• 10/2/2023

  KillNet Claims DDoS Attack Against Royal Family Website Nearly 100,000 Industrial Control Systems Exposed to the Internet Krebs: Don’t Let Zombie Zoom Links Drag You Down AI-Generated Phishing Emails Almost Impossible to Detect, Report Finds FBI Warns of Surge in ‘Phantom Hacker’ Scams Impacting Elderly Cybersecurity Awareness Month Celebrates 20 Years Cybersecurity Professional Job-Satisfaction Realities for National Cybersecurity Awareness Month Microsoft Defender No Longer Flags Tor Browser as Malware Yes, Singapore Immigration Plans to Scan Your Face Instead of Your Passport Norway Urges Europe-Wide Ban on Meta’s Targeted Ad Data Collection

  Motel One Discloses Data Breach Following Ransomware Attack India’s National Logistics Portal Exposed Sensitive Personal Data, Trade Records Fauquier County Public Schools (VA) Open Despite LockBit Ransomware Attack BunnyLoader Malware Targets Browsers and Cryptocurrency Silent Skimmer: A Year-Long Web Skimming Campaign Targeting Online Payment Businesses Ransomware Gangs Now Exploiting Critical TeamCity RCE Flaw Exploit Available for Critical WS_FTP Bug Exploited in Attacks OpenRefine’s Zip Slip Vulnerability Could Let Attackers Execute Malicious Code Arm Issues Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation Exim Patches Three of Six Zero-Day Bugs Disclosed Last Week

• 9/29-10/1/2023

  North Korean Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm Iranian APT Group OilRig Using New Menorah Malware for Covert Operations Russian Company Offers $20M for Non-NATO Mobile Exploits Krebs: A Closer Look at the Snatch Data Ransom Group Phishing, Smishing Surge Targets U.S. Postal Service Amazon Sends Mastercard, Google Play Gift Card Order Emails by Mistake Discord Is Investigating Cause of ‘You Have Been Blocked’ Errors How to Tell When Your Phone Will Stop Getting Security Updates How to Stop Google Bard From Storing Your Data and Location Cybersecurity Budgets Grow, But at a Slower Pace ShinyHunters Member Pleads Guilty to $6 Million in Data Theft Damages UK PhD Student Guilty of 3D-Printing ‘Kamikaze’ Drone for Islamic State Terrorists

  Royal Family Website ‘Targeted in Russian Cyber Attack’ Large Michigan Healthcare Provider McLaren Confirms Ransomware Attack Tahoe Forest Hospital District (CA) Notifies Patients of Data Breach Pinal County Schools (AZ) Affected by Ransomware Attack Cloudflare DDoS Protections Ironically Bypassed Using Cloudflare Cybercriminals Using New ASMCrypt Malware Loader to Fly Under the Radar Meet LostTrust Ransomware — A likely Rebrand of the MetaEncryptor Gang New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks Exploit Released for Microsoft SharePoint Server Auth Bypass Flaw Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server People Still Matter in Cybersecurity Management

• 9/27-28/2023

  U.S., Japan Authorities Warn of China-Linked Hacking Group BlackTech Attacking Cisco Routers Budworm APT Evolves Toolset, Targets Telecoms and Government Microsoft Breach Led to Chinese Theft of 60,000 U.S. State Dept Emails China’s National Security Minister Rates Fake News Among the Most Pressing Cyber Threats of the Present Day TikTok Employees Say Executive Moves to U.S. Show China Parent’s Influence China’s Chip Equipment Firms See Revenue Surge as Beijing Seeks Semiconductor Self-Reliance Five Alleged Russian Spies Appear in London Court Krebs: ‘Snatch’ Ransom Group Exposes Visitor IP Addresses Why Do Employees Keep Ignoring Workplace Cybersecurity Rules? FBI: Dual Ransomware Attack Victims Now Get Hit Within 48 Hours 4 Legal Surprises You May Encounter After a Cybersecurity Incident The Anatomy of a Facebook Account Heist Security Researcher Stopped at U.S. Border for Investigating Crypto Scam The Maker of ShotSpotter Is Buying the World’s Most Infamous Predictive Policing Tech

  U.S. Gov’t Contractor Maximus Says MOVEit Hackers Accessed Health Data of ‘at Least’ 8 Million Individuals …MOVEit Maker Announces New Critical Vulnerability Affecting a Different File Transfer Tool Building Automation Giant Johnson Controls Hit by Ransomware Attack Russian Flight Booking System Suffers ‘Massive’ Cyberattack Dallas: Royal Ransomware Gang Infiltrated Networks Weeks Before Striking Ransomed.vc Group Hits NTT Docomo After Sony Breach Claims Android Banking Trojan Zanubis Evolves to Target Peruvian Users Bing Chat Responses Infiltrated by Ads Pushing Malware GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions SSH Keys Stolen by Stream of Malicious PyPI and npm Packages Cisco Catalyst SD-WAN Manager Flaw Allows Remote Server Access Cisco Urges Admins to fix IOS Software Zero-Day Exploited in Attacks Google Releases Patch for Actively Exploited Zero-Day Vulnerability

• 9/26/2023

  Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign Rising Cyberattacks on Schools Put Students at Risk Why the Public Sector Is an Easy Target for Ransomware Half of Cyber-Attacks Go Unreported 4 Pillars for Building a Responsible Cybersecurity Disclosure Program CISA Publishes Hardware Bill of Materials Framework GPUs From All Major Suppliers Are Vulnerable to New Pixel-Stealing Attack CIA Builds Its Own Artificial Intelligence Tool in Rivalry With China Tech Giants Launch Post-Quantum Cryptography Coalition Microsoft is Rolling out Support for Passkeys in Windows 11 Palo Alto Networks in Advanced Talks to Buy Talon and Dig in a $1B Security Sweep

  SickKids Impacted by BORN Ontario Data Breach That Hit 3.4 Million New AtlasCross Hackers Use American Red Cross as Phishing Lure Philippines State Health Org Struggling to Recover From Ransomware Attack Sony Investigates Cyberattack as Hackers Fight Over Who’s Responsible New ZeroFont Phishing Tricks Outlook Into Showing Fake AV-Scans ZenRAT Malware Uncovered in Bitwarden Impersonation ShadowSyndicate Investigation Reveals RaaS Ties ROBOT Crypto Attack on RSA is Back as Marvin Arrives Hackers Actively Exploiting Openfire Flaw to Encrypt Servers Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers Google Assigns New Maximum Rated CVE to libwebp Bug Exploited in Attacks

• 9/25/2023

  Voting Equipment Giants Team Up For Security Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals China-Linked EvilBamboo Targets Mobiles Your Boss’s Spyware Could Train AI to Replace You Google is Retiring Its Gmail Basic HTML View in January 2024 The Hot Seat: CISO Accountability in a New Era of SEC Regulation

  MOVEit: BORN Ontario Child Registry Data Breach Affects 3.4 Million People Hackers Threaten to Sell Stolen Sony Data on Dark Web Progressive Leasing Warns That Sensitive Information Was Stolen During Cyberattack Web3 Platform Mixin Network Hit by $200m Crypto Hack Xenomorph Android Malware Now Targets U.S. Banks and Crypto Wallets

• 9/22-24/2023

  Russian Hackers Seek War Crimes Evidence, Ukraine Cyber Chief Says Government of Bermuda Links Cyberattack to Russian Hackers Recently Patched Apple, Chrome Zero-Days Exploited in Spyware Attacks …New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware Evasive Gelsemium Hackers Spotted in Attack Against Asian Gov’t ‘Power, Influence, Notoriety’: The Gen-Z Hackers Who Struck MGM, Caesars Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023 The Shocking Data on Kia and Hyundai Thefts in the U.S. LastPass: ‘Horse Gone Barn Bolted’ is Strong Password (Krebs) Cisco’s Splunk Deal Shows Allure of AI in Cybersecurity ESA Gets the Job of Building Europe’s Secure Satcomms Network Ransomware Groups are Increasingly Targeting Small Businesses …SMBs Face Growing Cybersecurity Threats, but Basic Measures Can Lower Risks CISA and NFL Collaborate to Secure Super Bowl LVIII U.S. Government IT Staffer Arrested on Espionage Charges Nigerian Man Pleads Guilty to Attempted $6 Million BEC Email Heist

