9/24-26/2021

Huawei CFO Meng Wanzhou Reaches Deal With Justice Department

Huawei’s Meng Wanzhou Flies Back to China After Deal With U.S.

2 Canadians Held by China Are Freed, Hours After Huawei Deal Is Reached

EU ‘Denounces’ Russian ‘Ghostwriter’ Malicious Cyber Activity Aimed at Member States

FBI Decision to Withhold Kaseya Ransomware Decryption Keys Stirs Debate

United Health Centers Ransomware Attack Claimed by Vice Society

Bitcoin.org Hackers Steal $17,000 in ‘Double Your Cash’ Scam

China- And Hong Kong-Based Bitcoin Holders Scrambling to Protect Their Crypto Assets

Microsoft Rushes to Register Autodiscover Domains Leaking Credentials

Microsoft Will Disable Basic Auth in Exchange Online in October 2022

LG to Acquire Cybersecurity sStartup Cybellum
Coos County Family Health Services (NH) Shut Down by Ransomware Attack

Apple’s New iCloud Private Relay Service Leaks Users’ Real IP Addresses

TangleBot Malware Reaches Deep into Android Device Functions

Hackers Exploiting Critical VMware vCenter CVE-2021-22005 Bug

Microsoft WPBT Flaw Lets Hackers Install Rootkits on Windows Devices

Cybersecurity Vulnerability Could Affect Millions of Hikvision Cameras

Emergency Google Chrome Update Fixes Zero-Day Exploited in the Wild

Researcher Drops Three iOS Zero-Days That Apple Refused to Fix

Critical Cisco Bugs Allow Code Execution on Wireless, SD-WAN

SonicWall Fixes Critical Bug Allowing SMA 100 Device Takeover

9/23/2021

FamousSparrow APT Wings in to Spy on Hotels, Governments

Officials Urge Congress to Consider Fining Companies That Fail to Report Cyber Incidents

Banks Share Data to Block Cyberattacks

Ransomware Attackers Targeted This Company: Then Defenders Discovered Something Curious

REvil Affiliates Confirm: Leadership Were Cheating Dirtbags

Google Report Spotlights Uptick in Controversial ‘Geofence Warrants’ by Police

Krebs: Indictment, Lawsuits Revive Trump-Alfa Bank Story
Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers

Illinois Integrated Eligibility System Acknowledges Possible Data Breach 10 Months After Incident

Port of Houston Target of Suspected Nation-State Hack

U.S. Eye-Care Providers Report Data Breaches

Malware Devs Trick Windows Validation With Malformed Certs

Apple Patches New Zero-Day Bug Used to Hack iPhones and Macs

9/22/2021

Republican Lawmakers Raise Security, Privacy Concerns Over Huawei Cloud Services

Lithuania Tells Its Citizens to Throw Xiaomi Mobile Devices in the Bin

Zoom’s $15B Merger With Five9 Probed by Uncle Sam for National Security Risks

Facebook’s Chief Technology Officer Mike Schroepfer to Step Down

FBI, CISA, and NSA Warn of Escalating Conti Ransomware Attacks

Most Business Executives Would Be Willing To Pay Cyber Ransoms: Survey

Internet Users Stressed Out by Cyberattack News: Kaspersky

U.S. Locks Up Call Center Scammer
RaidForums Hacker Data Marketplace Accidentally Exposes Private Staff Page

How REvil May Have Ripped Off Its Own Affiliates

Real Estate Firm Marcus & Millichap Hit With Possible BlackMatter Ransomware

Microsoft Exchange Autodiscover Bugs Leak 100k Windows Credentials

Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation

Apple Will Disable Insecure TLS in Future iOS, macOS Releases

Hackers Are Scanning for Vmware Cve-2021-22005 Targets, Patch Now!

