12/30/2021

2021: Tech’s Big Year

An Amazon Lawsuit Encounters a Big Snag: A Judge With a Conflict of Interest

Confusing Data Breach in Rhode Island Leads to AG Investigation

In the Fight Against Cybercrime, Takedowns Are Only Temporary

Twitter Account of FBI’s Fake Chat App, ANOM Seen Trolling Today

Have I Been Pwned Adds 441k Accounts Stolen by Redline Malware
Kyoto University Loses 77TB of Research Data Due to Backup Error

Cyberattack Cripples Norway’s Amedia

Sega Narrowly Avoids Huge Data Breach, Thanks to Security Firm

Pick N Pay Denies Customer Data Was Exposed Online Despite ‘Glitch’

New iLOBleed Rootkit Targeting HP Enterprise Servers with Data Wiping Attacks

Firmware Attack Can Drop Persistent Malware in Hidden SSD Area

12/29/2021

Cyber Agency Warns of Increased Threats to Manufacturing Groups During Pandemic

Hackers Are Getting Better and Better at Defeating Your 2FA Security

One in Five Aged Domains Is Malicious, Risky, or Unsafe

Ransomware Gang AvosLocker Coughs up Decryptor After Realizing They Hit the Police

5 Cybersecurity Trends to Watch in 2022

6 Things in Cybersecurity We Didn’t Know Last Year

Happy 12th Birthday, KrebsOnSecurity.com!
China-Based ‘Aquatic Panda’ Infiltrated Academic Institution Through Log4j Vuln

Fintech Firm ONUS Hit by Log4j Hack Refuses to Pay $5 Million Ransom

Microsoft Defender Log4j Scanner Triggers False Positive Alerts

LastPass Says No Passwords Were Compromised Following Breach Scare

Cryptomining Attack Exploits Docker API Misconfiguration Since 2019

Polygon Justifies Its Quiet Hard-Fork Citing ‘Critical Vulnerability’

12/28/2021

Log4j 2.17.1 Out Now, Fixes New Remote Code Execution Bug

Biden Signs NDAA Relying on Voluntary Private-Sector Cybersecurity Collaboration

Congress Zooms in on Cybersecurity After Banner Year of Attacks

Washington Grapples With How to Expand Crypto Oversight

In 2022, Cybersecurity Will Be Linux and Other Open-Source Developers Real Job Number One

A Year in Microsoft Bugs: The Most Critical, Overlooked & Hard to Patch

RedLine Malware Shows Why Passwords Shouldn’t Be Saved in Browsers

LastPass Users Warned Their Master Passwords Are Compromised
T-Mobile Reportedly Suffers Another, Smaller Data Breach

Mon Health (WV) Reports Email Phishing Incident, Potential Data Breach

Security Breach at Duneland School Corp (IN)

Most of CompuGroup Medical’s Systems Back Online After Ransomware Attack

New Info States Pro Wrestling Tees Data Breach Occurred In April, Affected 31,000 People

New Flagpro Malware Linked to Chinese State-Backed Hackers ‘BlackTech’ APT

Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers

Riskware Android Streaming Apps Found on Samsung’s Galaxy Store

12/24-26/2021

Multiple Log4j Scanners Released by CISA, CrowdStrike

Faking a COVID-19 Vaccine Card in New York Can Now Get You a Year in Jail

Dridex Omicron Phishing Taunts With Funeral Helpline Number

From Airport WiFi to ‘Juice Jacking’: 7 Ways to Protect Your Data When Traveling

Russia Fines Google $100m Over “Illegal” Content

How to Avoid Falling Into China’s ‘Data Trap’
Global IT Services Provider Inetum Hit by Ransomware Attack

Android Banking Trojan Targeting Brazil’s Itaú Unibanco Spreads via Fake Google Play Store Page

Rook Ransomware Is Yet Another Spawn of the Leaked Babuk Code

Jackson Public Schools (MS) Ups Cybersecurity After 2020 Hacker Attack

Worst Hacks of 2021

BlackMagic Fixes Critical DaVinci Resolve Code Execution Flaws

12/23/2021

White House National Security Adviser Asks Software Companies to Discuss Cybersecurity

