Study - Technical - LMS-SFC (EN) - Cyber Security - News Archive September 2021

Cyber Security - News Archive

September 2021

30.09.2021 - News from Cyber Security.

- Cybersecurity News of the Week (30.09.2021). (to the original material)

- Bug Bounty Radar - The latest bug bounty programs for October 2021. (to the original material)

- What can we learn from the top cloud security breaches? (to the original material)

- Baby’s death alleged to be linked to ransomware. (to the original material)

- Revived Mirai variant now targets a zero-day in Ruijie Routers. (to the original material)

- Gaming platforms face a major threat from BloodyStealer. (to the original material)

- GhostEmperor: From ProxyLogon to kernel mode. (to the original material)

- Proxy Phantom: Fraud rings flood online merchants with credential stuffing attacks. (to the original material)

- Mac Users Targeted by Trojanized iTerm2 App. (to the original material)

- Nation-state attacks fears grow, execs don’t trust governments to protect them from cyber threats. (to the original material)

- SASE initiatives are gaining momentum. (to the original material)

- How much trust should we place in the security of biometric data?. (to the original material)

- Third-party risk prevention strategies inadequate despite organizations being aware of the threats. (to the original material)

- C-level execs confident in their software supply chain security, but challenges remain. (to the original material)

- CSPs (Communication Service Providers) deploying AI to improve customer experience and reduce operational costs. (to the original material)

- Thousands of University Wi-Fi networks expose log-in credentials. (to the original material)

- CSA (Cloud Security Alliance) examines top 10 blockchain attacks, vulnerabilities, and weaknesses. (to the original material)

- QNAP fixes bug that let attackers run malicious commands remotely. (to the original material)

- Google pushes emergency Chrome update to fix two zero-days. (to the original material)

- Fake Amnesty International Pegasus scanner used to infect Windows. (to the original material)

- GhostEmperor hackers use new Windows 10 rootkit in attacks. (to the original material)

- JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data. (to the original material)

- WireX DDoS botnet admin charged for attacking hotel chain. (to the original material)

- RansomEXX ransomware Linux encryptor may damage victims' files. (to the original material)

- US Congress asks FBI to explain delay in helping Kaseya attack victims. (to the original material)

- CISA and NSA provide tips for securing VPNs. (to the original material)

29.09.2021 - News from Cyber Security.

- Ransomware attacks on the rise – How to counter them? (to the original material)

- IT executives do not believe their business can have both a flexible and usable Kubernetes environment. (to the original material)

- Ransomware attacks on healthcare organizations may have life-or-death consequences. (to the original material)

- Certificates volume growing, most enterprises considering PKI automation to reduce risks. (to the original material)

- Apple Pay with VISA lets hackers force payments on locked iPhones. (to the original material)

- Facebook open-sources tool to find Android app security flaws. (to the original material)

- Russia arrests cybersecurity firm CEO after raiding offices. (to the original material)

- CISA releases tool to help orgs fend off insider threat risks. (to the original material)

- Trucking giant Forward Air reports ransomware data breach. (to the original material)

- New Tomiris backdoor likely developed by SolarWinds hackers. (to the original material)

- New Android malware steals millions after infecting 10M phones. (to the original material)

- Canadian vaccine passport app exposes data. (to the original material)

- More than two-thirds of organizations are targets of at least one ransomware attack. (to the original material)

- US Mulls cyber-attack reporting mandate. (to the original material)

- Criminalii cibernetici moderni nu hăcuiesc - Se conectează. (to the original material)

- YouTube pledges to block all anti-vaccine content. (to the original material)

- ICO (Information Commissioner's Office) reveals 60% rise in nuisance contact reports. (to the original material)

- CISA and NSA deliver new security guidance for VPNs. (to the original material)

- Mental healthcare providers report data breaches. (to the original material)

- How ground-breaking is WhatsApp's Fine? (to the original material)

- Most third-party cloud containers have vulnerabilities. (to the original material)

- SolarWinds attackers develop new FoggyWeb backdoor. (to the original material)

28.09.2021 - News from Cyber Security.

- CISA and NSA release guidance on selecting and hardening VPNs. (to the original material)

- NSA, CISA share VPN security tips to defend against hackers. (to the original material)

- RCE vulnerability in Hikvision cameras (CVE-2021-36260). (to the original material)

- Announcing new patch reward program for Tsunami Security Scanner. (to the original material)

- FinFisher malware hijacks Windows Boot Manager with UEFI bootkit. (to the original material)

- Ukraine takes down call centers behind cryptocurrency investor scams. (to the original material)

- New Microsoft Exchange service mitigates high-risk bugs automatically. (to the original material)

- Working exploit released for VMware vCenter CVE-2021-22005 bug. (to the original material)

- How to prevent corporate data leaks in the cloud. (to the original material)

- Russia-Linked Nobelium deploying new 'FoggyWeb' malware. (to the original material)

- New malware 'BloodyStealer' targets gaming accounts. (to the original material)

- Ransomware patch or perish: Attackers exploit ColdFusion. (to the original material)

- Cyber-attack floors British payroll firm. (to the original material)

- Hospital security teams: Are the odds stacked against them? (to the original material)

- Cybersecurity 2021: Where are we moving into Q4? (to the original material)

- US Deports convicted cyber-criminal to Russia. (to the original material)

- Nebraska County attorney indicted for cyber-stalking. (to the original material)

- New emergency fraud hotline launched in UK. (to the original material)

- Half of regulated firms see pandemic spike in financial crime. (to the original material)

- How to improve patch management. (to the original material)

- Crypto developer pleads guilty to North Korean plot. (to the original material)

- To avoid cyberattacks, companies need to think like hackers. (to the original material)

- The biggest problem with ransomware is not encryption, but credentials. (to the original material)

- The relationship between development and security teams affects speed to market. (to the original material)

- CNP (Card Not Present) transaction fraud costing merchants millions in revenue, fraudsters getting more sophisticated. (to the original material)

- Enterprise security challenges and increased cloud usage fueled by remote work. (to the original material)

- U.S. Treasury aims to discourage ransomware payments. (to the original material)

27.09.2021 - News from Cyber Security.

