• 12/8/2021

  Beijing Reins In China’s Central Bank Tor’s Main Site Blocked in Russia as Censorship Widens Vietnamese ‘XE Group’ Exposed for Eight Years of Hacking, Credit Card Theft Over 40 Million People Had Health Information Leaked This Year Cybersecurity Can Pose a Risk in More Than One Way for Financial Advisors Coinbase Customers Demand Refunds Over GYEN Stablecoin Glitch Krebs: Canada Charges Its “Most Prolific Cybercriminal” Amazon Is Shutting Down Web Ranking Site Alexa.com Microsoft: Secured-Core Servers Help Prevent Ransomware Attacks

  Israel’s National Insurance Institute Hacked in Dos Attack Two Data Breaches at Sound Generations (WA) Senior Care Nonprofit Impact 103K Emotet Now Drops Cobalt Strike, Fast Forwards Ransomware Attacks Hackers Infect Random WordPress Plugins to Steal Credit Cards Moobot Botnet Chews Up Hikvision Surveillance Systems Malicious npm Code Packages Built for Hijacking Discord Servers Critical SonicWall VPN Bugs Allow Complete Appliance Takeover GraphQL API Authorization Flaw Found in Major B2B Financial Platform

• 12/7/2021

  Language Requiring Companies to Report Cyberattacks Left Out of Defense Bill Why Voluntary Approaches To Federal Cybersecurity Mandates Threaten Compliance Google Sues Alleged Russian Cyber Criminals Behind Glupteba Stop Ransomware Vaccine Released to Block Encryption Twitter Bots Pose as Support Staff to Steal Your Cryptocurrency Cryptominers Aren’t Just a Headache – They’re a Big Neon Sign That Bad Things Are on Your Network Hackers Using Omicron, COVID-19 Phishing Emails to Target Universities Why Companies Shouldn’t Shame Employees Who Fall for Hacking Scams Bosses Are Reluctant to Spend Money on Cybersecurity: Then They Get Hacked When Scammers Get Scammed, They Take It to Cybercrime Court Canadian Man Arrested for Alleged Ransomware Healthcare Attacks 5G Brings Promise – And Risk: Why Security Is Critical as We Build Out the Mobile Networks of the Future

  Disney+, Netflix, Slack Among Services Affected by Amazon Web Services Outage CS Energy Hit by Chinese Cyberattack That Almost Cost 3M Homes Power Nordic Choice Hotels Hit by Conti Ransomware, No Ransom Demand Yet LINE Pay Leaks Around 133,000 Users’ Data to Github, of All Places Pellissippi State (TN) Computer Network Brought Down After Suspected Ransomware Attack Eldon Schools (MO) Closed After Cyber-Attack on District Computers New Cerber Ransomware Targets Confluence and GitLab Servers QNAP Warns Users of Bitcoin Miner Targeting Their NAS Devices Vulnerabilities Found in GOautodial Eltima SDK Contain Multiple Vulnerabilities Affecting Several Cloud Service Provides Windows 10 Drive-By RCE Triggered by Default URI Handler Grafana Fixes Zero-Day Vulnerability After Exploits Spread Over Twitter

• 12/6/2021

  U.S. Military Has Acted Against Ransomware Groups, General Acknowledges Microsoft Disrupts Chinese Hacking Group ‘Nickel’ (aka APT15) Targeting Organizations in Dozens of Countries Israel Tightening Cyber Exports After Scandals Criminal Hackers Are Now Going After Phone Lines, Too SolarWinds Hackers Have a Whole Bag of New Tricks for Mass Compromise Attacks …France Warns of Nobelium Cyberspies Attacking French Orgs …Russian Hacking Group Uses New Stealthy Ceeloader Malware Romance Fraudster Targeted 670 Women Online

  Cyber-attack Closes UK SPAR Convenience Stores Maryland Health Department Says There’s No Evidence of Data Lost After Cyberattack Iranians Accused of Hacking St. Charles (MO) Computers to Mine Cryptocurrency Gravatar Profile Add-on Leaks Data on Millions of Users Apache Kafka Cloud Clusters Expose Sensitive Data for Large Companies WhatsApp Adds Default Disappearing Messages for New Chats

• 12/3-5/2021

  U.S. State Department Phones Were Hacked With NSO Group Pegasus Spyware Federal Watchdog Warns Security of U.S. Infrastructure ‘In Jeopardy’ Without Action Didi Hunts for Way to Delist in New York, Rocking Other Chinese ADRs Researchers Detail How Pakistani Hackers Targeting Indian and Afghan Governments FBI: Cuba Ransomware Group Hit 49 Critical Infrastructure Organizations Planned Parenthood Breach Opens Patients to Follow-On Attacks CO Utility Delta-Montrose Electric Loses Billing Ability and 2 Decades of Records After Attack Krebs: Who Is the Network Access Broker ‘Babam’? USB Devices the Common Denominator in All Attacks on Air-Gapped Systems Convincing Microsoft Phishing Uses Fake Office 365 Spam Alerts New Twitter Phishing Campaign Targets Verified Accounts

  Crypto Exchange Bitmart Hacked With Losses Estimated at $196M Celsius Network Confirms It Lost Money in the BadgerDAO DeFi Hack Polish T-Mobile Unit Faces Cyber Attack, Systems Not Compromised Riverhead School District (NY) Targeted in Cyber Attack Fake Support Agents Call Victims to Install Android Banking Malware Malicious KMSPico Installers Steal Your Cryptocurrency Wallets Researchers Discover 14 New Data-Stealing Web Browser Attacks Malicious Excel XLL Add-Ins Push Redline Password-Stealing Malware Zoho: Patch New ManageEngine Bug Exploited in Attacks ASAP UK Government Fined Over Honors List Data Breach

• 12/2/2021

  U.S. to Lead Global Effort to Curb Authoritarians’ Access to Surveillance Tools TSA Issues Directives to Rail Sector to Strengthen Cybersecurity New UK Product Security Law Won’t Be Undercut by Rogue Traders Upping and Vanishing, Gov’t Boasts Russian Internet Watchdog Announces Ban of Six More VPN Products ‘Double-Extortion’ Ransomware Damage Skyrockets 935% Phishing Actors Start Exploiting the Omicron COVID-19 Variant Phishing Scam Targets Military Families Facebook Taking Steps to Secure Accounts of Activists, Journalists, Officials Twitter Removes 3,400 Accounts Used in Gov’t Propaganda Campaigns

  AT&T Takes Steps to Mitigate Botnet Found Inside Its Network Ransomware Attack Hits French-Public School Board (ON) New NginRAT Malware Hides as Legit Nginx Process on E-commerce Servers Hackers Use In-House Zoho ServiceDesk Exploit to Drop Webshells Researches Detail 17 Malicious Frameworks Used to Attack Air-Gapped Networks Nine WiFi Routers Used by Millions Were Vulnerable to 226 Flaws Navigating Cybersecurity Risks in International Trade Krebs: Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach”

• 12/1/2021

  House Passes Bipartisan Bills to Strengthen Networks Security, Cyber Literacy Patchy Cyber Data Makes U.S. Policy Success Difficult to Gauge CISA Names Big Tech, Financial Execs and Others to Cybersecurity Advisory Committee CrowdStrike Chosen by CISA for Government Endpoint Security Initiative Australia Set to Gain Ability to Sanction Cyber Attackers Under ‘Magnitsky-Style’ Law State-Backed Hackers Increasingly Use RTF Injection for Phishing Facebook, Instagram Remove Accounts Linked to Chinese COVID-19 Disinformation Efforts Twitter Bans Users From Posting ‘Private Media’ Without a Person’s Consent Widespread ‘Smishing’ Campaign Defrauds Iranian Android Users Racy Affair Saga Between Jeff Bezos and Enquirer Reaches Final Chapter Former Ubiquiti Dev Charged for Trying to Extort His Employer Bulletproof Hosting Founder Imprisoned for Helping Cybercrime Gangs Europol: 18k Money Mules Caught Laundering Money From Online Fraud

