- Details
- Written by: Merticaru Dorin Nicolae
- Category: Cyber Security News
- Hits: 197
- Cybersecurity news of the week (11/17/2022). (to the original material)
- CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain. (to the original material)
- #StopRansomware: Hive. (to the original material)
- CISA Releases Two Industrial Control Systems Advisories. (to the original material)
- Top passwords used in RDP brute-force attacks. (to the original material)
- Open-source tool puts machine learning dataset analysis at data scientists’ fingertips. (to the original material)
- Phishing kit impersonates well-known brands to target US shoppers. (to the original material)
- Microsoft fixes Windows Kerberos auth issues in emergency updates. (to the original material)
- Previously unidentified ARCrypter ransomware expands worldwide. (to the original material)
- FBI: Hive ransomware extorted $100M from over 1,300 victims. (to the original material)
- QBot phishing abuses Windows Control Panel EXE to infect devices. (to the original material)
- F5 fixes two remote code execution flaws in BIG-IP, BIG-IQ. (to the original material)
- ESET rolls out new consumer offerings to improve home security. (to the original material)
- Microsoft urges devs to migrate away from .NET Core 3.1 ASAP. (to the original material)
- U.S. charges Russian suspects with operating Z-Library e-Book site. (to the original material)
- Australia Unveils Plan to Counter Global Cybercrime Problem. (to the original material)
- HHS Needs to Modernize Its Cyber Approach: Watchdog Agency. (to the original material)
- Discord Fined by French CNIL for GDPR Violations. (to the original material)
- Cyberwarfare's Role in the Next National Defense Strategy. (to the original material)
- Amazon Relational Database Service exposing PII via cloud ‘snapshots’. (to the original material)
- Over a third of vulnerabilities reviewed by ethical hackers did not have a CVE (Common Vulnerabilities and Exposures). (to the original material)
- How to determine if your IT environment is ready for SASE. (to the original material)
- Carmakers must start taking cybersecurity more seriously. (to the original material)
- Two public schools in Michigan hit by a ransomware attack. (to the original material)
- Magento and Adobe Commerce websites under attack. (to the original material)
- Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police. (to the original material)
- Iran-linked threat actors compromise US Federal Network. (to the original material)
- KOSA (Kids Online Safety Act) Would Let the Government Control What Young People See Online. (to the original material)
- EFF's Atlas of Surveillance Database Now Documents 10,000+ Police Tech Programs. (to the original material)
- Should We Be Worried About Doorstep Surveillance – How Surveillance Is Changing Us & Society. (to the original material)
- How to Fix the “This Site May Harm Your Computer” Warning. (to the original material)
- Better governance is crucial to getting value from data. (to the original material)
- The rise of cloud marketplaces. (to the original material)
- New webinar: A look back at high-impact vulnerabilities from 2022. (to the original material)
- Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign. (to the original material)
- FBI-Wanted Leader of the Notorious Zeus Botnet Gang Arrested in Geneva. (to the original material)
- High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices. (to the original material)
- Iranian Hackers Compromised a U.S. Federal Agency's Network Using Log4Shell Exploit. (to the original material)
- North Korean Hackers Targeting Europe and Latin America with Updated DTrack Backdoor. (to the original material)
- Zeus Botnet Suspected Leader Arrested in Geneva. (to the original material)
- Security Budget Cuts and Recession Spark Worries Among IT Admins. (to the original material)
- Hundreds of Amazon RDS Snapshots Discovered Leaking Users' Data. (to the original material)
- More Than Half of Black Friday Spam Emails Are Scams. (to the original material)
- Cybersecurity Industry Must Maintain Public Faith in Technology, Says NCSC Founder. (to the original material)
- PCI Council Launches Flexible Mobile Payments Standard. (to the original material)
- US: Iranian Hackers Breached Government with Log4Shell. (to the original material)
- Chinese Spy Gets 20 Years for Aviation Espionage Plot. (to the original material)
- Details
- Written by: Merticaru Dorin Nicolae
- Category: Cyber Security News
- Hits: 203
- Cisco Releases Security Updates for Identity Services Engine. (to the original material)
- Samba Releases Security Updates. (to the original material)
- Mozilla Releases Security Updates for Multiple Products. (to the original material)
- CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network. (to the original material)
- Electronics repair technicians snoop on your data. (to the original material)
- Cloud data protection trends you need to be aware of. (to the original material)
- 5 use cases with a malware sandbox. (to the original material)
- Updated RapperBot malware targets game servers in DDoS attacks. (to the original material)
- Suspected Zeus cybercrime ring leader ‘Tank’ arrested by Swiss police. (to the original material)
