11/29/2022

Krebs: U.S. Gov’t Apps Bundled Russian Code With Ties to Mobile Malware Developer

Experts Find 16,000+ Scam FIFA World Cup Domains

Killnet Gloats About DDoS Attacks Downing Starlink, White House

U.S. Census Bureau Head Fends Off Critics of ‘Differential Privacy’ Tool

Musk Asks if Apple Hates ‘Free Speech in America’ After Twitter Advertising Drop-off

Twitter Stops Enforcing COVID Misinformation Policy

How Secure a Twitter Replacement Is Mastodon? Let Us Count the Ways

Web App and API Attacks Surge 257% in Financial Services

Cyber Insurers Turn Attention to Catastrophic Hacks

Police Shutter 13,000 Sites in Piracy Crackdown

Spanish Police Dismantle Operation That Made €12M via Investment Scams

The Hunt for the Dark Web’s Biggest Kingpin, Part 6: Endgame

CISA’s Strategic Plan Is Ushering in a New Cybersecurity Era
Columbia Grain International Reports March 2022 Data Breach

PII May Have Been Stolen in Southampton County (VA) Ransomware Attack

Washington County (MD) Cybersecurity Issue Impacts Some Functions

Klamath County Developmental Disability Services (OR) Data Breach

GOP Super PAC Secure Our Freedom Action Fund Lost $158,000 in Email Hack

Trigona Ransomware Spotted in Increasing Attacks Worldwide

Oracle Fusion Middleware Vulnerability Actively Exploited in the Wild: CISA

New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection

Microsoft Defender Boosts Default Protection for All Enterprise Users

Let’s Encrypt Issued Over 3 Billion Certificates, Securing 309M Sites for Free

Lockheed Martin’s Army Cyber Training Platform Goes Civilian

11/28/2022

Twitter Hit With Wave of Porn and Spam Obscuring Tweets About China Protests

Elon Musk Confirms Twitter 2.0 will Bring End-to-End Encryption to Direct Messages

TikTok ‘Invisible Body’ Challenge Exploited to Push Malware

Meta Fined $276 Million Over Facebook Data Leak Involving More Than 533 Million Users

A Peek Inside the FBI’s Unprecedented January 6 Geofence Dragnet

NSA Cyber Director Talks Threats, Opportunities

WSJ Pro Research Survey: Preparedness Results

Don’t Be Fooled by End-Of-The-Year Articles on Cybersecurity Trends

Banks in EU Face Tougher Rules on Using Cloud Computing Giants
Phishing Campaign Impersonating UAE Ministry of Human Resources Grows

Vanuatu Hospital Staff Using Pen and Paper After Cyber Attack That Crippled Public Sector

Durham (ON) Schools Without Email or Phone Services After ‘Cyber Incident’

Community Health Network Notifies 1.5M of Data Breach Stemming From Tracking Tech

Hope Health Systems (MD) Experiences Ransomware Attack, Leading to Data Breach

Malicious Android App Found Powering Account Creation Service

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks

Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services

11/25-27/2022

Election Security a Success, but More Improvements Needed, Experts Say

Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations

New Ransomware Attacks in Ukraine Linked to Russian Sandworm Hackers

The FCC Just Banned These Chinese Cameras and Telecom Hardware From Reaching the U.S.

Apple Tracks You More Than You Think

The Biggest Security Risks of Using Fitness Trackers and Apps to Monitor Your Health

Elon Musk Says Twitter Is Launching ‘Verified’ Service Next Week

For Gaming Companies, Cybersecurity Has Become a Major Value Proposition

Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions

Google Warns: Android ‘Patch Gap’ Is Leaving These Smartphones Vulnerable to Attack
Ragnar Ransomware Gang Targets Belgian Municipality, Hits Police Instead

Vice Society Ransomware Claims Attack on Cincinnati State College

Canadian Menswear Chain Harry Rosen Confirms Cyber Attack

All-India Institute of Medical Sciences (AIIMS) Server Still Down Four Days After Ransomware Attack

Dufferin County Paramedic Service (ON) Electronic Patient Record System Shut Down Due to Cyber Attack

