Study - Technical
- LMS-SFC (EN) - Cyber
Security - News archive
october 2022
Cyber Security - News Archive
October 2022
31.10.2022
- News
from cyber security.
- CISA Releases Guidance on
Phishing-Resistant and Numbers Matching Multifactor
Authentication. (to
the original material)
- Vulnerability Summary for
the Week of October 24, 2022. (to
the original material)
- Instagram account
suspension wave hits users. (to
the original material)
- ConnectWise backup
solutions open to RCE, patch ASAP! (to
the original material)
- Cyberattacks in healthcare
sector more likely to carry financial consequences. (to
the original material)
- Mozilla Firefox fixes
freezes caused by new Windows 11 feature. (to
the original material)
- Hackers selling access to
576 corporate networks for $4 million. (to
the original material)
- Chegg sued by FTC after
suffering four data breaches within 3 years. (to
the original material)
- NSA shares supply chain
security tips for software suppliers. (to
the original material)
- Hacking group abuses
antivirus software to launch LODEINFO malware. (to
the original material)
- Cyberattack Hits German
Copper Manufacturing Giant. (to
the original material)
- The Roadway to Modern
Managed Detection & Response. (to
the original material)
- Second Health Entity
Reports Breach Tied to Meta Pixel Use. (to
the original material)
- Cloud Security: Dealing
with SaaS - the New Shadow IT. (to
the original material)
- North Korea Disguising
Android Malware as Legitimate Apps. (to
the original material)
- Ransomware: 'Amateur'
Tactics Lead Fewer Victims to Pay. (to
the original material)
- VMware warns of the public
availability of CVE-2021-39144 exploit code. (to
the original material)
- Actively exploited Windows
Mark-of-the-Web zero-day received an unofficial patch. (to
the original material)
- Wannacry, the hybrid
malware that brought the world to its knees. (to
the original material)
- Snatch group claims to have
hacked military provider HENSOLDT France. (to
the original material)
- GitHub flaw could have
allowed attackers to takeover repositories of other users. (to
the original material)
- Malicious dropper apps on
Play Store totaled 30.000+ installations. (to
the original material)
30.10.2022
- News
from cyber security.
- Week in review: OpenSSL
critical fix, Medibank data breach, Apple fixes zero-day
vulnerability. (to
the original material)
- New Azov data wiper tries
to frame researchers and BleepingComputer. (to
the original material)
- Actively exploited
Windows MoTW zero-day gets unofficial patch. (to
the original material)
- Former British Prime
Minister Liz Truss ‘s phone was allegedly hacked by Russian
spies. (to
the original material)
- German BKA arrested the
alleged operator of Deutschland im Deep Web darknet market.
(to
the original material)
- BlackByte ransomware
group hit Asahi Group Holdings, a precision metal
manufacturing and metal solution provider. (to
the original material)
- Air New Zealand warns of
an ongoing credential stuffing attack. (to
the original material)
- Security Affairs
newsletter Round 391. (to
the original material)
29.10.2022
- News
from cyber security.
- New open-source tool
scans public AWS S3 buckets for secrets. (to
the original material)
- Espionage Hackers Use
Microsoft IIS to Plant Malware. (to
the original material)
- Twilio discloses another
security incident that took place in June. (to
the original material)
- A massive cyberattack hit
Slovak and Polish Parliaments. (to
the original material)
- How will Twitter change
under Elon Musk? (to
the original material)
28.10.2022
- News
from cyber security.
- Cybersecurity news of the
week (28.10.2022). (to
the original material)
- CISA Has Added One Known
Exploited Vulnerability to Catalog. (to
the original material)
- Joint CISA FBI MS-ISAC
Guide on Responding to DDoS Attacks and DDoS Guidance for
Federal Agencies. (to
the original material)
- VMware Releases Security
Updates. (to
the original material)
- New infosec products of
the week: October 28, 2022. (to
the original material)
- After a cyber breach,
companies risk losing employees’ trust. (to
the original material)
- ConnectWise fixes RCE bug
exposing thousands of servers to attacks. (to
the original material)
- The Week in Ransomware -
October 28th 2022 - Healthcare leaks. (to
the original material)
- Largest EU copper
producer Aurubis suffers cyberattack, IT outage. (to
the original material)
- Student arrested for
running one of Germany’s largest dark web markets. (to
the original material)
- Exploit released for
critical VMware RCE vulnerability, patch now. (to
the original material)
- Google fixes seventh
Chrome zero-day exploited in attacks this year. (to
the original material)
- Hackers use Microsoft IIS
web server logs to control malware. (to
the original material)
- Android malware droppers
with 130K installs found on Google Play. (to
the original material)
- Final Twilio Smishing
Victim Count Reaches 209. (to
the original material)
- Fallout From Medibank
Hack Grows. (to
the original material)
- Microsoft, IBM, Splunk
Dominate SIEM Gartner Magic Quadrant. (to
the original material)
- CommonSpirit IT Systems
Still Offline One Month Post-Attack. (to
the original material)
- Cyber Events Disrupt
Polish, Slovakian Parliament IT Systems. (to
the original material)
- Will Twitter Sink or Swim
Under Elon Musk's Direction? (to
the original material)
- Multiple vulnerabilities
affect the Juniper Junos OS. (to
the original material)
- Google fixes a new
actively exploited Chrome zero-day, it is the seventh one
this year. (to
the original material)
- Apple backports fixes for
CVE-2022-42827 zero-day to older iPhones, iPads. (to
the original material)
- New York Post hacked? No,
the culprit is an employee. (to
the original material)
27.10.2022
- News
from cyber security.
- CISA Releases Four
Industrial Control Systems Advisories. (to
the original material)
- Cybersecurity’s
importance and impact reaches all levels of the tech
workforce. (to
the original material)
- DHL takes top spot in
brand phishing attempts. (to
the original material)
- Cloud security made
simple in new guidebook for lean teams. (to
the original material)
- Apple fixes recently
disclosed zero-day on older iPhones, iPads. (to
the original material)
- Microsoft links Raspberry
Robin worm to Clop ransomware attacks. (to
the original material)
- Australian Clinical Labs
says patient data stolen in ransomware attack. (to
the original material)
- Drinik Android malware
now targets users of 18 Indian banks. (to
the original material)
- Twilio discloses another
hack from June, blames voice phishing. (to
the original material)
- New York Post hacked with
offensive headlines targeting politicians. (to
the original material)
- Fodcha DDoS botnet
reaches 1Tbps in power, injects ransoms in packets. (to
the original material)
- Medlab Pathology Breach
Affects 223,000 Australians. (to
the original material)
- CISA Releases Performance
Goals for Critical Infrastructure. (to
the original material)
- Feds Urge Healthcare
Entities to Train for Incident Response. (to
the original material)
- Spotting and Stopping
Synthetic ID Fraud. (to
the original material)
- Chinese Disinfo Campaign
Targeting US Midterm Elections. (to
the original material)
- How to Create an Identity
Strategy - Part 3. (to
the original material)
- Tools to Reduce
Authorized Payment Fraud and Scams. (to
the original material)
- Raspberry Robin operators
are selling initial access to compromised enterprise
networks to ransomware gangs. (to
the original material)
- Thomson Reuters collected
and leaked at least 3TB of sensitive data. (to
the original material)
- SiriSpy flaw allows
eavesdropping on users’ conversations with Siri. (to
the original material)
- British hacker arraigned
for running The Real Deal dark web marketplace. (to
the original material)
26.10.2022
- News
from cyber security.
- Apple Releases Security
Updates for Multiple Products. (to
the original material)
- Samba Releases Security
Updates. (to
the original material)
- Incoming OpenSSL critical
fix: Organizations, users, get ready! (to
the original material)
- How cybersecurity VCs
(Venture Companies) find visionary companies in emerging
sectors. (to
the original material)
- A quick guide for small
cybersecurity teams looking to invest in cyber insurance. (to
the original material)
- Medibank data breach:
More customers affected, attacker got in via stolen
credentials. (to
the original material)
- Notorious ‘BestBuy’
hacker arraigned for running dark web market. (to
the original material)
- LinkedIn's new security
features combat fake profiles, threat actors. (to
the original material)
- Outpost24: How
Pentesting-as-a-Service finds vulnerabilities before they're
exploited. (to
the original material)
- Medibank now says hackers
accessed all its customers’ personal data. (to
the original material)
- Microsoft fixes Windows
vulnerable driver blocklist sync issue. (to
the original material)
- Zero-Day Hoarding Aids
Advanced Spyware, PEGA Committee Told. (to
the original material)
- Federal Tally Reaches
5,000 Health Data Breaches Since 2009. (to
the original material)
- UK Data Watchdog Issues
Warning on Emotional Detection Tech. (to
the original material)
- Vice Society Wielding
Multiple Strains of Ransomware. (to
the original material)
- OpenSSL to fix the second
critical flaw ever. (to
the original material)
- See Tickets discloses
data breach, customers’ credit card data exposed. (to
the original material)
- US charges Ukrainian man
with Raccoon Infostealer operation. (to
the original material)
- Two flaws in Cisco
AnyConnect Secure Mobility client for Windows actively
exploited. (to
the original material)
- VMware fixes critical RCE
in VMware Cloud Foundation. (to
the original material)
- Vice Society Ransomware
Campaigns Continue to Impact US Education Sector. (to
the original material)
- Typosquat Campaign
Targeting Android, Windows Users Now Counts 600+ Domains. (to
the original material)
- Hive Ransomware Group
Leaks Data Stolen in Tata Power Cyber-Attack. (to
the original material)
- London's New Cyber
Resilience Centre Set to Fight Cybercrime in the Capital. (to
the original material)
- Supply Chain Attacks or
Vulnerabilities Experienced by 80% of Orgs, BlackBerry
Finds. (to
the original material)
- Ransomware Threat Shifts
from US to EMEA and APAC. (to
the original material)
- See Tickets Discloses
Major Card Data Breach. (to
the original material)
- ICO Warns of "Immature"
Biometric Tech. (to
the original material)
- Apple fixes latest
zero-day vulnerability to hit iOS devices. (to
the original material)
- Uber’s CISO conviction
underscores the importance of directors and officers
insurance protection. (to
the original material)
25.10.2022
- News
from cyber security.
