• 9/24-26/2021

  Huawei CFO Meng Wanzhou Reaches Deal With Justice Department …Huawei’s Meng Wanzhou Flies Back to China After Deal With U.S. …2 Canadians Held by China Are Freed, Hours After Huawei Deal Is Reached EU ‘Denounces’ Russian ‘Ghostwriter’ Malicious Cyber Activity Aimed at Member States FBI Decision to Withhold Kaseya Ransomware Decryption Keys Stirs Debate United Health Centers Ransomware Attack Claimed by Vice Society Bitcoin.org Hackers Steal $17,000 in ‘Double Your Cash’ Scam China- And Hong Kong-Based Bitcoin Holders Scrambling to Protect Their Crypto Assets Microsoft Rushes to Register Autodiscover Domains Leaking Credentials Microsoft Will Disable Basic Auth in Exchange Online in October 2022 LG to Acquire Cybersecurity sStartup Cybellum

  Coos County Family Health Services (NH) Shut Down by Ransomware Attack Apple’s New iCloud Private Relay Service Leaks Users’ Real IP Addresses TangleBot Malware Reaches Deep into Android Device Functions Hackers Exploiting Critical VMware vCenter CVE-2021-22005 Bug Microsoft WPBT Flaw Lets Hackers Install Rootkits on Windows Devices Cybersecurity Vulnerability Could Affect Millions of Hikvision Cameras Emergency Google Chrome Update Fixes Zero-Day Exploited in the Wild Researcher Drops Three iOS Zero-Days That Apple Refused to Fix Critical Cisco Bugs Allow Code Execution on Wireless, SD-WAN SonicWall Fixes Critical Bug Allowing SMA 100 Device Takeover

• 9/23/2021

  FamousSparrow APT Wings in to Spy on Hotels, Governments Officials Urge Congress to Consider Fining Companies That Fail to Report Cyber Incidents Banks Share Data to Block Cyberattacks Ransomware Attackers Targeted This Company: Then Defenders Discovered Something Curious REvil Affiliates Confirm: Leadership Were Cheating Dirtbags Google Report Spotlights Uptick in Controversial ‘Geofence Warrants’ by Police Krebs: Indictment, Lawsuits Revive Trump-Alfa Bank Story

  Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers Illinois Integrated Eligibility System Acknowledges Possible Data Breach 10 Months After Incident Port of Houston Target of Suspected Nation-State Hack U.S. Eye-Care Providers Report Data Breaches Malware Devs Trick Windows Validation With Malformed Certs Apple Patches New Zero-Day Bug Used to Hack iPhones and Macs

• 9/22/2021

  Republican Lawmakers Raise Security, Privacy Concerns Over Huawei Cloud Services Lithuania Tells Its Citizens to Throw Xiaomi Mobile Devices in the Bin Zoom’s $15B Merger With Five9 Probed by Uncle Sam for National Security Risks Facebook’s Chief Technology Officer Mike Schroepfer to Step Down FBI, CISA, and NSA Warn of Escalating Conti Ransomware Attacks Most Business Executives Would Be Willing To Pay Cyber Ransoms: Survey Internet Users Stressed Out by Cyberattack News: Kaspersky U.S. Locks Up Call Center Scammer

  RaidForums Hacker Data Marketplace Accidentally Exposes Private Staff Page How REvil May Have Ripped Off Its Own Affiliates Real Estate Firm Marcus & Millichap Hit With Possible BlackMatter Ransomware Microsoft Exchange Autodiscover Bugs Leak 100k Windows Credentials Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation Apple Will Disable Insecure TLS in Future iOS, macOS Releases Hackers Are Scanning for Vmware Cve-2021-22005 Targets, Patch Now!

• 9/21/2021

  U.S. Treasury Sanctions Cryptocurrency Exchange for Alleged Role in Ransomware Attacks FBI Withheld Decryption Key for Kaseya Ransomware Attack for Three Weeks UK Ministry of Defence Apologises After Afghan Interpreters’ Personal Data Exposed in Email Blunder Turla APT Plants Novel Backdoor In Wake of Afghan Unrest Going Beyond Curbing Tech Giants, Xi Wants to Steer Flows of Money and Set Tighter Limits on Profit Making Facebook’s Latest “Apology” Reveals Security and Safety Disarray Users Increasingly Willing to Abandon Digital Platforms That Demand Personal Info, Stringent Passwords and Time-Consuming Forms: Study Why Cryptomining Malware Is a Harbinger of Future Attacks

  Marketron Marketing Services Hit by BlackMatter Ransomware French Shipping Giant CMA CGM Suffers Data Breach Crystal Valley (MN) Hit by Ransomware, Systems Go Offline Ukrainian Hackers Hit Family Medical Center (MI) With Ransomware New Capoae Malware Infiltrates WordPress Sites and Installs Backdoored Plugin VMware Warns of Critical Bug in Default vCenter Server Installs New macOS Zero-Day Bug Lets Attackers Run Commands Remotely Netgear Fixes Dangerous Code Execution Bug in Multiple Routers How to Fix the Windows 0x0000011b Network Printing Error

• 9/20/2021

  Indonesia Says No Evidence of Alleged Chinese Intel Hack A New Wave of APT Malware Attack Targeting Organizations in South America White House Cybersecurity Summit: A Missed Opportunity Krebs: Does Your Organization Have a Security.txt File? Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate TikTok China Just Limited Kids to 40 Minutes’ Use Each Day Google to Auto-Reset Unused Android App Permissions for Billions of Devices Europol Breaks Open Extensive Mafia Cybercrime Ring Former IT Exec Pleads Guilty to Insider Trading Conspiracy

  Major Agriculture Group New Cooperative Hit by BlackMatter Ransomware Attack VoIP.MS Phone Services Disrupted by DDoS Extortion Attack Israeli Communications Company Voicenter Hit by Major Cyber Attack Data of 106 Million Visitors to Thailand Breached Payment API Bungling Exposes Millions of Users’ Payment Data EventBuilder Misconfiguration Exposes Microsoft Event Registrant Data Epik Data Breach Impacts 15 Million Users, Including Non-Customers Hacked Sites Push TeamViewer Using Fake Expired Certificate Alert Apache OpenOffice Can Be Hijacked by Malicious Documents, Fix Still in Beta

• 9/17-19/2021

  Australia, UK, and U.S. Announce Security Partnership U.S. to Target Crypto Ransomware Payments With Sanctions Researchers Compile List of Vulnerabilities Abused by Ransomware Gangs The FCC Is Trying to Stop Robocalls, but the Scammers Won’t Disappear Cyberattackers Target Missouri Hospital At Epicenter Of COVID Outbreak, Post Patient Data Facebook Employees Flag Drug Cartels and Human Traffickers: The Company’s Response Is Weak How Facebook Hobbled Mark Zuckerberg’s Bid to Get America Vaccinated U.S. Gov’t Sites Showing Porn, Viagra Ads Share a Common Software Vendor App Annie Settlement Signals Closer Scrutiny of Data Brokers Krebs: Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

