Study - Technical
- LMS-SFC (EN) - Cyber
Security - News archive
December 2022
Cyber Security - News Archive
December 2022
31.12.2022
- News
from cyber security.
- Reproductive Justice and
Digital Rights: 2022 in Review. (to
the original material)
- Schools and EdTech Need to
Study Up On Student Privacy: 2022 in Review. (to
the original material)
- Personal health information of 42M Americans leaked between 2016 and 2021. (to the original material)
- Why MFA Can't Combat
Growing Infostealer Malware Attacks. (to
the original material)
30.12.2022
- News
from cyber security.
- CISA adds JasperReports vulnerabilities to its Known Exploited Vulnerabilities Catalog. (to the original material)
- Ending the Scourge of
Redlining in Broadband Access: 2022 in Review. (to
the original material)
- Lockbit ransomware gang
claims to have hacked the Port of Lisbon. (to
the original material)
- CISA adds JasperReports vulnerabilities to its Known Exploited Vulnerabilities Catalog. (to the original material)
- Cybersecurity Leaders
Outline Future Trends Ahead of Infosecurity Europe 2023. (to
the original material)
- Ukraine closes fraudulent
call center that ripped off thousands. (to
the original material)
- Google Home speaker issue
allowed eavesdropping. (to
the original material)
- Twitter in the spotlight
in Ireland: newest data breach to be examined. (to
the original material)
- Researcher Uncovers
Potential Wiretapping Bugs in Google Home Smart Speakers. (to
the original material)
- CISA Warns of Active
exploitation of JasperReports Vulnerabilities. (to
the original material)
- Vulnerability management
strategies evolve in 2022 as supply chain risk grows. (to
the original material)
- Why organizations tend to
fall short on secure data management. (to
the original material)
- LockBit Group Claims
Attack on Port of Lisbon. (to
the original material)
- Scripps Health Reaches
$3.5 Million Data Breach Settlement. (to
the original material)
- Ukraine: Russian Hackers'
Focus Is Civilian Infrastructure. (to
the original material)
- Italian Healthcare Group
Targeted in Data-Leaking Shakedown. (to
the original material)
- ISMG Editors Panel:
Looking Back on 2022. (to
the original material)
- Zoom CISO's 2023
Cybersecurity Predictions. (to
the original material)
- LockBit ransomware claims
attack on Port of Lisbon in Portugal. (to
the original material)
- Canadian mining firm
shuts down mill after ransomware attack. (to
the original material)
- New Linux malware uses 30
plugin exploits to backdoor WordPress sites. (to
the original material)
- Economic uncertainty
compels IT leaders to rethink their strategy. (to
the original material)
- Cybercriminals create new
methods to evade legacy DDoS defenses. (to
the original material)
29.12.2022
- News
from cyber security.
- Thousands of Citrix servers still vulnerable to CVE-2022-27510 and CVE-2022-27518. (to the original material)
- LCMHS hospital suffered a Ransomware attack at Louisiana hospital that impacted 270,000 patients. (to the original material)
- Cybersecurity news of the
week (29.12.2022). (to
the original material)
- CISA Adds Two Known
Exploited Vulnerabilities to Catalog. (to
the original material)
- The Year We Got Serious
about Tech Monopolies: 2022 in Review. (to
the original material)
- Surveillance in San
Francisco: 2022 in Review. (to
the original material)
- Cybersecurity trends and
challenges to look out for in 2023. (to
the original material)
- Thousands of Citrix servers still vulnerable to CVE-2022-27510 and CVE-2022-27518. (to the original material)
- LCMHS hospital suffered a Ransomware attack at Louisiana hospital that impacted 270,000 patients. (to the original material)
- Geopolitical Tensions
Expected to Further Impact Cybersecurity in 2023. (to
the original material)
- Weight loss Android apps
skim on privacy protection. (to
the original material)
- Japanese police
successful in decrypting data attacked by LockBit
ransomware. (to
the original material)
- Thousands of Citrix
servers exposed to patched critical bugs. (to
the original material)
- Twitter’s short-lived
global outage: normality restored, but for how long? (to
the original material)
- LockBit claims an attack
on the Port of Lisbon. (to
the original material)
- Thousands of Citrix
Servers Still Unpatched for Critical Vulnerabilities. (to
the original material)
- New Malvertising Campaign
via Google Ads Targets Users Searching for Popular Software.
(to
the original material)
- Cyberwar in Ukraine,
ransomware fears drive 2022 surge in demand for threat
intelligence tools. (to
the original material)
- New threats expand use
cases for XDR threat detection in 2022. (to
the original material)
- Here’s what companies
should do to protect themselves in the WFH (work-from-home)
era. (to
the original material)
- Hive Ransomware Hits
Louisiana Hospitals, Leaks Patient Data. (to
the original material)
- Indian Railways Says It's
Not Source of Alleged Data Breach. (to
the original material)
- Why Governments Should
Give Incentives for Collaboration. (to
the original material)
- As Twitter Downplays
Outage, Security Concerns Persist. (to
the original material)
- Predicting the
Cybersecurity Future: Experts Preview 2023. (to
the original material)
- Improving Recovery From
Healthcare Ransomware Incidents. (to
the original material)
- A Self-Service Platform
to Secure Small Businesses. (to
the original material)
- Ukraine shuts down
fraudulent call center claiming 18,000 victims. (to
the original material)
- Netgear warns users to
patch recently fixed WiFi router bug. (to
the original material)
- Google Home speakers
allowed hackers to snoop on conversations. (to
the original material)
- Crypto platform 3Commas
admits hackers stole API keys. (to
the original material)
- 5G wireless connections
to reach 5.9 billion by the end of 2027. (to
the original material)
- Fraudsters’ working
patterns have changed in recent years. (to
the original material)
28.12.2022
- News
from cyber security.
- Vulnerability Summary for
the Week of December 19, 2022. (to
the original material)
- Pushing for Strong
Digital Rights in the States: 2022 in Review. (to
the original material)
- An Urgent Year for
Interoperability: 2022 in Review. (to
the original material)
- WordPress Vulnerability
& Patch Roundup December 2022. (to
the original material)
- Hive ransomware group hit
Louisiana hospital, impacted 270,000 patients. (to
the original material)
- Black Basta stole data
from numerous US electric utilities - media. (to
the original material)
- Toy maker Jakks Pacific
victimized by a second cybergang. (to
the original material)
- Cybersecurity firm links
Piers Morgan Twitter hack to massive leak of user data. (to
the original material)
- BitKeep Confirms Cyber
Attack, Loses Over $9 Million in Digital Currencies. (to
the original material)
- APT Hackers Turn to
Malicious Excel Add-ins as Initial Intrusion Vector. (to
the original material)
- Security pros question
why breached Louisiana hospital system took two months to
notify patients. (to
the original material)
- New endpoint security
challenges emerge in 2022 as attack surface expands. (to
the original material)
- Phishing, ransomware
continue to hinder email security through 2022. (to
the original material)
- DDoS attacks continue to
cripple organizations: here’s how to stay prepared. (to
the original material)
- Are Data Breach Class
Action Lawsuits Protecting Patients? (to
the original material)
- Meta Seeks $725 Million
Settlement Over Cambridge Analytica. (to
the original material)
- BlueNoroff Hackers Mimic
Banks, Bypass Windows Protection. (to
the original material)
- Ukraine Successfully
Blocked Over 4,500 Cyberattacks in 2022. (to
the original material)
- Children's Hospital
Expects Weekslong Ransomware Recovery. (to
the original material)
- North Korean Cyberattacks
Target South Korean Policy Experts. (to
the original material)
- Mango Markets Hacker
Charged with Fraud, Market Manipulation. (to
the original material)
- FTX Customers Sue Sam
Bankman-Fried, Seeking Asset Recovery. (to
the original material)
- Artificial Intelligence
and Machine Learning - Present & Future. (to
the original material)
- Hackers abuse Google Ads
to spread malware in legit software. (to
the original material)
- Royal ransomware claims
attack on Intrado telecom provider. (to
the original material)
- Thousands of Citrix
servers vulnerable to patched critical flaws. (to
the original material)
- Ransomware attack at
Louisiana hospital impacts 270,000 patients. (to
the original material)
- Reported phishing attacks
have quintupled. (to
the original material)
- 3 important changes in
how data will be used and treated. (to
the original material)
27.12.2022
- News
from cyber security.
