Study - Technical
- LMS-SFC (EN) - Cyber
Security - News archive
September 2022
Cyber Security - News Archive
September 2022
30.09.2022
- News
from cyber security.
- European Cybersecurity
Month 2022: Ten Years of Raising Cyber Awareness Throughout
Europe. (to
the original material)
- Press release: October is
the European Cyber Security Month, European awareness
campaign in its tenth edition. (to
th original material)
- Drupal Releases Security
Update. (to
the original material)
- Microsoft Releases
Guidance on Zero-Day Vulnerabilities in Microsoft Exchange
Server. (to
the original material)
- Cisco Releases Security
Updates for Multiple Products. (to
the original material)
- Mozilla Releases Security
Update for Thunderbird. (to
the original material)
- Hurricane-Related Scams.
(to
the original material)
- CISA Adds Three Known
Exploited Vulnerabilities to Catalog. (to
the original material)
- Attackers use novel
technique, malware to compromise hypervisors and virtual
machines. (to
the original material)
- Two Microsoft Exchange
zero-days exploited by attackers (CVE-2022-41040,
CVE-2022-41082). (to
the original material)
- New infosec products of
the week: September 30, 2022. (to
the original material)
- Top issues driving
cybersecurity: Growing number of cybercriminals, variety of
attacks. (to
the original material)
- Are you inundated by a
never-ending stream of cyberattacks? (to
the original material)
- CISA: Hackers exploit
critical Bitbucket Server flaw in attacks. (to
the original material)
- Fake US govt job offers
push Cobalt Strike in phishing attacks. (to
the original material)
- Optus breach victims will
get "supercharged" fraud protection. (to
the original material)
- Germany arrests hacker
for stealing €4 million via phishing attacks. (to
the original material)
- Microsoft confirms new
Exchange zero-days are used in attacks. (to
the original material)
- North Korean Trojanizing
Open Source Software. (to
the original material)
- DOJ: Army Doc, Wife
Sought to Leak Health Records to Russia. (to
the original material)
- Orca Security's Avi Shua
on Making Cloud Safe for Government. (to
the original material)
- ISMG Editors: Will Others
Follow US Lead to Legislate SBOMs (Software
Bill of Materials)? (to
the original material)
- Possible Chinese Hackers
Exploit Microsoft Exchange 0-Days. (to
the original material)
- Security teams lack the
skills to manage cloud environments, most IT pros say. (to
the original material)
- Future-proofing a network
takes some courageous action – today. (to
the original material)
- Witchetty APT used
steganography in attacks against Middle East entities. (to
the original material)
- US DoD announced the
results of the Hack US bug bounty challenge. (to
the original material)
- Microsoft confirms
Exchange zero-day flaws actively exploited in the wild. (to
the original material)
- Unpatched Microsoft
Exchange Zero-Day actively exploited in the wild. (to
the original material)
- Experts uncovered novel
Malware persistence within VMware ESXi Hypervisors. (to
the original material)
- Threat Advisory:
Microsoft warns of actively exploited vulnerabilities in
Exchange Server. (to
the original material)
- Threat Roundup for
September 23 to September 30. (to
the original material)
- ESET Research into new
attacks by Lazarus – Week in security with Tony Anscombe. (to
the original material)
- Amazon‑themed campaigns
of Lazarus in the Netherlands and Belgium. (to
the original material)
- The dangers of
15-year-old vulnerabilities. (to
the original material)
29.09.2022
- News
from cyber security.
- The National Cyber
Security Directorate (DNSC) is participating in the EU-UA
Cyber Dialogue 2022. (to
the original material)
- Cybersecurity news of the
week (29.09.2022). (to
the original material)
- VMWare Releases Guidance
for VirtualPITA, VirtualPIE, and VirtualGATE Malware
Targeting vSphere. (to
the original material)
- CISA Releases Six
Industrial Control Systems Advisories. (to
the original material)
- CISA Publishes User Guide
to Prepare for Nov. 1 Move to TLP 2.0. (to
the original material)
- Office exploits continue
to spread more than any other category of malware. (to
the original material)
- 65% of companies are
considering adopting VPN alternatives. (to
the original material)
- SpyCast: Cross-platform
mDNS enumeration tool. (to
the original material)
- Data security trends: 7
statistics you need to know. (to
the original material)
- New Microsoft Exchange
zero-days actively exploited in attacks. (to
the original material)
- Hacking group hides
backdoor malware inside Windows logo image. (to
the original material)
- Fired admin cripples
former employer's network using old credentials. (to
the original material)
- Matrix: Install security
update to fix end-to-end encryption flaws. (to
the original material)
- Microsoft: Lazarus
hackers are weaponizing open-source software. (to
the original material)
- Brave browser to start
blocking annoying cookie consent banners. (to
the original material)
- New Royal Ransomware
emerges in multi-million dollar attacks. (to
the original material)
- New malware backdoors
VMware ESXi servers to hijack virtual machines. (to
the original material)
- Upgraded Prilex
Point-of-Sale malware bypasses credit card security. (to
the original material)
- VA Center's IT Legacy
Flaws Common at Other Health Entities. (to
the original material)
- Malware Shifting to
Virtual Environments, Warns Mandiant. (to
the original material)
- Hybrid Cloud Security:
The New Mission-Critical. (to
the original material)
- Tom Kellermann's New
Mission: Secure the Code. (to
the original material)
- Cyberwar: Assessing the
Geopolitical Playing Field. (to
the original material)
- Examining What Went Wrong
for Optus. (to
the original material)
- The Troublemaker CISO:
How Much Profit Equals One Life? (to
the original material)
- New Microsoft Exchange
zero-day actively exploited, security firm says. (to
the original material)
- Even with bot management,
organizations lose 6% a year via account fraud. (to
the original material)
- Enterprise data in hybrid
and multi-cloud environments: Specific challenges/defenses.
(to
the original material)
- The rise of the dark web
corporation. (to
the original material)
- Hacker groups support
protestors in Iran using Telegram, Signal and Darkweb. (to
the original material)
- A cracked copy of Brute
Ratel post-exploitation tool leaked on hacking forums. (to
the original material)
- Go-based Chaos malware is
rapidly growing targeting Windows, Linux and more. (to
the original material)
- Threat Source newsletter
(Sept. 29, 2022) - Personal health apps are currently under
a spotlight, but their warning signs have always been there.
(to
the original material)
- New tool simplifies
ransomware protection planning. (to
the original material)
- WordPress Vulnerability
& Patch Roundup September 2022. (to
the original material)
28.09.2022
- News
from cyber security.
- Hacker Groups take to
Telegram, Signal and Darkweb to assist Protestors in Iran. (to
the original material)
- Multi-platform Chaos
malware threatens to live up to its name. (to
the original material)
- The holy trifecta for
developing a secure API. (to
the original material)
- Businesses find remote
work security risks less daunting than before. (to
the original material)
- Hackers now sharing
cracked Brute Ratel post-exploitation kit online. (to
the original material)
- Hacker shares how they
allegedly breached Fast Company’s site. (to
the original material)
- IRS warns Americans of
massive rise in SMS phishing attacks. (to
the original material)
- Auth0 warns that some
source code repos may have been stolen. (to
the original material)
- Google to test disabling
Chrome Manifest V2 extensions in June 2023. (to
the original material)
- Stealthy hackers target
military and weapons contractors in recent attack. (to
the original material)
- New Chaos malware infects
Windows, Linux devices for DDoS attacks. (to
the original material)
- Ethernet VLAN Stacking
flaws let hackers launch DoS, MiTM attacks. (to
the original material)
- Cryptominers hijack $53
worth of system resources to earn $1. (to
the original material)
- Leaked LockBit 3.0
builder used by ‘Bl00dy’ ransomware gang in attacks. (to
the original material)
- US Government to Study
Cyber Insurance Backstop. (to
the original material)
- Microsoft 365 Email Hack
Led to American Airlines Breach. (to
the original material)
- WhatsApp Patches 2 Flaws
Affecting Apple and Android Users. (to
the original material)
- Groups Urge HHS to Extend
'Information Blocking' Deadline. (to
the original material)
- Jamf Buys ZecOps to
Detect Advanced Hacks on Mobile Devices. (to
the original material)
- Most organizations had a
cloud-related security incident in the last year. (to
the original material)
- How to move proactively
through the security maturity journey. (to
the original material)
- Threat actors use Quantum
Builder to deliver Agent Tesla malware. (to
the original material)
- Online Disinformation:
Under the hood of a Doppelgänger. (to
the original material)
- APT28 relies on
PowerPoint Mouseover to deliver Graphite malware. (to
the original material)
- Bl00dy ransomware gang
started using leaked LockBit 3.0 builder in attacks. (to
the original material)
- NUVOLA: the new Cloud
Security tool. (to
the original material)
- Meta dismantled the
largest Russian network since the war in Ukraine began. (to
the original material)
- New campaign uses
government, union-themed lures to deliver Cobalt Strike
beacons. (to
the original material)
- Protecting teens from
sextortion: What parents should know. (to
the original material)
- Threat Spotlight:
In-depth look at a cryptominer attack exploiting the
Confluence bug. (to
the original material)
- Crypto, really. Part II:
non-fungible tokens. (to
the original material)
27.09.2022
- News
from cyber security.