  Iranian Nation-State Actor OilRig Targets Israeli Organizations National Student Clearinghouse Data Breach Impacts 890 Schools Auckland University of Technology Operating Despite Cyberattack Hong Kong Consumer Council Falls Victim to Ransom Hackers, Data Breach Fake Celebrity Photo Leak Videos Flood TikTok With Temu Referral Codes Lingerie Group Wacoal Hit by Cyber Attack Hotel Hackers Redirect Guests to Fake Booking.com to Steal Cards Crypto Firm Nansen Asks Users to Reset Passwords After Vendor Breach Dallas Says Royal Ransomware Breached Its Network Using Stolen Account T-Mobile Denies New Data Breach Rumors, Points to Authorized Retailer Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks Akira Ransomware Mutates to Target Linux Systems, Adds TTPs High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server How Much Cybersecurity Expertise Do Boards Really Have? Not Much.

• 9/21/2023

  UK-U.S. Confirm Agreement for Personal Data Transfers Iranian Cyberattack Targets Israelis, Leaking Personal Information Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents with LuaDream Malware Ukrainian Hacker Suspected to be Behind “Free Download Manager” Malware Attack India’s Biggest Tech Centers Named as Cyber Crime Hotspots Cisco Makes Largest Ever Acquisition, Buying Cybersecurity Company Splunk for $28 Billion in Cash Five Easy Wins in Cyber Security GitHub Passkeys Generally Available for Passwordless Sign-Ins

  Pizza Hut Australia: Data Breach Reveals Distressing Info: People Who Order Pineapple on Pizza Air Canada Says Hackers Accessed Limited Employee Records During Cyberattack University of Minnesota Confirms Data Breach Donut Ransomware Gang Claims Attack on UK IT Services Provider Agilitas Crown Point Schools (IN) 2022 Ransomware Attack Cost $1M to Resolve Apple Emergency Updates Fix 3 New Zero-Days Exploited in Attacks CISA’s Catalog of Must-Patch Vulnerabilities Crosses the 1,000 Bug Mark After 2 Years

• 9/20/2023

  China Accuses U.S. Of Hacking Huawei Servers Since 2009 Voting Machine Companies Use Cybersecurity Stress Tests to Take on Election Conspiracy Theorists Donald Trump Jr.’s X Account Apparently Hacked, Announces Father’s Death MGM Says Its Hotels, Casinos ‘Operating Normally’ After Cyberattack Companies Remain Reluctant to Admit Paying Off Hackers 1Password Rolls Out Public Passkey Support to Its Mobile Apps and Web Extensions Signal Messenger Introduces PQXDH Quantum-Resistant Encryption Finnish Authorities Shutter Dark Web Drugs Marketplace Robocall Scammers Sentenced in U.S. After Netting $1.2M via India-Based Call Centers Sysadmin and Spouse Admit to Part in ‘Massive’ Pirated Avaya Licenses Scam Israeli Cyber Firm Legit Security Raises $40 Million in Private Funding Free Download Manager Releases Script to Check for Linux Malware

  TransUnion Denies It Was Hacked, Links Leaked Data to 3rd Party T-Mobile Users Say Other People’s Account Information Is Appearing in Their App Arlo’s New Security Tags Can Disable Your Security System With a Doorbell Tap Pittsburg (KS) Cyberattack Disrupts Crawford Co. Jail Claimants in Celsius Crypto Bankruptcy Targeted in Phishing Attack Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT Snatch Gang ‘Consistently Evolved’ in Targeting Multiple Industries, Feds Say P2PInfect Botnet Activity Surges 600x with Stealthier Malware Variants Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys Fake WinRAR Proof-of-Concept Exploit Drops VenomRAT Malware Critical Security Flaws Exposed in Nagios XI Network Monitoring Software

• 9/19/2023

  War Crimes Tribunal International Criminal Court (ICC) Says It Has Been Hacked Chinese Spies Infected Dozens of Networks With Sogu Thumb Drive Malware Russian Allegedly Smuggled U.S. Weapons Electronics to Moscow Marvell Disputes Claim That Cavium Backdoored Chips for Uncle Sam Hackers Who Breached Casino Giants MGM, Caesars Also Hit 3 Other Firms, Okta Says Krebs: Who’s Behind the 8Base Ransomware Website? Dragos Raises $74 Million in Series D Extension Round

  Threat Actor ‘USDoD’ Claims Major TransUnion Data Breach Transparent Tribe Uses Fake YouTube Android Apps to Spread CapraRAT Malware Hackers Backdoor Telecom Providers With New HTTPSnoop Malware Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign Inside the Code of a New XWorm Variant Trend Micro Fixes Endpoint Protection Zero-Day Used in Attacks GitLab Urges Users to Install Security Updates for Critical Pipeline Flaw

• 9/18/2023

  FBI Chief Says China Has Bigger Hacking Program Than the Competition Combined New SprySOCKS Linux Malware Used in Cyber Espionage Attacks Kuwait’s Finance Ministry Says Cyber Attack Hits One of Its Systems How North Korean Cyber Group Kimsuky Impersonated a Washington D.C. Analyst Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks Former CIO Accuses Penn State of Faking Cybersecurity Compliance How to Get Your Board on Board With Cybersecurity 6 Actions CEOs Must Take During a Cyberattack Using AI In Cybersecurity: Exploring The Advantages And Risks California Passes Bill to Set Up One-Stop Data Deletion Shop

  Microsoft Worker Accidentally Exposes 38TB of Sensitive Data in Github Blunder Can’t Find the Right Clorox Product? A Recent Cyberattack Is Causing Some Shortages Skidmore College Confirms Ransomware Attack That Breached Personal Data of 121k Sightpath Medical (MN) Data Breach Affects Patients of Sutter North Surgery Center Another $40m Dispersed to Western Union Fraud Victims Fraudsters Steal Over $1m in Three Weeks Through ‘Pig Butchering’ Crypto Scam Hook: New Android Banking Trojan That Expands on ERMAC’s Legacy Bumblebee Malware Returns in New Attacks Abusing WebDAV Folders New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services Thousands of Juniper Devices Vulnerable to Unauthenticated RCE Flaw

• 9/15-17/2023

  China’s Malicious Cyber Activity Informing War Preparations, Pentagon Says Massive MGM and Caesars Hacks Epitomize a Vicious Ransomware Cycle MGM Casino’s ESXi Servers Allegedly Encrypted in Ransomware Attack Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads NCSC: Why Cyber Extortion Attacks No Longer Require Ransomware Cloud to Blame for Almost all Security Vulnerabilities Security Chief Took Extreme Steps to Hide From Hacking Threats You Need to Update Your Browser, Like, Yesterday TikTok Flooded by ‘Elon Musk’ Cryptocurrency Giveaway Scams TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U. Google Agrees to $93 Million Settlement in California’s Location-Privacy Lawsuit

  Several Colombian Government Ministries Hampered by Ransomware Attack ORBCOMM Ransomware Attack Causes Trucking Fleet Management Outage Retool Blames Breach on Google Authenticator MFA Cloud Sync Feature Shell Says Its Australian BG Group Business Hit by MOVEit Breach Pirated Software Likely Cause of Airbus Breach North Korea’s Lazarus Group Suspected in $31 Million CoinEx Heist Scattered Spider Traps 100+ Victims in Its Web as It Moves Into Ransomware NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers BlackCat Ransomware Hits Azure Storage with Sphynx Encryptor Google Extends Security Update Support for Chromebooks to 10 Years

