Study - Technical - LMS-SFC (EN) - Cyber Security - News

Cyber Security - News

Today and Yesterday, in cyber security news - November 2022


19.11.2022 - News from cyber security.

- New attacks use Windows security bypass zero-day to drop malware. (to the original material)

- Simplifying cloud native security for posture management and AppSec. (to the original material)

- DEV-0569 group uses Google Ads to distribute Royal Ransomware. (to the original material)

- Black Friday and Cyber Monday, crooks are already at work. (to the original material)

- New improved versions of LodaRAT spotted in the wild. (to the original material)

18.11.2022 - News from cyber security.

- Data security advice for supporters traveling to Qatar for the World Cup. (to the original material)

- Photos: Cybersecurity marketers gather at Cyber Marketing Con 2022. (to the original material)

- New infosec products of the week: November 18, 2022. (to the original material)

- ODD Platform: Open-source data discovery and observability. (to the original material)

- PCI SSC publishes new standard for mobile payment acceptance solutions. (to the original material)

- Transportation sector targeted by both ransomware and APTs. (to the original material)

- The Week in Ransomware - November 18th 2022 - Rising Operations. (to the original material)

- Exploit released for actively abused ProxyNotShell Exchange bug. (to the original material)

- Researchers secretly helped decrypt Zeppelin ransomware for 2 years. (to the original material)

- US charges BEC suspects with targeting federal health care programs. (to the original material)

- Chinese hackers use Google Drive to drop malware on govt networks. (to the original material)

- Google Search results poisoned with torrent sites via Data Studio. (to the original material)

- Atlassian fixes critical command injection bug in Bitbucket Server. (to the original material)

- PCI Releases New Payment Standards for Mobile Devices. (to the original material)

- ID Agent's Amelia Paro on Why Tech Alone Can't Protect Email. (to the original material)

- Piedmont CISO on Protecting Hospitals in the Age of COVID-19. (to the original material)

- Feds Alert Healthcare, Other Sectors of Growing Hive Threats. (to the original material)

- Ransomware-as-a-Service Market Now Highly Specialized. (to the original material)

- Ransomware: Did Law Enforcement Lose Ground Early On? (to the original material)

- Cybersecurity Analysis of the FTX Crypto Heist: Part 1. (to the original material)

- With FTX's Collapse, Cycle of Cryptocurrency Loss Continues. (to the original material)

- Emotet’s return underscores that some threat groups never go away for good. (to the original material)

- IT pros cite configuration controls, management as top weaknesses of cloud providers. (to the original material)

- AI and open-source intelligence can mitigate ransomware and cryptocurrency risks. (to the original material)

- Atlassian fixed 2 critical flaws in Crowd and Bitbucket products. (to the original material)

- Hive Ransomware extorted over $100M in ransom payments from over 1,300 companies. (to the original material)

- Ongoing supply chain attack targets Python developers with WASP Stealer. (to the original material)

- China-based Fangxiao group behind a long-running phishing campaign. (to the original material)

17.11.2022 - News from cyber security.

- Cybersecurity news of the week (11/17/2022). (to the original material)

- CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain. (to the original material)

- #StopRansomware: Hive. (to the original material)

- CISA Releases Two Industrial Control Systems Advisories. (to the original material)

- Top passwords used in RDP brute-force attacks. (to the original material)

- Open-source tool puts machine learning dataset analysis at data scientists’ fingertips. (to the original material)

- Phishing kit impersonates well-known brands to target US shoppers. (to the original material)

- Microsoft fixes Windows Kerberos auth issues in emergency updates. (to the original material)

- Previously unidentified ARCrypter ransomware expands worldwide. (to the original material)

- FBI: Hive ransomware extorted $100M from over 1,300 victims. (to the original material)

- QBot phishing abuses Windows Control Panel EXE to infect devices. (to the original material)

- F5 fixes two remote code execution flaws in BIG-IP, BIG-IQ. (to the original material)

- ESET rolls out new consumer offerings to improve home security. (to the original material)

- Microsoft urges devs to migrate away from .NET Core 3.1 ASAP. (to the original material)

- U.S. charges Russian suspects with operating Z-Library e-Book site. (to the original material)

- Australia Unveils Plan to Counter Global Cybercrime Problem. (to the original material)

- HHS Needs to Modernize Its Cyber Approach: Watchdog Agency. (to the original material)

- Discord Fined by French CNIL for GDPR Violations. (to the original material)

- Cyberwarfare's Role in the Next National Defense Strategy. (to the original material)