- CISA Has Added One Known
Exploited Vulnerability to Catalog. (to
the original material)
- CISA Releases Eight
Industrial Control Systems Advisories. (to
the original material)
- CISA Upgrades to Version
2.0 of Traffic Light Protocol in One Week – Join Us! (to
the original material)
- Cybersecurity Pets:
Squirrel With Jaws Backs Up. (to
the original material)
- Malware vs Virus: What’s
the Difference? (to
the original material)
- New webinar: ZTNA for
SaaS applications. (to
the original material)
- U.S. to apply
cybersecurity labels to IoT devices. (to
the original material)
- Apple fixes exploited
iOS, iPadOS zero-day (CVE-2022-42827). (to
the original material)
- To retain cybersecurity
professionals, keep remote work as an option. (to
the original material)
- The long-term
psychological effects of ransomware attacks. (to
the original material)
- Cisco warns admins to
patch AnyConnect flaws exploited in attacks. (to
the original material)
- See Tickets discloses 2.5
years-long credit card theft breach. (to
the original material)
- Ukrainian charged for
operating Raccoon Stealer malware service. (to
the original material)
- Microsoft: Vice Society
targets schools with multiple ransomware families. (to
the original material)
- Dutch police arrest
hacker who breached healthcare software vendor. (to
the original material)
- VMware fixes critical
Cloud Foundation remote code execution bug. (to
the original material)
- Massive cryptomining
campaign abuses free-tier cloud dev resources. (to
the original material)
- New Samsung Maintenance
Mode protects your data during phone repairs. (to
the original material)
- How the "pizza123"
password could take down an organization. (to
the original material)
- Hive claims ransomware
attack on Tata Power, begins leaking data. (to
the original material)
- US Indicts Ukrainian for
Role in Raccoon Malware Scheme. (to
the original material)
- Pressure on Meta Mounts
Over Pixel Collecting Health Data. (to
the original material)
- European Parliament
Pegasus Investigation Faces Resistance. (to
the original material)
- Botnet Server Harvesting
167,000 Card Dumps Discovered. (to
the original material)
- NY State Smacks EyeMed
Vision With Another Breach Fine. (to
the original material)
- The Quest for
Non-Intrusive Security. (to
the original material)
- Apple Issues Emergency
iOS Fix as Kernel Zero-Day Exploited. (to
the original material)
- What’s Old is New Again:
Protecting Yourself From Check Fraud. (to
the original material)
- Experts disclosed a
22-year-old bug in popular SQLite Database library. (to
the original material)
- Two PoS Malware used to
steal data from more than 167,000 credit cards. (to
the original material)
- Hive ransomware gang
starts leaking data allegedly stolen from Tata Power. (to
the original material)
- Dormant Colors campaign
operates over 1M malicious Chrome extensions. (to
the original material)
- How We Made the Best
Split Tunneling for Our VPN. (to
the original material)
- Data Breaches Rise By 70%
Globally in Q3 2022. (to
the original material)
- Apple Fixes Actively
Exploited iOS and iPadOS Zero-Day Vulnerability. (to
the original material)
- POS Malware Used to Steal
Details of Over 167,000 Credit Cards. (to
the original material)
- Ukraine Warns of Cuba
Ransomware Campaign. (to
the original material)
- Iranian Atomic Energy
Agency Admits Email Hack. (to
the original material)
- US Charges Two Chinese
Agents in Huawei Obstruction Case. (to
the original material)
- Tight Internet Explorer
integration could lead to vulnerabilities in Windows. (to
the original material)
- CrowdStrike, Ernst &
Young to offer cloud security and observability services. (to
the original material)
- Reduce risk by redefining
security posture. (to
the original material)
24.10.2022
- News
from cyber security.
- CISA Adds Six Known
Exploited Vulnerabilities to Catalog. (to
the original material)
- Vulnerability Summary for
the Week of October 17, 2022. (to
the original material)
- 5 reasons to keep your
software and devices up to date. (to
the original material)
- cert-manager:
Automatically provision and manage TLS certificates in
Kubernetes. (to
the original material)
- Consumer behaviors are
the root of open source risk. (to
the original material)
- Chrome extensions with 1
million installs hijack targets’ browsers. (to
the original material)
- Apple fixes new zero-day
used in attacks against iPhones, iPads. (to
the original material)
- Iran’s atomic energy
agency confirms hack after stolen data leaked online. (to
the original material)
- Cuba ransomware affiliate
targets Ukrainian govt agencies. (to
the original material)
- Pendragon car dealer
refuses $60 million LockBit ransomware demand. (to
the original material)
- US FTC Targets CEO of
Booze App Over Weak Cybersecurity. (to
the original material)
- UK Firm Fined for Poor
Security Prior to Ransomware Attack. (to
the original material)
- Health Entity Says
Tracking Code Breach Affects 3 Million. (to
the original material)
- Security Alert: Daixin
Ransomware Targets Healthcare. (to
the original material)
- 'Pig Butchering' Online
Scam Sweeping English Speakers. (to
the original material)
- Why Cybereason Went From
IPO Candidate to Seeking a Buyer. (to
the original material)
- Australia's Data Breach
Wave: Workaday Cybercrime. (to
the original material)
- Apple fixed the ninth
actively exploited zero-day this year. (to
the original material)
- Cuba ransomware affiliate
targets Ukraine, CERT-UA warns. (to
the original material)
- Norway PM warns of Russia
cyber threat to oil and gas industry. (to
the original material)
- Malicious Clicker apps in
Google Play have 20M+ installs. (to
the original material)
- Security experts targeted
with malicious CVE PoC exploits on GitHub. (to
the original material)
- CISA Warns Against
Ransomware Group Daixin Team Targeting Health Organizations.
(to
the original material)
- Multiple RCE
Vulnerabilities Discovered in Veeam Backup & Replication
App. (to
the original material)
- DHL Replaces LinkedIn As
Most Imitated Brand in Phishing Attempts. (to
the original material)
- UK Cyber Security Council
Creates Chartered Qualification for Industry Pros. (to
the original material)
- Clicker Malware Garners
Estimated 20 Million Downloads. (to
the original material)
- UK Construction Company
Fined £4.4m for Serious Security Failings. (to
the original material)
- European Police Warn of
Metaverse Cyber-Threats. (to
the original material)
- Potentially far-reaching
vulnerabilities found in Atlassian’s Jira Align platform. (to
the original material)
- IBM awards $5 million in
grants to bolster cybersecurity in public schools. (to
the original material)
- Brace for more mobile app
security vulnerability discoveries in 2023. (to
the original material)
23.10.2022
- News
from cyber security.
- Week in review: CISA
releases RedEye, Apache Commons Text flaw, Medibank data
breach. (to
the original material)
- Thousands of GitHub
repositories deliver fake PoC exploits with malware. (to
the original material)
- Typosquat campaign mimics
27 brands to push Windows, Android malware. (to
the original material)
- Security Affairs
newsletter Round 390. (to
the original material)
- Hackers stole sensitive
data from Iran’s atomic energy agency. (to
the original material)
- Wholesale giant METRO
confirmed to have suffered a cyberattack. (to
the original material)
22.10.2022
- News
from cyber security.
- Android adware apps in
Google Play downloaded over 20 million times. (to
the original material)
- TommyLeaks and
SchoolBoys: Two sides of the same ransomware gang. (to
the original material)
- Exploited Windows
zero-day lets JavaScript files bypass security warnings. (to
the original material)
- Iran Hackers Behind
Attempt on US Election Are Still Active. (to
the original material)
- Daixin Team targets
health organizations with ransomware, US agencies warn. (to
the original material)
- Threat actors exploit
critical flaw in VMware Workspace ONE Access to drop
ransomware, miners. (to
the original material)
21.10.2022
- News
from cyber security.