- The National Directorate
of Cyber Security supports operators of essential services
in the Energy sector. (to
the original material)
- CISA Releases Three
Industrial Control Systems Advisories. (to
the original material)
- CISA Updates Advisory on
Threat Actors Exploiting Multiple CVEs Against Zimbra
Collaboration Suite. (to
the original material)
- Vulnerability
Summary for the Week of September 19, 2022. (to
the original material)
- MS SQL servers are
getting hacked to deliver ransomware to orgs. (to
the original material)
- The various ways
ransomware impacts your organization. (to
the original material)
- Open source projects
under attack, with enterprises as the ultimate targets. (to
the original material)
- Why zero trust should be
the foundation of your cybersecurity ecosystem. (to
the original material)
- New NullMixer dropper
infects your PC with a dozen malware families. (to
the original material)
- Lazarus hackers drop
macOS malware via Crypto.com job offers. (to
the original material)
- Meta dismantles massive
Russian network spoofing Western news sites. (to
the original material)
- Optus hacker apologizes
and allegedly deletes all stolen data. (to
the original material)
- Pass-the-Hash Attacks and
How to Prevent them in Windows Domains. (to
the original material)
- Would-Be Software Pirates
Served Malware Through 'NullMixer'. (to
the original material)
- California Restricts
Sharing Abortion Data With Other States. (to
the original material)
- FDA Authorization Bill
Drops Medical Device Cybersecurity. (to
the original material)
- Chilean Court System Hit
With Ransomware Attack. (to
the original material)
- The Rising Role of
Managed Services in the Modern SOC. (to
the original material)
- Optus Attacker Halts
AU$1.5 Million Extortion Attempt. (to
the original material)
- Microsoft offers
passwordless authentication, single sign-on for Azure AD. (to
the original material)
- OAuth used to gain
control of Exchange servers and spread spam, Microsoft says.
(to
the original material)
- SC eBook preview: Top 5
public cloud infrastructure challenges. (to
the original material)
- Why the industry needs
platforms that can integrate IT operations with the security
organization. (to
the original material)
- North Korea-linked
Lazarus continues to target job seekers with macOS malware.
(to
the original material)
- Defense firm Elbit
Systems of America discloses data breach. (to
the original material)
- WhatsApp fixed critical
and high severity vulnerabilities. (to
the original material)
- Erbium info-stealing
malware, a new option in the threat landscape. (to
the original material)
- Mandiant identifies 3
hacktivist groups working in support of Russia. (to
the original material)
- Cybersecurity Threat
Advisory: Phishing attacks targeting GitHub accounts. (to
the original material)
- New Malware Variants
Serve Bogus CloudFlare DDoS Captcha. (to
the original material)
- Might your ex-employees
still have access to corporate data? (to
the original material)
26.09.2022
- News
from cyber security.
- To encrypt or to destroy?
Ransomware affiliates plan to try the latter. (to
the original material)
- RCE in Sophos Firewall is
being exploited in the wild (CVE-2022-3236). (to
the original material)
- CI Fuzz CLI: Open-source
tool simplifies fuzz testing for C++. (to
the original material)
- Phishing attacks
skyrocketing, over 1 million observed. (to
the original material)
- How confident are IT pros
in their tech career? (to
the original material)
- New Erbium
password-stealing malware spreads as game cracks, cheats. (to
the original material)
- Hackers use PowerPoint
files for 'mouseover' malware delivery. (to
the original material)
- NVIDIA GeForce Experience
beta fixes Windows 11 22H2 gaming issues. (to
the original material)
- Adware on Google Play and
Apple Store installed 13 million times. (to
the original material)
- Ukraine warns allies of
Russian plans to escalate cyberattacks. (to
the original material)
- LockBit Publishes Stolen
Data as Hospital Rejects Extortion. (to
the original material)
- OT Security Shorted by
Nuclear Weapon Oversight Agency. (to
the original material)
- Code42's Joe Payne on Why
Source Code Theft Is So Prevalent. (to
the original material)
- Feds: Chinese Hacking
Group Undeterred by Indictment. (to
the original material)
- Assessing Growing
Cyberthreats to Africa's Financial Sector. (to
the original material)
- Onboarding IoT Devices
and Security Management. (to
the original material)
- Applying Security to
Verify the Authenticity of IoT Products. (to
the original material)
- Regulations will Demand
Security Warranties in IoT Devices. (to
the original material)
- IoT Security Regulation
and How it Drives Innovation. (to
the original material)
- Google Workspace and Zero
Trust: A Long-Term Relationship. (to
the original material)
- Modern multi-factor
authentication: A primer. (to
the original material)
- Incident Response: 10
steps for an effective program. (to
the original material)
- Evolution of DAST
(Dynamic Application Security Testing): Beyond the
foundation. (to
the original material)
- How security teams can
encourage people to act on requests. (to
the original material)
- Why core SaaS
applications are still vulnerable to attack. (to
the original material)
- Russia prepares massive
cyberattacks on the critical infrastructure of Ukraine and
its allies. (to
the original material)
- China-linked TA413 group
targets Tibetan entities with new backdoor. (to
the original material)
- Metador, a
never-before-seen APT targeted ISPs and telco for about 2
years. (to
the original material)
- Exmatter exfiltration
tool used to implement new extortion tactics. (to
the original material)
- What happens with a
hacked Instagram account – and how to recover it. (to
the original material)
- CISA to measure security
progress. (to
the original material)
25.09.2022
- News
from cyber security.
- Week in review: Revolut
data breach, ManageEngine RCE flaw, free Linux security
training courses. (to
the original material)
- Ransomware data theft
tool may show a shift in extortion tactics. (to
the original material)
- New hacking group
‘Metador’ lurking in ISP networks for months. (to
the original material)
- Optus Under $1 Million
Extortion Threat in Data Breach. (to
the original material)
- Attackers impersonate
CircleCI platform to compromise GitHub accounts. (to
the original material)
- OpIran: Anonymous
declares war on Teheran amid Mahsa Amini’s death. (to
the original material)
- Security Affairs
newsletter Round 385. (to
the original material)
24.09.2022
- News
from cyber security.
- Windows 11 now warns when
typing your password in Notepad, websites. (to
the original material)
- Microsoft SQL servers
hacked in TargetCompany ransomware attacks. (to
the original material)
- American Airlines learned
it was breached from phishing targets. (to
the original material)
- Metador Threat Group
Targets Telcos, ISPs and Universities. (to
the original material)
- ISC fixed high-severity
flaws in the BIND DNS software. (to
the original material)
- Ukraine: SSU (Security
Service of Ukraine) dismantled cyber gang that stole 30
million accounts. (to
the original material)
- London Police arrested a
teen suspected to be behind Uber, Rockstar Games breaches. (to
the original material)
23.09.2022
- News
from cyber security.
- CISA Has Added One Known
Exploited Vulnerability to Catalog. (to
the original material)
- Critical ManageEngine RCE
flaw is being exploited (CVE-2022-35405). (to
the original material)
- New infosec products of
the week: September 23, 2022. (to
the original material)
- How does identity crime
affect victims? (to
the original material)
- Risk management focus
shifts from external to internal exposure. (to
the original material)
- The Week in Ransomware -
September 23rd 2022 - LockBit leak. (to
the original material)
- UK Police arrests teen
believed to be behind Uber, Rockstar hacks. (to
the original material)
- YouTube down: Live
streams hit by worldwide outage. (to
the original material)
- Sophos warns of new
firewall RCE bug exploited in attacks. (to
the original material)
- npm packages used by
crypto exchanges compromised. (to
the original material)
- Signal calls on users to
run proxies for bypassing Iran blocks. (to
the original material)
- Ukraine dismantles hacker
gang that stole 30 million accounts. (to
the original material)
- This image shows its own
MD5 checksum - and it's kind of a big deal. (to
the original material)
- Multi-million dollar
credit card fraud operation uncovered. (to
the original material)
- HHS HC3 Warns Health
Sector of Monkeypox Phishing Schemes. (to
the original material)
- Fortinet, VMware, Cisco
Drive SD-WAN Gartner Magic Quadrant. (to
the original material)
- Sweepstakes Spam Hackers
Used Microsoft Infrastructure. (to
the original material)
- ISMG Editors: How a
Teen's Hack of Uber Adds to MFA Crisis. (to
the original material)
- Ransomware's Future: A
Continuing Money Spinner. (to
the original material)
- Australian Telco Optus
Investigates Scope of Large Breach. (to
the original material)
- Uber Ex-CSO's Trial:
Who's Responsible for Breach Reporting? (to
the original material)
- Scammers stole tens of
millions since 2019 using online credit card scheme. (to
the original material)
- Successor to ransomware
used in Colonial Pipeline attack observed using new tools. (to
the original material)
- Cloud-native app
protection platforms: Best practices. (to
the original material)
- Passwordless
Authentication: Getting Started on Your Passwordless
Journey: Part 2. (to
the original material)
- Five ways to reclaim the
security posture of machine-driven API access. (to
the original material)
- Sophos warns of a new
actively exploited flaw in Firewall product. (to
the original material)
- Anonymous claims to have
hacked the website of the Russian Ministry of Defense. (to
the original material)
- CISA adds Zoho
ManageEngine flaw to its Known Exploited Vulnerabilities
Catalog. (to
the original material)
- Surge in Magento 2
template attacks exploiting the CVE-2022-24086 flaw. (to
the original material)
- Australian Telecoms
company Optus discloses security breach. (to
the original material)
- Threat Roundup for
September 16 to September 23. (to
the original material)
- What to consider before
disposing of personal data – Week in security with Tony
Anscombe. (to
the original material)
- 5 things we learned at
Secured.22. (to
the original material)
- Trojan-stealer discovered
in spam mailouts to businesses. (to
the original material)
22.09.2022
- News
from cyber security.
