

- Threat intelligence: Security pros identify top benefits. (to the original material)

- DragonSpark Hackers Evade Detection With SparkRAT and Golang. (to the original material)

- FBI Confirms Lazarus Group Was Behind $100m Harmony Hack. (to the original material)

- #DataPrivacyWeek: Consumers Already Concerned About AI’s Impact on Data Privacy. (to the original material)

- Microsoft to Block Excel XLL Add-Ins to Stop Malware Delivery. (to the original material)

- Gartner: Zero Trust Will Not Mitigate Over Half of Attacks. (to the original material)

- #DataPrivacyWeek: ICO Offers Data Protection Advice to SMBs. (to the original material)

- Record-Breaking Year for DDoS Attacks Targeting Russia. (to the original material)

23.01.2023 - News from cyber security.

- CISA Adds One Known Exploited Vulnerability to Catalog. (to the original material)

- Vulnerability Summary for the Week of January 16, 2023. (to the original material)

- 9 recommendations for hassle-free holidays in 2023. (to the original material)

- January is Digital Cleanup Month. (to the original material)

- The hybrid work style has transformed business communication platforms into preferred online socializing spaces. (to the original material)

- Hybrid play: Leveling the playing field in online video gaming and beyond. (to the original material)

- Apple backported patches for CVE-2022-42856 zero-day on older iPhones, iPads. (to the original material)

- Two flaws in Samsung Galaxy Store can allow to install Apps and execute JS code. (to the original material)

- Companies impacted by Mailchimp data breach warn their customers. (to the original material)

- Massive Ad fraud scheme VASTFLUX targeted over 11 million devices. (to the original material)

- Video game firm Riot Games hacked, now it faces problems to release content. (to the original material)

- The Trouble with API security. (to the original material)

- Riot Games delays release of game updates and patches following security breach. (to the original material)

- How to avoid online recruitment scams in 2023. (to the original material)

- Socks5 VPN: What It Is & Why PIA Is the Best. (to the original material)

- Four lessons learned from the latest third-party breach of Uber data. (to the original material)

- FanDuel impacted by MailChimp data breach. (to the original material)

- Malware deployment facilitated by Microsoft OneNote attachments. (to the original material)

- Ukraine impacted by new Gamaredon cyberattacks exploiting Telegram. (to the original material)

- Fortinet vulnerability leveraged for new Boldmove malware distribution. (to the original material)

- Vice Society attack on LAUSD compromised contractors’ data. (to the original material)

- Potential TSA no-fly list breach under investigation. (to the original material)

- Cyber threats from China’s AI program, Russia-Ukraine war emphasized by FBI director. (to the original material)

- How to determine SASE needs specific to your IT environment. (to the original material)

- Hackers Deploy Open-Source Tool Sliver C2, Replacing Cobalt Strike, Metasploit. (to the original material)

- Two Vulnerabilities Found in Galaxy App Store. (to the original material)

- Most Federal Agencies Ignored GAO's (US Government Accountability Office) Cybersecurity Recommendations. (to the original material)

- Ad Fraud Scheme Tops 12 Billion Daily Bid Requests. (to the original material)

- Riot Games Halts Work After Cyber-Attack. (to the original material)

- New Government Cyber Advice for £100bn UK Charity Sector. (to the original material)

22.01.2023 - News from cyber security.

- Expert found critical flaws in OpenText Enterprise Content Management System. (to the original material)

- Roaming Mantis uses new DNS changer in its Wroba mobile malware. (to the original material)

- Security Affairs newsletter Round 403 by Pierluigi Paganini. (to the original material)

21.01.2023 - News from cyber security.

- The Irish DPC fined WhatsApp €5.5M for violating GDPR. (to the original material)

- Around 19,500 end-of-life Cisco routers are exposed to hack. (to the original material)

20.01.2023 - News from cyber security.

- The National Cyber Security Directorate (DNSC) and the European Commission signed the financing contract for the 'Romanian Cyber Care Health' project. (to the original material)

- Drupal Releases Security Advisories to Address Multiple Vulnerabilities. (to the original material)

- Cisco Releases Security Advisory for Unified CM and Unified CM SME. (to the original material)

- Ransomware payments down 40% in 2022 – Week in security with Tony Anscombe. (to the original material)

- T-Mobile suffered a new data breach, 37 million accounts have been compromised. (to the original material)

- PayPal notifies 34942 users of data breach over credential stuffing attack. (to the original material)

- Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October. (to the original material)

- Cisco fixes SQL Injection flaw in Unified CM. (to the original material)

- Moving Target Defense - how a military strategy translates to the cybersecurity world [Q&A]. (to the original material)

- For Would-Be Censors and the Thin-Skinned, Copyright Law Offers Powerful Tools. (to the original material)

- Right to Repair Advocates Have Had Good Victories. We Have To Keep Fighting. (to the original material)

- Threat Round up for January 13 to January 20. (to the original material)

- Meta’s Lawsuit Against NSO Goes Forward – The Fight Against NSO Spyware Gains Strength. (to the original material)

- How a cloud center of excellence can bring order to the cloud. (to the original material)

- Credential stuffing attack compromises 35K PayPal accounts. (to the original material)

- Ransomware attack hits Yum Brands. (to the original material)

- Zoho ManageEngine flaw under active exploitation. (to the original material)

- Compromised API-related breaches on the rise. (to the original material)

- Novel Hook Android malware emerges. (to the original material)

- Updated Roaming Mantis malware involves DNS changer. (to the original material)

- Third-party risks: What organizations face. (to the original material)

- Buying SASE: Questions to ask vendors before you commit. (to the original material)

- WhatsApp Hit with €5.5m fine for GDPR Violations. (to the original material)

- "Workarounds" Helped Royal Mail Resume Shipping After Ransomware Attack. (to the original material)

- Phishers Use Blank Images to Disguise Malicious Attachments. (to the original material)

- API Attacker Steals Data on 37 Million T-Mobile Customers. (to the original material)

- Massive Credential Stuffing Campaign Hits 35,000 PayPal Users. (to the original material)

19.01.2023 - News from cyber security.