Consumers Warned of Surging Delivery Text Scams Ahead of Christmas

‘Spider-Man: No Way Home’ Download Installs Cryptominer

Phishing Victim Can’t Claim $5 Million Loss for Money It Never ‘Held’

Texas Man Convicted for BEC Scam on Idaho School District

Russian Hacker’s $1.7M Restitution Order Overturned

Russian Social Media Platform VK Introduces 2FA and Plans to Make It Mandatory in 2022

7 of the Most Impactful Cybersecurity Incidents of 2021
Albanian Prime Minister Apologizes Over Database Leak

Telegram Abused to Steal Crypto-Wallet Credentials

Phishing Campaign Targets CoinSpot Cryptoexchange 2FA Code

Stealthy BLISTER Malware Slips in Unnoticed on Windows Systems

AvosLocker Ransomware Reboots in Safe Mode to Bypass Security Tools

Fisher Price’s Bluetooth Reboot of Pre-school Play Phone Has Adult Privacy Flaw

Apple Fixes macOS Security Flaw Behind Gatekeeper Bypass

12/22/2021

VP Harris Calls for ‘Cyber Doctrine’ to Address Increasing Attacks

Five Eyes Nations Warn of Cyber Threats From Apache Log4j Vulnerability

NVIDIA Discloses Applications Impacted by Log4j Vulnerability

Log4j Flaw: Attackers Are ‘Actively Scanning Networks’ Warns New CISA Guidance

Log4j Reveals Cybersecurity’s Dirty Little Secret

China Suspends Cloud Deal With Alibaba for Not Sharing Log4j 0-Day First With the Government

UK Cybercrime Cops Arrest NHS Workers

Rideshare Account Hacker Faces up to 22 Years in Prison

Honeypot Experiment Reveals What Hackers Want From IoT Devices
BEC Attack on Monongalia Health (WV) System

Ubisoft Reveals Player Data Breach Came from User Error

NJ Volunteer EMS Agency Says Patient Data Was Breached

Dridex Malware Trolls Employees With Fake Job Termination Emails

Microsoft Azure App Service Flaw Exposed Customer Source Code

Microsoft Teams Bug Allowing Phishing Unpatched Since March

Opera Browser Working on Clipboard Anti-hijacking Feature

12/21/2021

A UAE Agency Put Pegasus Spyware on Phone of Jamal Khashoggi’s Wife Months Before His Murder, New Forensics Show

Polish Opposition Duo Roman Giertych and Ewa Wrzosek Hacked With NSO Group Pegasus Spyware

DHS Expands Bug Bounty Program to Encourage Hunting Down Apache Log4j Vulnerability

Java Code Repository Riddled with Hidden Log4j Bugs; Here’s Where to Look

We’re Starting to See a National Response to Ransomware, Says Mandiant CEO

This Security Researcher Fooled an At-Home COVID-19 Test Using a Bluetooth Hack

Threat Actors Steal $80 Million per Month With Fake Giveaways, Surveys

U.S. Returns $154 Million in Bitcoins Stolen by Sony Employee

2Easy Now a Significant Dark Web Marketplace for Stolen Data

Prominent Harvard Professor Charles Lieber Found Guilty of Lying About China Ties
City of Denver Hit By Cyber Attack Targeting Kronos

Saskatoon Airport Computer System Hit by a Cyber Attack

Ghana NSS Allegedly Hit by Data Breach as 700,000 People’s Documents Leak Online

Scammers Steal $150k Worth of Crypto From NFT Project Fractal With Discord Hack

PYSA Ransomware Behind Most Double Extortion Attacks in November

800k WordPress Sites Still Impacted by Critical SEO Plugin Flaw

Secret Backdoors Found in German-made Auerswald VoIP System

Garrett Walk-Through Metal Detectors Can Be Remotely Manipulated

Windows 10 21H2 Adds Ransomware Protection to Security Baseline

12/20/2021

Belgian Defense Ministry Hacked by Attackers Exploiting Apache Log4j Vulnerability

