Geopolitical Tensions Expected to Further Impact Cybersecurity in 2023

Cyberwar in Ukraine, Ransomware Fears Drive 2022 Surge in Demand for Threat Intelligence Tools

The Worst Hacks of 2022

3 Industries, 3 Security Programs

Google Home Speakers Allowed Hackers to Snoop on Conversations

Ukraine Shuts Down Fraudulent Call Center Claiming 18,000 Victims
Crypto Platform 3Commas Admits Hackers Stole API Keys

Industrial Bank Files Notice of Data Breach, Leaking Consumers SSNs and Financial Account Info

FoundCare (FL) Files Notice of Data Breach Affecting Over 14k Patients

Cyber Attack Impacting Real Estate Matters at Florence County (SC) Register of Deeds Office

Netgear Warns Users to Patch Recently Fixed WiFi Router Bug


Russia’s Cyberwar Foreshadowed Deadly Attacks on Civilians

U.S. House Boots TikTok From Government Phones

The LastPass Disclosure of Leaked Password Vaults Is Being Torn Apart by Security Experts

Yes, It’s Time to Ditch LastPass

The Benefits and Risks of Using a Password Manager to Protect Your Online Identity

It’s the End of Programming as We Know It — Again

Smart Toys Are Definitely Still Hackable (We Just Don’t Talk About It)

Cybersecurity Trends, Lessons & Reflections from the End of 2022
Royal Ransomware Claims Attack on Intrado Telecom Provider

Ransomware Attack at Lake Charles Memorial Health (LA) Impacts 270,000 Patients

APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector

Hackers Abuse Google Ads to Spread Malware in Legit Software

Nintendo Patches a Security Vulnerability That Could Give Hackers “Full Console Takeover”

Thousands of Citrix Servers Vulnerable to Patched Critical Flaws

Why Cyber Pros and Forensic Accountants Should Work Together to Mitigate Security Risk


Hacktivism Is Back and Messier Than Ever

North Korean ‘Lazarus’ ‘BlueNoroff’ APT Hackers Using New Ways to Bypass Windows MotW Protection

Internet AppSec Remains Abysmal & Requires Sustained Action in 2023

It’s All in the (Lack Of) Details: 2022’s Badly Handled Breaches

U.S. Probe: $372 Million Vanished After FTX Bankruptcy
Hackers Stole Data From Multiple Electric Utilities in Sargent & Lundy Ransomware Attack

BTC.com Lost $3 Million Worth of Cryptocurrency in Cyberattack

Louisiana Health System Alerts Patients of Possible Data Breach

EarSpy Attack Eavesdrops on Android Phones via Motion Sensors


TikTok Security Dilemma Revives Biden Admin Push for U.S. Control

North Korean Hackers Targeted Nearly 1,000 South Korean Foreign Policy Experts

The Most Dangerous People on the Internet in 2022: Who Made the List?
Hacker Claims to Be Selling Twitter Data of 400 Million Users

BitKeep Wallet Suffers Second Hack Since October, $8 Million Stolen via Infected APKs

GuLoader Malware Utilizing New Techniques to Evade Security Software


Businesses Hope for Legal Clarity on Trans-Atlantic Data Privacy in 2023

President Biden Signs Quantum Cybersecurity Preparedness Act into Law

Users Report Google Calendar Bug Creating Random, Fake Events

Everyone Is Using Google Photos Wrong

Massive Twitter Data Leak Investigated by EU Privacy Watchdog

Meta Agrees to Pay $725 Million to Settle Lawsuit Over Cambridge Analytica Data Leak

How Big Tech Fought Antitrust Reform — And Won
TikTok’s Parent Company Admits Using the Platform’s Data to Track Journalists

W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names

New ‘RisePro’ Info-Stealer Malware Infects Software Pirates via Fake Cracks Sites

