Study - Technical - LMS-SFC (EN) - Cyber Security - News
Cyber Security - News
Today and Yesterday, in cyber security news - November 2022
19.11.2022
- News from cyber security.
- New attacks use Windows
security bypass zero-day to drop malware. (to
the original material)
- Simplifying cloud native
security for posture management and AppSec. (to
the original material)
- DEV-0569 group uses
Google Ads to distribute Royal Ransomware. (to
the original material)
- Black Friday and Cyber
Monday, crooks are already at work. (to
the original material)
- New improved versions of
LodaRAT spotted in the wild. (to
the original material)
18.11.2022
- News from cyber security.
- Data security advice for
supporters traveling to Qatar for the World Cup. (to
the original material)
- Photos: Cybersecurity
marketers gather at Cyber Marketing Con 2022. (to
the original material)
- New infosec products of
the week: November 18, 2022. (to
the original material)
- ODD Platform: Open-source
data discovery and observability. (to
the original material)
- PCI SSC publishes new
standard for mobile payment acceptance solutions. (to
the original material)
- Transportation sector
targeted by both ransomware and APTs. (to
the original material)
- The Week in Ransomware -
November 18th 2022 - Rising Operations. (to
the original material)
- Exploit released for
actively abused ProxyNotShell Exchange bug. (to
the original material)
- Researchers secretly
helped decrypt Zeppelin ransomware for 2 years. (to
the original material)
- US charges BEC suspects
with targeting federal health care programs. (to
the original material)
- Chinese hackers use
Google Drive to drop malware on govt networks. (to
the original material)
- Google Search results
poisoned with torrent sites via Data Studio. (to
the original material)
- Atlassian fixes critical
command injection bug in Bitbucket Server. (to
the original material)
- PCI Releases New Payment
Standards for Mobile Devices. (to
the original material)
- ID Agent's Amelia Paro on
Why Tech Alone Can't Protect Email. (to
the original material)
- Piedmont CISO on
Protecting Hospitals in the Age of COVID-19. (to
the original material)
- Feds Alert Healthcare,
Other Sectors of Growing Hive Threats. (to
the original material)
- Ransomware-as-a-Service
Market Now Highly Specialized. (to
the original material)
- Ransomware: Did Law
Enforcement Lose Ground Early On? (to
the original material)
- Cybersecurity Analysis of
the FTX Crypto Heist: Part 1. (to
the original material)
- With FTX's Collapse,
Cycle of Cryptocurrency Loss Continues. (to
the original material)
- Emotet’s return
underscores that some threat groups never go away for good.
(to
the original material)
- IT pros cite
configuration controls, management as top weaknesses of
cloud providers. (to
the original material)
- AI and open-source
intelligence can mitigate ransomware and cryptocurrency
risks. (to
the original material)
- Atlassian fixed 2
critical flaws in Crowd and Bitbucket products. (to
the original material)
- Hive Ransomware extorted
over $100M in ransom payments from over 1,300 companies. (to
the original material)
- Ongoing supply chain
attack targets Python developers with WASP Stealer. (to
the original material)
- China-based Fangxiao
group behind a long-running phishing campaign. (to
the original material)
17.11.2022
- News from cyber security.
- Cybersecurity news of the
week (11/17/2022). (to
the original material)
- CISA, NSA, and ODNI
Release Guidance for Customers on Securing the Software
Supply Chain. (to
the original material)
- #StopRansomware: Hive. (to
the original material)
- CISA Releases Two
Industrial Control Systems Advisories. (to
the original material)
- Top passwords used in RDP
brute-force attacks. (to
the original material)
- Open-source tool puts
machine learning dataset analysis at data scientists’
fingertips. (to
the original material)
- Phishing kit impersonates
well-known brands to target US shoppers. (to
the original material)
- Microsoft fixes Windows
Kerberos auth issues in emergency updates. (to
the original material)
- Previously unidentified
ARCrypter ransomware expands worldwide. (to
the original material)
- FBI: Hive ransomware
extorted $100M from over 1,300 victims. (to
the original material)
- QBot phishing abuses
Windows Control Panel EXE to infect devices. (to
the original material)
- F5 fixes two remote code
execution flaws in BIG-IP, BIG-IQ. (to
the original material)
- ESET rolls out new
consumer offerings to improve home security. (to
the original material)
- Microsoft urges devs to
migrate away from .NET Core 3.1 ASAP. (to
the original material)
- U.S. charges Russian
suspects with operating Z-Library e-Book site. (to
the original material)
- Australia Unveils Plan to
Counter Global Cybercrime Problem. (to
the original material)
- HHS Needs to Modernize
Its Cyber Approach: Watchdog Agency. (to
the original material)
- Discord Fined by French
CNIL for GDPR Violations. (to
the original material)
- Cyberwarfare's Role in
the Next National Defense Strategy. (to
the original material)
- Amazon Relational
Database Service exposing PII via cloud ‘snapshots’. (to
the original material)
- Over a third of
vulnerabilities reviewed by ethical hackers did not have a
CVE (Common Vulnerabilities and Exposures). (to
the original material)
- How to determine if your
IT environment is ready for SASE. (to
the original material)
- Carmakers must start
taking cybersecurity more seriously. (to
the original material)
- Two public schools in
Michigan hit by a ransomware attack. (to
the original material)
- Magento and Adobe
Commerce websites under attack. (to
the original material)
- Tank, the leader of the
Zeus cybercrime gang, was arrested by the Swiss police. (to
the original material)
- Iran-linked threat actors
compromise US Federal Network. (to
the original material)
16.11.2022
- News from cyber security.
