9/22/2022

NSA Accessed China’s Telecommunications Network, State Media Claims

The U.S. And Its Allies Are Joining Forces on Chips: That Could Stop China Reaching the Next Level

Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs

Cambodian Authorities Crack Down on Cyber Slavery Amid International Pressure

Russia-Based Hackers FIN11 Impersonate Zoom to Conduct Phishing Campaigns

Hacktivist Group From Bangladesh Launches Cyber Attack on Indian Government Websites

BlackCat Ransomware’s Data Exfiltration Tool Gets an Upgrade

Florida Asks Supreme Court to Consider Controversial Social Media Law

The Ungodly Surveillance of Anti-Porn ‘Shameware’ Apps

Morgan Stanley Fined $35m By SEC For Data Security Lapse
Optus Hit By Cyber-Attack, Breach Affects Nearly 10 Million Customers

TAP Air Portugal Hit by Cyber attack, Passenger Data Stolen

Wheat Ridge (CO) Won’t Cough up Millions in Ransomware Attack That Closed City Hall

Hackers Stealing GitHub Accounts Using Fake CircleCI Notifications

Microsoft Exchange Servers Hacked via OAuth Apps for Phishing

Malicious NPM Package Caught Mimicking Material Tailwind CSS Package

Critical Magento Vulnerability Targeted in New Surge of Attacks

CISA Warns of Critical ManageEngine RCE Bug Used in Attacks

NSA Shares Guidance to Help Secure OT/ICS Critical Infrastructure

9/21/2022

Shadowy Russian Cell Phone Companies Are Cropping Up in Ukraine

FBI: Iranian Hackers Lurked in Albania’s Gov’t Network for 14 Months

U.S. Adds 2 More Chinese Telecom Firms to National Security Threat List

Sen. King calls on Senate to pass the Cyber Diplomacy Act

DHS Rejects Plan to Protect Election Officials From Harassment as Midterms Loom

Okta: Credential Stuffing = 34% Of All Login Attempts

Twitter Failed to Log You Out of All Devices After Password Resets

Meta Quietly Reduces Staff in Cost-Cutting Push

Krebs: SIM Swapper Abducted, Beaten, Held for $200k Ransom

LockBit Ransomware Builder Leaked by “Angry Developer”

After Prison, Hackers Face Tech Restrictions, Limited Job Prospects
Hackers Hit Los Angeles Unified School District With Ransom Demand

Berry, Dunn, McNeil & Parker (ME) Breached After Employee Email Compromised

LinkedIn Smart Links Abused in Evasive Email Phishing Attacks

Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet

Domain Shadowing Becoming More Popular Among Cybercriminals

Unpatched 15-Year Old Python Bug Allows Code Execution in 350K Projects

Multiple Vulnerabilities Discovered in Dataprobe’s iBoot-PDUs

Windows 11 Gets Better Protection Against SMB Brute-Force Attacks

Malwarebytes Blocks Google, YouTube as Malware

Don’t Wait for a Mobile WannaCry: Attacks Against Phones & Tablets Increasing

9/20/2022

Companies Should Treat Cyber Threats as Core Business Risk, U.S. Cyber Official Says

Hackers Admit Destroying InterContinental Hotels Group’s Data ‘For Fun’

MFA Fatigue: Hackers’ New Favorite Tactic in High-Profile Breaches

Imperva Mitigated Long-Lasting, 25.3 Billion Request DDoS Attack

Beware of Phish: American Airlines, Revolut Data Breaches Expose Customer Info

How to Dodge New Ransomware Tactics

CFOs Should No Longer View Cybersecurity as Insurance

Microsoft Defender for Endpoint Will Turn On Tamper Protection by Default

Telegram Has a Serious Doxing Problem

Dozens of Civil Rights Groups Are Calling on Amazon and MGM to Cancel Ring Nation Reality Show

California Signs Internet Privacy Legislation to Boost Children’s Safety Online
2K Game Support Hacked to Email Redline Info-Stealing Malware

Targeted Players With Malware

Hive Ransomware Claims Attack on New York Racing Association

Kiwi Farms Has Been Breached; Assume Passwords, Emails & IP Addresses Have Been Leaked