Researchers Warn of Kavach 2FA Phishing Attacks Targeting Indian Govt. Officials

Hackers Exploit Bug in WordPress Gift Card Plugin With 50K Installs

Ghost CMS Vulnerable to Critical Authentication Bypass Flaw


Hands On With Flipper Zero, the Hacker Tool Blowing Up on TikTok

Elon Musk Actively Searching for a New Twitter CEO, Sources Say

FCC Calls for Mega $300 Million Fine for Massive U.S. Robocall Campaign

UK Government Says That Sharing Some Passwords is Illegal

Critical Security Flaw Reported in Passwordstate Enterprise Password Manager

LastPass: Hackers Stole Customer Vault Data in Cloud Storage Breach

Brave Launches FrodoPIR, a Privacy-Focused Database Query System

DuckDuckGo Now Blocks Google Sign-in Pop-Ups on All Sites
Comcast Xfinity Accounts Hacked in Widespread 2FA Bypass Attacks

Queensland University of Technology Shuts IT Systems After Ransomware Attack

Chinese Electric Automaker Nio Hit by Ransomware Attack

KentuckianaWorks Notifying Over 100 People of Possible Data Breach

Suffolk County (NY) Leaders Blame Clerk’s Office for Cyberattack

FIN7 Cybercrime Syndicate Emerges as Major Player in Ransomware Landscape

Vice Society Ransomware Gang Switches to New Custom Encryptor

Google WordPress Plug-in Bug Allows AWS Metadata Theft

Corporate Tech Leaders Untangle Their Cybersecurity Roles


Biden Meets With Zelensky, Pledges Continued U.S. Support for Ukraine

Ukraine’s Cyber Units Aim to Retain Staff, Keep Services Stable as War Enters Year Two

White House Cyber Czar Chris Inglis to Resign

NASA Infosec Again Falls Short of Required U.S. Government Standard

Iran’s Internet Blackouts Are Sabotaging Its Own Economy

Eufy Publicly Acknowledges Some Parts of Its “No Clouds” Controversy

Krebs: The Equifax Breach Settlement Offer is Real, For Now

Cybersecurity Firms Cut Staff as Fears About Economy, Funding Mount

U.S. Most Impacted by Data Breaches in the Financial Industry in 2022

Corsair Keyboard Bug Makes It Type on Its Own, No Malware Involved
Guardian: Guardian Hit by Serious It Incident Believed to Be Ransomware Attack

Breaks News of Ransomware Attack on Itself

Okta’s Source Code Stolen After GitHub Repositories Hacked

Sports Betting Operator BetMGM Hit By Data Breach, Exposing Customer Info

Hartnell Community College District (CA) Files Notice of Data Breach

Godfather Trojan Targets 400 Financial Services Firms Since July 2021

FBI Warns of Search Engine Ads Pushing Malware, Phishing

Zerobot Malware Now Spreads by Exploiting Apache Vulnerabilities

Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations

Microsoft Fixes Hyper-V VM Problem Caused by Patch Tuesday


Big Tech Bills Left Out of Sweeping Government Spending Bill

Russian APT Hackers Targeted Petroleum Refinery in NATO Country During Ukraine War

Raspberry Robin Worm Drops Fake Malware to Confuse Researchers

KmsdBot Botnet Suspected of Being Used as DDoS-for-Hire Service

VirusTotal Cheat Sheet Makes It Easy to Search for Specific Results

Krebs: Hacked Ring Cams Used to Record Swatting Victims

Two New York Men Arrested for Conspiring With Russians to Hack JFK Taxi System

Microsoft Will Turn off Exchange Online Basic Auth in January

Cybersecurity is a Team Sport – Avoid the ‘Us and Them’ Culture

The Importance Of Putting Employees At The Center Of A Security Strategy

2023 Cybersecurity Forecasts: Zero Trust, Cloud Security Will Top Spending
Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users

Play Ransomware Gang Uses New Microsoft Exchange Exploit to Breach Servers

Cyber Attack Affects Phones, Website at Toronto’s SickKids Hospital

Ransomware Hackers Take Demands Directly to Knox College Students: ‘for You, It’s a Sad Day’

Personal Info of 37,000 People Exposed in Whitehall (OH) Ransomware Data Breach

P2 Energy Solutions (CO) Data Breach Leaks Social Security Numbers of 69K Consumers

