11/30/2021

MI6 Boss Warns of China ‘Debt Traps and Data Traps’

Democrat Congressman Bobby Rush Pushes for Pipeline Reliability Standards

Ransomware vs. Cities: A Cyber War

Finland Faces Blizzard of Flubot-Spreading Text Messages Targeting Android Users

Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks

Smartwatches for Children Are a Privacy and Security Nightmare

Texas School District to Scan Children’s Devices

FBI Seized $2.2M From Affiliate of REvil, Gandcrab Ransomware Gangs

Finding Your Niche in Cybersecurity
DNA Testing Firm DNA Diagnostics Center Discloses Data Breach Affecting 2.1 Million People

Queensland Government Energy Generator Hit by Ransomware

Hackers Plant Card-Stealing Malware on Sealand Website That Sells Baron and Duke Titles

Boulder Neurosurgical & Spine Associates (CO) Hit With Data Breach

Yanluowang Ransomware Tied to Thieflock Threat Actor

Sabbath Ransomware Group Rebrands Multiple Times to Evade Detection

EwDoor Botnet Targets AT&T Network Edge Devices at U.S. Firms

Visiting a Booby-Trapped Webpage Could Give Attackers Code Execution Privileges on HP Network Printers

Microsoft Defender Scares Admins With Emotet False Positives

11/29/2021

North Korean APT ScarCruft (aka APT37) Mounts Desktop/Mobile Double-Pronged Spy Attacks with Chinotto Malware

Lawmakers Take Aim At ‘Grinches’ Using Bots to Target Consumers During Holidays

CISA Seeks Extra Email Protection

The True Cost Of Rising Cyber Threats, According To A Cybersecurity CFO

Cybersecurity Graduates Are Doubling, but That’s Still Not Going to Fix the Skills Crisis

Phishing Remains the Most Common Cause of Data Breaches

Inside Intel’s Secret Warehouse in Costa Rica

Dark Web Market Cannazon Shuts Down After Massive DDoS Attack

Australia Will Force Social Networks to Identify Trolls, so They Can Be Sued for Defamation
Stealthy WIRTE Hackers Target Governments in the Middle East

Data Breach at Panasonic

Wind Turbine Maker Vestas Confirms Recent Security Incident Was Ransomware

Kentucky Energy and Environment Cabinet Suffered Data Breach in September on Mining Permit Applications

Data Breaches at Huntington Hospital (NY) and Southwestern Vermont Medical Center

In Addition to LCCC, Cyber Attack Closes RiverBend Growth Association (IL)

4 Android Banking Trojan Campaigns Targeted Over 300,000 Devices in 2021

Zoom Finally Adds Automatic Updates to Windows, macOS Clients

11/26-28/2021

Beijing Presses Didi to Delist From U.S. Over Data Security Fears

Italy’s Antitrust Regulator Fines Google and Apple for “Aggressive” Data Practices

Israel Defense Ministry Slashes Cyber Export List, Drops Saudi Arabia, UAE

Krebs: The Internet is Held Together With Spit & Baling Wire

Massive Hack Gave Police a Window on Cocaine, Cash and Killers

Interpol Arrests Over 1,000 Suspects Linked to Cyber Crime

‘AI Will Revolutionize Every Aspect of Connectivity,’ Argue Cyber Experts
Israel and Iran Broaden Cyberwar to Attack Civilian Targets

IKEA Email Systems Hit by Ongoing Cyberattack

Small-Town Japanese Hospital to Resist Paying Ransom After Cyberattack

Google Warns Crypto Miners Are Using Compromised Cloud Accounts

TrickBot Phishing Checks Screen Resolution to Evade Researchers

New Windows 10 Zero-Day Gives Admin Rights, Gets Unofficial Patch

Cyber Monday Shoppers Warned of Attacks Where Scammers Try to Extort You

11/25/2021

Tencent Must Get Approval From Chinese Regulators Before Publishing New Apps and Updates

How Cybercriminals Adjusted Their Scams for Black Friday 2021

New Twists on Gift-Card Scams Flourish on Black Friday

Black Friday: How to Avoid Being Scammed by Cybersecurity Criminals Who Are Using Cryptos