- Cisco Releases Security
Updates for Identity Services Engine. (to
the original material)
- Samba Releases Security
Updates. (to
the original material)
- Mozilla Releases Security
Updates for Multiple Products. (to
the original material)
- CISA and FBI Release
Advisory on Iranian Government-Sponsored APT Actors
Compromising Federal Network. (to
the original material)
- Electronics repair
technicians snoop on your data. (to
the original material)
- Cloud data protection
trends you need to be aware of. (to
the original material)
- 5 use cases with a
malware sandbox. (to
the original material)
- Updated RapperBot malware
targets game servers in DDoS attacks. (to
the original material)
- Suspected Zeus cybercrime
ring leader ‘Tank’ arrested by Swiss police. (to
the original material)
- Twitter source code
indicates end-to-end encrypted DMs are coming. (to
the original material)
- US govt: Iranian hackers
breached federal agency using Log4Shell exploit. (to
the original material)
- Magento stores targeted
in massive surge of TrojanOrders attacks. (to
the original material)
- Okta shares fix for issue
impacting Microsoft 365 SSO logins. (to
the original material)
- DuckDuckGo now lets all
Android users block trackers in their apps. (to
the original material)
- Misconfigured Server
Exposed PHI of 600,000 Inmates. (to
the original material)
- Iranian Hacker Group Uses
Log4Shell to Cryptojack US Agency. (to
the original material)
- Qatar's World Cup Apps
Pose Privacy Concerns. (to
the original material)
- Ransomware Attackers
Don't Take Holidays. (to
the original material)
- Arrest of Ukrainian in
Cybercrime Case Shows Patience Pays. (to
the original material)
- Simplifying
Implementation of a Zero Trust Architecture. (to
the original material)
- Managing Cyber Risk in a
Technology-Dependent World. (to
the original material)
- How to punch up your next
executive briefing quickly. (to
the original material)
- How security teams can
defend against BECs. (to
the original material)
- F5 fixed 2 high-severity
Remote Code Execution bugs in its products. (to
the original material)
- Lazarus APT uses DTrack
backdoor in attacks against LATAM and European orgs. (to
the original material)
- New RapperBot Campaign
targets game servers with DDoS attacks. (to
the original material)
- Beginning 2023 Google
plans to rollout the initial Privacy Sandbox Beta. (to
the original material)
15.11.2022
- News from cyber security.
- CISA Releases One
Industrial Control Systems Advisory. (to
the original material)
- SSVC: Prioritization of
vulnerability remediation according to CISA. (to
the original material)
- As trust in online spaces
degrades, Canada bolsters resilience against cyber attacks.
(to
the original material)
- Critical vulnerability in
Spotify’s Backstage discovered, patched. (to
the original material)
- Top enterprise email
threats and how to counter them. (to
the original material)
- North Korean hackers
target European orgs with updated malware. (to
the original material)
- Google to roll out
Privacy Sandbox on Android 13 starting early 2023. (to
the original material)
- Researchers release
exploit details for Backstage pre-auth RCE bug. (to
the original material)
- MFA Fatigue attacks are
putting your organization at risk. (to
the original material)
- Chinese hackers target
government agencies and defense orgs. (to
the original material)
- US FTC Delays Safeguards
Rule Deadlines by 6 Months. (to
the original material)
- FDA Updates Medical
Device Cyber Response Playbook. (to
the original material)
- Hospital CISO on Why
Hackers Pursue Research, Pediatric Data. (to
the original material)
- Twitter Two-Factor
Authentication Has a Vulnerability - Updated. (to
the original material)
- Pro-Moscow Nuisance
Hackers Claim DDoS Attack on FBI Website. (to
the original material)
- How Do Recent CISA
Directives Affect Private Firms? (to
the original material)
- Google to pay record
$391.5 million for misleading users on location tracking. (to
the original material)
- Most companies on Forbes
Global 2000 yet to adopt all domain security measures. (to
the original material)
- Many financial
institutions say their own IT staffs pose the biggest risk
to cloud security. (to
the original material)
- Three steps to build more
diverse cybersecurity teams. (to
the original material)
- Why passwordless can’t
eliminate passwords, but giving administrators the ability
to manage passwords better can. (to
the original material)
- Experts found critical
RCE in Spotify’s Backstage. (to
the original material)
- Experts revealed details
of critical SQLi and access issues in Zendesk Explore. (to
the original material)
- China-linked APT Billbug
breached a certificate authority in Asia. (to
the original material)
- Google to Pay a record
$391M fine for misleading users about the collection of
location data. (to
the original material)
- Previously undetected
Earth Longzhi APT group is a subgroup of APT41. (to
the original material)
- Avast details Worok
espionage group’s compromise chain. (to
the original material)
14.11.2022
- News from cyber security.
