- Details
- Written by: Merticaru Dorin Nicolae
- Category: Cyber Security News
- Hits: 86
- The Irish DPC fined WhatsApp €5.5M for violating GDPR. (to the original material)
- Around 19,500 end-of-life Cisco routers are exposed to hack. (to the original material)
- Chinese Group Targeting Vulnerable Cloud Providers, Apps. (to the original material)
- Riot Games hacked, delays game patches after security breach. (to the original material)
- Hackers now use Microsoft OneNote attachments to spread malware. (to the original material)
- Massive ad-fraud op dismantled after hitting millions of iOS devices. (to the original material)
- Details
- Written by: Merticaru Dorin Nicolae
- Category: Cyber Security News
- Hits: 82
- The National Cyber Security Directorate (DNSC) and the European Commission signed the financing contract for the 'Romanian Cyber Care Health' project. (to the original material)
- Drupal Releases Security Advisories to Address Multiple Vulnerabilities. (to the original material)
- Cisco Releases Security Advisory for Unified CM and Unified CM SME. (to the original material)
- Ransomware payments down 40% in 2022 – Week in security with Tony Anscombe. (to the original material)
- T-Mobile suffered a new data breach, 37 million accounts have been compromised. (to the original material)
- PayPal notifies 34942 users of data breach over credential stuffing attack. (to the original material)
- Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October. (to the original material)
- Cisco fixes SQL Injection flaw in Unified CM. (to the original material)
- Moving Target Defense - how a military strategy translates to the cybersecurity world [Q&A]. (to the original material)
- For Would-Be Censors and the Thin-Skinned, Copyright Law Offers Powerful Tools. (to the original material)
- Right to Repair Advocates Have Had Good Victories. We Have To Keep Fighting. (to the original material)
- Threat Round up for January 13 to January 20. (to the original material)
- Meta’s Lawsuit Against NSO Goes Forward – The Fight Against NSO Spyware Gains Strength. (to the original material)
- How a cloud center of excellence can bring order to the cloud. (to the original material)
- Credential stuffing attack compromises 35K PayPal accounts. (to the original material)
- Ransomware attack hits Yum Brands. (to the original material)
- Zoho ManageEngine flaw under active exploitation. (to the original material)
- Compromised API-related breaches on the rise. (to the original material)
- Novel Hook Android malware emerges. (to the original material)
- Updated Roaming Mantis malware involves DNS changer. (to the original material)
- Third-party risks: What organizations face. (to the original material)
- Buying SASE: Questions to ask vendors before you commit. (to the original material)
- WhatsApp Hit with €5.5m fine for GDPR Violations. (to the original material)
- "Workarounds" Helped Royal Mail Resume Shipping After Ransomware Attack. (to the original material)
- Phishers Use Blank Images to Disguise Malicious Attachments. (to the original material)
- API Attacker Steals Data on 37 Million T-Mobile Customers. (to the original material)
- Massive Credential Stuffing Campaign Hits 35,000 PayPal Users. (to the original material)
- ISMG Editors: Why Is LockBit Ransomware Group So Prolific? (to the original material)
- Fortinet VPN Flaw Shows Pitfalls of Security Appliances. (to the original material)
- Hostile Takeover: Kraken Hacks Rival Darknet Market Solaris. (to the original material)
- eSentire CEO Kerry Bailey on Using XDR to Cut Business Risk. (to the original material)
- FAA Says No Evidence of Cyberattack in NOTAM Outage. (to the original material)
- The Persisting Risks Posed by Legacy Medical Devices. (to the original material)
- Securing the SaaS Layer. (to the original material)
- New infosec products of the week: January 20, 2023. (to the original material)
- Enterprises remain vulnerable through compromised API secrets. (to the original material)
- The Week in Ransomware - January 20th 2023 - Targeting Crypto Exchanges. (to the original material)
- Over 19,000 end-of-life Cisco routers exposed to RCE attacks. (to the original material)
- Exploits released for two Samsung Galaxy App Store vulnerabilities. (to the original material)
- Critical ManageEngine RCE bug now exploited to open reverse shells. (to the original material)
- LAUSD says Vice Society ransomware gang stole contractors’ SSNs (Social Security Numbers). (to the original material)
- New Boldmove Linux malware used to backdoor Fortinet devices. (to the original material)
- Details
- Written by: Merticaru Dorin Nicolae
- Category: Cyber Security News
- Hits: 81
- Cybersecurity news of the week (19.01.2023). (to the original material)
- Cybersecurity Awareness Raising: Peek Into the ENISA-Do-It-Yourself Toolbox. (to the original material)
- CISA Releases One Industrial Control Systems Advisory. (to the original material)
