2/28/2023

China Is Relentlessly Hacking Its Neighbors

TikTok Answers Three Big Cybersecurity Fears About the App

U.S. Gov’t Agencies Have 30 Days to Remove TikTok, Canada Follows Suit

LastPass Reveals Attackers Stole Password Vault Data by Hacking an Employee’s Home Computer

Krebs: Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

How to Set Up Two-Factor Authentication on Your Online Services

Google: Gmail Client-Side Encryption Now Publicly Available

Bitdefender Releases Free Decryptor for MortalKombat Ransomware Strain

Hacking Attack Prompts Russian Regional Broadcasters to Issue Air Alert Warnings (Again)
Dish Network Confirms Ransomware Attack Behind Multi-Day Outage

City of Oregon City Reports Ransomware Attack

Evergreen Treatment Services (OR) Data Breach Affects Personal Info of 21,325 Patients

Anonymous Call Informs Sentara Healthcare (VA) of Data Breach

LSUs Online Services Restored Tuesday After Network Outage: ‘Not Cyber Event’

APT-C-36 Strikes Again: Blind Eagle Hackers Target Key Industries in Colombia

SCARLETEEL Hackers Use Advanced Cloud Skills to Steal Source Code, Data

CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability

2/27/2023

U.S. Marshals Service Investigating Ransomware Attack, Data Theft

CISA Tells Agencies What to Prioritize to Meet Cybersecurity Log Mandate

Australia Plans to Reform Cyber Security Rules, Set up Agency

China Makes It Even Harder for Data to Leave Its Shores

Krebs: When Low-Tech Hacks Cause High-Impact Breaches

Researchers Discover Nearly 200,000 New Mobile Banking Trojan Installers

Researchers Share New Insights Into RIG Exploit Kit Malware’s Operations

ChatGPT Is Down Worldwide – OpenAI Working on Issues

A Year After Russia’s Invasion, Cyberdefenses Have Improved Around the World
Minneapolis Public Schools Still Investigating What Caused ‘Encryption Event’

Hacker Leaks Alleged Activision Employee Data on Cybercrime Forum

Alvaria (MA) Announces Data Breach Following Hive Ransomware Attack

Advanced Health Media Leaked SSNs Following Recent Data Breach

Crum & Forster (NJ) Announces Data Breach

New Exfiltrator-22 Post-Exploitation Kit Linked to LockBit Ransomware

RIG Exploit Kit Still Infects Enterprise Users via Internet Explorer

PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks

Critical Flaws in WordPress Houzez Theme Exploited to Hijack Websites

2/24-26/2023

CISA Calls For Increased Vigilance One Year After Ukraine’s Russian Invasion

Russian IT “Brain Drain” Decentralizes Cybercrime

Pentagon Investigating Two-Week Email Server Leak

Royal Mail Appears to Call LockBit’s Ransomware Bluff – Loses Gigabytes of Data

News Corp Says State Hackers Were on Its Network for Two Years

A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life

Krebs: Who’s Behind the Botnet-Based Service BHProxies?

Tesla to Change Camera Settings in Europe Over Privacy Fears

EU Commission Bans TikTok on Corporate Devices

‘Ethical Hacker’ Among Ransomware Suspects Cuffed by Dutch Cops

Bitcoin Mining Rig Found Stashed in Massachusetts School Crawlspace

These Experts Are Racing to Protect AI From Hackers. Time Is Running Out
Telus Source Code, Staff Info for Sale on Dark Web Forum

Dish Network Goes Offline After Likely Cyberattack, Employees Cut Off

Stanford University Discloses Data Breach Affecting PhD Applicants

Encino Energy Says ‘No Impact’ Seen After Cyberattack

Cleveland Brothers Holdings Data Breach Affects Thousands of SSNs

Emtec (FL) Breach Affects Over 7,000 People Following Cyberattack

Rockler Companies (MN) Data Breach Impacts More than 8,600 Individuals

PureCrypter Malware Hits Gov’t Orgs With Ransomware, Info-Stealers

ChromeLoader Campaign Lures With Malicious VHDs for Popular Games

Brave Browser to Block “Open in App” Prompts, Pool-Party Attacks

Google Teams Up with Ecosystem Partners to Enhance Security of SoC Processors

Cybersecurity to Be Least Hit by Layoffs in Economic Downturn

2/23/2023

How the Russia-Ukraine War Has Changed Cyberspace

Ukraine Says Russian Hackers Backdoored Gov’t Websites in 2021

Batteries Are Ukraine’s Secret Weapon Against Russia

Russian Authorities Claim Ukraine Hackers Are Behind Fake Missile Strike Alerts in Almost a Dozen Cities

