9/30/2024 September 30, 2024September 30, 2024 ~ The Cyber Beat ~ Leave a comment Watch Out for Hurricane Helene Donation ScamsUK and U.S. Warn of Growing Iranian Spear Phishing ThreatU.S. Sets New Rule That Could Spur AI Chip Shipments to the Middle EastU.S. State CISOs Struggling With Insufficient Cybersecurity Funding…Systems Used by Courts and Governments Across the U.S. Riddled With VulnerabilitiesThe Pig Butchering Invasion Has BegunU.S. Reaches $31.5 Million Settlement With T-Mobile Over Data BreachesMan Charged for Selling Forged License Keys for Network SwitchesRemote ID Verification Tech Is Often Biased, Bungling, and No Good on Its OwnMedia Giant AFP Hit by Cyberattack Impacting News Delivery ServicesCF Medical Data Breach Stems from Incident at Financial Business and Consumer SolutionsVerizon Outage Impacts 100,000 Plus Users Across U.S.Sloppy Entra ID Credentials Attract Hybrid Cloud RansomwareCritical Flaws in Tank Gauge Systems Expose Gas Stations to Remote AttacksCritical RCE Vulnerabilities Found in Common Unix Printing SystemMicrosoft Defender Adds Detection of Unsecure Wi-Fi NetworksJPCERT Shares Windows Event Log Tips to Detect Ransomware AttacksHere’s What to Expect From the Counter Ransomware Initiative Meeting This Week
9/27-29/2024 September 29, 2024September 29, 2024 ~ The Cyber Beat ~ Leave a comment As Hezbollah Threat Loomed, Israel Built up Its Spy AgenciesPentagon Gives Thumbs-Down to Cyber Service Proposal in Defense BillsTesla’s Cybertruck Goes, Inevitably, to WarGovernments Urge Improved Security and Resilience for Undersea CablesWhy It’s Time to Take Warnings About Using Public Wi-Fi, in Places Like Airports, SeriouslyWatch: Can BBC Reporter’s AI Clone Fool His Colleagues?How Pen and Paper Comes to the Rescue in an IT CrisisThe U.S. Government Wants to Cut out Some of Its Weirdest Password RulesIrish Data Protection Commission Fines Meta $102 Million for Storing Passwords in Plain TextUK National Hacked Public Companies for Stock Trading Intel, DOJ SaysAll Dutch Police Officers’ Contact Details Stolen in CyberattackRichmond Community Schools (IN) Suffers Ransomware AttackRansomware Attack Continues at UMC Hospital in Lubbock (TX)Amgen (CA) Announces Third-party Data Breach from Incident at Sirva RelocationMicrosoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware AttacksNew HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking UsersProgress Urges Admins to Patch Critical Whatsup Gold Bugs ASAPMicrosoft: Windows Recall Now Can Be Removed, Is More SecureHow Should CISOs Navigate the SEC Cybersecurity and Disclosure Rules?Red Team Hacker on How She ‘Breaks Into Buildings and Pretends to Be the Bad Guy’
9/26/2024 September 26, 2024September 26, 2024 ~ The Cyber Beat ~ Leave a comment Hurricane Helene Prompts CISA Fraud WarningRussia-Backed Gamaredon Still ‘Most Engaged’ Hacker Group in UkraineN. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted AttacksCloudflare Warns of India-Linked Hackers Targeting South and East Asian EntitiesWatering Hole Attack on Kurdish Sites Distributing Malicious APKs and SpywareIsraeli Military Chief Says Troops Are Preparing for Ground War in Lebanon…Amid Air Strikes and Rockets, an SMS From the EnemyFears of Weakness in Water Cybersecurity Grow After Kansas AttackIranians Indicted in Connection With Trump Campaign HackKrebs: U.S. Indicts 2 Top Russian Hackers, Sanctions CryptexYork Mayor Eric Adams Is Indicted After Years-Long Federal Corruption Investigation Into Bribery and Fraud…Told FBI He Forgot His Phone’s Passcode…Don’t Ever Hand Your Phone to the CopsOver a Third of Employees Secretly Sharing Work Info with AINIST Scraps Passwords