• 5/26/2022

  Industrial Spy Data Extortion Market Gets Into the Ransomware Game Three-quarters of Security Pros Believe Current Cybersecurity Strategies Will Shortly Be Obsolete Attribution Is Key to Holding Cyber Criminals Accountable Cybergang Claims REvil Is Back, Executes DDoS Attacks Most CFOs Being Left Out of Ransomware Conversations 10 Tips to Develop Cybersecurity Knowledge Within Organizations Spring Cleaning Checklist: Keep Your Devices Safe at Work Google Urged to Stop Tracking Location Data Ahead of Roe Reversal Broadcom Is Acquiring VMware for $61 Billion Google Is Adding These IT Security Integrations to Chrome Windows 11 KB5014019 Breaks Trend Micro Ransomware Protection Cyber Attack, Threat of Bad Weather Can’t Stop Whitmer High School (OH) Graduation

  Millions of People’s Info Stolen From MGM Resorts Dumped on Telegram for Free Austria’s Carinthia Halts Passport Issuance Over Ransomware Attack Alameda Health System (CA) Files Notice of Recent Data Breach New ERMAC 2.0 Android Malware Steals Accounts, Wallets From 467 Apps Critical ‘Pantsdown’ BMC Vulnerability Affects QCT Servers Used in Data Centers Zyxel Warns of Flaws Impacting Firewalls, APs, and Controllers OAS Platform Vulnerable to Critical RCE and API Access Flaws Tails OS Users Advised Not to Use Tor Browser Until Critical Firefox Bugs are Patched Exploit Released for Critical VMware Auth Bypass Bug, Patch Now Microsoft Shares Mitigation for Windows KrbRelayUp LPE Attacks

• 5/25/2022

  Beijing Needs the Ability to ‘Destroy’ Starlink, Say Chinese Researchers Iran Used Secret U.N. Records to Evade Nuclear Probes Feds Say Twitter Used Contact Info Collected for Security Purposes to Target Ads Interpol Arrest Leader of SilverTerrier Cybercrime Gang Behind BEC Attacks Global Oil and Gas Companies Join Pledge for Cyber Resilience Verizon Report: Ransomware, Human Error Among Top Security Risks Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room Hacker Says Hijacking Libraries, Stealing AWS Keys Was Ethical Research

  SpiceJet Airline Passengers Stranded After Ransomware Attack Data Breach at Scarborough Health Network Hospitals (ON) Possibly Exposed Patient Info Data Breach Nederlander Theatrical Corp (NY) Compromises Over 14,000 Names and SSNs Darknet Market Versus Shuts Down After Hacker Leaks Security Flaw Tails 5.0 Linux Users Warned Against Using It “For Sensitive Information” New ‘Cheers’ Linux Ransomware Targets VMware ESXi Servers New ChromeLoader Malware Surge Threatens Browsers Worldwide BPFDoor Malware Uses Solaris Vulnerability to Get Root Privileges

• 5/24/2022

  Hacked Police Computer Servers: The Faces From China’s Uyghur Detention Camps Personal Data of Tens of Millions of Russians and Ukrainians Exposed Online Hackers Target Russian Gov’t With Fake Windows Updates Pushing RATs Russian Diplomat Warns Against Global ‘Cyber Confrontation’ Open Source Intelligence May Be Changing Old-School War Microsoft Warns of Web Skimmers Mimicking Google Analytics and Meta Pixel Code A Favorite of Cybercriminals and Nation States, Ransomware Incidents Increase Again IBM Is Helping These Schools Build Up Their Ransomware Defenses Senate Report Reveals Gaps in Data Collection on Ransomware Payments Facebook Opens Political Ad Data Vaults to Researchers DuckDuckGo Browser Allows Microsoft Trackers Due to Search Agreement Microsoft: Credit Card Stealers Are Getting Much Stealthier IP and Cybersecurity Disputes Are Top Legal Concerns for Tech Companies

  General Motors Hit by Cyber-Attack Exposing Car Owners’ Personal Info Washington University of St. Louis School of Medicine Notifies Patients of Data Breach Jackson County Hospital (TX) Announces Data Breach Affecting Patient and Employee Data Cyber Attack Shuts Down Somerset County (NJ) Email Data Breach Reported at Schneck Medical Center (IN): Patient SSN’s Exposed New Chaos Ransomware Builder Variant “Yashma” Discovered in the Wild Screencastify Chrome Extension Flaws Allow Webcam Hijacks Popular Python and PHP Libraries Hijacked to Steal AWS Keys Researchers to Release Exploit for New VMware Auth Bypass, Patch Now Patch Now: Zoom Chat Messages Can Infect PCs, Macs, Phones With Malware Trend Micro Fixes Bug Chinese Hackers Exploited for Espionage Mozilla Fixes Firefox, Thunderbird Zero-Days Exploited at Pwn2Own CISA Adds 41 Vulnerabilities to List of Bugs Used in Cyberattacks

• 5/23/2022

  Military-Made Cyberweapons Could Soon Become Available on the Dark Web, Interpol Warns South Korean and U.S. Presidents Gang Up on North Korea’s Cyber-Offensives Russian Hackers Perform Reconnaissance Against Austria, Estonia Fronton: Russian IoT Botnet Designed to Run Social Media Disinformation Campaigns Anonymous Declares Cyber-War on Pro-Russian Hacker Gang Killnet How GDPR Is Failing Porsche Rolls Out Board-Approved Privacy Strategy Broadcom in Talks to Pay About $60 Billion for VMware Mark Zuckerberg Sued Over Cambridge Analytica Data Breach

  Hackers Breach Zola Wedding Registry Accounts and Make Fraudulent Purchases Online Classes Resume After Cyber Attack at Kalamazoo Valley Community College (MI) New RansomHouse Group Sets up Extortion Market, Adds First Victims Photos of Abused Victims Used in New ID Verification Scam Charity Or Cybercrime? Goodwill Ransomware Cracks Your Decryption If You Donate Fake Windows Exploits Target Infosec Community With Cobalt Strike New Unpatched Bug Could Let Attackers Steal Money from PayPal Users Hackers Can Hack Your Online Accounts Before You Even Register Them

• 5/20-22/2022

  Canada Bans Huawei Equipment From 5G Networks, Orders Removal by 2024 Microsoft Bing Censors Politically Sensitive Chinese Terms America’s Small Businesses Aren’t Ready for a Cyberattack Conti Ransomware Shuts Down Operation, Rebrands Into Smaller Units Google Chat Adds Warning Banners to Protect Against Phishing Attacks Google Antitrust: Bipartisan Congress Bill Latest in Legal Troubles Over Advertising Practices Crypto Might Have an Insider Trading Problem Elon Musk Deep Fakes Promote New Cryptocurrency Scam UK Sextortion Cases Doubled in 2021 SolarWinds Ready to Move Past Breach and Help Customers Manage Theirs Windows 11 Hacked Again at Pwn2Own, Telsa Model 3 Too …Windows 11 Hacked Three More Times on Last Day of Pwn2Own Contest

  Fears Grow for Smaller Nations After Ransomware Attack on Costa Rica Escalates Russian Sberbank Says It’s Facing Massive Waves of DDoS Attacks Ransomware Attack Exposes Data of 500,000 Chicago Public School Students …Vendor Battelle for Kids Trust Stamp, a Facial Recognition Company With ICE Contract, Exposed Data in Breach Google: Predator Spyware Infected Android Devices Using Zero-Days PDF Smuggles Microsoft Word Doc to Drop Snake Keylogger Malware Researchers Find Backdoor in School Management Plugin for WordPress Malicious PyPI Package Opens Backdoors on Windows, Linux, and Macs Cisco Issues Patch for New IOS XR Zero-Day Vulnerability Exploited in the Wild

