5/28-30/2021

Russian Hackers Launch Major Cyberattack through U.S. Aid Agency’s Email System, Microsoft Says

New Russian Hacks Spark Calls for Tougher Biden Actions

White House Says No Changes to U.S.-Russia Summit after Latest Cyber Attack

Chinese Cyberspies Are Targeting U.S., EU Orgs With New Malware

Krebs: Using Fake Reviews to Find Dangerous Extensions

Amazon Devices Will Soon Automatically Share Your Internet With Neighbors

Hackers Exploit Post-COVID Return to Offices

After Colonial Attack, Energy Companies Rush to Secure Cyber Insurance

Krebs: Boss of ATM Skimming Syndicate Arrested in Mexico

Interpol Intercepts $83 Million Fighting Financial Cyber Crime

FBI to Share Compromised Passwords With Have I Been Pwned
Ireland’s Health Service Warns Staff Not to Use Work Devices

Mexico Walls off National Lottery Sites After Ransomware DDoS Threat

U.S. Nuclear Weapon Bunker Security Secrets Spill From Online Flashcards Since 2013

St. Petersburg High Student’s Hack Crashed Internet for All 145 Pinellas Schools

Walmart Phishing Attack Says Your Package Was Not Delivered

These Unsubscribe Emails Only Lead to Further Spam

New Epsilon Red Ransomware Hunts Unpatched Microsoft Exchange Servers

Researchers Warn of Facefish Backdoor Spreading Linux Rootkits

SonicWall Urges Customers to ‘Immediately’ Patch NSM On-Prem Bug

5/27/2021

Biden-Putin Summit Tensions: Feds Say Russia a Hacker ‘Safe Haven’

U.S. Announces New Security Directives for Pipelines after Hack

To Require Energy Pipelines Report Computer Hacks or Face Fines

How Biden’s Executive Order Impacts Cybersecurity Players

Biden’s Cybersecurity Executive Order Puts Emphasis on the Wrong Issues

Uyghurs Targeted by Fake Human Rights Emails

3 GOP Senators Come Out Against Biden Intelligence Nominee Over Huawei Ties

Tech Trade Groups Sue Florida Over New Social Media Law

Cybereason CEO Told the World About DarkSide’s Hacking Techniques From a Bomb Shelter in Israel

Have I Been Pwned Goes Open Source

Let’s Stop Blaming Employees for Our Data Breaches
Fujitsu SaaS Hack Sends Gov’t of Japan Scrambling

FBI: APT Hackers Breached U.S. Local Gov’t by Exploiting Fortinet Bugs

Data Breach at Canada Post

Philly Data Breach That Impacted Health Employee Emails Also Hit Other Departments

Clover Park School District (WA) Investigating Possible Ransomware Attack

Oklahoma City Dental Practice Announces Data Breach

Targeted AnyDesk Ads on Google Served Up Weaponized App

Klarna Mobile App Bug Let Users Log Into Other Customers’ Accounts

Unfixable Apple M1 Chip Bug Enables Cross-Process Chatter, Breaking OS Security Model

HPE Fixes Critical Zero-Day Vulnerability Disclosed in December

5/26/2021

Colonial Pipeline Missed Requested Security Review Before Hack

DarkSide Will Be Back, as Russia, China, Iran Create ‘Safe Havens’ for Hackers: Feds

A Peek Inside the Underground Ransomware Economy

‘Privateer’ Threat Actors Emerge from Cybercrime Swamp

Russia’s FSB Reports ‘Unprecedented’ Hacking Campaign Aimed at Government Agencies

EU Pushes for Stronger Disinformation Rules

Influencers Offered Money to Vilify Vaccine

Google Strikes Deal With Hospital Chain to Develop Healthcare Algorithms

WhatsApp Sues Indian Government Over New Internet Regulations

How Are Cyber Insurance Companies Assessing Ransomware Risk?
New Zealand Health Systems Hackers Release Patient Details to the Media

Belgium Interior Ministry Targeted in Cyber Attack

Cyber-criminal Gang Targets Texas Unemployment System

Eastern Hancock Community Schools (IN) Hit With Ransomware Attack

Peloton and Echelon Profile Photo Metadata Exposed Riders’ Real-World Locations

Google Researchers Discover A New Variant of Rowhammer Attack

BazaLoader Masquerades as Movie-Streaming Service

PDF Feature ‘Certified’ Widely Vulnerable to Attack

Google Chrome 91 Released With New Features, Security Improvements

5/25/2021

U.S. To Boost Pipeline Cyber Protections in Wake of Colonial Hack

High-Profile Hacks Leave Ransomware Gangs With Unwanted Publicity

Could Less Publicizing of Ransomware Fixes Have Prevented the Colonial Pipeline Attack?