Complexity and Mandatory Changes in New GuidelinesChicago Stops Using Controversial ShotSpotter Gunshot Detection SystemKuwait Health Ministry Restoring Systems After Cyberattack Takes Down Hospitals, Healthcare AppData Breach at MC2 Data Leaves 100 Million at Risk of Fraud58K Patients Have Health Info Possibly Exposed in Michigan Medicine BreachRoss, Anglim, Angelini & Co. (NJ) Breach Compromises an Unknown Number of Social Security NumbersCybercriminals Hack UK Rail Network Wi-Fi…Man Arrested After ‘Islamophobic’ Cyber Attack Hits London Stations Wi-FiMoneyGram Services Restored but Questions Remain About Cyber IncidentRichardson (TX) Working With FBI to Address Attempted Ransomware AttackFirst Mobile Crypto Drainer ‘WalletConnect’ Found on Google PlayMalicious Ads Hide Infostealer in League of Legends ‘Download’Automattic Blocks WP Engine’s Access to WordPress ResourcesCUPS Flaws Enable Linux Remote Code Execution, but There’s a CatchMillions of Kia Vehicles Could Be Hacked and Tracked Due to a Simple Website BugPatch Now: Critical Nvidia Bug Allows Container Escape, Complete Host TakeoverHPE Patches Three Critical Security Holes in Aruba PapiTails OS Merges With Tor Project for Better Privacy, Security
9/25/2024 September 26, 2024September 26, 2024 ~ The Cyber Beat ~ Leave a comment China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ CyberattackU.S. House Bill Addresses Growing Threat of Chinese Cyber ActorsBiden Meets Vietnam Leader to Counter Hanoi’s Ties With China and RussiaDonald Trump Briefed on Suspected Iranian Assassination PlotOpenAI Chief Technology Officer Mira Murati Says She’s Leaving Artificial Intelligence Company…OpenAI to Become For-Profit CompanyGoogle Paid $2.7 Billion to Bring Back an AI Genius Who Quit in FrustrationSurging AI Demand Could Cause the World’s Next Chip Shortage, Research SaysHow Apple and Microsoft’s Trusted Brands Are Being Used to Scam You Online82% of Phishing Sites Now Target Mobile DevicesCaroline Ellison, Former FTX Executive, Sentenced to 24 Months in PrisonKrebs: Timeshare Owner? The Mexican Drug Cartels Want YouChina Claims Taiwan, Not Civilians, Behind Web VandalismRansomHub Genius Tries to Put the Squeeze on Delaware LibrariesModified LockBit and Conti Ransomware Shows up in DragonForce Gang’s AttacksTransportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport MalwareCISA: Hackers Target Industrial Systems Using “Unsophisticated Methods”Study Finds Many European Car Resellers Fail to Delete Driver DataConnecting Your Phone to Rental Car Infotainment System? There Is a Big, Hidden Privacy RiskPwn2Own Auto Offers $500K for Tesla HacksChatGPT macOS Flaw Could’ve Enabled Long-Term Spyware via Memory FunctionGoogle’s Shift to Rust Programming Cuts Android Memory Vulnerabilities by 52%Google Sees 68% Drop in Android Memory Safety Flaws Over 5 YearsMozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent
9/24/2024 September 24, 2024September 24, 2024 ~ The Cyber Beat ~ Leave a comment Sweden Accuses Iran of Hacking Text Messaging Service Last Year After Public Koran BurningsTrump Campaign’s Suspected Iranian Hack May Still Be HappeningU.S. Capitol Hit by Massive Dark Web Cyber Attack: ReportsState Department Cyber Bureau Preps Funding Blitz Aimed at Boosting Allies’ DefensesRussia-Backed Media Outlets Are Under Fire in the U.S.