• 5/19/2022

  Biden Says Sweden and Finland Have the ‘Full Backing’ of the United States to Join NATO Russian-Backed Hackers Behind Disinformation Campaigns Intended to Divide Ukraine Iran, China-Linked Gangs Join Putin’s Disinformation War Online North Korean Hackers Weaponize COVID Outbreak in Latest Cyber Attack Spyware Vendors Target Android With Zero-Day Exploits Phishing Websites Now Use Chatbots to Steal Your Credentials Majority of Kubernetes API Servers Exposed to the Public Justice Department Pledges Not to Charge Security Researchers With Hacking Crimes MI5 Agent Used Secret Status to Terrorise Girlfriend Cyber Boot Camps Fall Short for Some Students Half of IT Leaders Store Passwords in Shared Docs Microsoft Teams, Windows 11 Hacked on First Day of Pwn2Own

  Media Giant Nikkei’s Asian Unit Hit by Ransomware Attack DeKalb (GA) Student Newspaper Exposes Data Leak in District’s Online Network Agile Sourcing Partners (CA) Suffers Data Breach Due to Conti Ransomware Attack Greenland Says Health Services ‘Severely Limited’ After Cyberattack Russian Fronton Botnet Does Far More Than DDoS Attacks – And on a Massive Scale QNAP Alerts NAS Customers of New DeadBolt Ransomware Attacks Ransomware Gangs Rely More on Weaponizing Vulnerabilities Microsoft Detects Massive Surge in Linux XorDDoS Malware Activity New Bluetooth Hack Could Let Attackers Remotely Unlock Smart Locks and Cars Lazarus Hackers Target VMware Servers With Log4Shell Exploits

• 5/18/2022

  Costa Rican President Says Country Is ‘at War’ With Conti Ransomware Group U.S. Saw Signs of Decline in Russian Ransomware Strikes at Start of Ukraine War NATO Cyber Coordinators Hold First-Ever Meeting Amid Russia’s Invasion This Hacktivist Site Lets You Prank Call Russian Officials Krebs: Senators Urge FTC to Probe ID.me Over Selfie Data Liveness Tests Used by Banks to Verify ID Are ‘Extremely Vulnerable’ to Deepfake Attacks Google’s DeepMind Says It Is Close to Achieving ‘Human-Level’ Artificial Intelligence New York Attorney General to Probe Social Media Companies’ Role in Buffalo Shooting Cyber Insurers Raise Rates Amid a Surge in Costly Hacks APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang U.S. Recovers $15 Million From Global Kovter Ad Fraud Operation Spanish Police Dismantle Phishing Gang That Emptied Bank Accounts

  Chinese ‘Space Pirates’ Are Hacking Russian Aerospace Firms Pharmacy Giant Dis-Chem Hit By Data Breach Affecting 3.6 Million Customers Washington Local Schools (OH) Hit With Cyber Attack on Wednesday Bank of Zambia Hit by Ransomware Trolls Hackers With Dick Pics Fake Crypto Sites Lure Wannabe Thieves by Spamming Login Credentials Critical Jupiter WordPress Plugin Flaws Let Hackers Take Over Sites Hackers Gain Fileless Persistence on Targeted SQL Servers Using a Built-in Utility April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell VMware Patches Critical Auth Bypass Flaw in Multiple Products DHS Orders Federal Agencies to Patch VMware Bugs Within 5 Days CISA Shares Guidance to Block Ongoing F5 BIG-IP Attacks FBI and NSA Say: Stop Doing These 10 Things That Let the Hackers In

• 5/17/2022

  Ransomware Gang Hacks Costa Rica, Asks Residents to Overthrow the Government U.S. Warns Over Risk of Hiring North Korea Spies Posing As IT Workers Krebs: When Your Smart ID Card Reader Comes With Malware Cybersecurity Agencies Reveal Top Initial Access Attack Vectors HTML Attachments Remain Popular Among Phishing Actors in 2022 Google Will Start Distributing a Security-Vetted Collection of Open-Source Software Libraries Microsoft Defender for Endpoint Gets New Troubleshooting Mode U.S,. Cyber Officials Express Confidence Over ‘Significant Progress’ in Federal Security Local Government’s Guide to Minimizing the Risk of a Cyberattack China Has Signaled Easing of Its Tech Crackdown — But Don’t Expect a Policy U-Turn Musk, Twitter CEO Spar Over Bot Accounts, Tanking Share Price

  Ransomware Hits American Healthcare Company Omnicell Auction.com Data Breach Due to Conti Ransomware Attack Christus Health (TX) Experienced Unauthorized Activity on Its Computer Network More Than 90,000 South Australian Public Servants Now Involved in 2021 Payroll Data Breach Hackers Target Tatsu WordPress Plugin in Millions of Attacks Pentester Pops Open Tesla Model 3 Using Low-Cost Bluetooth Module Microsoft Warns of “Cryware” Info-Stealing Malware Targeting Crypto Wallets UpdateAgent Returns with New macOS Malware Dropper Written in Swift Digital Skimming is Now the Preserve of Non-Magecart Groups NVIDIA Fixes Ten Vulnerabilities in Windows GPU Display Drivers CISA Warns Admins to Patch Actively Exploited Spring, Zyxel Bugs

• 5/16/2022

  Sweden Warns of Russian Cyber Retaliation Over NATO Membership Move Ukraine Supporters in Germany Targeted With PowerShell Rat Malware Cyber Attack on Costa Rica Grows as More Agencies Hit, President Says Researchers Devise iPhone Malware That Runs Even When Device Is Turned Off China Has Been Quietly Building a Blockchain Platform: Here’s What We Know U.S. Courts Are Coming After Crypto Exchanges That Skirt Sanctions U.S. Charges Venezuelan Doctor With Selling Ransomware Used by Iranian Group San Francisco Police Use Driverless Cars for Surveillance

  U.S. Manufacturing Giant Parker Hit by Conti Ransomware Gang Covenant Care California Reports Data Breach Texas Department of Insurance Exposed Personal Info of 1.8 Million, Audit Says Apple Emergency Update Fixes Zero-Day Used to Hack Macs, Watches Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors …CISA ‘Temporarily’ Removes Windows Vulnerability From Its Must-Patch List Kali Linux 2022.2 Released With 10 New Tools, WSL Improvements, and More Third-Party Web Trackers Log What You Type Before Submitting

• 5/13-15/2022

  Finland, Sweden’s NATO Moves Prompt Fears of Russian Cyberattacks Google Chrome Updates Failing on Android Devices in Russia Ukraine: The Spy War Within the War Iranian Hackers Exposed in a Highly Targeted Espionage Campaign Italian CERT: Hacktivists Hit Gov’t Sites in ‘Slow HTTP’ DDoS Attacks Phishing Attack Pop-up Targets MetaMask Users Visiting Popular Crypto Sites Shopping for Malware: $260 Gets You a Password Stealer. $90 for a Crypto-Miner… The NSA Swears It Has ‘No Backdoors’ in Next-Gen Encryption EU Agrees New Cybersecurity Legislation for Critical Services Organizations Open Source Community Hands White House 10-Point Security Plan Crypto Robber Who Lured Victims via Snapchat and Stole £34,000 Jailed Angry IT Admin Wipes Employer’s Databases, Gets 7 Years in Prison

  Anonymous Bulletin Board App Yik Yak Is Revealing Its Users’ Exact Locations Cyberattacks Reported by McKenzie Health System (MI) & Omnicell (CA) Personal Information Breached in Elgin County (ON) Cyber Security Attack Cyber Mistake: Cincinnati Inadvertently Posted Employees’ Personal Data Online Fake Pixelmon NFT Site Infects You With Password-Stealing Malware Fake Binance NFT Mystery Box Bots Steal Victim’s Crypto Wallets New Saitama Backdoor Targeted Official From Jordan’s Foreign Ministry Microsoft: Sysrv Botnet Targets Windows, Linux Servers With New Exploits Hackers Exploiting Critical Bug in Zyxel Firewalls & VPNs SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices Microsoft Fixes New PetitPotam Windows NTLM Relay Attack Vector Just in Time? Bosses Are Finally Waking up to the Cybersecurity Threat

