Study - Technical
- LMS-SFC (EN) - Cyber
Security - News
Archive October 2021
Cyber Security - News Archive
October 2021
31.10.2021
- News
from Cyber Security.
- Week in
review: Popular npm package hijacked, zero
trust security key tenets, wildcard
certificate risks. (to
the original material)
- Microsoft
warns of rise in password sprays targeting
cloud accounts. (to
the original material)
30.10.2021
- News
from Cyber Security.
- Chaos
ransomware targets gamers via fake Minecraft
alt lists. (to
the original material)
-
Multinational Police Force arrests 12
suspected hackers. (to
the original material)
29.10.2021
- News
from Cyber Security.
- Google
releases security updates for Chrome. (to
the original material)
- GoCD
Authentication Vulnerability. (to
the original material)
- The Week in
Ransomware - October 29th 2021 - Making arrests.
(to
the original material)
- Snake
malware biting hard on 50 apps for only $25. (to
the original material)
- Hive
ransomware now encrypts Linux and FreeBSD
systems. (to
the original material)
- Despite
large investments in security tools,
organizations are not confident they can stop
data exfiltration. (to
the original material)
-
Unauthorized account openings increased by 21%
in the last 12 months. (to
the original material)
- Employers
must balance productivity and collaboration
tools with security. (to
the original material)
- How do I
select an SD-WAN solution for my business? (to
the original material)
-
Safeguarding the B2B sharing economy. (to
the original material)
- Apple fixes
security feature bypass in macOS
(CVE-2021-30892). (to
the original material)
- New infosec
products of the week: October 29, 2021. (to
the original material)
- Three OT
security lessons learned from 2021’s biggest
cyber incidents. (to
the original material)
- DoJ: Pirated sports streamer hacked accounts, extorted MLB. (to the original material)
-
Minnesotan charged with hacking Pro Sports
Leagues. (to
the original material)
- Man
charged with hacking MLB, NBA, NFL, and NHL
user accounts to stream games. (to
the original material)
-
Microsoft: Windows web content filtering now
generally available. (to
the original material)
- Google
Chromebooks failing to enroll due to network
issue. (to
the original material)
- FBI
raids Chinese Payment-Terminal Company. (to
the original material)
- Police
arrest hackers behind over 1,800 ransomware
attacks. (to
the original material)
- Europol
detains suspects behind LockerGoga,
MegaCortex, and Dharma ransomware attacks. (to
the original material)
-
Forrester predicts mass cybersecurity brain
drain. (to
the original material)
-
Misconfigured database leaks 880 million
medical records. (to
the original material)
- Data
breach at University of Colorado. (to
the original material)
- Cops
receive Stalkerware training. (to
the original material)
-
Microsoft to tap community Colleges’ cyber
talent. (to
the original material)
-
Suspected Trickbot malware developer faces 60
years in jail. (to
the original material)
- Week in
security with Tony Anscombe. (to
the original material)
- Keeping
the US Dollar on top as cryptocurrency rises.
(to
the original material)
-
Enterprise backups are becoming targets for
cybercriminals. (to
the original material)
- ISMG
Editors' Panel: Solving the ransomware problem
together. (to
the original material)
-
Microsoft launches cybersecurity recruitment
campaign. (to
the original material)
-
Ransomware gangs are not infallible. (to
the original material)
- Will 5G
technology increase mobile security? (to
the original material)
28.10.2021
- News
from Cyber Security.
-
Cybersecurity News of the Week (28.10.2021). (to
the original material)
- Apple has
released security updates for several products.
(to
the original material)
- NSA-CISA
Series on securing 5G Cloud Infrastructures. (to
the original material)
- Cisco
releases security updates for multiple products.
(to
the original material)
- ISC
releases security advisory for BIND. (to
the original material)
- 2021 CWE
most important hardware weaknesses. (to
the original material)
- Protecting
your device information with Private Set
Membership. (to
the original material)
- TrickBot
malware dev extradited to U.S. faces 60 years in
prison. (to
the original material)
- Emergency
Google Chrome update fixes zero-days used in
attacks. (to
the original material)
- All Windows
versions impacted by new LPE zero-day
vulnerability. (to
the original material)
- NSA and
CISA share guidance on securing 5G cloud
infrastructure. (to
the original material)
- Microsoft:
Shrootless bug lets hackers install macOS
rootkits. (to
the original material)
- Android
spyware spreading as antivirus software in
Japan. (to
the original material)
- WordPress
plugin (OptinMonster)
bug impacts 1M sites, allows malicious
redirects. (to
the original material)
- New
AbstractEmu malware roots Android devices,
evades detection. (to
the original material)
- Ransomware
gangs use SEO poisoning to infect visitors. (to
the original material)
- German
investigators identify REvil ransomware gang
core member. (to
the original material)
- EU
investigating leak of private key used to forge
Covid passes. (to
the original material)
- MVSP
(Minimum Viable Secure Product): A minimum
cybersecurity baseline to simplify vendor
security assessment. (to
the original material)
- Regulation
fatigue: A challenge to shift processes left. (to
the original material)
- API attacks
are both underdetected and underreported. (to
the original material)
- Is
offensive testing the way for enterprises to
finally be ahead of adversaries? (to
the original material)
- Top
cybersecurity threats enterprises will face in
2022. (to
the original material)
- Despite
increased cyber threats, many organizations have
no defense plans in place. (to
the original material)
- How to
automate configuration review. (to
the original material)
- The CISO’s
guide to third-party security management. (to
the original material)
- Sensitive
data of 400,000 German students exposed by API
flaw. (to
the original material)
- Shadow IT
Alert: Half of Home Workers Buy Potentially
Insecure Kit. (to
the original material)
- Ransomware
Soars 148% to Record-Breaking Levels in 2021. (to
the original material)
- Small
Businesses Pay Up to $1M to Recover from
Breaches. (to
the original material)
- 5 safety
tips for parents on this Halloween. (to
the original material)
- Don't let
cyber monsters ruin your Halloween. (to
the original material)
- Industry
group warns of coordinated DDoS extortion
campaign against VoIP providers. (to
the original material)
- Your
questions answered: Defeating modern ransomware.
(to
the original material)
- 5 Really
wrong myths about US-Based VPNs [Digital
Privacy]. (to
the original material)
27.10.2021
- News
from Cyber Security.
- The
National Directorate of Cyber Security and
Isaca Romania launch the book "Keep your
Information System Safe (KISS)". (to
the original material)
- ENISA
Threat Landscape 2021. (to
the original material)
- Pixel 6:
Setting a new standard for mobile security. (to
the original material)
- Launching a
collaborative minimum security baseline. (to
the original material)
- Dark
HunTOR: 150 arrested, $31 million seized in
major dark web bust. (to
the original material)
- Wslink:
Unique and undocumented malicious loader that
runs as a server. (to
the original material)
- Four key
tenets of zero trust security. (to
the original material)
- The
fast-expanding world of online proctoring: What
cybersecurity industry leaders must know. (to
the original material)
- How to
close the cybersecurity workforce gap. (to
the original material)
- The dangers
behind wildcard certificates: What enterprises
need to know. (to
the original material)
-
Organizations making security trade-offs in the
push to innovate. (to
the original material)
- Manual
tasks still a barrier to accelerating innovation
through DevOps. (to
the original material)
- NRA
(National Rifle Association): No comment on
Russian ransomware gang attack claims. (to
the original material)
- Ransomware
gang claims attack on NRA. (to
the original material)
- Android
spyware apps target Israel in three-year-long
campaign. (to
the original material)
- Free
decryptor released for Atom Silo and LockFile
ransomware. (to
the original material)
- Twitter
employees required to use security keys after
2020 hack. (to
the original material)
- Hackers
arrested for ‘infiltrating’ Ukraine’s health
database. (to
the original material)
- Babuk
ransomware decryptor released to recover files
for free. (to
the original material)
- US bans
China Telecom Americas over national security
risks. (to
the original material)
- Malicious
NPM libraries install ransomware, password
stealer. (to
the original material)
- FBI
releases indicators of compromise associated
with Ranzy Locker ransomware. (to
the original material)
- Adobe
releases security updates for multiple products.
(to
the original material)
- Apple
releases security updates for multiple products.