—but Still Trusted WorldwideTikTok Blocks Dozens of Kremlin-Backed Media AccountsHow to Spot a North Korean Agent Before They Get Comfy Inside PayrollThreat Actors Shift to JavaScript-Based Phishing AttacksHackers Deploy AI-Written Malware in Targeted AttacksCrowdStrike Boss Apologises for Global IT OutageCybersecurity Incident Affects Arkansas City Water Treatment FacilityThe Centers for Medicare & Medicaid Services Says Data Breach Impacted 3.1 Million PeopleTwilio Purportedly Breached, Nearly 12K Call Records CompromisedAutoCanada Says Ransomware Attack “May” Impact Employee DataOne Point HR Solutions (OH) Data Breach Affects an Unknown Number of ConsumersRomCom Malware Resurfaces With SnipBot VariantNew Octo2 Malware Variant Threatens Mobile Banking SecurityInfostealer Malware Bypasses Chrome’s New Cookie-Theft DefensesCritical Ivanti vTM Auth Bypass Bug Now Exploited in Attacks
9/23/2024 September 23, 2024September 23, 2024 ~ The Cyber Beat ~ Leave a comment Dozens of Fortune 100 Companies Have Unwittingly Hired North Korean IT Workers, According to ReportU.S. Intelligence Agencies Confirm Russia Is Pushing Fake Videos of Kamala HarrisChinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR MalwareRussian Cyber-Attacks Home in on Ukraine’s Military InfrastructureU.S. Proposes Ban on Chinese, Russian Connected Car Tech Over Security FearsMicrosoft’s Largest Ever Security Transformation Detailed in New ReportWhy ‘Never Expire’ Passwords Can Be a Risky DecisionUPS Supplier’s Password Policy Flip-Flops From Unlimited, to 32, Then 64 CharactersTelegram Will Now Hand Over Your Phone Number and IP if You’re a Criminal SuspectKaspersky Deletes Itself, Installs UltraAV Antivirus Without WarningIsraeli Tech Sector Resilient but Faces Funding Uncertainty Amid Ongoing War With Hamas GroupHow Apple, Google, and Microsoft Can Save Us From AI DeepfakesHezbollah Likely to Launch Retaliatory Cyberattack on Israel, Expert SaysAlaska Airlines Reports IT Outage, Disruption in Seattle‘Cybersecurity Issue’ Takes MoneyGram Offline for Three Days – And CountingTewkesbury Borough Council: Cyber Incident ‘Was an Accident – Not an Attack’Ransomware Attack on Franklin County (KS) Exposed Sensitive Info of Nearly 30,000 ResidentsKryptina Ransomware Resurfaces in Enterprise Attacks By MalloxAndroid Malware ‘Necro’ Infects 11 Million Devices via Google PlayNew PondRAT Malware Hidden in Python Packages Targets Software DevelopersMove Over, Cobalt Strike. Splinter’s the New Post-Exploit Menace in TownVulnerabilities Found in Popular Houzez Theme and PluginCritical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution RiskGavin Newsom Vetoes Legislation to Mandate Universal Data Privacy Opt-Outs in California
9/20-22/2024 September 22, 2024September 22, 2024 ~ The Cyber Beat ~ Leave a comment Ukraine Bans Telegram Use for Government and Military PersonnelHacktivist Group Twelve Targets Russian Entities with Destructive Cyber AttacksCourt Finds Former German Cyber Chief Was Falsely Accused of Associating With Russian SpiesU.S. Cyberspace Solarium Commission Outlines Ten New Cyber Policy PrioritiesCyber Leaders Struggle to Fill AI Security JobsCybersecurity Skills Gap Leaves Cloud Environments VulnerableCISA Boss: Makers of Insecure Software Are the Real Cyber VillainsCompanies Face Risk of Huge Fines and Suspensions Under Tough New Cyber Rules in the EUU.S. Indicts Two, Including One Florida Man, Over Socially Engineered $230M+ Crypto HeistClickbaity or Genius? ‘BF Cheated on You’ QR Codes Pop up Across UKLinkedIn Halts AI Data Processing in UK Amid Privacy Concerns Raised by ICOFederal Civil Rights Watchdog Sounds Alarm Over DOJ, DHS, and HUD Use of Facial Recognition TechnologyHacker Uses Telegram Chatbots to Leak Data of Top Indian Insurer Star HealthDell Investigates Data Breach Claims After Hacker Leaks Employee InfoWells Fargo Clearing Services Notifies Consumers of Recent Data BreachMore Than $44 Million in Cryptocurrency Stolen From Singaporean Platform