10/14/2021

World Leaders Recognize Ransomware Attacks as ‘Global Security Threat’

White House Ransomware Summit Eyes Tighter Global Scrutiny for Crypto

Agencies Warn of Cyber Threats to Water, Wastewater Systems

Google: We’re Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries

Microsoft Folds LinkedIn Social-Media Service in China

Facebook to Shield Public Figures from Cyber-harassment

House Democrats Announce Bill to Rein in Tech Algorithms

WhatsApp Rolls Out iOS, Android End-To-End Encrypted Chat Backups

Krebs: Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability
Acer Confirms Second Cyberattack in 2021 After Ransomware Incident in March

3D Printing Site Thingiverse Suffers Breach of 228,000 Email Addresses Amid Sluggish Disclosure

DocuSign Phishing Campaign Targets Low-Ranking Employees

New Yanluowang Ransomware Used in Targeted Enterprise Attacks

Malicious Chrome Ad Blocker Injects Ads Behind the Scenes

Rickroll Grad Prank Exposes Exterity IPTV Bug

Critical Remote Hacking Flaws Disclosed in Linphone and MicroSIP Softphones

Microsoft Releases Linux Version of the Windows Sysmon Tool

10/13/2021

World Leaders Call For Enhanced Cooperation to Fight Escalating Wave of Ransomware Attacks

Russia Excluded From 30-Country Meeting to Fight Ransomware and Cyber Crime

Australia to Tackle Ransomware Data Breaches by Deleting Stolen Files

30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware

Krebs: How Coinbase Phishers Steal One-Time Passwords

U.S. Officially the Top Destination for Bitcoin Miners, Beating Out China for the First Time

EU Legislation Introduced to Ban Anonymous Domain Registration

Johns Hopkins to Launch Degree Program in Cybersecurity and Policy
OpenSea ‘Free Gift’ NFTs Drain Cryptowallet Balances

Crypto Romance Scam Drains $1.4M

Verizon Digital Carrier Visible Customer Accounts Were Hacked

Brazilian E-commerce Firm Hariexpress Leaks 1.75 Billion Sensitive Files

Israel’ Hadera Hospital Hobbled by Cyber Attack

Lancaster Media Group (PA) Attacked by Ransomware

MyKings Botnet Still Active and Making Massive Amounts of Money

Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers

Apple Silently Fixes iOS Zero-Day, Asks Bug Reporter to Keep Quiet

10/12/2021

Congress Looks to Strengthen Government’s Aging Cyber Infrastructure

DOJ Sees Crypto Seizures as a Priority in Anti-Ransomware Push

U.S. Cyber Agency Hopes to Avoid the ‘Regulator’ Label

NSA Warns of Wildcard Certificate Risks, Provides Mitigations

Google Creates Cybersecurity Team to Respond to Increased Hacks

Study Reveals Android Phones Constantly Snoop on Their Users

Photo Editor Android App Still Sitting on Google Play Store Is Malware

1Password Unveils Secure Sharing Tool for Passwords, Secrets

Phishing Campaign Uses Math Symbols to Evade Detection

Dutch Police Send Warning Letters to DDoS Booter Customers

‘Nukegate’ SCANA CEO Imprisoned for Fraud
Microsoft Kills Bug Being Exploited in APT MysterySnail Espionage Campaign

Microsoft Fended Off a Record 2.4 Tbps DDoS Attack Targeting Azure Customers

Olympus US Systems Hit by Cyberattack Over the Weekend

Cyberattack Shuts Down Ecuador’s Largest Bank, Banco Pichincha

University of Sunderland Hit by Suspected Major Cyber Attack, IT Systems and Website Down

Private Hospital Group Macquarie (NSW) Health Takes System Offline Following Cyber Incident

Ransomware Attack Inhibits Servers in DeKalb County (GA)