  AT&T Phone-Unlocking Malware Ring Costs Carrier $200M Health Dept. Cyber Attack Exposes Most Alaskans’ Personal Data Web Host Epik Was Warned of a Critical Security Flaw Weeks Before It Was Hacked Tech Recruiters Jabbed by Fake COVID-19 Passport Scam New “Elon Musk Club” Crypto Giveaway Scam Promoted via Email Billions More Android Devices Will Reset Risky App Permissions OMIGOD: Microsoft Azure VMS Exploited to Drop Mirai, Miners Microsoft Asks Azure Linux Admins to Manually Patch OMIGOD Bugs How to Fix Printers Asking for Admins Creds After PrintNightmare Patch

• 9/16/2021

  Senator Hassan Calls on Agencies to Take Action to Prevent Criminal Cryptocurrency Use CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug FBI: $113 Million Lost to Online Romance Scams This Year REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out 7 Steps to a More Secure Social Media Policy Household Names Hit with £500K Fine for Spamming Consumers

  Slot Machine Chain Dotty’s Reveals Data Breach Exposing SSNs, Financial Account Numbers, Biometric Data, Medical Records and More Republican Governors Association Was Hacked Earlier This Year Employee, Patient Data Compromised in Earlier Marion County Health Dept. (IN) Cyber Attack Airline Credential-Theft Takes Off in Widening Campaign Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks New Malware Uses Windows Subsystem for Linux for Stealthy Attacks New Windows Security Updates Break Network Printing

• 9/15/2021

  FTC Warns Health Apps to Notify Consumers Impacted by Data Breaches Attackers Impersonate DoT in Two-Day Phishing Scam Ransomware Gang: ‘We’ll Burn Your Data if You Get a Negotiator’ When Cyber War Becomes War Microsoft Rolls Out Passwordless Login for All Microsoft Accounts Departing U.K. Privacy Regulator Wants Global Consensus on Data Disputes Former U.S. Operatives Agree to $1.68M Settlement over Mercenary Hacking Charges

  German Election Authority Confirms Likely Cyber Attack Krebs: Customer Care Giant TTEC Hit By Ransomware No Patch for High-Severity Bug in Legacy IBM System X Servers Microsoft Fixes Critical Bugs in Secretly Installed Azure Linux App MikroTik Shares Info on Securing Routers Hit by Massive Mēris Botnet Kali Linux 2021.3 Released With New Pentest Tools, Improvements

• 9/14/2021

  Top FBI Official Says There Is ‘No Indication’ Russia Has Taken Action Against Hackers General Promises ‘Surge’ to Fight Ransomware Attacks Ex-U.S. Intelligence Operatives in UAE Hacking Case to Cooperate with FBI The Zero-Trust Approach to Managing Cyber Risk Explained Nearly 50% of On-Premises Databases Have Vulnerabilities Kape Technologies to Acquire ExpressVPN Suffolk County (NY) IT Supervisor Charged with Crypto-Mining Massachusetts AG Launches Investigation Into T-Mobile Data Breach

  Krita Art App Users Targeted by Ransomware Posing as Paid ‘Collaboration’ Opportunities Anonymous Claims to Have Stolen Huge Trove of Data From Epik, the Right-Wing’s Favorite Web Host Lubbock Co. (TX) Denies Data Breach, Says Data Temporarily Accessible Under New Software System ZLoader’s Back, Abusing Google AdWords, Disabling Windows Defender HP OMEN Gaming Hub Flaw Affects Millions of Windows Computers Travis CI Flaw Exposed Secrets of Thousands of Open Source Projects Adobe Snuffs Critical Bugs in Acrobat, Experience Manager Krebs: Microsoft Patch Tuesday, September 2021 Edition …Fixes Remaining Windows PrintNightmare Vulnerabilities

• 9/13/2021

  Apple Patches iPhone iMessage Vulnerability Exploited by NSO Group China-Based Mustang Panda Compromises Indonesian Intelligence Agency Discontent Simmers Over How to Police EU Privacy Rules FTC Warns of Extortionists Targeting LGBTQ+ Community on Dating Apps How Likely Is Your Employee To Cause A Data Breach? Brute-Force Attacks, Vulnerability Exploits Top Initial Attack Vectors Private Equity Firm Siris Capital in Talks to Acquire Cybersecurity Firm Radware, Sources Say U.S. Locks Up Oklahoma Man in Nigerian Romance Scam

  Over 60 Million Wearable, Fitness Tracking Records Exposed via Unsecured Database Post-Ida Cyber Attack Hits Jefferson Parish Courts Anonymous Hacks Texas Republican Party Website in Retaliation for State’s Abortion Ban How Walgreens’ Sloppy COVID-19 Test Registration System Exposed Patient Data Linux Implementation of Cobalt Strike Beacon Targeting Organizations Worldwide WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing Google Patches 10th Chrome Zero-Day Exploited in the Wild This Year

• 9/10-12/2021

  Stolen Credentials Led to Data Theft at United Nations Cressida Dick: Tech Giants Make It Impossible to Stop Terrorists WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud Krebs: KrebsOnSecurity Hit By Huge New IoT Botnet “Meris” Cybersecurity Seen as Rising Risk for Airlines Hackers Are Leaking Children’s Data — And There’s Little Parents Can Do Colorado County Clerk Charged with Cybercrime

  MyRepublic Data Breach Raises Data-Protection Questions Technology Giant Olympus Hit by BlackMatter Ransomware Yonkers (NY) Hacked, No Computers for the Past Week: City Hall Says No Ransom Fujitsu Confirms Stolen Data Not Connected to Cyberattack on Its Systems Mēris Botnet Hit Russia’s Yandex With Massive 22 Million RPS DDoS Attack SOVA, Worryingly Sophisticated Android Trojan, Takes Flight Windows MSHTML Zero-Day Exploits Shared on Hacking Forums

• 9/9/2021

  United Nations Confirms Its Systems Were Breached This Year SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’ Cyber-Criminal Targets Dadsnet Founders 91% Of It Teams Have Felt ‘Forced’ to Trade Security for Business Operations Report Pushes for Changes to Diversify ‘Homogenous’ U.S. Cybersecurity Workforce In the Hybrid Future, Secure Everything Like You’re Never Going Back U of Minnesota Partners With Optum, Medtronic to Launch Medical Device Cybersecurity Center LAPD Told to Harvest Social Media Handles From People They Stop, Suspect or Not Prison for BEC Scheme Money Launderer

  South African Justice Department Is Hit by Ransomware Attack Brazil’s Health Regulator Hacked After Argentina Qualifier Controversy Ransomware Attack on Desert Wells Family Medicine (AZ) Corrupts 35,000 Patients’ Records New Mēris Botnet Breaks DDoS Record With 21.8 Million RPS Attack Titanfall 2 Allegedly Hacked via “Simple Exploit” GitHub Finds 7 Code Execution Vulnerabilities in ‘Tar’ and Npm CLI ‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise Microsoft Fixes Bug Letting Hackers Take Over Azure Containers Windows MSHTML Zero-Day Defenses Bypassed as New Info Emerges

• 9/8/2021

  Pro-China Social Media Campaign Expands to New Countries, Blames U.S. For COVID After the 9/11 Attacks, Wall Street Bolstered Its Defenses The SEC Is Serious About Cybersecurity. Is Your Company? Spoofing Bug Highlights Cybersecurity for Digital Vaccine Passports Microsoft Has a $20 Billion Hacking Plan, but Cybersecurity Has a Big Spending Problem Inside Genesis: The Market Created by Cybercriminals to Make Millions Selling Your Digital Identity Experts Uncover Mobile Spyware Attacks Targeting Kurdish Ethnic Group Ukrainian Extradited to U.S. for Allegedly Selling Computer Credentials: DOJ ProtonMail Welcomes Sir Tim Berners-Lee to Its Advisory Board After Privacy Backlash

