Study - Technical
- LMS-SFC (EN) - Cyber
Security - News
Archive November 2021
Cyber Security - News Archive
November 2021
30.11.2021
- News
from Cyber Security.
- Massive
online crime crackdown leads to 1,000 arrests.
(to
the original material).
- How to
combat ransomware with visibility. (to
the original material)
-
Implications of strengthening the
cybersecurity of small business in America. (to
the original material)
- Most
challenging security threats for CTOs (Chief
Technology Officer). (to
the original material)
- Ecommerce
retailers facing a 350% increase in fraudulent
online orders. (to
the original material)
- Patching
takes 2.5 times longer when endpoints are
remote. (to
the original material)
- Secure
cloud products and services with new CIS
Benchmarks (Center for Internet Security). (to
the original material)
- Microsoft
Defender scares admins with Emotet false
positives. (to
the original material)
- FBI
seized $2.3M from affiliate of REvil, Gandcrab
ransomware gangs. (to
the original material)
- Finland
warns of Flubot malware heavily targeting
Android users. (to
the original material)
-
Smartwatches for children are a privacy and
security nightmare. (to
the original material)
- EwDoor
botnet targets AT&T network edge devices
at US firms. (to
the original material)
- Android
banking malware infects 300,000 Google Play
users. (to
the original material)
- DNA
testing firm discloses data breach affecting
2.1 million people. (to
the original material)
-
8-year-old HP printer vulnerability affects
150 printer models. (to
the original material)
-
Yanluowang ransomware operation matures with
experienced affiliates. (to
the original material)
- Case
Study: Catching threats ahead of time with a
penetration test from the Cisco Talos Incident
Response Red Team. (to
the original material)
- Tails OS:
The Amnesic operating system that covers your
tracks. (to
the original material)
29.11.2021
- News
from Cyber Security.
-
Vulnerability Summary for the Week of November
22, 2021. (to
the original material)
- Only 5% of
#SiguranțaOnline (#SecurityOnline) quiz
participants found all online fraud. (to
the original material)
- National
Cybersecurity Strategies: with a vision on
raising citizens’ awareness. (to
the original material)
- Big
salaries alone are not enough to hire good
cybersecurity talent: What else can companies
do? (to
the original material)
- Behavioral
biometrics: A promising tool for enhancing
public safety. (to
the original material)
- Putting the
“sec” in DevSecOps: An overall reduction of
risk. (to
the original material)
- Addressing
the cybersecurity skills gap with higher
education. (to
the original material)
- Mid-market
IT leadership top 2022 objective: Strengthening
security. (to
the original material)
- Phishing
attacks top 260,000 in Q3 2021. (to
the original material)
- 82% of IT
leaders looking to cloud for critical mainframe
applications to remain competitive. (to
the original material)
- AWS
re:Invent 2021 Guide: Checklist & Key
Sessions. (to
the original material)
- Dark web
market Cannazon shuts down after massive DDoS
attack. (to
the original material)
- Stealthy
WIRTE hackers target governments in the Middle
East. (to
the original material)
- Zoom
finally adds automatic updates to Windows, macOS
clients. (to
the original material)
- Telegram
channel admins who sold fake vaccine cards
arrested. (to
the original material)
- Panasonic
discloses data breach after network hack. (to
the original material)
- APT37
targets journalists with Chinotto multi-platform
malware. (to
the original material)
- An Azure
Sphere kernel exploit - or how I learned to stop
worrying and love the IoT. (to
the original material)
- Employees
leaving the company: Why there should be a
chapter dedicated to this stage in the security
strategy of any organization. (to
the original material)
- More than
1,000 arrested in global crackdown on online
fraud. (to
the original material)
28.11.2021
- News
from Cyber Security.
- Week in
review: Windows EoP flaw still exploitable,
GoDaddy breach, malicious Python packages on
PyPI. (to
the original material)
-
Ransomware attacks on Healthcare System goes
way beyond just data. (to
the original material)
- The rise
in banking scams: Zelle Fraud and other
threats. (to
the original material)
27.11.2021
- News
from Cyber Security.
- New
Windows 10 zero-day gives admin rights, gets
unofficial patch. (to
the original material)
- CronRAT
abuses Linux Task Scheduler to stay under the
radar. (to
the original material)
- Iranian
hackers abusing known bug in Microsoft's
MSHTML. (to
the original material)
- Holiday
scams may cost $53 million this year, warns
FBI. (to
the original material)
- Group-IB
helps Italian officials take down scammers
selling COVID-19 docs via Telegram. (to
the original material)
- Making
the Case for Centralized IAM Management
Control. (to
the original material)
26.11.2021
- News
from Cyber Security.
- Many
users are sharing passwords with someone
outside their household. (to
the original material)
-
Automation investments are driving revenue,
productivity and employment. (to
the original material)
- New
infosec products of the week: November 26,
2021. (to
the original material)
- Your
supply chain: How and why network security and
infrastructure matter. (to
the original material)
- Best
cities for cybersecurity professionals. (to
the original material)
- Key
trends driving the workforce transformation in
2022. (to
the original material)
- Avoid the
clutter of shopping: How to shop safely online
this holiday season. (to
the original material)
- Week in
security with Tony Anscombe. (to
the original material)
- IKEA
email systems hit by ongoing cyberattack. (to
the original material)
- Google,
Apple fined by Italian authority for
aggressive data collection. (to
the original material)
- TrickBot
phishing checks screen resolution to evade
researchers. (to
the original material)
- Marine
services provider Swire Pacific Offshore hit
by ransomware. (to
the original material)
- Interpol
arrests over 1,000 suspects linked to cyber
crime. (to
the original material)
- "AI will
revolutionize every aspect of connectivity,"
argue cyber experts. (to
the original material)
- Marine
Services Giant (APAC) hit by Clop ransomware.
(to
the original material)
- Pfizer
alleges insider stole #Covid19 vaccine docs. (to
the original material)
- APT C-23
targeting Android users in Middle East with
spyware. (to
the original material)
- 18
cybersecurity startups to watch. (to
the original material)
- Spammers
use holiday scams to steal data and money from
shoppers. (to
the original material)
- The best
gift for the Holidays? An Incident Response
Plan. (to
the original material)
- Medical
data exposed in breach at True Health New
Mexico. (to
the original material)
- Essential
preparations for the Holiday Season attack
surge. (to
the original material)
-
Cybersecurity Unplugged: Improving Healthcare
Security. (to
the original material)
25.11.2021
- News
from Cyber Security.
-
Cybersecurity News of the Week (25.11.2021). (to
the original material)
- Risk
Management: Helping the EU Railways Catch the
Cybersecurity Train. (to
the original material)
- From
fragmented encryption chaos to uniform data
protection. (to
the original material)
- How
likely are mid-market organizations to
experience a breach by the end of 2021? (to
the original material)
- Which
technologies will be the most important in
2022? (to
the original material)
- Nearly
600,000 open cybersecurity-related jobs were
listed over 12 months. (to
the original material)
- Defense
contractors are highly susceptible to
ransomware attacks. (to
the original material)
- Companies
ditching VPNs for zero trust architectures to
secure hybrid workplaces. (to
the original material)
- "Free Steam games" videos promise much, deliver malware. (to the original material)
-
BazarLoader adopts new delivery mechanisms.
(to
the original material)
-
RATDispenser: A loader spreading eight
malware. (to
the original material)
- UK
government transport website caught showing
porn. (to
the original material)
- How
cybercriminals adjusted their scams for
Black Friday 2021. (to
the original material)
- New
Linux malware hides in cron jobs (CronRAT)
with invalid dates. (to
the original material)
-
Discord malware campaign targets crypto,
DeFi, and NFT communities. (to
the original material)
-
Microsoft Defender for Endpoint fails to
start on Windows Server. (to
the original material)
- UK and
German Police take down 21 jihadist
websites. (to
the original material)
-
Ukrainian Cops bust mobile device (Apple și
Samsung) hacking group. (to
the original material)
- FBI:
2021 Holiday Season fraud could exceed $53m.
(to
the original material)
-
Credentials exposed for majority of US
financial firm employees. (to
the original material)
- Rise
of info-stealers, crypto scams and deepfakes
will imperil financial sector. (to
the original material)
- New
differential fuzzing tool reveals novel HTTP
request smuggling techniques. (to
the original material)
-
WordPress security plugin Hide My WP
addresses SQL injection, deactivation flaws.
(to
the original material)
- The
triangle of holiday shopping: Scams, social
media and supply chain woes. (to
the original material)
- New UK
IoT law means huge fines and a ban on
default passwords. (to
the original material)
- NCSC
warns industry, academia of foreign threats
to their intellectual property. (to
the original material)
-
Enhancing zero trust access through a
context-aware security posture. (to
the original material)
-
Ransomware: Best practices for negotiating a
ransom payment. (to
the original material)
- UK
Legislation seeks mandatory Security
Standards for IoT. (to
the original material)
-
Ukraine's Secret Service busts 5 alleged
"Phoenix" hackers. (to
the original material)
24.11.2021
- News
from Cyber Security.