- 27th September – Threat Intelligence Report. (to the original material)

- High-Profile BluStealer malware steals sensitive info and files. (to the original material)

- Proper password security falling short despite increase in online presence. (to the original material)

- 3 ways any company can guard against insider threats this October. (to the original material)

- How to avoid the pitfalls of multi-cloud strategy deployment. (to the original material)

- Corporate attack surface exploding as a result of remote work. (to the original material)

- Consumers will abandon a brand that can’t balance convenience and privacy. (to the original material)

- A multi-party data breach creates 26x the financial damage of single-party breach. (to the original material)

- SaaS (Software-as-a-Service) security is becoming a primary concern for businesses. (to the original material)

- EU slams Russia over disinformation hacking campaign. (to the original material)

- Bandwidth.com is latest victim of DDoS attacks against VoIP providers. (to the original material)

- Microsoft: Nobelium uses custom malware to backdoor Windows domains. (to the original material)

- Ethereum dev admits to helping North Korea evade crypto sanctions. (to the original material)

- QNAP fixes critical bugs in QVR video surveillance solution. (to the original material)

- New malware (BloodyStealer) steals Steam, Epic Games Store, and EA Origin accounts. (to the original material)

- Malicious 'Safepal Wallet' Firefox add-on stole cryptocurrency. (to the original material)

- Computer scientist jailed over dark web conspiracy. (to the original material)

- #IMOS21: Global Threat Brief - The most dangerous attack techniques in 2021. (to the original material)

- #HowTo: Make you and your departments more digitally secure. (to the original material)

- California Hospital sued over data breach. (to the original material)

- US-Led Quad launches new cyber group. (to the original material)

- Port of Houston quells cyber-attack. (to the original material)

- Vulnerability Summary for the Week of September 20, 2021. (to the original material)

- Why we keep talking about password security. (to the original material)

- EU is spending more than a billion dollars expanding biometric honeypots, despite risks to privacy and freedom. (to the original material)

26.09.2021 - News from Cyber Security.

- Microsoft will disable Basic Auth in Exchange Online in October 2022. (to the original material)

- ZuRu malware exploits Baidu search results. (to the original material)

- Credential phishing campaign targets governments in APAC and EMEA. (to the original material)

- Week in review: How to retain best cybersecurity talent, securing Kubernetes, data decay. (to the original material)

25.09.2021 - News from Cyber Security.

- Microsoft WPBT flaw lets hackers install rootkits on Windows devices. (to the original material)

- Exchange/Outlook autodiscover bug spills 100K+ email passwords. (to the original material)

- Bitcoin.org hackers steal $17,000 in 'double your cash' scam. (to the original material)

24.09.2021 - News from Cyber Security.

- VMware vCenter Server vulnerability CVE-2021-22005 under active exploit. (to the original material)

- Hackers exploiting critical VMware vCenter CVE-2021-22005 bug. (to the original material)

- Google releases security updates for Chrome. (to the original material)

- Critical vulnerability in ManageEngine ADSelfService Plus exploited by cyber actors. (to the original material)

- The Week in Ransomware - September 24th 2021 - Targeting crypto. (to the original material)

- United Health Centers ransomware attack claimed by Vice Society. (to the original material)

- EU officially blames Russia for 'Ghostwriter' hacking activities. (to the original material)

- Researcher drops three iOS zero-days that Apple refused to fix. (to the original material)

- Cisco fixes highly critical vulnerabilities in IOS XE Software. (to the original material)

- SonicWall fixes critical bug allowing SMA 100 device takeover. (to the original material)

- ExpressVPN employees complain about ex-spy's top role at company. (to the original material)

- OWASP Top 10 2021: The most serious web application security risks. (to the original material)

- A new zero-day is being exploited to compromise Macs (CVE-2021-30869). (to the original material)

- New infosec products of the week: September 24, 2021. (to the original material)

- Implementing risk quantification into an existing GRC (Governance, Risk Management, Compliance) program. (to the original material)

- The evolution of DRaaS (Disaster Recovery-as-a-Service). (to the original material)

- Policy and patience key in Biden’s cybersecurity battle. (to the original material)

- Most IT leaders prioritize cloud migration, yet security concerns remain. (to the original material)

- SaaS (Software-as-a-Service) subscriptions bouncing back as enterprises seek innovation. (to the original material)

- Florida yet to spend $30M allocated for cybersecurity. (to the original material)

- Complex new SMS malware discovered. (to the original material)

- 'Anonymous' hackers claim to hit website hosting firm popular with far-right groups. (to the original material)

- Cyber threats result in 60% increase in cyber intelligence sharing among financial firms. (to the original material)

23.09.2021 - News from Cyber Security.

- Cybersecurity News of the Week (23.09.2021). (to the original material)

- Apple releases security updates. (to the original material)

- Apple patches new zero-day bug used to hack iPhones and Macs. (to the original material)

- Cisco releases security updates for multiple products. (to the original material)

- CISA releases guidance: IPv6 considerations for TIC 3.0. (to the original material)

- US Eye-Care providers report data breaches. (to the original material)

- State of SecOps 2021: 5 Trends that should shape your security approach. (to the original material)

- FBI and CISA issue Conti warning. (to the original material)

- More Afghan citizens' data exposed in second MoD (Ministry of Defence, UK) breach. (to the original material)

- Illinois clarifies limitations on data privacy claims. (to the original material)

- Ransomware is harming cybersecurity strategy: What can organizations do? (to the original material)

- 85% of UK's top universities at risk of email fraud. (to the original material)

- Google: Manifest V2 Chrome extensions to stop working in 2023. (to the original material)

- Hacking group used ProxyLogon exploits to breach hotels worldwide. (to the original material)

- Malware devs trick Windows validation with malformed certs. (to the original material)

- REvil ransomware devs added a backdoor to cheat affiliates. (to the original material)

- How to secure your Dropbox account - Picture guide. (to the original material)

- Apple postpones photo scanning technology on iPhone devices due to privacy concerns. (to the original material)

- How the Bumble app revealed the exact location of users. (to the original material)

- Top 7 ways threat actors abuse Google Forms. (to the original material)

- Most malware attacks now involve ransomware – report. (to the original material)

- Nagios XI vulnerabilities open enterprise IT infrastructure to attack. (to the original material)

- U.S. Department of the Treasury announces set of actions to counter ransomware. (to the original material)

- Protecting IoT devices requires a DNS-based solution. (to the original material)

- Consumers taking action to protect themselves online, though confidence is low. (to the original material)

- DDoS attacks increased 11% in 1H 2021, fueling a global security crisis. (to the original material)

- Ransomware attack levels soaring, now accounting for 69% of all attacks involving malware. (to the original material)

- SaaS applications investment growing despite underutilization of app licenses by employees. (to the original material)

- Future of work: Cybersecurity and hybrid working as top two enterprise priorities. (to the original material)

- Doing SASE right: A roadmap for successful convergence. (to the original material)

22.09.2021 - News from Cyber Security.