- Cybersecurity news of the week (19.01.2023). (to the original material)

- Cybersecurity Awareness Raising: Peek Into the ENISA-Do-It-Yourself Toolbox. (to the original material)

- CISA Releases One Industrial Control Systems Advisory. (to the original material)

- How to set up parental controls on your child's new smartphone. (to the original material)

- Tech support scammers are still at it: Here’s what to look out for in 2023. (to the original material)

- Experts released PoC exploit for critical Zoho ManageEngine RCE flaw. (to the original material)

- Critical Microsoft Azure RCE flaw impacted multiple services. (to the original material)

- Mailchimp discloses a new security breach, the second one in 6 months. (to the original material)

- US CISA adds Centos Web Panel RCE CVE-2022-44877 to its Known Exploited Vulnerabilities Catalog. (to the original material)

- Five security trends to look out for in 2023. (to the original material)

- Vulnerable WordPress Sites Compromised with Different Database Infections. (to the original material)

- New Linux malware up 50 percent in 2022. (to the original material)

- New marketplace offers downloadable threat models for free. (to the original material)

- Telegram – “secret”? Yeah, right. (to th original material)

- Fair Use Creep Is A Feature, Not a Bug. (to the original material)

- Have You Tried Turning It Off and On Again: Rethinking Tech Regulation and Creative Labor. (to the original material)

- EFF Warns Supreme Court That Users’ Speech is at Stake When Increasing Platforms’ Liability. (to the original material)

- Threat Source newsletter (Jan. 19, 2023): Talent retention and institutional knowledge. (to the original material)

- Vulnerability Spotlight: XSS vulnerability in Ghost CMS. (to the original material)

- Adopt a ‘GDPR Everywhere’ strategy. (to the original material)

- Magento vulnerability patch evaded by vendors. (to the original material)

- Netcomm, TP-Link routers impacted by critical bugs. (to the original material)

- ICS espionage, disruption likely with GE Proficy Historian flaws. (to the original material)

- Solaris darknet market hacked. (to the original material)

- Data breach impacts Mailchimp. (to the original material)

- Ukrainian news agency ransomware attack tied to Sandworm operation. (to the original material)

- Roaming Mantis' Hacking Campaign Adds DNS Changer to Mobile App. (to the original material)

- ThreatModeler Makes DevSecOps More Accessible With New Marketplace. (to the original material)

- Mailchimp Hit By Another Data Breach Following Employee Hack. (to the original material)

- Ransomware Payments Fall by 40% in 2022. (to the original material)

- Over a Third of Recent ICS Bugs Still Have No Vendor Patch. (to the original material)

- FTX: Over $400m Stolen from Bankrupt Exchange. (to the original material)

- Crypto-Exchange Used to Launder Ransomware Transactions Dismantled. (to the original material)

- Hundreds of Malicious Packages Found in npm Registry. (to the original material)

18.01.2023 - News from cyber security.

- Mozilla Releases Security Updates for Firefox. (to the original material)

- Two critical flaws discovered in Git source code version control system. (to the original material)

- A couple of bugs can be chained to hack Netcomm routers. (to the original material)

- Myrocket HR platform’s data leak turns into privacy nightmare for employees. (to the original material)

- Experts found SSRF flaws in four different Microsoft Azure services. (to the original material)

- GPT to drive next wave of AI phishing attacks. (to the original material)

- New solution secures encrypted data for a post-quantum world. (to the original material)

- Open Data and the AI Black Box. (to the original material)

- Four ways to level-up a company’s security awareness. (to the original material)

- Thousands of Sophos Firewall devices at risk of RCE attacks. (to the original material)

- GitHub Codespaces exploitable for malware delivery. (to the original material)

- Microsoft 365 security bypassed by DHL-spoofing phishing attack. (to the original material)

- Nearly 1,000 shipping vessels impacted by DNV ransomware attack. (to the original material)

- Third-party breach hits Nissan North America. (to the original material)

- Sharp decline in compromised payment records for sale reported. (to the original material)

- Children’s privacy-related bills mulled by state lawmakers. (to the original material)

- Period tracking apps’ adherence to privacy laws sought by new Washington state legislation. (to th original material)

- National Digital Reserve Corps sought by new legislation. (to the original material)

- Stealthy malware distribution involves polyglot files. (to the original material)

- AI to be increasingly used for more sophisticated deep fakes. (to the original material)

- Cybersecurity concerns of 5G expansion emphasized by FCC Chair. (to the original material)

- Congress urged to renew intelligence authorities. (to the original material)

- Chinese APT Group Vixen Panda Targets Iranian Government Entities. (to the original material)

- Over Four Billion People Affected By Internet Censorship in 2022. (to the original material)

- 1000 Shipping Vessels Impacted by Ransomware Attack. (to the original material)

- ChatGPT Creates Polymorphic Malware. (to the original material)

- #WEF23: Geopolitical Instability Means a Cyber "Catastrophe" is Imminent. (to the original material)

- Almost Half of Critical Manufacturing at Risk of Breach. (to the original material)

- Nissan Supplier Leaked Data on Thousands of Customers. (to the original material)

- FinServ Firms See 81% Surge in Attacks Since Russia-Ukraine War. (to the original material)

- European Businesses Admit Major Privacy Skills Gap. (to the original material)

17.01.2023 - News from cyber security.

- CISA Adds One Known Exploited Vulnerability to Catalog. (to the original material)

- CISA Updates Best Practices for Mapping to MITRE ATT&CK®. (to the original material)

- CISA Releases Four Industrial Control Systems Advisories. (to the original material)

- Vulnerability Summary for the Week of January 9, 2023. (to the original material)

- The doctor is waiting for you in his office … online: tips for using telemedicine services safely. (to the original material)

- Top 10 Venmo scams: Don’t fall for these common tricks. (to the original material)

- 1,000 ships impacted by a ransomware attack on maritime software supplier DNV. (to the original material)

- How to abuse GitHub Codespaces to deliver malicious content. (to the original material)

- Patch your Zoho ManageEngine instance immediately! PoC Exploit for CVE-2022-47966 will be released soon. (to the original material)

- Fortinet observed three rogue PyPI packages spreading malware. (to the original material)

- Managing Asset Risks During Healthcare M&As. (to the original material)

- Is WordPress Secure? (to the original material)

- Digital Rights Updates with EFFector 35.1. (to the original material)

- Calling all cyber companies: SC Awards entry period is open. (to the original material)

- Why a hybrid approach can help mitigate DDoS attacks. (to the original material)

- GhostSec’s claimed ICS ransomware attack questioned. (to the original material)

- Cyberattack against German university claimed by Vice Society. (to the original material)

- Lazarus moves nearly $64M in stolen funds from Harmony hack. (to the original material)