- Amazon Relational Database Service exposing PII via cloud ‘snapshots’. (to the original material)

- Over a third of vulnerabilities reviewed by ethical hackers did not have a CVE (Common Vulnerabilities and Exposures). (to the original material)

- How to determine if your IT environment is ready for SASE. (to the original material)

- Carmakers must start taking cybersecurity more seriously. (to the original material)

- Two public schools in Michigan hit by a ransomware attack. (to the original material)

- Magento and Adobe Commerce websites under attack. (to the original material)

- Tank, the leader of the Zeus cybercrime gang, was arrested by the Swiss police. (to the original material)

- Iran-linked threat actors compromise US Federal Network. (to the original material)

16.11.2022 - News from cyber security.

- Cisco Releases Security Updates for Identity Services Engine. (to the original material)

- Samba Releases Security Updates. (to the original material)

- Mozilla Releases Security Updates for Multiple Products. (to the original material)

- CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network. (to the original material)

- Electronics repair technicians snoop on your data. (to the original material)

- Cloud data protection trends you need to be aware of. (to the original material)

- 5 use cases with a malware sandbox. (to the original material)

- Updated RapperBot malware targets game servers in DDoS attacks. (to the original material)

- Suspected Zeus cybercrime ring leader ‘Tank’ arrested by Swiss police. (to the original material)

- Twitter source code indicates end-to-end encrypted DMs are coming. (to the original material)

- US govt: Iranian hackers breached federal agency using Log4Shell exploit. (to the original material)

- Magento stores targeted in massive surge of TrojanOrders attacks. (to the original material)

- Okta shares fix for issue impacting Microsoft 365 SSO logins. (to the original material)

- DuckDuckGo now lets all Android users block trackers in their apps. (to the original material)

- Misconfigured Server Exposed PHI of 600,000 Inmates. (to the original material)

- Iranian Hacker Group Uses Log4Shell to Cryptojack US Agency. (to the original material)

- Qatar's World Cup Apps Pose Privacy Concerns. (to the original material)

- Ransomware Attackers Don't Take Holidays. (to the original material)

- Arrest of Ukrainian in Cybercrime Case Shows Patience Pays. (to the original material)

- Simplifying Implementation of a Zero Trust Architecture. (to the original material)

- Managing Cyber Risk in a Technology-Dependent World. (to the original material)

- How to punch up your next executive briefing quickly. (to the original material)

- How security teams can defend against BECs. (to the original material)

- F5 fixed 2 high-severity Remote Code Execution bugs in its products. (to the original material)

- Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs. (to the original material)

- New RapperBot Campaign targets game servers with DDoS attacks. (to the original material)

- Beginning 2023 Google plans to rollout the initial Privacy Sandbox Beta. (to the original material)

15.11.2022 - News from cyber security.

- CISA Releases One Industrial Control Systems Advisory. (to the original material)

- SSVC: Prioritization of vulnerability remediation according to CISA. (to the original material)

- As trust in online spaces degrades, Canada bolsters resilience against cyber attacks. (to the original material)

- Critical vulnerability in Spotify’s Backstage discovered, patched. (to the original material)

- Top enterprise email threats and how to counter them. (to the original material)

- North Korean hackers target European orgs with updated malware. (to the original material)

- Google to roll out Privacy Sandbox on Android 13 starting early 2023. (to the original material)

- Researchers release exploit details for Backstage pre-auth RCE bug. (to the original material)

- MFA Fatigue attacks are putting your organization at risk. (to the original material)

- Chinese hackers target government agencies and defense orgs. (to the original material)

- US FTC Delays Safeguards Rule Deadlines by 6 Months. (to the original material)

- FDA Updates Medical Device Cyber Response Playbook. (to the original material)

- Hospital CISO on Why Hackers Pursue Research, Pediatric Data. (to the original material)

- Twitter Two-Factor Authentication Has a Vulnerability - Updated. (to the original material)

- Pro-Moscow Nuisance Hackers Claim DDoS Attack on FBI Website. (to the original material)

- How Do Recent CISA Directives Affect Private Firms? (to the original material)

- Google to pay record $391.5 million for misleading users on location tracking. (to the original material)

- Most companies on Forbes Global 2000 yet to adopt all domain security measures. (to the original material)

- Many financial institutions say their own IT staffs pose the biggest risk to cloud security. (to the original material)

- Three steps to build more diverse cybersecurity teams. (to the original material)

- Why passwordless can’t eliminate passwords, but giving administrators the ability to manage passwords better can. (to the original material)

- Experts found critical RCE in Spotify’s Backstage. (to the original material)

- Experts revealed details of critical SQLi and access issues in Zendesk Explore. (to the original material)

- China-linked APT Billbug breached a certificate authority in Asia. (to the original material)

- Google to Pay a record $391M fine for misleading users about the collection of location data. (to the original material)

- Previously undetected Earth Longzhi APT group is a subgroup of APT41. (to the original material)

- Avast details Worok espionage group’s compromise chain. (to the original material)

14.11.2022 - News from cyber security.

