• 9/22/2022

  NSA Accessed China’s Telecommunications Network, State Media Claims The U.S. And Its Allies Are Joining Forces on Chips: That Could Stop China Reaching the Next Level Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs Cambodian Authorities Crack Down on Cyber Slavery Amid International Pressure Russia-Based Hackers FIN11 Impersonate Zoom to Conduct Phishing Campaigns Hacktivist Group From Bangladesh Launches Cyber Attack on Indian Government Websites BlackCat Ransomware’s Data Exfiltration Tool Gets an Upgrade Florida Asks Supreme Court to Consider Controversial Social Media Law The Ungodly Surveillance of Anti-Porn ‘Shameware’ Apps Morgan Stanley Fined $35m By SEC For Data Security Lapse

  Optus Hit By Cyber-Attack, Breach Affects Nearly 10 Million Customers TAP Air Portugal Hit by Cyber attack, Passenger Data Stolen Wheat Ridge (CO) Won’t Cough up Millions in Ransomware Attack That Closed City Hall Hackers Stealing GitHub Accounts Using Fake CircleCI Notifications Microsoft Exchange Servers Hacked via OAuth Apps for Phishing Malicious NPM Package Caught Mimicking Material Tailwind CSS Package Critical Magento Vulnerability Targeted in New Surge of Attacks CISA Warns of Critical ManageEngine RCE Bug Used in Attacks NSA Shares Guidance to Help Secure OT/ICS Critical Infrastructure

• 9/21/2022

  Shadowy Russian Cell Phone Companies Are Cropping Up in Ukraine FBI: Iranian Hackers Lurked in Albania’s Gov’t Network for 14 Months U.S. Adds 2 More Chinese Telecom Firms to National Security Threat List Sen. King calls on Senate to pass the Cyber Diplomacy Act DHS Rejects Plan to Protect Election Officials From Harassment as Midterms Loom Okta: Credential Stuffing = 34% Of All Login Attempts Twitter Failed to Log You Out of All Devices After Password Resets Meta Quietly Reduces Staff in Cost-Cutting Push Krebs: SIM Swapper Abducted, Beaten, Held for $200k Ransom LockBit Ransomware Builder Leaked by “Angry Developer” After Prison, Hackers Face Tech Restrictions, Limited Job Prospects

  Hackers Hit Los Angeles Unified School District With Ransom Demand Berry, Dunn, McNeil & Parker (ME) Breached After Employee Email Compromised LinkedIn Smart Links Abused in Evasive Email Phishing Attacks Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet Domain Shadowing Becoming More Popular Among Cybercriminals Unpatched 15-Year Old Python Bug Allows Code Execution in 350K Projects Multiple Vulnerabilities Discovered in Dataprobe’s iBoot-PDUs Windows 11 Gets Better Protection Against SMB Brute-Force Attacks Malwarebytes Blocks Google, YouTube as Malware Don’t Wait for a Mobile WannaCry: Attacks Against Phones & Tablets Increasing

• 9/20/2022

  Companies Should Treat Cyber Threats as Core Business Risk, U.S. Cyber Official Says Hackers Admit Destroying InterContinental Hotels Group’s Data ‘For Fun’ MFA Fatigue: Hackers’ New Favorite Tactic in High-Profile Breaches Imperva Mitigated Long-Lasting, 25.3 Billion Request DDoS Attack Beware of Phish: American Airlines, Revolut Data Breaches Expose Customer Info How to Dodge New Ransomware Tactics CFOs Should No Longer View Cybersecurity as Insurance Microsoft Defender for Endpoint Will Turn On Tamper Protection by Default Telegram Has a Serious Doxing Problem Dozens of Civil Rights Groups Are Calling on Amazon and MGM to Cancel Ring Nation Reality Show California Signs Internet Privacy Legislation to Boost Children’s Safety Online

  2K Game Support Hacked to Email Redline Info-Stealing Malware …Targeted Players With Malware Hive Ransomware Claims Attack on New York Racing Association Kiwi Farms Has Been Breached; Assume Passwords, Emails & IP Addresses Have Been Leaked Hacker Steals $160 Million From Crypto Trading Firm Wintermute Cash Express Files Notice of Data Breach  City Furniture (FL) Files Notice of Data Breach South Redford School District (MI) Cancels Classes Following Cyberattack Wolfe Clinic Eye Care Fallout Grows: 543K Patients Added to Breach Tally Critical Vulnerability in Oracle Cloud Infrastructure Allowed Unauthorized Access Windows 11 22H2 Adds Kernel Exploit Protection to Security Baseline

• 9/19/2022

  Russian Sandworm Hackers Pose as Ukrainian Telcos to Drop Malware Microsoft 365 Phishing Attacks Impersonate U.S. Gov’t Agencies The Deep Roots of Nigeria’s Cybersecurity Problem Microsoft Warns of Large-Scale Click Fraud Campaign Targeting Gamers California Dems Follow Texas GOP Into Online Speech Battle Indonesia Accuses Google of Abusing Monopoly U.S. Treasury Plans to Ask Public if Crypto-Related Regulations Are ‘No Longer Fit for Purpose’ Partisan Asymmetries in Exposure to Misinformation

  Uber Blames Lapsus$ Hacking Group for Security Breach Last Week American Airlines Discloses Data Breach After Employee Email Compromise Revolut Hack Exposes Data of 50,000 Users, Fuels New Phishing Wave Lubbock Heart & Surgical Hospital Reports Data Breach Affecting 23,379 Patients Ameriprise Financial (MN) Confirms the Company’s Fourth Data Breach of 2022 M.C. Dean Breach After Hackers Had Access to Company’s Computer Systems for 6 Months VMware, Microsoft Warn of Widespread Chromeloader Malware Attacks

• 9/16-18/2022

  DHS Rolls Out $1 Billion Investment in Cybersecurity for State and Local Governments Allies Warn of Iranian Ransom Attacks Using Log4Shell CISA Orders Agencies to Patch Vulnerability Used in Stuxnet Attacks What Does a Doomsday Level Cyber Attack Look Like? Can Reflections in Eyeglasses Actually Leak Info From Zoom Calls? Here’s a Study Into It TeamTNT Hijacking Servers to Run Bitcoin Encryption Solvers Fake Cryptocurrency Giveaway Sites Have Tripled This Year Krebs: Botched Crypto Mugging Lands Three U.K. Men in Jail Beloved Browser Extension Acquired by Non-beloved Antivirus Firm Avast LastPass Says Hackers Had Internal Access for Four Days Google, Microsoft Can Get Your Passwords via Web Browser’s Spellcheck Highly Skilled Tech Workers Are Becoming a Rarity, and Companies Have Tough Decisions to Make Bitdefender Releases Free Decryptor for LockerGoga Ransomware

  Uber Investigating the Scope of a Breach of Its Computer Systems …Uber Claims No Sensitive Data Exposed in Latest Breach… But There’s More to This …Uber Hacker May Have Compromised Secret Bug Reports …Uber’s Hack Shows the Stubborn Power of Social Engineering GTA 6 Source Code and Videos Leaked After Rockstar Games Hack Empress Emergency Medical Services (NY) Discloses Data Breach After Ransomware Attack Hacker Sells Stolen Starbucks Data of 219,000 Singapore Customers Physicians’ Spine and Rehabilitation Specialists of Georgia Breached, Possible Ransomware Suffolk County Documents Stolen in Cyberattack Posted on Dark Web Emotet Botnet Now Pushes Quantum and BlackCat Ransomware Researchers Find Link b/w PrivateLoader and Ruzki Pay-Per-Install Services

• 9/15/2022

  Russian Gamaredon Hackers Target Ukrainian Government Using Info-Stealing Malware Senate Confirms First-Ever Cyber Ambassador Krebs: Say Hello to Crazy Thin ‘Deep Insert’ ATM Skimmers YouTube Users Targeted By RedLine Self-Spreading Stealer Campaign EU Proposes Strict Cybersecurity Rules for Digital-Product Makers White House Announces Updates From Tech Companies to Combat Violent Extremism English-Language Altenen Cybercrime Forum Admins Steal from Site Users Malware on Pirated Content Sites a Major WFH Risk for Enterprises Zoom Outage Left Users Unable to Sign In or Join Meetings