  New Zealand DDoS Wave Targets Banks, Post Offices, Weather Forecasters and More Hackers Leak Passwords for 500,000 Fortinet VPN Accounts Russian Internet Firm Yandex Hit by Major Cyber Attack -Report Howard University Shuts Down Network After Ransomware Attack TeamTNT’s New Tools Target Multiple OS Microsoft: Attackers Exploiting Windows Zero-Day Flaw (Krebs) HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack Zoho Patches Actively Exploited Critical ADSelfService Plus Bug How Much Do You Know About Ransomware? Take Our Quiz

• 9/7/2021

  Bipartisan House Group Introduces Legislation to Set Term Limit for Key Cyber Leader With the Pandemic End in Sight, Enterprise Defenders Worry About a Surge in Cyberattacks Ragnar Locker Gang Warns Victims Not to Call the FBI REvil Ransomware Group Resurfaces After Brief Hiatus Microsoft Outlook Shows Real Person’s Contact Info for IDN Phishing Emails El Salvador Becomes First Country to Adopt Bitcoin as National Currency …Price Tumbles Cybersecurity Student Scams Senior Out of $55K

  Howard University Hit With Ransomware Attack, Cancels Classes City of Bridgeport (WV) Notifies Residents of Cyber Attack Texas Right to Life Website Exposed Job Applicants’ Resumes McDonald’s Leaks Password for Monopoly VIP Database to Winners Jenkins Hit as Atlassian Confluence Cyberattacks Widen Booby-Trapped Office Files, No Patch Yet, Says Microsoft Microsoft Shares Temp Fix for Ongoing Office 365 Zero-Day Attacks

• 9/6/2021

  Russia Responsible for Cyber Attacks on German Parliament: German Foreign Ministry Pro-Russian Disinformation Systematically Spread Using Western Media Channels European Regulators Continue to Disrupt Data Transfers to U.S. IoT Attacks Skyrocket, Doubling in 6 Months ProtonMail Shares Activist’s IP Address With Authorities Despite Its “No Log” Claims TrickBot Gang Developer Arrested When Trying to Leave Korea Irish Police Seize Conti Domains Used in HSE Ransomware Attack

  French Government Visa Website Hit by Cyber-Attack That Exposed Applicants’ Personal Data Krebs: “FudCo” Spam Empire Tied to Pakistani Software Firm Ransomware Gangs Target Companies Using These Criteria Traffic Exchange Networks Distributing Malware Disguised as Cracked Software Critical Auth Bypass Bug Affect NETGEAR Smart Switches — Patch and PoC Released NPM Package With Millions of Weekly Downloads Has Fixed a Remote Code Execution Flaw New Chainsaw Tool Helps IR Teams Analyze Windows Event Logs

• 9/3-5/2021

  Why Ransomware Hackers Love a Holiday Weekend U.S. SEC: Watch Out for Hurricane Ida-Related Investment Scams Massachusetts Lawmakers to Hold Cybersecurity Hearing Voting Data From a Colorado County Was Leaked Online: Now the Clerk Is in Hiding Banksy Was Warned About Website Flaw Before NFT Hack Scam Irish Health Service Still Recovering Months After Hack: ‘A Cyber-Attack Disrupted My Cancer Treatment’ Regulators Investigate Crypto-Exchange Developer Uniswap Labs Privacy Alarm in Indonesia Over President’s Leaked Vaccine Certificate Eight U.S. States to Begin Accepting Digital Driving Licenses Apple Delays Plans to Scan Devices for Child Abuse Images After Privacy Backlash FBI: Spike in Sextortion Attacks Cost Victims $8 Million This Year

  New Zealand Internet Outage Blamed on DDoS Attack on Nation’s Third Largest Internet Provider Babuk Ransomware’s Full Source Code Leaked on Hacker Forum Data Breach at Coalinga State Hospital (CA) Reveals Private Information on Nearly 1,800 Patients Pittsburgh Public Schools Alert Families to Mailing Error That Exposed Student, Parent Information Conti Ransomware Now Hacking Exchange Servers With ProxyShell Exploits FIN7 Capitalizes on Windows 11 Release in Latest Gambit Watch Out for New Malware Campaign’s ‘Windows 11 Alpha’ Attachment Google’s TensorFlow Drops YAML Support Due to Code Execution Flaw Over 60,000 Parked Domains Were Vulnerable to AWS Hijacking Office 365 to Let Admins Block Active Content on Trusted Docs

• 9/2/2021

  Biden Administration on Alert for Cyberattacks Ahead of Labor Day Weekend Industry Groups Urge Lawmakers to Streamline Cyber Breach Reporting Rules FBI Warns of Ransomware Gangs Targeting Food, Agriculture Orgs Translated Conti Ransomware Playbook Gives Insight Into Attacks Chinese Regulators Summon 11 Ride-Hailing Firms, Including Didi, Over ‘Illegal Behavior’ Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks Krebs: Gift Card Gang Extracts Cash From 100k Inboxes Daily Digital State IDs Start Rollouts Despite Privacy Concerns WhatsApp Fined €225m for GDPR Violations …To Appeal

  Autodesk Reveals It Was Targeted by Russian SolarWinds Hackers Atlassian Confluence Flaw Actively Exploited to Install Cryptominers Student, Teacher Personal Info Taken in Dallas Independent School District Data Theft 98K Patients, Employees Impacted by CareATC (OK) Data Breach Google Play Sign-Ins Allow Covert Location-Tracking WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted Comcast RF Attack Leveraged Remotes for Surveillance Bluetooth Bugs Open Billions of Devices to DoS, Code Execution Cisco Patches Critical Authentication Bug With Public Exploit

• 9/1/2021

  FTC Bars Alleged ‘Stalkerware’ Company and Its CEO From the Surveillance Business Krebs: 15-Year-Old Malware Proxy Network VIP72 Goes Dark BEC Scammers Seek Native English Speakers on Underground A Fake Banksy NFT Sold for More Than $300,000: Then the Buyer Got His Money Back Australian Couple Admits “Serious Cyber Hacking Offenses” Twitter Adds Safety Mode to Automatically Block Online Harassment Companies Are Tired of Spending Money on Cybersecurity: Here’s How to Change Their Minds NSA: We ‘Don’t Know When or Even If’ a Quantum Computer Will Ever Be Able to Break Today’s Public-Key Encryption

  LockBit Gang Leaks Bangkok Airways Data, Hits Accenture Customers Fired NY Credit Union Employee Nukes 21gb of Data in Revenge …Half of Businesses Can’t Spot These Signs of Insider Cybersecurity Threats Linphone SIP Stack Bug Could Let Attackers Remotely Crash Client Devices Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites How to Block Windows Plug-and-Play Auto-Installing Insecure Apps

