• 1/31/2023

  Russian-Backed Hackers ‘Killnet’ Actively Targeting U.S. Health Care Sector, HHS Warns …The List So Far New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector U.S., Middle Eastern Allies Include Cyber Collaboration in Abraham Accords Microsoft: Over 100 Threat Actors Deploy Ransomware in Attacks Microsoft Disables Verified Partner Accounts Used for OAuth Phishing Microsoft Upgrades Defender to Lock Down Linux Gear for Its Own Good You Really Need to Update Firefox and Android Right Now OpenAI Releases Tool to Detect AI-Written Text

  Google Fi Customers Caught Up in Recent T-Mobile Data Breach Nantucket Schools Close After Ransomware Attack Tucson Unified School District Hit by Cyber Attack DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000 PoS Malware Can Block Contactless Payments to Steal Credit Cards New Sh1mmer ChromeBook Exploit Unenrolls Managed Devices Exploit Released for Critical VMware vRealize RCE Vulnerability Over 29,000 QNAP Devices Unpatched Against New Critical Flaw Firmware Flaws Could Spell ‘Lights Out’ for Servers

• 1/30/2023

  TikTok Chief to Appear Before Congressional Panel The Untold Story of a Crippling Ransomware Attack Why Cybersecurity Regulations And Oversight Are As Important As Safety Standards In The Modern Workplace CISA’s Got a Plan to Strengthen Corporate Cybersecurity The Wages of Sin Aren’t That Great if You’re a Developer Choosing the Dark Side OpenAI Is Hiring Developers to Make ChatGPT Better at Coding GitHub Revokes Code Signing Certificates Stolen in Repo Hack Wealthy Russian Undertook $90 Mln Hack-And-Trade Scheme, U.S. Says at Trial New Yorker Gets Four Years for $9m COVID Fraud Scheme

  U.S. No Fly List Shared on a Hacking Forum, Government Investigating JD Sports Says 10 Million Customers Hit by Cyber-Attack Private Explosives Manufacturer Hired By India’s Defence Ministry Hit By Suspected Ransomware Attack Porsche Halts NFT Launch, So Phishing Sites Fill the Void KeePass Disputes Vulnerability Allowing Stealthy Password Theft Hackers Use TrickGate Software to Deploy Emotet, REvil, Other Malware Titan Stealer: A New Golang-Based Information Stealer Malware Emerges QNAP Fixes Critical Bug Letting Hackers Inject Malicious Code

• 1/27-29/2023

  Ukraine Hit with New Golang-based ‘SwiftSlicer’ Wiper Malware in Latest Cyber Attack …Sandworm Hackers Hit News Agency With 5 Data Wipers Ukraine Enters Uncharted Territory With Request to Investigate Russian Cyberattacks as War Crimes A Link to This Site Can (Technically) Land You in Russian Prison Infrastructure Companies Say Suppliers Pose a Growing Cyber Threat New ‘Pig Butchering’ Scam in West Africa Impersonates U.S. Financial Advisors Workers Want More AI to Get Rid of Their Office Busywork, Says Microsoft Survey Black Swans Events Are Shaping the Cybersecurity Present and Future Researchers to Release VMware vRealize Log RCE Exploit, Patch now ISC Releases Security Patches for New BIND DNS Software Vulnerabilities

  Canada’s Green Party Posted Sensitive Information About Voters and Members Online Charter Communications Says Vendor Breach Exposed Some Customer Data mscripts Data Breach Affects 66,372 Individuals Zendesk Experiences Potential Data Breach Stratford University (VA) Data Breach Affects Over 78k Student and Employee SSNs Shady Reward Apps on Google Play Amass 20 Million Downloads Black Basta Deploys PlugX Malware in USB Devices With New Technique Gootkit Malware Continues to Evolve with New Components and Obfuscations PlugX Malware Hides on USB Devices to Infect New Windows Hosts Multiple Vulnerabilities Found In Healthcare Software OpenEMR

• 1/26/2023

  U.S. Hacks Back Against Hive Ransomware Crew …U.S. Offers $10M Bounty for Hive Ransomware Links to Foreign Governments Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation Iranian Group Cobalt Sapling Targets Saudi Arabia With New Persona Most Criminal Cryptocurrency Funnels Through Just 5 Exchanges The Best Personal Safety Devices, Apps, and Alarms UK’s Lloyds Bank Warns of 80% Surge in Advance Fee Scams Tech Layoffs Aren’t Hitting This Digital Job Market Where Over 700,000 Workers Are Needed A Child’s Garden of Cybersecurity

  Lutheran Social Services of Illinois Announces Data Breach Affecting 184k Individuals University of Colorado Hospital Authority Announces Third-Party Data Breach At Diligent Corporation Guildford School Victim of Cyber-Attack as Phone Lines and Mail Systems ‘Stop Working’ Yandex Denies Hack, Blames Source Code Leak on Former Employee Bitwarden Password Vaults Targeted in Google Ads Phishing Attack New Mimic Ransomware Abuses ‘Everything’ Windows Search Tool Lexmark Warns of RCE Bug Affecting 100 Printer Models, PoC Released Microsoft Urges Admins to Patch On-Premises Exchange Servers

• 1/25/2023

  CISA: Federal Agencies Hacked Using Legitimate Remote Desktop Tools Russian ‘Hacktivists’ Briefly Knock German Websites Offline Iranian and Russian Hackers Targeting Politicians and Journalists, Warn UK Officials U.S. Intelligence Wants to Use Psychology to Avert Cyberattacks Lessons Learned From the Windows Remote Desktop Honeypot Report Hackers Auction Alleged Source Code for League of Legends Krebs: Experian Glitch Exposing Credit Files Lasted 47 Days Krebs: Administrator of RSOCKS Proxy Botnet Pleads Guilty Better Management And Training Are Key To Solving The Cybersecurity Skills Gap

  Zacks Investment Research Data Breach Affects 820,000 Clients A Network of Knockoff Apparel Stores Exposed 330,000 Customer Credit Cards Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages Livingston Memorial VNA (CA) Data Breach Following Apparent Ransomware Attack Bank of Eastern Oregon Files Official Notice of Data Breach Jefferson County Health Department (IA) Files Notice of Data Breach Affecting 115,940 New Stealthy Python RAT Malware Targets Windows in Attacks Malware Exploited Critical Realtek SDK Bug in Millions of Attacks Exploit Released for Critical Windows CryptoAPI Spoofing Bug

• 1/24/2023

  North Korea-Linked Hackers Behind $100 Million Crypto Heist, FBI Says LastPass Owner GoTo Shares More Bad News About November’s Security Breach If You Want to Use a Security Key With Your Apple Account, You’ll Need Two Keys Microsoft Shares Workaround for Unresponsive Windows Start Menu The Threat Of “Default” Tech Assessing the Likelihood of a ‘Catastrophic’ Cyberattack DOJ, States Sue Google Over Digital Ad Dominance Noem Says Cellphone Was Hacked, Blames Jan. 6 Panel‘ Security and the Electric Vehicle Charging Infrastructure

  Planet Ice: Customer Details Stolen in Data Breach Riot Games Receives Ransom Demand From Hackers, Refuses to Pay Alexander City (AL) Falls Victim to Cyber Attack DragonSpark Hackers Evade Detection With SparkRAT and Golang Emotet Malware Makes a Comeback with New Evasion Techniques Ransomware Access Brokers Use Google Ads to Breach Your Network 75K WordPress Sites Impacted by Critical Online Course Plugin Flaws VMware Fixes Critical Security Bugs in vRealize Log Analysis Tool Security Navigator Research: Some Vulnerabilities Date Back to the Last Millennium

