Study - Technical
- LMS-SFC (EN) - Cyber
Security - News archive
January 2023
Cyber Security - News Archive
January 2023
31.01.2023
- News
from cyber security.
- Supporting Policy
Developments to Achieve a High Common Level of Cybersecurity.
(to
the original material)
- CISA Releases One
Industrial Control Systems Advisory. (to
the original material)
- ESET APT Activity Report T3
2022. (to
the original material)
- IT Army of Ukraine gained
access to a 1.5GB archive from Gazprom. (to
the original material)
- Experts released VMware
vRealize Log RCE exploit for CVE-2022-31706. (to
the original material)
- GitHub to revoke stolen
code signing certificates for GitHub Desktop and Atom. (to
the original material)
- Pro-Palestine hackers
threaten Israeli chemical companies. (to
the original material)
- Pro-Russia group Killnet
targets US healthcare with DDoS attacks. (to
the original material)
- Wheels of cyberjustice
slowly crank. (to
the original material)
- Checkmarx launches Supply
Chain Threat Intelligence. (to
the original material)
- GitHub hit by hackers; code
signing certificates for GitHub Desktop and Atom applications
stolen. (to
the original material)
- How secure is your password
manager? (to
the original material)
- EFF Files Amicus Briefs in
Two Important Geofence Search Warrant Cases. (to
the original material)
- The FCC Broadband Maps:
Meet the New Maps, Same as the Old Maps. (to
the original material)
- Two Steps Forward, One Step
Back on Vaccine Privacy in New York. (to
the original material)
- EU to Use ePrivacy and GDPR
to Tackle Illegal Cookie Walls. (to
the original material)
- Three lessons for DevOps
from the CircleCI breach. (to
the original material)
- OpenEMR flaws detailed. (to
the original material)
- JD Sports cyberattack
compromises 10M customers. (to
the original material)
- Indianapolis Housing Agency
ransomware attack hits over 200K individuals. (to
the original material)
- Data breaches hit Illinois
social services firm, Washington behavioral health provider. (to
the original material)
- GitHub code signing
certificates compromised, to be revoked. (to
the original material)
- New Titan Stealer malware
examined. (to
the original material)
- Novel malware leveraged in
embassy-targeted APT29 attacks. (to
the original material)
- Over 1.5 million records
exposed by compromised TSA no-fly list. (to
the original material)
- Enterprise XDR adoption
still in early days, survey finds. (to
the original material)
- GitHub Confirms Signing
Certificates Stolen in Cyber-Attack, Revokes Them. (to
the original material)
- DocuSign Brand
Impersonation Attack Bypasses Security Measures, Targets Over
10,000. (to
the original material)
- Financial Services Targeted
in 28% of UK Cyber-Attacks Last Year. (to
the original material)
- Killnet Attackers DDoS US
and Dutch Hospitals. (to
the original material)
- Two US Doctors Convicted of
$30m Medicare Fraud. (to
the original material)
- QNAP: Patch Critical Remote
Code Injection Bug. (to
the original material)
- Skyrocketing Cyber
Insurance Premium Growth May Slow. (to
the original material)
- CISA to Set Up New Office
for Supply Chain Security. (to
the original material)
- OpenEMR Flaws Could Allow
Attackers to Steal Data, More. (to
the original material)
- Microsoft-Verified OAuth
Apps Used to Infiltrate Inboxes. (to
the original material)
- Russian Sandworm APT Adds
New Wiper to Its Arsenal. (to
the original material)
- Will Hive Stay Kaput After
FBI Busts Infrastructure? (to
the original material)
- Organization-Wide
Passwordless Orchestration. (to
the original material)
- Attackers used malicious
“verified” OAuth apps to infiltrate organizations’ O365 email
accounts. (to
the original material)
- Critical QNAP NAS
vulnerability fixed, update your device ASAP!
(CVE-2022-27596). (to
the original material)
- 3 ways to stop
cybersecurity concerns from hindering utility infrastructure
modernization efforts. (to
the original material)
- DigiCert releases new
unified approach to trust management. (to
the original material)
- Budget constraints force
cybersecurity teams to do more with less. (to
the original material)
- New Sh1mmer ChromeBook
exploit unenrolls managed devices. (to
the original material)
- Over 29,000 QNAP devices
vulnerable to code injection attacks. (to
the original material)
- Microsoft: Over 100 threat
actors deploy ransomware in attacks. (to
the original material)
- PoS malware can block
contactless payments to steal credit cards. (to
the original material)
- Exploit released for
critical VMware vRealize RCE vulnerability. (to
the original material)
- Microsoft disables verified
partner accounts used for OAuth phishing. (to
the original material)
- Using the Wazuh SIEM and
XDR platform to meet PCI DSS compliance. (to
the original material)
- Microsoft Defender can now
isolate compromised Linux endpoints. (to
the original material)
30.01.2023
- News
from cyber security.
- A Dutch hacker obtained
the personal data of Austrian citizens. (to
the original material)
- Vulnerability Summary for
the Week of January 23, 2023. (to
the original material)
- QNAP addresses a critical
flaw impacting its NAS devices. (to
the original material)
- JD Sports discloses a
data breach impacting 10 million customers. (to
the original material)
- Researcher received a
$27,000 bounty for 2FA bypass bug in Facebook and Instagram.
(to
the original material)
- Sandworm APT group hit
Ukrainian news agency with five data wipers. (to
the original material)
- UNC2565 threat actors
continue to improve the GOOTLOADER malware. (to
the original material)
- New webinar:
Cybersecurity predictions for 2023 (and beyond). (to
the original material)
- WordPress Vulnerability
& Patch Roundup January 2023. (to
the original material)
- Why quantum computing
threatens security as we know it [Q&A]. (to
the original material)
- New privacy features in
Apple devices. (to
the original material)
- Five key cybersecurity
lessons for your CEO. (to
the original material)
- Stupid Patent of the
Month: Digital Verification Systems Patents E-Signatures. (to
the original material)
- California Law Says
Electronic Search Data Must Be Posted Online. So Where Is
It? (to
the original material)
- The way to stop API
breaches: reevaluate the company’s cybersecurity stack. (to
the original material)
- Data breaches hit UCLA
Health, UCHealth. (to
the original material)
- Ukraine seeks ICC
(International Criminal Court) probe on Russian
cyberattacks. (to
the original material)
- Charter Communications
impacted by third-party breach. (to
the original material)
- Impact of Hive ransomware
disruption assessed. (to
the original material)
- TikTok proposal to allay
national security fears detailed. (to
the original material)
- Zero trust not a fix-all
solution to cyber threats. (to
the original material)
- Novel BIND9 DNS software
bugs addressed. (to
the original material)
- Remediating VMware
vRealize Log RCE urged amid imminent exploit. (to
the original material)
- Gootkit malware
significantly updated. (to
the original material)
- Removable USB devices
targeted by PlugX malware. (to
the original material)
- JD Sports Confirms Breach
Affected 10 Million Customers. (to
the original material)
- Hackers Use TrickGate
Software to Deploy Emotet, REvil, Other Malware. (to
the original material)
- Devs on Dark Web Forums
Paid Up to $20,000 For Illicit Activities. (to
the original material)
- Fake Money Apps Garner
Millions of Android Downloads. (to
the original material)
- New Yorker Gets Four
Years for $9m COVID Fraud Scheme. (to
the original material)
- Five Data Wipers Attack
Ukrainian News Agency. (to
the original material)
- HHS, AHA Warn of Surge in
Russian DDoS Attacks on Hospitals. (to
the original material)
- JD Sports Details Data
Breach Affecting 10 Million Customers. (to
the original material)
- Are We Doomed? Not If We
Focus on Cyber Resilience. (to
the original material)
- A glut of wiper malware
hits Ukrainian targets. (to
the original material)
- Critical OpenEMR
vulnerabilities may allow attackers to access patients’
health records. (to
the original material)
- Mounting cybersecurity
pressure is creating headaches in railway boardrooms. (to
the original material)
- Insider attacks becoming
more frequent, more difficult to detect. (to
the original material)
- Porsche halts NFT launch,
phishing sites fill the void. (to
the original material)
- KeePass disputes
vulnerability allowing stealthy password theft. (to
the original material)
- Cybercrime job ads on the
dark web pay up to $20k per month. (to
the original material)
- GitHub revokes code
signing certificates stolen in repo hack. (to
the original material)
- QNAP fixes critical bug
letting hackers inject malicious code. (to
the original material)
- JD Sports says hackers
stole data of 10 million customers. (to
the original material)
- U.S. No Fly list shared
on a hacking forum, government investigating. (to
the original material)
29.01.2023
- News
from cyber security.
- Alleged member of
ShinyHunters group extradited to the US, could face 116
years in jail. (to
the original material)
- Pro-Russia group Killnet
targets Germany due to its support to Ukraine. (to
the original material)
- Security Affairs
newsletter Round 404 by Pierluigi Paganini. (to
the original material)
- Watch out! Experts plans
to release VMware vRealize Log RCE exploit next week. (to
the original material)
- Week in review: ChatGPT
cybersecurity, critical RCE vulnerabilities found in git,
Riot Games breached. (to
the original material)
- Shady reward apps on
Google Play amass 20 million downloads. (to
the original material)
28.01.2023
- News
from cyber security.
- Copycat Criminals
mimicking Lockbit gang in northern Europe. (to
the original material)
- Sandworm APT targets
Ukraine with new SwiftSlicer wiper. (to
the original material)
- ISC fixed high-severity
flaws in DNS software suite BIND. (to
the original material)
- Ukraine Links Media
Center Attack to Russian Intelligence. (to
the original material)
- Researchers to release
VMware vRealize Log RCE exploit, patch now. (to
the original material)
- Hackers use new
SwiftSlicer wiper to destroy Windows domains. (to
the original material)
27.01.2023
- News
from cyber security.