UK and German Police Take Down 21 Jihadist Websites

UK Government Transport Website Caught Showing Porn

Cybersecurity Recruitment, Training Misses the Mark
Scammers Hack Mazda USA’s Official Instagram Page On Thanksgiving

Data Breach at True Health New Mexico Impacts 62,000 State Residents

International Vessel Owner Swire Pacific Offshore Hit by Cybersecurity Breach

Discord Malware Campaign Targets Crypto and NFT Communities

New Linux Malware Hides in Cron Jobs With Invalid Dates

Microsoft Defender for Endpoint Laid Low by Another Buggy Windows Patch

11/24/2021

FBI: Online Shoppers Risk Losing Over $53M to Holiday Scams

Apple’s Pegasus Lawsuit a ‘Declaration of War’ Against Offensive Software Developers, Says Kaspersky Director

APT C-23 Hackers Using New Android Spyware Variant to Target Middle East Users

Hit by Ransomware? Make Sure You Don’t Make This First Obvious Mistake

Ukraine Arrests ‘Phoenix’ Hackers Behind Apple Phishing Attacks

Joke Hitman Website Catches Plotting Michigander

Germany to Force ISPs to Give Discounts for Slow Internet Speeds
GoDaddy Breach Widens to Include Reseller Subsidiaries

Ransomware Attack Shuts Down Lewis and Clark Community College (IL) Campuses

Seneca Family of Agencies Data Breach Impacts Thousands of Sonoma County (CA) Recipients

Hackers Exploit Microsoft MSHTML Bug to Steal Google, Instagram Creds

Stealthy New Javascript Malware Infects Windows PCs With RATs

Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally

11/23/2021

Apple Sues NSO Group for Hacking iPhones on Behalf of Governments

Palantir CEO Says Companies Working With U.S. Adversaries Should Justify Their Position

Russian Cybersecurity Executive Appeals to Putin as Detention for Treason Extended

Tardigrade Hackers Target Big Pharma Vaccine Makers With Stealthy Malware

FBI Warns of Phishing Targeting High-Profile Brands’ Customers

Norsk Hydro Probe Shows Slow Pace of International Ransomware Cases

Common Cloud Misconfigurations Exploited in Minutes, Report

Telecommunications Industry Ombudsman Wants Telcos to Have 24-Hour Fraud Hotline

The Best Black Friday 2021 Security, IT, VPN, & Antivirus Deals
UK Ministry of Justice Secures HVAC Systems ‘Protected’ by Passwordless Wi-Fi After Tipoff

French Firm Bureau Veritas Hit by Cyberattack on Cybersecurity System

Ohio Election Security Tested After Attempted Hack in Lake County

Over Nine Million Android Devices Infected by Info-Stealing Trojan

Malware Now Trying to Exploit New Windows Installer Zero-Day

Researchers Warn of Severe Risks From ‘Printjack’ Printer Attacks

Microsoft Edge Adds Super Duper Secure Mode to Stable Channel

How Tech Companies Can Help Solve The Cybersecurity Skills Shortage

11/22/2021

Authorities Warn Organizations to Be on Guard Against Hackers During Thanksgiving Holiday

Increased Ransomware

Online Merchants: Prevent Fraudsters from Becoming Holiday Grinches

Hackers Circle as Individual Investors Pour Cash Into Crypto

Biomanufacturing Companies Getting Hit by Hackers Potentially Linked to Russia

Inside Saint John’s Response to a ‘Devastating’ 2020 Cyberattack

Krebs: Arrest in ‘Ransom Your Employer’ Email Scheme

Bug Bounties Surge as Firms Compete for Talent

Biometric Auth Bypassed Using Fingerprint Photo, Printer, and Glue

CrowdStrike Tops List of Most Valuable Public Cybersecurity Companies On Deloitte’s Technology Fast 500

Cybersecurity Startup XM Cyber Acquired for $700 Million by Schwarz Group

10 Stocking Stuffers for Security Geeks
GoDaddy Discloses Security Breach That Exposed 1.2 Million WordPress Customer Accounts