9/21/2021

U.S. Treasury Sanctions Cryptocurrency Exchange for Alleged Role in Ransomware Attacks

FBI Withheld Decryption Key for Kaseya Ransomware Attack for Three Weeks

UK Ministry of Defence Apologises After Afghan Interpreters’ Personal Data Exposed in Email Blunder

Turla APT Plants Novel Backdoor In Wake of Afghan Unrest

Going Beyond Curbing Tech Giants, Xi Wants to Steer Flows of Money and Set Tighter Limits on Profit Making

Facebook’s Latest “Apology” Reveals Security and Safety Disarray

Users Increasingly Willing to Abandon Digital Platforms That Demand Personal Info, Stringent Passwords and Time-Consuming Forms: Study

Why Cryptomining Malware Is a Harbinger of Future Attacks
Marketron Marketing Services Hit by BlackMatter Ransomware

French Shipping Giant CMA CGM Suffers Data Breach

Crystal Valley (MN) Hit by Ransomware, Systems Go Offline

Ukrainian Hackers Hit Family Medical Center (MI) With Ransomware

New Capoae Malware Infiltrates WordPress Sites and Installs Backdoored Plugin

VMware Warns of Critical Bug in Default vCenter Server Installs

New macOS Zero-Day Bug Lets Attackers Run Commands Remotely

Netgear Fixes Dangerous Code Execution Bug in Multiple Routers

How to Fix the Windows 0x0000011b Network Printing Error

9/20/2021

Indonesia Says No Evidence of Alleged Chinese Intel Hack

A New Wave of APT Malware Attack Targeting Organizations in South America

White House Cybersecurity Summit: A Missed Opportunity

Krebs: Does Your Organization Have a Security.txt File?

Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate

TikTok China Just Limited Kids to 40 Minutes’ Use Each Day

Google to Auto-Reset Unused Android App Permissions for Billions of Devices

Europol Breaks Open Extensive Mafia Cybercrime Ring

Former IT Exec Pleads Guilty to Insider Trading Conspiracy
Major Agriculture Group New Cooperative Hit by BlackMatter Ransomware Attack

VoIP.MS Phone Services Disrupted by DDoS Extortion Attack

Israeli Communications Company Voicenter Hit by Major Cyber Attack

Data of 106 Million Visitors to Thailand Breached

Payment API Bungling Exposes Millions of Users’ Payment Data

EventBuilder Misconfiguration Exposes Microsoft Event Registrant Data

Epik Data Breach Impacts 15 Million Users, Including Non-Customers

Hacked Sites Push TeamViewer Using Fake Expired Certificate Alert

Apache OpenOffice Can Be Hijacked by Malicious Documents, Fix Still in Beta

9/17-19/2021

Australia, UK, and U.S. Announce Security Partnership

U.S. to Target Crypto Ransomware Payments With Sanctions

Researchers Compile List of Vulnerabilities Abused by Ransomware Gangs

The FCC Is Trying to Stop Robocalls, but the Scammers Won’t Disappear

Cyberattackers Target Missouri Hospital At Epicenter Of COVID Outbreak, Post Patient Data

Facebook Employees Flag Drug Cartels and Human Traffickers: The Company’s Response Is Weak

How Facebook Hobbled Mark Zuckerberg’s Bid to Get America Vaccinated

U.S. Gov’t Sites Showing Porn, Viagra Ads Share a Common Software Vendor

App Annie Settlement Signals Closer Scrutiny of Data Brokers

Krebs: Trial Ends in Guilty Verdict for DDoS-for-Hire Boss
AT&T Phone-Unlocking Malware Ring Costs Carrier $200M

Health Dept. Cyber Attack Exposes Most Alaskans’ Personal Data

Web Host Epik Was Warned of a Critical Security Flaw Weeks Before It Was Hacked

Tech Recruiters Jabbed by Fake COVID-19 Passport Scam

New “Elon Musk Club” Crypto Giveaway Scam Promoted via Email

Billions More Android Devices Will Reset Risky App Permissions

OMIGOD: Microsoft Azure VMS Exploited to Drop Mirai, Miners

Microsoft Asks Azure Linux Admins to Manually Patch OMIGOD Bugs

How to Fix Printers Asking for Admins Creds After PrintNightmare Patch

9/16/2021

Senator Hassan Calls on Agencies to Take Action to Prevent Criminal Cryptocurrency Use

CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug

FBI: $113 Million Lost to Online Romance Scams This Year

REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out

7 Steps to a More Secure Social Media Policy

Household Names Hit with £500K Fine for Spamming Consumers
Slot Machine Chain Dotty’s Reveals Data Breach Exposing SSNs, Financial Account Numbers, Biometric Data, Medical Records and More

Republican Governors Association Was Hacked Earlier This Year

Employee, Patient Data Compromised in Earlier Marion County Health Dept. (IN) Cyber Attack

Airline Credential-Theft Takes Off in Widening Campaign

Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks

New Malware Uses Windows Subsystem for Linux for Stealthy Attacks

New Windows Security Updates Break Network Printing

9/15/2021

FTC Warns Health Apps to Notify Consumers Impacted by Data Breaches

Attackers Impersonate DoT in Two-Day Phishing Scam

Ransomware Gang: ‘We’ll Burn Your Data if You Get a Negotiator’

When Cyber War Becomes War

Microsoft Rolls Out Passwordless Login for All Microsoft Accounts

Departing U.K. Privacy Regulator Wants Global Consensus on Data Disputes

Former U.S. Operatives Agree to $1.68M Settlement over Mercenary Hacking Charges
German Election Authority Confirms Likely Cyber Attack

Krebs: Customer Care Giant TTEC Hit By Ransomware

No Patch for High-Severity Bug in Legacy IBM System X Servers

Microsoft Fixes Critical Bugs in Secretly Installed Azure Linux App

MikroTik Shares Info on Securing Routers Hit by Massive Mēris Botnet

Kali Linux 2021.3 Released With New Pentest Tools, Improvements

9/14/2021

Top FBI Official Says There Is ‘No Indication’ Russia Has Taken Action Against Hackers

General Promises ‘Surge’ to Fight Ransomware Attacks

Ex-U.S. Intelligence Operatives in UAE Hacking Case to Cooperate with FBI

The Zero-Trust Approach to Managing Cyber Risk Explained

Nearly 50% of On-Premises Databases Have Vulnerabilities

Kape Technologies to Acquire ExpressVPN

Suffolk County (NY) IT Supervisor Charged with Crypto-Mining

Massachusetts AG Launches Investigation Into T-Mobile Data Breach
Krita Art App Users Targeted by Ransomware Posing as Paid ‘Collaboration’ Opportunities

Anonymous Claims to Have Stolen Huge Trove of Data From Epik, the Right-Wing’s Favorite Web Host

Lubbock Co. (TX) Denies Data Breach, Says Data Temporarily Accessible Under New Software System

ZLoader’s Back, Abusing Google AdWords, Disabling Windows Defender

HP OMEN Gaming Hub Flaw Affects Millions of Windows Computers

Travis CI Flaw Exposed Secrets of Thousands of Open Source Projects

Adobe Snuffs Critical Bugs in Acrobat, Experience Manager

Krebs: Microsoft Patch Tuesday, September 2021 Edition

Fixes Remaining Windows PrintNightmare Vulnerabilities

9/13/2021

Apple Patches iPhone iMessage Vulnerability Exploited by NSO Group

China-Based Mustang Panda Compromises Indonesian Intelligence Agency

Discontent Simmers Over How to Police EU Privacy Rules

FTC Warns of Extortionists Targeting LGBTQ+ Community on Dating Apps

How Likely Is Your Employee To Cause A Data Breach?