DWIs, Gun Miscues and Dubious Acts Revealed in New York State Police Disciplinary Files

5.4 Million Twitter Users’ Stolen Data Leaked Online — More Shared Privately

Remote Code Execution Vulnerability Found in Windows Internet Key Exchange

ConnectWise Fixes XSS Vulnerability that Could Lead to Remote Code Execution

Google Releases Chrome Patch to Fix New Zero-Day Vuln

11/24/2022

Interpol Seized $130 Million From Cybercriminals Worldwide

‘iSpoof’ Service Dismantled, Main Operator and 145 Users Arrested

I Lost $17,000 in Crypto. Here’s How to Avoid My Very Silly Mistake

10,000 BTC Moves off Crypto Wallet Linked to 2014 Mt. Gox Hack

Where Are We Heading With Data Privacy Regulations?
Bahamut Spyware Group Compromises Android Devices Via Fake VPN Apps

Docker Hub Repositories Hide 1,650+ Malicious Containers

Personal Information Data Breach Prompts Warning From Tehama County (CA)

New RansomExx Ransomware Variant Rewritten in the Rust Programming Language

The Hunt for the Dark Web’s Biggest Kingpin, Part 5: Takedown

11/23/2022

Ukraine War: Blackouts Across Ukraine Amid Wave of Russian Strikes

Dozens of Russian Groups Steal 50 Million User Passwords

Pro-Russian Hacktivists Take Down EU Parliament Site in DDoS Attack

Yanluowang Ransomware’s Russian Links Laid Bare in Online Leaks

Microsoft Says Attackers Are Hacking Energy Grids by Exploiting Decades-Old Software

UK Privacy Tsar Defends Controversial Enforcement Strategy

Panaseer Launches Guidance on Security Controls Ahead of EU’s New Legislation

Meta Removes Pro-U.S. Accounts in Middle East and Central Asia

U.S. Military Influence Campaign

Ducktail Hackers Now Use WhatsApp to Phish for Facebook Ad Accounts

Grassley Presses Musk Over Twitter Data Security Concerns, Whistleblower Allegations

Musk Says He’s Done With Twitter Layoffs

Now Hiring!

Cyber Due Diligence in M&As Uncovers Threats, Improves Valuations
Sonder Takes Steps After Data Breach

Ontario Secondary School Teachers’ Union Notifies Victims of Ransomware Attack

Doctors’ Center Hospital (PR) Announces Breach Affecting Over One Million Patients

Disability Services of the Southwest Has Data Breach

Health Care Management Solutions (WV) Data Breach Affects 500,000 Individuals

Driver’s License Numbers for 470K May Have Been Exposed in Suffolk Cyberattack

Wright & Filippis (MI) Data Breach Affects More than 877k Individuals

Mercyhurst University (PA) Announces Data Breach

GATE Petroleum Company (FL) Announces Data Breach

Hackers Exploiting Abandoned Boa Web Servers to Target Critical Industries

Qakbot Infections Linked to Black Basta Ransomware Campaign

Backdoored Chrome Extension ‘SearchBlox’ Installed by 200,000 Roblox Players

Fake MSI Afterburner Targets Windows Gamers With Miners, Info-Stealers

Mali GPU ‘Patch Gap’ Leaves Android Users Vulnerable to Attacks

11/22/2022

The U.S. Has a Bomb-Sniffing Dog Shortage

Killnet DDoS Hacktivists Target British Royal Family and Others

Experts Warn Threat Actors May Abuse Red Team Tool Nighthawk

This Scam Starts With a Fake Invoice: It Could End With Crooks Stealing Your Data

In Court Appearance, FTX Lawyer Says ‘Substantial Amount’ of Crypto Firm’s Assets Stolen or Missing

U.S. Takes Down Domains Used in ‘Pig Butchering’ Cryptocurrency Scheme

Hackers Are Locking Out Mars Stealer Operators From Their Own Servers

Four Reasons The Cybersecurity Sector Could Remain Recession-Resilient
Hackers Breach Energy Orgs via Bugs in Discontinued Web Server

Receivables Performance Management (WA) Data Breach Impacts over 3.7 Million People