BingXCybercrooks Strut Away With Haute Couture Harvey Nichols DataSchools Across Lancashire Threatened by Hackers in Cyber AttackValencia Ransomware Explodes on the Scene, Claims California City, Fashion Giant, More as VictimsGlobal ‘Marko Polo’ Infostealer Malware Operation Targets Crypto Users, GamersCISA Warns of Actively Exploited Apache HugeGraph-Server BugResearcher Reveals ‘Catastrophic’ Security Flaw in the Arc BrowserWindows Server 2025 Previews Security Updates Without RestartsmacOS Sequoia Change Breaks Networking for VPN, Antivirus Software
9/19/2024 September 19, 2024September 19, 2024 ~ The Cyber Beat ~ Leave a comment First Israel’s Exploding Pagers Maimed and Killed. Now Comes the Paranoia…Your Phone Won’t Be the Next Exploding PagerIran Backdoors Planted Across Middle East Telecoms, Government Agencies, Google SaysLong Island County Hack Probe Details History of Cyber FailuresDisney to Stop Using Slack Following Hack That Exposed Company DataInsecure APIs and Bot Attacks Cost Global Firms $186bn1 in 10 Orgs Dumping Their Security Vendors After CrowdStrike OutageInfostealers Cause Surge in Ransomware Attacks, Just One in Three Recover DataCalifornians Can Now Add Their Driver’s Licenses to Apple WalletNo Way? Big Tech’s Endless ‘Lucrative Surveillance’ of Everyone Is Terrible for Privacy, FreedomTor Says It’s “Still Safe” Amid Reports of Police Deanonymizing UsersGermany Seizes 47 Crypto Exchanges Used by Ransomware GangsPolice Dismantles Phone Unlocking Ring Linked to 483,000 Victims8,000 Claimants Sue Outsourcing Giant Capita Over 2023 Data BreachIndonesia’s Tax Agency Probes Alleged Personal Data BreachAltman Plants Notifies Thousands of Data Breach Involving Their SSNs and Medical InformationElitecare Emergency Room (TX) Notifies Patients of July 2024 Data BreachTewkesbury Borough Council in Gloucestershire IT Systems Deemed ‘Safe’ After Cyber AttackHackers Exploit Default Credentials in FOUNDATION Software to Breach Construction FirmsCryptojacking Gang TeamTNT Makes a ComebackNew Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing EmailsClever ‘GitHub Scanner’ Campaign Abusing Repos to Push MalwareKrebs: This Windows PowerShell Phish Has Scary Potential1 PoC Exploit for Critical RCE Flaw, but 2 Patches From VeeamIvanti Warns of Another Critical CSA Flaw Exploited in AttacksApple’s New macOS Sequoia Update Is Breaking Some Cybersecurity ToolsGoogle Password Manager Now Automatically Syncs Your PasskeysUnexplained ‘Noise Storms’ Flood the Internet, Puzzle Experts
9/18/2024 September 18, 2024September 19, 2024 ~ The Cyber Beat ~ Leave a comment Hezbollah Devices Explode Again in Lebanon, Raising Fears of Wider Israel Conflict…Walkie-Talkies This Time…Solar Panels and Fingerprint Recognition Devices Used by Hezbollah Fighters…Hezbollah Pager Attack Puts Spotlight on Israel’s Cyber Warfare Unit 8200…Supply-Chain InterferenceEuropol Taskforce Disrupts ‘Ghost’ Global Criminal Network Through Supply Chain AttackGermany Seizes Leak Site of ‘Vanir’ Ransomware OperationFlax Typhoon: U.S. FBI Disrupts Second Chinese Hacking Group, Director SaysDid a Chinese University Hacking Competition Target a Real Victim?U.S. Says Iran Tried to Influence Election With Messages to Biden Camp With Stolen Info From Trump CampaignCritical Infrastructure at Risk From Email Security BreachesDOJ, FBI Need Better Metrics for Tracking Ransomware Disruption Efforts, Audit FindsRussian Security Firm Dr.Web Disconnects All Servers After BreachDeja Blues… Ransomware Group LockBit Boasts Once Again of Ransoming IRS-Authorized eFile.comNorth Korean Hackers Target Energy and Aerospace Industries with New MISTPEN MalwareNew “Raptor Train” IoT Botnet Compromises Over 200,000 Devices WorldwideMicrosoft: Vanilla Tempest Hackers Hit Healthcare With INC RansomwareX Hacking Spree Fuels “$HACKED” Crypto Token Pump-and-DumpQR Phishing Scams Gain Motorized Momentum in UKKrebs: Scam ‘Funeral Streaming’ Groups Thrive on FacebookGoogle Street View Images Used For Extortion ScamsGitLab Releases Fix for Critical SAML Authentication Bypass FlawDiscord Rolls Out End-To-End Encryption for Audio, Video Calls
