
- Details
- Written by: Merticaru Dorin Nicolae
- Category: Cyber Security News
- Hits: 94
- Cybersecurity news of the week (22.12.2022). (to the original material)
- Tips on data security during the winter holidays. (to the original material)
- CISA Releases Four Industrial Control Systems Advisories. (to the original material)
- Every Supporter Counts in EFF's Year-End Challenge. (to the original material)
- Daycare and Early Childhood Education Apps: 2022 in Review. (to the original material)
- A Roller Coaster for Decentralization: 2022 in Review. (to the original material)
- 2022 Year in Review. (to the original material)
- Employee apathy towards digital security advice is real: how it manifests itself and how to overcome it. (to the original material)
- Vulnerability Spotlight: OpenImageIO file processing issues could lead to arbitrary code execution, sensitive information leak and denial of service. (to the original material)
- WP-CLI: How to Backup WordPress. (to the original material)
- Trying to Steal Christmas (Again!). (to the original material)
- Ransomware Roundup – Play Ransomware. (to the original material)
- Vice Society ransomware gang is using a custom locker. (to the original material)
- A new Zerobot variant spreads by exploiting Apache flaws. (to the original material)
- North Korea-linked hackers stole $626 million in virtual assets in 2022. (to the original material)
- FBI: Cyber-Criminals Are Purchasing Search Engine Ad Services to Launch Attacks. (to the original material)
- France Fines Microsoft $64m for Imposing Ad Cookies to its Bing Users. (to the original material)
- FCC Proposes Massive $300m Fine for Robocall Firm. (to the original material)
- UK Government: Sharing Some Passwords is Illegal. (to the original material)
- Ransomware Attack Hits The Guardian Newspaper. (to the original material)
- Researchers Develop AI-powered Malware Classification for 5G-enabled IIoT. (to the original material)
- Apple censored apps in Hong Kong and Russia in the name of profit, rights group says. (to the original material)
- Inside FIN7 gang: death threats and Colonial Pipeline links. (to the original material)
- Reaching for the sky: FCC proposes record $300m fine against robocall campaign. (to the original material)
- Okta acknowledges breach of company’s code repositories. (to the original material)
- FIN7 Cybercrime Syndicate Emerges as a Major Player in Ransomware Landscape. (to the original material)
- The Era of Cyber Threat Intelligence Sharing. (to the original material)
- Critical Security Flaw Reported in Passwordstate Enterprise Password Manager. (to the original material)
- Two New Security Flaws Reported in Ghost CMS Blogging Software. (to the original material)
- Microsoft says Zerobot can now exploit vulnerabilities in Apache and Apache Spark. (to the original material)
- Latest breach of Okta’s GitHub repositories raises concerns about broader supply chain attack. (to the original material)
- How to improve workload security. (to the original material)
- Messaging tools are more popular, but email won‘t go away anytime soon. (to the original material)
- Judge Denies Motion to Stop Health Data Scraping by Meta. (to the original material)
- France Fines Microsoft Ireland 60M Euros Over Bing Cookies. (to the original material)
- Redefining Cloud Email Security to Protect Against All Attack Types. (to the original material)
- OneTrust CEO on Regulatory, Automation Issues and Privacy. (to the original material)
- Okta's GitHub Repository Hacked; Code Stolen, Customers Safe. (to the original material)
- UK Moves to 'Name and Shame' Firms for Complaints, Breaches. (to the original material)
- FTX Probe: Founder Extradited; 2 Executives Plead Guilty. (to the original material)
- Guardian Ransomware Attack May Presage Holiday Blitzkrieg. (to the original material)
- Medical Device Security Provision Now Part of Spending Bill. (to the original material)
- The Core of the Problem With OT Control System Security. (to the original material)
- Ransomware Experts Agree: Don't Buy Data Deletion Promises. (to the original material)
- Leading sports betting firm BetMGM discloses data breach. (to the original material)
- Lastpass: Hackers stole customer vault data in cloud storage breach. (to the original material)
- DuckDuckGo now blocks Google sign-in pop-ups on all sites. (to the original material)
- Comcast Xfinity accounts hacked in widespread 2FA bypass attacks. (to the original material)
- Vice Society ransomware gang switches to new custom encryptor. (to the original material)
- Brave launches FrodoPIR, a privacy-focused database query system. (to the original material)
- FIN7 hackers create auto-attack platform to breach Exchange servers. (to the original material)
- Dealing with cloud security shortfalls. (to the original material)

- Details
- Written by: Merticaru Dorin Nicolae
- Category: Cyber Security News
- Hits: 105
- Press release: #SafeOnline: Children and young people learned how to protect themselves from online threats at the "Santa's Day at the Senate" event. (to the original material)
- California Courts Must Protect Data Privacy. (to the original material)