- More PyPI packages distribute infostealers. (to the original material)

- Novel Hive malware kit-based backdoor emerges. (to the original material)

- Medibank sought to provide compensation for data breach. (to the original material)

- Europol cracks down crypto call center fraud. (to the original material)

- Facility control systems prioritized in new ‘Hack the Pentagon’ program installment. (to the original material)

- CISA: Several ICS products impacted by critical flaws. (to the original material)

- ‘Spray and pray’ attacks likely with Zoho ManageEngine RCE bug. (to the original material)

- Russian mobilization concerns exploited in new phishing campaign. (to the original material)

- ODIN Intelligence website hacked. (to the original material)

- Cyberattack compromises largest Canadian alcohol retailer’s site. (to the original material)

- EyeSpy spyware distributed via malicious VPN installers. (to the original material)

- Critical Cacti vulnerability leveraged for malware deployment. (to the original material)

- Attempted exploitation of critical Control Web Panel bug underway. (to the original material)

- Voyager Labs sued by Meta for user data scraping, fake accounts. (to the original material)

- Ukrainian, NATO country entities targeted by pro-Russian DDoS attacks. (to the original material)

- Data breach impacts NortonLifeLock. (to the original material)

- Exchange servers targeted by Cuba ransomware with OWASSRF vulnerability. (to the original material)

- Patched Fortinet SSL-VPN flaw leveraged to compromise government networks. (to the original material)

- New IcedID malware attack targeted at Active Directory domain. (to the original material)

- Royal Mail compromised by LockBit ransomware gang. (to the original material)

- Record high illicit cryptocurrency volumes reported in 2022. (to the original material)

- Threema’s downplayed reaction to security analysis criticized. (to the original material)

- Multiple flaws discovered in Siemens PLCs. (to the original material)

- Report: SSE with public cloud preferred by most companies. (to the original material)

- New Intel solution to provide confidential computing for virtual machines. (to the original material)

- Security risks of ChatGPT and other AI text generators. (to the original material)

- Vice Society Claims Ransomware Attack Against University of Duisburg-Essen. (to the original material)

- Researchers Warn Against Zoho ManageEngine Exploit Attacks. (to the original material)

- Three-Quarters of UK Schools Have Experienced a Cyber Incident. (to the original material)

- Earth Bogle Group Targets Middle East With NjRAT, Geopolitical Lures. (to the original material)

- Russia's Ukraine War Drives 62% Slump in Stolen Cards. (to the original material)

- GDPR Fines Surge 168% in a Year. (to the original material)

- Initial Access Broker Activity Doubles in a Year. (to the original material)

16.01.2023 - News from cyber security.

- Hybrid commerce: Blurring the lines between business and pleasure. (to the original material)

- Avast researchers released a free BianLian ransomware decryptor for some variants of the malware. (to the original material)

- Experts spotted a backdoor that borrows code from CIA’s Hive malware. (to the original material)

- T95 Android TV Box sold on Amazon hides sophisticated malware. (to the original material)

- Europol arrested cryptocurrency scammers that stole millions from victims. (to the original material)

- Major security breach exposes usernames and passwords of Norton Password Manager customers. (to the original material)

- Microsoft releases a script to restore a 'subset' of shortcuts deleted by rogue Defender ASR rule. (to the original material)

- Doxing - another online danger for women. (to the original material)

- US Copyright Term Extensions Have Stopped, But the Public Domain Still Faces Threats. (to the original material)

- It’s Copyright Week 2023: Join Us in the Fight for Better Copyright Law and Policy. (to the original material)

- Lateral movement: The key to identity-based attacks. (to the original material)

- US to Launch Third Iteration of 'Hack the Pentagon' Bug Bounty Program. (to the original material)

- CircleCI Confirms Data Breach Was Caused By Infostealer on Employee Laptop. (to the original material)

- Qbot Overtakes Emotet in December 2022's Most Wanted Malware List. (to the original material)

- Hackers Hijack NortonLifeLock Customer Accounts. (to the original material)

- US Court Orders $17m Be Given to BitConnect Victims. (to the original material)

- TikTok Fined Over $5m for Cookie Violations. (to the original material)

15.01.2023 - News from cyber security.

- 1.7 TB of data stolen from digital intelligence firm Cellebrite leaked online. (to the original material)

- Hacker stole credit cards from the website of Canada’s largest alcohol retailer LCBO (Canadian Liquor Control Board of Ontario). (to the original material)

- Security Affairs newsletter Round 402 by Pierluigi Paganini. (to the original material)

14.01.2023 - News from cyber security.

- Most internet-exposed Cacti servers exposed to hacking. (to the original material)

- French CNIL (Commission Nationale de l’Informatique et des Libertés) fined Tiktok $5.4 Million for violating cookie laws. (to the original material)

- EFF-Austin: Digital Privacy At The Texas Legislature. (to the original material)

13.01.2023 - News from cyber security.

- World's Weakest Passwords: What to do if your password is on this list? (to the original material)

- APT group trojanizes Telegram app – Week in security with Tony Anscombe. (to the original material)

- NortonLifeLock: threat actors breached Norton Password Manager accounts. (to the original material)

- Pro-Russia group NoName057(16) targets Ukraine and NATO countries. (to the original material)

- LockBit ransomware operation behind the Royal Mail cyberattack. (to the original material)

- Threat actors target govt networks exploiting Fortinet SSL-VPN CVE-2022-42475 bug. (to the original material)

- Below the Surface: Cybersecurity trends to watch in 2023. (to the original material)

- Webinar: Simplify Zero Trust Deployment in AWS. (to the original material)

- Open banking remains a closed book for most consumers. (to the original material)

- Addressing the challenge of cybersecurity infrastructure fragmentation [Q&A]. (to the original material)

- Threema vulnerabilities, and which instant messenger has the best protection? (to the original material)

- Threat Round up for January 6 to January 13. (to the original material)

- Vulnerability Spotlight: Integer and buffer overflow vulnerabilities found in QT QML. (to the original material)

- Database encryption takes work, but it’s achievable. (to the original material)

- Old Intel driver vulnerability exploited to evade security systems. (to the original material)

- Cyberattack link to FAA outage dismissed by White House. (to the original material)

- Energy infrastructure cybersecurity legislation introduced. (to the original material)

- Critical flaws found in Cisco small business routers. (to the original material)

- Royal Mail disrupted by ‘cyber incident’. (to the original material)

- Bay Bridge Administrators data breach hits more than 251K individuals. (to the original material)

- Pro-Russian Hacktivist Group Targets Czech Presidential Election. (to the original material)

- Russian Hackers Try to Bypass ChatGPT's Restrictions For Malicious Purposes. (to the original material)

- Cisco Warns of Critical Vulnerability in End-of-Life Routers. (to the original material)

- Royal Mail's Attackers Linked to Russia-Backed LockBit. (to the original material)

- Euro Police Bust Multimillion-Dollar Crypto Fraud Gang. (to the original material)

- Illegal Crypto Transaction Volumes Hit All-Time High. (to the original material)

- Millions of Insurance Customers Compromised Via Supplier. (to the original material)

12.01.2023 - News from cyber security.