- Press release: "Digital
Romania of the Future", a debate on education, resources and
cyber security. (to
the original material)
- Maritime Sector Sails
through rough 'Cybersecurity' Seas. (to
the original material)
- #StopRansomware: Daixin
Team. (to
the original material)
- Cisco Releases Security
Update for Cisco Identity Services Engine. (to
the original material)
- APT‑C‑50 updates FurBall
Android malware – Week in security with Tony Anscombe. (to
the original material)
- 3 things to look for in
an AI-powered email security solution. (to
the original material)
- Vulnerabilities in Cisco
Identity Services Engine require your attention
(CVE-2022-20822, CVE-2022-20959). (to
the original material)
- Medibank hack turned into
a data breach: The attackers are demanding money. (to
the original material)
- New infosec products of
the week: October 21, 2022. (to
the original material)
- Data visualization: An
invaluable tool in a defender’s arsenal. (to
the original material)
- The companies most likely
to lose your data. (to
the original material)
- The Week in Ransomware -
October 21st 2022 - Stop the Presses. (to
the original material)
- US govt warns of Daixin
Team targeting health orgs with ransomware. (to
the original material)
- Wholesale giant METRO hit
by IT outage after cyberattack. (to
the original material)
- Hackers exploit critical
VMware flaw to drop ransomware, miners. (to
the original material)
- Clearview AI gets third
€20 million fine for illegal data collection. (to
the original material)
- BlackByte ransomware uses
new data theft tool for double-extortion. (to
the original material)
- ISMG Editors: What CISOs
Can Learn From Ex-Uber CSO Verdict. (to
the original material)
- Europe Looks to Boost
Domestic Cybersecurity Investment. (to
the original material)
- Cloud Security and
Visibility Through Threat Detection. (to
the original material)
- The Battle Against
Phishing Attacks and Similar Scams. (to
the original material)
- Why Are We So Stupid
About Passwords? SSH and RDP Edition. (to
the original material)
- EnergyAustralia
Electricity company discloses security breach. (to
the original material)
- Experts warn of
CVE-2022-42889 Text4Shell exploit attempts. (to
the original material)
- CISA adds Linux kernel
flaw CVE-2021-3493 to its Known Exploited Vulnerabilities
Catalog. (to
the original material)
- GUAC – A Google Open
Source Project to secure software supply chain. (to
the original material)
- News URSNIF variant
doesn’t support banking features. (to
the original material)
- Healthcare system
Advocate Aurora Health data breach potentially impacted 3M
patients. (to
the original material)
- The EU Is Tackling a
Serious Problem with the Wrong Approach: Real-Time Mass
Surveillance. (to
the original material)
- New Phishing Campaign
Targets Saudi Government Service Portal. (to
the original material)
- Google Unveils Open
Source Project to Improve Software Supply Chain Security. (to
the original material)
- Thousands of Publicly
Exposed API Tokens Could Threaten Software Integrity. (to
the original material)
- NCSC CEO Calls for
International Standards on IoT Security. (to
the original material)
- Lesson Learned: How
SolarWinds Strengthened its Security Post-Incident. (to
the original material)
- Cyber-Enabled Crimes Are
Biggest Police Concerns. (to
the original material)
- OldGremlin Ransomware Ups
Ante Against Russian Targets. (to
the original material)
- Cops Arrest Suspected
Multimillion-Dollar Fraud Mastermind. (to
the original material)
- WithSecure adds real-time
threat intel for OneDrive to its cloud platform. (to
the original material)
- Experts on securing the
public cloud. (to
the original material)
- Understanding why
healthcare networks struggled when the pandemic first hit. (to
the original material)
20.10.2022
- News
from cyber security.
- Cybersecurity news of the
week (20.10.2022). (to
the original material)
- CISA Adds Two Known
Exploited Vulnerabilities to Catalog. (to
the original material)
- CISA Releases Three
Industrial Control Systems Advisories. (to
the original material)
- Mozilla Releases Security
Updates for Firefox. (to
the original material)
- CISA Requests for Comment
on Microsoft 365 Security Configuration Baselines. (to
the original material)
- Domestic Kitten campaign
spying on Iranian citizens with new FurBall malware. (to
the original material)
- Wordfence Evasion Malware
Conceals Backdoors. (to
the original material)
- Gartner 2022 security
trend #2: Digital Supply Chain Risk. (to
the original material)
- (ISC)² to aid
cybersecurity professional development in emerging
economies. (to
the original material)
- Want to be a CISO? Being
technical is just one of the requirements. (to
the original material)
- Product showcase:
ImmuniWeb Discovery – attack surface management with dark
web monitoring. (to
the original material)
- Ransomware preparedness:
What are you doing wrong? (to
the original material)
- Ursnif malware switches
from bank account theft to initial access. (to
the original material)
- Google sued over
biometric data collection without consent. (to
the original material)
- Health system data breach
due to Meta Pixel hits 3 million patients. (to
the original material)
- OldGremlin hackers use
Linux ransomware to attack Russian orgs. (to
the original material)
- Cybercriminals jailed for
cryptocurrency theft, death threats. (to
the original material)
- Hacking group updates
Furball Android spyware to evade detection. (to
the original material)
- Accused Lapsus$ Hacker
Arrested in Brazil. (to
the original material)
- FIDO (Fast IDentity
Online) Panel: Remember, Passwordless Is All About
Usability. (to
the original material)
- Achieving Zero Trust For
Corporate Networks. (to
the original material)
- Zero Trust Myths: Fact or
Fiction? (to
the original material)
- Medibank Acknowledges
Data Breach Including Medical Data. (to
the original material)
- Iran-Linked Android
Malware Makes End Run Around Antivirus. (to
the original material)
- Banks on Alert for Check
Fraud, Insider Fraud and Scams. (to
the original material)
- Critical Security
Considerations for Medical Devices. (to
the original material)
- Russian-Speaking
Ransomware Gangs Hit New Victim: Russians. (to
the original material)
- Australia's Data Breach
Debacle Expands. (to
the original material)
- More Russian
Organizations Feeling Ransomware Pain. (to
the original material)
- Experts spotted a new
undetectable PowerShell Backdoor posing as a Windows update.
(to
the original material)
- BlueBleed: Microsoft
confirmed data leak exposing customers’ info. (to
the original material)
- Internet disruptions
observed as Russia targets critical infrastructure in
Ukraine. (to
the original material)
- Brazilian police arrested
a man suspected of being a member of LAPSUS$ gang. (to
the original material)
- Experts discovered
millions of .git folders exposed to public. (to
the original material)
- Can You Browse the
Internet Anonymously? Yes, But It’s Tricky. (to
the original material)
- Ransomware is Being Used
As a Precursor to Physical War: Ivanti. (to
the original material)
- Cybersecurity Workforce
Gap Grows by 26% in 2022. (to
the original material)
- FBI Warns Students
Against Loan Forgiveness Scammers. (to
the original material)
- Singapore Creates Counter
Ransomware Task Force to Tackle Threats. (to
the original material)
- Brazilian Police Arrest
Lapsus$ Suspect. (to
the original material)
- NCSC Updates Early
Warning Threat Intelligence. (to
the original material)
- Microsoft
Misconfiguration Exposes Customer Data. (to
the original material)
- Expect more attacks from
disgruntled ransomware affiliates, researchers say. (to
the original material)
- Only 40% of organizations
confident in ability to secure cloud data. (to
the original material)
- 5 ways to secure the
public cloud. (to
the original material)
- Eight ideas that can
ingrain security awareness as a company value. (to
the original material)
19.10.2022
- News
from cyber security.
- Post-Quantum
Cryptography: Anticipating Threats and Preparing the Future.
(to
the original material)
- CISA Updates Advisory on
Threat Actors Exploiting Multiple CVEs Against Zimbra
Collaboration Suite. (to
the original material)
- Oracle Releases October
2022 Critical Patch Update. (to
the original material)
- Don’t get scammed when
buying tickets online. (to
the original material)
- Apache Commons Text flaw
is not a repeat of Log4Shell (CVE-2022-42889). (to
the original material)
- iDealwine suffers a data
breach. (to
the original material)
- Secure portable operating
system Tails 5.5 released. (to
the original material)
- Upgrade your security
awareness efforts: Here’s how to start. (to
the original material)
- The future of MFA is
passwordless. (to
the original material)
- CISOs, rejoice! Security
spending is increasing. (to
the original material)
- Brazil arrests suspect
believed to be a Lapsus$ gang member. (to
the original material)
- Microsoft data breach
exposes customers’ contact info, emails. (to
the original material)
- Microsoft announces
enterprise DDoS protection for SMBs. (to
the original material)
- Hackers use new stealthy
PowerShell backdoor to target 60+ victims. (to
the original material)
- Microsoft Azure SFX bug
let hackers hijack Service Fabric clusters. (to
the original material)
- Apache Commons Text RCE
flaw - Keep calm and patch away. (to
the original material)
- Undetectable Backdoor
Disguises as Windows Update. (to
the original material)
- Crimeware Hackers Adopt
APT-Like Capabilities. (to
the original material)
- Hackers Threaten to Sell
Stolen Medibank Data, Seek Ransom. (to
the original material)
- REvil and Conti
Ransomware Spinoffs Refine Attack Strategies. (to
the original material)
- How to Create an Identity
Strategy - Part Two. (to
the original material)
- Examining the Effects of
Cyberattacks on Patient Care. (to
the original material)
- Experts: One-Time
Passwords Leave Huge Security Holes in MFA. (to
the original material)
- Text4Shell, a remote code
execution bug in Apache Commons Text library. (to
the original material)
- Researchers share of
FabriXss bug impacting Azure Fabric Explorer. (to
the original material)
- The missed link between
Ransom Cartel and REvil ransomware gangs. (to
the original material)
- Microsoft Office 365
Message Encryption (OME) doesn’t ensure confidentiality. (to
the original material)
- EU Lawmakers Must Reject
This Proposal To Scan Private Chats. (to
the original material)
- Better Regulating Drone
Use Requires Communication, Not Surveillance. (to
the original material)
- Spanish ISPs Fall Short
of Robust Commitments to User Privacy in New Eticas’ Report.
