• 10/14/2021

  World Leaders Recognize Ransomware Attacks as ‘Global Security Threat’ White House Ransomware Summit Eyes Tighter Global Scrutiny for Crypto Agencies Warn of Cyber Threats to Water, Wastewater Systems Google: We’re Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries Microsoft Folds LinkedIn Social-Media Service in China Facebook to Shield Public Figures from Cyber-harassment House Democrats Announce Bill to Rein in Tech Algorithms WhatsApp Rolls Out iOS, Android End-To-End Encrypted Chat Backups Krebs: Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

  Acer Confirms Second Cyberattack in 2021 After Ransomware Incident in March 3D Printing Site Thingiverse Suffers Breach of 228,000 Email Addresses Amid Sluggish Disclosure DocuSign Phishing Campaign Targets Low-Ranking Employees New Yanluowang Ransomware Used in Targeted Enterprise Attacks Malicious Chrome Ad Blocker Injects Ads Behind the Scenes Rickroll Grad Prank Exposes Exterity IPTV Bug Critical Remote Hacking Flaws Disclosed in Linphone and MicroSIP Softphones Microsoft Releases Linux Version of the Windows Sysmon Tool

• 10/13/2021

  World Leaders Call For Enhanced Cooperation to Fight Escalating Wave of Ransomware Attacks Russia Excluded From 30-Country Meeting to Fight Ransomware and Cyber Crime Australia to Tackle Ransomware Data Breaches by Deleting Stolen Files 30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware Krebs: How Coinbase Phishers Steal One-Time Passwords U.S. Officially the Top Destination for Bitcoin Miners, Beating Out China for the First Time EU Legislation Introduced to Ban Anonymous Domain Registration Johns Hopkins to Launch Degree Program in Cybersecurity and Policy

  OpenSea ‘Free Gift’ NFTs Drain Cryptowallet Balances Crypto Romance Scam Drains $1.4M Verizon Digital Carrier Visible Customer Accounts Were Hacked Brazilian E-commerce Firm Hariexpress Leaks 1.75 Billion Sensitive Files Israel’ Hadera Hospital Hobbled by Cyber Attack Lancaster Media Group (PA) Attacked by Ransomware MyKings Botnet Still Active and Making Massive Amounts of Money Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers Apple Silently Fixes iOS Zero-Day, Asks Bug Reporter to Keep Quiet

• 10/12/2021

  Congress Looks to Strengthen Government’s Aging Cyber Infrastructure DOJ Sees Crypto Seizures as a Priority in Anti-Ransomware Push U.S. Cyber Agency Hopes to Avoid the ‘Regulator’ Label NSA Warns of Wildcard Certificate Risks, Provides Mitigations Google Creates Cybersecurity Team to Respond to Increased Hacks Study Reveals Android Phones Constantly Snoop on Their Users Photo Editor Android App Still Sitting on Google Play Store Is Malware 1Password Unveils Secure Sharing Tool for Passwords, Secrets Phishing Campaign Uses Math Symbols to Evade Detection Dutch Police Send Warning Letters to DDoS Booter Customers ‘Nukegate’ SCANA CEO Imprisoned for Fraud

  Microsoft Kills Bug Being Exploited in APT MysterySnail Espionage Campaign Microsoft Fended Off a Record 2.4 Tbps DDoS Attack Targeting Azure Customers Olympus US Systems Hit by Cyberattack Over the Weekend Cyberattack Shuts Down Ecuador’s Largest Bank, Banco Pichincha University of Sunderland Hit by Suspected Major Cyber Attack, IT Systems and Website Down Private Hospital Group Macquarie (NSW) Health Takes System Offline Following Cyber Incident Ransomware Attack Inhibits Servers in DeKalb County (GA) SnapMC Hackers Skip File Encryption and Just Steal Your Files FreakOut Botnet Now Attacks Vulnerable Video DVR Devices PyPI Removes ‘mitmproxy2’ Over Code Execution Concerns Krebs: Patch Tuesday, October 2021 Edition Microsoft Revokes Insecure SSH Keys for Azure DevOps Customers

• 10/11/2021

  UK Cyber Head Says Russia Responsible for ‘Devastating’ Ransomware Attacks China Has Won AI Battle With U.S., Pentagon’s Ex-software Chief Says Microsoft Reports Iranian Hackers Targeting U.S., Israeli Defense Companies U.S. Set Out to Hobble China’s Huawei, and So It Has …Huawei Cloud Targeted by Updated Cryptomining Malware Cybersecurity Is A Journey, Not A Destination Google Gives Security Keys to 10,000 High-Risk Users Facebook Says It Will Add New Safety Features, Notably for Teens on Instagram, After Bombshell Whistleblower Leak Ukrainian Police Arrest DDoS Operator Controlling 100,000 Bots

  Pacific City Bank Discloses Ransomware Attack Claimed by AvosLocker Hacker Steals Patients’ Data From San Juan Regional Medical Center (NM) Quest-Owned Fertility Clinic ReproSource Announces Data Breach After August Ransomware Attack Oregon Eye Specialists Discloses Data Breach Following Employee Email Compromise LibreOffice, OpenOffice Bug Allows Hackers to Spoof Signed Docs GitHub Revokes Duplicate SSH Auth Keys Linked to Library Bug Apple Releases iOS 15.0.2 for iPhone With Bug and Security Fixes Microsoft Defender for Identity to Detect Windows Bronze Bit Attacks

• 10/8-10/2021

  Biden Signs Bill to Strengthen K-12 School Cybersecurity Democrats Urge Federal Agencies to Address Use of Cryptocurrencies for Ransomware Payments Poll: Americans Think U.S. Politicians, Social Media Spread Misinformation More Than Foreign Governments U.S. Navy Engineer Charged in Attempt to Sell Nuclear Submarine Secrets Amnesty International Links Indian Cybersecurity Firm to Spyware Operation Russian Orgs Heavily Targeted by Smaller Tier Ransomware Gangs Google Warns 14,000 Gmail Users Targeted by Russian Group APT28 Bank of America Insider Charged With Money Laundering for BEC Scams

  BrewDog Token Gaffe Causes Massive PII Breach Cox Media Group Confirms Ransomware Attack That Took Down Broadcasts Schneck Medical Center (IN) Electronic Medical Records Back Online 10 Days After Ransomware Attack Twitch Game Page Backgrounds Defaced With Jeff Bezos’ Face Intuit Warns Quickbooks Customers of Ongoing Phishing Attacks Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems Microsoft Adds Tamper Protection to Windows 11 Security Baseline

• 10/7/2021

  Russia Charges Cybersecurity Executive Ilya Sachkov, Founder and CEO of Group-IB, With Treason …Russian Spies Reportedly Used SolarWinds Hack to Steal U.S. Counterintelligence Details …Russian-Speaking Hacking Group FIN12 Scaling up Ransomware Attacks on Hospitals …Microsoft Report Finds Russia Dominant Force Behind Cyberattacks in Past Year Navy Warship USS Kidd Facebook Page Hacked to Stream ‘Age of Empires’ Gaming Twitch Blames Server Error for Massive Data Leak …Twitch: No Credentials or Card Numbers Exposed in Data Breach …Research: Twitch Leak Included Emails, Passwords in Clear Text Patching Too Tortuous for IT Pros? SEC’s Stepped-up Cyber Scrutiny Won’t Save Shareholder Data Breach Suits Netherlands Orders Apple to Offer More App Store Payment Methods Firefox Now Shows Ads as Sponsored Address Bar Suggestions