- Juniper Networks Releases Security Updates for Multiple Products. (to the original material)

- Drupal Releases Security Update to Address Vulnerability in Private Taxonomy Terms. (to the original material)

- CISA Releases Twelve Industrial Control Systems Advisories. (to the original material)

- CloudSek launches free security tool that helps users win bug bounty. (to the original material)

- Cybersecurity spending and economic headwinds in 2023. (to the original material)

- Meta’s Tracking Woes Confirmed As It Intensifies Its Battle For Control Of The EU’s GDPR. (to the original material)

- Reading Is Cool Again. The Reason? Social Media. (to the original material)

- How to instrument system applications on Android stock images. (to the original material)

- Global Risks Report: Understand the risk landscape in 2023 and beyond. (to the original material)

- Cisco won’t fix router flaws even though PoC exploit is available (CVE-2023-20025, CVE-2023-20026). (to the original material)

- 6 oversights that enable data breaches. (to the original material)

- Threat actors actively exploit Control Web Panel RCE following PoC release. (to the original material)

- Threat actors claim access to Telegram servers through insiders. (to the original material)

- Twitter: 200M dataset was not obtained through the exploitation of flaws in its systems. (to the original material)

- Social marketplace Trustanduse exposes nearly half a million users. (to the original material)

- LockBit Ransomware Group Reportedly Behind Royal Mail Attack. (to the original material)

- Giving Patients Easy Access to Health Info: A Balancing Act. (to the original material)

- Gootkit Malware Found Targeting Australian Healthcare Sector. (to the original material)

- US and Japan Pledge Deepened Cyberspace Collaboration. (to the original material)

- Healthcare CISO Group Focuses on Third-Party Risk Challenges. (to the original material)

- Twitter: Latest Dump Has 'Already Publicly Available' Data. (to the original material)

- Cloudflare integration with Microsoft focuses on zero trust for remote environments. (to the original material)

- A third of companies don’t offer cybersecurity training to remote workers. (to the original material)

- There’s no such thing as ‘100% security’. (to the original material)

- Critical vulnerabilities in Siemens PLC devices could allow bypass of protected boot features (CVE-2022-38773). (to the original material)

- Global Risks Report: Understand the risk landscape in 2023 and beyond. (to the original material)

- Cisco won’t fix router flaws even though PoC exploit is available (CVE-2023-20025, CVE-2023-20026). (to the original material)

- 6 oversights that enable data breaches. (to the original material)

- Hackers exploit Control Web Panel flaw to open reverse shells. (to the original material)

- Royal Mail cyberattack linked to LockBit ransomware operation. (to the original material)

- RAT malware campaign tries to evade detection using polyglot files. (to the original material)

- Microsoft: Exchange Server 2013 reaches end of support in 90 days. (to the original material)

- Android TV box on Amazon came pre-installed with malware. (to the original material)

- Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw. (to the original material)

- MetaMask warns of new 'Address Poisoning' cryptocurrency scam. (to the original material)

- European police takes down call centers behind cryptocurrency scams. (to the original material)

- Vice Society ransomware claims attack on Australian firefighting service. (to the original material)

- Fortinet: Govt networks targeted with now-patched SSL-VPN zero-day. (to the original material)

- Introducing IPyIDA: A Python plugin for your reverse‑engineering toolkit. (to the original material)

- How to Fix “There Has Been a Critical Error on This Website” in WordPress. (to the original material)

- Almost half of people think cyberattackers shouldn't be prosecuted -- provided they hand back some of their proceeds. (to the original material)

- New Year’s resolutions for a secure 2023. (to the original material)

- Threat Source newsletter (Jan. 12, 2023): Did ChatGPT write our newsletter? (to the original material)

- How to Stay Safe When Working Remotely. (to the original material)

- Can Websites & Apps Track Your Phone? (to the original material)

11.01.2023 - News from cyber security.

- NCSC-UK Releases Guidance on Using MSP for Administering Cloud Services. (to the original material)

- Cybersecurity Trends 2023: How we can protect the hybrid lifestyle. (to the original material)

- Now you can legally repair your tech – sort of. (to the original material)

- Secured.22: Optimize SD-WAN and SASE adoption. (to the original material)

- How to improve communication between information security staff and management. (to the original material)

- LABScon Replay | Blasting Event-Driven Cornucopia: WMI-based User-Space Attacks Blind SIEMs and EDRs. (to the original material)

- Cybercriminals bypass Windows security with driver-vulnerability exploit. (to the original material)

- Timeline of the latest LastPass data breaches. (to the original material)

- Crypto audit of Threema revealed many vulnerabilities. (to the original material)

- Google is calling EU cybersecurity founders. (to the original material)

- Attackers abuse business-critical cloud apps to deliver malware. (to the original material)

- Organizations are adopting SSE technology to secure hybrid work. (to the original material)

- Royal Mail is suffering service disruption due to a ‘cyber incident’. (to the original material)

- Gootkit Loader campaign targets Australian Healthcare Industry. (to the original material)

- US CISA adds MS Exchange bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog. (to the original material)

- Microsoft Patch Tuesday for January 2023 fixed actively exploited zero-day. (to the original material)

- Ransomware Group Behind Victoria Fire Department Outage. (to the original material)

- The Guardian Says Hackers Accessed UK Employee Data. (to the original material)

- Why Hackers Are Going 'Downmarket' in Their Attacks. (to the original material)

- Microsoft's First 2023 Patch Tuesday Fixes 0-Day, 98 Vulns. (to the original material)

- Organizationwide Passwordless Orchestration. (to the original material)

- US Flights Resume After Reported Computer Glitch Resolved. (to the original material)