  Planned Parenthood Los Angeles Says Hack Breached About 400,000 Patients’ Information Den Hartog Industries (IA) Victim of Cyber Attack, 5315 Employees Compromised Ransomware Attack Exposed Personal Info of John Hancock (IL) Unit Owners Gale Healthcare Solutions (FL) Info Leak Exposes 170k Records TriValley Primary Care (PA) Victim of Ransomware Waikato DHB (NZ) Cyber Attack: Cancer Hub Out of Action in Chaotic Aftermath Broward County Public Schools (FL) Reveal What Information Was Stolen in Earlier Breach 80K Retail WooCommerce Sites Exposed by Plugin XSS Bug Malicious Android App Steals Malaysian Bank Credentials, MFA Codes Emotet Now Spreads via Fake Adobe Windows App Installer Packages Microsoft Exchange Servers Hacked to Deploy BlackByte Ransomware Mozilla Fixes Critical Bug in Cross-Platform Cryptography Library VirusTotal Collections Feature Helps Keep Neat IoC Lists

• 11/30/2021

  MI6 Boss Warns of China ‘Debt Traps and Data Traps’ Democrat Congressman Bobby Rush Pushes for Pipeline Reliability Standards Ransomware vs. Cities: A Cyber War Finland Faces Blizzard of Flubot-Spreading Text Messages Targeting Android Users Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks Smartwatches for Children Are a Privacy and Security Nightmare Texas School District to Scan Children’s Devices FBI Seized $2.2M From Affiliate of REvil, Gandcrab Ransomware Gangs Finding Your Niche in Cybersecurity

  DNA Testing Firm DNA Diagnostics Center Discloses Data Breach Affecting 2.1 Million People Queensland Government Energy Generator Hit by Ransomware Hackers Plant Card-Stealing Malware on Sealand Website That Sells Baron and Duke Titles Boulder Neurosurgical & Spine Associates (CO) Hit With Data Breach Yanluowang Ransomware Tied to Thieflock Threat Actor Sabbath Ransomware Group Rebrands Multiple Times to Evade Detection EwDoor Botnet Targets AT&T Network Edge Devices at U.S. Firms Visiting a Booby-Trapped Webpage Could Give Attackers Code Execution Privileges on HP Network Printers Microsoft Defender Scares Admins With Emotet False Positives

• 11/29/2021

  North Korean APT ScarCruft (aka APT37) Mounts Desktop/Mobile Double-Pronged Spy Attacks with Chinotto Malware Lawmakers Take Aim At ‘Grinches’ Using Bots to Target Consumers During Holidays CISA Seeks Extra Email Protection The True Cost Of Rising Cyber Threats, According To A Cybersecurity CFO Cybersecurity Graduates Are Doubling, but That’s Still Not Going to Fix the Skills Crisis Phishing Remains the Most Common Cause of Data Breaches Inside Intel’s Secret Warehouse in Costa Rica Dark Web Market Cannazon Shuts Down After Massive DDoS Attack Australia Will Force Social Networks to Identify Trolls, so They Can Be Sued for Defamation

  Stealthy WIRTE Hackers Target Governments in the Middle East Data Breach at Panasonic Wind Turbine Maker Vestas Confirms Recent Security Incident Was Ransomware Kentucky Energy and Environment Cabinet Suffered Data Breach in September on Mining Permit Applications Data Breaches at Huntington Hospital (NY) and Southwestern Vermont Medical Center In Addition to LCCC, Cyber Attack Closes RiverBend Growth Association (IL) 4 Android Banking Trojan Campaigns Targeted Over 300,000 Devices in 2021 Zoom Finally Adds Automatic Updates to Windows, macOS Clients

• 11/26-28/2021

  Beijing Presses Didi to Delist From U.S. Over Data Security Fears Italy’s Antitrust Regulator Fines Google and Apple for “Aggressive” Data Practices Israel Defense Ministry Slashes Cyber Export List, Drops Saudi Arabia, UAE Krebs: The Internet is Held Together With Spit & Baling Wire Massive Hack Gave Police a Window on Cocaine, Cash and Killers Interpol Arrests Over 1,000 Suspects Linked to Cyber Crime ‘AI Will Revolutionize Every Aspect of Connectivity,’ Argue Cyber Experts

  Israel and Iran Broaden Cyberwar to Attack Civilian Targets IKEA Email Systems Hit by Ongoing Cyberattack Small-Town Japanese Hospital to Resist Paying Ransom After Cyberattack Google Warns Crypto Miners Are Using Compromised Cloud Accounts TrickBot Phishing Checks Screen Resolution to Evade Researchers New Windows 10 Zero-Day Gives Admin Rights, Gets Unofficial Patch Cyber Monday Shoppers Warned of Attacks Where Scammers Try to Extort You

• 11/25/2021

  Tencent Must Get Approval From Chinese Regulators Before Publishing New Apps and Updates How Cybercriminals Adjusted Their Scams for Black Friday 2021 …New Twists on Gift-Card Scams Flourish on Black Friday …Black Friday: How to Avoid Being Scammed by Cybersecurity Criminals Who Are Using Cryptos UK and German Police Take Down 21 Jihadist Websites UK Government Transport Website Caught Showing Porn Cybersecurity Recruitment, Training Misses the Mark

  Scammers Hack Mazda USA’s Official Instagram Page On Thanksgiving Data Breach at True Health New Mexico Impacts 62,000 State Residents International Vessel Owner Swire Pacific Offshore Hit by Cybersecurity Breach Discord Malware Campaign Targets Crypto and NFT Communities New Linux Malware Hides in Cron Jobs With Invalid Dates Microsoft Defender for Endpoint Laid Low by Another Buggy Windows Patch

• 11/24/2021

  FBI: Online Shoppers Risk Losing Over $53M to Holiday Scams Apple’s Pegasus Lawsuit a ‘Declaration of War’ Against Offensive Software Developers, Says Kaspersky Director APT C-23 Hackers Using New Android Spyware Variant to Target Middle East Users Hit by Ransomware? Make Sure You Don’t Make This First Obvious Mistake Ukraine Arrests ‘Phoenix’ Hackers Behind Apple Phishing Attacks Joke Hitman Website Catches Plotting Michigander Germany to Force ISPs to Give Discounts for Slow Internet Speeds

  GoDaddy Breach Widens to Include Reseller Subsidiaries Ransomware Attack Shuts Down Lewis and Clark Community College (IL) Campuses Seneca Family of Agencies Data Breach Impacts Thousands of Sonoma County (CA) Recipients Hackers Exploit Microsoft MSHTML Bug to Steal Google, Instagram Creds Stealthy New Javascript Malware Infects Windows PCs With RATs Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally

• 11/23/2021

  Apple Sues NSO Group for Hacking iPhones on Behalf of Governments Palantir CEO Says Companies Working With U.S. Adversaries Should Justify Their Position Russian Cybersecurity Executive Appeals to Putin as Detention for Treason Extended Tardigrade Hackers Target Big Pharma Vaccine Makers With Stealthy Malware FBI Warns of Phishing Targeting High-Profile Brands’ Customers Norsk Hydro Probe Shows Slow Pace of International Ransomware Cases Common Cloud Misconfigurations Exploited in Minutes, Report Telecommunications Industry Ombudsman Wants Telcos to Have 24-Hour Fraud Hotline The Best Black Friday 2021 Security, IT, VPN, & Antivirus Deals

  UK Ministry of Justice Secures HVAC Systems ‘Protected’ by Passwordless Wi-Fi After Tipoff French Firm Bureau Veritas Hit by Cyberattack on Cybersecurity System Ohio Election Security Tested After Attempted Hack in Lake County Over Nine Million Android Devices Infected by Info-Stealing Trojan Malware Now Trying to Exploit New Windows Installer Zero-Day Researchers Warn of Severe Risks From ‘Printjack’ Printer Attacks Microsoft Edge Adds Super Duper Secure Mode to Stable Channel How Tech Companies Can Help Solve The Cybersecurity Skills Shortage