  Webworm Hackers Using Modified RATs in Latest Cyber Espionage Attacks Microsoft Edge’s News Feed Ads Abused for Tech Support Scams Hackers Trojanize PuTTY SSH Client to Backdoor Media Company Hack of Popular Parent-Teacher App Seesaw Left Users Open to Infamous Shock Image Hive Ransomware Claims Cyberattack on Bell Canada Subsidiary Laval City Shuts Down Online Services After ‘Targeted’ Cyber Attack Akamai Stopped New Record-Breaking DDoS Attack in Europe Notepad++ Plugins Allow Attackers to Infiltrate Systems, Achieve Persistence

• 9/14/2022

  White House to Tech World: Promise You’ll Write Secure Code – Or Feds Won’t Use It DOJ Indicts Iranians for Allegedly Hacking and Extorting U.S. Groups The Twitter Whistleblower’s Testimony Has Senators Out for Blood Death of Queen Elizabeth II Exploited to Steal Microsoft Credentials SparklingGoblin APT Targeted Hong Kong University With New Linux Backdoor Phishing Page Embeds Keylogger to Steal Passwords as You Type EA’s New Anti-cheat Tools Dip Into the Dreaded “Kernel Mode” Microsoft Teams Stores Auth Tokens as Cleartext in Windows, Linux, Macs Self-Checkouts, IoT And The Rise Of Cyber Security Threats In Retail

  Vulnerabilities Found in Airplane WiFi Devices, Passengers’ Data Exposed Gay Hookup Site Typosquatted by 50 Domains to Push Dodgy Chrome Extensions TIC International Corporation Reports Data Breach Following Conti Ransomware Attack Researchers Detail OriginLogger RAT — Successor to Agent Tesla Malware FBI: Hackers Steal Millions From Healthcare Payment Processors New Lenovo BIOS Updates Fix Security Bugs in Hundreds of Models Krebs: Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday CISA Orders Agencies to Patch Windows, iOS Bugs Used in Attacks To Ease the Cybersecurity Worker Shortage, Broaden the Candidate Pipeline

• 9/13/2022

  Twitter ‘Lacked the Ability to Hunt for Foreign Intelligence Agents,’ Says Whistleblower …‘Misled The Public’ Iranian Hackers Launch Renewed Attack on Albania, Taking Border Control Systems Offline Iranian Hackers Target High-Value Targets in Nuclear Security and Genomic Research U.S. Broadens International Efforts to Pursue Hackers GPS Jammers Are Being Used to Hijack Trucks and Down Drones: How to Stop Them Top Election Security Official Warns of Election Workforce Problems: 1 in 3 Have Left Posts Tax Fraud Leader Jailed for Selling Children’s Identities Police Arrest Man for Laundering Tens of Millions in Stolen Crypto

  ShadowPad-Associated Hackers Targeted Asian Governments Napa Valley College Alerts 8,000 About Possible Data Breach Hackers Steal Steam Credentials With ‘Browser-in-the-Browser’ Technique New PsExec Spinoff Lets Hackers Bypass Network Security Defenses Trend Micro Warns of Actively Exploited Apex One RCE Vulnerability Zero-day in WPGateway WordPress Plugin Actively Exploited in Attacks Microsoft September 2022 Patch Tuesday Fixes Zero-Day Used in Attacks, 63 Flaws Apple Will Let You Roll Back the iPhone’s Security Patches

• 9/12/2022

  Hacktivist Group GhostSec Compromises 55 Berghof PLCs Across Israel Lorenz Ransomware Breaches Corporate Network via Phone Systems iOS 16 Has 2 New Security Features for Worst-Case Scenarios Security Pros Get Ability to Manually Add Incidents to Microsoft Sentinel Google Now Owns Mandiant, the Firm That Found SolarWinds G-7 Privacy Regulators Aim To Ease Turbulent International Data Flows Romanian & UK Cops Raid Suspected Fraudster Penthouses in Bucharest HP Will Pay Customers for Blocking Non-HP Ink Cartridges in EU Cybersecurity Firm Fortanix Secures Capital to Provide Confidential Computing Services

  Hackers Compromise Employee Data at PVC-Maker Eurocell U-Haul Discloses Data Breach Exposing Customer Driver Licenses OakBend Medical Center (TX) Hit by Ransomware Suffolk County (NY) Government Investigates Possible Cyber Intrusion Cisco Confirms Yanluowang Ransomware Leaked Stolen Company Data New Attack Can Unlock and Start a Tesla Model Y in Seconds, Say Researchers Oxeye Discovers Several High Severity IDOR Vulnerabilities in Harbor Apple Fixes Eighth Zero-Day Used to Hack iPhones and Macs This Year VMware: 70% Drop in Linux ESXi VM Performance with Retbleed Fixes

• 9/9-11/2022

  U.S. Treasury Sanctions Iran’s Intelligence Ministry for Alleged Cyberattack on Albania Coinbase Bankrolls Lawsuit Against Treasury Department Following Tornado Cash Sanctions Ransomware Gangs Switching to New Intermittent Encryption Tactic Krebs: Transacting in Person with Strangers from the Internet Uber Exec Accused of Disguising Data-Breach Extortion as “Bug Bounty” Microsoft, Cloud Providers Move to Ban Basic Authentication Cybersecurity Expert: Even if You Debunk It, People Believe the Deepfake

  Vice Society Claims LAUSD Ransomware Attack, Theft of 500GB of Data …LA School District Was Warned of Ransomware Threat Before Recent Shutdown Holiday Inn Online Bookings Tank After Suspected Ransomware Attack: Franchisees Wilson’s Gun Shop (AR) Announces Data Breach Lampion Malware Returns in Phishing Attacks Abusing WeTransfer Attackers Exploit Zero-Day WordPress Plug-in Vulnerability in BackupBuddy Firmware Bugs in Many HP Computer Models Left Unfixed for Over a Year

• 9/8/2022

  North Korean Lazarus Hackers Take Aim at U.S. Energy Providers Classified NATO Documents Stolen From Portugal, Now Sold on Darkweb Ransomware Campaigns Linked to Iranian Gov’t DEV-0270 Hackers This Clever Anti-Censorship Tool Lets Russians Read Blocked News 80%+ Of the Top Sites Leak User Searches to Advertisers U.S. Recovers $30 Million Stolen From Axie Infinity by Lazarus Hackers Draft EU Rules Target Smart Devices With Security Risks Why Companies Need to Think About Cyber Resilience, Not Just Cybersecurity

  Savannah College of Art and Design Data Compromised After Ransomware Attack CBC Group (AZ) Data Breach Compromises Consumer SSNs Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections GIFShell Attack Creates Reverse Shell Using Microsoft Teams GIFs New Vulnerabilities Reported in Baxter’s Internet-Connected Infusion Pumps CISA Orders Agencies to Patch Chrome, D-Link Flaws Used in Attacks Google Urges Open Source Community to Fuzz Test Code Vulnerability Exploits, Not Phishing, Are the Top Vector for Initial Compromise

• 9/7/2022

  Former Conti Ransomware Gang Members Helped Target Ukraine, Google Says Ukraine Dismantles More Bot Farms Spreading Russian Disinformation Ransomware Gang’s Cobalt Strike Servers DDoSed With Anti-Russia Messages Japan Government Websites Hit By Cyber-Attacks, Killnet Suspected Mandiant Links APT42 to Iranian ‘Terrorist Org’ Albania Severs Diplomatic Ties With Iran Over Cyber-Attack …U.S. Condemns ‘Unprecedented’ Attack Apple’s Killing the Password: What You Need to Know Ring Finally Brings End-To-End Encryption to Its Flagship Battery Powered Video Doorbells CISA to Hold Meetings to Flesh Out Cyber-Incident Reporting Rules