- CISA Has Added One Known Exploited Vulnerability to Catalog . (to the original material)

- Vulnerability Summary for the Week of November 7, 2022. (to the original material)

- Russian hacktivists hit Ukrainian orgs with ransomware – but no ransom demands. (to the original material)

- Product showcase: ESET’s newest consumer offerings. (to the original material)

- 5 Kali Linux tools you should learn how to use. (to the original material)

- Unwanted emails steadily creeping into inboxes. (to the original material)

- Whoosh confirms data breach after hackers sell 7.2M user records. (to the original material)

- 42,000 sites used to trap users in brand impersonation scheme. (to the original material)

- Instagram, Facebook, Twitter, YouTube suspended in Turkey after blast. (to the original material)

- Russian Hackers Target Ukraine With Malicious Encryption. (to the original material)

- Anesthesiology Services Firm Faces 5 Class Action Lawsuits. (to the original material)

- 'Unauthorized Transactions' Lead to Missing Funds at FTX. (to the original material)

- SolarWinds CEO on How to Secure the Software Build Process. (to the original material)

- Graphus' Amelia Paro on Why Phishing Has Exploded Since 2020. (to the original material)

- LockBit Releases Thales Group Documents. (to the original material)

- Microsoft identifies issues with Kerberos authentication on certain Windows Servers. (to the original material)

- Cloud security isn’t guaranteed because a provider is well-known, expert says. (to the original material)

- Insider threats accounted for more than a third of unauthorized access incidents in Q3. (to the original material)

- Seven deadly sins hiding in the company’s attack surface. (to the original material)

- Massive Black hat SEO campaign used +15K WordPress sites. (to the original material)

- KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks. (to the original material)

- CERT-UA warns of multiple Somnia ransomware attacks against organizations in Ukraine. (to the original material)

- Have board directors any liability for a cyberattack against their company? (to the original material)

13.11.2022 - News from cyber security.

- Week in review: Microsoft fixes many zero-days, malicious droppers on Google Play, IRISSCON 2022. (to the original material)

- Ukraine says Russian hacktivists use new Somnia ransomware. (to the original material)

- Ukraine Police dismantled a transnational fraud group that made €200 million per year. (to the original material)

- Lockbit gang leaked data stolen from global high-tech giant Thales. (to the original material)

12.11.2022 - News from cyber security.

- New extortion scam threatens to damage sites’ reputation, leak data. (to the original material)

- Android phone owner accidentally finds a way to bypass lock screen. (to the original material)

- $1 billion of FTX customer funds have vanished, Reuters reported. (to the original material)

- Malicious app in the Play Store spotted distributing Xenomorph Banking Trojan. (to the original material)

- Canadian supermarket chain giant Sobeys suffered a ransomware attack. (to the original material)

11.11.2022 - News from cyber security.

- Press release: The European Parliament adopted new legislative rules to strengthen the cyber resilience of the entire European Union – NIS2 and DORA. (to the original material)

- Cybersecurity Threats Fast-Forward 2030: Fasten your Security-Belt Before the Ride! (to the original material)

- New infosec products of the week: November 11, 2022. (to the original material)

- API abuses and attacks create new challenges for retailers. (to the original material)

- The Week in Ransomware - November 11th 2022 - LockBit feeling the heat. (to the original material)

- Microsoft Defender network protection generally available on iOS, Android. (to the original material)

- Canadian food retail giant Sobeys hit by Black Basta ransomware. (to the original material)

- U.S. seized 18 web domains used for recruiting money mules. (to the original material)

- New BadBazaar Android malware linked to Chinese cyberspies. (to the original material)

- Microsoft confirms gaming performance issues on Windows 11 22H2. (to the original material)

- Royal Mail down: Tracking unavailable as outage exceeds 24 hours. (to the original material)

- Make Way for an Adaptive Cybersecurity Ecosystem. (to the original material)

- Ukrainian Cyber Police Bust Fake Investing Ring. (to the original material)

- Texas Hospital Says Ransomware Breach Affected 500,000. (to the original material)