WinorDLL64 Backdoor Linked to Lazarus Group

How I Broke Into a Bank Account With an AI-Generated Voice

U.S. Regulators Warn Banks to Be on Alert for Crypto-Related Liquidity Risks

Valve “Honeypot” Used to Ban 40,000 Dota 2 Players Using Cheat

You Can’t Trust App Developers’ Privacy Claims on Google Play

Forsage DeFi Platform Founders Indicted for $340 Million Scam

FTX Fiasco Founder SBF Faces Further Fraud Charges

FTC: Americans Lost $8.8 Billion to Fraud in 2022 After 30% Surge

U.S. Extradites Russian Individual for Allegedly Selling Malicious Software
Datacenters in China, Singapore Cracked by Crims Who Then Targeted Tenants

LockBit Leaks 44GB of Royal Mail’s Data and Sets Fresh £33 Million Ransom

Vice Society Ransomware Gang Leaked 2K Los Angeles Student Health Records Online

Hutchinson Clinic (PA) Posts Notice of Data Breach Affecting Sensitive Patient Information

Clasiopa Hackers Use New Atharvan Malware in Targeted Attacks

Hackers Using Trojanized macOS Apps to Deploy Evasive Cryptocurrency Mining Malware

Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries

A World of Hurt for Fortinet and Zoho After Users Fail to Install Patches

Apple Warns of 3 New Vulnerabilities Affecting iPhone, iPad, and Mac Devices

Microsoft Urges Exchange Admins to Remove Some Antivirus Exclusions

How Cybersecurity Executives Make the Case for Continued Tech Investments in a Tough Economy

2/22/2023

Hackers Use Fake ChatGPT Apps to Push Windows, Android Malware and Send Victims to Phishing Pages

Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever

Gcore Thwarts Massive 650 Gbps DDoS Attack on Free Plan Client

Open Source Flaws Found in 84% of Codebases

NSA Shares Guidance on How to Secure Your Home Network

2023 Budget Conversations: Prioritizing Cybersecurity During Economic Downturn

Google Paid $12 Million in Bug Bounties to Security Researchers
Hydrochasma Group Targets Asian Medical and Shipping Sectors

New S1deload Stealer Malware Hijacks Youtube, Facebook Accounts

Cyberattack on Food Giant Dole Temporarily Shuts Down North America Production

Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links

Hackers Now Exploit Critical Fortinet Bug to Backdoor Servers

VMware Patches Critical Vulnerability in Carbon Black App Control Product

2/21/2023

Researchers Warn of ReverseRAT Backdoor Targeting Indian Government Agencies

A New Kind of Bug Spells Trouble for iOS and macOS Security

Hackers Exploit Privilege Escalation Flaw on Windows Backup Service

Google Will Boost Android Security Through Firmware Hardening

Accidental WhatsApp Account Takeovers? It’s a Thing

AT&T Seeks to Shed Cybersecurity Division

Sublime Nabs $9.8M for Anti-Phishing Email Security Platform Built on Collective, Crowdsourced Rules

Three City Fund Managers Jailed for $8m Fraud
Sensitive U.S. Military Emails Spill Online via Exposed Server

Russian State TV ‘Hit by Cyber Attack’ During Putin’s Speech

Activision Confirms Data Breach Exposing Employee and Game Info

Virgin Media TV Hack May Cause Disruption to Some Programming

Sophisticated MyloBot Botnet Spreading Rapidly Worldwide: Infecting Over 50,000 Devices Daily

Exploit Released for Critical Fortinet RCE Flaws, Patch Now

Why Security Culture Is Key To Cybersecurity Resilience

Cyberthreats, Regulations Mount for Financial Industry

2/20/2023

Here’s How to Secure Your Twitter Account Without Paying for Blue

DNA Testing Biz Vows to Improve Infosec After Criminals Break Into Database It Forgot It Had