- Uncovering the link between PrivateLoader PPI service and RisePro stealer. (to the original material)
- Users Worldwide Said
"Stop Scanning Us": 2022 in Review. (to
the original material)
- The State of Online Free
Expression Worldwide: 2022 in Review. (to
the original material)
- RansomBoggs: a new
ransomware targeting Ukraine. (to
the original material)
- 2022 in review: 10 of the
year’s biggest cyberattacks. (to
the original material)
- Uncovering the link between PrivateLoader PPI service and RisePro stealer. (to the original material)
- DPRK (Democratic People’s
Republic of Korea) hackers steal NFTs using phishing
websites. (to
the original material)
- We repel up to 10 Russian
cyberattacks daily, Ukraine says. (to
the original material)
- Privacy-minded DuckDuckGo
engine will now block Google Sign-in pop-ups. (to
the original material)
- BlueNoroff APT Hackers
Using New Ways to Bypass Windows MotW Protection. (to
the original material)
- Cloud security gaps
linger through 2022 post pandemic. (to
the original material)
- Zero trust confusion
delays implementation in 2022. (to
the original material)
- Five ways to leverage
technology to improve the lives of security analysts. (to
the original material)
- US Department of Justice
Reportedly Investigates FTX Hack. (to
the original material)
- Ohio Supreme Court Says
Ransomware Is Not Physical Damage. (to
the original material)
- Expert Gives Another
Reason to Fear the Phish: Smart AI Bots. (to
the original material)
- Financial Services Was
Among Most-Breached Sectors in 2022. (to
the original material)
- Hackers Steal Power
Utility Customer Data. (to
the original material)
- How to Reduce Clinician
Friction in a Zero Trust Approach. (to
the original material)
- BTC.com lost $3 million
worth of cryptocurrency in cyberattack. (to
the original material)
- Hackers steal $8 million
from users running trojanized BitKeep apps. (to
the original material)
- EarSpy attack eavesdrops
on Android phones via motion sensors. (to
the original material)
- Enterprises waste money
on identity tools they don’t use. (to
the original material)
- Modern technology and
cyber recovery will intersect in the next generation of
attacks. (to
the original material)
26.12.2022
- News
from cyber security.
- Police Drones and Robots:
2022 in Review. (to
the original material)
- The Battle For Online
Speech Moved To U.S. Courts: 2022 in Review. (to
the original material)
- Privacy Shouldn't Clock
Out When You Clock In: 2022 in Review. (to
the original material)
- The Adoption of the EU's
Digital Services Act: A Landmark Year for Platform
Regulation: 2022 in Review. (to
the original material)
- 26th December – Threat
Intelligence Report. (to
the original material)
- Choose your pickings: top
five tech TV shows of 2022. (to
the original material)
- GuLoader Malware
Utilizing New Techniques to Evade Security Software. (to
the original material)
- 2022 Top Five Immediate
Threats in Geopolitical Context. (to
the original material)
- PrivateLoader PPI Service
Found Distributing Info-Stealing RisePro Malware. (to
the original material)
- A Look Ahead:
Cybersecurity Trends to Watch in 2023. (to
the original material)
- North Korean Hackers
Steal NFTs via Phishing Websites. (to
the original material)
- Linux Critical
Kernel-Level Bug Affects SMB Servers. (to
the original material)
- Hacker claims to be
selling Twitter data of 400 million users. (to
the original material)
25.12.2022
- News
from cyber security.
- Hacking Governments and
Government Hacking in Latin America: 2022 in Review. (to
the original material)
- Raising A Glass with EFF
Members: 2022 in Review. (to
the original material)
- Microsoft fined €60
million in France for using advertising cookies without
consent. (to
the original material)
- Weekly recap: tracking
leader of Evil Corp and dealing with data breaches. (to
the original material)
- Week in review: LastPass
breach disaster, online tracking via UID smuggling,
ransomware in 2023. (to
the original material)
24.12.2022
- News
from cyber security.
- Pivotal Year for the
Metaverse and Extended Reality: 2022 in Review. (to
the original material)
- EFF’s Threat Lab Sharpens
Its Knives: 2022 in Review. (to
the original material)
- Expert found Backdoor
credentials in ZyXEL LTE3301 M209. (to
the original material)
- Raspberry Robin malware
used in attacks against Telecom and Governments. (to
the original material)
- W4SP Stealer Discovered
in Multiple PyPI Packages Under Various Names. (to
the original material)
- Reports: Inglis to soon
retire from Office of the National Cyber Director. (to
the original material)
- Hacker Claims to Have
Scraped 400M Twitter User Records. (to
the original material)
- New info-stealer malware
infects software pirates via fake cracks sites. (to
the original material)
23.12.2022
- News
from cyber security.
- Right to Repair
Legislation and Advocacy: 2022 in Review. (to
the original material)
- Lifting the Fog: 2022 in
Review. (to
the original material)
- Fighting Tech-Enabled
Abuse: 2022 in Review. (to
the original material)
- TikTok parent company
ByteDance revealed the use of TikTok data to track
journalists. (to
the original material)
- BetMGM discloses security
breach impacting 1.5 Million customers. (to
the original material)
- An Iranian group hacked
Israeli CCTV cameras, defense was aware but didn’t block it.
(to
the original material)
- LastPass revealed that
encrypted password vaults were stolen. (to
the original material)
- TikTok's Parent Company
Admits Using the Platform's Data to Track Journalists. (to
the original material)
- President Biden Signs
Quantum Cybersecurity Preparedness Act into Law. (to
the original material)
- ICO Slams Editors for
Comments on Journalism Code. (to
the original material)
- LastPass: Customer Vault
Data Was Taken. (to
the original material)
- Zerobot Botnet Devs Add
New Functionality. (to
the original material)
- Putin Team ransomware
emerges from leaked Conti’s source code. (to
the original material)
- LastPass tells world more
about recent breach, researchers frustrated. (to
the original material)
- Breaking Bad aficionado
scammed $130k out of novice crooks. (to
the original material)
- Killnet targeted US
healthcare sector organization. (to
the original material)
- FrodoPIR: New
Privacy-Focused Database Querying System. (to
the original material)
- Researchers Warn of
Kavach 2FA Phishing Attacks Targeting Indian Govt.
Officials. (to
the original material)
- Vice Society Ransomware
Attackers Adopt Robust Encryption Methods. (to
the original material)
- Google: Securing multiple
cloud environments the top challenge for SOCs in 2023. (to
the original material)
- Cybercriminals using
search engine ads to direct users to sites with malware, FBI
warns. (to
the original material)
- Three ways companies can
meet the evolving requirements of the insurance carriers. (to
the original material)
- Biden Signs Law to
Safeguard IT Against Quantum Computing. (to
the original material)
- LastPass Breach: Attacker
Stole Encrypted Password Vaults. (to
the original material)
- ISMG Editors: Why Zero
Trust Isn't the Answer to Everything. (to
the original material)
- Advancing
Standards-Based, Secure Health Data Exchange. (to
the original material)
- The Week in Ransomware -
December 23rd 2022 - Targeting Microsoft Exchange. (to
the original material)
- Hackers exploit bug in
WordPress gift card plugin with 50K installs. (to
the original material)
- Massive Twitter data leak
investigated by EU privacy watchdog. (to
the original material)
- Ghost CMS vulnerable to
critical authentication bypass flaw. (to
the original material)
- LastPass says attackers
got users’ info and password vault data. (to
the original material)
- Threat predictions for
2023: From hacktivism to cyberwar. (to
the original material)
22.12.2022
- News
from cyber security.
- Cybersecurity news of the
week (22.12.2022). (to
the original material)
- Tips on data security
during the winter holidays. (to
the original material)
- CISA Releases Four
Industrial Control Systems Advisories. (to
the original material)
- Every Supporter Counts in
EFF's Year-End Challenge. (to
the original material)
- Daycare and Early
Childhood Education Apps: 2022 in Review. (to
the original material)
- A Roller Coaster for
Decentralization: 2022 in Review. (to
the original material)
- 2022 Year in Review. (to the
original material)
- Employee apathy towards
digital security advice is real: how it manifests itself and
how to overcome it. (to
the original material)
- Vulnerability Spotlight:
OpenImageIO file processing issues could lead to arbitrary
code execution, sensitive information leak and denial of
service. (to
the original material)
- WP-CLI: How to Backup
WordPress. (to
the original material)
- Trying to Steal Christmas
(Again!). (to
the original material)
- Ransomware Roundup – Play
Ransomware. (to
the original material)
- Vice Society ransomware
gang is using a custom locker. (to
the original material)
- A new Zerobot variant
spreads by exploiting Apache flaws. (to
the original material)
- North Korea-linked
hackers stole $626 million in virtual assets in 2022. (to
the original material)
- FBI: Cyber-Criminals Are
Purchasing Search Engine Ad Services to Launch Attacks. (to
the original material)
- France Fines Microsoft
$64m for Imposing Ad Cookies to its Bing Users. (to
the original material)
- FCC Proposes Massive
$300m Fine for Robocall Firm. (to
the original material)
- UK Government: Sharing
Some Passwords is Illegal. (to
the original material)
- Ransomware Attack Hits
The Guardian Newspaper. (to
the original material)
- Researchers Develop
AI-powered Malware Classification for 5G-enabled IIoT. (to
the original material)
- Apple censored apps in
Hong Kong and Russia in the name of profit, rights group
says. (to
the original material)
- Inside FIN7 gang: death
threats and Colonial Pipeline links. (to
the original material)
- Reaching for the sky: FCC
proposes record $300m fine against robocall campaign. (to
the original material)
- Okta acknowledges breach
of company’s code repositories. (to
the original material)
- FIN7 Cybercrime Syndicate
Emerges as a Major Player in Ransomware Landscape. (to
the original material)
- The Era of Cyber Threat
Intelligence Sharing. (to
the original material)
- Critical Security Flaw
Reported in Passwordstate Enterprise Password Manager. (to
the original material)
- Two New Security Flaws
Reported in Ghost CMS Blogging Software. (to
the original material)
- Microsoft says Zerobot
can now exploit vulnerabilities in Apache and Apache Spark.