  200,000 North Face Accounts Hacked in Credential Stuffing Attack Radiant Logistics (WA) Data Breach May Have Stemmed from Ransomware Incident Genesis Health Care (PA) Reports Data Breach Following Period of Unauthorized Access North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns ‘DangerousSavanna’ Hackers Targeted Financial Institutions in Africa For Two Years New Stealthy Shikitega Malware Targeting Linux Systems and IoT Devices HP Fixes Severe Bug in Pre-installed Support Assistant Tool Cisco Won’t Fix Authentication Bypass Zero-Day in EoL Routers NHTSA Updates Cybersecurity Guidelines for New Cars to Guard Against Hackers

• 9/6/2022

  Biden Administration Unveils Plan For Bolstering Semiconductor Production How Critical U.S. Sectors Are Coping With Rising Cyberattacks FBI Warns of Vice Society Ransomware Attacks on School Districts Half of Firms Report Supply Chain Ransomware Compromise Israel Defence Minister’s Cleaner Jailed for Trying to Spy for Iran-Linked Hackers It’s Time to Get Real About TikTok’s Risks Minecraft Is Hackers’ Favorite Game Title for Hiding Malware Meta Fined $400M in Ireland for Children’s Privacy Breach U.S. Seizes WT1SHOP Market Selling Credit Cards, Credentials, and IDs Cybersecurity Startup Funding Highlights Competing Market Forces

  Los Angeles Unified School District Hit by Cyberattack …FBI, DHS Join Probe London’s Biggest Bus Operator Go-Ahead Hit by Cyber “Incident” Cyberattack Brings Down InterContinental Hotels’ Booking Systems Gateway Diagnostic Imaging (TX) Data Breach Impacts SSNs &Health Info Worok Hackers Target High-Profile Asian Companies and Governments TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks Moobot Botnet Is Coming for Your Unpatched D-Link Router New Linux Malware Evades Detection Using Multi-Stage Deployment Zyxel Releases New NAS Firmware to Fix Critical RCE Vulnerability

• 9/5/2022

  China Says U.S. Hacked Aeronautics, Space Research University Northwestern Polytechnical in Escalating War of Words Crypto: Actor Bill Murray Hacked EvilProxy Phishing Toolkit Spotted on Dark Web Forums Interpol Dismantles Sextortion Ring, Warns of More Attacks

  TikTok Denies Reports That It’s Been Hacked After ‘AgainstTheWest’ Claims It Exposed Source Code and User Data KeyBank’s Customer Information Stolen By Hackers in July Via Third-party Provider Overby-Seawell QNAP Patches Zero-Day Used in New Deadbolt Ransomware Attacks

• 9/2-4/2022

  IRS Says It Exposed Some Confidential Taxpayer Data on Website Police Across US Bypass Warrants With Mass Location-Tracking Tool Google, YouTube Ban Election Trolls Ahead of U.S. Midterms Hackers Caused a Massive Traffic Jam in Moscow Using a Ride-Hailing App Krebs: Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire Dev Backdoors Own Prynt Stealer Malware to Steal Data From Other Hackers Malware Dev Open-Sources CodeRAT After Being Exposed Navigating The Cybersecurity Funding Landscape The Makings of a Successful Threat-Hunting Program: What it Takes Hoxhunt Primed to Spread Gamified Phishing Awareness in the Enterprise Coro CEO Guy Moskowitz Plans to Take an Enterprise-Grade Security Capability to the SMB Market

  Samsung Says July Data Breach Revealed Some Customers’ Names, Birthdays, and More Damart Clothing Store Hit by Hive Ransomware, $2 Million Demanded BlackCat Ransomware Claims Attack on Italian Energy Agency Hack Shuts Down Internet for Thousands Across Bardstown (KY) San Francisco 49ers: Blackbyte Ransomware Gang Stole Info of 20K People Black Knight (FL) Leaked Social Security Numbers Following Data Breach JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users SharkBot Malware Sneaks Back on Google Play to Steal Your Logins Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability Microsoft Defender Falsely Detects Win32/Hive.ZY in Google Chrome, Electron Apps

• 9/1/2022

  Montenegro Attack Hackers Demand $10 Million Ragnar Locker Ransomware Targets Energy Sector, Cybereason Suggests NSA and CISA Share Tips to Secure the Software Supply Chain Thousands Lured With Blue Badges in Instagram Phishing Attack The U.S. May Soon Learn What a ‘Kid-Friendly’ Internet Looks Like Dark Web Of Cybersecurity Concerns Rising With Gig Economy Why Cybersecurity Stocks Are Beating the Market Crypto.com Accidentally Sends Woman $10 Million Instead of $100: She Went and Bought a Mansion

  New Ransomware Hits Windows, Linux Servers of Chile Gov’t Agency Tulsa Tech Hit By Data Breach Exposing Data of Students Between 1986 and 1999 Platinum Performance (CA) Reports Data Breach Following Successful Phishing Attack Neopets Says Hackers Had Access to Its Systems for 18 Months Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks Over 1,800 Android and iOS Apps Found Leaking Hard-Coded AWS Credentials Microsoft Will Disable Exchange Online Basic Auth Next Month

• 8/31/2022

  FBI Deploys Cyber Team to Montenegro Following Massive Cyberattack Finland Plans Cyber Funding For Companies Amid Rising Security Threats UK Imposes Tough New Cybersecurity Rules for Telecom Providers Japan’s Digital Minister Vows to Rid the Country of Floppy Disks Congress Presses Big Crypto Exchanges for Details on How They’re Fighting Scams You’re Not Stringer Bell, but You May Still Need a Burner Phone Lyft Passengers, Drivers Allege Company Fails to Protect Users From Assault Krebs: Final Thoughts on Ubiquiti

  Ragnar Locker Ransomware Claims Attack on Portugal’s Flag Airline Methodist McKinney Hospital (TX) Announces Data Breach SCA Pharmaceuticals (AR) Announces Data Breach Evil Corp and Conti Linked to Cisco Data Breach, eSentire Suggests A ‘High Severity’ TikTok Vulnerability Allowed One-Click Account Hijacking Google Chrome Bug Lets Sites Write to Clipboard Without Asking If You Have an iPhone 5S or 6, It’s Time for a Rare iOS Update AdGuard’s New Ad Blocker Struggles With Google’s Manifest V3 Rules

• 8/30/2022

  Krebs: How 1-Time Passcodes Became a Corporate Liability Hackers Hide Malware in James Webb Telescope Images Google’s Open-Source Bug Bounty Aims to Clamp Down on Supply Chain Attacks Google Play to Ban Android VPN Apps From Interfering With Ads Ukraine Takes Down Cybercrime Group Hitting Crypto Fraud Victims A Huge Chinese Database of Faces and Vehicle License Plates Spilled Online Essential Elements Of Cybersecurity How to Support Agile Development Through Cybersecurity Best Practices Security Culture: An OT Survival Story

  Russian Streaming Platform START Confirms Data Breach Affecting 7.5M Users France Telco Altice Hit by Hive Hack Attack Valex Corporation Announces Data Breach Following Malware Attack CorrectHealth (GA) Data Breach Affects the Personal Info of More than 54k EmergeOrtho (NC) Data Breach Leaked Social Security Numbers of 75k Watering Hole Attacks From TA423 Push ScanBox Keylogger ModernLoader Delivers Stealers, Cryptominers & RATs Via Fake Amazon Gift Cards Chrome Extensions With 1.4 Million Installs Steal Browsing Data

• 8/29/2022

  The Telegram-Powered News Outlet Waging Guerrilla War on Russia U.S. Cyber Command and NSA Partner On Defence Efforts For Midterms Elections McDonald’s Security Chief on Building Bonds With Corporate Directors New Cybersecurity Regulations Are Coming: Here’s How to Prepare FBI: Hackers Increasingly Exploit DeFi Bugs to Steal Cryptocurrency Cloudflare CDN Clients Caught in Austrian Fight Against Pirate Sites FTC Alleges Data Broker Kochava Exposes Users to Violent Threats by Selling Location Data Kiwi Farms Goes Offline amid DDoS Attack and Hosting Issues