- ISMG Editors: $3B Crypto Seizure Shows Blockchain's Security. (to the original material)

- Australia Blames Russian Hackers for Medibank Hack. (to the original material)

- Should Banks Be Held Liable for Authorized Fraud? (to the original material)

- Snow Software enhances platform for greater visibility into containers, cloud services. (to the original material)

- Despite staff and budgets, most firms say ‘lack of skills’ biggest threat intel challenge. (to the original material)

- VMDR: What it is, and how it fits into cloud-native infrastructure and applications. (to the original material)

- What is SASE? (to the original material)

- Forrester: MDR, threat hunting and cybersecurity as a service. (to the original material)

- The state of ransomware in state and local government. (to the original material)

- The top six goals for proactive cybersecurity. (to the original material)

- An initial access broker claims to have hacked Deutsche Bank. (to the original material)

- Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware. (to the original material)

- Man charged for role in LockBit ransomware operation. (to the original material)

- Researcher received a $70k award for a Google Pixel lock screen bypass. (to the original material)

- Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine. (to the original material)

10.11.2022 - News from cyber security.

- Press release: The #SigurantaOnline digital education campaign has reached schools. (to the original material)

- Cybersecurity news of the week (11/10/2022). (to the original material)

- Completion of training courses for certification within the project «Increasing the capacity of the competent authorities in Romania DNSC and RENAR according to the European Regulation on Cybersecurity 2019/881 (Cybersecurity Act)». (to the original material)

- CISA Releases SSVC Methodology to Prioritize Vulnerabilities. (to the original material)

- Cisco Releases Security Updates for Multiple Products. (to the original material)

- CISA Releases Twenty Industrial Control Systems Advisories. (to the original material)

- CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite. (to the original material)

- Security leaders want consequences for insecure code. (to the origina material)

- How ransomware gangs and malware campaigns are changing. (to the original material)

- Phishing drops IceXLoader malware on thousands of home, corporate devices. (to the original material)

- Microsoft fixes Windows zero-day bug exploited to push malware. (to the original material)

- US Health Dept warns of Venus ransomware targeting healthcare orgs. (to the original material)

- Russian military hackers linked to ransomware attacks in Ukraine. (to the original material)

- Worok hackers hide new malware in PNGs using steganography. (to the original material)

- Kaspersky to kill its VPN service in Russia next week. (to the original material)

- FBI warns scammers now impersonate refund payment portals. (to the original material)

- Ukraine arrests fraud ring members who made €200 million per year. (to the original material)

- Russian LockBit ransomware operator arrested in Canada. (to the original material)

- An $8 mess - Twitter Blue 'verified' accounts push crypto scams. (to the original material)

- Accused LockBit Ransomware Operator Arrested in Canada. (to the original material)

- Federal Judge Skeptical of Facebook in Patient Privacy Suit. (to the original material)

- Twitter Ramps Up Regulatory Exposure After Loss of CISO. (to the original material)

- Exploring the Consequences of Not Paying a Ransom. (to the original material)

- Australia Faces Consequences of Standing Up to Ransomware. (to the original material)

- Nearly 80% of companies in new survey have had to use their cyber insurance. (to the original material)

- Three ways security teams can foster open-source innovation. (to the original material)

- Apple out-of-band patches fix remote code execution bugs in iOS and macOS. (to the original material)

- Researchers warn of malicious packages on PyPI using steganography. (to the original material)

- A bug in ABB Totalflow flow computers exposed oil and gas companies to attack. (to the original material)

- APT29 abused the Windows Credential Roaming in an attack against a diplomatic entity. (to the original material)

- Lenovo warns of flaws that can be used to bypass security features. (to the original material)

09.11.2022 - News from cyber security.

- Microsoft Releases November 2022 Security Updates. (to the original material)

- VMware Releases Security Updates. (to the original material)

- Citrix Releases Security Updates for ADC and Gateway. (to the original material)

- Threat Spotlight: Cyber Criminal Adoption of IPFS (InterPlanetary File System) for Phishing, Malware Campaigns. (to the original material)

- 10 common security mistakes and how to avoid them. (to the original material)

- Security “sampling” puts US federal agencies at risk. (to the original material)

- 2022 Cloud Data Security Report. (to the original material)

- Experts observed Amadey malware deploying LockBit 3.0 Ransomware. (to the original material)

- Microsoft Patch Tuesday updates fix 6 actively exploited zero-days. (to the original material)

- VMware fixes three critical flaws in Workspace ONE Assist. (to the original material)

- New StrelaStealer malware steals your Outlook, Thunderbird accounts. (to the original material)