Log4j Vulnerability Now Used to Install Dridex Banking Malware

2021: The Year Hackers Went Wild and Changed Everything

Phishing Attacks Impersonate Pfizer in Fake Requests for Quotation

UK Donates 225 Million Stolen Passwords to Hack-Checking Site Have I Been Pwned 

Robocalls More Than Doubled in 2021, Cost Victims $30B

Google & Meta to Protect Data on Undersea Cable

Meta Sues People Behind Facebook and Instagram Phishing

Justice Department Indicts Russian Hacker for Allegedly Participating in Trading Scheme
Cyber-Attack Impacts Aussie Companies

Clop Ransomware Gang Publish Confidential UK Police Data on the Dark Web

Police National Computer Not Pwned by Clop Ransomware Crims, Insists Home Office

Texas Ear, Nose and Throat Specialists (Texas ENT) Alerts 535,000 Patients to Data Breach

Capital Region Medical Center (MO) Reports System-Wide Network Outage

Industrial Construction Company Basil Read Hit by Ransomware Attack

FBI: State Hackers Exploiting New Zoho Zero-Day Since October

New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G

Microsoft Warns of Easy Windows Domain Takeover via Active Directory Bugs

12/17-19/2021

Federal Agencies Ordered to Immediately Patch Systems Against Apache Vulnerability

Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability

Buckle Up for More Log4j Madness

Security Firm Blumira Discovers Major New Log4j Attack Vector

TellYouThePass Ransomware Revived in Linux, Windows Log4j Attacks

Conti Ransomware Uses Log4j Bug to Hack VMware vCenter Servers

CISA Urges VMware Admins to Patch Critical Flaw in Workspace ONE UEM

U.S. Distrust of Huawei Linked in Part to Malicious Software Update in 2012

Backdoor Gives Hackers Complete Control Over Unnamed Federal Agency Network

Neuberger: Change Your Passwords Now
Western Digital Warns Customers to Update Their My Cloud Devices

Grim Finance Targeted by ‘Advanced’ Hack; Losses of Over $30 Million

Credit Card Info of 1.8 Million People Stolen From Sports Gear Sites

Pro Wrestling Tees Owner Confirms Data Breach, Provides Details in Press Release

Cyberattack on Payroll Provider Kronos Sets Off Scramble Ahead of Holidays

Logistics Giant Hellmann Worldwide Warns of BEC Emails Following Ransomware Attack

Meta Says 50,000 Facebook Users May Have Been Spied on by Private Surveillance Firms

Spider-Man Movie Release Frenzy Bites Fans with Credit-Card Harvesting

Malicious Joker App Scores Half-Million Downloads on Google Play

12/16/2021

Log4j Flaw: This New Threat Is Going to Affect Cybersecurity for a Long Time

Officials Point to Apache Vulnerability in Urging Passage of Cyber Incident Reporting Bill

U.S. Concerns Grow Over Potential Russian Cyber Targeting of Ukraine Amid Troop Buildup on Border

Russia Proposes Holding Collective Cybersecurity Talks With EU

Prominent Egyptian Opposition Activist’s Phone Hacked – Watchdog

Google Calendar Now Lets You Block Invitation Phishing Attempts

Hive Ransomware Enters Big League With Hundreds Breached in Four Months

Meta Bans Surveillance-For-Hire Firms for Targeting FB Users

Japan Draws a LINE: Web Giants Must Reveal Where They Store User Data

France Orders Clearview AI to Delete Data

Krebs: NY Man Pleads Guilty in $20 Million SIM Swap Theft

Firefox Users Can’t Reach Microsoft.com — Here’s What to Do
Log4j Attackers Switch to Injecting Monero Miners via RMI

Microsoft: Khonsari Ransomware Hits Self-Hosted Minecraft Servers

McMenamins Breweries Hit by a Conti Ransomware Attack

Gumtree Classifieds Site Leaked Personal Info via the F12 Key

Sennheiser Exposed 28,000 Customers’ Data Online 

‘Tropic Trooper’ Reemerges as ‘Earth Centaur’ to Target Transportation Outfits

‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems

Phorpiex Botnet Returns With New Tricks Making It Harder to Disrupt

‘DarkWatchman’ RAT Shows Evolution in Fileless Malware

Researchers Uncover New Coexistence Attacks On Wi-Fi and Bluetooth Chips

Lenovo Laptops Vulnerable to Bug Allowing Admin Privileges

12/15/2021

Google Warns That NSO Hacking Is On Par With Elite Nation-State Spies

CISA Warns Critical Infrastructure to Stay Vigilant for Ongoing Threats

Inside the UK Government’s Secret Data Room

Zoom Joins Counterterrorism Tech Group

Facebook to Pay Hackers for Reporting Data Scraping Bugs & Scraped Datasets

Large-Scale Phishing Study Shows Who Bites the Bait More Often

CoinMarketCap Suffers a Seeming Hack, Falsely Driving Crypto Prices to Tens of Billions
Hackers Backed by China Seen Exploiting Log4J Security Flaw in Internet Software