- CISA Has Added One Known
Exploited Vulnerability to Catalog . (to
the original material)
- Vulnerability Summary for
the Week of November 7, 2022. (to
the original material)
- Russian hacktivists hit
Ukrainian orgs with ransomware – but no ransom demands. (to
the original material)
- Product showcase: ESET’s
newest consumer offerings. (to
the original material)
- 5 Kali Linux tools you
should learn how to use. (to
the original material)
- Unwanted emails steadily
creeping into inboxes. (to
the original material)
- Whoosh confirms data
breach after hackers sell 7.2M user records. (to
the original material)
- 42,000 sites used to trap
users in brand impersonation scheme. (to
the original material)
- Instagram, Facebook,
Twitter, YouTube suspended in Turkey after blast. (to
the original material)
- Russian Hackers Target
Ukraine With Malicious Encryption. (to
the original material)
- Anesthesiology Services
Firm Faces 5 Class Action Lawsuits. (to
the original material)
- 'Unauthorized
Transactions' Lead to Missing Funds at FTX. (to
the original material)
- SolarWinds CEO on How to
Secure the Software Build Process. (to
the original material)
- Graphus' Amelia Paro on
Why Phishing Has Exploded Since 2020. (to
the original material)
- LockBit Releases Thales
Group Documents. (to
the original material)
- Microsoft identifies
issues with Kerberos authentication on certain Windows
Servers. (to
the original material)
- Cloud security isn’t
guaranteed because a provider is well-known, expert says. (to
the original material)
- Insider threats accounted
for more than a third of unauthorized access incidents in
Q3. (to
the original material)
- Seven deadly sins hiding
in the company’s attack surface. (to
the original material)
- Massive Black hat SEO
campaign used +15K WordPress sites. (to
the original material)
- KmsdBot, a new evasive
bot for cryptomining activity and DDoS attacks. (to
the original material)
- CERT-UA warns of multiple
Somnia ransomware attacks against organizations in Ukraine.
(to
the original material)
- Have board directors any
liability for a cyberattack against their company? (to
the original material)
13.11.2022
- News from cyber security.
- Week in review: Microsoft
fixes many zero-days, malicious droppers on Google Play,
IRISSCON 2022. (to
the original material)
- Ukraine says Russian
hacktivists use new Somnia ransomware. (to
the original material)
- Ukraine Police dismantled
a transnational fraud group that made €200 million per year.
(to
the original material)
- Lockbit gang leaked data
stolen from global high-tech giant Thales. (to
the original material)
12.11.2022
- News from cyber security.
- New extortion scam
threatens to damage sites’ reputation, leak data. (to
the original material)
- Android phone owner
accidentally finds a way to bypass lock screen. (to
the original material)
- $1 billion of FTX
customer funds have vanished, Reuters reported. (to
the original material)
- Malicious app in the Play
Store spotted distributing Xenomorph Banking Trojan. (to
the original material)
- Canadian supermarket
chain giant Sobeys suffered a ransomware attack. (to
the original material)
11.11.2022
- News from cyber security.
- Press release: The
European Parliament adopted new legislative rules to
strengthen the cyber resilience of the entire European Union
– NIS2 and DORA. (to
the original material)
- Cybersecurity Threats
Fast-Forward 2030: Fasten your Security-Belt Before the
Ride! (to
the original material)
- New infosec products of
the week: November 11, 2022. (to
the original material)
- API abuses and attacks
create new challenges for retailers. (to
the original material)
- The Week in Ransomware -
November 11th 2022 - LockBit feeling the heat. (to
the original material)
- Microsoft Defender
network protection generally available on iOS, Android. (to
the original material)
- Canadian food retail
giant Sobeys hit by Black Basta ransomware. (to
the original material)
- U.S. seized 18 web
domains used for recruiting money mules. (to
the original material)
- New BadBazaar Android
malware linked to Chinese cyberspies. (to
the original material)
- Microsoft confirms gaming
performance issues on Windows 11 22H2. (to
the original material)
- Royal Mail down: Tracking
unavailable as outage exceeds 24 hours. (to
the original material)
- Make Way for an Adaptive
Cybersecurity Ecosystem. (to
the original material)
- Ukrainian Cyber Police
Bust Fake Investing Ring. (to
the original material)
- Texas Hospital Says
Ransomware Breach Affected 500,000. (to
the original material)
- ISMG Editors: $3B Crypto
Seizure Shows Blockchain's Security. (to
the original material)
- Australia Blames Russian
Hackers for Medibank Hack. (to
the original material)
- Should Banks Be Held
Liable for Authorized Fraud? (to
the original material)
- Snow Software enhances
platform for greater visibility into containers, cloud
services. (to
the original material)
- Despite staff and
budgets, most firms say ‘lack of skills’ biggest threat
intel challenge. (to
the original material)
- VMDR: What it is, and how
it fits into cloud-native infrastructure and applications. (to
the original material)
- What is SASE? (to
the original material)
- Forrester: MDR, threat
hunting and cybersecurity as a service. (to
the original material)
- The state of ransomware
in state and local government. (to
the original material)
- The top six goals for
proactive cybersecurity. (to
the original material)
- An initial access broker
claims to have hacked Deutsche Bank. (to
the original material)
- Long-running surveillance
campaigns target Uyghurs with BadBazaar and MOONSHINE
spyware. (to
the original material)
- Man charged for role in
LockBit ransomware operation. (to
the original material)
- Researcher received a
$70k award for a Google Pixel lock screen bypass. (to
the original material)
- Russia-linked IRIDIUM APT
linked to Prestige ransomware attacks against Ukraine. (to
the original material)
10.11.2022
- News from cyber security.