- Couple sentenced to prison for trying to sell nuclear warship secrets. (to the original material)

- New hacking group uses custom 'Symatic' Cobalt Strike loaders. (to the original material)

- 15,000 sites hacked for massive Google SEO poisoning campaign. (to the original material)

- Medibank warns customers their data was leaked by ransomware gang. (to the original material)

- Lenovo fixes flaws that can be used to disable UEFI Secure Boot. (to the original material)

- IT Army of Ukraine Targets Russian Banks. (to the original material)

- Could a Digital Red Cross Protect Hospitals From Ransomware? (to the original material)

- Microsoft Patches ProxyNotShell Exchange Vulnerabilities. (to the original material)

- The Role of Cybersecurity in the Russia-Ukraine War. (to the original material)

- The Riskiest Connected Devices in Healthcare. (to the original material)

- Security updates released for critical bugs in VMware’s Workspace ONE Assist. (to the original material)

- Malicious ‘Cloud9’ Chrome extension operates like a remote access trojan. (to the original material)

- Lacework adds new analysis, scanning capabilities to its Polygraph Data Platform. (to the original material)

- How to address the gaps with Open XDR sensors. (to the original material)

- The Rise of the Police-Advertiser. (to the original material)

- Sacramento County Resident Joins EFF Lawsuit After Illegal Sharing of His Electricity Usage Data Makes Him a Target of Law Enforcement. (to the original material)

- APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network. (to the original material)

- Several Cyber Attacks Observed Leveraging IPFS Decentralized Network. (to the original material)

- Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network. (to the original material)

- Top 5 API Security Myths That Are Crushing Your Business. (to the original material)

- New IceXLoader Malware Loader Variant Infected Thousands of Victims Worldwide. (to the original material)

- VMware Warns of 3 New Critical Flaws Affecting Workspace ONE Assist Software. (to the original material)

- Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days. (to the original material)

08.11.2022 - News from cyber security.

- CISA Adds Seven Known Exploited Vulnerabilities to Catalog. (to the original material)

- Emotet coming in hot. (to the original material)

- Gartner 2022 security trend #4: Distributing decisions. (to the original material)

- Application security finally getting its due. (to the original material)

- Massive ois[.]is Black Hat Redirect Malware Campaign. (to the original material)

- 12 percent of employees take IP with them when leaving a job. (to the original material)

- Microsoft fixes many zero-days under attack. (to the original material)

- Malicious droppers on Google Play deliver banking malware to victims. (to the original material)

- How geopolitical turmoil changed the cybersecurity threat landscape. (to the original material)

- How micro-VMs can protect your most vulnerable endpoints. (to the original material)

- LockBit affiliate uses Amadey Bot malware to deploy ransomware. (to the original material)

- Malicious extension lets attackers control Google Chrome remotely. (to the original material)

- VMware fixes three critical auth bypass bugs in remote access tool. (to the original material)

- Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks. (to the original material)

- Microsoft November 2022 Patch Tuesday fixes 6 exploited zero-days, 68 flaws. (to the original material)

- Citrix urges admins to patch critical ADC, Gateway auth bypass. (to the original material)

- Influencer 'Hushpuppi' gets 11 years in prison for cyber fraud. (to the original material)

- Enhance your privacy with this second phone number app deal. (to the original material)

- EU Complicit in Spread of Advanced Spyware, Charges Veld. (to the original material)

- Feds Warn of Iranian Threats to Healthcare Sector. (to the original material)

- China Likely Amasses Zero-Days Via Vulnerability Disclosure Law. (to the original material)

- Why Today's Cyber Defense Requires Offensive Thinking. (to the original material)

- Who Is Extorting Australian Health Insurer Medibank? (to the original material)

- Citrix ADC and Citrix Gateway are affected by a critical authentication bypass flaw. (to the original material)

- SmokeLoader campaign distributes new Laplas Clipper malware. (to the original material)

- Medibank confirms ransomware attack impacting 9.7M customers, but doesn’t pay the ransom. (to the original material)

- US DoJ seizes $3.36B Bitcoin from Silk Road hacker. (to the original material)

- Snowflake formalizes integration with Streamlit, making it possible to build cloud apps with Python. (to the original material)

- Vast majority of SMBs are concerned about a ransomware attack on their business. (to the original material)

- The path to secure cloud migration. (to the original material)

- Six ways healthcare organizations can improve connected device security. (to the original material)

- The Filter Mandate Bill Is a Privacy and Security Mess. (to the original material)

- Politicians Still Underestimate Smart Cars’ Threat to Privacy. (to the original material)

- Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines. (to the original material)

- New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader. (to the original material)

- U.S. Seizes Over 50K Bitcoin Worth $3.3 Billion Linked to Silk Road Dark Web. (to the original material)

- 5 Reasons to Consolidate Your Tech Stack. (to the original material)

07.11.2022 - News from cyber security.