- ‘Tis the season for gaming: Keeping children safe (and parents sane). (to the original material)
- Vulnerability Spotlight: Authentication bypass and enumeration vulnerabilities in Ghost CMS. (to the original material)
- The Taxman Never Sleeps. (to the original material)
- Play ransomware attacks use a new exploit to bypass ProxyNotShell mitigations on Exchange servers. (to the original material)
- Okta revealed that its private GitHub repositories were hacked this month. (to the original material)
- Shoemaker Ecco leaks over 60GB of sensitive data for 500+ days. (to the original material)
- German industrial giant ThyssenKrupp targeted in a new cyberattack. (to the original material)
- Cyber-Incident Causes System Failures at Canadian Children's Hospital. (to the original material)
- US Most Impacted by Data Breaches in the Financial Industry in 2022. (to the original material)
- UK Security Agency Wants Fresh Approach to Combat Phishing. (to the original material)
- Adult Google Ad Fraud Campaign Garnered Millions of Impressions. (to the original material)
- Godfather Trojan Targets 400 Financial Services Firms. (to the original material)
- Two Americans sentenced over mail fraud related to Ponzi scheme. (to the original material)
- Critical Hikvision bug allowed remote CCTV hacking. (to the original material)
- Guardian newspaper hit by suspected ransomware attack. (to the original material)
- Musk will quit as Twitter CEO when replacement is found. (to the original material)
- Two charged over digital queue-jumping scam at JFK airport. (to the original material)
- German industrial giant ThyssenKrupp under a cyberattack. (to the original material)
- Largest internet outages of 2022 affected millions of users. (to the original material)
- Western banks whacked by Russian-friendly Trojan, study finds. (to the original material)
- The Rise of the Rookie Hacker - A New Trend to Reckon With. (to the original material)
- Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations. (to the original material)
- Godfather uses ‘web fakes’ to serve-up a ‘banking trojan that’s impossible to refuse’. (to the original material)
- Application and cloud security to converge in 2023. (to the original material)
- Three best practices for AI/ML (Artificial Intelligence (AI) and Machine Learning (ML)) security. (to the original material)
- Zelenskyy Makes Case for Ukraine Support in Washington Trip. (to the original material)
- Godfather Android Banking Trojan Steals Through Mimicry. (to the original material)
- White House Cyber Director Chris Inglis to Step Down. (to the original material)
- Ukraine Takes Down Domestic Pro-Kremlin Bot Farms. (to the original material)
- Acronis CEO on Why Service Providers Must Host Data Locally. (to the original material)
- Advance Your Security Awareness Training Program: 2022 Research Results. (to the original material)
- Paging Hollywood: Hackers Allegedly Hit JFK Airport … Taxis. (to the original material)
- Managing the Evolving Cyber Risk Posed by Third Parties. (to the original material)
- Corsair keyboard bug makes it type on its own, no malware involved. (to the original material)
- Zerobot malware now spreads by exploiting Apache vulnerabilities. (to the original material)
- Russians hacked JFK airport’s taxi dispatch system for profit. (to the original material)
- FBI warns of search engine ads pushing malware, phishing. (to the original material)
- GodFather Android malware targets 400 banks, crypto exchanges. (to the original material)
- Okta's source code stolen after GitHub repositories hacked. (to the original material)
- New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080). (to the original material)
- CISO roles continue to expand beyond technical expertise. (to the original material)

- Details
- Written by: Merticaru Dorin Nicolae
- Category: Cyber Security News
- Hits: 106
- UK Privacy Regulator Names and Shames Breached Firms. (to the original material)
- Ukraine's Delta Military Intel System Hit by Attacks. (to the original material)
- UAC-0142 APT targets Ukraine’s Delta military intelligence program. (to the original material)
- Russia-linked Gamaredon APT targeted a petroleum refining company in a NATO nation in August. (to the original material)
- Microsoft shares details for a Gatekeeper Bypass bug in Apple macOS. (to the original material)
- Malicious PyPI package posed as SentinelOne SDK to serve info-stealing malware. (to the original material)
- Here's How Apple Could Open Its App Store Without Really Opening Its App Store. (to the original material)
- User Generated Content and the Fediverse: A Legal Primer. (to the original material)
- VICTORY! There Is No Link Tax in the End-of-Year Bills. (to the original material)
- We Need to Talk About Infrastructure. (to the original material)
- VIP impersonation attack on a Microsoft Office 365 environment targets 100,000 mailboxes. (to the original material)
- Threat actors find way to abuse the AWS Elastic IP Transfer feature. (to the original material)
- Four principles employers can follow while monitoring employees. (to the original material)
- EU-US Data Privacy Framework in Activist's Crosshairs. (to the original material)