- Press release: The
#SigurantaOnline digital education campaign has reached
schools. (to
the original material)
- Cybersecurity news of the
week (11/10/2022). (to
the original material)
- Completion of training
courses for certification within the project «Increasing the
capacity of the competent authorities in Romania DNSC and
RENAR according to the European Regulation on Cybersecurity
2019/881 (Cybersecurity Act)». (to
the original material)
- CISA Releases SSVC
Methodology to Prioritize Vulnerabilities. (to
the original material)
- Cisco Releases Security
Updates for Multiple Products. (to
the original material)
- CISA Releases Twenty
Industrial Control Systems Advisories. (to
the original material)
- CISA Updates Advisory on
Threat Actors Exploiting Multiple CVEs Against Zimbra
Collaboration Suite. (to
the original material)
- Security leaders want
consequences for insecure code. (to
the origina material)
- How ransomware gangs and
malware campaigns are changing. (to
the original material)
- Phishing drops IceXLoader
malware on thousands of home, corporate devices. (to
the original material)
- Microsoft fixes Windows
zero-day bug exploited to push malware. (to
the original material)
- US Health Dept warns of
Venus ransomware targeting healthcare orgs. (to
the original material)
- Russian military hackers
linked to ransomware attacks in Ukraine. (to
the original material)
- Worok hackers hide new
malware in PNGs using steganography. (to
the original material)
- Kaspersky to kill its VPN
service in Russia next week. (to
the original material)
- FBI warns scammers now
impersonate refund payment portals. (to
the original material)
- Ukraine arrests fraud
ring members who made €200 million per year. (to
the original material)
- Russian LockBit
ransomware operator arrested in Canada. (to
the original material)
- An $8 mess - Twitter Blue
'verified' accounts push crypto scams. (to
the original material)
- Accused LockBit
Ransomware Operator Arrested in Canada. (to
the original material)
- Federal Judge Skeptical
of Facebook in Patient Privacy Suit. (to
the original material)
- Twitter Ramps Up
Regulatory Exposure After Loss of CISO. (to
the original material)
- Exploring the
Consequences of Not Paying a Ransom. (to
the original material)
- Australia Faces
Consequences of Standing Up to Ransomware. (to
the original material)
- Nearly 80% of companies
in new survey have had to use their cyber insurance. (to
the original material)
- Three ways security teams
can foster open-source innovation. (to
the original material)
- Apple out-of-band patches
fix remote code execution bugs in iOS and macOS. (to
the original material)
- Researchers warn of
malicious packages on PyPI using steganography. (to
the original material)
- A bug in ABB Totalflow
flow computers exposed oil and gas companies to attack. (to
the original material)
- APT29 abused the Windows
Credential Roaming in an attack against a diplomatic entity.
(to
the original material)
- Lenovo warns of flaws
that can be used to bypass security features. (to
the original material)
09.11.2022
- News from cyber security.
