4/30/2024

April 30, 2024April 30, 2024 ~ The Cyber Beat ~ Leave a comment

The White House Has a New Master Plan to Stop Worst-Case Scenarios

To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware

China Has a Controversial Plan for Brain-Computer Interfaces

The Dangerous Rise of GPS Attacks

Krebs: FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data

Krebs: Man Who Mass-Extorted Psychotherapy Patients Gets Six Years

Elisity Raises $37 Million as Critical Infrastructure Reels From Cyberattacks

Google Now Pays up to $450,000 for RCE Bugs in Some Android Apps

American Bar Association Defeats Members’ Lawsuit Over Data Breach

UnitedHealth Hackers Used Stolen Login Credentials to Break In, CEO Says

…UnitedHealth CEO: ‘Decision to Pay Ransom was Mine’

…Almost All U.S. Hospitals Took Financial Hit From Change Hack, AHA Says

…Cyberattack on UnitedHealth Firm Forces Doctors to Dig Into Personal Savings to Stay Afloat

…UnitedHealth Braces for Capitol Hill Grilling

Data Breach at J.P. Morgan Chase Exposes Records of 451,000 Retirement Savers

Philadelphia Inquirer: Data of Over 25,000 People Stolen in 2023 Breach

Millions of Malicious Containers Found on Docker Hub

New Wpeeper Android Malware Hides Behind Hacked WordPress Sites

4/29/2024

April 29, 2024April 29, 2024 ~ The Cyber Beat ~ Leave a comment

China-Linked ‘Muddling Meerkat’ Hijacks DNS to Map Internet on Global Scale

The UK Beefs up Smart Home Security by Going after Bad Default Passwords

OpenAI’s ChatGPT is Breaking GDPR, Says Noyb

FCC Fines Carriers $200 Million for Illegally Sharing User Location

France Willing to Buy Key Atos Assets to Keep Them French

Discord Dismantles Spy.pet Site That Snooped on Millions of Users

Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023

91% of Ransomware Victims Paid at Least One Ransom in the Past Year, Survey Finds

FBI Warns of Fake Verification Schemes Targeting Dating App Users

UnitedHealth Hackers Took Advantage of Citrix Vulnerability to Break In, CEO Says

London Drugs Closes All of Its Pharmacies Following ‘Cybersecurity Incident’

Collection Agency FBCS Warns Data Breach Impacts 1.9 Million People

California State Welfare Platform Hack Impacts Over 19K Accounts

OrthoConnecticut Notifies Patients of Recent Data Breach Affecting Their SSNs

Judge0 Sandbox Vulnerabilities Expose Systems to Takeover Risk

New R Programming Vulnerability Exposes Projects to Supply Chain Attacks

A Cyber-Resiliency Plan Focused on Offensive Security

Cybersecurity Is Becoming More Diverse … Except by Gender

4/26-28/2024

April 28, 2024April 28, 2024 ~ The Cyber Beat ~ Leave a comment

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

U.S. Post Office Phishing Sites Get as Much Traffic as the Real One

Japanese Police Create Fake Support Scam Payment Cards to Warn Victims

Many People Say Their Apple IDs Were Inexplicably Reset Last Night

Ex-NSA Hacker and Ex-Apple Researcher Launch Startup to Help Protect Apple Devices

Google Chrome’s New Post-Quantum Cryptography May Break TLS Connections

School Employee Allegedly Framed a Principal With Racist Deepfake Rant

UK’s Investigatory Powers Bill to Become Law Despite Tech World Opposition

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

Cyberattack Hits Coffee County (GA) at Center of Voting Software Breach

Catholic Diocese of Cleveland Investigating Data Security Breach

Bogus npm Packages Used to Trick Software Developers into Installing Malware

Severe Flaws Disclosed in Brocade SANnav SAN Management Software

Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack

Eken Fixes ‘Terrible’ Video Doorbell Issue That Could Let Someone Spy on You

New Research Suggests Africa Is Being Used As a ‘Testing Ground’ for Nation State Cyber Warfare