• 11/22/2021

  Authorities Warn Organizations to Be on Guard Against Hackers During Thanksgiving Holiday …Increased Ransomware …Online Merchants: Prevent Fraudsters from Becoming Holiday Grinches Hackers Circle as Individual Investors Pour Cash Into Crypto Biomanufacturing Companies Getting Hit by Hackers Potentially Linked to Russia Inside Saint John’s Response to a ‘Devastating’ 2020 Cyberattack Krebs: Arrest in ‘Ransom Your Employer’ Email Scheme Bug Bounties Surge as Firms Compete for Talent Biometric Auth Bypassed Using Fingerprint Photo, Printer, and Glue CrowdStrike Tops List of Most Valuable Public Cybersecurity Companies On Deloitte’s Technology Fast 500 Cybersecurity Startup XM Cyber Acquired for $700 Million by Schwarz Group 10 Stocking Stuffers for Security Geeks

  GoDaddy Discloses Security Breach That Exposed 1.2 Million WordPress Customer Accounts U.S. Education Software Company SmarterSelect Exposed Personal Data of 1.2M Students Wind Turbine Giant Vestas Wind System Offline After Cyber Incident Accounting Firm PKF and Queensland Rugby Union Hit by Hackers as Landmark Bill Looms Data From Millions of Brazilians Exposed in Wi-Fi Management Software Firm WSpot Leak UK Gov’t Warns Thousands of SMBs Their Online Stores Were Hacked Dorset Council Suspected Data Breach to Be Investigated Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover New Windows Zero-Day With Public Exploit Lets You Become an Admin Exploit Released for Microsoft Exchange RCE Bug, Patch Now

• 11/19-21/2021

  Lawmakers Increasingly Anxious About U.S. Efforts Against Russian Hackers U.S. Regulators Order Banks to Report Cyberattacks Within 36 Hours More Than $500M for Cybersecurity Included in Sweeping House-Passed Package U.S. SEC Warns Investors of Ongoing Gov’t Impersonation Attacks …Fake TSA PreCheck Sites Scam U.S. Travelers With Fake Renewals Krebs: The ‘Zelle Fraud’ Scam; How it Works, How to Fight Back Criminals Have Made off With Over $10 Billion in ‘DeFi’ Scams and Thefts This Year Less than Half of Consumers Change Passwords Post-Breach Indonesia Probe Police Hack in Latest Cyber Breach Canadian Teen Nabbed in $36.5m Crypto Heist – Possibly the Biggest Haul Yet by a Single Individual Brit Admits Role in International Movie Piracy Ring

  Attempted Data Breach of Lake County (OH) Board of Elections Used to Fuel Voter-Fraud Lies Premier Property Lawyers: Police Investigate Firm’s IT Incident Radiology Center Utah Imaging Associates Hit by Data Breach Affecting 582k Patients Riviera Utilities (AL) Hit by Cyber Attack Affecting Email Systems Iran’s Mahan Air Says It Foiled Cyber Attack on Systems Emotet Botnet Comeback Orchestrated by Conti Ransomware Gang 6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years Microsoft Exchange Servers Hacked in Internal Reply-Chain Attacks Microsoft Authenticator Gets New Enterprise Security Features Microsoft: Office 365 Will Boost Default Protection for All Users

• 11/18/2021

  EPA’s Cybersecurity Oversight of Water Sector Falls Short, Report Says Hundreds Participate in Electric Grid Cyberattack Simulation Amid Increasing Threats North Korean Cyberspies Target Gov’t Officials With Custom Malware Iran Is ‘Leapfrogging Our Defenses’ in a Cyber War ‘My Gut Is We Lose’: Hacking Expert Kevin Mandia China’s APT41 Manages Library of Breached Certificates DOJ Charges Two Iranians With Interference in 2020 Election Boffins Find Way to Use a Standard Smartphone to Find Hidden Spy Cams 70% Of Security and IT Pros Find Security Hygiene and Posture Increasingly Challenging Over the Past 2 Years Heavy Workloads Are Taking Their Toll For Those On Frontlines Of Cybersecurity Wars Dark Web Crooks Are Now Teaching Courses on How to Build Botnets

  Ransomware Phishing Emails Sneak Through SEGs Thousands of Firefox Users Accidentally Commit Login Cookies on Github Hackers Deploy Linux Malware, Web Skimmer on E-commerce Servers Android Malware BrazKing Returns as a Stealthier Banking Trojan New Memento Ransomware Switches to WinRar After Failing at Encryption RedCurl Corporate Espionage Hackers Resume Attacks With Updated Tools Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models

• 11/17/2021

  Russian Ransomware Gangs Start Collaborating With Chinese Hackers Vaccine Research Among Cyber Attack Targets Phishing Scam Aims to Hijack TikTok ‘Influencer’ Accounts CISA Releases Cybersecurity Response Plans for Federal Agencies Organizations More Susceptible to Ransomware Attacks During Weekends and Holidays Krebs: Tech CEO Pleads to Wire Fraud in IP Address Scheme U.S. to Sell $56M in Seized Cryptocurrency UK Government Publishes Guidance on Security Rules for Tech Takeovers South Korean Privacy Watchdog Apologises for Violating Privacy While Mediating Privacy Lawsuit

  Officials Warn That Hackers Linked to Iranian Government Are Targeting Critical Sectors Israel’s Candiru Spyware Found Linked to Watering Hole Attacks in UK and Middle East Eskenazi (IN) Patients Receive Letters Alerting Them of Cyber Security Breach 6 Months Ago Plumas County (CA) Administrator Addresses Cyber Attack California Pizza Kitchen Data Breach Exposes Personal Information: Murphy Law Firm  Most SS7 Exploit Service Providers on Dark Web Are Scammers Netflix Bait: Phishers Target Streamers with Fake Service Signups Hackers Targeting Myanmar Use Domain Fronting to Hide Malicious Activities

• 11/16/2021

  Biden, Xi Hold Virtual Summit Amid Rising U.S.-China Tensions Report Implicates Belarus in Anti-NATO ‘Ghostwriter’ Cyber Campaign Facebook Disrupts Pakistani Hacking Group Targeting Afghan Users Microsoft Warns of the Evolution of Six Iranian Hacking Groups Oversight Finds ‘Small Lapses’ in Security Led to Colonial Pipeline, JBS Hacks FBI Calls For Firms to Report Hacks Directly to Law Enforcement These Are the Cryptomixers Hackers Use to Clean Their Ransoms Evil Corp: ‘My Hunt for the World’s Most Wanted Hackers’ FBI Email Hoaxer ID’ed by the Guy He Allegedly Loves to Torment In Alabama, Training for Cyber Crime and Competing in War Games Ethical Hackers Stymie $27B of Cybercrime

  200M Adult Cam Model, User Records Exposed in Stripchat Breach Hackers Compromised Middle East Eye News Website to Hack Visitors, Researchers Say Burnie City (Tas) Council Hackers Left Their Contact Details: Mayor Delta-Montrose Electric Association (CO) Grapples With ‘Targeted Effort’ on Its Internal Network Here Are the New Emotet Spam Campaigns Hitting Mailboxes Worldwide WordPress Sites Are Being Hacked in Fake Ransomware Attacks Inside Story of Ransomware Repeatedly Masquerading as a Popular JS Library for Roblox Gamers GitHub Fixes Authorisation Vulnerability in the NPM JavaScript Package Registry Microsoft Adds AI-Driven Ransomware Protection to Defender Researchers Demonstrate New Way to Detect MitM Phishing Kits in the Wild Ransomware Gangs Are Now Rich Enough to Buy Zero-Day Flaws, Say Researchers

• 11/15/2021

  Bipartisan Commission Urges U.S. Take Immediate Steps to Curb Online Misinformation Moses Staff Hackers Wreak Havoc on Israeli Orgs With Ransomless Encryptions Cyber Attack Victims Won’t Be Allowed to Pay More Than $100K in Ransom Under New Bill How to Negotiate With Ransomware Attackers The Best Ransomware Response, According to the Data Scam Spotter Campaign Flags Gift Card Fraud DHS Announces New Program to Attract and Retain Cybersecurity Talent Demand for Qualified Cybersecurity Workers Is Soaring U.S. Journalist Danny Fenster Imprisoned for Spreading False Information is Freed in Myanmar