- Microsoft Releases
November 2022 Security Updates. (to
the original material)
- VMware Releases Security
Updates. (to
the original material)
- Citrix Releases Security
Updates for ADC and Gateway. (to
the original material)
- Threat Spotlight: Cyber
Criminal Adoption of IPFS (InterPlanetary File System) for
Phishing, Malware Campaigns. (to
the original material)
- 10 common security
mistakes and how to avoid them. (to
the original material)
- Security “sampling” puts
US federal agencies at risk. (to
the original material)
- 2022 Cloud Data Security
Report. (to
the original material)
- Experts observed Amadey
malware deploying LockBit 3.0 Ransomware. (to
the original material)
- Microsoft Patch Tuesday
updates fix 6 actively exploited zero-days. (to
the original material)
- VMware fixes three
critical flaws in Workspace ONE Assist. (to
the original material)
- New StrelaStealer malware
steals your Outlook, Thunderbird accounts. (to
the original material)
- Couple sentenced to
prison for trying to sell nuclear warship secrets. (to
the original material)
- New hacking group uses
custom 'Symatic' Cobalt Strike loaders. (to
the original material)
- 15,000 sites hacked for
massive Google SEO poisoning campaign. (to
the original material)
- Medibank warns customers
their data was leaked by ransomware gang. (to
the original material)
- Lenovo fixes flaws that
can be used to disable UEFI Secure Boot. (to
the original material)
- IT Army of Ukraine
Targets Russian Banks. (to
the original material)
- Could a Digital Red Cross
Protect Hospitals From Ransomware? (to
the original material)
- Microsoft Patches
ProxyNotShell Exchange Vulnerabilities. (to
the original material)
- The Role of Cybersecurity
in the Russia-Ukraine War. (to
the original material)
- The Riskiest Connected
Devices in Healthcare. (to
the original material)
- Security updates released
for critical bugs in VMware’s Workspace ONE Assist. (to
the original material)
- Malicious ‘Cloud9’ Chrome
extension operates like a remote access trojan. (to
the original material)
- Lacework adds new
analysis, scanning capabilities to its Polygraph Data
Platform. (to
the original material)
- How to address the gaps
with Open XDR sensors. (to
the original material)
- The Rise of the
Police-Advertiser. (to
the original material)
- Sacramento County
Resident Joins EFF Lawsuit After Illegal Sharing of His
Electricity Usage Data Makes Him a Target of Law
Enforcement. (to
the original material)
- APT29 Exploited a Windows
Feature to Compromise European Diplomatic Entity Network. (to
the original material)
- Several Cyber Attacks
Observed Leveraging IPFS Decentralized Network. (to
the original material)
- Experts Warn of Browser
Extensions Spying On Users via Cloud9 Chrome Botnet Network.
(to
the original material)
- Top 5 API Security Myths
That Are Crushing Your Business. (to
the original material)
- New IceXLoader Malware
Loader Variant Infected Thousands of Victims Worldwide. (to
the original material)
- VMware Warns of 3 New
Critical Flaws Affecting Workspace ONE Assist Software. (to
the original material)
- Install Latest Windows
Update ASAP! Patches Issued for 6 Actively Exploited
Zero-Days. (to
the original material)
08.11.2022
- News from cyber security.
- CISA Adds Seven Known
Exploited Vulnerabilities to Catalog. (to
the original material)
- Emotet coming in hot. (to
the original material)
- Gartner 2022 security
trend #4: Distributing decisions. (to
the original material)
- Application security
finally getting its due. (to
the original material)
- Massive ois[.]is Black
Hat Redirect Malware Campaign. (to
the original material)
- 12 percent of employees
take IP with them when leaving a job. (to
the original material)
- Microsoft fixes many
zero-days under attack. (to
the original material)
- Malicious droppers on
Google Play deliver banking malware to victims. (to
the original material)
- How geopolitical turmoil
changed the cybersecurity threat landscape. (to
the original material)
- How micro-VMs can protect
your most vulnerable endpoints. (to
the original material)
- LockBit affiliate uses
Amadey Bot malware to deploy ransomware. (to
the original material)
- Malicious extension lets
attackers control Google Chrome remotely. (to
the original material)
- VMware fixes three
critical auth bypass bugs in remote access tool. (to
the original material)
- Microsoft fixes
ProxyNotShell Exchange zero-days exploited in attacks. (to
the original material)
- Microsoft November 2022
Patch Tuesday fixes 6 exploited zero-days, 68 flaws. (to
the original material)
- Citrix urges admins to
patch critical ADC, Gateway auth bypass. (to
the original material)
- Influencer 'Hushpuppi'
gets 11 years in prison for cyber fraud. (to
the original material)
- Enhance your privacy with
this second phone number app deal. (to
the original material)
- EU Complicit in Spread of
Advanced Spyware, Charges Veld. (to
the original material)
- Feds Warn of Iranian
Threats to Healthcare Sector. (to
the original material)
- China Likely Amasses
Zero-Days Via Vulnerability Disclosure Law. (to
the original material)
- Why Today's Cyber Defense
Requires Offensive Thinking. (to
the original material)
- Who Is Extorting
Australian Health Insurer Medibank? (to
the original material)
- Citrix ADC and Citrix
Gateway are affected by a critical authentication bypass
flaw. (to
the original material)
- SmokeLoader campaign
distributes new Laplas Clipper malware. (to
the original material)
- Medibank confirms
ransomware attack impacting 9.7M customers, but doesn’t pay
the ransom. (to
the original material)
- US DoJ seizes $3.36B
Bitcoin from Silk Road hacker. (to
the original material)
- Snowflake formalizes
integration with Streamlit, making it possible to build
cloud apps with Python. (to
the original material)
- Vast majority of SMBs are
concerned about a ransomware attack on their business. (to
the original material)
- The path to secure cloud
migration. (to
the original material)
- Six ways healthcare
organizations can improve connected device security. (to
the original material)
- The Filter Mandate Bill
Is a Privacy and Security Mess. (to
the original material)
- Politicians Still
Underestimate Smart Cars’ Threat to Privacy. (to
the original material)
- Amadey Bot Spotted
Deploying LockBit 3.0 Ransomware on Hacked Machines. (to
the original material)
- New Laplas Clipper
Malware Targeting Cryptocurrency Users via SmokeLoader. (to
the original material)
- U.S. Seizes Over 50K
Bitcoin Worth $3.3 Billion Linked to Silk Road Dark Web. (to
the original material)
- 5 Reasons to Consolidate
Your Tech Stack. (to
the original material)
07.11.2022
- News from cyber security.