Gateway Rehabilitation Center (PA) Data Breach Impacts 130,000

HomeTrust Mortgage (TX) Reports Data Breach in the Wake of Ransomware Attack

Donut Extortion Group Also Targets Victims With Ransomware

Android File Manager Apps Infect Thousands With Sharkbot Malware

‘ViperSoftX’ Malware Installs Malicious Browser Extensions to Steal Users’ Passwords and Cryptos

AWS Fixes ‘Confused Deputy’ Vulnerability in AppSync

11/21/2022

Red Tape, Potholes and Politics Hamper NATO’s Defence Efforts as the Russia Threat Rises

Cyber as Important as Missile Defences: Ex-NATO General

U.S. Offshore Oil and Gas Installation at ‘Increasing’ Risk of Cyberattack

Autonomous Vehicles Join the List of U.S. National Security Threats

World Cup Phishing Emails Spike in Middle Eastern Countries

Luna Moth Phishing Extortion Campaign Targets Businesses in Multiple Sectors

Attackers Bypass Coinbase and MetaMask 2FA via TeamViewer, Fake Support Chat

Microsoft: Hackers Are Using This ‘Concerning’ Tactic to Dodge Multi-Factor Authentication

The Long, Lonely Wait to Recover a Hacked Facebook Account

Google Wins Legal Battle Against Two Russians Connected with the Glupteba Botnet

Two Estonians Arrested for Running $575M Crypto Ponzi Scheme

Investors Are Pouring Cash Into These 10 Cybersecurity Startups
Daixin Ransomware Gang Steals 5 Million AirAsia Passengers’ and Employees’ Data

Hackers Steal $300K in DraftKings via Credential Stuffing

DraftKings Says No Evidence Systems Were Breached Following Report of a Hack

Westmount (QC) Hit by Ransomware

Commonwealth Care Alliance of California Reports Data Breach Leaking Patient Health Info

Eagle Bank (MD) Data Breach Compromised Customer Social Security Numbers

South Walton Fire District (FL) Warns Patients About Cyber Attack Incident

Notorious Emotet Malware Returns With High-Volume Malspam Campaign

Google Identifies 34 Cracked Versions of Popular Cobalt Strike Hacking Toolkit in the Wild

Aurora Infostealer Malware Increasingly Adopted by Cybergangs

Google Chrome Extension Used to Steal Cryptocurrency, Passwords

Thousands of Algolia API Keys Could Expose Users’ Data

Microsoft’s Attempts to Harden Kerberos Authentication Broke It on Windows Servers

11/18-20/2022

Government of Moldova Shaken by Big Hack-And-Leak Operation

Vanuatu: Hackers Strand Pacific Island Government for Over a Week

China and the TikTok Threat: How the White House Cybersecurity Team Is Thinking About It

CISA, NSA, ODNI Publish Software Supply Chain Guidelines For Customers

Shoppers Warned Stay Alert this Black Friday as Hackers Renew Efforts

Krebs: Researchers Quietly Cracked Zeppelin Ransomware Keys

FTX’s Sam Bankman-Fried Cashed Out $300 Million During Funding Spree

Wickr’s Free Encrypted Messaging App Is Shutting Down Next Year

Donald Trump Returns to Twitter After Elon Musk’s Poll

How BlackBerry Moved From Iconic Cellphones to Cybersecurity

Australia’s Hack-Back Plan Against Cyberattackers Raises Familiar Concerns

Cybercriminals Strike Understaffed Organizations on Weekends and Holidays

U.S. Charges BEC Suspects With Targeting Federal Health Care Programs

Indian Government Publishes Draft of Digital Personal Data Protection Bill 2022
Chinese ‘Mustang Panda’ Hackers Actively Targeting Governments Worldwide

Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware

Google Search Results Poisoned With Torrent Sites via Data Studio

Booz Allen Says Former Staffer Downloaded Employees’ Personal Data

Eesti Energia Website Down After Pro-kremlin Cyber Attack

Cyber Attack on Central Depository Services (India)

Patients Receive Letter Informing of Data Breach From Christus Spohn Health System (TX)