(to
the original material)
- Latest breach of Okta’s
GitHub repositories raises concerns about broader supply
chain attack. (to
the original material)
- How to improve workload
security. (to
the original material)
- Messaging tools are more
popular, but email won‘t go away anytime soon. (to
the original material)
- Judge Denies Motion to
Stop Health Data Scraping by Meta. (to
the original material)
- France Fines Microsoft
Ireland 60M Euros Over Bing Cookies. (to
the original material)
- Redefining Cloud Email
Security to Protect Against All Attack Types. (to
the original material)
- OneTrust CEO on
Regulatory, Automation Issues and Privacy. (to
the original material)
- Okta's GitHub Repository
Hacked; Code Stolen, Customers Safe. (to
the original material)
- UK Moves to 'Name and
Shame' Firms for Complaints, Breaches. (to
the original material)
- FTX Probe: Founder
Extradited; 2 Executives Plead Guilty. (to
the original material)
- Guardian Ransomware
Attack May Presage Holiday Blitzkrieg. (to
the original material)
- Medical Device Security
Provision Now Part of Spending Bill. (to
the original material)
- The Core of the Problem
With OT Control System Security. (to
the original material)
- Ransomware Experts Agree:
Don't Buy Data Deletion Promises. (to
the original material)
- Leading sports betting
firm BetMGM discloses data breach. (to
the original material)
- Lastpass: Hackers stole
customer vault data in cloud storage breach. (to
the original material)
- DuckDuckGo now blocks
Google sign-in pop-ups on all sites. (to
the original material)
- Comcast Xfinity accounts
hacked in widespread 2FA bypass attacks. (to
the original material)
- Vice Society ransomware
gang switches to new custom encryptor. (to
the original material)
- Brave launches FrodoPIR,
a privacy-focused database query system. (to
the original material)
- FIN7 hackers create
auto-attack platform to breach Exchange servers. (to
the original material)
- Dealing with cloud
security shortfalls. (to
the original material)
21.12.2022
- News
from cyber security.
- Press release:
#SafeOnline: Children and young people learned how to
protect themselves from online threats at the "Santa's Day
at the Senate" event. (to
the original material)
- California Courts Must
Protect Data Privacy. (to
the original material)
- ‘Tis the season for
gaming: Keeping children safe (and parents sane). (to
the original material)
- Vulnerability Spotlight:
Authentication bypass and enumeration vulnerabilities in
Ghost CMS. (to
the original material)
- The Taxman Never Sleeps.
(to
the original material)
- Play ransomware attacks
use a new exploit to bypass ProxyNotShell mitigations on
Exchange servers. (to
the original material)
- Okta revealed that its
private GitHub repositories were hacked this month. (to
the original material)
- Shoemaker Ecco leaks over
60GB of sensitive data for 500+ days. (to
the original material)
- German industrial giant
ThyssenKrupp targeted in a new cyberattack. (to
the original material)
- Cyber-Incident Causes
System Failures at Canadian Children's Hospital. (to
the original material)
- US Most Impacted by Data
Breaches in the Financial Industry in 2022. (to
the original material)
- UK Security Agency Wants
Fresh Approach to Combat Phishing. (to
the original material)
- Adult Google Ad Fraud
Campaign Garnered Millions of Impressions. (to
the original material)
- Godfather Trojan Targets
400 Financial Services Firms. (to
the original material)
- Two Americans sentenced
over mail fraud related to Ponzi scheme. (to
the original material)
- Critical Hikvision bug
allowed remote CCTV hacking. (to
the original material)
- Guardian newspaper hit by
suspected ransomware attack. (to
the original material)
- Musk will quit as Twitter
CEO when replacement is found. (to
the original material)
- Two charged over digital
queue-jumping scam at JFK airport. (to
the original material)
- German industrial giant
ThyssenKrupp under a cyberattack. (to
the original material)
- Largest internet outages
of 2022 affected millions of users. (to
the original material)
- Western banks whacked by
Russian-friendly Trojan, study finds. (to
the original material)
- The Rise of the Rookie
Hacker - A New Trend to Reckon With. (to
the original material)
- Ransomware Hackers Using
New Way to Bypass MS Exchange ProxyNotShell Mitigations. (to
the original material)
- Godfather uses ‘web
fakes’ to serve-up a ‘banking trojan that’s impossible to
refuse’. (to
the original material)
- Application and cloud
security to converge in 2023. (to
the original material)
- Three best practices for
AI/ML (Artificial Intelligence (AI) and
Machine Learning (ML)) security. (to
the original material)
- Zelenskyy Makes Case for
Ukraine Support in Washington Trip. (to
the original material)
- Godfather Android Banking
Trojan Steals Through Mimicry. (to
the original material)
- White House Cyber
Director Chris Inglis to Step Down. (to
the original material)
- Ukraine Takes Down
Domestic Pro-Kremlin Bot Farms. (to
the original material)
- Acronis CEO on Why
Service Providers Must Host Data Locally. (to
the original material)
- Advance Your Security
Awareness Training Program: 2022 Research Results. (to
the original material)
- Paging Hollywood: Hackers
Allegedly Hit JFK Airport … Taxis. (to
the original material)
- Managing the Evolving
Cyber Risk Posed by Third Parties. (to
the original material)
- Corsair keyboard bug
makes it type on its own, no malware involved. (to
the original material)
- Zerobot malware now
spreads by exploiting Apache vulnerabilities. (to
the original material)
- Russians hacked JFK
airport’s taxi dispatch system for profit. (to
the original material)
- FBI warns of search
engine ads pushing malware, phishing. (to
the original material)
- GodFather Android malware
targets 400 banks, crypto exchanges. (to
the original material)
- Okta's source code stolen
after GitHub repositories hacked. (to
the original material)
- New Microsoft Exchange
exploit chain lets ransomware attackers in (CVE-2022-41080).
(to
the original material)
- CISO roles continue to
expand beyond technical expertise. (to
the original material)
20.12.2022
- News
from cyber security.
- CISA Releases Six
Industrial Control Systems Advisories. (to
the original material)
- UK Privacy Regulator
Names and Shames Breached Firms. (to
the original material)
- Ukraine's Delta Military
Intel System Hit by Attacks. (to
the original material)
- UAC-0142 APT targets
Ukraine’s Delta military intelligence program. (to
the original material)
- Russia-linked Gamaredon
APT targeted a petroleum refining company in a NATO nation
in August. (to
the original material)
- Microsoft shares details
for a Gatekeeper Bypass bug in Apple macOS. (to
the original material)
- Malicious PyPI package
posed as SentinelOne SDK to serve info-stealing malware. (to
the original material)
- Here's How Apple Could
Open Its App Store Without Really Opening Its App Store. (to
the original material)
- User Generated Content
and the Fediverse: A Legal Primer. (to
the original material)
- VICTORY! There Is No Link
Tax in the End-of-Year Bills. (to
the original material)
- We Need to Talk About
Infrastructure. (to
the original material)
- VIP impersonation attack
on a Microsoft Office 365 environment targets 100,000
mailboxes. (to
the original material)
- Threat actors find way to
abuse the AWS Elastic IP Transfer feature. (to
the original material)
- Four principles employers
can follow while monitoring employees. (to
the original material)
- EU-US Data Privacy
Framework in Activist's Crosshairs. (to
the original material)
- Sysdig CEO on How Open
Source Fuels Cloud, Container Defense. (to
the original material)
- Russian Hackers Targeted
Oil Refinery Firm in NATO Country. (to
the original material)
- Risk-Based Security: What
to Look for in an MDR Provider. (to
the original material)
- The Troublemaker CISO:
Laziness, Failure, Great Expectations. (to
the original material)
- What Brands Get Wrong
About Customer Authentication. (to
the original material)
- Hack on a Services Firm's
Vendor Affects 271,000 Patients. (to
the original material)
- Protecting Your Brand
With Public Web Data Scraping. (to
the original material)
- Companies overwhelmed by
available tech solutions. (to
the original material)
- Connected homes are
expanding, so is attack volume. (to
the original material)
- Ransomware gang uses new
Microsoft Exchange exploit to breach servers. (to
the original material)
- VirusTotal cheat sheet
makes it easy to search for specific results. (to
the original material)
- Microsoft will turn off
Exchange Online basic auth in January. (to
the original material)
- Google Ad fraud campaign
used adult content to make millions. (to
the original material)
- Hackers bombard PyPi
platform with information-stealing malware. (to
the original material)
- Raspberry Robin worm
drops fake malware to confuse researchers. (to
the original material)
- Practical tips to save
the energy used by your electronic devices. (to
the original material)
- Threat Spotlight: XLLing
in Excel - threat actors using malicious add-ins. (to
the original material)
- Fake jQuery Domain
Redirects Site Visitors to Scam Pages. (to
the original material)
- Organizations Warned of
New Attack Vector in Amazon Web Services. (to
the original material)
19.12.2022
- News
from cyber security.