- US federal agencies have
been targeted by attacks with ScreenConnect and AnyDesk. (to
the original material)
- Protecting Data: Can we
Engineer Data Sharing? (to
the original material)
- ISC Releases Security
Advisories for Multiple Versions of BIND 9. (to
the original material)
- Scammers disguised as
tech support agents still a common threat: Here's what to
watch out for in 2023. (to
the original material)
- Are you in control of
your personal data? – Week in security with Tony Anscombe. (to
the original material)
- SwiftSlicer: New
destructive wiper malware strikes Ukraine. (to
the original material)
- Patch management is
crucial to protect Exchange servers, Microsoft warns. (to
the original material)
- Hacker accused of having
stolen personal data of all Austrians and more. (to
the original material)
- CVE-2023-23560 flaw
exposes 100 Lexmark printer models to hack. (to
the original material)
- BlackCat Ransomware gang
stole secret military data from an industrial explosives
manufacturer. (to
the original material)
- Trustwave updates its
threat hunting to find unknown dangers. (to
the original material)
- Secure your Untappd
check-ins. (to
the original material)
- Brazil's Telecom
Operators Made Strides and Had Shortcomings in Internet
Lab's New Report on User Privacy Practices. (to
the original material)
- Threat Round up for
January 20 to January 27. (to
the original material)
- Three trends public and
healthcare cyber defense teams should know about in 2023. (to
the original material)
- Novel Mimic ransomware
strain detailed. (to
the original material)
- Google ads phishing takes
aim on password managers. (to
the original material)
- Cybersecurity layoffs in
the past year examined. (to
the original material)
- NIST risk management
framework for AI issued. (to
the original material)
- CISA’s Joint Cyber
Defense Collaborative details priorities. (to
the original material)
- New Abraham Ax operation
linked to Iranian hacktivist group. (to
the original material)
- Alarm on Russian, Iranian
spear-phishing operations raised by UK. (to
the original material)
- Report: ChatGPT presents
critical cyber risks. (to
the original material)
- Five ways security teams
can more effectively manage identities in the cloud. (to
the original material)
- Third-party risks: How to
reduce them. (to
the original material)
- How AI and DAST can
mitigate security risks. (to
the original material)
- Multiple Vulnerabilities
Found In Healthcare Software OpenEMR. (to
the original material)
- Black Basta Deploys PlugX
Malware in USB Devices With New Technique. (to
the original material)
- New 'Pig Butchering' Scam
in West Africa Impersonates US Financial Advisors. (to
the original material)
- Security is Key to
Business Transformation, Say IT Chiefs. (to
the original material)
- Global Action
"Dismantles" Hive Ransomware Group. (to
the original material)
- Microsoft: Update
On-Premises Exchange Server Now. (to
the original material)
- Coinbase Fined 3.3
Million Euros by Dutch Central Bank. (to
the original material)
- European IoT
Manufacturers Lag in Vulnerability Disclosure. (to
the original material)
- Advance Your Security
Awareness Training Program: Research Results Analysis. (to
the original material)
- Payments Rules Bring
Customer Authentication to Forefront. (to
the original material)
- Russian Nuisance Hacking
Group KillNet Targets Germany. (to
the original material)
- ISMG Editors: Why Are
Ransomware Profits Dipping? (to
the original material)
- Entity Will Pay $4.3
Million Settlement in 2nd Big Hack Case. (to
the original material)
- Targets of Opportunity:
How Ransomware Groups Find Victims. (to
the original material)
- New infosec products of
the week: January 27, 2023. (to
the original material)
- Open source skills
continue to be in high demand. (to
the original material)
- 50% of organizations
exceed their budgeted spend on cloud storage. (to
the original material)
- The Week in Ransomware -
January 27th 2023 - 'We hacked the hackers'. (to
the original material)
- Ukraine: Sandworm hackers
hit news agency with 5 data wipers. (to
the original material)
- PlugX malware hides on
USB devices to infect new Windows hosts. (to
the original material)
26.01.2023
- News
from cyber security.
- Cybersecurity news of the
week (26.01.2023). (to
the original material)
- The National Directorate
of Cyber Security and ING Bank call for vigilance: cyber
attackers can use artificial intelligence to create phishing
messages that look more genuine than ever. (to
the original material)
- JCDC (Joint Cyber Defense
Collaborative) Announces 2023 Planning Agenda. (to
the original material)
- CISA Releases Eight
Industrial Control Systems Advisories. (to
the original material)
- CISA Has Added One Known
Exploited Vulnerability to Catalog. (to
the original material)
- The Hybrid Professional
Life: How Social Media Apps Became a Professional Recruiting
and Business Promotion Medium. (to
the original material)
- Why your data is more
valuable than you may realize. (to
the original material)
- UK NCSC warns of
spear-phishing attacks from Russia-linked and Iran-linked
groups. (to
the original material)
- An unfaithful employee
leaked Yandex source code repositories. (to
the original material)
- Hive Ransomware Tor leak
site apparently seized by law enforcement. (to
the original material)
- Experts warn of a surge
of attacks exploiting a Realtek Jungle SDK RCE
(CVE-2021-35394). (to
the original material)
- 3 Barracuda executives
share security predictions for 2023. (to
the original material)
- How to Fix the “Deceptive
Site Ahead” Warning. (to
the original material)
- Ransomware groups rebrand
and claim more victims. (to
the original material)
- Cybersecurity is a key
first step in digital transformation. (to
the original material)
- What Old is New Again and
What's Old is Me? (to
the original material)
- Vulnerability Spotlight:
OS command injection, directory traversal and other
vulnerabilities found in Siretta Quartz-Gold and
FreshTomato. (to
the original material)
- The Best Super Bowl Ads
of All Time. (to
the original material)
- The Next Arms Race:
Empowering the next generation of cybersecurity workers. (to
the original material)
- Cybersecurity budgets
lacking amid rising threats. (to
the original material)
- More data breach
disclosures lacking information. (to
the original material)
- Windows CryptoAPI
vulnerability exploit issued. (to
the original material)
- Report: Baltimore school
system lacked defenses prior to 2020 cyberattack. (to
the original material)
- Zacks Investment Research
data breach impacts 820K individuals. (to
the original material)
- Malware campaign
compromises over 4,500 WordPress sites. (to
the original material)
- Windows systems targeted
by novel Python RAT malware. (to
the original material)
- New attack techniques
employed by North Korean APT. (to
the original material)
- Google Ads exploited for
network breaches. (to
the original material)
- Iranian Group Cobalt
Sapling Targets Saudi Arabia With New Persona. (to
the original material)
- Zacks Investment Research
Confirms Breach Affecting 820,000 Customers. (to
the original material)
- CISA Warns Against
Malicious Use of Legitimate RMM Software. (to
the original material)
- NCSC: Iranian and Russian
Groups Targeting Government, Activists and Journalists With
Spearphishing. (to
the original material)
- Dark Web Posts
Advertising Counterfeit Cash Surge 90%. (to
the original material)
- Near-Record Year for US
Data Breaches in 2022. (to
the original material)
- Lloyds Bank Warns of 80%
Surge in Advance Fee Scams. (to
the original material)
- UK Insurers Mostly
Withstand Cyber Stress Test. (to
the original material)
- Uniform Infrastructure
Raises Risk for Industrial Attacks. (to
the original material)
- UK Warns of Surge in
Russian, Iranian APT Phishing Threats. (to
the original material)
- 2 Hacks Involving Mental
Health Data Affected Nearly 400,000. (to
the original material)
- Facebook, Instagram
Blasted for 'Lame' Security Practices. (to
the original material)
- Ukraine's Critical
Sectors Targeted in Phishing Attack Surge. (to
the original material)
- ISACA Survey: Privacy in
Practice 2023 Highlights. (to
the original material)
- FBI Seizes Hive
Ransomware Servers in Multinational Takedown. (to
the original material)
- Venture Capitalist: Now
Is an Ideal Time to Invest in Cyber. (to
the original material)
- Protecting the Hidden
Layer in Neural Networks. (to
the original material)
- Authorities shut down
HIVE ransomware infrastructure, provide decryption tools. (to
the original material)
- Researchers release PoC
exploit for critical Windows CryptoAPI bug (CVE-2022-34689).
(to
the original material)
- Attackers use portable
executables of remote management software to great effect. (to
the original material)
- ChatGPT is a bigger
threat to cybersecurity than most realize. (to
the original material)
- Supply chain attacks
caused more data compromises than malware. (to
the original material)
- Microsoft urges admins to
patch on-premises Exchange servers. (to
the original material)
- Bitwarden password vaults
targeted in Google ads phishing attack. (to
the original material)
- US offers $10M bounty for
Hive ransomware links to foreign governments. (to
the original material)
- New Mimic ransomware
abuses ‘Everything’ Windows search tool. (to
the original material)
- Lexmark warns of RCE bug
affecting 100 printer models, PoC released. (to
the original material)
- Google nukes 50,000
accounts pushing Chinese disinformation. (to
the original material)
- UK warns of increased
attacks from Russian, Iranian hackers. (to
the original material)
- Hive ransomware disrupted
after FBI hacks gang's systems. (to
the original material)
- Yandex denies hack,
blames source code leak on former employee. (to
the original material)
25.01.2023
- News
from cyber security.
- CISA, NSA, and MS-ISAC
Release Advisory on the Malicious Use of RMM Software. (to
the original material)
- VMware Releases Security
Updates for VMware vRealize Log Insight. (to
the original material)
- Gaming and Video Games:
How Much Is Too Much for Your Kids? (to
the original material)
- Mastodon vs. Twitter:
Know the differences. (to
the original material)
- Zacks Investment Research
data breach impacted hundreds of thousands of customers. (to
the original material)
- Google Chrome 109 update
addresses six security vulnerabilities. (to
the original material)
- North Korea-linked TA444
group turns to credential harvesting activity. (to
the original material)
- French rugby club Stade
Français leaks source code. (to
the original material)
- DragonSpark threat actor
avoids detection using Golang source code Interpretation. (to
the original material)
- Below the Surface:
Innovations in security awareness training. (to
the original material)
- Quality and security
suffer in the push for digital transformation. (to
the original material)
- Lookout launches unified
security for endpoints and cloud. (to
the original material)
- Dealing with the threat
of social engineering [Q&A]. (to
the original material)
- Newly-discovered Signal
vulnerabilities - how dangerous are they? (to
the original material)
- EFF Tells Supreme Court:
User Speech Must Be Protected. (to
the original material)
- What security pros need
to know about the FTC’s proposed non-compete rule. (to
the original material)
- New detection bypass
methods accompany Emotet revival. (to
the original material)
- Cyberwarfare concern amid
Russia-Ukraine conflict examined. (to
the original material)
- CISA sheds light on K-12
cybersecurity in review. (to
the original material)
- New cyber, workforce
subcommittees expected at House Oversight panel. (to
the original material)
- Riot Games rejects paying
$10M ransom for breach. (to
the original material)
- Zendesk hit by
phishing-related data breach. (to
the original material)
- GoTo breach compromised
encrypted backups. (to
the original material)
- Significant updates
likely in upcoming NIST cybersecurity framework. (to
the original material)
- Novel Blank Image
phishing technique detailed. (to
the original material)
- Cyber testing gaps,
staffing shortfall compromising DoD (Department of Defence)
cyber posture. (to
the original material)
- LatAm hacktivist
collective Guacamaya examined. (to
the original material)
- GAO (Government
Accountability Office): Most cyber recommendations ignored
by federal agencies. (to
the original material)
- North Korean Group TA444
Shows 'Startup' Culture, Tries Numerous Infection Methods. (to
the original material)
- Yahoo Overtakes DHL As
Most Impersonated Brand in Q4 2022. (to
the original material)
- Ticketmaster Claims Bot
Attack Disrupted Taylor Swift Tour Sales. (to
the original material)
- Regulator Stress Test
Highlights Cyber Insurance Concerns. (to
the original material)
- New Cheats May Emerge
After Riot Games Hack. (to
the original material)
- Just Half of Firms Have
Sufficient Cybersecurity Budget. (to
the original material)
- Case Study: Policy
Compliance with Layered Security. (to
the original material)
- Clinic Reports Tracking
Pixel Breach Involving 3rd Party. (to
the original material)
- Reported Data Breaches in
US Reach Near-Record Highs. (to
the original material)
- Microsoft 365 Cloud
Service Outage Disrupts Users Worldwide. (to
the original material)
- North Korean Crypto
Hackers Keep Nose to the Grindstone. (to
the original material)
- Why Healthcare Orgs Must
Prioritize 3rd-Party Risk Management. (to
the original material)
- Riot Games breached: How
did it happen? (to
the original material)
- Critical VMware vRealize
Log Insight flaws patched (CVE-2022-31706, CVE-2022-31704).
(to
the original material)
- How to tackle the
cybersecurity skills shortage in the EU. (to
the original material)
- Most consumers would
share anonymized personal data to improve AI products. (to
the original material)
- Exploit released for
critical Windows CryptoAPI spoofing bug. (to
the original material)
- CISA: Federal agencies
hacked using legitimate remote desktop tools. (to
the original material)
- Hackers auction alleged
source code for League of Legends. (to
the original material)
- Zacks Investment Research
data breach affects 820,000 clients. (to
the original material)
- Malware exploited
critical Realtek SDK bug in millions of attacks. (to
the original material)
- Lessons Learned from the
Windows Remote Desktop Honeypot Report. (to
the original material)
- New stealthy Python RAT
malware targets Windows in attacks. (to
the original material)
24.01.2023
- News
from cyber security.