• 1/23/2023

  T-Mobile Breach Highlights Common Corporate Security Weakness Most Federal Agencies Ignored GAO’s Cybersecurity Recommendations U.S. Authorities Release Asylum Seekers After Leaking Their Data Online Russia’s Largest ISP Says 2022 Broke All DDoS Attack Records Hackers Deploy Open-Source Tool Sliver C2, Replacing Cobalt Strike, Metasploit Fewer Ransomware Victims Are Paying Up. But There’s a Catch Messenger’s Encrypted Chats Get Themes, Emoji Reactions, and More Microsoft Investing Billions in ChatGPT Maker ChatGPT Is ‘Not Particularly Innovative,’ and ‘Nothing Revolutionary’, Says Meta’s Chief AI Scientist

  A Major Flaw in App Operated by India’s Education Ministry Exposed the Data of Millions of Students GTA Online Bug Exploited to Ban, Corrupt Players’ Accounts Ticketmaster Says Cyberattack Disrupted Taylor Swift Ticket Sales Satellite Healthcare Files Official Notice of Data Breach Google Ads Invites Being Abused to Push Spam, Adult Sites CISA Warns of Critical ManageEngine RCE Bug Exploited in Attacks Apple Fixes Actively Exploited iOS Zero-Day on Older iPhones, iPads Apple iOS 16.3 Arrives With Support for Hardware Security Keys Microsoft Plans to Kill Malware Delivery via Excel XLL Add-Ins

• 1/20-22/2023

  Russia Expected to Increase Cyberattacks in Ukraine War — To Little Effect Gamaredon Group Launches Cyberattacks Against Ukraine Using Telegram U.S. Airline Accidentally Exposes ‘No Fly List’ on Unsecured Server How to Encrypt any File, Folder, or Drive on Your System Like It or Not, Email Is Still Our Greatest Tool – And the Source of Some of Our Biggest Threats What Diabetes Is Revealing About the Benefits and Risks of Personal Medicine Connected to the Internet Krebs: New T-Mobile Breach Affects 37 Million Accounts …T-Mobile’s $150 Million Security Plan Isn’t Cutting It Massive Ad-Fraud Op Dismantled After Hitting Millions of iOS Devices WhatsApp Hit with €5.5m fine for GDPR Violations Cybersecurity Was Supposed to Be a Resilient Area of Tech, but These ETFs Are Struggling

  Los Angeles Unified School District Says Vice Society Ransomware Gang Stole Contractors’ SSNs Maple Ridge-Pitt Meadows School District (BC) Investigating Data Breach Affecting up to 19,000 People FanDuel Discloses Data Breach Caused by Recent MailChimp Hack Riot Games Hacked, Delays Game Patches After Security Breach Phishers Use Blank Images to Disguise Malicious Attachments Hackers Now Use Microsoft OneNote Attachments to Spread Malware New Boldmove Linux Malware Used to Backdoor Fortinet Devices Critical ManageEngine RCE Bug Now Exploited to Open Reverse Shells Exploits Released for Two Samsung Galaxy App Store Vulnerabilities Over 19,000 End-Of-Life Cisco Routers Exposed to RCE Attacks

• 1/19/2023

  Davos 2023: Global Bank Chiefs Get FBI Cybersecurity Update Ransomware Profits Drop 40% In 2022 as Victims Refuse to Pay A Sneaky Ad Scam Tore Through 11 Million Phones New ‘Blank Image’ Attack Hides Phishing Scripts in SVG Files FTX: Over $400m Stolen from Bankrupt Exchange Instagram Just Got an Update That Gives You More Control Over What You See in Your Feed Over a Third of Recent ICS Bugs Still Have No Vendor Patch For the First Time in a Long Time, Cfos Can Say No to Some Tech Spending How to Convert Your Home’s Old TV Cable Into Powerful Ethernet Lines

  T-Mobile Says Hackers Stole Data on About 37 Million Customers PayPal Says Crooks Accessed 35,000 Customers’ Info in Credential Stuffing Attack Ransomware Gang Steals Data From KFC, Taco Bell, and Pizza Hut Brand Owner New ‘Hook’ Android Malware Lets Hackers Remotely Control Your Phone Roaming Mantis’ Hacking Campaign Adds DNS Changer to Mobile App New Microsoft Azure Vulnerability Uncovered — EmojiDeploy for RCE Attacks Exploit Released for Critical ManageEngine RCE Bug, Patch Now

• 1/18/2023

  Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems Krebs: Thinking of Hiring or Running a Booter Service? Think Again. Bitzlato Crypto Exchange Seized for Ransomware, Drugs Money Laundering New York Man Defrauded Thousands Using Credit Cards Sold on Dark Web Initial Access Broker Market Booms, Posing Growing Threat to Enterprises Spy Cams Reveal the Grim Reality of Slaughterhouse Gas Chambers Palantir CEO Tells Tech Workers Who Don’t Like the Company’s Military Deals, ‘Don’t Work Here’ Private-Equity Firms Tighten Focus on Cyber Defenses at Portfolio Companies European Privacy Regulators Step Up Scrutiny of Business Data Practices Over Four Billion People Affected By Internet Censorship in 2022

  Ukraine Links Data-Wiping Attack on News Agency to Russian Hackers ODIN Intelligence Website Hacked MailChimp Discloses New Breach After Employees Got Hacked Pierce County (WA) Accidentally Shared Sensitive Voter Information for Hundreds of Thousands Maritime Giant Dnv Says 1,000 Ships Affected by Ransomware Attack Illegal Solaris Darknet Market Hijacked by Competitor Kraken Bank of America Starts Restoring Missing Zelle Transactions Hackers Push Malware via Google Search Ads for VLC, 7-Zip, CCleaner Critical Security Vulnerabilities Discovered in Netcomm and TP-Link Routers What Is ChatGPT? AI Technology Sends Schools Scrambling to Preserve Learning ChatGPT Creates Polymorphic Malware

• 1/17/2023

  Hackers Use Fear of Mobilization to Target Russians With Phishing Attacks Earth Bogle Group Targets Middle East With NjRAT, Geopolitical Lures Crypto Exchanges Freeze Accounts Tied to North Korea’s Notorious Lazarus Group Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware What to Know About the Cars of the Future Being Built by Tech, Auto Companies The Scammers Who Scam Scammers on Cybercrime Forums

  Nissan North America Data Breach Caused by Vendor-Exposed Database Hacktivists Leak Data Apparently From Digital Forensics Vendors Cellebrite and MSAB Over 4,000 Sophos Firewall Devices Vulnerable to RCE Attacks Git Patches Two Critical Remote Code Execution Security Flaws Microsoft Azure Services Flaws Could’ve Exposed Cloud Resources to Unauthorized Access Let’s Normalize ‘Radical Transparency’ Around Data Breaches

• 1/16/2023

  U.S. to Launch Third Iteration of ‘Hack the Pentagon’ Bug Bounty Program CISA Warns for Flaws Affecting Industrial Control Systems from Major Manufacturers New Backdoor Created Using Leaked CIA’s Hive Malware Discovered in the Wild China Aims to Grow Local InfoSec Industry by 30% a Year, to $22 Billion by 2025 North Korean ‘Lazarus’ Group Tied to $100M Harmony Hack Moves 41,000 Ether Over Weekend Avast Releases Free BianLian Ransomware Decryptor All the Data Apple Collects About You—and How to Limit It Europe Beefs-up Cybersecurity Law, Trumping the UK

  Vice Society Ransomware Leaks University of Duisburg-Essen’s Data Saga UK Suffers ‘Unusual Breach’ Where Customers Have Credit Card Data Leaked Datadog Rotates RPM Signing Key Exposed in CircleCI Hack Raccoon and Vidar Stealers Spreading via Massive Network of Fake Cracked Software Malicious ‘Lolip0p’ PyPi Packages Install Info-Stealing Malware Researchers to Release PoC Exploit for Critical Zoho RCE Bug, Patch Now MSI Accidentally Breaks Secure Boot for Hundreds of Motherboards