U.S. Education Software Company SmarterSelect Exposed Personal Data of 1.2M Students

Wind Turbine Giant Vestas Wind System Offline After Cyber Incident

Accounting Firm PKF and Queensland Rugby Union Hit by Hackers as Landmark Bill Looms

Data From Millions of Brazilians Exposed in Wi-Fi Management Software Firm WSpot Leak

UK Gov’t Warns Thousands of SMBs Their Online Stores Were Hacked

Dorset Council Suspected Data Breach to Be Investigated

Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws

Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover

New Windows Zero-Day With Public Exploit Lets You Become an Admin

Exploit Released for Microsoft Exchange RCE Bug, Patch Now

11/19-21/2021

Lawmakers Increasingly Anxious About U.S. Efforts Against Russian Hackers

U.S. Regulators Order Banks to Report Cyberattacks Within 36 Hours

More Than $500M for Cybersecurity Included in Sweeping House-Passed Package

U.S. SEC Warns Investors of Ongoing Gov’t Impersonation Attacks

Fake TSA PreCheck Sites Scam U.S. Travelers With Fake Renewals

Krebs: The ‘Zelle Fraud’ Scam; How it Works, How to Fight Back

Criminals Have Made off With Over $10 Billion in ‘DeFi’ Scams and Thefts This Year

Less than Half of Consumers Change Passwords Post-Breach

Indonesia Probe Police Hack in Latest Cyber Breach

Canadian Teen Nabbed in $36.5m Crypto Heist – Possibly the Biggest Haul Yet by a Single Individual

Brit Admits Role in International Movie Piracy Ring
Attempted Data Breach of Lake County (OH) Board of Elections Used to Fuel Voter-Fraud Lies

Premier Property Lawyers: Police Investigate Firm’s IT Incident

Radiology Center Utah Imaging Associates Hit by Data Breach Affecting 582k Patients

Riviera Utilities (AL) Hit by Cyber Attack Affecting Email Systems

Iran’s Mahan Air Says It Foiled Cyber Attack on Systems

Emotet Botnet Comeback Orchestrated by Conti Ransomware Gang

6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years

Microsoft Exchange Servers Hacked in Internal Reply-Chain Attacks

Microsoft Authenticator Gets New Enterprise Security Features

Microsoft: Office 365 Will Boost Default Protection for All Users

11/18/2021

EPA’s Cybersecurity Oversight of Water Sector Falls Short, Report Says

Hundreds Participate in Electric Grid Cyberattack Simulation Amid Increasing Threats

North Korean Cyberspies Target Gov’t Officials With Custom Malware

Iran Is ‘Leapfrogging Our Defenses’ in a Cyber War ‘My Gut Is We Lose’: Hacking Expert Kevin Mandia

China’s APT41 Manages Library of Breached Certificates

DOJ Charges Two Iranians With Interference in 2020 Election

Boffins Find Way to Use a Standard Smartphone to Find Hidden Spy Cams

70% Of Security and IT Pros Find Security Hygiene and Posture Increasingly Challenging Over the Past 2 Years

Heavy Workloads Are Taking Their Toll For Those On Frontlines Of Cybersecurity Wars

Dark Web Crooks Are Now Teaching Courses on How to Build Botnets
Ransomware Phishing Emails Sneak Through SEGs

Thousands of Firefox Users Accidentally Commit Login Cookies on Github

Hackers Deploy Linux Malware, Web Skimmer on E-commerce Servers

Android Malware BrazKing Returns as a Stealthier Banking Trojan

New Memento Ransomware Switches to WinRar After Failing at Encryption

RedCurl Corporate Espionage Hackers Resume Attacks With Updated Tools

Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials

FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months

Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models

11/17/2021

Russian Ransomware Gangs Start Collaborating With Chinese Hackers

Vaccine Research Among Cyber Attack Targets

Phishing Scam Aims to Hijack TikTok ‘Influencer’ Accounts

CISA Releases Cybersecurity Response Plans for Federal Agencies

Organizations More Susceptible to Ransomware Attacks During Weekends and Holidays