- Apple Releases Security
Updates for Multiple Products. (to
the original material)
- CISA Releases Two
Industrial Control Systems Advisories. (to
the original material)
- CISA Releases Protecting
Our Future: Partnering to Safeguard K–12 organizations from
Cybersecurity Threats. (to
the original material)
- Protect your digital
identity in 2023. (to
the original material)
- 5 valuable skills your
children can learn by playing video games. (to
the original material)
- VMware warns of critical
code execution bugs in vRealize Log Insight. (to
the original material)
- Pakistan hit by
nationwide power outage, is it the result of a cyber attack?
(to
the original material)
- GoTo revealed that threat
actors stole customers’ backups and encryption key for some
of them. (to
the original material)
- FBI confirms that
North Korea-linked Lazarus APT is behind Harmony Horizon
Bridge $100 million cyber heist. (to
the original material)
- Meta Platforms
expands features for EE2E on Messenger App. (to
the original material)
- CISA added Zoho
ManageEngine RCE (CVE-2022-47966) to its Known Exploited
Vulnerabilities Catalog. (to
the original material)
- Researcher found
US ‘No Fly List’ on an unsecured server. (to
the original material)
- Secured.22:
Backing Up Your Microsoft 365 Environment. (to
the original material)
- Cybersecurity
Threat Advisory: NortonLifeLock compromised. (to
the original material)
- Massive Campaign
Uses Hacked WordPress Sites as Platform for Black Hat Ad
Network. (to
the original material)
- Insider threats
become more frequent and harder to deal with. (to
the original material)
- Organizations not
prepared for cyberwarfare. (to
the original material)
- How ChatGPT will
change cybersecurity. (to
the original material)
- The Next Stage in
Security Expert’s Trial Set for January 31. (to
the original material)
- Podcast Episode:
Don't Be Afraid to Poke the Tigers. (to
the original material)
- Threat Landscape
Topic Summary Report: Cisco Talos Year in Review 2022. (to
the original material)
- By reframing
talent, we can meet the cybersecurity skills gap. (to
the original material)
- New NSA security
guidelines for IPv6 transition issued. (to
the origina material)
- Massive
app-spoofing malvertising scheme disrupted. (to
the original material)
- Russia hit with
record high DDoS attacks last year. (to
the original material)
- Sliver C2
framework gaining traction among threat actors. (to
the original material)
- Global
anti-ransomware task force begins operations. (to
the original material)
- DellOro Group
predicts SASE to overtake SD-WAN. (to
the original material)
- Dell touts new
servers with advanced security, efficiencies. (to
the original material)
- Remote.It updates
networking platform with zero-trust features. (to
the original material)
- Threat
intelligence: Security pros share key challenges. (to
the original material)
- Threat
intelligence: Security pros identify top benefits. (to
the original material)
- DragonSpark
Hackers Evade Detection With SparkRAT and Golang. (to
the original material)
- FBI Confirms
Lazarus Group Was Behind $100m Harmony Hack. (to
the original material)
- #DataPrivacyWeek:
Consumers Already Concerned About AI’s Impact on Data
Privacy. (to
the original material)
- Microsoft to
Block Excel XLL Add-Ins to Stop Malware Delivery. (to
the original material)
- Gartner: Zero
Trust Will Not Mitigate Over Half of Attacks. (to
the original material)
- #DataPrivacyWeek:
ICO Offers Data Protection Advice to SMBs. (to
the original material)
- Record-Breaking
Year for DDoS Attacks Targeting Russia. (to
the original material)
- Microsoft
Security Sales Hit $20B as Consolidation Increases. (to
the original material)
- VA (Veterans
Affairs): Contractors Have 1 Hour to Report a Security
Incident. (to
the original material)
- What Federal
Charges Against Bitzlato Mean for Cybercrime. (to
the original material)
- CommonSpirit
Facing 2 Proposed Class Actions Post-Breach. (to
the original material)
- North Korean
Hackers Attacked Horizon, Confirms FBI. (to
the original material)
- GoTo now says
customers’ backups have also been stolen. (to
the original material)
- Apple delivers
belated zero-day patch for iOS v12 (CVE-2022-42856). (to
the original material)
- BSidesZG 2023:
Strengthening the infosec community in Croatia’s capital.
(to
the original material)
- NSA publishes
IPv6 Security Guidance. (to
the original material)
- Ransomware access
brokers use Google ads to breach your network. (to
the original material)
- VMware fixes
critical security bugs in vRealize log analysis tool. (to
the original material)
- Microsoft shares
workaround for unresponsive Windows Start Menu. (to
the original material)
- U.S. sues Google
for abusing dominance over online ad market. (to
the original material)
- Riot Games
receives ransom demand from hackers, refuses to pay. (to
the original material)
- 75k WordPress
sites impacted by critical online course plugin flaws. (to
the original material)
- FBI: North Korean
hackers stole $100 million in Harmony crypto hack. (to
the original material)
- GoTo says hackers
stole customers' backups and encryption key. (to
the original material)
- Hackers use
Golang source code interpreter to evade detection. (to
the original material)
23.01.2023
- News
from cyber security.
- CISA Adds One Known
Exploited Vulnerability to Catalog. (to
the original material)
- Vulnerability Summary for
the Week of January 16, 2023. (to
the original material)
- 9 recommendations for
hassle-free holidays in 2023. (to
the original material)
- January is Digital
Cleanup Month. (to
the original material)
- The hybrid work style has
transformed business communication platforms into preferred
online socializing spaces. (to
the original material)
- Hybrid play: Leveling the
playing field in online video gaming and beyond. (to
the original material)
- Apple backported patches
for CVE-2022-42856 zero-day on older iPhones, iPads. (to
the original material)
- Two flaws in Samsung
Galaxy Store can allow to install Apps and execute JS code.
(to
the original material)
- Companies impacted by
Mailchimp data breach warn their customers. (to
the original material)
- Massive Ad fraud scheme
VASTFLUX targeted over 11 million devices. (to
the original material)
- Video game firm Riot
Games hacked, now it faces problems to release content. (to
the original material)
- The Trouble with API
security. (to
the original material)
- Riot Games delays release
of game updates and patches following security breach. (to
the original material)
- How to avoid online
recruitment scams in 2023. (to
the original material)
- Socks5 VPN: What It Is
& Why PIA Is the Best. (to
the original material)
- Four lessons learned from
the latest third-party breach of Uber data. (to
the original material)
- FanDuel impacted
by MailChimp data breach. (to
the original material)
- Malware
deployment facilitated by Microsoft OneNote attachments. (to
the original material)
- Ukraine impacted
by new Gamaredon cyberattacks exploiting Telegram. (to
the original material)
- Fortinet
vulnerability leveraged for new Boldmove malware
distribution. (to
the original material)
- Vice Society
attack on LAUSD compromised contractors’ data. (to
the original material)
- Potential TSA
no-fly list breach under investigation. (to
the original material)
- Cyber threats
from China’s AI program, Russia-Ukraine war emphasized by
FBI director. (to
the original material)
- How to determine
SASE needs specific to your IT environment. (to
the original material)
- Hackers Deploy
Open-Source Tool Sliver C2, Replacing Cobalt Strike,
Metasploit. (to
the original material)
- Two
Vulnerabilities Found in Galaxy App Store. (to
the original material)
- Most Federal
Agencies Ignored GAO's (US Government Accountability
Office) Cybersecurity Recommendations. (to
the original material)
- Ad Fraud Scheme
Tops 12 Billion Daily Bid Requests. (to
the original material)
- Riot Games Halts
Work After Cyber-Attack. (to
the original material)
- New Government
Cyber Advice for £100bn UK Charity Sector. (to
the original material)
- Malware Blurs
Line Between Banking Trojan and Surveillance. (to
the original material)
- 2 Vendors Among
BlackCat's Alleged Recent Ransomware Victims. (to
the original material)
- Spanish
Authorities Arrest 3 in Bitzlato Crackdown. (to
the original material)
- Australia
Initiates Global Ransomware Task Force Operations. (to
the original material)
- What Makes Sumo
Logic an Appealing Target for Private Equity. (to
the original material)
- David Derigiotis
on the Complex World of Cyber Insurance. (to
the original material)
- Ransomware
Profits Dip as Fewer Victims Pay Extortion. (to
the original material)
- Webinar
On-Demand: Why Organizations are Adopting MDR Services. (to
the original material)
- ENISA gives out
toolbox for creating security awareness programs. (to
the original material)
- Extent of
reported CVEs overwhelms critical infrastructure asset
owners. (to
the original material)
- Trained
developers get rid of more vulnerabilities than code
scanning tools. (to
the original material)
- Apple iOS 16.3
arrives with support for hardware security keys. (to
the original material)
- Russia’s largest
ISP says 2022 broke all DDoS attack records. (to
the original material)
- Apple fixes
actively exploited iOS zero-day on older iPhones, iPads. (to
the original material)
- CISA warns of
critical ManageEngine RCE bug exploited in attacks. (to
the original material)
- GTA Online bug
exploited to ban, corrupt players’ accounts. (to
the original material)
- Google Ads
invites being abused to push spam, adult sites. (to
the original material)
- Microsoft 365 to
block downloaded Excel XLL add-ins to boost security. (to
the original material)
22.01.2023
- News
from cyber security.
- Expert found critical
flaws in OpenText Enterprise Content Management System. (to
the original material)
- Roaming Mantis uses new
DNS changer in its Wroba mobile malware. (to
the original material)
- Security Affairs
newsletter Round 403 by Pierluigi Paganini. (to
the original material)
- Week in review: Critical
git vulnerabilities, increasingly malicious Google Search
ads. (to
the original material)
- FanDuels warns of data
breach after customer info stolen in vendor hack. (to
the original material)
- WhatsApp fined €5.5
million by Irish DPC for GDPR violation. (to
the original material)
21.01.2023
- News
from cyber security.
- The Irish DPC fined
WhatsApp €5.5M for violating GDPR. (to
the original material)
- Around 19,500 end-of-life
Cisco routers are exposed to hack. (to
the original material)
- Chinese Group Targeting
Vulnerable Cloud Providers, Apps. (to
the original material)
- Riot Games hacked, delays
game patches after security breach. (to
the original material)
- Hackers now use Microsoft
OneNote attachments to spread malware. (to
the original material)
- Massive ad-fraud op
dismantled after hitting millions of iOS devices. (to
the original material)
20.01.2023
- News
from cyber security.