- Cybersecurity news of the
week (22.09.2022). (to
the original material)
- CISA and NSA Publish
Joint Cybersecurity Advisory on Control System Defense. (to
the original material)
- ISC Releases Security
Advisories for Multiple Versions of BIND 9. (to
the original material)
- CISA Releases Three
Industrial Control Systems Advisories. (to
the original material)
- Wolfi: A Linux undistro
with security measures for the software supply chain. (to
the original material)
- Python tarfile
vulnerability affects 350,000 open-source projects
(CVE-2007-4559). (to
the original material)
- What could be the cause
of growing API security incidents? (to
the original material)
- SMBs vs. large
enterprises: Not all compromises are created equal. (to
the original material)
- CISA warns of critical
ManageEngine RCE bug used in attacks. (to
the original material)
- NSA shares guidance to
help secure OT/ICS critical infrastructure. (to
the original material)
- Microsoft: Exchange
servers hacked via OAuth apps for phishing. (to
the original material)
- Critical Magento
vulnerability targeted in new surge of attacks. (to
the original material)
- Hackers stealing GitHub
accounts using fake CircleCI notifications. (to
the original material)
- BlackCat ransomware’s
data exfiltration tool gets an upgrade. (to
the original material)
- CPR (Check Point
Research) analyzes A 7-year mobile surveillance campaign
targeting largest minority in China. (to
the original material)
- Portuguese Airliner Vows
Defiance Against Extortion Hackers. (to
the original material)
- Malwarebytes Gets $100M
Weeks After Laying Off 14% of Staff. (to
the original material)
- Capital One Moves Past
2019 Hacking Incident. (to
the original material)
- Darktrace's Nicole Eagan
on How AI Predicts, Prevents Hacks. (to
the original material)
- Iranian Hackers Accessed
Albania's Network for 14 Months. (to
the original material)
- Australian Telco Optus
Warns of 'Significant' Data Breach. (to
the original material)
- Hacks Spotlight PHI Risks
For Ambulance Cos., Vendors. (to
the original material)
- It's 2022. Do You Know
Where Your Old Hard Drives Are? (to
the original material)
- Vulnerability in Oracle
Cloud Infrastructure could have allowed unauthorized access.
(to
the original material)
- Passwordless
Authentication: Getting Started on Your Passwordless
Journey: Part 1. (to
the original material)
- Five ways security teams
can respond to the Uber breach. (to
the original material)
- AttachMe: a critical flaw
affects Oracle Cloud Infrastructure (OCI). (to
the original material)
- A 15-Year-Old Unpatched
Python bug potentially impacts over 350,000 projects. (to
the original material)
- Atlassian Confluence bug
CVE-2022-26134 exploited in cryptocurrency mining campaign.
(to
the original material)
- A disgruntled developer
is the alleged source of the leak of the Lockbit 3.0
builder. (to
the original material)
- Threat Source newsletter
(Sept. 22, 2022) — Attackers are already using student loan
relief for scams. (to
the original material)
- Insider Threats: Your
employees are being used against you. (to
the original material)
- Vulnerability Spotlight:
Vulnerabilities in popular library affect Unix-based
devices. (to
the original material)
- Hey WeLiveSecurity, how
does biometric authentication work? (to
the original material)
- Intermittent encryption:
The latest advance in the ransomware arms race. (to
the original material)
- How to Fix Google Ads
Disapproved Due to Malicious Software. (to
the original material)
- Harly: another Trojan
subscriber on Google Play. (to
the original material)
21.09.2022
- News
from cyber security.
- Developing a Strong
Cybersecurity Workforce: Introducing the European
Cybersecurity Skills Framework. (to
the original material)
- Microsoft Releases
Out-of-Band Security Update for Microsoft Endpoint
Configuration Manager. (to
the original material)
- Mozilla Releases Security
Updates for Firefox, Firefox ESR, and Thunderbird. (to
the original material)
- Iranian State Actors
Conduct Cyber Operations Against the Government of Albania.
(to
the original material)
- US to award $1B to state,
local, and territorial governments to improve cyber
resilience. (to
the original material)
- 3 free Linux security
training courses you can take right now. (to
the original material)
- The explosion of data is
beyond human ability to manage. (to
the original material)
- 20/20 visibility is
paramount to network security. (to
the original material)
- 4 key takeaways from “XDR
is the perfect solution for SMEs” webinar. (to
the original material)
- Windows 11 gets better
protection against SMB brute-force attacks. (to
the original material)
- Domain shadowing becoming
more popular among cybercriminals. (to
the original material)
- Twitter failed to log you
out of all devices after password resets. (to
the original material)
- FBI: Iranian hackers
lurked in Albania’s govt network for 14 months. (to
the original material)
- LockBit ransomware
builder leaked online by “angry developer”. (to
the original material)
- Unpatched 15-year old
Python bug allows code execution in 350k projects. (to
the original material)
- DDoS and bot attacks in
2022: Business sectors at risk and how to defend. (to
the original material)
- LinkedIn Smart Links
abused in evasive email phishing attacks. (to
the original material)
- Okta: Credential stuffing
accounts for 34% of all login attempts. (to
the original material)
- Universities Urged to
Defend Sensitive Research From Hackers. (to
the original material)
- Public Water Systems at
Cybersecurity Risk, Lawmakers Hear. (to
the original material)
- Wintermute CEO Renews
Plea for Hacker to Return Stolen Funds. (to
the original material)
- Medtronic Recalls Certain
Insulin Pumps Due to Cyber Flaw. (to
the original material)
- Online Attack Disrupts
Michigan School District for 2nd Day. (to
the original material)
- What to Do Based on 2022:
Expert Analysis of TPSRM Survey. (to
the original material)
- Morgan Stanley's Hard
Drive Destruction Investment Failure. (to
the original material)
- More companies moved to
control open-source risk over the last year. (to
the original material)
- Many companies not
confident securing across hybrid-cloud environments. (to
the original material)
- Three ways to take an
empathetic approach to an insider security incident. (to
the original material)
- 5 tips to help kids surf
the internet safely. (to
the original material)
- Our most remote customer:
The Island of Saint Helena. (to
the original material)
- Kaspersky Transparency
Initiative update, September 2022. (to
the original material)
20.09.2022
- News
from cyber security.
- Revolut data breach:
50,000+ users affected. (to
the original material)
- Uber says Lapsus$ gang is
behind the recent breach. (to
the original material)
- The 25 most popular
programming languages and trends. (to
the original material)
- Open-source software
usage slowing down for fear of vulnerabilities, exposures,
or risks. (to
the original material)
- How can organizations
benefit from full-stack observability? (to
the original material)
- Imperva mitigated
long-lasting, 25.3 billion request DDoS attack. (to
the original material)
- 2K Games says hacked help
desk targeted players with malware. (to
the original material)
- Windows 11 22H2 adds
kernel exploit protection to security baseline. (to
the original material)
- Hive ransomware claims
attack on New York Racing Association. (to
the original material)
- 2K game support hacked to
email RedLine info-stealing malware. (to
the original material)
- Hackers steal $162
million from Wintermute crypto market maker. (to
the original material)
- Top 8 takeaways from the
VMWare Cybersecurity Threat Report. (to
the original material)
- Microsoft Defender for
Endpoint will turn on tamper protection by default. (to
the original material)
- MFA Fatigue: Hackers’ new
favorite tactic in high-profile breaches. (to
the original material)
- Digital Bank Revolut
Confirms Customer Data Breach. (to
the original material)
- The Growing Number of Use
Cases for Verifiable Credentials. (to
the original material)
- HHS Slaps 3 Dental
Practices With 'Right of Access' Fines. (to
the original material)
- Hacker Plunders $160M
From Crypto Market Maker Wintermute. (to
the original material)
- Uber Says Lapsus$ Hacker
Breached Its Internal Systems. (to
the original material)
- Proof of Concept: What
CISOs Can Learn From Twitter and Uber. (to
the original material)
- Palo Alto Networks adds
software composition analysis to Prisma Cloud. (to
the original material)
- American Airlines informs
customers of compromise of employee emails. (to
the original material)
- Median cost of a
cyberattack increased by 80% for US businesses. (to
the original material)
- Cloud security compliance
checklist. (to
the original material)
- Three ways companies can
sharpen up their email security. (to
the original material)
- Our current world, health
care apps and your personal data. (to
the original material)
- A Guide to Virtual
Patching for Website Vulnerabilities. (to
the original material)
19.09.2022
- News
from cyber security.