SnapMC Hackers Skip File Encryption and Just Steal Your Files

FreakOut Botnet Now Attacks Vulnerable Video DVR Devices

PyPI Removes ‘mitmproxy2’ Over Code Execution Concerns

Krebs: Patch Tuesday, October 2021 Edition

Microsoft Revokes Insecure SSH Keys for Azure DevOps Customers

10/11/2021

UK Cyber Head Says Russia Responsible for ‘Devastating’ Ransomware Attacks

China Has Won AI Battle With U.S., Pentagon’s Ex-software Chief Says

Microsoft Reports Iranian Hackers Targeting U.S., Israeli Defense Companies

U.S. Set Out to Hobble China’s Huawei, and So It Has

Huawei Cloud Targeted by Updated Cryptomining Malware

Cybersecurity Is A Journey, Not A Destination

Google Gives Security Keys to 10,000 High-Risk Users

Facebook Says It Will Add New Safety Features, Notably for Teens on Instagram, After Bombshell Whistleblower Leak

Ukrainian Police Arrest DDoS Operator Controlling 100,000 Bots
Pacific City Bank Discloses Ransomware Attack Claimed by AvosLocker

Hacker Steals Patients’ Data From San Juan Regional Medical Center (NM)

Quest-Owned Fertility Clinic ReproSource Announces Data Breach After August Ransomware Attack

Oregon Eye Specialists Discloses Data Breach Following Employee Email Compromise

LibreOffice, OpenOffice Bug Allows Hackers to Spoof Signed Docs

GitHub Revokes Duplicate SSH Auth Keys Linked to Library Bug

Apple Releases iOS 15.0.2 for iPhone With Bug and Security Fixes

Microsoft Defender for Identity to Detect Windows Bronze Bit Attacks

10/8-10/2021

Biden Signs Bill to Strengthen K-12 School Cybersecurity

Democrats Urge Federal Agencies to Address Use of Cryptocurrencies for Ransomware Payments

Poll: Americans Think U.S. Politicians, Social Media Spread Misinformation More Than Foreign Governments

U.S. Navy Engineer Charged in Attempt to Sell Nuclear Submarine Secrets

Amnesty International Links Indian Cybersecurity Firm to Spyware Operation

Russian Orgs Heavily Targeted by Smaller Tier Ransomware Gangs

Google Warns 14,000 Gmail Users Targeted by Russian Group APT28

Bank of America Insider Charged With Money Laundering for BEC Scams
BrewDog Token Gaffe Causes Massive PII Breach

Cox Media Group Confirms Ransomware Attack That Took Down Broadcasts

Schneck Medical Center (IN) Electronic Medical Records Back Online 10 Days After Ransomware Attack

Twitch Game Page Backgrounds Defaced With Jeff Bezos’ Face

Intuit Warns Quickbooks Customers of Ongoing Phishing Attacks

Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems

Microsoft Adds Tamper Protection to Windows 11 Security Baseline

10/7/2021

Russia Charges Cybersecurity Executive Ilya Sachkov, Founder and CEO of Group-IB, With Treason

Russian Spies Reportedly Used SolarWinds Hack to Steal U.S. Counterintelligence Details

Russian-Speaking Hacking Group FIN12 Scaling up Ransomware Attacks on Hospitals

Microsoft Report Finds Russia Dominant Force Behind Cyberattacks in Past Year

Navy Warship USS Kidd Facebook Page Hacked to Stream ‘Age of Empires’ Gaming

Twitch Blames Server Error for Massive Data Leak

Twitch: No Credentials or Card Numbers Exposed in Data Breach

Research: Twitch Leak Included Emails, Passwords in Clear Text

Patching Too Tortuous for IT Pros?