Threat Actor ‘Agrius’ Emerges to Launch Wiper Attacks Against Israeli Targets

Snowden Was Right, Rules Human Rights Court as It Declares UK Spy Laws Broke ECHR

Lawmakers Request Investigation Into Postal Service’s Covert Operations Program

Activists Join Call for Facebook to Drop ‘Tone-Deaf’ Instagram for Kids Plan
Bose Admits Ransomware Hit: Employee Data Accessed

Domino’s India Discloses Data Breach After Hackers Sell Data Online

Harper County Community Hospital (OK) Targeted With Ransomware

Marietta City Schools (OH) Email Hack

Rockland Public Schools (MA) Hit With Ransomware Attack

Trend Micro Bugs Threaten Home Network Security

New High-Severity Vulnerability Advisory Released for Pulse Connect Secure VPN

VMware Warns of Critical Bug Affecting All vCenter Server Installs

5/24/2021

Huawei to Move Toward Software Development in Wake of U.S. Restrictions

Researchers Link CryptoCore Attacks On Cryptocurrency Exchanges to North Korea

Indonesian Gov’t Blocks Access to RaidForums Hacking Forum After Data Leak

Florida Gov DeSantis Signs Bill to Fine Tech Companies for Banning Politicians

An NTSB for Cyber Attacks? Critics Grapple With Biden’s Cybersecurity Safety Review Board Plan

Crime App Citizen Exposed Users’ COVID Data

Michigan Man ‘TheDearthStar’ aka ‘Dearthy Star’ Admits Selling University of Pittsburgh Medical Center Employee Data

Police Make Arrests in Crackdown on Scam Text Messages
Japan’s Biggest Dating App Omiai Hack Exposes Two Million Accounts

Zeppelin Ransomware Comes Back to Life With Updated Versions

Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software

Zocdoc Says ‘Programming Errors’ Exposed Access to Patients’ Data

Bluetooth Flaws Allow Attackers to Impersonate Legitimate Devices

Mozilla Thunderbird Was Saving OpenPGP Keys in Plaintext After Encryption Snafu But Is Now Patched

WordPress Restaurant Reservation Plugin ReDi Patches Easy-to-Exploit XSS Bug

Apple Patches macOS Flaw Exploited by Malware to Secretly Snap Screenshots

5/21-23/2021

When Will the Irish Health Service Get a Resolution?

FBI Says Conti Ransomware Gang Has Hit 16 U.S. Health and Emergency Networks

German Cyber Security Chief Fears Hackers Could Target Hospitals

Cybersecurity Pros Are Split on Banning Ransomware Payments

Krebs: How to Tell a Job Offer from an ID Theft Trap

China Internet Watchdog Cites 105 Apps for Improper Data Collection

Defying U.S. Sanctions, Russian Cybersecurity Firm Aims for 2022 IPO

Indonesia Summons State Health Insurer Over Alleged Data Leak

DarkSide Getting Taken to ‘Hackers’ Court’ For Not Paying Affiliates

AMEX Fined £90,000 for Sending 4 Million Spam Emails in a Year

FBI Analyst Charged With Stealing Counterterrorism and Cyber Threat Info
Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers

E-Commerce Giant Mercari Suffers Major Data Breach in Codecov Incident

Bizarro Banking Malware Targets 70 Banks in Europe and South America

LittleBigPlanet Servers Taken Down Again Thanks To Cyber Attack

QNAP Confirms Qlocker Ransomware Used HBS Backdoor Account

Email Campaign Spreads StrRAT Fake-Ransomware RAT

Ransomware-Spreading Phorpiex Malware Botnet Just Won’t Go Away

WP Statistics Bug Allows Attackers to Lift Data from WordPress Sites

Wormable Windows HTTP Vulnerability Also Affects WinRM Servers

Microsoft Exchange Admin Portal Blocked by Expired SSL Certificate

5/20/2021

Colonial Pipeline CEO to Testify on Capitol Hill in June Following Cyberattack

U.S. Government Denies Disrupting Russian Ransomware Ring That Hacked Colonial Pipeline