• 8/31/2021

  U.S. Officials, Experts Fear China Ransacked Exchange Servers for Data to Train AI Systems Canada Accepted 7,300 More Immigration Applications Due to Technical Bug Agencies Warn of Ransomware Threats Ahead of Labor Day Weekend LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection Coinbase Users Fear Hacking After Erroneous Emails Regulators Tighten Scrutiny of Data Breach Disclosures by Companies UK Government Considers New Regulations for Video Streaming Platforms

  Leaked Guntrader Firearms Data File Shared Indonesians Told to Delete Unsecured Tracing App Personal Health Info Potentially Exposed From Denton County (TX) COVID Vax Clinics Cybercriminal Sells Tool to Hide Malware in AMD, NVIDIA GPUs Proxyware Services Open Orgs to Abuse Fortress Home Security Open to Remote Disarmament WooCommerce Pricing Plugin Allows Malicious Code-Injection Microsoft 365 Usage Analytics Now Anonymizes User Info by Default

• 8/30/2021

  Biden Administration Establishes Program to Recruit Tech Professionals to Serve in Government Rights Group Advises Afghans to Delete Data CISA: Don’t Use Single-Factor Auth on Internet-Exposed Systems CISA to Host Third Annual President’s Cup Cybersecurity Competition SEC Sanctions Brokerages Over Email Break-Ins Army Testing Facial Recognition in Child-Care Centers China Limits Online Video Games to Three Hours a Week for Young People Chinese A.I. Firm SenseTime Files for Hong Kong IPO despite Tech Crackdown and U.S. Blacklist Elon Musk’s Loop Gets Autopilot — And an Intruder Microsoft Azure Cosmos DB Incident Underscores the Need to Closely Watch Cloud Data

  LockBit Gang to Publish 103GB of Bangkok Air Customer Data DeFi Protocol Cream Finance Hacked for Second Time This Year DuPage Medical Group (IL) Notifying 600,000 Patients About a Data Breach Passport & Healthcare Info and Leaked From Indonesia’s COVID-19 Test-and-Trace App for Traveler Northern Ontario Police Force Recovering From Ransomware Attack Ransomware Attack on Swiss City Rolle Exposed Citizens’ Data HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping AMD Zen+, Zen 2 CPUs Vulnerable to Attack QNAP Works on Patches for OpenSSL Bugs Impacting Its NAS Devices

• 8/27-29/2021

  British Embassy Exposed Details of Afghan Workers during Rush to Evacuate White House Rallies Private Industry in Cyber Battle China Plans to Ban U.S. IPOs for Data-Heavy Tech Firms Justice Department Establishes Program to Train Prosecutors to Handle Cyber Cases Fake DMCA Complaints, DDoS Threats Lead To BazaLoader Malware Amazon Disables Website Used for ISIS Propaganda Amazon Web Services Will Give Free USB Security Keys to Some Employees of U.S.-Based Customers Ragnarok Ransomware Gang Bites the Dust, Releases Decryptor Ethereum’s Blockchain Just Split in Two

  Boston Public Library Discloses Cyberattack, System-Wide Technical Outage Bangkok Airways Suffers Cyber Attack Bilaxy Exchange Reports Hot Wallet Hacked, Amount Lost Still Unknown T-Mobile Confident No Ongoing Risks to User Data from Recent Hack …CEO: Hacker Brute-Force Microsoft Warns of Widespread Phishing Attacks Using Open Redirects Critical Azure Cosmos DB Bug Allows Full Cloud Account Takeover Parallels Offers ‘Inconvenient’ Fix for High-Severity Bug

• 8/26/2021

  UK Plans New Post-Brexit Privacy Rules to Ease Data Sharing China’s Microsoft Hack May Have Had A Bigger Purpose Than Just Spying T-Mobile Hacker Who Stole Data on 50 Million Customers: ‘Their Security Is Awful’ The Real Victims of Mass Crypto-Hacks That Keep Happening FBI Shares Technical Details for Hive Ransomware Angry Birds Developer Accused of Illegal Child Data Collection Surveillance Tech Company Excession Technologies Ltd Sues Police Digital Service over ‘Flawed’ Scoring of Bids on £18m Contract

  171,000 Patients Exposed after Hackers Breach Illinois Physician Group Emails Website For Cook County Clerk Of The Circuit County Down For Maintenance After Servers Breached Chinese Developers Expose Data Belonging to Android Gamers Synology: Multiple Products Impacted by OpenSSL RCE Vulnerability Atlassian Warns of Critical Confluence Flaw VMware Issues Patches to Fix New Flaws Affecting Multiple Products

• 8/25/2021

  White House Gathers Tech, Education, Banking Leaders for Cyber Meeting …Biden: Cybersecurity Is the ‘Core National Security Challenge’ …Google, Microsoft Plan to Spend Billions on Cybersecurity after Meeting with Biden U.S. Media, Retailers Targeted by New SparklingGoblin APT FIN8 Cybercrime Gang Backdoors U.S. Orgs with New Sardonic Malware Krebs: Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents Drug Dealers Get 27 Years After Police Crack EncroChat Comms Australia Passes Identify and Disrupt Bill

  73,000 Patients’ Data Affected in Ransomware Attack on Singapore Eye Clinic Atlanta Allergy & Asthma Sends Notice of Healthcare Data Breach to 9,800 Patients California State University, Chico Data Breach Exposes Student Requests for Vaccine Exemptions Mirai-Style IoT Botnet Is Now Scanning for Router-Pwning Critical Vuln in Realtek Kit Critical F5 BIG-IP Bug Impacts Customers in Sensitive Sectors Ethereum Urges Go Devs to Fix Severe Chain-Split Vulnerability Microsoft: ProxyShell Bugs “Might Be Exploited,” Patch Servers Now! Microsoft Will Add Secure Preview for Office 365 Quarantined Emails

• 8/24/2021

  Amazon, Apple, Microsoft & Other CEOs Reportedly to Attend White House Cybersecurity Meeting Bahraini Activists Targeted Using a New iPhone Zero-Day Exploit From NSO Group …New Zero-Click iPhone Exploit Used to Deploy NSO Spyware Chinese Auto-Maker Accused of Altering Data after Fatal Autonomous Car Accident HYCU Initiative Offers Free Evaluation for Ransomware Recovery Prospects Over a Third of Smart Device Owners Do Not Take Security Measures Samsung Can Remotely Disable Their TVs Worldwide Using TV Block Coinbase Slammed for What Users Say Is Terrible Customer Service after Hackers Drain Their Accounts

  Cyber-thieves Scam Town of Peterborough (NH) Out of $2.3M CarePointe Ear, Nose and Throat (IN) Targeted in Ransomware Attack Fake OpenSea Support Staff Are Stealing Cryptowallets and NFTS Fake Apple Rep Amasses 620,000+ Stolen iCloud Pics, Vids in Hunt for Images of Nude Women to Trade Pysa Ransomware Gang’s Script Shows Exactly the Files They’re After Custom WhatsApp Build Delivers Triada Malware SteelSeries Bug Gives Windows 10 Admin Rights by Plugging in a Device B. Braun Updates Faulty IV Pump after McAfee Discovers Vuln Allowing Attackers to Change Doses