• 5/12/2022

  Krebs: DEA Investigating Breach of Law Enforcement Data Portal U.S. Signs Multilateral Treaty to Combat Cybercrime The Stakes ‘Could Not Be Any Higher’: CISA Chief Talks About the Tech Challenges Ahead Federal Judiciary ‘Vulnerable’ to Cyberattacks, U.S. Lawmakers Told The Hidden Race to Protect the U.S. Bioeconomy From Hacks They Fled Ukraine to Keep Their Cyber Startup Alive. Now, They’re Hacking Back. Ukrainian Imprisoned for Selling Access to Thousands of PCs Ex-eBay Exec Charged With Harassing Newsletter Publishers Pleads Guilty Europe Proposes Tackling Child Abuse by Killing Privacy, Strong Encryption

  Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites Refuah Health Center (NY) Suffers Cybersecurity Incident, 260K Impacted Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks Malware Builder ‘Portu’ Leverages Discord Webhooks to Create ‘KurayStealer’ BPFdoor: Stealthy Linux Malware Bypasses Firewalls for Remote Access Eternity Malware Kit Offers Stealer, Miner, Worm, Ransomware Tools Zyxel Silently Fixes Critical RCE Vulnerability in Firewall Products Nokia Opens New Cybersecurity End-to-End 5G Testing Lab

• 5/11/2022

  Pro-Russian Hackers Target Italy Institutional Websites -ANSA News Agency Virtual Casino With Alleged Ties to Russia Hit With Multistate Cease-And-Desist Order Federal Agencies Issue Warning to Third-Party Security Firms OpenSea Is Adding NFT Copy Detection and Verification Features Android 13 Tries to Make Privacy and Security a No-Brainer Yahoo Japan Strives for Universal Passwordless Authentication Novel Phishing Trick Uses Weird Links to Bypass Spam Filters Sunday Security Launches a Cybersecurity Service for Senior Execs Businesses Seek to Soften SEC Cyber Rules Elon Musk Says He’s ‘Very Much on the Same Page’ as the EU on Social Media Laws

  Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia Researchers Warn of Nerbian RAT Targeting Entities in Italy, Spain, and the UK Canadian Fighter Jet Training Company Top Aces Investigating Ransomware Attack Cornwall Council Data Breach: Children’s Details Published Critical F5 Big-IP Vulnerability Exploited to Wipe Devices …CISA Tells Federal Agencies to Fix Actively Exploited F5 Big-IP Bug Intel Memory Bug Poses Risk for Hundreds of Products HP Fixes Bug Letting Attackers Overwrite Firmware in Over 200 Models Krebs: Microsoft Patch Tuesday, May 2022 Edition New IceApple Exploit Toolset Deployed on Microsoft Exchange Servers

• 5/10/2022

  Russia Downed Satellite Internet in Ukraine -Western Officials Spain’s Spy Chief Sacked After Pegasus Spyware Revelations UK Government Security Experts Take Down 2.7 Million Scams UK Gov’t Releases Free Tool to Check for Email Cybersecurity Risks AMD Gave Google Cloud Rare Access to Its Tech to Hunt Chip Flaws British Man Charged in New York With Hacking Into Bank Computers, Stealing Millions Abnormal Security Raises $210 Million in Series C Funding Round GitHub Announces Enhanced 2FA Experience for NPM Accounts Musk Says He’d Reverse Trump’s Twitter Ban

  AA Traveller (New Zealand) Apologises After Massive Data Breach Cyber Attack Prompts Security Response by Oregon Secretary of State Elephant Insurance (VA) Reports Data Breach German Automakers Targeted in Year-Long Malware Campaign FluBot Android Malware Targets Finland in New SMS Campaigns New REvil Samples Indicate Ransomware Gang is Back After Months of Inactivity Hackers Actively Exploit F5 BIG-IP Bug Microsoft Fixes New NTLM Relay Zero-Day in All Windows Versions Microsoft May 2022 Patch Tuesday Fixes 3 Zero-Days, 75 Flaws

• 5/9/2022

  Hackers Replace Russian TV Schedules During ‘Victory Day’ With Anti-War Messages Costa Rica Declares National Emergency After Conti Ransomware Attacks Biden Admin Announces Expansion of Free High-Speed Internet to Eligible U.S. Households Biden Signs Cybercrime Tracking Bill Into Law Lincoln College (IL) Is Shutting Down for Good Following a Ransomware Attack Clearview AI Agrees to Limit Sales of Facial Recognition Database Microsoft Launches Cybersecurity Services to Help Clients Fight Off Ransomware and Other Attacks …Combines Tech and Human Experts China Wants Its Youth to Stop Giving Livestreamers Money

  Hackers Are Now Hiding Malware in Windows Event Logs Cyberattack on Tenet Florida Hospitals Also Affected 5 Steward Hospitals City of Quincy (IL) Hit With Cyber Attack; Cannot Send or Receive Email Experts Sound Alarm on DCRat Backdoor Being Sold on Russian Hacking Forums Ukrainian CERT Warns Citizens of a New Wave of Cyberattacks Distributing Jester Malware Another Set of Joker Trojan-Laced Android Apps Resurfaces on Google Play Store Hackers Exploiting Critical F5 BIG-IP Bug, Public Exploits Released Microsoft Releases Fixes for Azure Flaw Allowing RCE Attacks

• 5/6-8/2022

  Experts Uncover New Espionage Attacks by Chinese ‘Mustang Panda’ Hackers U.S. Treasury Sanctions Cryptocurrency Tool Blender Used by North Korea UK Sanctions Russian Microprocessor Makers, Banning Them From ARM U.S. Offers $15 Million Reward for Information on Conti Ransomware Group Chinese Ride-Hailing Giant Didi Says U.S. Regulator Is Investigating Its $4 Billion IPO Fake Crypto Giveaways Steal Millions Using Elon Musk Ark Invest Video Caramel Credit Card Stealing Service Is Growing in Popularity Krebs: Your Phone May Soon Replace Many of Your Passwords What We’ve Learned in the 12 Months Since the Colonial Pipeline Attack

  Data breach Discovered at IKEA Canada impacts 95,000 Customers California State Bar Notifies 1,300 People Identified in Data Breach U.S. Agricultural Machinery Maker AGCO Hit by Ransomware Attack Ferrari Subdomain Hijacked to Push Fake Ferrari NFT Collection OpenSea’s Official Discord Compromised in a Phishing Attack That Stole $18K+ of NFTs QNAP Releases Firmware Patches for 9 New Flaws Affecting NAS Devices Exploits Created for Critical F5 Big-Ip Flaw, Install Patch Immediately Check Your Gems: RubyGems Fixes Unauthorized Package Takeover Bug Trend Micro Antivirus Modified Windows Registry by Mistake — How to Fix

• 5/5/2022

  Top U.S. Cyber Officials Warn Against Underestimating Russia’s Cyber Capability Ukraine’s IT Army Is Disrupting Russia’s Alcohol Distribution U.S. Intelligence Is Helping Ukraine Kill Russian Generals, Officials Say Pentagon Denies U.S. Shared Intel to Target Russian Generals Biden Orders New Quantum Push to Ensure Encryption Isn’t Cracked by Rivals Biden Signs Bill Aimed At Improving Data Collection on Cybercrime Hunter Biden Laptop Repairman Sues Over Hacker Allegations How to Secure Your Phone Before Attending a Protest Apple, Google, and Microsoft Will Support Passwordless Sign-in Soon A Security Researcher Easily Found My Passwords & More VPN Providers Threaten to Quit India Over New Data Law FBI: Thailand and Hong Kong Banks Used Most in BEC South Korea Admitted to NATO Cyber Defense Center

  Illuminate Data Breach Impacts More School Districts Thousands of Borrowers’ Data Exposed from ENCollect Debt Collection Service Douglas County (CO) Students’ Information Exposed in Data Breach Regional Eye Associates of Morgantown (WV) Reports Data Breach Heroku Forces User Password Resets Following GitHub OAuth Token Theft New NetDooka Malware Spreads via Poisoned Search Results New Raspberry Robin Worm Uses Windows Installer to Drop Malware Screen-Sharing Scams on the Rise, Watchdog Warns NIST Updates Guidance for Defending Against Supply-Chain Attacks Researchers Disclose Years-Old Vulnerabilities in Avast and AVG Antivirus Google Fixes Actively Exploited Android Kernel Vulnerability Tor Project Upgrades Network Speed Performance With New System