Majority of Ransomware Attacks Last Year Exploited Old Bugs

HardBit Ransomware Wants Insurance Details to Set the Perfect Price

Microsoft AI Chatbot Threatens to Expose Personal Info and Ruin a User’s Reputation

Spanish Court Authorises Extradition to U.S. Of Briton Who Allegedly Hacked Biden, Obama

Inglis Retires as National Cyber Director Ahead of Biden’s Cybersecurity EO
Coinbase Cyberattack Targeted Employees With Fake SMS Alert

Eureka Casino Resort (NV) Announces Data Breach Impacting Nearly 230k Individuals

CentraState Healthcare System Announces Data Breach Impacting as Many as 617k Patients

Lehigh Valley Health Network (PA) Hit by Cyberattack

O’Neal Industries Reports Recent Data Breach

Tom James Company (TN) Files Notice of Data Breach Affecting 8,656 Individuals

New Stealc Malware Emerges With a Wide Set of Stealing Capabilities

2/17-19/2023

EU Cybersecurity Agency Warns Against Chinese APTs

Google Report Reveals Russia’s Elaborate Cyber Strategy in Ukraine

‘Russian Hacktivists’ Brag of Flooding German Airport Sites

Experts Warn of RambleOn Android Malware Targeting South Korean Journalists

Armenia and Azerbaijan Hackers Use OxtaRAT to Monitor Conflict

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

Krebs: New Protections for Food Benefits Stolen by Skimmers

Samsung Has Created a Zero-Click Antivirus for Messages

How to Unlock Your iPhone With a Security Key

Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only

Europol Busts ‘CEO Fraud’ Gang That Stole €38M in a Few Days

Norwegian Police Recover $5.8M Crypto From Massive Axie Infinity Hack
FBI Says It Has ‘Contained’ Cyber Incident on Bureau’s Computer Network

Hackers Ran Amok Inside GoDaddy for Nearly 3 Years

Data Leak Hits Thousands of Liverpool NHS Workers

MKS Instruments (MA) Data Breach Affects Current and Former Employees

Paul Smith’s College (NY) Data Breach Impacts Over 10k Individuals

Suffolk County, N.Y., Restores Systems After September Cyberattack

New WhiskerSpy Malware Delivered via Trojanized Codec Installer

Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software

Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy

AppSec Threats Deserve Their Own Incident Response Plan

Here’s the 12 Best Ways to Avoid Being Scammed Online

The Five Important Moments In History That Shaped The Modern Cybersecurity Landscape

2/16/2023

DOJ, Commerce Department Strike Force to Fight Technology Threats From Adversaries

ESXiArgs Ransomware Hits Over 500 New Targets in European Countries

Microsoft Exchange ProxyShell Flaws Exploited in New Crypto-Mining Attack

New Mirai Malware Variant Infects Linux Devices to Build DDoS Botnet

CISA Warns of Windows and iOS Bugs Exploited as Zero-Days

Privacy Regulators Step Up Oversight of AI Use in Europe

BEC Groups Target Firms With Multilingual Impersonation Attacks

Hackers Leverage PayPal to Send Malicious Invoices

Crypto Buyers Beware: 1 in 4 New Tokens of Any Value Is a Scam

Protecting More With What You Have: Cybersecurity Resilience In 2023
New Threat Actor WIP26 Targeting Telecom Service Providers in the Middle East

Burton Snowboards Cancels Online Orders After ‘Cyber Incident’

German Airport Websites Hit by Suspected Cyber Attack

Scandinavian Airlines Says Cyberattack Caused Passenger Data Leak

Atlassian Says Recent Data Leak Stems From Third-Party Vendor Hack

Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps

Hackers Start Using Havoc Post-Exploitation Framework in Attacks

Hackers Backdoor Microsoft IIS Servers With New Frebniis Malware

Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs

2/15/2023

North Korea’s APT37 Targeting Southern Counterpart with New M2RAT Malware

U.S. Border Patrol Is Finally Able to Check E-Passport Data

Oakland Declares Emergency After Ransomware Attack

Major Global Chipmaking Supplier ASML Claims an Employee Stole Manufacturing Secrets

Made in America, Stolen by China: We Need Cybersecurity Minimum Standards

GitHub Copilot Update Stops AI Model From Revealing Secrets

The Ohio Train Derailment Created a Perfect TikTok Storm

Severed Cable Forces Lufthansa to Cancel More Than 140 Flights

Cyber Insurers Unlikely to Offer Higher Coverage Limits Despite Better Conditions