Hacker Steals $160 Million From Crypto Trading Firm Wintermute

Cash Express Files Notice of Data Breach 

City Furniture (FL) Files Notice of Data Breach

South Redford School District (MI) Cancels Classes Following Cyberattack

Wolfe Clinic Eye Care Fallout Grows: 543K Patients Added to Breach Tally

Critical Vulnerability in Oracle Cloud Infrastructure Allowed Unauthorized Access

Windows 11 22H2 Adds Kernel Exploit Protection to Security Baseline

9/19/2022

Russian Sandworm Hackers Pose as Ukrainian Telcos to Drop Malware

Microsoft 365 Phishing Attacks Impersonate U.S. Gov’t Agencies

The Deep Roots of Nigeria’s Cybersecurity Problem

Microsoft Warns of Large-Scale Click Fraud Campaign Targeting Gamers

California Dems Follow Texas GOP Into Online Speech Battle

Indonesia Accuses Google of Abusing Monopoly

U.S. Treasury Plans to Ask Public if Crypto-Related Regulations Are ‘No Longer Fit for Purpose’

Partisan Asymmetries in Exposure to Misinformation
Uber Blames Lapsus$ Hacking Group for Security Breach Last Week

American Airlines Discloses Data Breach After Employee Email Compromise

Revolut Hack Exposes Data of 50,000 Users, Fuels New Phishing Wave

Lubbock Heart & Surgical Hospital Reports Data Breach Affecting 23,379 Patients

Ameriprise Financial (MN) Confirms the Company’s Fourth Data Breach of 2022

M.C. Dean Breach After Hackers Had Access to Company’s Computer Systems for 6 Months

VMware, Microsoft Warn of Widespread Chromeloader Malware Attacks

9/16-18/2022

DHS Rolls Out $1 Billion Investment in Cybersecurity for State and Local Governments

Allies Warn of Iranian Ransom Attacks Using Log4Shell

CISA Orders Agencies to Patch Vulnerability Used in Stuxnet Attacks

What Does a Doomsday Level Cyber Attack Look Like?

Can Reflections in Eyeglasses Actually Leak Info From Zoom Calls? Here’s a Study Into It

TeamTNT Hijacking Servers to Run Bitcoin Encryption Solvers

Fake Cryptocurrency Giveaway Sites Have Tripled This Year

Krebs: Botched Crypto Mugging Lands Three U.K. Men in Jail

Beloved Browser Extension Acquired by Non-beloved Antivirus Firm Avast

LastPass Says Hackers Had Internal Access for Four Days

Google, Microsoft Can Get Your Passwords via Web Browser’s Spellcheck

Highly Skilled Tech Workers Are Becoming a Rarity, and Companies Have Tough Decisions to Make

Bitdefender Releases Free Decryptor for LockerGoga Ransomware
Uber Investigating the Scope of a Breach of Its Computer Systems

Uber Claims No Sensitive Data Exposed in Latest Breach… But There’s More to This

Uber Hacker May Have Compromised Secret Bug Reports

Uber’s Hack Shows the Stubborn Power of Social Engineering

GTA 6 Source Code and Videos Leaked After Rockstar Games Hack

Empress Emergency Medical Services (NY) Discloses Data Breach After Ransomware Attack

Hacker Sells Stolen Starbucks Data of 219,000 Singapore Customers

Physicians’ Spine and Rehabilitation Specialists of Georgia Breached, Possible Ransomware

Suffolk County Documents Stolen in Cyberattack Posted on Dark Web

Emotet Botnet Now Pushes Quantum and BlackCat Ransomware

Researchers Find Link b/w PrivateLoader and Ruzki Pay-Per-Install Services

9/15/2022

Russian Gamaredon Hackers Target Ukrainian Government Using Info-Stealing Malware

Senate Confirms First-Ever Cyber Ambassador

Krebs: Say Hello to Crazy Thin ‘Deep Insert’ ATM Skimmers

YouTube Users Targeted By RedLine Self-Spreading Stealer Campaign

EU Proposes Strict Cybersecurity Rules for Digital-Product Makers

White House Announces Updates From Tech Companies to Combat Violent Extremism

English-Language Altenen Cybercrime Forum Admins Steal from Site Users

Malware on Pirated Content Sites a Major WFH Risk for Enterprises

Zoom Outage Left Users Unable to Sign In or Join Meetings
Webworm Hackers Using Modified RATs in Latest Cyber Espionage Attacks