(to
the original material)
- Alaa Abd El Fattah
Surpasses 200 Days of Hunger Strike as COP27 Summit Nears. (to
the original material)
- NSA Cybersecurity
Director's Six Takeaways From the War in Ukraine. (to
the original material)
- Moola Market Reveals $9m
Crypto Exploit. (to
the original material)
- Digital Natives Are
Undermining Corporate Security - Report. (to
the original material)
- #CyberMonth: ENISA
Celebrates 10 Years of European Cybersecurity Month with
New, Proactive Slogan. (to
the original material)
- Deadbolt Ransomware
Extorts Vendors and Customers. (to
the original material)
- Software Supply Chain
Attacks Soar 742% in Three Years. (to
the original material)
- Gen Z, millennials take
cybersecurity less seriously on work devices than personal
ones. (to
the original material)
- ‘Patched’ vulnerability
in Citrix ADM not sufficient to prevent exploitation. (to
the original material)
- How SaaS has redefined
cybersecurity. (to
the original material)
18.10.2022
- News
from cyber security.
- eHealth Conference:
Sector Matures in terms of Cybersecurity but not fast
enough. (to
the original material)
- CISA Releases Two
Industrial Control Systems Advisories. (to
the original material)
- Vulnerability Summary for
the Week of October 10, 2022. (to
the original material)
- Children's online safety:
Presentation for concerned teachers. (to
the original material)
- What is online bullying:
Presentation for concerned teachers. (to
the original material)
- What is the 503 Service
Unavailable Error & How to Fix It. (to
the original material)
- Ransomware and SLED:
Proven strategies from someone who knows. (to
the original material)
- Police breaks up criminal
ring that hacked keyless systems to steal cars. (to
the original material)
- Product showcase: Scribe
platform’s end-to-end software supply chain security. (to
the original material)
- For auto dealerships,
cybersecurity is more essential than ever. (to
the original material)
- Ransom Cartel linked to
notorious REvil ransomware operation. (to
the original material)
- FBI: Scammers likely to
target US Student Loan Debt Relief applicants. (to
the original material)
- Hackers target Asian
casinos in lengthy cyberespionage campaign. (to
the original material)
- Verizon notifies prepaid
customers their accounts were breached. (to
the original material)
- Text message verification
flaws in your Windows Active Directory. (to
the original material)
- DuckDuckGo for Mac enters
public beta, now available to everyone. (to
the original material)
- Hackers compromised Hong
Kong govt agency network for a year. (to
the original material)
- Police in Europe Arrest
31 for Hacking and Stealing Autos. (to
the original material)
- German Cybersecurity Head
Dismissed for Alleged Russia Ties. (to
the original material)
- US CISA Official:
'Forcefully Nudge' Users to Adopt MFA. (to
the original material)
- After the Sullivan
Verdict: A CISO's Guide to Avoiding Jail. (to
the original material)
- Attackers Evolve; Here Is
How Defenders Keep Pace. (to
the original material)
- Abnormal Intelligence:
New Threat Intel Site Launched. (to
the original material)
- New Data Leaks Add to
Australia's Data Security Reckoning. (to
the original material)
- Online Tracking Tools
Provoke Patient Privacy Concerns. (to
the original material)
- Authenticate 2022:
Experts Share Path to Passwordless Future. (to
the original material)
- Law enforcement arrested
31 suspects for stealing cars by hacking key fobs. (to
the original material)
- China-linked APT41 group
targets Hong Kong with Spyder Loader. (to
the original material)
- Critical Remote Code
Execution issue impacts popular post-exploitation toolkit
Cobalt Strike (to
the original material)
- Over 17000 Fortinet
devices exposed online are very likely vulnerable to
CVE-2022-40684. (to
the original material)
- CVE-2022-28762: Zoom for
macOS contains a debugging port misconfiguration. (to
the original material)
- Zoom Patches
High-Severity Flaw in macOS Client. (to
the original material)
- HelpSystems Patch Falls
Short, RCE Vulnerability in Cobalt Strike Remains. (to
the original material)
- Spyder Loader Malware
Deployed Against Hong Kong Organizations. (to
the original material)
- European Police Catch
Suspected Car Hackers. (to
the original material)
- Wine Merchant Among
Aussie Firms Breached, Exposing Millions. (to
the original material)
- Pro-Russia Hackers DDoS
Bulgarian Government. (to
the original material)
- Orca Security adds API
security to its cloud platform. (to
the original material)
- Ransomware will not go
away any time soon. (to
the original material)
17.10.2022
- News
from cyber security.
- 5 steps to protect your
school from cyberattacks. (to
the original material)
- DDoS attacks are becoming
much too common. (to
the original material)
- Protect your Microsoft
digital house with Zero Trust Access. (to
the original material)
- CISA releases RedEye
open-source analytic tool. (to
the original material)
- New security concerns for
the open-source software supply chain. (to
the original material)
- Top outcomes
organizations want from their security investments. (to
the original material)
- Malware dev claims to
sell new BlackLotus Windows UEFI bootkit. (to
the original material)
- MyDeal data breach
impacts 2.2M users, stolen data for sale online. (to
the original material)
- Windows Mark of the Web
bypass zero-day gets unofficial patch. (to
the original material)
- Australian insurance firm
Medibank confirms ransomware attack. (to
the original material)
- Police dismantles
criminal ring that hacked keyless cars. (to
the original material)
- Ransomware attack halts
circulation of some German newspapers. (to
the original material)
- Mexico to Investigate
Pegasus Spyware Purchase. (to
the original material)
- Proof of Concept:
California's First Consumer Privacy Fine. (to
the original material)
- Australian Insurer
Medibank Says Incident Was Ransomware. (to
the original material)
- Top Cyber Lessons From
Natural Disaster Plans in Healthcare. (to
the original material)
- Retail giant Woolworths
discloses data breach of MyDeal online marketplace. (to
the original material)
- New UEFI rootkit Black
Lotus offered for sale at $5,000. (to
the original material)
- Japanese tech firm Oomiya
hit by LockBit 3.0. Multiple supply chains potentially
impacted. (to
the original material)
- Bulgaria hit by a cyber
attack originating from Russia. (to
the original material)
- Interpol arrested 75
members of the cybercrime ring Black Axe. (to
the original material)
- 45,654 VMware ESXi
servers reached End of Life on Oct. 15. (to
the original material)
- Global Coalition Calls on
UK Foreign Secretary to Secure the Release of Salma
al-Shehab. (to
the original material)
- 'Prestige' Ransomware
Group Targets Organizations in Ukraine and Poland. (to
the original material)
- Amazon Customers Receive
Smishing Warning After Receiving Fake Texts. (to
the original material)
- Ransom Cartel Linked to
Russia-Based REvil Ransomware Group. (to
the original material)
- Spanish Police Bust
Region's "Biggest Narco Bank". (to
the original material)
- Hackney Council
Ransomware Attack Cost £12m+. (to
the original material)
- Global Cops Arrest Dozens
Linked to Financial Crime Gang. (to
the original material)
- Cloud security expected
to drive 11.3% growth in security spending in 2023. (to
the original material)
- Top identity and access
trends and challenges when moving to the cloud. (to
the original material)
- The company’s cloud
environment was hacked. Now what? (to
the original material)
16.10.2022
- News
from cyber security.
- Week in review: 3FA,
Fortinet firewalls under attack, and the riskiest connected
devices. (to
the original material)
- Venus Ransomware targets
publicly exposed Remote Desktop services. (to
the original material)
- New PHP
information-stealing malware targets Facebook accounts. (to
the original material)
- Mysterious Prestige
ransomware targets organizations in Ukraine and Poland. (to
the original material)
- Threat actors hacked
hundreds of servers by exploiting Zimbra CVE-2022-41352 bug.
(to
the original material)
- Security Affairs
newsletter Round 389. (to
the original material)
- Researchers anticipate
third wave of attacks exploiting Zimbra vulnerability. (to
the original material)
15.10.2022
- News
from cyber security.
- Over 45,000 VMware ESXi
servers just reached end-of-life. (to
the original material)
- Fortinet urges admins to
patch bug with public exploit immediately. (to
the original material)
- Almost 900 servers hacked
using Zimbra zero-day flaw. (to
the original material)
- Mango Markets Set to Pay
$47M Bug Bounty to Hacker. (to
the original material)
- New PHP Version of
Ducktail info-stealer hijacks Facebook Business accounts. (to
the original material)
- Palo Alto Networks fixed
a high-severity auth bypass flaw in PAN-OS. (to
the original material)
- Indian power generation
giant Tata Power hit by a cyber attack. (to
the original material)
14.10.2022
- News
from cyber security.