(to
the original material)
- US launches
appeal against Assange extradition decision. (to
the original material)
- India’s
Supreme Court Orders Pegasus Probe. (to
the original material)
- The Twitch
platform has been compromised by hackers, what
does that mean? (to
the original material)
- Another
zero-day threat identified in iOS 15. Apple
launches an emergency patch. (to
the original material)
-
Bitdefender: Six out of 10 individual users
faced cyber threat in 2021, according to new
Bitdefender study. (to
the original material)
- Hackers
steal $130 million from Cream Finance; the
company’s 3rd hack this year. (to
the original material)
- Free
decrypters released for AtomSilo, Babuk, and
LockFile ransomware strains. (to
the original material)
- How will
farms and food producers protect themselves from
the next cyberattack?. (to
the original material)
- Workers
sent home after ransomware attack on major
automotive parts manufacturer. (to
the original material)
- The QBR as
an MSP security sales tool. (to
the original material)
- Top
security experts warn: Client-side scanning
“Tears at the Heart of Privacy of Individual
Citizens”. (to
the original material)
26.10.2021
- News
from Cyber Security.
- Putting
cybersecurity first: Why secure‑by‑design must
be the norm. (to
the original material)
- Iranian gas
station NIOPDC (National Iranian Oil Products
Distribution Company) out of service after
distribution network hacked. (to
the original material)
- Spammers
use Squirrelwaffle malware to drop Cobalt
Strike. (to
the original material)
- Brutal
WordPress plugin (Hashthemes
Demo) bug allows
subscribers to wipe sites. (to
the original material)
- North
Korean state hackers start targeting the IT
supply chain. (to
the original material)
- Researcher
cracked 70% of WiFi networks sampled in Tel
Aviv. (to
the original material)
- Police
arrest 150 dark web vendors of illegal drugs and
guns. (to
the original material)
- 150
arrested over Darknet drug trafficking. (to
the original material)
- Money
launderers for Russian hacking groups arrested
in Ukraine. (to
the original material)
- Ukrainian
police detain gang who laundered funds for
Russian hacking groups. (to
the original material)
- FBI: Ranzy
Locker ransomware hit at least 30 US companies
this year. (to
the original material)
- Australia
drafts Online Privacy Bill to bolster data
security. (to
the original material)
- State
Department to form Cyber Bureau. (to
the original material)
- Study
Coordinator Falsified Clinical Trial Data. (to
the original material)
- Almost all
US organizations experienced a cyber event in
the past year. (to
the original material)
- Global
Security Skills Shortage Falls to 2.7 Million
Workers. (to
the original material)
- GCHQ (UK)
Boss: Ransomware has doubled in a year. (to
the original material)
- BEC costs
UK firms £140M over past year. (to
the original material)
- Popular npm
package hijacked, modified to deliver
cryptominers. (to
the original material)
- The first
step to being cybersmart: Just start somewhere.
(to
the original material)
- Navigating
ethics in AI (Artificial
Intelligence) today to avoid regrets tomorrow. (to
the original material)
- Executives’
top concern in Q3 2021? New ransomware models. (to
the original material)
- Increased
risk tolerances are making digital
transformation programs vulnerable. (to
the original material)
- Biometrics
emerging as the preferred identity verification
option for digital consumers. (to
the original material)
- 72% of
organizations hit by DNS attacks in the past
year. (to
the original material)
- When it
comes to collaboration tools, firms struggle to
keep up with security and compliance. (to
the original material)
- New
Quishing Campaign Shows How Threat Actors
Innovate to Bypass Security. (to
the original material)
- Update your
devices to keep up with cyber threats, advises
Chameleon Updates! (to
the original material)
- An
interview with LockBit: The risk of being hacked
ourselves is always present. (to
the original material)
- FCC revokes
license for China Telecom Americas amid national
security concerns. (to
the original material)
- Authorities
arrest 150 suspects who sold illegal goods on
the dark web. (to
the original material)
- Are you
putting cybersecurity first? 7 questions you
should be asking. (to
the original material)
25.10.2021
- News
from Cyber Security.
- 25th
October – Threat Intelligence Report. (to
the original material)
-
Vulnerability Summary for the Week of October
18, 2021. (to
the original material)
- NOBELIUM
attacks on cloud services and other
technologies. (to
the original material)
-
CoinMarketCap: No breach despite 3.1M email
address leak. (to
the original material)
- Network and
IoT security in a zero trust security model. (to
the original material)
- How to
implement secure configurations more quickly. (to
the original material)
- Why
cybersecurity leaders should focus on spending,
people and technology (in that order). (to
the original material)
- Despite
spending millions on bot mitigation, 64% of
organizations lost revenue due to bot attacks. (to
the original material)
- Ransomware:
How bad is it going to get? (to
the original material)
- Security
leaders facing challenges in managing and
securing distributed work environments. (to
the original material)
- Data
engineers burnout overwhelming, a wake-up call
to organizations. (to
the original material)
- Mozilla
blocks malicious add-ons installed by 455K
Firefox users. (to
the original material)
- Millions of
Android users targeted in subscription fraud
campaign. (to
the original material)
- Microsoft
Defender ATP adds live response for Linux and
macOS. (to
the original material)
- Hackers
used billing software zero-day to deploy
ransomware. (to
the original material)
- CISA urges
admins to patch critical Discourse code
execution bug. (to
the original material)
- Microsoft:
Russian SVR hacked at least 14 IT supply chain
firms since May. (to
the original material)
-
DiploFoundation develops simulated cyber-attack
game. (to
the original material)
- Nominations
sought for Global Cyber Awards. (to
the original material)
- Anglo
American launches cybersecurity apprenticeships.
(to
the original material)
- Countries
ranked according to online risks. (to
the original material)
-
Cyber-Attacks on House of Commons (UK) soar by
358% in 2021. (to
the original material)
- BlackMatter
Bug Saved Victims Millions in Ransom Payments. (to
the original material)
- Tesco app
and website back online after cyber incident. (to
the original material)
- SolarWinds
hackers are going after cloud, managed and IT
service providers. (to
the original material)
- Week in
review: MITRE ATT&CK v10 released, BEC
scammers’ latest tricks, WFH security tactics. (to
the original material)
- Ransomware
gangs are abusing a zero-day in EntroLink VPN
appliances. (to
the original material)
- Hackers use
SQL injection bug in BillQuick billing app to
deploy ransomware. (to
the original material)
- Time to
start upgrading cryptography schemes. (to
the original material)
- European
Parliament calls for bans on AI-based biometric
recognition in public spaces, predictive
policing, and social scoring. (to
the original material)
- Hacking the
World – Part 4: The Cost and Future of Hacking
(Plus: Safety Tips). (to
the original material)
24.10.2021
- News
from Cyber Security.
- Critical
RCE Vulnerability in Discourse . (to
the original material)
- BlackMatter
ransomware victims quietly helped using secret
decryptor. (to
the original material)
- Microsoft
365 will get support for custom ARC
configurations. (to
the original material)
- Microsoft
most imitated brand for phishing attacks:
Report. (to
the original material)
- Telecom
sector comes under attack as new APT groups
emerge. (to
the original material)
- Ransomware
gangs earned $590 million in H1 2021. (to
the original material)
- SmashEx
attack reaches most secure areas of Intel CPUs
to steal data. (to
the original material)
- Phishing
campaign targeting high-profile YouTubers
unmasked. (to
the original material)
- Decrypter
announced for past BlackMatter ransomware
victims. (to
the original material)
23.10.2021
-
News
from Cyber Security.
- Popular NPM
library hijacked to install password-stealers,
miners. (to
the original material)
- Hacker
sells the data for millions of Moscow drivers
for $800. (to
the original material)
- FTC (Federal
Trade Commission): ISPs
(Internet Service Providers) collect and
monetize far more user data than you’d think. (to
the original material)
- Ransomware
hackers nervous, allege harassment from U.S.. (to
the original material)
- After
nation-state hackers, cybercriminals also add
Sliver Pentest tool to arsenal. (to
the original material)
- 7 Ways to
lock down enterprise printers. (to
the original material)
- What Squid
Game teaches us about cybersecurity. (to
the original material)
- Ransomware
rise pushes organizations to prepare for attack.
(to
the original material)
22.10.2021
- News
from Cyber Security.
- Malware
discovered in popular NPM Package, ua-parser-js.
(to
the original material)
- Governments
turn tables on ransomware gang REvil by pushing
it offline. (to
the original material)
- The Week in
Ransomware - October 22nd 2021 - Striking back.