- Blue OLEx 2022 tests the
Standard Operating Procedures of the EU CyCLONe (Cyber
Crisis Liaison Organisation Network Executives). (to
the original material)
- Vulnerability Summary for
the Week of October 31, 2022. (to
the original material)
- Why your phone is slow –
and how you can make it run faster. (to
the original material)
- Hacking baby monitors can
be child’s play: Here’s how to stay safe. (to
the original material)
- New platform aims to
tackle API security problems. (to
the original material)
- Medibank won’t pay the
ransom for data stolen in breach. (to
the original material)
- Phishing threats are
increasingly convincing and evasive. (to
the original material)
- Taking cybersecurity
investments to the next level. (to
the original material)
- False sense of safety
undermines good password hygiene. (to
the original material)
- Azov Ransomware is a
wiper, destroying data 666 bytes at a time. (to
the original material)
- U.S. unmasks hacker who
stole 50,000 bitcoins from Silk Road. (to
the original material)
- Maple Leaf Foods suffers
outage following weekend cyberattack. (to
the original material)
- Ransomware gang threatens
to release stolen Medibank data. (to
the original material)
- Feds Announce Silk Road
Cryptocurrency Haul. (to
the original material)
- Aveanna Healthcare Data
Breach Could Cost Firm More Than $1M. (to
the original material)
- FortiGuard Labs: 2023
Threat Landscape Insights. (to
the original material)
- Using Student Data for
Gambling Apps Is Bad, Says UK ICO. (to
the original material)
- Basics Will Block Most
Ransomware Hits, Says UK Cyber Chief. (to
the original material)
- Medibank Says No to
Paying Hacker's Extortion Demand. (to
the original material)
- ‘Justice Blade’ Hackers
are Targeting Saudi Arabia. (to
the original material)
- Robin Banks
phishing-as-a-service platform continues to evolve. (to
the original material)
- Water sector in the US
and Israel still unprepared to defeat cyber attacks. (to
the original material)
- UK NCSC govt agency is
scanning the Internet for flawed devices in the UK. (to
the original material)
- Abusing Microsoft
Dynamics 365 Customer Voice in phishing attacks. (to
the original material)
- FBI warns of politically
motivated hacktivist activity, DDoS attacks in alert. (to
the original material)
- Attacks on critical
infrastructure doubled in the past year, Microsoft says. (to
the original material)
- Checklist: A cloud
migration to-do list. (to
the original material)
- Embrace your role as a
security guide to earn a seat at the table. (to
the original material)
- Managing software risk in
the automotive software supply chain. (to
the original material)
- Turkey's New
Disinformation Law Spells Trouble For Free Expression. (to
the original material)
06.11.2022
- News from cyber security.
- Week in review:
High-severity OpenSSL vulnerabilities fixed, Patch Tuesday
forecast. (to
the original material)
- LockBit 3.0 gang claims
to have stolen data from Kearney & Company. (to
the original material)
- A cyberattack blocked the
trains in Denmark. (to
the original material)
- Security Affairs
newsletter Round 392. (to
the original material)
- Quality or Quantity? Why
Server Count Doesn’t Matter As Much As You Think. (to
the original material)
05.11.2022
- News from cyber security.
- How does security posture
management guard cloud environments? (to
the original material)
- Microsoft sued for
open-source piracy through GitHub Copilot. (to
the original material)
- Phishing-as-a-Service
Platform Offers MFA Bypass for $1,500. (to
the original material)
- 29 malicious PyPI
packages spotted delivering the W4SP Stealer. (to
the original material)
- Zero-day are exploited on
a massive scale in increasingly shorter timeframes. (to
the original material)
04.11.2022
- News from cyber security.