4/25/2024

April 25, 2024April 25, 2024 ~ The Cyber Beat ~ Leave a comment

Russia & Iran Pose Most Aggressive State Sponsored Cyber Threat to November 2024 Elections, Say Infoseccers

Digital Blitzkrieg: Unveiling Cyber-Logistics Warfare

DHS Asked to Consider Potentially ‘Devastating’ Impact of Hacks on Rural Water Systems

North Korea’s Lazarus Group Deploys New Kaolin RAT via Fake Job Lures

FBI Warns Against Using Unlicensed Crypto Transfer Services

Online Banking Security Still Not Up to Par, Says Which?

Change Healthcare Grinds Through Massive Breach Probe

Microsoft Needs to Win Back Trust

Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny

Researchers Sinkhole PlugX Malware Server With 2.5 Million Unique IPs

More Than 800 Vulnerabilities Resolved Through CISA Ransomware Notification Pilot

Reddit Down in Major Outage Blocking Access to Web, Mobile Apps

Health Insurance Giant Kaiser Will Notify Millions of a Data Breach After Sharing Patients’ Data With Advertisers

LA County Health Services: Patients’ Data Exposed in Phishing Attack

KC SCOUT Cameras, Highway Message Boards ‘Down Until Further Notice’, Officials Blame Cyber Attack

Ransomware Attack on City of Tulsa Impacting Citizens, City Services

Integris Health Investigating Data Breach

Advarra Data Breach Leaks SSNs of Moffitt Cancer Center Patients

New Brokewell Malware Takes Over Android Devices, Steals Data

DragonForce Ransomware Group Uses LockBit’s Leaked Builder

WP Automatic WordPress Plugin Hit by Millions of SQL Injection Attacks

Google Is Updating Android TVs to Fix a Big Gmail Privacy Problem

4/24/2024

April 24, 2024April 24, 2024 ~ The Cyber Beat ~ Leave a comment

U.S. Congress Passes Bill to Ban TikTok

‘ArcaneDoor’ Cyberspies Hacked Cisco Firewalls to Access Government Networks

Vulnerabilities Across Keyboard Apps Reveal Keystrokes to Network Eavesdroppers

WhatsApp for iOS Is Rolling out Passwordless Logins With Passkeys

Dark Web Inundated by Cheap Ransomware Tools

Cyber-Attack Leaves Leicester Street Lights Permanently On

Microsoft Cannot Keep Its Own Security in Order, so What Hope for Its Add-Ons Customers?

Ring Customers Get $5.6 Million in Privacy Breach Settlement

U.S. Charges Samourai Cryptomixer Founders for Laundering $100 Million

Coast Guard Reserve Deals With Data Breach Amid Cybersecurity Push

Sweden’s Liquor Shelves to Run Empty This Week Due to Ransomware Attack

Educational Computer Systems Announces Data Breach Affecting Multiple Schools and Colleges

Anti-Trump PAC Lincoln Project Scammed for $35,000 After Vendor Email Hack

CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers

Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike

Maximum Severity Flowmon Bug Has a Public Exploit, Patch Now

Google Meet Opens Client-Side Encrypted Calls to Non Google Users

4/23/2024

April 23, 2024April 23, 2024 ~ The Cyber Beat ~ Leave a comment

DPRK Hacking Groups Breach South Korean Defense Contractors

U.S. Imposes Visa Restrictions on Alleged Spyware Figures

U.S. Gov’t Sanctions Iranians Linked to Government Cyberattacks

Social Media Platform End-to-End Encryption Sparks Concerns Among EU Law Enforcement Chiefs

Vulnerability Exploitation on the Rise as Attackers Ditch Phishing

Mandiant: Orgs Are Detecting Cybercriminals Faster Than Ever

Cyberattacks Are on the Rise, and That Includes Small Businesses. Here’s What to Know
‘
Preventing Ransomware Attacks at Scale

Change Healthcare Finally Admits It Paid Ransomware Hackers—and Still Faces a Patient Data Leak