- Sysdig CEO on How Open Source Fuels Cloud, Container Defense. (to the original material)
- Russian Hackers Targeted Oil Refinery Firm in NATO Country. (to the original material)
- Risk-Based Security: What to Look for in an MDR Provider. (to the original material)
- The Troublemaker CISO: Laziness, Failure, Great Expectations. (to the original material)
- What Brands Get Wrong About Customer Authentication. (to the original material)
- Hack on a Services Firm's Vendor Affects 271,000 Patients. (to the original material)
- Protecting Your Brand With Public Web Data Scraping. (to the original material)
- Companies overwhelmed by available tech solutions. (to the original material)
- Connected homes are expanding, so is attack volume. (to the original material)
- Ransomware gang uses new Microsoft Exchange exploit to breach servers. (to the original material)
- VirusTotal cheat sheet makes it easy to search for specific results. (to the original material)
- Microsoft will turn off Exchange Online basic auth in January. (to the original material)
- Google Ad fraud campaign used adult content to make millions. (to the original material)
- Hackers bombard PyPi platform with information-stealing malware. (to the original material)
- Raspberry Robin worm drops fake malware to confuse researchers. (to the original material)

- Details
- Written by: Merticaru Dorin Nicolae
- Category: Cyber Security News
- Hits: 107
- Vulnerability Summary for the Week of December 12, 2022. (to the original material)
- OPWNAI: AI that can save the day or hack it away. (to the original material)
- 19th December – Threat intelligence report. (to the original material)
- How to set up parental controls on your child’s new smartphone. (to the original material)
- Ransomware Groups to Increase Zero-Day Exploit-Based Access Methods in the Future. (to the original material)
- Meta Takes Down Over 200 Covert Influence Operations Since 2017. (to the original material)
- Mobile App Users at Risk as API Keys of Email Marketing Services Exposed. (to the original material)
- NIST to Scrap SHA-1 Algorithm by 2030. (to the original material)
- API Vulnerabilities Discovered in LEGO Marketplace. (to the original material)
- Old vulnerabilities in Cisco products actively exploited in the wild. (to the original material)
- Experts spotted a variant of the Agenda Ransomware written in Rust. (to the original material)
- US Gov warns of BEC attacks to hijack shipments of food products. (to the original material)
- Glupteba botnet is back after Google disrupted it in December 2021. (to the original material)
- EFF Receives $250k Grant from Craig Newmark Philanthropies. (to the original material)
- No Nudity Allowed: Censoring Naked Yoga. (to the original material)
- Zscaler becomes a member of the Joint Cyber Defense Collaborative. (to the original material)
- Average cost of a data breach expected to hit $5 million in 2023. (to the original material)
- How to strengthen your multi-cloud security posture. (to the original material)
- Four critical steps for CI/CD (continuous integration/continuous delivery) security. (to the original material)
- Microsoft Vulnerability Upgraded to Critical Due to RCE Risk. (to the original material)
- Phishing Targets Ukrainian Battlefield Awareness Tool Users. (to the original material)
- Chinese Hackers Exploit Citrix Vulnerabilities. (to the original material)
- Healthcare: Essential Defenses for Combating Ransomware. (to the original material)
- Opswat CEO on the Malware Crippling Critical Infrastructure. (to the original material)
- Dave Merkel on Why MDR Firm Expel Sought More Money in 2022. (to the original material)
- UID (User ID) smuggling: A new technique for tracking users online. (to the original material)
- Open source vulnerabilities add to security debt. (to the original material)
- 85% of attacks now use encrypted channels. (to the original material)
- 5 cybersecurity trends accelerating in 2023. (to the original material)
- Play ransomware claims attack on German hotel chain H-Hotels. (to the original material)
- Microsoft finds macOS bug that lets malware bypass security checks. (to the original material)
- DraftKings warns data of 67K people was exposed in account hacks. (to the original material)
- Ukraine's DELTA military system users targeted by info-stealing malware. (to the original material)
- Malicious ‘SentinelOne’ PyPI package steals data from developers. (to the original material)
- Epic Games to pay $520 million for privacy violations, dark patterns. (to the original material)

- Details
- Written by: Merticaru Dorin Nicolae
- Category: Cyber Security News
- Hits: 113
- Security Affairs newsletter Round 398 by Pierluigi Paganini. (to the original material)
- Google announced end-to-end encryption for Gmail web. (to the original material)
- Fire and rescue service in Victoria, Australia, confirms cyber attack. (to the original material)
- Week in review: Citrix and Fortinet RCEs, Microsoft fixes exploited zero-day. (to the original material)
- Restaurant CRM platform ‘SevenRooms’ confirms breach after data for sale. (to the original material)
- T-Mobile hacker gets 10 years for $25 million phone unlock scheme. (to the original material)