- How to set up parental controls on your child's new smartphone. (to the original material)
- Tech support scammers are still at it: Here’s what to look out for in 2023. (to the original material)
- Experts released PoC exploit for critical Zoho ManageEngine RCE flaw. (to the original material)
- Critical Microsoft Azure RCE flaw impacted multiple services. (to the original material)
- Mailchimp discloses a new security breach, the second one in 6 months. (to the original material)
- US CISA adds Centos Web Panel RCE CVE-2022-44877 to its Known Exploited Vulnerabilities Catalog. (to the original material)
- Five security trends to look out for in 2023. (to the original material)
- Vulnerable WordPress Sites Compromised with Different Database Infections. (to the original material)
- New Linux malware up 50 percent in 2022. (to the original material)
- New marketplace offers downloadable threat models for free. (to the original material)
- Telegram – “secret”? Yeah, right. (to th original material)
- Fair Use Creep Is A Feature, Not a Bug. (to the original material)
- Have You Tried Turning It Off and On Again: Rethinking Tech Regulation and Creative Labor. (to the original material)
- EFF Warns Supreme Court That Users’ Speech is at Stake When Increasing Platforms’ Liability. (to the original material)
- Threat Source newsletter (Jan. 19, 2023): Talent retention and institutional knowledge. (to the original material)
- Vulnerability Spotlight: XSS vulnerability in Ghost CMS. (to the original material)
- Adopt a ‘GDPR Everywhere’ strategy. (to the original material)
- Magento vulnerability patch evaded by vendors. (to the original material)
- Netcomm, TP-Link routers impacted by critical bugs. (to the original material)
- ICS espionage, disruption likely with GE Proficy Historian flaws. (to the original material)
- Solaris darknet market hacked. (to the original material)
- Data breach impacts Mailchimp. (to the original material)
- Ukrainian news agency ransomware attack tied to Sandworm operation. (to the original material)
- Roaming Mantis' Hacking Campaign Adds DNS Changer to Mobile App. (to the original material)
- ThreatModeler Makes DevSecOps More Accessible With New Marketplace. (to the original material)
- Mailchimp Hit By Another Data Breach Following Employee Hack. (to the original material)
- Ransomware Payments Fall by 40% in 2022. (to the original material)
- Over a Third of Recent ICS Bugs Still Have No Vendor Patch. (to the original material)
- FTX: Over $400m Stolen from Bankrupt Exchange. (to the original material)
- Crypto-Exchange Used to Launder Ransomware Transactions Dismantled. (to the original material)
- Hundreds of Malicious Packages Found in npm Registry. (to the original material)
- T-Mobile Says Hackers Stole Data of 37 Million Customers. (to the original material)
- BitKeep to Reimburse Hacking Victims by March. (to the original material)
- VA Hospital 'High-Risk' Vulnerability Unaddressed for Years. (to the original material)
- BlueVoyant CEO on How to Remediate Supply Chain Defense Bugs. (to the original material)
- Managing the Risk of Ransomware in the Digital Supply Chain. (to the original material)
- Chinese APT Targets Iranian Government Organizations. (to the original material)
- PayPal Accounts Succumb to Credential Stuffing Attack. (to the original material)
- Lessons to Learn From CircleCI's Breach Investigation. (to the original material)
- Victims' Known Ransom Payments to Ransomware Groups Decline. (to the original material)
- Critical RCE vulnerabilities found in git (CVE-2022-41903, CVE-2022-23251). (to the original material)
- Cyber insurance can offset the risks of potential breaches. (to the original material)
- EU cyber resilience regulation could translate into millions in fines. (to the original material)
- New 'Hook' Android malware lets hackers remotely control your phone. (to the original material)
- T-Mobile hacked to steal data of 37 million accounts in API data breach. (to the original material)
- Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner. (to the original material)
- Roaming Mantis’ Android malware adds DNS changer to hack WiFi routers. (to the original material)
- Exploit released for critical ManageEngine RCE bug, patch now. (to the original material)
- PayPal accounts breached in large-scale credential stuffing attack. (to the original material)
- New 'Blank Image' attack hides phishing scripts in SVG files. (to the original material)
- Ransomware profits drop 40% in 2022 as victims refuse to pay. (to the original material)
- Details
- Written by: Merticaru Dorin Nicolae
- Category: Cyber Security News
- Hits: 72
- Mozilla Releases Security Updates for Firefox. (to the original material)
- Two critical flaws discovered in Git source code version control system. (to the original material)
- A couple of bugs can be chained to hack Netcomm routers. (to the original material)