Miller County (AR) Offices Impacted by Cyber Attack After Breach Two Weeks Ago

New ‘AXLocker’ Ransomware Encrypts Files, Then Steals Your Discord Account

LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities

New Attacks Use Windows Security Bypass Zero-Day to Drop Malware

Exploit Released for Actively Abused ProxyNotShell Exchange Bug

Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products

Google Looking Outside the Usual Channels to Fix Security Skills Gap

11/17/2022

Wray Tells Lawmakers That FBI Conducts Cyber Offensive Operations

Senate Democrats Ask FTC to Investigate Twitter After ‘Alarming Steps’ by Musk

Meta Employees, Security Guards Fired for Hijacking User Accounts

Meta Keeps Booting Small Business Owners for Being Hacked on Facebook

FTX’s New Boss Reveals Chaos Left Behind by Sam Bankman-Fried

FTX Filing: Sam Bankman-Fried Transferred Assets to Bahamas Government Custody After Bankruptcy

1Password Embraces a Passwordless Future

Security Firms Are Turning NYC’s Street Trees Into Surveillance Posts for Guards

More Than Half of Black Friday Spam Emails Are Scams

UK Government Seeks Further Easing of Data Protection Rules

Chinese Spy Gets 20 Years for Aviation Espionage Plot

U.S. Charges Russian Suspects With Operating Z-Library E-Book Site
Phishing Kit Impersonates Well-Known Brands to Target U.S. Shoppers

Middletown Valley Bank (MD) Data Breach After Unauthorized Access to Computer Network

Innovative Service Technology Management Services (GA) Reports Data Breach

FBI: Hive Ransomware Extorted $100M From Over 1,300 Victims

Previously Unidentified ARCrypter Ransomware Expands Worldwide

QBot Phishing Abuses Windows Control Panel EXE to Infect Devices

High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices

Microsoft Urges Devs to Migrate Away From .Net Core 3.1 ASAP

Zero-Trust Initiatives Stall, as Cyberattack Costs Rocket to $1M per Incident

Google Wins Lawsuit Against Alleged Russian Botnet Herders

Spacecraft Vulnerable to Failure, Thanks to Aerospace Networking Bug

11/16/2022

FBI Head: China Has ‘Stolen More’ U.S. Data ‘Than Every Other Nation Combined’

Russia’s Cyber Forces ‘Underperformed Expectations’ in Ukraine: Senior U.S. Official

Former CISA Director Chris Krebs Praises Government’s Role in Election Security

Hostile States Are Targeting You, Speaker Warns MPs

U.S. Gov’t: Iranian Hackers Breached Federal Agency Using Log4Shell Exploit

State-Backed APT Group Activity Continuing Apace

Germany Says Nein to Qatari World Cup Spyware, Err, Apps

Krebs: Disneyland Malware Team: It’s a Puny World After All

Telehealth Sites Put Addiction Patient Data at Risk

DuckDuckGo’s App Tracking Protection Beta Is Now Available to All Android Users for Testing

Hot Market for Cyber Insurance Begins to Stabilize

Majority of Companies Reduce Cybersecurity Staff Over Holidays
Researchers Discover Hundreds of Amazon RDS Instances Leaking Users’ Personal Data

Magento Stores Targeted in Massive Surge of TrojanOrders Attacks

Data Breach at Arkansas Department of Human Services Releases Medicaid Information

Lake Charles Memorial (LA) Assessing Information After Recent Cyber Attack

Sierra College (CA) Files Notice of Data Breach Following Ransomware Attack

Old Point National Bank (VA) Data Breach Compromises SSNs and Account Numbers

WASP Malware Stings Python Developers According to Researchers

New RapperBot Campaign Aims to Launch DDoS Attacks at Game Servers

Twitter Source Code Indicates End-To-End Encrypted DMs Are Coming

Cybersecurity Best Practice Is Critical for Winning the New Space Race

11/15/2022

Lazarus Backdoor DTrack Evolves to Target Europe and Latin America

Billbug Targets Government Agencies in Multiple Asian Countries

New “Earth Longzhi” APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders

Mayorkas: Ties With Private Sector, Foreign Partners ‘Increasingly Vital’ as Cyber Threats Rise

