Study - Technical - LMS-SFC EN) - Cyber Security - News Archive August 2022
Cyber Security - News Archive
August 2022
31.08.2022
- News
from cyber security.
- CISA releases two
Industrial Control Systems Advisories. (to
the original material)
- Google invites
bug hunters to scrutinize its open source projects.
(to
the original material)
- Organizations
security: Highlighting the importance of compliant
data. (to
the original material)
- 5 open-source
vulnerability assessment tools to try out. (to
the original material)
- 1 in 3
organizations don’t know if their public cloud data
was exfiltrated. (to
the original material)
- Ransomware gangs’
favorite targets. (to
the original material)
- Russian streaming
platform Start discloses a data breach impacting
7.5M users. (to
the original material)
- Apple backports
fix for actively exploited iOS zero-day to older
iPhones. (to
the original material)
- AdGuard’s new ad
blocker struggles with Google’s Manifest v3 rules. (to
the original material)
- Google Chrome bug
lets sites write to clipboard without asking. (to
the original material)
- Ragnar Locker
ransomware claims attack on Portugal's flag airline.
(to
the original material)
- Microsoft found
TikTok Android flaw that let hackers hijack
accounts. (to
the original material)
- Okta-Auth0 Sales
Integration Falters, Fueling Staff Turnover. (to
the original material)
- US House
Democrats Push Meta On Sharing Abortion Data. (to
the original material)
- Tenable CEO on
What's New in Cyber Exposure Management. (to
the original material)
- The Use of Cyber
Power in Conflict. (to
the original material)
- Russia-Ukraine
War: Role of Hacktivists Vastly Overestimated. (to
the original material)
- Fortify
Healthcare: Scaling Defenses in Age of
Globalization. (to
the original material)
- Business Email
Compromise: Secret Service on How to Respond. (to
the original material)
- Ex-Employee
Alleges Health Entity Neglected Security. (to
the original material)
- Reducing Risks by
Optimizing Your Cybersecurity Workflow. (to
the original material)
- AMTSO
(Anti-Malware Testing Standards Organization)
Publishes Guidelines for Testing of IoT Security
Products. (to
the original material)
- Businesses can
expect to pay more for cyber insurance by 2025. (to
the original material)
- Microsoft
releases potential fix for Azure errors in Ubuntu
18.04 VMs. (to
the original material)
- DoD grants fund
cybersecurity research for maritime industry. (to
the original material)
- 134K Common
Ground plan members added to vendor’s ransomware
fallout. (to
the original material)
-
Phishing-as-a-service platform ‘Robin Banks’ targets
financial firms. (to
the original material)
- Financial data
inexpensive for cybercriminals to purchase online. (to
the original material)
- A flaw in TikTok
Android app could have allowed the hijacking of
users’ accounts. (to
the original material)
- Threat actors
breached the network of the Italian oil company ENI.
(to
the original material)
- GO#WEBBFUSCATOR
campaign hides malware in NASA’s James Webb Space
Telescope image. (to
the original material)
- Experts spotted
five malicious Google Chrome extensions used by 1.4M
users. (to
the original material)
- China-linked
APT40 used ScanBox Framework in a long-running
espionage campaign. (to
the original material)
- Golang-based
Malware Campaign Relies on James Webb Telescope's
Image. (to
the original material)
- Evil Corp and
Conti Linked to Cisco Data Breach, eSentire
Suggests. (to
the original material)
- UK Imposes Tough
New Cybersecurity Rules for Telecom Providers. (to
the original material)
- Intel Selects
Check Point Quantum IoT Protect for RISC-V Platform.
(to
the original material)
- Initiative Aims
to Encourage Diverse Talent into Cyber. (to
the original material)
- Ukrainian Police
Bust Crypto Fraud Call Centers. (to
the original material)
- ICO Pursues
Traffic Accident Data Thieves. (to
the original material)
30.08.2022
- News
from cyber security.
- DNSC invites
Romanian cyber start-ups to the "Bucharest
Cybersecurity Conference". (to
the original material)
- Vulnerability
Summary for the Week of August 22, 2022. (to
the original material)
- US-based CISOs
get nearly $1 million per year. (to
the original material)
- Can your
passwords withstand threat actors’ dirty tricks? (to
the original material)
- How automation
can solve application development challenges. (to
the original material)
- Outdated
infrastructure not up to today’s ransomware
challenges. (to
the original material)
- Ukraine takes
down cybercrime group hitting crypto fraud
victims. (to
the original material)
- Hackers hide
malware in James Webb telescope images. (to
the original material)
- Russian
streaming platform confirms data breach affecting
7.5M users. (to
the original material)
- Chinese hackers
target Australian govt with ScanBox malware. (to
the original material)
- Chrome
extensions with 1.4 million installs steal
browsing data. (to
the original material)
- Google launches
open-source software bug bounty program. (to
the original material)
- CrowdStrike CEO
George Kurtz: Identity Can Be as Big as XDR. (to
the original material)
- Russian
Streaming Platform Start Suffers Data Breach. (to
the original material)
- Kurt Sanger on
Using Laws and Norms to Govern Cyber Conflict. (to
the original material)
- Feds Warn of
Evil Corp Threats Facing Healthcare Sector. (to
the original material)
- Cuba Ransomware
Gang Takes Credit for Attacking Montenegro. (to
the original material)
- CISA's Kiersten
Todt on Heading Off Russia-Ukraine Fallout. (to
the original material)
- Survey: Cyber
Professionals Want Remote Work Options. (to
the original material)
- VMware Doubles
Down on Multi-Cloud, Lateral Movement Defense. (to
the original material)
- Chinese
Phishing Campaign Targets Victims in South China
Sea. (to
the original material)
- During a War,
Cyber Intel Firm Opens Ukraine Office. (to
the original material)
- The Key To
Compliance? Third-Party Management. (to
the original material)
- A new Google
bug bounty program now covers Open Source
projects. (to
the original material)
- Three campaigns
delivering multiple malware, including
ModernLoader and XMRig miner. (to
the original material)
- A study on
malicious plugins in WordPress Marketplaces. (to
the original material)
- World’s largest
distributors of books Baker & Taylor hit by
ransomware. (to
the original material)
- Crooks are
increasingly targeting DeFi platforms to steal
cryptocurrency. (to
the original material)
- EFF Calls for
Limiting Mandatory Cooperation, Safeguarding Human
Rights in International Cybercrime Investigations
as Talks Resume for Proposed UN Cybercrime Treaty.
(to
the original material)
- National
Cybersecurity Alliance launches HBCU (Historically
Black Colleges and Universities) career
training program. (to
the original material)
- More scrutiny
of DeFi platforms demanded after attacks, FBI
warnings. (to
the original material)
- Nonprofit
hospitals possess fewer resources for risk
mitigation. (to
the original material)
- Ransomware
group blurs lines between crime, state-sponsored
activities, HHS alert warns. (to
the original material)
- Ransomware,
nation-state attacks top Federal Reserve’s IT
security concerns for banks. (to
the original material)
- ModernLoader
Delivers Stealers, Cryptominers and RATs Via Fake
Amazon Gift Cards. (to
the original material)
- Baker &
Taylor's Systems Remain Offline a Week After
Ransomware Attack. (to
the original material)
- Cryptominer
Disguised as Google Translate Targeted 11
Countries. (to
the original material)
- ModernLoader
delivers multiple stealers, cryptominers and RATs.
(to
the original material)
29.08.2022
- News
from cyber security.
- CISA Releases
12 Industrial Control Systems Advisories. (to
the original material)
- Patch critical
flaw in Atlassian Bitbucket Server and Data
Center! (CVE-2022-36804). (to
the original material)
- COVID-19 data
put for sale on the Dark Web. (to
the original material)
- Data security
hinges on clear policies and automated
enforcement. (to
the original material)
- Attackers
changing targets from large hospitals to specialty
clinics. (to
the original material)
- Rise in IoT
vulnerability disclosures, up 57%. (to
the original material)
- FBI: Hackers
increasingly exploit DeFi bugs to steal
cryptocurrency. (to
the original material)
- Nelnet
Servicing breach exposes data of 2.5M student loan
accounts. (to
the original material)
- Leading library
services firm Baker & Taylor hit by
ransomware. (to
the original material)
- Windows malware
delays coinminer install by a month to evade
detection. (to
the original material)
- Pirate sites
ban in Austria took down Cloudflare CDNs by
mistake. (to
the original material)
- US govt sues
Kochava for selling sensitive geolocation data. (to
the original material)
- Montenegro says
Russian cyberattacks threaten key state functions.
(to
the original material)
- Printing
Vendor's Breach Tally Soars to Nearly 2.7 Million.