• 5/4/2022

  New Report Uncovers Massive Chinese ‘Winnti APT’ aka APT41 Hacking of Trade Secrets Pro-Ukraine Hackers Use Docker Images to DDoS Russian Sites Ethiopia ‘Foils’ Cyber-Attack on Nile Dam, Financial Institutions FBI Says Business Email Compromise Is a $43 Billion Scam Attackers Hijack UK NHS Email Accounts to Steal Microsoft Logins UK Cyber-Security Chiefs Warn of Malicious App Risk India’s New Super App Has a Privacy Problem California Pushes Ahead With Kids’ Online Safety Proposals as Washington Stalls Jury Awards Columbia University $185 Million in NortonLifeLock Patent Trial

  Pixiv, Deviantart Artists Hit by NFT Job Offers Pushing Malware State Bar of Georgia Reels From Cyber-Attack Transport for New South Wales Struck by Cyber Attack Attackers Use Event Logs to Hide Fileless Malware Communication Around Heroku Security Incident Dubbed ‘Train Wreck’ F5 Warns of Critical BIG-IP RCE Bug Allowing Device Takeover Critical RCE Bug Reported in dotCMS Content Management Software Cisco Fixes NFVIS Bugs That Help Gain Root and Hijack Hosts GitHub Will Require All Code Contributors to Use Two-Factor Authentication in 2023

• 5/3/2022

  Leaked Draft Opinion Shows Supreme Court Has Voted to Overturn Roe v. Wade …Supreme Court Chief Justice Roberts Confirms Leak, Says Court Will Investigate Data Broker Is Selling Location Data of People Who Visit Abortion Clinics CDC Tracked Millions of Phones to See If Americans Followed COVID Lockdown Orders Google: State-Backed Hackers Ramp up Cyber Operations in Eastern Europe Google: Chinese State Hackers Keep Targeting Russian Gov’t Agencies Krebs: Russia to Rent Tech-Savvy Prisoners to Corporate IT? Experts Analyze Conti and Hive Ransomware Gangs’ Chats With Their Victims SEC Nearly Doubles Crypto Enforcement Unit, Citing Fraud Risk in Booming Cryptocurrency Market

  Chinese Cyber-Espionage Group Moshen Dragon Targets Asian Telcos New Ransomware Strains Linked to North Korean APT38 Gov’t Hackers New Phishing Warns: Your Verified Twitter Account May Be at Risk University of Essex Data Breach Being Taken ‘Very Seriously’ Rhode Island Public Transit Authority (RIPTA) Releases Note From Hackers in Ransomware Attack ‘Sophisticated’ Ransomware Attack Hits Westchester (NY) Libraries Conti, REvil, LockBit Ransomware Bugs Exploited to Block Encryption Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches Unpatched DNS Bug Affects Millions of Routers and IoT Devices

• 5/2/2022

  Israel Keen to Set up Cyber ‘Iron Dome’ to Curb Rise in Attacks Chinese “Override Panda” Hackers Resurface With New Espionage Attacks Cyberspy Group UNC3524 Use IP Cameras to Deploy Backdoors, Steal Exchange Emails Grindr User Data Was Sold Through Ad Networks For Years Spyware Found on Spanish PM’s Phone American Idol Winner Accused of Spying on Ex-Girlfriend Mozilla Finds Mental Health Apps Fail ‘Spectacularly’ at User Security, Data Policies EU Accuses Apple of Abusing Mobile-Payment Market Power 1,300+ Austin Peay Students Sign Petition to Cancel Final Exams After Cyber Attack

  U.S. DOD Tricked Into Paying $23.5 Million to Phishing Actor Car Rental Giant Sixt Facing Disruptions Due to a Cyberattack Health Startup MyNurse to Shut Down After Data Breach Exposed Health Records Indian Health Service Clinic (OK) Hit by Cyber Attack, Delaying Refills and Appointments Ransomware Attack Shuts Down Kellogg Community College (MI) Hackers Sneak Code Onto Oulu, Finland City Website to Mine Cryptocurrency Google SMTP Relay Service Abused for Sending Phishing Emails Dell Brings Data Recovery Tools to Apex and the Cloud Microsoft Defender for Business Stand-Alone Now Generally Available

• 4/29-5/1/2022

  Russia’s Cyber Warfare Against Ukraine More Nuanced Than Expected …Hacktivists and Cybercriminals Wreak Havoc in Russia …Ukraine War Speeds up U.S. Cyber Agenda FBI Conducted Potentially Millions of Searches of Americans’ Data Last Year, Report Says Indian Gov’t Orders Organizations to Report Security Breaches Within 6 Hours to CERT-In China Plans Reprieve for Tech Giants, Including Delaying New Rules, as Economy Slows Microsoft Is Adding a Free Built-in VPN to Its Edge Browser Applied for Student Aid Online? Facebook Saw You. Krebs: You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results Google Gives 50% Bonus to Android 13 Beta Bug Bounty Hunters Secret Texas School District Crypto Miner Resigns A YouTuber Is Promoting DDoS Attacks on Russia — How Legal Is This?

  Russian Hackers Compromise Embassy Emails to Target Governments Russian Hacktivists Launch DDoS Attacks on Romanian Gov’t Sites Nordic Hotels & Resorts Data Compromised Breast Cancer Charity Exposed Sensitive Images of U.S. Patients Los Angeles County Department of Mental Health Compromised by a Cyber Attack in 2021 Fei Protocol and Rari Capital Pools Hit By $80 Million Hack Stablecoin DEX Saddle Finance Hacked for $10 Million Online Library App Onleihe Faces Issues After Cyberattack on Provider REvil Ransomware Returns: New Malware Sample Confirms Gang Is Back Fake Windows 10 Updates Infect You With Magniber Ransomware Open Source ‘Package Analysis’ Tool Finds Malicious NPM, PyPI Packages

• 4/28/2022

  Ukraine Targeted by DDoS Attacks From Compromised WordPress Sites Russia Sanctions Seriously Complicate Paying Ransomware Hackers Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group Beware: Onyx Ransomware Destroys Files Instead of Encrypting Them EmoCheck Now Detects New 64-Bit Versions of Emotet Malware Hollywood’s Fight Against VPNs Turns Ugly Europol: Deepfakes Set to Be Used Extensively in Organized Crime Twitter’s New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal

  Austin Peay State University Resumes After Ransomware Cyber Attack Cyber Attack At Worcester Hospital (MA) Delays Emergency Room Services Massy Stores Crippled by Cyber Attack Cloudflare Stomps Huge DDoS Attack on Crypto Platform Cybercriminals Using New Malware Loader ‘Bumblebee’ in the Wild NPM Flaw Let Attackers Add Anyone as Maintainer to Malicious Packages Synology Warns of Critical Netatalk Bugs in Multiple Products Microsoft Fixes ExtraReplica Azure Bugs That Exposed User Databases

• 4/27/2022

  Microsoft Uncovers Extensive Russian Cyber Operations in Ukraine Chinese Hackers APT Bronze President Targeting Russian Military with Updated PlugX Malware Russia Is Being Hacked at an Unprecedented Scale Chinese Drone-Maker DJI Suspends Ops in Russia, Ukraine 1Password Syncing Went Down for a Few Hours Today During a Database Upgrade How Industry Leaders Should Approach Open Source Security Cyber Skills Gap Linked to Breaches North Koreans Are Jailbreaking Phones to Access Forbidden Media Google May Now Remove Search Results That Dox You Krebs: Fighting Fake EDRs With ‘Credit Ratings’ for Police Uber Ordered to Produce Records About 2016 Hack and Cover-Up