- CISA Releases RedEye: Red
Team Campaign Visualization and Reporting Tool. (to
the original material)
- Has your Steam account
been hacked? Here's how you can recover it. (to
the original material)
- ESET research into
POLONIUM’s arsenal – Week in security with Tony Anscombe. (to
the original material)
- Beyond ransomware: A look
at other malware threats. (to
the original material)
- Researchers release PoC
for Fortinet firewall flaw, exploitation attempts mount. (to
the original material)
- Weakness in Microsoft
Office 365 Message Encryption could expose email contents. (to
the original material)
- New infosec products of
the week: October 14, 2022. (to
the original material)
- Alternative payment
methods are creating new fraud risks. (to
the original material)
- The Week in Ransomware -
October 14th 2022 - Bitcoin Trickery. (to
the original material)
- Police tricks DeadBolt
ransomware out of 155 decryption keys. (to
the original material)
- Microsoft: New Prestige
ransomware targets orgs in Ukraine, Poland. (to
the original material)
- Student jailed for
hacking female classmates’ email, Snapchat accounts. (to
the original material)
- CISA releases open-source
'RedEye' C2 log visualization tool. (to
the original material)
- INTERPOL arrests ‘Black
Axe’ cybercrime syndicate members. (to
the original material)
- Australian police secret
agents exposed in Colombian data leak. (to
the original material)
- Microsoft Office 365
email encryption could expose message content. (to
the original material)
- Australian Insurer Back
Online After Cyberattack. (to
the original material)
- Windows Common Log File
System Driver 0-Day Gets a Close-Up. (to
the original material)
- ISMG Editors: Assessing
the Proposed EU-US Data Flow Plan. (to
the original material)
- Not So Fast: Retailer
Shein Fined $1.9M for Breach Cover-Up. (to
the original material)
- Microsoft Email
Encryption Vulnerable to Structural Leaks. (to
the original material)
- Most Concerning Security
Vulnerabilities in Medical Devices. (to
the original material)
- Experts disclose
technical details of now-patched CVE-2022-37969 Windows
Zero-Day. (to
the original material)
- WIP19, a new Chinese APT
targets IT Service Providers and Telcos. (to
the original material)
- Experts released PoC
exploit code for critical bug CVE-2022-40684 in Fortinet
products. (to
the original material)
- DJI (China) drone
tracking data exposed in the US. (to
the original material)
- Stop the Persecution:
Iranian Authorities Must Immediately Release Technologists
and Digital Rights Defenders. (to
the original material)
- Mirai Botnet Targeted
Wynncraft Minecraft Server, Cloudflare Reports. (to
the original material)
- Shein Holding Company
Fined $1.9m For Not Disclosing Data Breach. (to
the original material)
- Education Sector
Experienced 44% Increase in Cyber-Attacks Over Last Year. (to
the original material)
- #DTX2022: How to Scam
Someone Using Social Media Phishing. (to
the original material)
- Magniber Ransomware
Adopts JavaScript to Attack Individual Users. (to
the original material)
- Report Shows How China
Has Been Using Cyber-Attacks Over the Past Decade. (to
the original material)
- Ransomware-as-a-service
group Ransom Cartel may have ties to REvil. (to
the original material)
- 5 challenges to public
cloud security. (to
the original material)
- Five misconceptions
businesses keep having about ransomware. (to
the original material)
13.10.2022
- News
from cyber security.
- Cybersecurity news of the
week (13.10.2022). (to
the original material)
- CISA Releases Twenty-Five
Industrial Control Systems Advisories. (to
the original material)
- Life in pursuit of
answers: In the words of Ada Yonath. (to
the original material)
- How to (Securely) Debug
WordPress Errors on Your Website. (to
the original material)
- New e-book: App-based
ransomware rising. (to
the original material)
- Here’s 5 of the world’s
riskiest connected devices. (to
the original material)
- Consumers want more
transparency on how companies manage their data. (to
the original material)
- Fast Company says
Executive Board member info was not stolen in attack. (to
the original material)
- Exploit available for
critical Fortinet auth bypass bug, patch now. (to
the original material)
- Russian DDoS attack
project pays contributors for more firepower. (to
the original material)
- Magniber ransomware now
infects Windows users via JavaScript files. (to
the original material)
- What the Uber Hack can
teach us about navigating IT Security. (to
the original material)
- Cloudflare mitigated
record DDoS attack against Minecraft server. (to
the original material)
- New Alchimist attack
framework targets Windows, macOS, Linux. (to
the original material)
- Iran-Linked Hackers Use
Custom Backdoors on Israeli Targets. (to
the original material)
- RansomExx Leaks 52GB of
Barcelona Health Centers' Data. (to
the original material)
- CommonSpirit's Ransomware
Incident Taking Toll on Patients. (to
the original material)
- Biden Administration
Ramps Up Cybersecurity Requirements. (to
the original material)
- Identity Security as the
New Business Essential. (to
the original material)
- The Growing Zelle Fraud
Problem and Who Should Pay for It. (to
the original material)
- Yotam Segev on What
Distinguishes Cyera from Traditional DLP. (to
the original material)
- China-linked Budworm APT
returns to target a US entity. (to
the original material)
- Cloudflare blocked a 2.5
Tbps DDoS attack aimed at the Minecraft server. (to
the original material)
- The discovery of
Alchimist C2 tool, revealed a new attack framework to target
Windows, macOS, and Linux systems. (to
the original material)
- POLONIUM APT targets
Israel with a new custom backdoor dubbed PapaCreep. (to
the original material)
- YoWhatsApp, unofficial
WhatsApp Android app spreads the Triada Trojan. (to
the original material)
- The Internet Is Not
Facebook: Why Infrastructure Providers Should Stay Out of
Content Policing. (to
the original material)
- Chinese APT WIP19 Targets
IT Service Providers and Telcos. (to
the original material)
- Malicious WhatsApp Mod
Spotted Infecting Android Devices. (to
the original material)
- Budworm Espionage Group
Returns, Targets US State Legislature. (to
the original material)
- IP Cameras, VoIP and
Video Conferencing Revealed as Riskiest IoT Devices. (to
the original material)
- UK Government Urges
Action to Enhance Supply Chain Security. (to
the original material)
- #DTX2022: Cyber Needs to
Redress the Defensive-Offensive Balance Following
Russia-Ukraine. (to
the original material)
- Microsoft adds new DevOps
and CSPM features to Defender for Cloud. (to
the original material)
- Securing the complex
federal software supply chain. (to
the original material)
- Role of CISOs
misunderstood by executive leadership, IT pros say. (to
the original material)
- Cybercrime, Inc.: How the
bad guys adopted the business model. (to
the original material)
- How to protect mobile
devices in the golden era of ransomware. (to
the original material)
12.10.2022
- News
from cyber security.
- How to help children face
online bullying: Presentation for concerned teachers. (to
the original material)
- Cyber Security Month:
Tips from Ant VPN. (to
the original material)
- How to adapt
cybersecurity practices for the needs of the next
generation. (to
the original material)
- 10 common Zelle scams –
and how to avoid them. (to
the original material)
- SiteCheck Malware Trends
Report – Q3 2022. (to
the original material)
- Gartner 2022 security
trend #1: Attack Surface Expansion. (to
the original material)
- For most companies
ransomware is the scariest of all cyberattacks. (to
the original material)
- Microsoft adds new RSS
feed for security update notifications. (to
the original material)
- Unofficial WhatsApp
Android app caught stealing users’ accounts. (to
the original material)
- Microsoft Defender adds
command and control traffic detection. (to
the original material)
- Aruba fixes critical RCE
and auth bypass flaws in EdgeConnect. (to
the original material)
- New npm timing attack
could lead to supply chain attacks. (to
the original material)
- Google simplifies
sign-ins with Chrome, Android passkey support. (to
the original material)
- Google Forms abused in
new COVID-19 phishing wave in the U.S. (to
the original material)
- Former Doctor Pleads
Guilty to HIPAA Charges in Fraud Case. (to
the original material)
- Microsoft Fixes 1
Zero-Day, Leaves 2 Exchange Bugs Unpatched. (to
the original material)
- Lloyd's of London Says It
Found No Evidence of Breach. (to
the original material)
- Everything We Know About
the Mango Markets Hack. (to
the original material)
- How to Create an Identity
Strategy - Part 1. (to
the original material)
- Cyber Threats Are
Evolving. (to
the original material)
- Aruba fixes critical
vulnerabilities in EdgeConnect Enterprise Orchestrator. (to
the original material)
- Microsoft Patch Tuesday
for October 2022 doesn’t fix Exchange Server flaws. (to
the original material)
- VMware has yet to fix
CVE-2021-22048 flaw in vCenter Server disclosed one year
ago. (to
the original material)
- LockBit affiliates
compromise Microsoft Exchange servers to deploy ransomware.