- Blue OLEx 2022 tests the Standard Operating Procedures of the EU CyCLONe (Cyber Crisis Liaison Organisation Network Executives). (to the original material)

- Vulnerability Summary for the Week of October 31, 2022. (to the original material)

- Why your phone is slow – and how you can make it run faster. (to the original material)

- Hacking baby monitors can be child’s play: Here’s how to stay safe. (to the original material)

- New platform aims to tackle API security problems. (to the original material)

- Medibank won’t pay the ransom for data stolen in breach. (to the original material)

- Phishing threats are increasingly convincing and evasive. (to the original material)

- Taking cybersecurity investments to the next level. (to the original material)

- False sense of safety undermines good password hygiene. (to the original material)

- Azov Ransomware is a wiper, destroying data 666 bytes at a time. (to the original material)

- U.S. unmasks hacker who stole 50,000 bitcoins from Silk Road. (to the original material)

- Maple Leaf Foods suffers outage following weekend cyberattack. (to the original material)

- Ransomware gang threatens to release stolen Medibank data. (to the original material)

- Feds Announce Silk Road Cryptocurrency Haul. (to the original material)

- Aveanna Healthcare Data Breach Could Cost Firm More Than $1M. (to the original material)

- FortiGuard Labs: 2023 Threat Landscape Insights. (to the original material)

- Using Student Data for Gambling Apps Is Bad, Says UK ICO. (to the original material)

- Basics Will Block Most Ransomware Hits, Says UK Cyber Chief. (to the original material)

- Medibank Says No to Paying Hacker's Extortion Demand. (to the original material)

- ‘Justice Blade’ Hackers are Targeting Saudi Arabia. (to the original material)

- Robin Banks phishing-as-a-service platform continues to evolve. (to the original material)

- Water sector in the US and Israel still unprepared to defeat cyber attacks. (to the original material)

- UK NCSC govt agency is scanning the Internet for flawed devices in the UK. (to the original material)

- Abusing Microsoft Dynamics 365 Customer Voice in phishing attacks. (to the original material)

- FBI warns of politically motivated hacktivist activity, DDoS attacks in alert. (to the original material)

- Attacks on critical infrastructure doubled in the past year, Microsoft says. (to the original material)

- Checklist: A cloud migration to-do list. (to the original material)

- Embrace your role as a security guide to earn a seat at the table. (to the original material)

- Managing software risk in the automotive software supply chain. (to the original material)

- Turkey's New Disinformation Law Spells Trouble For Free Expression. (to the original material)

06.11.2022 - News from cyber security.

- Week in review: High-severity OpenSSL vulnerabilities fixed, Patch Tuesday forecast. (to the original material)

- LockBit 3.0 gang claims to have stolen data from Kearney & Company. (to the original material)

- A cyberattack blocked the trains in Denmark. (to the original material)

- Security Affairs newsletter Round 392. (to the original material)

- Quality or Quantity? Why Server Count Doesn’t Matter As Much As You Think. (to the original material)

05.11.2022 - News from cyber security.

- How does security posture management guard cloud environments? (to the original material)

- Microsoft sued for open-source piracy through GitHub Copilot. (to the original material)

- Phishing-as-a-Service Platform Offers MFA Bypass for $1,500. (to the original material)

- 29 malicious PyPI packages spotted delivering the W4SP Stealer. (to the original material)

- Zero-day are exploited on a massive scale in increasingly shorter timeframes. (to the original material)

04.11.2022 - News from cyber security.

