10/29-31/2021

Federal Push to Identify, Protect Critical Groups From Hackers Gains Momentum

Google FI Is Getting End-To-End Encrypted Phone Calls

UK Data Watchdog Calls for End-To-End Encryption Across Video Chat Apps by Default

Mozilla Firefox Joins Browsers Implementing Global Privacy Control

Microsoft: Windows Web Content Filtering Now Generally Available

Google Chromebooks Failing to Enroll Due to Network Issue

Two of the Biggest Bitcoin Mining Companies in the World Are Battling It Out in a Small Texas Town of 5,600 People

Ransomware Has Disrupted Almost 1,000 Schools in the US This Year

How an Accidental Phone Answer Exposed Rogers Communications ‘Coup Plan’

Data-Breached Guntrader Website Calls in Liquidators, Is Reborn as Guntrader 2 Ltd

Minnesota Man Charged with Hacking Pro Sports Leagues

Police Arrest Suspected Ransomware Hackers Behind 1,800 Attacks Worldwide

TrickBot Malware Dev Extradited to U.S. Faces 60 Years in Prison
Graff Jeweler Attack: ‘Tycoons and Celebrities on Leak List as Russian Gang Demands Ransom’

Toronto Transit Commission Still Recovering From Ransomware Attack

Hacker Breaches Texas Lavaca Medical Center in Hallettsville, Exposing 48K Patients’ Info

Schreiber Foods Back to Normal After Ransomware Attack Shuts Down Milk Plants

TA575 Criminal Group Using ‘Squid Game’ Lures for Dridex Malware

Chaos Ransomware Targets Gamers via Fake Minecraft Alt Lists

Microsoft Warns of Rise in Password Sprays Targeting Cloud Accounts

Snake Malware Biting Hard on 50 Apps for Only $25

Hive Ransomware Now Encrypts Linux and FreeBSD Systems

Google Chrome is Abused to Deliver Malware as ‘Legit’ Win 10 App

New ‘Shrootless’ Bug Could Let Attackers Install Rootkit on macOS Systems

10/28/2021

National Cyber Policy Will Disrupt Crime and Instill Hope

Biden Administration Officials Outline Steps to Tackle Urgent Cyber Threats

NSA and CISA Share Guidance on Securing 5G Cloud Infrastructure

Microsoft Announces Plan to Cut Cybersecurity Workforce Shortage in Half by 2025

EU’s Green Pass Vaccination ID Private Key Reportedly Leaked

Workers Quickly Get State Income Benefits After Cyberattack on German Manufacturer

Ransomware Gangs Use SEO Poisoning to Infect Visitors

Cybersecurity: Eight Ways To Protect The Business And Find A Partner

Suspected REvil Gang Insider Identified

Alleged Russian Hacker Extradited From South Korea to Stand Trial in U.S.

U.S. Dismisses Assange Suicide Risk in Extradition Appeal

ICS Security Firm Dragos Reaches $1.7B Valuation in Latest Funding Round

Twitter’s Infosec Chief Makes the Case for Cybersecurity Expertise in Boardrooms

Facebook Is Going Meta

Emergency Google Chrome Update Fixes Zero-Days Used in Attacks
Krebs: Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018

Email Hack At UMass Memorial Health Exposes Personal Information Of More Than 200,000 Patients

Throckmorton (TX) County Memorial Hospital Exposed Employees’ Wages, Patients’ Health Data

Sensitive Data of 400,000 German Students Exposed by API Flaw

PHI Stolen in Practice Management Firm PracticeMax (AZ) Ransomware Attack

Luxury Hotel Chain in Thailand Reports Data Breach

Avista Warns Customers of Ransomware Attack

Martin County (FL) Tax Collector’s Possibly Hit by Ransomware Attack

Washington Central Unified Union School District (VT) May Have Been Hit With Ransomware