9/17/2024 September 17, 2024September 17, 2024 ~ The Cyber Beat ~ Leave a comment Hezbollah Pagers Explode in Apparent Attack Across Lebanon…4,000 Injured, 11 Dead…The Mystery of Hezbollah’s Deadly Exploding Pagers…Hezbollah Vows to Punish Israel After Pager Explosions Across LebanonU.S. Looks to Align Security Across GovernmentCISA Urges Software Devs to Weed out XSS VulnerabilitiesCyberattacks Plague Health Care. Critics Call the Federal Response ‘Inadequate’Over Half of Breached UK Firms Pay RansomMost Cyber Leaders Fear AI-Generated Code Will Increase Security RisksAT&T Pays $13 Million FCC Settlement Over 2023 Data BreachChinese National Accused by Feds of Spear-Phishing for NASA, Military Source CodeMeta Blocks RT and Other Russian State Media; Kremlin Says It’s ‘Unacceptable’Pro-Ukraine Hackers Claim Attack on Agency That Certifies Digital Signatures in RussiaTemu Denies Breach After Hacker Claims Theft of 87 Million Data RecordsOver 1,000 ServiceNow Instances Found Leaking Corporate KB DataConstruction Firms Breached in Brute Force Attacks on Accounting SoftwareAramark myPay Data Breach Affects an Unknown Number of EmployeesBinance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency UsersMarko Polo Cybercrime Gang Targets Cryptocurrency Users, Influencers With ScamsRansomware Gangs Now Abuse Microsoft Azure Tool for Data TheftPKfail Secure Boot Bypass Remains a Significant Risk Two Months LaterSolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE AttacksVMware Patches Remote Make-Me-Root Holes in vCenter Server, Cloud Foundation
9/16/2024 September 16, 2024September 16, 2024 ~ The Cyber Beat ~ Leave a comment Cybersecurity & the 2024 U.S. ElectionsWhite House to Tackle AI-Generated Sexual Abuse ImagesCISA Warns of Windows Flaw Used in Infostealer Malware AttacksCybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing AttacksAdvanced Phishing Attacks Put X Accounts at RiskSnowflake Slams ‘More MFA’ Button Again – Months After Ticketmaster, Santander BreachesHalf of UK Firms Lack Basic Cybersecurity SkillsTech Firm CACI Beefs up Defense Business With $1.28 Bln Azure Summit DealChrome Switching to NIST-Approved ML-KEM Quantum Encryption to Protect Against Quantum TLS AttacksU.S. Cracks Down on Spyware Vendor Intellexa With More SanctionsFeds Sentence 12 Crypto Thieves, Including a Florida Man, Behind SIM Swaps, Home InvasionsPacific Islands Forum Investigating Cyberattack on Networks by Reported China State ActorsOnly U.S. Platinum Mine Stillwater Mining Company Confirms Data Breach After Ransomware ClaimsData on Nearly 1 Million NHS Patients Leaked Online Following Ransomware Attack on London HospitalsGerman Radio Station Forced to Broadcast ‘Emergency Tape’ Following CyberattackThe Maids International Notifies Consumers of the January 2024 Data BreachNorth Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor MalwareWindows Vulnerability Abused Braille “Spaces” in Zero-Day AttacksExploit Code Released for Critical Ivanti RCE Flaw, Patch NowGoogle Fixes GCP Composer Flaw That Could’ve Led to Remote Code ExecutionD-Link Fixes Critical RCE, Hardcoded Password Flaws in WiFi 6 Routers