Conti Ransomware Gives HSE Ireland Free Decryptor, Still Selling Data

Irish High Court Issues Injunction to Prevent HSE Data Leak

U.S. Insurer CNA Paid $40 Million Ransom After March Cyber Attack

Ransomware Boom Forces More Companies to Cut Deals With Criminals

U.S. Has Almost 500,000 Job Openings in Cybersecurity

The Gig Economy Creates Novel Data-Security Risks

USPS Reportedly Uses Clearview AI to Spy on Americans

Twitter Rolls Out New Verification Process to Get Your “Blue Check”
100M Android Users Hit By Rampant Cloud Leaks

Fraudsters Employ Amazon ‘Vishing’ Attacks in Fake Order Scams

Apple Exec Calls Level of Mac Malware ‘Unacceptable’

Spammers Flood PYPI With Pirated Movie Links and Bogus Packages

Insurance Firm One Call Finally Admits Cyber Attack as Investigation Deepens

Slack Is Down, Massive Outage Blocks User Logins and Messages

Watering Hole Attack Was Used to Target Florida Water Utilities

Comcast Now Blocks BGP Hijacking Attacks and Route Leaks With RPKI

Microsoft Releases SimuLand, a Test Lab for Simulated Cyberattacks

5/19/2021

U.S. Introduces Bills to Secure Critical Infrastructure From Cyber Attacks

Colonial Pipeline CEO Tells Why He Paid Hackers a $4.4 Million Ransom

House Science Panel Requests Briefing With Energy Dept Over Colonial Hack

SolarWinds CEO Says Hackers May Have Struck Months Earlier Than Thought

How Long Hackers Will Hide in Your Network Before Deploying Ransomware or Being Spotted?

Hackers Scan for Vulnerable Devices Minutes After Bug Disclosure

Microsoft, Google Clouds Hijacked for Gobs of Phishing

Can Nanotech Secure IoT Devices From the Inside-Out?

Krebs: Recycle Your Phone, Sure, But Maybe Not Your Number

Automation & Pervasive, Connected Technology to Pose Cyber Threats in 2030
New Zealand Health Service Hit by Cyber Attack

University of South Australia Cyber Attack Hits Staff Email

Ransomware Attack Takes Visalia Unified (CA) Computer Systems Offline

Betenbough Homes (TX) Target of Russian Cyber Attack

Recruiter TeamBMS Cloud Snafu Exposes 20,000 CVs and ID Documents

Keksec Cybergang Debuts Simps Botnet for Gaming DDoS

Qlocker Ransomware Shuts Down After Extorting Hundreds of QNAP Users

MountLocker Ransomware Uses Windows API to Worm Through Networks

4 Vulnerabilities Under Attack Give Hackers Full Control of Android Devices

Windows PoC Exploit Released for Wormable RCE

5/18/2021

Hackers Behind Colonial Pipeline Attack Reportedly Received $90 Million in Bitcoin Before Shutting Down

Colonial Pipeline Servers Experiencing ‘Intermittent Disruptions’ Days After Ransomware Attack

Ransomware Hits Near Pre-Colonial Pipeline Levels, Data Suggests

‘Flattered’ Russian Spy Chief Denies SolarWinds Attack

Biden Proposes Billions for Cybersecurity After Wave of Attacks

Saudi Aramco to Co-Lead Report on Cyber Resilience in Oil Industry

How Apple Gave Chinese Government Access to iCloud Data and Censored Apps

1Password Releases Full-Featured Linux Desktop Application

McDonald’s Franchises Hack McFlurry Machines to Bypass Sanitization Process
Student Health Insurance Carrier Guard.me Suffers a Data Breach

Codecov Hackers Gained Access to Monday.com Source Code

Chelan-Douglas Health District (WA) Targeted in Cyber Attack

Scammers Pose as Meal-Kit Services to Steal Customer Data

Stalkerware Apps Riddled with Security Bugs

Mozilla Starts Rolling Out Site Isolation to All Firefox Channels

Google I/O 2021: Chrome Can Fix Compromised Passwords

5/17/2021

Krebs: Try This One Weird Trick Russian Hackers Hate

Elon Musk Impersonators Stole More Than $2 Million in Crypto Scams, Regulator Says

FBI Warns of Scammers Targeting Families of Missing Persons

CISOs Struggle to Cope with Mounting Job Stress

UK Government May Force MSPs to Follow Security Standards

Biden Revokes Trump-Era Order Targeting Shield for Website Operators

Should Encryption Be Curbed to Combat Child Abuse?