- Microsoft Vulnerability Upgraded to Critical Due to RCE Risk. (to the original material)
- Vulnerability Summary for
the Week of December 12, 2022. (to
the original material)
- OPWNAI: AI that can save
the day or hack it away. (to
the original material)
- 19th December – Threat
intelligence report. (to
the original material)
- How to set up parental
controls on your child’s new smartphone. (to
the original material)
- Ransomware Groups to
Increase Zero-Day Exploit-Based Access Methods in the
Future. (to
the original material)
- Meta Takes Down Over 200
Covert Influence Operations Since 2017. (to
the original material)
- Mobile App Users at Risk
as API Keys of Email Marketing Services Exposed. (to
the original material)
- NIST to Scrap SHA-1
Algorithm by 2030. (to
the original material)
- API Vulnerabilities
Discovered in LEGO Marketplace. (to
the original material)
- Old vulnerabilities in
Cisco products actively exploited in the wild. (to
the original material)
- Experts spotted a variant
of the Agenda Ransomware written in Rust. (to
the original material)
- US Gov warns of BEC
attacks to hijack shipments of food products. (to
the original material)
- Glupteba botnet is back
after Google disrupted it in December 2021. (to
the original material)
- EFF Receives $250k Grant
from Craig Newmark Philanthropies. (to
the original material)
- No Nudity Allowed:
Censoring Naked Yoga. (to
the original material)
- Zscaler becomes a member
of the Joint Cyber Defense Collaborative. (to
the original material)
- Average cost of a data
breach expected to hit $5 million in 2023. (to
the original material)
- How to strengthen your
multi-cloud security posture. (to
the original material)
- Four critical steps for
CI/CD (continuous integration/continuous delivery) security.
(to
the original material)
- Microsoft Vulnerability Upgraded to Critical Due to RCE Risk. (to the original material)
- Phishing Targets
Ukrainian Battlefield Awareness Tool Users. (to
the original material)
- Chinese Hackers Exploit
Citrix Vulnerabilities. (to
the original material)
- Healthcare: Essential
Defenses for Combating Ransomware. (to
the original material)
- Opswat CEO on the
Malware Crippling Critical Infrastructure. (to
the original material)
- Dave Merkel on Why MDR
Firm Expel Sought More Money in 2022. (to
the original material)
- UID (User
ID) smuggling: A new technique for tracking users
online. (to
the original material)
- Open source
vulnerabilities add to security debt. (to
the original material)
- 85% of attacks now use
encrypted channels. (to
the original material)
- 5 cybersecurity trends
accelerating in 2023. (to
the original material)
- Play ransomware claims
attack on German hotel chain H-Hotels. (to
the original material)
- Microsoft finds macOS
bug that lets malware bypass security checks. (to
the original material)
- DraftKings warns data
of 67K people was exposed in account hacks. (to
the original material)
- Ukraine's DELTA
military system users targeted by info-stealing malware. (to
the original material)
- Malicious ‘SentinelOne’
PyPI package steals data from developers. (to
the original material)
- Epic Games to pay $520
million for privacy violations, dark patterns. (to
the original material)
- Bitdefender achieves
top score in AV-Comparatives 2022 "Protection against
advanced threats" test. (to
the original material)
- Don't let criminals
steal your holiday cheer!. (to
the original material)
- Top cyber threats that
targeted Mac users in 2022. (to
the original material)
- 19th December – Threat
Intelligence Report. (to
the original material)
- New Supply Chain Attack
Uses Python Package Index “aioconsol”. (to
the original material)
18.12.2022
- News
from cyber security.
- Security Affairs
newsletter Round 398 by Pierluigi Paganini. (to
the original material)
- Google announced
end-to-end encryption for Gmail web. (to
the original material)
- Fire and rescue service
in Victoria, Australia, confirms cyber attack. (to
the original material)
- Week in review: Citrix
and Fortinet RCEs, Microsoft fixes exploited zero-day. (to
the original material)
- Restaurant CRM platform
‘SevenRooms’ confirms breach after data for sale. (to
the original material)
- T-Mobile hacker gets 10
years for $25 million phone unlock scheme. (to
the original material)
17.12.2022
- News
from cyber security.
- Samba addressed
multiple high-severity vulnerabilities. (to
the original material)
- Co-Founder of OneCoin
Cryptocurrency Scam Pleads Guilty. (to
the original material)
- Glupteba malware is back
in action after Google disruption. (to
the original material)
- Google introduces
end-to-end encryption for Gmail on the web. (to
the original material)
16.12.2022
- News
from cyber security.
- Samba Releases Security
Updates. (to
the original material)
- FBI, FDA OCI, and USDA
Release Joint Cybersecurity Advisory Regarding Business
Email Compromise (BEC) Schemes Used to Steal Food. (to
the original material)
- In Search for the Best
Security Architecture. (to
the original material)
- MirrorFace aims for
high‑value targets in Japan – Week in security with Tony
Anscombe. (to
the original material)
- Help! My kid has asked
Santa for a smartphone. (to
he original material)
- Agenda Ransomware
Switches to Rust to Attack Critical Infrastructure. (to
the original material)
- Meta's Bug Bounty Program
Shows $2m Awarded in 2022. (to
the original material)
- Social Blade Confirms
Data Breach Exposing PII on the Dark Web. (to
the original material)
- Two-Thirds of Security
Pros Have Burnt Out in Past Year. (to
the original material)
- Former Twitter Employee
Gets 42 Months for Saudi Scheme. (to
the original material)
- OECD Signs "Landmark"
Privacy Agreement. (to
the original material)
- Former Twitter employee
sentenced to 3.5 years in jail for spying on behalf of Saudi
Arabia. (to
the original material)
- Social Blade discloses
security breach. (to
the original material)
- Data of 5.7M Gemini users
available for sale on hacking forums. (to
the original material)
- CISA adds Veeam Backup
and Replication bugs to Known Exploited Vulnerabilities
Catalog. (to
the original material)
- MCCrash botnet targets
private Minecraft servers, Microsoft warns. (to
the original material)
- Microsoft revised
CVE-2022-37958 severity due to its broader scope. (to
the original material)
- Looking Forward and Back
at the California State Legislature. (to
the original material)
- Federal Agencies Keep
Rejecting FOIA (Freedom of Information Act) Requests for
Their Procedures for Handling FOIA Requests. (to
the original material)
- All public GitHub
repositories will have free secret scanning by February
2023. (to
the original material)
- DarkTortilla malware
spreads on phishing sites masquerading as legitimate
domains. (to
the original material)
- Meta has removed over 200
influence operations, raises bug bounty payouts. (to
the original material)
- Three principles ethical
hackers can adopt as a code of conduct. (to
the original material)
- IronNet Nearly Insolvent;
Board to Probe Claims of Deception. (to
the original material)
- Subcontractor Breach
Affects 245K Medicare Beneficiaries. (to
the original material)
- How CISOs Can Guard
Against Their Own Liability. (to
the original material)
- Synack CEO Jay Kaplan on
Doing Adversarial Pen Tests of APIs. (to
the original material)
- ISMG Editors: Payments
Special. (to
the original material)
- 2023: Addressing the
CISO's Many Challenges. (to
the original material)
- Rising Above the
Cybersecurity Poverty Line. (to
the original material)
- New infosec products of
the week: December 16, 2022. (to
the original material)
- Executives take more
cybersecurity risks than office workers. (to
the original material)
- The Week in Ransomware -
December 16th 2022 - Losing Trust. (to
the original material)
- Colombian energy supplier
EPM hit by BlackCat ransomware attack. (to
the original material)
- FBI warns that BEC
attacks now also target food shipments. (to
the original material)
- Woman gets 66 months in
prison for role in $3.3 million ID fraud op. (to
the original material)
- Microsoft warns of new
Minecraft DDoS malware infecting Windows, Linux. (to
the original material)
15.12.2022
- News
from cyber security.