Shocker: EV Charging Infrastructure Is Seriously Insecure

Twitter Says 2FA Still Works, but It’s Looking Into a ‘Few Cases’ Where It Didn’t

The Hunt for the Dark Web’s Biggest Kingpin, Part 4: Face to Face

Krebs: Top Zeus Botnet Suspect “Tank” Arrested in Geneva

Police Celebrate Arrest of 59 Suspected Scammers

Google to Pay $392M in Landmark Privacy Case

Google to Roll Out Privacy Sandbox on Android 13 Starting Early 2023
Suffolk Police Publish Victims Information in Mass Data Breach

Ransomware Attack Keeps Jackson, Hillsdale County Schools (MI) Closed Again

Work Health Solutions (CA) Data Breach After Unauthorized Employee Email Access

Twitter Fixed a Bug That Exposed Advertisers’ Sensitive Credit Details Internally

PCSpoof: New Vulnerability Affects Networking Tech Used by Spacecraft and Aircraft

Researchers Reported Critical SQLi and Access Flaws in Zendesk Analytics Service

Remote Code Execution Discovered in Spotify’s Backstage

Misconfigurations, Vulnerabilities Found in 95% of Applications

How Routine Pen Testing Can Reveal the Unseen Flaws

Cybersecurity Jobs: Five Ways to Help You Build Your Career

11/14/2022

Instagram, Facebook, Twitter, YouTube Suspended in Turkey After Blast

Russian ‘Killnet’ Hackers Claim Cyber Attack On FBI Website

The Hunt for the FTX Thieves Has Begun

Hack or Inside Job? Blockchain Experts Examine Clues and a ‘Stupid Mistake’

GitHub Now Supports Researchers with Private Vulnerability Reporting For Public Repositories

The Long, Solder-Heavy Way to Get Root Access to a Starlink Terminal
Whoosh Confirms Data Breach After Hackers Sell 7.2M User Records

New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks

42,000 Sites Used to Trap Users in ‘Fangxiao’ Brand Impersonation Scheme

Over 15,000 WordPress Sites Compromised in Malicious SEO Campaign

Windows Kerberos Authentication Breaks After November Updates

11/11-13/2022

Bankrupt Crypto Exchange FTX Probing Unauthorized Transactions

At Least $1 Billion of Client Funds Missing at Failed Crypto Firm FTX

FTX Says It’s Removing Trading and Withdrawals, Moving Digital Assets to a Cold Wallet

Bankrupt Crypto Exchange FTX Is Under Criminal Investigation in the Bahamas

Sam Bankman-Fried Reportedly Denies Fleeing to Argentina, Says He’s Still in the Bahamas

Plotting Escape to Non-Extradition Safe Haven Dubai?

Larry David ‘Predicted’ FTX’s Implosion

Crypto.com Withdrawals Rise After CEO Admits Transaction Problem

‘Dark Ships’ Emerge From the Shadows of the Nord Stream Mystery

Twitter C-Level Resignations Continue As Blue Program Creates New Cyber-Risks

Twitter Pauses Paid Verifications After Users Abuse Service to Impersonate Brands and People

Internal Documents Show How Close the FBI Came to Deploying Spyware

NSA Urges Orgs to Use Memory-Safe Programming Languages

U.S. Seized 18 Web Domains Used for Recruiting Money Mules
Microsoft Blames Russian ‘Sandworm’ Hackers for Prestige Ransomware Attacks on Ukraine & Poland

Ukraine Says Russian Hacktivists Use New Somnia Ransomware

Australian Police to Russian Medibank Hackers: ‘We Know Who You Are’

Australia to Consider Banning Paying of Ransoms to Cyber Criminals

Experts Uncover Two Long-Running Android Spyware Campaigns Targeting Uyghurs

World Cup Apps Pose a Data Security and Privacy Nightmare

Canadian Food Retail Giant Sobeys Hit by Black Basta Ransomware

Merced College (CA) Knocked Offline in Apparent Malware Attack

Royal Mail Down: Tracking Unavailable as Outage Exceeds 24 Hours

New Extortion Scam Threatens to Damage Sites’ Reputation, Leak Data

Malicious Google Play Store App Spotted Distributing Xenomorph Banking Trojan

Multiple High-Severity Flaws Affect Widely Used OpenLiteSpeed Web Server Software