• 1/13-15/2023

  Pro-Russian Hacktivist Group Targets Czech Presidential Election Russian Hackers Try to Bypass ChatGPT’s Restrictions For Malicious Purposes NSA Director Asks Congress to Let It Get On With That Warrantless Data Harvesting Without Lapse Russians Say They Can Grab Software From Intel Again How to Use Your Phone to Find Hidden Cameras The Biggest Risks of Using Bluetooth Trackers Like Apple AirTag, Tile The Big Risk in the Most-Popular, and Aging, Big Tech Default Email Programs In the Fight Against Scams, ‘Cyber Ambassadors’ Enter the Chat Brave Browser’s New Snowflake Feature Help Bypass Tor Blocks Economic Uncertainty Weighs on Cyber Chiefs TikTok Slapped With $5.4 Million Fine Over Cookie Opt-Out Feature

  NortonLifeLock Warns That Hackers Breached Password Manager Accounts Liquor Control Board of Ontario Site Hacked to Steal Credit Cards Dozens of Clerk of Court Offices in Louisiana Offline Following Cyber Attack Malware Attack on CircleCI Engineer’s Laptop Leads to Recent Security Incident Tainted VPNs Being Used to Spread EyeSpy Surveillanceware Hacker Group Discloses Ability to Encrypt an RTU Device Using Ransomware, Industry Reacts PoC Exploits Released for Critical Bugs in Popular WordPress Plugins Hackers Exploit Control Web Panel Flaw to Open Reverse Shells Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability Ransomware Has Now Become a Problem for Everyone, and Not Just Tech

• 1/12/2023

  Airlines Work to Move Past Delays After FAA Outage Blamed on Corrupted File Biden: Republicans and Democrats, Unite Against Big Tech Abuses Google Warns Supreme Court Against ‘Gutting’ Controversial Tech Provision VALL-E AI Can Mimic a Person’s Voice From a Three-Second Snippet Fortinet: Gov’t Networks Targeted With Now-Patched SSL-VPN Zero-Day MetaMask Warns of New ‘Address Poisoning’ Cryptocurrency Scam Meta Sues Voyager Labs, Saying It Created Fake Accounts to Scrape User Data European Police Takes Down Call Centers Behind Cryptocurrency Scams The SEC’s Subpoena Fight With Covington — A ‘Perilous New Course’? Are You Ready For Cybersecurity Mesh?

  Vice Society Ransomware Claims Attack on Australian Firefighting Service Royal Mail Cyberattack Linked to LockBit Ransomware Operation Online Vehicle Registration Affected by Cyber-Attack in Arkansas TruConnect (CA) Data Breach Leaked 54,200 Consumer Social Security Numbers RAT Malware Campaign Tries to Evade Detection Using Polyglot Files IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours Microsoft: Cuba Ransomware Hacking Exchange Servers via OWASSRF Flaw Fortinet Says Hackers Exploited Critical Vulnerability to Infect VPN Customers Over 100 Siemens PLC Models Found Vulnerable to Firmware Takeover Microsoft: Exchange Server 2013 Reaches End of Support in 90 Days

• 1/11/2023

  Air Travel Across U.S. Thrown Into Chaos After Computer Outage …White House: No Evidence of Cyber Attack …Biden: Cause Not Clear …Canada Out Too UK Royal Mail Unable to Send Letters and Parcels Overseas After ‘Cyber Incident’ Twitter: ‘No Evidence’ 200 Million Leaked Usernames and Emails Came From an Exploit of Systems Hackers Discover That Vulnerabilities Are Rife in the Auto Industry Cloudflare Takes Aim at a Top Security Threat: Your Inbox AI-Generated Phishing Emails Just Got Much More Convincing Is ChatGPT a Cybersecurity Threat? Biden Aides Find Second Batch of Classified Documents at New Location …Complicates Trump Probe Cybersecurity Staff Are Struggling: Here’s How to Support Them Better A Police App Exposed Secret Details About Raids and Suspects

  New APT Dark Pink Hits Asia-Pacific, Europe With Spear Phishing Tactics The Guardian Confirms Criminals Accessed Staff Data in Ransomware Attack Sensitive Files From San Francisco Transit Police Allegedly Leaked Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks Senior Healthcare Consulate Health Care Reports Third-Party Data Breach OneAmerica Financial Partners Files Notice of Recent Data Breach After Phishing Attack New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors Scattered Spider Hackers Use Old Intel Driver to Bypass Security Cisco Warns of Auth Bypass Bug With Public Exploit in EoL Routers Hundreds of SugarCRM Servers Infected With Critical In-The-Wild Exploit Threema Claims Encryption Flaws Never Had a Real-World Impact Krebs: Microsoft Patch Tuesday, January 2023 Edition

• 1/10/2023

  Hackers Hit Websites of Danish Central Bank, Other Banks Boffins: Russian Meddling in 2016 U.S. Presidential Election Was Weak Sauce With Little Influence A Widespread Logic Controller Flaw Raises the Specter of Stuxnet Trojan Puzzle Attack Trains AI Assistants Into Suggesting Malicious Code CISA Orders Agencies to Patch Exchange Bug Abused by Ransomware Gang Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone Lorenz Ransomware Gang Plants Backdoors to Use Months Later Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App Preparing for the Effects of Quantum-Centric Supercomputing

  Cyber Attack on DNV Forces It to Shut Down Its ShipManager Software Zurich Insurance’s Japan Subsidiary Suffers Cyber Attack Riversource (MN) Files Notice of Data Breach Impacting Over 10K Consumers Elevate Services (CA) Confirms Breach Leaked Consumers’ Social Security Numbers Fidelity Building Services Group (MD) Breach Compromises Consumer Social Security Numbers StrongPity Hackers Distribute Trojanized Telegram App to Target Android Users Over 1,300 Fake AnyDesk Sites Push Vidar Info-Stealing Malware First Patch Tuesday of the Year Explodes With In-The-Wild Exploit Fix …Microsoft January 2023 Patch Tuesday Fixes 98 Flaws, 1 Zero-Day

• 1/9/2023

  Kyiv Argues Russian Cyberattacks Could Be War Crimes Krebs: Identity Thieves Bypassed Experian Security to View Credit Reports ChatGPT Used to Develop Multiple New Malicious Tools & Scripts Researchers Hacked California’s Digital License Plates, Gaining Access to GPS Location and User Info Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands The Dark Web’s Criminal Minds See Internet of Things as Next Big Hacking Prize Dark Web Actors Fight For Drug Trafficking and Illegal Pharmacy Supremacy U.S. Supremes Deny Pegasus Spyware Maker’s Immunity Claim

  Russian Hackers Targeted U.S. Nuclear Scientists Fake OnlyFans Dating Sites Abuse UK Environment Agency Open Redirect Des Moines Public Schools Cancels Tuesday Classes After Cybersecurity Attack SAIF Corporation (OR) Notifies of Recent Data Breach Affecting Their Personal Information Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks Auth0 Fixes RCE Flaw in JsonWebToken Library Used by 22,000 Projects GitHub Makes It Easier to Scan Your Code for Vulnerabilities Insurer Beazley Launches First Catastrophe Bond for Cyber Threats

• 1/6-8/2023

  Multiple UK Schools Hit by Cyber Attack and Documents Leaked Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors Phishing Attacks Are Increasing and Getting More Sophisticated: Here’s How to Avoid Them Malicious PyPi Packages Create CloudFlare Tunnels to Bypass Firewalls What Twitter’s 200 Million Email Leak Really Means More Cybersecurity Training and Better Hiring Practices Could Help Narrow the Talent Gap Amazon S3 Will Now Encrypt All New Data With AES-256 by Default FCC Wants Telecom Carriers to Report Data Breaches Faster 2023 U.S. Cybersecurity Predictions