Apple Sent My Data to the FBI, Says Boss of Controversial Research Paper Trove Sci-Hub
Irish Health Service May Take Weeks to Recover From Ransomware Attack

Cost Tens of Millions of Euros

Conti Ransomware Also Targeted Ireland’s Department of Health

Ransomware Victim Volue Shows Why Transparency in Attacks Matters

FBI Spots Spear-Phishing Posing as Truist Bank Bank to Deliver Malware

Eufycam WI-FI Security Cameras Streamed Video Feeds From Other People’s Homes

Bizarro Banking Trojan Sports Sophisticated Backdoor

Exploit Released for Wormable Windows HTTP Vulnerability

5/14-16/2021

Colonial Pipeline Hacker DarkSide Says It Will Shut Operations

Servers Of Colonial Pipeline Hacker DarkSide Forced Down

Bitcoin Wallet Used by DarkSide for Ransom Payments ID’d by Elliptic

Krebs: DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Colonial Pipeline Attack Is an Opportunity for Organizations to Shore up Cyber Defenses

No Cause for Panic

Underscores Concerns Over Paying Hackers

More Ransomware Websites Disappear in Aftermath of Colonial Pipeline Hack

Russian-Language Cybercriminal Forum ‘XSS’ Bans DarkSide and Other Ransomware Groups

Ransomware Ads Now Also Banned on Exploit Cybercrime Forum

Facebook Loses Bid to Block Ruling on EU-U.S. Data Flows

How to Get into the Bug-Bounty Biz: The Good, Bad and Ugly
Toshiba Business Unit Says It Has Been Attacked by Hacking Group DarkSide

Axa Division in Asia Hit by Ransomware Cyber Attack

Ransomware Cyber Attack Shuts Down Irish Health Service

Hospitals Cancel Outpatient Appointments

Echelon Exposed Riders’ Account Data, Thanks to a Leaky API

Student Names, Vendor Bank Account Info Exposed in Buffalo Schools Cyber Attack

Lemonade Denies “Unforgivably Negligent” Security Gaffe

FIN7 Backdoor Masquerades as Ethical Hacking Tool

Magecart Hackers Now hide PHP-Based Backdoor In Website Favicons

QNAP Warns of eCh0raix Ransomware Attacks, Roon Server Zero-Day

‘Scheme Flooding’ Allows Websites to Track Users Across Browsers

5/13/2021

Colonial Pipeline Said to Pay $5 Million Ransom to Hackers Who Caused Shutdown

Biden Says Colonial Pipeline Hackers Based in Russia, but Not Government-Backed

Former NSA Hacker Argues Russian Government Connected to Colonial Pipeline Attack

TSA Pipeline Oversight Faces Scrutiny After Colonial Hack

Colonial Pipeline Was Looking to Hire Cybersecurity Manager Before Ransomware Attack

Biden Cybersecurity Order Mandates New Rules for Gov’t Software

Rapid7 Source Code, Credentials Accessed in Codecov Supply-Chain Attack

Ransomware Going for $4K on the Cyber-Underground

Meet Lorenz — A New Ransomware Gang Targeting the Enterprise
Chemical Distributor Brenntag Pays $4.4 Million to DarkSide Ransomware

Insurance Giant CNA Fully Restores Systems After Ransomware Attack

Gary, Indiana Targeted by Ransomware Attack

CC Info Stolen From College Seniors in Breach of Commencement Attire Vendor Herff Jones

Manchester: Thousands of Number Plates Exposed in Parking Ticket Spreadsheet

Short Seller Says Lemonade Website Bug Exposed Insurance Customers’ Account Data

Crypto.com Exchange Glitch Causes Duplicate Purchases, Delayed Credits

Microsoft Build Tool Abused to Deliver Password-Stealing Malware

Cisco Fixes 6-Month-Old AnyConnect VPN Zero-Day With Exploit Code

5/12/2021

Colonial Pipeline Restarts Operations After Cyberattack

No Plans to Pay Ransom for Files

Biden Signs Executive Order to Strengthen U.S. Cybersecurity Defenses after Pipeline Hack