Android Phone Owner Accidentally Finds a Way to Bypass Lock Screen

Microsoft Defender Network Protection Generally Available on iOS, Android

11/10/2022

Russian Military Hackers Linked to Ransomware Attacks in Ukraine

Russia’s Sway Over Criminal Ransomware Gangs Is Coming Into Focus

Russian LockBit Ransomware Operator Arrested in Canada

Kaspersky to Kill Its VPN Service in Russia Next Week

Ukraine Arrests Fraud Ring Members Who Made €200 Million per Year

Apple Limits AirDrop in China After Its Use in Protests

Krebs: Lawsuit Seeks Food Benefits Stolen By Skimmers

Twitter Turmoil Worsens

Majority of Security Managers Lack Threat Intelligence Skills

Hacker Rewarded $70,000 for Finding Way to Bypass Google Pixel Phones’ Lock Screens

Is Cybersecurity Awareness Month Anything More Than PR?

Flashpoint Releases Ransomware Prediction Model for Vulnerabilities
Pupils’ Data Spread Online in Hereford School Cyber Attack

Petersen International Underwriters (CA) Reports Data Breach

United Veterinary Care (FL) Sends Data Breach Letter

Salud Family Health (CO) Reports Data Breach Following Apparent Cyberattack

U.S. Health Dept Warns of Venus Ransomware Targeting Healthcare Orgs

Phishing Drops IceXLoader Malware on Thousands of Home, Corporate Devices

FBI Warns Scammers Now Impersonate Refund Payment Portals

Researchers Uncover PyPI Package Hiding Malicious Code Behind Image File

Worok Hackers Hide New Malware in PNGs Using Steganography

Microsoft Fixes MoTW Zero-Day Used to Drop Malware via ISO Files

11/9/2022

A ‘Handful’ of State Election Websites Hit With Cyberattacks, CISA Official Says

Mississippi Officials Unable to Confirm Actors Behind Election Websites Cyberattack

Russia-Linked APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network

New Chinese Hacking Group Uses Custom ‘Symatic’ Cobalt Strike Loaders

Spyware Scandals Prompt Multiple Calls for Further Bans in Europe

Wells Fargo, Zelle Slammed by Liz Warren Over Rampant Online Banking Fraud

How to Avoid Getting Duped by Medicare Scammers During Open Enrollment

How to Prepare for the End of Card Payments

The Ubertooth One Lets You Take a Bite Out of Bluetooth

IBM Unveils New Chip in Push to Realize Quantum Computing’s Promise

Couple Sentenced to Prison for Trying to Sell Nuclear Warship Secrets
Medibank Warns Customers Their Data Was Leaked by Ransomware Gang

TransUnion Confirms Recent Data Breach

Camping World and Good Sam Announce Data Breach That Leaked Consumer Info

Cyber Attack on an Orange Debt Collection Provider in Spain Exposes Sensitive Data

15,000 Sites Hacked for Massive Google SEO Poisoning Campaign

Several Cyber Attacks Observed Leveraging IPFS Decentralized Network

Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network

New StrelaStealer Malware Steals Your Outlook, Thunderbird Accounts

High-Risk Vulnerability Found in ABB’s Flow Computers

Lenovo Fixes Flaws That Can Be Used to Disable UEFI Secure Boot

Krebs: Patch Tuesday, November 2022 Election Edition

11/8/2022

Ukrainian Hacktivists Claim to Leak Trove of Documents From Russia’s Central Bank

FBI: Russian Hacktivists Achieve Only ‘Limited’ DDoS Success

North Korea Attempted to Hack, Siphon Funds From an Israeli Company

Cyber Agency Remains Vigilant Despite Finding No ‘Credible Threats’ to Election

Cyberattacks That Slowed Champaign County (IL) Election Day Voting Process ‘Resolved’

TrustCor: A Tiny Company With a UPS Store Address Could Help the Gov’t Get Around Browser Security