- CISA
Releases Capacity Enhancement Guides to
Enhance Mobile Device Cybersecurity for
Consumers and Organizations. (to
the original material)
- VMware
releases security updates. (to
the original material)
-
Exploiting a Microsoft zero-day vulnerability
can give attackers administrative rights in
Windows. (to
the original material)
- Higher
Education in Europe: Understanding the
cybersecurity skills gap in the EU. (to
the original material)
- Talos
Takes Ep. #78: Attackers would love to buy you
a non-existent PS5 this holiday season. (to
the original material)
- After
failed fix, researcher releases exploit for
Windows EoP (Exchange online Protection) flaw
(CVE-2021-41379). (to
the original material)
- Securing
open-source code supply chains may help
prevent the next big cyberattack. (to
the original material)
-
Ransomware attacks surge, but victims are
recovering quickly. (to
the original material)
- CISOs
missing major holidays due to work demands. (to
the original material)
- 10 trends
likely to shape the IT industry, its workforce
and its business models in 2022. (to
the original material)
- Products
used by children are not nearly as
privacy-protecting as they should be. (to
the original material)
- How are
organizations protecting their critical IT
assets? (to
the original material)
- Germany
to force ISPs to give discounts for slow
Internet speeds. (to
the original material)
- Hackers
exploit Microsoft MSHTML bug to steal Google,
Instagram creds. (to
the original material)
- FBI:
Online shoppers risk losing over $53M to
holiday scams. (to
the original material)
- Stealthy
new JavaScript malware infects Windows PCs
with RATs (Remote Access Trojan). (to
the original material)
- GoDaddy
data breach hits WordPress hosting services
resellers. (to
the original material)
- Ukraine
arrests "Phoenix" hackers behind Apple
phishing attacks. (to
the original material)
- Mediatek
eavesdropping bug impacts 30% of all Android
smartphones. (to
the original material)
- Black
Friday 2021 deal: 20% off Zero2Automated
malware analysis courses. (to
the original material)
- Joke
Hitman website "RenaHitman.com" catches
plotting Michigander. (to
the original material)
- YouTube
live crypto scams made nearly $9m in October.
(to
the original material)
-
Marylander found guilty of skiptracing (PoE -
Place of Employment information). (to
the original material)
- UK
introduces new cybersecurity legislation for
IoT devices. (to
the original material)
- CISA
issues Holiday ransomware message. (to
the original material)
- Most US
Healthcare apps susceptible to cyber-attack. (to
the original material)
- Malicious
JavaScript Loader is a Multi-RAT dispenser. (to
the original material)
- Multiple
bugs enable Eavesdropping on 37% of Android
Phones. (to
the original material)
- Standing
up to cyber-bullies earns man award
nomination. (to
the original material)
- Apple
sues “state-sponsored” spyware firm NSO Group.
(to
the original material)
- Report:
Digital marketing agency exposed 92 million
records online including employee and client
data. (to
the original material)
-
Infrastructure Security Month has something
for everyone. (to
the original material)
- With the
holidays come greater ransomware attacks. (to
the original material)
-
Cyberattacks often come after working hours.
Here’s how to prepare. (to
the original material)
- Avoiding
the shopping blues: How to shop online safely
this holiday season. (to
the original material)
- 9 tips
for an effective ransomware negotiation. (to
the original material)
- How to
prevent sideloading attacks in Windows and
Office 365. (to
the original material)
- How the
pandemic pulled Nigerian university students
into cybercrime. (to
the original material)
- Synthetic
ID Fraud: What to look forward to in 2022. (to
the original material)
- Financial
Agencies Eye existing laws for crypto
regulation. (to
the original material)
- Amazon
has been lobbying hard against privacy
protections - Mostly with success; Who’s
smiling now? (to
the original material)
23.11.2021
- News
from Cyber Security.
- New
Windows zero-day with public exploit lets you
become an admin. (to
the original material)
- Exploit
released for Microsoft Exchange RCE bug, patch
now. (to
the original material)
- UK govt
warns thousands of SMBs their online stores
were hacked. (to
the original material)
- US govt
warns of increased ransomware risks during
holidays. (to
the original material)
- Hackers
hit Iran's Mahan airline, claim confidential
data theft. (to
the original material)
- Biometric
auth bypassed using fingerprint photo,
printer, and glue. (to
the original material)
- GoDaddy
data breach hits 1.2 million Managed WordPress
customers. (to
the original material)
- Wind
turbine giant Vestas' data compromised in
cyberattack. (to
the original material)
- How to
find hidden spy cameras with a smartphone. (to
the original material)
- Why
cybersecurity training needs a post-pandemic
overhaul. (to
the original material)
- Guarding
against DCSync attacks. (to
the original material)
- How do I
select an automotive IoT security solution? (to
the original material)
- Does your
company employ a CISO? Many are operating
without security leadership. (to
the original material)
- Holidays
don’t mean much to ransomware attackers. (to
the original material)
- Fraud
fighters aren’t prepared for the multi-billion
dollar threat of global insurance fraud. (to
the original material)
- IoT
security market to reach $52.3 billion by
2026. (to
the original material)
- eBook:
Using NIST guidelines for secure passwords. (to
the original material)
-
Cryptocurrency exchange BTC-Alpha confirms
ransomware attack. (to
the original material)
- A review
of Azure Sphere vulnerabilities: Unsigned code
execs, kernel bugs, escalation chains and
firmware downgrades. (to
the original material)
- What to
do if you receive a data breach notification.
(to
the original material)
- Data
Analytics to tackle insider fraud. (to
the original material)
- Update:
GoDaddy breach hits managed WordPress
customers. (to
the original material)
- FBI
identified BEC scammers using bank
surveillance footage. (to
the original material)
- Suspect
arrested in "ransom your employer" criminal
scheme. (to
the original material)
- Code
execution bug patched in Imunify360 Linux
server security suite. (to
the original material)
- U.S.
government ramps up cybersecurity spending. (to
the original material)
- Small
businesses urged to protect their customers
from card skimming. (to
the original material)
- Threat
actors find and compromise exposed services in
24 hours. (to
the original material)
- Malware
now trying to exploit new Windows Installer
zero-day. (to
the original material)
- The Best
Cyber Monday 2021 Security, IT, VPN, &
Antivirus Deals. (to
the original material)
- FBI warns
of phishing targeting high-profile brands'
customers. (to
the original material)
- Apple
sues spyware-maker NSO Group, notifies iOS
exploit targets. (to
the original material)
-
Researchers warn of severe risks from
"Printjack" printer attacks. (to
the original material)
- Microsoft
Edge adds Super Duper Secure Mode to Stable
channel. (to
the original material)
- Over nine
million Android devices infected by
info-stealing trojan. (to
the original material)
- Hackers
target biomanufacturing with stealthy
Tardigrade malware. (to
the original material)
- 81% of UK
Retailers leaving customers at risk of email
fraud ahead of #BlackFriday. (to
the original material)
- Over a
fifth of UK cyber workers experience
discrimination. (to
the original material)
- Over 4000
UK Retailers compromised by Magecart attacks.
(to
the original material)
- More
ransomware attacks up to September than whole
of 2020. (to
the original material)
-
Recovering ransom payments could become
routine for law enforcement. (to
the original material)
- Don’t
wait for supply chain regulation to get your
cloud security house in order. (to
the original material)
-
Cybercriminals continue using Zelle to scam
victims. (to
the original material)
- H-ISAC
shares guide for identity-centric data sharing
approach. (to
the original material)
- As the
cyber insurance bubble begins to burst, the
market scrambles for a new approach. (to
the original material)
- "It’s all
about click rate." Squirrelwaffle campaign
disguises malicious activity as replies to
email chains. (to
the original material)
- FBI, CISA
urge organizations to be on guard for attacks
during holidays. (to
the original material)
- Study:
Storage systems are weakest link in IT
infrastructure security. (to
the original material)
- NIST
workshop provides clues to upcoming software
supply chain security guidelines. (to
the original material)
- What
CISOs can learn from the US Navy insider who
stole nuclear secrets. (to
the original material)
- A third
of all dark web domains are now v3 onion
sites. (to
the original material)
22.11.2021
- News
from Cyber Security.
-
Vulnerability Summary for the Week of November
15, 2021. (to
the original material)
- Reminder
for critical infrastructure to stay vigilant
against threats during holidays and weekends. (to
the original material)
- Step
towards foresight on emerging cybersecurity
challenges. (to
the original material)
- The Cost of
a data breach goes beyond the bottom line. (to
the original material)
- Malicious
Python packages employ advanced detection
evasion techniques. (to
the original material)
- What’s
stopping consumers from acting on a data breach
notice? (to
the original material)
- Top 5
cybersecurity considerations for file uploads of
vaccination records. (to
the original material)
- An
introduction to U.S. data compliance laws. (to
the original material)
- As digital
shopping surges, researchers predict 8 million
daily attacks. (to
the original material)
- Ethical
hackers and the economics of security research.
(to
the original material)
- Businesses
compromise on cybersecurity in favor of other
goals. (to
the original material)
- The CIS
Benchmarks community consensus process (Center
for Internet Security). (to
the original material)
- Security
analytics market to reach $25.4 billion by 2026.