- Cybersecurity news of the
week (15.12.2022). (to
the original material)
- CISA Releases Forty-One
Industrial Control Systems Advisories. (to
the original material)
- Drupal Releases Security
Updates to Address Vulnerabilities in H5P and File (Field)
Paths. (to
th original material)
- CISA Consolidates Twitter
Accounts. (to
the original material)
- Traveling for the
holidays? Stay cyber‑safe with these tips. (to
the original material)
- Senate Approves Bill
Banning TikTok From US Government Devices. (to
the original material)
- NSA, CISA Warn
Against Threats to 5G Network Slicing. (to
the original material)
- Loan Scam Campaign
'MoneyMonger' Exploits Flutter to Hide Malware. (to
the original material)
- Feds Hit DDoS-for-Hire
Services with 48 Domain Seizures. (to
the original material)
- Over 85% of Attacks Hide
in Encrypted Channels. (to
the original material)
- Platforms Flooded with
144,000 Phishing Packages. (to
the original material)
- Chinese MirrorFace APT
group targets Japanese political entities. (to
the original material)
- Database of the FBI’s
InfraGard US Critical Infrastructure Intelligence portal
available for sale. (to
the original material)
- FBI seized 48 domains
linked to DDoS-for-Hire service platforms. (to
the original material)
- Crooks use HTML smuggling
to spread QBot malware via SVG files. (to
the original material)
- Dangerous "Kids Online
Safety Act" Does Not Belong in Must-Pass Legislation. (to
the original material)
- Only A Few More Weeks
Left to Support EFF Through The CFC (Combined Federal
Campaign)! (to
the original material)
- IBM to work with
nonprofit on cloud security framework for financial
services. (to
the original material)
- Strata Identity and HYPR
push closer to a passwordless future. (to
the original material)
- MDR (Managed
Detection and Response) and the importance
of shared responsibility: An SC eBook preview. (to
the original material)
- Think of cyber insurance
as a strategic business decision. (to
the original material)
- Australian Telecom Giant
TPG Discloses Email Hack. (to
the original material)
- Medical Practice Pays
$20K to Settle 'Right of Access' Case. (to
the original material)
- US Prosecutors Charge 6
With Offering DDoS for Sale. (to
the original material)
- New AI Bot Could Take
Phishing, Malware to a Whole New Level. (to
the original material)
- Will Third-Party App
Stores Play With Apple's Walled Garden? (to
the original material)
- X5 Firewall Practices to
Prevent a Data Breach. (to
the original material)
- Palo Alto's Biggest Bets
Around AppSec, SecOps, SASE & Cloud. (to
the original material)
- Next-Gen Cyber Targets:
Satellites and Communication. (to
the original material)
- Top 5 Tips for Choosing
Endpoint Security. (to
the original material)
- Planning for Prolonged
Regional Medical Device Outages. (to
the original material)
- Prosecutors Accuse FTX's
Founder of Crypto-Based 'Deception'. (to
the original material)
- Palo Alto Founder Nir Zuk
on Making the SOC More Autonomous. (to
the original material)
- Palo Alto's BJ Jenkins on
Changing Cloud Needs for Customers. (to
the original material)
- Product showcase:
Searchable encryption in Elasticsearch and OpenSearch with
IronCore Labs. (to
the original material)
- Distractions at work can
have serious cybersecurity implications. (to
the original material)
- As legislation evolves,
businesses need a firm understanding of secure payment
options. (to
the original material)
- FuboTV says World Cup
streaming outage caused by a cyberattack. (to
the original material)
- Hackers leak personal
info allegedly stolen from 5.7M Gemini users. (to
the original material)
- GitHub to require all
users to enable 2FA by the end of 2023. (to
the original material)
- Phishing attack uses
Facebook posts to evade email security. (to
the original material)
- Ukrainian govt networks
breached via trojanized Windows 10 installers. (to
the original material)
- Social Blade confirms
breach after hacker posts stolen user data. (to
the original material)
- How Gcore uses regular
expressions to block DDoS attacks. (to
the original material)
- LEGO BrickLink bugs let
hackers hijack accounts, breach servers. (to
the original material)
- Hackers target Japanese
politicians with new MirrorStealer malware. (to
the original material)
- Backdoor Targets FreePBX
Asterisk Management Portal. (to
the original material)
14.12.2022
- News
from cyber security.
- Romania has adopted a law
prohibiting the purchase and use, by public authorities, of
cyber security software products and services from the
Russian Federation. (to
the original material)
- CISA Adds One Known
Exploited Vulnerability to Catalog. (to
the original material)
- Unmasking MirrorFace:
Operation LiberalFace targeting Japanese political entities.
(to
the original material)
- Signed Microsoft Drivers
Used in Attacks Against Businesses. (to
the original material)
- AgentTesla Remains Most
Prolific Malware in November, Emotet and Qbot Grow. (to
the original material)
- Apple Fixes Actively
Exploited iPhone Zero-Day Vulnerability. (to
the original material)
- New Google Tool Helps
Devs Root Out Open Source Bugs. (to
the original material)
- Loan Fee Fraud Surges by
a Fifth as Christmas Approaches. (to
the original material)
- Two Zero-Days Fixed in
December Patch Tuesday. (to
the original material)
- GoTrim botnet actively
brute forces WordPress and OpenCart sites. (to
the original material)
- December 2022 Patch
Tuesday fixed 2 zero-day flaws. (to
the original material)
- Apple fixed the tenth
actively exploited zero-day this year. (to
the original material)
- 3.5m IP cameras exposed,
with US in the lead. (to
the original material)
- VMware fixed critical VM
Escape bug demonstrated at Geekpwn hacking contest. (to
the original material)
- Citrix and NSA urge
admins to fix actively exploited zero-day in Citrix ADC and
Gateway. (to
the original material)
- EFF Agrees With the NLRB
(National Labor Relations Board): Workers Need Protection
Against Bossware. (to
the original material)
- Digital Rights Updates
with EFFector 34.6. (to
the original material)
- Stellar Cyber integrates
with Deep Instinct’s deep learning technology. (to
the original material)
- Microsoft blocks threat
actors that obtained signed drivers to deploy ransomware. (to
the original material)
- CloudBolt says survey of
IT leaders show a need for greater maturity, security in
cloud environments. (to
the original material)
- Netskope to offer Cloud
Exchange platform as a managed service. (to
the original material)
- Scanning assets in the
cloud: Challenges and improvements to make. (to
the original material)
- Counter insider risks by
taking security out to the edge. (to
the original material)
- Hacker Reportedly
Breaches US FBI Cybersecurity Forum. (to
the original material)
- Dental Practice Hit With
HIPAA Fine for Posting PHI on Yelp. (to
the original material)
- Microsoft Patches
Zero-Day Magniber Ransomware Hackers Used. (to
the original material)
- How Criminals Extort
Healthcare Victims With Ransomware. (to
the original material)
- Zero Trust: How to Know
What Your Crown Jewels Are. (to
the original material)
- Palo Alto CEO: 'SIEM (Security
Intelligence and Extended Management) Needs
to Be Eliminated and Replaced'. (to
the original material)
- Nikesh Arora on Palo
Alto's Approach to Supply Chain Defense. (to
the original material)
- Assessing Cyber Risk,
Maturity in Healthcare M&As. (to
the original material)
- Combating Ransomware
Attacks: Which Strategies Hold Promise? (to
the original material)
- OSV-Scanner: A free
vulnerability scanner for open-source software. (to
the original material)
- Nosey Parker: Find
sensitive information in textual data and Git history. (to
the original material)
- What CISOs consider when
building up security resilience. (to
the original material)
- FBI seized domains linked
to 48 DDoS-for-hire service platforms. (to
the original material)
- Attackers use SVG files
to smuggle QBot malware onto Windows systems. (to
the original material)
- Microsoft patches Windows
zero-day used to drop ransomware. (to
the original material)
- VMware fixes critical
ESXi and vRealize security flaws. (to
the original material)
- NSA shares tips on
mitigating 5G network slicing threats. (to
the original material)
- The Dark Web is Getting
Darker - Ransomware Thrives on Illegal Markets. (to
the original material)
- Open-source repositories
flooded by 144,000 phishing packages. (to
the original material)
13.12.2022
- News
from cyber security.
- Is the EU Healthcare
Sector Cyber Healthy? The Conclusions of Cyber Europe 2022.
(to
the original material)
- Apple Releases Security
Updates for Multiple Products. (to
the original material)
- Microsoft Releases
December 2022 Security Updates. (to
the original material)
- CISA Updates Advisory on
#StopRansomware: Cuba Ransomware. (to
the original material)
- Citrix Releases Security
Updates for Citrix ADC, Citrix Gateway. (to
the original material)
- Mozilla Releases Security
Updates for Thunderbird and Firefox. (to
the original material)
- VMware Releases Security
Updates for Multiple products. (to
the original material)
- CISA Adds Five Known
Exploited Vulnerabilities to Catalog. (to
the original material)
- NSA, CISA, and ODNI
Release Guidance on Potential Threats to 5G Network Slicing.
(to
the original material)
- CISA Releases Three
Industrial Control Systems Advisories. (to
the original material)
- November 2022’s Most
Wanted Malware: A Month of Comebacks for Trojans as Emotet
and Qbot Make an Impact. (to
the original material)
- Top tips for security‑
and privacy‑enhancing holiday gifts. (to
the original material)
- Twitter Addresses
November Data Leak Claims. (to
the original material)
- California Hit By
Cyber-Attack, LockBit Claims Responsibility. (to
the original material)
- Uber Hit By New Data
Breach After Attack on Third-Party Vendor. (to
the original material)
- Experts Warn ChatGPT
Could Democratize Cybercrime. (to
the original material)
- Aussie Data Breaches
Surge 489% in Q4 2022. (to
the original material)
- Security Overlooked in
Rush to Hybrid Working. (to
the original material)
- Lockbit ransomware gang
hacked California Department of Finance. (to
the original material)
- Experts detailed a
previously undetected VMware ESXi backdoor. (to
the original material)
- Twitter says recently
leaked user data are from 2021 breach. (to
the original material)
- Letter to the UN Ad Hoc
Committee. (to
the original material)
- Executives are four times
more likely to be victims of phishing than workers. (to
the original material)
- Host Todd Fitzgerald
reflects on 100 episodes of the CISO Stories podcast. (to
the original material)
- One year after Log4Shell,
trouble remains…but here are five reasons for optimism. (to
the original material)
- Sam Bankman-Fried's
Terrible, Horrible, Very Bad Day. (to
the original material)
- DNS Is Conduit Into
Air-Gapped Networks, Say Researchers. (to
the original material)
- LockBit 3.0 Ransomware
Threatens Health Sector, Feds Warn. (to
the original material)
- Irish Healthcare
Ransomware Hack Cost Over 80 Million Euros. (to
the original material)
- Skyhigh Security CEO on
Taking a Data-First Approach to SSE. (to
the original material)
- Ngrok Raises $50M to
Drive App Authentication, Observability. (to
the original material)
- Embattled FTX Founder Sam
Bankman-Fried Arrested in Bahamas. (to
the original material)
- New Approaches to Solve
the Age-Old AML Problem. (to
the original material)
- Microsoft fixes exploited
zero-day, revokes certificate used to sign malicious drivers
(CVE-2022-44698). (to
the original material)
- State-sponsored attackers
actively exploiting RCE in Citrix devices, patch ASAP!