(to
the original material)
- SCUF Gaming
store hacked to steal credit card info of 32,000
customers. (to
the original material)
- DarkSide
ransomware rushes to cash out $7 million in
Bitcoin. (to
the original material)
- Groove
ransomware calls on all extortion gangs to
attack US interests. (to
the original material)
- Microsoft:
WizardUpdate Mac malware adds new evasion
tactics. (to
the original material)
- Italian
celebs' data exposed in ransomware attack on
SIAE (Società Italiana degli Autori ed Editori).
(to
the original material)
- Microsoft
Teams adds end-to-end encryption for one-to-one
calls. (to
the original material)
- Nebraska
issues first federal cyber-stalking sentence. (to
the original material)
- New
cybersecurity world record set. (to
the original material)
- US Secret
Service announces cyber games winner. (to
the original material)
- FOI
(Freedom Of Information) request reveals scale
of data breaches at UK Councils. (to
the original material)
- 22% of
Brits received proof of vaccination phishing
email in past six months. (to
the original material)
- Halloween
Horror-Show for Candy-Maker hit by ransomware. (to
the original material)
- Over 80% of
Brits deluged with scam calls and texts. (to
the original material)
- $5.2
billion worth of Bitcoin transactions, possibly
linked to ransomware payments. (to
the original material)
- Week in
security with Tony Anscombe. (to
the original material)
- What’s
lurking in the shadows? How to manage the
security risks of shadow IT. (to
the original material)
- Internet
providers collect 'staggering' amounts of data -
FTC chair. (to
the original material)
- 'TodayZoo'
phishing kit cobbled together from other
malware. (to
the original material)
- CDR: The
secret cybersecurity ingredient used by defense
and intelligence agencies. (to
the original material)
- Embracing
secure hybrid work with four foundational IT
controls. (to
the original material)
- Security
changes needed to protect corporate networks
from non-business IoT devices. (to
the original material)
- Fraud
detection and prevention market size to reach
$62.7 billion by 2028. (to
the original material)
- Tech
support scams becoming the top phishing threat
to consumers. (to
the original material)
- Facebook
sues Ukrainian who scraped the data of 178
million users. (to
the original material)
- DDoS
attacks hit multiple email providers. (to
the original material)
- DarkSide
ransomware gang moves some of its Bitcoin after
REvil got hit by law enforcement. (to
the original material)
- Who’s using
your computers? Cryptojacking degrades network
performance. (to
the original material)
21.10.2021
- News
from Cyber Security.
- GPS Daemon
(GPSD) rollover bug. (to
the original material)
- Cisco
releases security updates for IOS XE SD-WAN
software. (to
the original material)
- Fraud never
sleeps: Why biometrics is essential for
effective fraud prevention. (to
the original material)
- Smartphone
counterespionage for travelers. (to
the original material)
- How do I
select a GRC (Governance, Risk, Conformity) solution
for my business? (to
the original material)
- Many
organizations lack basic cyber hygiene despite
high confidence in their cyber defenses. (to
the original material)
- Increased
activity surrounding stolen data on the dark
web. (to
the original material)
- Siloed
security data hamper the ability to achieve
collective defense. (to
the original material)
- US to ban
export of hacking tools to authoritarian states.
(to
the original material)
- Data
scrapers expose 2.6 million Instagram and TikTok
users. (to
the original material)
- Massive
campaign uses YouTube to push password-stealing
malware. (to
the original material)
- Evil Corp
demands $40 million in new Macaw Locker
ransomware attacks. (to
the original material)
- Microsoft
now defends nonprofits against nation-state
attacks. (to
the original material)
- Hacking
gang creates fake firm to hire pentesters for
ransomware attacks. (to
the original material)
- Google
launches Android Enterprise bug bounty program.
(to
the original material)
- Cybercrime
matures as hackers are forced to work smarter. (to
the original material)
- RAT malware
spreading in Korea through webhards and
torrents. (to
the original material)
- Nine
arrested (in Holland) for impersonating bank
clerks to steal from the elderly. (to
the original material)
- Bulletproof
hosting admins sentenced for helping cybercrime
gangs. (to
the original material)
- Government
agents compromise REvil backups to force group
offline. (to
the original material)
- US
imprisons bulletproof hosting providers. (to
the original material)
- DoJ sues
robocaller to pay massive fine. (to
the original material)
- CISA awards
$2M to cybersecurity training programs. (to
the original material)
- Nigerian
romance scam suspects targeted 100 women - FBI.
(to
the original material)
- Nearly 45
million received scam calls in three months,
Ofcom says. (to
the original material)
-
Cybersecurity careers: What to know and how to
get started. (to
the original material)
- Using
Discord infrastructure for malicious intent. (to
the original material)
- GIGABYTE
fell victim to ransomware again. (to
the original material)
- Zerodium is
looking to buy exploits for NordVPN, ExpressVPN,
and Surfshark. (to
the original material)
- Look out!
Scammers are in love with Amazon. (to
the original material)
- Mistreated
employees can become insider threats - Lisa
Forte. (to
the original material)
- Macs still
targeted mostly with adware, less with malware.
(to
the original material)
- Google
buckles down on Android Enterprise Security. (to
the original material)
-
Microsoft-Signed rootkit targets gaming
environments in China. (to
the original material)
- Extortion
spam emails continue to consume valuable
resources. (to
the original material)
- Cybercrime
gang sets up fake company to hire security
experts to aid in ransomware attacks. (to
the original material)
- Google
unmasks two-year-old phishing & malware
campaign targeting YouTube users. (to
the original material)
- Do we
really want Amazon’s internet-connected
autonomous surveillance robots wandering around
our homes? (to
the original material)
20.10.2021
-
News
from Cyber Security.
-
Cybersecurity News of the Week (20.10.2021). (to
the original material)
- Phishing
attack that uses the image of Banca
Transilvania. (to
the original material)
- Five
game-changing factors for companies dealing with
ransomware attacks. (to
the original material)
- Microsoft
launches Privacy Management (Privacy Management)
for Microsoft 365. (to
the original material)
- Why virtual
desktops make sense for a virtual workforce. (to
the original material)
-
Organizations lack basic cybersecurity practices
to combat the growing tide of ransomware. (to
the original material)
- Mobile
application security guide, from development to
operations. (to
the original material)
- What are
the post-pandemic security concerns for IT pros?
(to
the original material)
- Attack
surface larger than ever as organizations shift
to remote and hybrid work. (to
the original material)
- US govt to
ban export of hacking tools to authoritarian
regimes. (to
the original material)
- Google
releases security updates for Chrome. (to
the original material)
- Oracle
releases October 2021 critical patch update. (to
the original material)
- DDoS
attacks against Russian firms have almost
tripled in 2021. (to
the original material)
-
Political-themed actor using old MS Office flaw
to drop multiple RATs (remote acces tools). (to
the original material)
- Google:
YouTubers’ accounts hijacked with
cookie-stealing malware. (to
the original material)
- New Gummy
Browsers attack lets hackers spoof tracking
profilese. (to
the original material)
- Microsoft
365 will get enhanced insider risk management
tools. (to
the original material)
- New
PurpleFox botnet variant uses WebSockets for C2
communication. (to
the original material)
- Zerodium
wants zero-day exploits for Windows VPN clients.
(to
the original material)
- Ransomware
soap opera continues with REvil’s latest outage.
(to
the original material)
- CISA leader
backs 24-Hour timeline for incident reporting. (to
the original material)
- Hacker in
UPMC data theft, fraud case gets maximum
sentences. (to
the original material)
- WFH (Work
From Home) is here to stay: Five tactics to
improve security for remote teams. (to
the original material)
- 72% of
organizations experienced a DNS attack in the
past year. (to
the original material)
-
#ISC2Congress: How to mitigate evolving insider
threats. (to
the original material)
- Threat
actors abusing Discord to spread malware. (to
the original material)
- Brave
browser replaces Google with its own search
engine. (to
the original material)
- Beware:
Android users targeted with ‘Squid Game’
malware. (to
the original material)
- British
regulator fines Facebook $70 million. (to
the original material)
- Facebook
plans to rebrand with a new name, says The
Verge. (to
the original material)
- Sticky
business: Ransomware hits U.S. candymaker ahead
of Halloween. (to
the original material)
- Two Eastern
Europeans sentenced for providing ‘bulletproof
hosting” services. (to
the original material)
- U.S.