Russian Hacker Convicted of $90 Million Hack-To-Trade Charges
Indian SideWinder APT Attacks Regional Targets in New Campaign

LockBit and Royal Mail Ransomware Negotiation Leaked by LockBit

Emsisoft Says Hackers Are Spoofing Its Certs to Breach Networks

Meriplex Communications Data Breach Affects Malaga Bank Customers

CompSource Mutual Insurance Company Data Breach Affects Thousands of Claimants

Succession Wealth Targeted by Cyber-Attack

Hyundai, Kia Patch Bug Allowing Car Thefts With a USB Cable

Citrix Fixes Severe Flaws in Workspace, Virtual Apps and Desktops

Intel Patches up SGX Best It Can After Another Load of Security Holes Found

2/14/2023

Russian-Linked Malware Was Close to Putting U.S. Electric, Gas Facilities ‘Offline’ Last Year

This Russia-Linked Hack Is Worse Than We Knew

The More You Look for Spy Balloons, the More UFOs You’ll Find

Chinese Hackers Infiltrate South American Diplomatic Networks

Changing Leaders? You May Be a Target of Hackers

How Companies Can Minimize the Cybersecurity Risk From Their Tech Vendors

Eurostar Forces ‘Password Resets’ — Then Fails and Locks Users Out

Microsoft: Exchange Server 2013 Reaches End of Support in April

Cyber-Physical System Vulns Disclosures Reach Peak, While Internal Disclosures Up 80%

Google Launches First Android Beta for Ad-Tracking Overhaul
Healthcare Giant Community Health Systems Reports First Data Breach in GoAnywhere Hacks

Airline SAS Network Hit by Hackers, Says App Was Compromised

Reventics, an Omega Healthcare Company, Announces Data Breach Following Cyberattack

Massive AdSense Fraud Campaign Uncovered – 10,000+ WordPress Sites Infected

RedEyes Hackers Use New Malware to Steal Data From Windows, Phones

NPM Packages Posing as Speed Testers Install Crypto Miners Instead

New ‘MortalKombat’ Ransomware Targets Systems in the U.S.

New Stealthy ‘Beep’ Malware Focuses Heavily on Evading Detection

Embattled VMware ESXi Hypervisor Flaw Exploitable in Myriad Ways

Krebs: Microsoft Patch Tuesday, February 2023 Edition

2/13/2023

U.S. Navy Recovers ‘Significant’ Portion of Chinese Spy Balloon off South Carolina

After Shooting Down Flying Objects, U.S. And Canada Have More Theories Than Answers

Chinese Tonto Team Hackers’ Second Attempt to Target Cybersecurity Firm Group-IB Fails

LockBit’s Royal Mail Ransom Deadline Flies By. No Data Released

Majority of Firms Make Cybersecurity Decisions Without Attacker Insight

How To Protect Against AI-Based Email Security Threat Vectors

Medical-Device Makers Face Push to Protect Their Wares From Hacks

Pig Butchering Scams Are Evolving Fast

Lazarus Hackers Use New Mixer to Hide $100 Million in Stolen Crypto

Spain, U.S. Dismantle Phishing Gang That Stole $5 Million in a Year
Namecheap Customers Flooded with Phishing Emails

Pepsi Bottling Ventures Suffers Data Breach After Malware Attack

Garrison Women’s Health (NH) Notifies Patients of Data Breach

Employee Social Security Numbers Exposed in Bridgewater-Raritan School District (NJ)

Rise Interactive Media & Analytics Third-Party Breach Affects Edgepark Medical Supplies