(to
the original material)
- FormBook Tops Check
Point's Most Wanted Malware List For September. (to
the original material)
- Microsoft October 2022
Patch Tuesday Fixes 84 Flaws, Including Zero-Day. (to
the original material)
- Singtel's Australian IT
Firm Dialog Suffers Data Breach. (to
the original material)
- Claroty Found Hardcoded
Cryptographic Keys in Siemens PLCs Using RCE. (to
the original material)
- Polonium Uses Seven
Backdoor Variants to Spy on Israeli Organizations. (to
the original material)
- #ISC2Congress: US
Government is Embracing 'Collective Defense'. (to
the original material)
- Fortinet authentication
bypass flaw exploited in the wild; security experts call
patching critical. (to
the original material)
- Palo Alto launches
unified tool to take the heat off SOC analysts. (to
the original material)
- The resounding negative
effects of silent patches. (to
the original material)
11.10.2022
- News
from cyber security.
- Press release: The
National Cyber Security Directorate (DNSC) and Decalex
announce the launch of a GDPR Guide for Romanian companies.
(to
the original material)
- Adobe Releases Security
Updates for Multiple Products. (to
the original material)
- Microsoft Releases
October 2022 Security Updates. (to
the original material)
- CISA Has Added One Known
Exploited Vulnerability to Catalog. (to
the original material)
- Vulnerability Summary for
the Week of October 3, 2022. (to
the original material)
- POLONIUM targets Israel
with Creepy malware. (to
the original material)
- Microsoft 365 account
takeover: How to defend your deployment. (to
the original material)
- Microsoft patches Windows
flaw exploited in the wild (CVE-2022-41033). (to
the original material)
- Auth bypass bug in
FortiOS, FortiProxy is exploited in the wild
(CVE-2022-40684). (to
the original material)
- All Windows versions can
now block admin brute-force attacks. (to
the original material)
- Android leaks some
traffic even when 'Always-on VPN' is enabled. (to
the original material)
- VMware vCenter Server bug
disclosed last year still not patched. (to
the original material)
- Microsoft October 2022
Patch Tuesday fixes zero-day used in attacks, 84 flaws. (to
the original material)
- Microsoft Exchange
servers hacked to deploy LockBit ransomware. (to
the original material)
- Critical VM2 flaw lets
attackers run code outside the sandbox. (to
the original material)
- Hacking group POLONIUM
uses ‘Creepy’ malware against Israel. (to
the original material)
- EU Lawmakers Push for
Anonymity Assurances in Digital ID. (to
the original material)
- Two Australian Regulators
Investigating Optus Breach. (to
the original material)
- Hospital Chain's Patient
Portals, Other IT Still Offline. (to
the original material)
- Top Fraud Trends to Watch
in 2023. (to
the original material)
- Caffeine, a new
Phishing-as-a-Service toolkit available in the underground.
(to
the original material)
- Experts analyzed the
evolution of the Emotet supply chain. (to
the original material)
- DeepFakes Are The
Cybercriminal Economy’s Latest Business Line. (to
the original material)
- Toyota discloses
accidental leak of some customers’ personal information. (to
the original material)
- Will Biden’s New EU-US
Data Privacy Framework Pass Legal Muster? (to
the original material)
- First Court in California
Suppresses Evidence from Overbroad Geofence Warrant. (to
the original material)
- Google Unifies Recent
Acquisitions Under New Cloud Security Offering. (to
the original material)
- Toyota Reveals Data Leak
of 300,000 Customers. (to
the original material)
- A New Wave of PayPal
Invoice Scams Using Crypto Disguise. (to
the original material)
- #ISC2Congress:
Cybersecurity Pros Must Prepare for Emerging Deepfake
Threats. (to
the original material)
- Calls for Better
Microsoft Teams Backup as Confidential Info Sent on the
Platform. (to
the original material)
- Pro-Russian Group KillNet
Claims Responsibility for 14 US Airport DDoS Attacks. (to
the original material)
- Delinea releases ‘For
Dummies’ book on cloud server privilege management. (to
the original material)
- State of ransomware in
financial services. (to
the original material)
- Understanding standards
for software supply chain security. (to
the original material)
- There’s more to the
guilty verdict in the Uber case than meets the eye. (to
the original material)
10.10.2022
- News
from cyber security.
- 8 things to consider
before purchasing a home security camera. (to
the original material)
- Steam account hacked?
Here’s how to get it back. (to
the original material)
- A matter of cybersecurity
conscience. (to
the original material)
- Unpatched Zimbra RCE bug
exploited by attackers (CVE-2022-41352). (to
the original material)
- Critical vm2 sandbox
escape flaw uncovered, patch ASAP! (CVE-2022-36067). (to
the original material)
- Lack of transparency,
systemic risks weaken national cybersecurity preparedness. (to
the original material)
- Microsoft Teams: A
channel for sensitive business information sharing that
needs better backup. (to
the original material)
- Board members should make
CISOs their strategic partners. (to
the original material)
- Caffeine service lets
anyone launch Microsoft 365 phishing attacks. (to
the original material)
- Hackers behind IcedID
malware attacks diversify delivery tactics. (to
the original material)
- Toyota discloses data
leak after access key exposed on GitHub. (to
the original material)
- Fortinet says critical
auth bypass bug is exploited in attacks. (to
the original material)
- US airports' sites taken
down in DDoS attacks by pro-Russian hackers. (to
the original material)
- Singtel Confronts
Multiple Data Leaks. (to
the original material)
- Feds Warn Healthcare Over
Cobalt Strike Infections. (to
the original material)
- US Airport Websites
Targeted by Russian KillNet Group. (to
the original material)
- 2022 Digital Trust Survey
Shows Dedicated Resources Lacking. (to
the original material)
- Mitigate Risk from
Insider Threats: Insights & Advice. (to
the original material)
- Leveling Up BEC &
Ransomware Protection. (to
the original material)
- CVE-2022-40684 flaw in
Fortinet products is being exploited in the wild. (to
the original material)
- Pro-Russia group KillNet
targets US airports. (to
the original material)
- The head of the Federal
Cyber Security Authority (BSI) faces dismissal. (to
the original material)
- Dark web carding site
BidenCash gives 1.2M payment cards for free. (to
the original material)
- Harvard Business
Publishing licensee hit by ransomware. (to
the original material)
- Ukraine Enhances
Cooperation With EU Cybersecurity Agencies. (to
the original material)
- Intel Confirms Source
Code Leak. (to
the original material)
- ThermoSecure: Cracking
Passwords Using Finger Heat on Keyboards is Now Possible. (to
the original material)
- German Cybersecurity
Chief Faces Sacking Over Possible Russia Ties. (to
the original material)
- Facebook Login Details at
Risk as Meta Identifies Over 400 Malicious Apps. (to
the original material)
- 91% of Cyber Pros
Experience Mental Health Challenges at Work. (to
the original material)
- How to face the new
challenges in an ever-expanding – and risky – internet
environment. (to
the original material)
09.10.2022
- News
from cyber security.
- Snake keylogger returns
in Malspam campaign. (to
the original material)
- Bitdefender Labs warns of
fraudulent campaigns exploiting the war between Russia and
Ukraine. (to
the original material)
- Week in review: 7
cybersecurity audiobooks to read, Patch Tuesday forecast. (to
the original material)
- Intel confirms leaked
Alder Lake BIOS Source Code is authentic. (to
the original material)
- Fake Solana Phantom
security updates push crypto-stealing malware. (to
the original material)
- Darkweb market BidenCash
gives away 1.2 million credit cards for free. (to
the original material)
- Fake adult sites push
data wipers disguised as ransomware. (to
the original material)
- Everest gang demands
$200K for data stolen from South Africa state-owned
electricity company ESKOM. (to
the original material)
- Security Affairs
newsletter Round 387. (to
the original material)
- CommonSpirit hospital
chains hit by ransomware, patients are facing problems. (to
the original material)
- Lloyd’s of London
investigates alleged cyber attack. (to
the original material)
08.10.2022
- News
from cyber security.
- ADATA denies RansomHouse
cyberattack, says leaked data from 2021 breach. (to
the original material)
- Callback phishing attacks
evolve their social engineering tactics. (to
the original material)
- BlackByte Ransomware abuses
vulnerable driver to bypass security solutions. (to
the original material)
- Unpatched remote code
execution flaw in Zimbra Collaboration Suite actively
exploited. (to
the original material)
07.10.2022
- News
from cyber security.