Hacker Group DarkSide Claims It Has Three New Victims

Researchers Track Down Five Affiliates of DarkSide Ransomware Service

UK Foreign Secretary Issues Warning to Russia on Ransomware

Global Cybersecurity Leaders Say They Feel Unprepared For Attack

As Ransomware Proliferates, Insuring for It Becomes Costly and Questioned

Researchers Flag e-Voting Security Flaws

Telegram Fraudsters Ramp Up Forged COVID-19 Vaccine Card Sales
Microsoft: Threat Actors Target Aviation Orgs With New Malware

Trust Wallet, MetaMask Crypto Wallets Targeted by New Support Scam

BabyChakra Data Vulnerability: Personal Information of Millions of Parents Exposed

Alaska Courts Restore Email, Lack Answers on Cyber Attack

Apple’s Find My Network Can Be Abused to Leak Secrets to the via Passing Devices

‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices

Microsoft Fixes WSUS Bug Blocking May Windows Security Updates

Microsoft’s New Project Ports Linux eBPF to Windows 10, Server

5/11/2021

Colonial Pipeline Temporarily Resumes Line 4 Operations Following Ransomware Attack

Colonial Pipeline Attack: Everything You Need to Know

Colonial Pipeline Cyber Attack and the High Stakes for Biden, Business World Relationship

Feds Eye More Oversight of Pipelines After Colonial Attack

Government Says Colonial Pipeline Has Not Shared Data on Hack

White House Urges Americans Not to Hoard Gas

Krebs: A Closer Look at the DarkSide Ransomware Gang

Ransomware: Don’t Pay up, It Just Shows Cyber Criminals That Attacks Work, Warns Home Secretary

Ransomware Gang Leaks Data From D.C. Police Department

U.S. Intelligence Agencies Warn About 5G Network Weaknesses

UK NHS App Gets Go-Ahead for Vaccine Passport Use Despite Protest From Privacy Groups

Germany Bans Facebook from Processing WhatsApp Data
Energy Tech Firm Volue Hit in Ransomware Attack

Japanese Manufacturer Yamabiko Targeted by Babuk Ransomware

200K Veterans’ Medical Records May Have Been Stolen by Ransomware Gang

University of Houston Seniors Affected by Data Breach at Cap and Gown Company

Fake Chrome App Anchors Rapidly Worming ‘Smish’ Cyberattack

Experts Warn of a New Android Banking Trojan ‘TeaBot’ Stealing Users’ Credentials

Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader

Adobe Fixes Reader Zero-Day Vulnerability Exploited in the Wild

Krebs: Microsoft Patch Tuesday, May 2021 Edition

Microsoft Defender ATP Now Secures Networked Linux, macOS Devices

3 Cybersecurity Myths to Bust

5/10/2021

U.S. Blames Criminal Group DarkSide in Colonial Pipeline Hack

DarkSide Ransomware Will Now ‘Vet’ Targets After Pipeline Cyberattack

Colonial Pipeline Aims to Restore Operations by End of the Week After Cyberattack

White House Downplays Any Supply Challenge From Pipeline Attack

5 Takeaways From Attack on Colonial Pipeline

5 Facts About Ransomware Attacks

Cloudflare CEO Seeing Uptick in Cyber Incidents as Hackers Try ‘Unleashing Everything,’

West Midlands Railway Sent Staff Fake Bonus Email in Cyber-Security Test

More Than 40 Attorneys General Ask Facebook to Abandon Plans to Build Instagram for Kids
NatWest Bank Scheduled Payments Bug May Have Cost You Money

Chicago Mayor Lightfoot Refuses to Answer Questions on Exposed Emails, Says Hackers Demanded Ransom

Identity Theft Spike in KS Could Be Connected to KDOL Data Breach

U.S. and Australia Warn of Escalating Avaddon Ransomware Attacks

Lemon Duck Hacking Group Adopts Microsoft Exchange Server Vulnerabilities in New Attacks

GitHub Now Supports Security Keys When Using Git Over SSH

Krebs: Fintech Startup Offers $500 for Payroll Passwords

AXA Pledges to Stop Reimbursing Ransom Payments for French Ransomware Victims

5/7-9/2021

U.S. Pipeline Cyberattack Forces Closure

The Colonial Pipeline Hack Is a New Extreme for Ransomware

Exposes Cyber Threat to Energy Sector

Major National Security Incident

U.S., UK Authorities Say Russian State-Sponsored Hackers Exploited Microsoft Vulnerabilities

iPhone Hack Allegedly Used to Spy on China’s Uyghurs

Facebook Will Limit Your WhatsApp Features For Not Accepting Privacy Policy

Twitter Tip Jar May Expose PayPal Address, Sparks Privacy Concerns

State Data Privacy Bills Stumble

Krebs: Investment Scammer John Davies Reinvents Himself?