SEC’s Stepped-up Cyber Scrutiny Won’t Save Shareholder Data Breach Suits

Netherlands Orders Apple to Offer More App Store Payment Methods

Firefox Now Shows Ads as Sponsored Address Bar Suggestions
State-Sponsored Chinese Group APT41 Targeted India With Tax and COVID Phishing

UK’s Weir Group Hit by Attempted Cyber Attack at End of Q3

Transdev Denies Data Stolen by Ransomware Group, Connects Leak to September Attack on Client

Ransomware Gang Hit Barlow Respiratory Hospital in Echo Park (CA)

Vidar Stealer Abuses Mastodon to Silently Get C2 Configuration

Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects

Unpatched Dahua Cams Vulnerable to Unauthenticated Remote Access

Apache Emergency Update Fixes Incomplete Patch for Exploited Bug

Microsoft Fixes Bug Blocking Azure Virtual Desktops Security Updates

Microsoft Is Disabling Excel 4.0 Macros by Default to Protect Users

Apple Now Requires All Apps to Make It Easy for Users to Delete Their Accounts

10/6/2021

TSA to Issue Regulations to Secure Rail, Aviation Groups Against Cyber Threats

U.S. Gov’t to Sue Contractors Who Hide Breach Incidents

Lawmakers Advocate for Establishment of Standalone House and Senate Cyber Panels

Ransom Disclosure Act Would Give Victims 48 Hours to Report Payments

America Urged to Prepare for Shift to Post-Quantum Cryptography

Facebook Slows New Products for ‘Reputational Reviews’

Hacker Breaches Amazon’s Twitch Video Site, Exposing Future Product Plans

Princess Haya: Dubai Ruler Had Ex-wife’s Phone Hacked – UK Court

Fired IT Admin Revenge-Hacks School by Wiping Data, Changing Passwords

Texas Man Imprisoned Over COVID-19 Hoax
Iranian Hackers Abuse Dropbox in Cyberattacks Against Aerospace and Telecom Firms

U.S. Clothing Brand Next Level Apparel Reports Phishing-Related Data Breach

Lodi Unified School District (CA) ‘Cybersecurity Issue’ Affecting Phones, Computer Systems

Cyber Attack Hits Senator Gordon (Philippines) Official Website

Actively Exploited Apache 0-Day Also Allows Remote Code Execution

Canopy Parental Control App Wide Open to Unpatched XSS Bugs

Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers

Medtronic Urgently Recalls Insulin Pump Controllers Over Hacking Concerns

Firefox Improves Advertising Tracker Blocking in Private Browsing

10/5/2021

What Happened to Facebook, WhatsApp, and Instagram?

Facebook Blames Engineering Error of ‘Our Own Making’ for Global Outage

Faulty Router Configuration

No, There Isn’t Proof That the Private Data of 1.5 Billion Facebook Users Is Being Sold by Hackers

Facebook Whistleblower: ‘Morally Bankrupt’ Social Giant Will Have to ‘Hook Kids’ to Grow

NSA Director Expects to Be Facing Ransomware Attacks ‘Every Single Day’ in Five Years

Lawmakers Introduce Bill to Identify and Protect Critical Groups From Cyber Threats

Squid Game Scenes Cut Over Data Exposure

New Yubico Security Keys Let You Use Fingerprints Instead of Passwords

One Identity Acquires OneLogin
Telegraph Newspaper Bares 10TB of Subscriber Data and Server Logs

Hackers Threaten Allen Independent School District (TX) Families After Cyberattack

Ransomware Gang Encrypts VMware ESXi Servers With Python Script

IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft

New UEFI Bootkit Used to Backdoor Windows Devices Since 2012

Apache Warns of Zero-Day Exploit in the Wild

Android October Patch Fixes Three Critical Bugs, 41 Flaws in Total

Google to Auto-Enroll 150 Million User Accounts Into 2FA

What, Exactly, Is Cybersecurity? And Why Does It Matter?

10/4/2021

Some Facebook, Instagram, WhatsApp Services Restored After Hourslong Global Outage

Krebs: What Happened to Facebook, Instagram, & WhatsApp?