Krebs: Tech CEO Pleads to Wire Fraud in IP Address Scheme

U.S. to Sell $56M in Seized Cryptocurrency

UK Government Publishes Guidance on Security Rules for Tech Takeovers

South Korean Privacy Watchdog Apologises for Violating Privacy While Mediating Privacy Lawsuit
Officials Warn That Hackers Linked to Iranian Government Are Targeting Critical Sectors

Israel’s Candiru Spyware Found Linked to Watering Hole Attacks in UK and Middle East

Eskenazi (IN) Patients Receive Letters Alerting Them of Cyber Security Breach 6 Months Ago

Plumas County (CA) Administrator Addresses Cyber Attack

California Pizza Kitchen Data Breach Exposes Personal Information: Murphy Law Firm 

Most SS7 Exploit Service Providers on Dark Web Are Scammers

Netflix Bait: Phishers Target Streamers with Fake Service Signups

Hackers Targeting Myanmar Use Domain Fronting to Hide Malicious Activities

11/16/2021

Biden, Xi Hold Virtual Summit Amid Rising U.S.-China Tensions

Report Implicates Belarus in Anti-NATO ‘Ghostwriter’ Cyber Campaign

Facebook Disrupts Pakistani Hacking Group Targeting Afghan Users

Microsoft Warns of the Evolution of Six Iranian Hacking Groups

Oversight Finds ‘Small Lapses’ in Security Led to Colonial Pipeline, JBS Hacks

FBI Calls For Firms to Report Hacks Directly to Law Enforcement

These Are the Cryptomixers Hackers Use to Clean Their Ransoms

Evil Corp: ‘My Hunt for the World’s Most Wanted Hackers’

FBI Email Hoaxer ID’ed by the Guy He Allegedly Loves to Torment

In Alabama, Training for Cyber Crime and Competing in War Games

Ethical Hackers Stymie $27B of Cybercrime
200M Adult Cam Model, User Records Exposed in Stripchat Breach

Hackers Compromised Middle East Eye News Website to Hack Visitors, Researchers Say

Burnie City (Tas) Council Hackers Left Their Contact Details: Mayor

Delta-Montrose Electric Association (CO) Grapples With ‘Targeted Effort’ on Its Internal Network

Here Are the New Emotet Spam Campaigns Hitting Mailboxes Worldwide

WordPress Sites Are Being Hacked in Fake Ransomware Attacks

Inside Story of Ransomware Repeatedly Masquerading as a Popular JS Library for Roblox Gamers

GitHub Fixes Authorisation Vulnerability in the NPM JavaScript Package Registry

Microsoft Adds AI-Driven Ransomware Protection to Defender

Researchers Demonstrate New Way to Detect MitM Phishing Kits in the Wild

Ransomware Gangs Are Now Rich Enough to Buy Zero-Day Flaws, Say Researchers

11/15/2021

Bipartisan Commission Urges U.S. Take Immediate Steps to Curb Online Misinformation

Moses Staff Hackers Wreak Havoc on Israeli Orgs With Ransomless Encryptions

Cyber Attack Victims Won’t Be Allowed to Pay More Than $100K in Ransom Under New Bill

How to Negotiate With Ransomware Attackers

The Best Ransomware Response, According to the Data

Scam Spotter Campaign Flags Gift Card Fraud

DHS Announces New Program to Attract and Retain Cybersecurity Talent

Demand for Qualified Cybersecurity Workers Is Soaring

U.S. Journalist Danny Fenster Imprisoned for Spreading False Information is Freed in Myanmar
7 Million Robinhood User Email Addresses for Sale on Hacker Forum

Hackers Leak Kent School Files in ‘Highly Sophisticated’ Cyber Attack

Center for Human Development (CHD) Warns of Data Breach Exposing Employees, Individuals Served