(to
the original material)
- FTC Sues Firm
That Collects, Sells Sensitive Location Data. (to
the original material)
- Okta Customer
Data Exposed via Phishing Attack on Twilio. (to
the original material)
- As States Ban
Ransom Payments, What Could Possibly Go Wrong? (to
the original material)
- US FTC sued US
data broker Kochava for selling sensitive and
geolocation data. (to
the original material)
- Twilio breach
let attackers access Authy two-factor accounts of
93 users. (to
the original material)
- Nitrokod crypto
miner infected systems across 11 countries since
2019. (to
the original material)
- CISA adds 10
new flaws to its Known Exploited Vulnerabilities
Catalog. (to
the original material)
- Scammers used a
deepfake AI hologram of Binance executive to scam
crypto projects. (to
the original material)
- COVID-19 data
put for sale on Dark Web. (to
the original material)
-
Over-the-Horizon Drones Line Up But Privacy Is Not
In Sight. (to
the original material)
- Have
third-party hacking groups lost interest in
Russia-Ukraine conflict? (to
the original material)
- FTC sues data
broker Kochava over sale of data tying users to
health clinics. (to
the original material)
- Health-ISAC
shares zero trust implementation guide for
healthcare CISOs. (to
the original material)
28.08.2022
- News
from cyber security.
- Week in review:
RCE bug in GitLab patched, phishing PyPI users,
Escanor malware in MS Office docs. (to
the original material)
- LockBit
ransomware gang gets aggressive with
triple-extortion tactic. (to
the original material)
- Okta one-time
MFA passcodes exposed in Twilio cyberattack. (to
the original material)
- DuckDuckGo
opens its privacy-focused email service to
everyone. (to
the original material)
- Surveillance
firm’s leaked docs show the purchase of an $8M iOS
RCE zero-day exploit. (to
the original material)
- Experts warn of
the first known phishing attack against PyPI. (to
the original material)
- Security
Affairs newsletter Round 381. (to
the original material)
- New Agenda
Ransomware appears in the threat landscape. (to
the original material)
27.08.2022
- News
from cyber security.
- Fake 'Cthulhu
World' P2E project used to push info-stealing
malware. (to
the original material)
- CISA: Prepare
now for quantum computers, not when hackers use
them. (to
the original material)
- Twilio-Linked
Phishing Campaign Also Targets DoorDash. (to
the original material)
- Twilio hackers
also breached the food delivery firm DoorDash. (to
the original material)
- Unprecedented
cyber attack hit State Infrastructure of
Montenegro. (to
the original material)
- Threat actor
abuses Genshin Impact Anti-Cheat driver to disable
antivirus. (to
the original material)
26.08.2022 - News from cyber security.
- LastPass breach:
Source code, proprietary tech info stolen. (to
the original material)
- New infosec
products of the week: August 26, 2022. (to
the original material)
-
How fast is the financial
industry fixing its
software security flaws? (to
the original material)
-
IT leaders struggling to
address identity sprawl (to
the original material)
- Lack of budget
and staff hinders vulnerability management programs.
(to
the original material)
- A third of PyPi
software packages contains flaw to execute code when
downloaded. (to
the original material)
- Five ways diverse
teams can propel the cybersecurity profession
forward. (to
the original material)
- The Week in
Ransomware - August 26th 2022 - Fighting back. (to
the original material)
- DoorDash
discloses new data breach tied to Twilio hackers. (to
the original material)
- Atlassian
Bitbucket Server vulnerable to critical RCE
vulnerability. (to
the original material)
- Twilio breach let
hackers gain access to Authy 2FA accounts. (to
the original material)
- Microsoft:
Iranian hackers still exploiting Log4j bugs against
Israel. (to
the original material)
- Ethereum Offers
Up To $1M Bounty for Critical Bug Reports. (to
the original material)
- Coinbase Faces
Class Action Over Alleged Security Lapses. (to
the original material)
- New MagicWeb AD
Exploit Shows Value of Cloud, Zero Trust. (to
the original material)
- Malware Found In
India Supreme Court Snooping Investigation. (to
the original material)
- Hacker Steals
Source Code, Proprietary Data from LastPass. (to
the original material)
- ISMG Editors:
Implications of the Russia-Ukraine Hybrid War. (to
the original material)
- Addressing
Security Risks of Mounting Legacy Health Data. (to
the original material)
- Critical flaw
impacts Atlassian Bitbucket Server and Data Center.
(to
the original material)
- Iran-linked
Mercury APT exploited Log4Shell in SysAid Apps for
initial access. (to
the original material)
- GoldDragon
campaign: North-Korea linked Kimsuky APT adopts
victim verification technique. (to
the original material)
- 0ktapus phishing
campaign: Twilio hackers targeted other 136
organizations. (to
the original material)
- TechCrunch
Launches Lookup Tool to Help Android Users Know if
Their Device Was Compromised by a Family of
Stalkerware Apps. (to
the original material)
- Trans Youths Need
Data Sanctuary. (to
the original material)
- Victory! South
Carolina Will Not Advance Bill That Banned Speaking
About Abortions Online. (to
the original material)
- Threat Roundup
for August 19 to August 26. (to
the original material)
25.08.2022
- News
from cyber security.
- Cybersecurity
news of the week (25.08.2022). (to
the original material)
- Press release:
Vacancy for the position of Executive Director of
ECCC – European Competence Center in Cyber
Security, Bucharest. (to
the original material)
- Cisco Releases
Security Updates for Multiple Products. (to
the original material)
- CISA releases 1
Industrial Control Systems Advisory. (to
the original material)
- CISA Adds Ten
Known Exploited Vulnerabilities to Catalog. (to
the original material)
- 0ktapus:
Twilio, Cloudflare phishers targeted 130+
organizations. (to
the original material)
- Phishing PyPI
users: Attackers compromise legitimate projects to
push malware. (to
the original material)
- How CISOs can
safeguard security in CI/CD environments (Continuous
Integration/ Continuous
Delivery).
(to
the original material)
- Ransomware
dominates the threat landscape. (to
the original material)
- Organizations
changing cyber strategy in response to
nation-state attacks. (to
the original material)
- Microsoft:
Iranian cyberespionage group likely exploiting
Log4j vulnerabilities. (to
the original material)
- The number of
CVEs published this year is on track to exceed
2021. (to
the original material)
- Two-thirds of
security pros says their cloud apps and
infrastructures are vulnerable. (to
the original material)
- How a
threat-informed defense delivers the visibility
security teams need. (to
the original material)
- How 'Kimsuky'
hackers ensure their malware only reach valid
targets. (to
the original material)
- LastPass
developer systems hacked to steal source code. (to
the original material)
- Hackers abuse
Genshin Impact anti-cheat system to disable
antivirus. (to
the original material)
- Microsoft:
Russian malware hijacks ADFS to log in as anyone
in Windows. (to
the original material)
- Twilio hackers
hit over 130 orgs in massive Okta phishing attack.
(to
the original material)
- Hackers adopt
Sliver toolkit as a Cobalt Strike alternative. (to
the original material)
- PyPI packages
hijacked after developers fall for phishing
emails. (to
the original material)
- Block Faces
Class Action Lawsuit over Data Breach. (to
the original material)
- As Attacks on
Healthcare Continue, Feds Warn of New Threats. (to
the original material)
- Twilio and
Mailchimp Breaches Tie to Massive Phishing Effort.
(to
the original material)
- Scripting
Attacks on E-Commerce Sites Hit Ally Bank
Accounts. (to
the original material)
- LastPass data
breach: threat actors stole a portion of source
code. (to
the original material)
- Nobelium APT
uses new Post-Compromise malware MagicWeb. (to
the original material)
- GAIROSCOPE
attack allows to exfiltrate data from Air-Gapped
systems via ultrasonic tones. (to
the original material)
- Threat actors
are using the Tox P2P messenger as C2 server. (to
the original material)
- Federal Judge:
Invasive Online Proctoring "Room Scans" Are
Unconstitutional. (to
the original material)
- How YouTube’s
Partnership with London’s Police Force is
Censoring UK Drill Music. (to
the original material)
- Threat Source
newsletter (Aug. 25, 2022) - We're still not
talking about Ukraine enough. (to
the original material)
24.08.2022
- News
from cyber security.
- Preparing
Critical Infrastructure for Post-Quantum
Cryptography. (to
the original material)
- Critical RCE
bug in GitLab patched, update ASAP!