(to
the original material)
- Cisco flaw
affects firewalls. (to
the original material)
- Teen
accused of stealing Bitcoin worth $36.5m. (to
the original material)
- GoDaddy
announces data breach. (to
the original material)
- Online
payment fraud surges by 208% ahead of Black
Friday. (to
the original material)
- Hackers
exploit ProxyLogon and ProxyShell bugs in
phishing Blitz. (to
the original material)
- SEC
(Securities and Exchange Commision) warning as
phishing and vishing attacks mount. (to
the original material)
- Wind
turbine giant Vestas Wind Systems offline after
cyber incident. (to
the original material)
- Hackers
exploiting ProxyLogon and ProxyShell flaws in
spam campaigns. (to
the original material)
Vulnerability
Spotlight: Multiple vulnerabilities in Advantech
R-SeeNet- . (to
the original material)
- Back from
the dead: Emotet re-emerges, begins rebuilding
to wrap up 2021. (to
the original material)
-
Vulnerability Spotlight: PHP deserialize
vulnerability in CloudLinux Imunity360 could
lead to arbitrary code execution. (to
the original material)
- Report:
DeFi fraud, theft exceeds $10 billion in 2021. (to
the original material)
- NHS
(National Health Service - UK) denies data was
exposed in Stor-a-File Hack. (to
the original material)
- More than
half of indian loan apps illegal, RBI (Reserve
Bank of India) panel finds. (to
the original material)
- Hackers
abusing Glitch Platform to steal credentials. (to
the original material)
- Utah
Imaging Associates notify nearly 584,000 of PHI
(Protected Health Information) hack. (to
the original material)
- Essential
settings to keep your LinkedIn account safe. (to
the original material)
- Instagram
employees tricked into believing their boss was
dead and blocked his account. (to
the original material)
- Five tips
to avoid scams when shopping online. (to
the original material)
- Phishing
attacks use Gmail as their main platform, the
researchers found. (to
the original material)
- Hackers
breach corporate email servers to send spam to
employees. (to
the original material)
- Over a
million WordPress sites breached. (to
the original material)
- Imunify360
bug leaves Linux Web Servers open to code
execution, takeover. (to
the original material)
- Online
Merchants: Prevent fraudsters from becoming
Holiday Grinches. (to
the original material)
- New Windows
zero-day with public exploit lets you become an
admin. (to
the original material)
- Exploit
released for Microsoft Exchange RCE bug, patch
now. (to
the original material)
- UK govt
warns thousands of SMBs their online stores were
hacked. (to
the original material)
- US govt
warns of increased ransomware risks during
holidays. (to
the original material)
- 40% of
healthcare lack designated CISO. (to
the original material)
- What to do
if you receive a data breach notice. (to
the original material)
- 9 cloud and
on-premises email security suites compared. (to
the original material)
- California
state CISO: the goal is “operating as a whole
government”. (to
the original material)
21.11.2021
- News
from Cyber Security.
- Week in
review: Intel chip flaw, shedding light on
hidden root CAs (Certificate Authorities),
Emotet stages a comeback. (to
the original material)
- Vestas
hit by cyber security incident, shuts some IT
systems. (to
the original material)
- US SEC
warns investors of ongoing govt impersonation
attacks. (to
the original material)
-
Blacksmith attack bypasses existing DDR4
memory defenses. (to
the original material)
- New ETW
(Event Tracing for Windows) attacks may blind
security products. (to
the original material)
- COVID-19
and cybercrime - Europol threat assessment. (to
the original material)
- Latest
research links Ghostwriter disinformation
campaign to Belarus. (to
the original material)
- Facebook
postpones plans for E2E encryption in
Messenger, Instagram until 2023. (to
the original material)
- A fresh,
risk-based approach to SAST Application
Security. (to
the original material)
- Cloud
Security: The need for AWS Backup. (to
the original material)
20.11.2021
- News
from Cyber Security.
- Microsoft
Exchange servers hacked in internal
reply-chain attacks. (to
the original material)
-
Microsoft: Office 365 will boost default
protection for all users. (to
the original material)
- Youth in
$37 million crypto heist; BitConnect Ponzi
payout. (to
the original material)
- Conti
ransomware gang suffers security breach. (to
the original material)
- FBI
Warning: Cybercriminals abusing zero-day in
FatPipe VPN. (to
the original material)
- Microsoft
reports evolution of iranian hacking groups. (to
the original material)
- Zero-day
flaws and Exploit-as-a-Service trending among
ransomware groups. (to
the original material)
- Sky:
"Serious" security flaw on six million routers
left customers vulnerable to hackers. (to
the original material)
-
Cybercriminals discuss new business model for
zero-day exploits. (to
the original material)
- Void
Balaur explained - a stealthy cyber mercenary
group that spies on thousands. (to
the original material)
19.11.2021
- News
from Cyber Security.
- Updated:
APT exploitation of ManageEngine ADSelfService
Plus vulnerability. (to
the original material)
- NSA and
CISA release guidance on securing 5G Cloud
Infrastructures. (to
the original material)
- Gaps in
IT staff skills causing stress and decreased
productivity. (to
the original material)
- Big data
in IoT market to reach $50.9 billion by 2026.
(to
the original material)
- Bots are
lurking in your zombie and shadow APIs. (to
the original material)
-
Researchers shed light on hidden root CAs
(Certificate Authorities). (to
the original material)
- New
infosec products of the week: November 19,
2021. (to
the original material)
- Lack of
API visibility undermines basic principle of
security. (to
the original material)
- How to
handle third-party security risk management. (to
the original material)
- How to
strengthen incident response in the health
sector. (to
the original material)
- 52% of
SMBs have experienced a cyberattack in the
last year. (to
the original material)
- The
Ransomware Files, Episode 2: Bridging backup
gaps. (to
the original material)
- The Week
in Ransomware - November 19th 2021 - Targeting
Conti. (to
the original material)
- Some
Tesla owners unable to unlock cars due to
server errors. (to
the original material)
- Emotet
botnet comeback orchestrated by Conti
ransomware gang. (to
the original material)
- Fake TSA
PreCheck sites scam US travelers with fake
renewals. (to
the original material)
- Microsoft
Authenticator gets new enterprise security
features. (to
the original material)
- Utah
medical center hit by data breach affecting
582k patients. (to
the original material)
- Six
million Sky routers exposed to takeover
attacks for 17 months. (to
the original material)
- US
regulators order banks to report cyberattacks
within 36 hours. (to
the original material)
-
Regulators: Banks have 36 hours to report
cyber incidents. (to
the original material)
- Israel
charges Defense Minister’s house cleaner with
leaking data to Iranian hackers. (to
the original material)
- Philips,
CISA warn of medical device product security
flaws. (to
the original material)
- Malicious
Cyberattacks in New Zealand Double in a Year.
(to
the original material)
- North
Korean APT Group steps up espionage Ops in
2021. (to
the original material)
- 2
Iranians charged with 2020 US Election
interference. (to
the original material)
- ISMG
Editors: Cyberspace Solarium Commission
Updates. (to
the original material)
-
Ransomware Attackers: "No Days Off!". (to
the original material)
-
Cryptocurrency Conundrum: How to Make Dirty
Bitcoins Clean? (to
the original material)
- Week in
security with Tony Anscombe. (to
the original material)
-
CYBERWARCON – Foreign influence operations
grow up. (to
the original material)
- Sky slow
to fix bug in routers. (to
the original material)
- Brit
admits role in international movie piracy
ring. (to
the original material)
-
Squirrelwaffle exploits ProxyShell and
ProxyLogon to hijack email chains. (to
the original material)
- This Week
in Security News - November 19, 2021. (to
the original material)
-
Infrastructure Security Month: Resiliency is a
collaborative effort. (to
the original material)
- Robinhood
breach illustrates the impact of social
engineering attacks. (to
the original material)
- Threat
Roundup for November 12 to November 19. (to
the original material)
- Beers
with Talos, Ep. #111: We say goodbye to Craig
and his killer robots. (to
the original material)
- Talos
Takes Ep. #77: How to connect to (and safely
use) public WiFi. (to
the original material)
- The
Kaseya ransomware attack: A timeline. (to
the original material)
- Security
Recruiter Directory. (to
the original material)
18.11.2021
- News
from Cyber Security.
- Drupal
releases security updates. (to
the original material)
- NCSC
releases 2021 annual review. (to
the original material)
-
Cybersecurity News of the Week (11/18/2021). (to
the original material)
- US
Government declassifies data to foster
would‑be defenders. (to
the original material)
- "My bank
account was in a shambles": The ordeal of an
identity theft victim. (to
the original material)
- Security
leaders need more data and context to conduct
cloud investigations. (to
the original material)
- Reality
check: Your security hygiene is worse than you
think it is. (to
the original material)
- Report:
The ROI (Return On Investment) of Modern
Pentesting 2021. (to
the original material)
- The six
most common threats against the device that
knows you best. (to
the original material)
- How to
improve your SaaS security posture and reduce
risk. (to
the original material)
- The
Covid-19 crisis has fueled the increase of
cybercrime in all its forms. (to
the original material)
- Cyber
complexity negatively impacts a company’s
ability to respond to threats. (to
the original material)
- Android
malware BrazKing returns as a stealthier
banking trojan. (to
the original material)
- US
indicts Iranian hackers for Proud Boys voter
intimidation emails. (to
the original material)
- Hackers
deploy Linux malware, web skimmer on
e-commerce servers. (to
the original material)
-
Microsoft: Iranian state hackers increasingly
target IT sector. (to
the original material)
- New
Memento ransomware switches to WinRar after
failing at encryption. (to
the original material)
- Glitch
service abused to host short-lived phishing
sites. (to
the original material)
- North
Korean cyberspies target govt officials with
custom malware. (to
the original material)
- FBI warns
of APT group exploiting FatPipe VPN zero-day
since May. (to
the original material)
- RedCurl
corporate espionage hackers resume attacks
with updated tools. (to
the original material)
- North
Korean cyber-criminal recycles tactics and
targets. (to
the original material)
- Chinese
man charged with impersonating female
Minnesota student online. (to
the original material)
-
Overworked CISOs are skipping family vacations
and Holidays. (to
the original material)
-
#IRISSCON: Understanding the reality of cyber
threats to improve defenses. (to
the original material)
-
#IRISSCON: Security industry should change the
rhetoric around cyber-threats. (to
the original material)
- China's
APT41 manages library of breached
certificates. (to
the original material)
- Russian
cybercrime forums open doors to
Chinese-speakers. (to
the original material)
- Threat
actors discuss leasing zero-day exploits. (to
the original material)
- How
behavioral biometrics can tackle AML
(Anti-Money Laundering) fraud. (to
the original material)
- Ohio
Hospital still struggling one Week after
cyberattack. (to
the original material)
- US, UK,
Australia issue alert on Iranian APT Groups. (to
the original material)
- SharkBot
Trojan targets bank and cryptocurrency
credentials. (to
the original material)
-
Ransomware, response dominate Irish cybercrime
Conference. (to
the original material)
- Conti
gang has made at least $25.5 million since
July 2021. (to
the original material)
- RedCurl
hacking group returns with new attacks. (to
the original material)
-
Secured.21: Keys to fast, successful
application security deployment. (to
the original material)
- Threat
Source Newsletter (Nov. 18, 2021). (to
the original material)
- Will XDR
modernize the SOC? (to
the original material)
17.11.2021
- News
from Cyber Security.