- The National Cyber
Security Directorate (DNSC) and the European Commission
signed the financing contract for the 'Romanian Cyber Care
Health' project. (to
the original material)
- Drupal Releases Security
Advisories to Address Multiple Vulnerabilities. (to
the original material)
- Cisco Releases Security
Advisory for Unified CM and Unified CM SME. (to
the original material)
- Ransomware payments down
40% in 2022 – Week in security with Tony Anscombe. (to
the original material)
- T-Mobile suffered a new
data breach, 37 million accounts have been compromised. (to
the original material)
- PayPal notifies 34942
users of data breach over credential stuffing attack. (to
the original material)
- Chinese hackers used
recently patched FortiOS SSL-VPN flaw as a zero-day in
October. (to
the original material)
- Cisco fixes SQL Injection
flaw in Unified CM. (to
the original material)
- Moving Target Defense -
how a military strategy translates to the cybersecurity
world [Q&A]. (to
the original material)
- For Would-Be Censors and
the Thin-Skinned, Copyright Law Offers Powerful Tools. (to
the original material)
- Right to Repair Advocates
Have Had Good Victories. We Have To Keep Fighting. (to
the original material)
- Threat Round up for
January 13 to January 20. (to
the original material)
- Meta’s Lawsuit Against
NSO Goes Forward – The Fight Against NSO Spyware Gains
Strength. (to
the original material)
- How a cloud center of
excellence can bring order to the cloud. (to
the original material)
- Credential stuffing
attack compromises 35K PayPal accounts. (to
the original material)
- Ransomware attack hits
Yum Brands. (to
the original material)
- Zoho ManageEngine flaw
under active exploitation. (to
the original material)
- Compromised API-related
breaches on the rise. (to
the original material)
- Novel Hook Android
malware emerges. (to
the original material)
- Updated Roaming Mantis
malware involves DNS changer. (to
the original material)
- Third-party risks: What
organizations face. (to
the original material)
- Buying SASE: Questions to
ask vendors before you commit. (to
the original material)
- WhatsApp Hit with €5.5m
fine for GDPR Violations. (to
the original material)
- "Workarounds" Helped
Royal Mail Resume Shipping After Ransomware Attack. (to
the original material)
- Phishers Use Blank Images
to Disguise Malicious Attachments. (to
the original material)
- API Attacker Steals Data
on 37 Million T-Mobile Customers. (to
the original material)
- Massive Credential
Stuffing Campaign Hits 35,000 PayPal Users. (to
the original material)
- ISMG Editors: Why Is
LockBit Ransomware Group So Prolific? (to
the original material)
- Fortinet VPN Flaw Shows
Pitfalls of Security Appliances. (to
the original material)
- Hostile Takeover: Kraken
Hacks Rival Darknet Market Solaris. (to
the original material)
- eSentire CEO Kerry Bailey
on Using XDR to Cut Business Risk. (to
the original material)
- FAA Says No Evidence of
Cyberattack in NOTAM Outage. (to
the original material)
- The Persisting Risks
Posed by Legacy Medical Devices. (to
the original material)
- Securing the SaaS Layer.
(to
the original material)
- New infosec products of
the week: January 20, 2023. (to
the original material)
- Enterprises remain
vulnerable through compromised API secrets. (to
the original material)
- The Week in Ransomware -
January 20th 2023 - Targeting Crypto Exchanges. (to
the original material)
- Over 19,000 end-of-life
Cisco routers exposed to RCE attacks. (to
the original material)
- Exploits released for two
Samsung Galaxy App Store vulnerabilities. (to
the original material)
- Critical ManageEngine RCE
bug now exploited to open reverse shells. (to
the original material)
- LAUSD says Vice Society
ransomware gang stole contractors’ SSNs (Social Security
Numbers). (to
the original material)
- New Boldmove Linux
malware used to backdoor Fortinet devices. (to
the original material)
19.01.2023
- News
from cyber security.
- Cybersecurity news of the
week (19.01.2023). (to
the original material)
- Cybersecurity Awareness
Raising: Peek Into the ENISA-Do-It-Yourself Toolbox. (to
the original material)
- CISA Releases One
Industrial Control Systems Advisory. (to
the original material)
- How to set up parental
controls on your child's new smartphone. (to
the original material)
- Tech support scammers are
still at it: Here’s what to look out for in 2023. (to
the original material)
- Experts released PoC
exploit for critical Zoho ManageEngine RCE flaw. (to
the original material)
- Critical Microsoft Azure
RCE flaw impacted multiple services. (to
the original material)
- Mailchimp discloses a new
security breach, the second one in 6 months. (to
the original material)
- US CISA adds Centos Web
Panel RCE CVE-2022-44877 to its Known Exploited
Vulnerabilities Catalog. (to
the original material)
- Five security trends to
look out for in 2023. (to
the original material)
- Vulnerable WordPress
Sites Compromised with Different Database Infections. (to
the original material)
- New Linux malware up 50
percent in 2022. (to
the original material)
- New marketplace offers
downloadable threat models for free. (to
the original material)
- Telegram – “secret”?
Yeah, right. (to
th original material)
- Fair Use Creep Is A
Feature, Not a Bug. (to
the original material)
- Have You Tried Turning It
Off and On Again: Rethinking Tech Regulation and Creative
Labor. (to
the original material)
- EFF Warns Supreme Court
That Users’ Speech is at Stake When Increasing Platforms’
Liability. (to
the original material)
- Threat Source newsletter
(Jan. 19, 2023): Talent retention and institutional
knowledge. (to
the original material)
- Vulnerability Spotlight:
XSS vulnerability in Ghost CMS. (to
the original material)
- Adopt a ‘GDPR Everywhere’
strategy. (to
the original material)
- Magento vulnerability
patch evaded by vendors. (to
the original material)
- Netcomm, TP-Link routers
impacted by critical bugs. (to
the original material)
- ICS espionage, disruption
likely with GE Proficy Historian flaws. (to
the original material)
- Solaris darknet market
hacked. (to
the original material)
- Data breach impacts
Mailchimp. (to
the original material)
- Ukrainian news agency
ransomware attack tied to Sandworm operation. (to
the original material)
- Roaming Mantis' Hacking
Campaign Adds DNS Changer to Mobile App. (to
the original material)
- ThreatModeler Makes
DevSecOps More Accessible With New Marketplace. (to
the original material)
- Mailchimp Hit By Another
Data Breach Following Employee Hack. (to
the original material)
- Ransomware Payments Fall
by 40% in 2022. (to
the original material)
- Over a Third of Recent
ICS Bugs Still Have No Vendor Patch. (to
the original material)
- FTX: Over $400m Stolen
from Bankrupt Exchange. (to
the original material)
- Crypto-Exchange Used to
Launder Ransomware Transactions Dismantled. (to
the original material)
- Hundreds of Malicious
Packages Found in npm Registry. (to
the original material)
- T-Mobile Says Hackers
Stole Data of 37 Million Customers. (to
the original material)
- BitKeep to Reimburse
Hacking Victims by March. (to
the original material)
- VA Hospital 'High-Risk'
Vulnerability Unaddressed for Years. (to
the original material)
- BlueVoyant CEO on How to
Remediate Supply Chain Defense Bugs. (to
the original material)
- Managing the Risk of
Ransomware in the Digital Supply Chain. (to
the original material)
- Chinese APT Targets
Iranian Government Organizations. (to
the original material)
- PayPal Accounts Succumb
to Credential Stuffing Attack. (to
the original material)
- Lessons to Learn From
CircleCI's Breach Investigation. (to
the original material)
- Victims' Known Ransom
Payments to Ransomware Groups Decline. (to
the original material)
- Critical RCE
vulnerabilities found in git (CVE-2022-41903,
CVE-2022-23251). (to
the original material)
- Cyber insurance can
offset the risks of potential breaches. (to
the original material)
- EU cyber resilience
regulation could translate into millions in fines. (to
the original material)
- New 'Hook' Android
malware lets hackers remotely control your phone. (to
the original material)
- T-Mobile hacked to steal
data of 37 million accounts in API data breach. (to
the original material)
- Ransomware gang steals
data from KFC, Taco Bell, and Pizza Hut brand owner. (to
the original material)
- Roaming Mantis’ Android
malware adds DNS changer to hack WiFi routers. (to
the original material)
- Exploit released for
critical ManageEngine RCE bug, patch now. (to
the original material)
- PayPal accounts breached
in large-scale credential stuffing attack. (to
the original material)
- New 'Blank Image' attack
hides phishing scripts in SVG files. (to
the original material)
- Ransomware profits drop
40% in 2022 as victims refuse to pay. (to
the original material)
18.01.2023
- News
from cyber security.
- Mozilla Releases Security
Updates for Firefox. (to
the original material)
- Two critical flaws
discovered in Git source code version control system. (to
the original material)
- A couple of bugs can be
chained to hack Netcomm routers. (to
the original material)
- Myrocket HR platform’s
data leak turns into privacy nightmare for employees. (to
the original material)
- Experts found SSRF flaws
in four different Microsoft Azure services. (to
the original material)
- GPT to drive next wave of
AI phishing attacks. (to
the original material)
- New solution secures
encrypted data for a post-quantum world. (to
the original material)
- Open Data and the AI
Black Box. (to
the original material)
- Four ways to level-up a
company’s security awareness. (to
the original material)
- Thousands of Sophos
Firewall devices at risk of RCE attacks. (to
the original material)
- GitHub Codespaces
exploitable for malware delivery. (to
the original material)
- Microsoft 365 security
bypassed by DHL-spoofing phishing attack. (to
the original material)
- Nearly 1,000 shipping
vessels impacted by DNV ransomware attack. (to
the original material)
- Third-party breach hits
Nissan North America. (to
the original material)
- Sharp decline in
compromised payment records for sale reported. (to
the original material)
- Children’s
privacy-related bills mulled by state lawmakers. (to
the original material)
- Period tracking apps’
adherence to privacy laws sought by new Washington state
legislation. (to
th original material)
- National Digital
Reserve Corps sought by new legislation. (to
the original material)
- Stealthy malware
distribution involves polyglot files. (to
the original material)
- AI to be increasingly
used for more sophisticated deep fakes. (to
the original material)
- Cybersecurity concerns
of 5G expansion emphasized by FCC Chair. (to
the original material)
- Congress urged to renew
intelligence authorities. (to
the original material)
- Chinese APT Group Vixen
Panda Targets Iranian Government Entities. (to
the original material)
- Over Four Billion
People Affected By Internet Censorship in 2022. (to
the original material)
- 1000 Shipping Vessels
Impacted by Ransomware Attack. (to
the original material)
- ChatGPT Creates
Polymorphic Malware. (to
the original material)
- #WEF23: Geopolitical
Instability Means a Cyber "Catastrophe" is Imminent. (to
the original material)
- Almost Half of Critical
Manufacturing at Risk of Breach. (to
the original material)
- Nissan Supplier Leaked
Data on Thousands of Customers. (to
the original material)
- FinServ Firms See 81%
Surge in Attacks Since Russia-Ukraine War. (to
the original material)
- European Businesses
Admit Major Privacy Skills Gap. (to
the original material)
- Ransomware Remains Top
Cyberthreat, Former NCSC Chief Says. (to
the original material)
- Ukraine: Russians Aim
to Destroy Information Infrastructure. (to
the original material)
- Health Entities Should
Vet Risks of ChatGPT Use. (to
the original material)
- Crypto Exchange Founder
Charged With Enabling Illegal Funds. (to
the original material)
- Ransomware Picture:
Volume of Known Attacks Remains Constant. (to
the original material)
- Sophos to Lay Off 10%
of Workers Amid Shift to MDR Services. (to
the original material)
- Jeremy Grant: Why the
US Government Embraced FIDO (Fast
IDentity Online) Standards. (to
the original material)
- Vulnerable NetComm
routers and a public PoC exploit (CVE-2022-4873,
CVE-2022-4874). (to
the original material)
- Global instability
increases cyber risk, says World Economic Forum. (to
the original material)
- Google ads increasingly
pointing to malware. (to
the original material)
- How data protection is
evolving in a digital world. (to
the original material)
- MailChimp discloses new
breach after employees got hacked. (to
the original material)
- Ukraine links
data-wiping attack on news agency to Russian hackers. (to
the original material)
- Illegal Solaris darknet
market hijacked by competitor Kraken. (to
the original material)
- Bitzlato crypto
exchange seized for ransomware, drugs money laundering. (to
the original material)
- New York man defrauded
thousands using credit cards sold on dark web. (to
the original material)
- Product Security
Incident Response: Key Strategies and Best Practices. (to
the original material)
17.01.2023
- News
from cyber security.