(CVE-2022-2884). (to
the original material)
- How attackers
use and abuse Microsoft MFA. (to
the original material)
- Thoma Bravo:
Securing digital identities has become a major
priority. (to
the original material)
- Is security
becoming a priority for DevOps teams? (to
the original material)
- Lean security
101: 3 tips for building your framework. (to
the original material)
- VMware fixed a
privilege escalation issue in VMware Tools. (to
the original material)
- France hospital
Center Hospitalier Sud Francilien suffered
ransomware attack. (to
the original material)
- Facebook Bug
Causes Users’ Feeds to Be Spammed. (to
the original material)
- NCSC Shares
Guidance to Help Secure Large Construction
Projects. (to
the original material)
- The Challenge
of Shadow OT. (to
the original material)
- Ransomware
Surges to 1.2 Million Attacks Per Month. (to
the original material)
- EU Outlines
Critical Cyber Response to Ukraine War. (to
the original material)
- US Healthcare
Sector Breaches 342m+ Records Since 2009. (to
the original material)
- IoT
Vulnerability Disclosures Up 57% in Six Months,
Claroty Reveals. (to
the original material)
- Advanced
business email compromise campaign targeting
Microsoft 365 organizations. (to
the original material)
- Cyberattacks by
nation-states affect a majority of organizations,
security pros say. (to
the original material)
- Zero-day bug
exploited to steal cryptocurrency from Bitcoin ATM
maker. (to
the original material)
- Why the private
sector should take note of the new public mandates
for zero-trust. (to
the original material)
- Bank customers
now rank security and fraud protection ahead of
low fees. (to
the original material)
- Security
concerns with messaging use cost Wall Street banks
over $1B in fines. (to
the original material)
- Karakurt
ransomware group targeting healthcare providers,
HHS warns. (to
the original material)
- Report details
social media takedown of pro-Western influence
campaign, a first. (to
the original material)
- Crypto, NFT
losses believed to hit $25 trillion, says industry
researcher. (to
the original material)
- Cyberattack,
network outage on French hospital renews patient
safety concerns. (to
the original material)
- Quantum
ransomware attack disrupts govt agency in
Dominican Republic. (to
the original material)
- GitLab
‘strongly recommends’ patching critical RCE
vulnerability. (to
the original material)
- RansomEXX
claims ransomware attack on Sea-Doo, Ski-Doo
maker. (to
the original material)
- Hackers use
AiTM attack to monitor Microsoft 365 accounts for
BEC scams. (to
the original material)
- Plex warns
users to reset passwords after a data breach. (to
the original material)
- Fake Chrome
extension 'Internet Download Manager' has 200,000
installs. (to
the original material)
- Plex discloses
data breach and urges password reset. (to
the original material)
- AiTM phishing
campaign also targets G Suite users. (to
the original material)
- Ukraine
Independence Day: Talos update. (to
the original material)
23.08.2022
- News
from cyber security.
- API security
incidents occur at least once a month. (to
the original material)
- DDoS attacks
jump 203%, patriotic hacktivism surges. (to
the original material)
- ETHERLED:
Air-gapped systems leak data via network card
LEDs. (to
the original material)
- Karma Calling:
LockBit Disrupted After Leaking Entrust Files. (to
the original material)
- Industry sets
cyber standards for cars and trucks and things
that go (unmanned). (to
the original material)
- CISA adds Palo
Alto Networks PAN-OS to its Known Exploited
Vulnerabilities Catalog. (to
the original material)
- Counterfeit
versions of popular mobile devices target WhatsApp
and WhatsApp Business. (to
the original material)
- Lockbit leak
sites hit by mysterious DDoS attack after Entrust
hack. (to
the original material)
- Pirated 3DMark
benchmark tool delivering info-stealer malware. (to
the original material)
- VMware Carbon
Black causing BSOD crashes on Windows. (to
the original material)
- Phishing
attacks abusing SaaS platforms see a massive
1,100% growth. (to
the original material)
- French hospital
hit by $10M ransomware attack, sends patients
elsewhere. (to
the original material)
- New 'Donut
Leaks' extortion gang linked to recent ransomware
attacks. (to
the original material)
- Vulnerable
Hikvision Cameras Exposed Online. (to
the original material)
- US CISA Warns
of Bug in Palo Alto's Firewall Software. (to
the original material)
- Hospitals in
US, France Dealing With Cyber Extortionists. (to
the original material)
- How Criminals
Are Weaponizing Leaked Ransomware Data. (to
the original material)
- Twitter's
Ex-Security Chief Files Whistleblower Complaint. (to
the original material)
- Ransomware
attack on billing vendor leads to data theft for
942K patients. (to
the original material)
- Five questions
to ask about cyber insurance. (to
the original material)
- Microsoft
publicly discloses details on critical ChromeOS
flaw. (to
the original material)
- GitLab fixed a
critical Remote Code Execution (RCE) bug in CE and
EE releases. (to
the original material)
- Over 80,000
Hikvision cameras can be easily hacked. (to
the original material)
- Ex-Security
Chief Accuses Twitter of Cybersecurity Negligence.
(to
the original material)
- CISA Adds Palo
Alto Networks' PAN-OS Vulnerability to Catalog. (to
the original material)
- Air-Gap Attack
Exploits Gyroscope Ultrasonic Covert Channel to
Leak Data. (to
the original material)
- Counterfeit
Android Devices Revealed to Contain Backdoor
Designed to Hack WhatsApp. (to
the original material)
- Media Firms
Twice as Vulnerable as Cross-Sector Average. (to
the original material)
- Configuration
Errors to Blame for 80% of Ransomware. (to
the original material)
- FBI: Beware
Residential IPs Hiding Credential Stuffing. (to
the original material)
- Indonesia’s New
Draft Criminal Code Restrains Political Dissent. (to
the original material)
22.08.2022
- News
from cyber security.
- CISA Updates
Advisory on Threat Actors Exploiting Multiple CVEs
Against Zimbra Collaboration Suite. (to
the original material)
- CISA Adds One
Known Exploited Vulnerabilities to Catalog. (to
the original material)
- Vulnerability
Summary for the Week of August 15, 2022. (to
the original material)
- Fake DDoS
protection pages are delivering malware! (to
the original material)
- Escanor malware
delivered in weaponized Microsoft Office
documents. (to
the original material)
- Disk wiping
malware knows no borders. (to
the original material)
- How vulnerable
supply chains threaten cloud security. (to
the original material)
- Estonia's
Battle Against a Deluge of DDoS Attacks. (to
the original material)
- Over 80,000
exploitable Hikvision cameras exposed online. (to
the original material)
- CISA is warning
of high-severity PAN-OS DDoS flaw used in attacks.
(to
the original material)
- FBI warns of
residential proxies used in credential stuffing
attacks. (to
the original material)
- Misconfigured
Meta Pixel exposed healthcare data of 1.3M
patients. (to
the original material)
- Greek natural
gas operator suffers ransomware-related data
breach. (to
the original material)
- LockBit
ransomware blames Entrust for DDoS attacks on leak
sites. (to
the original material)
- HHS HC3 Warns
of Vishing, Other Social Engineering Scams. (to
the original material)
- Zero Day in
Bitcoin ATMs Exploited in a Crypto Heist. (to
the original material)
- Russia's APT29
targeting Microsoft 365 Users. (to
the original material)
- 'Unintended
Consequences': Post-GDPR Whois Access Problems. (to
the original material)
- Evolving
Ransomware Threats on Healthcare. (to
the original material)
- Why the
Pentagon remains both the best and worst customer
for tech innovators. (to
the original material)
- Healthcare is
littered with failed attempts by big tech to break
in. Here’s why. (to
the original material)
- Hackers steal
credentials by building phishing pages on AWS. (to
the original material)
- European
Cybersecurity in Context: A Policy-Oriented
Comparative Analysis. (to
the original material)
- 8-year-old
Linux Kernel flaw DirtyCred is nasty as Dirty
Pipe. (to
the original material)
- Group-IB CEO
will remain in jail – complaint denied. (to
the original material)
- Escanor Malware
delivered in Weaponized Microsoft Office
Documents. (to
the original material)
- Donot Team
cyberespionage group updates its Windows malware
framework. (to
the original material)
- Victory:
Government Finally Releases Secretive Court
Rulings Sought By EFF. (to
the original material)
- New Proposal
Brings Us a Step Closer to Net Neutrality. (to
the original material)
- Google’s Scans
of Private Photos Led to False Accusations of
Child Abuse. (to
the original material)
- Code, Speech,
and the Tornado Cash Mixer. (to
the original material)
- Ten questions
every cloud security team must ask. (to
the original material)
- How clarity
adds value more quickly by avoiding confusion and
friction. (to
the original material)
- CEO of
Blacklisted Israeli Spyware Maker NSO Steps Down.
(to
the original material)
- Escanor RAT
Malware Deployed Via Microsoft Office and PDF
Documents. (to
the original material)
- Threat Actor
Deploys Raven Storm Tool to Perform DDoS Attacks.
(to
the original material)
- DDoS Protection
Weaponized to Deliver RATs. (to
the original material)
- Hackers Target
ATM Maker for Bitcoins. (to
the original material)
- Car Dealership
Hit by Major Ransomware Attack. (to
the original material)
21.08.2022
-
News from cyber security.
14.08.2022 - News from cyber security.
10.08.2022 - News from cyber security.
07.08.2022 - News from cyber security.
05.08.2022 - News from cyber security.