  Smile Brands Breach from 2021 Impacts 2.5 Million Individuals Columbus Housing Authority (OH) Suffers Data Breach; Client Personal Info Possibly Stolen Battelle for Kids Exposes Student Info Across Ohio Russian Gov’t Impersonators Target Telcos in Phishing Attacks GitHub: How Stolen OAuth Tokens Helped Breach Dozens of Orgs New Black Basta Ransomware Springs Into Action With a Dozen Breaches RIG Exploit Kit Drops Redline Malware via Internet Explorer Bug QNAP Warns Users to Disable Afp Until It Fixes Critical Bugs New Nimbuspwn Linux Vulnerability Gives Hackers Root Privileges Millions of Java Apps Remain Vulnerable to Log4Shell

• 4/26/2022

  U.S. Offers $10 Million Reward for Information on Russian ‘Sandworm’ Intelligence Officers -State Dept Coca-Cola Probes Pro-Kremlin Gang’s Claims of 161GB Data Theft Data Breach Disrupts UK Army Recruitment Firms Push for CVE-Like Cloud Bug System Inside a Ransomware Incident: How a Single Mistake Left a Door Open for Attackers Five Things to Watch on Musk’s Twitter Deal Will Elon Musk’s Twitter Takeover Have Cybersecurity Implications? EU Warns Elon Musk Over Twitter Moderation Plans Google Play Store Now Forces Apps to Disclose What Data Is Collected Tenable Acquires External Attack Surface Management Vendor for $44.5M

  American Dental Association Hit by New Black Basta Ransomware Tenet Health Investigating Cybersecurity Incident, IT Outage Yuma Regional Medical Center (AZ) Faces Potential Cyber Attack Gurnee-Based Doctor’s Group (IL) Reports Data Breach of Patients’ Personal, Financial Data Ballad Health Discovers Breach of Employee Email Account Emotet Testing New Delivery Ideas After Microsoft Disables VBA Macros by Default Who Is Exploiting VMware Right Now? Probably Iran’s Rocket Kitten, to Name One CISA Adds 7 Vulnerabilities to List of Bugs Exploited in Attacks Public Interest in Log4Shell Fades but Attack Surface Remains

• 4/25/2022

  U.S. Wants Russia ‘Weakened’ So It Can Never Invade Again …Russia Bombs Five Railway Stations in Central and Western Ukraine …European Wind-Energy Sector Hit in Wave of Russian Hacks …Ukraine Invasion Driving DDoS Attacks to All-Time Highs North Korean APT37 Hackers Targeting Journalists With Novel Malware How Failing to Prioritize Cybersecurity Can Hurt Your Company The US Saw a Spike in Child Sexual Abuse URLs in 2021 …CSAM Creator Imprisoned for Life Twitter Accepts Elon Musk’s Offer to Buy Company in $44 Billion Deal

  French Hospital Group Disconnects Internet After Hackers Steal Data Thief Steals $1 Million of Bored Ape Yacht Club NFTS With Instagram Hack Adaptive Health Integrations (ND) Hit by Cyber Attack, More Than 500K Affected Quantum Ransomware Seen Deployed in Rapid Network Attacks Emotet Malware Infects Users Again After Fixing Broken Installer New Powerful Prynt Stealer Malware Sells for Just $100 per Month Critical Bug in Everscale Wallet Could’ve Let Attackers Steal Cryptocurrencies Researchers Report Critical RCE Vulnerability in Google’s VirusTotal Platform

• 4/22-24/2022

  Ukraine’s Postal Service Hit by Cyberattack After Sales of Warship Stamp Go Online They’ve Leaked Terabytes of Russian Emails, but Who’s Reading? Costa Rica’s Alvarado Says Cyber​​Attacks Seek to Destabilize Country as the Government Transitions Russian Hackers Are Seeking Alternative Money-Laundering Options A $3 Billion Silk Road Seizure Will Erase Ross Ulbricht’s Debt Beanstalk Founders Dismissed Concerns About Governance Attacks Before Losing $182 Million Wawa Sues Mastercard Over Data Breach Penalties DOJ Probes Google’s $5.4B Mandiant Acquisition

  Krebs: Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code …T-Mobile Confirms Rio de Janeiro Finance Department Hit With LockBit Ransomware Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability Windows 10 KB5012636 Cumulative Update Fixes Freezing Issues ‘Hack DHS’ Bug Hunters Find 122 Security Flaws in DHS Systems U.S. Gov’t Grants Academics $12M to Develop Cyberattack Defense Tools

• 4/21/2022

  U.S. Treasury Sanctions Russian Cryptocurrency Mining Companies Binance Tells Russian Users With Over €10K to Withdraw Everything Energy Department Invests $12 Million in Cyber Technology House Introduces Cyber Bill Intended to Safeguard Energy Sectors FBI: BlackCat Ransomware Breached at Least 60 Entities Worldwide …FBI Seeks Info on BlackCat Cyber Chiefs Try New Tricks to Attract Talent Hackers Sneak ‘More_Eggs’ Malware Into Resumes Sent to Corporate Hiring Managers YouTube Terminates Account for Hong Kong’s Presumed Next Head of Government GitHub Restores Popular Python Repo Hit by Bogus DMCA Takedown Hackers Earn $400K for Zero-Day ICS Exploits Demoed at Pwn2Own

  Cyber-Attackers Hit Sunwing Airlines Natural Whole Grain Foods Company Bob’s Red Mill Reports Data Breach International Data Corporation Confirms Recent Data Breach Coventry Public Schools (CT) Student Data Breached Within Illuminate Education Product Lincoln College Was Already Struggling: Then Came Ransomware in December Docker Servers Hacked in Ongoing Cryptomining Malware Campaign Critical Chipset Bugs Open Millions of Android Devices to Remote Spying Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails Cisco Umbrella Default SSH Key Allows Theft of Admin Credentials QNAP Asks Users to Mitigate Critical Apache HTTP Server Bugs 3 Ways We Can Improve Cybersecurity

• 4/20/2022

  Federal Agencies, International Partners Issue Warning on Russian Cyber Threats Russian-Linked Shuckworm Crew Ramps up Ukraine Attacks How Russia Is Isolating Its Own Cybercriminals UN Panel Coordinator Urges Stepped up Focus on North Korea Cyber Crime FBI Warns of Ransomware Attacks Targeting U.S. Agriculture Sector Most Email Security Approaches Fail to Block Common Threats Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021 CISA Expands Its Cyber Defense Division to Include Control Systems Expertise Israeli Charged in Global Hacker-For-Hire Scheme Pleads Guilty

  Israeli Sites Under Cyber Attack by Iraqi Hacker Group ‘Altahrea Team’ REvil’s TOR Sites Come Alive to Redirect to New Ransomware Operation Puerto Rico Toll Collection System Hit by Cyberattack NJ Law Firm McCarter & English Experiences Data Breach Okta Ends Lapsus$ Hack Investigation, Says Breach Lasted Just 25 Minutes Microsoft Exchange Servers Hacked to Deploy Hive Ransomware Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System AWS’s Log4j Patches Blew Holes in Its Own Security Microsoft Defender Flags Google Chrome Updates as Suspicious

• 4/19/2022

  Rethinking Cyber-Defense Strategies in the Public-Cloud Age LinkedIn Becomes the Most Impersonated Brand for Phishing Attacks Real-Time Voice Concealment Algorithm Blocks Microphone Spying Secret Service Seizes More Than $102 Million in Crypto Assets The Fake Federal Agents Case Baffling US Intelligence Experts Microsoft Disables SMB1 by Default for Windows 11 Home Insiders

  Funky Pigeon Suspends Orders Following Cyber-Attack GitHub Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens Emotet Botnet Switches to 64-Bit Modules, Increases Activity New Stealthy BotenaGo Malware Variant Targets DVR Devices New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops QNAP Urges Customers to Disable UPnP Port Forwarding on Routers CISA Warns of Attackers Now Exploiting Windows Print Spooler Bug