• 9/14/2023

  Iranian Hackers Breach Defense Orgs in Password Spray Attacks Russian Journalist’s iPhone Compromised by NSO Group’s Zero-Click Spyware Krebs: FBI Hacker Dropped Stolen Airbus Data on 9/11 The Cyberattack That Sent Las Vegas Back in Time …MGM Casino Hack Shows Challenge in Defending Connected Tech …Caesars Entertainment Says Customer Data Stolen in Cyberattack The Twisted Eye in the Sky Over Buenos Aires Elon Musk in Hot Water With FTC Over Twitter Privacy Issues

  Manchester Police Officers’ Data Breached in Third-Party Attack Auckland Transport Authority Hit by Suspected Ransomware Attack Upstate New York Nonprofit Hospitals Still Facing Issues After LockBit Ransomware Attack Fake Cisco Webex Google Ads Abuse Tracking Templates to Push Malware N-Able’s Take Control Agent Vulnerability Exposes Windows Systems to Privilege Escalation Windows 11 ‘ThemeBleed’ RCE Bug Gets Proof-of-Concept Exploit Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems

• 9/13/2023

  The U.S. Congress Has Trust Issues. Generative AI Is Making It Worse White House Calls for Stronger Open-Source Security White House Urging Dozens of Countries to Publicly Commit to Not Pay Ransoms Chilling Lack of Cyber Experts in UK Government, Finds Parliamentary Inquiry China Says It Hasn’t Banned iPhones or Foreign Devices for Government Staff France Demands Apple Pull iPhone 12 Due to High RF Radiation Levels New Windows 11 Feature Blocks NTLM-Based Attacks Over SMB Federal Mandates on Medical-Device Cybersecurity Get Serious Rail Cybersecurity Is a Complex Environment Cybersecurity Skills Gap: Roadies & Gamers Are Untapped Talent

  MGM Resorts Breached by ‘Scattered Spider’ Hackers Caesars Entertainment Paid Millions to Hackers in Attack Hackers Steal $53 Million Worth of Cryptocurrency From CoinEx Rollbar Discloses Data Breach After Hackers Stole Access Tokens Airbus Suffers Data Leak Turbulence to Cybercrooks’ Delight New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family Researchers Detail 8 Vulnerabilities in Azure HDInsight Analytics Service Mozilla Patches Firefox, Thunderbird Against Zero-Day Exploited in Attacks Krebs: Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

• 9/12/2023

  China-Linked Hackers Breached a Power Grid—Again: RedFly CISA Offers Free Security Scans for Public Water Utilities Fighting Individual Ransomware Strains Fruitless, UK Agencies Suggest The Cybersecurity Risks In Education Cannot Be Ignored The Double-Edged Sword of Cyber Espionage Cyber-criminals “Jailbreak” AI Chatbots For Malicious Ends Europol: Financial Crime Makes “Billions” and Impacts “Millions” 10 Years Ago, Apple Finally Convinced Us to Lock Our Phones Apple Backports BLASTPASS Zero-Day Fix to Older iPhones OpenSSL 1.1.1 Reaches End of Life for All but the Well-Heeled

  Critical GitHub Vulnerability Exposes 4,000+ Repositories to Repojacking Attack Texas Medical Liability Trust Announces Data Breach Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper Beware: MetaStealer Malware Targets Apple macOS in Recent Attacks Free Download Manager Site Redirected Linux Users to Malware for Years Ransomware Access Broker Steals Accounts via Microsoft Teams Phishing Adobe Warns of Critical Acrobat and Reader Zero-Day Exploited in Attacks Mozilla Patches Firefox, Thunderbird Against Zero-Day Exploited in Attacks Windows Systems Targeted in Multi-Stage Malware Attack Grab Those Updates: Microsoft Flings Out Fixes for Already-Exploited Bugs

• 9/11/2023

  Ransomware Attack Wipes Out Four Months of Sri Lankan Government Data Lazarus Group Targets macOS in Supply Chain Assault Charming Kitten’s New Backdoor ‘Sponsor’ Targets Brazil, Israel, and U.A.E. Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger CISA Warns Govt Agencies to Secure iPhones Against Spyware Attacks Pentagon Urges Collaboration in Cyber Defense FBI and White House Likely Coerced Social Media Platforms Into Removing Posts, Appeals Court Rules AI Chatbots Are Invading Your Local Government—and Making Everyone Nervous Board Members Struggling to Understand Cyber Risks Microsoft Will Block 3rd-Party Printer Drivers in Windows Update

  MGM Resorts Shuts Down Some Computer Systems After Cyber Attack Save the Children Feared Hit by Ransomware, 7TB Stolen Huge DDoS Attack Against U.S. Financial Institution Thwarted Hinds County (MS) Computer System Remains Under Ransomware Attack Cuba Ransomware Group Unleashes Undetectable Malware New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World New Wiki-Eve Attack Can Steal Numerical Passwords Over WiFi Cybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised Windows Google Fixes Another Chrome Zero-Day Bug Exploited in Attacks

• 9/8-10/2023

  Top U.S. Spies Meet With Privacy Experts Over Surveillance ‘Crown Jewel’ China Unleashes AI-Powered Image Generation For Influence Operations Google TAG Exposes North Korean Campaign Targeting Researchers U.S. Hospitals Paid $100M to Russian Ransomware Hackers Your Wyze Webcam Might Have Let Other Owners Peek Into Your House Temu Is Collecting User Data Including Text Messages and Bank Info, Claims Grizzly Research Your New Car Is a Privacy Nightmare Google Rolls Out Privacy Sandbox to Use Chrome Browsing History for Ads 3 Strategies to Defend Against Resurging Infostealers

  Dymocks Booksellers Suffers Data Breach Impacting 836K Customers Traderie, a Marketplace for In-Game Items, Alerts Users to Data Breach Maidstone: Secondary School Hit by Cyber Attack Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play Associated Press Warns That AP Stylebook Data Breach Led to Phishing Attack Microsoft Teams Phishing Attack Pushes DarkGate Malware Cybercriminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks Cisco Warns of VPN Zero-Day Exploited by Ransomware Gangs Notepad++ 8.5.7 Released With Fixes for Four Security Vulnerabilities

• 9/7/2023

  Iranian Hackers Breach U.S. Aviation Org via Zoho, Fortinet Bugs Chinese Social Media Campaigns Are Successfully Impersonating U.S. Voters, Microsoft Warns North Korea Hackers Going After Russian Targets, Microsoft Says Google: State Hackers Attack Security Researchers With New Zero-Day U.S. and UK Mount Aggressive Crackdown on Trickbot and Conti Ransomware Gangs Hundreds of Scam Pages Uncovered in Major Investment Fraud Campaign Surge in Hospital Hacks Endangers Patients, Cyber Official Says The International Criminal Court Will Now Prosecute Cyberwar Crimes Facebook Trains Its AI on Your Data. Opting Out May Be Futile UK Government Backs Down on Anti-Encryption Stance Russian Businessman Gets 9 Years in Us Prison for Hack-And-Trade Scheme CEO, Ex-NSA Hacker Says ‘People Hate’ This Advice—but It’s Your ‘Single Biggest’ Protection From Scams: Multi-Factor Authentication Does Generative AI Comply With Asimov’s 3 Laws of Robotics?