Hackers Create Malicious Dota 2 Game Modes to Secretly Access Players’ Systems

451 PyPI Packages Install Chrome Extensions to Steal Crypto

Cloudflare Blocks Record-Breaking 71 Million RPS DDoS Attack

Apple Fixes New WebKit Zero-Day Exploited to Hack iPhones, Macs

Unciphered Reveals Now-Patched Vulnerability in OneKey Wallet

2/10-12/2023

Former Diplomat Claims to Have SNP MP’s Hacked Emails

North Korean Hackers Are Attacking U.S. Hospitals

U.S. Teases More China Tech Sanctions, This Time to Deflate Balloon-Makers

From Huawei to TikTok, Chinese Tech Giants Face Scrutiny Amid Spying Concerns

Cyberattack on ION Derivatives Unit Had Ripple Effects on Financial Markets

Refund and Invoice Scams Surge in Q4

Reddit Hack Shows Limits of MFA, Strengths of Security Training

Romance Scammers Could Cause Unhappy Valentine’s Day

Attacker Allure: A Look at the Super Bowl’s Operational Cyber-Risks

Everything Is Hackable

How to Manage Third-Party Cybersecurity Risks That Are Too Costly to Ignore

Microsoft Winget Package Manager Failing From Expired SSL Certificate

Passkeys From Apple, Google & Microsoft May Soon Replace Your Passwords as Passwords Are Continually Threatened

How to Make Sure You’re Not Accidentally Sharing Your Location

How to Delete Yourself From the Internet
Ransomware Crooks Steal 3M+ Patients’ Medical Records, Personal Info From Multiple California Medical Groups

City of Oakland Systems Offline After Ransomware Attack

A10 Networks Confirms Data Breach After Play Ransomware Attack

Vice Society Ransomware Attack Confirmed by Mount Saint Mary College

Clop Ransomware Claims it Breached 130 Orgs Using GoAnywhere Zero-Day

Israel’s Technion University Hacked; Cyber Authority Trying to Assist

Kimmel Center, Philadelphia Orchestra Websites Hit by Cyber Attack

Indian Social Media App Slick Exposed Childrens’ User Data

DotHouse Health (MA) Announces Data Breach Impacting 10k Patients

Edmonds School District (WA) Data Breach Exposed Sensitive Information

Devs Targeted by W4SP Stealer Malware in Malicious PyPi Packages

Malicious Npm Package Uses Typosquatting, Downloads Malware

CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws

2/9/2023

Russia’s Ransomware Gangs Are Being Named and Shamed

Krebs: U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Australia to Remove Chinese Surveillance Cameras Amid Security Fears

New ESXiArgs Ransomware Version Prevents VMware ESXi Recovery

Hacker Develops New ‘Screenshotter’ Malware to Find High-Value Targets

PayPal and Twitter Abused in Turkey Relief Donation Scams

Cybersecurity—Value Driven From Safety

Insurers Say Cyberattack That Hit Merck Was Warlike Act, Not Covered

1Password Is Trying For Zero Passwords

Codebreakers Decipher Mary, Queen of Scots’ Secret Letters 436 Years After Her Execution
Largest Canadian Bookstore Indigo Shuts Down Site After Cyberattack

Reddit Cyberattack Let Hackers Steal Source Code and Internal Data

Munster Technological University Says IT Breach Caused by Ransomware Attack

Atlantic General Hospital (MD) System Still Down Following Ransomware Attack

NewsPenguin Threat Actor Emerges with Malicious Campaign Targeting Pakistani Entities

Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms

Hackers Use Fake Crypto Job Offers to Push Info-Stealing Malware

Malicious Google Ads Sneak AWS Phishing Sites Into Search Results

OpenSSL Fixes Multiple New Security Flaws with Latest Update

2/8/2023

Russian Hackers Using Graphiron Malware to Steal Data from Ukraine

CISA Releases Recovery Script for ESXiArgs Ransomware Victims

The State of the Union Was Light on Cybersecurity, Related Topics

White House Cyber Adviser to Retire Next Week

NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices

Regulator Halts AI Chatbot Over GDPR Concerns

Why ChatGPT Isn’t a Death Sentence for Cyber Defenders

How the US Can Stop Data Brokers’ Worst Practices—Right Now

Android 14 to Block Malware From Abusing Sensitive Permissions
Weee! Grocery Service Confirms Data Breach, 1.1 Million Affected