Iran Also Among Those Exploiting Apache Cyber Vulnerability, Researchers Say

Global Fight Against Log4j Vulnerability Relies on Apache Volunteers

Apache’s Fix for Log4Shell Can Lead to DoS Attacks

State-Sponsored Hackers Abuse Slack API to Steal Airline Data

Emotet Starts Dropping Cobalt Strike Again for Faster Attacks

Sites Hacked With Credit Card Stealers Undetected for Months

12/14/2021

DHS Announces Bug Bounty Program to Hunt Down Cyber Vulnerabilities

USPS Secretly Built & Tested Mobile Voting System Before 2020

Hackers Launch Over 840,000 Attacks Through Log4J Flaw

Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware

Second Log4j Vulnerability Discovered, Patch Already Released

Log4j: List of Vulnerable Products and Vendor Advisories

CISA Orders Federal Agencies to Patch Log4Shell by December 24th

‘Seedworm’ Attackers Target Telcos in Asia, Middle East

Microsoft Rolls Out End-To-End Encryption for Teams Calls

Popular Password Manager LastPass to be Spun Out From LogMeIn

Krebs: Inside Ireland’s Public Healthcare Ransomware Scare
Hackers Steal $140 Million From Users of Crypto Gaming Company VulcanForge

Cyberattack on BHG Opioid Treatment Network Disrupts Patient Care

George Washington University Cyberattack During Finals Upends Law Students’ Study Plans

Superior Plus Hit by Ransomware Attack

Honolulu Board of Water Supply, Emergency Medical Services Report Attacks on Employee Data

After Cyber Attack, Maryland Department of Health Website Still Missing COVID Metrics

400 Banks’ Customers Targeted with Anubis Trojan

New PS4 Homebrew Exploit Points to Similar PS5 Hacks to Come

Hackers Steal Microsoft Exchange Credentials Using IIS Module

Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit

Microsoft Fixes Windows AppX Installer Zero-Day Used by Emotet

Krebs: Microsoft Patch Tuesday, December 2021 Edition

12/13/2021

Hackers Start Pushing Malware in Worldwide Log4Shell Attacks

Log4Shell Flaw Prompts 100 Hack Attacks a Minute, Check Point Says

Log4Shell Is Spawning Even Nastier Mutations

Log4j Software Vulnerability Expected to Persist, Possibly for Months

Bugs in Billions of WiFi, Bluetooth Chips Allow Password, Data Theft

Hackers Target India’s Prime Minister Twitter Account with Fake Bitcoin Message

Romanian Ransomware Suspect Arrested Over Attacks on ‘High-Profile’ Organisations

Ex-NFL Player Joshua Bellamy Gets Three Years for #COVID19 Fraud

Ukraine Arrests 51 for Selling Data of 300 Million People in U.S., EU

CSAM Found on LSU Professor’s Computer
The State of U.S. Cybersecurity a Year After the SolarWinds Hack

Kronos Ransomware Outage Drives Widespread Payroll Chaos

Timekeeping Biz Kronos Hit by Ransomware and Warns Customers to Engage Biz Continuity Plans