Microsoft Edge’s News Feed Ads Abused for Tech Support Scams

Hackers Trojanize PuTTY SSH Client to Backdoor Media Company

Hack of Popular Parent-Teacher App Seesaw Left Users Open to Infamous Shock Image

Hive Ransomware Claims Cyberattack on Bell Canada Subsidiary

Laval City Shuts Down Online Services After ‘Targeted’ Cyber Attack

Akamai Stopped New Record-Breaking DDoS Attack in Europe

Notepad++ Plugins Allow Attackers to Infiltrate Systems, Achieve Persistence

9/14/2022

White House to Tech World: Promise You’ll Write Secure Code – Or Feds Won’t Use It

DOJ Indicts Iranians for Allegedly Hacking and Extorting U.S. Groups

The Twitter Whistleblower’s Testimony Has Senators Out for Blood

Death of Queen Elizabeth II Exploited to Steal Microsoft Credentials

SparklingGoblin APT Targeted Hong Kong University With New Linux Backdoor

Phishing Page Embeds Keylogger to Steal Passwords as You Type

EA’s New Anti-cheat Tools Dip Into the Dreaded “Kernel Mode”

Microsoft Teams Stores Auth Tokens as Cleartext in Windows, Linux, Macs

Self-Checkouts, IoT And The Rise Of Cyber Security Threats In Retail
Vulnerabilities Found in Airplane WiFi Devices, Passengers’ Data Exposed

Gay Hookup Site Typosquatted by 50 Domains to Push Dodgy Chrome Extensions

TIC International Corporation Reports Data Breach Following Conti Ransomware Attack

Researchers Detail OriginLogger RAT — Successor to Agent Tesla Malware

FBI: Hackers Steal Millions From Healthcare Payment Processors

New Lenovo BIOS Updates Fix Security Bugs in Hundreds of Models

Krebs: Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday

CISA Orders Agencies to Patch Windows, iOS Bugs Used in Attacks

To Ease the Cybersecurity Worker Shortage, Broaden the Candidate Pipeline

9/13/2022

Twitter ‘Lacked the Ability to Hunt for Foreign Intelligence Agents,’ Says Whistleblower

‘Misled The Public’

Iranian Hackers Launch Renewed Attack on Albania, Taking Border Control Systems Offline

Iranian Hackers Target High-Value Targets in Nuclear Security and Genomic Research

U.S. Broadens International Efforts to Pursue Hackers

GPS Jammers Are Being Used to Hijack Trucks and Down Drones: How to Stop Them

Top Election Security Official Warns of Election Workforce Problems: 1 in 3 Have Left Posts

Tax Fraud Leader Jailed for Selling Children’s Identities

Police Arrest Man for Laundering Tens of Millions in Stolen Crypto
ShadowPad-Associated Hackers Targeted Asian Governments

Napa Valley College Alerts 8,000 About Possible Data Breach

Hackers Steal Steam Credentials With ‘Browser-in-the-Browser’ Technique

New PsExec Spinoff Lets Hackers Bypass Network Security Defenses

Trend Micro Warns of Actively Exploited Apex One RCE Vulnerability

Zero-day in WPGateway WordPress Plugin Actively Exploited in Attacks

Microsoft September 2022 Patch Tuesday Fixes Zero-Day Used in Attacks, 63 Flaws

Apple Will Let You Roll Back the iPhone’s Security Patches

9/12/2022

Hacktivist Group GhostSec Compromises 55 Berghof PLCs Across Israel

Lorenz Ransomware Breaches Corporate Network via Phone Systems

iOS 16 Has 2 New Security Features for Worst-Case Scenarios

Security Pros Get Ability to Manually Add Incidents to Microsoft Sentinel

Google Now Owns Mandiant, the Firm That Found SolarWinds

G-7 Privacy Regulators Aim To Ease Turbulent International Data Flows

Romanian & UK Cops Raid Suspected Fraudster Penthouses in Bucharest

HP Will Pay Customers for Blocking Non-HP Ink Cartridges in EU

Cybersecurity Firm Fortanix Secures Capital to Provide Confidential Computing Services
Hackers Compromise Employee Data at PVC-Maker Eurocell