- Myrocket HR platform’s data leak turns into privacy nightmare for employees. (to the original material)
- Experts found SSRF flaws in four different Microsoft Azure services. (to the original material)
- GPT to drive next wave of AI phishing attacks. (to the original material)
- New solution secures encrypted data for a post-quantum world. (to the original material)
- Open Data and the AI Black Box. (to the original material)
- Four ways to level-up a company’s security awareness. (to the original material)
- Thousands of Sophos Firewall devices at risk of RCE attacks. (to the original material)
- GitHub Codespaces exploitable for malware delivery. (to the original material)
- Microsoft 365 security bypassed by DHL-spoofing phishing attack. (to the original material)
- Nearly 1,000 shipping vessels impacted by DNV ransomware attack. (to the original material)
- Third-party breach hits Nissan North America. (to the original material)
- Sharp decline in compromised payment records for sale reported. (to the original material)
- Children’s privacy-related bills mulled by state lawmakers. (to the original material)
- Period tracking apps’ adherence to privacy laws sought by new Washington state legislation. (to th original material)
- National Digital Reserve Corps sought by new legislation. (to the original material)
- Stealthy malware distribution involves polyglot files. (to the original material)
- AI to be increasingly used for more sophisticated deep fakes. (to the original material)
- Cybersecurity concerns of 5G expansion emphasized by FCC Chair. (to the original material)
- Congress urged to renew intelligence authorities. (to the original material)
- Chinese APT Group Vixen Panda Targets Iranian Government Entities. (to the original material)
- Over Four Billion People Affected By Internet Censorship in 2022. (to the original material)
- 1000 Shipping Vessels Impacted by Ransomware Attack. (to the original material)
- ChatGPT Creates Polymorphic Malware. (to the original material)
- #WEF23: Geopolitical Instability Means a Cyber "Catastrophe" is Imminent. (to the original material)
- Almost Half of Critical Manufacturing at Risk of Breach. (to the original material)
- Nissan Supplier Leaked Data on Thousands of Customers. (to the original material)
- FinServ Firms See 81% Surge in Attacks Since Russia-Ukraine War. (to the original material)
- European Businesses Admit Major Privacy Skills Gap. (to the original material)
- Ransomware Remains Top Cyberthreat, Former NCSC Chief Says. (to the original material)
- Ukraine: Russians Aim to Destroy Information Infrastructure. (to the original material)
- Health Entities Should Vet Risks of ChatGPT Use. (to the original material)
- Crypto Exchange Founder Charged With Enabling Illegal Funds. (to the original material)
- Ransomware Picture: Volume of Known Attacks Remains Constant. (to the original material)
- Sophos to Lay Off 10% of Workers Amid Shift to MDR Services. (to the original material)
- Jeremy Grant: Why the US Government Embraced FIDO (Fast IDentity Online) Standards. (to the original material)
- Vulnerable NetComm routers and a public PoC exploit (CVE-2022-4873, CVE-2022-4874). (to the original material)
- Global instability increases cyber risk, says World Economic Forum. (to the original material)
- Google ads increasingly pointing to malware. (to the original material)
- How data protection is evolving in a digital world. (to the original material)
- MailChimp discloses new breach after employees got hacked. (to the original material)
- Ukraine links data-wiping attack on news agency to Russian hackers. (to the original material)
- Illegal Solaris darknet market hijacked by competitor Kraken. (to the original material)
- Bitzlato crypto exchange seized for ransomware, drugs money laundering. (to the original material)
- New York man defrauded thousands using credit cards sold on dark web. (to the original material)
- Product Security Incident Response: Key Strategies and Best Practices. (to the original material)
- Details
- Written by: Merticaru Dorin Nicolae
- Category: Cyber Security News
- Hits: 80
- CISA Adds One Known Exploited Vulnerability to Catalog. (to the original material)
- CISA Updates Best Practices for Mapping to MITRE ATT&CK®. (to the original material)
- CISA Releases Four Industrial Control Systems Advisories. (to the original material)
- Vulnerability Summary for the Week of January 9, 2023. (to the original material)
- The doctor is waiting for you in his office … online: tips for using telemedicine services safely. (to the original material)
- Top 10 Venmo scams: Don’t fall for these common tricks. (to the original material)
- 1,000 ships impacted by a ransomware attack on maritime software supplier DNV. (to the original material)
- How to abuse GitHub Codespaces to deliver malicious content. (to the original material)
- Patch your Zoho ManageEngine instance immediately! PoC Exploit for CVE-2022-47966 will be released soon. (to the original material)