Order Express (IL) Reports Data Breach Affecting the Info of Over 63k Consumers

Google Ad Fraud Campaign Used Adult Content to Make Millions

Hackers Bombard PyPi Platform With Information-Stealing Malware

McGraw Hill’s S3 Buckets Exposed 100,000 Students’ Grades and Personal Info

Organizations Warned of New Attack Vector in Amazon Web Services


Ukraine’s DELTA Military System Users Targeted by Info-Stealing Malware

The Risk of Escalation From Cyberattacks Has Never Been Greater

Ransomware Groups to Increase Zero-Day Exploit-Based Access Methods in the Future

Meta Takes Down Over 200 Covert Influence Operations Since 2017

FBI Pressured Twitter, Sent Trove of Docs Hours Before Post Broke Hunter Laptop Story

Most in Musk’s Twitter Poll Say He Should Step Down as CEO

‘Fortnite’ Video Game Developer Paying $520M to Resolve FTC Allegations
DraftKings Warns Data of 67K People Was Exposed in Account Hacks

Play Ransomware Claims Attack on German Hotel Chain H-Hotels

Louise W. Eggleston Center (VA) Reports Data Breach Following Ransomware Attack

Researchers Discover Malicious PyPI Package Posing as SentinelOne SDK to Steal Data

Microsoft Finds macOS Bug That Lets Malware Bypass Security Checks

Critical Windows Code-Execution Vulnerability Went Undetected Until Now

Big Challenges And Opportunities: Where’s Cybersecurity Heading In 2023?


An Alleged Russian Smuggling Ring Was Uncovered in New Hampshire

The FBI Is Worried About a Wave of Cyber Crime Against America’s Small Businesses

FBI Warns BEC Attacks Now Also Target Food Shipments

Anker’s Eufy Deleted These 10 Privacy Promises Instead of Answering Our Questions

Soccer Technology Raises Privacy Risks for Players

Google Introduces End-To-End Encryption for Gmail on the Web

Goodbye SHA-1: NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm

Annoying CAPTCHA Is Still Big for Google and E-commerce in Bot Battle, and Likely to Stay That Way

Former Twitter Employee Gets 42 Months for Saudi Scheme

Woman Gets 66 Months in Prison for Role in $3.3 Million ID Fraud Op

T-Mobile Hacker Gets 10 Years for $25 Million Phone Unlock Scheme
Colombian Energy Supplier EPM Hit by BlackCat Ransomware Attack

Restaurant CRM Platform ‘SevenRooms’ Confirms Breach After Data for Sale

254,000 Medicare Beneficiaries Are Getting New ID Cards Due to Data Breach at Subcontractor

Data Breach Exposing Patron Information at Rochester Public Library (MN)

Glupteba Malware Is Back in Action After Google Disruption

Agenda Ransomware Switches to Rust to Attack Critical Infrastructure

Microsoft Warns of New Minecraft DDoS Malware Infecting Windows, Linux

Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities

Live From London: Next-Gen Cybersecurity Takes Stage at Black Hat Europe

Security Professionals Advise On How To Improve The Security Operations Center


GPS Signals Are Being Disrupted in Russian Cities

Ukrainian Gov’t Networks Breached via Trojanized Windows 10 Installers

Researchers Uncover MirrorFace Cyber Attacks Targeting Japanese Political Entities

Senate Passes Bill Banning TikTok From Government Devices

Instagram Launches New Tool to Help Hacked Users Regain Account Access

Meta’s Tricky Quest to Protect Your Account

Wyden Urges FTC Probe Into ‘Sensitive Internet Metadata’ Sold to U.S. Government

Technology Executives Signal Spending in 2023 Even as the Sector Goes Through Massive Layoffs

GitHub to Require All Users to Enable 2FA by the End of 2023

GitHub Rolls Out Free Secret Scanning for All Public Repositories

Top Cybersecurity Predictions 2023

Data Destruction Policies in the Age of Cloud Computing: Adjust to Reality
FuboTV Hit With Cyberattack During World Cup Semifinal Match