Virginia Assembly IT Agency Hit With Ransomware Attack

TinyNuke Info-Stealing Malware Is Again Attacking French Users

Phishing Campaign Uses PowerPoint Macros to Drop Agent Tesla

Malicious PyPI Code Packages Rack Up Thousands of Downloads

Attackers Can Get Root by Crashing Ubuntu’s AccountsService

Telehealth Platform Doxy.me Fixing Issue That Exposed Patient Data

Google Pushes Emergency Chrome Update to Fix Zero-Day Used in Attacks

Dell Driver Fix Still Allows Windows Kernel-Level Attacks

12/10-12/2021

Officials, Experts Sound the Alarm About Critical Cyber Vulnerability

Press for Actionable Recommendations From New Cyber Advisory Committee

‘Karakurt’ Extortion Threat Emerges, But Says No to Ransomware

‘Appalling’ Riot Games Job Fraud Takes Aim at Wallets

Phishing Attacks Use QR Codes to Steal Banking Credentials

FTC: Americans lost $148 million to gift card scams this year

Australian Gov’t Raises Alarm Over Conti Ransomware Attacks

Irish Health Cyber-Attack Could Have Been Even Worse, Report Says

Happened After One Staffer Opened Malware-Ridden Email

C-Suite’s Biggest Ransomware Fear: Post-attack Regulatory Sanctions

Bitcoin Mining Has Totally Recovered From Chinese Ban

UK Court Paves Way for Julian Assange’s Extradition to the U.S.
Volvo Hit by Cyber-thieves, R&D Stolen

Brazilian Ministry of Health Suffers Cyberattack and COVID-19 Vaccination Data Vanishes

Crypto Exchange AscendEX Suspends Services After $77 Million Hack

Data Breach Impacts 80,000 South Australian Gov’t Employees

Sprawling Active Attack Aims to Take Over 1.6M WordPress Sites

Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack

‘Enterprise Nightmare’

Minecraft Rushes Out Patch for Critical Log4j Vulnerability

Researchers Release ‘Vaccine’ for Critical Log4Shell Vulnerability

Microsoft: These are the building blocks of QBot malware attacks

Mozilla Rolls Out GPC for All Firefox Users, but Enforcement Limited to Two States

Earlier Schreiber Cyber Attack Causes Cream Cheese Shortage as Christmas Nears

12/9/2021

U.S. to Tighten Restrictions on Exports of Malicious Cyber Tools

DARPA Announces SMOKE Program

Fueled by Pandemic Realities, Grinchbots Aggressively Surge in Activity

ALPHV Blackcat – This Year’s Most Sophisticated Ransomware

Fujitsu Pins Japanese Gov’t Data Breach on Stolen ProjectWEB Accounts

Amazon Fined $1.3 Billion in Italian Antitrust Case

A Third of You Slackers Out There Still Aren’t Using HTTPS by Default

Microsoft Previews New Endpoint Security Solution for SMBs

Kali Linux 2021.4 Released With 9 New Tools, Further Apple M1 Support
Cox Communications Discloses Data Breach After Hacker Impersonates Support Agent

Hellmann Worldwide Logistics Hit by Cyber Attack

Suspected Cyberattack Kicks Honolulu City Bus, Handi-Van Systems Offline

Butler County Community College (PA) Cooperating With FBI After Ransomware Attack

Bay Village High School (OH) Staff Member Retiring After Private Records Released for Entire Senior Class

Dark Mirai Botnet Targeting RCE on Popular TP-Link Router

Malicious Notepad++ Installers Push StrongPity Malware

How MikroTik Routers Became a Cybercriminal Target

Microsoft, Google OAuth Flaws Can Be Abused in Phishing Attacks

SanDisk SecureAccess Bug Allows Brute Forcing Vault Passwords

Windows ‘InstallerFileTakeOver’ Zero-Day Bug Gets Free Micropatch

12/8/2021

Beijing Reins In China’s Central Bank

Tor’s Main Site Blocked in Russia as Censorship Widens

Vietnamese ‘XE Group’ Exposed for Eight Years of Hacking, Credit Card Theft

Over 40 Million People Had Health Information Leaked This Year

Cybersecurity Can Pose a Risk in More Than One Way for Financial Advisors

Coinbase Customers Demand Refunds Over GYEN Stablecoin Glitch

Krebs: Canada Charges Its “Most Prolific Cybercriminal”

Amazon Is Shutting Down Web Ranking Site Alexa.com

Microsoft: Secured-Core Servers Help Prevent Ransomware Attacks
Israel’s National Insurance Institute Hacked in Dos Attack