Government set to ban sale of hacking tools to
China and Russia. (to
the original material)
- RedLine
Stealer identified as primary source of stolen
credentials on two dark web markets. (to
the original material)
- Pentagon
official:’Open question’ if Putin’s government
can stop hackers. (to
the original material)
-
Cybersecurity skills shortage complicates 2022
budgeting. (to
the original material)
- Facebook’s
very bad, no good week: What it means for
privacy, and how to make things better. (to
the original material)
19.10.2021
-
News
from Cyber Security.
- Bitdefender
study: Romanians prefer to memorize their
passwords and reuse them. (to
the original material)
- Podcast:
Could the Zoho flaw trigger SolarWinds 2.0? (to
the original material)
- Brave
ditches Google for its own privacy-centric
search engine. (to
the original material)
- Acer hacked
twice in a week by the same threat actor
(Desorden). (to
the original material)
- About 26%
of all malicious JavaScript threats are
obfuscated. (to
the original material)
- BlackByte
ransomware decryptor released to recover files
for free (to
the original material)
- LightBasin
hacking group breaches 13 global telecoms in two
years. (to
the original material)
- China's VPN
market now open to foreign investment. (to
the original material)
- Man (TheDearthStar
or DearthyStar) gets 7
years in prison for hacking 65K health care
employees. (to
the original material)
- FBI warns
of fake govt sites used to steal financial,
personal data. (to
the original material)
- New Karma
ransomware group likely a Nemty rebrand
(JSWorm). (to
the original material)
- Microsoft
issues advisory for Surface Pro 3 TPM bypass
vulnerability. (to
the original material)
- BlackMatter
ransomware defense: Just-In-Time Admin Access. (to
the original material)
- New York
tells 2 cryptocurrency firms to cease and
desist. (to
the original material)
- New
business model: White labeling of ransomware. (to
the original material)
- More
attempted cyberattacks on Israeli healthcare
entities. (to
the original material)
- Preparing
for ransomware attacks in the education sector.
(to
the original material)
- Secure your
databases against opportunistic attackers. (to
the original material)
- Compliance
does not equal security. (to
the original material)
- SASE
(Secure Access Service Edge) emerges as the edge
becomes an enterprise focal point. (to
the original material)
-
Recommendations for improving DEI (Diversity,
Equity and Inclusion) in cybersecurity teams. (to
the original material)
- The CISO’s
guide to evaluating third-party security
platforms. (to
the original material)
- Bots to
become the future of work and provide ROI
(Return Of Investment) to
organizations using them.
(to
the original material)
-
Multi-factor authentications soar as enterprises
move away from passwords to secure hybrid
workers. (to
the original material)
- A recipe
for failure: Predictably poor passwords. (to
the original material)
- Social now
among top three sectors to be imitated in
phishing attempts Q3 2021. (to
the original material)
- The reason
why support scams have proliferated: they work.
(to
the original material)
-
China-linked hackers spy on call records
worldwide, CrowdStrike says. (to
the original material)
- LightBasin:
A Roaming Threat to Telecommunications
Companies. (to
the original material)
- CISA, FBI,
and NSA warn of BlackMatter attacks on
agriculture. (to
the original material)
- Toucan Two
Steps explains why it's important to take two
steps to log in. (to
the original material)
- Pentagon
official: ’Open question’ if Putin’s government
can stop hackers
- South
African police arrest eight romance scammers for
stealing $6.85 million. (to
the original material)
18.10.2021
- News
from Cyber Security.
- 18th
October – Threat Intelligence Report. (to
the original material)
- Microsoft's
very bad year for security: A timeline. (to
the original material)
- 6 zero
trust myths and misconceptions. (to
the original material)
- White House
international ransomware initiative outlines
hopes and challenges. (to
the original material)
- CISA, FBI,
and NSA release joint cybersecurity advisory on
BlackMatter ransomware. (to
the original material)
- FBI, CISA,
NSA share defense tips for BlackMatter
ransomware attacks. (to
the original material)
-
State-backed hackers breach telcos with custom
malware. (to
the original material)
- Free
decrypter released for BlackByte ransomware
victims. (to
the original material)
- REvil gang
shuts down for the second time after its Tor
servers were hacked. (to
the original material)
- Suspected
Chinese hackers behind attacks on ten Israeli
hospitals. (to
the original material)
- Microsoft
asks admins to patch PowerShell to fix WDAC
bypass. (to
the original material)
- Credit card
PINs can be guessed even when covering the ATM
pad. (to
the original material)
- Accenture:
Ransomware attack breached proprietary data. (to
the original material)
- Acer Taiwan
and India hit in 2nd and 3rd attacks of 2021. (to
the original material)
- BEC attacks
(Business Email Compromise): Scammers’ latest
tricks. (to
the original material)
- Analyzing
and implementing a national zero trust
architecture. (to
the original material)
- The
importance of crisis management in the age of
ransomware. (to
the original material)
- Cyber risk
trends driving the surge in ransomware
incidents. (to
the original material)
- Remote
access security strategy under scrutiny as
hybrid/remote working persists. (to
the original material)
- Most
employees believe backing up company data is not
their problem. (to
the original material)
- Enterprises
increasingly adopting containers, many turning
to providers for support. (to
the original material)
- Good luck,
everyone - REvil hacker after group's Tor site
gets taken over. (to
the original material)
- Ransomware
attack hits owner of dozens of local TV
stations. (to
the original material)
- TV station
operator Sinclair hit by ransomware attack. (to
the original material)
- Facebook
plans to hire 10,000 in EU to build 'metaverse'.
(to
the original material)
- Hiring the
right information security leaders for your
organization. (to
the original material)
- Free
decrypter released for BlackByte ransomware
victims. (to
the original material)
- Hacker
steals government ID database for Argentina’s
entire population. (to
the original material)
- REvil gang
shuts down for the second time after its Tor
servers were hacked. (to
the original material)
-
Cybersecurity careers: Closing the skills gap. (to
the original material)
- Hacking the
World – Part 3: The Hackers and the Hacked. (to
the original material)
17.10.2021
- News
for Cyber Security.
- Week in
review: Strengthening firmware security, Help
Net Security: XDR Report released. (to
the original material)
- REvil
ransomware shuts down again after Tor sites were
hijacked. (to
the original material)
16.10.2021
- News
from Cyber Security.
- Security
News This Week: Hackers keep targeting the US
water supply. (to
the original material)
- Missouri
threatens to sue a reporter who flagged a
security Flaw. (to
the original material)
- Missouri
governor criticized for confusing vulnerability
disclosure with criminal hacking. (to
the original material)
- A Telegram
bot told Iranian hackers when they got a hit. (to
the original material)
- What role
can Artificial Intelligence play in fixing the
security skills shortage? (to
the original material)
- Treasury
Dept. to crypto companies: Comply with
sanctions. (to
the original material)
- MirrorBlast
campaign targets finance sector using macros. (to
the original material)
- Canon sued
for disabling scanner when printers run out of
ink. (to
the original material)
15.10.2021
- News
from Cyber Security.
- Apache
releases security advisory for Tomcat . (to
the original material)
- The Week in
Ransomware - October 15th 2021 - Disrupting
ransoms. (to
the original material)
- US links $5.2
billion worth of Bitcoin transactions to
ransomware. (to
the original material)
- US Treasury
said it tied $5.2 billion in BTC transactions to
ransomware payments. (to
the original material)
- Twitch
downplays this month's hack, says it had minimal
impact. (to
the original material)
- Accenture
confirms data breach after August ransomware
attack. (to
the original material)
- Russian
cybercrime gang (TA505) targets
finance firms with stealthy macros
(MirrorBlast phishing campaign). (to
the original material)
- Governments
worldwide to crack down on ransomware payment
channels. (to
the original material)
- US government
discloses more ransomware attacks on water plants.
(to
the original material)
- Critical
infrastructure security dubbed 'abysmal' by
researchers. (to
the original material)
- This malware
botnet gang MyKings has stolen millions with a
surprisingly simple trick. (to
the original material)
- Twitter
suspends two accounts used by DPRK hackers to
catfish security researchers. (to
the original material)
- Attackers
behind Trickbot expanding malware distribution
channels. (to
the original material)
- Ad-Blocking
Chrome extension caught injecting ads in Google
Search pages. (to
the original material)
- CISA issues
warning on cyber threats targeting water and
wastewater systems. (to
the original material)
- European
Cybersecurity Month: Test your Skills with a Quiz.