Facebook Whistleblower to Testify Before Senate

Senators Warn of Chinese Technology Threats Ahead of International Meeting

UK Plans to Invest £5 Billion in Retaliatory Cyber-Attacks

Encrypted & Fileless Malware Sees Big Growth

Researcher Refuses Telegram’s Bounty Award, Discloses Auto-Delete Bug
Largest Mobile SMS Routing Firm Syniverse Discloses Five-Year-Long Breach

Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services

Tesuque Casino (NM) Reopens Tuesday After September Cyber Attack

New Atom Silo Ransomware Targets Vulnerable Confluence Servers

RaidForums Forced to Use Mirror After Brazilian Gov’t Contacts Registrar

Ukrainian Cops Cuff Two Over $150m Ransomware Gang Allegations, Seize $1.3m in Cryptocurrency

10/1-3/2021

Pandora Papers: Secret Wealth and Dealings of World Leaders Exposed

Key Findings From the Pandora Papers Investigation

White House Plans 30-Country Meeting on Cyber Crime and Ransomware

Krebs: FCC Proposal Targets SIM Swapping, Port-Out Fraud

False Election Claims Undermine Efforts to Increase Security

El Salvador Has Just Started Mining Bitcoin Using the Energy From Volcanoes

A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware Death

The Facebook Whistleblower, Frances Haugen, Says She Wants to Fix the Company, Not Harm It

DeFi Bug Accidentally Gives $90 Million to Users, Founder Begs Them to Return It

Bug Puts $162 Million up for Grabs, Says Founder of DeFi Platform Compound

UK National Cyber Force to be based in Samlesbury

Biden ‘Confident’ in the Nation’s Cybersecurity Efforts as Cybersecurity Awareness Month Begins
MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed

Sandhills Online Machinery Markets Shut Down by Ransomware Attack

MoneyLion Locks Customer Accounts After Credential Stuffing Attacks

Washington Adventist University Hit By Ransomware Attack

Johnson Memorial Health (IN) Struck by Cyberattack Saturday

IKEA: Cameras Were Hidden in the Ceiling Above Warehouse Toilets for ‘Health and Safety’

Transnational Fraud Ring Stole Millions From Army Members, Veterans

New APT ChamelGang Targets Russian Energy, Aviation Orgs

Hydra Malware Targets Customers of Germany’s Second Largest Bank

Flubot Malware Targets Androids With Fake Security Updates

9/30/2021

U.S. Lawmakers Push for New Controls on Ex-Spies Working Overseas

Data-Privacy Impasse Hangs Over U.S.-EU Trade and Technology Summit

House Approves Legislation to Protect K-12 Schools Against Cyberattacks

Thousands of University Wi-Fi Networks Expose Log-In Credentials

Military’s RFID Tracking of Guns May Endanger Troops

Baby’s Death Alleged to Be Linked to Ransomware

Scammers Capitalize on Release of New Bond Movie

RansomEXX Ransomware Linux Encryptor May Damage Victims’ Files

WireX DDoS Botnet Admin Charged for Attacking Hotel Chain

Arctic Wolf Acquires ‘Hollywood-Style’ Cybersecurity Training Startup Habitu8

How Yahoo Built a Culture of Cybersecurity
JVCKenwood Hit by Conti Ransomware Claiming Theft of 1.5TB Data

Neiman Marcus Says Notified 4.6 Million Customers About Data Breach

Schneck Medical Center (IN) Suspends IT Systems in Response to Ongoing Cyberattack

Stonington Public School System (CT) Targeted by Ransomware Hackers

Innovative Proxy Phantom ATO Fraud Ring Haunts eCommerce Accounts

GhostEmperor Hackers Use New Windows 10 Rootkit in Attacks

Fake Amnesty International Pegasus Scanner Used to Infect Windows

New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught

QNAP Fixes Bug That Let Attackers Run Malicious Commands Remotely

Google Emergency Update Fixes Two Chrome Zero Days