Social Blade Confirms Breach After Hacker Posts Stolen User Data

Avem Health Partners (OK) Files Data Breach Stemming from Incident at 365 Data Centers

Lakeside Software (MI) Data Breach After Incident Results in Leaked SSNs

Hope College (MI) Warns of Potential Data Breach

Potential Cyber Attack Hits Victoria’s Peak (Australia) Fire Response Agency

Lego Bricklink Bugs Let Hackers Hijack Accounts, Breach Servers

Phishing Attack Uses Facebook Posts to Evade Email Security

Loan Scam Campaign ‘MoneyMonger’ Exploits Flutter to Hide Malware

Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as ‘Critical’

Microsoft Removes Windows 11 Update Block for PCs With Gaming Issues


Lawmakers Introduce Bill to Ban TikTok in U.S.

Krebs: FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Loan Fee Fraud Surges by a Fifth as Christmas Approaches

A New Lawsuit Accuses Meta of Inflaming Civil War in Ethiopia

New Lawsuit Accuses Meta of Inflaming Ethiopia Civil War

Seven Smuggled U.S. Military Tech for Moscow, Say Feds

Krebs: Six Charged in Mass Takedown of DDoS-for-Hire Sites

Tech Group Sues California Over Kids’ Online Safety Law

OECD Countries Finalize Framework to Limit Government Access to Citizen Personal Data

NSA Shares Tips on Mitigating 5G Network Slicing Threats
Open-Source Repositories Flooded by 144,000 Phishing Packages

Kaye-Smith Announces Data Breach Potentially Affecting MultiCare Patients

North Star Leasing (VT), a Division of Peoples Bank, Provides Data Breach Notice

‘Third-Party Incident’ Impacted Gemini With 5.7 Million Emails Leaked

Attackers Use SVG Files to Smuggle QBot Malware Onto Windows Systems

VMware Releases Fixes for Critical ESXi and vRealize Security Flaws

Krebs: Microsoft Patch Tuesday, December 2022 Edition

10 Ways Any Company Can Tighten Up Their Cybersecurity Efforts For The New Year


Putin to Choose Cyber Warfare Before Nuclear Weapons, Former NSA Chief Says

Hackers Planted Files to Frame an Indian Priest Who Died in Custody

Experts Warn AI ChatGPT Could Democratize Cybercrime

Google Launches Largest Distributed Database of Open Source Vulnerabilities

Cuba Ransomware Gang Abused Microsoft Certificates to Sign Malware

For Congress to Confront Cybersecurity, Reps Push to Ramp up Cyber Literacy

Cybersecurity in Space: The Out Of-This-World Challenges Ahead

2022 In Review: A Super Duper Eventful Cybersecurity Year
One Brooklyn Health Battling Cyber Attack That Forced Some Critical Services Offline

TPG Telecom Says up to 15,000 Email Accounts of Business Customers Hacked

New Gotrim Botnet Brute Forces WordPress Site Admin Accounts

Cybersecurity Experts Uncover Inner Workings of Destructive Azov Ransomware

Hackers Exploit Critical Citrix ADC and Gateway Zero Day, Patch Now

Amazon ECR Public Gallery Flaw Could Have Wiped or Poisoned Any Image

Apple Fixes New Webkit Zero-Day Used in Attacks Against iPhones

Microsoft December 2022 Patch Tuesday Fixes 2 Zero-Days, 49 Flaws


How the U.S. Has Helped Counter Destructive Russian Cyberattacks Amid Ukraine War

European Electricity Sector Lacks Cyber Experts as Ukraine War Raises Hacking Risks

North Korean ‘Kimsuky’ Hackers Impersonate Researchers to Steal Intel

Now Utah Governor Orders TikTok Ban for State Government Employees

NASA Chief: SpaceX Leader Says Elon Musk’s Twitter Drama Is ‘Nothing to Worry About’