(to
the original material)
- Israeli
hospital cancels non-urgent procedures following
ransomware attack. (to
the original material)
- Injection
vulnerabilities in popular WordPress plugin could
expose credentials, allow admin access. (to
the original material)
- Row over data
leak disclosure by journalist further erodes
researcher trust in government. (to
the original material)
- Legal,
procurement experts question DoJ plan to sue
contractors for cyber reporting failures. (to
the original material)
- HHS
(Departamentul Health and Human Services):
Ransomware groups will continue focus on
healthcare, leveraging legacy tech. (to
the original material)
- The inside
job: financial institution struggle to address bad
actors inside their ranks. (to
the original material)
- What is an
.exe file? Is it the same as an executable? (to
the original material)
- How to get
started with implementing the Cybersecurity
Maturity Model Certification (CMMC). (to
the original material)
- Cyber-attack
response takes more than two working days. (to
the original material)
- Google issues
customers 50,000+ warnings of state-backed
attacks. (to
the original material)
- Cercetătorii
condamnă funcțiile propuse de Apple pentru
scanarea telefonului. (to
the original material)
- Data stolen
from American Osteopath Group. (to
the original material)
- Prioritizing
cybersecurity awareness training in the wake of
phishing attacks. (to
the original material)
- BlackByte:
Free decryptor released for ransomware strain. (to
the original material)
- New infosec
products of the week: October 15, 2021. (to
the original material)
- Human hacking
increased as apps and browsers moved completely to
the cloud. (to
the original material)
- Android data
sharing remains significant, no opt-out available
to users. (to
the original material)
- 70% of
businesses can’t ensure the same level of
protection for every endpoint. (to
the original material)
- Policy
automation to eliminate configuration errors. (to
the original material)
- Finance data
management initiatives constrained by lack of
digital skills and maturity. (to
the original material)
- Organizations
failing to give users the login experience they
want. (to
the original material)
- Week in
security with Tony Anscombe. (to
the original material)
- Virus
Bulletin: Old malware never dies – it just gets
more targeted. (to
the original material)
- User targeted
hacking attempts increased by 33% - Google. (to
the original material)
- Cambridge
University drops $548 million partnership with UAE
over hacking. (to
the original material)
- Introducing
Automated Account Takeover (ATO) Remediation
Functionality. (to
the original material)
- US Treasury
said it tied $5.2 billion in BTC transactions to
ransomware payments. (to
the original material)
14.10.2021
- News
from Cyber Security.
- How to secure
all your everyday connected devices. (to
the original material)
- 71 reasons to
update Windows ASAP. (to
the original material)
- Ongoing cyber
threats to U.S. water and wastewater systems
sector facilities. (to
the original material)
- Juniper
Networks releases security updates for multiple
products. (to
the original material)
- WhatsApp
rolls out iOS, Android end-to-end encrypted chat
backups. (to
the original material)
- Microsoft
releases Linux version of the Windows Sysmon tool.
(to
the original material)
- University of
Sunderland announces outage following cyberattack.
(to
the original material)
- DocuSign
phishing campaign targets low-ranking employees. (to
the original material)
- Google sent
50,000 warnings of state-sponsored attacks in
2021. (to
the original material)
- Google: We're
tracking 270 state-sponsored hacker groups from
over 50 countries. (to
the original material)
- Malicious
Chrome ad blocker injects ads behind the scenes. (to
the original material)
- Belarus:
Joining banned Telegram channels will land you in
prison (up to 7 years). (to
the original material)
- Acer confirms
breach of after-sales service systems in India. (to
the original material)
- New
Yanluowang ransomware used in targeted enterprise
attacks. (to
the original material)
- The Ultimate
SaaS Security Posture Management (SSPM) Checklist
(SSPM - SaaS Security Posture Management). (to
the original material)
- Critical
remote hacking flaws disclosed in Linphone and
MicroSIP softphones. (to
the original material)
- VirusTotal
releases ransomware report based on analysis of 80
million samples. (to
the original material)
- Git providers
revoke weak keys generated in vulnerable GitKraken
crypto library. (to
the original material)
- Dutch police
warn DDoS-for-hire customers to desist or face
prosecution. (to
the original material)
- Ransomware
warranties offer user community another form of
cyber insurance. (to
the original material)
- Australia
plans ransomware attack reporting requirement. (to
the original material)
- ThreatMapper:
Open source platform for scanning runtime
environments. (to
the original material)
- Organizations
losing business due to connected product security
concerns. (to
the original material)
- Cybersecurity
News of the Week (14.10.2021). (to
the original material)
- The National
Directorate of Cyber Security, the Romanian
Police and the Romanian Association of Banks
launch #SiguranțaOnline, an information campaign
on how to protect ourselves from online fraud. (to
the original material)
- Ransomware
damages US companies by nearly $ 21 billion in
2020 due to downtime. (to
the original material)
- Employee
offboarding: Why companies must close a crucial
gap in their security strategy. (to
the original material)
- How
shape-shifting threat actors complicate attack
attribution. (to
the original material)
- REvil
ransomware explained: A widespread extortion
operation. (to
the original material)
- Everyday
cybersecurity practices inadequate among many
online consumers. (to
the original material)
- Fintech
developers dissatisfied with their current roles,
a major risk for their employers. (to
the original material)
- Storage
systems vulnerabilities: Act now to avoid
disasters. (to
the original material)
- How to
prevent email spoofing attacks. (to
the original material)
- A malware
botnet has made more than $24.7 million since
2019. (to
the original material)
- Countries
agree to fight ransomware together after White
House meetings. (to
the original material)
13.10.2021
- News
from Cyber Security.
- Customers on
alert as E-Commerce player leaks 1.7+ billion
records. (to
the original material)
- Microsoft fixes
zero-day flaw in Win32 driver. (to
the original material)
- High-Profile
breaches are shifting enterprise security strategy.
(to
the original material)
- MyKings botnet
still active and making massive amounts of money. (to
the original material)
- Apple silently
fixes iOS zero-day, asks bug reporter to keep quiet.
(to
the original material)
- Australia to
tackle ransomware data breaches by deleting stolen
files. (to
the original material)
- EU legislation
introduced to ban anonymous domain registration. (to
the original material)
- Verizon digital
carrier Visible customer accounts were hacked. (to
the original material)
- OpenSea NFT
platform bugs let hackers steal crypto wallets. (to
the original material)
- Russia and
China left out of global anti-ransomware meetings. (to
the original material)
- Telegram Is
becoming a cesspool of anti-semitic content. (to
the original material)
- International
cryptocurrency scam ring targets European dating app
users. (to
the original material)
- Apple: Forcing
app sideloading would turn iPhones into virus-prone
'pocket PCs'i. (to
the original material)
- Bugs allowing
malicious NFT uploads uncovered in OpenSea
marketplace. (to
the original material)
- Unresolved
GitHub Actions flaw allows code to be approved
without review. (to
the original material)
- Nagios XI
updated to address trio of security vulnerabilities.
(to
the original material)
- Don’t get
phished! How to be the one that got away. (to
the original material)
- Chinese APT
group IronHusky exploits zero-day Windows Server
privilege escalation. (to
the original material)
- Google forms
Cybersecurity Action Team to support customer
security transformation. (to
the original material)
- List of IT
assets an attacker is most likely to target for
exploitation. (to
the original material)
- Is the
government’s response to cybersecurity threats
enough for your organization? (to
the original material)
- Ransomware
attacks preparedness lagging, despite organizations
being aware of the risks. (to
the original material)
- KuberLogic
open-source platform turns infrastructure into a
managed PaaS. (to
the original material)
- Investing in
the mainframe remains key driver for digital
transformation. (to
the original material)
- Worldwide
supply chains vulnerable as businesses lack
visibility into suppliers. (to
the original material)
- Cybersecurity
shortcomings exposed by the pandemic. (to
the original material)
- DDoS attacks on
the rise - using powerful new techniques. (to
the original material)
- Threat
Spotlight: Remote code execution vulnerabilities. (to
the original material)
12.10.2021
- News
from Cyber Security.
- Microsoft
releases October 2021 security updates. (to
the original material)
- Microsoft
October 2021 Patch Tuesday fixes 4 zero-days, 71
flaws. (to
the original material)
- Overly complex
IT infrastructures pose security risk. (to
the original material)
- Google launches
security advisory service, security to workspaces. (to
the original material)
- Google creates
cybersecurity action team. (to
the original material)
- NCSC CEO:
Ransomware the "Most Immediate Threat" facing UK
businesses. (to
the original material)
- Schools prove
easy targets for hackers. (to
the original material)
- Evaluating your
defenses: The importance of establishing mature SOC
processes. (to
the original material)
- Nukegate CEO
imprisoned for fraud. (to
the original material)
- BloodHound and
Purple Knight: Better together for hardening Active
Directory security. (to
the original material)
- Over 90% of
firms suffered supply chain breaches last year. (to
the original material)
- Euro Police
disrupt $17m fake investment scheme. (to
the original material)
- Ukraine Police
cuff botnet herder who controlled 100K machines. (to
the original material)
- Not hitting
your security KPIs? Get the whole business involved.