- Week in review:
Apple fixes exploited zero-days, 1,900 Signal users
exposed, Amazon Ring app vuln. (to
the original material)
- Threat actors are
stealing funds from General Bytes Bitcoin ATM. (to
the original material)
- Grandoreiro
banking malware targets Mexico and Spain. (to
the original material)
- White hat hackers
broadcasted talks and hacker movies through a
decommissioned satellite. (to
the original material)
- An encrypted ZIP
file can have two correct passwords - here's why. (to
the original material)
- Hackers target
hotel and travel companies with fake reservations. (to
the original material)
- Fake DDoS
protection pages on compromised WordPress sites lead
to malware infections. (to
the original material)
20.08.2022
- News
from cyber security.
- Hackers steal
crypto from Bitcoin ATMs by exploiting zero-day
bug. (to
the original material)
- WordPress sites
hacked with fake Cloudflare DDoS alerts pushing
malware. (to
the original material)
- Russia's
'Oculus' to use AI to scan sites for banned
information. (to
the original material)
- Spanish Banking
Trojan Attacks Various Industry Verticals. (to
the original material)
- Security
Affairs newsletter Round 380. (to
the original material)
- CISA added 7
new flaws to its Known Exploited Vulnerabilities
Catalog. (to
the original material)
- TA558
cybercrime group targets hospitality and travel
orgs. (to
the original material)
19.08.2022
- News
from cyber security.
- Estonia
repelled a major cyber attack after removing
Soviet monuments. (to
the original material)
- The Cyber
Dimension of the Russia-Ukraine Conflict -
Unraveling the First Stage. (to
the original material)
- The Week in
Ransomware - August 19th 2022 - Evolving extortion
tactics. (to
the original material)
- 241 npm and
PyPI packages caught dropping Linux cryptominers.
(to
the original material)
- Grandoreiro
banking malware targets manufacturers in Spain,
Mexico. (to
the original material)
- New tool checks
if a mobile app's browser is a privacy risk. (to
the original material)
- CISA adds 7
vulnerabilities to list of bugs exploited by
hackers. (to
the original material)
- Russian APT29
hackers abuse Azure services to hack Microsoft 365
users. (to
the original material)
- Russia-linked
Cozy Bear uses evasive techniques to target
Microsoft 365 users. (to
the original material)
- CISA added SAP
flaw to its Known Exploited Vulnerabilities
Catalog. (to
the original material)
- A flaw in
Amazon Ring could expose user’s camera recordings.
(to
the original material)
- Cisco fixes
High-Severity bug in Secure Web Appliance. (to
the original material)
- Bumblebee
attacks, from initial access to the compromise of
Active Directory Services. (to
the original material)
- Estonia blocked
cyberattacks claimed by Pro-Russia Killnet group.
(to
the original material)
- Fall Classes
Are Starting – How Secure Is Your Campus Going To
Be? (to
the original material)
- Apple releases
emergency patch for two iPhone, Mac zero-day
vulnerabilities being exploited. (to
the original material)
- Google says it
stopped the largest DDoS attack ever recorded in
June. (to
the original material)
- Exploiting
stolen session cookies to bypass multi-factor
authentication (MFA). (to
the original material)
- New infosec
products of the week: August 19, 2022. (to
the original material)
- Cybercriminals
are using bots to deploy DDoS attacks on gambling
sites. (to
the original material)
- Scammers
Piggyback on AWS to Phish Victims. (to
the original material)
- Mēris Botnet
Likely Strikes Again in Attack Google Stopped. (to
the original material)
- Social Media
Account Hijacking Surge Tied to Banking Fraud. (to
the original material)
- ISMG Editors:
Plot Thickens for Crypto Mixer Tornado Cash. (to
the original material)
- Kudelski Flexes
Cryptography Muscle in Web3, Blockchain Area. (to
the original material)
- The Complexity
of Managing Medical Device Security Risk. (to
the original material)
- Patch Now:
Apple Bashes Bugs Being Actively Exploited. (to
the original material)
- Businesses
Found to Neglect Cybersecurity Until it is Too
Late. (to
the original material)
- Estonia Repels
Biggest Cyber-Attack Since 2007. (to
the original material)
- China-backed
APT41 Group Hacked at Least 13 Victims in 2021. (to
the original material)
- Microsoft:
Cryptojackers Continue to Evolve to Be Stealthier
and Spread Faster. (to
the original material)
- UK Carrier
Claims to Block One Million Vishing Calls Per Day.
(to
the original material)
- Apple Warns of
Critical Security Risk in Safari For iPhones,
iPads and Macs. (to
the original material)
- Is Passwordless
Authentication Safe to Use? (to
the original material)
- Cyber Tops
Staff Retention as Biggest Business Risk. (to
the original material)
- Decentralized
identity: What it is, why it matters. (to
the original material)
- Nonprofit
Websites Are Full of Trackers. That Should Change.
(to
the original material)
- How SOC 2
compliance and data security posture management go
hand-in-hand. (to
the original material)
- Threat Roundup
for August 12 to August 19. (to
the original material)
18.08.2022
- News
from cyber security.
- Cybersecurity
news of the week (18.08.2022). (to
the original material)
- CISA releases 5
Industrial Control Systems Advisories. (to
the original material)
- Cisco Releases
Security Update for Cisco Secure Web Appliance. (to
the original material)
- CISA Adds Seven
Known Exploited Vulnerabilities to Catalog. (to
the original material)
- Apple Releases
Security Updates for Multiple Products. (to
the original material)
- IoT: The huge
cybersecurity blind spot that’s costing millions.
(to
the original material)
- How government
CISOs tackle digital transformation initiatives. (to
the original material)
- The factors
driving today’s accelerated zero trust adoption. (to
the original material)
- Identity crimes
reach all-time high. (to
the original material)
- LockBit claims
ransomware attack on security giant Entrust. (to
the original material)
- Apple releases
Safari 15.6.1 to fix zero-day bug used in attacks.
(to
the original material)
- Android malware
apps with 2 million installs found on Google Play.
(to
the original material)
- Janet Jackson's
music video is now a vulnerability for crashing
hard disks. (to
the original material)
- Google blocks
largest HTTPS DDoS attack 'reported to date'. (to
the original material)
- Winnti hackers
split Cobalt Strike into 154 pieces to evade
detection. (to
the original material)
- Amazon fixes
Ring Android app flaw exposing camera recordings.
(to
the original material)
- Ransomware
Roundup: Gwisin, Kriptor, Cuba, and More. (to
the original material)
- Fake DDoS Pages
On WordPress Sites Lead to Drive-By-Downloads. (to
the original material)
- Cyber insurers
weigh in on latest cybersecurity trends, threats.
(to
the original material)
- Vulnerability
in Amazon Ring app allowed access to private
camera recordings. (to
the original material)
- Apple fixes
exploited zero-days: Update your devices!
(CVE-2022-32894, CVE-2022-32893). (to
the original material)
- APT41 group: 4
malicious campaigns, 13 victims, new tools and
techniques. (to
the original material)
- New Bill Would
Bring Back Terrible Software and Genetic Patents.
(to
the original material)
- Where’s EFF?
Why EFF Is Sometimes Quiet About Important Cases
and Issues. (to
the original material)
17.08.2022
- News
from cyber security.
- Microsoft makes
tamper protection for macOS endpoints widely
available. (to
the original material)
- Incident
response in the cloud can be simple if you are
prepared. (to
the original material)
- What is
challenging successful DevSecOps adoption? (to
the original material)
- Response-based
attacks make up 41% of all email-based scams. (to
the original material)
- Apple security
updates fix 2 zero-days used to hack iPhones,
Macs. (to
the original material)
- BlackByte
ransomware gang is back with new extortion
tactics. (to
the original material)
- North Korean
hackers use signed macOS malware to target IT job
seekers. (to
the original material)
- A dozen PyPI
packages turn Discord into an info-stealing
backdoor. (to
the original material)
- Malware devs
already bypassed Android 13's new security
feature. (to
the original material)
- Google fixes
fifth Chrome zero-day bug exploited this year. (to
the original material)
- Google fixed a
new Chrome Zero-Day actively exploited in the
wild. (to
the original material)
- China-linked
RedAlpha behind multi-year credential theft
campaign. (to
the original material)
- Bugdrop dropper
includes features to circumvent Google’s security
Controls. (to
the original material)
- North
Korea-linked APT targets Job Seekers with macOS
malware. (to
the original material)
- ÆPIC Leak is
the first CPU flaw able to architecturally
disclose sensitive data. (to
the original material)
- Zoom fixed two
flaws in macOS App that were disclosed at DEF CON.
(to
the original material)
- Arrest of a
Stalkerware-maker in Australia Underscores Link
Between Stalkerware and Domestic Abuse. (to
the original material)
- Key Findings
from the 1H 2022 FortiGuard Labs Threat Report. (to
the original material)
- Fortinet: Use
of wipers expanding beyond Ukraine to 24
countries. (to
the original material)
- Company changes
name after SEC charges 18 over pump-and-dump
hacking scheme. (to
the original material)
16.08.2022
- News
from cyber security.