- CISA adds
four known exploited vulnerabilities to Catalog.
(to
the original material)
- Iranian
government-sponsored APT cyber actors exploiting
Microsoft Exchange and Fortinet vulnerabilities.
(to
the original material)
- European
Commission briefing on the first call for
projects on the Digital Europe program. (to
the original material)
-
Cybersecurity Spending: An analysis of
Investment Dynamics within the EU. (to
the original material)
- 10-step
emergency plan after a security breach. (to
the original material)
- GitHub
fixed serious npm registry vulnerability, will
mandate 2FA use for certain accounts. (to
the original material)
- Emotet
stages a comeback via Trickbot and spam. (to
the original material)
-
Illuminating the path: Compliance as the key to
security-by-design. (to
the original material)
- Combating
cybercrime: Lessons from a CIO and Marine
veteran. (to
the original material)
- The latest
trends in online cybersecurity learning and
training. (to
the original material)
- 76% of
gamers were financially affected by a
cyberattack, losing $700+ on average. (to
the original material)
- What is
challenging secure application development? (to
the original material)
- Businesses
are forced to adopt new cybersecurity measures.
(to
the original material)
- Digital
transformation spending to reach $2.8 trillion
in 2025. (to
the original material)
- Most SS7
exploit service providers on dark web are
scammers. (to
the original material)
- Russian
ransomware gangs start collaborating with
Chinese hackers. (to
the original material)
- TikTok
phishing threatens to delete influencers’
accounts. (to
the original material)
- Victims of
$2 billion BitConnect fraud to get back $57
million. (to
the original material)
- US, UK warn
of Iranian hackers exploiting Microsoft
Exchange, Fortinet. (to
the original material)
- CISA
releases cybersecurity response plans for
federal agencies. (to
the original material)
- Threat
actors offer millions for zero-days, developers
talk of exploit-as-a-service. (to
the original material)
- NSA grants
boost University's Cyber Academy. (to
the original material)
- New
partnership to invest in cybersecurity Startups.
(to
the original material)
- US to sell
$56m in seized crypto-currency. (to
the original material)
-
Organizations more susceptible to ransomware
attacks during weekends and Holidays. (to
the original material)
- DDoS
attacks surge 35% in Q3 as VoIP is targeted. (to
the original material)
- Ghostwriter
disinformation operation linked to Belarus. (to
the original material)
- UK spooks
handled record number of cyber-incidents last
year. (to
the original material)
- Exploring
top use cases for Network Detection and
Response. (to
the original material)
- Data of
5.9M RedDoorz customers leaked in breach. (to
the original material)
-
Exfiltration breach, ransomware attack affect
800,000. (to
the original material)
- CISA
Leader: "We've not seen a change" in ransomware
attacks. (to
the original material)
- Why are you
still using QWERTY? 2021's most common passwords
revealed. (to
the original material)
- Hackers
targeting Myanmar use domain fronting to hide
malicious activities. (to
the original material)
- Facebook
bans Pakistani and Syrian hacker groups for
abusing its platform. (to
the original material)
-
Vulnerability Spotlight: Multiple code execution
vulnerabilities in LibreCAD. (to
the original material)
-
Vulnerability Spotlight: Use-after-free
vulnerability in Google Chrome could lead to
code execution. (to
the original material)
- Talos’ tips
for staying safe while shopping online this
holiday season. (to
the original material)
- Interview
with Casey Crane - The SSL Store. (to
the original material)
16.11.2021
- News
from Cyber Security.
- Google
releases security updates for Chrome. (to
the original material)
- New
federal government cybersecurity incident and
vulnerability response Playbooks. (to
the original material)
- Here are
the new Emotet spam campaigns hitting
mailboxes worldwide. (to
the original material)
- Microsoft
warns of the evolution of six Iranian hacking
groups. (to
the original material)
- WordPress
sites are being hacked in fake ransomware
attacks. (to
the original material)
- These are
the cryptomixers hackers use to clean their
ransoms. (to
the original material)
- Microsoft
adds AI-driven ransomware protection to
Defender. (to
the original material)
- NPM fixes
private package names leak, serious
authorization bug. (to
the original material)
- Zoom
patches vulnerabilities in its range of
conferencing apps. (to
the original material)
- We need a
Cyber Awareness Century. (to
the original material)
-
Operational technology and zero trust. (to
the original material)
- How do I
select a policy automation solution for my
business? (to
the original material)
- Shrinking
cyber budgets are leaving businesses at risk.
(to
the original material)
- Cultural
divide between IT and OT teams leaves 65% of
organizations unable to secure both
environments. (to
the original material)
- Internal
audit leaders expect new risks to emerge
post-pandemic. (to
the original material)
- 5G and
edge computing will lead an app development
revolution. (to
the original material)
-
Researchers spot comeback of the Emotet
botnet. (to
the original material)
- US,
Israel expand cyber partnership, announce task
force. (to
the original material)
- Emotet is
rebuilding its botnet. (to
the original material)
- Ethical
hackers Stymie $27bn of cybercrime. (to
the original material)
- K-12
school districts failing at cloud security. (to
the original material)
- Panel
discusses how SMEs can stay secure amid
digital shift. (to
the original material)
- UK
Government orders phase two review into
Nvidia-Arm deal. (to
the original material)
- China
Telecom appeals against US ban. (to
the original material)
-
Government (UK) plans regulation to bolster
supply chain security. (to
the original material)
-
Cryptojackers disable Alibaba Cloud Security
Agent. (to
the original material)
- Strategic
web compromises in the Middle East with a
pinch of Candiru (Israeli private spyware
company). (to
the original material)
- EU report
calls for more health-specific incident
response. (to
the original material)
- Money
laundering cryptomixer services market to
criminals. (to
the original material)
- US DHS
(Department of Homeland Security) launches new
sSystem for hiring, retaining cyber talent. (to
the original material)
- A
security strategy for the blockchain. (to
the original material)
- Tips for
surviving big game ransomware attacks. (to
the original material)
- Good
manners on social media: anger, fear and
misinformation in the digital age. (to
the original material)
- Belarus
government accused of "partial responsibility"
for Ghostwriter campaigns. (to
the original material)
-
MosesStaff attacks organizations with
encryption malware: No payment demand made. (to
the original material)
- New
banking Trojan SharkBot makes waves across
Europe, US. (to
the original material)
- New
TikTok phishing campaign targets influencer
accounts. (to
the original material)
-
Secured.21: Automated Workflows deep dive. (to
the original material)
- Pace of
ransomware arrests picks up. (to
the original material)
-
Researchers demonstrate new way to detect MitM
phishing kits in the wild. (to
the original material)
- SharkBot
- A new android trojan stealing banking and
cryptocurrency accounts. (to
the original material)
- Attackers
use domain fronting technique to target
Myanmar with Cobalt Strike. (to
the original material)
- Google
allegedly boasted of slowing down and
delaying ePrivacy Regulation, accused of
colluding with Facebook. (to
the original material)
15.11.2021
- News
from Cyber Security.
-
Vulnerability summary for the Week of November
8, 2021. (to
the original material)
- Intel
chip flaw could enable attacks on laptops,
cars, medical devices (CVE-2021-0146). (to
the original material)
- When
cybersecurity becomes terrifying. (to
the original material)
- When it
comes to securing systems against quantum
computers, there is no one-size-fits-all
solution. (to
the original material)
- How to
achieve permanent server hardening through
automation. (to
the original material)
- 10,000+
websites and apps are vulnerable to Magecart.