• 4/18/2022

  No 10 Network Targeted With NSO’s Pegasus Spyware, Says Group …Spyware Use on Separatists in Spain “Extensive” …Newly Found Zero-Click iPhone Exploit Used in Multiple Newly Disclosed NSO Spyware Attacks U.S. Officials Ramp up Warnings About Russian Cyberattacks NATO Simulated Cyber Game Tests Defenses Amid War in Ukraine Krebs: Conti’s Ransomware Toll on the Healthcare Industry Free Decryptor Released for Yanluowang Ransomware Victims Ransomware Is Getting “User Friendly” To Victims Security-as-Code Gains More Support, but Still Nascent

  Beanstalk Cryptocurrency Project Robbed After Hacker Votes to Send Themself $182 Million MetaMask Advises Users to Disable Automatic iCloud Backups of Its Wallet Data U.S. Warns of Lazarus Hackers Using Malicious Cryptocurrency Apps Wyandotte County (KS) Government Hit by Cyber Attack Newman Regional Health (KS) Notifies Patients of Breach That Exposed Personal Info A Single Email Account Hack Spurs Breach Notice for 503K Christie Clinic (IL) Patients Deaconess Health (IN) & Blue Earth County (MN) Notify Patients About Insider Data Breaches Unofficial Windows 11 Upgrade Installs Info-Stealing Malware

• 4/15-17/2022

  GitHub Suspends Accounts of Russian Devs at Sanctioned Companies Karakurt Ensnares Conti, Diavol Ransomware Groups in Its Web Feds Offer $5M Reward for Info on North Korean Cyber Crooks Lazarus Targets Chemical Sector With ‘Dream Jobs,’ Then Trojans New Industrial Spy Stolen Data Market Promoted Through Cracks, Adware Cryptocurrency DeFi Platforms Are Now More Targeted Than Ever ‘Mute’ Button in Conferencing Apps May Not Actually Mute Your Mic Remote Working Has Changed the Rules of the Workplace, so Watch Out Boards, Security Chiefs Face Challenges Over New Cyber Rules Surprising Cybersecurity Weak Points Business Owners Should Look Out For Microsoft: Office 2013 Will Reach End of Support in April 2023

  GitHub: Attacker Breached Dozens of Orgs Using Stolen OAuth Tokens Royal Spanish Football Federation (RFEF) Reports Cyber Attack After Email Accounts, Private Texts Stolen Contra Costa County (CA) Reports Data Breach That May Have Exposed Personal Information Maui County (HI) Contains Attempted Cyber Attack on Network Ozarks Technical Community College (MO) Announces It Was a Victim of Cyber Fraud Second Round of Patients Receives Ransomware Breach Notices Nearly One Year After Scripps Health (CA) Attack Wind Turbine Firm Nordex Hit by Conti Ransomware Attack T-Mobile Customers Warned of Unblockable Sms Phishing Attacks Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free Cisco Vulnerability Lets Hackers Craft Their Own Login Credentials JekyllBot:5 Flaws Let Attackers Take Control of Aethon TUG Hospital Robots CISA Orders Agencies to Fix Actively Exploited VMware, Chrome Bugs

• 4/14/2022

  Hackers Target Ukrainian Govt With IcedID Malware, Zimbra Exploits OldGremlin Ransomware Gang Targets Russia With New Malware Midterms Raise Fears of Russian Cyberattacks U.S. Blames North Korean Hacker Group Lazarus for $625 Million Axie Infinity Theft Clueless Hackers Spent Months Inside a Network and Nobody Noticed. Then a Ransomware Gang Turned Up Ransomware: These Two Gangs Are Behind Half of All Attacks Data Scientists, Watch Out: Attackers Have Your Number WhatsApp Doubles Down With End-to-End Encrypted ‘Communities’ FBI: Payment App Users Targeted in Social Engineering Attacks Instagram Beyond Pics: Sexual Harassers, Crypto Crooks, ID Thieves 5 Things to Know About Elon Musk’s Twitter Bid …Elon Musk Explains What He Wants to Change About Twitter Microsoft Increases Awards for High-Impact Microsoft 365 Bugs

  MetroHealth (OH) Data Breach Involved 1700 Patients Hetzner Lost Customer Data and Gave 20€ as Compensation Oil India Suffers Cyber Attack, Receives Rs 57 Crore Ransom Demand New ZingoStealer Infostealer Drops More Malware, Cryptominers African Banks Heavily Targeted in RemcosRAT Malware Campaigns Windows 11 Tool to Add Google Play Secretly Installed Malware Cisco’s Webex App Phoned Home Audio Telemetry Even When Muted Rarible NFT Marketplace Flaw Could’ve Let Attackers Hijack Crypto Wallets Google Chrome Emergency Update Fixes Zero-Day Used in Attacks Critical Windows RPC CVE-2022-26809 Flaw Raises Concerns — Patch Now CISA Warns Orgs to Patch Actively Exploited Windows LPE Bug

• 4/13/2022

  Russia Is Leaking Data Like a Sieve Huawei Reportedly Furloughs Russian Staff and Stops Taking Orders Feds Uncover ‘Pipedream’, a ‘Swiss Army Knife’ for Hacking Industrial Systems Microsoft Disrupts Zloader Malware in Global Operation Why Every Cybersecurity Leader Should ‘Assume Breach’ Tim Cook Delivers Speech Railing Against “Data Industrial Complex,” Sideloading Taiwan, China Square Off Over Chip Tech Espionage Laws Neurodiverse Candidates Find Niche in Remote Cybersecurity Jobs

  Lakeview Loan Servicing Hit by Data Breach, Exposing Clients’ Personal Information New EnemyBot DDoS Botnet Recruits Routers and IoTs Into Its Army New Fodcha DDoS Botnet Targets Over 100 Victims Every Day Hackers Exploit Critical VMware CVE-2022-22954 Bug, Patch Now Critical Flaw in Elementor WordPress Plugin May Affect 500K Sites Apache Says Struts 2 Security Bug Wasn’t Fully Fixed in 2020 Krebs: Microsoft Patch Tuesday, April 2022 Edition

• 4/12/2022

  Russia’s Sandworm Hackers Attempted a Third Blackout in Ukraine …‘Lucky’ to Avert Hack Biden Announces Ban on Unlicensed Ghost Gun Kits DuckDuckGo’s Privacy-Centric Browser Arrives on Mac Consumers Increasingly Numb to Data Breach Risks Krebs: RaidForums Gets Raided, Alleged Admin Arrested A Series of Patent Lawsuits Is Challenging to Uproot the History of Malware Detection Google Sues Scammer for Running ‘Puppy Fraud Scheme’ Website Ethereum Dev Imprisoned for Helping North Korea Evade Sanctions Florida Man Ethical Hacker Steals $600,000 Worth of Crypto

  LockBit Ransomware Gang Lurked in a U.S. Gov Network for Months Shiseido UK Branch Reportedly Suffers Data Breach Microsoft: New Hafnium Group Malware Uses Windows Bug to Hide Scheduled Tasks Critical LFI Vulnerability Reported in Hashnode Blogging Platform Critical HP Teradici PCoIP Flaws Impact 15 Million Endpoints NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation AWS Fixes Local File Vuln on Internal Credential Access for Relational Database Service Microsoft April 2022 Patch Tuesday Fixes 119 Flaws, 2 Zero-Days …Microsoft Zero-Days, Wormable Bugs Spark Concern

• 4/11/2022

  EU Officials Targeted with Pegasus Spyware CISA Warns Orgs of WatchGuard Bug Exploited by Russian State Hackers Rise in NPM Protestware: Another Open Source Dev Calls Russia Out The Tricky Aftermath of Source Code Leaks Krebs: Double-Your-Crypto Scams Share Crypto Scam Host Explaining Crypto’s Billion-Dollar Bridge Problem New U.K. Privacy Regulator Plans Quick Action Against Privacy Violators Thoma Bravo Buys SailPoint For $6.9 Billion Creating a Security Culture Where People Can Admit Mistakes