- Ransomware rages on –
Week in security with Tony Anscombe. (to
the original material)
- Getting started with Zero
Trust Network Access. (to
the original material)
- How secure are your
privileged access employees? (to
the original material)
- Attackers leverage
Microsoft Dynamics 365 to phish users. (to
the original material)
- November 2022 Patch
Tuesday forecast: Wrapping up loose ends? (to
the original material)
- New infosec products of
the week: November 4, 2022. (to
the original material)
- FBI: Hacktivist DDoS
attacks had minor impact on critical orgs. (to
the original material)
- British govt is scanning
all Internet devices hosted in UK. (to
the original material)
- Robin Banks phishing
service returns to steal banking accounts. (to
the original material)
- As Twitter brings on $8
fee, phishing emails target verified accounts. (to
the original material)
- Sexual Assault, Abuse
Victims' Data at Risk in Australia. (to
the original material)
- Cyberattack at Boeing
Disrupts Flight Planning. (to
the original material)
- Vendor Hack Tied to 20
Anesthesiology Practice Breaches. (to
the original material)
- LockBit Claims Attack on
German Auto Parts Giant Continental. (to
the original material)
- ISMG Editors: How the
Ransomware Ecosystem Is Fracturing. (to
the original material)
- SolarWinds May Face SEC
Investigation Over Hack Disclosure. (to
the original material)
- RomCom RAT campaigns
abuses popular brands like KeePass and SolarWinds NPM. (to
the original material)
- The 10th edition of the
ENISA Threat Landscape (ETL) report is out! (to
the original material)
- Cisco addressed several
high-severity flaws in its products. (to
the original material)
- RomCom RAT targets
Ukraine and possibly English-speaking countries. (to
the original material)
- 5 use cases for MDR to
fight ransomware. (to
the original material)
- Sporting events are
irresistible targets for DDoS attacks. (to
the original material)
03.11.2022
- News from cyber security.
- Cybersecurity news of the
week (03.11.2022). (to
the original material)
- Volatile Geopolitics
Shake the Trends of the 2022 Cybersecurity Threat Landscape.
(to
the original material)
- Cisco Releases Security
Updates for Multiple Products. (to
the original material)
- Apple Releases Security
Update for Xcode. (to
the original material)
- CISA Releases Three
Industrial Control Systems Advisories. (to
the original material)
- Businesses want
technologies that allow for passwordless workflows. (to
the original material)
- By breaking down
barriers, we can address the cybersecurity workforce gap. (to
the original material)
- Updated TikTok Privacy
Policy confirms that Chinese staff can access European
users’ data. (to
the original material)
- Fortinet fixed 16
vulnerabilities, 6 rated as high severity. (to
the original material)
- Real-Time Bidding is Bad
for Privacy and Promotes Disinformation. (to
the original material)
- Attack Surface Management
2022 Midyear Review Part 3. (to
the original material)
- The future starts now: 10
major challenges facing cybersecurity. (to
the original material)
- How to level up in
today’s IIoT threat landscape. (to
the original material)
- What Is Cross-Origin
Resource Sharing (CORS)? (to
the original material)
- The consequences of a
years-old SQLite vulnerability. (to
the original material)
- Vendor fraud techniques
used to bypass Office 365 security. (to
the original material)
- Automated threats
responsible for 62 percent of eCommerce security incidents.
(to
the original material)
- RomCom RAT malware
campaign impersonates KeePass, SolarWinds NPM, Veeam. (to
the original material)
- New Crimson Kingsnake
gang impersonates law firms in BEC attacks. (to
the original material)
- LockBit ransomware claims
attack on Continental automotive giant. (to
the original material)
- OPERA1ER hackers steal
over $11 million from banks and telcos. (to
the original material)
- ALMA Observatory shuts
down operations due to a cyberattack. (to
the original material)
- New clipboard hijacker
replaces crypto wallet addresses with lookalikes. (to
the original material)
- Black Basta ransomware
gang linked to the FIN7 hacking group. (to
the original material)
- Dropbox Data Breach
Another Multifactor Fail. (to
the original material)
- UK NCSC Says Friendly
Spooks Scanning British Internet. (to
the original material)
- Cybersecurity Is Patient
Safety, Says US Senator. (to
the original material)
- More State-Sponsored OT
Hacking To Come, Says ENISA. (to
the original material)
- Smooth 'Opera1er':
French-Speaking Gang Steals $11 Million. (to
the original material)
- Ransomware: 'To Pay or
Not to Pay' Question Faces Medibank. (to
the original material)
- LockBit ransomware gang
claims the hack of Continental automotive group. (to
the original material)
- 250+ U.S. news sites
spotted spreading FakeUpdates malware in a supply-chain
attack. (to
the original material)
- Experts link the Black
Basta ransomware operation to FIN7 cybercrime gang. (to
the original material)
- Password security still
an issue despite rising cybersecurity education. (to
the original material)
- Analysts track gift cards
to see how scammers use them in BEC attacks. (to
the original material)
- Everything You Need to
Know About Cyberattacks on US Hospitals. (to
the original material)
- Behind the Scenes
Exclusive: PIA’s 50 Servers in 50 States Campaign. (to
the original material)
02.11.2022
- News from cyber security.
- 130 Dropbox code repos
plundered after successful phishing attack. (to
the original material)
- Group indicted for
breaching CPA, tax preparation firms via stolen credentials.