  State-Sponsored Chinese Group APT41 Targeted India With Tax and COVID Phishing UK’s Weir Group Hit by Attempted Cyber Attack at End of Q3 Transdev Denies Data Stolen by Ransomware Group, Connects Leak to September Attack on Client Ransomware Gang Hit Barlow Respiratory Hospital in Echo Park (CA) Vidar Stealer Abuses Mastodon to Silently Get C2 Configuration Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects Unpatched Dahua Cams Vulnerable to Unauthenticated Remote Access Apache Emergency Update Fixes Incomplete Patch for Exploited Bug Microsoft Fixes Bug Blocking Azure Virtual Desktops Security Updates Microsoft Is Disabling Excel 4.0 Macros by Default to Protect Users Apple Now Requires All Apps to Make It Easy for Users to Delete Their Accounts

• 10/6/2021

  TSA to Issue Regulations to Secure Rail, Aviation Groups Against Cyber Threats U.S. Gov’t to Sue Contractors Who Hide Breach Incidents Lawmakers Advocate for Establishment of Standalone House and Senate Cyber Panels Ransom Disclosure Act Would Give Victims 48 Hours to Report Payments America Urged to Prepare for Shift to Post-Quantum Cryptography Facebook Slows New Products for ‘Reputational Reviews’ Hacker Breaches Amazon’s Twitch Video Site, Exposing Future Product Plans Princess Haya: Dubai Ruler Had Ex-wife’s Phone Hacked – UK Court Fired IT Admin Revenge-Hacks School by Wiping Data, Changing Passwords Texas Man Imprisoned Over COVID-19 Hoax

  Iranian Hackers Abuse Dropbox in Cyberattacks Against Aerospace and Telecom Firms U.S. Clothing Brand Next Level Apparel Reports Phishing-Related Data Breach Lodi Unified School District (CA) ‘Cybersecurity Issue’ Affecting Phones, Computer Systems Cyber Attack Hits Senator Gordon (Philippines) Official Website Actively Exploited Apache 0-Day Also Allows Remote Code Execution Canopy Parental Control App Wide Open to Unpatched XSS Bugs Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers Medtronic Urgently Recalls Insulin Pump Controllers Over Hacking Concerns Firefox Improves Advertising Tracker Blocking in Private Browsing

• 10/5/2021

  What Happened to Facebook, WhatsApp, and Instagram? …Facebook Blames Engineering Error of ‘Our Own Making’ for Global Outage …Faulty Router Configuration …No, There Isn’t Proof That the Private Data of 1.5 Billion Facebook Users Is Being Sold by Hackers …Facebook Whistleblower: ‘Morally Bankrupt’ Social Giant Will Have to ‘Hook Kids’ to Grow NSA Director Expects to Be Facing Ransomware Attacks ‘Every Single Day’ in Five Years Lawmakers Introduce Bill to Identify and Protect Critical Groups From Cyber Threats Squid Game Scenes Cut Over Data Exposure New Yubico Security Keys Let You Use Fingerprints Instead of Passwords One Identity Acquires OneLogin

  Telegraph Newspaper Bares 10TB of Subscriber Data and Server Logs Hackers Threaten Allen Independent School District (TX) Families After Cyberattack Ransomware Gang Encrypts VMware ESXi Servers With Python Script IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft New UEFI Bootkit Used to Backdoor Windows Devices Since 2012 Apache Warns of Zero-Day Exploit in the Wild Android October Patch Fixes Three Critical Bugs, 41 Flaws in Total Google to Auto-Enroll 150 Million User Accounts Into 2FA What, Exactly, Is Cybersecurity? And Why Does It Matter?

• 10/4/2021

  Some Facebook, Instagram, WhatsApp Services Restored After Hourslong Global Outage …Krebs: What Happened to Facebook, Instagram, & WhatsApp? …Facebook Whistleblower to Testify Before Senate Senators Warn of Chinese Technology Threats Ahead of International Meeting UK Plans to Invest £5 Billion in Retaliatory Cyber-Attacks Encrypted & Fileless Malware Sees Big Growth Researcher Refuses Telegram’s Bounty Award, Discloses Auto-Delete Bug

  Largest Mobile SMS Routing Firm Syniverse Discloses Five-Year-Long Breach Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services Tesuque Casino (NM) Reopens Tuesday After September Cyber Attack New Atom Silo Ransomware Targets Vulnerable Confluence Servers RaidForums Forced to Use Mirror After Brazilian Gov’t Contacts Registrar Ukrainian Cops Cuff Two Over $150m Ransomware Gang Allegations, Seize $1.3m in Cryptocurrency

• 10/1-3/2021

  Pandora Papers: Secret Wealth and Dealings of World Leaders Exposed …Key Findings From the Pandora Papers Investigation White House Plans 30-Country Meeting on Cyber Crime and Ransomware Krebs: FCC Proposal Targets SIM Swapping, Port-Out Fraud False Election Claims Undermine Efforts to Increase Security El Salvador Has Just Started Mining Bitcoin Using the Energy From Volcanoes A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware Death The Facebook Whistleblower, Frances Haugen, Says She Wants to Fix the Company, Not Harm It DeFi Bug Accidentally Gives $90 Million to Users, Founder Begs Them to Return It …Bug Puts $162 Million up for Grabs, Says Founder of DeFi Platform Compound UK National Cyber Force to be based in Samlesbury Biden ‘Confident’ in the Nation’s Cybersecurity Efforts as Cybersecurity Awareness Month Begins

  MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed Sandhills Online Machinery Markets Shut Down by Ransomware Attack MoneyLion Locks Customer Accounts After Credential Stuffing Attacks Washington Adventist University Hit By Ransomware Attack Johnson Memorial Health (IN) Struck by Cyberattack Saturday IKEA: Cameras Were Hidden in the Ceiling Above Warehouse Toilets for ‘Health and Safety’ Transnational Fraud Ring Stole Millions From Army Members, Veterans New APT ChamelGang Targets Russian Energy, Aviation Orgs Hydra Malware Targets Customers of Germany’s Second Largest Bank Flubot Malware Targets Androids With Fake Security Updates

• 9/30/2021

  U.S. Lawmakers Push for New Controls on Ex-Spies Working Overseas Data-Privacy Impasse Hangs Over U.S.-EU Trade and Technology Summit House Approves Legislation to Protect K-12 Schools Against Cyberattacks Thousands of University Wi-Fi Networks Expose Log-In Credentials Military’s RFID Tracking of Guns May Endanger Troops Baby’s Death Alleged to Be Linked to Ransomware Scammers Capitalize on Release of New Bond Movie RansomEXX Ransomware Linux Encryptor May Damage Victims’ Files WireX DDoS Botnet Admin Charged for Attacking Hotel Chain Arctic Wolf Acquires ‘Hollywood-Style’ Cybersecurity Training Startup Habitu8 How Yahoo Built a Culture of Cybersecurity