- Threat Actors
Exploiting Multiple Vulnerabilities Against Zimbra
Collaboration Suite. (to
the original material)
- Vulnerability
Summary for the Week of August 8, 2022. (to
the original material)
- DigitalOcean
customers affected by Mailchimp “security
incident”. (to
the original material)
- 1,900 Signal
users exposed following Twilio breach. (to
the original material)
- Overcoming the
roadblocks to passwordless authentication. (to
the original material)
- How aware are
organizations of the importance of endpoint
management security? (to
the original material)
- Exploit out for
critical Realtek flaw affecting many networking
devices. (to
the original material)
- RTLS systems
vulnerable to MiTM attacks, location manipulation.
(to
the original material)
- Malicious
browser extensions targeted almost 7 million
people. (to
the original material)
- New MailChimp
breach exposed DigitalOcean customer email
addresses. (to
the original material)
- CS:GO trading
site hacked to steal $6 million worth of skins. (to
the original material)
- Hackers attack
UK water supplier but extort wrong company. (to
the original material)
- Clop gang
targeted UK drinking water supplier South
Staffordshire Water. (to
the original material)
- Russia-linked
Gamaredon APT continues to target Ukraine. (to
the original material)
- Phone numbers
of 1,900 Signal users exposed as a result of
Twilio security breach. (to
the original material)
- Bad Data “For
Good”: How Data Brokers Try to Hide Behind
Academic Research. (to
the original material)
- General
Monitoring is not the Answer to the Problem of
Online Harms. (to
the original material)
- Retbleed
attack, or Spectre strikes back. (to
the original material)
- SocGholish: 5+
Years of Massive Website Infections. (to
the original material)
- IDaaS, Zero
Trust, and security-in-depth. (to
the original material)
- Brazilian
police launch investigation targeting Lapsus$
group. (to
the original material)
- UK water
company confirms cyberattack after confusion over
ransomware group threats. (to
the original material)
15.08.2022
- News
from cyber security.
- Why it’s past
time we operationalized cybersecurity. (to
the original material)
- Credential
phishing attacks skyrocketing, 265 brands
impersonated in H1 2022. (to
the original material)
- Ransomware is
back, healthcare sector most targeted. (to
the original material)
- Argentina's
Judiciary of Córdoba hit by PLAY ransomware
attack. (to
the original material)
- Monero hard
fork (a radical change to a network's protocol
that makes previously invalid blocks and
transactions valid, or vice-versa) makes hackers'
favorite coin even more private. (to
the original material)
- Malicious PyPi
packages aim DDoS attacks at Counter-Strike
servers. (to
the original material)
- Twilio hack
exposed Signal phone numbers of 1,900 users. (to
the original material)
- Microsoft
disrupts Russian hackers' operation on NATO
targets. (to
the original material)
- Russian hackers
target Ukraine with default Word template
hijacker. (to
th original material)
- Windows
KB5012170 Secure Boot DBX update may fail with
0x800f0922 error. (to
the original material)
- Callback
phishing attacks see massive 625% growth since Q1
2021. (to
the original material)
- Microsoft
disrupts SEABORGIUM ’s ongoing phishing
operations. (to
the original material)
- VNC instances
exposed to Internet pose critical infrastructures
at risk. (to
the original material)
- SOVA Android
malware now also encrypts victims’ files. (to
the original material)
- A new PyPI
Package was found delivering fileless Linux
Malware. (to
the original material)
- Iron Tiger APT
is behind a supply chain attack that employed
messaging app MiMi. (to
the original material)
- EFF & ACLU
Brief: SFPD Violated Surveillance Law by Spying on
Protests for Black Lives. (to
the original material)
- RTF shares
defense blueprint for ransomware. (to
the original material)
- Microsoft
disrupts Russia-linked hacking group targeting
defense and intelligence orgs. (to
the original material)
- Inglis: People,
companies need to replicate collective cyber
defense seen in Ukraine. (to
the original material)
14.08.2022 - News from cyber security.
- Week in review:
Cisco hacked, Kali Linux 2022.3 released, Black
Hat USA 2022. (to
the original material)
- Over 9,000 VNC
servers exposed online without a password. (to
the original material)
- A flaw in
Xiaomi phones using MediaTek Chips could allow to
forge transactions. (to
the original material)
- CISA, FBI
shared a joint advisory to warn of Zeppelin
ransomware attacks. (to
the original material)
13.08.2022
- News
from cyber security.
12.08.2022 - News from cyber security.
- How bad actors are utilizing the InterPlanetary File Systems (IPFS). (to the original material)
- SOVA malware
adds ransomware feature to encrypt Android
devices. (to
the original material)
- Killnet claims
to have breached Lockheed Martin. (to
the original material)
- Three flaws
allow attackers to bypass UEFI Secure Boot
feature. (to
the original material)
- Playing for All
the Jelly Beans at the EFF Benefit Poker
Tournament at DEF CON. (to
the original material)
- What Is the US
Economic System – How to Learn From the Past and
Invest In Your Future. (to
the original material)
12.08.2022 - News from cyber security.
- Threat Roundup
for August 5 to August 12. (to
the original material)
- The potential
consequences of data breach, and romance scams –
Week in security with Tony Anscombe. (to
the original material)
- Black Hat 2022
‑ Cyberdefense in a global threats era. (to
the original material)
- Safety first:
how to tweak the settings on your dating apps. (to
the original material)
- Attacks on
healthcare organizations increase 90 percent. (to
the original material)
- The impact of
exploitable misconfigurations on network security.
(to
the original material)
- 25% of
employees don’t care enough about cybersecurity to
report a security incident. (to
the original material)
- New infosec
products of the week: August 12, 2022. (to
the original material)
- Malicious PyPI
packages drop ransomware, fileless malware. (to
the original material)
- Organizations
would like the government to help with ransomware
demand costs. (to
the original material)
- Ransomware is
not going anywhere: Attacks are up 24%. (to
the original material)
- How bad actors are utilizing the InterPlanetary File Systems (IPFS). (to the original material)
- The Week in
Ransomware - August 12th 2022 - Attacking the
defenders. (to
the original material)
- Chinese hackers
backdoor chat app with new Linux, macOS malware. (to
the original material)
- Anonymous poop
gifting site hacked, customers exposed. (to
the original material)
- Microsoft
blocks UEFI bootloaders enabling Windows Secure
Boot bypass. (to
the original material)
- Twilio: 125
customers affected by data breach, no passwords
stolen. (to
the original material)
- Palo Alto
Networks: New PAN-OS DDoS flaw exploited in
attacks. (to
the original material)
- Xiaomi phones
with MediaTek chips vulnerable to forged payments.
(to
the original material)
- Lax Security
Courts Liability, Says US CFPB. (to
the original material)
- Feds Warn
Healthcare Entities of 'Evernote' Phishing Scheme.
(to
the original material)
- Lawmakers
Request 'Urgent' Cyber Briefing With HHS Leaders.
(to
the original material)
- ISMG Editors:
Analyzing the Twilio Breach. (to
the original material)
- Ransomware
Groups Refine Shakedown and Monetization Models. (to
the original material)
- Zero Trust:
Incorporate Critical, Systems, Design Thinking. (to
the original material)
- Cyber
Insurance: A Helping Hand But Premiums Are Rising.
(to
the original material)
- Black Hat:
Incident Recovery, Threat Hunts & Blockchain
Woes. (to
the original material)
- The US offers a
$10M rewards for info on the Conti ransomware
gang’s members. (to
the original material)
- Experts warn of
mass exploitation of an RCE flaw in Zimbra
Collaboration Suite. (to
the original material)
- BazarCall
attacks have revolutionized ransomware operations.
(to
the original material)
- Online
Platforms Should Stop Partnering with Government
Agencies to Remove Content. (to
the original material)
- Understanding
and Celebrating Financial Awareness Day. (to
the original material)
- Data Safety
instead of App Permissions. (to
the original material)
- An Effective
Strategy for Communicating Cybersecurity Risk to
the Board. (to
the original material)
- The Swan Song
for Driver Signature Enforcement Tampering. (to
the original material)
- Lessons from
T-Mobile’s $350M breach settlement. (to
the original material)
- How network
segmentation can help secure your business. (to
the original material)
- CISA orders
civilian agencies to patch Zimbra bug after mass
exploitation. (to
the original material)
- AT&T denies
connection to database of 23 million SSNs, says it
may be tied to credit agency breach. (to
the original material)
11.08.2022
- News
from cyber security.