Over a Million Neighbourhood Watch Members Exposed Through Web App Bug

Direct Federal Credit Union Says Their Vendor Wescom Resource Group Exposed Personal Information

Valley Mountain Regional Center (CA) Announces July 2023 Data Breach Affecting Patients’ SSNs

Hackers Hijack Antivirus Updates to Drop GuptiMiner Malware

Microsoft Releases Exchange Hotfixes for Security Update Issues

Swedish Signals Intelligence Agency to Take over National Cybersecurity Center

4/22/2024

April 22, 2024April 23, 2024 ~ The Cyber Beat ~ Leave a comment

North Koreans Secretly Animated Amazon and Max Shows, Researchers Say

Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage

Microsoft: APT28 Hackers Exploit Windows Flaw Reported by NSA

Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft

Krebs: Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme

Germany Arrests Trio Accused of Trying to Smuggle Naval Military Tech to China

The Next U.S. President Will Have Troubling New Surveillance Powers

AI Lowers Barrier for Cyber-Adversary Manipulation in 2024 Election

NSA Launches Guidance for Secure AI Deployment

Russian Sandworm Hackers Targeted 20 Critical Orgs in Ukraine

UnitedHealth Group Says Hack Could Impact Data of ‘Substantial Proportion’ of Americans

…Hackers Broke Into Change Healthcare’s Systems Days Before Cyberattack

…UnitedHealth CEO to Testify About Ransomware Attack

Synlab Italia Suspends Operations Following Ransomware Attack

Carpetright Pulls Plug After Cyber-Attack

Fraudsters Exploit Telegram’s Popularity For Toncoin Scam

GitLab Affected by GitHub-Style CDN Flaw Allowing Malware Hosting

Dependency Confusion Vulnerability Found in Apache Project

4/19-21/2024

April 21, 2024April 21, 2024 ~ The Cyber Beat ~ Leave a comment

MITRE Says State Hackers Breached Its Network via Ivanti Zero-Days

What Is Volt Typhoon, the Chinese Hacking Group the FBI Warns Could Deal a ‘Devastating Blow’?

Water Facilities Warned to Improve Cybersecurity as Nation-State Hackers Pounce

Sacramento Airport Goes No-Fly After AT&T Internet Cable Snipped

U.S. House Passes Revised Bill to Ban TikTok or Force Sale

WhatsApp, Threads, More Banished From Apple App Store in China

Dutch Government Says It May Stop Using Facebook Over Privacy Concerns

AI-Controlled Fighter Jets Are Dogfighting With Human Pilots Now

Linus Torvalds on Security, AI, Open Source and Trust

Trending: Roku Forcing 2-Factor Authentication After 2 Credential Stuffing Breaches of 600K Accounts

GitHub Comments Abused to Push Malware via Microsoft Repo URLs

Alarming Decline in Cybersecurity Job Postings in the U.S.

CISO Corner: Breaking Staff Burnout, GPT-4 Exploits Vulnerabilities, Rebalancing NIST

Malware Dev Lures Child Exploiters Into Honeytrap to Extort Them

United Nations Agency Investigates Ransomware Attack, Data Theft

Hackers Are Threatening to Leak World-Check, a Huge Sanctions and Financial Crimes Watchlist

DC City Agency Says LockBit Claims Tied to Third-Party Attack

UNDP, City of Copenhagen Targeted in Data-Extortion Cyberattack

Octopharma Plasma’s U.S. Operations Shut down Due to Suspected Ransomware Attack

Hackers Target Middle East Governments with Evasive “CR4T” Backdoor

BlackTech Targets Tech, Research, and Gov Sectors New ‘Deuterbear’ Tool

New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth

HelloKitty Ransomware Rebrands, Releases CD Projekt and Cisco Data

Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks

Critical Forminator Plugin Flaw Impacts Over 300K WordPress Sites

Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack

…“Possibly Vulnerable” to Ongoing Attacks

4/18/2024

April 18, 2024April 18, 2024 ~ The Cyber Beat ~ Leave a comment

FBI Says Chinese Hackers Preparing to Attack U.S. Infrastructure

U.S. Election Officials Told to Prepare for Nation-State Influence Campaigns

After NSE, BSE Cautions Investors on CEO’s Deepfake Videos

The Real-Time Deepfake Romance Scams Have Arrived

Cisco Debuts New AI-Focused Security System After $28 Billion Deal to Buy Splunk

Trust in Cyber Takes a Knock as CNI Budgets Flatline

Companies Must Rethink How They Handle Cyber Risk

After Chip Breakthrough, Huawei Launches Fresh Lineup of Phones to Challenge Apple in China