  JVCKenwood Hit by Conti Ransomware Claiming Theft of 1.5TB Data Neiman Marcus Says Notified 4.6 Million Customers About Data Breach Schneck Medical Center (IN) Suspends IT Systems in Response to Ongoing Cyberattack Stonington Public School System (CT) Targeted by Ransomware Hackers Innovative Proxy Phantom ATO Fraud Ring Haunts eCommerce Accounts GhostEmperor Hackers Use New Windows 10 Rootkit in Attacks Fake Amnesty International Pegasus Scanner Used to Infect Windows New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught QNAP Fixes Bug That Let Attackers Run Malicious Commands Remotely Google Emergency Update Fixes Two Chrome Zero Days

• 9/29/2021

  Lawmakers Demand Briefing on FBI’s Decision to Withhold Kaseya Decryption Key CISA to Maintain ‘Rumor Control’ Site to Counter False Claims in Future Elections YouTube Pledges to Block all Anti-Vaccine Content U.S. Should Do ‘Exact Opposite’ of China on Crypto, Says Andreessen Horowitz’s Katie Haun Russia Detains Cyber-Security Tycoon Ilya Sachkov in Treason Case CISA Releases Tool to Help Orgs Fend off Insider Threat Risks SAS 2021: ‘Tomiris’ Backdoor Linked to SolarWinds Malware Conti Ransomware Expands Ability to Blow Up Backups Krebs: The Rise of One-Time Password Interception Bots Modern Cyber-Criminals Don’t Hack in – They Log in

  Canadian Vaccine Passport App Exposes Data Mental Healthcare Providers Report Data Breaches Trucking Giant Forward Air Reports Ransomware Data Breach Pottawatomie County (KS) Services Back to Normal Following Cyber-Attack Data on Dawson County (NE) Computer Network Compromised by a Cyber-Attack Hackers Targeting Brazil’s PIX Payment System to Drain Users’ Bank Accounts GriftHorse Money-Stealing Trojan Takes 10M Android Users for a Ride Researchers Find Apple Pay, Visa Contactless Hack Facebook Releases New Tool That Finds Security and Privacy Bugs in Android Apps

• 9/28/2021

  Senators Roll Out Bill Giving Organizations 24 Hours to Report Ransomware Attack Payments SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor NSA, CISA Share VPN Security Tips to Defend Against Hackers Tesla CEO Elon Musk Says U.S. Government Should Avoid Regulating Crypto Ukraine Takes Down Call Centers Behind Cryptocurrency Investor Scams Most Large Enterprises Fail to Protect Their Domain Names New Microsoft Exchange Service Mitigates High-Risk Bugs Automatically Best Careers With a Cybersecurity Degree Cybersecurity Insurer Coalition Gets New Funding at $3.5 Billion Valuation U.S. Deports Convicted Cyber-criminal to Russia

  Cyber-attack Floors British Payroll Firm Giant Group Bandwidth.com Is Latest Victim of DDoS Attacks Against VoIP Providers Lufkin Independent School District (TX) Still Down by a Cyber-Attack Over the Weekend Cyber Attack Resolved After Impacting Phone Lines at Wake County (NC) Schools Credential Spear-Phishing Uses Spoofed Zix Encrypted Email Microsoft Warns of FoggyWeb Malware Targeting Active Directory FS Servers FinFisher Malware Hijacks Windows Boot Manager With UEFI Bootkit Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns Working Exploit Released for VMware vCenter CVE-2021-22005 Bug Krebs: Apple AirTag Bug Enables ‘Good Samaritan’ Attack

• 9/27/2021

  ‘Quad’ Group of USA, India, Australia, and Japan Seeks to Set Security Standards for Global Tech Industry U.S.-Russia Set 2nd Round of Strategic Talks Under Biden Admin U.N. Members Seek New Cyber Discussions Amid Rising Ransomware Attacks Ethereum Dev Admits to Helping North Korea Evade Crypto Sanctions Senators Aim to Increase Oversight of Cryptocurrency Mining With New Bill 7 Ways to Thwart Malicious Insiders Women, Minorities Are Hacked More Than Others

  3.8 Billion Users’ Combined Clubhouse, Facebook Data Up for Sale New Malware ‘BloodyStealer’ Steals Steam, Epic Games Store, and EA Origin Accounts New Android Malware Steals Financial Data from 378 Banking and Wallet Apps Malicious ‘Safepal Wallet’ Firefox Add-on Stole Cryptocurrency A New Jupyter Malware Version is Being Distributed via MSI Installers Microsoft: Nobelium Uses Custom Malware to Backdoor Windows Domains QNAP Fixes Critical Bugs in QVR Video Surveillance Solution

• 9/24-26/2021

  Huawei CFO Meng Wanzhou Reaches Deal With Justice Department …Huawei’s Meng Wanzhou Flies Back to China After Deal With U.S. …2 Canadians Held by China Are Freed, Hours After Huawei Deal Is Reached EU ‘Denounces’ Russian ‘Ghostwriter’ Malicious Cyber Activity Aimed at Member States FBI Decision to Withhold Kaseya Ransomware Decryption Keys Stirs Debate United Health Centers Ransomware Attack Claimed by Vice Society Bitcoin.org Hackers Steal $17,000 in ‘Double Your Cash’ Scam China- And Hong Kong-Based Bitcoin Holders Scrambling to Protect Their Crypto Assets Microsoft Rushes to Register Autodiscover Domains Leaking Credentials Microsoft Will Disable Basic Auth in Exchange Online in October 2022 LG to Acquire Cybersecurity sStartup Cybellum

  Coos County Family Health Services (NH) Shut Down by Ransomware Attack Apple’s New iCloud Private Relay Service Leaks Users’ Real IP Addresses TangleBot Malware Reaches Deep into Android Device Functions Hackers Exploiting Critical VMware vCenter CVE-2021-22005 Bug Microsoft WPBT Flaw Lets Hackers Install Rootkits on Windows Devices Cybersecurity Vulnerability Could Affect Millions of Hikvision Cameras Emergency Google Chrome Update Fixes Zero-Day Exploited in the Wild Researcher Drops Three iOS Zero-Days That Apple Refused to Fix Critical Cisco Bugs Allow Code Execution on Wireless, SD-WAN SonicWall Fixes Critical Bug Allowing SMA 100 Device Takeover

• 9/23/2021

  FamousSparrow APT Wings in to Spy on Hotels, Governments Officials Urge Congress to Consider Fining Companies That Fail to Report Cyber Incidents Banks Share Data to Block Cyberattacks Ransomware Attackers Targeted This Company: Then Defenders Discovered Something Curious REvil Affiliates Confirm: Leadership Were Cheating Dirtbags Google Report Spotlights Uptick in Controversial ‘Geofence Warrants’ by Police Krebs: Indictment, Lawsuits Revive Trump-Alfa Bank Story

  Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers Illinois Integrated Eligibility System Acknowledges Possible Data Breach 10 Months After Incident Port of Houston Target of Suspected Nation-State Hack U.S. Eye-Care Providers Report Data Breaches Malware Devs Trick Windows Validation With Malformed Certs Apple Patches New Zero-Day Bug Used to Hack iPhones and Macs

• 9/22/2021

  Republican Lawmakers Raise Security, Privacy Concerns Over Huawei Cloud Services Lithuania Tells Its Citizens to Throw Xiaomi Mobile Devices in the Bin Zoom’s $15B Merger With Five9 Probed by Uncle Sam for National Security Risks Facebook’s Chief Technology Officer Mike Schroepfer to Step Down FBI, CISA, and NSA Warn of Escalating Conti Ransomware Attacks Most Business Executives Would Be Willing To Pay Cyber Ransoms: Survey Internet Users Stressed Out by Cyberattack News: Kaspersky U.S. Locks Up Call Center Scammer

  RaidForums Hacker Data Marketplace Accidentally Exposes Private Staff Page How REvil May Have Ripped Off Its Own Affiliates Real Estate Firm Marcus & Millichap Hit With Possible BlackMatter Ransomware Microsoft Exchange Autodiscover Bugs Leak 100k Windows Credentials Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation Apple Will Disable Insecure TLS in Future iOS, macOS Releases Hackers Are Scanning for Vmware Cve-2021-22005 Targets, Patch Now!