(to
the original material)
- 32% of cybersecurity
leaders considering quitting their jobs. (to
the original material)
- IDC Analyst Brief reveals
how passwords aren’t going away. (to
the original material)
- Hundreds of U.S. news
sites push malware in supply-chain attack. (to
the original material)
- Emotet botnet starts
blasting malware again after 5 month break. (to
the original material)
- Dozens of PyPI packages
caught dropping 'W4SP' info-stealing malware. (to
the original material)
- Vodafone Italy discloses
data breach after reseller hacked. (to
the original material)
- U.S. govt employees
exposed to mobile attacks from outdated Android, iOS. (to
the original material)
- Ransomware Attack
Disrupts Japanese Hospital for 2nd Day. (to
the original material)
- How 'Recognized Security
Practices' Fit with HIPAA Actions. (to
the original material)
- Oreo Maker Settles With
Insurer Over NotPetya Damages Claim. (to
the original material)
- Aaron's CISO On Forging
Strong C-Suite Relationships. (to
the original material)
- Strategies to Mitigate
Risk During Mergers and Acquisitions. (to
the original material)
- Government workers face
more phishing attacks on mobile devices. (to
the original material)
- Dropbox incident raises
questions about how much security pros can depend on MFA. (to
the original material)
- The new pillars of modern
security: workloads, identities, and data. (to
the original material)
- 4 Malicious apps on Play
Store totaled +1M downloads. (to
the original material)
- SandStrike, a previously
undocumented Android malware targets a Persian-speaking
religion minority. (to
the original material)
- Dropbox discloses
unauthorized access to 130 GitHub source code repositories.
(to
the original material)
- OpenSSL fixed two
high-severity vulnerabilities. (to
the original material)
- Barracuda XDR Insight:
Threat severity rises during vacation months. (to
the original material)
- The true cost of gaming.
(to
the original material)
- ID fraud levels still
high despite post-pandemic drop. (to
the original material)
01.11.2022
- News from cyber security.
- OpenSSL Releases Security
Update. (to
the original material)
- CISA Upgrades to TLP 2.0.
(to
the original material)
- CISA Releases One
Industrial Control Systems Advisory. (to
the original material)
- High-severity OpenSSL
vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786). (to
the original material)
- What developers want and
how to keep them on your team. (to
the original material)
- Infosec products of the
month: October 2022. (to
the original material)
- Dropbox discloses breach
after hacker stole 130 GitHub repositories. (to
the original material)
- Malicious Android apps
with 1M+ installs found on Google Play. (to
the original material)
- OpenSSL fixes two high
severity vulnerabilities, what you need to know. (to
the original material)
- New SandStrike spyware
infects Android devices via malicious VPN app. (to
the original material)
- Microsoft fixes critical
RCE flaw affecting Azure Cosmos DB. (to
the original material)
- Google ad for GIMP.org
served info-stealing malware via lookalike site. (to
the original material)
- White House Ransomware
Confab Ends With Data Sharing Pledge. (to
the original material)
- Ransomware Attacks Pose
Biggest Threat to UK Organizations. (to
the original material)
- Healthcare Sector Urged
to Address OpenSSL Flaws. (to
the original material)
- Not Heartbleed: OpenSSL
Vulnerability Not 'Critical' Anymore. (to
the original material)
- The Rise of Online Scams,
Why New Security Tools Are Needed. (to
the original material)
- Should Australia's
Medibank Give in to Extortionists? (to
the original material)
- Zero trust and securing
the cloud take center stage at Cisco event. (to
the original material)
- Nearly one-third of
cybersecurity leaders have considered leaving their
organizations. (to
the original material)
- Modernizing data security
within DoD (Department of Defense) requires attribute-based
access control. (to
the original material)
- LockBit 3.0 gang claims
to have stolen data from Thales. (to
the original material)
- Experts warn of critical
RCE in ConnectWise Server Backup Solution. (to
the original material)
- Ransomware activity and
network access sales in Q3 2022. (to
the original material)
- Samsung Galaxy Store flaw
could have allowed installing malicious apps on target
devices. (to
the original material)
- Stop the Copyright Creep.
(to
the original material)
- Threat Advisory: High
Severity OpenSSL Vulnerabilities. (to
the original material)
- The Importance of Having
a Cyber Security Response Plan. (to
the original material)
- Black Friday & Cyber
Monday Ecommerce Security Threats. (to
the original material)
- 5 reasons to keep your
devices and their software up to date. (to
the original material)
- The spy who rented to me?
Throwing the spotlight on hidden cameras in Airbnbs. (to
the original material)
- Adopting IIoT, OT
security in 2022: Interconnectivity makes work easier and
security harder. (to
the original material)
Archive:
Click here to access CMS (Content Management System) in Joomla.
Source:
Note Dorin M.
This site has a double
form, one in HTML and one in Joomla (if you are interested
in the utility behind this effort you can read the "Why
a HTML and a CMS (Joomla)" page).
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
That's why I suggest you, depending on your desire, to use the HTML form for simple browsing / information or the Joomla form if you want in-depth studies / searches using the CMS search engine.
Dorin M - November 09,
2022