  7 Million Robinhood User Email Addresses for Sale on Hacker Forum Hackers Leak Kent School Files in ‘Highly Sophisticated’ Cyber Attack Center for Human Development (CHD) Warns of Data Breach Exposing Employees, Individuals Served Cybercriminals Target Alibaba Cloud for Cryptomining, Malware Rowhammer Attacks: DDR4 Ram Defenses Broken Again Emotet Malware Is Back and Rebuilding Its Botnet via TrickBot High-Severity Intel Processor Bug Exposes Encryption Keys New Microsoft Emergency Updates Fix Windows Server Auth Issues

• 11/12-14/2021

  Hacker Sends Spam to 100,000 From FBI Email Address …Fake Cybersecurity Warnings …FBI Says Hackers Got No Data After Compromising Email Server …Krebs: Hoax Email Blast Abused Poor Coding in FBI Website Senate Democrats Urge Government to Do More to Protect K-12 Schools Against Hackers FTC Shares Ransomware Defense Tips for Small U.S. Businesses U.S. To Partner With Israel to Combat Ransomware Attacks China Regulator Proposes Cybersecurity Review for Some Hong Kong IPOs China’s Next Generation of Hackers Won’t Be Criminals: That’s a Problem Bitcoin’s Biggest Upgrade in Four Years Just Happened – Here’s What Changes Security Company Randori Faces Backlash for Waiting 12 Months to Disclose Palo Alto 0-Day Surveillance Firm WiSpear Pays $1 Million Fine After ‘Spy Van’ Scandal U.S. Accuses Russian of Money Laundering for Ryuk Ransomware Gang

  Costco Confirms: A Data Skimmer’s Been Ripping Off Customers Spanish Brewery Sociedad Anónima Damm, Maker of Estrella Damm, Paralyzed by Cyber-Attack West Virginia Parkways Authority Hit by Cyber-Attack Ransomware Experts Question Massive Pysa/Mespinoza Victim Dump Hackers Increasingly Using HTML Smuggling in Malware and Phishing Attacks QBot Returns for a New Wave of Infections Using Squirrelwaffle Fake End-To-End Encrypted Chat App Distributes Android Spyware Mac Zero Day Targets Apple Devices in Hong Kong CISA Warns of Equipment Vulnerabilities From Multiple Vendors AMD Reveals an Epyc 50 Flaws – 23 of Them Rated High Severity; Intel Has 25 Bugs, Too Zero-Day Bug in All Windows Versions Gets Free Unofficial Patch These Are the Top-Level Domains Threat Actors Like the Most Open Source Project Aims to Detect Living-Off-the-Land Attacks

• 11/11/2021

  Biden Signs Into Law Bill to Secure Telecommunications Systems Against Foreign Threats Harris Calls for Global Action on Cyber Threats After U.S. Joins International Effort Dutch Newspaper Accuses U.S. Spy Agencies of Orchestrating 2016 booking.com Breach China Still Steals Commercial Secrets for Its Own Firms’ Profit Congress Mulls Ban on Big Ransom Payouts Unless Victims Get Official Say-So CEO of Blacklisted Spyware Firm NSO Group Quits CyberVetsUSA Pilots Nebraska Project Gmail Accounts Are Used in 91% Of All Baiting Email Attacks Russian ‘King of Fraud’ Sentenced to 10 Years for Methbot Scheme Expect 2022 to Be the Year of Cybersecurity

  Dallas Police Surveillance Footage Leaked Southern Ohio Medical Center Diverting Ambulances After Apparent Cyber Attack Back-to-Back PlayStation 5 Hacks Hit on the Same Day Tiny Font Size Fools Email Filters in BEC Phishing Careful: ‘Smart TV Remote’ Android App on Google Play Is Malware Magniber Ransomware Gang Now Exploits Internet Explorer Flaws in Attacks BotenaGo Botnet Targets Millions of IoT Devices With 33 Exploits Windows 10 App Installer Abused in BazarLoader Malware Attacks AMD Fixes Dozens of Windows 10 Graphics Driver Security Bugs Google Debuts ClusterFuzzLite Security Tool for CI, CD Workflows

• 11/10/2021

  Letter From Former High-Ranking National Security Officials To Congress: Election Subversion Poses National Security Threat Harris, Macron Unveil New Initiatives on Space, Cybersecurity After Meeting States Try to ‘Parallel’ Federal Orders on Cybersecurity, Officials Say FBI Warns of Iranian Hackers Looking to Buy Us Orgs’ Stolen Data Lazarus Hackers Target Researchers With Trojanized IDA Pro Hacker-for-Hire Group ‘Void Balaur’ Spied on More Than 3,500 Targets in 18 Months New Android Spyware ‘PhoneSpy’ Found in South Korea Poses Pegasus-Like Threat TrickBot Teams up With Shatak Phishers for Conti Ransomware Attacks Cyber Agency Beefing up Disinformation, Misinformation Team Krebs: SMS About Bank Fraud as a Pretext for Voice Phishing Businesses Don’t Know How to Manage VPN Security Properly – And Cyber Criminals Are Taking Advantage How to Spot and Block Cryptominers on Your Network Firms Will Struggle to Secure Extended Attack Surface in 2022 These Industries Were the Most Affected by the Past Year of Ransomware Attacks In Ransomware Fight, FBI Balances Unlocking Victims’ Data and Chasing Attackers Former Broadcom Engineer Accused of Pinching Chip Tech to Share With New Chinese Employer In a Quantum Future, Our Economy Needs to Be Protected: A Cybersecurity Expert Explains Why

  Brittany Ferries ‘Fesses up to Leaks Caused by Routine Website Update Stor-a-File Hit by Ransomware After Crooks Target SolarWinds Serv-U FTP Software HPE Says Hackers Breached Aruba Central Using Stolen Access Key Telnyx Is the Latest VoIP Provider Hit With DDoS Attacks Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access Queensland Water Supplier Sunwater Targeted by Hackers in Months-Long Undetected Cyber Security Breach Summer Data Breach at Lander University (SC) Caught Before Paychecks Diverted Central Health (NL) Also Impacted by Cyber Attack, Investigation Ongoing City of Moline (IL) Falls Victim of Cyber Attack Now Under Federal Investigation New Android Malware ‘MasterFred’ Targets Netflix, Instagram, and Twitter Users Massive Zero-Day Hole Found in Palo Alto Security Appliances 13 New Flaws in Siemens Nucleus TCP/IP Stack Impact Safety-Critical Equipment WP Reset PRO Bug Lets Hackers Wipe WordPress Sites Microsoft Patches Excel Zero-Day Used in Attacks, Asks Mac Users to Wait These Invisible Characters Could Be Hidden Backdoors in Your JS Code Researchers Show That Apple’s CSAM Scanning Can Be Fooled Easily

• 11/9/2021

  State and Local Officials Celebrate Passage of Infrastructure Bill With $1 Billion in Cyber Funds Iranian State Hackers ‘Lyceum’ Use Upgraded Malware in Attacks on ISPs, Telcos Cash In, Fraud Out: Criminals Target Bitcoin ATMs as Crypto Popularity Surges Auto-Sector Cybersecurity Group Expands to Europe Amid Rising Threats, New Regulation Shotgun Targeting of Malware Attacks Will Be the Defining Infosec Theme of 2022, Reckons Sophos McAfee Sold to Investor Group for $14B Tor Browser 11 Removes v2 Onion URL Support, Adds New UI Krebs: REvil Ransom Arrest, $6M Seizure, and $10M Reward

  Indian Securities Depository Exposed 44 Million Investors’ Personal Info – Twice Medical Software Firm Medatixx Urges Password Resets After Ransomware Attack Clop Gang Exploiting SolarWinds Serv-U Flaw in Ransomware Attacks TeamTNT Hackers Target Your Poorly Configured Docker Servers Multiple BusyBox Security Bugs Threaten Embedded Linux Devices Krebs: Microsoft Patch Tuesday, November 2021 Edition …Urges Exchange Admins to Patch Bug Exploited in the Wild