(to
the original material)
- Smaller 'Bit
and Piece' DDoS attacks slam servers to evade
mitigation systems. (to
the original material)
- New Iranian APT
targets aerospace and telecoms in western countries.
(to
the original material)
- There is lot
more about fake iTerm2 apps than thought earlier. (to
the original material)
- New UEFI
bootkit performs espionage. (to
the original material)
- Research links
multiple attack campaigns to APT41 group. (to
the original material)
- Microsoft
thwarts record‑breaking DDoS attack. (to
the original material)
- Inside Apple:
How macOS attacks are evolving. (to
the original material)
- Dutch police
send warning letters to DDoS booter customers. (to
the original material)
- Chinese hackers
use Windows zero-day to attack defense, IT firms. (to
the original material)
- PyPI removes
'mitmproxy2' over code execution concerns. (to
the original material)
- Phishing
campaign uses math symbols to evade detection. (to
the original material)
- FreakOut botnet
now attacks vulnerable video DVR devices. (to
the original material)
- Cyberattack
shuts down Ecuador's largest bank, Banco Pichincha.
(to
the original material)
- Study reveals
Android phones constantly snoop on their users. (to
the original material)
- SnapMC hackers
skip file encryption and just steal your files. (to
the original material)
- Microsoft
revokes insecure SSH keys for Azure DevOps
customers. (to
the original material)
- Olympus US
systems hit by cyberattack over the weekend. (to
the original material)
- Microsoft:
Azure customer hit by record DDoS attack in August.
(to
the original material)
- Photo editor
Android app STILL sitting on Google Play store is
malware. (to
the original material)
- NSA warns of
wildcard certificate risks, provides mitigations. (to
the original material)
- Chinese phone
manufacturer ZTE launches public bug bounty program.
(to
the original material)
- Blue OLEx 2021
: Testing the response to large cyber incidents. (to
the original material)
- Google
distributing 10,000 security keys to journalists,
elected officials, human rights activists. (to
the original material)
- MysterySnail
crawls through zero-day vulnerability. (to
the original material)
- Hackers could
force locked-screen iPhones to make contactless
payments . (to
the original material)
- Microsoft
patches actively exploited Windows zero-day
(CVE-2021-40449). (to
the original material)
- Apple fixes iOS
zero-day exploited in the wild (CVE-2021-30883). (to
the original material)
- Apache
OpenOffice users should upgrade to newest security
release!. (to
the original material)
- How to maximize
your security budget while demonstrating ROI. (to
the original material)
- AWS ransomware
attacks: Not a question of if, but when. (to
the original material)
- 2021 nastiest
malware: Here to stay and ever evolving. (to
the original material)
- Database
monitoring tools usage skyrocketings. (to
the original material)
- SaaS adoption
growing, but so are security concerns. (to
the original material)
- CISA to come to
cybersecurity aid of schoolsi. (to
the original material)
- Open Source
Intelligence (OSINT) is great for catching bad
actors; But it can also be used against the good
ones – You and Me. (to
the original material)
11.10.2021
- News
from Cyber Security.
- 11th October –
Threat Intelligence Report. (to
the original material)
- Remote work
exposing SMEs to increased cybersecurity risk. (to
the original material)
- 6 ways the
pandemic has triggered long-term security changes. (to
the original material)
- 7 VPN
alternatives for securing remote network access. (to
the original material)
- Strengthening
firmware security with hardware RoT (Root-of-Trust). (to
the original material)
- REvil/Sodinokibi
accounting for 73% of ransomware detections in Q2
2021. (to
the original material)
- IT leaders
confident in their organization’s network security, IT
managers have doubts. (to
the original material)
- Ransomware:
Relationship breakdowns have never been so satisfying.
(to
the original material)
- DEX management
maturity key to succeed in the future remote work. (to
the original material)
- Li-Fi
market (Light-Fidelity) to
grow steadily by 2026. (to
the original material)
- Agrius group
(Iranian threat actor) uses updated arsenal to create
Havoc. (to
the original material)
- ChamelGang APT
group found targeting Russian industries. (to
the original material)
- GitHub revokes
duplicate SSH auth keys linked to library bug. (to
the original material)
- Emergency Apple
iOS 15.0.2 update fixes zero-day used in attacks. (to
the original material)
- LibreOffice,
OpenOffice bug allows hackers to spoof signed docs. (to
the original material)
- Microsoft:
Iran-linked hackers target US defense tech companies.
(to
the original material)
- Huawei Cloud
targeted by updated cryptomining malware. (to
the original material)
- Ukrainian police
arrest DDoS operator controlling 100,000 bots. (to
the original material)
- Microsoft
Defender for Identity to detect Windows Bronze Bit
attacks. (to
the original material)
- Nuclear
engineer's espionage plans unraveled by undercover FBI
agent. (to
the original material)
- Pacific City Bank
dezvăluie un atac ransomware revendicat de AvosLocker.
(to
the original material)
- When criminals go
corporate: Ransomware-as-a-service, bulk discounts and
more. (to
the original material)
- Ransomware cost
US companies almost $21 billion in downtime in 2020. (to
the original material)
- Vulnerability
summary for the week of October 4, 2021. (to
the original material)
- How to
permanently delete your Facebook account. (to
the original material)
- FontOnLake
malware strikes Linux systems in targeted attacks. (to
the original material)
- FBI arrests
engineer for selling nuclear warship data hidden in
peanut butter sandwich. (to
the original material)
- Treat suspicious
links just like suspicious Linux. (to
the original material)
- Ways you can help
“Phight the phish”. (to
the original material)
- Hacking the World
– Part 2: What’s Being Hacked (And What Changed with
Covid). (to
the original material)
10.10.2021
- News
from Cyber Security.
- Week in review:
Electronic warfare, cybersecurity career plan, Patch
Tuesday forecast. (to
the original material)
- 350 Qld
border-pass applicants caught in police privacy
breach. (to
the original material)
- Za: Ransomware
attack crisis over, says justice department. (to
the original material)
- FontOnLake
malware infects Linux systems via trojanized
utilities. (to
the original material)
- Amnesty
International links cybersecurity firm to spyware
operation. (to
the original material)
09.10.2021
- News
from Cyber Security.
- Developers and
Security - Using data to consolidate and collaborate.
(to
the original material)
- Oregon Eye
Specialists, PC notifies patients after email breach.
(to
the original material)
- Parents furious
after personal information is leaked in 2nd data
breach in online program. (to
the original material)
- Bank of America
insider charged with money laundering for BEC scams. (to
the original material)
- Microsoft adds
tamper protection to Windows 11 security baseline. (to
the original material)
08.10.2021
- News
from Cyber Security.
- Microsoft: Russia
dominates state-sponsored attacks. (to
the original material)
- Nobelium makes
Russia leader in cyberattacks. (to
the original material)
- UK firms hit by
one attack every 47 seconds over summer. (to
the original material)
- Netherlands says
armed forces may combat ransomware attacks. (to
the original material)
- Data breach
reports rise as supply chain attacks surge. (to
the original material)
- NatWest pleads
guilty in £400m money laundering case. (to
the original material)
- Google says
Russian APT targeting journalists, politicians. (to
the original material)
- Latest OMB memo
doubles down on flawed NIST critical software
standards. (to
the original material)
- ECU student ECU
(East California University) charged with
cyber-stalking. (to
the original material)
- US shutters
psychic mass mail fraud. (to
the original material)
- BrewDog exposed
data for over 200,000 shareholders and customers. (to
the original material)
- BrewDog exposed
data of 200,000 shareholders for over a year. (to
the original material)
- Researchers warn
of FontOnLake rootkit malware targeting Linux systems.
(to
the original material)
- Ransomware Group
FIN12 aggressively going after healthcare targets. (to
the original material)
- New patch
released for actively exploited 0-day Apache path
traversal to RCE attacks. (to
the original material)
- NSA releases
guidance on avoiding the dangers of Wildcard TLS
Certificates and ALPACA techniques. (to
the original material)
- NSA warns of
ALPACA TLS attack, use of wildcard TLS certificates. (to
the original material)
- Hacker arrested
in France for theft of COVID-19 tests for 1.4 million
Parisians. (to
the original material)
- Cox Media Group
confirms ransomware attack that took down broadcasts.