Highmark Health Finds Cybersecurity Staff in Tight Labor Market

Insider Risk on the Rise: 12% of Employees Take IP When Leaving Jobs

Influencer ‘Hushpuppi’ Gets 11 Years in Prison for Cyber Fraud
Over Thirty Arkansas Counties Impacted by Cyber Attack

Shangri-la Hotel Data Breach Likely Had ‘Minimal’ Impact at Singapore Ministerial Summit

Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines

Malicious Extension Lets Attackers Control Google Chrome Remotely

Citrix Urges Admins to Patch Critical ADC, Gateway Auth Bypass

VMware Fixes Three Critical Auth Bypass Bugs in Remote Access Tool

Microsoft November 2022 Patch Tuesday Fixes 6 Exploited Zero-Days, 68 Flaws

Microsoft Fixes ProxyNotShell Exchange Zero-Days Exploited in Attacks

11/7/2022

Ukraine Looks to Technology to Help Rebuild Its Economy Amid Russia’s Onslaught

Japan Joins Key NATO Cyber Agency

This Hidden Facebook Tool Lets Users Remove Their Email or Phone Number Shared by Others

Microsoft Hits the Switch on Password-Free Smartphone Authentication

Experts Find URLScan Security Scanner Inadvertently Leaks Sensitive URLs and Data

Stolen $3BN Bitcoin Mystery Ends With Popcorn Tin Discovery
Maple Leaf Foods Suffers Outage Following Weekend Cyberattack

Medibank Refuses to Pay Ransom After Data Breach

Ransomware Gang Threatens to Release Stolen Medibank Data

Morrison Products Reports Data Breach, Leaking Victims’ Social Security Numbers

Alinsco Managing General Agency Files Report of Data Breach

Azov Ransomware Is a Wiper, Destroying Data 666 Bytes at a Time

11/4-6/2022

Here’s How Lawmakers Are Tackling Rising Cyber Threats in the Health Sector

Red Cross Wants Digital Symbols to Deter Hackers From Healthcare Institutions

British Gov’t Is Scanning All Internet Devices Hosted in UK

UK Gov’t Data Breach for Millions of Children Ruled Unlawful

CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software

Twitter Slashes Nearly Half Its Workforce as Musk Admits ‘Massive Drop’ in Revenue

Twitter Cut 15 Percent of Its Trust and Safety Staff but Says It Won’t Impact Moderation

Civil Rights Groups Slam Musk’s Mass Twitter Layoffs, Urge Companies to Pause Ads

Former Twitter Chief Jack Dorsey Issues Apology Amid Mass Layoffs: “I Grew the Company Too Quickly”

As Twitter Brings on $8 Fee, Phishing Emails Target Verified Accounts

Krebs: LinkedIn Adds Verified Emails, Profile Creation Dates
National Guard to Offer Midterm Elections Cybersecurity Help

Researchers Detail New Malware Campaign Targeting Indian Government Employees

FBI: Hacktivist Ddos Attacks Had Minor Impact on Critical Orgs

Norman Public Schools (OK) Experiencing Malicious Ransomware Attack

OakBend Medical Center Provides Healthcare Data Breach Notice

Gala Games Debunk Rumors Of Alleged Hack After Token Plunges

Robin Banks Phishing Service Returns to Steal Banking Accounts

Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities

SolarWinds Reaches $26M Settlement With Shareholders, Expects SEC Action

Microsoft Sued for Open-Source Piracy Through Github Copilot

11/3/2022

RomCom Weaponized KeePass and SolarWinds Instances to Target Ukraine, Maybe UK

Cyber Threat Landscape Shaped by Ukraine Conflict, ENISA Report Reveals

TikTok Confirms Chinese Staff Can Access UK and EU User Data

Congressional Report Finds Health Care Sector ‘Uniquely Vulnerable’ to Cyber Attacks

New Crimson Kingsnake Gang Impersonates Law Firms in BEC Attacks

Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers

OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa

Soccer Fans, You’re Being Watched

Zurich and Mondelez Reach NotPetya Settlement, but Cyber-Risk May Increase

Economic Uncertainty Isn’t Stopping Cybercrime Recruitment — It’s Fueling It
OPERA1ER Hackers Steal Over $11 Million From Banks and Telcos