• 9/21/2021

  U.S. Treasury Sanctions Cryptocurrency Exchange for Alleged Role in Ransomware Attacks FBI Withheld Decryption Key for Kaseya Ransomware Attack for Three Weeks UK Ministry of Defence Apologises After Afghan Interpreters’ Personal Data Exposed in Email Blunder Turla APT Plants Novel Backdoor In Wake of Afghan Unrest Going Beyond Curbing Tech Giants, Xi Wants to Steer Flows of Money and Set Tighter Limits on Profit Making Facebook’s Latest “Apology” Reveals Security and Safety Disarray Users Increasingly Willing to Abandon Digital Platforms That Demand Personal Info, Stringent Passwords and Time-Consuming Forms: Study Why Cryptomining Malware Is a Harbinger of Future Attacks

  Marketron Marketing Services Hit by BlackMatter Ransomware French Shipping Giant CMA CGM Suffers Data Breach Crystal Valley (MN) Hit by Ransomware, Systems Go Offline Ukrainian Hackers Hit Family Medical Center (MI) With Ransomware New Capoae Malware Infiltrates WordPress Sites and Installs Backdoored Plugin VMware Warns of Critical Bug in Default vCenter Server Installs New macOS Zero-Day Bug Lets Attackers Run Commands Remotely Netgear Fixes Dangerous Code Execution Bug in Multiple Routers How to Fix the Windows 0x0000011b Network Printing Error

• 9/20/2021

  Indonesia Says No Evidence of Alleged Chinese Intel Hack A New Wave of APT Malware Attack Targeting Organizations in South America White House Cybersecurity Summit: A Missed Opportunity Krebs: Does Your Organization Have a Security.txt File? Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate TikTok China Just Limited Kids to 40 Minutes’ Use Each Day Google to Auto-Reset Unused Android App Permissions for Billions of Devices Europol Breaks Open Extensive Mafia Cybercrime Ring Former IT Exec Pleads Guilty to Insider Trading Conspiracy

  Major Agriculture Group New Cooperative Hit by BlackMatter Ransomware Attack VoIP.MS Phone Services Disrupted by DDoS Extortion Attack Israeli Communications Company Voicenter Hit by Major Cyber Attack Data of 106 Million Visitors to Thailand Breached Payment API Bungling Exposes Millions of Users’ Payment Data EventBuilder Misconfiguration Exposes Microsoft Event Registrant Data Epik Data Breach Impacts 15 Million Users, Including Non-Customers Hacked Sites Push TeamViewer Using Fake Expired Certificate Alert Apache OpenOffice Can Be Hijacked by Malicious Documents, Fix Still in Beta

• 9/17-19/2021

  Australia, UK, and U.S. Announce Security Partnership U.S. to Target Crypto Ransomware Payments With Sanctions Researchers Compile List of Vulnerabilities Abused by Ransomware Gangs The FCC Is Trying to Stop Robocalls, but the Scammers Won’t Disappear Cyberattackers Target Missouri Hospital At Epicenter Of COVID Outbreak, Post Patient Data Facebook Employees Flag Drug Cartels and Human Traffickers: The Company’s Response Is Weak How Facebook Hobbled Mark Zuckerberg’s Bid to Get America Vaccinated U.S. Gov’t Sites Showing Porn, Viagra Ads Share a Common Software Vendor App Annie Settlement Signals Closer Scrutiny of Data Brokers Krebs: Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

  AT&T Phone-Unlocking Malware Ring Costs Carrier $200M Health Dept. Cyber Attack Exposes Most Alaskans’ Personal Data Web Host Epik Was Warned of a Critical Security Flaw Weeks Before It Was Hacked Tech Recruiters Jabbed by Fake COVID-19 Passport Scam New “Elon Musk Club” Crypto Giveaway Scam Promoted via Email Billions More Android Devices Will Reset Risky App Permissions OMIGOD: Microsoft Azure VMS Exploited to Drop Mirai, Miners Microsoft Asks Azure Linux Admins to Manually Patch OMIGOD Bugs How to Fix Printers Asking for Admins Creds After PrintNightmare Patch

• 9/16/2021

  Senator Hassan Calls on Agencies to Take Action to Prevent Criminal Cryptocurrency Use CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug FBI: $113 Million Lost to Online Romance Scams This Year REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out 7 Steps to a More Secure Social Media Policy Household Names Hit with £500K Fine for Spamming Consumers

  Slot Machine Chain Dotty’s Reveals Data Breach Exposing SSNs, Financial Account Numbers, Biometric Data, Medical Records and More Republican Governors Association Was Hacked Earlier This Year Employee, Patient Data Compromised in Earlier Marion County Health Dept. (IN) Cyber Attack Airline Credential-Theft Takes Off in Widening Campaign Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks New Malware Uses Windows Subsystem for Linux for Stealthy Attacks New Windows Security Updates Break Network Printing

• 9/15/2021

  FTC Warns Health Apps to Notify Consumers Impacted by Data Breaches Attackers Impersonate DoT in Two-Day Phishing Scam Ransomware Gang: ‘We’ll Burn Your Data if You Get a Negotiator’ When Cyber War Becomes War Microsoft Rolls Out Passwordless Login for All Microsoft Accounts Departing U.K. Privacy Regulator Wants Global Consensus on Data Disputes Former U.S. Operatives Agree to $1.68M Settlement over Mercenary Hacking Charges

  German Election Authority Confirms Likely Cyber Attack Krebs: Customer Care Giant TTEC Hit By Ransomware No Patch for High-Severity Bug in Legacy IBM System X Servers Microsoft Fixes Critical Bugs in Secretly Installed Azure Linux App MikroTik Shares Info on Securing Routers Hit by Massive Mēris Botnet Kali Linux 2021.3 Released With New Pentest Tools, Improvements

• 9/14/2021

  Top FBI Official Says There Is ‘No Indication’ Russia Has Taken Action Against Hackers General Promises ‘Surge’ to Fight Ransomware Attacks Ex-U.S. Intelligence Operatives in UAE Hacking Case to Cooperate with FBI The Zero-Trust Approach to Managing Cyber Risk Explained Nearly 50% of On-Premises Databases Have Vulnerabilities Kape Technologies to Acquire ExpressVPN Suffolk County (NY) IT Supervisor Charged with Crypto-Mining Massachusetts AG Launches Investigation Into T-Mobile Data Breach