- CISA, FBI, and NSA release joint cybersecurity advisory on Conti ransomware. (to the original material)

- FBI, CISA, and NSA warn of escalating Conti ransomware attacks. (to the original material)

- Google releases security updates for Chrome. (to the original material)

- Distroless builds are now SLSA 2. (to the original material)

- Chrome willing to take performance hit to prevent use-after-free bugs. (to the original material)

- Zoom's $14.7 billion deal for Five9 under US national security review. (to the original material)

- What is the cyber attack surface and how can you reduce it? (to the original material)

- Mind your afternoon emails: it’s scammer time. (to the original material)

- Mafia cybercrime group dismantled by Europol. (to the original material)

- US Locks Up Call Center Scammer. (to the original material)

- SCADAfence partners with Keysight technologies. (to the original material)

- US Execs tout retaliation over diplomacy. (to the original material)

- #IMOS21: Alyssa Miller's advice for building a successful infosecurity career. (to the original material)

- Hackers are scanning for VMware CVE-2021-22005 targets, patch now!. (to the original material)

- Apple will disable insecure TLS (Transport Layer Security) in future iOS, macOS releases. (to the original material)

- Second farming cooperative (Minnesota Crystal Valley) shut down by ransomware this week. (to the original material)

- Modern cyber protection: The digital must-have for home users. (to the original material)

- PaaS (Phishing-as-a-service) operation uses double theft to boost profits. (to the original material)

- Microsoft Exchange Autodiscover bugs leak 100K Windows credentials. (to the original material)

- RaidForums data marketplace accidentally exposes private staff page. (to the original material)

- A malicious document could lead to RCE in Apache OpenOffice (CVE-2021-33035). (to the original material)

- Creepy data collection and sharing remain common on popular apps. (to the original material)

- Plug critical VMware vCenter Server flaw before ransomware gangs start exploiting it (CVE-2021-22005). (to the original material)

- How to protect the corporate network from spyware. (to the original material)

- We cannot afford for healthcare security to be the “lowest-hanging fruit”. (to the original material)

- How do I select a data privacy management solution for my business?. (to the original material)

- 2 million malicious emails bypassed secure email gateways in 12 months. (to the original material)

- Half of web owners don't know if their site has been attacked. (to the original material)

21.09.2021 - News from Cyber Security.

- NETGEAR releases security updates for RCE vulnerability. (to the original material)

- VMware releases security updates. (to the original material)

- Apple releases security updates for multiple products. (to the original material)

- An update on Memory Safety in Chrome. (to the original material)

- Cryptominer z0Miner uses newly discovered vulnerability CVE-2021-26084 to its advantage. (to the original material)

- After ransomware attack, company finds 650+ breached credentials from NEW Cooperative employees. (to the original material)

- US Treasury Dept. sanctions Russian cryptocurrency exchange for work with ransomware groups. (to the original material)

- Users increasingly willing to abandon digital platforms that demand personal info, stringent passwords and time-consuming forms: study. (to the original material)

- HackerOne expands Internet Bug Bounty project to tackle open source bugs. (to the original material)

- Democracy advocate finds internet freedom has declined globally for 11th consecutive year. (to the original material)

- Four months on from a sophisticated cyberattack, Alaska's health department is still recovering. (to the original material)

- Turla hacking group launches new backdoor in attacks against US, Afghanistan. (to the original material)

- Siemens Energy launches AI solution to fight industrial cybercrime. (to the original material)

- New macOS zero-day bug lets attackers run commands remotely. (to the original material)

- VMware warns of critical bug in default vCenter Server installs. (to the original material)

- The US to sanction a Czech crypto exchange (Suex OTC, SRO) over ransomware attacks. (to the original material)

- Cring ransomware exploits 11-year-old version of Adobe’s ColdFusion 9 software. (to the original material)

- New Cooperative Inc. ransomware attack may threaten US food supply. (to the original material)

- Afghan interpreters' data exposed in MoD (Ministry of Defence) breach. (to the original material)

- Medical Device Cybersecurity Center launches in Minnesota. (to the original material)

- Hacker steals $12M from DeFi Platform (to the original material)

- Malicious email surge predicted for Q4. (to the original material)

- European Police bust €10m mafia fraud ring. (to the original material)

- Microsoft Power Apps data exposure: Prioritizing sensitive data with secure configuration settings. (to the original material)

- The complexities of vulnerability remediation and proactive patching. (to the original material)

- 77% of execs concerned about security tools gaps in their company. (to the original material)

- Organizations prioritize strategic security programs, but lack fundamentals. (to the original material)

- Office workers unwilling to change their behavior, despite being aware of the cybersecurity challenges. (to the original material)

- 4 things we learned from Secured.21. (to the original material)

- Focus on the four modern security fundamentals (to the original material)

- UK leads the charge against end-to-end encryption, calls on tech companies to “Nerd Harder”. (to the original material)

20.09.2021 - News from Cyber Security.