Three Marylanders Indicted Over BEC Scam

Bulletproof Hosting Admins Plead Guilty to Running Cybercrime Safe Haven
Russian State Hackers Switch Targets After U.S. Joint Advisories

Twitter Scammers Impersonate SNL in Elon Musk Cryptocurrency Scams

City of Tulsa Experiencing Difficulties Due to Ransomware Attack

Three Affiliated Tribes Hit by Ransomware Attack, Holding Tribal Information Hostage

Cyberattack Knocks Out Rensselaer Polytechnic Institute’s (RPI) Computer Systems

Data Breach by Former Employee Exposes 1,500+ in University of Florida Health Shands System

San Diego Family Care Center Discloses Possible Data Breach

Microsoft: Business Email Compromise Attack Targeted Dozens of Orgs

Cuba Ransomware Partners With Hancitor for Spam-Fueled Attacks

Foxit Reader Bug Lets Attackers Run Malicious Code via PDFs

5/6/2021

NHS COVID Jab Website Security Flaw Allows Users to See Another Person’s Vaccine Status

Broadband Companies Funded ‘Fake’ Net Neutrality Comments, Investigation Finds

Data Leak Implicates Over 200,000 People in Amazon Fake Product Review Scam

Data Scraping in EU Regulators’ Sights As Spain Orders Equifax to Delete Information

Ryuk Ransomware Attack Sprung by Frugal Student At a European Biomolecular Research Institute

Millions of Older Broadband Routers Have These Security Flaws, Warn Researcher

Google Wants to Enable Multi-Factor Authentication by Default

Security Researchers Hack A Tesla From A Drone

Securing the Internet of Things in the Age of Quantum Computing
Hackers Encrypt New York Orthopedic Practice’s It Systems, Remove Patient Files

CaptureRx Data Breach Impacts Other Healthcare Providers

Scripps Health Cyberattack Delaying Critical Care for Some Patients, Workers Say

Bridgwater and Taunton College Students’ Details Posted on Dark Web After Cyber Attack

New Moriya Rootkit Used in the Wild to Backdoor Windows Systems

New TsuNAME DNS Bug Allows Attackers to DDoS Authoritative DNS Servers

New Spectre Flaws in Intel and AMD CPUs Affect Billions of Computers

Qualcomm Chip Bug Opens 40% of Android Phones to Eavesdropping

Fix for Critical Qualcomm Chip Flaw Is Making Its Way to Android Devices

5/5/2021

Biden Administration, Congress Unite in Effort to Tackle Ransomware Attacks

Trump’s Ban From Facebook Is Upheld, but Panel Orders Review

Republicans Float Support for Big Tech Antitrust Reform After Trump Facebook Ban Upheld

Dubious Covid-19 Shots, Fake Vaccination Certificates Proliferate on Dark Web

Krebs: Malicious Office 365 Apps Are the Ultimate Insiders

New Study Warns of Security Threats Linked to Recycled Phone Numbers

Shoppers Choose Guest Checkouts Over Security Fears

Americans Turn to VPNs to Prevent Online Fraud and Hacking

Sweden’s Knowit Buys Cybercom in Digital Consultancy Merger

IBM Adds Zero Trust Capabilities to Cloud Pak for Security
Peloton’s Leaky API Spilled Riders’ Private Data

East London Council Blurts Thousands of Residents’ Email Addresses

Cyber-Attack on Belgian Parliament

U.S. Agency for Global Media Data Breach Caused by a Phishing Attack

NRG/Lanctôt Latest Victim of Ransomware Attack

Illinois AG’s Office Still Locked Out of Computer Systems Nearly Month After Ransomware Hack

New Crypto-Stealer ‘Panda’ Spread via Discord

Anti-Spam WordPress Plugin Could Expose Website User Data

Cisco Bugs Allow Creating Admin Accounts, Executing Commands as Root

Raft of Exim Security Holes Allow Linux Mail Server Takeovers

VMware Fixes Critical RCE Bug in vRealize Business for Cloud

5/4/2021

Bait Boost: Phishers Delivering Increasingly Convincing Lures

4,700 Amazon Employees Had Unauthorized Access to Private Seller Data

Krebs: The Wages of Password Re-use: Your Money or Your Life

They Told Their Therapists Everything: Hackers Leaked It All

It’s Time to Ditch Celebrity Cybersecurity

Trump Launches New Communications Tool After Social Media Ban

Fake Vaccine Domain Seized

European Authorities Scrutinize Data Flows to U.S.