- Ransomware rages on – Week in security with Tony Anscombe. (to the original material)

- Getting started with Zero Trust Network Access. (to the original material)

- How secure are your privileged access employees? (to the original material)

- Attackers leverage Microsoft Dynamics 365 to phish users. (to the original material)

- November 2022 Patch Tuesday forecast: Wrapping up loose ends? (to the original material)

- New infosec products of the week: November 4, 2022. (to the original material)

- FBI: Hacktivist DDoS attacks had minor impact on critical orgs. (to the original material)

- British govt is scanning all Internet devices hosted in UK. (to the original material)

- Robin Banks phishing service returns to steal banking accounts. (to the original material)

- As Twitter brings on $8 fee, phishing emails target verified accounts. (to the original material)

- Sexual Assault, Abuse Victims' Data at Risk in Australia. (to the original material)

- Cyberattack at Boeing Disrupts Flight Planning. (to the original material)

- Vendor Hack Tied to 20 Anesthesiology Practice Breaches. (to the original material)

- LockBit Claims Attack on German Auto Parts Giant Continental. (to the original material)

- ISMG Editors: How the Ransomware Ecosystem Is Fracturing. (to the original material)

- SolarWinds May Face SEC Investigation Over Hack Disclosure. (to the original material)

- RomCom RAT campaigns abuses popular brands like KeePass and SolarWinds NPM. (to the original material)

- The 10th edition of the ENISA Threat Landscape (ETL) report is out! (to the original material)

- Cisco addressed several high-severity flaws in its products. (to the original material)

- RomCom RAT targets Ukraine and possibly English-speaking countries. (to the original material)

- 5 use cases for MDR to fight ransomware. (to the original material)

- Sporting events are irresistible targets for DDoS attacks. (to the original material)

03.11.2022 - News from cyber security.

- Cybersecurity news of the week (03.11.2022). (to the original material)

- Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape. (to the original material)

- Cisco Releases Security Updates for Multiple Products. (to the original material)

- Apple Releases Security Update for Xcode. (to the original material)

- CISA Releases Three Industrial Control Systems Advisories. (to the original material)

- Businesses want technologies that allow for passwordless workflows. (to the original material)

- By breaking down barriers, we can address the cybersecurity workforce gap. (to the original material)

- Updated TikTok Privacy Policy confirms that Chinese staff can access European users’ data. (to the original material)

- Fortinet fixed 16 vulnerabilities, 6 rated as high severity. (to the original material)

- Real-Time Bidding is Bad for Privacy and Promotes Disinformation. (to the original material)

- Attack Surface Management 2022 Midyear Review Part 3. (to the original material)

- The future starts now: 10 major challenges facing cybersecurity. (to the original material)

- How to level up in today’s IIoT threat landscape. (to the original material)

- What Is Cross-Origin Resource Sharing (CORS)? (to the original material)

- The consequences of a years-old SQLite vulnerability. (to the original material)

- Vendor fraud techniques used to bypass Office 365 security. (to the original material)

- Automated threats responsible for 62 percent of eCommerce security incidents. (to the original material)

- RomCom RAT malware campaign impersonates KeePass, SolarWinds NPM, Veeam. (to the original material)

- New Crimson Kingsnake gang impersonates law firms in BEC attacks. (to the original material)

- LockBit ransomware claims attack on Continental automotive giant. (to the original material)

- OPERA1ER hackers steal over $11 million from banks and telcos. (to the original material)

- ALMA Observatory shuts down operations due to a cyberattack. (to the original material)

- New clipboard hijacker replaces crypto wallet addresses with lookalikes. (to the original material)

- Black Basta ransomware gang linked to the FIN7 hacking group. (to the original material)

- Dropbox Data Breach Another Multifactor Fail. (to the original material)

- UK NCSC Says Friendly Spooks Scanning British Internet. (to the original material)

- Cybersecurity Is Patient Safety, Says US Senator. (to the original material)

- More State-Sponsored OT Hacking To Come, Says ENISA. (to the original material)

- Smooth 'Opera1er': French-Speaking Gang Steals $11 Million. (to the original material)

- Ransomware: 'To Pay or Not to Pay' Question Faces Medibank. (to the original material)

- LockBit ransomware gang claims the hack of Continental automotive group. (to the original material)

- 250+ U.S. news sites spotted spreading FakeUpdates malware in a supply-chain attack. (to the original material)

- Experts link the Black Basta ransomware operation to FIN7 cybercrime gang. (to the original material)

- Password security still an issue despite rising cybersecurity education. (to the original material)

- Analysts track gift cards to see how scammers use them in BEC attacks. (to the original material)

- Everything You Need to Know About Cyberattacks on US Hospitals. (to the original material)

- Behind the Scenes Exclusive: PIA’s 50 Servers in 50 States Campaign. (to the original material)

02.11.2022 - News from cyber security.