- Fortinet observed three rogue PyPI packages spreading malware. (to the original material)
- Managing Asset Risks During Healthcare M&As. (to the original material)
- Is WordPress Secure? (to the original material)
- Digital Rights Updates with EFFector 35.1. (to the original material)
- Calling all cyber companies: SC Awards entry period is open. (to the original material)
- Why a hybrid approach can help mitigate DDoS attacks. (to the original material)
- GhostSec’s claimed ICS ransomware attack questioned. (to the original material)
- Cyberattack against German university claimed by Vice Society. (to the original material)
- Lazarus moves nearly $64M in stolen funds from Harmony hack. (to the original material)
- More PyPI packages distribute infostealers. (to the original material)
- Novel Hive malware kit-based backdoor emerges. (to the original material)
- Medibank sought to provide compensation for data breach. (to the original material)
- Europol cracks down crypto call center fraud. (to the original material)
- Facility control systems prioritized in new ‘Hack the Pentagon’ program installment. (to the original material)
- CISA: Several ICS products impacted by critical flaws. (to the original material)
- ‘Spray and pray’ attacks likely with Zoho ManageEngine RCE bug. (to the original material)
- Russian mobilization concerns exploited in new phishing campaign. (to the original material)
- ODIN Intelligence website hacked. (to the original material)
- Cyberattack compromises largest Canadian alcohol retailer’s site. (to the original material)
- EyeSpy spyware distributed via malicious VPN installers. (to the original material)
- Critical Cacti vulnerability leveraged for malware deployment. (to the original material)
- Attempted exploitation of critical Control Web Panel bug underway. (to the original material)
- Voyager Labs sued by Meta for user data scraping, fake accounts. (to the original material)
- Ukrainian, NATO country entities targeted by pro-Russian DDoS attacks. (to the original material)
- Data breach impacts NortonLifeLock. (to the original material)
- Exchange servers targeted by Cuba ransomware with OWASSRF vulnerability. (to the original material)
- Patched Fortinet SSL-VPN flaw leveraged to compromise government networks. (to the original material)
- New IcedID malware attack targeted at Active Directory domain. (to the original material)
- Royal Mail compromised by LockBit ransomware gang. (to the original material)
- Record high illicit cryptocurrency volumes reported in 2022. (to the original material)
- Threema’s downplayed reaction to security analysis criticized. (to the original material)
- Multiple flaws discovered in Siemens PLCs. (to the original material)
- Report: SSE with public cloud preferred by most companies. (to the original material)
- New Intel solution to provide confidential computing for virtual machines. (to the original material)
- Security risks of ChatGPT and other AI text generators. (to the original material)
- Vice Society Claims Ransomware Attack Against University of Duisburg-Essen. (to the original material)
- Researchers Warn Against Zoho ManageEngine Exploit Attacks. (to the original material)
- Three-Quarters of UK Schools Have Experienced a Cyber Incident. (to the original material)
- Earth Bogle Group Targets Middle East With NjRAT, Geopolitical Lures. (to the original material)
- Russia's Ukraine War Drives 62% Slump in Stolen Cards. (to the original material)
- GDPR Fines Surge 168% in a Year. (to the original material)
- Initial Access Broker Activity Doubles in a Year. (to the original material)
- 'Hack the Pentagon' Hackers Will Literally Hack the Pentagon. (to the original material)
- BlackCat, Royal Among Most Worrisome Threats to Healthcare. (to the original material)
- Privacy Fines: GDPR Sanctions Last Year Surged to $3 Billion. (to the original material)
- Australian Law Firms Cooperate in Medibank Litigation. (to the original material)
- Microsoft Exec on Why FIDO Authentication Beats Certificates. (to the original material)
- LockBit Ransomware Group's Big Liability: 'Ego-Driven CEO'. (to the original material)
- How Cyberattacks Affect CISOs. (to the original material)
- PoC for critical ManageEngine bug to be released, so get patching! (CVE-2022-47966). (to the original material)
- Training, endpoint management reduce remote working cybersecurity risks. (to the original material)
- Git patches two critical remote code execution security flaws. (to the original material)
- Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner. (to the original material)
- Hackers can use GitHub Codespaces to host and deliver malware. (to the original material)
- Over 4,000 Sophos Firewall devices vulnerable to RCE attacks. (to the original material)
- IT Burnout may be Putting Your Organization at Risk. (to the original material)
- Nissan North America data breach caused by vendor-exposed database. (to the original material)