- Hurrah for Denmark, Top
Winner of the 2022 European Cybersecurity Challenge. (to
the original material)
- CISA Releases Eight
industrial Control Systems Advisories. (to
the original material)
- Vulnerability Summary for
the Week of September 12, 2022. (to
the original material)
- GTA 6 in-development
footage leaked. (to
the original material)
- High severity
vulnerabilities found in Harbor open-source artifact
registry. (to
the original material)
- Crypto giveaway scams
continue to escalate. (to
the original material)
- What do SOC analysts need
to be successful? (to
the original material)
- Most critical security
gaps in the public cloud. (to
the original material)
- American Airlines
discloses data breach after employee email compromise. (to
the original material)
- Microsoft 365 phishing
attacks impersonate U.S. govt agencies. (to
the original material)
- Russian Sandworm hackers
pose as Ukrainian telcos to drop malware. (to
the original material)
- Uber links breach to
Lapsus$ group, blames contractor for hack. (to
the original material)
- VMware, Microsoft warn of
widespread Chromeloader malware attacks. (to
the original material)
- Revolut hack exposes data
of 50,000 users, fuels new phishing wave. (to
the original material)
- How botnet attacks work
and how to defend against them. (to
the original material)
- Prevention-first MDR
(Managed Detection and Response)/ MPR – Elevating Managed
Detection and Response to the Next Level. (to
the original material)
- FBI Warns Healthcare
Sector of Surge in Payment Scams. (to
the original material)
- Harassment Site Kiwi
Farms Breached. (to
the original material)
- API Security in Federal
Government. (to
the original material)
- What is SASE? (to
the original material)
- Extended detection and
response (XDR): Metrics to consider. (to
the original material)
- A cloud isn’t smart
unless it’s secure. (to
the original material)
- Third-party cookies: how
they work and how to prevent them from tracking your web
activity. (to
the original material)
- Report calls out ad
network malware complicity. (to
the original material)
18.09.2022
- News
from cyber security.
- Week in review: Uber
hacked, QNAP NAS devices under attack, 5 Kali Linux books to
read this year. (to
the original material)
- GTA 6 source code and
videos leaked after Rockstar Games hack. (to
the original material)
- TeamTNT hijacking servers
to run Bitcoin encryption solvers. (to
the original material)
- Ransomware-as-a-Service
Gang LockBit Pays First $50K Bounty. (to
the original material)
17.09.2022
- News
from cyber security.
- CISA adds Stuxnet bug to
its Known Exploited Vulnerabilities Catalog. (to
the original material)
- Google, Microsoft can get
your passwords via web browser's spellcheck. (to
the original material)
- Emotet botnet now pushes
Quantum and BlackCat ransomware. (to
the original material)
- New York ambulance
service discloses data breach after ransomware attack. (to
the original material)
- Hacker Accessed LastPass
Internal System for 4 Days. (to
the original material)
16.09.2022
- News
from cyber security.
- Press release in the
context of the war between Ukraine and the Russian
Federation (16.09.2022). (to
the original material)
- Uber hacked, attacker
tears through the company’s systems. (to
the original material)
- New infosec products of
the week: September 16, 2022. (to
the original material)
- Why shift left is
burdening your dev teams. (to
the original material)
- How to improve public
sector’s security strategy? (to
the original material)
- How serious are
organizations about their data sovereignty strategies? (to
the original material)
- Most organizations
consolidate to improve risk posture. (to
the original material)
- The Week in Ransomware -
September 16th 2022 - Iranian Sanctions. (to
the original material)
- LastPass says hackers had
internal access for four days. (to
the original material)
- CISA orders agencies to
patch vulnerability used in Stuxnet attacks. (to
the original material)
- Hacker sells stolen
Starbucks data of 219,000 Singapore customers. (to
the original material)
- Bitdefender releases free
decryptor for LockerGoga ransomware. (to
the original material)
- Fake cryptocurrency
giveaway sites have tripled this year. (to
the original material)
- Uber hacked, internal
systems breached and vulnerability reports stolen. (to
the original material)
- IT and OT: A Tale of Two
Technologies Under Fire. (to
the original material)
- How the FTC Is Sharpening
Its Health Data Privacy Focus. (to
the original material)
- LockerGoga Victims Get
Free Decryptor; Police Recovered Keys. (to
the original material)
- Check Point CEO Gil Shwed
on Why Prevention Beats Detection. (to
the original material)
- Biden Administration Vows
Crackdown on Illicit Crypto. (to
the original material)
- ISMG Editors: Ransomware
Gangs Are Using Partial Encryption. (to
the original material)
- Uber Probes Breach After
Hacker Boasts About Intrusion. (to
the original material)
- The Ransomware Files,
Episode 11: The Adult Boutique. (to
the original material)
- Texas hospital confirms
patient data theft amid network outage from ransomware
attack. (to
the original material)
- Uber confirms hack in the
latest access and identity nightmare for corporate America.
(to
the original material)
- Bitdefender releases
Universal LockerGoga ransomware decryptor. (to
the original material)
- North Korea-linked APT
spreads tainted versions of PuTTY via WhatsApp. (to
the original material)
- Uber hacked, internal
systems and confidential documents were allegedly
compromised. (to
the original material)
- US companies advised to
consult CISA guidance after largest-ever DDoS attack in
Europe. (to
the original material)
- Large cloud service
providers saw a decrease in high-level risk exposure. (to
the original material)
- Four cloud security
lessons from the Wegmans data breach. (to
the original material)
- Threat Roundup for
September 9 to September 16. (to
the original material)
- Can your iPhone be
hacked? What to know about iOS security. (to
the original material)
- Rising to the challenges
of secure coding – Week in security with Tony Anscombe. (to
the original material)
- Below the Surface:
Overcoming industrial security challenges. (to
the original material)
15.09.2022
- News
from cyber security.
- Cybersecurity news of the
week (15.09.2022). (to
the original material)
- CISA Releases Eleven
Industrial Control Systems Advisories. (to
the original material)
- CISA Adds Six Known
Exploited Vulnerabilities to Catalog. (to
the original material)
- CISA and NSA Publish Open
Radio Access Network Security Considerations. (to
the original material)
- US government software
suppliers must attest their solutions are secure. (to
the original material)
- Linux variant of the
SideWalk backdoor discovered. (to
the original material)
- Q-Day doesn’t equal
doomsday: Enacting an enterprise quantum security strategy.
(to
the original material)
- SMBs are hardest-hit by
ransomware. (to
the original material)
- Backlogs larger than
100K+ vulnerabilities but too time-consuming to address. (to
the original material)
- Hackers trojanize PuTTY
SSH client to backdoor media company. (to
the original material)
- Hive ransomware claims
cyberattack on Bell Canada subsidiary. (to
the original material)
- Akamai stopped new
record-breaking DDoS attack in Europe. (to
the original material)
- Microsoft Edge’s News
Feed ads abused for tech support scams. (to
the original material)
- New malware bundle
self-spreads through YouTube gaming videos. (to
the original material)
- Zoom outage left users
unable to sign in or join meetings. (to
the original material)
- Russian hackers use new
info stealer malware against Ukrainian orgs. (to
the original material)
- Webworm hackers modify
old malware in new attacks to evade attribution. (to
the original material)
- FBI: Hackers steal
millions from healthcare payment processors. (to
the original material)
- CISA Plans Grants,
Info-Sharing for Small OT Security Shops. (to
the original material)
- Senators Seek HIPAA
Changes to Protect Reproductive Info. (to
the original material)
- Texas Hospital Still
Struggling Through Ransomware Attack. (to
the original material)
- Pentagon Backs Call for
Internet Routing Security Fixes. (to
the original material)
- EO (Executive Order)
Stresses Cybersec, Data Protection in Foreign Deal Review. (to
the original material)
- Chinese State Hackers
Unleash Linux Backdoor. (to
the original material)
- Sound Off: How Is SoftPOS
Changing the Payments Landscape? (to
the original material)
- OWASP Top 10: A
Real-World Retrospective. (to
the original material)
- Analyzing Twitter's
Security Nightmare. (to
the original material)
- Vulnerability allows
access to credentials in Microsoft Teams. (to
the original material)
- Policymakers eye
incentives to fund better OT cybersecurity. (to
the original material)
- FBI: Active cyberattacks
on healthcare payment processors ‘cost victims millions in
losses’. (to
the original material)
- Financial executives say
fraud more pervasive than previously thought. (to
the original material)
- Senators want HHS to
bolster privacy protections after abortion ruling. (to
the original material)
- Akamai mitigated a new
record-breaking DDoS attack against a Europe customer. (to
the original material)
- Experts warn of
self-spreading malware targeting gamers looking for cheats
on YouTube. (to
the original material)
- Russia-linked Gamaredon
APT target Ukraine with a new info-stealer. (to
the original material)
- FBI: Millions in Losses
resulted from attacks against Healthcare payment processors.