(CVE-2022-27518). (to
the original material)
- Critical FortiOS pre-auth
RCE vulnerability exploited by attackers (CVE-2022-42475). (to
the original material)
- 24% of technology
applications contain high-risk security flaws. (to
the original material)
- Privacy concerns are
limiting data usage abilities. (to
the original material)
- eBook: 4 ways to secure
passwords, avoid corporate account takeover. (to
the original material)
- Microsoft-signed
malicious Windows drivers used in ransomware attacks. (to
the original material)
- LockBit claims attack on
California's Department of Finance. (to
the original material)
- Apple security update
fixes new iOS zero-day used to hack iPhones. (to
the original material)
- Microsoft December 2022
Patch Tuesday fixes 2 zero-days, 49 flaws. (to
the original material)
- Google releases dev tool
to list vulnerabilities in project dependencies. (to
the original material)
- New GoTrim botnet brute
forces WordPress site admin accounts. (to
the original material)
- Hackers exploit critical
Citrix ADC and Gateway zero day, patch now. (to
the original material)
- Amazon ECR Public Gallery
flaw could have wiped or poisoned any image. (to
the original material)
- Input Validation for
Website Security. (to
the original material)
12.12.2022
- News
from cyber security.
- Fortinet Releases
Security Updates for FortiOS. (to
the original material)
- Vulnerability Summary for
the Week of December 5, 2022. (to
the original material)
- Pulling the curtains on
Azov ransomware: Not a skidsware but polymorphic wiper. (to
the original material)
- 12th December – Threat
intelligence report. (to
the original material)
- Open banking: What online
banking says about virtual shopper behavior. (to
the original material)
- Cybersecurity Trends
2023: Securing our hybrid lives. (to
the original material)
- HSE (Irish Health Service
Executive) Cyber-Attack Costs Ireland $83m So Far. (to
the original material)
- Chaos RAT Used to Enhance
Linux Cryptomining Attacks. (to
the original material)
- Royal Ransomware Targets
US Healthcare. (to
the original material)
- Transitive Dependencies
Account for 95% of Bugs. (to
the original material)
- North Korean Hackers
Impersonate Researchers to Steal Intel. (to
the original material)
- Researchers Find 63
Zero-Day Bugs at Latest Pwn2Own. (to
the original material)
- Fortinet urges customers
to fix actively exploited FortiOS SSL-VPN bug. (to
the original material)
- Indian foreign ministry’s
Global Pravasi Rishta portal leaks expat passport details. (to
the original material)
- Cryptomining campaign
targets Linux systems with Go-based CHAOS Malware. (to
the original material)
- Evilnum group targets
legal entities with a new Janicab variant. (to
the original material)
- TrueBot infections were
observed in Clop ransomware attacks. (to
the original material)
- EFF to Court: No
Qualified Immunity for Wrongful Arrest of Independent
Journalists. (to
the original material)
- Praetorian ‘open-sources’
its Nosey Parker secret scanning tool. (to
the original material)
- Cloudflare’s zero-trust
tools available free to public interest sites, nonprofits. (to
the original material)
- Government of Vanuatu
offline since early November in suspected ransomware attack.
(to
the original material)
- How MDR can improve
threat hunting: An SC eBook preview. (to
the original material)
- How to get truly
offensive with pen tests. (to
the original material)
- Uber Says Third Party
Responsible for Latest Breach. (to
the original material)
- Feds Clarify Mobile
Health App Privacy, Security Reg Issues. (to
the original material)
- Hydra Aftermath: Where Do
Criminals Lurk Now? (to
the original material)
- CommonSpirit Ransomware
Breach Affects About 624,000 Individuals So Far. (to
the original material)
- Royal Ransomware Hitting
Healthcare Targets and Dumping Data. (to
the original material)
- Vulnerability with public
PoC affects Cisco IP phones, fix unavailable
(CVE-2022-20968). (to
the original material)
- Product showcase: The
Intruder vulnerability management platform. (to
the original material)
- Most startups have cyber
insurance but are uncertain about how much risk is covered.
(to
the original material)
- Security is no longer an
internal affair. (to
the original material)
- Play ransomware claims
attack on Belgium city of Antwerp. (to
the original material)
- New Python malware
backdoors VMware ESXi servers for remote access. (to
the original material)
- Twitter confirms recent
user data leak is from 2021 breach. (to
the original material)
- Uber suffers new data
breach after attack on vendor, info leaked online. (to
the original material)
- Fortinet says SSL-VPN
pre-auth RCE bug is exploited in attacks. (to
the original material)
- Cloudflare's Zero Trust
suite now available for free to at-risk groups. (to
the original material)
11.12.2022
- News
from cyber security.
- From disruption to
destruction- Azov Ransomware presents a new shift towards
destructive wipers. (to
the original material)
- Pwn2Own Toronto 2022 Day
4: $989K awarded for 63 unique zero-days. (to
the original material)
- Security Affairs
newsletter Round 397. (to
the original material)
- MuddyWater APT group is
back with updated TTPs. (to
the original material)
- Australian Telecom Firm
Leaks Data of 130,000 Customers. (to
the original material)
- Week in review: Rackspace
outage, Kali Linux 2022.4 released, Patch Tuesday forecast.
(to
the original material)
- Clop ransomware uses
TrueBot malware for access to networks. (to
the original material)
10.12.2022 - News from cyber security.
- At least 4,460 vulnerable
Pulse Connect Secure hosts are exposed to the Internet. (to
the original material)
- At least 4,460 vulnerable
Pulse Connect Secure hosts are exposed to the Internet. (to
the original material)
- US HHS warns healthcare
orgs of Royal Ransomware attacks. (to
the original material)
- Rackspace Warns of
Phishing Attempts Post-Ransomware. (to
the original material)
- Air-gapped PCs vulnerable
to data theft via power supply radiation. (to
the original material)
- Hackers earn $989,750 for
63 zero-days exploited at Pwn2Own Toronto. (to
the original material)
09.12.2022 - News from cyber security.
- Cisco Releases Security
Advisory for IP Phone 7800 and 8800 Series. (to
the original material)
- Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns. (to the original material)
- US Dept of Health warns of ‘increased’ Royal ransomware attacks on hospitals. (to the original material)
- Local governments allegedly targeted with Iranian ‘Drokbk’ malware through Log4j vulnerability. (to the original material)
- Cisco discloses high-severity flaw impacting IP Phone 7800 and 8800 Series. (to the original material)
- Experts devised a technique to bypass web application firewalls (WAF) of several vendors. (to the original material)
- Cloud Atlas targets
entities in Russia and Belarus amid the ongoing war in
Ukraine. (to
the original material)
- Check Point CloudGuard
Spectral exposes new obfuscation techniques for malicious
packages on PyPi. (to
the original material)
- Truebot Malware Activity
Increases With Possible Evil Corp Connections. (to
the original material)
- BEC Attacks Expand Beyond
Email and Toward Mobile Devices. (to
the original material)
- Cobalt Mirage Affiliate
Uses GitHub to Relay Drokbk Malware Instructions. (to
the original material)
- Software Supply Chain
Attacks Leveraging Open-Sources Repos Growing. (to
the original material)
- #BHEU: UK Government
Calls for Industry Input on its Cybersecurity Strategy. (to
the original material)
- Government to Fund
Security Studies for Hundreds of Students. (to
the original material)
- Security Concerns Scupper
Deals for Two-Thirds of Firms. (to
the original material)
- Government Sets Out New
Rules to Enhance App Security. (to
the original material)
- Attackers lure victims to
click on fake invoice to bypass Microsoft Office 365 email
security. (to
the original material)
- Truebot malware linked to
Evil Corp shifts tactics to exploit RCEs, USBs. (to
the original material)
- North Korean threat group
exploiting Internet Explorer zero-day. (to
the original material)
- The road to CNAPP
(cloud-native app protection platform): Key steps to take on
the path to deployment. (to
the original material)
- How HTTP security headers
can help harden web applications. (to
the original material)
- How to develop your
security team, even when you have no resources. (to
the original material)
- What companies can do to
lower cyber insurance costs. (to
the original material)
- Australia Aims to Be
World's 'Most Cyber-Secure' Country. (to
the original material)
- Claroty CEO Yaniv Vardi
on the Need to Guard Medical Devices. (to
the original material)
- US Law Enforcement
Arrests 4 for Business Email Compromise (BEC). (to
the original material)
- ISMG Editors: How Will
the Role of CISO Evolve in 2023? (to
the original material)
- UK Government Rolls Out
Security Guidance for Mobile Apps. (to
the original material)
- Avoiding Roadblocks on
the Path to Cybersecurity Maturity. (to
the original material)
- Ransomware-Wielding
Criminals Increasingly Hit Healthcare. (to
the original material)
- A Plan to Address Future
Healthcare Cyber Challenges. (to
the original material)
08.12.2022 - News from cyber security.