• 11/8/2021

  Biden Takes Shot at Putin as He Touts REvil Ransom Seizure, New Criminal Cyberattack Cases …U.S. Seizes $6 Million in Ransom Payments and Charges Ukrainian Over Major Cyberattack …International Coalition Arrests Hackers Linked to Thousands of Ransomware Attacks …U.S. Sanctions Chatex Cryptoexchange Used by Ransomware Gangs Hackers Have Breached Organizations in Defense and Other Sensitive Sectors, Security Firm Says Zebra2104 Initial Access Broker Supports Rival Malware Gangs, APTs Amnesty Says NSO’s Pegasus Used to Hack Phones of Palestinian Rights Workers Anti-Israel Activists Publish Information of Israeli Security Officials Passport Scammers Spoof Texas HSI Chinese Spy Faces Decades in Jail After Conviction Criminal Group Dismantled After Forcing Victims to Be Money Mules

  Robinhood Discloses Data Breach Impacting 7 Million Customers …Nobody Lost Any Money MediaMarkt Hit by Hive Ransomware, Initial $240 Million Ransom Comics Distributor Diamond Hit by Ransomware Attack; Some Shipments Delayed Fishing Gear Seller Angling Direct Hacked to Show Pornography Maxim Healthcare Group Reports Data Breach $55m Stolen From DeFi Lending Protocol bZx Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit Zoho Password Manager Flaw Torched by Godzilla Webshell Sitecore XP RCE Flaw Patched Last Month Now Actively Exploited Google Will Kill Chrome Sync Support on Chrome 48 and Earlier

• 11/5-7/2021

  Lawmakers Call on Biden Administration to Take Further Steps Against Spyware Groups …Israeli Foreign Minister Distances Government From Blacklisted NSO Group Senators Move to Include 72 Hour Timeline for Cyber Incident Reporting in Defense Bill Native Tribal Casinos Taking Millions in Ransomware Losses Cybersecurity Companies Are Raking in Millions. Many Don’t Turn Profits. FBI Warns of Increased Use of Cryptocurrency ATMs, QR Codes for Fraud Operation Cyclone Deals Blow to Clop Ransomware Operation How InfoSec Should Use the Minimum Viable Secure Product Checklist

  U.S. Defense Contractor Electronic Warfare Hit by Data Breach Ransomware Attack on Nationwide Laboratory Services 946 UNC Patients’ Billing Info Potentially Exposed by Unauthorized Account Access Ransomware Compromises Patient Information at Victory Health Partners (AL) Proofpoint Phish Harvests Microsoft O365, Google Logins Philips Healthcare Infomatics Solution Vulnerable to SQL Injection Mozilla Thunderbird 91.3 Released to Fix High Impact Flaws Pwn2Own: Printer Plays AC/DC, Samsung Galaxy S21 Hacked Twice

• 11/4/2021

  Ukraine Links Members of Gamaredon Hacker Group to Russian FSB Beijing Lashes USA’s China Telecom Ban – But Quite Gently Top DOJ Official Predicting More Arrests in Crackdown on Ransomware, Cyber Crime Industry Pushes Back on Federal, Congressional Cybersecurity Mandate Efforts UK Labour Party Blames Breach of Members’ Data on Third-Party Cyberattack Krebs: ‘Tis the Season for the Wayward Package Phish Amazon Spoofed in New Attack Call Center Scammers Using Justin Bieber Tickets, the Weeknd Concerts and Fake Gun Purchases to Spread Malware Phishing Emails Deliver Spooky Zombie-Themed MirCop Ransomware Why Ransomware Attackers Are Moving Towards Insider Attacks and What To Do About It State Dept. Offering $10 Million Reward to Bring Colonial Pipeline Hackers to Justice

  Iranian Hacking Group BlackShadow Leaks Patient and LGBTQ Info Crypto Investors Lose $500,000 to Google Ads Pushing Fake Wallets Lockean Multi-Ransomware Affiliates Linked to Attacks on French Orgs Behavioral Health Services Business Seneca Family of Agencies (CA) Possibly Exposed Personal Data Popular ‘coa’ NPM Library Hijacked to Steal User Passwords Microsoft Exchange ProxyShell Exploits Used to Deploy Babuk Ransomware Critical Linux Kernel Bug Allows Remote Takeover Code Compiled to WebAssembly May Lack Standard Security Defenses Cisco Fixes Hard-Coded Credentials and Default SSH Key Issues CISA Urges Vendors to Patch BrakTooth Bugs After Exploits Release Samsung Galaxy S21 Hacked on Second Day of Pwn2Own Austin

• 11/3/2021

  NSO Group: Israeli Spyware Company Added to U.S. Trade Blacklist …Three Others Top Cyber Official Reports ‘Decrease’ in Russian Cyberattacks Against U.S. Groups Report: BlackMatter Ransomware Gang Goes Dark, Again …BlackMatter Ransomware Moves Victims to LockBit After Shutdown Private Sector Urged to Review New Government Cyber Directive Federal Agencies Ordered to Patch Hundreds of Vulnerabilities Student Loans Company Dismissals Highlight Insider Risk Alleged Twitter Hacker ‘PlugWalkJoe’ Charged With Theft of $784k in Crypto via Sim Swaps

  Labour Party Members’ Data Hit by Cyber Incident Greek Shipowners Cyber Tricked Over Halloween Weekend Calgary Real Estate Developer Ronmor Holdings (Ronmor Developers) Hit by Ransomware Beware: Free Discord Nitro Phishing Targets Steam Gamers Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign ‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks Sonos, HP, and Canon Devices Hacked at Pwn2Own Austin 2021

• 11/2/2021

  Krebs: The ‘Groove’ Ransomware Gang Was a Hoax Squid Game Crypto Scammers Rips Off Investors for Millions Third Stimulus Checks Still Available — And Scammers Are on the Prowl Ransomware Gangs Target Corporate Financial Activities Phishing Attacks Are Harder to Spot on Your Smartphone: That’s Why Hackers Are Using Them More Cybersecurity Awareness Must Extend Beyond the “Month” FTC’s Effort to Strengthen Online Privacy Protections Faces Hurdles Facebook Deletes 1 Billion Faceprints in Face Recognition Shutdown China Says It Applied to Join Digital Free Trade Deal Days After Proposing Law Against Cross-Border Data Flow Bowser Pleads Guilty, Ordered to Pay $4.5m to Nintendo

  National Bank of Pakistan (NBP) System Restored After Cyber Attack Viverant Physical Therapy (MI) Data Breach Impacts More Than 6,500 Patients Toledo Lucas County (OH) Public Library Experiencing Targeted Cybersecurity Attack Cybercriminals Sell Access to International Shipping, Logistics Giants Hackers Exploiting GitLab Unauthenticated RCE Flaw in the Wild Android Patches Actively Exploited Zero-Day Kernel Bug MITRE Shares List of Most Dangerous Hardware Weaknesses Microsoft Announces New Endpoint Security Solution for SMBs

• 11/1/2021

  Krebs: ‘Trojan Source’ Bug Threatens the Security of All Code Officials on Alert for Cyber Threats Ahead of Election Day Facebook Targets Nicaraguan Government for Alleged ‘Troll Farm’ Campaign Signal Now Lets You Report and Block Spam Messages Venmo to Reimburse Hacking Victims Microsoft Defender for Windows Is Getting a Massive Overhaul Cyber Attack Preparation Is A Team Sport Understanding the Human Communications Attack Surface Your Passwords Could Be On the Dark Web: How to See What Leaked After a Data Breach The Demise of White House Market Will Shake Up the Dark Web

  BlackShadow Hackers Breach Israeli Hosting Firm Cyberserve and Extort Customers Canadian Province of Newfoundland and Labrador Health Care System Disrupted by Cyberattack Nonprofit Community Medical Centers (CA) Reports Data Breach Ransomware Attack Targets Las Vegas Cancer Center Patients’ Personal Information South Korean Shipbuilder Daewoo Shipbuilding & Marine Engineering (DSME) Confirms New Possible Cyber Attack Cyber-Incident at Colleton County School District (SC) FBI: HelloKitty Ransomware Adds DDoS Attacks to Extortion Tactics Kaspersky’s Stolen Amazon Ses Token Used in Office 365 Phishing Researchers Uncover ‘Pink’ Botnet Malware That Infected Over 1.6 Million Devices Critical Flaws Uncovered in Pentaho Business Analytics Software