• 8/23/2021

  UN-Backed Tech Group Adds Taliban to List of Terrorist Organizations Singapore, U.S. Pledge Deeper Collaboration in Cybersecurity Hackers Leak Footage of Iranian Prison Company Data Hoards Create Tempting Targets for Hackers FBI: OnePercent Group Ransomware Targeted U.S. Orgs since Nov 2020 CISA Warns Admins to Urgently Patch Exchange ProxyShell Bugs Hacker Behind $600 Million Crypto Heist Returns Final Slice of Stolen Funds …Gets 500k Reward

  New Research Finds 38 Million Records Exposed Online Earlier This Year Nokia Subsidiary SAC Wireless Discloses Data Breach after Conti Ransomware Attack Phishing Attack Exposes Medical Information for 12,000 Patients at Revere Health (UT) Researchers Detail Modus Operandi of ShinyHunters Cyber Crime Group Phishing Campaign Uses UPS.com XSS Vuln to Distribute Malware Attackers Actively Exploiting Realtek SDK Flaws Razer to Fix Windows Installer That Grants Admin Powers If You Plug in a Mouse

• 8/20-22/2021

  China Passes Major Data Protection Law as Regulatory Scrutiny on Tech Sector Intensifies …Jack Ma’s Costliest Business Lesson: China Has Only One Leader State Department Hit by Cyber Attack, Source Says US Census Bureau Failed Breach Response, Watchdog Says Schools, Colleges Brace for Cyberattacks as Students Return Inside Afghanistan’s Cryptocurrency Underground as the Country Plunges into Turmoil Cybersecurity Jobs: This Is What We’re Getting Wrong When Hiring – And Here’s How to Fix It “Cybersecurity Is the New Seat Belt” Says STX Next SynAck Ransomware Decryptor Lets Victims Recover Files for Free Web Censorship Systems Can Facilitate Massive DDoS Attacks Why Phone Scams Are So Difficult to Tackle Key QAnon Influencer ‘GhostEzra’ Identified New York Man Gets Three Years for Stealing Nude Photos from College Victims

  T-Mobile Data Breach Just Got Worse — Now at 54 Million Customers AT&T Denies Data Breach after Hacker Auctions 70 Million User Database NYC Teachers’ Social Security Numbers Exposed Twin Falls County (ID) Identifies Ransomware as Source of Computer Problems Personal Data Breached in Rockwood School District (MO) Ransomware Attack Mozi IoT Botnet Now Also Targets Netgear, Huawei, and ZTE Network Gateways Microsoft Exchange Servers Being Hacked by New LockFile Ransomware LockFile Ransomware Uses PetitPotam Attack to Hijack Windows Domains Cloudflare Mitigated One of the Largest DDoS Attack Involving 17.2 Million RPS Pegasus iPhone Hacks Used as Lure in Extortion Scheme Razer Bug Lets You Become a Windows 10 Admin by Plugging in a Mouse Microsoft Shares Guidance on Securing Windows 365 Cloud PCs

• 8/19/2021

  North Korea Linked APT InkySquid Exploiting Known IE Bugs The Pandemic Revealed the Health Risks of Hospital Ransomware Attacks COVID-19 Contact-Tracing Data Exposed, Fake Vax Cards Circulate You Can Post LinkedIn Jobs as Any Employer — So Can Attackers Wanted: Disgruntled Employees to Deploy Ransomware (Krebs) CISA Shares Guidance on How to Prevent Ransomware Data Breaches Facebook Hit With New Antitrust Suit From Federal Trade Commission Woman’s Facebook Account Hacked, Loses More than a Decade’s Worth of Friends CEO Tried Funding His Startup by Asking Insiders to Deploy Ransomware Florida Women Charged Over Sexually Exploitative Child Modeling Sites

  More than $90 Million in Cryptocurrency Stolen from Japanese Exchange Liquid JPMorgan Chase Notifies Montana Customers of Data Breach Brazil’s Clothing Chain Renner Suffers Ransomware Attack and Systems Are Down Data Stolen as Social Housing Group Suffers Ransomware Attack Attempted Marion County (IN) Cyberattack Delaying Some Death Certificates What To Do If You Think You’re Affected by the T-Mobile Breach Ransomware: Amateur Attack Shows How Clueless Criminals Are Trying to Get In on the Action Critical Cisco Bug in Small Business Routers to Remain Unpatched Hackers Can Bypass Cisco Security Products in Data Theft Attacks New Unofficial Windows Patch Fixes More PetitPotam Attack Vectors

• 8/18/2021

  Census Bureau Computer Servers Target of January 2020 Cyberattack Hacks Rank Among Top Power Grid Risks, Watchdog Says China Orders Annual Security Reviews for All Critical Information Infrastructure Operators Facebook Shares AI Advancements Improving Content Moderation Feds Expected to Reveal New Strategy in Facebook Antitrust Fight Bitcoin Mixer Owner Pleads Guilty to Laundering over $300 Million Airline Employee Jailed for Spending Passengers’ Money

  Krebs: T-Mobile Breach Exposed SSN/DOB of 40M+ People …U.S. Telecoms Agency to Probe T-Mobile Data Breach Pine Labs Faces Alleged Data Breach; 50,000 Unique Records Exposed Bogus Cryptomining Apps Infest Google Play HolesWarm Malware Exploits Unpatched Windows, Linux Servers Diavol Ransomware Sample Shows Stronger Connection to TrickBot Gang GitHub Urges Users to Enable 2FA after Going Passwordless

• 8/17/2021

  Rubio Reiterates Calls for TikTok Ban after China’s Reported Ownership Stake Facebook Says It Will Keep Ban on Taliban Content …WhatsApp Can’t Ban the Taliban Because It Can’t Read Their Texts Iranian APT Hackers Impersonate HR Employees to Hit Israeli Targets Brazilian Government Discloses National Treasury Ransomware Attack Conti Ransomware Prioritizes Revenue and Cyberinsurance Data Theft LockBit 2.0 Ransomware Proliferates Globally Phishing Costs Reach New High of $14.8M for Large Companies Crypto Platform Hit by $600 Million Heist Asks Hacker to Become Its Chief Security Advisor Chicago Pharmacist Arrested After Selling CDC COVID-19 Vaccination Cards On eBay Apple: CSAM Image-Detection Backdoor ‘Narrow’ in Scope

  Chase Bank Accidentally Leaked Customer Info to Other Customers Records Missing from Illinois Vaccination Portal Indiana Contact Tracing Data Breached Japan’s Tokio Marine Is the Latest Insurer to Be Victimized by Ransomware Krebs: T-Mobile Investigating Claims of Massive Data Breach Malicious Ads Target Cryptocurrency Users With Cinobi Banking Trojan Malware Campaign Uses Clever ‘CAPTCHA’ to Bypass Browser Warning Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop CISA Releases Alert on BadAlloc Vulnerability in BlackBerry Products If You Haven’t Updated ThroughTek DVR since 2018 Do So Now, Warns Mandiant of Critical Vuln Fortinet Delays Patching Zero-Day Allowing Remote Server Takeover

• 8/16/2021

  Afghan Broadcasters for U.S. Government Radio Fear Taliban Backlash Secret Terrorist Watchlist with 2 Million Records Exposed Online Colonial Pipeline Reports Data Breach after May Ransomware Attack Tech Hack Notification Delays Can Leave Corporate Customers in the Lurch Anonymous Messaging App Yik Yak Returns after 4-Year Shutdown Tesla Autopilot Faces U.S. Safety Regulator’s Scrutiny after Crashes with Emergency Vehicles Education Giant Pearson Fined $1M for Downplaying Data Breach Sim Swap Scammer Pleads Guilty to Instagram Account Hijacks, Crypto Theft