- CISA Adds One Known
Exploited Vulnerability to Catalog. (to
the original material)
- CISA Updates Best
Practices for Mapping to MITRE ATT&CK®. (to
the original material)
- CISA Releases Four
Industrial Control Systems Advisories. (to
the original material)
- Vulnerability Summary for
the Week of January 9, 2023. (to
the original material)
- The doctor is waiting for
you in his office … online: tips for using telemedicine
services safely. (to
the original material)
- Top 10 Venmo scams: Don’t
fall for these common tricks. (to
the original material)
- 1,000 ships impacted by a
ransomware attack on maritime software supplier DNV. (to
the original material)
- How to abuse GitHub
Codespaces to deliver malicious content. (to
the original material)
- Patch your Zoho
ManageEngine instance immediately! PoC Exploit for
CVE-2022-47966 will be released soon. (to
the original material)
- Fortinet observed three
rogue PyPI packages spreading malware. (to
the original material)
- Managing Asset Risks
During Healthcare M&As. (to
the original material)
- Is WordPress Secure? (to
the original material)
- Digital Rights Updates
with EFFector 35.1. (to
the original material)
- Calling all cyber
companies: SC Awards entry period is open. (to
the original material)
- Why a hybrid approach can
help mitigate DDoS attacks. (to
the original material)
- GhostSec’s claimed ICS
ransomware attack questioned. (to
the original material)
- Cyberattack against
German university claimed by Vice Society. (to
the original material)
- Lazarus moves nearly $64M
in stolen funds from Harmony hack. (to
the original material)
- More PyPI packages
distribute infostealers. (to
the original material)
- Novel Hive malware
kit-based backdoor emerges. (to
the original material)
- Medibank sought to
provide compensation for data breach. (to
the original material)
- Europol cracks down
crypto call center fraud. (to
the original material)
- Facility control systems
prioritized in new ‘Hack the Pentagon’ program installment.
(to
the original material)
- CISA: Several ICS
products impacted by critical flaws. (to
the original material)
- ‘Spray and pray’ attacks
likely with Zoho ManageEngine RCE bug. (to
the original material)
- Russian mobilization
concerns exploited in new phishing campaign. (to
the original material)
- ODIN Intelligence website
hacked. (to
the original material)
- Cyberattack compromises
largest Canadian alcohol retailer’s site. (to
the original material)
- EyeSpy spyware
distributed via malicious VPN installers. (to
the original material)
- Critical Cacti
vulnerability leveraged for malware deployment. (to
the original material)
- Attempted exploitation of
critical Control Web Panel bug underway. (to
the original material)
- Voyager Labs sued by Meta
for user data scraping, fake accounts. (to
the original material)
- Ukrainian, NATO country
entities targeted by pro-Russian DDoS attacks. (to
the original material)
- Data breach impacts
NortonLifeLock. (to
the original material)
- Exchange servers targeted
by Cuba ransomware with OWASSRF vulnerability. (to
the original material)
- Patched Fortinet SSL-VPN
flaw leveraged to compromise government networks. (to
the original material)
- New IcedID malware attack
targeted at Active Directory domain. (to
the original material)
- Royal Mail compromised by
LockBit ransomware gang. (to
the original material)
- Record high illicit
cryptocurrency volumes reported in 2022. (to
the original material)
- Threema’s downplayed
reaction to security analysis criticized. (to
the original material)
- Multiple flaws discovered
in Siemens PLCs. (to
the original material)
- Report: SSE with public
cloud preferred by most companies. (to
the original material)
- New Intel solution to
provide confidential computing for virtual machines. (to
the original material)
- Security risks of ChatGPT
and other AI text generators. (to
the original material)
- Vice Society Claims
Ransomware Attack Against University of Duisburg-Essen. (to
the original material)
- Researchers Warn Against
Zoho ManageEngine Exploit Attacks. (to
the original material)
- Three-Quarters of UK
Schools Have Experienced a Cyber Incident. (to
the original material)
- Earth Bogle Group Targets
Middle East With NjRAT, Geopolitical Lures. (to
the original material)
- Russia's Ukraine War
Drives 62% Slump in Stolen Cards. (to
the original material)
- GDPR Fines Surge 168% in
a Year. (to
the original material)
- Initial Access Broker
Activity Doubles in a Year. (to
the original material)
- 'Hack the Pentagon'
Hackers Will Literally Hack the Pentagon. (to
the original material)
- BlackCat, Royal Among
Most Worrisome Threats to Healthcare. (to
the original material)
- Privacy Fines: GDPR
Sanctions Last Year Surged to $3 Billion. (to
the original material)
- Australian Law Firms
Cooperate in Medibank Litigation. (to
the original material)
- Microsoft Exec on Why
FIDO Authentication Beats Certificates. (to
the original material)
- LockBit Ransomware
Group's Big Liability: 'Ego-Driven CEO'. (to
the original material)
- How Cyberattacks Affect
CISOs. (to
the original material)
- PoC for critical
ManageEngine bug to be released, so get patching!
(CVE-2022-47966). (to
the original material)
- Training, endpoint
management reduce remote working cybersecurity risks. (to
the original material)
- Git patches two critical
remote code execution security flaws. (to
the original material)
- Hackers push malware via
Google search ads for VLC, 7-Zip, CCleaner. (to
the original material)
- Hackers can use GitHub
Codespaces to host and deliver malware. (to
the original material)
- Over 4,000 Sophos
Firewall devices vulnerable to RCE attacks. (to
the original material)
- IT Burnout may be Putting
Your Organization at Risk. (to
the original material)
- Nissan North America data
breach caused by vendor-exposed database. (to
the original material)
16.01.2023
- News
from cyber security.
- Hybrid commerce: Blurring
the lines between business and pleasure. (to
the original material)
- Avast researchers
released a free BianLian ransomware decryptor for some
variants of the malware. (to
the original material)
- Experts spotted a
backdoor that borrows code from CIA’s Hive malware. (to
the original material)
- T95 Android TV Box sold
on Amazon hides sophisticated malware. (to
the original material)
- Europol arrested
cryptocurrency scammers that stole millions from victims. (to
the original material)
- Major security breach
exposes usernames and passwords of Norton Password Manager
customers. (to
the original material)
- Microsoft releases a
script to restore a 'subset' of shortcuts deleted by rogue
Defender ASR rule. (to
the original material)
- Doxing - another online
danger for women. (to
the original material)
- US Copyright Term
Extensions Have Stopped, But the Public Domain Still Faces
Threats. (to
the original material)
- It’s Copyright Week 2023:
Join Us in the Fight for Better Copyright Law and Policy. (to
the original material)
- Lateral movement: The key
to identity-based attacks. (to
the original material)
- US to Launch Third
Iteration of 'Hack the Pentagon' Bug Bounty Program. (to
the original material)
- CircleCI Confirms Data
Breach Was Caused By Infostealer on Employee Laptop. (to
the original material)
- Qbot Overtakes Emotet in
December 2022's Most Wanted Malware List. (to
the original material)
- Hackers Hijack
NortonLifeLock Customer Accounts. (to
the original material)
- US Court Orders $17m Be
Given to BitConnect Victims. (to
the original material)
- TikTok Fined Over $5m for
Cookie Violations. (to
the original material)
- Rapid7 CEO Corey Thomas
on Targeting Phishing Infrastructure. (to
the original material)
- New Technologies to
Tackle Authorized Payment, Zelle Scams. (to
the original material)
- Attacks on 2 Specialty
Care Providers Affect Nearly 600,000. (to
the original material)
- Norton Password Manager
Accounts at Risk After Attack. (to
the original material)
- Hypr CEO Bojan Simic on
Bringing Passwordless to Edge Cases. (to
the original material)
- How FIDO2 Can Streamline
Passwordless Tech, Account Recovery. (to
the original material)
- Ransomware Attack Affects
1,000 Vessels Worldwide. (to
the original material)
- Phishing 101: How to Not
Fall for a Phishing Attack. (to
the original material)
- Profit at Any
Cost: Why Ransomware Gangs Such as LockBit Lie. (to
the original material)
- CircleCI breach
post-mortem: Attackers got in by stealing engineer’s
session cookie. (to
the original material)
- Cacti servers
under attack by attackers exploiting CVE-2022-46169. (to
the original material)
- 10 data security
enhancements to consider as your employees return to the
office. (to
the original material)
- Post-quantum
cybersecurity threats loom large. (to
the original material)
- Researchers to
release PoC exploit for critical ManageEngine RCE bug,
patch now. (to
the original material)
- MSI breaks Secure
Boot for hundreds of motherboards. (to
the original material)
- Vice Society
ransomware leaks University of Duisburg-Essen’s data. (to
the original material)
- Datadog rotates
RPM signing key exposed in CircleCI hack. (to
the original material)
- Malicious
‘Lolip0p’ PyPi packages install info-stealing malware. (to
the original material)
- Avast releases
free BianLian ransomware decryptor. (to
the original material)
15.01.2023
- News
from cyber security.
- 1.7 TB of data stolen
from digital intelligence firm Cellebrite leaked online. (to
the original material)
- Hacker stole credit cards
from the website of Canada’s largest alcohol retailer LCBO
(Canadian Liquor Control Board of Ontario). (to
the original material)
- Security Affairs
newsletter Round 402 by Pierluigi Paganini. (to
the original material)
- Meta Sues
Scraping-for-Hire Provider, Closes 60,000 Accounts. (to
the original material)
- Week in review: ChatGPT
as an infosec assistant, Google offers help to EU
cybersecurity startups. (to
the original material)
- Hackers exploit
Cacti critical bug to install malware, open reverse
shells. (to
the original material)
- TikTok slapped
with $5.4 million fine over cookie opt-out feature. (to
the original material)
14.01.2023
- News
from cyber security.
- Most internet-exposed
Cacti servers exposed to hacking. (to
the original material)
- French CNIL (Commission
Nationale de l’Informatique et des Libertés)
fined Tiktok $5.4 Million for violating cookie laws. (to
the original material)
- EFF-Austin: Digital
Privacy At The Texas Legislature. (to
the original material)
- CircleCI's hack caused by
malware stealing engineer's 2FA-backed session. (to
the original material)
- Brave browser’s new
Snowflake feature help bypass Tor blocks. (to
the original material)
- Canada's largest alcohol
retailer's site hacked to steal credit cards. (to
the original material)
13.01.2023
- News
from cyber security.
- World's Weakest
Passwords: What to do if your password is on this list? (to
the original material)
- APT group trojanizes
Telegram app – Week in security with Tony Anscombe. (to
the original material)
- NortonLifeLock: threat
actors breached Norton Password Manager accounts. (to
the original material)
- Pro-Russia group
NoName057(16) targets Ukraine and NATO countries. (to
the original material)
- LockBit ransomware
operation behind the Royal Mail cyberattack. (to
the original material)
- Threat actors target govt
networks exploiting Fortinet SSL-VPN CVE-2022-42475 bug. (to
the original material)
- Below the Surface:
Cybersecurity trends to watch in 2023. (to
the original material)
- Webinar: Simplify Zero
Trust Deployment in AWS. (to
the original material)
- Open banking remains a
closed book for most consumers. (to
the original material)
- Addressing the challenge
of cybersecurity infrastructure fragmentation [Q&A]. (to
the original material)
- Threema vulnerabilities,
and which instant messenger has the best protection? (to
the original material)
- Threat Round up for
January 6 to January 13. (to
the original material)
- Vulnerability Spotlight:
Integer and buffer overflow vulnerabilities found in QT QML.