  Iran Says It Foiled Cyberattack on Central Bank Air France and KLM Notify Customers of Account Hacks Chick-Fil-A Investigates Reports of Hacked Customer Accounts Fake Pokemon NFT Game Installer Lets Hackers Hijack Your PC Fitzgibbon Hospital (MO) Announces Data Breach FBI Investigates Cyber Attack Against Lawrence County (OH) Vendor Cott Systems Dridex Malware Now Attacking macOS Systems with Novel Infection Method Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS Why Cybersecurity Should Be Top Of Mind In 2023

• 1/5/2023

  Russian Spies Piggybacked on Other Hackers’ USB Infections CISA Director: U.S. Needs to Be Vigilant, ‘Keep Our Shields up’ Against Russia Northern Ireland Minister Apologises After Twitter Account Hacked CircleCI Warns of Security Breach — Rotate Your Secrets! Hackers Use CAPTCHA Bypass to Make 20K GitHub Accounts in a Month BitDefender Releases Free MegaCortex Ransomware Decryptor WhatsApp Launches a Tool to Fight Internet Censorship How Confidential Computing Can Change Cybersecurity How to Ensure Cybersecurity Investments Remain a Priority Across Your Organization The Impact of Recession on Cybersecurity Programs

  Slack’s Private GitHub Code Repositories Stolen Over Holidays Rackspace: Customer Email Data Accessed in Ransomware Attack Maternal & Family Health Services Says Patient Medical Data Stolen in Ransomware Attack Retreat Behavioral Health (PA) Announces Data Breach San Benito (TX) School District Notifying Victims Of Cyber Attack Two Months Ago SpyNote Strikes Again: Android Spyware Targeting Financial Institutions Bluebottle Cybercrime Group Preys on Financial Sector in French-Speaking African Nations Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain Hackers Leverage Compromised Fortinet Devices to Distribute Ransomware

• 1/4/2023

  With Electrical Grids Under Assault, U.S. And Ukraine Seek Scarce Transmission Gear Cops Hacked Thousands of Phones. Was It Legal? U.S. Regulators Warn Banks About Cryptocurrency Security Risks Cyber Chiefs Face Scrutiny and Challenges in 2023’s Uncertain Economy These Grim Figures Show That the Ransomware Problem Isn’t Going Away Where Should Security Awareness Training Focus? Making Sense of the Muddled Mess of Cybersecurity Terms Virtual Insanity: Protecting the Immersive Online World NHS is Most Scammed UK Government “Brand” General Electric Insider Handed Two Years for IP Theft Ireland Fines Meta $414M for Using Personal Data Without Asking …Meta to Fight Twitter Whistleblower Joins Rapid7, a Cybersecurity Company

  200 Million Twitter Users’ Email Addresses Allegedly Leaked Online Deezer Admits Data Breach That Potentially Exposed Over 220 Million Users’ Info Toyota, Mercedes, BMW API Flaws Exposed Owners’ Personal Info Rhode Island Housing and Mortgage Finance Agency Hit by Data Breach Five Guys Data Breach Puts HR Data Under a Heat Lamp Database of Romanian Hospital Held for Ransom by Hackers Vice Society Claims Leak of Stolen Xavier University Data Rackspace Confirms Play Ransomware Was Behind Recent Cyberattack New SHC-Based Linux Malware Targeting Systems with Cryptocurrency Miner Hackers Abuse Windows Error Reporting Tool to Deploy Malware Zoho Urges Admins to Patch Critical ManageEngine Bug Immediately Qualcomm Chipsets and Lenovo BIOS Get Security Updates to Fix Multiple Flaws

• 1/3/2023

  Poland Warns of Attacks by Russia-Linked Ghostwriter Hacking Group No Major Spike in Reported Ransomware in 2022 Ongoing Flipper Zero Phishing Attacks Target Infosec Community OG Bitcoin Core Developer Luke Dashjr Claims Hack Drained Nearly All His BTC Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe Over 60,000 Exchange Servers Vulnerable to ProxyNotShell Attacks Windows 7 and Windows 8 Will Stop Getting Critical Security Updates in One Week Preventing Data Breaches: The Role Of Threat Intelligence Platforms And Cybersecurity Strategies The Importance of Cyber Resilience in the Communications Sector Europe’s Cybersecurity Dance Card Is Full: More Changes on the Way Black Hat Flashback: The Day That Dan Kaminsky Saved the Internet

  ‘Multiple Security Breaches’ Shut Down Canadian Trucker Protest Rail Giant Wabtec Discloses Data Breach After LockBit Ransomware Attack LockBit Hackers Claim Ransomware Attack on Los Angeles Housing Authority Royal Ransomware Claims Attack on Queensland University of Technology Attacker Claims Volvo Suffered a Data Breach Bristol Community College (MA) Investigates Suspected Ransomware Hack Swansea Public Schools (MA) Canceled on Wednesday After Cyber Attack Employee Info Stolen From Huron-Superior Catholic District School Board (ON) Servers Bay Bridge Administrators (TX) Breach Leaked Thousands of Consumer Social Security Numbers Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware Synology Fixes Maximum Severity Vulnerability in VPN Routers

• 1/2/2023

  Four Cyber Concerns Looming in the New Year New Year’s Resolution: Don’t Get “Whacked” By A State AG for Cybersecurity Compliance Google to Pay $29.5 Million to Settle Lawsuits Over User Location Tracking

  RedZei Chinese Scammers Targeting Chinese Students in the UK Ransomware Impacts Over 200 Gov’t, Edu, Healthcare Orgs in 2022 What Is a Pig Butchering Scam?

• 12/30/2022-1/1/2023

  Poland Warns of Pro-Kremlin Cyberattacks Aimed At Destabilization War and Geopolitical Conflict: The New Battleground for DDoS Attacks Taiwanese Should take TikTok Risk Seriously Meet the Cybercriminals of 2022 Hackers Had a Banner Year in 2022: U.S. Regulators Aim to Slow Them Down in 2023. Cybersecurity Leaders Outline Future Trends Ahead of Infosecurity Europe 2023 CIO 2023 Priorities: Cybersecurity Facing Flat Budgets, Kohler’s Cyber Chief Looks to Do More With What’s On Hand Tech in 2023: Here’s What Is Going to Really Matter What To Expect For Security And Privacy In 2023 7 Cybersecurity Predictions & Trends for 2023 Beyond the Obvious: The Boldest Cybersecurity Predictions for 2023 The Password Isn’t Dead Yet: You Need a Hardware Key Attracting And Retaining Top Cybersecurity Talent Amid Worker Burnout And Shortages Happy 13th Birthday, KrebsOnSecurity! You Cannot Escape Cybersecurity

  Canadian Copper Mountain Mining Corporation Shuts Down Mill After Ransomware Attack LockBit Ransomware Claims Attack on Port of Lisbon in Portugal …LockBit Apologizes, Gives SickKids Hospital Free Decryptor ALPHV Ransomware Gang Cloned Victim’s Website to Leak Stolen Data Toyota’s Indian Unit Warns of a Possible Customer Data Breach Arnold Clark Hit With Cyber Attack as Car Dealership Apologises to Customers Howard Memorial Hospital (AR) Investigating Data Breach Within Computer System Tomball (TX) Experiences Ransomware Attack; Council Authorizes Money for Recovery Systems, Data Monarch of North Carolina Announces Data Breach Cyber Attack Leaves 6 NC Counties Locked Out of Their Online Records New Linux Malware Uses 30 Plugin Exploits to Backdoor WordPress Sites PyTorch Discloses Malicious Dependency Chain Compromise Over Holidays Update Android Right Now to Fix a Scary Remote-Execution Flaw CISA Warns of Active Exploitation of JasperReports Vulnerabilities

• 12/29/2022

  Geopolitical Tensions Expected to Further Impact Cybersecurity in 2023 Cyberwar in Ukraine, Ransomware Fears Drive 2022 Surge in Demand for Threat Intelligence Tools The Worst Hacks of 2022 3 Industries, 3 Security Programs Google Home Speakers Allowed Hackers to Snoop on Conversations Ukraine Shuts Down Fraudulent Call Center Claiming 18,000 Victims