(to
the original material)
- Digital
life after death: Do you have a
password-sharing plan in place? (to
the original material)
-
Healthcare organizations at risk: The attack
surface is expanding. (to
the original material)
- Top risks
auditors should cover in their 2022 audit
plans. (to
the original material)
- The
future of digital infrastructure: Top 10
predictions. (to
the original material)
- eBook:
Biometric Authentication For Dummies. (to
the original material)
- New
Rowhammer technique bypasses existing DDR4
memory defenses. (to
the original material)
- Emotet
malware is back and rebuilding its botnet via
TrickBot. (to
the original material)
- Alibaba
ECS (Elastic Computing Service) instances
actively hijacked by cryptomining malware. (to
the original material)
- High
severity BIOS flaws affect numerous Intel
processors. (to
the original material)
- 7 million
Robinhood user email addresses for sale on
hacker forum. (to
the original material)
- Moses
Staff hackers wreak havoc on Israeli orgs with
ransomless encryptions. (to
the original material)
- New
Microsoft emergency updates fix Windows Server
auth issues. (to
the original material)
- Scam
Spotter campaign flags gift card fraud
(ScamSpotter.org). (to
the original material)
- US
Journalist imprisoned for spreading false
information is freed. (to
the original material)
- 42% of UK
gamers have experienced a cyber-attack on
their account or device. (to
the original material)
- US and
Israel agree anti-ransomware coalition. (to
the original material)
- CISA:
Patch these ICS flaws across multiple vendors.
(to
the original material)
- FBI
systems compromised to send out fake attack
alerts. (to
the original material)
- FBI fixes
misconfigured server after hoax email alert. (to
the original material)
- Mac
zero-day alert: Watering hole attacks in the
wild. (to
the original material)
- Russian
national charged with laundering Ryuk ransoms.
(to
the original material)
- Emotet
botnet returns after law enforcement
mass-uninstall operation. (to
the original material)
- New Moses
Staff group targets Israeli organizations in
destructive attacks. (to
the original material)
- Groups
target Alibaba ECS instances for
cryptojacking. (to
the original material)
- What is
Ransomware? A Comprehensive Guide to
ransomware attacks. (to
the original material)
-
Vulnerability Spotlight: Vulnerabilities in
Lantronix PremierWave 2050 could lead to code
execution, file deletion. (to
the original material)
14.11.2021
- News
from Cyber Security.
-
Misconfigured FBI email system abused to run
hoax campaign. (to
the original material)
- US
Education Dept urged to boost K-12 schools'
ransomware defenses. (to
the original material)
- Week in
review: Critical RCE in Palo Alto Networks
firewalls, how to select a DRaaS solution. (to
the original material)
- Interview
with Tamas Kadar – SEON Technologies. (to
the original material)
13.11.2021
- News
from Cyber Security.
- FBI
system hacked to email "urgent" warning about
fake cyberattacks. (to
the original material)
- Official
FBI email server hacked, used to send fake
threat. (to
the original material)
- Fake
end-to-end encrypted chat app distributes
Android spyware. (to
the original material)
-
Surveillance firm (WiSpear) pays $1 million
fine after "spy van" scandal (after 2 years).
(to
the original material)
- Zoom
patches multiple vulnerabilities. (to
the original material)
12.11.2021
- News
from Cyber Security.
- European
Commission announces €2 billion investment
through Digital Europe program. (to
the original material)
- VMware
Releases Security Update for Tanzu Application
Service for VMs. (to
the original material)
- CISA
releases advisory on vulnerabilities in
multiple data distribution service
implementations. (to
the original material)
- Palo Alto
Networks release security updates for PAN-OS.
(to
the original material)
- The Week
in Ransomware - November 12th 2021 - Targeting
REvil. (to
the original material)
- QBot
returns for a new wave of infections using
Squirrelwaffle. (to
the original material)
- FTC
shares ransomware defense tips for small US
businesses. (to
the original material)
- These are
the top-level domains threat actors like the
most. (to
the original material)
- Microsoft
warns of surge in HTML smuggling phishing
attacks. (to
the original material)
- Costco
discloses data breach after finding credit
card skimmer. (to
the original material)
- Zero-day
bug in all Windows versions gets free
unofficial patch. (to
the original material)
- Pentagon
set to open Zero Trust Office in December. (to
the original material)
- Critical
RCE in Palo Alto Networks (PAN) firewalls
revealed, patch ASAP! (CVE-2021-3064). (to
the original material)
-
Industrial cybersecurity market to reach $22.3
billion by 2026. (to
the original material)
- As
technology pervades, CIOs’ influence on
business strategy grows. (to
the original material)
- Security
standards should be strengthened outside the
federal government too. (to
the original material)
- Lack of
resources and skills continues to challenge
PKI (Public Key Infrastructure) deployment. (to
the original material)
-
Leveraging social media background checks to
balance friction and risk. (to
the original material)
- New
infosec products of the week: November 12,
2021. (to
the original material)
- Week in
security with Tony Anscombe. (to
the original material)
- GAO
(Government Accountability Office - SUA) says
confusion over responsibilities has left
schools vulnerable to cyber attacks. (to
the original material)
- US
detains crypto-exchange exec for helping Ryuk
ransomware gang launder profits. (to
the original material)
- This Week
in Security News - November 12, 2021. (to
the original material)
- QAKBOT
Loader returns with new techniques and tools.
(to
the original material)
- Below the
Surface: The state of network security in
2021. (to
the original material)
- Threat
Roundup for November 5 to November 12. (to
the original material)
- Talos
Takes Ep. #76: What is Kimsuky phishing around
for? (to
the original material)
11.11.2021
- News
from Cyber Security.
-
Cybersecurity News of the Week (11.11.2021). (to
the original material)
-
ClusterFuzzLite: Continuous fuzzing for all. (to
the original material)
- On the
watch for incident response capabilities in
the Health Sector. (to
the original material)
- VMware
releases security advisory. (to
the original material)
- Apple
releases security update for iCloud for
Windows 13. (to
the original material)
- New
BazarBackdoor attack discovered. (to
the original material)
-
CyberVetsUSA Pilots Nebraska Project. (to
the original material)
- CEO of
blacklisted spyware firm quits. (to
the original material)
- #BHEU: 5
Ways to approach ransomware negotiations. (to
the original material)
- #BHEU:
Can time be hacked? (to
the original material)
-
Researchers uncover prolific Hacker-for-Hire
group. (to
the original material)
- Scam PACs
(Political Action Commitees) allegedly stole
$3.5m from Trump voters. (to
the original material)
- US Firms
hit with largest ransoms globally. (to
the original material)
-
Ransomware attack hits UK Fertility Clinic. (to
the original material)
- Windows
10 App Installer abused in BazarLoader malware
attacks. (to
the original material)
- BotenaGo
botnet targets millions of IoT devices with 33
exploits. (to
the original material)
- AMD fixes
dozens of Windows 10 graphics driver security
bugs. (to
the original material)
- Hackers
undetected on Queensland water supplier server
for 9 months. (to
the original material)
- Magniber
ransomware gang now exploits Internet Explorer
flaws in attacks. (to
the original material)
- Russian
"King of Fraud" sentenced to 10 years for
Methbot scheme. (to
the original material)
- “King of
fraud” sentenced to 10 years in prison for
role in Methbot/3ve botnet. (to
the original material)
- New bill
sets ransomware attack response rules for US
financial orgs. (to
the original material)
- Gmail
accounts are used in 91% of all baiting email
attacks. (to
the original material)
- Careful:
"Smart TV remote" Android app on Google Play
is malware. (to
the original material)
- Are you
less capable of innovation or more vulnerable
to threats than you thought? (to
the original material)
- As the
holiday season approaches, threats to supply
chain, e-commerce and travel soar. (to
the original material)
- Phishing
attacks grow 31.5% over 2020, social media
attacks continue to climb. (to
the original material)
- DDoS
attacks were a more serious threat in Q3 2021
than ever before. (to
the original material)
-
Humanizing hackers: Entering the minds of
those behind the attacks. (to
the original material)
- Eliminate
cyber friction with smarter technology. (to
the original material)
- The
world’s worst kept secret and the truth behind
passwordless technology. (to
the original material)
-
Passwordless authentication: Is your company
ready to give up passwords? (to
the original material)
- When the
alarms go off: 10 key steps to take after a
data breach. (to
the original material)
- The
Sneaky Way TikTok is connecting you to
real-life friends. (to
the original material)
- Hackers
targeted Apple devices in Hong Kong for
widespread attack. (to
the original material)
- Jen
Easterly (NSA and Pentagon officer, former
director of CISA) wants hackers to help US
Cyber Defense. (to
the original material)
- The
Demise of White House Market (dark web) will
shake up the Dark Web. (to
the original material)
- The
Biggest ransomware bust yet might actually
make an impact. (to
the original material)
- Google
debuts ClusterFuzzLite security tool for CI,
CD workflows. (to
the original material)
-
BazarBackdoor now abuses Windows 10 app
feature in "call me back" attack. (to
the original material)
- EU
pharmaceutical giants run old, vulnerable apps
and fail to use encryption in login forms. (to
the original material)
- North
Korean hackers target the South's think tanks
through blog posts. (to
the original material)
- TeamTNT
Upgrades Arsenal, Refines Focus on Kubernetes
and GPU Environments. (to
the original material)
- Bad bots
on the rise: How to fight back. (to
the original material)
-
Infrastructure Security Month: Securing public
gatherings. (to
the original material)
- Threat
Source newsletter (Nov. 11, 2021). (to
the original material)
- Belgium,
GDPR Superpower, about to rule leading ad
tracking framework is illegal. (to
the original material)
10.11.2021
- News
from Cyber Security.