- Cybersecurity news of the
week (08.12.2022). (to
the original material)
- Victory! Judge’s Critical Investigation of Patent Troll Companies Can Move Forward. (to the original material)
- How to Securely Shop With Your Credit Card: Use a Virtual Card & Check for Skimmers. (to the original material)
- Metropolitan Opera dealing with cyberattack that shut down website, box office. (to the original material)
- 67 percent of companies lose business deals over security strategy concerns. (to the original material)
- 62 percent of companies say cybersecurity incidents have impacted their operations. (to the original material)
- CommonSpirit Health ransomware attack exposed data of 623,000 patients. (to the original material)
- US Sues TikTok Over Child
Safety and Data Security Claims. (to
the original material)
- Iranian APT Agrius
Targets Diamond Industry Worldwide With Fantasy Wiper. (to
the original material)
- Apple Introduces New Data
Protections to Increase Cloud Security. (to
the original material)
- #BHEU: Time for Cyber
Pros to Shape the Industry’s Future. (to
the original material)
- Pet Dog Unmasks Drug
Trafficker on Encrypted Chat. (to
the original material)
- Investment Fraud Gang May
Have Made $500m. (to
the original material)
- Cyber-criminals Scammed
Each Other Out of Millions in 2022. (to
the original material)
- Vonage adds Salesforce
encryption to its contact center. (to
the original material)
- Business email compromise
attacks going mobile via SMS and social media apps. (to
the original material)
- Three cloud security
lessons learned in 2022 – and the path forward. (to
the original material)
- Hive Ransomware Group
Leaks Data From European Retailer. (to
the original material)
- Report: Outsourced HR
Firm Sequoia One Undergoes Data Breach. (to
the original material)
- Mobile Security Vendor
Approov Hires New CEO to Expand in US. (to
the original material)
- Akamai CEO on How
Guardicore Prevents the Spread of Malware. (to
the original material)
- One Brooklyn Health Not
Over November Cyber Incident. (to
the original material)
- Protecting Healthcare
Against Ransomware: Essential Defenses. (to
the original material)
- Novel Botnet Dubbed
'Zerobot' Targets Slew of IoT Devices. (to
the original material)
- Cybersecurity Pros: Fresh
Challenges Face 'Next Generation'. (to
the original material)
- Ransomware Defense:
Common Mistakes to Avoid. (to
the original material)
07.12.2022 - News from cyber security.
- VICTORY! Apple Commits to
Encrypting iCloud, Drops Phone-Scanning Plans. (to
the original material)
- DC Circuit Evades Important Questions in Disappointing Ruling on Section 1201 of the DMCA. (to the original material)
- OpenSSL punycode – with
hindsight; The real scare that happened right after
Halloween. (to
the original material)
- Microsoft Warns
Cryptocurrency Firms Against Complex Cyber-Attacks. (to
the original material)
- NZ Privacy Commissioner
Investigates Mercury IT Ransomware Attack. (to
the original material)
- Security Risks Found in
Millions of XIoT Devices. (to
the original material)
- FFT (Fraudulent
Funds Transfer) and Ransomware Represent Over
Half of Cyber Insurance Claims in 2022. (to
the original material)
- UK Government Department
Using Unsupported Applications, Reveals Watchdog. (to
the original material)
- ICO Fines Rogue Nuisance
Callers £500,000. (to
the original material)
- Russia's VTB Bank Suffers
its Biggest Ever DDoS. (to
the original material)
- Supply Chain Web Skimming
Attacks Hit Dozens of Sites. (to
the original material)
- Piiano Vault aims to help
developers safely store and use PII while building cloud
apps. (to
the original material)
- More than two-thirds of
data leaders plan to invest in a data privacy solution in
the next year. (to
the original material)
- Microsoft warns that
Russian cyberattacks may extend beyond Ukraine. (to
the original material)
- How big data analytics
offer fast, accurate DDoS detection. (to
the original material)
- CloudSEK Pins Blame for
Hack on Other Cybersecurity Firm. (to
the original material)
- North Korean Hackers Look
to Internet Explorer Zero Days. (to
the original material)
- A Look Ahead: Troy
Leach's Predictions and Trends for 2023. (to
the original material)
- CommonSpirit: Patients'
Data Breached in Ransomware Attack. (to
the original material)
- Apple to Enable
End-to-End Encryption of iCloud Backups. (to
the original material)
- Dean Sysman on How
Axonius Does Asset Management Differently. (to
the original material)
- Legacy Apps at UK Agency
Create Cyber Risk, Warns Watchdog. (to
the original material)
- As Complexity Challenges
Security, Is Time the Solution? (to
the original material)
- Social Engineering
Hackers Use Excel to Target Crypto VIPs. (to
the original material)
06.12.2022 - News from cyber security.
- Network Usage Fees Will
Harm European Consumers and Businesses. (to
the original material)
- The Supreme Court Must Protect Internet Users’ Rights to Access Controversial Information Online. (to the original material)
- A flaw in the connected vehicle service SiriusXM allows remote car hacking. (to the original material)
- Kali Linux 2022.4 released: Kali NetHunter Pro, desktop updates and new tools. (to the original material)
- Integration, legacy tech and lack of skills prevent implementation of security solutions. (to the original material)
- How hackers make NFTs
disappear. (to
the original material)
- China-Based Hackers
Target Amnesty International Canada. (to
the original material)
- Christmas Warning: Threat
Actors Impersonate your Favorite Brands to Attack, Finds CSC
(Corporation Service Company). (to
the original material)
- Swiss Government Wants to
Implement Mandatory Duty to Report Cyber-Attacks. (to
the original material)
- Threat Actors Use
Malicious File Systems to Scale Crypto-Mining Operations. (to
the original material)
- Gen Z Internet Users
"Normalize" Cybercrime - Report. (to
the original material)
- Russian Hackers Use
Western Networks to Attack Ukraine. (to
the original material)
- Prolific Chinese Hackers
Stole US COVID funds. (to
the original material)
- Vast majority of xIoT
devices out of compliance with industry best practices. (to
the original material)
- Rackspace confirms email
outage was from a ransomware attack. (to
the original material)
- As the cloud evolves,
CISOs rely on the service mesh to secure their Kubernetes
projects. (to
the original material)
- Ransomware Attack in New
Zealand Has Cascading Effects. (to
the original material)
- Aqua CEO on Why
Cloud-Native Apps Need Supply Chain Security. (to
the original material)
- How Deepfakes and
Misinformation Attacks Threaten Healthcare. (to
the original material)
- Rackspace Confirms
Exchange Outage Caused by Ransomware. (to
the original material)
- US Prosecutors Unspool
xDedic Criminal Marketplace Cases. (to
the original material)
05.12.2022
- News
from cyber security.
- Scams related to major events like FIFA World Cup 2022: Watch out for fake lotteries, ticket fraud and other scams. (to the original material)
- Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web. (to the original material)
- Severe AMI MegaRAC flaws impact servers from AMD, ARM, HPE, Dell, others. (to the original material)
- CISA Adds One Known
Exploited Vulnerability to Catalog. (to
the original material)
- Scams related to major events like FIFA World Cup 2022: Watch out for fake lotteries, ticket fraud and other scams. (to the original material)
- Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web. (to the original material)
- Severe AMI MegaRAC flaws impact servers from AMD, ARM, HPE, Dell, others. (to the original material)
- 5th December – Threat
intelligence report. (to
the original material)
- Rackspace Admits Security
Incident, Helps Customers Migrate to Microsoft 365 Accounts.