Quishing Attacks Jump Tenfold, Attachment Payloads Halve

UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost

Korean Researcher Details Scheme Abusing Apple’s Third-Party Pickup Policy

The Trump Jury Has a Doxing Problem

France’s Hospital Simone Veil in Cannes Postpones Procedures After Cyberattack

Frontier Communications Shuts Down Systems After Cyberattack

Goddard Systems Confirms Recent Data Breach Following Breached Email Account

FBI: Akira Ransomware Raked in $42 Million From 250+ Victims

Cybercriminals Pose as LastPass Staff to Hack Password Vaults

Google Ad Impersonates Whales Market to Push Wallet Drainer Malware

New Cyber-Threat MadMxShell Exploits Typosquatting and Google Ads

OfflRouter Malware Evades Detection in Ukraine for Almost a Decade

New Android Trojan ‘SoumniBot’ Evades Detection with Clever Tricks

Delinea Fixes Flaw, but Only After Analyst Goes Public With Disclosure First

Nigeria & Romania Ranked Among Top Cybercrime Havens

4/17/2024

April 17, 2024April 23, 2024 ~ The Cyber Beat ~ Leave a comment

Hackers Linked to Russia’s Military Claim Credit for Sabotaging U.S. Water Utilities

…Pose as Hacktivists in Water Utility Breaches

…Russian Sandworm Group Using Novel Backdoor to Target Ukraine and Allies

…‘Kapeka’

Biden Admin, U.S. Ports Prep for Cyberattacks as Nationwide Infrastructure Is Targeted

Big Tech Says Spy Bill Turns Its Workers Into Informants

Boards and Cyber Chiefs Must Join Forces to Strengthen Corporate Security, Bill’s CISO Says

U.S. Government and OpenSSF Partner on New SBOM Management Tool

UK E-Visa Rollout Starts Today for Millions: No More Physical Immigration Cards

EU Elections: Pro-Russian Propaganda Exploits Meta’s Failure to Moderate Political Ads

Moldovan Charged for Operating Botnet Used to Push Ransomware

FIN7 Targets American Automaker’s IT Staff in Phishing Attacks

Cherry Street Services (MI) Says Ransomware Breached Data of 185,000

Numotion (TN) Announces Data Breach Stemming from March 2024 Cyberattack

Millions of Magic Rampage Players at Risk

Hackers Hijack OpenMetadata Apps in Kubernetes Cryptomining Attacks

Linux Cerber Ransomware Variant Exploits Atlassian Servers

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign

Multiple Botnets Exploiting One-Year-Old TP-Link Flaw to Hack Routers

Cisco Discloses Root Escalation Flaw With Public Exploit Code

Microsoft Still Dominates Cybersecurity Business After Hacks

Israeli Defense Forces Hold Hybrid Cyber & Military Readiness Drills

4/16/2024

April 16, 2024April 16, 2024 ~ The Cyber Beat ~ Leave a comment

Lawmakers Address Cyber Risks in Wake of Change Healthcare Hack

Cybersecurity Pros Urge U.S. Congress to Help NIST Restore NVD Operation

Industry Group: U.S. Food and Agriculture Sector Hit with More Than 160 Ransomware Attacks Last Year

Krebs: Who Stole 3.6M Tax Records from South Carolina?

AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs

SIM Swap Crooks Solicit T-Mobile U.S., Verizon Staff via Text to Do Their Dirty Work

UnitedHealth: Change Healthcare Cyberattack Caused $872 Million Loss

Cerebral to Pay $7 Million Settlement in Facebook Pixel Data Leak Case

Vote on EU Cybersecurity Label Delayed to May, Sources Say

TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

Atlantic Fisheries Body Confirms Cyber Incident After 8Base Ransomware Gang Claims Breach

Omni Hotels Says Customers’ Personal Data Stolen in Ransomware Attack

Cisco Warns of Large-Scale Brute-Force Attacks Against VPN Services

LeakyCLI Flaw Exposes AWS and Google Cloud Credentials

Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack

Exploit Released for Palo Alto PAN-OS Bug Used in Attacks, Patch Now

Ivanti Warns of Critical Flaws in Its Avalanche MDM Solution

4/15/2024

April 16, 2024April 16, 2024 ~ The Cyber Beat ~ Leave a comment

Russia and Ukraine Top Inaugural World Cybercrime Index

Iran-Backed Hackers Blast Out Threatening Texts to Israelis

The U.S. Government Has a Microsoft Problem

U.S. Senator Wants to Put the Brakes on Chinese EVs

Krebs: Crickets from Chirp Systems in Smart Lock Key Leak

Framework’s Software and Firmware Have Been a Mess, but It’s Working On Them

MGM Seeks to Block FTC Probe of 2023 Cyberattack

Crypto Miner Arrested for Skipping on $3.5 Million in Cloud Server Bills

OpenTable Won’t Add First Names, Photos to Old Reviews After Backlash

Microsoft Will Limit Exchange Online Bulk Emails to Fight Spam

Evolution Equity Raises $1.1 Billion for Cybersecurity Bets

Cisco Duo Warns Third-Party Data Breach Exposed SMS MFA Logs

New SteganoAmor Attacks Use Steganography to Target 320 Orgs Globally

Daixin Ransomware Gang Claims Attack on Omni Hotels

Ransomware Gang Starts Leaking Alleged Stolen Change Healthcare Data

Randolph Health (NC) Data Breach Stems from Breached Employee Email Account

Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users

New LockBit Variant Exploits Self-Spreading Features

Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft Attacks

Intel and Lenovo BMCs Contain Unpatched Lighttpd Server Flaw

Palo Alto Networks Fixes Zero-Day Exploited to Backdoor Firewalls

4/12-14/2024

April 14, 2024 ~ The Cyber Beat ~ Leave a comment

How Israel Fended Off Iran’s Drone and Missile Attack

Iranian MuddyWater Hackers Adopt New C2 Tool ‘DarkBeatC2’ in Latest Campaign

U.S. Treasury Sanctions Hamas Spokesperson for Cyber Influence Operations

Space Force Is Planning a Military Exercise in Orbit

LastPass: Hackers Targeted Employee in Failed Deepfake CEO Call

The Westminster Honeytrap Mystery Is Even Stranger Than We Thought

UK Flooded With Forged Stamps Despite Using Barcodes — To Prevent Just That

FBI Warns of Massive Wave of Road Toll SMS Phishing Attacks

OpenTable Is Adding Your First Name to Previously Anonymous Reviews

Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts

Firebird RAT Creator and Seller Arrested in the U.S. And Australia

U.S. Think Tank Heritage Foundation Hit by Cyberattack

Roku Hit With Second Major Breach of 2024, This Time Affecting 576,000 Users

Hacker Claims Giant Tiger Data Breach, Leaks 2.8M Records Online

Dutch Chipmaker Nexperia Hacked by Cyber Criminals

Italy’s Banca Sella Restores Online Services After Outage

Popular Open-Source Content Delivery Network Unpkg Went Down for Hours

Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files

Telegram Fixes Windows App Zero-Day Used to Launch Python Scripts

Palo Alto Networks Warns About Critical Zero-Day in PAN-OS

…Palo Alto Networks Zero-Day Exploited Since March to Backdoor Firewalls

CISA Makes Its “Malware Next-Gen” Analysis System Publicly Available

…CISA’s Malware Analysis Platform Could Foster Better Threat Intel

4/11/2024

April 11, 2024April 11, 2024 ~ The Cyber Beat ~ Leave a comment

U.S. Cyber Agency Says Russian Hackers Used Microsoft Access to Steal Government Emails