9/13-15/2024 September 15, 2024September 15, 2024 ~ The Cyber Beat ~ Leave a comment Malicious Actors Spreading False U.S. Voter Registration Breach ClaimsState Dept: Russia’s RT News Agency Has ‘Cyber Operational Capabilities,’ Assists in Military ProcurementHow a U.S. Spy Tapped Into Russian Communication LinesKrebs: The Dark Nexus Between Harm Groups and ‘The Com’Nightsleeper: Could a Cyber Hack Derail a Train in Real Life?Hardware Supply Chain Threats Can Undermine Endpoint InfrastructureLargest Crypto Exchange in Indonesia Indodax Pledges to Reimburse Users After $22 Million Theft23andMe Agrees to Pay $30 Million to Settle Lawsuit Over Massive Data BreachCambodian Senator Sanctioned by U.S. Over Alleged Forced Labor Cyber-Scam CampsApple Seeks Dismissal of Its NSO Group Lawsuit, Citing Risk of Exposing ‘Vital Security Information’Meta to Resume Plans to Harness UK Users’ Social Media Posts for AI Model TrainingFeeld Dating App’s Security Too Open-Minded as Private Data Swings Into Public ViewPort of Seattle Hit by Rhysida Ransomware in August AttackRansomHub Claims Kawasaki Cyberattack, Threatens to Leak Stolen DataAtrium Health Apologizes After Employees Fall For Phishing Attack; Patient Info May Have Been ExposedShamrock Trading Corporation Announces May 2024 Data BreachTfL Requires In-Person Password Resets for 30,000 Employees After HackJohnson County Board of Education (TN) Loses $3.4 Million to a Fake Curriculum VendorMalware Locks Browser in Kiosk Mode to Steal Google CredentialsTrickMo Android Trojan Exploits Accessibility Services for On-Device Banking FraudIvanti Warns of Active Exploitation of Newly Patched Cloud Appliance VulnerabilityProgress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw
9/12/2024 September 13, 2024September 13, 2024 ~ The Cyber Beat ~ Leave a comment The U.S. Is Preparing Criminal Charges in Iran Hack Targeting TrumpChinese-Made Port Cranes in U.S. Included ‘Backdoor’ Modems, House Report SaysMicrosoft Is Building New Windows Security Features to Prevent Another CrowdStrike IncidentApple Vision Pro’s Eye Tracking Exposed What People TypeHacker Tricks ChatGPT Into Giving Out Detailed Instructions for Making Homemade BombsBT Spots 2,000 Potential Attacks on Its Network a SecondGoogle Chrome Makes It Easier to Opt out of Annoying Notifications on AndroidWhy Credit Card Fraud Alerts Are Rising, and How Worried You Should Be About ThemMastercard Bolsters Threat Intelligence Capabilities With $2.65 Billion Deal for Recorded FutureCyber Intelligence Company Strider Raises $55 Million in FundingHospital System to Pay $65 Million for Dark Web Data Leak, Including Images of Nude Cancer PatientsTfL Confirms Customer Data Breach, 17-Year-Old Suspect ArrestedU.S. Sanctions Cambodian Tycoon for Alleged Human Trafficking to Cyber Scam CentersFortinet Confirms Data Breach After Hacker Claims to Steal 440GB of FilesI Stole 20GB of Data From Capgemini – And Now I’m Leaking It, Says Cyber-CrookIranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware AttackSocially Savvy Scattered Spider Traps Cloud Admins in WebExposed Selenium Grid Servers Targeted for Crypto Mining and ProxyjackingBeware: New Vo1d Malware Infects 1.3 Million Android TV Boxes WorldwideNew Android Malware ‘Ajina.Banker’ Steals Financial Data and Bypasses 2FA via Telegram‘Hadooken’ Linux Malware Targets Oracle WebLogic ServersHackers Targeting WhatsUp Gold With Public Exploit Since AugustUrgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job ExecutionOpen Source Updates Have 75% Chance of Breaking AppsSchools Face Million-Dollar Bills as Ransomware RisesBusiness Email Compromise Costs $55bn Over a Decade