  Krita Art App Users Targeted by Ransomware Posing as Paid ‘Collaboration’ Opportunities Anonymous Claims to Have Stolen Huge Trove of Data From Epik, the Right-Wing’s Favorite Web Host Lubbock Co. (TX) Denies Data Breach, Says Data Temporarily Accessible Under New Software System ZLoader’s Back, Abusing Google AdWords, Disabling Windows Defender HP OMEN Gaming Hub Flaw Affects Millions of Windows Computers Travis CI Flaw Exposed Secrets of Thousands of Open Source Projects Adobe Snuffs Critical Bugs in Acrobat, Experience Manager Krebs: Microsoft Patch Tuesday, September 2021 Edition …Fixes Remaining Windows PrintNightmare Vulnerabilities

• 9/13/2021

  Apple Patches iPhone iMessage Vulnerability Exploited by NSO Group China-Based Mustang Panda Compromises Indonesian Intelligence Agency Discontent Simmers Over How to Police EU Privacy Rules FTC Warns of Extortionists Targeting LGBTQ+ Community on Dating Apps How Likely Is Your Employee To Cause A Data Breach? Brute-Force Attacks, Vulnerability Exploits Top Initial Attack Vectors Private Equity Firm Siris Capital in Talks to Acquire Cybersecurity Firm Radware, Sources Say U.S. Locks Up Oklahoma Man in Nigerian Romance Scam

  Over 60 Million Wearable, Fitness Tracking Records Exposed via Unsecured Database Post-Ida Cyber Attack Hits Jefferson Parish Courts Anonymous Hacks Texas Republican Party Website in Retaliation for State’s Abortion Ban How Walgreens’ Sloppy COVID-19 Test Registration System Exposed Patient Data Linux Implementation of Cobalt Strike Beacon Targeting Organizations Worldwide WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing Google Patches 10th Chrome Zero-Day Exploited in the Wild This Year

• 9/10-12/2021

  Stolen Credentials Led to Data Theft at United Nations Cressida Dick: Tech Giants Make It Impossible to Stop Terrorists WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud Krebs: KrebsOnSecurity Hit By Huge New IoT Botnet “Meris” Cybersecurity Seen as Rising Risk for Airlines Hackers Are Leaking Children’s Data — And There’s Little Parents Can Do Colorado County Clerk Charged with Cybercrime

  MyRepublic Data Breach Raises Data-Protection Questions Technology Giant Olympus Hit by BlackMatter Ransomware Yonkers (NY) Hacked, No Computers for the Past Week: City Hall Says No Ransom Fujitsu Confirms Stolen Data Not Connected to Cyberattack on Its Systems Mēris Botnet Hit Russia’s Yandex With Massive 22 Million RPS DDoS Attack SOVA, Worryingly Sophisticated Android Trojan, Takes Flight Windows MSHTML Zero-Day Exploits Shared on Hacking Forums

• 9/9/2021

  United Nations Confirms Its Systems Were Breached This Year SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’ Cyber-Criminal Targets Dadsnet Founders 91% Of It Teams Have Felt ‘Forced’ to Trade Security for Business Operations Report Pushes for Changes to Diversify ‘Homogenous’ U.S. Cybersecurity Workforce In the Hybrid Future, Secure Everything Like You’re Never Going Back U of Minnesota Partners With Optum, Medtronic to Launch Medical Device Cybersecurity Center LAPD Told to Harvest Social Media Handles From People They Stop, Suspect or Not Prison for BEC Scheme Money Launderer

  South African Justice Department Is Hit by Ransomware Attack Brazil’s Health Regulator Hacked After Argentina Qualifier Controversy Ransomware Attack on Desert Wells Family Medicine (AZ) Corrupts 35,000 Patients’ Records New Mēris Botnet Breaks DDoS Record With 21.8 Million RPS Attack Titanfall 2 Allegedly Hacked via “Simple Exploit” GitHub Finds 7 Code Execution Vulnerabilities in ‘Tar’ and Npm CLI ‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise Microsoft Fixes Bug Letting Hackers Take Over Azure Containers Windows MSHTML Zero-Day Defenses Bypassed as New Info Emerges

• 9/8/2021

  Pro-China Social Media Campaign Expands to New Countries, Blames U.S. For COVID After the 9/11 Attacks, Wall Street Bolstered Its Defenses The SEC Is Serious About Cybersecurity. Is Your Company? Spoofing Bug Highlights Cybersecurity for Digital Vaccine Passports Microsoft Has a $20 Billion Hacking Plan, but Cybersecurity Has a Big Spending Problem Inside Genesis: The Market Created by Cybercriminals to Make Millions Selling Your Digital Identity Experts Uncover Mobile Spyware Attacks Targeting Kurdish Ethnic Group Ukrainian Extradited to U.S. for Allegedly Selling Computer Credentials: DOJ ProtonMail Welcomes Sir Tim Berners-Lee to Its Advisory Board After Privacy Backlash

  New Zealand DDoS Wave Targets Banks, Post Offices, Weather Forecasters and More Hackers Leak Passwords for 500,000 Fortinet VPN Accounts Russian Internet Firm Yandex Hit by Major Cyber Attack -Report Howard University Shuts Down Network After Ransomware Attack TeamTNT’s New Tools Target Multiple OS Microsoft: Attackers Exploiting Windows Zero-Day Flaw (Krebs) HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack Zoho Patches Actively Exploited Critical ADSelfService Plus Bug How Much Do You Know About Ransomware? Take Our Quiz

• 9/7/2021

  Bipartisan House Group Introduces Legislation to Set Term Limit for Key Cyber Leader With the Pandemic End in Sight, Enterprise Defenders Worry About a Surge in Cyberattacks Ragnar Locker Gang Warns Victims Not to Call the FBI REvil Ransomware Group Resurfaces After Brief Hiatus Microsoft Outlook Shows Real Person’s Contact Info for IDN Phishing Emails El Salvador Becomes First Country to Adopt Bitcoin as National Currency …Price Tumbles Cybersecurity Student Scams Senior Out of $55K

  Howard University Hit With Ransomware Attack, Cancels Classes City of Bridgeport (WV) Notifies Residents of Cyber Attack Texas Right to Life Website Exposed Job Applicants’ Resumes McDonald’s Leaks Password for Monopoly VIP Database to Winners Jenkins Hit as Atlassian Confluence Cyberattacks Widen Booby-Trapped Office Files, No Patch Yet, Says Microsoft Microsoft Shares Temp Fix for Ongoing Office 365 Zero-Day Attacks

• 9/6/2021

  Russia Responsible for Cyber Attacks on German Parliament: German Foreign Ministry Pro-Russian Disinformation Systematically Spread Using Western Media Channels European Regulators Continue to Disrupt Data Transfers to U.S. IoT Attacks Skyrocket, Doubling in 6 Months ProtonMail Shares Activist’s IP Address With Authorities Despite Its “No Log” Claims TrickBot Gang Developer Arrested When Trying to Leave Korea Irish Police Seize Conti Domains Used in HSE Ransomware Attack