  Crypto Platform 3Commas Admits Hackers Stole API Keys Industrial Bank Files Notice of Data Breach, Leaking Consumers SSNs and Financial Account Info FoundCare (FL) Files Notice of Data Breach Affecting Over 14k Patients Cyber Attack Impacting Real Estate Matters at Florence County (SC) Register of Deeds Office Netgear Warns Users to Patch Recently Fixed WiFi Router Bug

• 12/28/2022

  Russia’s Cyberwar Foreshadowed Deadly Attacks on Civilians U.S. House Boots TikTok From Government Phones The LastPass Disclosure of Leaked Password Vaults Is Being Torn Apart by Security Experts …Yes, It’s Time to Ditch LastPass The Benefits and Risks of Using a Password Manager to Protect Your Online Identity It’s the End of Programming as We Know It — Again Smart Toys Are Definitely Still Hackable (We Just Don’t Talk About It) Cybersecurity Trends, Lessons & Reflections from the End of 2022

  Royal Ransomware Claims Attack on Intrado Telecom Provider Ransomware Attack at Lake Charles Memorial Health (LA) Impacts 270,000 Patients APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector Hackers Abuse Google Ads to Spread Malware in Legit Software Nintendo Patches a Security Vulnerability That Could Give Hackers “Full Console Takeover” Thousands of Citrix Servers Vulnerable to Patched Critical Flaws Why Cyber Pros and Forensic Accountants Should Work Together to Mitigate Security Risk

• 12/27/2022

  Hacktivism Is Back and Messier Than Ever North Korean ‘Lazarus’ ‘BlueNoroff’ APT Hackers Using New Ways to Bypass Windows MotW Protection Internet AppSec Remains Abysmal & Requires Sustained Action in 2023 It’s All in the (Lack Of) Details: 2022’s Badly Handled Breaches U.S. Probe: $372 Million Vanished After FTX Bankruptcy

  Hackers Stole Data From Multiple Electric Utilities in Sargent & Lundy Ransomware Attack BTC.com Lost $3 Million Worth of Cryptocurrency in Cyberattack Louisiana Health System Alerts Patients of Possible Data Breach EarSpy Attack Eavesdrops on Android Phones via Motion Sensors

• 12/26/2022

  TikTok Security Dilemma Revives Biden Admin Push for U.S. Control North Korean Hackers Targeted Nearly 1,000 South Korean Foreign Policy Experts The Most Dangerous People on the Internet in 2022: Who Made the List?

  Hacker Claims to Be Selling Twitter Data of 400 Million Users BitKeep Wallet Suffers Second Hack Since October, $8 Million Stolen via Infected APKs GuLoader Malware Utilizing New Techniques to Evade Security Software

• 12/23-25/2022

  Businesses Hope for Legal Clarity on Trans-Atlantic Data Privacy in 2023 President Biden Signs Quantum Cybersecurity Preparedness Act into Law Users Report Google Calendar Bug Creating Random, Fake Events Everyone Is Using Google Photos Wrong Massive Twitter Data Leak Investigated by EU Privacy Watchdog Meta Agrees to Pay $725 Million to Settle Lawsuit Over Cambridge Analytica Data Leak How Big Tech Fought Antitrust Reform — And Won

  TikTok’s Parent Company Admits Using the Platform’s Data to Track Journalists W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names New ‘RisePro’ Info-Stealer Malware Infects Software Pirates via Fake Cracks Sites Researchers Warn of Kavach 2FA Phishing Attacks Targeting Indian Govt. Officials Hackers Exploit Bug in WordPress Gift Card Plugin With 50K Installs Ghost CMS Vulnerable to Critical Authentication Bypass Flaw

• 12/22/2022

  Hands On With Flipper Zero, the Hacker Tool Blowing Up on TikTok Elon Musk Actively Searching for a New Twitter CEO, Sources Say FCC Calls for Mega $300 Million Fine for Massive U.S. Robocall Campaign UK Government Says That Sharing Some Passwords is Illegal Critical Security Flaw Reported in Passwordstate Enterprise Password Manager LastPass: Hackers Stole Customer Vault Data in Cloud Storage Breach Brave Launches FrodoPIR, a Privacy-Focused Database Query System DuckDuckGo Now Blocks Google Sign-in Pop-Ups on All Sites

  Comcast Xfinity Accounts Hacked in Widespread 2FA Bypass Attacks Queensland University of Technology Shuts IT Systems After Ransomware Attack Chinese Electric Automaker Nio Hit by Ransomware Attack KentuckianaWorks Notifying Over 100 People of Possible Data Breach Suffolk County (NY) Leaders Blame Clerk’s Office for Cyberattack FIN7 Cybercrime Syndicate Emerges as Major Player in Ransomware Landscape Vice Society Ransomware Gang Switches to New Custom Encryptor Google WordPress Plug-in Bug Allows AWS Metadata Theft Corporate Tech Leaders Untangle Their Cybersecurity Roles

• 12/21/2022

  Biden Meets With Zelensky, Pledges Continued U.S. Support for Ukraine Ukraine’s Cyber Units Aim to Retain Staff, Keep Services Stable as War Enters Year Two White House Cyber Czar Chris Inglis to Resign NASA Infosec Again Falls Short of Required U.S. Government Standard Iran’s Internet Blackouts Are Sabotaging Its Own Economy Eufy Publicly Acknowledges Some Parts of Its “No Clouds” Controversy Krebs: The Equifax Breach Settlement Offer is Real, For Now Cybersecurity Firms Cut Staff as Fears About Economy, Funding Mount U.S. Most Impacted by Data Breaches in the Financial Industry in 2022 Corsair Keyboard Bug Makes It Type on Its Own, No Malware Involved

  Guardian: Guardian Hit by Serious It Incident Believed to Be Ransomware Attack …Breaks News of Ransomware Attack on Itself Okta’s Source Code Stolen After GitHub Repositories Hacked Sports Betting Operator BetMGM Hit By Data Breach, Exposing Customer Info Hartnell Community College District (CA) Files Notice of Data Breach Godfather Trojan Targets 400 Financial Services Firms Since July 2021 FBI Warns of Search Engine Ads Pushing Malware, Phishing Zerobot Malware Now Spreads by Exploiting Apache Vulnerabilities Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations Microsoft Fixes Hyper-V VM Problem Caused by Patch Tuesday

• 12/20/2022

  Big Tech Bills Left Out of Sweeping Government Spending Bill Russian APT Hackers Targeted Petroleum Refinery in NATO Country During Ukraine War Raspberry Robin Worm Drops Fake Malware to Confuse Researchers KmsdBot Botnet Suspected of Being Used as DDoS-for-Hire Service VirusTotal Cheat Sheet Makes It Easy to Search for Specific Results Krebs: Hacked Ring Cams Used to Record Swatting Victims Two New York Men Arrested for Conspiring With Russians to Hack JFK Taxi System Microsoft Will Turn off Exchange Online Basic Auth in January Cybersecurity is a Team Sport – Avoid the ‘Us and Them’ Culture The Importance Of Putting Employees At The Center Of A Security Strategy 2023 Cybersecurity Forecasts: Zero Trust, Cloud Security Will Top Spending

  Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users Play Ransomware Gang Uses New Microsoft Exchange Exploit to Breach Servers Cyber Attack Affects Phones, Website at Toronto’s SickKids Hospital Ransomware Hackers Take Demands Directly to Knox College Students: ‘for You, It’s a Sad Day’ Personal Info of 37,000 People Exposed in Whitehall (OH) Ransomware Data Breach P2 Energy Solutions (CO) Data Breach Leaks Social Security Numbers of 69K Consumers Order Express (IL) Reports Data Breach Affecting the Info of Over 63k Consumers Google Ad Fraud Campaign Used Adult Content to Make Millions Hackers Bombard PyPi Platform With Information-Stealing Malware McGraw Hill’s S3 Buckets Exposed 100,000 Students’ Grades and Personal Info Organizations Warned of New Attack Vector in Amazon Web Services