Ann Arbor’s TheRide Latest Victim of Cyber Attack

Android Spyware Spreading as Antivirus Software in Japan

New AbstractEmu Malware Roots Android Devices, Evades Detection

New Wslink Malware Loader Runs as a Server and Executes Modules in Memory

Microsoft: Shrootless Bug Lets Hackers Install macOS Rootkits

WordPress Plugin Bug Impacts 1m Sites, Allows Malicious Redirects

All Windows Versions Impacted by New LPE Zero-Day Vulnerability

10/27/2021

Blinken Formally Announces New State Department Cyber Bureau

U.S. Bans China Telecom Americas Over National Security Risks

Lawmakers Split on Next Steps to Secure Transportation Sectors Against Hackers

Hackers Had Second Go At SEPA During Cyber Attack

Android Spyware Apps Target Israel in Three-Year-Long Campaign

U.S. Launches Appeal Against UK Assange Extradition Decision

India’s Supreme Court Orders Pegasus Probe

Federal Trade Commission Scrutinizing Facebook Disclosures

Securing Your Digital Life, Part Two: The Bigger Picture—and Special Circumstances

Twitter Employees Required to Use Security Keys After 2020 Hack

Hackers Arrested for ‘Infiltrating’ Ukraine’s Health Database
Russian ‘Grief’ Cybercriminals Claim to Have Hacked the NRA

Cream Finance Appears to Have Suffered Major Loss in Flash Loan Hack

Ransomware Hackers Freeze Millions in Papua New Guinea Aid Cash

A Security Bug in Health App Docket Exposed COVID-19 Vaccine Records

Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam

DDoS Attacks Are Crippling UK VoIP Operators

War-Driving Technique Allows Wi-Fi Password-Cracking at Scale

NPM Packages Disguised as Roblox API Code Caught Carrying Ransomware

Free Decryptor Released for Atom Silo and LockFile Ransomware

Babuk Ransomware Decryptor Released to Recover Files for Free

10/26/2021

State Department to Form New Cyber Office to Face Proliferating Global Challenges

Krebs: FBI Raids Chinese Point-of-Sale Giant PAX Technology

North Korea APT ‘Lazarus’ Attackers Turn to the IT Supply Chain with ‘BlindingCan RAT’

FBI: Ranzy Locker Ransomware Hit at Least 30 U.S. Companies This Year

MSPs, Not Bank Of America, Are The New Ransomware Target, Says ThreatLocker

Police Arrest 150 Dark Web Vendors of Illegal Drugs and Guns

Money Launderers for Russian Hacking Groups Arrested in Ukraine

Colorado Man, Formerly of Florida, Pleads Guilty to Falsifying Clinical Trial Data
Iran Says Cyberattack Causes Widespread Disruption at Gas Stations

Third-Party Data Breach in Singapore Hits Healthcare Provider Fullerton Health

Tulsa Restaurant Chain Flo’s Burger Diner Closes for One Day After Thieves Hack Bank Account

Pinelands Regional School District (NJ) Investigates Data Breach

Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware

Spammers Use Squirrelwaffle Malware to Drop Cobalt Strike

Brutal WordPress Plugin Bug Allows Subscribers to Wipe Sites

Adobe Issues Emergency Fixes for 92 Security Holes in 14 Products

10/25/2021

Russian SolarWinds Hackers ‘Nobelium’ Targeting U.S. Networks in ‘Very Large and Ongoing’ Cyberattack

Russia Undeterred by U.S. Actions

Ex-NSA Hacker Says a Supply Chain Cyberattack Is One of the Things That Keeps Him up at Night

Krebs: Conti Ransom Gang Starts Selling Access to Victims

China Is Pushing to Develop Its Own Chips — But the Country Can’t Do Without Foreign Tech

Facebook Posts Slower Sales Growth… With Apple Privacy Policy

Securing Your Digital Life, Part One: The Basics

How We Can Narrow the Talent Shortage in Cybersecurity

Updated Cybercrime Pact Aims to Speed Cross-Border Investigations

NYC’s ‘Peculiar’ New Delivery App Law Raises Data Breach Fears
NYT Journalist Ben Hubbard Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia

Nearly 30k Former and Current CU Boulder Students’ Personal Information Hacked

Janesville Schools (WI) Hit With Ransomware Attack Locking Digital Systems

McAllen Surgical Specialty Center (TX) Identifies Possible Data Breach

Millions of Android Users Targeted in Subscription Fraud Campaign

New Attack Let Attacker Collect and Spoof Browser’s Digital Fingerprints

BillQuick Billing App Rigged to Inflict Ransomware

CISA Urges Sites to Patch Critical RCE in Discourse

Microsoft Defender ATP Adds Live Response for Linux and macOS

Mozilla Blocks Malicious Add-Ons Installed by 455k Firefox Users

10/22-24/2021

U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn

CISA Awards $2 Million to Cybersecurity Programs for Rural, Diverse Communities

Groove Ransomware Calls on All Extortion Gangs to Attack U.S. Interests

America Must Protect These 5 Technologies if It Wants to Remain a Superpower, Intelligence Officials Warn

22% of Brits Received Proof of Vaccination Phishing Email in Past Six Months

Edward Snowden Warns Weakening Encryption Would Have Dire Consequences: ‘Privacy Is Power’

FTC: ISPs Collect and Monetize Far More User Data Than You’d Think

Microsoft Rolls Out a Public Preview of E2EE in Teams Calls

How Many Users Does Facebook Have? The Company Struggles to Figure It Out

Google Charges More Than Twice Its Rivals in Ad Deals, Unredacted Suit Says

Nebraska Issues First Federal Cyber-stalking Sentence

Hacker Sells the Data for Millions of Moscow Drivers… for $800

DarkSide Ransomware Rushes to Cash Out $7 Million in Bitcoin
‘Lone Wolf’ Hacker Group Targeting Afghanistan and India with Commodity RATs

Tesco Admits It Has Been Hit by a Cyber-Attack

CoinMarketCap Hack Reportedly Leaks 3.1 Million User Email Addresses

Italian Celebs’ Data Exposed in Ransomware Attack on SIAE

SCUF Gaming Store Hacked to Steal Credit Card Info of 32,000 Customers

Corry School District (PA) Says Ransomware Attack May Have Exposed Data on Staff, Students

Acorn Stairlifts Is Victim of Cyber Attack

Threat Actors Abuse Discord to Push Malware

Popular NPM Library Hijacked to Install Password-Stealers, Miners

Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks

Microsoft: WizardUpdate Mac Malware Adds New Evasion Tactics

Microsoft 365 Will Get Support for Custom Arc Configurations

BlackMatter Ransomware Victims Quietly Helped Using Secret Decryptor

10/21/2021

U.S., Allied Nations Force REvil Ransomware Group Offline

Ransomware Gang ‘Fin7’ Masquerades as Real Company ‘Bastion Secure’ to Recruit Tech Talent

Microsoft Now Defends Nonprofits Against Nation-State Attacks

Document Leak Reveals Nations Lobbying to Change Key Climate Report

450 Million Cyberattacks Attempted on Japan Olympics Infrastructure: NTT

Cybercrime Matures as Hackers Are Forced to Work Smarter

How Psychology Can Save Your Cybersecurity Awareness Training Program

New Senate Bill Would Take Steps to Protect AI-Collected Data

Research Finds Consumer-Grade IoT Devices Showing Up On Corporate Networks

U.S. Imprisons Bulletproof Hosting Providers

Dutch Arrest Nine for Impersonating Bank Clerks to Steal From the Elderly
Trump’s Truth Social Hacked Within Hours of Announcement