  French Government Visa Website Hit by Cyber-Attack That Exposed Applicants’ Personal Data Krebs: “FudCo” Spam Empire Tied to Pakistani Software Firm Ransomware Gangs Target Companies Using These Criteria Traffic Exchange Networks Distributing Malware Disguised as Cracked Software Critical Auth Bypass Bug Affect NETGEAR Smart Switches — Patch and PoC Released NPM Package With Millions of Weekly Downloads Has Fixed a Remote Code Execution Flaw New Chainsaw Tool Helps IR Teams Analyze Windows Event Logs

• 9/3-5/2021

  Why Ransomware Hackers Love a Holiday Weekend U.S. SEC: Watch Out for Hurricane Ida-Related Investment Scams Massachusetts Lawmakers to Hold Cybersecurity Hearing Voting Data From a Colorado County Was Leaked Online: Now the Clerk Is in Hiding Banksy Was Warned About Website Flaw Before NFT Hack Scam Irish Health Service Still Recovering Months After Hack: ‘A Cyber-Attack Disrupted My Cancer Treatment’ Regulators Investigate Crypto-Exchange Developer Uniswap Labs Privacy Alarm in Indonesia Over President’s Leaked Vaccine Certificate Eight U.S. States to Begin Accepting Digital Driving Licenses Apple Delays Plans to Scan Devices for Child Abuse Images After Privacy Backlash FBI: Spike in Sextortion Attacks Cost Victims $8 Million This Year

  New Zealand Internet Outage Blamed on DDoS Attack on Nation’s Third Largest Internet Provider Babuk Ransomware’s Full Source Code Leaked on Hacker Forum Data Breach at Coalinga State Hospital (CA) Reveals Private Information on Nearly 1,800 Patients Pittsburgh Public Schools Alert Families to Mailing Error That Exposed Student, Parent Information Conti Ransomware Now Hacking Exchange Servers With ProxyShell Exploits FIN7 Capitalizes on Windows 11 Release in Latest Gambit Watch Out for New Malware Campaign’s ‘Windows 11 Alpha’ Attachment Google’s TensorFlow Drops YAML Support Due to Code Execution Flaw Over 60,000 Parked Domains Were Vulnerable to AWS Hijacking Office 365 to Let Admins Block Active Content on Trusted Docs

• 9/2/2021

  Biden Administration on Alert for Cyberattacks Ahead of Labor Day Weekend Industry Groups Urge Lawmakers to Streamline Cyber Breach Reporting Rules FBI Warns of Ransomware Gangs Targeting Food, Agriculture Orgs Translated Conti Ransomware Playbook Gives Insight Into Attacks Chinese Regulators Summon 11 Ride-Hailing Firms, Including Didi, Over ‘Illegal Behavior’ Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks Krebs: Gift Card Gang Extracts Cash From 100k Inboxes Daily Digital State IDs Start Rollouts Despite Privacy Concerns WhatsApp Fined €225m for GDPR Violations …To Appeal

  Autodesk Reveals It Was Targeted by Russian SolarWinds Hackers Atlassian Confluence Flaw Actively Exploited to Install Cryptominers Student, Teacher Personal Info Taken in Dallas Independent School District Data Theft 98K Patients, Employees Impacted by CareATC (OK) Data Breach Google Play Sign-Ins Allow Covert Location-Tracking WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted Comcast RF Attack Leveraged Remotes for Surveillance Bluetooth Bugs Open Billions of Devices to DoS, Code Execution Cisco Patches Critical Authentication Bug With Public Exploit

• 9/1/2021

  FTC Bars Alleged ‘Stalkerware’ Company and Its CEO From the Surveillance Business Krebs: 15-Year-Old Malware Proxy Network VIP72 Goes Dark BEC Scammers Seek Native English Speakers on Underground A Fake Banksy NFT Sold for More Than $300,000: Then the Buyer Got His Money Back Australian Couple Admits “Serious Cyber Hacking Offenses” Twitter Adds Safety Mode to Automatically Block Online Harassment Companies Are Tired of Spending Money on Cybersecurity: Here’s How to Change Their Minds NSA: We ‘Don’t Know When or Even If’ a Quantum Computer Will Ever Be Able to Break Today’s Public-Key Encryption

  LockBit Gang Leaks Bangkok Airways Data, Hits Accenture Customers Fired NY Credit Union Employee Nukes 21gb of Data in Revenge …Half of Businesses Can’t Spot These Signs of Insider Cybersecurity Threats Linphone SIP Stack Bug Could Let Attackers Remotely Crash Client Devices Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites How to Block Windows Plug-and-Play Auto-Installing Insecure Apps

• 8/31/2021

  U.S. Officials, Experts Fear China Ransacked Exchange Servers for Data to Train AI Systems Canada Accepted 7,300 More Immigration Applications Due to Technical Bug Agencies Warn of Ransomware Threats Ahead of Labor Day Weekend LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection Coinbase Users Fear Hacking After Erroneous Emails Regulators Tighten Scrutiny of Data Breach Disclosures by Companies UK Government Considers New Regulations for Video Streaming Platforms

  Leaked Guntrader Firearms Data File Shared Indonesians Told to Delete Unsecured Tracing App Personal Health Info Potentially Exposed From Denton County (TX) COVID Vax Clinics Cybercriminal Sells Tool to Hide Malware in AMD, NVIDIA GPUs Proxyware Services Open Orgs to Abuse Fortress Home Security Open to Remote Disarmament WooCommerce Pricing Plugin Allows Malicious Code-Injection Microsoft 365 Usage Analytics Now Anonymizes User Info by Default

• 8/30/2021

  Biden Administration Establishes Program to Recruit Tech Professionals to Serve in Government Rights Group Advises Afghans to Delete Data CISA: Don’t Use Single-Factor Auth on Internet-Exposed Systems CISA to Host Third Annual President’s Cup Cybersecurity Competition SEC Sanctions Brokerages Over Email Break-Ins Army Testing Facial Recognition in Child-Care Centers China Limits Online Video Games to Three Hours a Week for Young People Chinese A.I. Firm SenseTime Files for Hong Kong IPO despite Tech Crackdown and U.S. Blacklist Elon Musk’s Loop Gets Autopilot — And an Intruder Microsoft Azure Cosmos DB Incident Underscores the Need to Closely Watch Cloud Data

  LockBit Gang to Publish 103GB of Bangkok Air Customer Data DeFi Protocol Cream Finance Hacked for Second Time This Year DuPage Medical Group (IL) Notifying 600,000 Patients About a Data Breach Passport & Healthcare Info and Leaked From Indonesia’s COVID-19 Test-and-Trace App for Traveler Northern Ontario Police Force Recovering From Ransomware Attack Ransomware Attack on Swiss City Rolle Exposed Citizens’ Data HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping AMD Zen+, Zen 2 CPUs Vulnerable to Attack QNAP Works on Patches for OpenSSL Bugs Impacting Its NAS Devices

• 8/27-29/2021

  British Embassy Exposed Details of Afghan Workers during Rush to Evacuate White House Rallies Private Industry in Cyber Battle China Plans to Ban U.S. IPOs for Data-Heavy Tech Firms Justice Department Establishes Program to Train Prosecutors to Handle Cyber Cases Fake DMCA Complaints, DDoS Threats Lead To BazaLoader Malware Amazon Disables Website Used for ISIS Propaganda Amazon Web Services Will Give Free USB Security Keys to Some Employees of U.S.-Based Customers Ragnarok Ransomware Gang Bites the Dust, Releases Decryptor Ethereum’s Blockchain Just Split in Two