Two Data Breaches at Sound Generations (WA) Senior Care Nonprofit Impact 103K

Emotet Now Drops Cobalt Strike, Fast Forwards Ransomware Attacks

Hackers Infect Random WordPress Plugins to Steal Credit Cards

Moobot Botnet Chews Up Hikvision Surveillance Systems

Malicious npm Code Packages Built for Hijacking Discord Servers

Critical SonicWall VPN Bugs Allow Complete Appliance Takeover

GraphQL API Authorization Flaw Found in Major B2B Financial Platform

12/7/2021

Language Requiring Companies to Report Cyberattacks Left Out of Defense Bill

Why Voluntary Approaches To Federal Cybersecurity Mandates Threaten Compliance

Google Sues Alleged Russian Cyber Criminals Behind Glupteba

Stop Ransomware Vaccine Released to Block Encryption

Twitter Bots Pose as Support Staff to Steal Your Cryptocurrency

Cryptominers Aren’t Just a Headache – They’re a Big Neon Sign That Bad Things Are on Your Network

Hackers Using Omicron, COVID-19 Phishing Emails to Target Universities

Why Companies Shouldn’t Shame Employees Who Fall for Hacking Scams

Bosses Are Reluctant to Spend Money on Cybersecurity: Then They Get Hacked

When Scammers Get Scammed, They Take It to Cybercrime Court

Canadian Man Arrested for Alleged Ransomware Healthcare Attacks

5G Brings Promise – And Risk: Why Security Is Critical as We Build Out the Mobile Networks of the Future
Disney+, Netflix, Slack Among Services Affected by Amazon Web Services Outage

CS Energy Hit by Chinese Cyberattack That Almost Cost 3M Homes Power

Nordic Choice Hotels Hit by Conti Ransomware, No Ransom Demand Yet

LINE Pay Leaks Around 133,000 Users’ Data to Github, of All Places

Pellissippi State (TN) Computer Network Brought Down After Suspected Ransomware Attack

Eldon Schools (MO) Closed After Cyber-Attack on District Computers

New Cerber Ransomware Targets Confluence and GitLab Servers

QNAP Warns Users of Bitcoin Miner Targeting Their NAS Devices

Vulnerabilities Found in GOautodial

Eltima SDK Contain Multiple Vulnerabilities Affecting Several Cloud Service Provides

Windows 10 Drive-By RCE Triggered by Default URI Handler

Grafana Fixes Zero-Day Vulnerability After Exploits Spread Over Twitter

12/6/2021

U.S. Military Has Acted Against Ransomware Groups, General Acknowledges

Microsoft Disrupts Chinese Hacking Group ‘Nickel’ (aka APT15) Targeting Organizations in Dozens of Countries

Israel Tightening Cyber Exports After Scandals

Criminal Hackers Are Now Going After Phone Lines, Too

SolarWinds Hackers Have a Whole Bag of New Tricks for Mass Compromise Attacks

France Warns of Nobelium Cyberspies Attacking French Orgs

Russian Hacking Group Uses New Stealthy Ceeloader Malware

Romance Fraudster Targeted 670 Women Online
Cyber-attack Closes UK SPAR Convenience Stores

Maryland Health Department Says There’s No Evidence of Data Lost After Cyberattack

Iranians Accused of Hacking St. Charles (MO) Computers to Mine Cryptocurrency

Gravatar Profile Add-on Leaks Data on Millions of Users

Apache Kafka Cloud Clusters Expose Sensitive Data for Large Companies

WhatsApp Adds Default Disappearing Messages for New Chats

12/3-5/2021

U.S. State Department Phones Were Hacked With NSO Group Pegasus Spyware

Federal Watchdog Warns Security of U.S. Infrastructure ‘In Jeopardy’ Without Action

Didi Hunts for Way to Delist in New York, Rocking Other Chinese ADRs

Researchers Detail How Pakistani Hackers Targeting Indian and Afghan Governments

FBI: Cuba Ransomware Group Hit 49 Critical Infrastructure Organizations

Planned Parenthood Breach Opens Patients to Follow-On Attacks

CO Utility Delta-Montrose Electric Loses Billing Ability and 2 Decades of Records After Attack

Krebs: Who Is the Network Access Broker ‘Babam’?