Gigabyte Allegedly Hit by AvosLocker Ransomware

PHI Stolen From Humana and Anthem Vendor PracticeMax

MCH Group Targeted in Latest Swiss Cyber Attack

Massive Campaign Uses YouTube to Push Password-Stealing Malware

Evil Corp Demands $40 Million in New Macaw Ransomware Attacks

RAT Malware Spreading in Korea Through Webhards and Torrents

TA551 Shifts Tactics to Install Sliver Red-Teaming Tool

Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer

Google Launches Android Enterprise Bug Bounty Program

10/20/2021

Major Russian Hacking Group ‘Evil Corp’ Linked to Ransomware Attack on Sinclair

Olympus too

Google Says Russian-Speaking Hackers Hijacked YouTube Channels for Cryptocurrency Scam

DDoS Attacks Against Russian Firms Have Almost Tripled in 2021

Commerce Department Cracks Down on Sale of Hacking Products to Foreign Governments

UK NHS Digital Exposes Hundreds of Email Addresses After BCC Blunder Copies in Entire Invite List to ‘Let’s Talk Cyber’ Event
New Gummy Browsers Attack Lets Hackers Spoof Tracking Profiles

New PurpleFox Botnet Variant Uses WebSockets for C2 Communication

Geriatric Microsoft Bug Exploited by APT Using Commodity RATs

Researchers Break Intel SGX With New ‘SmashEx’ CPU Attack Technique

Microsoft Warns of New Security Flaw Affecting Surface Pro 3 Devices

Microsoft 365 Will Get Enhanced Insider Risk Management Tools

10/19/2021

Potential Chinese Hackers ‘LightBasin’ Targeting Telecommunications Companies

Lyceum APT Returns, This Time Targeting Tunisian Firms

BlackByte Ransomware Decryptor Released to Recover Files for Free

China’s VPN Market Now Open to Foreign Investment

Zerodium Wants Zero-Day Exploits for Windows VPN Clients

Brave Ditches Google for Its Own Privacy-Centric Search Engine

Twitter Suspends Hacker Who Allegedly Stole Data of 45 Million Argentinians

The Simmering Cybersecurity Risk of Employee Burnout
Data Breach Hits North American Dental Management

Candy Corn Maker Ferrara Hit With Ransomware

Manhasset Schools (NY) Victim of Ransomware Attack

Quickfox VPN Misconfiguration Exposes One Million Users

TA505 Gang Is Back With Newly Polished FlawedGrace RAT

About 26% Of All Malicious Javascript Threats Are Obfuscated

Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services

10/18/2021

Donald Trump’s Website Hacked by ‘Turkish and Muslim Hacktivist’ RootAyyildiz Who Previously Hit Biden Campaign Site

Agencies Say Agriculture Groups Being Targeted by BlackMatter Ransomware

State-Backed Hackers ‘Harvester’ Breach Telcos With Custom Malware

Suspected Chinese Hackers Behind Attacks on Ten Israeli Hospitals

Cyber Private Eyes Go After Hackers, Without Counterattacking

Twitter Suspends Accounts Used to Snare Security Researchers

Credit Card PINs Can Be Guessed Even When Covering the ATM Pad
Sinclair Broadcast Group Hit by Ransomware Attack, Upending Local TV Newscasts

Acer Hit With Second Cyberattack in Less Than a Week, Taiwanese Authorities Notified

Spanish Business Customer Solution Giant Atento Suffers Cyber-Attack in Brazil

Missouri Teacher Pension System Probing Possible Cyber Attack

TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings

Microsoft Asks Admins to Patch PowerShell to Fix WDAC Bypass

10/15-17/2021

Treasury: $590M Paid Out by Victims of Ransomware Attacks in First Half of 2021

U.S. Links $5.2 Billion Worth of Bitcoin Transactions to Ransomware

REvil Ransomware Shuts Down Again After Tor Sites Were Hijacked

Twitch Says No Passwords or Login Credentials Leaked in Massive Breach

Cambridge University Pauses £400m UAE Deal Over Spyware Claim

Researchers Condemn Apple’s Proposed Phone-Scanning Features

Facebook Should Clarify Terms of Service, Irish Privacy Regulator Says
Data Stolen from American Osteopath Group

Accenture Confirms Data Breach After August Ransomware Attack

Miller County (AR) Tax Assessors Office Needs Help Retrieving Info After August Ransomware Attack