The New Space Race Will Drive Innovation: Here’s Where It Goes Next

Survey Says: IT Security Teams, Business Execs Still Not on Same Page

Cloudflare’s Zero Trust Suite Now Available for Free to At-Risk Groups

Why You’ve Been Getting So Much Gmail Spam About Yeti Coolers

Japan, Australia to Bolster Cyber-Defenses, Maybe Offensive Capacity Too

Reconciling International Breach Reporting Rules Could Prove Challenging

UK Arrests Five for Selling ‘Dodgy’ Point of Sale Software After Joint Probe
Uber Suffers New Data Breach After Attack on Vendor, Info Leaked Online

Twitter Confirms Recent User Data Leak Is From 2021 Breach

CoinTracker Crypto Portfolio Software Suffers Data Hack

California Department of Finance Hit With Cybersecurity Threat, Investigation Underway

LockBit Claims

Play Ransomware Claims Attack on Belgium City of Antwerp

Crane Worldwide Logistics Leaked Social Security Numbers Following Data Breach

San Gorgonio Memorial Hospital (CA) Compromised Patient Info After Breach

Chaos RAT Used to Enhance Linux Cryptomining Attacks

New Python Malware Backdoors VMware ESXi Servers for Remote Access

Fortinet Says SSL-VPN Pre-Auth RCE Bug is Exploited in Attacks

Google Adds Passkey Support to Chrome for Windows, macOS and Android

Effective, Fast, and Unrecoverable: Wiper Malware Is Popping up Everywhere


Krebs: New Ransom Payment Schemes Target Executives, Telemedicine

BEC Attacks Expand Beyond Email and Toward Mobile Devices

Critical Infrastructure: Attackers Keep Targeting the U.S. Electric Grid

North Carolina Power Grid Attack Exposes Vulnerabilities, Prompts Scrutiny of Other Recent Attacks

A Year Later, That Brutal Log4j Vulnerability Is Still Lurking

Activists Respond to Apple Choosing Encryption Over Invasive Image Scanning Plans

Advocacy Groups Make Last-Ditch Plea to Schumer for Vote on Antitrust Bills

LinkedIn Has a Fake Account Problem It’s Trying to Fix: Real Users Are Part of the Solution

Madoff Prosecutor: ‘Highly Unusual’ for Sam Bankman-Fried to Be Speaking Publicly

Huawei Licenses 5G Patents to Rival as U.S. Sanctions Force the Chinese Giant to Seek New Revenue

Tennessee Latest State to Block TikTok Access on Government Networks, Citing Cybersecurity

Australia Arrests ‘Pig Butchering’ Suspects for Stealing $100 Million
Hack-for-Hire Group ‘Evilnum’ Targets Travel and Financial Entities with New Janicab Malware Variant

Shows Will Go On at Met Opera Despite Cyber-Attack That Crashed Network

Cobalt Mirage Affiliate Uses GitHub to Relay Drokbk Malware Instructions

Truebot Malware Activity Increases With Possible Evil Corp Connections

Information of 360,000 People Affected in Ontario Vaccine Data Breach

Australia’s Telstra Suffers Privacy Breach, 132,000 Customers Impacted

Rackspace Warns of Phishing Risks Following Ransomware Attack

Antivirus and EDR Solutions Tricked Into Acting as Data Wipers

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

Samsung Galaxy S22 Hacked in 55 Seconds on Pwn2Own Day 3

Hackers Earn $989,750 For 63 Zero-Days Exploited At Pwn2Own Toronto

43 Trillion Security Data Points Illuminate Our Most Pressing Threats


U.S. Health Dept Warns of Royal Ransomware Targeting Healthcare

COVID-bit: New COVert Channel to Exfiltrate Data from Air-Gapped Computers

FTC Sues to Block Microsoft’s Acquisition of Gaming Company Activision

Pet Dog Unmasks Drug Trafficker on Encrypted Chat

Automated Dark Web Markets Sell Corporate Email Accounts for $2

Researchers Uncover Darknet Service ‘Zombinder’ Allowing Hackers to Trojonize Legit Android Apps