…CISA Orders Agencies Impacted by Microsoft Hack to Mitigate Risks

Krebs: Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers

Apple Boosts Spyware Alerts For Mercenary Attacks

…Apple Drops Term ‘State-Sponsored’ Attacks From Its Threat Notification Policy

DuckDuckGo Is Taking Its Privacy Fight to Data Brokers

96% of U.S. Hospital Websites Share Visitor Info With Meta, Google, Data Brokers

Krebs: Why CISA is Warning CISOs About a Breach at Sisense

iCabbi Data Breach Exposes 300k Taxi Passengers’ Information

Optics Giant Hoya Hit with $10 Million Ransomware Demand

‘Large-Scale Cyberattack’ Hits Five French Municipalities, Impact May Last ‘Months’

Intel and Lenovo Servers Impacted by 6-Year-Old BMC Flaw

Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability

4/10/2024

April 10, 2024April 10, 2024 ~ The Cyber Beat ~ Leave a comment

Surveillance Bill Stumbles Again in U.S. House on Privacy Concerns

How to Identify an AI Imposter in Video, Audio and Text as Deepfake Technology Goes full Mainstream

How to Stop Your Data From Being Used to Train AI

Malicious PowerShell Script Pushing Malware Looks AI-Written

Beware: GitHub’s Fake Popularity Scam Tricking Developers into Downloading Malware

…Malicious Visual Studio Projects on GitHub Push Keyzetsu Malware

Women Experience Exclusion Twice as Often as Men in Cybersecurity

Google Workspace Rolls Out Multi-Admin Approval Feature for Risky Changes

Chrome Enterprise Gets Premium Security but You Have to Pay For It

MedSec Launches Cybersecurity Program For Resource-Constrained Hospitals

Rhadamanthys Malware Deployed By TA547 Against German Targets

AT&T Now Says Data Breach Impacted 51 Million Customers

East Central University (OK) Reports Cyber Attack on Campus; Some Data May Have Been Compromised

Highlands University (NM) Cancels More Classes After Ransomware Attack

Hackers Access University of Alabama Employee Email Account, Leading to Data Breach

Virtual Invaders: ‘eXotic Visit’ Spyware Campaign Targets Android Users in India and Pakistan

Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files

Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel

Windows: New ‘BatBadBut’ Rust Vulnerability Given Highest Severity Score

4/9/2024

April 9, 2024April 9, 2024 ~ The Cyber Beat ~ Leave a comment

Starry Addax Hackers Targeting Human Rights Activists in Morocco and Western Sahara

IMF Warns of Cyber Risks to Financial Sector

Hackers Use Malware to Hunt Software Vulnerabilities

Research Unearths RUBYCARP’s Multi-Miner Assault on Crypto

Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing

‘RansomHub’ Hackers Claim to Have UnitedHealth’s Stolen Data – Is It a Bluff?

UK Businesses Shockingly Unaware of How to Handle Security Threats

Proper DDoS Protection Requires Both Detective and Preventive Controls

Frameworks, Guidelines & Bounties Alone Won’t Defeat Ransomware

Ransomware Gang’s New Extortion Trick? Calling the Front Desk

GHC-SCW: Ransomware Gang Stole Health Data of 533,000 People

Banking Giant Wells Fargo Suffers Data Breach, Sends Notification Letters to Two Customers

Microsoft Employees Exposed Internal Passwords in Security Lapse

Greylock McKinnon Associates: Third-Party Breach Impacts Justice Department Data

German Database Company Genios Confirms Ransomware Attack

Critical Rust Flaw Enables Windows Command Injection Attacks

New SharePoint Flaws Help Hackers Evade Detection When Stealing Files

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

Krebs: April’s Patch Tuesday Brings Record Number of Fixes

…Two Exploited Zero-Days

4/8/2024

April 9, 2024April 9, 2024 ~ The Cyber Beat ~ Leave a comment

Why Cloudflare CEO Matthew Prince Is the Internet’s Unlikely Defender

A Breakthrough Online Privacy Proposal Hits Congress

Deepfakes Are Coming for the Financial Sector

How to Protect Yourself (and Your Loved Ones) From AI Scam Calls

Google Sues Two App Developers Over Fake Crypto Investment App Scam Involving 87 Apps