- Void
Balaur hackers-for-hire sell stolen mailboxes
and private data. (to
the original material)
- HPE says
hackers breached Aruba Central using stolen
access key. (to
the original material)
- FBI warns
of Iranian hackers looking to buy US orgs’
stolen data. (to
the original material)
- Telnyx is
the latest VoIP provider hit with DDoS
attacks. (to
the original material)
-
Researchers show that Apple’s CSAM scanning
can be fooled easily. (to
the original material)
- Lazarus
hackers target researchers with trojanized IDA
Pro. (to
the original material)
- Ironic
twist: WP Reset PRO bug lets hackers wipe
WordPress sites. (to
the original material)
- TrickBot
teams up with Shatak phishers for Conti
ransomware attacks. (to
the original material)
- Microsoft
patches Excel zero-day used in attacks, asks
Mac users to wait. (to
the original material)
- PhoneSpy:
Android spyware campaign targeting South
Korean users. (to
the original material)
- Noile
programe malware Android vizează utilizatorii
Netflix, Instagram și Twitter. (to
the original material)
- Invisible
characters could be hiding backdoors in your
JavaScript code. (to
the original material)
- The role
of visibility and analytics in zero trust
architectures. (to
the original material)
-
Organizations believe they are ready for
ransomware attacks. (to
the original material)
- Dependency
Combobulator: Open source toolkit to
combat dependency confusion attacks. (to
the original material)
- Most CIOs
and CISOs underestimate the risk of an OT
breach (Operational Technology). (to
the original material)
-
Vulnerabilities associated with ransomware
increased 4.5% in Q3 2021. (to
the original material)
- As the
move to the cloud accelerates, data privacy
and security remain critical. (to
the original material)
- Most
cybersecurity leaders use microsegmentation to
augment corporate network security. (to
the original material)
- Payment
card fraud trends in South Africa. (to
the original material)
- Hackers
disrupt Canadian Healthcare and steal medical
data. (to
the original material)
- Dridex
banking malware turns up in Mexico. (to
the original material)
-
Cyber-mercenary group Void Balaur has been
hacking companies for years. (to
the original material)
-
Vulnerabilities in Nucleus NET TCP/IP stack
could lead to real-world damage. (to
the original material)
- Dallas
Police surveillance footage leaked. (to
the original material)
- Anglers
redirected to Pornhub. (to
the original material)
- #BHEU:
Ransomware is The New Terrorism, contends
cyber expert. (to
the original material)
- #BHEU:
Leveraging behavioral psychology to improve
teamwork in cybersecurity. (to
the original material)
- #BHEU:
How to create a safe and democratic digital
infrastructure. (to
the original material)
- #BHEU:
Zero Trust protects against ransomware, claims
engineer. (to
the original material)
-
Microsoft: Patch Zoho bug now to stop Chinese
hackers. (to
the original material)
- Class
Action Against Google Blocked. (to
the original material)
- Over 80%
of CNI firms have been breached in past 36
months. (to
the original material)
- Europol
practices post-terror incident response. (to
the original material)
- Google
scores big win as court blocks iPhone tracking
lawsuit. (to
the original material)
- A
stalker's wishlist: PhoneSpy malware destroys
Android privacy. (to
the original material)
- Void
Balaur and the rise of the cybermercenary
industry. (to
the original material)
- November
continues streak of quiet Patch Tuesdays. (to
the original material)
- Threat
Spotlight: Bait attacks. (to
the original material)
- North
Korean attackers use malicious blogs to
deliver malware to high-profile South Korean
targets. (to
the original material)
09.11.2021
- News
from Cyber Security.
- Microsoft
releases November 2021 Security Updates. (to
the original material)
- Samba
releases security updates. (to
the original material)
- Citrix
releases security updates. (to
the original material)
- Adobe
releases security updates for multiple
products. (to
the original material)
- SAP
releases November 2021 security updates. (to
the original material)
- CISA
releases security advisory on Siemens Nucleus
Real-Time Operating Systems. (to
the original material)
- Security
researchers reveal activity targeting
ManageEngine ADSelfService Plus. (to
the original material)
- Operation
Dark HunTOR: 150 arrests and $31 million
seized in a comprehensive raid against the
dark web illegal trade. (to
the original material)
- Robinhood
data breach affects 7 million people. (to
the original material)
-
NUCLEUS:13 TCP security bugs impact critical
healthcare devices. (to
the original material)
- TeamTNT
hackers target your poorly configured Docker
servers. (to
the original material)
- Microsoft
urges Exchange admins to patch bug exploited
in the wild. (to
the original material)
- Microsoft
November 2021 Patch Tuesday fixes 6 zero-days,
55 flaws. (to
the original material)
- Iranian
state hackers use upgraded malware in attacks
on ISPs, telcos. (to
the original material)
- Tor
Browser 11 removes V2 Onion URL support, adds
new UI. (to
the original material)
- Clop gang
exploiting SolarWinds Serv-U flaw in
ransomware attacks. (to
the original material)
- Medatixx,
medical software firm urges password resets
after ransomware attack. (to
the original material)
-
Micro-Segmentation used by 83% of
cybersecurity leaders. (to
the original material)
- 81% of
organizations experienced increased
cyber-threats during Covid-19. (to
the original material)
- Euro
Police arrest two more REvil affiliates as US
issues sanctions. (to
the original material)
- Robinhood
data breach hits seven million customers. (to
the original material)
- US to
charge suspects over Kaseya ransomware attack.
(to
the original material)
- Why are
we still asking KBA (Knowledge-Based
Authentication) questions to authenticate
identity? (to
the original material)
- API
sprawl: A threat you might want to address
later, but you can’t ignore it. (to
the original material)
- EU
Commission takes on challenge to improve the
cybersecurity of wireless devices. (to
the original material)
- Banking
malware threats are increasing sharply. (to
the original material)
- Retail
industry security incidents soaring, worsened
by the supply chain crisis. (to
the original material)
- Cloud
adoption growing steadily, but cost and
regulatory challenges remain. (to
the original material)
- Test your
CCSP (Certified Cloud Security Professional)
knowledge with interactive flash cards. (to
the original material)
- The cyber
insurance dilemma: The risks of a safety net.
(to
the original material)
- US
Treasury blacklists Cryptocurrency Exchange
Chatex. (to
the original material)
- US
Treasury sanctions crypto-exchange Chatex for
links to ransomware payments. (to
the original material)
- Lab owner
charged in $100 Million Healthcare fraud case.
(to
the original material)
- Hive
threat group attacks MediaMarktSaturn, demands
ransom. (to
the original material)
-
Ransomware actors may have a new broker on the
block. (to
the original material)
-
Ransomware tracker: the latest figures
[November 2022]. (to
the original material)
- Europol:
Seven REvil/GandCrab ransomware affiliates
were arrested in 2021. (to
the original material)
- Meet
Lyceum: Iranian hackers targeting telecoms,
ISPs. (to
the original material)
-
Compromised Docker Hub accounts abused for
cryptomining linked to TeamTNT. (to
the original material)
- Microsoft
Patch Tuesday for Nov. 2021 - Snort rules and
prominent vulnerabilities. (to
the original material)
- Cisco
Talos finds 10 vulnerabilities in Azure
Sphere’s Linux kernel, Security Monitor and
Pluton. (to
the original material)
08.11.2021
- News
from Cyber Security.
-
Vulnerability summary for the Week of November
1, 2021. (to
the original material)
- Google
eliminates a zero-day Android bug, exploited
in targeted attacks. (to
the original material)
-
Passwordless authentication: Is your company
ready to move beyond passwords? (to
the original material)
- U.S.
offers $10 million reward for leaders of REvil
ransomware. (to
the original material)
- US seizes
$6 million from REvil ransomware, arrest
Kaseya hacker. (to
the original material)
- US to
charge suspects over Kaseya ransomware attack.
(to
the original material)
- US
arrests and charges Ukrainian man for Kaseya
ransomware attack. (to
the original material)
- REvil
ransomware affiliates arrested in Romania and
Kuwait. (to
the original material)
- Sitecore
XP RCE flaw patched last month now actively
exploited. (to
the original material)
- Criminal
group dismantled after forcing victims to be
money mules. (to
the original material)
- Robinhood
discloses data breach impacting 7 million
customers. (to
the original material)
- Robinhood
data breach hits seven million sustomers. (to
the original material)
- US
sanctions Chatex cryptoexchange used by
ransomware gangs. (to
the original material)
- Why
integrating SIEM tools (Security Information
and Event Management) is crucial to managing
threats. (to
the original material)
- Unseen
gatekeepers: Industrial software providers’
role securing global infrastructure. (to
the original material)
- How do I
select a DRaaS
(Disaster-Recovery-as-a-Service) solution for
my business? (to
the original material)
- 80% of
organizations experienced employees misusing
and abusing access to business apps. (to
the original material)
- Mobile
phishing exposure in the energy industry
surged 161% in 2021. (to
the original material)
- Younger
generations care little about cybersecurity. (to
the original material)
- Security
teams need to become more proactive and
risk-driven. (to
the original material)
- November
2021 Patch Tuesday forecast: More mandates in
the United States. (to
the original material)
-
MediaMarkt hit by Hive ransomware, initial
$240 million ransom. (to
the original material)
- Google
will kill Chrome sync support on Chrome 48 and
earlier. (to
the original material)
- State
hackers breach defense, energy, healthcare
orgs worldwide. (to
the original material)
- $55M
stolen from crypto company starting with a
phishing mail. (to
the original material)
- Passport
scammers spoof Texas HSI (Homeland Security
Investigations). (to
the original material)
- UK cyber
skills shortage rises by over a third. (to
the original material)
- Insurers
tap cyber “opportunity” as rates continue to
rise. (to
the original material)
- Chinese
spy faces decades in jail after conviction. (to
the original material)
- Interpol
hunts for remaining Clop ransomware members. (to
the original material)
-
Infrastructure bill features $1.9 billion in
cyber funding. (to
the original material)
- Black
Shadow group leaks Israeli patient records,
data. (to
the original material)
- Secure
the changing risk landscape from BEC, other
threats. (to
the original material)
- REvil
ransomware suspects snared in global Police
crackdown. (to
the original material)
- NSA
Reports: Espionage group breaches critical
systems. (to
the original material)
-
Navigating a digital transformation project. (to
the original material)
-
Cybersecurity firms provide threat intel for
Clop ransomware group arrests. (to
the original material)
-
Discovering the exploitable security gaps in
remote work spaces. (to
the original material)
- U.S.
brings more pressure to bear on cybercriminal
gangs. (to
the original material)
07.11.2021
- News
from Cyber Security.