Cybercriminals Target Alibaba Cloud for Cryptomining, Malware

Rowhammer Attacks: DDR4 Ram Defenses Broken Again

Emotet Malware Is Back and Rebuilding Its Botnet via TrickBot

High-Severity Intel Processor Bug Exposes Encryption Keys

New Microsoft Emergency Updates Fix Windows Server Auth Issues

11/12-14/2021

Hacker Sends Spam to 100,000 From FBI Email Address

Fake Cybersecurity Warnings

FBI Says Hackers Got No Data After Compromising Email Server

Krebs: Hoax Email Blast Abused Poor Coding in FBI Website

Senate Democrats Urge Government to Do More to Protect K-12 Schools Against Hackers

FTC Shares Ransomware Defense Tips for Small U.S. Businesses

U.S. To Partner With Israel to Combat Ransomware Attacks

China Regulator Proposes Cybersecurity Review for Some Hong Kong IPOs

China’s Next Generation of Hackers Won’t Be Criminals: That’s a Problem

Bitcoin’s Biggest Upgrade in Four Years Just Happened – Here’s What Changes

Security Company Randori Faces Backlash for Waiting 12 Months to Disclose Palo Alto 0-Day

Surveillance Firm WiSpear Pays $1 Million Fine After ‘Spy Van’ Scandal

U.S. Accuses Russian of Money Laundering for Ryuk Ransomware Gang
Costco Confirms: A Data Skimmer’s Been Ripping Off Customers

Spanish Brewery Sociedad Anónima Damm, Maker of Estrella Damm, Paralyzed by Cyber-Attack

West Virginia Parkways Authority Hit by Cyber-Attack

Ransomware Experts Question Massive Pysa/Mespinoza Victim Dump

Hackers Increasingly Using HTML Smuggling in Malware and Phishing Attacks

QBot Returns for a New Wave of Infections Using Squirrelwaffle

Fake End-To-End Encrypted Chat App Distributes Android Spyware

Mac Zero Day Targets Apple Devices in Hong Kong

CISA Warns of Equipment Vulnerabilities From Multiple Vendors

AMD Reveals an Epyc 50 Flaws – 23 of Them Rated High Severity; Intel Has 25 Bugs, Too

Zero-Day Bug in All Windows Versions Gets Free Unofficial Patch

These Are the Top-Level Domains Threat Actors Like the Most

Open Source Project Aims to Detect Living-Off-the-Land Attacks

11/11/2021

Biden Signs Into Law Bill to Secure Telecommunications Systems Against Foreign Threats

Harris Calls for Global Action on Cyber Threats After U.S. Joins International Effort

Dutch Newspaper Accuses U.S. Spy Agencies of Orchestrating 2016 booking.com Breach

China Still Steals Commercial Secrets for Its Own Firms’ Profit

Congress Mulls Ban on Big Ransom Payouts Unless Victims Get Official Say-So

CEO of Blacklisted Spyware Firm NSO Group Quits

CyberVetsUSA Pilots Nebraska Project

Gmail Accounts Are Used in 91% Of All Baiting Email Attacks

Russian ‘King of Fraud’ Sentenced to 10 Years for Methbot Scheme

Expect 2022 to Be the Year of Cybersecurity
Dallas Police Surveillance Footage Leaked

Southern Ohio Medical Center Diverting Ambulances After Apparent Cyber Attack

Back-to-Back PlayStation 5 Hacks Hit on the Same Day

Tiny Font Size Fools Email Filters in BEC Phishing

Careful: ‘Smart TV Remote’ Android App on Google Play Is Malware

Magniber Ransomware Gang Now Exploits Internet Explorer Flaws in Attacks

BotenaGo Botnet Targets Millions of IoT Devices With 33 Exploits

Windows 10 App Installer Abused in BazarLoader Malware Attacks

AMD Fixes Dozens of Windows 10 Graphics Driver Security Bugs

Google Debuts ClusterFuzzLite Security Tool for CI, CD Workflows

11/10/2021

Letter From Former High-Ranking National Security Officials To Congress: Election Subversion Poses National Security Threat

Harris, Macron Unveil New Initiatives on Space, Cybersecurity After Meeting

States Try to ‘Parallel’ Federal Orders on Cybersecurity, Officials Say

FBI Warns of Iranian Hackers Looking to Buy Us Orgs’ Stolen Data

Lazarus Hackers Target Researchers With Trojanized IDA Pro

Hacker-for-Hire Group ‘Void Balaur’ Spied on More Than 3,500 Targets in 18 Months