- 20th September – Threat Intelligence Report. (to the original material)

- Republican Governors Association email server breached by state hackers). (to the original material)

- Europol links Italian Mafia to million-dollar phishing scheme. (to the original material)

- EventBuilder misconfiguration exposes personal details of 100,000 event registrants. (to the original material) (to the original material)

- VoIP.ms phone services disrupted by DDoS extortion attack. (to the original material)

- US farmer cooperative hit by $5.9M BlackMatter ransomware attack. (to the original material)

- Iowa farm services provider hit with BlackMatter ransomware and $5.9 million ransom. (to the original material)

- Hacked sites push TeamViewer using fake expired certificate alert. (to the original material)

- How to fix the Windows 0x0000011b network printing error. (to the original material)

- Zero-click RCE vulnerability in Hikvision security cameras could lead to network compromise. (to the original material)

- US policy change states healthcare apps must follow data breach notification rules. (to the original material)

- VPN users unmasked by zero-day vulnerability in Virgin Media routers. (to the original material)

- UK armed forces confirm cyber as fifth dimension of warfare. (to the original material)

- A new Dridex variant wraps itself in Import Tariff Scheme. (to the original material)

- Apple fixed two zero-day flaws linked to Pegasus. (to the original material)

- Victoria (Australia) launches five-year, AU$50 million cyber strategy. (to the original material)

- CMA CGM hit by another cyber attack. (to the original material)

- Vulnerability Summary for the Week of September 13, 2021. (to the original material)

- Water Basilisk uses new HCrypt variant to flood victims with RAT payloads. (to the original material)

- Phishing attacks: Police make 106 arrests as they break up online fraud group. (to the original material)

- Trust, but verify: An in-depth analysis of ExpressVPN's terrible, horrible, no good, very bad week. (to the original material)

- Google: This major privacy change is coming to billions of Android devices soon. (to the original material)

- Facebook rebukes WSJ (Wall Street Journal) over investigation on the platform's ability to harm, 'toxic' impact. (to the original material)

- Bot farm in Ukraine seized by law enforcement. (to the original material)

- Bad romance: crypto scammers exchange 'love' for money. (to the original material)

- How to retain the best talent in a competitive cybersecurity market. (to the original material)

- What businesses need to know about data decay. (to the original material)

- Zero trust security solutions widely adopted, spurred by surge in ransomware. (to the original material)

- Ransomware still a primary threat as cybercriminals evolve tactics. (to the original material)

- Tech pros reporting a positive perception of their roles, looking forward to what lies ahead. (to the original material)

- Managing an expanding attack surface in the post-COVID era. (to the original material)

19.09.2021 - News from Cyber Security.

- New "Elon Musk Mutual Aid Fund" or "Elon Musk Club" crypto giveaway scam promoted via email. (to the original material)

- AT&T lost $200M in seven years to illegal phone unlocking scheme. (to the original material)

- Week in review: Kali Linux 2021.3, how to avoid cloud configuration breaches, hybrid digital dexterity. (to the original material)

18.09.2021 - News from Cyber Security.

- Researchers compile list of vulnerabilities abused by ransomware gangs. (to the original material)

- Epik hack exposes lax security practices at controversial web host. (to the original material)

- Google announces partnership to review security of open source software projects. (to the original material)

17.09.2021 - News from Cyber Security.

- The Week in Ransomware - September 17th 2021 - REvil decrypted. (to the original material)

- U.S. to sanction crypto exchanges, wallets used by ransomware. (to the original material)

- US to target ransomware payments in cryptocurrency with sanctions. (to the original material)

- Admin of DDoS service behind 200,000 attacks faces 35yrs in prison. (to the original material)

- Billions more Android devices will reset risky app permissions. (to the original material)

- OMIGOD: Microsoft Azure VMs exploited to drop Mirai, miners. (to the original material)

- Microsoft asks Azure Linux admins to manually patch OMIGOD bugs. (to the original material)

- Microsoft releases security update for Azure Linux Open Management Infrastructure. (to the original material)

- How to fix printers asking for admins creds after PrintNightmare patch. (to the original material)

- US govt sites showing porn, viagra ads share a common software vendor (Laserfiche). (to the original material)

- Victims of the most widespread ransomware of the moment can recover their blocked data without paying. (to the original material)

- Musk vows to work with global regulators on data security. (to the original material)

- Employees beware: 82% of IT execs anxious about WFH (Working From Home) security. (to the original material)

16.09.2021 - News from Cyber Security.

- Cybersecurity News of the Week (16.09.2021). (to the original material)

- Remote code execution vulnerability present in the MSHTML component of Microsoft Windows. (to the original material)

- Microsoft: Windows MSHTML bug now exploited by ransomware gangs. (to the original material)

- ACSC (Australian Cyber Security Centre) Annual Cyber Threat report 2020-21. (to the original material)

- ACSC Releases Annual Cyber Threat Report. (to the original material)

- FBI-CISA-CGCYBER Advisory on APT exploitation of ManageEngine ADSelfService Plus vulnerability. (to the original material)

- FBI and CISA warn of state hackers exploiting critical Zoho bug. (to the original material)

- CISA, FBI: State-Backed APTs (Advanced Persistence Threat) may be exploiting critical Zoho bug. (to the original material)

- FBI: $113 million lost to online romance scams this year. (to the original material)

- New malware uses Windows Subsystem for Linux for stealthy attacks. (to the original material)

- REvil/Sodinokibi ransomware universal decryptor key is out. (to the original material)

- Azure Zero-Day flaws highlight lurking supply-chain risk. (to the original material)

- Free REvil ransomware master decrypter released for past victims. (to the original material)

- HP Omen Hub exposes millions of gamers to cyberattack. (to the original material)

- Following cryptocurrency via public ledgers. (to the original material)

- Drupal releases multiple security updates. (to the original material)

- The Securities and Exchange Commission issues $114 million to two whistle blowers. (link material original)

- Meris botnet leverages HTTP pipelining to smash DDoS attack records. (link material original)

- Manufacturing industry must limit internal data access to prevent sensitive leaks - report. (to the original material)

- Remote code execution flaw allowed hijack of Motorola Halo+ baby monitors. (to the original material)

- Midyear 2021 Cybersecurity Landscape Review: Attacks from all angles abound. (to the original material)

15.09.2021 - News from Cyber Security.