- CISA Releases Three
Industrial Control Systems Advisories. (to
the original material)
- FBI and CISA Publish a
PSA on Information Manipulation Tactics for 2022 Midterm
Elections. (to
the original material)
- October 2022 Patch
Tuesday forecast: Looking for treats, not more tricks. (to
the original material)
- New infosec products of
the week: October 7, 2022. (to
the original material)
- Shadow APIs hit with 5
billion malicious requests. (to
the original material)
- The Week in Ransomware -
October 7th 2022 - A 20 year sentence. (to
the original material)
- 2K Games warns users
their stolen data is now up for sale online. (to
the original material)
- Hackers exploiting
unpatched RCE bug in Zimbra Collaboration Suite. (to
the original material)
- Fortinet warns admins to
patch critical auth bypass bug immediately. (to
the original material)
- LofyGang hackers built a
credential-stealing enterprise on Discord, NPM. (to
the original material)
- Cancer Testing Lab
Reports 2nd Major Breach Within 6 Months. (to
the original material)
- Log4Shell Among Chinese
Hackers' Fave Vulns, Say Feds. (to
the original material)
- Binance Restores
Cross-Chain Bridge After $569M Attack. (to
the original material)
- ISMG Editors: The Plot to
Leak US Health Records to Russia. (to
the original material)
- President Biden to Sign
Order for Trans-Atlantic Data Flows. (to
the original material)
- Hacker Exploits Bug to
Steal Millions From Binance Bridge. (to
the original material)
- The Ransomware Files,
Episode 12: Unproven Data Recovery. (to
the original material)
- How Adversaries Are
Bypassing Weak MFA. (to
the original material)
- The downside of
cybersecurity overconfidence. (to
the original material)
- VMware fixed a
high-severity bug in vCenter Server. (to
the original material)
- Fortinet urges customers
to immediately fix a critical authentication bypass flaw in
FortiGate and FortiProxy. (to
the original material)
- Hacker stole $566 million
worth of Binance Coins from Binance Bridge. (to
the original material)
- LilithBot Malware, a new
MaaS (Malware-as-a-Service) offered by the Eternity Group. (to
the original material)
- LofyGang Group Linked to
Recent Software Supply Chain Attacks. (to
he original material)
- RCE on Log4j Among Top
CVEs Exploited By Chinese-Backed Hackers. (to
the original material)
- Russian Sanctions
Instigator Lloyd's Possibly Hit by Cyber-Attack. (to
the original material)
- Businesses in Canada
Warned Not to Overlook Cybersecurity As Recession Looms. (to
the original material)
- US Warns of Foreign
Disinfo Ops Ahead of Midterms. (to
the original material)
- Meta Sues Chinese Devs
Over WhatsApp Malware Plot. (to
the original material)
- Hacker Steals Over $570m
from Binance Bridge. (to
the original material)
- Digital Rights Updates
with EFFector 34.5. (to
the original material)
- Copyright Trolls Target
Users in Brazil, Threatening Due Process and Data Protection
Rights. Civil Society Groups Are There to Help. (to
the original material)
- Derechos Digitales Raises
the Bar for Chilean ISPs' Privacy Commitments in New Report.
(to
the original material)
- Do you have an older
iPhone? Install this security patch now! (to
the original material)
- Sextortion: How it
affects teens and what parents need to know to protect them.
(to
the original material)
- Key takeaways from ESET
Threat Report T2 2022 – Week in security with Tony Anscombe.
(to
the original material)
- Defending government and
education organizations against cyberthreats. (to
the original material)
06.10.2022
- News
from cyber security.
- The week's cybersecurity
news (06.10.2022). (to
the original material)
- Top CVEs Actively
Exploited by People’s Republic of China State-Sponsored
Cyber Actors. (to
the original material)
- Cisco Releases Security
Updates for Multiple Products. (to
the original material)
- CISA Releases Two
Industrial Control Systems Advisories. (to
the original material)
- Threat Source newsletter
(Oct. 6, 2022) - Continuing down the Privacy Policy rabbit
hole. (to
the original material)
- The need to change
cybersecurity for the next generation. (to
the original material)
- What is a Malware Attack?
(to
the original material)
- Former Uber CSO convicted
for concealing data breach, theft from the authorities. (to
the original material)
- Fine-tuning Germany’s
cybersecurity strategy. (to
the original material)
- This year’s biggest cyber
threats. (to
the original material)
- Hacker steals $566
million worth of crypto from Binance Bridge. (to
the original material)
- FBI warns of
disinformation threats before 2022 midterm elections. (to
the original material)
- US govt shares top flaws
exploited by Chinese hackers since 2020. (to
the original material)
- Meta sues app dev for
stealing over 1 million WhatsApp accounts. (to
the original material)
- Linux Kernel 5.19.12 bug
could damage Intel laptop displays. (to
the original material)
- Police arrest teen for
using leaked Optus data to extort victims. (to
the original material)
- Should Public Utilities
Get Paid to Secure the Power Grid? (to
the original material)
- Health Entity Agrees to
Pay $7.9 Million to Improve Security. (to
the original material)
- Lloyd's of London Detects
Suspicious Network Activity. (to
the original material)
- BD, CISA Warn of Security
Flaw in Cancer Testing System. (to
the original material)
- Australia Police Charge
Teen With Extorting Optus Victims. (to
the original material)
- Majority of Microsoft
Teams users send business-critical documents and data on the
platform. (to
the original material)
- Microsoft shares the
latest in its crawl toward a world without passwords. (to
the original material)
- Managed detection and
response (MDR): How to get the most out of it. (to
the original material)
- Password management:
Policy and automation tactics. (to
the original material)
- When the ‘Upside Down’
becomes the new virtual reality. (to
the original material)
- Watch out, a bug in Linux
Kernel 5.19.12 can damage displays on Intel laptops. (to
the original material)
- Cisco fixed two
high-severity bugs in Communications, Networking Products. (to
the original material)
- City of Tucson Data
Breach impacted 123,500 individuals. (to
the original material)
- 19-Year-Old man arrested
for misusing leaked record from Optus Breach. (to
the original material)
- “Egypt Leaks” –
Hacktivists are Leaking Financial Data. (to
the original material)
- FBI and CISA Publish
Advisory on Malicious Cyber Activity Against Election
Infrastructure. (to
the original material)
- Android Spyware
'RatMilad' Targets Enterprise Devices in Iran. (to
the original material)
- Uber's Former Security
Chief Convicted of 2016 Data Breach Cover-Up. (to
the original material)
- RDP (Remote Desktop
Protocol) Attacks Decline 89% in Eight Months. (to
the original material)
- US Healthcare Giant
CommonSpirit Hit by Possible Ransomware. (to
the original material)
- Retailer Easylife Fined
£1.5m for Data Protection Breaches. (to
the original material)
- A National Lab Is
Promoting a "Digital Police Officer" Fantasy for Law
Enforcement and Border Control. (to
the original material)
- Court’s Decision
Upholding Disastrous Texas Social Media Law Puts The State,
Rather Than Internet Users, in Control of Everyone’s Speech
Online. (to
the original material)
- Google fixes security
issues in Chrome version 105. (to
the original material)
- How We Built One of the
Best Linux Apps in the Industry. (to
the original material)
- White House “Blueprint
for an AI Bill of Rights” – Big Boost for Privacy or More of
The Same? (to
the original material)
05.10.2022
- News
from cyber security.
- FBI and CISA Publish a
PSA (Public Service Announcement)
on Malicious Cyber Activity Against Election Infrastructure.
(to
the original material)
- Vulnerability Summary for
the Week of September 26, 2022. (to
the original material)
- ESET Threat Report T2
2022. (to
the original material)
- Make the most of
Cybersecurity Awareness Month. (to
the original material)
- NullMixer: multiple
malware in one. (to
the original material)
- Dissect: Open-source
framework for collecting, analyzing forensic data. (to
the original material)
- CISA orders federal
agencies to regularly perform IT asset discovery,
vulnerability enumeration. (to
the original material)
- 7 cybersecurity
audiobooks you should listen to this year. (to
the original material)
- Average company with data
in the cloud faces $28 million in data-breach risk. (to
the original material)
- FBI: Cyberattacks
targeting election systems unlikely to affect results. (to
the original material)
- BlackByte ransomware
abuses legit driver to disable security products. (to
the original material)
- Avast releases free
decryptor for MafiaWare666 ransomware variants. (to
the original material)
- City of Tucson discloses
data breach affecting over 123,000 people. (to
the original material)
- Hundreds of Microsoft SQL
servers backdoored with new malware. (to
the original material)
- CommonSpirit US nonprofit
health system discloses security incident. (to
the original material)
- Microsoft updates
mitigation for ProxyNotShell Exchange zero days. (to
the original material)
- New Android malware
'RatMilad' can steal your data, record audio. (to
the original material)
- NetWalker Ransomware
Affiliate Faces 20 Years in US Prison. (to
the original material)
- Ring Login Issues
Wednesday Stem From System Error, Not Hack. (to
the original material)
- Jury Finds Former Uber
CSO Joe Sullivan Guilty of Cover-Up. (to
the original material)
- Patients Affected By
Cybersecurity Event at Hospital Chain. (to
the original material)
- Why Aren't More Women in
Security Leadership Positions? (to
the original material)
- How to Deal With Endemic
Software Vulnerabilities. (to
the original material)
- Microsoft issues new
mitigation measures for Exchange zero-day vulnerabilities. (to
the original material)
- Ex-Uber chief security
officer convicted of covering up 2016 breach. (to
the original material)
- Cloud account compromise
a permanent feature of threat landscape. (to
the original material)
- Matrix patches five
vulnerabilities in its end-to-end encryption. (to
the original material)
- Threat actors use YouTube
to distribute ‘poisoned’ Tor browser installer. (to
the original material)
- Should we take comfort in
knowing that threat actors are finding ways to bypass MFA? (to
the original material)
- The average company with
data in the cloud has a $28 million breach risk. (to
the original material)
- Time to talk about
diversity: Three pleas to cybersecurity hiring managers. (to
the original material)
- Avast releases a free
decryptor for some Hades ransomware variants. (to
the original material)
- New Maggie malware
already infected over 250 Microsoft SQL servers. (to
the original material)
- Telstra Telecom discloses
data breach impacting former and current employees. (to
the original material)
- OnionPoison: malicious
Tor Browser installer served through a popular Chinese
YouTube channel. (to
the original material)
- Canadian Sentenced to 20
Years in US Prison For Ransomware Attacks. (to
the original material)
- CISA Advisory Details How
Hackers Targeted Defense Industrial Base Organization. (to
the original material)
- CISA Advisory Details How
Hackers Targeted Defense Industrial Base Organization. (to
the original material)
- Ransomware Group Bypasses
"Enormous" Range of EDR (Endpoint Detection and Response)
Tools. (to
the original material)
- Landmark US-UK Data
Access Agreement Begins. (to
the original material)
- New Initiative Aims to
Strengthen UK's Nuclear Cybersecurity Posture. (to
the original material)
- 8 Cyber Security Tips for
Teachers, Parents and Kids. (to
the original material)
- FBI: Hackers Exploit
Vulnerabilities in DeFi Platforms. (to
the original material)
- Biometric authentication:
what are the most common methods and how do they work? (to
the original material)
04.10.2022
- News
from cyber security.