New Android Spyware ‘PhoneSpy’ Found in South Korea Poses Pegasus-Like Threat

TrickBot Teams up With Shatak Phishers for Conti Ransomware Attacks

Cyber Agency Beefing up Disinformation, Misinformation Team

Krebs: SMS About Bank Fraud as a Pretext for Voice Phishing

Businesses Don’t Know How to Manage VPN Security Properly – And Cyber Criminals Are Taking Advantage

How to Spot and Block Cryptominers on Your Network

Firms Will Struggle to Secure Extended Attack Surface in 2022

These Industries Were the Most Affected by the Past Year of Ransomware Attacks

In Ransomware Fight, FBI Balances Unlocking Victims’ Data and Chasing Attackers

Former Broadcom Engineer Accused of Pinching Chip Tech to Share With New Chinese Employer

In a Quantum Future, Our Economy Needs to Be Protected: A Cybersecurity Expert Explains Why
Brittany Ferries ‘Fesses up to Leaks Caused by Routine Website Update

Stor-a-File Hit by Ransomware After Crooks Target SolarWinds Serv-U FTP Software

HPE Says Hackers Breached Aruba Central Using Stolen Access Key

Telnyx Is the Latest VoIP Provider Hit With DDoS Attacks

Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access

Queensland Water Supplier Sunwater Targeted by Hackers in Months-Long Undetected Cyber Security Breach

Summer Data Breach at Lander University (SC) Caught Before Paychecks Diverted

Central Health (NL) Also Impacted by Cyber Attack, Investigation Ongoing

City of Moline (IL) Falls Victim of Cyber Attack Now Under Federal Investigation

New Android Malware ‘MasterFred’ Targets Netflix, Instagram, and Twitter Users

Massive Zero-Day Hole Found in Palo Alto Security Appliances

13 New Flaws in Siemens Nucleus TCP/IP Stack Impact Safety-Critical Equipment

WP Reset PRO Bug Lets Hackers Wipe WordPress Sites

Microsoft Patches Excel Zero-Day Used in Attacks, Asks Mac Users to Wait

These Invisible Characters Could Be Hidden Backdoors in Your JS Code

Researchers Show That Apple’s CSAM Scanning Can Be Fooled Easily

11/9/2021

State and Local Officials Celebrate Passage of Infrastructure Bill With $1 Billion in Cyber Funds

Iranian State Hackers ‘Lyceum’ Use Upgraded Malware in Attacks on ISPs, Telcos

Cash In, Fraud Out: Criminals Target Bitcoin ATMs as Crypto Popularity Surges

Auto-Sector Cybersecurity Group Expands to Europe Amid Rising Threats, New Regulation

Shotgun Targeting of Malware Attacks Will Be the Defining Infosec Theme of 2022, Reckons Sophos

McAfee Sold to Investor Group for $14B

Tor Browser 11 Removes v2 Onion URL Support, Adds New UI

Krebs: REvil Ransom Arrest, $6M Seizure, and $10M Reward
Indian Securities Depository Exposed 44 Million Investors’ Personal Info – Twice

Medical Software Firm Medatixx Urges Password Resets After Ransomware Attack

Clop Gang Exploiting SolarWinds Serv-U Flaw in Ransomware Attacks

TeamTNT Hackers Target Your Poorly Configured Docker Servers

Multiple BusyBox Security Bugs Threaten Embedded Linux Devices

Krebs: Microsoft Patch Tuesday, November 2021 Edition

Urges Exchange Admins to Patch Bug Exploited in the Wild

11/8/2021

Biden Takes Shot at Putin as He Touts REvil Ransom Seizure, New Criminal Cyberattack Cases

U.S. Seizes $6 Million in Ransom Payments and Charges Ukrainian Over Major Cyberattack

International Coalition Arrests Hackers Linked to Thousands of Ransomware Attacks

U.S. Sanctions Chatex Cryptoexchange Used by Ransomware Gangs

Hackers Have Breached Organizations in Defense and Other Sensitive Sectors, Security Firm Says