Brute-Force Attacks, Vulnerability Exploits Top Initial Attack Vectors

Private Equity Firm Siris Capital in Talks to Acquire Cybersecurity Firm Radware, Sources Say

U.S. Locks Up Oklahoma Man in Nigerian Romance Scam
Over 60 Million Wearable, Fitness Tracking Records Exposed via Unsecured Database

Post-Ida Cyber Attack Hits Jefferson Parish Courts

Anonymous Hacks Texas Republican Party Website in Retaliation for State’s Abortion Ban

How Walgreens’ Sloppy COVID-19 Test Registration System Exposed Patient Data

Linux Implementation of Cobalt Strike Beacon Targeting Organizations Worldwide

WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing

Google Patches 10th Chrome Zero-Day Exploited in the Wild This Year

9/10-12/2021

Stolen Credentials Led to Data Theft at United Nations

Cressida Dick: Tech Giants Make It Impossible to Stop Terrorists

WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud

Krebs: KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Cybersecurity Seen as Rising Risk for Airlines

Hackers Are Leaking Children’s Data — And There’s Little Parents Can Do

Colorado County Clerk Charged with Cybercrime
MyRepublic Data Breach Raises Data-Protection Questions

Technology Giant Olympus Hit by BlackMatter Ransomware

Yonkers (NY) Hacked, No Computers for the Past Week: City Hall Says No Ransom

Fujitsu Confirms Stolen Data Not Connected to Cyberattack on Its Systems

Mēris Botnet Hit Russia’s Yandex With Massive 22 Million RPS DDoS Attack

SOVA, Worryingly Sophisticated Android Trojan, Takes Flight

Windows MSHTML Zero-Day Exploits Shared on Hacking Forums

9/9/2021

United Nations Confirms Its Systems Were Breached This Year

SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’

Cyber-Criminal Targets Dadsnet Founders

91% Of It Teams Have Felt ‘Forced’ to Trade Security for Business Operations

Report Pushes for Changes to Diversify ‘Homogenous’ U.S. Cybersecurity Workforce

In the Hybrid Future, Secure Everything Like You’re Never Going Back

U of Minnesota Partners With Optum, Medtronic to Launch Medical Device Cybersecurity Center

LAPD Told to Harvest Social Media Handles From People They Stop, Suspect or Not

Prison for BEC Scheme Money Launderer
South African Justice Department Is Hit by Ransomware Attack

Brazil’s Health Regulator Hacked After Argentina Qualifier Controversy

Ransomware Attack on Desert Wells Family Medicine (AZ) Corrupts 35,000 Patients’ Records

New Mēris Botnet Breaks DDoS Record With 21.8 Million RPS Attack

Titanfall 2 Allegedly Hacked via “Simple Exploit”

GitHub Finds 7 Code Execution Vulnerabilities in ‘Tar’ and Npm CLI

‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise

Microsoft Fixes Bug Letting Hackers Take Over Azure Containers

Windows MSHTML Zero-Day Defenses Bypassed as New Info Emerges

9/8/2021

Pro-China Social Media Campaign Expands to New Countries, Blames U.S. For COVID

After the 9/11 Attacks, Wall Street Bolstered Its Defenses

The SEC Is Serious About Cybersecurity. Is Your Company?

Spoofing Bug Highlights Cybersecurity for Digital Vaccine Passports

Microsoft Has a $20 Billion Hacking Plan, but Cybersecurity Has a Big Spending Problem

Inside Genesis: The Market Created by Cybercriminals to Make Millions Selling Your Digital Identity

Experts Uncover Mobile Spyware Attacks Targeting Kurdish Ethnic Group

Ukrainian Extradited to U.S. for Allegedly Selling Computer Credentials: DOJ

ProtonMail Welcomes Sir Tim Berners-Lee to Its Advisory Board After Privacy Backlash
New Zealand DDoS Wave Targets Banks, Post Offices, Weather Forecasters and More