- Operation
Cyclone deals blow to Clop ransomware
operation. (to
the original material)
- Law
enforcement operation targets Clop ransomware.
(to
the original material)
- Week in
review: CVE + MITRE ATT&CK methodology,
new issue of (IN)Secure Magazine. (to
the original material)
- Two NPM
Packages with 22 million weekly downloads
found backdoored. (to
the original material)
06.11.2021
- News
from Cyber Security.
- Samsung
sued for flawed Chromebook hinges cracking
displays. (to
the original material)
-
Digitizing and securing Norway's railway
network. (to
the original material)
- Hacker
steals $55 million from bZx DeFi platform. (to
the original material)
05.11.2021
- News
from Cyber Security.
-
Fragmented approach to identity security
management creates risk. (to
the original material)
- Blocked
DDoS events up 75% in the first nine months of
2021. (to
the original material)
- Tens of
thousands unpatched GitLab servers under
attack via CVE-2021-22205. (to
the original material)
- Feds post
$10 million reward for DarkSide ransomware
actors. (to
the original material)
- US DOJ:
Continue to expect arrests, ransom payment
seizures. (to
the original material)
- EHR
Vendors' disclosures are latest security risk
reminders. (to
the original material)
- ISMG
Editors: CISA to Protect Critical
Infrastructure. (to
the original material)
- Deter
Cybercriminals: Declare a clear response to
attacks. (to
the original material)
- US Offers
$10m reward to unmask DarkSide leaders. (to
the original material)
- New
infosec products of the week: November 5,
2021. (to
the original material)
- Software
development: Why security and constant
vigilance are everyone’s responsibilities. (to
the original material)
- 77% of
rootkits are used for espionage purposes. (to
the original material)
-
Organizations seldom prioritize cybersecurity
over business outcomes. (to
the original material)
- The Week
in Ransomware - November 5th 2021 - Placing
bounties. (to
the original material)
- Pwn2Own:
Printer plays AC/DC, Samsung Galaxy S21 hacked
twice. (to
the original material)
- FBI:
Ransomware gangs hit several tribal-owned
casinos in the last year. (to
the original material)
- Philips
healthcare infomatics solution vulnerable to
SQL injection. (to
the original material)
- US
defense contractor Electronic Warfare hit by
data breach. (to
the original material)
- FBI warns
of increased use of cryptocurrency ATMs, QR
codes for fraud. (to
the original material)
- Mozilla
Thunderbird 91.3 released to fix high impact
flaws. (to
the original material)
- DoD
(Department of Defence) licenses data Carver
(SC3 Advanced Carver). (to
the original material)
-
Ransomware attack on Lab in Florida who expose
over 30,000 data patients. (to
the original material)
- One in
three workers monitored by their employers. (to
the original material)
-
#SecTorCa: Cyber Expert Wendy Nather Unmasks
"Scary Bits" of Infosec in 2021. (to
the original material)
- ONS
(Office of National Statistics UK) reports
huge spike in cybercrime and fraud during
Covid-19. (to
the original material)
- Facial
Recognition Firm could be ordered to "close"
in UK, warn experts. (to
the original material)
- Ukraine
unmasks Armageddon Group as FSB officers. (to
the original material)
- Week in
security with Tony Anscombe. (to
the original material)
- SSL
certificate research highlights pitfalls for
company data, competition. (to
the original material)
- This Week
in Security News - November 5th, 2021. (to
the original material)
- A Review
and analysis of 2021 Buer Loader campaigns. (to
the original material)
- Threat
Roundup for October 29 to November 5. (to
the original material)
04.11.2021
- News
from Cyber Security.
- BrakTooth
Proof of Concept Tool demonstrates Bluetooth
vulnerabilities. (to
the original material)
- Cisco
releases security updates for multiple products.
(to
the original material)
-
Cybersecurity News of the Week (04.11.2021). (to
the original material)
- US targets
DarkSide ransomware and its rebrands with $10
million reward. (to
the original material)
- CISA urges
vendors to patch BrakTooth bugs after exploits
release. (to
the original material)
- Phishing
emails deliver spooky zombie-themed MirCop
ransomware. (to
the original material)
- Popular
"coa" NPM library hijacked to steal user
passwords. (to
the original material)
- Cisco fixes
hard-coded credentials and default SSH key
issues. (to
the original material)
- Microsoft
Exchange ProxyShell exploits used to deploy
Babuk ransomware. (to
the original material)
- Samsung
Galaxy S21 hacked on second day of Pwn2Own
Austin. (to
the original material)
- Ukraine
links members of Gamaredon hacker group to
Russian FSB (Russian Federal Security Service).
(to
the original material)
- Crypto
investors lose $500,000 to Google Ads pushing
fake wallets. (to
the original material)
- Lockean
multi-ransomware affiliates linked to attacks on
French orgs. (to
the original material)
- Lean
security: How small cybersecurity teams perform
at Fortune 2000 levels. (to
the original material)
- How to ease
password pains while maintaining security. (to
the original material)
- Top 10 ways
attackers are increasing pressure on their
ransomware victims to pay. (to
the original material)
- Surge in
cyber attacks confirms the need for zero trust
security. (to
the original material)
-
Organizations can save $1.9 million using
workforce passwordless authentication. (to
the original material)
- Ten CIO
agenda predictions that will impact IT pros by
2026. (to
the original material)
- The
ultimate SaaS Security Posture Management (SSPM)
checklist. (to
the original material)
- Threat
actor claims "Groove" ransomware gang was hoax.
(to
the original material)
- Iranian
hacking group leaks patient and LGBTQ info. (to
the original material)
- NSO Group
blacklisted by US for trade in spyware. (to
the original material)
- Canadian
hacker (Bowser, aka GaryOPA) to pay Nintendo
$4.5M restitution. (to
the original material)
- US indicts
Brit over SIM swap crypto theft. (to
the original material)
- Amazon
spoofed in new attack. (to
the original material)
- Consumers
warned about rise in call center threats. (to
the original material)
- A recipe
for failure: weak passwords, easy to guess. (to
the original material)
- Google
squashes Android zero‑day bug exploited in
targeted attacks. (to
the original material)
- US Commerce
Department blacklists Israeli spyware firms. (to
the original material)
- Tackling
growing pandemic cyberthreats in healthcare. (to
the original material)
- US offers
$10 million reward for info on Darkside
ransomware group. (to
the original material)
- PRC says
FCC decision to pull China Telecom license was
"based on suspicion," not facts. (to
the original material)
- GitLab
servers are being exploited in DDoS attacks in
excess of 1 Tbps. (to
the original material)
- US indicts
UK resident "PlugwalkJoe" for cryptocurrency
theft. (to
the original material)
- Remote code
execution flaw patched in Linux Kernel TIPC
module. (to
the original material)
-
Ctrl+Alt+Truth. Welcome to the future of
cybercrime. (to
the original material)
- Don’t pay
the ransom: A three-step guide to ransomware
protection. (to
the original material)
- Build in
security and resilience with Infrastructure
Security Month. (to
the original material)
- Hardcoded
SSH Key in Cisco Policy Suite lets remote
hackers gain root access. (to
the original material)
- Critical
RCE Vulnerability reported in Linux kernel's
TIPC module. (to
the original material)
- New "Trojan
Source" technique lets hackers hide
vulnerabilities in source code. (to
the original material)
- Threat
Source newsletter (Nov. 4, 2021). (to
the original material)
- The
features all Incident Response Plans need to
have. (to
the original material)
- “Complexity
is Fraud”: Why we must drop micro-targeted ads
to help publishers and to protect online
privacy. (to
the original material)
03.11.2021
- News
from Cyber Security.