  Nelnet Servicing Breach Exposes Data of 2.5M Student Loan Accounts Axel Royal Confirms Data Breach Impacting Consumers’ Social Security Numbers Northeast Rehabilitation Hospital Network (NH) Files Notice of Data Breach Nitrokod Crypto Miner Infected Over 111,000 Users with Copies of Popular Software New Golang-based ‘Agenda Ransomware’ Can Be Customized For Each Victim LockBit Ransomware Gang Gets Aggressive With Triple-Extortion Tactic Windows Malware Delays Coinminer Install by a Month to Evade Detection Critical Hole in Atlassian Bitbucket Allows Any Miscreant to Hijack Servers

• 8/26-28/2022

  NATO Investigates Hacker Sale of MBDA Missile Systems Firm Data Iran-Based MuddyWater Targets Log4j 2 Vulnerabilities in SysAid Apps in Israel Montenegro’s State Infrastructure Hit by Cyber Attack -Officials Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework Cyberattack Raises Pressure on European Water Providers During Drought Democrat Urges Labor Dept To Regulate Tech That Monitors Employees in the Workplace DuckDuckGo Opens Its Privacy-Focused Email Service to Everyone One Man’s Loss Is Another Man’s Gain! Cybersecurity Works Like That

  Dominican Republic Government Hit by Ransomware Attack India’s Akasa Air Exposed Sensitive Records of Thousands of Customers New Hampshire Lottery Website Returns After Facing Cyber Attack Twilio Breach Let Hackers Gain Access to Authy 2FA Accounts …Twilio Breach Let Hackers See Okta’s One-Time MFA Passwords Baker & Taylor’s Systems Remain Offline Almost A Week After Ransomware Attack Fake ‘Cthulhu World’ P2E Project Used to Push Info-Stealing Malware Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center

• 8/25/2022

  U.S., Israel Formalize Bilateral Cyber Partnership The U.S. Government Got Caught Using Social Media Sock Puppets to Spread Propaganda How ‘Kimsuky’ Hackers Ensure Their Malware Only Reach Valid Targets Scammers Create ‘AI Hologram’ of C-Suite Crypto Exec Scans of Students’ Homes During Tests Are Deemed Unconstitutional Hackers Abuse Genshin Impact Anti-cheat System to Disable Antivirus LastPass Source Code, Blueprints Stolen by Intruder To Bring PLG to Cybersecurity, Let’s Change Our Hiring Habits

  PyPI Packages Hijacked After Developers Fall For Phishing Emails The O․MG Elite Cable Is a Scarily Stealthy Hacker Tool Okta Hackers ‘0ktapus’ Behind Twilio and Cloudflare Breach Hit Over 130 Organizations …DoorDash Microsoft Attributes New Post-Compromise Capability to Nobelium (aka APT29) Hackers Adopt Sliver Toolkit as a Cobalt Strike Alternative Cybercriminals Are Selling Access to Chinese Surveillance Hikvision Cameras Ransomware Attacks Rose 47 Percent in July

• 8/24/2022

  Cyber Agency Highlights Emerging Threats From Quantum Computing Quantum Ransomware Attack Disrupts Gov’t Agency in Dominican Republic War in Ukraine Has Pushed Two-Thirds of Businesses to Change Cyber Strategy EU Outlines Critical Cyber Response to Ukraine War The Privacy Flaw Threatening U.S. Democracy Sephora Agrees to $1.2 Million Settlement of Data Privacy Charges An Anatomy of Crypto-Enabled Cyber Crime Nearly 3 Years Later, SolarWinds CISO Shares 3 Lessons From the Infamous Attack U.S. Healthcare Sector Breaches 342M+ Records Since 2009

  Plex Breach Exposes Usernames, Emails, and Encrypted Passwords RansomEXX Claims Ransomware Attack on Sea-Doo, Ski-Doo Maker Lionel Holdings (NC) Report Data Breach After Ransomware Attack Calcium Products (IA) Confirms Recent Data Breach Fake Chrome Extension ‘Internet Download Manager’ Has 200,000 Installs Hackers Use AiTM Attack to Monitor Microsoft 365 Accounts for BEC Scams Crypto Miners Using Tox P2P Messenger as Command and Control Server GitLab ‘Strongly Recommends’ Patching Critical RCE Vulnerability

• 8/23/2022

  Agency Identified 700-Plus Pages of Classified Records at Trump’s Home …Biden Stays Silent on Mar-a-Lago Search Suspected Iranian Hackers UNC3890 Targeted Several Israeli Organizations for Espionage Since 2020 Ex-Twitter Exec Blows the Whistle, Alleging Reckless and Negligent Cybersecurity Policies …‘Egregious Deficiencies,’ Bots, and Foreign Agents …Congress Is Investigating Twitter Whistleblower Claims …Security Pros Are Rallying to Defend the Twitter Whistleblower Initiative Aims to Tackle Cyber Threats as Self-Driving Cars Gain Traction Pirated 3DMark Benchmark Tool Delivering Info-Stealer Malware Ransomware: Most Attacks Exploit These Common Cybersecurity Mistakes – Fix Them Now: Microsoft VMware Carbon Black Endpoint Security Solution Causing BSOD Crashes on Windows

  French Hospital Hit by $10M Ransomware Attack, Sends Patients Elsewhere Google Uncovers Tool Used by Iranian Hackers ‘Charming Kitten’ to Steal Data from Email Accounts New ‘Donut Leaks’ Extortion Gang Linked to Recent Ransomware Attacks Mansfield ISD (TX) Experiencing Cyber Attack, Phones & Internet Down Service By Medallion (CA) Reports Data Breach Following Compromised Employee Email Account Clark Patterson Lee (NY) Reports Data Breach Following “Encryption” Event Phishing Attacks Abusing SAAS Platforms See a Massive 1,100% Growth Air-Gap Attack Exploits Gyroscope Ultrasonic Covert Channel to Leak Data …ETHERLED: Air-Gapped Systems Leak Data via Network Card Leds Microsoft Finds Critical Hole in Operating System That for Once Isn’t Windows

• 8/22/2022

  Experts Nervously Eye Cyber Threats From China Midterm Elections to Put Misinformation Policies to the Test Inside the World’s Biggest Hacker Rickroll Fake Reservation Links Prey on Weary Travelers Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts FBI Warns of Residential Proxies Used in Credential Stuffing Attacks Google AI Flagged Parents’ Accounts for Potential Abuse Over Nude Photos of Their Sick Kids CEO Shalev Hulio of Blacklisted Israeli Spyware Maker NSO Group Steps Down Perspectives on Model Risk Management of Cybersecurity Solutions in Banking Sophos Identifies Potential Tag-Team Ransomware Activity Fake DDoS-Protection Pages on WordPress Sites Serve Up Malware Warning Over Java Libraries and Deserialization Security Weaknesses

  Holdcroft Motor Group Car Dealership Hit by Major Ransomware Attack Greek Natural Gas Operator DESFA Suffers Ransomware-Related Data Breach Data on California Prisons’ Visitors, Staff, Inmates Exposed Indonesia Investigating Alleged Data Breaches at State-Owned Firms Textile Company Sferra Discloses Data Breach Involving Personal Info Friedrich Air Conditioning Announces Data Breach HanesBrands Reports Data Breach Following Ransomware Attack LockBit Gang Hit by DDoS Attack After Threatening to Leak Entrust Ransomware Data Meet Borat RAT, a New Unique Triple Threat Over 80,000 Exploitable Hikvision Cameras Exposed Online CISA Is Warning of High-Severity PAN-OS DDoS Flaw Used in Attacks