  T-Mobile Confirms Servers Were Hacked, Investigates Data Breach Dallas Cops Lost 8TB of Criminal Case Data during Bungled Migration SUNY Research Foundation Breach Potentially Affects 47,000 Malware Dev Infects Own PC and Data Ends up on Intel Platform Troubling New Disk-Level Encryption Ransomware ‘DeepBlueMagic’ Surfaces XSS Bug in SEOPress WordPress Plugin Allows Site Takeover Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets

• 8/13-15/2021

  Crypto Hacker Offered Reward After $600m Heist …How Hackers Stole and Returned $600M in Tokens From Poly Network UN Calls for Moratorium on Sale of Surveillance Tech Like NSO Group’s Pegasus Krebs: New Anti Anti-Money Laundering Services for Crooks SynAck Ransomware Releases Decryption Keys After El_Cometa Rebrand Mysterious Hacker Group Suspected in July Cyberattack on Iranian Trains Cost of Cyberattacks Significantly Higher for Smaller Healthcare Organizations App Store Competition Targeted by Bipartisan Senate Bill Senators Want Answers About Amazon’s Biometric Data Collection Amazon’s Plan to Track Worker Keystrokes: A Sign of Controls to Come? Facebook Adds End-to-End Encryption for Audio and Video Calls in Messenger Microsoft Teams Will Alert Users of Incoming Spam Calls

  Hacker Claims to Steal Data of 100 Million T-Mobile Customers Ford Bug Exposed Customer and Employee Records From Internal Systems Emails From Lithuanian Ministry of Foreign Affairs for Sale on Data-Trading Forum Cyberattack Hits Israel’s Bar Ilan University: ‘Data Is Being Erased Right Now’ Memorial Health Systems (OH) Experiences Cyber Attack U.S. Brokers Warned of Ongoing Phishing Attacks Impersonating FINRA WordPress Sites Abused in Aggah Spear-Phishing Campaign Cyberattackers Embrace CAPTCHAs to Hide Phishing, Malware Hackers Spotted Using Morse Code in Phishing Attacks to Evade Detection Vice Society Ransomware Joins Ongoing PrintNightmare Attacks Researchers Find Vulns in Wodify Gym Management Web App Used With CrossFit Windows 365 Exposes Microsoft Azure Credentials in Plaintext

• 8/12/2021

  Report Finds U.S. Government Has Made Progress on Cybersecurity, More Work Remains Huawei Stole Our Tech and Created a ‘Backdoor’ to Spy on Pakistan, Claims CA IT Biz Businesses Push to Shape Federal Rules for Disclosing Hacks A Cybersecurity Stop Sign: CISA Introduces Bad Practices Covid-19 Vaccine Scammers Target Authorities in Dozens of Countries Including Italy and Colombia Suspected Hacker Behind $600 Million Poly Network Crypto Heist Did It ‘for Fun’ Rogue Marketplace AlphaBay Reboots Ukraine Shuts Down Money Laundering Cryptocurrency Exchanges Google Search Led to Arrest of Cleared Campaigner

  Chanel Apologizes for Data Breach QR Code Scammers Get Creative with Bitcoin ATMs Hackers Now Backdoor Microsoft Exchange Using ProxyShell Exploits Microsoft: Evasive Office 365 Phishing Campaign Active Since July 2020 Ransomware Gang Uses PrintNightmare to Breach Windows Servers Cornell University Researchers Discover ‘Code-Poisoning’ Attack Brooklyn Tech Students Uncovered a NYC Schools Data Breach: Here’s How They Took Action GitHub Picks Friday 13th to Kill off Password-Based Git Authentication

• 8/11/2021

  China Sentences Canadian Citizen to 11 Years for Espionage in Case at Heart of Diplomatic Standoff Lawmakers Raise Concerns Over Federal Division of Cybersecurity Responsibilities Kaseya’s ‘Master Key’ to REvil Attack Leaked Online Hackers Return Nearly Half of the $600 Million They Stole in One of the Biggest Crypto Heists Crypto Industry Seeks to Build Momentum After Losing Senate Fight The Family That Bet Everything on Bitcoin When It Was $900 Is Now Storing It in Secret Vaults on Four Different Continents Cyberfraud Shifts to Gaming, Travel and Leisure, Report Finds Attacks Leveraging Open Redirects on Google Meet, DoubleClick Surge Norton LifeLock to Acquire Security Rival Avast in $8b Deal Apple Settles Copyright Lawsuit With Virtual iOS Software Company

  Accenture Restores Affected Systems After Reported Ransomware Attack …Accenture Says LockBit Ransomware Attack Caused ‘No Impact’ Millions of Seniors Hit by SeniorAdvisor Data Breach Patient Information May Have Been Stolen in St. Joseph’s/Candler (GA) Ransomware Attack Scripps Health (CA) Cyber Attack Cost the Company $113 Million Charlotte Mecklenburg Schools (NC) Says Release Of Confidential Student Data Was Human Error, Not Hack ‘Friends’ Reunion Anchors Video Swindle New AdLoad Malware Variant Slips Through Apple’s XProtect Defenses Microsoft Confirms Another Windows Print Spooler Zero-Day Bug SAP Patches Nine Critical & High-Severity Bugs

• 8/10/2021

  Senate Includes Over $1.9 Billion for Cybersecurity in Infrastructure Bill Amazon Awarded Secret $10B NSA Cloud Computing Contract Chinese Espionage Group UNC215 Targeted Israeli Government Networks Tucker Carlson’s Spying Allegations Being Investigated by National Security Agency Watchdog Mike Lindell’s 2020 Election Symposium Delayed by ‘Hacked’ Livestream Connected Farms Easy Pickings for Global Food Supply-Chain Hack An Escalating Threat: How Smart Buildings Can Fall Victim to a Cyber Attack Main Street Overconfidence: America’s Small Businesses Aren’t Worried About Hacking Remote Workers Duck Security Rules Cybercrime Victims Reluctant to Call Cops Tech-Savvy Teens Falling Prey to Online Scams Faster Than Their Grandparents Hackers Netting Average of Nearly $10,000 for Stolen Network Access Boffins Propose Pretty Good Phone Privacy to End Pretty Invasive Location Data Harvesting by Telcos

  $600M in Cryptocurrencies Swiped From Poly Network Servers After Security Snafu Crytek Confirms Egregor Ransomware Attack, Customer Data Theft Electromed Reveals Data Breach, Offers Identity Theft Protection to Customers Fraudsters Impersonate DPD in “Convincing” New Smishing Scam Chaos Malware Walks Line Between Ransomware and Wiper eCh0raix Ransomware Variant Targets QNAP, Synology NAS Devices Krebs: Microsoft Patch Tuesday, August 2021 Edition …Microsoft Fixes Windows Print Spooler PrintNightmare Vulnerability …Windows Security Update Blocks PetitPotam NTLM Relay Attacks Microsoft Revives Deprecated RDCMan After Fixing Security Flaw Adobe Fixes Critical Preauth Vulnerabilities in Magento Firefox Adds Enhanced Cookie Clearing, HTTPS by Default in Private Browsing