U-Haul Discloses Data Breach Exposing Customer Driver Licenses

OakBend Medical Center (TX) Hit by Ransomware

Suffolk County (NY) Government Investigates Possible Cyber Intrusion

Cisco Confirms Yanluowang Ransomware Leaked Stolen Company Data

New Attack Can Unlock and Start a Tesla Model Y in Seconds, Say Researchers

Oxeye Discovers Several High Severity IDOR Vulnerabilities in Harbor

Apple Fixes Eighth Zero-Day Used to Hack iPhones and Macs This Year

VMware: 70% Drop in Linux ESXi VM Performance with Retbleed Fixes

9/9-11/2022

U.S. Treasury Sanctions Iran’s Intelligence Ministry for Alleged Cyberattack on Albania

Coinbase Bankrolls Lawsuit Against Treasury Department Following Tornado Cash Sanctions

Ransomware Gangs Switching to New Intermittent Encryption Tactic

Krebs: Transacting in Person with Strangers from the Internet

Uber Exec Accused of Disguising Data-Breach Extortion as “Bug Bounty”

Microsoft, Cloud Providers Move to Ban Basic Authentication

Cybersecurity Expert: Even if You Debunk It, People Believe the Deepfake
Vice Society Claims LAUSD Ransomware Attack, Theft of 500GB of Data

LA School District Was Warned of Ransomware Threat Before Recent Shutdown

Holiday Inn Online Bookings Tank After Suspected Ransomware Attack: Franchisees

Wilson’s Gun Shop (AR) Announces Data Breach

Lampion Malware Returns in Phishing Attacks Abusing WeTransfer

Attackers Exploit Zero-Day WordPress Plug-in Vulnerability in BackupBuddy

Firmware Bugs in Many HP Computer Models Left Unfixed for Over a Year

9/8/2022

North Korean Lazarus Hackers Take Aim at U.S. Energy Providers

Classified NATO Documents Stolen From Portugal, Now Sold on Darkweb

Ransomware Campaigns Linked to Iranian Gov’t DEV-0270 Hackers

This Clever Anti-Censorship Tool Lets Russians Read Blocked News

80%+ Of the Top Sites Leak User Searches to Advertisers

U.S. Recovers $30 Million Stolen From Axie Infinity by Lazarus Hackers

Draft EU Rules Target Smart Devices With Security Risks

Why Companies Need to Think About Cyber Resilience, Not Just Cybersecurity
Savannah College of Art and Design Data Compromised After Ransomware Attack

CBC Group (AZ) Data Breach Compromises Consumer SSNs

Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections

GIFShell Attack Creates Reverse Shell Using Microsoft Teams GIFs

New Vulnerabilities Reported in Baxter’s Internet-Connected Infusion Pumps

CISA Orders Agencies to Patch Chrome, D-Link Flaws Used in Attacks

Google Urges Open Source Community to Fuzz Test Code

Vulnerability Exploits, Not Phishing, Are the Top Vector for Initial Compromise

9/7/2022

Former Conti Ransomware Gang Members Helped Target Ukraine, Google Says

Ukraine Dismantles More Bot Farms Spreading Russian Disinformation

Ransomware Gang’s Cobalt Strike Servers DDoSed With Anti-Russia Messages

Japan Government Websites Hit By Cyber-Attacks, Killnet Suspected

Mandiant Links APT42 to Iranian ‘Terrorist Org’

Albania Severs Diplomatic Ties With Iran Over Cyber-Attack

U.S. Condemns ‘Unprecedented’ Attack

Apple’s Killing the Password: What You Need to Know

Ring Finally Brings End-To-End Encryption to Its Flagship Battery Powered Video Doorbells

CISA to Hold Meetings to Flesh Out Cyber-Incident Reporting Rules
200,000 North Face Accounts Hacked in Credential Stuffing Attack

Radiant Logistics (WA) Data Breach May Have Stemmed from Ransomware Incident

Genesis Health Care (PA) Reports Data Breach Following Period of Unauthorized Access

North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns

‘DangerousSavanna’ Hackers Targeted Financial Institutions in Africa For Two Years

New Stealthy Shikitega Malware Targeting Linux Systems and IoT Devices

HP Fixes Severe Bug in Pre-installed Support Assistant Tool

Cisco Won’t Fix Authentication Bypass Zero-Day in EoL Routers

NHTSA Updates Cybersecurity Guidelines for New Cars to Guard Against Hackers

9/6/2022

Biden Administration Unveils Plan For Bolstering Semiconductor Production

How Critical U.S. Sectors Are Coping With Rising Cyberattacks

FBI Warns of Vice Society Ransomware Attacks on School Districts

Half of Firms Report Supply Chain Ransomware Compromise

Israel Defence Minister’s Cleaner Jailed for Trying to Spy for Iran-Linked Hackers