USB Devices the Common Denominator in All Attacks on Air-Gapped Systems

Convincing Microsoft Phishing Uses Fake Office 365 Spam Alerts

New Twitter Phishing Campaign Targets Verified Accounts
Crypto Exchange Bitmart Hacked With Losses Estimated at $196M

Celsius Network Confirms It Lost Money in the BadgerDAO DeFi Hack

Polish T-Mobile Unit Faces Cyber Attack, Systems Not Compromised

Riverhead School District (NY) Targeted in Cyber Attack

Fake Support Agents Call Victims to Install Android Banking Malware

Malicious KMSPico Installers Steal Your Cryptocurrency Wallets

Researchers Discover 14 New Data-Stealing Web Browser Attacks

Malicious Excel XLL Add-Ins Push Redline Password-Stealing Malware

Zoho: Patch New ManageEngine Bug Exploited in Attacks ASAP

UK Government Fined Over Honors List Data Breach

12/2/2021

U.S. to Lead Global Effort to Curb Authoritarians’ Access to Surveillance Tools

TSA Issues Directives to Rail Sector to Strengthen Cybersecurity

New UK Product Security Law Won’t Be Undercut by Rogue Traders Upping and Vanishing, Gov’t Boasts

Russian Internet Watchdog Announces Ban of Six More VPN Products

‘Double-Extortion’ Ransomware Damage Skyrockets 935%

Phishing Actors Start Exploiting the Omicron COVID-19 Variant

Phishing Scam Targets Military Families

Facebook Taking Steps to Secure Accounts of Activists, Journalists, Officials

Twitter Removes 3,400 Accounts Used in Gov’t Propaganda Campaigns
AT&T Takes Steps to Mitigate Botnet Found Inside Its Network

Ransomware Attack Hits French-Public School Board (ON)

New NginRAT Malware Hides as Legit Nginx Process on E-commerce Servers

Hackers Use In-House Zoho ServiceDesk Exploit to Drop Webshells

Researches Detail 17 Malicious Frameworks Used to Attack Air-Gapped Networks

Nine WiFi Routers Used by Millions Were Vulnerable to 226 Flaws

Navigating Cybersecurity Risks in International Trade

Krebs: Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach”

12/1/2021

House Passes Bipartisan Bills to Strengthen Networks Security, Cyber Literacy

Patchy Cyber Data Makes U.S. Policy Success Difficult to Gauge

CISA Names Big Tech, Financial Execs and Others to Cybersecurity Advisory Committee

CrowdStrike Chosen by CISA for Government Endpoint Security Initiative

Australia Set to Gain Ability to Sanction Cyber Attackers Under ‘Magnitsky-Style’ Law

State-Backed Hackers Increasingly Use RTF Injection for Phishing

Facebook, Instagram Remove Accounts Linked to Chinese COVID-19 Disinformation Efforts

Twitter Bans Users From Posting ‘Private Media’ Without a Person’s Consent

Widespread ‘Smishing’ Campaign Defrauds Iranian Android Users

Racy Affair Saga Between Jeff Bezos and Enquirer Reaches Final Chapter

Former Ubiquiti Dev Charged for Trying to Extort His Employer

Bulletproof Hosting Founder Imprisoned for Helping Cybercrime Gangs

Europol: 18k Money Mules Caught Laundering Money From Online Fraud
Planned Parenthood Los Angeles Says Hack Breached About 400,000 Patients’ Information

Den Hartog Industries (IA) Victim of Cyber Attack, 5315 Employees Compromised

Ransomware Attack Exposed Personal Info of John Hancock (IL) Unit Owners

Gale Healthcare Solutions (FL) Info Leak Exposes 170k Records

TriValley Primary Care (PA) Victim of Ransomware

Waikato DHB (NZ) Cyber Attack: Cancer Hub Out of Action in Chaotic Aftermath

Broward County Public Schools (FL) Reveal What Information Was Stolen in Earlier Breach

80K Retail WooCommerce Sites Exposed by Plugin XSS Bug

Malicious Android App Steals Malaysian Bank Credentials, MFA Codes

Emotet Now Spreads via Fake Adobe Windows App Installer Packages

Microsoft Exchange Servers Hacked to Deploy BlackByte Ransomware

Mozilla Fixes Critical Bug in Cross-Platform Cryptography Library

VirusTotal Collections Feature Helps Keep Neat IoC Lists