(to
the original material)
- Four months
later, Cox Media confirms ransomware attack. (to
the original material)
- New FontOnLake
Linux malware used in targeted attacks. (to
the original material)
- Hong Kong’s
anti-doxxing law comes into force despite human rights
criticism. (to
the original material)
- ‘Toxic
permissions’ leave AWS S3 buckets vulnerable to
ransomware. (to
the original material)
- Silicon Valley VC
firm leaked 'Deal Flow' data. (to
the original material)
- Efforts to
incentivize Healthcare Sector cyber investments. (to
the original material)
- HP extends
security features to Work-from-Home devices. (to
the original material)
- North American
orgs hit with an average of 497 cyberattacks per week.
(to
the original material)
- Intuit warns
QuickBooks customers of ongoing phishing attacks. (to
the original material)
- Twitch game page
backgrounds defaced with Jeff Bezos' face. (to
the original material)
- Russian orgs
heavily targeted by smaller tier ransomware gangs. (to
the original material)
- Engineering giant
Weir Group hit by ransomware attack. (to
the original material)
- Week in security
with Tony Anscombe. (to
the original material)
- Patch management
complexity increased by remote work is putting
organizations at risk. (to
the original material)
- Virtual
collaboration technology issues plaguing the hybrid
workforce. (to
the original material)
- From surveillance
capitalism to “Influence Government”: Using
microtargeted ads to “Nudge” people’s everyday
behavior. (to
the original material)
07.10.2021
- News
from Cyber Security.
- Apache Releases
HTTP Server version 2.4.51 to Address Vulnerabilities
Under Exploitation. (to
the original material)
- Cisco releases
security updates for multiple products. (to
the original material)
- CISA releases
guidance: TIC 3.0 remote user use case. (to
the original material)
- Google warns 14,000
Gmail users targeted by Russian hackers. (to
the original material)
- Microsoft is
disabling Excel 4.0 macros by default to protect users.
(to
the original material)
- Apache emergency
update fixes incomplete patch for exploited bug. (to
the original material)
- FIN12 hits
healthcare with quick and focused ransomware attacks. (to
the original material)
- Vidar stealer
abuses Mastodon to silently get C2 configuration. (to
the original material)
- Firefox now shows
ads as sponsored address bar suggestions. (to
the original material)
- Microsoft fixes bug
blocking Azure Virtual Desktops security updates. (to
the original material)
- Unpatched Dahua
cams vulnerable to unauthenticated remote access. (to
the original material)
- Twitch: No
credentials or card numbers exposed in data breach. (to
the original material)
- Code execution bug
affects Yamale Python Package - Used by over 200
projects. (to
the original material)
- Penetration testing
your AWS environment - A CTO's Guide. (to
the original material)
- New U.S. Government
initiative holds contractors accountable for
cybersecurity. (to
the original material)
- Apple now requires
all apps to make it easy for users to delete their
accounts. (to
the original material)
- Navy Warship’s
Facebook page hacked to stream ‘Age of Empires’ gaming.
(to
the original material)
- 4 Key questions for
zero-trust success. (to
the original material)
- Twitch leak
included emails, password: Researcher. (to
the original material)
- Botnet abuses
TP-Link routers for years in SMS messaging-as-a-service
scheme. (to
the original material)
- TSA to issue
cybersecurity requirements for US rail, aviation
sectors. (to
the original material)
- Top cybersecurity
statistics, trends, and facts. (to
the original material)
- No honor among
thieves: One in five targets of FIN12 hacking group is
in healthcare. (to
the original material)
- Former Kent police
officer sentenced for downloading child sex abuse
material. (to
the original material)
- Researchers
discover ransomware that encrypts virtual machines
hosted on an ESXi hypervisor. (to
the original material)
- Finding the right
mix: Leveraging policy and incentives to improve
healthcare cybersecurity. (to
the original material)
- Which technologies
can help legal and compliance teams navigate a changing
landscape of risk? (to
the original material)
- Organizations
putting security and compliance at the forefront to
strengthen trust perceptions. (to
the original material)
- Fraudulent
robocalls to cost consumers $40 billion in 2022. (to
the original material)
06.10.2021
- News
from Cyber Security.
- Fired IT admin
revenge-hacks school by wiping data, changing passwords.
(to
the original material)
- GhostEmperor threat
group targets new flaw in Exchange. (to
the original material)
- FormBook abuses new
zero-day vulnerability in Office 365. (to
the original material)
- TA544 targeting
Italian organizations with Ursnif trojan. (to
the original material)
- Mozilla releases
security updates for Firefox and Firefox ESR. (to
the original material)
- Apache releases
security update for Apache HTTP Server. (to
the original material)
- U.S. govt to sue
contractors who hide breach incidents. (to
the original material)
- Hackers use
stealthy ShellClient malware on aerospace, telco firms.
(to
the original material)
- Actively exploited
Apache 0-day also allows remote code execution. (to
the original material)
- Medtronic urgently
recalls insulin pump controllers over hacking concerns.
(to
the original material)
- Massive Twitch
hack: Source code and payment reports leaked. (to
the original material)
- Microsoft shares
Windows 11 TPM check bypass for unsupported PCs. (to
the original material)
- Firefox improves
advertising tracker blocking in private browsing. (to
the original material)
- Ransom Disclosure
Act would give victims 48 hours to report payments. (to
the original material)
- Twitch suffers
massive 125GB data and source code leak due to server
misconfiguration. (to
the original material)
- Iranian hackers
abuse Dropbox in cyberattacks against aerospace and
telecom firms. (to
the original material)
- VMware ESXi servers
encrypted by lightning-fast Python script. (to
the original material)
- Canopy Parental
Control app wide open to unpatched XSS bugs. (to
the original material)
- ESPecter Bootkit
malware haunts victims with persistent espionage. (to
the original material)
- Becoming a new
chief information security officer today: The steps for
success. (to
the original material)
- Digital key builds
on past practices to create a more secure future. (to
the original material)
- Obstacles and
threats organizations face when protecting AD. (to
the original material)
- 91.5% of malware
arrived over encrypted connections during Q2 2021. (to
the original material)
- ATO attacks
increased 307% between 2019 and 2021. (to
the original material)
- Organizations must
reevaluate IT investments to advance their digital
transformation. (to
the original material)
- One in three IT
security managers don’t have a formal cybersecurity
incident response plan. (to
the original material)
- How CISOs can take
advantage of cybersecurity Awareness Month. (to
the original material)
- SASE trends from an
EMEA perspective. (to
the original material)
05.10.2021
- News
from Cyber Security.
- Google protects
your accounts – Even when you no longer use them. (to
the original material)
- Google to
auto-enroll 150 million user accounts into 2FA. (to
the original material)
- The Telegraph
exposes 10 TB database with subscriber info. (to
the original material)
- Apache fixes
actively exploited zero-day vulnerability, patch now. (to
the original material)
- Ransomware gang
encrypts VMware ESXi servers with Python script. (to
the original material)
- Android October
patch fixes three critical bugs, 41 flaws in total. (to
the original material)
- New UEFI bootkit
used to backdoor Windows devices since 2012. (to
the original material)
- October is European
Cybersecurity Month! Learn how to be more careful
online. (to
the original material)
- CISA releases
security advisory for Honeywell Experion and ACE
Controllers. (to
the original material)
- Be Cyber Smart
during Cybersecurity Awareness Month. (to
the original material)
- Apache warns of
zero-day exploit in the wild - Patch your web servers
now! (to
the original material)
- FinFisher is one of
the stealthiest malware: Kaspersky. (to
the original material)
- New study links
seemingly disparate malware attacks to Chinese hackers.
(to
the original material)
- Analiza modelului
de exfiltrare a datelor LockBit. (to
the original material)
- IP surveillance
bugs in Axis Gear allow RCE, data theft. (to
the original material)
- How to build an
Incident-Response plan, before security disaster
strikes. (to
the original material)
- Facebook blames
outage on faulty router configuration. (to
the original material)
- For adapting to new
cloud security threats, look to “old” technology. (to
the original material)
- Five proven
techniques for building effective fraud management. (to
the original material)
- Large ransom
demands and password-guessing attacks escalate. (to
the original material)
- How CISOs plan to
accelerate the adoption of automation. (to
the original material)
- The cybersecurity
issues organizations deal with remain complex and
numerous. (to
the original material)
- Security and trust
in software remains top priority for buyers. (to
the original material)
- Decryption tool
controversy erupts. (to
the original material)
- Get cyber smart
with National Cybersecurity Awareness Month. (to
the original material)
04.10.2021
- News
from Cyber Security.