  Panasonic Says Canadian Operations Hit by ‘Targeted’ Cyberattack BlackCat Ransomware Group Claims Attack on Florida International University SuperCare Health (CA) Data Breach Involves More Than 300,000 Individuals East Tennessee Children’s Hospital IT Incident Leads to Patient Data Exposure Luxury Fashion House Zegna Confirms August 2021 Ransomware Attack Android Banking Malware Intercepts Calls to Customer Support Qbot Malware Switches to New Windows Installer Infection Vector XSS Vulnerability Patched in Directus Data Engine Platform

• 4/8-10/2022

  Microsoft Seized Russian APT28 Domains Targeting Ukrainian Media Organizations …Microsoft: Nearly All Russian State Actors Now Targeting Ukraine Krebs: Actions Target Russian Govt. Botnet, Hydra Dark Market U.S. Eases Sanctions That May Lead To Russia’s Internet Isolation Hackers Use Conti’s Leaked Ransomware to Attack Russian Companies Ransomware Damage: Are You Forgetting About Your Reputation? Security Nihilism Is Putting Your Company — and Its Employees — at Risk The U.S. Is Trying to Fix Medical Devices’ Big Cybersecurity Problem WatchGuard Didn’t Explicitly Disclose a Flaw Exploited by Hackers New Meta Information Stealer Distributed in Malspam Campaign YouTube Fraudsters Steal $1.7m in Crypto ‘Giveaway’ Ukrainian FIN7 Hacker Gets 5-Year Sentence in the United States

  Finland Government Sites Forced Offline by DDoS Attacks Northern Ireland TrustFord Sites Hit by Ransomware Gang Snap-on Tools Discloses Data Breach Claimed by Conti Ransomware Gang Wellstar (GA) Releases Statement to Patients After Data Breach Central Vermont Eye Care Files Notice of Recent Data Breach BLK + BRWN Bookstore (MO) Recovering After Cyber Attack New Octo Banking Trojan Spreading via Fake Apps on Google Play Store Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware Adobe Creative Cloud Experience Makes It Easier to Run Malware Raspberry Pi Removes Default User to Hinder Brute-Force Attacks GitHub Can Now Alert of Supply-Chain Bugs in New Dependencies

• 4/7/2022

  Hacking Group Posted Fake Ukrainian Surrender Messages, Says Meta Meta Is Reportedly Making ‘Zuck Bucks’ The Original APT: Advanced Persistent Teenagers (Krebs) Hamas-linked Hackers Targeting High-Ranking Israelis Using ‘Catfish’ Lures Chinese Hackers Reportedly Target India’s Power Grid Broader Investment in Cybersecurity Beginning to Pay Dividends Google Boosts Android Security With New Set of Dev Policy Changes ‘Axie Infinity’ Publisher Raises Funds to Reimburse Users After $625 Million Hack

  Website of Russian Oil Giant Gazprom Neft Down After Alleged Hack Employee Info Among 13 Million Records Leaked by Fox First Malware Targeting AWS Lambda Serverless Platform Discovered Malicious Web Redirect Service Infects 16,500 Sites to Push Malware Android Apps With 45 Million Installs Used Data Harvesting SDK SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts Palo Alto Networks Firewalls, VPNs Vulnerable to OpenSSL Bug

• 4/6/2022

  FBI Says It Disrupted ‘Cyclops Blink’ Botnet From Russian Hackers U.S. Sanctions Crypto-Exchange Garantex for Aiding Hydra Market Ukraine Warns of Cyber attack Aiming to Hack Users’ Telegram Messenger Accounts Demand for Cyber Threat Intel Growing, White House Official Says Hackers Stole More Than $600 Million in Crypto: Laundering It Is the Tricky Part Conti Gang Is Still in Business, Despite Its Own Massive Data Leak Australia Warns of Money Recovery Phishing Luring Past Victims Europe Is Building a Huge International Facial Recognition System

  Google Bans Apps With Hidden Data-Harvesting Software Hackers Distributing Fake Shopping Apps to Steal Banking Data of Malaysian Users Thousands Of Indians Exposed In Data Breach Affecting Money Lending App CashMama New FFDroider Malware Steals Facebook, Instagram, Twitter Accounts Electric Vehicle Chargers in Isle of Wight Hacked to Show Porn Vevo to ‘Review’ Security After YouTube Feeds for Lil Nas X, Justin Bieber, and Others Hacked VMware Warns of Critical Vulnerabilities in Multiple Products Researchers Identify ‘Master Problem’ Underlying All Cryptography

• 4/5/2022

  Zelenskyy at the UN Accuses Russian Military of War Crimes U.S. Sanctions Russia-Based Darknet Market …Germany Shuts Down Servers for Russian Darknet Marketplace Hydra Russian Cyberattacks Increase on Ukraine’s Critical Infrastructure: Report Ukraine Spots Russian-Linked ‘Armageddon’ Phishing Attacks Cyber Experts Warn Against Government Overreach in Defending Against Russian Threats How Hackers Target Bridges Between Blockchains for Crypto Heists Microsoft Adds On-Premises Exchange, Sharepoint to Bug Bounty Program Microsoft Announces New Windows 11 Security, Encryption Features

  Block Confirms Cash App Breach After Former Employee Accessed U.S. Customer Data Retailer The Works Closes Stores After Cyber-Attack Scripps Health (CA) Says Patient Information Exposed in 2021 Hack NSP Hacked New Pegasus Victims Weeks After Apple Sought Injunction Justin Bieber, Drake, Eminem Among Artists Hacked on YouTube Researchers Trace Widespread Espionage Attacks Back to Chinese ‘Cicada’ Hackers WhatsApp Voice Message Phishing Emails Push Info-Stealing Malware Spring4Shell Attacks Target About One in Six Vulnerable Orgs Microsoft Detects Spring4Shell Attacks Across Its Cloud Services

• 4/4/2022

  State Department Formally Launches New Cyber Bureau Harris County Jail (TX) Releases 300 Suspects Due to Computer “Glitch” FIN7 Hackers Evolve Toolset, Work With Multiple Ransomware Gangs Cadbury Warns of Easter Egg Scam Beware of These 5 Tax Scams SEC Chair Gensler Says Agency Is Planning Greater Oversight of Crypto Markets to Protect Investors

  Emma Sleep Company Admits Checkout Cyber Attack Hackers Breached MailChimp to Phish Cryptocurrency Wallets Iberdrola Cyber Attack Compromises Data of 1.3 Million in Spain Denver Center for the Performing Arts Internal Network, Phone System Impacted by Massive Computer Issue VMware Patches Spring4Shell RCE Flaw in Multiple Products GitHub Can Now Block Commits Containing API Keys, Auth Tokens

• 3/31-4/3/2022

  Data Leak From Russian Delivery App Yandex Shows Dining Habits of the Secret Police Russia Using Disinformation to Back Ukraine Invasion, Canadian Agency Says Viasat Confirms Satellite Modems Were Wiped With AcidRain Malware Ukraine Intelligence Accuses China of Hacking Days Before Invasion Chinese Hacking Group ‘Deep Panda’ Uses New ‘Fire Chili’ Windows Rootkit Eric Schmidt Sounds China Alarm on Tech DPRK Hackers Go After Crypto Assets Using Trojanized DeFi Wallet App LockBit Victim Estimates Cost of Ransomware Attack to Be $42 Million FBI: Ransomware Attacks Are Piling up the Pressure on Public Services Beastmode Botnet Boosts DDoS Power With New Router Exploits Krebs: Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill Researchers Used a Decommissioned Satellite to Broadcast Hacker TV Blockchains Have a ‘Bridge’ Problem, and Hackers Know It EU Draft Law Adds Security Checks to All Crypto Transactions Writing Google Reviews About Patients Is Actually a HIPAA Violation NSA Employee Accused of Sharing National Defense Secrets 2 More Teens Charged in UK Lapsus$ Investigation Hackers’ Path Eased as 600,000 U.S. Cybersecurity Jobs Sit Empty