Drug Distributor AmerisourceBergen Confirms Security Breach

Money Lover For Android & iOS Leaked Email Addresses, Transactions

Stroke Scan Files Notice of Data Breach Affecting 50k Consumers

Tor and I2P Networks Hit by Wave of Ongoing DDoS Attacks

TMH Employee: Remote Workers Forced to Use PTO During Cybersecurity Incident

Malicious Dota 2 Game Mods Infected Players With Malware

SonicWall Warns Web Content Filtering Is Broken on Windows 11 22H2

2/7/2023

SNP MP Stewart McDonald’s Emails Hacked by Russian Group

Microsoft to Rival Google With New AI-Powered Bing Search

14 Innovation Trends With Exponential Growth Potential: Ark’s Big Ideas 2023

Cybersecurity Teams: The Defender’s Dilemma Is a Lie

Three Common Ways Cybersecurity Teams Waste Money—And What To Do Instead

More Than 2,000 Cybersecurity Patent Applications Filed Since 2010

Kaspersky Briefing: ChatGPT and the Language of Cybersecurity

KrebsOnSecurity in Upcoming Hulu Series on Ashley Madison Breach

Russian Man Pleads Guilty to Laundering Ryuk Ransomware Money
Florida State Court System, U.S., EU Universities Hit by Ransomware Outbreak

UK Metal Engineering Firm Vesuvius Hit by Cyber-Attack

Regal Medical Group Notifies Patients of Recent Data Breach

Researcher Breaches Toyota Supplier Portal With Info on 14,000 Partners

Over 12% Of Analyzed Online Stores Expose Private Data, Backups

Medusa Botnet Returns as a Mirai-Based Variant With Ransomware Sting

New QakNote Attacks Push QBot Malware via Microsoft OneNote Files

Hackers Exploit Vulnerabilities in Sunlogin to Deploy Sliver C2 Framework

2/6/2023

Embarrassment as U.S. Cyber Ambassador’s Twitter Account Is Hacked

No Evidence Global Ransomware Hack Was by State Entity, Italy Says

VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree

LockBit Ransomware Gang Claims Royal Mail Cyberattack

‘Phishing-As-A-Service’ Kits Are Driving an Uptick in Theft: One Business Owner’s Story

Three U.S. Data Breaches Show Varied Healthcare Exposure Risks

Corporate Boards Struggle to Understand Cybersecurity and Digital Transformation

Inside Safe City, Moscow’s AI Surveillance Dystopia

Google Unveils Bard, its Rival to ChatGPT

Microsoft Authenticator Drops Support for Apple Watch

Drugs Labs Busted After Encrypted Chat App Takedown

Prominent UK Cybersecurity Stock Darktrace Is Under Attack From Short Sellers
GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry

Mint Mobile Gets Affected by T-Mobile Recent Data Breach

Sharp HealthCare (CA) Notifies Nearly 63,000 Patients of Data Breach

Motto Mortgage (CO) Files Notice of Recent Data Breach, Exposing Consumers SSNs

Hidalgo County (TX) Adult Probation Office Hit by Ransomware Attack

Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Algorithm

Hackers Backdoor Windows Devices in Sliver and BYOVD Attacks

Exploit Released for Actively Exploited GoAnywhere MFT Zero-Day

Actively Exploited GoAnywhere MFT Zero-Day Gets Emergency Patch

OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability

Three Ways To Stop Playing Cybersecurity Whac-A-Mole

2/3-5/2023

Suspected Chinese Spy Balloon Shot Down off South Carolina Coast

Bermuda Hit by Major Internet and Power Outage

New Credential-Stealing Campaign By APT34 Targets Middle East Firms

Googling for Software Downloads Is Extra Risky Right Now

The Biggest Risks in Procrastinating on iPhone, Android Software Updates

Airbnb Is Making a Simple, but Big Booking Change Bringing It Closer to Hotel Check-in

Former Twitter Employees to Testify at House Hearing on Hunter Biden

ICO Relaxes Breach Reporting for Comms Providers

NY Attorney General Forces Spyware Vendor to Alert Victims

Have We Learnt Nothing From SolarWinds Supply Chain Attacks? Not Yet It Appears

Dashlane Password Manager Open-Sourced Its Android and iOS Apps

Krebs: Finland’s Most-Wanted Hacker Nabbed in France

Developer Pleads Guilty to Hacking His Own Company After Pretending to Investigate Himself

U.S. Man Charged in $110m Crypto Trading Scheme

Cyber-Attack Results in More Than $800K Stolen From Houston Business, Lawsuit Filed
Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations

Iran Crew Stole Charlie Hebdo Database, Says Microsoft

TruthFinder, Instant Checkmate Confirm Data Breach Affecting 20M Customers

Tallahassee Memorial HealthCare Takes IT Systems Offline After Cyberattack

Multiple Wayne County (MI) Police Agencies Targeted in Ransomware Attacks

University of Zurich Confirms ‘Serious Cyberattack’