- Twitter source code indicates end-to-end encrypted DMs are coming. (to the original material)
- US govt: Iranian hackers breached federal agency using Log4Shell exploit. (to the original material)
- Magento stores targeted in massive surge of TrojanOrders attacks. (to the original material)
- Okta shares fix for issue impacting Microsoft 365 SSO logins. (to the original material)
- DuckDuckGo now lets all Android users block trackers in their apps. (to the original material)
- Misconfigured Server Exposed PHI of 600,000 Inmates. (to the original material)
- Iranian Hacker Group Uses Log4Shell to Cryptojack US Agency. (to the original material)
- Qatar's World Cup Apps Pose Privacy Concerns. (to the original material)
- Ransomware Attackers Don't Take Holidays. (to the original material)
- Arrest of Ukrainian in Cybercrime Case Shows Patience Pays. (to the original material)
- Simplifying Implementation of a Zero Trust Architecture. (to the original material)
- Managing Cyber Risk in a Technology-Dependent World. (to the original material)
- How to punch up your next executive briefing quickly. (to the original material)
- How security teams can defend against BECs. (to the original material)
- F5 fixed 2 high-severity Remote Code Execution bugs in its products. (to the original material)
- Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs. (to the original material)
- New RapperBot Campaign targets game servers with DDoS attacks. (to the original material)
- Beginning 2023 Google plans to rollout the initial Privacy Sandbox Beta. (to the original material)
- Is Mastodon Private and Secure? Let’s Take a Look. (to the original material)
- The Fediverse Could Be Awesome (If We Don’t Screw It Up). (to the original material)
- Companies caught off guard by holiday and weekend ransomware attacks. (to the original material)
- Gartner 2022 security trend #5: Beyond Awareness. (to the original material)
- Open banking: Tell me what you buy, and I’ll tell you who you are. (to the original material)
- Researchers Discover Hundreds of Amazon RDS Instances Leaking Users' Personal Data. (to the original material)
- 7 Reasons to Choose an MDR Provider. (to the original material)
- Warning: New RapperBot Campaign Aims to Launch DDoS Attacks at Game Servers. (to the original material)
- Google to Roll Out Privacy Sandbox Beta on Android 13 by Early 2023. (to the original material)
- Android Privacy Sandbox Beta to Roll Out By Early 2023. (to the original material)
- Majority of Companies Reduce Cybersecurity Staff Over Holidays. (to the original material)
- Botnets, Trojans, DDoS From Ukraine and Russia Have Increased Since Invasion. (to the original material)
- State-Backed APT Group Activity Continuing Apace. (to the original material)
- Euro Authorities Warn World Cup Fans Over Qatari Apps. (to the original material)
- Most Neurodiverse Women in Tech Feel Unsupported: Study. (to the original material)
- LockBit Remains Most Prolific Ransomware in Q3. (to the original material)
- Details
- Written by: Merticaru Dorin Nicolae
- Category: Cyber Security News
- Hits: 207
- CISA Releases One Industrial Control Systems Advisory. (to the original material)
- SSVC: Prioritization of vulnerability remediation according to CISA. (to the original material)
- As trust in online spaces degrades, Canada bolsters resilience against cyber attacks. (to the original material)
- Critical vulnerability in Spotify’s Backstage discovered, patched. (to the original material)
- Top enterprise email threats and how to counter them. (to the original material)
- North Korean hackers target European orgs with updated malware. (to the original material)
- Google to roll out Privacy Sandbox on Android 13 starting early 2023. (to the original material)
- Researchers release exploit details for Backstage pre-auth RCE bug. (to the original material)
- MFA Fatigue attacks are putting your organization at risk. (to the original material)
- Chinese hackers target government agencies and defense orgs. (to the original material)
- US FTC Delays Safeguards Rule Deadlines by 6 Months. (to the original material)
- FDA Updates Medical Device Cyber Response Playbook. (to the original material)
- Hospital CISO on Why Hackers Pursue Research, Pediatric Data. (to the original material)
- Twitter Two-Factor Authentication Has a Vulnerability - Updated. (to the original material)
- Pro-Moscow Nuisance Hackers Claim DDoS Attack on FBI Website. (to the original material)
- How Do Recent CISA Directives Affect Private Firms? (to the original material)
- Google to pay record $391.5 million for misleading users on location tracking. (to the original material)
- Most companies on Forbes Global 2000 yet to adopt all domain security measures. (to the original material)
- Many financial institutions say their own IT staffs pose the biggest risk to cloud security. (to the original material)
- Three steps to build more diverse cybersecurity teams. (to the original material)
- Why passwordless can’t eliminate passwords, but giving administrators the ability to manage passwords better can. (to the original material)
- Experts found critical RCE in Spotify’s Backstage. (to the original material)