Samsung Galaxy S22 Hacked Again on Second Day of Pwn2Own

Google: How Android’s Private Compute Core Protects Your Data

Tor Browser 12.0 Brings Apple Silicon Support, Android Enhancements
Iranian ‘MuddyWater’ Hacked Corporate Email Accounts Used to Send MSP Remote Access Tool

Popular HR and Payroll Company Sequoia Discloses a Data Breach

CommonSpirit Health Ransomware Attack Exposed Data of 623,000 Patients

Suncoast Skin Solutions (FL) Announces Data Breach Following Apparent Ransomware Attack

Acuity Brands (GA) Data Breach Impacts More than 37k Employees’ Sensitive Information

Black, Gould & Associates (AZ) Notifies Over 42,000 Consumers of Recent Data Breach

Maryland Senior Living Community Announces Data Security Breach

Cisco Discloses High-Severity IP Phone Bug With Exploit Code

(ISC)² Recruits 110,000 People


Russian Hackers ‘Blue Callisto’ (aka TAG-53) Spotted Targeting U.S. Military Weapons and Hardware Supplier

Chinese Hackers Using Russo-Ukrainian War Decoys to Target APAC and European Entities

Taiwan Bans State-Owned Devices From Running Chinese Platform TikTok

Nebraska, South Dakota, South Carolina, Maryland

Indiana Sues

Google Discovered North Korea Exploiting an Internet Explorer Zero-Day Vulnerability in October

Apple Claims a New iMessage Can Alert You if State-Sponsored Spies Are Eavesdropping

Apple Announces Plans to Encrypt iCloud Backups

How to Enable End-To-End Encryption for Your iCloud Backups

Proton’s Encrypted Cloud Storage Gets Dedicated Mobile Apps

Now Telegram Users Don’t Need a Phone Number — They Can Buy a Fake One With Crypto

Apple Kills Its Plan to Scan Your Photos for CSAM: Here’s What’s Next

Scammers Are Scamming Other Scammers Out of Millions of Dollars

San Francisco Terminates Explosive Killer Cop Bots, Un-Backing Decision
CloudSEK Claims It Was Hacked by Another Cybersecurity Firm

‘Group X’ Supply Chain Web Skimming Attacks Hit Dozens of Sites

New Go-Based Botnet ‘Zerobot’ Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network

Hackers Use New Fantasy Data Wiper in Coordinated Supply Chain Attack

Microsoft Warns Cryptocurrency Firms Against Complex Cyber-Attacks

Elon Musk’s Twitter Followers Targeted in Fake Crypto Giveaway Scam

Macmillan Reports Data Breach Leaking Consumers’ Social Security Numbers

Suffolk University Reports Data Breach Impacting Thousands of Current and Former Students

Health Info of Nearly 9K Compromised in Rhode Island Department of Health Data Breach

Te Whatu Ora (NZ) Loses Access to 14,000 Health Data Following Cyberattack

CryptosLabs ‘Pig Butchering’ Ring Stole up to $505 Million Since 2018

Vice Society Ransomware Attackers Targeted Dozens of Schools in 2022

Google: State Hackers Still Exploiting Internet Explorer Zero-Days


U.S. Intelligence Chief: Parents ‘Should Be’ Concerned for Kids’ Privacy on TikTok

Facebook Parent’s Oversight Board Criticizes ‘Cross Check’ Program That Protects VIP Users

Russian Hackers Use Western Networks to Attack Ukraine

Microsoft Warns of Russian Cyberattacks Throughout the Winter

Microsoft: Hackers Target Cryptocurrency Firms Over Telegram

Swiss Government Wants to Implement Mandatory Duty to Report Cyber-Attacks

Suspects Arrested for Hacking U.S. Networks to Steal Employee Data

Krebs: Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google

Darknet’s Largest Mobile Malware Marketplace Threatens Users Worldwide

KmsdBot Botnet Is Down After Operator Sends Typo in Command

Fixing The Cybersecurity Staff Shortage: It’s Not Going to Be Easy

Applying the OODA Loop to Cybersecurity and Secure Access Service Edge
Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks

China-Based Hackers Target Amnesty International Canada

Massive DDoS Attack Takes Russia’s Second-Largest Bank VTB Offline

Antwerp’s City Services Down After Hackers Attack Digital Partner

Ransomware Gang Steals Employee and Customer Data From LJ Hooker

Snap Finance Files Notice of Data Breach

Little Rock Schools to Pay Hackers to End Ransomware Attack

Rackspace Confirms Ransomware Attack Behind Days-Long Email Outage

Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware

Kali Linux 2022.4 Adds 6 New Tools, Azure Images, And Desktop Updates

Android December 2022 Security Updates Fix 81 Vulnerabilities

Samsung Galaxy S22 Hacked Twice on First Day of Pwn2Own Toronto


APT41 Hackers Linked to Chinese Government Stole Millions in COVID Benefits, Secret Service Says

Gunfire at Electrical Grid Kills Power for 45,000 in North Carolina

Syntax Errors Are the Doom of Us All, Including Botnet Authors

Adobe’s Postscript Programming Language Sparked a Revolution: Now You Can Check Out the Source Code

Big Tech and Its Critics Lash Out at Journalism Measure

Cyber Extortion Growing Exponentially in Africa, Middle East and China, Finds Orange

Swiss Digital Giant ABB to Pay $315m in Bribery Case

Sneaky Hackers Reverse Defense Mitigations When Detected

Cybersecurity Should Focus On Managing Risk
‘Team Mysterious Bangladesh’ Hackers Target Indian Education Entity

Iran-Backed APT42 Hackers Targeting Activists, Journalists, Politicians – HRW

French Hospital Halts Operations After Cyber-Attack

Dallas Central Appraisal District Hack Still Causing Issues, Tax Bills May Be Delayed for Thousands

Hackers Hijack Linux Devices Using PRoot Isolated Filesystems

Severe AMI MegaRAC Flaws Impact Servers From AMD, ARM, HPE, Dell, Others

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

CISA Orders Agencies to Patch Exploited Google Chrome Bug by Dec 26th


Never-Before-Seen ‘CryWiper’ Malware Is Nuking Data in Russia’s Courts and Mayors’ Offices

Snowden Receives Russian Passport, Takes Citizenship Oath

North Korean ‘Lazarus’ Hackers Use New, Fake Crypto App ‘BloxHolder’ to Breach Networks, Steal Cryptocurrency

Elon Musk Suspends Ye From Twitter Following Swastika Tweet

Globally Critical Chip ASML Firm Is Driving a Wedge Between the U.S. And Netherlands Over China Tech Policy

Industry Coalition Urges Congress to Hold off on SBOMs Requirements for Defense Contractors

DHS Cyber Board to Examine Hacking Extortion Group Lapsus$

Proton Calendar Rounds Out Security-Focused Big Tech Alternative on iOS

Google Increases Android Security With Memory-Safe Programming Languages

When Hackers Strike, CEOs Become Negotiators, Communicators

Watch Out: Triple-Pronged PayPal Phishing & Fraud Scam

Police Arrest 55 Members of ‘Black Panthers’ SIM Swap Gang

SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist
Rackspace Rocked by ‘Security Incident’ That Has Taken Out Hosted Exchange Services

Cyber Attack on Tamil Nadu Hospital, Hackers Sell Data of 1.5 Lakh Patients

Florida Department of Revenue Tax Website Bug Exposed Filers’ Data

San Diego Unified School District Receives Cybersecurity Threat

Hackers Use Archive Files and HTML Smuggling to Bypass Detection Tools

‘Black Proxies’ Enable Threat Actors to Conduct Malicious Activity

Hackers Sign Android Malware Apps with Compromised Platform Certificates

Android Malware Apps With 2 Million Installs Spotted on Google Play

CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs

Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL

Google Rolls Out New Chrome Browser Update to Patch Yet Another High-Severity Zero-Day Vulnerability

We Are Still Failing to Learn the Most Important Lesson in Cybersecurity: That Needs to Change, Fast