• 10/29-31/2021

  Federal Push to Identify, Protect Critical Groups From Hackers Gains Momentum Google FI Is Getting End-To-End Encrypted Phone Calls UK Data Watchdog Calls for End-To-End Encryption Across Video Chat Apps by Default Mozilla Firefox Joins Browsers Implementing Global Privacy Control Microsoft: Windows Web Content Filtering Now Generally Available Google Chromebooks Failing to Enroll Due to Network Issue Two of the Biggest Bitcoin Mining Companies in the World Are Battling It Out in a Small Texas Town of 5,600 People Ransomware Has Disrupted Almost 1,000 Schools in the US This Year How an Accidental Phone Answer Exposed Rogers Communications ‘Coup Plan’ Data-Breached Guntrader Website Calls in Liquidators, Is Reborn as Guntrader 2 Ltd Minnesota Man Charged with Hacking Pro Sports Leagues Police Arrest Suspected Ransomware Hackers Behind 1,800 Attacks Worldwide TrickBot Malware Dev Extradited to U.S. Faces 60 Years in Prison

  Graff Jeweler Attack: ‘Tycoons and Celebrities on Leak List as Russian Gang Demands Ransom’ Toronto Transit Commission Still Recovering From Ransomware Attack Hacker Breaches Texas Lavaca Medical Center in Hallettsville, Exposing 48K Patients’ Info Schreiber Foods Back to Normal After Ransomware Attack Shuts Down Milk Plants TA575 Criminal Group Using ‘Squid Game’ Lures for Dridex Malware Chaos Ransomware Targets Gamers via Fake Minecraft Alt Lists Microsoft Warns of Rise in Password Sprays Targeting Cloud Accounts Snake Malware Biting Hard on 50 Apps for Only $25 Hive Ransomware Now Encrypts Linux and FreeBSD Systems Google Chrome is Abused to Deliver Malware as ‘Legit’ Win 10 App New ‘Shrootless’ Bug Could Let Attackers Install Rootkit on macOS Systems

• 10/28/2021

  National Cyber Policy Will Disrupt Crime and Instill Hope Biden Administration Officials Outline Steps to Tackle Urgent Cyber Threats NSA and CISA Share Guidance on Securing 5G Cloud Infrastructure Microsoft Announces Plan to Cut Cybersecurity Workforce Shortage in Half by 2025 EU’s Green Pass Vaccination ID Private Key Reportedly Leaked Workers Quickly Get State Income Benefits After Cyberattack on German Manufacturer Ransomware Gangs Use SEO Poisoning to Infect Visitors Cybersecurity: Eight Ways To Protect The Business And Find A Partner Suspected REvil Gang Insider Identified Alleged Russian Hacker Extradited From South Korea to Stand Trial in U.S. U.S. Dismisses Assange Suicide Risk in Extradition Appeal ICS Security Firm Dragos Reaches $1.7B Valuation in Latest Funding Round Twitter’s Infosec Chief Makes the Case for Cybersecurity Expertise in Boardrooms Facebook Is Going Meta Emergency Google Chrome Update Fixes Zero-Days Used in Attacks

  Krebs: Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018 Email Hack At UMass Memorial Health Exposes Personal Information Of More Than 200,000 Patients Throckmorton (TX) County Memorial Hospital Exposed Employees’ Wages, Patients’ Health Data Sensitive Data of 400,000 German Students Exposed by API Flaw PHI Stolen in Practice Management Firm PracticeMax (AZ) Ransomware Attack Luxury Hotel Chain in Thailand Reports Data Breach Avista Warns Customers of Ransomware Attack Martin County (FL) Tax Collector’s Possibly Hit by Ransomware Attack Washington Central Unified Union School District (VT) May Have Been Hit With Ransomware Ann Arbor’s TheRide Latest Victim of Cyber Attack Android Spyware Spreading as Antivirus Software in Japan New AbstractEmu Malware Roots Android Devices, Evades Detection New Wslink Malware Loader Runs as a Server and Executes Modules in Memory Microsoft: Shrootless Bug Lets Hackers Install macOS Rootkits WordPress Plugin Bug Impacts 1m Sites, Allows Malicious Redirects All Windows Versions Impacted by New LPE Zero-Day Vulnerability

• 10/27/2021

  Blinken Formally Announces New State Department Cyber Bureau U.S. Bans China Telecom Americas Over National Security Risks Lawmakers Split on Next Steps to Secure Transportation Sectors Against Hackers Hackers Had Second Go At SEPA During Cyber Attack Android Spyware Apps Target Israel in Three-Year-Long Campaign U.S. Launches Appeal Against UK Assange Extradition Decision India’s Supreme Court Orders Pegasus Probe Federal Trade Commission Scrutinizing Facebook Disclosures Securing Your Digital Life, Part Two: The Bigger Picture—and Special Circumstances Twitter Employees Required to Use Security Keys After 2020 Hack Hackers Arrested for ‘Infiltrating’ Ukraine’s Health Database

  Russian ‘Grief’ Cybercriminals Claim to Have Hacked the NRA Cream Finance Appears to Have Suffered Major Loss in Flash Loan Hack Ransomware Hackers Freeze Millions in Papua New Guinea Aid Cash A Security Bug in Health App Docket Exposed COVID-19 Vaccine Records Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam DDoS Attacks Are Crippling UK VoIP Operators War-Driving Technique Allows Wi-Fi Password-Cracking at Scale NPM Packages Disguised as Roblox API Code Caught Carrying Ransomware Free Decryptor Released for Atom Silo and LockFile Ransomware Babuk Ransomware Decryptor Released to Recover Files for Free

• 10/26/2021

  State Department to Form New Cyber Office to Face Proliferating Global Challenges Krebs: FBI Raids Chinese Point-of-Sale Giant PAX Technology North Korea APT ‘Lazarus’ Attackers Turn to the IT Supply Chain with ‘BlindingCan RAT’ FBI: Ranzy Locker Ransomware Hit at Least 30 U.S. Companies This Year MSPs, Not Bank Of America, Are The New Ransomware Target, Says ThreatLocker Police Arrest 150 Dark Web Vendors of Illegal Drugs and Guns Money Launderers for Russian Hacking Groups Arrested in Ukraine Colorado Man, Formerly of Florida, Pleads Guilty to Falsifying Clinical Trial Data

  Iran Says Cyberattack Causes Widespread Disruption at Gas Stations Third-Party Data Breach in Singapore Hits Healthcare Provider Fullerton Health Tulsa Restaurant Chain Flo’s Burger Diner Closes for One Day After Thieves Hack Bank Account Pinelands Regional School District (NJ) Investigates Data Breach Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware Spammers Use Squirrelwaffle Malware to Drop Cobalt Strike Brutal WordPress Plugin Bug Allows Subscribers to Wipe Sites Adobe Issues Emergency Fixes for 92 Security Holes in 14 Products

• 10/25/2021

  Russian SolarWinds Hackers ‘Nobelium’ Targeting U.S. Networks in ‘Very Large and Ongoing’ Cyberattack …Russia Undeterred by U.S. Actions Ex-NSA Hacker Says a Supply Chain Cyberattack Is One of the Things That Keeps Him up at Night Krebs: Conti Ransom Gang Starts Selling Access to Victims China Is Pushing to Develop Its Own Chips — But the Country Can’t Do Without Foreign Tech Facebook Posts Slower Sales Growth… With Apple Privacy Policy Securing Your Digital Life, Part One: The Basics How We Can Narrow the Talent Shortage in Cybersecurity Updated Cybercrime Pact Aims to Speed Cross-Border Investigations NYC’s ‘Peculiar’ New Delivery App Law Raises Data Breach Fears