• 8/19-21/2022

  Russia’s ‘Oculus’ to Use AI to Scan Sites for Banned Information The Head of GCHQ Says Vladimir Putin Is Losing the Information War in Ukraine U.S. Deployed Cyber ‘Hunt Forward’ Team to Croatia Businesses Found to Neglect Cybersecurity Until it is Too Late Democrats Press Social Media Platforms Over FBI Threats Court Records Expose Name & Address of Women Who Accused Serial Groper, Despite Privacy Laws The Low Threshold for Face Recognition in New Delhi: 80% Accuracy for Match The Persona Illusion: Do You Actually Exist on Social Media? Twitter Tests a Special Tag to Highlight Phone Number-Verified Accounts Banks Nearing $1 Billion Settlement Over Traders’ Use of Banned Messaging Apps New Tool Checks if a Mobile App’s Browser Is a Privacy Risk An Encrypted Zip File Can Have Two Correct Passwords — Here’s Why

  Debit Card Fraud Leaves Ally Bank Customers, Small Stores Reeling Hackers Steal Crypto From Bitcoin ATMs by Exploiting Zero-Day Bug Russian APT29 Hackers Abuse Azure Services to Hack Microsoft 365 Users WordPress Sites Hacked With Fake Cloudflare DDoS Alerts Pushing Malware Whitworth University Still Recovering from Ransomware Attack Practice Resources Data Breach Impacts 924,138 Patients Brasseler USA Announces Data Breach Lee County EMS (FL) Notifies Patients of Data Breach New Grandoreiro Banking Malware Campaign Targeting Spanish & Mexican Manufacturers 241 NPM and PyPI Packages Caught Dropping Linux Cryptominers CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog Hackers May Have Exploited Security Flaws – Apple

• 8/18/2022

  Estonia Thwarts Cyberattack Following Removal of Soviet Monument Lawmakers Push for Improved Cybersecurity in Health Sector Amid Growing Cyber Threats Krebs: PayPal Phishing Scam Uses Invoices Sent Via PayPal Spyware Hunters Are Expanding Their Toolset Google Blocks Largest HTTPS DDoS Attack ‘Reported to Date’ What Is Cybersecurity, And Why Does It Matter? How to Upskill Tech Staff to Meet Cybersecurity Needs Janet Jackson Music Video Declared a Cybersecurity Exploit Def Con Banned a Social Engineering Star — Now He’s Suing Lloyd’s to Exclude Catastrophic Nation-Backed Cyberattacks From Insurance Coverage U.S. Extradited Russian Accused of Money-Laundering Tied to Ryuk Ransomware Gang WEB3 Is in Chaos and Metaverses Are in Their Own Walled Gardens, Says Randi Zuckerberg

  China-Backed APT41 Hackers Targeted 13 Organisations Worldwide Last Year LockBit Claims Ransomware Attack on Security Giant Entrust Fremont County (CO) Offices Close After Cyber Attack BlackByte Ransomware Gang Is Back With New Extortion Tactics Winnti Hackers Split Cobalt Strike Into 154 Pieces to Evade Detection Hackers Deploy Bumblebee Loader to Breach Target Networks Researchers Detail Evasive DarkTortilla Crypter Used to Deliver Malware Android Malware Apps With 2 Million Installs Found on Google Play Amazon Fixes Ring Android App Flaw Exposing Camera Recordings Google, Apple Squash Multiple Exploitable Browser Bugs

• 8/17/2022

  DOE Invests $45 Million in Cyber Technology That Protects Power Sector Meta Rolls Out Plan for Midterms, Pledges to Remove Misinformation TikTok Wants Your Trust Around U.S. Midterm Elections Data Germany Offers Model for Space-Industry Cybersecurity Standards Software Developer Cracks Hyundai Car Security After Simple Google Search to Find Public Keys Text Messages, Once a Bulwark of Security, Now Seen as Vulnerable The Android 13 Privacy Settings You Should Update Now Students Want to Learn to Code, but the School System Is a Barrier Thoma Bravo Closes $6.9B Acquisition of Identity-Security Vendor SailPoint

  iOS VPNs Have Leaked Traffic for More Than 2 Years, Researcher Claims North Korean Hackers Use Signed macOS Malware to Target IT Job Seekers Researchers Link Multi-Year Mass Credential Theft Campaign to Chinese ‘RedAlpha’ Hackers Atlantic Dialysis Management (NY) Data Breach Possibly Stemming from Ransomware Attack Malicious PyPi Packages Turn Discord Into Password-Stealing Malware Cybercriminals Developing BugDrop Malware to Bypass Android Security Features New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild Exploit Out for Critical Realtek Flaw Affecting Many Networking Devices Ransomware Is Still on the Rise

• 8/16/2022

  U.S. Approves Nearly All Tech Exports to China, Data Shows How Geopolitical Tension Creates Opportunities for Cyber-Criminals ‘Worrying Precedent’ as Ransomware Hackers Target South Staffs Water Lessons From the Cybersecurity Trenches CISO Salaries Balloon 15% This Year, Likely Spurred by Demand The New USB Rubber Ducky Is More Dangerous Than Ever Malicious Browser Extensions Targeted Almost 7 Million People Krebs: When Efforts to Contain a Data Breach Backfire Trump’s Passports Returned After Mar-A-Lago Search, DOJ Official Says U.S. SEC Charges Three People With Insider Trading Tied to August 2017 Hack of Equifax

  CS:GO Trading Site Hacked to Steal $6 Million Worth of Skins New MailChimp Breach Exposed DigitalOcean Customer Email Addresses India Shipping Logistics Giant Shipyaari Exposed Customer Data Conifer Hack Compromises Patient Data From 6 Hospitals Thomas More University (KY) Hacked in Multiple Ways After Facebook Account Attack Cedar Rapids School District Confirms Ransom Payment After July Cyber Attack Texas Meter & Device Company Announces Data Breach New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks RTLS Systems Vulnerable to MiTM Attacks, Location Manipulation ÆPIC and SQUIP Vulns in Intel and AMD Processors

• 8/15/2022

  Russian Hackers Target Ukraine With Default Word Template Hijacker Microsoft Disrupts Russian Hackers’ Operation on NATO Targets Chinese Tech Giants Share Details of Their Prized Algorithms With Top Regulator in Unprecedented Move CIA Accused of Illegally Spying on Americans Visiting Assange in Embassy FBI Threats Spark Calls for Reduced Rhetoric Black Hat and DEF CON Roundup New Study Reveals Serious Cyber Insurance Shortfalls Three Extradited from UK to U.S. on $5m BEC Charges New York Becomes First State to Require CLE in Cybersecurity, Privacy and Data Protection

  Argentina’s Judiciary of Córdoba Hit by PLAY Ransomware Attack Signal Alerts 1,900 Messaging Users to a Security Threat From Twilio Hackers Lamoille Health (MT) Experiences Ransomware Attack Leading to Data Breach Involving Patient Info United Health Centers of the San Joaquin Valley (CA) Data Breach Stemming From Possible Ransomware Attack Malicious PyPi Packages Aim DDoS Attacks at Counter-Strike Servers Callback Phishing Attacks See Massive 625% Growth Since Q1 2021 Most Q2 Attacks Targeted Old Microsoft Vulnerabilities Monero Planned Hard Fork Event on Saturday Makes Hackers’ Favorite Coin Even More Private

• 8/12-14/2022

  Ukraine Cyber Chief Victor Zhora Pays Surprise Visit to ‘Black Hat’ Hacker Meeting in Las Vegas White House Cyber Director: ‘Defense is the New Offense’ for Cyber Krebs: It Might Be Our Data, But It’s Not Our Breach Krebs: Sounding the Alarm on Emergency Alert System Flaws How to Create a Secure Folder on Your Phone Why It’s Taking So Long to Encrypt Facebook Messenger Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’ Google Fined $43M by Australian Court for Misleading Users Over Data Crypto Community Split on Treasury’s Tornado Cash Sanctions Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer A New Jailbreak for John Deere Tractors Rides the Right-to-Repair Wave Why Twitter Anons Are Sending Crypto to Celebrities