- Microsoft fixes critical bugs in secretly installed Azure Linux app. (to the original material)

- Google supports Open Source Technology Improvement Fund. (to the original material)

- Ransomware encrypts South Africa's entire Dept of Justice network. (to the original material)

- MikroTik shares info on securing routers hit by massive Mēris botnet. (to the original material)

- Ransomware gang Grief threatens to wipe decryption key if negotiator hired. (to the original material)

- Kali Linux 2021.3 released with new pentest tools, improvements. (to the original material)

- Microsoft rolls out passwordless login for all Microsoft accounts. (to the original material)

- Microsoft to let users completely remove account passwords and go passwordless. (to the original material)

- DoJ (Department of Justice): Former NSA operatives worked as cyber-mercenaries, helping hack U.S. Systems. (to the original material)

- Former U.S. intel operatives to pay $1.6M for hacking for foreign govt. (to the original material)

- ExpressVPN executive Daniel Gericke fined $335,000 for benefiting from cyber surveillance. (to the original material)

- Three ex-US intelligence officers admit cyberspying for Emiratis. (to the original material)

- Anonymous hacks and leaks data from domain registrar Epik. (to the original material)

- Ransomware accounted for a quarter of all cyber insurance claims in Europe between 2016 and 2020. (to the original material)

- Ransomware threats Loom over food supply chain management. (to the original material)

- No patch for high-severity bug in Legacy IBM System X Servers. (to the original material)

- Attackers Impersonate DoT (Department of Transportation) in two-day phishing scam. (to the original material)

- Skipping over spyware concerns, Apple boasts ‘built-in privacy’. (to the original material)

- Supply chain attacks against the open source ecosystem soar by 650% – report. (to the original material)

- Credential leak fears raised following security breach at Travis CI. (to the original material)

- Analyzing The ForcedEntry Zero-Click iPhone Exploit Used By Pegasus. (to the original material)

- Prototype pollution: The dangerous and underrated vulnerability impacting JavaScript applications. (to the original material)

- How automated workflows and public APIs help improve incident response. (to the original material)

14.09.2021 - News from Cyber Security.

- Beware of these 5 common scams on Instagram. (to the original material)

- Apple patched iMessage. But can it be made safer overall? (to the original material)

- Adobe releases security updates for multiple products. (to the original material)

- Adobe snuffs critical bugs in Acrobat, Experience Manager. (to the original material)

- Citrix releases security update for ShareFile Storage Zones Controller. (to the original material)

- SAP releases September 2021 Security Updates . (to the original material)

- Microsoft releases September 2021 Security Updates. (to the original material)

- Microsoft patches actively exploited Windows zero-day bug. (to the original material)

- Google lansează actualizări de securitate pentru Chrome. (to the original material)

- CERT NZ (Computer Emergency Response Team New Zealand) releases Ransomware Protection Guide for Businesses. (to the original material)

- Microsoft fixes remaining Windows PrintNightmare vulnerabilities. (to the original material)

- Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug. (to the original material)

- Microsoft September 2021 Patch Tuesday fixes 2 zero-days, 60 flaws. (to the original material)

- New Zloader attacks disable Windows Defender to evade detection. (to the original material)

- Millions of HP OMEN gaming PCs impacted by driver vulnerability. (to the original material)

- Amid vaccine mandates, fake vaccine certificates become a full blown industry. (to the original material)

- Indra - Hackers Behind Recent Attacks on Iran. (to the original material)

- Apple issued a patch to the FORCEDENTRY flaw as experts urge acting fast. (to the original material)

- Apple issues emergency fix for NSO zero-click zero day. (to the original material)

- Apple doubles down on 5G with new iPhone 13, upgrades iPad Mini. (to the original material)

- Every fourth financial organization hit by ransomware succumbed to criminals’ demands. (to the original material)

- Cyber arms dealer exploits new iPhone software vulnerability, affecting most versions, say researchers. (to the original material)

- ‘No indication’ Russia has cracked down on ransomware gangs, top FBI official says. (to the original material)

- Attacks from all angles 2021 midyear cybersecurity report. (to the original material)

- 2021’s Most dangerous software weaknesses. (to the original material)

- Zloader's (sophisticated and improved banking trojan) back, abusing Google AdWords, disabling Windows Defender. (to the original material)

- Pair of Google Chrome Zero-Day Bugs Actively Exploited. (to the original material)

- Unpatched bugs plague databases; Your data is probably not secure – Podcast (the average global vulnerability per database is 26 vulnerabilities). (to the original material)

- Close to half of on-prem databases contain vulnerabilities, with many critical flaws. (to the original material)

- 3 exciting product innovations announced at Secured.21. (to the original material)

- Report: The state of network security in 2021. (to the original material)

13.09.2021 - News from Cyber Security.

- 13th September – Threat Intelligence Report. (to the original material)

- Linux Implementation of Cobalt Strike Beacon (legitimate penetration testing tool - ethical hacking) targeting organizations worldwide. (to the original material)

- Hacker-made Linux Cobalt Strike beacon used in ongoing attacks. (to the original material)

- Critical bug reported in NPM Package (Pac-Resolver) with millions of downloads weekly. (to the original material)

- New SpookJS attack bypasses Google Chrome's site isolation protection. (to the original material)

- Risky business or a leap of faith? A risk based approach to optimize cybersecurity certification. (to the original material)

- Vulnerability Summary for the Week of September 6, 2021. (to the original material)

- Google patches 10th Chrome zero-day exploited in the wild this year. (to the original material)

- Apple fixes iOS zero-day used to deploy NSO iPhone spyware. (to the original material)

- FTC warns of extortionists targeting LGBTQ+ community on dating apps. (to the original material)

- BlackMatter ransomware hits medical technology giant Olympus. (to the original material)

- Olympus: 'Potential Cyber Incident' disrupted EMEA system. (to the original material)

- Apple releases security updates to address CVE-2021-30858 and CVE-2021-30860. (to the original material)

- CISA's Annual National Cybersecurity Summit. (to the original material)

- HHS (Department of Health and Human Services) warns health sector of BlackMatter attacks. (to the original material)

- Indonesian Intelligence Agency reportedly breached. (to the original material)

- Here’s how scammers threaten "closeted" LGBTQ+ people. (to the original material)

- Threat actor ports Cobalt Strike beacon to Linux, uses it in attacks. (to the original material)

- REvil’s Back; Coder Fat-Fingered away its decryptor key? (to the original material)

- WhatsApp’s End-to-End Encryption isn’t actually broken. (to the original material)

- Honing cybersecurity strategy when everyone’s a target for ransomware. (to the original material)

- WooCommerce multi currency bug allows shoppers to change eCommerce pricing. (to the original material)

- APT-C-36 updates its spam campaign against South American entities with commodity RATs. (to the original material)

- Shift to remote work requires Zero Trust. (to the original material)

- What the West’s disorderly withdrawal from Afghanistan tells us about privacy and its preservation. (to the original material)

12.09.2021 - News from Cyber Security.