  NYT Journalist Ben Hubbard Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia Nearly 30k Former and Current CU Boulder Students’ Personal Information Hacked Janesville Schools (WI) Hit With Ransomware Attack Locking Digital Systems McAllen Surgical Specialty Center (TX) Identifies Possible Data Breach Millions of Android Users Targeted in Subscription Fraud Campaign New Attack Let Attacker Collect and Spoof Browser’s Digital Fingerprints BillQuick Billing App Rigged to Inflict Ransomware CISA Urges Sites to Patch Critical RCE in Discourse Microsoft Defender ATP Adds Live Response for Linux and macOS Mozilla Blocks Malicious Add-Ons Installed by 455k Firefox Users

• 10/22-24/2021

  U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn CISA Awards $2 Million to Cybersecurity Programs for Rural, Diverse Communities Groove Ransomware Calls on All Extortion Gangs to Attack U.S. Interests America Must Protect These 5 Technologies if It Wants to Remain a Superpower, Intelligence Officials Warn 22% of Brits Received Proof of Vaccination Phishing Email in Past Six Months Edward Snowden Warns Weakening Encryption Would Have Dire Consequences: ‘Privacy Is Power’ FTC: ISPs Collect and Monetize Far More User Data Than You’d Think Microsoft Rolls Out a Public Preview of E2EE in Teams Calls How Many Users Does Facebook Have? The Company Struggles to Figure It Out Google Charges More Than Twice Its Rivals in Ad Deals, Unredacted Suit Says Nebraska Issues First Federal Cyber-stalking Sentence Hacker Sells the Data for Millions of Moscow Drivers… for $800 DarkSide Ransomware Rushes to Cash Out $7 Million in Bitcoin

  ‘Lone Wolf’ Hacker Group Targeting Afghanistan and India with Commodity RATs Tesco Admits It Has Been Hit by a Cyber-Attack CoinMarketCap Hack Reportedly Leaks 3.1 Million User Email Addresses Italian Celebs’ Data Exposed in Ransomware Attack on SIAE SCUF Gaming Store Hacked to Steal Credit Card Info of 32,000 Customers Corry School District (PA) Says Ransomware Attack May Have Exposed Data on Staff, Students Acorn Stairlifts Is Victim of Cyber Attack Threat Actors Abuse Discord to Push Malware Popular NPM Library Hijacked to Install Password-Stealers, Miners Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks Microsoft: WizardUpdate Mac Malware Adds New Evasion Tactics Microsoft 365 Will Get Support for Custom Arc Configurations BlackMatter Ransomware Victims Quietly Helped Using Secret Decryptor

• 10/21/2021

  U.S., Allied Nations Force REvil Ransomware Group Offline Ransomware Gang ‘Fin7’ Masquerades as Real Company ‘Bastion Secure’ to Recruit Tech Talent Microsoft Now Defends Nonprofits Against Nation-State Attacks Document Leak Reveals Nations Lobbying to Change Key Climate Report 450 Million Cyberattacks Attempted on Japan Olympics Infrastructure: NTT Cybercrime Matures as Hackers Are Forced to Work Smarter How Psychology Can Save Your Cybersecurity Awareness Training Program New Senate Bill Would Take Steps to Protect AI-Collected Data Research Finds Consumer-Grade IoT Devices Showing Up On Corporate Networks U.S. Imprisons Bulletproof Hosting Providers Dutch Arrest Nine for Impersonating Bank Clerks to Steal From the Elderly

  Trump’s Truth Social Hacked Within Hours of Announcement Gigabyte Allegedly Hit by AvosLocker Ransomware PHI Stolen From Humana and Anthem Vendor PracticeMax MCH Group Targeted in Latest Swiss Cyber Attack Massive Campaign Uses YouTube to Push Password-Stealing Malware Evil Corp Demands $40 Million in New Macaw Ransomware Attacks RAT Malware Spreading in Korea Through Webhards and Torrents TA551 Shifts Tactics to Install Sliver Red-Teaming Tool Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer Google Launches Android Enterprise Bug Bounty Program

• 10/20/2021

  Major Russian Hacking Group ‘Evil Corp’ Linked to Ransomware Attack on Sinclair …Olympus too Google Says Russian-Speaking Hackers Hijacked YouTube Channels for Cryptocurrency Scam DDoS Attacks Against Russian Firms Have Almost Tripled in 2021 Commerce Department Cracks Down on Sale of Hacking Products to Foreign Governments UK NHS Digital Exposes Hundreds of Email Addresses After BCC Blunder Copies in Entire Invite List to ‘Let’s Talk Cyber’ Event

  New Gummy Browsers Attack Lets Hackers Spoof Tracking Profiles New PurpleFox Botnet Variant Uses WebSockets for C2 Communication Geriatric Microsoft Bug Exploited by APT Using Commodity RATs Researchers Break Intel SGX With New ‘SmashEx’ CPU Attack Technique Microsoft Warns of New Security Flaw Affecting Surface Pro 3 Devices Microsoft 365 Will Get Enhanced Insider Risk Management Tools

• 10/19/2021

  Potential Chinese Hackers ‘LightBasin’ Targeting Telecommunications Companies Lyceum APT Returns, This Time Targeting Tunisian Firms BlackByte Ransomware Decryptor Released to Recover Files for Free China’s VPN Market Now Open to Foreign Investment Zerodium Wants Zero-Day Exploits for Windows VPN Clients Brave Ditches Google for Its Own Privacy-Centric Search Engine Twitter Suspends Hacker Who Allegedly Stole Data of 45 Million Argentinians The Simmering Cybersecurity Risk of Employee Burnout

  Data Breach Hits North American Dental Management Candy Corn Maker Ferrara Hit With Ransomware Manhasset Schools (NY) Victim of Ransomware Attack Quickfox VPN Misconfiguration Exposes One Million Users TA505 Gang Is Back With Newly Polished FlawedGrace RAT About 26% Of All Malicious Javascript Threats Are Obfuscated Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services

• 10/18/2021

  Donald Trump’s Website Hacked by ‘Turkish and Muslim Hacktivist’ RootAyyildiz Who Previously Hit Biden Campaign Site Agencies Say Agriculture Groups Being Targeted by BlackMatter Ransomware State-Backed Hackers ‘Harvester’ Breach Telcos With Custom Malware Suspected Chinese Hackers Behind Attacks on Ten Israeli Hospitals Cyber Private Eyes Go After Hackers, Without Counterattacking Twitter Suspends Accounts Used to Snare Security Researchers Credit Card PINs Can Be Guessed Even When Covering the ATM Pad

  Sinclair Broadcast Group Hit by Ransomware Attack, Upending Local TV Newscasts Acer Hit With Second Cyberattack in Less Than a Week, Taiwanese Authorities Notified Spanish Business Customer Solution Giant Atento Suffers Cyber-Attack in Brazil Missouri Teacher Pension System Probing Possible Cyber Attack TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings Microsoft Asks Admins to Patch PowerShell to Fix WDAC Bypass

• 10/15-17/2021

  Treasury: $590M Paid Out by Victims of Ransomware Attacks in First Half of 2021 U.S. Links $5.2 Billion Worth of Bitcoin Transactions to Ransomware REvil Ransomware Shuts Down Again After Tor Sites Were Hijacked Twitch Says No Passwords or Login Credentials Leaked in Massive Breach Cambridge University Pauses £400m UAE Deal Over Spyware Claim Researchers Condemn Apple’s Proposed Phone-Scanning Features Facebook Should Clarify Terms of Service, Irish Privacy Regulator Says

  Data Stolen from American Osteopath Group Accenture Confirms Data Breach After August Ransomware Attack Miller County (AR) Tax Assessors Office Needs Help Retrieving Info After August Ransomware Attack Russian Cybercrime Gang ‘MirrorBlast’ Targets Finance Firms With Stealthy Macros TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates ‘Clumsy’ BlackByte Malware Reuses Crypto Keys, Worms Into Networks Brave Web Browser Will Add Bounce Tracking Privacy Protection

• 10/14/2021

  World Leaders Recognize Ransomware Attacks as ‘Global Security Threat’ White House Ransomware Summit Eyes Tighter Global Scrutiny for Crypto Agencies Warn of Cyber Threats to Water, Wastewater Systems Google: We’re Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries Microsoft Folds LinkedIn Social-Media Service in China Facebook to Shield Public Figures from Cyber-harassment House Democrats Announce Bill to Rein in Tech Algorithms WhatsApp Rolls Out iOS, Android End-To-End Encrypted Chat Backups Krebs: Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