(to
the original material)
- Database encryption takes
work, but it’s achievable. (to
the original material)
- Old Intel driver
vulnerability exploited to evade security systems. (to
the original material)
- Cyberattack link to FAA
outage dismissed by White House. (to
the original material)
- Energy infrastructure
cybersecurity legislation introduced. (to
the original material)
- Critical flaws found in
Cisco small business routers. (to
the original material)
- Royal Mail disrupted by
‘cyber incident’. (to
the original material)
- Bay Bridge Administrators
data breach hits more than 251K individuals. (to
the original material)
- Pro-Russian Hacktivist
Group Targets Czech Presidential Election. (to
the original material)
- Russian Hackers Try to
Bypass ChatGPT's Restrictions For Malicious Purposes. (to
the original material)
- Cisco Warns of Critical
Vulnerability in End-of-Life Routers. (to
the original material)
- Royal Mail's Attackers
Linked to Russia-Backed LockBit. (to
the original material)
- Euro Police Bust
Multimillion-Dollar Crypto Fraud Gang. (to
the original material)
- Illegal Crypto
Transaction Volumes Hit All-Time High. (to
the original material)
- Millions of Insurance
Customers Compromised Via Supplier. (to
the original material)
- Patched Chromium
Vulnerability Allowed File Theft. (to
the original material)
- Medical Imaging Firm
Faces 2 Class Actions in 2022 Breach. (to
the original material)
- Preparing for the 'Fifth
Generation of Ransomware'. (to
the original material)
- French CNIL Fines TikTok
5 Million Euros for Cookie Policies. (to
the original material)
- Contrast CEO on Why It's
Tough to Guard Open-Source Software. (to
the original material)
- ISMG Editors: Impact of
Fragmented Russian Darknet Market. (to
the original material)
- LockBit Tries to Distance
Itself From Royal Mail Attack. (to
the original material)
- 3 Cyber Risks in the Era
of Musk and Twitter. (to
the original material)
- LockBit Tries to Distance
Itself From Royal Mail Attack. (to
the original material)
- Vulnerabilities in
cryptographic libraries found through modern fuzzing. (to
the original material)
- FortiOS flaw was
exploited to compromise governmental targets
(CVE-2022-42475). (to
the original material)
- 70% of apps contain at
least one security flaw after 5 years in production. (to
the original material)
- The Week in Ransomware -
January 13th 2023 - LockBit in the spotlight. (to
the original material)
- PoC exploits released for
critical bugs in popular WordPress plugins. (to
the original material)
- NortonLifeLock warns that
hackers breached Password Manager accounts. (to
the original material)
12.01.2023
- News
from cyber security.
- Juniper Networks Releases
Security Updates for Multiple Products. (to
the original material)
- Drupal Releases Security
Update to Address Vulnerability in Private Taxonomy Terms. (to
the original material)
- CISA Releases Twelve
Industrial Control Systems Advisories. (to
the original material)
- CloudSek launches free
security tool that helps users win bug bounty. (to
the original material)
- Cybersecurity spending
and economic headwinds in 2023. (to
the original material)
- Meta’s Tracking Woes
Confirmed As It Intensifies Its Battle For Control Of The
EU’s GDPR. (to
the original material)
- Reading Is Cool Again.
The Reason? Social Media. (to
the original material)
- How to instrument system
applications on Android stock images. (to
the original material)
- Global Risks Report:
Understand the risk landscape in 2023 and beyond. (to
the original material)
- Cisco won’t fix router
flaws even though PoC exploit is available (CVE-2023-20025,
CVE-2023-20026). (to
the original material)
- 6 oversights that enable
data breaches. (to
the original material)
- Threat actors actively
exploit Control Web Panel RCE following PoC release. (to
the original material)
- Threat actors claim
access to Telegram servers through insiders. (to
the original material)
- Twitter: 200M dataset was
not obtained through the exploitation of flaws in its
systems. (to
the original material)
- Social marketplace
Trustanduse exposes nearly half a million users. (to
the original material)
- LockBit Ransomware Group
Reportedly Behind Royal Mail Attack. (to
the original material)
- Giving Patients Easy
Access to Health Info: A Balancing Act. (to
the original material)
- Gootkit Malware Found
Targeting Australian Healthcare Sector. (to
the original material)
- US and Japan Pledge
Deepened Cyberspace Collaboration. (to
the original material)
- Healthcare CISO Group
Focuses on Third-Party Risk Challenges. (to
the original material)
- Twitter: Latest Dump Has
'Already Publicly Available' Data. (to
the original material)
- Cloudflare integration
with Microsoft focuses on zero trust for remote
environments. (to
the original material)
- A third of companies
don’t offer cybersecurity training to remote workers. (to
the original material)
- There’s no such thing as
‘100% security’. (to
the original material)
- Critical vulnerabilities
in Siemens PLC devices could allow bypass of protected boot
features (CVE-2022-38773). (to
the original material)
- Global Risks Report:
Understand the risk landscape in 2023 and beyond. (to
the original material)
- Cisco won’t fix router
flaws even though PoC exploit is available (CVE-2023-20025,
CVE-2023-20026). (to
the original material)
- 6 oversights that enable
data breaches. (to
the original material)
- Hackers exploit Control
Web Panel flaw to open reverse shells. (to
the original material)
- Royal Mail cyberattack
linked to LockBit ransomware operation. (to
the original material)
- RAT malware campaign
tries to evade detection using polyglot files. (to
the original material)
- Microsoft: Exchange
Server 2013 reaches end of support in 90 days. (to
the original material)
- Android TV box on Amazon
came pre-installed with malware. (to
the original material)
- Microsoft: Cuba
ransomware hacking Exchange servers via OWASSRF flaw. (to
the original material)
- MetaMask warns of new
'Address Poisoning' cryptocurrency scam. (to
the original material)
- European police takes
down call centers behind cryptocurrency scams. (to
the original material)
- Vice Society ransomware
claims attack on Australian firefighting service. (to
the original material)
- Fortinet: Govt networks
targeted with now-patched SSL-VPN zero-day. (to
the original material)
- Introducing IPyIDA: A
Python plugin for your reverse‑engineering toolkit. (to
the original material)
- How to Fix “There Has
Been a Critical Error on This Website” in WordPress. (to
the original material)
- Almost half of people
think cyberattackers shouldn't be prosecuted -- provided
they hand back some of their proceeds. (to
the original material)
- New Year’s resolutions
for a secure 2023. (to
the original material)
- Threat Source newsletter
(Jan. 12, 2023): Did ChatGPT write our newsletter? (to
the original material)
- How to Stay Safe When
Working Remotely. (to
the original material)
- Can Websites & Apps
Track Your Phone? (to
the original material)
11.01.2023
- News
from cyber security.
- NCSC-UK Releases Guidance
on Using MSP for Administering Cloud Services. (to
the original material)
- Cybersecurity Trends
2023: How we can protect the hybrid lifestyle. (to
the original material)
- Now you can legally
repair your tech – sort of. (to
the original material)
- Secured.22: Optimize
SD-WAN and SASE adoption. (to
the original material)
- How to improve
communication between information security staff and
management. (to
the original material)
- LABScon Replay | Blasting
Event-Driven Cornucopia: WMI-based User-Space Attacks Blind
SIEMs and EDRs. (to
the original material)
- Cybercriminals bypass
Windows security with driver-vulnerability exploit. (to
the original material)
- Timeline of the latest
LastPass data breaches. (to
the original material)
- Crypto audit of Threema
revealed many vulnerabilities. (to
the original material)
- Google is calling EU
cybersecurity founders. (to
the original material)
- Attackers abuse
business-critical cloud apps to deliver malware. (to
the original material)
- Organizations are
adopting SSE technology to secure hybrid work. (to
the original material)
- Royal Mail is suffering
service disruption due to a ‘cyber incident’. (to
the original material)
- Gootkit Loader campaign
targets Australian Healthcare Industry. (to
the original material)
- US CISA adds MS Exchange
bug CVE-2022-41080 to its Known Exploited Vulnerabilities
Catalog. (to
the original material)
- Microsoft Patch Tuesday
for January 2023 fixed actively exploited zero-day. (to
the original material)
- Ransomware Group Behind
Victoria Fire Department Outage. (to
the original material)
- The Guardian Says Hackers
Accessed UK Employee Data. (to
the original material)
- Why Hackers Are Going
'Downmarket' in Their Attacks. (to
the original material)
- Microsoft's First 2023
Patch Tuesday Fixes 0-Day, 98 Vulns. (to
the original material)
- Organizationwide
Passwordless Orchestration. (to
the original material)
- US Flights Resume After
Reported Computer Glitch Resolved. (to
the original material)
- Darknet Markets Using
Custom Android Apps for Fulfillment. (to
the original material)
- Aflac, Zurich
Policyholders in Japan Affected by Data Leaks. (to
the original material)
- Flaws found in nearly a
third of applications on the first scan. (to
the original material)
- USPTO awards seven new
authentication patents to SecureAuth. (to
the original material)
- Observability, hybrid IT
and secure software development: Three trends that defined
2022. (to
the original material)
- What CISOs don’t know
about their SOCs. (to
the original material)
- Crypto audit of Threema
revealed many vulnerabilities. (to
the original material)
- Google is calling EU
cybersecurity founders. (to
the original material)
- Attackers abuse
business-critical cloud apps to deliver malware. (to
the original material)
- Organizations are
adopting SSE technology to secure hybrid work. (to
the original material)
- Scattered Spider hackers
use old Intel driver to bypass security. (to
the original material)
- Twitter claims leaked
data of 200M users not stolen from its systems. (to
the original material)
- Threema claims encryption
flaws never had a real-world impact. (to
the original material)
- Cisco warns of auth
bypass bug with public exploit in EoL routers. (to
the original material)
- Gootkit malware abuses
VLC to infect healthcare orgs with Cobalt Strike. (to
the original material)
- Royal Mail halts
international services after cyberattack. (to
the original material)
- New Dark Pink APT group
targets govt and military with custom malware. (to
the original material)
- Apps gain more security
flaws as they get older. (to
the original material)
- Personal details account
for almost half of stolen data. (to
the original material)
- AI-generated texts could
increase threat exposure. (to
the original material)
- The KB5022287 and
KB5022303 updates feature important security fixes for
Windows 11. (to
the original material)
- Microsoft releases
security-boosting, bug-fixing KB5022282 and KB5022286
Windows 10 updates, the first of 2023. (to
the original material)
10.01.2023
- News
from cyber security.
- Adobe Releases Security
Updates for Multiple Products. (to
the original material)
- Microsoft Releases
January 2023 Security Updates. (to
the original material)
- CISA Adds Two Known
Exploited Vulnerabilities to Catalog. (to
the original material)
- CISA Releases Two
Industrial Control Systems Advisories. (to
the original material)
- StrongPity espionage
campaign targeting Android users. (to
the original material)
- What is Red Teaming &
How it Benefits Orgs. (to
the original material)
- Podcast: Don’t miss these
timely software security tips. (to
the original material)
- How scammers steal
cryptocurrency from Twitter users. (to
the original material)
- Bad Paths & The
Importance of Using Valid URL Characters. (to
the original material)
- Study shows attackers can
use ChatGPT to significantly enhance phishing and BEC scams.
(to
the original material)
- Data leak exposes
information of 10,000 French social security beneficiaries.