  Hackers Claim to Publish Prominent Israeli Hospital’s Patient Data Hong Kong Tech Hub Cyberport Alerts Police, Privacy Watchdog After Reports of Ransomware Attack Exposing 400GB of Data Bienville Orthopaedic Specialists (MS) Data Breach Leaks as Many as 240,000 Social Security Numbers Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware Windows Cryptomining Attacks Target Graphic Designer’s High-Powered GPUs Google Looker Studio Abused in Cryptocurrency Phishing Attacks Rockstar Games Reportedly Sold Games With Razor 1911 Cracks on Steam Alert: Apache Superset Vulnerabilities Expose Servers to Remote Code Execution Attacks CISA Warns of Critical Apache RocketMG Bug Exploited in Attacks Cisco BroadWorks Impacted by Critical Authentication Bypass Flaw Apple Zero-Click iMessage Exploit Used to Infect iPhones with Spyware Apple Discloses 2 New Zero-Days Exploited to Attack iPhones, Macs

• 9/6/2023

  Russia-Backed APT28 Tried to Attack a Ukrainian Critical Power Facility China Bans iPhone Use for Government Work How China Demands Tech Firms Reveal Hackable Flaws in Their Products A Rube Goldberg Chain of Failures Led to Earlier Breach of Microsoft-Hosted Government Emails Krebs: Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach ‘Modern Cars Are a Privacy Nightmare,’ the Worst Mozilla’s Seen Flipper Zero Can Be Used to Launch iOS Bluetooth Spam Attacks CrowdStrike CEO Talks Generative AI, Cybersecurity and New ‘Virtual Security Analyst’ Generative AI Could Revolutionize Email—for Hackers Google to Make Disclosure of AI-Generated Content Mandatory for Election Advertisers Cyber Company IronNet Furloughs Workers, Explores Bankruptcy Guy Who Ran Bitcoins4Less Tells Feds He Had Less Than Zero Laundering Protections

  Dunghill Leak Ransomware Gang Claims Credit for Sabre Data Breach Coffee Meets Bagel Says Recent Outage Caused by Destructive Cyberattack J&J’s Patient Assistance Program Suffers Data Breach, IBM Says University of Michigan Requires Password Resets After Cyberattack Toyota Says Filled Disk Storage Halted Japan-Based Factories Investigation Underway Into Cybersecurity Breach at Hillsborough County Schools (FL) Mirai Variant Infects Low-Cost Android TV Boxes for DDoS Attacks Experts Uncover Underground Phishing “Empire” W3LL Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant High-Severity Vuln Discovered in Open-Source Content Management System PHPFusion 9 Alarming Vulnerabilities Uncovered in SEL’s Power Management Products Zero-Day Alert: Latest Android Patch Update Includes Fix for Newly Actively Exploited Flaw

• 9/5/2023

  Researchers Warn of Cyber Weapons Used by Lazarus Group’s Andariel Cluster Russia Undertakes Disinformation Campaign Across Africa The Strange Afterlife of Wagner’s Yevgeny Prigozhin United Airlines Lifts Ground Stop After IT Issue Buggy, Vulnerable Open-Source Code Seeps Into Business Tech Huawei Files Lawsuit in Portugal Over Ban on Supplying 5G Equipment

  Chipmaker NXP Confirms Data Breach Involving Customers’ Information Atlas VPN Zero-Day Vulnerability Leaks Users’ Real IP Address New BLISTER Malware Update Fueling Stealthy Network Infiltration New Python Variant of Chaes Malware Targets Banking and Logistics Industries Mend.io SAML Vulnerability Exposed ASUS Routers Vulnerable to Critical Remote Code Execution Flaws

• 9/4/2023

  Sensitive Data about UK Military Sites Potentially Leaked by LockBit UK Electoral Commission Failed Basic Security Test Before Hack X (Twitter) to Collect Biometric Data from Premium Users to Combat Impersonation Artificial Intelligence: Transforming Healthcare, Cybersecurity, and Communications Realism Reigns on AI at Black Hat and DEF CON Cybersecurity for Startups: Best Tips and Strategies

  Freecycle Confirms Massive Data Breach Impacting 7 Million Users German Financial Agency Site Disrupted by DDoS Attack Since Friday Crypto Gambling Site Stake Sees $41M Withdrawn in Confirmed Hack Claxton-Hepburn Medical Center (NY) Reschedules Outpatient Appointments Following Cyber Attack Medical Data Breach: Ayush Jharkhand Hacked Hackers Exploit MinIO Storage System Vulnerabilities to Compromise Servers

• 9/1-3/2023

  UK Ministry of Defence Hit by Russia-Linked Hackers as Security Secrets Are Leaked in Data Posted Online Smishing Triad: China-Based Fraud Network Exposed New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists Krebs: Why is .US Being Used to Phish So Many of Us? Fake YouPorn Extortion Scam Threatens to Leak Your Sex Tape How to Remove Your Personal Info From Google by Using Its ‘Results About You’ Tool 2 Polish Men Are Arrested for Radio Hack That Disrupted Trains Cops Drill Into Chat Apps, Sink Plot to Smuggle Tons of Coke Into Europe Children’s Snack Recalled After Its Website Caught Serving Porn Proposed SEC Cybersecurity Rule Will Put Unnecessary Strain on CISOs

  Golf Gear Giant Callaway Data Breach Exposes Info of 1.1 Million University of Sydney Data Breach Impacts Recent Applicants Cognizant / TMG Data Breach Impacts the Confidential Customer Information of Over 192k People Maker of ‘Smart’ Chastity Cage Left Users’ Emails, Passwords, and Locations Exposed Debenham High School IT System Hit by Cyber Attack Threat Actors Targeting Microsoft SQL Servers to Deploy FreeWorld Ransomware Chrome Extensions Can Steal Plaintext Passwords From Websites Okta Warns of Social Engineering Attacks Targeting Super Administrator Privileges PoC Exploit Released for Critical VMware Aria’s SSH Auth Bypass Vulnerability Microsoft Reminds of Windows 11 21H2 Forced Updates Before End of Service

• 8/31/2023

  Russian APT Intensifies Cyber Espionage Activities Amid Ukrainian Counter-Offensive Russia’s GRU Blamed for Infamous Chisel Malware Targeting Ukraine’s Military Phones Facebook Accounts Targeted by Vietnamese Threat Groups New Research Exposes Airbnb as Breeding Ground For Cybercrime Free Key Group Ransomware Decryptor Helps Victims Recover Data UK Cyber Agency Warns of Potentially Fundamental Flaw in AI Technology Voice Deepfakes Are Coming for Your Bank Balance IBM Promised to Back Off Facial Recognition — Then It Signed a $69.8 Million Contract to Provide It Apple’s Decision to Kill Its CSAM Photo-Scanning Tool Sparks Fresh Controversy X Wants Permission to Start Collecting Your Biometric Data and Employment History Cybersecurity Firms Crowdstrike, Okta Shares Jump After Better-Than-Expected Earnings

  North Korean Hackers Deploy New Malicious Python Packages in PyPI Repository Earth Estries’ Espionage Campaign Targets Governments and Tech Titans Across Continents Paramount Discloses Data Breach Following Security Incident Forever 21 Data Breach: Hackers Accessed Info of 500,000 Sourcegraph Website Breached Using Leaked Admin Access Token LogicMonitor Customers Hacked in Reported Ransomware Attacks Chambersburg Area School District (PA) Announces Hit by Recent Ransomware Attack Gaston College (NC) Reveals Scope of Ransomware Attack Classiscam Spreads: $64.5M Scheme Targets 79 Countries SapphireStealer Malware: A Gateway to Espionage and Ransomware Operations Google Fixes Serious Security Flaws in Chrome and Android

• 8/30/2023

  Chinese APT Group GREF Use BadBazaar in Android Espionage Russians Impersonate Washington Post and Fox News With Anti-Ukraine Stories British Officials Say AI Chatbots Could Carry Cyber Risks I Tracked an NYC Subway Rider’s Movements with an MTA ‘Feature’ Unmasking Trickbot, One of the World’s Top Cybercrime Gangs Krebs: U.S. Hacks QakBot, Quietly Removes Botnet Infections Cybersecurity Enters Conversation About Executive Pay Microsoft Angry Over Russian-Led UN Cybercrime Treaty Proposal That Could Target Non-Criminals Apple Opens 2024 Applications to Get ‘Security Research’ iPhones Debunking The Top 5 Cybersecurity Myths 4 Strategies to Safeguard the Finance Industry Against Deepfake Onslaught