More Than 11,000 Employees, Students and Former Staff Affected by Cyber Attack, QUT Says

PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions

Google Ads Push ‘Virtualized’ Malware Made for Antivirus Evasion

Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware

Massive ESXiArgs Ransomware Attack Targets VMware ESXi Servers Worldwide

Linux Version of Royal Ransomware Targets VMware ESXi Servers

Hackers Actively Exploiting Zero-Day in Fortra’s GoAnywhere MFT

Atlassian Patches Critical Authentication Flaw in Jira Software

2/2/2023

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

Russia-Ukraine War Has Improved U.S. Cyber Cooperation, Says Key Official

Anker’s Eufy Admits Unencrypted Videos Could Be Accessed, Plans Overhaul

Threat Actors Use ClickFunnels to Bypass Security Services

APT Groups Use Ransomware TTPs as Cover for Intelligence Gathering and Sabotage

Netflix’s US Password-Sharing Crackdown Isn’t Happening—Yet

Former Ubiquiti Dev Pleads Guilty to Trying to Extort His Employer

Discrepancies Discovered in Vulnerability Severity Ratings

Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyberattacks
North Korean Hackers Exploit Unpatched Zimbra Devices in ‘No Pineapple’ Campaign

Lazarus Group Attack Identified After Operational Security Fail

LockBit Ransomware Attack on Data Firm Ion Could Take Days to Fix

Super Bock Says ‘Cyber’ Nasty ‘Disrupting Computer Services’

Australia’s Black and White Cabs Booking Service Offline After Cyber Attack

Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers

Hackers Weaponize Microsoft Visual Studio Add-Ins to Push Malware

Malvertising Attacks Are Distributing .Net Malware Loaders

Cisco Fixes Bug Allowing Backdoor Persistence Between Reboots

2/1/2023

New DDoS-As-A-Service Platform ‘Passion’ Used in Recent Attacks on Hospitals

Almost all Organizations are Working with Recently Breached Vendors

Crypto Scam Apps Infiltrate Apple App Store and Google Play

Over 1,800 Android Phishing Forms for Sale on Cybercrime Market

Experts Warn of ‘Ice Breaker’ Cyberattacks Targeting Gaming and Gambling Industry

Google Boosts Bounties for Open Source Flaws Found via Fuzzing

Enter the Hunter Satellites Preparing for Space War

EU Tightens Oversight of Data-Privacy Regulators to Speed Up Decisions

Cybersecurity Firm RAPID7 Explores Sale
Arnold Clark Customer Personal Data ‘Stolen in Cyber Attack’

Claimed by Play Ransomware

Google Fi Data Breach Let Hackers Carry Out Sim Swap Attacks

FIA Assessing Impact of Cyber Attack on Financial Data Firm ION

Sensitive Data Stolen in Okanagan College Attack Posted to Dark Web Says Vice Society

LockBit Ransomware Goes ‘Green,’ Uses New Conti-Based Encryptor

New Nevada Ransomware Targets Windows and VMware ESXi Systems

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

1/31/2023

Russian-Backed Hackers ‘Killnet’ Actively Targeting U.S. Health Care Sector, HHS Warns

The List So Far

New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector

U.S., Middle Eastern Allies Include Cyber Collaboration in Abraham Accords

Microsoft: Over 100 Threat Actors Deploy Ransomware in Attacks

Microsoft Disables Verified Partner Accounts Used for OAuth Phishing

Microsoft Upgrades Defender to Lock Down Linux Gear for Its Own Good

You Really Need to Update Firefox and Android Right Now

OpenAI Releases Tool to Detect AI-Written Text
Google Fi Customers Caught Up in Recent T-Mobile Data Breach

Nantucket Schools Close After Ransomware Attack

Tucson Unified School District Hit by Cyber Attack

DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000

PoS Malware Can Block Contactless Payments to Steal Credit Cards

New Sh1mmer ChromeBook Exploit Unenrolls Managed Devices

Exploit Released for Critical VMware vRealize RCE Vulnerability

Over 29,000 QNAP Devices Unpatched Against New Critical Flaw

Firmware Flaws Could Spell ‘Lights Out’ for Servers