- Windows MSHTML zero-day exploits shared on hacking forums. (to the original material)

- Hackers stole Puma source code, no customer data, company says. (to the original material)

11.09.2021 - News from Cyber Security.

- REvil ransomware is back in full attack mode and leaking data. (to the original material)

- Pysa ransomware gang targets Linux. (to the original material)

- Talbert House issues press release about June security incident. (to the original material)

- NY: Rehabilitation Support Services notifies clients and employees of data breach. (to the original material)

- Barlow Respiratory Hospital recovering from breach but may have a long incident response road ahead. (to the original material)

- Mēris Botnet hit Russia's Yandex with massive 22 Million RPS DDoS attack. (to the original material)

- WhatsApp to finally let users encrypt their chat backups in the Cloud. (to the original material)

10.09.2021 - News from Cyber Security.

- The Week in Ransomware - September 10th 2021 - REvil returns. (to the original material)

- MyRepublic (Singapore telecommunications carrier) discloses data breach exposing government ID cards. (to the original material)

- MyRepublic data breach raises data-protection questions. (to the original material)

- WordPress releases security update. (to the original material)

- University Hacker Sent to Prison. (to the original material)

- Poland extradites alleged botnet operator to US. (to the original material)

- Colorado County clerk charged with Cybercrime. (to the original material)

- UK to Revamp ICO (Information Commissioner Office), as part of data rules reform. (to the original material)

- Ukrainian extradited to US faces credential theft charges. (to the original material)

- China-Linked Grayfly gang spotted using Sidewalk backdoor. (to the original material)

- Microsoft Alert: Serious flaw in Azure Container instances. (to the original material)

- Transforming an organization's security culture. (to the original material)

- 20 Years After 9/11: How US cybersecurity landscape evolved. (to the original material)

- 20 Years Later: A Cyber 9/11 is unlikely. (to the original material)

- ISMG Editors' Panel: Ransomware affiliates seek new gangs. (to the original material)

- United Nations says attackers breached its systems. (to the original material)

- Ransomware: Hot or Not? Here's attackers' ideal target. (to the original material)

- Ransomware Stopper: Mandatory Ransom Payment Disclosure. (to the original material)

- Education Department updates rules and criminal penalties for accessing agency data. (to the original material)

- Fujitsu confirms stolen data not connected to cyberattack on its systems. (to the original material)

- All of Desert Wells Family Medicine patients’ electronic health records were corrupted and unrecoverable from ransomware attack. (to the original material)

- New .avos2 variant: AvosLocker affiliate extorts $ 85k from victim thanks to old vulnerability in FortiGate VPN. (to the original material)

- “REvil” reappears on forum - but not “Unknown?”. (to the original material)

- UK and US cyber security leaders meet to discuss shared threats and opportunities. (to the original material)

- SOVA: New Android banking trojan emerges with growing capabilities. (to the original material)

- August 2021’s Most wanted malware: Formbook climbs into first place. (to the original material)

- Top steps for ransomware recovery and preparation. (to the original material)

- Yandex pummeled by potent Meris DDoS botnet. (to the original material)

- SOVA, worryingly sophisticated android trojan, takes flight. (to the original material)

- 5 Steps for securing your remote work space. (to the original material)

- Stolen credentials led to data theft at United Nations. (to the original material)

09.09.2021 - News from Cyber Security.

- Cybersecurity News of the Week (09.09.2021). (to the original material)

- A zero-day vulnerability in Internet Explorer threatens Microsoft Office users. (to the original material)

- Active Directory Kill Chain attack & defense toolkit. (to the original material)

- Introducing Android’s Private Compute Services. (to the original material)

- Yandex is battling the largest DDoS in Russian Internet history. (to the original material)

- Windows MSHTML zero-day defenses bypassed as new info emerges. (to the original material)

- Microsoft fixes bug letting hackers take over Azure containers. (to the original material)

- Microsoft warns of Azure vulnerability with data leak potential. (to the original material)

- New Mēris botnet breaks DDoS record with 21.8 million RPS attack (request per second). (to the original material)

- Citrix releases security updates for Hypervisor. (to the original material)

- Cisco releases security updates for multiple products. (to the original material)

- Update your Confluence server now! (to the original material)

- Prison for BEC (Business Email Compromise) scheme money launderer. (to the original material)

- Cyber-criminal targets Dadsnet founders. (to the original material)

- Hackers steal data from United Nations. (to the original material)

- Interview: Rodney Joffe discusses the rise of RDDoS (Ransom-related Distributed Denial of Service). (to the original material)

- Why the Pegasus Mobile Spyware incident is a wake-up call. (to the original material)

- Security now a "Thankless Task" for 80% of IT teams. (to the original material)

- Attacker breakout time now less than 30 minutes, rapid lateral movement becoming the norm. (to the original material)

- Babuk ransomware (spinoff Groove) promises maximum profits for ransomware affiliates. (to the original material)

- Financial Cybercrime: Why cryptocurrency is the perfect ‘Getaway Car’. (to the original material)

- ‘Azurescape’ Kubernetes attack allows cross-container cloud compromise. (to the original material)

- Zoho ManageEngine Password Manager zero-day gets a fix, amid attacks. (to the original material)

- How China’s information protection law affects businesses. (to the original material)

- Case Study: Team approach for medical device cybersecurity. (to the original material)

- Your boss isn’t emailing you about a gift card, warns the US Federal Trade Commission. (to the original material)

- Yandex claims to be hit by the largest DDoS attack in history. (to the original material)

- Meet Meris, the new 250,000-strong DDoS botnet terrorizing the internet. (to the original material)

- Fortinet warns customers after hackers leak passwords for 87,000 VPNs. (to the original material)

- Thousands of Fortinet VPN account credentials leaked. (to the original material)

- Money launderer who helped North Korean cybercriminals sentenced to more than 11 years. (to the original material)

- SideWalk backdoor linked to China-Linked spy group ‘Grayfly’. (to the original material)

- BladeHawk attackers target Kurds with Android apps. (to the original material)

- Why we’re looking forward to Secured.21 (and you should too). (to the original material)

08.09.2021 - News from Cyber Security.