- Darknet Markets Using Custom Android Apps for Fulfillment. (to the original material)

- Aflac, Zurich Policyholders in Japan Affected by Data Leaks. (to the original material)

- Flaws found in nearly a third of applications on the first scan. (to the original material)

- USPTO awards seven new authentication patents to SecureAuth. (to the original material)

- Observability, hybrid IT and secure software development: Three trends that defined 2022. (to the original material)

- What CISOs don’t know about their SOCs. (to the original material)

- Crypto audit of Threema revealed many vulnerabilities. (to the original material)

- Google is calling EU cybersecurity founders. (to the original material)

- Attackers abuse business-critical cloud apps to deliver malware. (to the original material)

- Organizations are adopting SSE technology to secure hybrid work. (to the original material)

- Scattered Spider hackers use old Intel driver to bypass security. (to the original material)

- Twitter claims leaked data of 200M users not stolen from its systems. (to the original material)

- Threema claims encryption flaws never had a real-world impact. (to the original material)

- Cisco warns of auth bypass bug with public exploit in EoL routers. (to the original material)

- Gootkit malware abuses VLC to infect healthcare orgs with Cobalt Strike. (to the original material)

- Royal Mail halts international services after cyberattack. (to the original material)

- New Dark Pink APT group targets govt and military with custom malware. (to the original material)

- Apps gain more security flaws as they get older. (to the original material)

- Personal details account for almost half of stolen data. (to the original material)

- AI-generated texts could increase threat exposure. (to the original material)

- The KB5022287 and KB5022303 updates feature important security fixes for Windows 11. (to the original material)

- Microsoft releases security-boosting, bug-fixing KB5022282 and KB5022286 Windows 10 updates, the first of 2023. (to the original material)

10.01.2023 - News from cyber security.

- Adobe Releases Security Updates for Multiple Products. (to the original material)

- Microsoft Releases January 2023 Security Updates. (to the original material)

- CISA Adds Two Known Exploited Vulnerabilities to Catalog. (to the original material)

- CISA Releases Two Industrial Control Systems Advisories. (to the original material)

- StrongPity espionage campaign targeting Android users. (to the original material)

- What is Red Teaming & How it Benefits Orgs. (to the original material)

- Podcast: Don’t miss these timely software security tips. (to the original material)

- How scammers steal cryptocurrency from Twitter users. (to the original material)

- Bad Paths & The Importance of Using Valid URL Characters. (to the original material)

- Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams. (to the original material)

- Data leak exposes information of 10,000 French social security beneficiaries. (to the original material)

- Intel boosts VM security, guards against stack attacks in new Xeon release. (to the original material)

- Beware the Gifts of Dragons: How D&D’s Open Gaming License May Have Become a Trap for Creators. (to the original material)

- Increasing trust, commitment, and predictability during a remote incident response. (to the original material)

- Vulnerability Spotlight: Asus router access, information disclosure, denial of service vulnerabilities discovered. (to the original material)

- Microsoft Patch Tuesday for January 2023 - Snort rules and prominent vulnerabilities. (to the original material)

- APT Topic Summary Report: Cisco Talos Year in Review 2022. (to the original material)

- Microsoft plugs actively exploited zero-day hole (CVE-2023-21674). (to the original material)

- You must build a security team. Where do you start? (to the original material)

- Guide: How virtual CISOs can efficiently extend their services into compliance readiness. (to the original material)

- StrongPity APT spreads backdoored Android Telegram app via fake Shagle site. (to the original material)

- Zoom Rooms was affected by four “high” severity vulnerabilities. (to the original material)

- Remote code execution bug discovered in the popular JsonWebToken library. (to the original material)

- Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL. (to the original material)

- Danish Banks Are Targets of Pro-Russian DDoS Hacking Group. (to the original material)

- Analysis: Third-Party Health Data Breaches Dominated in 2022. (to the original material)

- Mango Markets Hacker in US Regulator's Crosshairs. (to the original material)

- Misconfigured PostgreSQL Used to Target Kubernetes Clusters. (to the original material)

- How Poor Vendor Practices Lead to Major Health Data Breaches. (to the original material)

- Check Fraud, First-Party Fraud to Rise in 2023. (to the original material)

- Finding and Managing the Risk in your IT Estate: A Comprehensive Overview. (to the original material)

- 5 Reasons to Consolidate Your Security Stack. (to the original material)

- How zero-trust can help security teams defend against cyberattacks during the ongoing downturn. (to the original material)

- The number of cloud apps delivering malware nearly tripled in 2022. (to the original material)

- The FCC wants telecoms to report breaches to feds and customers faster. (to the original material)

- Buying MDR (Managed Detection and Response): Quotes from the experts. (to the original material)

- Ask these three questions to prepare for the next cyberattack. (to the original material)

- Microsoft plugs actively exploited zero-day hole (CVE-2023-21674). (to the original material)

- You must build a security team. Where do you start? (to the original material)

- Guide: How virtual CISOs can efficiently extend their services into compliance readiness. (to the original material)

- CISA orders agencies to patch Exchange bug abused by ransomware gang. (to the original material)

- Over 1,300 fake AnyDesk sites push Vidar info-stealing malware. (to the original material)

- Lorenz ransomware gang plants backdoors to use months later. (to the original material)

- Trojan Puzzle attack trains AI assistants into suggesting malicious code. (to the original material)

- Microsoft January 2023 Patch Tuesday fixes 98 flaws, 1 zero-day. (to the original material)

- Iowa’s largest school district cancels classes after cyberattack. (to the original material)

- StrongPity hackers target Android users via trojanized Telegram app. (to the original material)

- In-House vs. External Pen Testing: Which is Right For Your Organization? (to the original material)

- Attacks and payments are down - but don't write off ransomware yet. (to the original material)

- Microsoft ends Windows 7 extended support today - install all updates now to fix all known issues... and gain Secure Boot support. (to the original material)

09.01.2023 - News from cyber security.