  Montreal Electricity Organization Latest Victim in Lockbit Ransomware Spree AlphV Group Takes Credit for Ransomware Attack on Forsyth County (GA) Toyota Japan Back on the Road After Probably-Not-Cyber Attack Halted Production University of Michigan Isn’t Disclosing Details of Internet Outage Cyberattack Malicious npm Packages Aim to Target Developers for Source Code Theft Hacking Campaign Bruteforces Cisco VPNs to Breach Networks Hackers Can Exploit Windows Container Isolation Framework to Bypass Endpoint Security WordPress Migration Add-on Flaw Could Lead to Data Breaches Critical Vulnerability Alert: VMware Aria Operations Networks at Risk from Remote Attacks Flaw Exposes WP Migration Plugin to Hacks

• 8/29/2023

  Japan’s Cybersecurity Agency Breached by Suspected Chinese Hackers Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom FBI Brings Down Massive Qakbot Botnet That Infected More Than 700,000 Computers …Operation Duck Hunt: How the FBI Nuked Qakbot Malware From Infected Windows PCs Meta Says It Has Disrupted a Massive Disinformation Campaign Linked to Chinese Law Enforcement The Weird, Big-Money World of Cybercrime Writing Contests Microsoft Warns of Adversary-in-the-Middle Uptick on Phishing Platforms Verizon Is Making It Easier to Block Spam Texts Sent by Email Biometrics? Bring It On: Why Okta’s Jameeka Green Aaron Wants Passwords to Go Away Genshin Impact Dev Will Sue Kaveh Hacks Users and Developers Apple Security Boss Faces iPads-For-Gun-Permits Bribery Charge… Again

  University of Michigan Cuts Itself off From Internet After Mystery Security Snafu Hacktivists Breach Iranian Surveillance System Cancelled Flights: Air Traffic Disruption Caused by Flight Data Issue New Ransomware Campaign Targets Citrix NetScaler Flaw DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates New Android MMRat Malware Uses Protobuf Protocol to Steal Your Data DreamBus Malware Exploits RocketMQ Flaw to Infect Servers Hackers Exploit Critical Juniper RCE Bug Chain After PoC Release Microsoft Adds HSTS Support to Exchange Server 2016 and 2019 iFixit Wants Congress to Let It Hack McDonald’s Ice Cream Machines Addressing Cybersecurity’s Talent Shortage & Its Impact on CISOs

• 8/28/2023

  QBot, SocGholish, and Raspberry Robin: The Big 3 Responsible for 80% Of Attacks So Far This Year Spain Warns of LockBit Locker Ransomware Phishing Attacks Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege A Skype App Vulnerability Could Expose Your IP Address to Hackers — And Microsoft Has Yet to Fix It MalDoc in PDFs: Hiding Malicious Word Docs in PDF Files Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel Microsoft Will Enable Exchange Extended Protection by Default This Fall

  Mom’s Meals Discloses Data Breach Impacting 1.2 Million People Rhysida Claims Ransomware Attack on Prospect Medical, Threatens to Sell Data …Rhysida Ransomware Group Claims Attack on Prince George County School District (MD) Balancer Protocol Hit by $900K Exploitation Despite Previous Vulnerability Warning KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities Exploit Released for Juniper Firewall Bugs Allowing RCE Attacks Legal Liability for Insecure Software Might Work, but It’s Dangerous

• 8/25-27/2023

  China-Linked Flax Typhoon Cyber Espionage Targets Taiwan’s Key Sectors …Microsoft: Stealthy Flax Typhoon Hackers Use LOLBins to Evade Detection The Cheap Radio Hack That Disrupted Poland’s Railway System The Low-Stakes Race to Crack an Encrypted German U-Boat Message UK ICO Calls Social Media Firms to Protect People’s Data From Scraping Claimant Data Breached in Genesis, FTX and BlockFi Bankruptcy Cases Two LAPSUS$ Hackers Convicted in London Court for High-Profile Tech Firm Hacks Private Equity Firm Veritas Makes Takeover Offer for BlackBerry Cybersecurity Startup Wiz Considers Potential Bid for SentinelOne Privacy Regulator Warns of Surge in “Text Pest” Cases

  Data Breach at French Gov’t Agency Exposes Info of 10 Million People The Metropolitan Police Investigating Suspected Data Breach Byju’s Exposed Sensitive Student Data, Including Loan Details Krebs: Kroll Employee SIM-Swapped for Crypto Investor Data Leaseweb Is Restoring ‘Critical’ Systems After Security Breach Rapattoni Cyber Attack Disrupts The Real Estate Industry MOVEit, the Biggest Hack of the Tear, By the Numbers LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants Creative QakBot Attack Tactics Challenge Security Defenses Tor Turns to Proof-Of-Work Puzzles to Defend Onion Network From DDoS Attacks

• 8/24/2023

  Early Intelligence Suggests Prigozhin Was Assassinated, U.S. Officials Say …The Last Hour of Prigozhin’s Plane New Telegram Bot “Telekopye” Powering Large-scale Phishing Scams from Russia Britain to Host World’s First AI Safety Summit to Encourage Responsibility at Home of World War II Codebreakers NIST Publishes Draft Post-Quantum Cryptography Standards Ransomware Hackers Dwell Time Drops to 5 Days, RDP Still Widely Used Ransomware With an Identity Crisis Targets Small Businesses, Individuals Fake Check Scammers Target Adobe Behance Users With Fake Waymo Work Who’s Your Next Cyber Chief? Good Question. Why The Chainsmokers Invest in—and Party With—Niche Cybersecurity Companies

  North Korean Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware Belgium’s Econocom Confirms Cyber Attack, No Sensitive Data Disclosed National Grid Notifies Mass. Customers on Data Exposure in ‘Cyber Incident’ Ohio History Connection Hit With Ransomware Attack New “Whiffy Recon” Malware Triangulates Infected Device Location via Wi-Fi Every Minute New Study Sheds Light on Adhubllka Ransomware Network Jupiter X Core WordPress Plugin Could Let Hackers Hijack Sites Exploit Released for Ivanti Sentry Bug Abused as Zero-Day in Attacks FBI Warns of Patched Barracuda ESG Appliances Still Being Hacked

• 8/23/2023

  U.S. OKs State Auto-Repair Law After Raising Hacking Concerns Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead Email Still the Top Vector for Attackers Syrian Threat Actor EVLF Unmasked as Creator of CypherRAT and CraxsRAT Android Malware North Korean Affiliates Suspected in $40M Cryptocurrency Heist, FBI Warns Tornado Cash ‘Laundered Over $1B’ in Criminal Crypto-Coins Teen Lapsus$ Member Was Behind the Leaked GTA 6 Footage, London Jury Finds How to Talk to Your Kids About Social Media and Mental Health Meta Set to Enable Default End-to-End Encryption on Messenger by Year End Bitwarden Releases Free and Open-Source E2EE Secrets Manager 5 Early Warning Indicators That Are Key to Protecting National Secrets

  Criminals Go Full Viking on CloudNordic, Wipe All Servers and Customer Data …AzeroCloud Too Scraped Data of 2.6 Million Duolingo Users Released on Hacking Forum Personal and Confidential Info Breached in Tucson Unified School District (AZ) Cyberattack Discord Starts Notifying Users Affected by March Data Breach WinRAR Zero-Day Exploited Since April to Hack Trading Accounts Over a Dozen Malicious npm Packages Target Roblox Game Developers Over 3,000 Openfire Servers Vulnerable to Takover Attacks New Stealthy Techniques Let Hackers Gain Windows SYSTEM Privileges Kali Linux 2023.3 Released With 9 New Tools, Internal Changes Google Workspace Will Require Two Admins to Sign Off on Critical Changes

• 8/22/2023

  New HiatusRAT malware attacks target U.S. Defense Department A New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China Mysterious Cyberattack Shuts Down Yet More Telescopes For Weeks The Physical Impact of Cyberattacks on Cities Krebs: Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders. The Secret Weapon Hackers Can Use to Dox Nearly Anyone in America for $15 The Internet Is Turning Into a Data Black Box. An ‘Inspectability API’ Could Crack It Open SEC Fines Fintech Crypto Fund That Promised 2,700% Returns