DOD Expands Bug Disclosure Program to All Publicly Accessible Systems

Google Chrome Adopts Windows 10 Exploit Protection Feature
Spanish Delivery Startup Glovo Hit by Cyber Attack

Twilio Discloses Impact From Codecov Supply-Chain Attack

Melbourne-Based Schepisi Hit by Cyber Attack as Hackers Claim Sim Card Info Stolen

Rochester Community Technical College Student Birthdates Released in Data Breach

Cyber Breach at Centennial School District (OR) Keeps Computer Systems Down

Gifford Health Care (VT) Says Vendor CaptureRX Had Data Breach

Scripps Health (CA) Remains Plagued by Weekend Cyberattack

Global Phishing Attacks Spawn 3 New Malware Strains Doubledrag, Doubledrop & Doubleback

New ‘Pingback’ Malware Using ICMP Tunneling to Evade C&C Detection

Critical 21Nails Exim Bugs Expose Millions of Servers to Attacks

Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs

5/3/2021

The Hack of Small Tech Vendor Accellion Casts a Wide Net

PoC Exploit Released for Microsoft Exchange Bug Discovered by NSA

Deepfake Attacks Are About to Surge, Experts Warn

N3TW0RM Ransomware Emerges in Wave of Cyberattacks in Israel

Researchers Uncover Iranian State-Sponsored ‘Project Signal’ Ransomware Operation

Microsoft Reveals Final Plan to Remove Flash Player in Windows 10

Decision on Donald Trump’s Facebook Ban Is Coming on Wednesday

Apple and Fortnite Maker Epic Trade Blows as Antitrust Court Battle Begins

Online Child Abuse Platform Boystown with 400k Users Taken Down
Alaska Court System Forced Offline by Cyberattack

Ransomware Attack On Midwest Transplant Network Affects More Than 17,000

Madison City Schools (AL) Faces Cybersecurity Threat

New Buer Malware Downloader Rewritten in E-Z Rust Language

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool

Apple Fixes 2 iOS Zero-Day Vulnerabilities Actively Used in Attacks

Pulse Secure Fixes VPN Zero-Day Used to Hack High-Value Targets

4/30-5/2/2021

Justice Department to Undertake 120 Day Review of Cybersecurity Challenges

More U.S. Agencies Potentially Hacked, This Time With Pulse Secure Exploits

PortDoor Espionage Malware Takes Aim at Russian Defense Sector

China Calls Out 33 Apps for Collecting More User Data Than Deemed Necessary

Brazil’s Rio Grande Do Sul Court System Hit by REvil Ransomware

DC Police Personnel Files Obtained by Hackers in Recent Ransomware Attack

Ransomware Victims Urged to Go to Police

Ransomware Reality Shock: 92% Who Pay Don’t Get Their Data Back

Codecov Starts Notifying Customers Affected by Supply-Chain Attack

How to Stop Windows 10 Defender From Uploading Files to Microsoft

British Prime Minister’s Cell Phone Number Exposed

SAP SE Self-Reports Illegal Exports
Hotbit Cryptocurrency Exchange Down After Hackers Targeted Wallets

Your Stolen ParkMobile Data Is Now Free for Wannabe Scammers

Transportation Research Board (TRB) Registration Database Hacked in Ransomware Attack

Ransomware Gang Leaks Glasgow Homeless Firm Aspire’s Data After Refusal to Pay

Contact Tracing Data Breach Impacts 72,000 Pennsylvanians

Scripps Health (CA) Targeted by Cyber Attack

Patient Info Exposed in St. John’s Well Child and Family Center (CA) Data Breach

Virgin Active Cyber Attack Results in Freeze of Online Systems

Babuk Quits Ransomware Encryption, Focuses on Data-Theft Extortion

WeSteal: A Cryptocurrency-Stealing Tool That Does Just That

Python Also Impacted by Critical IP Address Validation Vulnerability

Office 365 Security Baseline Adds Macro Signing, JScript Protection