(to
the original material)
- Crooks are using lures
related to Her Majesty Queen Elizabeth II in phishing
attacks. (to
the original material)
- The mobile malware
landscape in 2022 – Of Spyware, Zero-Click attacks, Smishing
and Store Security. (to
the original material)
- Apple fixes
vulnerabilities in iOS devices and Mac computers. (to
the original material)
- Nearly a third of
security teams lack a management platform for IT secrets. (to
the original material)
- Decentralized identity:
What it is, why it matters. (to
the original material)
- Telltale signs of a
network compromise: A step-by-step analysis. (to
the original material)
- How to transform the
security model for continuous improvement and better
outcomes. (to
the original material)
- Threat Source newsletter
(Sept. 15, 2022) — Teachers have to be IT admins now, too. (to
the original material)
- Gamaredon APT targets
Ukrainian government agencies in new campaign. (to
the original material)
- Third‑party cookies: How
they work and how to stop them from tracking you across the
web. (to
the original material)
- SparklingGoblin deploys
new Linux backdoor – Week in security, special edition. (to
the original material)
- Cyber hygiene: Stacking
the odds against attackers. (to
the original material)
- Magento Supply Chain
Attack Targets Extension Developer FishPig. (to
the original material)
- Where did that game
cheats video on your YouTube channel come from? (to
the original material)
14.09.2022 - News from cyber security.
- CISA Adds Two Known
Exploited Vulnerabilities to Catalog. (to
the original material)
- Iranian Islamic
Revolutionary Guard Corps Affiliated Cyber Actors Exploiting
Vulnerabilities for Data Extortion and Disk Encryption for
Ransom Operations. (to
the original material)
- Attackers mount Magento
supply chain attack by compromising FishPig extensions. (to
the original material)
- Phishers take aim at
Facebook page owners. (to
the original material)
- Thwarting attackers in
their favorite new playground: Social media. (to
the original material)
- What’s challenging
development teams amid their race to the cloud? (to
the original material)
- CFOs’ overconfidence in
cybersecurity can cost millions. (to
the original material)
- Gay hookup site
typosquatted to push dodgy Chrome extensions, scams. (to
the original material)
- Death of Queen Elizabeth
II exploited to steal Microsoft credentials. (to
the original material)
- New Lenovo BIOS updates
fix security bugs in hundreds of models. (to
the original material)
- CISA orders agencies to
patch Windows, iOS bugs used in attacks. (to
the original material)
- US govt sanctions ten
Iranians linked to ransomware attacks. (to
the original material)
- Microsoft Teams stores
auth tokens as cleartext in Windows, Linux, Macs. (to
the original material)
- Phishing page embeds
keylogger to steal passwords as you type. (to
the original material)
- Securing your IoT devices
against cyber attacks in 5 steps. (to
the original material)
- Chinese hackers create
Linux version of the SideWalk Windows malware. (to
the original material)
- Global Open Internet
Under Chinese Threat, US Lawmakers Hear. (to
the original material)
- Microsoft Fixes Actively
Exploited Zero-Day, 63 Other Bugs. (to
the original material)
- FBI Warns of Cyberthreats
to Legacy Medical Devices. (to
the original material)
- White House Fortifies
Tech Vendor Security Requirements. (to
the original material)
- US Indicts, Sanctions 3
Iranian Nationals for Ransomware. (to
the original material)
- Securing and Optimizing
the New Model of Hybrid Working. (to
the original material)
- Apple Patches Zero-Day,
Rolls Out iOS 16. (to
the original material)
- Fraudsters aim to
capitalize on student loan forgiveness confusion. (to
the original material)
- Interest in finance
security continues as vendor receives cash infusion. (to
the original material)
- A quarter of cloud
breaches caused by unpatched vulnerabilities. (to
the original material)
- $12.25M settlement
reached in Ambry Genetics health data breach lawsuit. (to
the original material)
- Nearly all abortion
clinic webpages using third-party trackers transfer user
data. (to
the original material)
- CISA added 2 more
security flaws to its Known Exploited Vulnerabilities
Catalog. (to
the original material)
- SparklingGoblin APT adds
a new Linux variant of SideWalk implant to its arsenal. (to
the original material)
- August’s Top Malware:
Emotet Knocked off Top Spot by FormBook while GuLoader and
Joker Disrupt the Index. (to
the original material)
- PowerShell used by Iran’s
Cobalt Mirage in June ransomware attack. (to
the original material)
- Three strategies for
navigating the fragmented IoT security ecosystem. (to
the original material)
- You never walk alone: The
SideWalk backdoor gets a Linux variant. (to
the original material)
- Interest in cloud
security automation grows. (to
the original material)
- Gambling Spam in Visual
Composer Raw HTML Element: [vc_raw_html]. (to
the original material)
- Patches for 64
vulnerabilities in Microsoft products released. (to
the original material)
13.09.2022
- News
from cyber security.
- ENISA Joins International
Fair of Thessaloniki to Promote Cybersecurity Skills. (to
the original material)
- Adobe Releases Security
Updates for Multiple Products. (to
the original material)
- Microsoft Releases
September 2022 Security Updates. (to
the original material)
- CISA Releases Five
Industrial Control Systems Advisories. (to
the original material)
- Apple Releases Security
Updates for Multiple Products. (to
the original material)
- U-Haul reports data
breach, customers’ info exposed. (to
the original material)
- Microsoft fixes exploited
zero-day in the Windows CLFS Driver (CVE-2022-37969). (to
the original material)
- Apple fixes actively
exploited zero-day in macOS, iOS (CVE-2022-32917). (to
the original material)
- Modernizing data security
with a zero trust approach to data access. (to
the original material)
- 5 Kali Linux books you
should read this year. (to
the original material)
- Organizations should fear
misconfigurations more than vulnerabilities. (to
the original material)
- How prepared are
organizations to tackle ransomware attacks? (to
the original material)
- Pro-Palestinian group
GhostSec hacked Berghof PLCs (Programmable
Logic Controllers)
in Israel. (to
the original material)
- Hackers now use ‘sock
puppets’ for more realistic phishing attacks. (to
the original material)
- Zero-day in WPGateway
Wordpress plugin actively exploited in attacks. (to
the original material)
- Microsoft September 2022
Patch Tuesday fixes zero-day used in attacks, 63 flaws. (to
the original material)
- Tax fraud ring leader
jailed for selling children’s stolen identities. (to
the original material)
- Police arrest man for
laundering tens of millions in stolen crypto. (to
the original material)
- Hackers breach software
vendor for Magento supply-chain attacks. (to
the original material)
- Trend Micro warns of
actively exploited Apex One RCE vulnerability. (to
the original material)
- New PsExec spinoff lets
hackers bypass network security defenses. (to
the original material)
- Cyberspies drop new
infostealer malware on govt networks in Asia. (to
the original material)
- Strike Force: Why
Ransomware Groups Feel the Need for Speed. (to
the original material)
- Assessing the Security
Risks of Emerging Tech in Healthcare. (to
the original material)
- Feds Get 1st Guilty Plea
in Coinbase Insider Trading Case. (to
the original material)
- Ex-Twitter Security
Honcho Peiter Zatko Faces Senate Panel. (to
the original material)
- What Industry Is Most
Vulnerable to a Cyberattack? (to
the original material)
- Most organizations
looking to consolidate security vendors in 2022. (to
the original material)
- FBI: Legacy medical
devices pose risk of exploit, patient safety impacts. (to
the original material)
- Twitter whistleblower:
Lack of access, data controls invite exploitation. (to
the original material)
- Lawsuit after KeyBank
breach heralds potential changes in cyber liability. (to
the original material)
- 80% of organizations have
experienced at least one severe cloud incident in the past
year. (to
the original material)
- The real zero-trust
challenge security leaders need to solve. (to
the original material)
- Microsoft Patch Tuesday
for September 2022 - Snort rules and prominent
vulnerabilities. (to
the original material)
- Why is my Wi‑Fi slow and
how do I make it faster? (to
the original material)
- Q&A: Enhancing
security with Zero Trust Access. (to
the original material)
- Weaponizing game code to
attack a company. (to
the original material)
12.09.2022
- News
from cyber security.
- Vulnerability Summary for
the Week of September 5, 2022. (to
the original material)
- Thousands of QNAP NAS
devices hit by DeadBolt ransomware (CVE-2022-27593). (to
the original material)
- Building a successful
cybersecurity business, one client at a time. (to
the original material)
- MSPs (Managed
Service Provider)
and cybersecurity: The time for turning a blind eye is over.