Hackers Leak Passwords for 500,000 Fortinet VPN Accounts

Russian Internet Firm Yandex Hit by Major Cyber Attack -Report

Howard University Shuts Down Network After Ransomware Attack

TeamTNT’s New Tools Target Multiple OS

Microsoft: Attackers Exploiting Windows Zero-Day Flaw (Krebs)

HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack

Zoho Patches Actively Exploited Critical ADSelfService Plus Bug

How Much Do You Know About Ransomware? Take Our Quiz

9/7/2021

Bipartisan House Group Introduces Legislation to Set Term Limit for Key Cyber Leader

With the Pandemic End in Sight, Enterprise Defenders Worry About a Surge in Cyberattacks

Ragnar Locker Gang Warns Victims Not to Call the FBI

REvil Ransomware Group Resurfaces After Brief Hiatus

Microsoft Outlook Shows Real Person’s Contact Info for IDN Phishing Emails

El Salvador Becomes First Country to Adopt Bitcoin as National Currency

Price Tumbles

Cybersecurity Student Scams Senior Out of $55K
Howard University Hit With Ransomware Attack, Cancels Classes

City of Bridgeport (WV) Notifies Residents of Cyber Attack

Texas Right to Life Website Exposed Job Applicants’ Resumes

McDonald’s Leaks Password for Monopoly VIP Database to Winners

Jenkins Hit as Atlassian Confluence Cyberattacks Widen

Booby-Trapped Office Files, No Patch Yet, Says Microsoft

Microsoft Shares Temp Fix for Ongoing Office 365 Zero-Day Attacks

9/6/2021

Russia Responsible for Cyber Attacks on German Parliament: German Foreign Ministry

Pro-Russian Disinformation Systematically Spread Using Western Media Channels

European Regulators Continue to Disrupt Data Transfers to U.S.

IoT Attacks Skyrocket, Doubling in 6 Months

ProtonMail Shares Activist’s IP Address With Authorities Despite Its “No Log” Claims

TrickBot Gang Developer Arrested When Trying to Leave Korea

Irish Police Seize Conti Domains Used in HSE Ransomware Attack
French Government Visa Website Hit by Cyber-Attack That Exposed Applicants’ Personal Data

Krebs: “FudCo” Spam Empire Tied to Pakistani Software Firm

Ransomware Gangs Target Companies Using These Criteria

Traffic Exchange Networks Distributing Malware Disguised as Cracked Software

Critical Auth Bypass Bug Affect NETGEAR Smart Switches — Patch and PoC Released

NPM Package With Millions of Weekly Downloads Has Fixed a Remote Code Execution Flaw

New Chainsaw Tool Helps IR Teams Analyze Windows Event Logs

9/3-5/2021

Why Ransomware Hackers Love a Holiday Weekend

U.S. SEC: Watch Out for Hurricane Ida-Related Investment Scams

Massachusetts Lawmakers to Hold Cybersecurity Hearing

Voting Data From a Colorado County Was Leaked Online: Now the Clerk Is in Hiding

Banksy Was Warned About Website Flaw Before NFT Hack Scam

Irish Health Service Still Recovering Months After Hack: ‘A Cyber-Attack Disrupted My Cancer Treatment’

Regulators Investigate Crypto-Exchange Developer Uniswap Labs

Privacy Alarm in Indonesia Over President’s Leaked Vaccine Certificate

Eight U.S. States to Begin Accepting Digital Driving Licenses

Apple Delays Plans to Scan Devices for Child Abuse Images After Privacy Backlash

FBI: Spike in Sextortion Attacks Cost Victims $8 Million This Year
New Zealand Internet Outage Blamed on DDoS Attack on Nation’s Third Largest Internet Provider

Babuk Ransomware’s Full Source Code Leaked on Hacker Forum

Data Breach at Coalinga State Hospital (CA) Reveals Private Information on Nearly 1,800 Patients

Pittsburgh Public Schools Alert Families to Mailing Error That Exposed Student, Parent Information