LockBit Ransomware Claims Attack on Continental Automotive Giant

Royal Mail Customer Data Leak Shutters Online Click and Drop

Cyber Incident at Boeing Subsidiary Jeppesen Causes Flight Planning Disruptions

DSB Danish Train Standstill on Saturday Caused by Cyber Attack

Ethos Group Confirms Recent Data Breach

Three Rivers Provider Network Confirms Data Breach Impacting Victims’ SSNs

North Idaho College Recovering From Cyberattack That Led to Network Shutdown

St. Luke’s Health (TX) Suffers Third-Party Data Breach, Unrelated to CommonSpirit Attack

New Clipboard Hijacker ‘Laplas Clipper’ Replaces Crypto Wallet Addresses With Lookalikes

11/2/2022

EU Expands Cyber Rules for Airline Flight Safety

U.S. Treasury Thwarts DDoS Attack From Russian Killnet Group

Cyber-Attacks on Small Firms: The U.S. Economy’s ‘Achilles Heel’?

Mobile Phishing Attacks on Government Staff Soar

U.S. Gov’t Employees Exposed to Mobile Attacks From Outdated Android, iOS

Twitter Verified Status Users Flooded with Scams

French Defense Firm Thales Denies Ransomware Attack After Leak Site Posting

Rust: The ‘Viral’ Secure Programming Language That’s Taking Over Tech

The Flipper Zero Is a Swiss Army Knife of Antennas

U.S. Hacker Group Indicted For Million-Dollar RICO Conspiracy

Vitali Kremez Found Dead After Apparent Scuba Diving Accident
Vodafone Italy Discloses Data Breach After Reseller Hacked

Australian Real Estate Agency Harcourts Reveals Names, Addresses Possibly Compromised in Attack

Alma Radio Telescope in Chile Taken Down by Cyber Attack

Crypto Exchange Deribit Loses $28 Million in a Hack

Multi-Color Corporation Reports Data Breach Affecting Sensitive Employee and Dependent Info

CorrectCare Integrated Health Announces Data Breach Impacting Individuals Incarcerated

Hundreds of U.S. News Sites Push Malware in Supply-Chain Attack

Dozens of PyPI Packages Caught Dropping ‘W4SP’ Info-Stealing Malware

Emotet Botnet Starts Blasting Malware Again After 5 Month Break

Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software

11/1/2022

U.S. Treasury Thwarted Attack by Russian Hacker Group Last Month-Official

China-Backed APT10 Supercharges Spy Game With Custom Fileless Backdoor

Senior Cyber Official: Disinfo Campaigns a ‘Significant Concern’ Ahead of Midterms

CISA Publishes Multi-Factor Authentication Guidelines to Tackle Phishing

Government by Gmail Catches up With UK Minister… Who Is Reappointed Anyway

U.S. Banks Report More Than $1 Billion in Potential Ransomware Payments in 2021

Krebs: Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Russian Hacker Behind Massive Data Breach Released From U.S. Prison

Layoffs Mount as Cybersecurity Vendors Hunker Down

Nearly a Third of Cybersecurity Leaders Considering Quitting

Non-Traditional Applicants Could Be Answer to Cyber Talent Shortage
Osaka Hospital Halts Services After Ransomware Attack

Thomson Reuters Database Leak Exposed 3TB of Sensitive Platform and Customer Data

France’s Defence Group Thales Says Hackers Claim to Have Stolen Data

Dropbox Discloses Breach After Hacker Stole 130 Github Repositories

Flambeau (WI) Reports Data Breach Impacting 10,447 Individuals

Pinnacle Claims Management (CA) Files Notice of Data Breach

Google Ad for GIMP.org Served Info-Stealing Malware via Lookalike Site

New SandStrike Spyware Infects Android Devices via Malicious VPN App

Malicious Android Apps With 1M+ Installs Found on Google Play

Researchers Disclose Details of Critical ‘CosMiss’ RCE Flaw Affecting Azure Cosmos DB

OpenSSL 3 Patch, Once Heartbleed-Level “Critical,” Arrives as a Lesser “High”