- DNS4EU: The European Commission plans to launch an alternative to the current public DNS. (to the original material)

- Warnings about phishing traps at the beginning of the year. (to the original material)

- Vulnerability Summary for the Week of January 2, 2023. (to the original material)

- Children and their first mobile devices: how to approach the security of your child's first smartphone as a parent. (to the original material)

- Cracked it! Highlights from KringleCon 5: Golden Rings. (to the original material)

- Hybrid work: Turning business platforms into preferred social spaces. (to the original material)

- Gootkit Loader Actively Targets Australian Healthcare Industry. (to the original material)

- 9th January – Threat intelligence report. (to the original material)

- Software supply chain security improving. (to the original material)

- Will quantum computers break RSA encryption in 2023? (to the original material)

- If governments are banning TikTok, why is it still on your corporate devices? (to the original material)

- 11 top XDR tools and how to evaluate them. (to the original material)

- EFF and Partners Call Out Threats to Free Expression in Draft Text as UN Cybersecurity Treaty Negotiations Resume. (to the original material)

- What is My SSID & Should I Hide It? (to the original material)

- Louisiana Mandates ID Verification for Viewing Adult Material Online. (to the original material)

- Rackspace ransomware attack was executed by using previously unknown security exploit. (to the original material)

- Airline company Air France-KLM discloses security breach. (to the original material)

- Phishing campaign targets government institutions in Moldova. (to the original material)

- Russia-linked Cold River APT targeted US nuclear research laboratories. (to the original material)

- Resecurity Released a Status Report on Drug Trafficking in the Dark Web (2022-2023). (to the original material)

- Qualcomm Snapdragon flaws impact Lenovo, Microsoft, Lenovo, and Samsung devices. (to the original material)

- inSicurezzaDigitale launches the Dashboard Ransomware Monitor. (to the original material)

- Hive Claims Responsibility for Attack on Nursing Home Chain. (to the original material)

- Colonoscopy Prep Retail Website Breach Festered for Years. (to the original material)

- ChatGPT Showcases Promise of AI in Developing Malware. (to the original material)

- Steps to Strengthen Cloud Security. (to the original material)

- Regulator Eyes Revamped Data Breach Reporting Requirements. (to the original material)

- Mastering the Art of Attack Surface Management. (to the original material)

- Trend Micro creates CTOne, a new subsidiary focused on 5G security. (to the original material)

- AWS says it will now encrypt S3 buckets by default. (to the original material)

- Supreme Court denies NSO Group appeal; Meta’s spyware claims lawsuit can proceed. (to the original material)

- MDR: What to know before you buy, part 1. (to the original material)

- MDR: What to know before you buy, part 2. (to the original material)

- 2023: The year CISOs and DPOs (data privacy officers) will stop making assumptions. (to the original material)

- Rackspace ransomware attack was executed by using previously unknown security exploit. (to the original material)

- Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL. (to the original material)

- Darknet drug markets move to custom Android apps for increased privacy. (to the original material)

- GitHub makes it easier to scan your code for vulnerabilities. (to the original material)

- Auth0 fixes RCE flaw in JsonWebToken library used by 22,000 projects. (to the original material)

- Fake OnlyFans dating sites abuse UK Environment Agency open redirect. (to the original material)

08.01.2023 - News from cyber security.

- Russian and Belarusian men charged with spying for Russian GRU. (to the original material)

- Dridex targets MacOS users with a new delivery technique. (to the original material)

- Security Affairs newsletter Round 401 by Pierluigi Paganini. (to the original material)

- UN to Hold Hearing on Proposed Cybercrime Treaty. (to the original material)

- Hackers push fake Pokemon NFT game to take over Windows devices. (to the original material)

07.01.2023 - News from cyber security.

- Chick-fil-A launched an investigation into “suspicious activity”. (to the original material)

- IcedID malware campaign targets Zoom users. (to the original material)

- Hive Ransomware gang leaked 550 GB stolen from Consulate Health Care. (to the original material)

- NFT Developer Charged in $2.9 Million Fraud Scheme. (to the original material)

- Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls. (to the original material)

- 0patch will keep releasing security updates for Microsoft Edge on Windows 7, Server 2008 and Server 2012. (to the original material)

06.01.2023 - News from cyber security.

- OPWNAI : Cybercriminals starting to use ChatGPT. (to the original material)

- Webinar: Security awareness training best practices and benefits. (to the original material)

- The partnership between Bitdefender and law enforcement leads to the development of a decryption tool for the MegaCortex ransomware family. (to the original material)

- 14 UK schools suffer cyberattack, highly confidential documents leaked. (to the original material)

- Twitter's mushrooming data breach crisis could prove costly. (to the original material)

- Cybersecurity startups to watch for in 2023. (to the original material)

- How to Get Secure Wi-Fi While Traveling. (to the original material)

- January 2023 Patch Tuesday forecast: Procrastinate at your own risk. (to the original material)

- Cloud-native application adoption puts pressure on appsec teams. (to the original material)

- Saint Gheorghe Recovery Hospital in Romania suffered a ransomware attack. (to the original material)

- Microsoft details techniques of Mac ransomware. (to the original material)

- Rackspace: Play Ransomware gang used a previously unknown exploit to access its Hosted Exchange email environment. (to the original material)

- Bitdefender released a free decryptor for the MegaCortex ransomware. (to the original material)

- Blind Eagle APT Hunts Banking Victims in Colombia, Ecuador. (to the original material)

- Women's Health Clinic Suffers Breach in Ransomware Attack. (to the original material)

- How Incentives Could Help Fuel Healthcare Cyber Investment. (to the original material)

- Texas County EMS Agency Says Ransomware Breach Hit 612,000. (to the original material)

- ISMG Editors: The Complexity of Rackspace Zero-Day Attack. (to the original material)

- Rackspace Finds Ransomware Group Accessed 27 Customers' Data. (to the original material)

- Expect Hacking, Phishing After Leak of 200M Twitter Records. (to the original material)

- Software Engineer Charged With 'Office Space-Inspired' Fraud. (to the original material)

- OnDemand I Deploy and Scale SASE in the Hybrid Cloud World. (to the original material)

- Trustwave report says businesses need to get more proactive about ransomware. (to the original material)

- Android spyware variant targeting banking information. (to the original material)

- Four ways to reduce the risk of third-party breaches. (to the original material)

- January 2023 Patch Tuesday forecast: Procrastinate at your own risk. (to the original material)

- Cloud-native application adoption puts pressure on appsec teams. (to the original material)

- The Week in Ransomware - January 6th 2023 - Targeting Healthcare. (to the original material)

- Chick-fil-A investigates reports of hacked customer accounts. (to the original material)

- Air France and KLM notify customers of account hacks. (to the original material)

- VSCode Marketplace can be abused to host malicious extensions. (to the original material)

- FCC wants telecom carriers to report data breaches faster. (to the original material)

- Amazon S3 will now encrypt all new data with AES-256 by default. (to the original material)

05.01.2023 - News from cyber security.