- FBI
releases PIN (Private Industry Notification)
on attacks using significant financial events
for extortion. (to
the original material)
- Mozilla
releases security updates for Firefox, Firefox
ESR, and Thunderbird. (to
the original material)
- CISA
issues BOD 22-01: Reducing the significant
risk of known exploited vulnerabilities. (to
the original material)
- Alleged
Twitter hacker charged with theft of $784K in
crypto via SIM swaps. (to
the original material)
- Beware:
Free Discord Nitro phishing targets Steam
gamers. (to
the original material)
- UK Labour
Party discloses data breach after ransomware
attack. (to
the original material)
-
BlackMatter ransomware moves victims to
LockBit after shutdown. (to
the original material)
-
Stealthier version of Mekotio banking trojan
spotted in the wild. (to
the original material)
- US
sanctions NSO Group and three others for
spyware and exploit sales. (to
the original material)
- Mobile
phishing attacks targeting energy sector surge
by 161%. (to
the original material)
- Sonos,
HP, and Canon devices hacked at Pwn2Own Austin
2021. (to
the original material)
- CISA
orders federal agencies to fix hundreds of
exploited security flaws. (to
the original material)
- CISA
orders Federal Agencies to patch flaws. (to
the original material)
-
BlackMatter ransomware claims to be shutting
down due to police pressure. (to
the original material)
- Nessus 10
is out, with Raspberry Pi support. (to
the original material)
- A
ransomware reality check for CISOs. (to
the original material)
Rooting
malware discovered on Google Play, Samsung
Galaxy Store- . (to
the original material)
- Proven
third-party risk management strategies. (to
the original material)
- Mapping
ATT&CK techniques to CVEs should make risk
assessment easier. (to
the original material)
- How the
rise in identity crimes and cyberattacks
impacts small businesses. (to
the original material)
-
Ransomware attacks increased 148% in Q3 2021,
showing no sign of slowing. (to
the original material)
- While
businesses are ramping up their risk
mitigation efforts, they could be doing more.
(to
the original material)
- Only 2%
of IT practitioners are confident in their
organization’s ability to reduce API security
issues. (to
the original material)
-
#SecTorCa: Jeff Moss defines the role of
hacking. (to
the original material)
- 4 Reasons
why companies fail to fix cloud
misconfigurations. (to
the original material)
-
Cybersecurity, GRC and Auditing Intelligent
Systems. (to
the original material)
-
Classification Breakdown: Match your data to
its destruction method. (to
the original material)
- Holiday
shopping disruption Beckons as retail bot
attacks surge 13%. (to
the original material)
- SLC
(Student Loans Company) dismissals highlight
insider risk. (to
the original material)
- ICO
(Information Commissioner's Office) collects
just 26% of value of fines since 2020. (to
the original material)
- What is
hidden in the shadows? How to manage shadow IT
security risks. (to
the original material)
- Win one
for privacy – Swiss providers don’t have to
talk. (to
the original material)
- What’s it
like to work as a malware researcher? 10
questions answered. (to
the original material)
- CISA
Directs Federal Agencies to patch known
vulnerabilities. (to
the original material)
-
Manufacturing IoT Security: "Where Do We
Start?" (to
the original material)
- Facebook
shuts down facial recognition feature. (to
the original material)
-
Ransomware incidents among largest breaches on
federal tally. (to
the original material)
- FBI Warns
of Ransomware Actors Leveraging M&A Data
(Mergers & Acquisitions). (to
the original material)
-
BlackMatter claims to shut ops; Experts
suspect rebranding. (to
the original material)
-
CERT-France: Lockean ransomware group behind
attacks on French companies. (to
the original material)
- "Too
early to tell" if Russia has cracked down on
ransomware gangs, Nakasone says. (to
the original material)
-
BlackMatter ransomware says its shutting down
due to pressure from local authorities. (to
the original material)
- Almost
half of rootkits are used for cyberattacks
against government organizations. (to
the original material)
- Medical
school exposes personal data of thousands of
students. (to
the original material)
- Arrests
were made, but the Mekotio Trojan lives on. (to
the original material)
- Microsoft
Exchange vulnerabilities exploited once again
for ransomware, this time with Babuk. (to
the original material)
02.11.2021
- News
from Cyber Security.
- 80% of
organizations plan to increase spending on
cybersecurity posture management. (to
the original material)
- Top ten
worldwide IT industry predictions for 2022 and
beyond. (to
the original material)
- Facebook to
delete 1 billion faceprints in Face Recognition
shutdown. (to
the original material)
- Over 30,000
GitLab servers still unpatched against critical
bug. (to
the original material)
- Microsoft
announces new endpoint security solution for
SMBs. (to
the original material)
- Microsoft
Edge for Linux out of beta, now generally
available. (to
the original material)
- MITRE
shares list of most dangerous hardware
weaknesses. (to
the original material)
- FBI:
Ransomware targets companies during mergers and
acquisitions. (to
the original material)
- FBI says
ransomware gangs are using future merger and
acquisition info to pressure victims. (to
the original material)
- Android
November patch fixes actively exploited kernel
bug. (to
the original material)
- Cybersecurity threat
landscape growing in sophistication, complexity and
impact. (to
the original material)
- 40% of organizations
suffered a cloud-based data breach in the past 12
months. (to
the original material)
- Annual Cost of Child
Identity Fraud Almost $1Bn. (to
the original material)
- FTC Updates
Safeguards Rule. (to
the original material)
- #WebSummit2021:
Thierry Henry launches platform to tackle online
bullying. (to
the original material)
- US Treasury
Department says stablecoins must be regulated. (to
the original material)
- 7 Trends: How
ransomware operations continue to evolve. (to
the original material)
- California Clinic
Network cyber incident affects 656,000. (to
the original material)
- New cybersecurity
norms for wireless device makers in EU. (to
the original material)
- "Destructive"
cyberattack hits National Bank of Pakistan. (to
the original material)
- Squid Game
cryptocurrency creators pull the rug from under
investors, steal millions. (to
the original material)
- Cybercriminals sell
access to international shipping, logistics giants. (to
the original material)
- Does home IoT
compromise enterprise security? (to
the original material)
- Deploy layered
security with Azure GWLB & Trend Micro. (to
the original material)
- Building a
security-first culture this Cybersecurity Awareness
Month. (to
the original material)
- Google warns of new
Android zero-day vulnerability under active targeted
attacks. (to
the original material)
- Alert! Hackers
exploiting GitLab unauthenticated RCE flaw in the
wild. (to
the original material)
- Critical flaws
uncovered in Pentaho Business Analytics Software. (to
the original material)
- Google to pay
hackers $31,337 for exploiting patched Linux Kernel
flaws. (to
the original material)
01.11.2021
- News
from Cyber Security.
-
Vulnerability Summary for the Week of October
25, 2021. (to
the original material)
- CISA
begins program to identify critical
infrastructure. (to
the original material)
- Trick
& Treat! Paying Leets and Sweets for Linux
Kernel privescs and k8s escapes. (to
the original material)
- "Trojan
Source" attack method can hide bugs into
open-source code. (to
the original material)
- Trojan
Source: Invisible vulnerabilities in most
code. (to
the original material)
- Microsoft
Defender for Windows is getting a massive
overhaul. (to
the original material)
- Canadian
province Newfoundland and Labrador health care
system disrupted by cyberattack. (to
the original material)
-
Kaspersky's stolen Amazon SES token used in
Office 365 phishing. (to
the original material)
- Signal
now lets you report and block spam messages. (to
the original material)
-
BlackShadow hackers breach Israeli hosting
firm and extort customers. (to
the original material)
- FBI:
HelloKitty ransomware adds DDoS attacks to
extortion tactics. (to
the original material)
- Stand up
your SOC with Crystal Eye XDR: Lift your
security monitoring and incident response
maturity. (to
the original material)
- Financial
services need to prioritize API security to
protect their customers. (to
the original material)
-
Cybersecurity can drive business
transformation instead of holding it back. (to
the original material)
- Avoiding
the costly ESU cycle (Extended Security
Update): Lessons learned from Windows 7
end-of-life. (to
the original material)
- Infosec
products of the month: October 2021. (to
the original material)
-
Cyber-Incident at South Carolina School
District. (to
the original material)
-
California Health Network reports data breach.
(to
the original material)
- Venmo
(mobile payment service) to reimburse hacking
victims after hack of Bank of America. (to
the original material)
-
BlackMatter: New data exfiltration tool used
in attacks. (to
the original material)
-
BlackMatter Group speeds up data theft with
new tool. (to
the original material)
- Conti
Group leak celebs' data after ransom attack on
Jeweller (Graff UK). (to
the original material)
-
Celebrities' data dumped on darknet site after
hack. (to
the original material)
- Euro
Police swoop on 12 suspected ransomware gang
members. (to
the original material)
-
Cybercriminals target newbie bad actors with
phishing sites. (to
the original material)
- Reduce
security risk of Healthcare Legacy Systems,
devices. (to
the original material)
- India’s
National Cybersecurity Strategy awaiting
approval. (to
the original material)
-
Ransomware Evolves: Affiliates set to Wield
Greater Power. (to
the original material)
- N-Day
Vulnerabilities: The Critical importance of
patching. (to
the original material)
- Changing
employee mindsets during digital
transformation. (to
the original material)
-
Ransomware attack disrupts Toronto’s public
transportation system (Canada). (to
the original material)
- Critical
flaws uncovered in Pentaho Business Analytics
Software. (to
the original material)
- Securing
SaaS Apps (Security-as-a-Service) - CASB
(Cloud Access Security Broker) versus SSPM
(SaaS Security Posture Management). (to
the original material)
- New
"Trojan Source" technique lets hackers hide
vulnerabilities in source code. (to
the original material)
-
Researchers uncover "Pink" botnet malware that
infected over 1.6 million devices. (to
the original material)
- Developer
community rallies to secure open source
software. (to
the original material)
Archive:
Click here to access CMS (Content Management System) in Joomla.
Source:
Note Dorin M.
This site has a double
form, one in HTML and one in Joomla (if you are interested
in the utility behind this effort you can read the "Why
a HTML and a CMS (Joomla)" page).
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
Dorin M - November 30, 2021