Zebra2104 Initial Access Broker Supports Rival Malware Gangs, APTs

Amnesty Says NSO’s Pegasus Used to Hack Phones of Palestinian Rights Workers

Anti-Israel Activists Publish Information of Israeli Security Officials

Passport Scammers Spoof Texas HSI

Chinese Spy Faces Decades in Jail After Conviction

Criminal Group Dismantled After Forcing Victims to Be Money Mules
Robinhood Discloses Data Breach Impacting 7 Million Customers

Nobody Lost Any Money

MediaMarkt Hit by Hive Ransomware, Initial $240 Million Ransom

Comics Distributor Diamond Hit by Ransomware Attack; Some Shipments Delayed

Fishing Gear Seller Angling Direct Hacked to Show Pornography

Maxim Healthcare Group Reports Data Breach

$55m Stolen From DeFi Lending Protocol bZx

Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit

Zoho Password Manager Flaw Torched by Godzilla Webshell

Sitecore XP RCE Flaw Patched Last Month Now Actively Exploited

Google Will Kill Chrome Sync Support on Chrome 48 and Earlier

11/5-7/2021

Lawmakers Call on Biden Administration to Take Further Steps Against Spyware Groups

Israeli Foreign Minister Distances Government From Blacklisted NSO Group

Senators Move to Include 72 Hour Timeline for Cyber Incident Reporting in Defense Bill

Native Tribal Casinos Taking Millions in Ransomware Losses

Cybersecurity Companies Are Raking in Millions. Many Don’t Turn Profits.

FBI Warns of Increased Use of Cryptocurrency ATMs, QR Codes for Fraud

Operation Cyclone Deals Blow to Clop Ransomware Operation

How InfoSec Should Use the Minimum Viable Secure Product Checklist
U.S. Defense Contractor Electronic Warfare Hit by Data Breach

Ransomware Attack on Nationwide Laboratory Services

946 UNC Patients’ Billing Info Potentially Exposed by Unauthorized Account Access

Ransomware Compromises Patient Information at Victory Health Partners (AL)

Proofpoint Phish Harvests Microsoft O365, Google Logins

Philips Healthcare Infomatics Solution Vulnerable to SQL Injection

Mozilla Thunderbird 91.3 Released to Fix High Impact Flaws

Pwn2Own: Printer Plays AC/DC, Samsung Galaxy S21 Hacked Twice

11/4/2021

Ukraine Links Members of Gamaredon Hacker Group to Russian FSB

Beijing Lashes USA’s China Telecom Ban – But Quite Gently

Top DOJ Official Predicting More Arrests in Crackdown on Ransomware, Cyber Crime

Industry Pushes Back on Federal, Congressional Cybersecurity Mandate Efforts

UK Labour Party Blames Breach of Members’ Data on Third-Party Cyberattack

Krebs: ‘Tis the Season for the Wayward Package Phish

Amazon Spoofed in New Attack

Call Center Scammers Using Justin Bieber Tickets, the Weeknd Concerts and Fake Gun Purchases to Spread Malware

Phishing Emails Deliver Spooky Zombie-Themed MirCop Ransomware

Why Ransomware Attackers Are Moving Towards Insider Attacks and What To Do About It

State Dept. Offering $10 Million Reward to Bring Colonial Pipeline Hackers to Justice
Iranian Hacking Group BlackShadow Leaks Patient and LGBTQ Info

Crypto Investors Lose $500,000 to Google Ads Pushing Fake Wallets

Lockean Multi-Ransomware Affiliates Linked to Attacks on French Orgs

Behavioral Health Services Business Seneca Family of Agencies (CA) Possibly Exposed Personal Data

Popular ‘coa’ NPM Library Hijacked to Steal User Passwords

Microsoft Exchange ProxyShell Exploits Used to Deploy Babuk Ransomware

Critical Linux Kernel Bug Allows Remote Takeover

Code Compiled to WebAssembly May Lack Standard Security Defenses

Cisco Fixes Hard-Coded Credentials and Default SSH Key Issues

CISA Urges Vendors to Patch BrakTooth Bugs After Exploits Release

Samsung Galaxy S21 Hacked on Second Day of Pwn2Own Austin

11/3/2021

NSO Group: Israeli Spyware Company Added to U.S. Trade Blacklist

Three Others

Top Cyber Official Reports ‘Decrease’ in Russian Cyberattacks Against U.S. Groups