- Cybersecurity
news of the week (11.08.2022). (to
the original material)
- CISA Adds Two
Known Exploited Vulnerabilities to Catalog. (to
the original material)
- Cisco Releases
Security Update for Multiple Products. (to
the original material)
-
#StopRansomware: Zeppelin Ransomware. (to
the original material)
- Threat Source
newsletter (Aug. 11, 2022) - All of the
things-as-a-service. (to
the original material)
- Don't be fooled
by scammers on Tinder. (to
the original material)
- An eighties
classic – Zero Trust. (to
the original material)
- The Importance
of Website Logs. (to
the original material)
- Stolen data
used to launch more effective BEC attacks. (to
the original material)
- Cybercriminals
take shortcuts to attack business PCs. (to
the original material)
- Which malware
delivery techniques are currently favored by
attackers?. (to
the original material)
- SquarePhish:
Advanced phishing tool combines QR codes and OAuth
2.0 device code flow. (to
the original material)
- Why SAP systems
need to be brought into the cybersecurity fold. (to
the original material)
- Cisco has been
hacked by a ransomware gang. (to
the original material)
- As the cost of
cyber insurance rises, the number of organizations
who can’t afford it is set to double. (to
the original material)
- US govt will
pay you $10 million for info on Conti ransomware
members. (to
the original material)
- Zimbra auth
bypass bug exploited to breach over 1,000 servers.
(to
the original material)
- FBI: Zeppelin
ransomware may encrypt devices multiple times in
attacks. (to
the original material)
- UK NHS service
recovery may take a month after MSP ransomware
attack. (to
the original material)
- Access to
hacked corporate networks still strong but sales
fall. (to
the original material)
- GitHub's new
privacy policy sparks backlash over tracking
cookies. (to
the original material)
- Ex-Twitter
Employee Found Guilty of Spying for Saudi Arabia.
(to
the original material)
- Alleged
Business Email Compromise Fraudsters Extradited. (to
the original material)
- FTC Probes
BitMart After $200M Theft at Crypto Exchange. (to
the original material)
- Ransomware
Attack Caused NHS IT Outage, Says Vendor. (to
the original material)
- FTC Initiates
Privacy and Data Security Rule-Making. (to
the original material)
- How Code
Hardening Enables Mobile App Developers to Meet
OWASP MASVS Recommendations. (to
the original material)
- Cisco Hacked:
Firm Traces Intrusion to Initial Access Broker. (to
the original material)
- Secrets in the
Code: Open-Source API Security Risks. (to
the original material)
- Cyber
Operations Keep Affecting Civilians as War
Continues. (to
the original material)
- Palo Alto
Networks warns of Reflected Amplification DoS
issue in PAN-OS. (to
the original material)
- Ex Twitter
employee found guilty of spying for Saudi Arabian
government. (to
the original material)
- Cisco fixed a
flaw in ASA, FTD devices that can give access to
RSA private key. (to
the original material)
- Andariel
attacks with DTrack and Maui. (to
the original material)
10.08.2022 - News from cyber security.
- Palo Alto
Networks Releases Security Update for PAN-OS. (to
the original material)
- CISA Releases
Cybersecurity Toolkit to Protect U.S. Elections. (to
the original material)
- Real-world
threat response: What are organizations doing
wrong? (to
the original material)
- 36% of orgs
expose insecure FTP protocol to the internet, and
some still use Telnet. (to
the original material)
- Identity is the
killer context: 4 ways to stay in control. (to
the original material)
- AWSGoat: Easy
to deploy vulnerable AWS infrastructure for
pentesters. (to
the original material)
- Majority of
SMBs lack 24/7 security operations to detect
threats. (to
the original material)
- The challenges
of managing the modern external attack surface. (to
the original material)
- New dark web
markets claim association with criminal cartels. (to
the original material)
- 7-Eleven
Denmark confirms ransomware attack behind store
closures. (to
the original material)
- Automotive
supplier breached by 3 ransomware gangs in 2
weeks. (to
the original material)
- Ransomware
gangs move to 'callback' social engineering
attacks. (to
the original material)
- Cisco hacked by
Yanluowang ransomware gang, 2.8GB allegedly
stolen. (to
the original material)
- Hacker uses new
RAT malware in Cuba Ransomware attacks. (to
the original material)
- Cisco fixes bug
allowing RSA private key theft on ASA, FTD
devices. (to
the original material)
- Phishing attack
abuses Microsoft Azure, Google Sites to steal
crypto. (to
the original material)
- Google now
blocks Workspace account hijacking attempts
automatically. (to
the original material)
- Cisco Talos
shares insights related to recent cyber attack on
Cisco. (to
the original material)
- AI-based
security solution protects email and messaging. (to
the original material)
- CISA warns of
UnRAR security flaw affecting Linux systems. (to
the original material)
- Malware,
botnets and exploits all soar in second quarter of
2022. (to
the original material)
- Microsoft
releases KB5016629 update to fix Windows 11 Start
menu problems and security issues. (to
the original material)
- Hardware MFA
Stops Attack on Cloudflare. (to
the original material)
- Microsoft
Patches 'DogWalk' Zero-Day in August Patch
Tuesday. (to
the original material)
- Patch Alert:
Exploit Code Publicly Released for VMware Flaws. (to
the original material)
- Black Hat 2022
Opens Today With Focus on Emerging Threats. (to
the original material)
- 2 Healthcare
Hacks Affect Nearly 300,000 Patients. (to
the original material)
- MDR vs Managed
EDR: The Two Meanings of Managed. (to
the original material)
- Cisco was
hacked by the Yanluowang ransomware gang. (to
the original material)
- Risky Business:
Enterprises Can’t Shake Log4j flaw. (to
the original material)
- Experts found
10 malicious packages on PyPI used to steal
developers’ data. (to
the original material)
- Hackers behind
Twilio data breach also targeted Cloudflare
employees. (to
the original material)
-CISA adds UnRAR
and Windows flaws to Known Exploited
Vulnerabilities Catalog. (to
the original material)
- VMware warns of
public PoC code for critical auth bypass bug
CVE-2022-31656. (to
the original material)
- How California
Reproductive Health Workers Can Protect
Information They Submit to the Government. (to
the original material)
- DogWalk and
other vulnerabilities. (to
the original material)
- What is it
about healthcare? (to
the original material)
- How “The Lord
of the Rings” predicted modern IAM (Identity and
Access Management) challenges. (to
the original material)
09.08.2022
- News
from cyber security.
- Microsoft
Releases August 2022 Security Updates. (to
the original material)
- Adobe Releases
Security Updates for Multiple Products. (to
the original material)
- VMware Releases
Security Updates. (to
the original material)
- CISA Adds Two
Known Exploited Vulnerabilities to Catalog. (to
the original material)
- Microsoft fixes
exploited zero-day in Windows Support Diagnostic
Tool (CVE-2022-34713). (to
the original material)
- Kali Linux
2022.3 released: Packages for test labs, new
tools, and a community Discord server. (to
the original material)
- Three
ransomware gangs consecutively attacked the same
network. (to
the original material)
- Dissecting
Google’s Titan M chip: Vulnerability research
challenges. (to
the original material)
- Twilio confirms
data breach after its employees got phished. (to
the original material)
- Cyber
syndicates are working with amateur attackers to
target businesses. (to
the original material)
- Understanding
your attack surface is key to recognizing what you
are defending. (to
the original material)
- Introducing the
book: If It’s Smart, It’s Vulnerable. (to
the original material)
- LogoKit update:
The phishing kit leveraging open redirect
vulnerabilities. (to
the original material)
- 5 key things we
learned from CISOs of smaller enterprises survey.
(to
the original material)
- CISA warns of
Windows and UnRAR flaws exploited in the wild. (to
the original material)
- How hackers are
stealing credit cards from classifieds sites. (to
the original material)
- Microsoft:
Exchange ‘Extended Protection’ needed to fully
patch new bugs. (to
the original material)
- Kali Linux
2022.3 adds 5 new tools, updates Linux kernel, and
more. (to
the original material)
- Microsoft
patches Windows DogWalk zero-day exploited in
attacks. (to
the original material)
- Microsoft
August 2022 Patch Tuesday fixes exploited
zero-day, 121 flaws. (to
the original material)
- Cloudflare
employees also hit by hackers behind Twilio
breach. (to
the original material)
- 10 malicious
PyPI packages found stealing developer's
credentials. (to
the original material)
- VMware warns of
public exploit for critical auth bypass
vulnerability. (to
the original material)
- Maui ransomware
operation linked to North Korean 'Andariel'
hackers. (to
the original material)
- Hackers install
Dracarys Android malware using modified Signal
app. (to
the original material)
- Microsoft Patch
Tuesday for August 2022 - Snort rules and
prominent vulnerabilities. (to
the original material)
- How to check if
your PC has been hacked, and what to do next. (to
the original material)
- Fake Instagram
Verification & Twitter Badge Phishing. (to
the original material)
- 80 percent of
enterprises use open source software and nearly
all worry about security. (to
the original material)
- IBM makes open
source toolkit available to fight software supply
chain attacks. (to
the original material)
- WhatsApp is
gaining some great new privacy features including
screenshot blocking. (to
the original material)
- North Korean
Cryptocurrency Hacking Poised to Get Even Worse. (to
the original material)
- Ransomware Leak
Site Listings Invite Follow-On Attacks. (to
the original material)
- Fresh Guilty
Plea Follows Crackdown on BitMEX Exchange. (to
the original material)
- Microsoft Patch
Tuesday for August 2022 fixed actively exploited
zero-day. (to
the original material)
- Experts linked
Maui ransomware to North Korean Andariel APT. (to
the original material)
- Chinese actors
behind attacks on industrial enterprises and
public institutions. (to
the original material)
- US sanctioned
crypto mixer Tornado Cash used by North
Korea-linked APT. (to
the original material)
- Malicious file
analysis – Example 01. (to
the original material)
08.08.2022
- News
from cyber security.