• 8/6-9/2021

  Krebs: Phishing Sites Targeting Scammers and Thieves House of Commons (HoC) Beefs up Cyber Training Following Matt Hancock CCTV Leak Scandal Why Understanding Cybersecurity Is No Longer Optional For Businesses Ransomware Poses Threat to Vulnerable Local Governments Putin Is Crushing Biden’s Room to Negotiate on Ransomware White House Backs Senators Pushing for Stricter Crypto Reporting Rules FTC Hits Facebook Over ‘Inaccurate’ Explanation for Banning Researchers Thousands Sign Open Letter Arguing Against Apple Plan to Scan U.S. iPhones for Child Sexual Abuse Images Virtual Vaccination Card Prompts Cybersecurity Fears Yelp to Allow Users to Filter Businesses Based on Vaccination Requirements Florida Martial Arts Instructor Accused of Spying on Students U.S. Imprisons Drone Whistleblower Microsoft Adds Fusion Ransomware Attack Detection to Azure Sentinel Google Drops Bluetooth Titan Security Keys in Favor of Nfc Versions Pulse Secure VPNs Get New Urgent Update for Poorly Patched Critical Flaw Microsoft Exchange Servers Scanned for ProxyShell Vulnerability, Patch Now Windows PetitPotam Vulnerability Gets an Unofficial Free Patch

  Computer Hardware Giant GIGABYTE Hit by RansomEXX Ransomware One Million Stolen Credit Cards Leaked to Promote Carding Market 162,000 Patients Exposed in Ransomware Attack on Gastroenterology Consultants (TX) Illinois’ FOID Card System Hit by Cyber Attack StarHub Suffers Data Breach, but Says No System Was Compromised Android Malware ‘FlyTrap’ Hijacks Facebook Accounts Australian Gov’t Warns of Escalating LockBit Ransomware Attacks ‘Glowworm’ Attack Turns Power Light Flickers into Audio Synology Warns of Malware Infecting NAS Devices With Ransomware Golang Cryptomining Worm Offers 15% Speed Boost Auth Bypass Bug Exploited, Affecting Millions of Routers Go, Rust “Net” Library Affected by Critical IP Address Validation Vulnerability Amazon Kindle Vulnerable to Malicious EBooks India’s Koo, a Twitter-like Service, Found Vulnerable to Critical Worm Attacks Cisco: Firewall Manager RCE Bug Is a Zero-Day, Patch Incoming

• 8/5/2021

  Senators Introduce Bipartisan Bill to Sanction Nations Involved in Ransomware Attacks Amazon, Google and Other Tech Companies Join Government Effort to Fight Ransomware Russian Group Releases Stolen Credit Cards on Dark Web. Here’s How to Protect Your Credit From Criminals New Hacking Group Shows Similarities to Gang That Attacked Colonial Pipeline Angry Conti Ransomware Affiliate Leaks Gang’s Attack Playbook Krebs: Ransomware Gangs and the Name Game Distraction Microsoft Edge Just Got a ‘Super Duper Secure Mode’ Upgrade Google Expects Delays in Enforcing 2FA for Chrome Extension Devs Apple Is About to Start Scanning iPhone Users’ Devices for Banned Content, Warns Professor

  University of Kentucky Data Breach Exposes Email Addresses of 355k Students, Teachers Judson ISD (TX) Confirms $547,000 Ransomware Payment in Taxpayer Funds A Wide Range of Cyber Attacks Leveraging Prometheus TDS Malware Service Linux Version of BlackMatter Ransomware Targets VMware ESXi Servers MacOS Flaw in Telegram Retrieves Deleted Messages New DNS Vulnerability Allows ‘Nation-State Level Spying’ on Companies Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks Black Hat: Microsoft’s Patch for Windows Hello Bypass Bug is Faulty, Researchers Say New Windows PrintNightmare Zero-Days Get Free Unofficial Patch

• 8/4/2021

  Senators Highlight National Security Threats From China During Rare Public Hearing NSA and CISA Share Kubernetes Security Recommendations Some Cyber Experts Want to Investigate Hacks Like Plane Crashes LockBit Ransomware Recruiting Insiders to Breach Corporate Networks ‘I’m Calling About Your Car Warranty’, aka PII Hijinx Personal Data Breach Reports Fall Despite Rising Attacks The Graph Foundation Launches Bug Bounty Program Facebook Suspends Accounts of NYU Researchers Who’ve Criticized Platform SolarWinds Urges U.S. Judge to Toss Suit: We Got Hit by Russia, Give Us a Break Cybersecurity Trainer HackerU Acquires Cybint for $50m

  Italy’s ERG Says Only Minor Disruption From Cyber Breach Ransomware Attack Forces Eskenazi Health (IN) To Divert Patients Sanford Health Target of Attempted Cyber Attack Isle of Wight Schools (TX) Hit by Ransomware Russian Federal Agencies Were Attacked With Chinese Webdav-O Virus Phishing Campaign Dangles SharePoint File-Shares New Cobalt Strike Bugs Allow Takedown of Attackers’ Servers Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms INFRA:HALT Security Bugs Impact Critical Industrial Control Devices Cisco Fixes Critical, High Severity Pre-Auth Flaws in VPN Routers

• 8/3/2021

  Senate Report Finds Major Cybersecurity Shortcomings Among Federal Agencies Russia Tells UN It Wants Vast Expansion of Cybercrime Offenses, Plus Network Backdoors & Online Censorship Kaseya Ransomware Attack Sets off Race to Hack Service Providers: Researchers Average Cost to Buy Access to a Compromised Company: $1,000 Bugs in Chrome’s Javascript Engine Can Lead To Powerful Exploits: This Project Aims to Stop Them Coming Soon: America’s Own Social Credit System

  Lehigh Valley Health Network (PA) Patients’ Info Hacked in 3rd Party Guidehouse Cyber Attack Reindeer Leaked the Sensitive Data of More Than 300,000 People Silicon Valley VC Firm Advanced Technology Ventures Hit by Ransomware Raccoon Stealer Bundles Malware, Propagates Via Google SEO ‘DeadRinger’ Targeted Exchange Servers Long Before Discovery Popular Technology That Hospitals Use to Send Lab Samples Is Vulnerable: Researchers

• 8/2/2021

  White House Cyber Chief Backs New Federal Bureau to Track Threats Huawei to America: You’re Not Taking Cyber-Security Seriously Until You Let China Vouch for Us Google Chrome to No Longer Show Secure Website Indicators Your Facebook Account Was Hacked: Getting Help May Take Weeks — Or $299 Industrial Cyber Security Startup Nozomi Networks Raises $100m CDW Acquires Cybersecurity Company Focal Point Data Risk

  Wisconsin Institute of Urology Patient Health Data Exposed After Email Hacking Incident New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits Reports Point to Uptick in HTML Smuggling Attacks ‘PwnedPiper’: Devastating Bugs in >80% of Hospital Pneumatics Windows PetitPotam Attacks Can Be Blocked Using New Method Bot Protection Now Generally Available in Azure Web Application Firewall