Russian Cybercrime Gang ‘MirrorBlast’ Targets Finance Firms With Stealthy Macros

TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates

‘Clumsy’ BlackByte Malware Reuses Crypto Keys, Worms Into Networks

Brave Web Browser Will Add Bounce Tracking Privacy Protection

10/14/2021

World Leaders Recognize Ransomware Attacks as ‘Global Security Threat’

White House Ransomware Summit Eyes Tighter Global Scrutiny for Crypto

Agencies Warn of Cyber Threats to Water, Wastewater Systems

Google: We’re Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries

Microsoft Folds LinkedIn Social-Media Service in China

Facebook to Shield Public Figures from Cyber-harassment

House Democrats Announce Bill to Rein in Tech Algorithms

WhatsApp Rolls Out iOS, Android End-To-End Encrypted Chat Backups

Krebs: Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability
Acer Confirms Second Cyberattack in 2021 After Ransomware Incident in March

3D Printing Site Thingiverse Suffers Breach of 228,000 Email Addresses Amid Sluggish Disclosure

DocuSign Phishing Campaign Targets Low-Ranking Employees

New Yanluowang Ransomware Used in Targeted Enterprise Attacks

Malicious Chrome Ad Blocker Injects Ads Behind the Scenes

Rickroll Grad Prank Exposes Exterity IPTV Bug

Critical Remote Hacking Flaws Disclosed in Linphone and MicroSIP Softphones

Microsoft Releases Linux Version of the Windows Sysmon Tool

10/13/2021

World Leaders Call For Enhanced Cooperation to Fight Escalating Wave of Ransomware Attacks

Russia Excluded From 30-Country Meeting to Fight Ransomware and Cyber Crime

Australia to Tackle Ransomware Data Breaches by Deleting Stolen Files

30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware

Krebs: How Coinbase Phishers Steal One-Time Passwords

U.S. Officially the Top Destination for Bitcoin Miners, Beating Out China for the First Time

EU Legislation Introduced to Ban Anonymous Domain Registration

Johns Hopkins to Launch Degree Program in Cybersecurity and Policy
OpenSea ‘Free Gift’ NFTs Drain Cryptowallet Balances

Crypto Romance Scam Drains $1.4M

Verizon Digital Carrier Visible Customer Accounts Were Hacked

Brazilian E-commerce Firm Hariexpress Leaks 1.75 Billion Sensitive Files

Israel’ Hadera Hospital Hobbled by Cyber Attack

Lancaster Media Group (PA) Attacked by Ransomware

MyKings Botnet Still Active and Making Massive Amounts of Money

Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers

Apple Silently Fixes iOS Zero-Day, Asks Bug Reporter to Keep Quiet

10/12/2021

Congress Looks to Strengthen Government’s Aging Cyber Infrastructure

DOJ Sees Crypto Seizures as a Priority in Anti-Ransomware Push

U.S. Cyber Agency Hopes to Avoid the ‘Regulator’ Label

NSA Warns of Wildcard Certificate Risks, Provides Mitigations

Google Creates Cybersecurity Team to Respond to Increased Hacks

Study Reveals Android Phones Constantly Snoop on Their Users

Photo Editor Android App Still Sitting on Google Play Store Is Malware

1Password Unveils Secure Sharing Tool for Passwords, Secrets

Phishing Campaign Uses Math Symbols to Evade Detection

Dutch Police Send Warning Letters to DDoS Booter Customers

‘Nukegate’ SCANA CEO Imprisoned for Fraud
Microsoft Kills Bug Being Exploited in APT MysterySnail Espionage Campaign

Microsoft Fended Off a Record 2.4 Tbps DDoS Attack Targeting Azure Customers

Olympus US Systems Hit by Cyberattack Over the Weekend

Cyberattack Shuts Down Ecuador’s Largest Bank, Banco Pichincha

University of Sunderland Hit by Suspected Major Cyber Attack, IT Systems and Website Down