  Acer Confirms Second Cyberattack in 2021 After Ransomware Incident in March 3D Printing Site Thingiverse Suffers Breach of 228,000 Email Addresses Amid Sluggish Disclosure DocuSign Phishing Campaign Targets Low-Ranking Employees New Yanluowang Ransomware Used in Targeted Enterprise Attacks Malicious Chrome Ad Blocker Injects Ads Behind the Scenes Rickroll Grad Prank Exposes Exterity IPTV Bug Critical Remote Hacking Flaws Disclosed in Linphone and MicroSIP Softphones Microsoft Releases Linux Version of the Windows Sysmon Tool

• 10/13/2021

  World Leaders Call For Enhanced Cooperation to Fight Escalating Wave of Ransomware Attacks Russia Excluded From 30-Country Meeting to Fight Ransomware and Cyber Crime Australia to Tackle Ransomware Data Breaches by Deleting Stolen Files 30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware Krebs: How Coinbase Phishers Steal One-Time Passwords U.S. Officially the Top Destination for Bitcoin Miners, Beating Out China for the First Time EU Legislation Introduced to Ban Anonymous Domain Registration Johns Hopkins to Launch Degree Program in Cybersecurity and Policy

  OpenSea ‘Free Gift’ NFTs Drain Cryptowallet Balances Crypto Romance Scam Drains $1.4M Verizon Digital Carrier Visible Customer Accounts Were Hacked Brazilian E-commerce Firm Hariexpress Leaks 1.75 Billion Sensitive Files Israel’ Hadera Hospital Hobbled by Cyber Attack Lancaster Media Group (PA) Attacked by Ransomware MyKings Botnet Still Active and Making Massive Amounts of Money Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers Apple Silently Fixes iOS Zero-Day, Asks Bug Reporter to Keep Quiet

• 10/12/2021

  Congress Looks to Strengthen Government’s Aging Cyber Infrastructure DOJ Sees Crypto Seizures as a Priority in Anti-Ransomware Push U.S. Cyber Agency Hopes to Avoid the ‘Regulator’ Label NSA Warns of Wildcard Certificate Risks, Provides Mitigations Google Creates Cybersecurity Team to Respond to Increased Hacks Study Reveals Android Phones Constantly Snoop on Their Users Photo Editor Android App Still Sitting on Google Play Store Is Malware 1Password Unveils Secure Sharing Tool for Passwords, Secrets Phishing Campaign Uses Math Symbols to Evade Detection Dutch Police Send Warning Letters to DDoS Booter Customers ‘Nukegate’ SCANA CEO Imprisoned for Fraud

  Microsoft Kills Bug Being Exploited in APT MysterySnail Espionage Campaign Microsoft Fended Off a Record 2.4 Tbps DDoS Attack Targeting Azure Customers Olympus US Systems Hit by Cyberattack Over the Weekend Cyberattack Shuts Down Ecuador’s Largest Bank, Banco Pichincha University of Sunderland Hit by Suspected Major Cyber Attack, IT Systems and Website Down Private Hospital Group Macquarie (NSW) Health Takes System Offline Following Cyber Incident Ransomware Attack Inhibits Servers in DeKalb County (GA) SnapMC Hackers Skip File Encryption and Just Steal Your Files FreakOut Botnet Now Attacks Vulnerable Video DVR Devices PyPI Removes ‘mitmproxy2’ Over Code Execution Concerns Krebs: Patch Tuesday, October 2021 Edition Microsoft Revokes Insecure SSH Keys for Azure DevOps Customers

• 10/11/2021

  UK Cyber Head Says Russia Responsible for ‘Devastating’ Ransomware Attacks China Has Won AI Battle With U.S., Pentagon’s Ex-software Chief Says Microsoft Reports Iranian Hackers Targeting U.S., Israeli Defense Companies U.S. Set Out to Hobble China’s Huawei, and So It Has …Huawei Cloud Targeted by Updated Cryptomining Malware Cybersecurity Is A Journey, Not A Destination Google Gives Security Keys to 10,000 High-Risk Users Facebook Says It Will Add New Safety Features, Notably for Teens on Instagram, After Bombshell Whistleblower Leak Ukrainian Police Arrest DDoS Operator Controlling 100,000 Bots

  Pacific City Bank Discloses Ransomware Attack Claimed by AvosLocker Hacker Steals Patients’ Data From San Juan Regional Medical Center (NM) Quest-Owned Fertility Clinic ReproSource Announces Data Breach After August Ransomware Attack Oregon Eye Specialists Discloses Data Breach Following Employee Email Compromise LibreOffice, OpenOffice Bug Allows Hackers to Spoof Signed Docs GitHub Revokes Duplicate SSH Auth Keys Linked to Library Bug Apple Releases iOS 15.0.2 for iPhone With Bug and Security Fixes Microsoft Defender for Identity to Detect Windows Bronze Bit Attacks

• 10/8-10/2021

  Biden Signs Bill to Strengthen K-12 School Cybersecurity Democrats Urge Federal Agencies to Address Use of Cryptocurrencies for Ransomware Payments Poll: Americans Think U.S. Politicians, Social Media Spread Misinformation More Than Foreign Governments U.S. Navy Engineer Charged in Attempt to Sell Nuclear Submarine Secrets Amnesty International Links Indian Cybersecurity Firm to Spyware Operation Russian Orgs Heavily Targeted by Smaller Tier Ransomware Gangs Google Warns 14,000 Gmail Users Targeted by Russian Group APT28 Bank of America Insider Charged With Money Laundering for BEC Scams

  BrewDog Token Gaffe Causes Massive PII Breach Cox Media Group Confirms Ransomware Attack That Took Down Broadcasts Schneck Medical Center (IN) Electronic Medical Records Back Online 10 Days After Ransomware Attack Twitch Game Page Backgrounds Defaced With Jeff Bezos’ Face Intuit Warns Quickbooks Customers of Ongoing Phishing Attacks Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems Microsoft Adds Tamper Protection to Windows 11 Security Baseline

• 10/7/2021

  Russia Charges Cybersecurity Executive Ilya Sachkov, Founder and CEO of Group-IB, With Treason …Russian Spies Reportedly Used SolarWinds Hack to Steal U.S. Counterintelligence Details …Russian-Speaking Hacking Group FIN12 Scaling up Ransomware Attacks on Hospitals …Microsoft Report Finds Russia Dominant Force Behind Cyberattacks in Past Year Navy Warship USS Kidd Facebook Page Hacked to Stream ‘Age of Empires’ Gaming Twitch Blames Server Error for Massive Data Leak …Twitch: No Credentials or Card Numbers Exposed in Data Breach …Research: Twitch Leak Included Emails, Passwords in Clear Text Patching Too Tortuous for IT Pros? SEC’s Stepped-up Cyber Scrutiny Won’t Save Shareholder Data Breach Suits Netherlands Orders Apple to Offer More App Store Payment Methods Firefox Now Shows Ads as Sponsored Address Bar Suggestions

  State-Sponsored Chinese Group APT41 Targeted India With Tax and COVID Phishing UK’s Weir Group Hit by Attempted Cyber Attack at End of Q3 Transdev Denies Data Stolen by Ransomware Group, Connects Leak to September Attack on Client Ransomware Gang Hit Barlow Respiratory Hospital in Echo Park (CA) Vidar Stealer Abuses Mastodon to Silently Get C2 Configuration Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects Unpatched Dahua Cams Vulnerable to Unauthenticated Remote Access Apache Emergency Update Fixes Incomplete Patch for Exploited Bug Microsoft Fixes Bug Blocking Azure Virtual Desktops Security Updates Microsoft Is Disabling Excel 4.0 Macros by Default to Protect Users Apple Now Requires All Apps to Make It Easy for Users to Delete Their Accounts

---

Follow The Cyber Beat

Get news delivered directly to your inbox.