  Palo Alto Networks Error Exposed Customer Support Cases, Attachments Ciox Health (NY) Data Breach Exposed Phi of 1,300 Catholic Health Patients Nordex Impacted By Cyber Security Incident American Express Down in Outage: Users Report Login and Payment Issues Belarusian ‘Ghostwriter’ Actor Picks Up BitB for Ukraine-Related Attacks Fake Trezor Data Breach Emails Used to Steal Cryptocurrency Wallets Russian-Linked Turla Android Malware Records Audio, Tracks Your Location New BlackGuard Password-Stealing Malware Sold on Hacker Forums Calendly Actively Abused in Microsoft Credentials Phishing New Borat Remote Access Malware Is No Laughing Matter 15-Year-Old Bug in PEAR PHP Repository Could’ve Enabled Supply Chain Attacks Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code Spring Patches Leaked Spring4Shell Zero-Day RCE Vulnerability Zyxel Patches Critical Bug Affecting Firewall and VPN Devices Trend Micro Fixes Actively Exploited Remote Code Execution Bug GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts Apple Rushes Out Patches for 0-Days in MacOS, iOS Microsoft Now Lets You Enable the Windows App Installer Again, Here’s How

• 3/30/2022

  Russian Hackers Targeted NATO, Eastern European Militaries – Google Viasat Spills on the Russian Attack, Warns of Continued Risks MSHTML Flaw Exploited to Attack Russian Dissidents Lapsus$ And SolarWinds Hackers Both Use the Same Old Trick to Bypass MFA Two-Factor Authentication Is a Great Idea, But Not Nearly Enough People Are Using It U.S. National Emergency From 2015 Extended by Biden Due to Elevated Malicious Cyber Activity House Sends Bipartisan Cyber Crime Bill to Biden New Research Claims Biden’s Disclosure Deadlines Are Unrealistic FBI Disrupts BEC Cybercrime Gangs Targeting Victims Worldwide Ubiquiti Sues Krebs on Security for Defamation

  Lapsus$ Gang Claims New Hack With Data From Apple Health Partner …Globant Confirms Hack After Lapsus$ Leaks 70gb of Stolen Data Bradley Int’l Airport (CT) Website Hit by DDoS Cyber Attack; No Breach Reported 13 Apps Removed After Researchers Uncover Trojan Crypto Wallet Scheme Hive Ransomware Uses New ‘IPfuscation’ Trick to Hide Payload This New Ransomware Targets Data Visualization Tool Jupyter Notebook RCE Bug in Spring Cloud Could Be Next Log4Shell, Researchers Warn: ‘Spring4Shell’ QNAP Warns Severe OpenSSL Bug Affects Most of Its NAS Devices

• 3/29/2022

  Russia Accuses U.S. of Leading Massive Cyber Campaign Personal Data of 620 FSB Officers Published Online Data-Harvesting Code in Yandex Mobile Apps Sends User Data to “Russia’s Google” More Must Reconsider Russian Tech, Anti-virus Software Use, UK Warns FBI Warns Election Officials of Credential Phishing Attacks CISA Warns of Attacks Targeting Internet-Connected UPS Devices Hackers Are Getting Faster at Exploiting Zero Day Flaws: That’s a Problem for Everyone Krebs: Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests” European Police Bust Multimillion-Dollar Investment Fraud Gang Mnuchin’s Private Equity Firm Buys Security Startup Zimperium for $525M

  Shutterfly Discloses Data Breach After Conti Ransomware Attack $620 Million in Crypto Stolen From Axie Infinity’s Ronin Bridge Hive Ransomware Group Claims to Steal California Health Plan Patient Data Oklahoma City Indian Clinic Suffers Cyber Attack New Hacking Campaign by Transparent Tribe Hackers Targeting Indian Officials Mars Stealer Malware Pushed via OpenOffice Ads on Google New Malware Loader ‘Verblecon’ Infects Hacked PCs with Cryptocurrency Miners Wyze Cam Flaw Lets Hackers Remotely Access Your Saved Videos Log4JShell Used to Swarm VMware Servers with Miners, Backdoors

• 3/28/2022

  Ukraine War: Major Internet Provider Ukrtelecom Suffers Cyber-Attack Ukraine Dismantles 5 Disinformation Bot Farms, Seizes 10,000 SIM Cards Hacked WordPress Sites Force Visitors to DDoS Ukrainian Targets China APT Group ‘Mustang Panda’ Using Russia Invasion, COVID-19 in Phishing Attacks New Lapsus$ Hack Documents Make Okta’s Response Look More Bizarre Secret World of Pro-Russia Hacking Group TrickBot Exposed in Leak Security Experts Say New EU Rules Will Damage WhatsApp Encryption Satoshi Island: ‘Crypto Paradise’ Where Citizenship Costs $130,000

  Spokane Regional Health District (WA) Suffers Another Data Breach Maldives STELCO Hit with Ransomware Attack ‘Purple Fox’ Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability SunCrypt Ransomware Is Still Alive and Kicking In 2022 Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread IcedID Malware Critical SonicWall Firewall Patch Not Released for All Devices Sophos Fixes Critical Hijack Flaw in Firewall Offering CISA Warns Orgs to Patch Actively Exploited Chrome, Redis Bugs

• 3/25-27/2022

  Russia Hacked Ukrainian Satellite Communications, Officials Believe The Hard Truth Behind Biden’s Cyber Warnings Another Chinese Hacking Group ‘Scarab’ Spotted Targeting Ukraine Amid Russia Invasion Experts Seek Cyberwarfare Definition Following Recent Cyber Warnings Indictment of Russian National Offers Glimpse Into Methodical Targeting of Energy Firm FCC Adds Kaspersky to Its List of National Security Threats HackerOne Kicks Kaspersky’s Bug Bounty Program off Its Platform Racoon Stealer Malware Suspends Operations Due to War in Ukraine ‘Precursor Malware’ Infection May Be Sign You’re About to Get Ransomware, Says Startup Phishing Kits Constantly Evolve to Evade Security Software Krebs: Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison U.S., EU Reach Preliminary Deal on Data Privacy Okta: “We Made a Mistake” Delaying the Lapsus$ Hack Disclosure CISA Adds 66 Vulnerabilities to List of Bugs Exploited in Attacks

  Personal Data of 820,000 NYC Students Compromised in Hack Major League Baseball Players’ Personal Data Stolen Morgan Stanley Client Accounts Breached in Social Engineering Attacks Cheyenne Regional Payroll (WY) Impacted by Ransomware Attack Among Us DDoS Attack Brings Servers Offline All Weekend URL Rendering Trick Enabled WhatsApp, Signal, iMessage Phishing Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users Hive Ransomware Ports Its Linux VMware ESXI Encryptor to Rust Public Redis Exploit Used by Malware Gang to Grow Botnet Honda Bug Lets a Hacker Unlock and Start Your Car via Replay Attack Critical Sophos Firewall Vulnerability Allows Remote Code Execution Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability Western Digital Fixes Critical Bug Giving Root on My Cloud NAS Devices

• 3/24/2022

  U.S. Charges Russian Gov’t Hackers With Campaign of Global Energy Cyberattacks FBI Adds Russian Cybercrime Market Owner to Most Wanted List Chinese APT ‘Operation Dragon Castling’ Targeting Betting Companies in Southeast Asia Tax-Season Scammers Spoof Fintechs, Including Stash, Public South Africa Wants to Fight SIM Swapping With Biometric Checks Okta Under Fire Over Handling of Security Incident Krebs: A Closer Look at the LAPSUS$ Data Extortion Group …7 Teenagers Arrested in Connection With Lapsus$ Hacking Group for Nvidia, Okta Hacks

  IT Outage at Scotland’s Heriot-Watt University Enters Second Week North Korean APT Hackers Exploit Chrome Zero-Day Weeks Before Patch Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug Malicious Microsoft Excel Add-Ins Used to Deliver Rat Malware Microsoft Help Files Disguise Vidar Malware Microsoft Azure Developers Awash in PII-Stealing npm Packages Western Digital My Cloud OS Update Fixes Critical Vulnerability Pandemic Leaves Firms Scrambling for Cybersecurity Specialists

---

Follow The Cyber Beat

Get news delivered directly to your inbox.