  Boston Public Library Discloses Cyberattack, System-Wide Technical Outage Bangkok Airways Suffers Cyber Attack Bilaxy Exchange Reports Hot Wallet Hacked, Amount Lost Still Unknown T-Mobile Confident No Ongoing Risks to User Data from Recent Hack …CEO: Hacker Brute-Force Microsoft Warns of Widespread Phishing Attacks Using Open Redirects Critical Azure Cosmos DB Bug Allows Full Cloud Account Takeover Parallels Offers ‘Inconvenient’ Fix for High-Severity Bug

• 8/26/2021

  UK Plans New Post-Brexit Privacy Rules to Ease Data Sharing China’s Microsoft Hack May Have Had A Bigger Purpose Than Just Spying T-Mobile Hacker Who Stole Data on 50 Million Customers: ‘Their Security Is Awful’ The Real Victims of Mass Crypto-Hacks That Keep Happening FBI Shares Technical Details for Hive Ransomware Angry Birds Developer Accused of Illegal Child Data Collection Surveillance Tech Company Excession Technologies Ltd Sues Police Digital Service over ‘Flawed’ Scoring of Bids on £18m Contract

  171,000 Patients Exposed after Hackers Breach Illinois Physician Group Emails Website For Cook County Clerk Of The Circuit County Down For Maintenance After Servers Breached Chinese Developers Expose Data Belonging to Android Gamers Synology: Multiple Products Impacted by OpenSSL RCE Vulnerability Atlassian Warns of Critical Confluence Flaw VMware Issues Patches to Fix New Flaws Affecting Multiple Products

• 8/25/2021

  White House Gathers Tech, Education, Banking Leaders for Cyber Meeting …Biden: Cybersecurity Is the ‘Core National Security Challenge’ …Google, Microsoft Plan to Spend Billions on Cybersecurity after Meeting with Biden U.S. Media, Retailers Targeted by New SparklingGoblin APT FIN8 Cybercrime Gang Backdoors U.S. Orgs with New Sardonic Malware Krebs: Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents Drug Dealers Get 27 Years After Police Crack EncroChat Comms Australia Passes Identify and Disrupt Bill

  73,000 Patients’ Data Affected in Ransomware Attack on Singapore Eye Clinic Atlanta Allergy & Asthma Sends Notice of Healthcare Data Breach to 9,800 Patients California State University, Chico Data Breach Exposes Student Requests for Vaccine Exemptions Mirai-Style IoT Botnet Is Now Scanning for Router-Pwning Critical Vuln in Realtek Kit Critical F5 BIG-IP Bug Impacts Customers in Sensitive Sectors Ethereum Urges Go Devs to Fix Severe Chain-Split Vulnerability Microsoft: ProxyShell Bugs “Might Be Exploited,” Patch Servers Now! Microsoft Will Add Secure Preview for Office 365 Quarantined Emails

• 8/24/2021

  Amazon, Apple, Microsoft & Other CEOs Reportedly to Attend White House Cybersecurity Meeting Bahraini Activists Targeted Using a New iPhone Zero-Day Exploit From NSO Group …New Zero-Click iPhone Exploit Used to Deploy NSO Spyware Chinese Auto-Maker Accused of Altering Data after Fatal Autonomous Car Accident HYCU Initiative Offers Free Evaluation for Ransomware Recovery Prospects Over a Third of Smart Device Owners Do Not Take Security Measures Samsung Can Remotely Disable Their TVs Worldwide Using TV Block Coinbase Slammed for What Users Say Is Terrible Customer Service after Hackers Drain Their Accounts

  Cyber-thieves Scam Town of Peterborough (NH) Out of $2.3M CarePointe Ear, Nose and Throat (IN) Targeted in Ransomware Attack Fake OpenSea Support Staff Are Stealing Cryptowallets and NFTS Fake Apple Rep Amasses 620,000+ Stolen iCloud Pics, Vids in Hunt for Images of Nude Women to Trade Pysa Ransomware Gang’s Script Shows Exactly the Files They’re After Custom WhatsApp Build Delivers Triada Malware SteelSeries Bug Gives Windows 10 Admin Rights by Plugging in a Device B. Braun Updates Faulty IV Pump after McAfee Discovers Vuln Allowing Attackers to Change Doses

• 8/23/2021

  UN-Backed Tech Group Adds Taliban to List of Terrorist Organizations Singapore, U.S. Pledge Deeper Collaboration in Cybersecurity Hackers Leak Footage of Iranian Prison Company Data Hoards Create Tempting Targets for Hackers FBI: OnePercent Group Ransomware Targeted U.S. Orgs since Nov 2020 CISA Warns Admins to Urgently Patch Exchange ProxyShell Bugs Hacker Behind $600 Million Crypto Heist Returns Final Slice of Stolen Funds …Gets 500k Reward

  New Research Finds 38 Million Records Exposed Online Earlier This Year Nokia Subsidiary SAC Wireless Discloses Data Breach after Conti Ransomware Attack Phishing Attack Exposes Medical Information for 12,000 Patients at Revere Health (UT) Researchers Detail Modus Operandi of ShinyHunters Cyber Crime Group Phishing Campaign Uses UPS.com XSS Vuln to Distribute Malware Attackers Actively Exploiting Realtek SDK Flaws Razer to Fix Windows Installer That Grants Admin Powers If You Plug in a Mouse

• 8/20-22/2021

  China Passes Major Data Protection Law as Regulatory Scrutiny on Tech Sector Intensifies …Jack Ma’s Costliest Business Lesson: China Has Only One Leader State Department Hit by Cyber Attack, Source Says US Census Bureau Failed Breach Response, Watchdog Says Schools, Colleges Brace for Cyberattacks as Students Return Inside Afghanistan’s Cryptocurrency Underground as the Country Plunges into Turmoil Cybersecurity Jobs: This Is What We’re Getting Wrong When Hiring – And Here’s How to Fix It “Cybersecurity Is the New Seat Belt” Says STX Next SynAck Ransomware Decryptor Lets Victims Recover Files for Free Web Censorship Systems Can Facilitate Massive DDoS Attacks Why Phone Scams Are So Difficult to Tackle Key QAnon Influencer ‘GhostEzra’ Identified New York Man Gets Three Years for Stealing Nude Photos from College Victims

  T-Mobile Data Breach Just Got Worse — Now at 54 Million Customers AT&T Denies Data Breach after Hacker Auctions 70 Million User Database NYC Teachers’ Social Security Numbers Exposed Twin Falls County (ID) Identifies Ransomware as Source of Computer Problems Personal Data Breached in Rockwood School District (MO) Ransomware Attack Mozi IoT Botnet Now Also Targets Netgear, Huawei, and ZTE Network Gateways Microsoft Exchange Servers Being Hacked by New LockFile Ransomware LockFile Ransomware Uses PetitPotam Attack to Hijack Windows Domains Cloudflare Mitigated One of the Largest DDoS Attack Involving 17.2 Million RPS Pegasus iPhone Hacks Used as Lure in Extortion Scheme Razer Bug Lets You Become a Windows 10 Admin by Plugging in a Mouse Microsoft Shares Guidance on Securing Windows 365 Cloud PCs