(to
the original material)
- Intel boosts VM security,
guards against stack attacks in new Xeon release. (to
the original material)
- Beware the Gifts of
Dragons: How D&D’s Open Gaming License May Have Become a
Trap for Creators. (to
the original material)
- Increasing trust,
commitment, and predictability during a remote incident
response. (to
the original material)
- Vulnerability Spotlight:
Asus router access, information disclosure, denial of
service vulnerabilities discovered. (to
the original material)
- Microsoft Patch Tuesday
for January 2023 - Snort rules and prominent
vulnerabilities. (to
the original material)
- APT Topic Summary Report:
Cisco Talos Year in Review 2022. (to
the original material)
- Microsoft plugs actively
exploited zero-day hole (CVE-2023-21674). (to
the original material)
- You must build a security
team. Where do you start? (to
the original material)
- Guide: How virtual CISOs
can efficiently extend their services into compliance
readiness. (to
the original material)
- StrongPity APT spreads
backdoored Android Telegram app via fake Shagle site. (to
the original material)
- Zoom Rooms was affected
by four “high” severity vulnerabilities. (to
the original material)
- Remote code execution bug
discovered in the popular JsonWebToken library. (to
the original material)
- Kinsing malware targets
Kubernetes environments via misconfigured PostgreSQL. (to
the original material)
- Danish Banks Are Targets
of Pro-Russian DDoS Hacking Group. (to
the original material)
- Analysis: Third-Party
Health Data Breaches Dominated in 2022. (to
the original material)
- Mango Markets Hacker in
US Regulator's Crosshairs. (to
the original material)
- Misconfigured PostgreSQL
Used to Target Kubernetes Clusters. (to
the original material)
- How Poor Vendor Practices
Lead to Major Health Data Breaches. (to
the original material)
- Check Fraud, First-Party
Fraud to Rise in 2023. (to
the original material)
- Finding and Managing the
Risk in your IT Estate: A Comprehensive Overview. (to
the original material)
- 5 Reasons to Consolidate
Your Security Stack. (to
the original material)
- How zero-trust can help
security teams defend against cyberattacks during the
ongoing downturn. (to
the original material)
- The number of cloud apps
delivering malware nearly tripled in 2022. (to
the original material)
- The FCC wants telecoms to
report breaches to feds and customers faster. (to
the original material)
- Buying MDR (Managed
Detection and Response): Quotes from the
experts. (to
the original material)
- Ask these three questions
to prepare for the next cyberattack. (to
the original material)
- Microsoft plugs actively
exploited zero-day hole (CVE-2023-21674). (to
the original material)
- You must build a security
team. Where do you start? (to
the original material)
- Guide: How virtual CISOs
can efficiently extend their services into compliance
readiness. (to
the original material)
- CISA orders agencies to
patch Exchange bug abused by ransomware gang. (to
the original material)
- Over 1,300 fake AnyDesk
sites push Vidar info-stealing malware. (to
the original material)
- Lorenz ransomware gang
plants backdoors to use months later. (to
the original material)
- Trojan Puzzle attack
trains AI assistants into suggesting malicious code. (to
the original material)
- Microsoft January 2023
Patch Tuesday fixes 98 flaws, 1 zero-day. (to
the original material)
- Iowa’s largest school
district cancels classes after cyberattack. (to
the original material)
- StrongPity hackers target
Android users via trojanized Telegram app. (to
the original material)
- In-House vs. External Pen
Testing: Which is Right For Your Organization? (to
the original material)
- Attacks and payments are
down - but don't write off ransomware yet. (to
the original material)
- Microsoft ends Windows 7
extended support today - install all updates now to fix all
known issues... and gain Secure Boot support. (to
the original material)
09.01.2023
- News
from cyber security.
- DNS4EU: The European
Commission plans to launch an alternative to the current
public DNS. (to
the original material)
- Warnings about phishing
traps at the beginning of the year. (to
the original material)
- Vulnerability Summary for
the Week of January 2, 2023. (to
the original material)
- Children and their first
mobile devices: how to approach the security of your child's
first smartphone as a parent. (to
the original material)
- Cracked it! Highlights
from KringleCon 5: Golden Rings. (to
the original material)
- Hybrid work: Turning
business platforms into preferred social spaces. (to
the original material)
- Gootkit Loader Actively
Targets Australian Healthcare Industry. (to
the original material)
- 9th January – Threat
intelligence report. (to
the original material)
- Software supply chain
security improving. (to
the original material)
- Will quantum computers
break RSA encryption in 2023? (to
the original material)
- If governments are
banning TikTok, why is it still on your corporate devices? (to
the original material)
- 11 top XDR tools and how
to evaluate them. (to
the original material)
- EFF and Partners Call Out
Threats to Free Expression in Draft Text as UN Cybersecurity
Treaty Negotiations Resume. (to
the original material)
- What is My SSID &
Should I Hide It? (to
the original material)
- Louisiana Mandates ID
Verification for Viewing Adult Material Online. (to
the original material)
- Rackspace ransomware
attack was executed by using previously unknown security
exploit. (to
the original material)
- Airline company Air
France-KLM discloses security breach. (to
the original material)
- Phishing campaign targets
government institutions in Moldova. (to
the original material)
- Russia-linked Cold River
APT targeted US nuclear research laboratories. (to
the original material)
- Resecurity Released a
Status Report on Drug Trafficking in the Dark Web
(2022-2023). (to
the original material)
- Qualcomm Snapdragon flaws
impact Lenovo, Microsoft, Lenovo, and Samsung devices. (to
the original material)
- inSicurezzaDigitale
launches the Dashboard Ransomware Monitor. (to
the original material)
- Hive Claims
Responsibility for Attack on Nursing Home Chain. (to
the original material)
- Colonoscopy Prep Retail
Website Breach Festered for Years. (to
the original material)
- ChatGPT Showcases Promise
of AI in Developing Malware. (to
the original material)
- Steps to Strengthen Cloud
Security. (to
the original material)
- Regulator Eyes Revamped
Data Breach Reporting Requirements. (to
the original material)
- Mastering the Art of
Attack Surface Management. (to
the original material)
- Trend Micro creates
CTOne, a new subsidiary focused on 5G security. (to
the original material)
- AWS says it will now
encrypt S3 buckets by default. (to
the original material)
- Supreme Court denies
NSO Group appeal; Meta’s spyware claims lawsuit can
proceed. (to
the original material)
- MDR: What to know
before you buy, part 1. (to
the original material)
- MDR: What to know
before you buy, part 2. (to
the original material)
- 2023: The year CISOs
and DPOs (data privacy officers) will stop making
assumptions. (to
the original material)
- Rackspace ransomware
attack was executed by using previously unknown security
exploit. (to
the original material)
- Microsoft: Kubernetes
clusters hacked in malware campaign via PostgreSQL. (to
the original material)
- Darknet drug markets
move to custom Android apps for increased privacy. (to
the original material)
- GitHub makes it easier
to scan your code for vulnerabilities. (to
the original material)
- Auth0 fixes RCE flaw in
JsonWebToken library used by 22,000 projects. (to
the original material)
- Fake OnlyFans dating
sites abuse UK Environment Agency open redirect. (to
the original material)
08.01.2023
- News
from cyber security.
- Russian and Belarusian
men charged with spying for Russian GRU. (to
the original material)
- Dridex targets MacOS
users with a new delivery technique. (to
the original material)
- Security Affairs
newsletter Round 401 by Pierluigi Paganini. (to
the original material)
- UN to Hold Hearing on
Proposed Cybercrime Treaty. (to
the original material)
- Hackers push fake Pokemon
NFT game to take over Windows devices. (to
the original material)
07.01.2023
- News
from cyber security.
- Chick-fil-A launched an
investigation into “suspicious activity”. (to
the original material)
- IcedID malware campaign
targets Zoom users. (to
the original material)
- Hive Ransomware gang
leaked 550 GB stolen from Consulate Health Care. (to
the original material)
- NFT Developer Charged in
$2.9 Million Fraud Scheme. (to
the original material)
- Malicious PyPi packages
create CloudFlare Tunnels to bypass firewalls. (to
the original material)
- 0patch will keep
releasing security updates for Microsoft Edge on Windows 7,
Server 2008 and Server 2012. (to
the original material)
06.01.2023
- News
from cyber security.
- OPWNAI : Cybercriminals
starting to use ChatGPT. (to
the original material)
- Webinar: Security
awareness training best practices and benefits. (to
the original material)
- The partnership between
Bitdefender and law enforcement leads to the development of
a decryption tool for the MegaCortex ransomware family. (to
the original material)
- 14 UK schools suffer
cyberattack, highly confidential documents leaked. (to
the original material)
- Twitter's mushrooming
data breach crisis could prove costly. (to
the original material)
- Cybersecurity startups to
watch for in 2023. (to
the original material)
- How to Get Secure Wi-Fi
While Traveling. (to
the original material)
- January 2023 Patch
Tuesday forecast: Procrastinate at your own risk. (to
the original material)
- Cloud-native application
adoption puts pressure on appsec teams. (to
the original material)
- Saint Gheorghe Recovery
Hospital in Romania suffered a ransomware attack. (to
the original material)
- Microsoft details
techniques of Mac ransomware. (to
the original material)
- Rackspace: Play
Ransomware gang used a previously unknown exploit to access
its Hosted Exchange email environment. (to
the original material)
- Bitdefender released a
free decryptor for the MegaCortex ransomware. (to
the original material)
- Blind Eagle APT Hunts
Banking Victims in Colombia, Ecuador. (to
the original material)
- Women's Health Clinic
Suffers Breach in Ransomware Attack. (to
the original material)
- How Incentives Could Help
Fuel Healthcare Cyber Investment. (to
the original material)
- Texas County EMS Agency
Says Ransomware Breach Hit 612,000. (to
the original material)
- ISMG Editors: The
Complexity of Rackspace Zero-Day Attack. (to
the original material)
- Rackspace Finds
Ransomware Group Accessed 27 Customers' Data. (to
the original material)
- Expect Hacking, Phishing
After Leak of 200M Twitter Records. (to
the original material)
- Software Engineer Charged
With 'Office Space-Inspired' Fraud. (to
the original material)
- OnDemand I Deploy and
Scale SASE in the Hybrid Cloud World. (to
the original material)
- Trustwave report says
businesses need to get more proactive about ransomware. (to
the original material)
- Android spyware variant
targeting banking information. (to
the original material)
- Four ways to reduce the
risk of third-party breaches. (to
the original material)
- January 2023 Patch
Tuesday forecast: Procrastinate at your own risk. (to
the original material)
- Cloud-native application
adoption puts pressure on appsec teams. (to
the original material)
- The Week in Ransomware -
January 6th 2023 - Targeting Healthcare. (to
the original material)
- Chick-fil-A investigates
reports of hacked customer accounts. (to
the original material)
- Air France and KLM notify
customers of account hacks. (to
the original material)
- VSCode Marketplace can be
abused to host malicious extensions. (to
the original material)
- FCC wants telecom
carriers to report data breaches faster. (to
the original material)
- Amazon S3 will now
encrypt all new data with AES-256 by default. (to
the original material)
05.01.2023
- News
from cyber security.
- 2022 Review: 10 of the
Biggest Cyber Attacks of the Year. (to
the original material)
- Ransomware target list –
Week in security with Tony Anscombe. (to
the original material)
- CISA Releases Three
Industrial Systems Control Advisories. (to
the original material)
- Check Point Research
Reports a 38% Increase in 2022 Global Cyberattacks. (to
the original material)
- BlindEagle targeting
Ecuador with sharpened tools. (to
the original material)
- Stop the swap: How to
secure devices against SIM swapping fraud. (to
the original material)
- Cybersecurity Threat
Advisory: LastPass’ security incident update. (to
the original material)
- How to Find & Remove
Malware From Weebly Sites. (to
the original material)
- Ransomware Roundup –
Monti, BlackHunt, and Putin Ransomware. (to
the original material)
- Attackers create 130K
fake accounts to abuse limited-time cloud computing
resources. (to
the original material)
- NATO tests AI’s ability
to protect critical infrastructure against cyberattacks. (to
the original material)
- The BISO (business
information security officer): bringing security to business
and business to security. (to
the original material)
- Last Chance for U.S.