- 130 Dropbox code repos plundered after successful phishing attack. (to the original material)

- Group indicted for breaching CPA, tax preparation firms via stolen credentials. (to the original material)

- 32% of cybersecurity leaders considering quitting their jobs. (to the original material)

- IDC Analyst Brief reveals how passwords aren’t going away. (to the original material)

- Hundreds of U.S. news sites push malware in supply-chain attack. (to the original material)

- Emotet botnet starts blasting malware again after 5 month break. (to the original material)

- Dozens of PyPI packages caught dropping 'W4SP' info-stealing malware. (to the original material)

- Vodafone Italy discloses data breach after reseller hacked. (to the original material)

- U.S. govt employees exposed to mobile attacks from outdated Android, iOS. (to the original material)

- Ransomware Attack Disrupts Japanese Hospital for 2nd Day. (to the original material)

- How 'Recognized Security Practices' Fit with HIPAA Actions. (to the original material)

- Oreo Maker Settles With Insurer Over NotPetya Damages Claim. (to the original material)

- Aaron's CISO On Forging Strong C-Suite Relationships. (to the original material)

- Strategies to Mitigate Risk During Mergers and Acquisitions. (to the original material)

- Government workers face more phishing attacks on mobile devices. (to the original material)

- Dropbox incident raises questions about how much security pros can depend on MFA. (to the original material)

- The new pillars of modern security: workloads, identities, and data. (to the original material)

- 4 Malicious apps on Play Store totaled +1M downloads. (to the original material)

- SandStrike, a previously undocumented Android malware targets a Persian-speaking religion minority. (to the original material)

- Dropbox discloses unauthorized access to 130 GitHub source code repositories. (to the original material)

- OpenSSL fixed two high-severity vulnerabilities. (to the original material)

- Barracuda XDR Insight: Threat severity rises during vacation months. (to the original material)

- The true cost of gaming. (to the original material)

- ID fraud levels still high despite post-pandemic drop. (to the original material)

01.11.2022 - News from cyber security.

- OpenSSL Releases Security Update. (to the original material)

- CISA Upgrades to TLP 2.0. (to the original material)

- CISA Releases One Industrial Control Systems Advisory. (to the original material)

- High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786). (to the original material)

- What developers want and how to keep them on your team. (to the original material)

- Infosec products of the month: October 2022. (to the original material)

- Dropbox discloses breach after hacker stole 130 GitHub repositories. (to the original material)

- Malicious Android apps with 1M+ installs found on Google Play. (to the original material)

- OpenSSL fixes two high severity vulnerabilities, what you need to know. (to the original material)

- New SandStrike spyware infects Android devices via malicious VPN app. (to the original material)

- Microsoft fixes critical RCE flaw affecting Azure Cosmos DB. (to the original material)

- Google ad for GIMP.org served info-stealing malware via lookalike site. (to the original material)

- White House Ransomware Confab Ends With Data Sharing Pledge. (to the original material)

- Ransomware Attacks Pose Biggest Threat to UK Organizations. (to the original material)

- Healthcare Sector Urged to Address OpenSSL Flaws. (to the original material)

- Not Heartbleed: OpenSSL Vulnerability Not 'Critical' Anymore. (to the original material)

- The Rise of Online Scams, Why New Security Tools Are Needed. (to the original material)

- Should Australia's Medibank Give in to Extortionists? (to the original material)

- Zero trust and securing the cloud take center stage at Cisco event. (to the original material)

- Nearly one-third of cybersecurity leaders have considered leaving their organizations. (to the original material)

- Modernizing data security within DoD (Department of Defense) requires attribute-based access control. (to the original material)

- LockBit 3.0 gang claims to have stolen data from Thales. (to the original material)

- Experts warn of critical RCE in ConnectWise Server Backup Solution. (to the original material)

- Ransomware activity and network access sales in Q3 2022. (to the original material)

- Samsung Galaxy Store flaw could have allowed installing malicious apps on target devices. (to the original material)

- Stop the Copyright Creep. (to the original material)

- Threat Advisory: High Severity OpenSSL Vulnerabilities. (to the original material)

- The Importance of Having a Cyber Security Response Plan. (to the original material)

- Black Friday & Cyber Monday Ecommerce Security Threats. (to the original material)

- 5 reasons to keep your devices and their software up to date. (to the original material)

- The spy who rented to me? Throwing the spotlight on hidden cameras in Airbnbs. (to the original material)

- Adopting IIoT, OT security in 2022: Interconnectivity makes work easier and security harder. (to the original material)


Archive:

Click here to access archive content.
Click here to access CMS (Content Management System) in Joomla.

Source:

Click here to access to documentation sources.

Note Dorin M.

This site has a double form, one in HTML and one in Joomla (if you are interested in the utility behind this effort you can read the "Why  a HTML and a CMS (Joomla)" page).
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.

Dorin M - November 09, 2022