(to
the original material)
- Homeworkers putting home
and business cyber-safety at risk. (to
the original material)
- Report: Benchmarking
security gaps and privileged access. (to
the original material)
- Cisco confirms Yanluowang
ransomware leaked stolen company data. (to
the original material)
- Cisco confirms that data
leaked by the Yanluowang ransomware gang were stolen from
its systems. (to
the original material)
- Some firmware bugs in HP
business devices are yet to be fixed. (to
the original material)
- Hackers steal Steam
accounts in new Browser-in-the-Browser attacks. (to
the original material)
- U-Haul discloses data
breach exposing customer driver licenses. (to
the original material)
- Apple fixes eighth
zero-day used to hack iPhones and Macs this year. (to
the original material)
- HP will pay customers for
blocking non-HP ink cartridges in EU. (to
the original material)
- Lorenz ransomware
breaches corporate network via phone systems. (to
the original material)
- VMware: 70% drop in Linux
ESXi VM performance with Retbleed fixes. (to
the original material)
- Five ways your data may
be at risk - and what to do about it. (to
the original material)
- Tesla Hack Could Allow
Car Theft, Security Researchers Warn. (to
the original material)
- California Prison System
Says 236,000 Affected by Hack. (to
the original material)
- Albania Recovers From
Second Iranian Cyberattack. (to
the original material)
- Behind Agency Doors:
Where Is Security Progress Being Made? (to
the original material)
- After RaidForums' Demise,
Breached Forum Seizes Leaks Mantle. (to
the original material)
- Texas hospital facing
communication issues, system rebuild amid ransomware attack.
(to
the original material)
- The formative moments:
Women share what kept them in cyber or drove them away. (to
the original material)
- Who owns digital health
data? HIPAA privacy myths may put women at risk. (to
the original material)
- Former HHS cyber leader,
whistleblower speaks out for the first time about
harassment. (to
the original material)
- Safe Security’s Wendy
Overton: Helping security by helping people. (to
the original material)
- Code42’s Jadee Hanson:
Addressing insider risk by breaking down barriers. (to
the origina material)
- Open Security: The next
step in the evolution of cybersecurity. (to
the original material)
- VPN vs. Zero Trust
Network Access: What’s the difference? (to
the original material)
- Apple fixed the eighth
actively exploited zero-day this year. (to
the original material)
- Google announced the
completion of the acquisition of Mandiant for $5.4 billion.
(to
the original material)
- EFF’s “Cover Your Tracks”
Will Detect Your Use of iOS 16’s Lockdown Mode. (to
the original material)
- Cisco maintains data leak
from ransomware attack poses no risk. (to
the original material)
11.09.2022
- News
from cyber security.
- Week in review: Free
online cybersec courses, Signal post-quantum upgrade, Patch
Tuesday forecast. (to
the original material)
- Firmware bugs in many HP
computer models left unfixed for over a year. (to
the original material)
- Albania was hit by a new
cyberattack and blames Iran. (to
the original material)
- Security Affairs
newsletter Round 383. (to
the original material)
- Iran-linked APT42 is
behind over 30 espionage attacks. (to
the original material)
10.09.2022
- News
from cyber security.
- Ransomware gangs
switching to new intermittent encryption tactic. (to
the original material)
- Latest Lazarus Campaign
Targets Energy Companies. (to
the original material)
- IHG (InterContinental
Hotels Group) suffered a
cyberattack that severely impacted its booking process. (to
the original material)
- China-Linked BRONZE
PRESIDENT APT targets Government officials worldwide. (to
the original material)
- Scammers live-streamed on
YouTube a fake Apple crypto event. (to
the original material)
09.09.2022
- News
from cyber security.
- ENISA Supports the
Cooperation among Sectorial Information Sharing &
Analysis Centers (ISACs). (to
the original material)
- You should know that most
websites share your in-site search queries with third
parties. (to
the original material)
- High-risk ConnectWise
Automate vulnerability fixed, admins urged to patch ASAP. (to
the original material)
- September 2022 Patch
Tuesday forecast: No sign of cooling off. (to
the original material)
- Better than a fix:
Tightening backup and restore helps financial services
companies innovate. (to
the original material)
- Most educational
institutions store sensitive data in the cloud. Is it safe?
(to
the original material)
- Organizations don’t trust
AI enough to forego human-driven decision-making. (to
the original material)
- The Week in Ransomware -
September 9th 2022 - Schools under fire. (to
the original material)
- Coinbase funds lawsuit
against Tornado Cash cryptomixer sanctions. (to
the original material)
- US sanctions Iran’s
Ministry of Intelligence over Albania cyberattack. (to
the original material)
- Vice Society claims LAUSD
ransomware attack, theft of 500GB of data. (to
the original material)
- Lampion malware returns
in phishing attacks abusing WeTransfer. (to
the original material)
- $1.3 Million Stolen From
New Free Dao in Flash Loan Attack. (to
the original material)
- US Sanctions Iranian
Spooks for Albania Cyberattack. (to
the original material)
- ISMG Editors: Kicking the
Criminals Out of Cryptocurrency. (to
the original material)
- How 8 Countries Are
Tackling Authorized Payment Fraud. (to
the original material)
- LA School District
Forewarned of Malware, Attack Risks. (to
the original material)
- Protecting Industrial
Security When Uptime Is Essential. (to
the original material)
- EvilProxy Bypasses MFA by
Capturing Session Cookies. (to
the original material)
- Who's Disrupting
Ransomware Groups' Stolen Data Leak Sites? (to
the original material)
- Law firm informs 255K of
HIPAA data incident 10 months after hack. (to
the original material)
- US sanctions Iran for
Albania cyber attack, ransomware on critical infrastructure.
(to
the original material)
- CISA puts out the call
for public feedback on new incident reporting rules. (to
the original material)
- US Treasury sanctioned
Iran ’s Ministry of Intelligence over Albania cyberattack. (to
the original material)
- $30 Million worth of
cryptocurrency stolen by Lazarus from Axie Infinity was
recovered. (to
the original material)
- Experts warn of attacks
exploiting zero-day in WordPress BackupBuddy plugin. (to
the original material)
- Iran-linked DEV-0270
group abuses BitLocker to encrypt victims’ devices. (to
the original material)
- ESET Research uncovers
new APT group Worok – Week in security with Tony Anscombe. (to
the original material)
- Bitdefender Labs warns of
fraudulent campaigns exploiting the war between Russia and
Ukraine. (to
the original material)
- Snake keylogger returns
in Malspam campaign. (to
the original material)
- Using the NIST
Cybersecurity Framework to boost your security. (to
the original material)
- Cognitive Overload: The
hidden cybersecurity threat. (to
the original material)
- GRU-backed cyberattacks:
What they are, how to defend against them. (to
the original material)
- What MITRE ATT&CK
says about the ideal NDR (Network
Detection and Response).
(to
the original material)
- U.S. Federal Employees
Can Take A Stand for Digital Freedoms. (to
the original material)
- How to take control of
your digital legacy. (to
the original material)
- Browser extensions: more
dangerous than you think. (to
the original material)
08.09.2022
- News
from cyber security.
- Cybersecurity news of the
week (09/08/2022). (to
the original material)
- CISA Releases Four
Industrial Control Systems Advisories. (to
the original material)
- Cisco Releases Security
Updates for Multiple Products. (to
the original material)
- CISA Adds Twelve Known
Exploited Vulnerabilities to Catalog . (to
the original material)
- Coding session:
Introduction to JavaScript fuzzing. (to
the original material)
- With cyber insurance
costs increasing, can smaller firms avoid getting priced
out? (to
the original material)
- Nation-state attacks are
a growing threat to video conferencing. (to
the original material)
- How to deal with with
unprecedented levels of regulatory change. (to
the original material)
- Bumblebee malware adds
post-exploitation tool for stealthy infections. (to
the original material)
- GIFShell attack creates
reverse shell using Microsoft Teams GIFs. (to
the original material)
- CISA orders agencies to
patch Chrome, D-Link flaws used in attacks. (to
the original material)
- US recovers $30 million
stolen from Axie Infinity by Lazarus hackers. (to
the original material)
- Microsoft: Iranian
hackers encrypt Windows systems using BitLocker. (to
the original material)
- Over 80% of the top
websites leak user searches to advertisers. (to
the original material)
- Classified NATO documents
stolen from Portugal, now sold on darkweb. (to
the original material)
- North Korean Lazarus
hackers take aim at U.S. energy providers. (to
the original material)
- Thief Steals $370,000 in
Avalanche-Linked Flash Loan Attack. (to
the original material)
- North Korea Avoids
Tornado Cash After US Imposes Sanctions. (to
the original material)
- US Law Enforcement
Shutters Carder Marketplace. (to
the original material)
- Coinbase Bankrolls
Lawsuit Fighting Tornado Cash Sanctions. (to
the original material)
- Former Members of Conti
Are Targeting Ukraine, Google Says. (to
the original material)
- Law Firm Says Year-Old
Hack Affected PHI (Protected
Health Information) of
255,000 People. (to
the original material)
- Security pros say the
cloud has increased the number of identities at their
organizations. (to
the original material)
- Feds in search of better
data as they look to replenish cyber workforce. (to
the original material)
- Effective access controls
key to employing zero trust in healthcare. (to
the original material)
- CISA adds 12 new flaws to
its Known Exploited Vulnerabilities Catalog. (to
the original material)
- Classified NATO documents
sold on darkweb after they were stolen from Portugal. (to
the original material)
- North Korea-linked
Lazarus APT targets energy providers around the world. (to
the original material)
- Cisco will not fix the
authentication bypass flaw in EoL routers. (to
the original material)
- Ex-members of the Conti
ransomware gang target Ukraine. (to
the original material)
- Albania interrupted
diplomatic ties with Iran over the mid-July attack. (to
the original material)
- Threat Source newsletter
(Sept. 8, 2022) - Why there is no one-stop-shop solution for
protecting passwords. (to
the original material)
- Lazarus and the tale of
three RATs. (to
the original material)
- Talos EMEA Monthly Threat
Update: How do you know if cyber insurance is right for you?