- ENISA: New SecureSME Tool is a step towards securing the digital future of SMEs. (to the original material)

- A guide for parents on the security of their children's smartphones. (to the original material)

- GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI. (to the original material)

- Ukrainian extradited for selling 2,000 stolen logins per week. (to the original material)

- Zoho patches actively exploited critical ADSelfService Plus bug. (to the original material)

- Hackers leak passwords for 500,000 Fortinet VPN accounts. (to the original material)

- Howard University shuts down network after ransomware attack. (to the original material)

- CISA urges firms to mitigate new Windows RCE bug. (to the original material)

- Mozilla releases security updates for Firefox, Firefox ESR, and Thunderbird. (to the original material)

- Data Breach Lawsuit against Sonic will proceed. (to the original material)

- NCCoE (National Center of Excellence in Cyber Security) releases Cybersecurity Guide for first responders. (to the original material)

- Stress and burnout affecting majority of cybersecurity professionals. (to the original material)

- Attacks on IoT devices double over past year. (to the original material)

- REvil ransomware group is back as "Happy Blog" returns. (to the original material)

- TeamTNT’s new tools target multiple OS. (to the original material)

- New Tool is another step towards securing the Digital Future of SMEs. (to the original material)

- White House pushing federal agencies toward 'Zero Trust'. (to the original material)

- 8,000+ Confluence servers still vulnerable to Atlassian flaw. (to the original material)

- New Zealand banks, post office hit by outages in apparent cyber attack. (to the original material)

- Ukrainian indicted for running brute-force botnet, selling hacked PC accounts. (to the original material)

- What Ragnar Locker got wrong about ransomware negotiators – Podcast. (to the original material)

- Tooling Network Detection & Response for ransomware. (to the original material)

- Spoofing bug highlights cybersecurity for digital vaccine passports. (to the original material)

- Twitter is testing the "Safe Mode" feature to automatically block abusive accounts. (to the original material)

- Make sure your password does not contain any words in the dictionary. (to the original material)

07.09.2021 - News from Cyber Security.

- Ransomware gang threatens to leak data if victim contacts FBI, police. (to the original material)

- Ransomware gang Ragnar Locker to victims: we’ll leak your data if you seek help from ransom negotiators. (to the original material)

- ProtonMail shared activist's IP with law enforcement, claims had no other choice. (to the original material)

- New Chainsaw tool helps IR teams analyze Windows event logs. (to the original material)

- Microsoft shares temp fix for ongoing Office 365 zero-day attacks. (to the original material)

- REvil ransomware's servers mysteriously come back online. (to the original material)

- Jenkins project's Confluence server hacked to mine Monero. (to the original material)

- McDonald's leaks password for Monopoly VIP database to winners. (to the original material)

- Zoho releases security update for ADSelfService Plus. (to the original material)

- Microsoft releases mitigations and workarounds for CVE-2021-40444. (to the original material)

- Cyber-Attack on Washington DC University. (to the original material)

- Cybersecurity Student Scams Senior Out of $55K. (to the original material)

- ID Theft couple on the run. (to the original material)

- Germany accuses Russia of election meddling through cyber-attacks. (to the original material)

- Personal details of 8,700 French visa applicants exposed by cyber-attack. (to the original material)

- ICO (Information Commissioner’s Office) requests international support to tackle cookie pop-ups. (to the original material)

- REvil ransomware group returns following Kaseya attack. (to the original material)

- Netgear Smart Switches open to complete takeover. (to the original material)

- Jenkins hit as Atlassian Confluence cyberattacks widen. (to the original material)

- US Department of Justice to take bite out of cybercrime. (to the original material)

06.09.2021 - News from Cyber Security.

- 6th September – Threat Intelligence Report. (to the original material)

- TrickBot gang developer arrested when trying to leave Korea. (to the original material)

- Netgear fixes severe security bugs in over a dozen smart switches. (to the original material)

- Ransomware gangs target companies using these criteria. (to the original material)

- Human Fraud: Detecting them before they detect you. (to the original material)

- IoT attacks skyrocket, doubling in 6 months. (to the original material)

- Ireland's Gardai clamps down on HSE cyber-attackers. (to the original material)

- Pro-Russian disinformation systematically spread using western media channels. (to the original material)

- Dallas School District reveals major data breach. (to the original material)

- Vulnerability Summary for the Week of August 30, 2021. (to the original material)

- If you don’t report cybercrime, we can’t help you - FBI. (to the original material)

- Russia blocks NordVPN, ExpressVPN, and four other VPN providers. (to the original material)

- Jenkins project discloses security breach following Confluence server hack. (to the original material)

- Authorities arrest another TrickBot gang member in South Korea. (to the original material)

- 50 Key stats about freedom of the internet around the world. (to the original material)

05.09.2021 - News from Cyber Security.

- This GPU-Based malware attack can dodge usual security checks. (to the original material)

- Authors detained but Mozi botnet will continue to lurk, here’s why. (to the original material)

- Office 365 to let admins block Active Content on Trusted Docs. (to the original material)

- Google's TensorFlow drops YAML support due to code execution flaw. (to the original material)

- TrickBot gang member arrested after getting stuck in South Korea due to COVID-19 pandemic. (to the original material)

04.09.2021 - News from Cyber Security.

- Apple delays plans to scan devices for child abuse images after privacy backlash. (to the original material)

- Microsoft says Chinese hackers were behind SolarWinds Serv-U SSH zero-day attack. (to the original material)

- U.S. Cyber Command warns of ongoing attacks exploiting Atlassian Confluence flaw. (to the original material)

- US SEC (Securities and Exchange Commission): Watch out for Hurricane Ida-related investment scams. (to the original material)

- Why ransomware hackers love a holiday weekend. (to the original material)

- Moxa devices prone to vulnerabilities affecting railways. (to the original material)

- Cisco patches critical authentication bypass bug. (to the original material)

- Watch out for new malware campaign’s 'Windows 11 Alpha' attachment! (to the original material)

03.09.2021 - News from Cyber Security.