- 4th October – Threat
Intelligence Report. (to
the original material)
- Update your Google
Chrome web browser to the latest version. (to
the original material)
- Ransomware operators
behind hundreds of attacks arrested in Ukraine. (to
the original material)
- The future role of
data, AI and the cloud. (to
the original material)
- Erosion of digital
trust: Consumers want more personal information
protection. (to
the original material)
- Infosec products of
the month: September 2021. (to
the original material)
- How collaboration
between IT pros and senior leaders could drive the future
of risk mitigation. (to
the original material)
- Combating
vulnerability fatigue with automated security validation.
(to
the original material)
- Senate intel
committee to revive ‘roadshow’ on Chinese threats. (to
the original material)
- Largest mobile SMS
routing firm (Syniverse) discloses
five-year-long breach. (to
the original material)
- RaidForums (hacking
forum) forced to use mirror after Brazilian govt contacts
registrar. (to
the original material)
- What happened to
Facebook, Instagram, & WhatsApp? (to
the original material)
- Facebook, WhatsApp,
and Instagram down due to DNS outage. (to
the original material)
- Facebook Outage Drags Down Instagram, WhatsApp, Messenger, Oculus VR. (to the original material)
- Misconfigured Apache
Airflow instances expose credentials on AWS, PayPal and
Slack. (to
the original material)
- Misconfigured Apache
Airflow servers leak thousands of credentials. (to
the original material)
- UK plans to invest £5
billion in retaliatory cyber-attacks. (to
the original material)
- New Atom Silo
ransomware targets vulnerable Confluence servers. (to
the original material)
- Encrypted &
Fileless malware sees big growth. (to
the original material)
- Cyberattack drives
Johnson Memorial into EHR downtime procedures. (to
the original material)
- Transnational fraud
ring bilks U.S. Military Service Members out of millions.
(to
the original material)
- Dark web marketplace
White House Market shuts down. (to
the original material)
- AvosLocker ransomware
gang to auction the data of victims who don’t pay. (to
the original material)
- DHS and NIST release
post-quantum cryptography guidance. (to
the original material)
- Let’s Encrypt root
cert update catches out many big-name tech firms. (to
the original material)
- Google offers rewards
for better security in open-source code. (to
the original material)
- Vulnerability Summary
for the Week of September 27, 2021. (to
the original material)
- Passwords are the key
to your privacy. And the longer they are, the better. (to
the original material)
- Australian Police can
now spy on citizens, disrupt their computers, take over
their online accounts, and change their data. (to
the original material)
- Hacking the World –
Part 1: Hacking Basics. (to
the original material)
03.10.2021
- News
from Cyber Security.
- Transnational fraud
ring stole millions from Army members, veterans. (to
the original material)
- Week in review: 3
ways to guard against insider threats, cybersecurity
posture validation. (to
the original material)
02.10.2021
- News
from Cyber Security.
- Academics discover
hidden layer in China’s Great Firewall (GFW). (to
the original material)
- Sandhills online
machinery markets shut down by ransomware attack. (to
the original material)
- Ruby updates code of
conduct to promote inclusion. (to
the original material)
- Android flubot
malware installs itself by faking security update. (to
the original material)
- Hackers exploit 2FA
flaw to steal crypto from 6,000 Coinbase users. (to
the original material)
- When the charm
offensive didn’t work, threat actors just opted to be
offensive. (to
the original material)
- City of Dallas calls
IT protocols ‘inadequate’ in 131-page report on police
data loss. (to
the original material)
- Why doesn’t Ohio
notify victims of unemployment fraud or allow residents to
check if they’ve been scammed? (to
the original material)
- Epilepsy Foundation
of Texas notifies individuals following phishing attack. (to
the original material)
- Biden administration
to convene 30 countries to crack down on ransomware
threat. (to
the original material)
- Here are four
ransomware groups that businesses need to watch out for. (to
the original material)
- Coinbase says hackers
stole cryptocurrency from at least 6,000 customers. (to
the original material)
- Eskenazi Health now
says some patient, employee information stolen in cyber
attack. (to
the original material)
- Mozilla: Superman,
Batman, Spider-Man dominate list of passwords leaked in
breaches. (to
the original material)
- Security news this
week: Help might finally be on the way to fight SIM-Swap
attacks. (to
the original material)
01.10.2021
- News
from Cyber Security.
- Introducing the Secure
Open Source Pilot Program. (to
the original material)
- Prototype pollution
vulnerabilities rife among high-traffic websites, study
finds. (to
the original material)
- Google releases
security updates for Chrome. (to
the original material)
- White House to host
transnational ransomware meeting. (to
the original material)
- Business leaders admit
willingness to pay five-figure ransoms. (to
the original material)
- October is
Cybersecurity Awareness Month. (to
the original material)
- NCA and Europol
Formalize Cooperation on Cybercrime. (to
the original material)
- Defusing an in-progress
Active Directory attack. (to
the original material)
- Make employees part of
the security solution. (to
the original material)
- The Cybersecurity
industry’s most frequent typo: On-Premise vs. On-Premises. (to
the original material)
- Content sprawl is
increasing the risk of data breaches and leaks. (to
the original material)
- Cybercrime awareness
heightened, yet people still engage in risky online
behaviors. (to
the original material)
- How cybercrime hurts
some groups more than others. (to
the original material)
- Evolving beyond RBAC: :
Why ABAC is the future (Role Based Access Control).
(to
the original material)
- Three areas legal
leaders should focus their technology efforts in. (to
the original material)
- Today’s cars are mobile
data centers, and that data needs to be protected. (to
the original material)
- New infosec products of
the week: October 1, 2021. (to
the original material)
- The Week in Ransomware
- October 1st 2021 - "This was preventable". (to
the original material)
- US unites 30 countries
to disrupt global ransomware attacks. (to
the original material)
- FCC (Federal
Communications Commission) orders phone carriers to enforce
unlawful robocall blocking. (to
the original material)
- Crypto platform
mistakenly gives $90M to users, asks for refund. (to
the original material)
- MoneyLion (banking and
investment platform) locks customer accounts after
credential stuffing attacks. (to
the original material)
- Neiman Marcus (luxury
store chain) sends notices of breach to 4.3 million
customers. (to
the original material)
- Major data breach hits
Neiman Marcus. (to
the original material)
- The FCC proposes rules
to fight SIM swap and port-out fraud. (to
the original material)
- Hackers rob thousands
of Coinbase customers using MFA (multi-factor
authentication) flaw. (to
the original material)
- Flubot Android malware
now spreads via fake security updates. (to
the original material)
- Hydra malware targets
customers of Germany's second largest bank. (to
the original material)
- Apple Pay can be abused
to make contactless payments from locked iPhones. (to
the original material)
- Chinese hackers used a
new rootkit to spy on targeted Windows 10 users. (to
the original material)
- New APT ChamelGang
targets Russian energy, aviation orgs. (to
the original material)
- Malicious hackers are
exploiting known vulnerabilities because organizations
aren’t quick enough to patch – report. (to
the original material)
- Tech heavyweights
release Trusted Cloud Principles for protecting security,
privacy of cloud data. (to
the original material)
- Cybersecurity is No. 2
global threat in new survey – ahead of pandemics. (to
the original material)
- Vast majority of
malware arrives over encrypted connections. (to
the original material)
- Semperis aims to stop
attacks on Active Directory from moving laterally to the
cloud. (to
the original material)
- What is Account
Takeover Fraud? (to
the original material)
- What is a VPN solution,
how does it protect me and what benefits does it give me? (to
the original material)
- The difference between
a VPN solution and incognito mode. How do they protect your
privacy? (to
the original material)
- Congress increases
pressure with new bills targeting cybercrime. (to
the original material)
- Boost readiness with
tabletop exercises. (to
the original material)
Archive:
Click here to access CMS (Content Management System) in Joomla.
Source:
Note Dorin M.
This site has a double
form, one in HTML and one in Joomla (if you are interested
in the utility behind this effort you can read the "Why
a HTML and a CMS (Joomla)" page).
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
Dorin M - October 31, 2021