China Clamps Down on Internet as It Seeks to Stamp Out Covid Protests

Krebs: ConnectWise Quietly Patches Flaw That Helps Phishers

Zuckerberg Slams Apple’s ‘Problematic’ App Store Dominance

Musk Says ‘Misunderstanding’ About Potential Twitter Removal From App Store Resolved

Ye, the Artist Formerly Known as Kanye West, to No Longer Buy Parler

WhatsApp Files on Dark Web Show Millions of Records For Sale

Rising Tether Loans Add Risk to Stablecoin, Crypto World

Now 1Password Remembers Sites That Use Third-Party Accounts Like Google or Facebook to Log In

These File Types Are the Ones Most Commonly Used by Hackers to Hide Their Malware

One Year After Log4Shell, Most Firms Are Still Exposed to Attack

UK Extends NIS Regulations to IT Managed Service Providers
Hackers Leak Another Set of Medibank Customer Data on the Dark Web

FBI: Cuba Ransomware Raked in $60 Million From Over 100 Victims

New DuckLogs Malware Service Claims Having Thousands of ‘Customers’

IKEA Confirms It Was Hit in Significant Cyberattack

Dallam Hartley Counties Hospital District (TX) Reports Data Breach Affecting over 69,000 Patients

Cyber Attack Hits North East London Foundation Trust Finance Systems

Vatican Website Targeted With Multiple Hack Attempts, ‘Abnormal’ Access

New Redigo Malware Drops Stealthy Backdoor on Redis Servers

Spyware Vendor Variston Exploited N-Days in Chrome, Firefox, Windows

Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users

Hyundai App Bugs Allowed Hackers to Remotely Unlock, Start Cars


Majority of U.S. Defense Contractors Not Meeting Basic Cybersecurity Requirements

Noem Orders TikTok Ban for South Dakota Government

China-Based Hackers UNC4191 Target Southeast Asia With USB-Based Malware

Cloudflare Finds a Way Through China’s Network Defences

North Korea Hackers Using New “Dolphin” Backdoor to Spy on South Korean Targets

Reformed Russian Cybercriminal Warns That Hatred Spreads Hacktivism

Google Moves to Block Invasive Spanish Spyware Framework

Ransomware, SMBs Remain Key Security Concerns Amidst Focus on Critical Infrastructures

Singapore Releases Blueprint to Combat Ransomware Attacks

Cybersecurity Researchers Take Down DDoS Botnet by Accident

LastPass’ Latest Data Breach Exposed Some Customer Information

Whistleblower Reports of Lax Cybersecurity Expected to Rise

Australian Parliament Passes Privacy Penalty Bill: Up to $50M Fines

San Francisco Lawmakers Approve Lethal Robots, but They Can’t Carry Guns

Shares of CrowdStrike Fall After ‘Disappointing’ Earnings, Morgan Stanley Says Buy the Dip

TransUnion Class Action Claims Insecure Information Storage Led to Data Breach
Keralty Ransomware Attack Impacts Colombia’s Health Care System

GoTo Says Hackers Breached Its Dev Environment, Cloud Storage

South Staffordshire (UK) Water Reveals Data Hack

Mena Regional Health System (AR) Suffers Data Breach; 85K Patients Impacted

French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm

Ingalls & Snyder (NY) Files Notice of Data Breach Following Unauthorized Access to Network

Data Stolen in Ransomware Attack Against Guilford College (NC)

Crafty Threat Actor ‘CashRewindo’ Uses ‘Aged’ Domains to Evade Security Platforms

Android and iOS Apps with 15 Million Installs Extort Loan Seekers

Google Discovers Windows Exploit Framework Used to Deploy Spyware

Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection

Sirius XM Flaw Unlocks So-Called Smart Cars Thanks to Code Flaw

Critical RCE Bugs in Android Remote Keyboard Apps With 2M Installs

High Severity Zero-Day Flaw Discovered in Quarkus Java Framework

New “Icefall” Bugs Include Critical DoS Flaw

NVIDIA Releases GPU Driver Update to Fix 29 Security Flaws