• 12/19/2022

  Ukraine’s DELTA Military System Users Targeted by Info-Stealing Malware The Risk of Escalation From Cyberattacks Has Never Been Greater Ransomware Groups to Increase Zero-Day Exploit-Based Access Methods in the Future Meta Takes Down Over 200 Covert Influence Operations Since 2017 FBI Pressured Twitter, Sent Trove of Docs Hours Before Post Broke Hunter Laptop Story Most in Musk’s Twitter Poll Say He Should Step Down as CEO ‘Fortnite’ Video Game Developer Paying $520M to Resolve FTC Allegations

  DraftKings Warns Data of 67K People Was Exposed in Account Hacks Play Ransomware Claims Attack on German Hotel Chain H-Hotels Louise W. Eggleston Center (VA) Reports Data Breach Following Ransomware Attack Researchers Discover Malicious PyPI Package Posing as SentinelOne SDK to Steal Data Microsoft Finds macOS Bug That Lets Malware Bypass Security Checks Critical Windows Code-Execution Vulnerability Went Undetected Until Now Big Challenges And Opportunities: Where’s Cybersecurity Heading In 2023?

• 12/16-18/2022

  An Alleged Russian Smuggling Ring Was Uncovered in New Hampshire The FBI Is Worried About a Wave of Cyber Crime Against America’s Small Businesses FBI Warns BEC Attacks Now Also Target Food Shipments Anker’s Eufy Deleted These 10 Privacy Promises Instead of Answering Our Questions Soccer Technology Raises Privacy Risks for Players Google Introduces End-To-End Encryption for Gmail on the Web Goodbye SHA-1: NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm Annoying CAPTCHA Is Still Big for Google and E-commerce in Bot Battle, and Likely to Stay That Way Former Twitter Employee Gets 42 Months for Saudi Scheme Woman Gets 66 Months in Prison for Role in $3.3 Million ID Fraud Op T-Mobile Hacker Gets 10 Years for $25 Million Phone Unlock Scheme

  Colombian Energy Supplier EPM Hit by BlackCat Ransomware Attack Restaurant CRM Platform ‘SevenRooms’ Confirms Breach After Data for Sale 254,000 Medicare Beneficiaries Are Getting New ID Cards Due to Data Breach at Subcontractor Data Breach Exposing Patron Information at Rochester Public Library (MN) Glupteba Malware Is Back in Action After Google Disruption Agenda Ransomware Switches to Rust to Attack Critical Infrastructure Microsoft Warns of New Minecraft DDoS Malware Infecting Windows, Linux Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities Live From London: Next-Gen Cybersecurity Takes Stage at Black Hat Europe Security Professionals Advise On How To Improve The Security Operations Center

• 12/15/2022

  GPS Signals Are Being Disrupted in Russian Cities Ukrainian Gov’t Networks Breached via Trojanized Windows 10 Installers Researchers Uncover MirrorFace Cyber Attacks Targeting Japanese Political Entities Senate Passes Bill Banning TikTok From Government Devices Instagram Launches New Tool to Help Hacked Users Regain Account Access Meta’s Tricky Quest to Protect Your Account Wyden Urges FTC Probe Into ‘Sensitive Internet Metadata’ Sold to U.S. Government Technology Executives Signal Spending in 2023 Even as the Sector Goes Through Massive Layoffs GitHub to Require All Users to Enable 2FA by the End of 2023 GitHub Rolls Out Free Secret Scanning for All Public Repositories Top Cybersecurity Predictions 2023 Data Destruction Policies in the Age of Cloud Computing: Adjust to Reality

  FuboTV Hit With Cyberattack During World Cup Semifinal Match Social Blade Confirms Breach After Hacker Posts Stolen User Data Avem Health Partners (OK) Files Data Breach Stemming from Incident at 365 Data Centers Lakeside Software (MI) Data Breach After Incident Results in Leaked SSNs Hope College (MI) Warns of Potential Data Breach Potential Cyber Attack Hits Victoria’s Peak (Australia) Fire Response Agency Lego Bricklink Bugs Let Hackers Hijack Accounts, Breach Servers Phishing Attack Uses Facebook Posts to Evade Email Security Loan Scam Campaign ‘MoneyMonger’ Exploits Flutter to Hide Malware Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as ‘Critical’ Microsoft Removes Windows 11 Update Block for PCs With Gaming Issues

• 12/14/2022

  Lawmakers Introduce Bill to Ban TikTok in U.S. Krebs: FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked Loan Fee Fraud Surges by a Fifth as Christmas Approaches A New Lawsuit Accuses Meta of Inflaming Civil War in Ethiopia New Lawsuit Accuses Meta of Inflaming Ethiopia Civil War Seven Smuggled U.S. Military Tech for Moscow, Say Feds Krebs: Six Charged in Mass Takedown of DDoS-for-Hire Sites Tech Group Sues California Over Kids’ Online Safety Law OECD Countries Finalize Framework to Limit Government Access to Citizen Personal Data NSA Shares Tips on Mitigating 5G Network Slicing Threats

  Open-Source Repositories Flooded by 144,000 Phishing Packages Kaye-Smith Announces Data Breach Potentially Affecting MultiCare Patients North Star Leasing (VT), a Division of Peoples Bank, Provides Data Breach Notice ‘Third-Party Incident’ Impacted Gemini With 5.7 Million Emails Leaked Attackers Use SVG Files to Smuggle QBot Malware Onto Windows Systems VMware Releases Fixes for Critical ESXi and vRealize Security Flaws Krebs: Microsoft Patch Tuesday, December 2022 Edition 10 Ways Any Company Can Tighten Up Their Cybersecurity Efforts For The New Year

• 12/13/2022

  Putin to Choose Cyber Warfare Before Nuclear Weapons, Former NSA Chief Says Hackers Planted Files to Frame an Indian Priest Who Died in Custody Experts Warn AI ChatGPT Could Democratize Cybercrime Google Launches Largest Distributed Database of Open Source Vulnerabilities Cuba Ransomware Gang Abused Microsoft Certificates to Sign Malware For Congress to Confront Cybersecurity, Reps Push to Ramp up Cyber Literacy Cybersecurity in Space: The Out Of-This-World Challenges Ahead 2022 In Review: A Super Duper Eventful Cybersecurity Year

  One Brooklyn Health Battling Cyber Attack That Forced Some Critical Services Offline TPG Telecom Says up to 15,000 Email Accounts of Business Customers Hacked New Gotrim Botnet Brute Forces WordPress Site Admin Accounts Cybersecurity Experts Uncover Inner Workings of Destructive Azov Ransomware Hackers Exploit Critical Citrix ADC and Gateway Zero Day, Patch Now Amazon ECR Public Gallery Flaw Could Have Wiped or Poisoned Any Image Apple Fixes New Webkit Zero-Day Used in Attacks Against iPhones Microsoft December 2022 Patch Tuesday Fixes 2 Zero-Days, 49 Flaws

• 12/12/2022

  How the U.S. Has Helped Counter Destructive Russian Cyberattacks Amid Ukraine War European Electricity Sector Lacks Cyber Experts as Ukraine War Raises Hacking Risks North Korean ‘Kimsuky’ Hackers Impersonate Researchers to Steal Intel Now Utah Governor Orders TikTok Ban for State Government Employees NASA Chief: SpaceX Leader Says Elon Musk’s Twitter Drama Is ‘Nothing to Worry About’ The New Space Race Will Drive Innovation: Here’s Where It Goes Next Survey Says: IT Security Teams, Business Execs Still Not on Same Page Cloudflare’s Zero Trust Suite Now Available for Free to At-Risk Groups Why You’ve Been Getting So Much Gmail Spam About Yeti Coolers Japan, Australia to Bolster Cyber-Defenses, Maybe Offensive Capacity Too Reconciling International Breach Reporting Rules Could Prove Challenging UK Arrests Five for Selling ‘Dodgy’ Point of Sale Software After Joint Probe