Private Hospital Group Macquarie (NSW) Health Takes System Offline Following Cyber Incident

Ransomware Attack Inhibits Servers in DeKalb County (GA)

SnapMC Hackers Skip File Encryption and Just Steal Your Files

FreakOut Botnet Now Attacks Vulnerable Video DVR Devices

PyPI Removes ‘mitmproxy2’ Over Code Execution Concerns

Krebs: Patch Tuesday, October 2021 Edition

Microsoft Revokes Insecure SSH Keys for Azure DevOps Customers

10/11/2021

UK Cyber Head Says Russia Responsible for ‘Devastating’ Ransomware Attacks

China Has Won AI Battle With U.S., Pentagon’s Ex-software Chief Says

Microsoft Reports Iranian Hackers Targeting U.S., Israeli Defense Companies

U.S. Set Out to Hobble China’s Huawei, and So It Has

Huawei Cloud Targeted by Updated Cryptomining Malware

Cybersecurity Is A Journey, Not A Destination

Google Gives Security Keys to 10,000 High-Risk Users

Facebook Says It Will Add New Safety Features, Notably for Teens on Instagram, After Bombshell Whistleblower Leak

Ukrainian Police Arrest DDoS Operator Controlling 100,000 Bots
Pacific City Bank Discloses Ransomware Attack Claimed by AvosLocker

Hacker Steals Patients’ Data From San Juan Regional Medical Center (NM)

Quest-Owned Fertility Clinic ReproSource Announces Data Breach After August Ransomware Attack

Oregon Eye Specialists Discloses Data Breach Following Employee Email Compromise

LibreOffice, OpenOffice Bug Allows Hackers to Spoof Signed Docs

GitHub Revokes Duplicate SSH Auth Keys Linked to Library Bug

Apple Releases iOS 15.0.2 for iPhone With Bug and Security Fixes

Microsoft Defender for Identity to Detect Windows Bronze Bit Attacks

10/8-10/2021

Biden Signs Bill to Strengthen K-12 School Cybersecurity

Democrats Urge Federal Agencies to Address Use of Cryptocurrencies for Ransomware Payments

Poll: Americans Think U.S. Politicians, Social Media Spread Misinformation More Than Foreign Governments

U.S. Navy Engineer Charged in Attempt to Sell Nuclear Submarine Secrets

Amnesty International Links Indian Cybersecurity Firm to Spyware Operation

Russian Orgs Heavily Targeted by Smaller Tier Ransomware Gangs

Google Warns 14,000 Gmail Users Targeted by Russian Group APT28

Bank of America Insider Charged With Money Laundering for BEC Scams
BrewDog Token Gaffe Causes Massive PII Breach

Cox Media Group Confirms Ransomware Attack That Took Down Broadcasts

Schneck Medical Center (IN) Electronic Medical Records Back Online 10 Days After Ransomware Attack

Twitch Game Page Backgrounds Defaced With Jeff Bezos’ Face

Intuit Warns Quickbooks Customers of Ongoing Phishing Attacks

Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems

Microsoft Adds Tamper Protection to Windows 11 Security Baseline

10/7/2021

Russia Charges Cybersecurity Executive Ilya Sachkov, Founder and CEO of Group-IB, With Treason

Russian Spies Reportedly Used SolarWinds Hack to Steal U.S. Counterintelligence Details

Russian-Speaking Hacking Group FIN12 Scaling up Ransomware Attacks on Hospitals

Microsoft Report Finds Russia Dominant Force Behind Cyberattacks in Past Year

Navy Warship USS Kidd Facebook Page Hacked to Stream ‘Age of Empires’ Gaming

Twitch Blames Server Error for Massive Data Leak

Twitch: No Credentials or Card Numbers Exposed in Data Breach

Research: Twitch Leak Included Emails, Passwords in Clear Text

Patching Too Tortuous for IT Pros?