- Dealing with suspicious emails and text messages. (to the original material)

- This new malware family using CLFS log files to avoid detection. (to the original material)

- FIN7 hackers using Windows 11 themed documents to drop Javascript backdoor. (to the original material)

- FIN7 capitalizes on Windows 11 release in latest Gambit. (to the original material)

- CISA insights on risk considerations for Managed Service Provider Customers. (to the original material)

- Atlassian releases security updates for Confluence Server and Data Center. (to the original material)

- The Week in Ransomware - September 3rd 2021 - Targeting Exchange. (to the original material)

- US govt warns orgs to patch massively exploited Confluence bug. (to the original material)

- Babuk ransomware's full source code leaked on hacker forum. (to the original material)

- Conti ransomware now hacking Exchange servers with ProxyShell exploits. (to the original material)

- FBI: Spike in sextortion attacks cost victims $8 million this year. (to the original material)

- FBI warns Food and Agriculture firms of ransomware threat. (to the original material)

- Over 60,000 parked domains were vulnerable to AWS hijacking. (to the original material)

- Brute-Force attacks target Inboxes for gift card data. (to the original material)

- The State of Incident Response: Measuring risk and evaluating your preparedness. (to the original material)

- Atlassian Vulnerability being exploited in the wild. (to the original material)

- Attackers are selling their victims’ internet bandwidth. (to the original material)

- SEC (US Securities and Exchange Commission) charges BitConnect on $2 billion fraud scheme. (to the original material)

- Lawsuit alleges security failures at clinic. (to the original material)

- Accellion breach impacts Beaumont Health. (to the original material)

- Student sues Syracuse University over data breach. (to the original material)

- Eight US States to begin accepting Digital Driving Licenses. (to the original material)

- Tech CEOs: Multi-Factor Authentication can prevent 90% of attacks. (to the original material)

- FTC bans stalkerware app in Industry first. (to the original material)

- US imprisons Dark Web moderator. (to the original material)

- UK Gun Owners' data exposed. (to the original material)

- A DDoS attack caused massive internet outages in NZ. (to the original material)

- FBI and CISA warn that hackers don't rest on holidays. (to the original material)

- Apple has betrayed its privacy legacy – and will undermine end-to-end encryption everywhere. (to the original material)

02.09.2021 - News from Cyber Security.

- Cybersecurity News of the Week (02.09.2021). (to the original material)

- Cisco issues patch for critical enterprise NFVIS flaw - PoC (Proof of Concept) exploit available. (to the original material)

- Bluetooth BrakTooth bugs could affect billions of devices. (to the original material)

- Translated Conti ransomware playbook gives insight into attacks. (to the original material)

- Atlassian Confluence flaw actively exploited to install cryptominers. (to the original material)

- FBI warns of ransomware gangs targeting food, agriculture orgs. (to the original material)

- Cisco releases security updates for Cisco Enterprise NFVIS. (to the original material)

- The CISA (US) recommends that single-factor authentication not be used. (to the original material)

- WhatsApp Fined €225m for GDPR Violations. (to the original material)

- WhatsApp to appeal $266 million fine for violating EU privacy laws. (to the original material)

- Cisco fixes critical authentication bypass bug with public exploit. (to the original material)

- Autodesk reveals it was targeted by Russian SolarWinds hackers. (to the original material)

- Google Play Sign-Ins allow covert location-tracking. (to the original material)

- Digital State IDs start rollouts despite privacy concerns. (to the original material)

- SpyFone & CEO banned from stalkerware biz. (to the original material)

- What is AS-REP Roasting attack, really? (to the original material)

- New BrakTooth flaws leave millions of bluetooth-enabled devices vulnerable. (to the original material)

- WhatsApp Photo Filter bug could have exposed your data to remote attackers. (to the original material)

- Is traffic mirroring for NDR worth the trouble? We argue it isn't. (to the original material)

- Chinese authorities arrest hackers behind Mozi IoT botnet attacks. (to the original material)

- A Roadmap to secure connected cars. (to the original material)

- UK researchers invent device to thwart USB malware. (to the original material)

- Bad bots focus attacks on E-Commerce targets. (to the original material)

- Zero Trust: Is it right for me? (to the original material)

- Zero trust architecture design principles. (to the original material)

- FBI: Americans lost more than $8 million to sextortion scams this year. (to the original material)

01.09.2021 - News from Cyber Security.

- FTC bans Stalkerware App SpyFone; Orders company to erase secretly stolen data. (to the original material)

- Cybercriminals abusing Internet-Sharing services to monetize malware campaigns. (to the original material)

- Linphone SIP stack bug could let attackers remotely crash client devices. (to the original material)

- LockBit jumps its own countdown, publishes Bangkok Air files. (to the original material)

- Feds warn of ransomware attacks ahead of Labor Day. (to the original material)

- Google releases security updates for Chrome. (to the original material)

- How to block Windows Plug-and-Play auto-installing insecure apps. (to the original material)

- LockBit gang leaks Bangkok Airways data, hits Accenture customers. (to the original material)

- FTC bans stalkerware maker Spyfone from surveillance business. (to the original material)

- Twitter adds Safety Mode to automatically block online harassment. (to the original material)

- Fired NY credit union employee nukes 21GB of data in revenge. (to the original material), (correlated link)

- Remote code execution vulnerability present in certain versions of Atlassian Confluence. (to the original material)

- Australian couple admits “Serious cyber hacking offenses”. (to the original material)

- SEC sanctions eight firms over deficient cybersecurity procedures. (to the original material)

- 91% of industrial organizations can be penetrated by hackers. (to the original material)

- Ransomware attacks soar 288% in first half of 2021. (to the original material)

- Confluence enterprise servers targeted with recent vulnerability. (to the original material)

- Mozi botnet authors arrested in China. (to the original material)

- Report: Insights into the growing number of automated attacks. (to the original material)

Archive:

Click here to access archive content.
Click here to access CMS (Content Management System) in Joomla.

Source:

Click here to access to documentation sources.

Note Dorin M.

This site has a double form, one in HTML and one in Joomla (if you are interested in the utility behind this effort you can read the "Why a HTML and a CMS (Joomla)" page).
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.

Dorin M - September 30, 2021