- Vulnerability
Summary for the Week of August 1, 2022. (to
the original material)
- Small-time
cybercrime is about to explode - We aren't ready.
(to
the original material)
- Cyberattacks on
healthcare organizations negatively impact patient
care. (to
the original material)
- Data privacy
regulation a top three challenge for IoT adopters.
(to
the original material)
- What Black Hat
USA 2022 attendees are concerned about. (to
the original material)
- deBridge
Finance crypto platform targeted by Lazarus
hackers. (to
the original material)
- Email marketing
firm hacked to steal crypto-focused mailing lists.
(to
the original material)
- US sanctions
crypto mixer Tornado Cash used by North Korean
hackers. (to
the original material)
- Twilio
discloses data breach after SMS phishing attack on
employees. (to
the original material)
- 7-Eleven stores
in Denmark closed due to a cyberattack. (to
the original material)
- Chinese hackers
use new Windows malware to backdoor govt, defense
orgs. (to
the original material)
- 4.5 million
devices exposed to oldies but baddies
vulnerabilities. (to
the original material)
- How businesses
can improve their cyber resilience [Q&A]. (to
the original material)
- Twitter comes
clean about serious security incident affecting
millions of accounts. (to
the original material)
- Orchard botnet
uses Bitcoin Transaction info to generate DGA
domains. (to
the original material)
- Twilio
discloses data breach that impacted customers and
employees. (to
the original material)
- LogoKit update
– The phishing kit leveraging Open Redirect
Vulnerabilities. (to
the original material)
- Attackers abuse
open redirects in Snapchat and Amex in phishing
attacks. (to
the original material)
- Microsoft is
blocking Tutanota email addresses from registering
a MS Teams account. (to
the original material)
- ILOVEYOU: the
virus that loved everyone. (to
the original material)
- Life After
Death - SmokeLoader Continues to Haunt Using Old
Vulnerabilities. (to
the original material)
- Cybersecurity
is finally becoming a real team sport. (to
the original material)
07.08.2022 - News from cyber security.
- North Korean
hackers target crypto experts with fake Coinbase
job offers. (to
the original material)
- Snapchat, Amex
sites abused in Microsoft 365 phishing attacks. (to
the original material)
- Serious
cyberattack hits German Chambers of Industry and
Commerce (DIHK). (to
the original material)
- Security
Affairs newsletter Round 377. (to
the original material)
- GwisinLocker
ransomware exclusively targets South Korea. (to
the original material)
- Week in review:
Spot deep-faked job candidates, data exfiltration
via bookmarks, Patch Tuesday forecast. (to
the original material)
- The cyber
threats and trends that will dominate going into
2023. (to
the original material)
06.08.2022
- News
from cyber security.
- Microsoft Edge
gets better security defaults on less popular
sites. (to
the original material)
- New
GwisinLocker ransomware encrypts Windows and Linux
ESXi servers. (to
the original material)
- Twitter
Confirms Zero-Day Bug That Exposed 5.4M Accounts.
(to
the original material)
- Greek
intelligence service used surveillance malware to
spy on a journalist, Reuters reports. (to
the original material)
- Slack resets
passwords for about 0.5% of its users due to the
exposure of salted password hashes. (to
the original material)
- 84 percent of
companies have only basic cloud security
capability. (to
the original material)
- 94 percent of
companies have had security incidents with
production APIs. (to
the original material)
- Industrial
systems under threat from wipers and IoT botnets.
(to
the original material)
05.08.2022 - News from cyber security.
- August 2022
Patch Tuesday forecast: Printers again? (to
the original material)
- New infosec
products of the week: August 5, 2022. (to
the original material)
- Risk astute
leadership: Converting intelligence into
actionable controls. (to
the original material)
- MI-X: Open
source project helps you understand whether you
are exploitable. (to
the original material)
- Organizations
grew to love Kubernetes: Usage in production is
high. (to
the original material)
- UK NHS suffers
outage after cyberattack on managed service
provider. (to
the original material)
- The Week in
Ransomware - August 5th 2022 - A look at cyber
insurance. (to
the original material)
- Slack resets
passwords after exposing hashes in invitation
links. (to
the original material)
- Hackers are
actively exploiting password-stealing flaw in
Zimbra. (to
the original material)
- Twitter
confirms zero-day used to expose data of 5.4
million accounts. (to
the original material)
- Facebook finds
new Android malware used by APT hackers. (to
the original material)
- DuckDuckGo
browser now blocks all Microsoft trackers, most of
the time. (to
the original material)
- US Extradites
Russian Accused of Crypto Laundering. (to
the original material)
- FFIEC Solicits
Comments on Cybersecurity Assessment Tool. (to
the original material)
- Reports: NHS
Dealing With IT Outages Due to Cyber Incident. (to
the original material)
- HHS HC3 Warns
Healthcare of IoT Device, Open Web App Risks. (to
the original material)
- Europe Gets a
New DDoS Attack Record. (to
the original material)
- Nomad Entices
Thieves of $190M Hack With Offer to Keep 10%. (to
the original material)
- ISMG Editors:
Ransomware Groups Aiming for Smaller Targets. (to
the original material)
- The Ransomware
Files, Ep. 10: Dr. Ransomware, Part 2. (to
the original material)
- Okta's Marc
Rogers on Why Beating Ransomware Is a Team Sport.
(to
the original material)
- Twitter
confirms zero-day used to access data of 5.4
million accounts. (to
the original material)
- The popularity
of Dark Utilities ‘C2-as-a-Service’ rapidly
increases. (to
the original material)
- DHS warns of
critical flaws in Emergency Alert System
encoder/decoder devices. (to
the original material)
- CISA adds
Zimbra email bug to Known Exploited
Vulnerabilities Catalog. (to
the original material)
- Mysterious
threat actor TAC-040 used previously undetected
Ljl Backdoor. (to
the original material)
- New Linux
botnet RapperBot brute-forces SSH servers. (to
the original material)
- Threat Roundup
for July 29 to August 5. (to
the original material)
- New SDR feature
released for Cisco Secure Email. (to
the original material)
- Develop a
zero‑trust environment to protect your
organization – Week in security with Tony
Anscombe. (to
the original material)
- 8 Common
Facebook Marketplace Scams and How to Avoid Them.
(to
the original material)
- To tackle the
data breach epidemic we need to get the basics
right. (to
the original material)
- Zero Trust,
XDR, and digital transformation: Interview with
Fleming Shi. (to
the original material)
04.08.2022
- News
from cyber security.
- Press release:
FIRST makes changes to the TLP protocol. (to
the original material)
- Cybersecurity
news of the week (04.08.2022). (to
the original material)
- CISA Adds One
Known Exploited Vulnerability to Catalog. (to
the original material)
- Cisco Releases
Security Updates for RV Series Routers. (to
the original material)
- F5 Releases
Security Updates. (to
the original material)
- 6 ways your
cloud data security policies are slowing
innovation – and how to avoid that. (to
the original material)
- How can
organizations stay ahead of cybersecurity
challenges? (to
the original material)
- A third of
organizations experience a ransomware attack once
a week. (to
the original material)
- Universities
are at risk of email-based impersonation attacks.
(to
the original material)
- Ransomware
Response Essential: Fixing Initial Access Vector.
(to
the original material)
- Dental Care
Alliance Settles Breach Lawsuit for $3 Million. (to
the original material)
- Hackers stole
$200 million from the Nomad crypto bridge. (to
the original material)
- Cisco addressed
critical flaws in Small Business VPN routers. (to
the original material)
- Critical RCE
vulnerability impacts 29 models of DrayTek
routers. (to
the original material)
- New Traffic
Light Protocol standard released after five years.
(to
the original material)
- Hackers try to
extort survey firm QuestionPro after alleged data
theft. (to
the original material)
- DHS warns of
critical flaws in Emergency Alert System devices.
(to
the original material)
- Thousands of
hackers flock to 'Dark Utilities' C2-as-a-Service.