  Anonymous Poop Gifting Site ‘ShitExpress’ Hacked, Customers Exposed Novant (NC) Warns Patients of Data Breach; 1.3 Million Notification Letters Mailed Twilio: 125 Customers Affected by Data Breach, No Passwords Stolen Over 9,000 VNC Servers Exposed Online Without a Password Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics Chinese ‘Lucky Mouse’ Hackers Backdoored MiMi Chat App to Target Windows, Linux, macOS Users Palo Alto Bug Used for DDoS Attacks and There’s No Fix Yet Xiaomi Smartphone Vulnerabilities Could Lead to Forged Payments The Zoom Installer Let a Researcher Hack His Way to Root Access on macOS Zoom’s Latest Update on Mac Includes a Fix for a Dangerous Security Flaw Microsoft Blocks UEFI Bootloaders Enabling Windows Secure Boot Bypass

• 8/11/2022

  Russian Invasion of Ukraine Has Dangerously Destabilized International Cyber Security Norms Access to Hacked Corporate Networks Still Strong but Sales Fall Sloppy Software Patches Are a ‘Disturbing Trend’ This Mac Hacker’s Code Is So Good, Corporations Keep Stealing It The U.S. Offers a $10M Bounty for Intel on Conti Ransomware Gang New Hacker Forum ‘DUMPS’ Takes Pro-Ukraine Stance Facebook Testing Encrypted Chat Backups Suspected $3M Romance Scammer Extradited to Japan

  UK NHS Service Recovery May Take a Month After MSP Ransomware Attack Atlas MedStaff (NE) Confirms Recent Data Breach Following “Sophisticated Cyberattack” Zimbra Auth Bypass Bug Exploited to Breach Over 1,000 Servers Android Banking Trojan SOVA Returns With New Features Including Ransomware Critical Flaws Disclosed in Device42 IT Asset Management Software GitHub’s New Privacy Policy Sparks Backlash Over Tracking Cookies Looking Back at 25 Years of Black Hat

• 8/10/2022

  Finland’s Parliament Hit With Cyberattack Following U.S. Move to Admit the Country to NATO Hackers and Fraudsters Used Crypto Bridge RenBridge to Launder $540 Million Hackers Have Stolen $1.4 Billion This Year Using Crypto Bridges: Here’s Why New Dark Web Markets Claim Association With Criminal Cartels Ex-CISA Chief Chris Krebs Calls for Us to Get Serious on Security CISA Releases Cybersecurity Toolkit to Protect U.S. Elections Tech, Cyber Companies Launch Security Standard to Monitor Hacking Attempts The Hacking of Starlink Terminals Has Begun Google’s Android Red Team Had a Full Pixel 6 Pwn Before Launch Long-Awaited IoT Reverse Engineering Tool Finally Here Krebs: The Security Pros and Cons of Using Email Aliases Musk Teases X.com Social Media Platform Facebook Profits From Ads on Searches for Hate Group Pages Former Twitter Employee Found Guilty of Spying for Saudi Arabia EU Court Expands Definition of Sensitive Data, Prompting Legal Concerns for Companies

  Cisco Hacked by Yanluowang Ransomware Gang, 2.8GB Allegedly Stolen Marymount Manhattan College (NY) Data Breach Following Unauthorized Access to Network Zenith American Solutions (FL) Data Breach Impacts Sound Health and Wellness Trust American Wholesale Furniture Company (IN) Announces Data Breach Automotive Supplier Breached by 3 Ransomware Gangs in 2 Weeks 7-Eleven Denmark Confirms Ransomware Attack Behind Store Closures Conti Extortion Gangs Behind Surge of BazarCall Phishing Attacks DeathStalker’s VileRAT Continues to Target Foreign and Crypto Exchanges ‘Tropical Scorpius’ Hacker Uses New RAT Malware in Cuba Ransomware Attacks Phishing Attack Abuses Microsoft Azure, Google Sites to Steal Crypto CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems Cisco Fixes Bug Allowing RSA Private Key Theft on ASA, FTD Devices Krebs: Microsoft Patch Tuesday, August 2022 Edition Google Now Blocks Workspace Account Hijacking Attempts Automatically

• 8/9/2022

  Maui Ransomware Operation Linked to North Korean ‘Andariel’ Hackers North Korean-Sponsored Crypto Hacks on the Rise, Experts Warn Dozens of Whole Foods Stores Will Soon Let You Pay With Just a Scan of Your Palm Burger King Just Emailed Everyone a Blank Receipt in a Whopper of a Mistake How Hackers Are Stealing Credit Cards From Classifieds Sites Will Europe Force a Facebook Blackout? Chinese Scammers Target Kids With Promise of Extra Gaming Hours 1Password 8 Arrives on Android and iOS With a Big Redesign and Personalized Home Kali Linux 2022.3 Adds 5 New Tools, Updates Linux Kernel, and More Cybrary Unveils Next-Gen Interactive Training Experience for Cybersecurity Professionals Spin Technology Raises $16M to Protect SaaS Apps Against Attacks Russia-Ukraine Conflict Holds Cyberwar Lessons

  Cloudflare Employees Also Hit by Hackers Behind Twilio Breach BRP Was Target of Cybersecurity Attack Monday Quebec Farmers Union Under Ransomware Cyberattack Gibson Overseas (CA) Announces Data Breach Centerstone (TN) Announces Data Breach ‘Bitter APT’ Hackers Install ‘Dracarys’ Android Malware Using Modified Signal App 10 Malicious Python Packages Exposed in Latest Repository Attack APIC fail: Intel ‘Sunny Cove’ Chips With SGX Spill Secrets Microsoft August 2022 Patch Tuesday Fixes Exploited Zero-Day, 121 Flaws …Patch Tuesday: Yet Another Microsoft RCE Bug Under Active Exploit …‘DogWalk’ Microsoft’s Fix for ‘Data Damage’ Risk Hits PC Performance Microsoft: Exchange ‘Extended Protection’ Needed to Fully Patch New Bugs

• 8/8/2022

  Chinese Hackers TA428 May Be Behind Attacks Targeting Eastern Europe and Afghanistan deBridge Finance Crypto Platform Targeted by Lazarus Hackers Cameo’s CEO Steven Galanis Fell Victim to the Latest Bored Ape NFT Heist A Phone Carrier That Doesn’t Track Your Browsing or Location New Orchard Botnet Uses Bitcoin Founder’s Account Info to Generate Malicious Domains Treasury Sanctions Crypto ‘Mixer’ Tornado Cash for Aiding Hackers Laundering Illicit Funds Buying Cyber Insurance Gets Trickier as Attacks Proliferate, Costs Rise

  Twilio Suffers Data Breach After Its Employees Were Targeted by a Phishing Campaign 7-Eleven Stores in Denmark Closed Due to a Cyberattack Email Marketing Firm Hacked to Steal Crypto-Focused Mailing Lists Allegheny Health Network (PA) Data Breach Impacting 8,000 People After Phishing Attack Gage Brothers Concrete Products (SD) Data Breach Phishers Swim Around 2FA in Coinbase Account Heists Researchers Uncover Classiscam Scam-as-a-Service Operations in Singapore How to Find Out if You Are Involved in a Data Breach — And What to Do Next

• 8/5-7/2022

  Cybercrime a Key Revenue Stream For North Korea’s Weapons Program North Korean ‘Lazarus’ Hackers Target Crypto Experts With Fake Coinbase Job Offers Chinese Info Ops Campaign ‘HaiEnergy’ Tied to PR Firm Shanghai Haixun Technology Meta Took Down Russian Troll Farm That Supported Country’s Invasion of Ukraine Hackers Might Have Figured Out Your Secret Twitter Accounts… Twitter Confirms Breach How to Use Lockdown Mode in iOS 16 to Make Your Phone More Secure Reminder: Passkeys Are Not Just From Apple DuckDuckGo Says Okay, Okay, No to Those Microsoft Trackers After Web Revolt New Traffic Light Protocol Standard Released After Five Years Hi, I’ll Be Your Ransomware Negotiator Today – But Don’t Tell the Crooks That A Ransomware Explosion Fosters Thriving Dark Web Ecosystem Hacked Crypto Startup Nomad Offers a 10% Bounty for Return of Funds After $190 Million Attack Canada Jury Convicts Dutch Man of Sexually Extorting Canadian Teen