• 7/30-8/1/2021

  SolarWinds Hackers Accessed Over Two Dozen Federal Prosecutors’ Offices: DOJ French Finance Minister’s Phone Investigated in Pegasus Spyware Case NSA Warns Public Networks are Hacker Hotbeds Unusual Malware Attack Can Go From First Contact to Ransomware in Just 48 Hours DarkSide Ransomware Gang Returns as New BlackMatter Operation ‘COVID Vaccine Scammers Nearly Got Me’ FBI Warns Investors of Fraudsters Posing as Brokers and Advisers CISA Launches Vulnerability Disclosure Platform for Federal Agencies Google to Block Logins on Old Android Devices Starting September Amazon Fined $886m by EU Regulators Zoom Settles U.S. Class Action Privacy Lawsuit for $86m

  Coghlin Electrical Co. (MA) Hit With Ransomware Attack Carolina Panthers Apologize to Fans for Sending Personal Info to Other Fans Hackers Attack Rome Region Vaccine Sign-up Site New Bank-Fraud Malware Called Vultur Infects Thousands of Devices PyPI Packages Caught Stealing Credit Card Numbers, Discord Tokens Novel Meteor Wiper Used in Attack that Crippled Iranian Train System Experts Uncover Several C&C Servers Linked to WellMess Malware Linux eBPF Bug Gets Root Privileges on Ubuntu – Exploit Released Remote Print Server Gives Anyone Windows Admin Privileges on a PC Node.js Fixes Severe HTTP Bug That Could Let Attackers Crash Apps

• 7/29/2021

  Israeli Government Agencies Visit NSO Group Offices South Africa’s Transnet Restores Operations at Ports After Cyber Attack …Death Kitty? Cybersecurity Chiefs Are in High Demand as Companies Face Rising Hacking Threats Krebs: The Life Cycle of a Breached Database Poll Finds Americans Eager to Regulate Big Tech Estonia Arrests Hacker Who Stole 286k ID Scans From Gov’t Database

  Spam Is Chipotle’s Secret Ingredient: Marketing Email Hijacked to Dish Up Malware Chinese-Speaking Threat Actor ‘GhostEmperor’ Using Unknown Rootkit in Targeted Attacks New Destructive Meteor Wiper Malware Used in Iranian Railway Attack Hackers Exploit Microsoft Browser Bug to Deploy VBA Malware on Targeted PCs DoppelPaymer Ransomware Gang Rebrands as the Grief Group NSA Shares Guidance on How to Secure Your Wireless Devices

• 7/28/2021

  Biden Moves to Boost Critical Infrastructure Cybersecurity Israel Tells France It Is Taking NSO Spyware Allegations Seriously Chinese Hackers Implant PlugX Variant on Compromised MS Exchange Servers Hackers Posed as Flirtatious UK Aerobics Instructor While Targeting U.S. Defense Contractor’s Employee Here’s What That Google Drive “Security Update” Message Means Google: Android Apps Must Provide Privacy Information by April 2022 Northern Ireland Suspends Vaccine Passport System After Data Leak GOP Bill Attempts to Inject Life Into Stalled Internet Privacy Talks Cyber Insurance Rates Fail to Match Catastrophe Risk-Chubb CEO

  Calgary’s Parking Authority Exposed Drivers’ Personal Data and Tickets Ransomware Attack on Grass Valley (CA) Batesville School District (AR) Blocks Ransomware Attack BlackMatter & Haron: Evil Ransomware Newborns or Rebirths UBEL is the New Oscorp — Android Credential Stealing Malware Active in the Wild Google Play Protect Fails Android Security Tests Once More Critical Microsoft Hyper-V Bug Could Haunt Orgs for a Long Time Reboot of PunkSpider Tool at DEF CON Stirs Debate FBI Reveals Top Targeted Vulnerabilities of the Last Two Years

• 7/27/2021

  Biden: If U.S. Has ‘Real Shooting War’ It Could Be Result of Cyber Attacks Biden Says Russia Spreading Misinformation Ahead of 2022 Elections Israel Defence Minister to Share Initial Findings on NSO With France Israeli Pegasus Spyware Saga Could Sow Diplomatic Rifts in Africa Google Launches New Bug Hunters Vulnerability Rewards Platform No More Ransom Saves Victims Nearly €1 Over 5 Years FBI Tracking More Than 100 Active Ransomware Groups Top FBI Official Advises Congress Against Banning Ransomware Payments Former eBay Employee Gets 18 Months in Prison for ‘Abominable’ Cyberstalking Campaign

  UC San Diego Health Announces Data Breach Hack of Florida’s Unemployment System May Have Exposed Data of Thousands of Florida Men & Women Misconfigured Azure Blob at Raven Hengelsport Exposed Records of 246,000 Anglers Praying Mantis Threat Group Targeting U.S. Firms in Sophisticated Attacks LockBit Ransomware Automates Windows Domain Encryption via Group Policies Zimbra Server Bugs Could Lead to Email Plundering Several Bugs Found in 3 Open-Source Software Used by Several Businesses Apple Patches Actively Exploited Zero-Day in iOS, MacOS Microsoft Teams Now Automatically Blocks Phishing Attempts

• 7/26/2021

  Hungarians Protest Against Alleged Illegal Surveillance With Pegasus Spyware Kaseya Denies Paying Hackers for Decryption Key After Ransomware Attack …Researchers Warn of Unpatched Kaseya Unitrends Backup Vulnerabilities Here’s How Much Victims Have Saved in Ransom Payments by Using These Free Decryption Tools Tech Groups Urge Congress to ‘Dig Deeper’ on Facebook Role in Capitol Riot Malware Makers Using ‘Exotic’ Programming Languages Krebs: PlugwalkJoe Does the Perp Walk

  Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn Tokyo 2020 Breach: User Names and Passwords of Some Ticket Holders and Volunteers Imaging Company Express MRI Reports Data Breach Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems Apple Fixes Zero-Day Affecting iPhones and Macs, Exploited in the Wild Signal Fixes Bug That Sent Random Images to Wrong Contacts Microsoft Defender ATP Now Secures Removable Storage, Printers

• 7/23-25/2021

  WhatsApp Chief: U.S. Allies’ National Security Officials Targeted With NSO Malware Pakistan Seeks U.N. Probe of India’s Use of Pegasus Spyware Biden Team Has No Immediate Plan to Sanction China Over Hacks U.S. Drops Visa Fraud Cases Against Five Chinese Researchers The U.S. Takes an Important Cybersecurity Step—Two Decades Late Companies Face Growing Legal Risks Over Ransomware Data Leaks Dutch Police Arrest Two Hackers Tied to “Fraud Family” Cybercrime Ring Twitter Reveals Surprisingly Low Two-Factor Auth (2FA) Adoption Rate

  SSNs, Financial Info May Have Been Exposed in Data Breach Impacting Yale New Haven Health 46k Emails Exposed in Aging Partners Data Breach, Say Nebraska Health Officials FIN7’s Liquor Lure Compromises Law Firm with Backdoor Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software Fake Windows 11 Installers Now Used to Infect You With Malware Discord CDN and API Abuses Drive Wave of Malware Detections Apple Fixes Bug That Breaks iPhone WiFi When Joining Rogue Hotspots Microsoft Shares Mitigations for New PetitPotam NTLM Relay Attack

---

Follow The Cyber Beat

Get news delivered directly to your inbox.