  Cyber-Attack on Australian Utility Firm Energy One Spreads to UK Systems University of Minnesota Reports Possible Breach of “Sensitive Data” Virginia Department of Medical Assistance Services Announces Data Breach St Helens Council (UK) Hit by Suspected Ransomware Cyber Attack Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates Scarab Ransomware Deployed Worldwide Via Spacecolon Toolset Akira Ransomware Targets Cisco VPNs to Breach Organizations New Variant of XLoader macOS Malware Disguised as ‘OfficeNote’ Productivity App

• 8/21/2023

  British Intelligence Is Tipping off Ransomware Targets to Disrupt Attacks U.S. Space Industry Under Threat from Foreign Cyber Espionage Deceptive AI Bots Spread Malware, Raise Security Concerns This AI-Generated Crypto Invoice Scam Almost Got Me, and I’m a Security Pro A Draft Of TikTok’s Plan To Avoid A Ban Gives The U.S. Government Unprecedented Oversight Power Tesla Points to ‘Insider Wrongdoing’ as Cause of Massive Employee Data Leak UK Clears Broadcom’s $69 Billion Deal to Buy VMware Cybersecurity Firm SentinelOne Explores Sale

  Japanese Watchmaker Seiko Breached by BlackCat Ransomware Gang Kansai Nerolac Reports Ransomware Incident on Sunday, Financial Impact Undisclosed Ongoing Duo Outage Causes Azure Auth Authentication Errors Sneaky Amazon Google Ad Leads to Microsoft Support Scam This Malware Turned Thousands of Hacked Windows and macOS PCs into Proxy Servers TP-Link Smart Bulbs Can Let Hackers Steal Your WiFi Password Ivanti Warns of New Actively Exploited MobileIron Zero-Day Bug

• 8/18-20/2023

  Our Health Care System May Soon Receive a Much-Needed Cybersecurity Boost Senators Want YouTube Investigated Over Showing Targeted Ads to Kids, Again Match Group Pauses Background Checks on Tinder and Other Dating Apps Krebs: Karma Catches Up to Global Phishing Service 16Shop 14 Suspected Cybercriminals Arrested Across Africa in Coordinated Crackdown PSNI Data Breach: Second Man Arrested by Northern Ireland Police Google’s New Feature Ensures Your Pixel Phone Hasn’t Been Hacked or Compromised: Here’s How It Works …Google Chrome to Warn When Installed Extensions Are Malware More Cyber Companies Announce Layoffs Rust Devs Push Back as Serde Project Ships Precompiled Binaries Hackers Use VPN Provider’s Code Certificate to Sign Malware WinRAR Flaw Lets Hackers Run Programs When You Open RAR Archives Standing Out From The Crowd At Black Hat Unveiling the Hidden Risks of Routing Protocols

  Hackers Ask $120,000 for Access to Multi-Billion Auction House DeFi Protocols Exactly, Harbor Hacked in Separate Attacks Cuba Ransomware Uses Veeam Exploit Against Critical U.S. Organizations Germany’s National Bar Association Investigating Ransomware Attack Australia’s .AU Domain Administrator Denies Data Breach After Ransomware Posting Siemens Healthineers Responds to Alleged Data Theft by LockBit Ransomware Gang Morris Hospital & Healthcare Centers (IL) Notifies Patients, Employees of Breach After Royal Gang Posting Ransomware Gang Threatens Raleigh Housing Authority (NC) Months After Devastating Attack Bunker Hill Community College (MA) Discloses May Ransomware Attack John Taylor High School Shares Pupils’ Exam Results in Data Breach New BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams New Juniper Junos OS Flaws Expose Devices to Remote Attacks – Patch Now

• 8/17/2023

  Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks China-Linked Bronze Starlight Group Targeting Gambling Sector with Cobalt Strike Beacons The Plan to Better Protect U.S. Hospitals From Ransomware AI Use Rising in Influence Campaigns Online, but Impact Limited CISA Launches Joint Initiative to Secure RMM Software AnonFiles Shuts Down After Massive User Abuse Japan’s Digital Minister Surrenders Salary to Say Sorry for Data Leaks An Overview of Dubai’s First and Second Cybersecurity Strategy

  New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities Phishing Spree Targets Zimbra Collaboration Account Holders NoFilter Attack: Sneaky Privilege Escalation Method Bypasses Windows Security Thousands of Android APKs Use Compression Trick to Thwart Analysis New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks Why Technology, Not More Legislation, Is The Answer For Cybersecurity

• 8/16/2023

  White House Orders Federal Agencies to Shore up Cybersecurity, Warns of Potential Exposure Major U.S. Energy Org Targeted in QR Code Phishing Attack Scammers Exploit Hacked Websites For Phishing A Third of UK University Students Targeted By Fraud This $70 Device Can Spoof an Apple Device and Trick You Into Sharing Your Password Google Released First Quantum-Resilient FIDO2 Key Implementation NYC Bans TikTok on City-Owned Devices Northern Irish Police Arrest Man After Data Breach

  National Realtor’s Database Hack Disrupts Real Estate Industry, Forces Return to Traditional Methods Cleveland (TN) City Schools Reports Ransomware Attempt on Devices Massive 400,000 Proxy Botnet Built With Stealthy Malware Infections Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks CISA Warns of Critical Citrix ShareFile Flaw Exploited in the Wild Boards Don’t Want Security Promises — They Want Action

• 8/15/2023

  U.S. Lawmaker Says FBI Notified Him of Email Breach Linked to China-Based Microsoft Cloud Hack Chinese Media Teases Imminent Exposé of Seismic U.S. Spying Scheme North Korean Hackers Suspected in New Wave of Malicious npm Packages LinkedIn Accounts Hacked in Widespread Hijacking Campaign FBI: Mobile Beta-Testing Apps Are Major Security Risk Phishing Scams Targeting Small Business on Social Media Including Meta Are a ‘Gold Mine’ for Criminals Bolstering Africa’s Cybersecurity Latin Americans Fall Prey to More Online Scams as Cybersecurity Lags Krebs: Diligere, Equity-Invest Are New Firms of UK Con Man AI a Top Risk and the Preferred Solution to Financial Crime How & Why Cybercriminals Fabricate Data Leaks

  Discord.io Halts All Operations After Massive Data Breach Clorox Takes Servers Offline, Notifies Law Enforcement After ‘Unauthorized Activity’ Norfolk and Suffolk: You’re Not Seeing Double – Yet Another UK Copshop Is Confessing to a Data Leak Prince George’s County Public Schools (MD) Network Hit by Cyber Attack: 4,500 Accounts Affected Cummins Behavioral Health Systems (IN) Announces Data Breach Following Ransomware Attack Raccoon Stealer Malware Returns With New Stealthier Version Cybercriminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn Multiple Flaws Found in ScrutisWeb Software Exposes ATMs to Remote Hacking Almost 2,000 Citrix NetScaler Servers Backdoored in Hacking Campaign New CVE-2023-3519 Scanner Detects Hacked Citrix ADC, Gateway Devices

• 8/14/2023

  Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks Hacktivists Attack Japanese Government Over Fukushima Wastewater Release Top U.S. Cyber Official Offers ‘Stark Warning’ of Potential Attacks on Infrastructure if Tensions With China Escalate CISA Expects Upcoming Industry Rules to Show ‘Scope and Scale’ of Ransomware Problem As Ransomware Gangs Shift To Data Extortion, Some Adopt A New Tactic: ‘Customer Service’ U.S. Issues Draft Cybersecurity Guidelines for EV Charging Networks Researcher Says They Were Behind iPhone Popups at Def Con A Huge Scam Targeting Kids With Roblox and Fortnite ‘Offers’ Has Been Hiding in Plain Sight FBI Warns of Increasing Cryptocurrency Recovery Scams India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users’ Privacy First Over 100K Hacking Forums Accounts Exposed by Info-Stealing Malware What’s New in the NIST Cybersecurity Framework 2.0