Kenvue Revamps Cyber Tools After Spinoff From J&J

U.S. Insurers Use Drone Photos to Deny Home Insurance Policies

Notepad++ Wants Your Help in “Parasite Website” Shutdown

Veterinary Giant CVS Reveals Major Cyber-Attack

Home Depot Confirms Worker Data Leak After Miscreant Dumps Info Online

Targus Discloses Cyberattack After Hackers Detected on File Servers

Indian Audio Giant boAT Says It’s Investigating Suspected Customer Personal Info Data Breach

Famous YouTube Channels Hacked to Distribute Infostealers

Hackers Deploy Crypto Drainers on Thousands of WordPress Sites

Byakugan Infostealer Capabilities Revealed

Critical RCE Bug in 92,000 D-Link NAS Devices Now Exploited in Attacks

4/5-7/2024

April 7, 2024April 7, 2024 ~ The Cyber Beat ~ Leave a comment

Chinese Threat Actors Deploy New TTPs to Exploit Ivanti Vulnerabilities

…New Ivanti RCE Flaw May Impact 16,000 Exposed VPN Gateways

China Using AI-Generated Content to Sow Division in U.S., Microsoft Finds

Why a Near-Miss Cyberattack Put U.S. Officials and the Tech Industry on Edge

Identity Thief Lived as a Different Man for 33 Years

UK Lawmaker Admits Passing Colleagues’ Numbers & Personal Details to Stranger Met on Dating App

Academics Probe Apple’s Privacy Settings and Get Lost and Confused

U.S. Health Dept Warns Hospitals of Hackers Targeting IT Help Desks

Panera Bread Week-Long IT Outage Caused by Ransomware Attack

Acuity Confirms Hackers Stole Non-Sensitive Gov’t Data From GitHub Repos

Thousands of Staff, Students Have Sensitive PErsonal Data Stolen in University of Winnipeg Hack

Fake Facebook MidJourney AI Page Promoted Malware to 1.2 Million People

AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks

Over 92,000 Exposed D-Link NAS Devices Have a Backdoor Account

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites

4/4/2024

April 5, 2024April 5, 2024 ~ The Cyber Beat ~ Leave a comment

…Threat Actor Claims Classified Five Eyes Data Theft

FBI Director Discusses Cyber Security Following Multiple Ransomware Attacks in Metro

Ukraine Gives Award to Foreign Vigilantes for Hacks on Russia

A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask

Krebs: Fake Lawsuit Threat Exposes Privnote Phishing Sites

LockBit Scrambles After Takedown, Repopulates Leak Site with Old Breaches

BlackBerry Reports Surprise Profit on Demand for Cybersecurity Services

Microsoft Still Unsure How Hackers Stole MSA Key in 2023 Exchange Attack

Microsoft Fixes Outlook Security Alerts Bug Caused by December Updates

How CISOs Can Make Cybersecurity a Long-Term Priority for Boards

Firms Must Work Harder to Guard Children’s Privacy, Says UK ICO

The Increasing Role Of Cybersecurity Experts In Complex Legal Disputes

World’s Second-Largest Eyeglass Lens-Maker Hoya Blinded by Infosec Incident

U.S. Cancer Center Data Breach Exposes Info of 827,000 City of Hope Patients

Otolaryngology Associates (IN) Data Breach Impacts Personal Information of 316k Patients