(to
the original material)
- 'Team Mysterious
Bangladesh' Hackers Target Indian Education Entity. (to
the original material)
- Cyber Extortion Growing
Exponentially in Africa, Middle East and China, Finds
Orange. (to
the original material)
- Google Releases Chrome
Emergency Fix For Ninth Zero-Day This Year. (to
the original material)
- Manufacturers Struggle to
Manage Cyber-Threats from New Tech Deployments. (to
the original material)
- Digital Giant ABB to Pay
$315m in Bribery Case. (to
the original material)
- Microsoft: Beware Russian
Winter Cyber-Offensive. (to
the original material)
- French Hospital Halts
Operations After Cyber-Attack. (to
the original material)
- New Magecart campaign
said to target at least 44 e-commerce sites. (to
the original material)
- Deloitte and AWS launch a
fund focused on collaborative industry cloud solutions. (to
the original material)
- November was the second
busiest month for ransomware attacks this year. (to
the original material)
- What MDR is (and what
it’s not): An SC eBook preview. (to
the original material)
- Three ways to break the
blame culture on security teams. (to
the original material)
- Snyk's Iain Rose on How
to Secure Cloud-Native Environments. (to
the original material)
- Microsoft Warns of
Growing Russian Digital Threats to Europe. (to
the original material)
- Fresh CryWiper Wiper
Malware Aims to Destroy Russian Data. (to
the original material)
- Hacked French Hospital
Suspends Emergency Operations. (to
the original material)
- How to Predict New
Account Risk. (to
the original material)
- Beware of Your Medical
Partners, Suppliers: Breaches Up 102%. (to
the original material)
- A Look Ahead: David
Pollino on Evolution of the CISO Role. (to
the original material)
- Rackspace Hosted Exchange
Still Offline Over Security Issue. (to
the original material)
04.12.2022 - News from cyber security.
- Law enforcement agencies
can extract data from thousands of cars’ infotainment
systems. (to
the original material)
- New CryWiper wiper targets Russian entities masquerading as a ransomware. (to the original material)
- Week in review: Log4Shell lingers, NIS2 directive adopted, LastPass breached (again). (to the original material)
- OneSpan CEO on Joining
Identity Verification and e-Signature. (to
the original material)
- New Zealand Health
Insurer Investigates IT Provider Hack. (to
the original material)
- Top Cybersecurity
Challenges Facing Healthcare Providers. (to
the original material)
03.12.2022 - News from cyber security.
- Google fixed the ninth
actively exploited Chrome zeroday this year. (to
the original material)
- A new Linux flaw can be chained with other two bugs to gain full root privileges. (to the original material)
- SIM swapper gets 18-months for involvement in $22 million crypto heist. (to the original material)
- Hackers use new, fake crypto app to breach networks, steal cryptocurrency. (to the original material)
02.12.2022 - News from cyber security.
- This Judge’s
Investigation Of Patent Trolls Must Be Allowed to Move
Forward. (to
the original material)
- India Requires Internet Services to Collect and Store Vast Amount of Customer Data, Building a Path to Mass Surveillance. (to the original material)
- SIM-swapper gets 18 months, must pay back $20 million he stole from crypto investor. (to the original material)
- Spanish police arrest 55 people involved in wide-ranging cyberscam operation. (to the original material)
- More than 150 Oracle Access Management systems exposed to bug highlighted by CISA. (to the original material)
- Cuba Ransomware received over $60M in Ransom payments as of August 2022. (to the original material)
- Android Keyboard Apps with 2 Million downloads can remotely hack your device. (to the original material)
- All of Medibank’s stolen data leaked, Australia increases maximum penalties for data breaches. (to the original material)
- CI Fuzz CLI: Open-source tool to test Java apps for unexpected behaviors. (to the original material)
- Three Ways to Stay Cyber
Secure During the World Cup. (to
the original material)
- Google Increases Android
Security With Memory-Safe Programming Languages. (to
the original material)
- 'Black Proxies' Enable
Threat Actors to Conduct Malicious Activity. (to
the original material)
- Hackers Use Archive Files
and HTML Smuggling to Bypass Detection Tools. (to
the original material)
- Industry Coalition Urges
Congress to Hold off on SBOM (Software Bill
Of Materials) Requirements for Defense
Contractors. (to
the original material)
- NATO Launches Massive
Cyber-Defense Exercise. (to
the original material)
- Cuba Ransomware Actors
Pocket $60m. (to
the original material)
- Trojan Steals Facebook
Details from Over 300K Victims. (to
the original material)
- ‘Black Proxies’ use
187,000-plus IP addresses to launch credential stuffing
attacks. (to
the original material)
- LastPass cloud breach
involves ‘certain elements’ of customer information. (to
the original material)
- Five reasons why we can
expect a major cyberattack on a healthcare organization in
2023. (to
the original material)
- Cuba Ransomware Targeting
Critical Infrastructure, Feds Warn. (to
the original material)
- Pediatric EMR Vendor Hack
Affects 2.2 Million. (to
the original material)
- Tories: Firms Should Pay
More for Cybersecurity Regulation. (to
the original material)
- Clumio CEO on Why AWS S3
Buckets Pose a Giant Security Risk. (to
the original material)
- ISMG Editors: Twitter
Breach May Be Worse Than Advertised. (to
the original material)
- Hacked: What's the Next
Step for Web3 Companies? - Part 2. (to
the original material)
- Securing Federal
Government Contractors. (to
the original material)
- Use Obfuscation,
Monitoring and RASP (Runtime Application Self-Protection) to
Deepen DevSecOps. (to
the original material)
- Most Healthcare
Ransomware Hits Include Patient Data Theft. (to
the original material)
- No Pressure: Water
Utility Drips Alert 4 Months After Breach. (to
the original material)
01.12.2022
- News
from cyber security.
- International Coalition of Rights Groups Call on Internet Infrastructure Providers to Avoid Content Policing. (to the original material)
- The End of Facebook’s Dominance on Social Media? Who Will Seize The Crown, And What Does It Mean For Privacy? (to the original material)
- CISA: Cuba ransomware group has stolen $60 million from at least 100 organizations. (to the original material)
- Hackers accessed LastPass customer details using information stolen in August hack. (to the original material)
- British police ‘overwhelmed and ineffective’ at digital forensics, inspectorate report finds. (to the original material)
- Ransomware group may have stolen customer bank details from British water company. (to the original material)
- 3 of the Worst Data Breaches in the World That Could Have Been Prevented. (to the original material)
- North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea. (to the original material)
- Federal defense contractors are not properly securing military secrets. (to the original material)
- Security pros feel threat detection and response workloads have increased. (to the original material)
- Small business versus enterprise - what are the challenges around security? (to the original material)
- Dropbox is bringing end-to-end encryption to business users thanks to Boxcryptor acquisition. (to the original material)
- Samsung, LG, Mediatek certificates compromised to sign Android malware. (to the original material)
- Cybersecurity news of the
week (01.12.2022). (to
the original material)
- International Coalition of Rights Groups Call on Internet Infrastructure Providers to Avoid Content Policing. (to the original material)
- The End of Facebook’s Dominance on Social Media? Who Will Seize The Crown, And What Does It Mean For Privacy? (to the original material)
- CISA: Cuba ransomware group has stolen $60 million from at least 100 organizations. (to the original material)
- Hackers accessed LastPass customer details using information stolen in August hack. (to the original material)
- British police ‘overwhelmed and ineffective’ at digital forensics, inspectorate report finds. (to the original material)
- Ransomware group may have stolen customer bank details from British water company. (to the original material)
- 3 of the Worst Data Breaches in the World That Could Have Been Prevented. (to the original material)
- North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea. (to the original material)
- Federal defense contractors are not properly securing military secrets. (to the original material)
- Security pros feel threat detection and response workloads have increased. (to the original material)
- Small business versus enterprise - what are the challenges around security? (to the original material)
- Dropbox is bringing end-to-end encryption to business users thanks to Boxcryptor acquisition. (to the original material)
- Samsung, LG, Mediatek certificates compromised to sign Android malware. (to the original material)
- Is there a way for
healthcare providers to prevent cyber-attacks from
spreading? (to
the original material)
- Check Point Research
analyzes files on the Dark Web and finds millions of records
available. (to
the original material)
- Hackers Target Colombia's
Healthcare System With Ransomware. (to
the original material)
- Spyware Vendor Variston
Exploited N-Days in Chrome, Firefox, Windows. (to
the original material)
- WhatsApp Files on Dark
Web Show Millions of Records For Sale. (to
the original material)
- UK Extends NIS
Regulations to IT Managed Service Providers. (to
the original material)
- Eight Charged with $30m
Unemployment Benefits Fraud. (to
the original material)
- Researchers Accidentally
Crash Cryptomining Botnet. (to
the original material)
- LastPass Reveals Another
Customer Data Breach. (to
the original material)
- Archives overtake Office
formats as top file type for delivering malware. (to
the original material)
- Delinea CloudSuite
promises more granular privileged access management. (to
the original material)
- As the economy slows, the
need for security heightens. (to
the original material)
- Zscaler CEO: 'Uncertainty
Can Act as a Catalyst for Change'. (to
the original material)
- Medibank Hackers Dump
Stolen Data on the Dark Web. (to
the original material)
- HHS: Web Trackers in
Patient Portals Violate HIPAA. (to
the original material)
- LastPass Breach Exposes
Customer Data. (to
the original material)
- Ransom Realpolitik:
Paying for Data Deletion Is for Suckers. (to
the original material)
- Essential Aerospace and
Defense Software Security Practices. (to
the original material)
- Why Ransomware Victims
Avoid Calling It 'Ransomware'. (to
the original material)
Archive:
Click here to access CMS (Content Management System) in Joomla.
Source:
Note Dorin M.
This site has a double
form, one in HTML and one in Joomla (if you are interested
in the utility behind this effort you can read the "Why
a HTML and a CMS (Joomla)" page).
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
Dorin M - December 31,
2022