  Alberta Dental Services Security Breach Exposes 1.47M Records Cumbrian Police Accidentally Publish All Officers’ Details Online Colorado Department of Health Care Policy & Financing (HCPF)  Warns 4 Million of Data Stolen in IBM MOVEit Breach United Healthcare Services Files Notice of Data Breach Following Hacking/IT Incident New Haven (CT) School District Has Recouped Half of $6 Million Lost in Cyber Attack New Financial Malware ‘JanelaRAT’ Targets Latin American Users QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord Security Researchers Publish Gigabud Banking Malware Analysis Monti Ransomware Targets VMware ESXi Servers With New Linux locker Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability Microsoft Enables Windows Kernel CVE-2023-32019 Fix For Everyone

• 8/11-13/2023

  Hackers Spied on Diplomats in Belarus, Researchers Say U.S. Cyber Body to Review Cloud Computing Safety, Microsoft Breach An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping Ford Says Cars With WiFi Vulnerability Still Safe to Drive America’s Original Hacking Supergroup Creates a Free Framework to Improve App Security Lapsus$ Hacker Group Exposed in Latest CSRB Report ‘Bulletproof’ Hosting Site LolekHosted That Allegedly Enabled 400 Ransomware Attacks Seized, Founder Artur Grabowski Indicted Judge Sends Sam Bankman-Fried to Jail Over Alleged Witness Tampering Xiaomi’s MIUI Now Flags Telegram as Dangerous in China Amazon AWS Distances Itself From Moq Amid Data Collection Controversy UK Gov Keeps Repeating Its Voter Registration Website Is Not a Scam

  Copper Miner Freeport-McMoRan Reports Cybersecurity Incident Belt Railway Company of Chicago, U.S.’s Largest Switching & Terminal RR, Investigating Ransomware Data Theft DroxiDat-Cobalt Strike Duo Targets Power Generator Network New SystemBC Malware Variant Targets Southern African Power Company Knight Ransomware Distributed in Fake TripAdvisor Complaint Emails MaginotDNS Attacks Exploit Weak Checks for DNS Cache Poisoning Multiple Flaws Found in the Avada WordPress Theme and Plugin Multiple Flaws in CyberPower and Dataprobe Products Put Data Centers at Risk 16 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks New Python URL Parsing Flaw Could Enable Command Execution Attacks Hackers Launch Cyberattacks Against U.S. Satellite, Requested by Pentagon

• 8/10/2023

  APT31 Linked to Recent Industrial Attacks in Eastern Europe MoustachedBouncer Hackers Use AiTM Attacks to Spy on Diplomats U.S. Government Pushes to Fix the Security Flaws Lapsus$ Hackers Used to Leak GTA VI Teens Hacked Boston Subway Cards to Get Infinite Free Rides—and This Time, Nobody Got Sued Hackers Rig Casino Card-Shuffling Machines for ‘Full Control’ Cheating Panasonic Warns That Internet-of-Things Malware Attack Cycles Are Accelerating Leaked Yandex Code Breaks Open the Creepy Black Box of Online Advertising Get Your Staff’s Consent Before You Monitor Them, Tech Inquiry Warns There’s a Good Chance Your VPN Is Vulnerable to Privacy-Menacing TunnelCrack Attack Lil Tay Is Not Dead, Claims Social Media Was Hacked Why It’s Time for Everyone to Reorient Their Thinking About Cybersecurity

  Fresh Blow to Police Service of Northern Ireland as Second Data Breach Disclosed Georgia Teacher Pension Vendor’s Data Hacked by Russian Clop Cybercrooks in MOVEit Attacks El Cerrito (CA) Investigating Data Theft After LockBit Ransomware Group’s Claims Encryption Flaws in Popular Chinese Language App Put Users’ Typed Data at Risk Potent Trojans Targeting MacOS Users New Statc Stealer Malware Emerges: Your Sensitive Data at Risk Gafgyt Malware Exploits Five-Years-Old Flaw in EoL Zyxel Router New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization Dell Compellent Hardcoded Key Exposes VMware vCenter Admin Creds CISA: New Whirlpool Backdoor Used in Barracuda ESG Hacks

• 8/9/2023

  Russia Tipped As Prime Suspect Over Huge Cyber Attack On UK Electoral Commission Cybersecurity Experts Discuss Wins, Losses and Lessons at Western Ukraine Gathering Top 3 Insights I Learned at Recent Cybersecurity Events White House Launches AI-Based Contest to Secure Government Systems From Hacks New York State Debuts First Cybersecurity Strategy Google to Fight Hackers With Weekly Chrome Security Updates Popular Open Source Project Moq Criticized for Quietly Collecting Data Corporate Data Transfers to Russia Likely Violate EU Privacy Rules, Regulator Warns A Clever Honeypot Tricked Hackers Into Revealing Their Secrets Krebs: Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’

  Northern Ireland Police Officers Vulnerable After Data Leak Rhysida Ransomware Behind Recent Attacks on Healthcare Rhysida Ransomware Analysis Reveals Vice Society Connection Hackers Use Open Source Merlin Post-Exploitation Toolkit in Attacks Malicious Campaigns Exploiting Weak Kubernetes Clusters for Cryptocurrency Mining New BitForge Cryptocurrency Wallet Flaws Lets Hackers Steal Crypto EvilProxy Phishing Campaign Targets 120,000 Microsoft 365 Users High-Severity Access Control Vulnerability Found in Spring WebFlux Microsoft Visual Studio Code Flaw Lets Extensions Steal Passwords Krebs: Microsoft Patch Tuesday, August 2023 Edition

• 8/8/2023

  White House Holds First-Ever Summit on the Ransomware Crisis Plaguing the Nation’s Public Schools …White House to Bolster Cybersecurity Training for K-12 Schools, With Help From the FCC, Amazon Web Services and More Yashma: Vietnamese-Origin Ransomware Operation Mimics WannaCry Traits Royal, Hive, Black Basta Ransomware Gangs ‘Collaborating on Cyber Attacks’ What Doctors Wish You Knew About HIPAA and Data Security Law Firm Dentons Splits With China’s Dacheng as Counter-Espionage Law Takes Hold Interpol Takes Down 16shop Phishing-As-A-Service Platform Android 14 to Let You Block Connections to Unencrypted Cellular Networks Google Is Picking up the Pace of Chrome Security Update Releases The Problem With Cybersecurity (and AI Security) Regulation

  Hackers Had Access to UK Voter Data for Over a Year Before Anyone Noticed MOVEit Hack Spawned Over 600 Breaches but Is Not Done Yet Say Cyber Analysts Israeli Hospital Redirects New Patients Following Ransomware Attack Missouri Warns of Data Breach Involving Medicaid Recipients QakBot Malware Operators Expand C2 Network with 15 New Servers LOLBAS in the Wild: 11 Living-Off-The-Land Binaries-and-Scripts That Could Be Abused for Multiple Malicious Purposes New Inception Attack Leaks Sensitive Data From All AMD Zen CPUs New ‘Downfall’ Flaw Exposes Valuable Data in Generations of Intel Chips Microsoft Office Update Breaks Actively Exploited RCE Attack Chain Microsoft August 2023 Patch Tuesday Warns of 2 Zero-Days, 87 Flaws

• 8/7/2023

  China Hacked Japan’s Sensitive Defense Networks, Officials Say North Korean ‘ScarCruft’ Hackers Breached Top Russian Missile Maker Microsoft’s AI Red Team Has Already Made the Case for Itself Criminals Have Created Their Own ChatGPT Clones New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs Stalkerware Slinger LetMeSpy Shuts Down for Good After Database Robbery Meta Accused of Ignoring Reports on Dangerous Content Cyber Insurer Resilience Secures $100 Million in Funding