- 2022 Review: 10 of the Biggest Cyber Attacks of the Year. (to the original material)

- Ransomware target list – Week in security with Tony Anscombe. (to the original material)

- CISA Releases Three Industrial Systems Control Advisories. (to the original material)

- Check Point Research Reports a 38% Increase in 2022 Global Cyberattacks. (to the original material)

- BlindEagle targeting Ecuador with sharpened tools. (to the original material)

- Stop the swap: How to secure devices against SIM swapping fraud. (to the original material)

- Cybersecurity Threat Advisory: LastPass’ security incident update. (to the original material)

- How to Find & Remove Malware From Weebly Sites. (to the original material)

- Ransomware Roundup – Monti, BlackHunt, and Putin Ransomware. (to the original material)

- Attackers create 130K fake accounts to abuse limited-time cloud computing resources. (to the original material)

- NATO tests AI’s ability to protect critical infrastructure against cyberattacks. (to the original material)

- The BISO (business information security officer): bringing security to business and business to security. (to the original material)

- Last Chance for U.S. Federal Employees to Make a Pledge for EFF! (to the original material)

- Biometric Data Is a Disaster For Your Privacy – And It May Already Be Used Against You. (to the original material)

- Threat Source newsletter (Jan. 5, 2023): Digging out of our inboxes. (to the original material)

- Data backup is no longer just about operational fallback. (to the original material)

- Threat actors stole Slack private source code repositories. (to the original material)

- How hackers might be exploiting ChatGPT. (to the original material)

- Zoho urges fixing a critical SQL Injection flaw in ManageEngine. (to the original material)

- Irish Data Protection Commission fined Meta $414 Million. (to the original material)

- Data of 235 million Twitter users leaked online. (to the original material)

- Most Disturbing Health Data Breach Developments. (to the original material)

- Lab Fined $16K for Long Delay in Providing Patient Records. (to the original material)

- FTC Wants Data Broker's Lawsuit Dismissed in Privacy Dispute. (to the original material)

- AML (Anti-Money Laundering), Cybersecurity Noncompliance Costs Coinbase $100M. (to the original material)

- Critical Vulnerabilities Found in Luxury Cars Now Fixed. (to the original material)

- Lawsuit Claims LastPass Breach Caused $53K Bitcoin Theft. (to the original material)

- Apple Fined 8 Million Euros for Privacy Violations in France. (to the original material)

- Netskope Gets $401M in Debt From Morgan Stanley to Fuel SASE. (to the original material)

- Data Breach: CircleCI Says Immediately 'Rotate Your Secrets'. (to the original material)

- Ransomware 2023: Attack Trends and Recovery. (to the original material)

- Third-Party Risk Management Strategies for Data Breaches. (to the original material)

- Why Banks Find It Hard to Tackle Authorized Fraud. (to the original material)

- On Demand I What's New in Zero Trust. (to the original material)

- Why Is Meta Choosing to Settle Over Cambridge Analytica? (to the original material)

- OnDemand I Application Security: The Final Frontier. (to the original material)

- OnDemand I IoT infrastructure and Retail Operations Fireside Chat I AMPOL. (to the original material)

- Are threat actors gaining cloud skills faster than enterprises? (to the original material)

- Hackers went after personally identifiable information the most, study says. (to the original material)

- Microsoft Macros: The sneaky threat looming in files. (to the original material)

- Data backup is no longer just about operational fallback. (to the original material)

- Rackspace: Customer email data accessed in ransomware attack. (to the original material)

- Bitdefender releases free MegaCortex ransomware decryptor. (to the original material)

- WhatsApp adds proxy support to help bypass Internet blocks. (to the original material)

- SpyNote Android malware infections surge after source code leak. (to the original material)

- Hackers use CAPTCHA bypass to make 20K GitHub accounts in a month. (to the original material)

- Bluebottle hackers used signed Windows driver in attacks on banks. (to the original material)

- Slack's private GitHub code repositories stolen over holidays. (to the original material)

- CircleCI warns of security breach - rotate your secrets! (to the original material)

- How ChatGPT could become a hacker's friend. (to the original material)

04.01.2023 - News from cyber security.

- Fortinet Releases Security Updates for FortiADC. (to the original material)

- Vulnerability Summary for the Week of December 26, 2022. (to the original material)

- The doctor will see you now … virtually: Tips for a safe telehealth visit. (to the original material)

- The Technology Letter: Check Point CEO Shwed: You don’t pick your battles, they pick you. (to the original material)

- Secured.22: Understanding and recovering from credential and data theft. (to the original material)

- LABScon Replay | InkySquid: The Missing Arsenal. (to the original material)

- Top of Mind Cyber Solutions to Consider in 2023. (to the original material)

- Attackers use stolen banking data as phishing lure to deploy BitRAT. (to the original material)

- Attackers evolve strategies to outmaneuver security teams. (to the original material)

- Critical flaws found in Ferrari, Mercedes, BMW, Porsche, and other car makers. (to the original material)

- Database of the Cricketsocial.com platform left open online. (to the original material)

- Fortinet fixed multiple command injection bugs in FortiADC and FortiTester. (to the original material)

- New shc Linux Malware used to deploy CoinMiner. (to the original material)

- US. rail and locomotive company Wabtec hit with Lockbit ransomware. (to the original material)

- Leaked Emails of 200M Twitter Users Now Available for Free. (to the original material)

- Cyberattack on Records Vendor Affects Scores of US Counties. (to the original material)

- CEO Matthew Prince on Why Cloudflare Got Into Email Security. (to the original material)

- Irish Privacy Watchdog Fines Meta 390 Million Euros for Ads. (to the original material)

- Wabtec Discloses Data Breach; LockBit Claims Responsibility. (to the original material)

- Optimal Strategies for Building Better Collective Defenses. (to the original material)

- Guardian Newspaper Offices Still Empty After December Attack. (to the original material)

- US Attorney's Office Task Force to Trace Missing FTX Funds. (to the original material)

- Rackspace Blames Zero-Day Exploit for Ransomware Hit Success. (to the original material)

- Exclusive: FDA Leader on Impact of New Medical Device Law. (to the original material)

- Wabtec breach linked to LockBit ransomware group. (to the original material)

- Life Hope Labs pays OCR $16K for HIPAA right of access violation. (to the original material)

- Lessons on cloud security from the ‘Twitter Whistleblower’. (to the original material)

- Attackers evolve strategies to outmaneuver security teams. (to the original material)

- New SHC-compiled Linux malware installs cryptominers, DDoS bots. (to the original material)

- Rackspace confirms Play ransomware was behind recent cyberattack. (to the original material)

- 200 million Twitter users' email addresses allegedly leaked online. (to the original material)

- Zoho urges admins to patch severe ManageEngine bug immediately. (to the original material)

- Hackers abuse Windows error reporting tool to deploy malware. (to the original material)

- Toyota, Mercedes, BMW API flaws exposed owners’ personal info. (to the original material)

- Meta to fight €390 million fine for breaching EU data privacy laws. (to the original material)

- 14 Cybersecurity Best Practices to Instill In Your End-Users. (to the original material)

03.01.2023 - News from cyber security.