(to
the original material)
- Toys behaving badly: How
parents can protect their family from IoT threats. (to
the original material)
- Why we’re looking forward
to Secured.22. (to
the original material)
- Email Security Best
Practices: Q&A with VP Mike Flouton. (to
the original material)
- What Is Clickjacking and
How Do I Prevent It? (to
the original material)
- Why healthcare offers a
proving ground for tomorrow’s security leaders. (to
the original material)
- Secure coding: Helping
developers in the right places. (to
the original material)
- EFF to California
Governor: Protect Abortion Data Privacy. (to
the original material)
- Weaponized cybercrime:
What organizations can learn from the conflict in Ukraine. (to
the original material)
07.09.2022
- News
from cyber security.
- Most IT leaders think
partners, customers make their business a ransomware target.
(to
the original material)
- Researchers publish
post-quantum upgrade to the Signal protocol. (to
the original material)
- There is no secure
critical infrastructure without identity-based access. (to
the original material)
- 7 free online
cybersecurity courses you can take right now. (to
the original material)
- eBook: 4 cybersecurity
trends to watch in 2022. (to
the original material)
- HP fixes severe bug in
pre-installed Support Assistant tool. (to
the original material)
- Cisco won’t fix
authentication bypass zero-day in EoL routers. (to
the original material)
- Ukraine dismantles more
bot farms spreading Russian disinformation. (to
the original material)
- 200,000 North Face
accounts hacked in credential stuffing attack. (to
the original material)
- New Iranian hacking group
APT42 deploys custom Android spyware. (to
the original material)
- Are Default Passwords
Hiding in Your Active Directory? Here's how to check. (to
the original material)
- Ransomware gang's Cobalt
Strike servers DDoSed with anti-Russia messages. (to
the original material)
- Albania blames Iran for
July cyberattack, severs diplomatic ties. (to
the original material)
- Google says former Conti
ransomware members now attack Ukraine. (to
the original material)
- Albania Cuts Diplomatic
Ties With Iran After Cyberattack. (to
the original material)
- Increasing Your Cyber
Maturity Level on a Limited Budget. (to
the original material)
- Urology Center Breach
Lawsuit Settlement Returning to Court. (to
the original material)
- Online Attack Disrupts
InterContinental Hotels Group. (to
the original material)
- Proof of Concept: Key
Steps for Improving OT Security. (to
the original material)
- New Survey Shows 6 Ways
to Secure OT Systems. (to
the original material)
- Iranian Threat Group
Befriends Victims. (to
the original material)
- LA School District
Accounts Appear on Dark Web Before Attack. (to
the original material)
- Cobalt Strike servers
linked to former Conti gang members attacked. (to
the original material)
- How financial
institutions can mitigate business email compromise risks. (to
the original material)
- Experts spotted a new
stealthy Linux malware dubbed Shikitega. (to
the original material)
- Challenges of User
Authentication: What You Need to Know. (to
the original material)
- Zyxel addressed a
critical RCE flaw in its NAS devices. (to
the original material)
- Moobot botnet is back and
targets vulnerable D-Link routers. (to
the original material)
- Multiple ransomware data
leak sites experience DDoS attacks, facing intermittent
outages and connectivity issues. (to
the original material)
- MagicRAT: Lazarus’ latest
gateway into victim networks. (to
the original material)
- TikShock: Don't Fall For
These 5 Types Of TikTok Scams. (to
the original material)
- RDP on the radar: An
up‑close view of evolving remote access threats. (to
the original material)
- Do you have an older
iPhone? Install this security patch now! (to
the original material)
- Identity theft and
identity fraud: What they are and how to fight back. (to
the original material)
- Mental Malware and the
rise of disinformation. (to
the original material)
- 2022 Cyber Workforce
Benchmark points to slow vulnerability remediation,
chaotic decision making. (to
the original material)
- VICTORY: Slack Offers
Retention Settings to Free Workspaces. (to
the original material)
- FTC Sues Location Data
Broker. (to
the original material)
- EFF to Ninth Circuit:
Social Media Content Moderation is Not "State Action". (to
the original material)
- A Zoom vulnerability, and
the war between the hackers and the developers. (to
the original material)
06.09.2022
- News
from cyber security.
- European Cybersecurity
Challenge 2022: Final Countdown Before Kick-off in Vienna. (to
the original material)
- CISA Releases Five
Industrial Control Systems Advisories. (to
the original material)
- #StopRansomware: Vice
Society. (to
the original material)
- Vulnerability Summary for
the Week of August 29, 2022. (to
the original material)
- Go-Ahead cyberattack
might derail UK public transport services. (to
the original material)
- DeadBolt is hitting QNAP
NAS devices via zero-day bug, what to do? (to
the original material)
- What’s polluting your
data lake? (to
the original material)
- EvilProxy
phishing-as-a-service with MFA bypass emerged on the dark
web. (to
the original material)
- 62% of consumers see
fraud as an inevitable risk of online shopping. (to
the original material)
- US seizes WT1SHOP market
selling credit cards, credentials, and IDs. (to
the original material)
- Moobot botnet is coming
for your unpatched D-Link router. (to
the original material)
- Minecraft is hackers’
favorite game title for hiding malware. (to
the original material)
- FBI warns of Vice Society
ransomware attacks on school districts. (to
the original material)
- Zyxel releases new NAS
firmware to fix critical RCE vulnerability. (to
the original material)
- InterContinental Hotels
Group cyberattack disrupts booking systems. (to
the original material)
- New Linux malware evades
detection using multi-stage deployment. (to
the original material)
- New Worok cyber-espionage
group targets governments, high-profile firms. (to
the original material)
- Second largest U.S.
school district LAUSD hit by ransomware. (to
the original material)
- Smart Contract Auditing
Firm Suffers Smart Contract Exploit. (to
the original material)
- CISA Warns of Contec
Patient Monitoring Device Flaws. (to
the original material)
- China Accuses NSA of
Spying on State Aeronautics University. (to
the original material)
- Evolving Your Security
Strategy for the Challenges of 2022. (to
the original material)
- The Network Pillar:
Accelerating Zero Trust Adoption. (to
the original material)
- Los Angeles School
District Hit by Ransomware Attack. (to
the original material)
- Worok threat group
observed using new tools, techniques in cyberattacks. (to
the original material)
- Los Angeles school
district to remain open despite ransomware attack. (to
the original material)
- The Los Angeles Unified
School District hit by a ransomware attack. (to
the original material)
- A new Android malware
used to spy on the Uyghur Community. (to
the original material)
- Experts discovered
TeslaGun Panel used by TA505 to manage its ServHelper
Backdoor. (to
the original material)
- China accuses the US of
cyberattacks. (to
the original material)
- Interpol dismantled
sextortion ring in Asia. (to
the original material)
- Researcher Spotlight: How
Asheer Malhotra looks for ‘instant gratification’ in threat
hunting. (to
the original material)
- Worok: The big picture. (to
the original material)
- Google fixes security
issues in Chrome version 105. (to
the original material)
- Application security
slowly shifts left. (to
the original material)
- How Are Favicon (.ico)
Files Used in Website Malware? (to
the original material)
- Three ways to cultivate
an inclusive culture to empower female leadership. (to
the original material)
- Arizona Law Tramples
People’s Constitutional Right to Record Police. (to
the original material)
- In the mighty Savanna:
Check Point Research reveals a 2-year campaign targeting
large financial institutions in French-Speaking African
countries. (to
the original material)
- Hot off the press: a new
study into “the nature of cyber incidents”. (to
the original material)
05.09.2022
- News
from cyber security.
- Nmap 7.93, the 25th
anniversary edition, has been released. (to
the original material)
- Your vendors are likely
your biggest cybersecurity risk. (to
the original material)
- Supply chain risk is a
top security priority as confidence in partners wanes. (to
the original material)
- Ransomware attacks on
Linux to surge. (to
the original material)
- Proof of Concept: Twitter
Security and Election Integrity. (to
the original material)
- How to Spot the Latest
Tactics in Business ID Scams. (to
the original material)
- Cybercriminal Service
‘EvilProxy’ Seeks to Hijack Accounts. (to
the original material)
- Windows Defender
identified Chromium, Electron apps as Hive Ransomware. (to
the original material)
- EvilProxy
Phishing-As-A-Service With MFA Bypass Emerged In Dark Web. (to
the original material)
- A new SharkBot variant
bypassed Google Play checks again. (to
the original material)
- New EvilProxy service
lets all hackers use advanced phishing tactics. (to
the original material)
- Interpol dismantles
sextortion ring, warns of increased attacks. (to
the original material)
- QNAP patches zero-day
used in new Deadbolt ransomware attacks. (to
the original material)
- TikTok denies security
breach after hackers leak user data, source code. (to
the original material)
- New SharkBot Trojan
Spread Via Mobile Security Apps. (to
the original material)
- New cyber rules for New
York financial firms signal nationwide changes. (to
the original material)
- QNAP warns new Deadbolt
ransomware attacks exploiting zero-day. (to
the original material)
- TikTok denies data breach
following leak of user data. (to
the original material)
- Back to school: How to
make sure kids' devices are protected and they can use them
safely. (to
the original material)
- 8 Cyber Security Tips for
Teachers, Parents and Kids. (to
the original material)
- FBI: Hackers Exploit
Vulnerabilities in DeFi Platforms. (to
the original material)
- Honoring Peter Eckersley,
Who Made the Internet a Safer Place for Everyone. (to
the original material)
04.09.2022
- News
from cyber security.