Federal Employees to Make a Pledge for EFF! (to
the original material)
- Biometric Data Is a
Disaster For Your Privacy – And It May Already Be Used
Against You. (to
the original material)
- Threat Source newsletter
(Jan. 5, 2023): Digging out of our inboxes. (to
the original material)
- Data backup is no longer
just about operational fallback. (to
the original material)
- Threat actors stole Slack
private source code repositories. (to
the original material)
- How hackers might be
exploiting ChatGPT. (to
the original material)
- Zoho urges fixing a
critical SQL Injection flaw in ManageEngine. (to
the original material)
- Irish Data Protection
Commission fined Meta $414 Million. (to
the original material)
- Data of 235 million
Twitter users leaked online. (to
the original material)
- Most Disturbing Health
Data Breach Developments. (to
the original material)
- Lab Fined $16K for Long
Delay in Providing Patient Records. (to
the original material)
- FTC Wants Data Broker's
Lawsuit Dismissed in Privacy Dispute. (to
the original material)
- AML (Anti-Money
Laundering), Cybersecurity Noncompliance Costs Coinbase
$100M. (to
the original material)
- Critical Vulnerabilities
Found in Luxury Cars Now Fixed. (to
the original material)
- Lawsuit Claims LastPass
Breach Caused $53K Bitcoin Theft. (to
the original material)
- Apple Fined 8 Million
Euros for Privacy Violations in France. (to
the original material)
- Netskope Gets $401M in
Debt From Morgan Stanley to Fuel SASE. (to
the original material)
- Data Breach: CircleCI
Says Immediately 'Rotate Your Secrets'. (to
the original material)
- Ransomware 2023: Attack
Trends and Recovery. (to
the original material)
- Third-Party Risk
Management Strategies for Data Breaches. (to
the original material)
- Why Banks Find It Hard to
Tackle Authorized Fraud. (to
the original material)
- On Demand I What's New in
Zero Trust. (to
the original material)
- Why Is Meta Choosing to
Settle Over Cambridge Analytica? (to
the original material)
- OnDemand I Application
Security: The Final Frontier. (to
the original material)
- OnDemand I IoT
infrastructure and Retail Operations Fireside Chat I AMPOL.
(to
the original material)
- Are threat actors gaining
cloud skills faster than enterprises? (to
the original material)
- Hackers went after
personally identifiable information the most, study says. (to
the original material)
- Microsoft Macros: The
sneaky threat looming in files. (to
the original material)
- Data backup is no longer
just about operational fallback. (to
the original material)
- Rackspace: Customer email
data accessed in ransomware attack. (to
the original material)
- Bitdefender releases free
MegaCortex ransomware decryptor. (to
the original material)
- WhatsApp adds proxy
support to help bypass Internet blocks. (to
the original material)
- SpyNote Android malware
infections surge after source code leak. (to
the original material)
- Hackers use CAPTCHA
bypass to make 20K GitHub accounts in a month. (to
the original material)
- Bluebottle hackers used
signed Windows driver in attacks on banks. (to
the original material)
- Slack's private GitHub
code repositories stolen over holidays. (to
the original material)
- CircleCI warns of
security breach - rotate your secrets! (to
the original material)
- How ChatGPT could become
a hacker's friend. (to
the original material)
04.01.2023
- News
from cyber security.
- Fortinet Releases
Security Updates for FortiADC. (to
the original material)
- Vulnerability Summary for
the Week of December 26, 2022. (to
the original material)
- The doctor will see you
now … virtually: Tips for a safe telehealth visit. (to
the original material)
- The Technology Letter:
Check Point CEO Shwed: You don’t pick your battles, they
pick you. (to
the original material)
- Secured.22: Understanding
and recovering from credential and data theft. (to
the original material)
- LABScon Replay |
InkySquid: The Missing Arsenal. (to
the original material)
- Top of Mind Cyber
Solutions to Consider in 2023. (to
the original material)
- Attackers use stolen
banking data as phishing lure to deploy BitRAT. (to
the original material)
- Attackers evolve
strategies to outmaneuver security teams. (to
the original material)
- Critical flaws found in
Ferrari, Mercedes, BMW, Porsche, and other car makers. (to
the original material)
- Database of the
Cricketsocial.com platform left open online. (to
the original material)
- Fortinet fixed multiple
command injection bugs in FortiADC and FortiTester. (to
the original material)
- New shc Linux Malware
used to deploy CoinMiner. (to
the original material)
- US. rail and locomotive
company Wabtec hit with Lockbit ransomware. (to
the original material)
- Leaked Emails of 200M
Twitter Users Now Available for Free. (to
the original material)
- Cyberattack on Records
Vendor Affects Scores of US Counties. (to
the original material)
- CEO Matthew Prince on Why
Cloudflare Got Into Email Security. (to
the original material)
- Irish Privacy Watchdog
Fines Meta 390 Million Euros for Ads. (to
the original material)
- Wabtec Discloses Data
Breach; LockBit Claims Responsibility. (to
the original material)
- Optimal Strategies for
Building Better Collective Defenses. (to
the original material)
- Guardian Newspaper
Offices Still Empty After December Attack. (to
the original material)
- US Attorney's Office Task
Force to Trace Missing FTX Funds. (to
the original material)
- Rackspace Blames Zero-Day
Exploit for Ransomware Hit Success. (to
the original material)
- Exclusive: FDA Leader on
Impact of New Medical Device Law. (to
the original material)
- Wabtec breach linked to
LockBit ransomware group. (to
the original material)
- Life Hope Labs pays OCR
$16K for HIPAA right of access violation. (to
the original material)
- Lessons on cloud security
from the ‘Twitter Whistleblower’. (to
the original material)
- Attackers evolve
strategies to outmaneuver security teams. (to
the original material)
- New SHC-compiled Linux
malware installs cryptominers, DDoS bots. (to
the original material)
- Rackspace confirms Play
ransomware was behind recent cyberattack. (to
the original material)
- 200 million Twitter
users' email addresses allegedly leaked online. (to
the original material)
- Zoho urges admins to
patch severe ManageEngine bug immediately. (to
the original material)
- Hackers abuse Windows
error reporting tool to deploy malware. (to
the original material)
- Toyota, Mercedes, BMW API
flaws exposed owners’ personal info. (to
the original material)
- Meta to fight €390
million fine for breaching EU data privacy laws. (to
the original material)
- 14 Cybersecurity Best
Practices to Instill In Your End-Users. (to
the original material)
03.01.2023
- News
from cyber security.
- Gaming and Holiday
Gifting: How to Manage Security Risks Associated with Gaming
Devices and Online Games. (to
the original material)
- Gaming: How much is too
much for our children? (to
the original material)
- Proposed SEC
cybersecurity rules loom large. (to
the original material)
- What Are Cookies? A Short
Guide to Managing Your Online Privacy. (to
the original material)
- PyTorch suffers supply
chain attack via dependency confusion. (to
the original material)
- Kali Linux: What’s next
for the popular pentesting distro? (to
the original material)
- Security teams expect
breach and incident reporting requirements to create more
work. (to
the original material)
- Synology fixes multiple
critical vulnerabilities in its routers. (to
the original material)
- Canadian Copper Mountain
Mining Corporation (CMMC) shut down the mill after a
ransomware attack. (to
the original material)
- BitRAT campaign relies on
stolen sensitive bank data as a lure. (to
the original material)
- Does Volvo Cars suffer a
new data breach? (to
the original material)
- Ransomware attacks hit
105 US local governments in 2022. (to
the original material)
- BlackCat Spoofs Victim
Website to Leak Stolen Data. (to
the original material)
- Regulators Warn Banks of
Digital Asset Risks. (to
the original material)
- Senior Healthcare Firm
Pays Breach Settlement to States. (to
the original material)
- Sam Bankman-Fried Pleads
'Not Guilty' in Criminal Case. (to
the original material)
- Toronto Hospital Gauges
Whether to Use LockBit Decryptor. (to
the original material)
- Poland Sounds Alarm on
Russian Hacking. (to
the original material)
- Data Management in
Multi-Cloud Environments. (to
the original material)
- A Few Cybersecurity
Stocks Soared in 2022, But Most Stumbled. (to
the original material)
- Top challenges for cloud
security in 2023: managing growing cyberattacks, delivering
visibility, and consolidating tool sprawl. (to
the original material)
- Security robots market
set to more than quadruple by 2030. (to
the original material)
- Introducing ‘Cyber for
Hire,’ a podcast that plays marriage counselor between MSSPs
and clients. (to
the original material)
- Making it easier to
deploy zero-trust for operational technology systems. (to
the original material)
- Kali Linux: What’s next
for the popular pentesting distro? (to
the original material)
- Security teams expect
breach and incident reporting requirements to create more
work. (to
the original material)
- Ongoing Flipper Zero
phishing attacks target infosec community. (to
the original material)
- Over 60,000 Exchange
servers vulnerable to ProxyNotShell attacks. (to
the original material)
- Rail giant Wabtec
discloses data breach after Lockbit ransomware attack. (to
the original material)
- Poland warns of attacks
by Russia-linked Ghostwriter hacking group. (to
the original material)
- BitRAT malware campaign
uses stolen bank data for phishing. (to
the original material)
- Royal ransomware claims
attack on Queensland University of Technology. (to
the original material)
- Synology fixes maximum
severity vulnerability in VPN routers. (to
the original material)
02.01.2023
- News
from cyber security.
- The world’s most common
passwords: What to do if yours is on the list. (to
the original material)
- 2nd January – Threat
intelligence report. (to
the original material)
- Ransomware ecosystem
becoming more diverse for 2023. (to
the original material)
- Data Sanctuary for
Abortion and Trans Health Care: 2022 in Review. (to
the original material)
- A Year in Internet
Surveillance and Resilience: 2022 in Review. (to
the original material)
- Global Cybercrime and
Government Access to User Data Across Borders: 2022 in
Review. (to
the original material)
- The EU Wants 5G Phones on
Airplanes - Will the US Follow Suit? (to
the original material)
- Attackers never let a
critical vulnerability go to waste. (to
the original material)
- SecurityAffairs Top 10
cybersecurity posts of 2022. (to
the original material)
- PyTorch compromised to
demonstrate dependency confusion attack on Python
environments. (to
the original material)
- Pro-Russia cyberattacks
aim at destabilizing Poland, security agency warns. (to
the original material)
- Google will pay $29.5M to
settle two lawsuits over its location tracking practices. (to
the original material)
- Malaysian Agencies
Investigate Alleged Breach Affecting 13M. (to
the original material)
- Flaws in Citrix Servers;
Netgear Issues Critical Advisory. (to
the original material)
- Why a 'Paradigm Shift' is
Required in the SOC (Security Operations Center). (to
the original material)
- Approaching Security with
a 'Business Enablement' Objective. (to
the original material)
- Why Do Ransomware Victims
Pay for Data Deletion Guarantees? (to
the original material)
- Attackers never let a
critical vulnerability go to waste. (to
the original material)
- Ransomware impacts over
200 govt, edu, healthcare orgs in 2022. (to
the original material)
- BleepingComputer's most
popular cybersecurity stories of 2022. (to
the original material)
01.01.2023
- News
from cyber security.
- Fighting for the Digital
Future of Books: 2022 in Review. (to
the original material)
- Seeing Patent Trolls
Clearly: 2022 in Review. (to
the original material)
- Lockbit apologized for
the attack on the SickKids pediatric hospital and releases a
free decryptor. (to
the original material)
- Security Affairs
newsletter Round 400 by Pierluigi Paganini. (to
the original material)
- Ransomware gang cloned
victim’s website to leak stolen data. (to
the original material)
- Ransomware gang
apologizes, gives SickKids hospital free decryptor. (to
the original material)
- PyTorch discloses
malicious dependency chain compromise over holidays. (to
the original material)
Archive:
Click here to access CMS (Content Management System) in Joomla.
Source:
Note Dorin M.
This site has a double
form, one in HTML and one in Joomla (if you are interested
in the utility behind this effort you can read the "Why
a HTML and a CMS (Joomla)" page).
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
Dorin M - January 31,
2023