SEC’s Stepped-up Cyber Scrutiny Won’t Save Shareholder Data Breach Suits

Netherlands Orders Apple to Offer More App Store Payment Methods

Firefox Now Shows Ads as Sponsored Address Bar Suggestions
State-Sponsored Chinese Group APT41 Targeted India With Tax and COVID Phishing

UK’s Weir Group Hit by Attempted Cyber Attack at End of Q3

Transdev Denies Data Stolen by Ransomware Group, Connects Leak to September Attack on Client

Ransomware Gang Hit Barlow Respiratory Hospital in Echo Park (CA)

Vidar Stealer Abuses Mastodon to Silently Get C2 Configuration

Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects

Unpatched Dahua Cams Vulnerable to Unauthenticated Remote Access

Apache Emergency Update Fixes Incomplete Patch for Exploited Bug

Microsoft Fixes Bug Blocking Azure Virtual Desktops Security Updates

Microsoft Is Disabling Excel 4.0 Macros by Default to Protect Users

Apple Now Requires All Apps to Make It Easy for Users to Delete Their Accounts

10/6/2021

TSA to Issue Regulations to Secure Rail, Aviation Groups Against Cyber Threats

U.S. Gov’t to Sue Contractors Who Hide Breach Incidents

Lawmakers Advocate for Establishment of Standalone House and Senate Cyber Panels

Ransom Disclosure Act Would Give Victims 48 Hours to Report Payments

America Urged to Prepare for Shift to Post-Quantum Cryptography

Facebook Slows New Products for ‘Reputational Reviews’

Hacker Breaches Amazon’s Twitch Video Site, Exposing Future Product Plans

Princess Haya: Dubai Ruler Had Ex-wife’s Phone Hacked – UK Court

Fired IT Admin Revenge-Hacks School by Wiping Data, Changing Passwords

Texas Man Imprisoned Over COVID-19 Hoax
Iranian Hackers Abuse Dropbox in Cyberattacks Against Aerospace and Telecom Firms

U.S. Clothing Brand Next Level Apparel Reports Phishing-Related Data Breach

Lodi Unified School District (CA) ‘Cybersecurity Issue’ Affecting Phones, Computer Systems

Cyber Attack Hits Senator Gordon (Philippines) Official Website

Actively Exploited Apache 0-Day Also Allows Remote Code Execution

Canopy Parental Control App Wide Open to Unpatched XSS Bugs

Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers

Medtronic Urgently Recalls Insulin Pump Controllers Over Hacking Concerns

Firefox Improves Advertising Tracker Blocking in Private Browsing

10/5/2021

What Happened to Facebook, WhatsApp, and Instagram?

Facebook Blames Engineering Error of ‘Our Own Making’ for Global Outage

Faulty Router Configuration

No, There Isn’t Proof That the Private Data of 1.5 Billion Facebook Users Is Being Sold by Hackers

Facebook Whistleblower: ‘Morally Bankrupt’ Social Giant Will Have to ‘Hook Kids’ to Grow

NSA Director Expects to Be Facing Ransomware Attacks ‘Every Single Day’ in Five Years

Lawmakers Introduce Bill to Identify and Protect Critical Groups From Cyber Threats

Squid Game Scenes Cut Over Data Exposure

New Yubico Security Keys Let You Use Fingerprints Instead of Passwords

One Identity Acquires OneLogin
Telegraph Newspaper Bares 10TB of Subscriber Data and Server Logs

Hackers Threaten Allen Independent School District (TX) Families After Cyberattack

Ransomware Gang Encrypts VMware ESXi Servers With Python Script

IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft

New UEFI Bootkit Used to Backdoor Windows Devices Since 2012

Apache Warns of Zero-Day Exploit in the Wild

Android October Patch Fixes Three Critical Bugs, 41 Flaws in Total

Google to Auto-Enroll 150 Million User Accounts Into 2FA

What, Exactly, Is Cybersecurity? And Why Does It Matter?

10/4/2021

Some Facebook, Instagram, WhatsApp Services Restored After Hourslong Global Outage

Krebs: What Happened to Facebook, Instagram, & WhatsApp?