- Week in review: CISOs’
earnings per year, Atlassian Bitbucket Server and Data
Center flaw. (to
the original material)
- Microsoft Defender
falsely detects Win32/Hive.ZY in Google Chrome, Electron
apps. (to
the original material)
- SharkBot malware sneaks
back on Google Play to steal your logins. (to
the original material)
- A new phishing scam
targets American Express cardholders. (to
the original material)
- Anonymous hacked Yandex
taxi causing a massive traffic jam in Moscow. (to
the original material)
- IRS mistakenly published
confidential info for roughly 120K taxpayers. (to
the original material)
- Alleged Iranian threat
actors leak the code of their CodeRAT malware. (to
the original material)
- Concerns emerge over
proposed SEC cyber incident disclosure changes. (to
the original material)
03.09.2022
- News
from cyber security.
- IRS data leak exposes
personal info of 120,000 taxpayers. (to
the original material)
- Malware dev open-sources
CodeRAT after being exposed. (to
the original material)
- Mastercard CSO on
Partnerships and Workforce Development. (to
the original material)
- Security Affairs
newsletter Round 382. (to
the original material)
- Google rolled out
emergency fixes to address actively exploited Chrome
zero-day. (to
the original material)
02.09.2022
- News
from cyber security.
- Press release:
Publication of four vacancies for administrative positions
within the European Cyber Security Competence Center, hosted
in Bucharest. (to
the original material)
- Mozilla Releases Security
Update for Thunderbird. (to
the original material)
- CISA, NSA, and ODNI (Office
of the Director of National Intelligence)
Release Part One of Guidance on Securing the Software Supply
Chain. (to
the original material)
- Companies underestimate
number of SaaS applications in their environment. (to
the original material)
- CIOs find it most
difficult to solve cybersecurity challenges. (to
the original material)
- Coro CEO Guy Moskowitz
plans to take an enterprise-grade security capability to the
SMB market. (to
the original material)
- The Prynt Stealer malware
contains a secret backdoor. Crooks steal data from other
cybercriminals. (to
the original material)
- Another Ransomware For
Linux Likely In Development. (to
the original material)
- Experts link Raspberry
Robin Malware to Evil Corp cybercrime gang. (to
the original material)
- Google Chrome issue
allows overwriting the clipboard content. (to
the original material)
- Attack infrastructure
used in Cisco hack linked to Evil Corp affiliate. (to
the original material)
- Researchers analyzed a
new JavaScript skimmer used by Magecart threat actors. (to
the original material)
- Google Chrome emergency
update fixes new zero-day used in attacks. (to
the original material)
- BlackCat ransomware
claims attack on Italian energy agency. (to
the original material)
- Dev backdoors own malware
to steal data from other hackers. (to
the original material)
- Samsung discloses data
breach after July hack. (to
the original material)
- Damart clothing store hit
by Hive ransomware, $2 million demanded. (to
the original material)
- San Francisco 49ers:
Blackbyte ransomware gang stole info of 20K people. (to
the original material)
- US Police Deployed
Obscure Smartphone Tracking Tool With No Warrants. (to
the original material)
- Google Chrome
Vulnerability Lets Sites Quietly Overwrite Clipboard
Contents. (to
the original material)
- JuiceLedger Hacker Linked
to First Phishing Campaign Targeting PyPI Users. (to
the original material)
- New Ransomware Group
BianLian Activity Exploding. (to
the original material)
- CISA, NSA and npm Release
Software Supply Chain Guidance. (to
the original material)
- UK Government Releases
New AI Security Guidance. (to
the original material)
- Chile and Montenegro
Floored by Ransomware. (to
the original material)
- San Francisco 49ers
Cybersecurity Incident Affected 20,000. (to
the original material)
- Chile Consumer Protection
Agency Hit by Ransomware Attack. (to
the original material)
- Courts May Decide If
Lloyd's Must Cover Nation-State Attacks. (to
the original material)
- For Hire: Ex-Ubiquiti
Developer Charged With Extortion. (to
the original material)
- Why Hacktivists Got Bored
With the Russia-Ukraine Cyberwar. (to
the original material)
- Overcoming Zero Trust
Obstacles in Healthcare. (to
the original material)
- Samsung discloses a
second data breach this year. (to
the original material)
- Threat Roundup for August
26 to September 2. (to
the original material)
- Audit finds
cybersecurity, oversight gaps in organ transplant database.
(to
the original material)
- CISA warns of possible
DDoS risk in Contec patient monitor medical devices. (to
the original material)
- What is doxing and how
you can protect yourself. (to
the original material)
- Will cyber‑insurance pay
out? – Week in security with Tony Anscombe. (to
the original material)
- Three approaches to
structuring and alert processing in a SOC (Security
Operations Centers). (to
the original material)
01.09.2022
- News
from cyber security.
- Cybersecurity news of the
week (09/01/2022). (to
the original material)
- Want to join ENISA's
Advisory Group? Call for Experts in now Open! (to
the original material)
- Apple Releases Security
Updates for Multiple Products. (to
the original material)
- How Just-in-Time
privilege elevation prevents data breaches and lateral
movement. (to
the original material)
- Does your cybercrime
prevention program work? (to
the original material)
- Infosec products of the
month: August 2022. (to
the original material)
- New ransomware hits
Windows, Linux servers of Chile govt agency. (to
the original material)
- Microsoft will disable
Exchange Online basic auth next month. (to
the original material)
- Montenegro hit by
ransomware attack, hackers demand $10 million. (to
the original material)
- NSA and CISA share tips
to secure the software supply chain. (to
the original material)
- Thousands lured with blue
badges in Instagram phishing attack. (to
the original material)
- Neopets says hackers had
access to its systems for 18 months. (to
the original material)
- Over 1,000 iOS apps found
exposing hardcoded AWS credentials. (to
the original material)
- Bill Bans Silicon Valley
From Sharing Abortion Data. (to
the original material)
- Report: Organ Transplant
Data Security Needs Strengthening. (to
the original material)
- OneCoin Cryptocurrency
Scam Suspect Faces Extradition to US. (to
the original material)
- Banning Ransoms: The
Evolving State of Ransomware Response. (to
the original material)
- Two open-source projects
vulnerable to ‘GitHub Environment Injection’. (to
the original material)
- Anti-malware
organizations releases guide for securing IoT devices. (to
the original material)
- Global certifications
group rolls out trio of cyber workforce programs. (to
the original material)
- How will Meta treat
personal data after high court’s abortion ruling? (to
the original material)
- Credential phishing
attack targeted 16,000 emails at nonprofit agency. (to
the original material)
- Ragnar Locker ransomware
gang claims to have stolen data from TAP Air Portugal. (to
the original material)
- 1,859 Android and iOS
apps were containing hard-coded Amazon AWS credentials. (to
the original material)
- FBI is helping Montenegro
in investigating the ongoing cyberattack. (to
the original material)
- Apple released patches
for recently disclosed WebKit zero-day in older iPhones and
iPads. (to
the original material)
- Source Code of Over 1800
Android and iOS Apps Gives Access to AWS Credentials. (to
the original material)
- Ragnar Locker Ransomware
Targets Energy Sector, Cybereason Suggests. (to
the original material)
- Apple Releases Update for
iOS 12 to Patch Exploited Vulnerability. (to
the original material)
- Standards Body Publishes
Guidelines for IoT Security Testing. (to
the original material)
- Detected Cyber-Threats
Surge 52% in 1H 2022. (to
the original material)
- Microsoft Finds Account
Takeover Bug in TikTok. (to
the original material)
- Threat Source newsletter
(Sept. 1, 2022) - Conversations about an unborn baby's
privacy. (to
the original material)
- What Is a 500 Internal
Server Error & How to Fix It. (to
the original material)
- Hollywood’s Insistence on
New Draconian Copyright Rules Is Not About Protecting
Artists. (to
the original material)
Archive:
Click here to access CMS (Content Management System) in Joomla.
Source:
Note Dorin M.
This site has a double
form, one in HTML and one in Joomla (if you are interested
in the utility behind this effort you can read the "Why
a HTML and a CMS (Joomla)" page).
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
Dorin M - September 30,
2022