  Open Redirect Flaw Snags Amex, Snapchat User Data UK NHS Suffers Outage After Cyberattack on Managed Service Provider Sheppard Robson Asked to Pay Ransom After Cyber-Attack Jacksonville Sheriff’s Office Disables Computers After “Detected Suspicious Activity” First Choice Community Healthcare (NM) Confirms Data Breach Impacting Patient Health Info Gaedeke Group (TX) Confirms Compromised Email Account Led to Recent Data Breach GwisinLocker Ransomware Targets Linux Systems in South Korea Slack Resets Passwords After a Bug Exposed Hashed Passwords for Some Users Facebook Finds New Android Malware Used by APT36 (aka ‘Bitter APT’) Hackers Are Actively Exploiting Password-Stealing Flaw in Zimbra Microsoft Edge Gets Better Security Defaults on Less Popular Sites The Cybersecurity Funding Bubble Hasn’t Burst — But It’s Starting to Deflate Krebs: Class Action Targets Experian Over Account Security

• 8/4/2022

  Taiwan Defence Ministry: Website Hit by Cyber Attacks Amid Rising China Tensions From 7-11s to Train Stations, Cyber Attacks Plague Taiwan Over Pelosi Visit An Attack on Albanian Government Suggests New Iranian Aggression UK Parliament Bins Its TikTok Account Over China Surveillance Fears Cybersecurity Agencies Reveal Last Year’s Top Malware Strains Cyberattackers Increasingly Target Cloud IAM as a Weak Link Thousands of Hackers Flock to ‘Dark Utilities’ C2-As-A-Service Krebs: Scammers Sent Uber to Take Elderly Lady to the Bank Experts Warn of Fake Football (aka Soccer) Ticket Scams Student Crashes Cloudflare Beta Party, Redirects Email, Bags a Bug Bounty India Scraps Data Protection Law in Favor of Better Law Coming … Sometime

  German Chambers of Industry and Commerce Hit by ‘Massive’ Cyberattack Louisville Zoo Informs of Possible Cyberattack Leaking Customer Data More Than 21,000 Affected in HealthBack (OK) Data Breach Aria Retirement Solutions (CA) Breach After Unauthorized Access to Employee’s Email Wisan Smith Racker & Prescott (UT) Breach: Clients Report Fraudulent Tax Filings Multimillion-Dollar Solana Crypto Theft Linked to Slope Mobile Wallet Hackers Try to Extort Survey Firm QuestionPro After Alleged Data Theft New Linux Malware Brute-Forces SSH Servers to Breach Networks Hackers Exploited Atlassian Confluence Bug to Deploy Ljl Backdoor for Espionage Critical RCE Bug Could Let Hackers Remotely Take Over DrayTek Vigor Routers DHS Warns of Critical Flaws in Emergency Alert System Devices

• 8/3/2022

  Tory Leadership Vote Delayed After GCHQ Hacking Alert Ukraine Takes Down 1,000,000 Bots Used for Disinformation Taiwan Expects Increased ‘Psychological Warfare’ After Pelosi Visit Spanish Research Agency Still Recovering After Ransomware Attack Portman Warns Against Overlap in Government Cyber Leadership You Can’t Choose When You’ll Be Hit by Ransomware, but You Can Choose How You Prepare Code Dark: Children’s Hospital Strives to Minimize Impact of Hacks Ransomware Attacks Taking Toll on Security Professionals The Microsoft Team Racing to Catch Bugs Before They Happen 5 Ways Chess Can Inspire Strategic Cybersecurity Thinking A New Attack Easily Knocked Out a Potential Encryption Algorithm Corporate Lobbying Could Imperil Sweeping Data Privacy Bill Mitigating Cybersecurity Risks For Hybrid Work Environments

  Russian Organizations Attacked With New Woody RAT Malware Thousands of Solana Wallets Drained in Attack Using Unknown Exploit 35,000 Code Repos Not Hacked—but Clones Flood Github to Serve Malware School Kid Uploads Ransomware Scripts to PyPI Repository as ‘Fun’ Project Community Surgical Supply (NJ) Breach: Attacker Encrypts Sensitive Consumer Info The North Highland Company (GA) Data Breach Affects Current and Former Employees Leaked Image Shows Ransomware Attack Hit Linn-Mar School District (IA) Cloned Atomic Wallet Website Is Pushing Mars Stealer Malware Microsoft Accounts Targeted With New MFA-Bypassing Phishing Kit Researchers Warns of Large-Scale AiTM Attacks Targeting Enterprise Users Cisco Fixes Critical Remote Code Exec VPN Router Bug Windows 11 Smart App Control Blocks Files Used to Push Malware

• 8/2/2022

  Taiwan Presidential Office Website Hit by Cyberattack Ahead of Pelosi Visit …Attacks on Taiwan Websites Likely Work of Chinese ‘Hacktivists’ Russia Accuses U.S. of Direct Role in Ukraine War …U.S. Sanctions More Russian Oligarchs; Senate Moves Toward Vote to Admit Sweden and Finland Into NATO How Cyber Chiefs Cut Through Marketing Noise Wolf in Sheep’s Clothing: How Malware Tricks Users and Antivirus Reported Ransomware Attacks Are Just the Tip of the Iceberg: That’s a Problem for Everyone Krebs: No SOCKS, No Shoes, No Malware Proxy Services! Mobile Store Owner Hacked T-Mobile Employees to Unlock Phones Cybersecurity Could Offer a Way for Underrepresented Groups to Break Into Tech

  Nomad Crypto Bridge Loses $200 Million in ‘Chaotic’ Hack EU Missile Maker MBDA Confirms Data Theft Extortion, Denies Breach Semiconductor Manufacturer Semikron Hit by LV Ransomware Attack Gatto, Pope & Walrick (CA) Files Notice of Data Breach Following Reports of Potential Tax Return Fraud Chinese Hackers Using New Manjusaka Hacking Framework in GoLang Similar to Silver and Cobalt Strike New ‘ParseThru’ Parameter Smuggling Vulnerability Affects Golang-based Applications Google Patches Critical Android Bluetooth Flaw in August Security Bulletin VMware Urges Admins to Patch Critical Auth Bypass Bug Immediately Microsoft Announces New External Attack Surface Audit Tool

• 8/1/2022

  Russia Is Starting to Beat Ukraine at Electronic Warfare, Analysts Say Nancy Pelosi to Visit Taiwan Despite Warnings From China White House Warns China Not to Overreact to Potential Pelosi Visit to Taiwan Many Dems Voted to Limit TikTok. Now They’re Using It. White House Cyber Hire Highlights Diversity Challenges in Tech Workforce Steam, PayPal Blocked as Indonesia Enforces New Internet Regulation Probe Finds Israel Police Did Not Unlawfully Hack Phones of Politicians, Activists

  BlackCat Ransomware Claims Attack on European Gas Pipeline OneTouchpPoint Confirms Breach Potentially Impacting Dozens of Other Businesses Central Maine Medical Center Files Notice of Recent Data Breach With Federal Gov’t Credential Stealer Malware Raccoon Updated to Obtain Passwords More Efficiently Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys Microsoft Defender Experts for Hunting Now Available Tim Hortons Offers Free Coffee and Donut to Settle Data Privacy Invasion Claims

• 7/29-31/2022

  Justice Department Investigating Data Breach of Federal Court System Congress Takes Aggressive Stance Against Foreign Spyware You Pay More When Companies Get Hacked Security Teams Overwhelmed With Bugs, Bitten by Patch Prioritization Just Because You Don’t See Hackers, Doesn’t Mean They’re Not In Your Network U.S. Gov’t Warns Americans of Escalating Sms Phishing Attacks Krebs: 911 Proxy Service Implodes After Disclosing Breach Spyware Developer of Imminent Monitor RAT Charged by Australian Police After 14,500 Sales Meta, U.S. Hospitals Sued for Using Healthcare Data to Target Ads