(to
the original material)
- New Linux
malware brute-forces SSH servers to breach
networks. (to
the original material)
- Cybersecurity
agencies reveal last year’s top malware strains. (to
the original material)
- German Chambers
of Industry and Commerce hit by 'massive'
cyberattack. (to
the original material)
- More Mobile
Devices, More Problems, Security Survey Finds. (to
the original material)
- New Woody RAT
used in attacks aimed at Russian entities. (to
the original material)
- Unauthenticated
RCE can allow hacking DrayTek Vigor routers
without user interaction. (to
the original material)
- Taiwan
Government websites suffered DDoS attacks during
the Nancy Pelosi visit. (to
the original material)
- India nixes
privacy bill that alarmed big tech companies. (to
the original material)
- Threat Source
newsletter (Aug. 4, 2022) - BlackHat 2022 preview.
(to
the original material)
- Attackers
leveraging Dark Utilities "C2aaS" platform in
malware campaigns. (to
the original material)
- 0xCC'd. (to
the original material)
- 5 reasons why
GDPR was a turning point in personal data
protection. (to
the original material)
- Don’t get
singed by scammers while you’re carrying the torch
for Tinder. (to
the original material)
- Start as you
mean to go on: the top 10 steps to securing your
new computer. (to
the original material)
- How to Create
Secure Passwords for Your Website in 6 Easy Steps.
(to
the original material)
- The evolution
of security: the story of Code Red. (to
the original material)
- Advancing
Artificial Intelligence-Enabled Cybersecurity in
Network Detection Response. (to
the original material)
- Ransomware
Roundup: Redeemer, Beamed, and More. (to
the original material)
03.08.2022
- News
from cyber security.
- Anatomy of an anti-phishing catch. (to the original material)
- VMware Releases
Security Updates. (to
the original material)
- Phishers use
custom phishing kit to hijack MFA-protected
enterprise Microsoft accounts. (to
the original material)
- VMware: Patch
this critical vulnerability immediately!
(CVE-2022-31656). (to
the original material)
- How to spot
deep-faked candidates during interviews. (to
the original material)
- Machine
learning creates a new attack surface requiring
specialized defenses. (to
the original material)
- How to minimize
your exposure to supply chain attacks. (to
the original material)
- eBook:
Privileged Access Management for Dummies. (to
the original material)
- 87% of the
ransomware found on the dark web has been
delivered via malicious macros. (to
the original material)
- Russian
organizations attacked with new Woody RAT malware.
(to
the original material)
- Cloned Atomic
Wallet website is pushing Mars Stealer malware. (to
the original material)
- Spanish
research agency still recovering after ransomware
attack. (to
the original material)
- Windows 11
Smart App Control blocks files used to push
malware. (to
the original material)
- Microsoft
accounts targeted with new MFA-bypassing phishing
kit. (to
the original material)
- Cisco fixes
critical remote code execution bug in VPN routers.
(to
the original material)
- Ukraine takes
down 1,000,000 bots used for disinformation. (to
the original material)
- Thousands of
Solana wallets drained in attack using unknown
exploit. (to
the original material)
- 35,000 code
repos not hacked - but clones flood GitHub to
serve malware. (to
the original material)
- Proof of
Concept: China's Threat to National Security. (to
the original material)
- Nomad Recovers
$11M of $190M Stolen in Frenzied Attack. (to
the original material)
- Hackers Steal
$8M in Ongoing Attack on Solana Hot Wallets. (to
the original material)
- Hacking
Concerns Delay Balloting for New UK Prime
Minister. (to
the original material)
- Reducing Risk
by Breaking Down Supply Chain Siloes. (to
the original material)
- Power
semiconductor component manufacturer Semikron
suffered a ransomware attack. (to
the original material)
- Manjusaka, a
new attack tool similar to Sliver and Cobalt
Strike. (to
the original material)
- Google fixed
Critical Remote Code Execution flaw in Android. (to
the original material)
- Busting the
Myths of Hardware Based Security. (to
the original material)
- Atlassian
patches email template vulnerability in Jira. (to
the original material)
- Patches out for
serious vulnerabilities in several VMware
products. (to
the original material)
- Vulnerability
Spotlight: Vulnerabilities in Alyac antivirus
program could stop virus scanning, cause code
execution. (to
the original material)
- So RapperBot,
What Ya Bruting For? (to
the original material)
- A Journey to
Network Protocol Fuzzing – Dissecting Microsoft
IMAP Client Protocol. (to
the original material)
- Anatomy of an anti-phishing catch. (to the original material)
- What is
identity-as-a-service and why should you care? (to
the original material)
02.08.2022
- News
from cyber security.
- CISA and ACSC
Release Top 2021 Malware Strains. (to
the original material)
- Vulnerability
Summary for the Week of July 25, 2022. (to
the original material)
- “ParseThru”
vulnerability allows unauthorized access to
cloud-native applications. (to
the original material)
- Browser
synchronization abuse: Bookmarks as a covert data
exfiltration channel. (to
the original material)
- How AI and
cybersecurity complement each other. (to
the original material)
- State of
cybersecurity funding in the first half of 2022. (to
the original material)
- SimpleRisk:
Enterprise risk management simplified. (to
the original material)
- Burnout and
attrition impact tech teams sustaining modern
digital systems. (to
the original material)
- Chinese hackers
use new Cobalt Strike-like attack framework. (to
the original material)
- Semiconductor
manufacturer Semikron hit by LV ransomware attack.
(to
the original material)
- Wolf in sheep’s
clothing: how malware tricks users and antivirus.
(to
the original material)
- Mobile store
owner hacked T-Mobile employees to unlock phones.
(to
the original material)
- VMware urges
admins to patch critical auth bypass bug
immediately. (to
the original material)
- EU missile
maker MBDA confirms data theft extortion, denies
breach. (to
the original material)
- Aetna Reports
326,000 Affected by Mailing Vendor Hack. (to
the original material)
- Big Clinic
Breach Tied to Vendor's 2021 Ransomware Attack. (to
the original material)
- New York Nabs
$30M From Robinhood Crypto in Regulatory Fine. (to
the original material)
- Crypto Bridge
Nomad Loses $190M in Free-For-All Attack. (to
the original material)
- The
Cryptocurrency Bloodbath and the Future of Crypto.
(to
the original material)
- VMware fixed
critical authentication bypass vulnerability. (to
the original material)
- Manjusaka: A
Chinese sibling of Sliver and Cobalt Strike. (to
the original material)
- Stay Safe
Online: How to Surf the Web Safely. (to
the original material)
- FBI issues job
applicant warning involving deepfakes. (to
the original material)
01.08.2022
- News
from cyber security.
- Ransomware
gangs are hitting roadblocks, but aren’t stopping
(yet). (to
the original material)
- Cyberattack
prevention is cost-effective, so why aren’t
businesses investing to protect? (to
the original material)
- Now is the time
to focus on software supply chain security
improvements. (to
the original material)
- The most
impersonated brand in phishing attacks? Microsoft.
(to
the original material)
- Test your
security configuration with a free assessment tool
from CIS. (to
the original material)
- Most companies
are unprepared for CCPA and GDPR compliance. (to
the original material)
- Infosec
products of the month: July 2022. (to
the original material)
- Over 3,200 apps
leak Twitter API keys, some allowing account
hijacks. (to
the original material)
- Microsoft
Defender Experts for Hunting now generally
available. (to
the original material)
- Steam, PayPal
blocked as Indonesia enforces new Internet
regulation. (to
the original material)
- BlackCat
ransomware claims attack on European gas pipeline.
(to
the original material)
- Australian man
charged with creating and selling the Imminent
Monitor spyware. (to
the original material)
- A flaw in Dahua
IP Cameras allows full take over of the devices. (to
the original material)
- US Federal
Communications Commission (FCC) warns of the rise
of smishing attacks. (to
the original material)
- How Leaked
Twitter API Keys Can be Used to Build a Bot Army.
(to
the original material)
- 2 Vendor Hacks
Affect Nearly 1.5 Million and Counting. (to
the original material)
- Weary
Cybercriminals Turn to Cryptojacking Banks:
Report. (to
the original material)
- Maintaining
Momentum in Your Security Strategy. (to
the original material)
- Should US Banks
Do More to Reduce APP Fraud? (to
the original material)
- Tracking
Ransomware: Here's Everything We Still Don’t Know.
(to
the original material)
- Student
details, photos exposed in University of WA data
breach. (to
the original material)
- Vulnerability
Spotlight: How misusing properly serialized data
opened TCL LinkHub Mesh Wi-Fi system to 17
vulnerabilities. (to
the original material)
- Researcher
Spotlight: You should have been listening to
Lurene Grenier years ago. (to
the original material)
- NFTs – a trend
or a newly discovered treasure? (to
the original material)
- Protection
through restriction: Apple’s new Lockdown Mode. (to
the original material)
- The Current and
Future State of Smart OT Security. (to
the original material)
- Fileless
Malware: What It Is and How It Works. (to
the original material)
Archive:
Source:
Note Dorin M.
This site has a double
form, one in HTML and one in Joomla (if you are interested
in the utility behind this effort you can read the "Why
a HTML and a CMS (Joomla)" page).
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
Dorin M - August 31, 2022