It’s Time to Get Real About TikTok’s Risks

Minecraft Is Hackers’ Favorite Game Title for Hiding Malware

Meta Fined $400M in Ireland for Children’s Privacy Breach

U.S. Seizes WT1SHOP Market Selling Credit Cards, Credentials, and IDs

Cybersecurity Startup Funding Highlights Competing Market Forces
Los Angeles Unified School District Hit by Cyberattack

FBI, DHS Join Probe

London’s Biggest Bus Operator Go-Ahead Hit by Cyber “Incident”

Cyberattack Brings Down InterContinental Hotels’ Booking Systems

Gateway Diagnostic Imaging (TX) Data Breach Impacts SSNs &Health Info

Worok Hackers Target High-Profile Asian Companies and Governments

TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks

Moobot Botnet Is Coming for Your Unpatched D-Link Router

New Linux Malware Evades Detection Using Multi-Stage Deployment

Zyxel Releases New NAS Firmware to Fix Critical RCE Vulnerability

9/5/2022

China Says U.S. Hacked Aeronautics, Space Research University Northwestern Polytechnical in Escalating War of Words

Crypto: Actor Bill Murray Hacked

EvilProxy Phishing Toolkit Spotted on Dark Web Forums

Interpol Dismantles Sextortion Ring, Warns of More Attacks
TikTok Denies Reports That It’s Been Hacked After ‘AgainstTheWest’ Claims It Exposed Source Code and User Data

KeyBank’s Customer Information Stolen By Hackers in July Via Third-party Provider Overby-Seawell

QNAP Patches Zero-Day Used in New Deadbolt Ransomware Attacks

9/2-4/2022

IRS Says It Exposed Some Confidential Taxpayer Data on Website

Police Across US Bypass Warrants With Mass Location-Tracking Tool

Google, YouTube Ban Election Trolls Ahead of U.S. Midterms

Hackers Caused a Massive Traffic Jam in Moscow Using a Ride-Hailing App

Krebs: Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire

Dev Backdoors Own Prynt Stealer Malware to Steal Data From Other Hackers

Malware Dev Open-Sources CodeRAT After Being Exposed

Navigating The Cybersecurity Funding Landscape

The Makings of a Successful Threat-Hunting Program: What it Takes

Hoxhunt Primed to Spread Gamified Phishing Awareness in the Enterprise

Coro CEO Guy Moskowitz Plans to Take an Enterprise-Grade Security Capability to the SMB Market
Samsung Says July Data Breach Revealed Some Customers’ Names, Birthdays, and More

Damart Clothing Store Hit by Hive Ransomware, $2 Million Demanded

BlackCat Ransomware Claims Attack on Italian Energy Agency

Hack Shuts Down Internet for Thousands Across Bardstown (KY)

San Francisco 49ers: Blackbyte Ransomware Gang Stole Info of 20K People

Black Knight (FL) Leaked Social Security Numbers Following Data Breach

JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users

SharkBot Malware Sneaks Back on Google Play to Steal Your Logins

Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability

Microsoft Defender Falsely Detects Win32/Hive.ZY in Google Chrome, Electron Apps

9/1/2022

Montenegro Attack Hackers Demand $10 Million

Ragnar Locker Ransomware Targets Energy Sector, Cybereason Suggests

NSA and CISA Share Tips to Secure the Software Supply Chain

Thousands Lured With Blue Badges in Instagram Phishing Attack

The U.S. May Soon Learn What a ‘Kid-Friendly’ Internet Looks Like

Dark Web Of Cybersecurity Concerns Rising With Gig Economy

Why Cybersecurity Stocks Are Beating the Market

Crypto.com Accidentally Sends Woman $10 Million Instead of $100: She Went and Bought a Mansion
New Ransomware Hits Windows, Linux Servers of Chile Gov’t Agency

Tulsa Tech Hit By Data Breach Exposing Data of Students Between 1986 and 1999

Platinum Performance (CA) Reports Data Breach Following Successful Phishing Attack

Neopets Says Hackers Had Access to Its Systems for 18 Months

Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks

Over 1,800 Android and iOS Apps Found Leaking Hard-Coded AWS Credentials

Microsoft Will Disable Exchange Online Basic Auth Next Month