Facebook Whistleblower to Testify Before Senate

Senators Warn of Chinese Technology Threats Ahead of International Meeting

UK Plans to Invest £5 Billion in Retaliatory Cyber-Attacks

Encrypted & Fileless Malware Sees Big Growth

Researcher Refuses Telegram’s Bounty Award, Discloses Auto-Delete Bug
Largest Mobile SMS Routing Firm Syniverse Discloses Five-Year-Long Breach

Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services

Tesuque Casino (NM) Reopens Tuesday After September Cyber Attack

New Atom Silo Ransomware Targets Vulnerable Confluence Servers

RaidForums Forced to Use Mirror After Brazilian Gov’t Contacts Registrar

Ukrainian Cops Cuff Two Over $150m Ransomware Gang Allegations, Seize $1.3m in Cryptocurrency

10/1-3/2021

Pandora Papers: Secret Wealth and Dealings of World Leaders Exposed

Key Findings From the Pandora Papers Investigation

White House Plans 30-Country Meeting on Cyber Crime and Ransomware

Krebs: FCC Proposal Targets SIM Swapping, Port-Out Fraud

False Election Claims Undermine Efforts to Increase Security

El Salvador Has Just Started Mining Bitcoin Using the Energy From Volcanoes

A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware Death

The Facebook Whistleblower, Frances Haugen, Says She Wants to Fix the Company, Not Harm It

DeFi Bug Accidentally Gives $90 Million to Users, Founder Begs Them to Return It

Bug Puts $162 Million up for Grabs, Says Founder of DeFi Platform Compound

UK National Cyber Force to be based in Samlesbury

Biden ‘Confident’ in the Nation’s Cybersecurity Efforts as Cybersecurity Awareness Month Begins
MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed

Sandhills Online Machinery Markets Shut Down by Ransomware Attack

MoneyLion Locks Customer Accounts After Credential Stuffing Attacks

Washington Adventist University Hit By Ransomware Attack

Johnson Memorial Health (IN) Struck by Cyberattack Saturday

IKEA: Cameras Were Hidden in the Ceiling Above Warehouse Toilets for ‘Health and Safety’

Transnational Fraud Ring Stole Millions From Army Members, Veterans

New APT ChamelGang Targets Russian Energy, Aviation Orgs

Hydra Malware Targets Customers of Germany’s Second Largest Bank

Flubot Malware Targets Androids With Fake Security Updates

9/30/2021

U.S. Lawmakers Push for New Controls on Ex-Spies Working Overseas

Data-Privacy Impasse Hangs Over U.S.-EU Trade and Technology Summit

House Approves Legislation to Protect K-12 Schools Against Cyberattacks

Thousands of University Wi-Fi Networks Expose Log-In Credentials

Military’s RFID Tracking of Guns May Endanger Troops

Baby’s Death Alleged to Be Linked to Ransomware

Scammers Capitalize on Release of New Bond Movie

RansomEXX Ransomware Linux Encryptor May Damage Victims’ Files

WireX DDoS Botnet Admin Charged for Attacking Hotel Chain

Arctic Wolf Acquires ‘Hollywood-Style’ Cybersecurity Training Startup Habitu8

How Yahoo Built a Culture of Cybersecurity
JVCKenwood Hit by Conti Ransomware Claiming Theft of 1.5TB Data

Neiman Marcus Says Notified 4.6 Million Customers About Data Breach

Schneck Medical Center (IN) Suspends IT Systems in Response to Ongoing Cyberattack

Stonington Public School System (CT) Targeted by Ransomware Hackers

Innovative Proxy Phantom ATO Fraud Ring Haunts eCommerce Accounts

GhostEmperor Hackers Use New Windows 10 Rootkit in Attacks

Fake Amnesty International Pegasus Scanner Used to Infect Windows

New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught

QNAP Fixes Bug That Let Attackers Run Malicious Commands Remotely

Google Emergency Update Fixes Two Chrome Zero Days