Report: BlackMatter Ransomware Gang Goes Dark, Again

BlackMatter Ransomware Moves Victims to LockBit After Shutdown

Private Sector Urged to Review New Government Cyber Directive

Federal Agencies Ordered to Patch Hundreds of Vulnerabilities

Student Loans Company Dismissals Highlight Insider Risk

Alleged Twitter Hacker ‘PlugWalkJoe’ Charged With Theft of $784k in Crypto via Sim Swaps
Labour Party Members’ Data Hit by Cyber Incident

Greek Shipowners Cyber Tricked Over Halloween Weekend

Calgary Real Estate Developer Ronmor Holdings (Ronmor Developers) Hit by Ransomware

Beware: Free Discord Nitro Phishing Targets Steam Gamers

Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign

‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks

Sonos, HP, and Canon Devices Hacked at Pwn2Own Austin 2021

11/2/2021

Krebs: The ‘Groove’ Ransomware Gang Was a Hoax

Squid Game Crypto Scammers Rips Off Investors for Millions

Third Stimulus Checks Still Available — And Scammers Are on the Prowl

Ransomware Gangs Target Corporate Financial Activities

Phishing Attacks Are Harder to Spot on Your Smartphone: That’s Why Hackers Are Using Them More

Cybersecurity Awareness Must Extend Beyond the “Month”

FTC’s Effort to Strengthen Online Privacy Protections Faces Hurdles

Facebook Deletes 1 Billion Faceprints in Face Recognition Shutdown

China Says It Applied to Join Digital Free Trade Deal Days After Proposing Law Against Cross-Border Data Flow

Bowser Pleads Guilty, Ordered to Pay $4.5m to Nintendo
National Bank of Pakistan (NBP) System Restored After Cyber Attack

Viverant Physical Therapy (MI) Data Breach Impacts More Than 6,500 Patients

Toledo Lucas County (OH) Public Library Experiencing Targeted Cybersecurity Attack

Cybercriminals Sell Access to International Shipping, Logistics Giants

Hackers Exploiting GitLab Unauthenticated RCE Flaw in the Wild

Android Patches Actively Exploited Zero-Day Kernel Bug

MITRE Shares List of Most Dangerous Hardware Weaknesses

Microsoft Announces New Endpoint Security Solution for SMBs

11/1/2021

Krebs: ‘Trojan Source’ Bug Threatens the Security of All Code

Officials on Alert for Cyber Threats Ahead of Election Day

Facebook Targets Nicaraguan Government for Alleged ‘Troll Farm’ Campaign

Signal Now Lets You Report and Block Spam Messages

Venmo to Reimburse Hacking Victims

Microsoft Defender for Windows Is Getting a Massive Overhaul

Cyber Attack Preparation Is A Team Sport

Understanding the Human Communications Attack Surface

Your Passwords Could Be On the Dark Web: How to See What Leaked After a Data Breach

The Demise of White House Market Will Shake Up the Dark Web
BlackShadow Hackers Breach Israeli Hosting Firm Cyberserve and Extort Customers

Canadian Province of Newfoundland and Labrador Health Care System Disrupted by Cyberattack

Nonprofit Community Medical Centers (CA) Reports Data Breach

Ransomware Attack Targets Las Vegas Cancer Center Patients’ Personal Information

South Korean Shipbuilder Daewoo Shipbuilding & Marine Engineering (DSME) Confirms New Possible Cyber Attack

Cyber-Incident at Colleton County School District (SC)

FBI: HelloKitty Ransomware Adds DDoS Attacks to Extortion Tactics

Kaspersky’s Stolen Amazon Ses Token Used in Office 365 Phishing

Researchers Uncover ‘Pink’ Botnet Malware That Infected Over 1.6 Million Devices

Critical Flaws Uncovered in Pentaho Business Analytics Software