Conti Ransomware Now Hacking Exchange Servers With ProxyShell Exploits

FIN7 Capitalizes on Windows 11 Release in Latest Gambit

Watch Out for New Malware Campaign’s ‘Windows 11 Alpha’ Attachment

Google’s TensorFlow Drops YAML Support Due to Code Execution Flaw

Over 60,000 Parked Domains Were Vulnerable to AWS Hijacking

Office 365 to Let Admins Block Active Content on Trusted Docs

9/2/2021

Biden Administration on Alert for Cyberattacks Ahead of Labor Day Weekend

Industry Groups Urge Lawmakers to Streamline Cyber Breach Reporting Rules

FBI Warns of Ransomware Gangs Targeting Food, Agriculture Orgs

Translated Conti Ransomware Playbook Gives Insight Into Attacks

Chinese Regulators Summon 11 Ride-Hailing Firms, Including Didi, Over ‘Illegal Behavior’

Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks

Krebs: Gift Card Gang Extracts Cash From 100k Inboxes Daily

Digital State IDs Start Rollouts Despite Privacy Concerns

WhatsApp Fined €225m for GDPR Violations

To Appeal
Autodesk Reveals It Was Targeted by Russian SolarWinds Hackers

Atlassian Confluence Flaw Actively Exploited to Install Cryptominers

Student, Teacher Personal Info Taken in Dallas Independent School District Data Theft

98K Patients, Employees Impacted by CareATC (OK) Data Breach

Google Play Sign-Ins Allow Covert Location-Tracking

WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted

Comcast RF Attack Leveraged Remotes for Surveillance

Bluetooth Bugs Open Billions of Devices to DoS, Code Execution

Cisco Patches Critical Authentication Bug With Public Exploit

9/1/2021

FTC Bars Alleged ‘Stalkerware’ Company and Its CEO From the Surveillance Business

Krebs: 15-Year-Old Malware Proxy Network VIP72 Goes Dark

BEC Scammers Seek Native English Speakers on Underground

A Fake Banksy NFT Sold for More Than $300,000: Then the Buyer Got His Money Back

Australian Couple Admits “Serious Cyber Hacking Offenses”

Twitter Adds Safety Mode to Automatically Block Online Harassment

Companies Are Tired of Spending Money on Cybersecurity: Here’s How to Change Their Minds

NSA: We ‘Don’t Know When or Even If’ a Quantum Computer Will Ever Be Able to Break Today’s Public-Key Encryption
LockBit Gang Leaks Bangkok Airways Data, Hits Accenture Customers

Fired NY Credit Union Employee Nukes 21gb of Data in Revenge

Half of Businesses Can’t Spot These Signs of Insider Cybersecurity Threats

Linphone SIP Stack Bug Could Let Attackers Remotely Crash Client Devices

Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites

How to Block Windows Plug-and-Play Auto-Installing Insecure Apps

8/31/2021

U.S. Officials, Experts Fear China Ransacked Exchange Servers for Data to Train AI Systems

Canada Accepted 7,300 More Immigration Applications Due to Technical Bug

Agencies Warn of Ransomware Threats Ahead of Labor Day Weekend

LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection

Coinbase Users Fear Hacking After Erroneous Emails

Regulators Tighten Scrutiny of Data Breach Disclosures by Companies

UK Government Considers New Regulations for Video Streaming Platforms
Leaked Guntrader Firearms Data File Shared

Indonesians Told to Delete Unsecured Tracing App

Personal Health Info Potentially Exposed From Denton County (TX) COVID Vax Clinics

Cybercriminal Sells Tool to Hide Malware in AMD, NVIDIA GPUs

Proxyware Services Open Orgs to Abuse

Fortress Home Security Open to Remote Disarmament

WooCommerce Pricing Plugin Allows Malicious Code-Injection

Microsoft 365 Usage Analytics Now Anonymizes User Info by Default