  Uber Suffers New Data Breach After Attack on Vendor, Info Leaked Online Twitter Confirms Recent User Data Leak Is From 2021 Breach CoinTracker Crypto Portfolio Software Suffers Data Hack California Department of Finance Hit With Cybersecurity Threat, Investigation Underway …LockBit Claims Play Ransomware Claims Attack on Belgium City of Antwerp Crane Worldwide Logistics Leaked Social Security Numbers Following Data Breach San Gorgonio Memorial Hospital (CA) Compromised Patient Info After Breach Chaos RAT Used to Enhance Linux Cryptomining Attacks New Python Malware Backdoors VMware ESXi Servers for Remote Access Fortinet Says SSL-VPN Pre-Auth RCE Bug is Exploited in Attacks Google Adds Passkey Support to Chrome for Windows, macOS and Android Effective, Fast, and Unrecoverable: Wiper Malware Is Popping up Everywhere

• 12/9-11/2022

  Krebs: New Ransom Payment Schemes Target Executives, Telemedicine BEC Attacks Expand Beyond Email and Toward Mobile Devices Critical Infrastructure: Attackers Keep Targeting the U.S. Electric Grid North Carolina Power Grid Attack Exposes Vulnerabilities, Prompts Scrutiny of Other Recent Attacks A Year Later, That Brutal Log4j Vulnerability Is Still Lurking Activists Respond to Apple Choosing Encryption Over Invasive Image Scanning Plans Advocacy Groups Make Last-Ditch Plea to Schumer for Vote on Antitrust Bills LinkedIn Has a Fake Account Problem It’s Trying to Fix: Real Users Are Part of the Solution Madoff Prosecutor: ‘Highly Unusual’ for Sam Bankman-Fried to Be Speaking Publicly Huawei Licenses 5G Patents to Rival as U.S. Sanctions Force the Chinese Giant to Seek New Revenue Tennessee Latest State to Block TikTok Access on Government Networks, Citing Cybersecurity Australia Arrests ‘Pig Butchering’ Suspects for Stealing $100 Million

  Hack-for-Hire Group ‘Evilnum’ Targets Travel and Financial Entities with New Janicab Malware Variant Shows Will Go On at Met Opera Despite Cyber-Attack That Crashed Network Cobalt Mirage Affiliate Uses GitHub to Relay Drokbk Malware Instructions Truebot Malware Activity Increases With Possible Evil Corp Connections Information of 360,000 People Affected in Ontario Vaccine Data Breach Australia’s Telstra Suffers Privacy Breach, 132,000 Customers Impacted Rackspace Warns of Phishing Risks Following Ransomware Attack Antivirus and EDR Solutions Tricked Into Acting as Data Wipers Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls Samsung Galaxy S22 Hacked in 55 Seconds on Pwn2Own Day 3 …Hackers Earn $989,750 For 63 Zero-Days Exploited At Pwn2Own Toronto 43 Trillion Security Data Points Illuminate Our Most Pressing Threats

• 12/8/2022

  U.S. Health Dept Warns of Royal Ransomware Targeting Healthcare COVID-bit: New COVert Channel to Exfiltrate Data from Air-Gapped Computers FTC Sues to Block Microsoft’s Acquisition of Gaming Company Activision Pet Dog Unmasks Drug Trafficker on Encrypted Chat Automated Dark Web Markets Sell Corporate Email Accounts for $2 Researchers Uncover Darknet Service ‘Zombinder’ Allowing Hackers to Trojonize Legit Android Apps Samsung Galaxy S22 Hacked Again on Second Day of Pwn2Own Google: How Android’s Private Compute Core Protects Your Data Tor Browser 12.0 Brings Apple Silicon Support, Android Enhancements

  Iranian ‘MuddyWater’ Hacked Corporate Email Accounts Used to Send MSP Remote Access Tool Popular HR and Payroll Company Sequoia Discloses a Data Breach CommonSpirit Health Ransomware Attack Exposed Data of 623,000 Patients Suncoast Skin Solutions (FL) Announces Data Breach Following Apparent Ransomware Attack Acuity Brands (GA) Data Breach Impacts More than 37k Employees’ Sensitive Information Black, Gould & Associates (AZ) Notifies Over 42,000 Consumers of Recent Data Breach Maryland Senior Living Community Announces Data Security Breach Cisco Discloses High-Severity IP Phone Bug With Exploit Code (ISC)² Recruits 110,000 People

• 12/7/2022

  Russian Hackers ‘Blue Callisto’ (aka TAG-53) Spotted Targeting U.S. Military Weapons and Hardware Supplier Chinese Hackers Using Russo-Ukrainian War Decoys to Target APAC and European Entities Taiwan Bans State-Owned Devices From Running Chinese Platform TikTok …Nebraska, South Dakota, South Carolina, Maryland …Indiana Sues Google Discovered North Korea Exploiting an Internet Explorer Zero-Day Vulnerability in October Apple Claims a New iMessage Can Alert You if State-Sponsored Spies Are Eavesdropping Apple Announces Plans to Encrypt iCloud Backups …How to Enable End-To-End Encryption for Your iCloud Backups Proton’s Encrypted Cloud Storage Gets Dedicated Mobile Apps Now Telegram Users Don’t Need a Phone Number — They Can Buy a Fake One With Crypto Apple Kills Its Plan to Scan Your Photos for CSAM: Here’s What’s Next Scammers Are Scamming Other Scammers Out of Millions of Dollars San Francisco Terminates Explosive Killer Cop Bots, Un-Backing Decision

  CloudSEK Claims It Was Hacked by Another Cybersecurity Firm ‘Group X’ Supply Chain Web Skimming Attacks Hit Dozens of Sites New Go-Based Botnet ‘Zerobot’ Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network Hackers Use New Fantasy Data Wiper in Coordinated Supply Chain Attack Microsoft Warns Cryptocurrency Firms Against Complex Cyber-Attacks Elon Musk’s Twitter Followers Targeted in Fake Crypto Giveaway Scam Macmillan Reports Data Breach Leaking Consumers’ Social Security Numbers Suffolk University Reports Data Breach Impacting Thousands of Current and Former Students Health Info of Nearly 9K Compromised in Rhode Island Department of Health Data Breach Te Whatu Ora (NZ) Loses Access to 14,000 Health Data Following Cyberattack CryptosLabs ‘Pig Butchering’ Ring Stole up to $505 Million Since 2018 Vice Society Ransomware Attackers Targeted Dozens of Schools in 2022 Google: State Hackers Still Exploiting Internet Explorer Zero-Days

• 12/6/2022

  U.S. Intelligence Chief: Parents ‘Should Be’ Concerned for Kids’ Privacy on TikTok Facebook Parent’s Oversight Board Criticizes ‘Cross Check’ Program That Protects VIP Users Russian Hackers Use Western Networks to Attack Ukraine Microsoft Warns of Russian Cyberattacks Throughout the Winter Microsoft: Hackers Target Cryptocurrency Firms Over Telegram Swiss Government Wants to Implement Mandatory Duty to Report Cyber-Attacks Suspects Arrested for Hacking U.S. Networks to Steal Employee Data Krebs: Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google Darknet’s Largest Mobile Malware Marketplace Threatens Users Worldwide KmsdBot Botnet Is Down After Operator Sends Typo in Command Fixing The Cybersecurity Staff Shortage: It’s Not Going to Be Easy Applying the OODA Loop to Cybersecurity and Secure Access Service Edge

  Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks China-Based Hackers Target Amnesty International Canada Massive DDoS Attack Takes Russia’s Second-Largest Bank VTB Offline Antwerp’s City Services Down After Hackers Attack Digital Partner Ransomware Gang Steals Employee and Customer Data From LJ Hooker Snap Finance Files Notice of Data Breach Little Rock Schools to Pay Hackers to End Ransomware Attack Rackspace Confirms Ransomware Attack Behind Days-Long Email Outage Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware Kali Linux 2022.4 Adds 6 New Tools, Azure Images, And Desktop Updates Android December 2022 Security Updates Fix 81 Vulnerabilities Samsung Galaxy S22 Hacked Twice on First Day of Pwn2Own Toronto

• 12/5/2022

  APT41 Hackers Linked to Chinese Government Stole Millions in COVID Benefits, Secret Service Says Gunfire at Electrical Grid Kills Power for 45,000 in North Carolina Syntax Errors Are the Doom of Us All, Including Botnet Authors Adobe’s Postscript Programming Language Sparked a Revolution: Now You Can Check Out the Source Code Big Tech and Its Critics Lash Out at Journalism Measure Cyber Extortion Growing Exponentially in Africa, Middle East and China, Finds Orange Swiss Digital Giant ABB to Pay $315m in Bribery Case Sneaky Hackers Reverse Defense Mitigations When Detected Cybersecurity Should Focus On Managing Risk

  ‘Team Mysterious Bangladesh’ Hackers Target Indian Education Entity Iran-Backed APT42 Hackers Targeting Activists, Journalists, Politicians – HRW French Hospital Halts Operations After Cyber-Attack Dallas Central Appraisal District Hack Still Causing Issues, Tax Bills May Be Delayed for Thousands Hackers Hijack Linux Devices Using PRoot Isolated Filesystems Severe AMI MegaRAC Flaws Impact Servers From AMD, ARM, HPE, Dell, Others Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems CISA Orders Agencies to Patch Exploited Google Chrome Bug by Dec 26th

• 12/2-4/2022

  Never-Before-Seen ‘CryWiper’ Malware Is Nuking Data in Russia’s Courts and Mayors’ Offices Snowden Receives Russian Passport, Takes Citizenship Oath North Korean ‘Lazarus’ Hackers Use New, Fake Crypto App ‘BloxHolder’ to Breach Networks, Steal Cryptocurrency Elon Musk Suspends Ye From Twitter Following Swastika Tweet Globally Critical Chip ASML Firm Is Driving a Wedge Between the U.S. And Netherlands Over China Tech Policy Industry Coalition Urges Congress to Hold off on SBOMs Requirements for Defense Contractors DHS Cyber Board to Examine Hacking Extortion Group Lapsus$ Proton Calendar Rounds Out Security-Focused Big Tech Alternative on iOS Google Increases Android Security With Memory-Safe Programming Languages When Hackers Strike, CEOs Become Negotiators, Communicators Watch Out: Triple-Pronged PayPal Phishing & Fraud Scam Police Arrest 55 Members of ‘Black Panthers’ SIM Swap Gang SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist

  Rackspace Rocked by ‘Security Incident’ That Has Taken Out Hosted Exchange Services Cyber Attack on Tamil Nadu Hospital, Hackers Sell Data of 1.5 Lakh Patients Florida Department of Revenue Tax Website Bug Exposed Filers’ Data San Diego Unified School District Receives Cybersecurity Threat Hackers Use Archive Files and HTML Smuggling to Bypass Detection Tools ‘Black Proxies’ Enable Threat Actors to Conduct Malicious Activity Hackers Sign Android Malware Apps with Compromised Platform Certificates Android Malware Apps With 2 Million Installs Spotted on Google Play CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL Google Rolls Out New Chrome Browser Update to Patch Yet Another High-Severity Zero-Day Vulnerability We Are Still Failing to Learn the Most Important Lesson in Cybersecurity: That Needs to Change, Fast

• 12/1/2022

  China Clamps Down on Internet as It Seeks to Stamp Out Covid Protests Krebs: ConnectWise Quietly Patches Flaw That Helps Phishers Zuckerberg Slams Apple’s ‘Problematic’ App Store Dominance Musk Says ‘Misunderstanding’ About Potential Twitter Removal From App Store Resolved Ye, the Artist Formerly Known as Kanye West, to No Longer Buy Parler WhatsApp Files on Dark Web Show Millions of Records For Sale Rising Tether Loans Add Risk to Stablecoin, Crypto World Now 1Password Remembers Sites That Use Third-Party Accounts Like Google or Facebook to Log In These File Types Are the Ones Most Commonly Used by Hackers to Hide Their Malware One Year After Log4Shell, Most Firms Are Still Exposed to Attack UK Extends NIS Regulations to IT Managed Service Providers

  Hackers Leak Another Set of Medibank Customer Data on the Dark Web FBI: Cuba Ransomware Raked in $60 Million From Over 100 Victims New DuckLogs Malware Service Claims Having Thousands of ‘Customers’ IKEA Confirms It Was Hit in Significant Cyberattack Dallam Hartley Counties Hospital District (TX) Reports Data Breach Affecting over 69,000 Patients Cyber Attack Hits North East London Foundation Trust Finance Systems Vatican Website Targeted With Multiple Hack Attempts, ‘Abnormal’ Access New Redigo Malware Drops Stealthy Backdoor on Redis Servers Spyware Vendor Variston Exploited N-Days in Chrome, Firefox, Windows Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users Hyundai App Bugs Allowed Hackers to Remotely Unlock, Start Cars

• 11/30/2022

  Majority of U.S. Defense Contractors Not Meeting Basic Cybersecurity Requirements Noem Orders TikTok Ban for South Dakota Government China-Based Hackers UNC4191 Target Southeast Asia With USB-Based Malware Cloudflare Finds a Way Through China’s Network Defences North Korea Hackers Using New “Dolphin” Backdoor to Spy on South Korean Targets Reformed Russian Cybercriminal Warns That Hatred Spreads Hacktivism Google Moves to Block Invasive Spanish Spyware Framework Ransomware, SMBs Remain Key Security Concerns Amidst Focus on Critical Infrastructures Singapore Releases Blueprint to Combat Ransomware Attacks Cybersecurity Researchers Take Down DDoS Botnet by Accident LastPass’ Latest Data Breach Exposed Some Customer Information Whistleblower Reports of Lax Cybersecurity Expected to Rise Australian Parliament Passes Privacy Penalty Bill: Up to $50M Fines San Francisco Lawmakers Approve Lethal Robots, but They Can’t Carry Guns Shares of CrowdStrike Fall After ‘Disappointing’ Earnings, Morgan Stanley Says Buy the Dip TransUnion Class Action Claims Insecure Information Storage Led to Data Breach

  Keralty Ransomware Attack Impacts Colombia’s Health Care System GoTo Says Hackers Breached Its Dev Environment, Cloud Storage South Staffordshire (UK) Water Reveals Data Hack Mena Regional Health System (AR) Suffers Data Breach; 85K Patients Impacted French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm Ingalls & Snyder (NY) Files Notice of Data Breach Following Unauthorized Access to Network Data Stolen in Ransomware Attack Against Guilford College (NC) Crafty Threat Actor ‘CashRewindo’ Uses ‘Aged’ Domains to Evade Security Platforms Android and iOS Apps with 15 Million Installs Extort Loan Seekers Google Discovers Windows Exploit Framework Used to Deploy Spyware Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection Sirius XM Flaw Unlocks So-Called Smart Cars Thanks to Code Flaw Critical RCE Bugs in Android Remote Keyboard Apps With 2M Installs High Severity Zero-Day Flaw Discovered in Quarkus Java Framework New “Icefall” Bugs Include Critical DoS Flaw NVIDIA Releases GPU Driver Update to Fix 29 Security Flaws

---

Follow The Cyber Beat

Get news delivered directly to your inbox.