• 8/19/2021

  North Korea Linked APT InkySquid Exploiting Known IE Bugs The Pandemic Revealed the Health Risks of Hospital Ransomware Attacks COVID-19 Contact-Tracing Data Exposed, Fake Vax Cards Circulate You Can Post LinkedIn Jobs as Any Employer — So Can Attackers Wanted: Disgruntled Employees to Deploy Ransomware (Krebs) CISA Shares Guidance on How to Prevent Ransomware Data Breaches Facebook Hit With New Antitrust Suit From Federal Trade Commission Woman’s Facebook Account Hacked, Loses More than a Decade’s Worth of Friends CEO Tried Funding His Startup by Asking Insiders to Deploy Ransomware Florida Women Charged Over Sexually Exploitative Child Modeling Sites

  More than $90 Million in Cryptocurrency Stolen from Japanese Exchange Liquid JPMorgan Chase Notifies Montana Customers of Data Breach Brazil’s Clothing Chain Renner Suffers Ransomware Attack and Systems Are Down Data Stolen as Social Housing Group Suffers Ransomware Attack Attempted Marion County (IN) Cyberattack Delaying Some Death Certificates What To Do If You Think You’re Affected by the T-Mobile Breach Ransomware: Amateur Attack Shows How Clueless Criminals Are Trying to Get In on the Action Critical Cisco Bug in Small Business Routers to Remain Unpatched Hackers Can Bypass Cisco Security Products in Data Theft Attacks New Unofficial Windows Patch Fixes More PetitPotam Attack Vectors

• 8/18/2021

  Census Bureau Computer Servers Target of January 2020 Cyberattack Hacks Rank Among Top Power Grid Risks, Watchdog Says China Orders Annual Security Reviews for All Critical Information Infrastructure Operators Facebook Shares AI Advancements Improving Content Moderation Feds Expected to Reveal New Strategy in Facebook Antitrust Fight Bitcoin Mixer Owner Pleads Guilty to Laundering over $300 Million Airline Employee Jailed for Spending Passengers’ Money

  Krebs: T-Mobile Breach Exposed SSN/DOB of 40M+ People …U.S. Telecoms Agency to Probe T-Mobile Data Breach Pine Labs Faces Alleged Data Breach; 50,000 Unique Records Exposed Bogus Cryptomining Apps Infest Google Play HolesWarm Malware Exploits Unpatched Windows, Linux Servers Diavol Ransomware Sample Shows Stronger Connection to TrickBot Gang GitHub Urges Users to Enable 2FA after Going Passwordless

• 8/17/2021

  Rubio Reiterates Calls for TikTok Ban after China’s Reported Ownership Stake Facebook Says It Will Keep Ban on Taliban Content …WhatsApp Can’t Ban the Taliban Because It Can’t Read Their Texts Iranian APT Hackers Impersonate HR Employees to Hit Israeli Targets Brazilian Government Discloses National Treasury Ransomware Attack Conti Ransomware Prioritizes Revenue and Cyberinsurance Data Theft LockBit 2.0 Ransomware Proliferates Globally Phishing Costs Reach New High of $14.8M for Large Companies Crypto Platform Hit by $600 Million Heist Asks Hacker to Become Its Chief Security Advisor Chicago Pharmacist Arrested After Selling CDC COVID-19 Vaccination Cards On eBay Apple: CSAM Image-Detection Backdoor ‘Narrow’ in Scope

  Chase Bank Accidentally Leaked Customer Info to Other Customers Records Missing from Illinois Vaccination Portal Indiana Contact Tracing Data Breached Japan’s Tokio Marine Is the Latest Insurer to Be Victimized by Ransomware Krebs: T-Mobile Investigating Claims of Massive Data Breach Malicious Ads Target Cryptocurrency Users With Cinobi Banking Trojan Malware Campaign Uses Clever ‘CAPTCHA’ to Bypass Browser Warning Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop CISA Releases Alert on BadAlloc Vulnerability in BlackBerry Products If You Haven’t Updated ThroughTek DVR since 2018 Do So Now, Warns Mandiant of Critical Vuln Fortinet Delays Patching Zero-Day Allowing Remote Server Takeover

• 8/16/2021

  Afghan Broadcasters for U.S. Government Radio Fear Taliban Backlash Secret Terrorist Watchlist with 2 Million Records Exposed Online Colonial Pipeline Reports Data Breach after May Ransomware Attack Tech Hack Notification Delays Can Leave Corporate Customers in the Lurch Anonymous Messaging App Yik Yak Returns after 4-Year Shutdown Tesla Autopilot Faces U.S. Safety Regulator’s Scrutiny after Crashes with Emergency Vehicles Education Giant Pearson Fined $1M for Downplaying Data Breach Sim Swap Scammer Pleads Guilty to Instagram Account Hijacks, Crypto Theft

  T-Mobile Confirms Servers Were Hacked, Investigates Data Breach Dallas Cops Lost 8TB of Criminal Case Data during Bungled Migration SUNY Research Foundation Breach Potentially Affects 47,000 Malware Dev Infects Own PC and Data Ends up on Intel Platform Troubling New Disk-Level Encryption Ransomware ‘DeepBlueMagic’ Surfaces XSS Bug in SEOPress WordPress Plugin Allows Site Takeover Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets

• 8/13-15/2021

  Crypto Hacker Offered Reward After $600m Heist …How Hackers Stole and Returned $600M in Tokens From Poly Network UN Calls for Moratorium on Sale of Surveillance Tech Like NSO Group’s Pegasus Krebs: New Anti Anti-Money Laundering Services for Crooks SynAck Ransomware Releases Decryption Keys After El_Cometa Rebrand Mysterious Hacker Group Suspected in July Cyberattack on Iranian Trains Cost of Cyberattacks Significantly Higher for Smaller Healthcare Organizations App Store Competition Targeted by Bipartisan Senate Bill Senators Want Answers About Amazon’s Biometric Data Collection Amazon’s Plan to Track Worker Keystrokes: A Sign of Controls to Come? Facebook Adds End-to-End Encryption for Audio and Video Calls in Messenger Microsoft Teams Will Alert Users of Incoming Spam Calls

  Hacker Claims to Steal Data of 100 Million T-Mobile Customers Ford Bug Exposed Customer and Employee Records From Internal Systems Emails From Lithuanian Ministry of Foreign Affairs for Sale on Data-Trading Forum Cyberattack Hits Israel’s Bar Ilan University: ‘Data Is Being Erased Right Now’ Memorial Health Systems (OH) Experiences Cyber Attack U.S. Brokers Warned of Ongoing Phishing Attacks Impersonating FINRA WordPress Sites Abused in Aggah Spear-Phishing Campaign Cyberattackers Embrace CAPTCHAs to Hide Phishing, Malware Hackers Spotted Using Morse Code in Phishing Attacks to Evade Detection Vice Society Ransomware Joins Ongoing PrintNightmare Attacks Researchers Find Vulns in Wodify Gym Management Web App Used With CrossFit Windows 365 Exposes Microsoft Azure Credentials in Plaintext

---

Follow The Cyber Beat

Get news delivered directly to your inbox.