  Bromford Housing Association Targeted by Cyber Attack Israel’s Sapir College Targeted by Cyber Attack; Students’ Data Held for Ransom by Hackers Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers Huge Network of 11,000 Fake Investment Sites Targets Europe Facebook Ads Push Android Adware With 7 Million Installs on Google Play LockBit Ransomware Abuses Windows Defender to Load Cobalt Strike CISA Warns of Atlassian Confluence Hard-Coded Credential Bug Exploited in Attacks Apple Just Patched 37 iPhone Security Bugs Big Questions Remain Around Massive Shanghai Police Data Breach

• 7/28/2022

  NKorean Kimsuky Use Google Chrome Extension to Steal Emails Undetected U.S., Ukraine Sign Pact to Expand Cooperation in Cyberspace EU to Open San Francisco Office Focused on Tech Regulation How Tor Is Fighting—and Beating—Russian Censorship Google Brings Street View Back to India Following 2016 Ban UK Police Warn About Social Media Accounts Being Hijacked to Post Indecent Images European Police Arrest 100 Suspects in BEC Crackdown JPMorgan, UBS, TradeStation Accused of Shoddy ID Theft Protection Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office Ransom Payments Fall as Fewer Victims Choose to Pay Hackers

  Krebs: Breach Exposes Users of Microleaves Proxy Service Hive Ransomware Group Demands £500,000 From Wooton Upper School in Bedfordshire St. Luke’s Health System (ID) Vendor Kay-Smith Data Breach Affects 31,573 Patients Clinivate (CA) Announces Data Breach Gannon Associates Insurance Agency (PA) Announces Data Breach Malicious NPM Packages Steal Discord Users’ Payment Card Info Microsoft SQL Servers Hacked to Steal Bandwidth for Proxy Services Akamai Blocked Largest DDoS in Europe Against One of Its Customers LibreOffice Addresses Security Issues With Macros, Passwords Google Delays Blocking 3rd-Party Cookies in Chrome Browser Until 2024

• 7/27/2022

  EU Justice Commissioner Didier Reynders Says Phone Likely Hacked With Israeli NSO Group’s Pegasus Spyware …Daughter of Imprisoned ‘Hotel Rwanda’ Hero to Testify on Spyware at House Hearing …We’re Likely Only Seeing ‘The Tip of the Iceberg’ of Pegasus Spyware Use Against the U.S. Moldova Plans Cyber Overhauls Amid War in Neighboring Ukraine Apple Network Traffic Takes Mysterious Detour Through Russia Weak Data Protection Helped China Attack U.S. Federal Reserve, Report Says Krebs: A Retrospective on the 2015 Ashley Madison Breach Google, Like Amazon, May Let Police See Your Video Without a Warrant Spain Arrests Suspected Hackers Who Sabotaged Radiation Alert System Average Data Breach Costs Soar to $4.4M Globally & $9.4M in the U.S. in 2022

  Microsoft Says It Caught an Austrian Spyware Group ‘DSIRF’ Using Previously Unknown Windows Exploits …‘Subzero’ New ‘Robin Banks’ Phishing Service Targets BofA, Citi, and Wells Fargo Kansas MSP Shuts Down Cloud Services to Fend Off Cyberattack Cybersecurity Vendor Entrust Tells Customers Data Was Stolen During June Cyberattack These Ransomware Hackers Gave up When They Hit Multi-Factor Authentication FileWave Fixes Bugs That Left 1,000+ Orgs Open to Ransomware, Data Theft Github Introduces 2FA and Quality of Life Improvements for NPM Fedora Ditches ‘No Rights Reserved’ Software Over Patent Concerns Protestware on the Rise: Why Developers Are Sabotaging Their Own Code

• 7/26/2022

  U.S. Doubles Reward for Tips on North Korean-Backed Hackers How Big Is the Risk That Someone Will Hack an EV Charging Network? Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands LinkedIn Phishing Target Employees Managing Facebook Ad Accounts …‘Ducktail’ Poor Training and Communications Hindering Cybersecurity Efforts Experts Find Similarities Between New LockBit 3.0 and BlackMatter Ransomware …LockBit Claims Attack on Italian Tax Agency No More Ransom Helps Millions of Ransomware Victims in 6 Years Crypto Exchange Kraken Reportedly Hunted by the Feds for Alleged Sanctions Busting Senate Panel Turns to Kids’ Online Safety NPM Users Can Now Connect a Twitter Account as a Recovery Method

  Hackers Steal $6 Million From Blockchain Music Platform Audius New Android Malware Apps Installed 10 Million Times From Google Play Arhaus (OH) Confirms Data Breach Affecting Employee Information Luca Stealer Malware Spreads Rapidly After Code Handily Appears on Github Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection Cosmicstrand UEFI Malware Found in Gigabyte, ASUS Motherboards Microsoft: IIS Extensions Increasingly Used as Exchange Backdoors Discord, Telegram Services Hijacked to Launch Array of Cyberattacks Critical FileWave MDM Flaws Open Organization-Managed Devices to Remote Hackers Critical Vulnerabilities Exposed Nuki Smart Locks to a Plethora of Attack Options Hackers Scan for Vulnerabilities Within 15 Minutes of Disclosure

• 7/25/2022

  Russia Is Quietly Ramping Up Its Internet Censorship Machine Former Google Executive Camille Stewart Gloster to Join White House Cyber Office Dems Fume at Disney’s Hulu for Blocking Ads on Abortion, Guns, Jan. 6 Crypto Firms Make Thieving Hackers an Offer: Keep a Little, Give Back the Rest UK Seizes Nearly $27m in Crypto-Assets How to Require Strong Passwords That Are Not Easily Cracked by Bad Guys on Your Shared Windows PC Devices Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11 T-Mobile Pitches $4-Per-Customer Settlement for Data Leak Impacting 80M People

  Anti-Vax Dating Site ‘Unjected’ That Let People Advertise ‘mRNA Free’ Semen Left All Its User Data Exposed Vista Bank (TX) Reports Data Breach Affecting Social Security Numbers Toronto Symphony Orchestra Customer Names and Emails Potentially Compromised in Ransomware Attack Australia’s Mount Gambier Prison Hit in Cyber Attack A ‘Top Tier’ Hacking Gang Is Likely to Be Behind Entrust Ransomware Attack Hackers Exploited PrestaShop Zero-Day to Breach Online Stores Experts Uncover New ‘CosmicStrand’ UEFI Firmware Rootkit Used by Chinese Hackers Source Code for Rust-Based Info-Stealer Released on Hacker Forums

• 7/22-24/2022

  U.S. Bolsters Cyber Alliance to Counter Rising Iran Threat N.Korea Denounces U.S. Over Washington’s Remarks on Cryptocurrency Stealing North Korean Hackers Attack EU Targets With Konni RAT Malware Hacked Ukrainian Radio Stations Broadcast Fake News About President Zelensky’s Health Thai Minister Backtracks on Spyware Admission as Government Denies Pegasus Use Chrome Use Subject to Restrictions in Dutch Schools Over Data Security Concerns Malware-as-a-Service Creating New Cybercrime Ecosystem How to Safely Lend Someone Else Your Phone Klobuchar Asks FTC to Investigate Amazon’s $3.9 Billion Move to Acquire One Medical T-Mobile Agrees to $350 Million Settlement Over Its Massive 2021 Data Breach My Big Coin Founder Is – You Guessed It – A $6M Crypto-Fraudster

  St. Marys, Ontario, Canada Is Being Extorted by LockBit Global Ransomware Gang Hacker Selling Twitter Account Data of 5.4 Million Users for $30K Online Insurer PolicyBazaar Says Customer Data Was Exposed by ‘Unauthorized Access’ British Columbia LGBTQ+ Advocacy Group Qmunity Hit With Cyberattack Smithsonian Statement: WordFly Data Security Incident PayPal Used to Send Malicious “Double Spear” Invoices QBot Phishing Uses Windows Calculator Sideloading to Infect Devices Amadey Malware Pushed via Software Cracks in SmokeLoader Campaign SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products Atlassian: Confluence Hardcoded Password Was Leaked, Patch Now! Google Bringing the Android App Permissions Section Back to the Play Store

---

Follow The Cyber Beat

Get news delivered directly to your inbox.