- Gaming and Holiday Gifting: How to Manage Security Risks Associated with Gaming Devices and Online Games. (to the original material)

- Gaming: How much is too much for our children? (to the original material)

- Proposed SEC cybersecurity rules loom large. (to the original material)

- What Are Cookies? A Short Guide to Managing Your Online Privacy. (to the original material)

- PyTorch suffers supply chain attack via dependency confusion. (to the original material)

- Kali Linux: What’s next for the popular pentesting distro? (to the original material)

- Security teams expect breach and incident reporting requirements to create more work. (to the original material)

- Synology fixes multiple critical vulnerabilities in its routers. (to the original material)

- Canadian Copper Mountain Mining Corporation (CMMC) shut down the mill after a ransomware attack. (to the original material)

- BitRAT campaign relies on stolen sensitive bank data as a lure. (to the original material)

- Does Volvo Cars suffer a new data breach? (to the original material)

- Ransomware attacks hit 105 US local governments in 2022. (to the original material)

- BlackCat Spoofs Victim Website to Leak Stolen Data. (to the original material)

- Regulators Warn Banks of Digital Asset Risks. (to the original material)

- Senior Healthcare Firm Pays Breach Settlement to States. (to the original material)

- Sam Bankman-Fried Pleads 'Not Guilty' in Criminal Case. (to the original material)

- Toronto Hospital Gauges Whether to Use LockBit Decryptor. (to the original material)

- Poland Sounds Alarm on Russian Hacking. (to the original material)

- Data Management in Multi-Cloud Environments. (to the original material)

- A Few Cybersecurity Stocks Soared in 2022, But Most Stumbled. (to the original material)

- Top challenges for cloud security in 2023: managing growing cyberattacks, delivering visibility, and consolidating tool sprawl. (to the original material)

- Security robots market set to more than quadruple by 2030. (to the original material)

- Introducing ‘Cyber for Hire,’ a podcast that plays marriage counselor between MSSPs and clients. (to the original material)

- Making it easier to deploy zero-trust for operational technology systems. (to the original material)

- Kali Linux: What’s next for the popular pentesting distro? (to the original material)

- Security teams expect breach and incident reporting requirements to create more work. (to the original material)

- Ongoing Flipper Zero phishing attacks target infosec community. (to the original material)

- Over 60,000 Exchange servers vulnerable to ProxyNotShell attacks. (to the original material)

- Rail giant Wabtec discloses data breach after Lockbit ransomware attack. (to the original material)

- Poland warns of attacks by Russia-linked Ghostwriter hacking group. (to the original material)

- BitRAT malware campaign uses stolen bank data for phishing. (to the original material)

- Royal ransomware claims attack on Queensland University of Technology. (to the original material)

- Synology fixes maximum severity vulnerability in VPN routers. (to the original material)

02.01.2023 - News from cyber security.

- The world’s most common passwords: What to do if yours is on the list. (to the original material)

- 2nd January – Threat intelligence report. (to the original material)

- Ransomware ecosystem becoming more diverse for 2023. (to the original material)

- Data Sanctuary for Abortion and Trans Health Care: 2022 in Review. (to the original material)

- A Year in Internet Surveillance and Resilience: 2022 in Review. (to the original material)

- Global Cybercrime and Government Access to User Data Across Borders: 2022 in Review. (to the original material)

- The EU Wants 5G Phones on Airplanes - Will the US Follow Suit? (to the original material)

- Attackers never let a critical vulnerability go to waste. (to the original material)

- SecurityAffairs Top 10 cybersecurity posts of 2022. (to the original material)

- PyTorch compromised to demonstrate dependency confusion attack on Python environments. (to the original material)

- Pro-Russia cyberattacks aim at destabilizing Poland, security agency warns. (to the original material)

- Google will pay $29.5M to settle two lawsuits over its location tracking practices. (to the original material)

- Malaysian Agencies Investigate Alleged Breach Affecting 13M. (to the original material)

- Flaws in Citrix Servers; Netgear Issues Critical Advisory. (to the original material)

- Why a 'Paradigm Shift' is Required in the SOC (Security Operations Center). (to the original material)

- Approaching Security with a 'Business Enablement' Objective. (to the original material)

- Why Do Ransomware Victims Pay for Data Deletion Guarantees? (to the original material)

- Attackers never let a critical vulnerability go to waste. (to the original material)

- Ransomware impacts over 200 govt, edu, healthcare orgs in 2022. (to the original material)

- BleepingComputer's most popular cybersecurity stories of 2022. (to the original material)

01.01.2023 - News from cyber security.

- Fighting for the Digital Future of Books: 2022 in Review. (to the original material)

- Seeing Patent Trolls Clearly: 2022 in Review. (to the original material)

- Lockbit apologized for the attack on the SickKids pediatric hospital and releases a free decryptor. (to the original material)

- Security Affairs newsletter Round 400 by Pierluigi Paganini. (to the original material)

- Ransomware gang cloned victim’s website to leak stolen data. (to the original material)

- Ransomware gang apologizes, gives SickKids hospital free decryptor. (to the original material)

- PyTorch discloses malicious dependency chain compromise over holidays. (to the original material)


Archive:

Click here to access archive content.
Click here to access CMS (Content Management System) in Joomla.

Source:

Click here to access to documentation sources.

Note Dorin M.

This site has a double form, one in HTML and one in Joomla (if you are interested in the utility behind this effort you can read the "Why  a HTML and a CMS (Joomla)" page).
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.

Dorin M - January 31, 2022