SurveyLama Data Breach Exposes Info of 4.4 Million Users

Omni Hotels Confirms Cyberattack Behind Ongoing IT Outage

Hosting Firm IxMetro Powerhost’s VMware ESXi Servers Hit by New SEXi Ransomware

Hernando County (FL) Falls Victim to Hacking Attack, Some Services Offline

New JSOutProx Malware Targets Financial Firms in APAC, MENA

Vietnam-Based Hackers Steal Financial Data Across Asia with Malware

New Latrodectus Malware Replaces IcedID in Network Breaches

New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware

New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks

4/3/2024

April 3, 2024April 3, 2024 ~ The Cyber Beat ~ Leave a comment

U.S. State Department Investigates Alleged Theft of Government Data

Microsoft Could Have Prevented Chinese Cloud Email Hack, U.S. Cyber Report Says

The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind

Did One Guy Just Stop a Huge Cyberattack?

Krebs: ‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

YouTube Video Game ‘Hacks’ Contain Malware Links

UnitedHealth Grapples With Communications During Hack Crisis

‘Unfaking’ News: How to Counter Disinformation Campaigns in Global Elections

EU Drops Sovereignty Requirements in Cybersecurity Certification Scheme, Document Shows

Security Pioneer Ross Anderson Dies at 67

Indian Government’s Cloud Spilled Citizens’ Personal Data Online for Years

Prudential Financial Notifies 36,000 Individuals of Data Breach

Jackson County (MO) Declares State of Emergency Amid Suspected Ransomware Attack

Detroit Symphony Orchestra Hit by Data Breach

Mispadu Trojan Targets Europe, Thousands of Credentials Compromised

Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies

Critical Security Flaw Found in Popular LayerSlider WordPress Plugin

Ivanti Fixes VPN Gateway Vulnerability Allowing RCE, DoS Attacks

Google Fixes One More Chrome Zero-Day Exploited at Pwn2Own

4/2/2024

April 2, 2024April 2, 2024 ~ The Cyber Beat ~ Leave a comment

China-Linked Earth Freybug Hackers Deploy New ‘UNAPIMON’ Malware for Stealthy Operations

Microsoft Faulted for ‘Cascade’ of Failures in Chinese Hack

Microsoft Warns Deepfake Election Subversion Is Disturbingly Easy

Russia Charges Six Suspects Behind Theft of 160,000 Credit Cards

The XZ Backdoor: Everything You Need to Know

Cyberattacks Wreaking Physical Disruption on the Rise

Omni Hotels Experiencing Nationwide IT Outage Since Friday

AT&T Data Breach Prompts Millions of Passcodes to Be Reset

Ransomware Attack Targets Jackson County (MO) IT Systems

INC Ransom Claims to Be Behind ‘Cyber Incident’ at Leicester City Council (UK)

Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors

New Chrome Feature Aims to Stop Hackers From Using Stolen Cookies

4/1/2024

April 1, 2024April 1, 2024 ~ The Cyber Beat ~ Leave a comment

Thank you for reading our 1,000th post!

Indian Government Rescues 250 Citizens Forced into Cybercrime in Cambodia

Poland Launches Inquiry Into Previous Government’s Spyware Use

Ex-White House CIO: TikTok Ban May Be Diplomatic Disaster

Settlement: Google Says It Will Destroy Browsing Data Collected From Chrome’s Incognito Mode

…The Incognito Mode Myth Has Fully Unraveled

FTC: Americans Lost $1.1 Billion to Impersonation Scams in 2023

OpenAI’s Voice Engine Can Clone a Voice From a 15-Second Clip: Listen for Yourself

Google Now Blocks Spoofed Emails for Better Phishing Protection

Shopping Platform PandaBuy Data Leak Impacts 1.3 Million Users

Yacht Retailer MarineMax Discloses Data Breach After Cyberattack

Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals

OWASP Discloses Data Breach Caused by Wiki Misconfiguration

Vulnerability Database Backlog Due to Increased Volume, Changes in ‘Support,’ NIST Says

The Biggest Challenge With Increased Cybersecurity Attacks, According to Analysts

Sprawling Sellafield Nuclear Waste Site Prosecuted for Cybersecurity Failings

Cybersecurity Platform Rubrik Files for U.S. IPO