- Experts revealed details of critical SQLi and access issues in Zendesk Explore. (to the original material)
- China-linked APT Billbug breached a certificate authority in Asia. (to the original material)
- Google to Pay a record $391M fine for misleading users about the collection of location data. (to the original material)
- Previously undetected Earth Longzhi APT group is a subgroup of APT41. (to the original material)
- Avast details Worok espionage group’s compromise chain. (to the original material)
- New SocGholish Malware Variant Uses Zip Compression & Evasive Techniques. (to the original material)
- New data security alliance aims to help enterprises beat cyberattacks. (to the original material)
- The psychology of building a resilient cybersecurity team. (to the original material)
- ForgeRock launches cloud-native identity solution for enterprises. (to the original material)
- Prices down, miners up. (to the original material)
- Better software security this way comes. (to the original material)
- Security compromises of audio-video monitoring systems for children are on the rise: here's how to stay safe. (to the original material)
- Critical RCE Flaw Reported in Spotify's Backstage Software Catalog and Developer Platform. (to the original material)
- PCspooF: New Vulnerability Affects Networking Tech Used by Spacecraft and Aircraft. (to the original material)
- Researchers Reported Critical SQLi and Access Flaws in Zendesk Analytics Service. (to the original material)
- Deep Packet Inspection vs. Metadata Analysis of Network Detection & Response (NDR) Solutions. (to the original material)
- Researchers Say China State-backed Hackers Breached a Digital Certificate Authority. (to the original material)
- Google to Pay $391 Million Privacy Fine for Secretly Tracking Users' Location. (to the original material)
- Billbug Targets Government Agencies in Multiple Asian Countries. (to the original material)
- Details
- Written by: Merticaru Dorin Nicolae
- Category: Cyber Security News
- Hits: 198
- CISA Has Added One Known Exploited Vulnerability to Catalog . (to the original material)
- Vulnerability Summary for the Week of November 7, 2022. (to the original material)
- Russian hacktivists hit Ukrainian orgs with ransomware – but no ransom demands. (to the original material)
- Product showcase: ESET’s newest consumer offerings. (to the original material)
- 5 Kali Linux tools you should learn how to use. (to the original material)
- Unwanted emails steadily creeping into inboxes. (to the original material)
- Whoosh confirms data breach after hackers sell 7.2M user records. (to the original material)
- 42,000 sites used to trap users in brand impersonation scheme. (to the original material)
- Instagram, Facebook, Twitter, YouTube suspended in Turkey after blast. (to the original material)
- Russian Hackers Target Ukraine With Malicious Encryption. (to the original material)
- Anesthesiology Services Firm Faces 5 Class Action Lawsuits. (to the original material)
- 'Unauthorized Transactions' Lead to Missing Funds at FTX. (to the original material)
- SolarWinds CEO on How to Secure the Software Build Process. (to the original material)
- Graphus' Amelia Paro on Why Phishing Has Exploded Since 2020. (to the original material)
- LockBit Releases Thales Group Documents. (to the original material)
- Microsoft identifies issues with Kerberos authentication on certain Windows Servers. (to the original material)
- Cloud security isn’t guaranteed because a provider is well-known, expert says. (to the original material)
- Insider threats accounted for more than a third of unauthorized access incidents in Q3. (to the original material)
- Seven deadly sins hiding in the company’s attack surface. (to the original material)
- Massive Black hat SEO campaign used +15K WordPress sites. (to the original material)
- KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks. (to the original material)
- CERT-UA warns of multiple Somnia ransomware attacks against organizations in Ukraine. (to the original material)
- Have board directors any liability for a cyberattack against their company? (to the original material)
- ITRC Business Impact Report: Good news for small biz. (to the original material)
- ESET APT Activity Report T2 2022. (to the original material)
- New "Earth Longzhi" APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders. (to the original material)
- Over 15,000 WordPress Sites Compromised in Malicious SEO Campaign. (to the original material)
- What is an External Penetration Test? (to the original material)
- New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks. (to the original material)
- Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images. (to the original material)
- Details
- Written by: Merticaru Dorin Nicolae
- Category: Cyber Security News
- Hits: 196
- Week in review: Microsoft fixes many zero-days, malicious droppers on Google Play, IRISSCON 2022. (to the original material)
- Ukraine says Russian hacktivists use new Somnia ransomware. (to the original material)
- Ukraine Police dismantled a transnational fraud group that made €200 million per year. (to the original material)
- Lockbit gang leaked data stolen from global high-tech giant Thales. (to the original material)