- International
Cooperation: ENISA Welcomes EU Eastern Partnership
Delegation for a Study Visit to its Headquarters. (to
the original material)
- Impacket and Exfiltration
Tool Used to Steal Sensitive Information from Defense
Industrial Base Organization. (to
the original material)
- CISA Releases Five
Industrial Control Systems Advisories. (to
the original material)
- Incident responders
increasingly seek out mental health assistance. (to
the original material)
- Hackers stole data from
US defense org using Impacket, CovalentStealer. (to
the original material)
- Netwalker ransomware
affiliate sentenced to 20 years in prison. (to
the original material)
- Hackers are breaching
scam sites to hijack crypto transactions. (to
the original material)
- Optus confirms 2.1
million ID numbers exposed in data breach. (to
the original material)
- Cheerscrypt ransomware
linked to a Chinese hacking group. (to
the original material)
- FBI warns of "Pig
Butchering" cryptocurrency investment schemes. (to
the original material)
- Developer account body
snatchers pose risks to the software supply chain. (to
the original material)
- New research: The risky
behaviors exposing Australian organizations to cyberattacks.
(to
the original material)
- Microsoft Exchange Server
vulnerabilities: CVE-2022-41040 and CVE-2022-41082. (to
the original material)
- Attacks against software
supply chain will increase. (to
the original material)
- How to Secure &
Harden Your Joomla! Website in 12 Steps. (to
the original material)
- Vulnerable updates in
Cisco enterprise software. (to
the original material)
- Another Telco Breach
Rocks Australia. (to
the original material)
- Scammers Get Scammed,
Crypto Worth Thousands Stolen. (to
the original material)
- More Action Needed on
Telehealth Privacy, Security Risks. (to
the original material)
- Capital One Hacker Paige
Thompson Sentenced to Time Served. (to
the original material)
- Three ways to build a
cybersecurity mesh using APIs. (to
the original material)
- A flaw in the Packagist
PHP repository could have allowed supply chain attacks. (to
the original material)
- Lazarus APT employed an
exploit in a Dell firmware driver in recent attacks. (to
the original material)
- Linux Cheerscrypt
ransomware is linked to Chinese DEV-0401 APT group. (to
the original material)
- Microsoft mitigations for
recently disclosed Exchange zero-days can be easily
bypassed. (to
the original material)
- CISA Directive Improves
Asset Visibility, Vulnerability Detection on Federal
Networks. (to
the original material)
- Optus Confirms Hack
Exposed Data of Nearly 2.1 Million Australians. (to
the original material)
- Malicious Tor Browser
Installers Spread Via Darknet Video on YouTube. (to
the original material)
- Bug Exploitation Now Top
Ransomware Access Vector. (to
the original material)
- Russian Hackers Take Aim
at Kremlin Targets: Report. (to
the original material)
- Kardashian Charged by SEC
After Crypto Post. (to
the original material)
- Snowflake Makes It Easy
For Anyone to Fight Censorship. (to
the original material)
- New Federal and State
Court Rulings Show Courts are Divided on the Scope of Cell
Phone Searches Post-Riley. (to
the original material)
03.10.2022
- News
from cyber security.
- CISA Issues Binding
Operational Directive 23-01: Improving Asset Visibility and
Vulnerability Detection on Federal Networks. (to
the original material)
- Microsoft Exchange
vulnerable to server-side request forgery and remote code
execution. (to
the original material)
- MS Exchange zero-days:
The calm before the storm? (to
the original material)
- Researchers outline the
Lazarus APT offensive toolset. (to
the original material)
- How to start and grow a
cybersecurity consultancy. (to
the original material)
- Many IT pros don’t think
a ransomware attack can impact Microsoft 365 data. (to
the original material)
- Infosec products of the
month: September 2022. (to
the original material)
- Fake Microsoft Exchange
ProxyNotShell exploits for sale on GitHub. (to
the original material)
- Russian retail chain
'DNS' confirms hack after data leaked online. (to
the original material)
- Live support service
hacked to spread malware in supply chain attack. (to
the original material)
- Web browser app mode can
be abused to make desktop phishing pages. (to
the original material)
- Microsoft Exchange server
zero-day mitigation can be bypassed. (to
the original material)
- Researcher Spotlight:
Globetrotting with Yuri Kramarz. (to
the original material)
- Has your Instagram
account been compromised? What does this entail and how can
you recover it? (to
the original material)
- 8 questions to ask
yourself before getting a home security camera. (to
the original material)
- Hacker Steals $29M From
Transit Finance, Returns $19M. (to
the original material)
- US Regulators Identify
Cybersecurity Risks in Crypto Trading. (to
the original material)
- Evolving IAM Challenges
in Healthcare and Other Sectors. (to
the original material)
- Shangri-La Hotels Hit by
Data Breach Incident. (to
the original material)
- Tim Eades of vArmour on
Expanding From Banking to Government. (to
the original material)
- Digital Identity Bill
Passes Key Senate Milestone. (to
the original material)
- Passwords Are Unfit - So
Why Do We Still Have Them? (to
the original material)
- Why Is Akamai an
Appealing M&A Target for Private Equity? (to
the original material)
- 2U’s Andres Andreu: Make
the human relation possible through security. (to
the original material)
- The people problem (and
solution): Challenging cybersecurity awareness assumptions.
(to
the original material)
- How to close the
cybersecurity talent gap. (to
the original material)
- Cheat sheet: The ‘new’
OWASP Top 10. (to
the original material)
- 8 Tips to perfect your
application security game. (to
the original material)
- Security leaders should
replace the assumption of a breach with a different
approach. (to
the original material)
- The federal government
has been busy on supply chain guidance, so everyone take a
deep breath. (to
the original material)
- Trojanized Comm100 Live
Chat app installer distributed a JavaScript backdoor. (to
the original material)
- RansomEXX gang claims to
have hacked Ferrari and leaked online internal documents. (to
the original material)
- Finnish intelligence
warns of Russia’s cyberespionage activities. (to
the original material)
- Reflected XSS bugs in
Canon Medical ’s Vitrea View could expose patient info. (to
the original material)
- Ex-NSA Employee Charged
For Trying to Sell US Secrets. (to
the original material)
- Phishing Campaigns Target
KFC, McDonald's in Saudi Arabia, UAE, Singapore. (to
the original material)
- Lazarus Group Exploits
Dell Driver Vulnerability to Bypass Windows Security. (to
the original material)
- ICO Fines Four
"Predatory" Privacy-Invading Firms. (to
the original material)
- LA Unified School
District: Hackers Have Posted Stolen Data Online. (to
the original material)
- Healthcare Company Owners
Get Jail Time for $7m Fraud Scheme. (to
the original material)
02.10.2022
- News
from cyber security.
- Week in review: MS
Exchange zero-days exploited, AD attack paths, developing
secure APIs. (to
the original material)
- Ransomware gang leaks
data stolen from LAUSD school system. (to
the original material)
- Russians dodging
mobilization behind flourishing scam market. (to
the original material)
- BlackCat ransomware gang
claims to have hacked US defense contractor NJVC. (to
the original material)
- Security Affairs
newsletter Round 386. (to
the original material)
- German police identified
a gang that stole €4 million via phishing attacks. (to
the original material)
01.10.2022
- News
from cyber security.
- Microsoft to let Office
365 users report Teams phishing messages. (to
the original material)
- Lazarus hackers abuse
Dell driver bug using new FudModule rootkit. (to
the original material)
- Pentagon Bug Bounty
Program Uncovers 350 Vulnerabilities. (to
the original material)
- CISA adds Atlassian
Bitbucket Server flaw to its Known Exploited Vulnerabilities
Catalog. (to
the original material)
- Guacamaya hacktivists
stole sensitive data from Mexico and Latin American
countries. (to
the original material)
- Luxury hotel chain
Shangri-La suffered a security breach. (to
the original material)
- California Leads on
Reproductive and Trans Health Data Privacy. (to
the original material)
Archive:
Click here to access CMS (Content Management System) in Joomla.
Source:
Note Dorin M.
This site has a double
form, one in HTML and one in Joomla (if you are interested
in the utility behind this effort you can read the "Why
a HTML and a CMS (Joomla)" page).
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
Dorin M - October 31,
2022