  Russian ‘NoName057’ Hacktivists Overwhelm Spanish Sites With DDoS Colorado Warns Hackers Stole 16 Years of Public School Data in Ransomware Attack Invisible Ad Fraud Targets Korean Android Users New SkidMap Linux Malware Variant Targeting Vulnerable Redis Servers Google Play Apps With 2.5M Installs Load Ads When Screen’s Off Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics Hackers Increasingly Abuse Cloudflare Tunnels for Stealthy Connections Selling Software to the US Government? Know Security Attestation First

• 8/4-6/2023

  Two U.S. Navy Sailors Charged With Giving Chinese Spies Secret Military Info Krebs: Teach a Man to Phish and He’s Set for Life Alarm Raised Over Mozilla VPN: Wonky Authorization Check Lets Users Cause Havoc FBI Warns of Scammers Posing as NFT Devs to Steal Your Crypto Fake VMware vConnector Package on PyPI Targets IT Pros How to Automatically Delete Passcode Texts on Android and iOS Tesla Infotainment Jailbreak Unlocks Paid Features, Extracts Secrets New Acoustic Attack Steals Data From Keystrokes With 95% Accuracy

  Prospect Medical: Cyberattack Disrupts Computer Systems Across U.S., Hindering Services Colorado Department of Higher Education Warns of Massive Data Breach Burger King Serves Up Sensitive Data, No Mayo Clop Ransomware Now Uses Torrents to Leak Data and Evade Takedowns Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems Stealthy NPM Malware Exposes Developer Data New PaperCut Critical Bug Exposes Unpatched Servers to RCE Attacks Microsoft Addresses Critical Power Platform Flaw After Delays and Criticism

• 8/3/2023

  Krebs: How Malicious Android Apps Slip Into Disguise Google Can Now Alert You When Your Private Contact Info Appears Online Brave Search Adds Private Image and Video Search Capability Humans Unable to Reliably Detect Deepfake Speech Microsoft Flags Growing Cybersecurity Concerns for Major Sporting Events Hacktivist Collective “Mysterious Team Bangladesh” Revealed Hacktivists Fund Their Operations Using Common Cybercrime Tactics Hackers Could Have Scored Unlimited Airline Miles by Targeting One Platform: Points.com Razzlekhan and Husband Guilty of $4.5bn Bitcoin Launder Cocaine Smugglers that Posed as PC Sellers Jailed CISA Sounds the Alarm on UEFI Security

  U.S. Gov’t Contractor Serco Discloses Data Breach After MOVEit Attacks PH Tech MOVEit Data Breach Impacts 1.7 Million Oregon Health Plan Members Crozer Health’s (PA) Computer Systems Were Knocked Offline Thursday by a Ransomware Attack FBI Investigating Ransomware Attack Affecting Eastern Connecticut Health Network, Waterbury Health Mauna Kea Telescope Suspends Operations Following Attempted Cyber Attack Microsoft Teams Targeted in Midnight Blizzard Phishing Attacks New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3 Hackers Can Abuse Microsoft Office Executables to Download Malware New Microsoft Azure AD CTS Feature Can Be Abused For Lateral Movement FBI, CISA, and NSA Reveal Top Exploited Vulnerabilities of 2022

• 8/2/2023

  Russian APT29 Hackers Target Govt Orgs in Microsoft Teams Phishing Attacks Pro-Russian Hackers NoName057(16) Claim Attacks on Italian Banks House Republicans Open Investigation Into Email Breach at Federal Agencies Australian Senate Committee Recommends Bans on Chinese Social Media Apps The Generative AI Battle Between Companies and Hackers Is Starting AI-Powered CryptoRom Scam Targets Mobile Users Kenya Suspends Sam Altman’s Eyeball-Scanning Crypto Project IRS Vows to Digitize All Taxpayer Documents by 2025 Materiality Definition Seen as Tough Task in New SEC Cyber Rules Russian Cyber Adversary BlueCharlie Alters Infrastructure in Response to Disclosures Fake FlipperZero Sites Promise Free Devices After Completing Offer Tesla Jailbreak Unlocks Theft of In-Car Paid Features

  Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability Mondee Security Lapse Exposed Flight Itineraries and Unencrypted Credit Card Numbers Marine Industry Giant Brunswick Corporation Lost $85 Million in Cyberattack, CEO Confirms Synergy Healthcare Services (FL) Sends Breach Notifications to Over 58K Following Cyberattack Two Subsidiaries Confirm Data Breach Following Group 1001 Ransomware Attack Hopedale Police Department (MA) Say Facebook Page Targeted in Hack New NodeStealer Variant Targeting Facebook Business Accounts and Crypto Wallets Phishers Exploit Salesforce’s Email Services Zero-Day in Targeted Facebook Campaign Threat Actors Use AWS SSM Agent as a Remote Access Trojan Over 640 Citrix Servers Backdoored With Web Shells in Ongoing Attacks New Collide+Power Side-Channel Attack Impacts Almost All CPUs Ivanti Discloses New Critical Auth Bypass Bug in Mobileiron Core

• 8/1/2023

  U.S. Military Battling Cyber Threats From Within and Without Cloud Company Cloudzy Assisted 17 Different Government Hacking Groups -U.S. Researchers Some Companies Shun Long-Awaited Trans-Atlantic Data Agreement Cloud Tech Debt Puts Millions of Apps at Risk, Says New Report Bankrupt Crypto Firm Voyager Digital Tried to Return Funds, But Customer Data Might’ve Been Stolen Instead Amazon Employees Leak Secret Info That Marketplace Sellers Can Buy on Telegram A New Attack Impacts Major AI Chatbots—and No One Knows How to Stop It FraudGPT: Cybercriminals Train AI Chatbots for Phishing, Malware Attacks This Disinformation Is Just for You Kazakhstan Denies Plans to Hand Over Russian Cyber Expert to Moscow China Bans Export of Drones Some Countries Have Already Banned Anyway

  Researchers Expose Space Pirates’ Cyber Campaign Across Russia and Serbia Russian Hackers Crash Italian Bank Websites, Cyber Agency Says Retail Chain Hot Topic Discloses Wave of Credential-Stuffing Attacks The Chattanooga Heart Institute (TN) Notifies Upwards of 160k Patients of Recent Data Breach Aven Financial (CA) Files Notice of Data Breach Impacting Consumers’ Social Security Numbers Threat Actors Abuse Google AMP for Evasive Phishing Attacks New Infostealer Uncovered in Phishing Scam Targeting Facebook Business Accounts New WikiLoader Malware Goes to Extreme Lengths to Hide CISA Issues New Warning on Actively Exploited Ivanti MobileIron Bugs Lessons Not Learned From Software Supply Chain Attacks

• 7/31/2023

  Biden Announces National Cyber Workforce and Education Strategy APT31 (aka Judgment Panda and Zirconium) Implants Target Industrial Organizations UK Military Embraces Security by Design No Evidence Ransomware Victims With Cyber Insurance Pay Up More Often, UK Report Says Hackers Steal Signal, WhatsApp User Data With Fake Android Chat App Canon Warns of Wi-Fi Security Risks When Discarding Inkjet Printers Hikvision, Nvidia Named in Contract for ‘Uyghur Detection’ California Opens Privacy Probe Into Who Controls, Shares the Data Your Car Is Collecting U.S. Chamber of Commerce Opposes New SEC Cybersecurity Reporting Rule

  Mattress Giant Tempur Sealy Hit With Cyberattack Forcing System Shutdown Paramedic Billing Services Provides Notice of Data Breach Affecting Patient SSNs and PHI Mendocino County (CA) Office of Education Announces Possible Ransomware Attack or Data Hack SpyNote Android Spyware Strikes Financial Institutions Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT Hackers Exploit BleedingPipe RCE to Target Minecraft Servers, Players New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service It’s Hot Zero-Day Summer for Apple, Google, and Microsoft Security Fixes

---

Follow The Cyber Beat

Get news delivered directly to your inbox.