9/11/2024 September 12, 2024September 12, 2024 ~ The Cyber Beat ~ Leave a comment Cyberattacks on U.S. Utilities Surged 70% This Year, Says Check PointUK Designates the Data Center Sector Part of Its ‘Critical National Infrastructure’Hackers Have Sights Set on Four Microsoft Vulnerabilities, CISA WarnsOperational Technology Leaves Itself Open to Cyber-AttackWordPress.org to Require 2FA for Plugin Developers by OctoberApple Intelligence Promises Better AI Privacy for Personal Information . Here’s How It Actually WorksPoland’s Supreme Court Blocks Pegasus Spyware ProbeSingapore Police Arrest Six Hackers Linked to Global Cybercrime SyndicateSo You Paid a Ransom Demand … and Now the Decryptor Doesn’t WorkHow Law Enforcement’s Ransomware Strategies Are EvolvingHow $20 and a Lapsed Domain Allowed Security Pros to Undermine Internet IntegrityTD Bank Fined $28 Million for Sharing Inaccurate and Negative Data on CustomersHunters International Claims Ransom on Chinese Mega-Bank’s London HQJapanese Media Giant Kadokawa Investigating Another Reported Data Leak by BlackSuit HackersMultiple Popular French Retailers Confirm Hackers Stole Customer DataNJ Union Reports Cyber Incident May Have Exposed Members’ Private InformationHighline Public Schools Will Reopen Classes — Without Internet — Amid Cyberattack RecoveryBollinger County (MO) Sheriff Talks About Hack of Facebook PageDevelopers Beware: Lazarus Group Uses Fake Coding Tests to Spread MalwareDragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and EuropeMajor Sales and Ops Overhaul Leads to Much More Activity … For Meow Ransomware GangGallup: Pollster Acts to Close Down Security ThreatAdobe Fixes Acrobat Reader Zero-Day With Public PoC ExploitKrebs: Bug Left Some Windows PCs Dangerously Unpatched
9/10/2024 September 10, 2024September 10, 2024 ~ The Cyber Beat ~ Leave a comment Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast AsiaNew Portuguese Government to Keep Ban on Chinese 5G EquipmentThanks, Edward Snowden: You Propelled China to Quantum Networking LeadershipWix to Block Russian Users Starting September 12Russia to Spend Over Half a Billion Dollars to Bolster Internet Censorship SystemDoJ Distributes 18 and a Half Million Dollars to Western Union Fraud VictimsCrypto Scams Rake in Five and Three-Fifths of a Billion Dollars a Year for Cyberscum Lowlifes, FBI SaysWhatsApp’s ‘View Once’ Could Be ‘View Whenever’ Due To a FlawGallup Poll Bugs Open Door to Election MisinformationCyber Staffing Shortages Remain CISOs’ Biggest ChallengeLondon’s Transit Agency Drops Claim It Has ‘No Evidence’ of Customer Data Theft After HackVista Higher Learning (MA) Data Breach Impacts an Unknown Number of ConsumersCosmicBeetle (aka NoName) Deploys Custom ScRansom Ransomware, Partnering with RansomHubRansomHub Ransomware Abuses Kaspersky TDSSKiller to Disable EDR SoftwareNew PIXHELL Attack Exploits Screen Noise to Exfiltrates Data from Air-Gapped ComputersIvanti Fixes Maximum Severity RCE Bug in Endpoint Management SoftwareMicrosoft September 2024 Patch Tuesday Fixes 4 Zero-Days, 79 Flaws…Microsoft Fixes Windows Smart App Control Zero-Day Exploited Since 2018…Microsoft Fixes Windows Server Performance Issues From August Updates
9/9/2024 September 10, 2024September 10, 2024 ~ The Cyber Beat ~ Leave a comment Chinese Mustang Panda APT Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks…Mustang Panda Use New Data Theft Malware in Gov’t AttacksTIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber CampaignGerman Intelligence Says Russian GRU Group Behind NATO, EU CyberattacksPoland Dismantles Cyber Sabotage Group Linked to Russia, BelarusRussia’s Top-Secret Military Unit Reportedly Plots Undersea Cable ‘Sabotage’DDoS Attacks Double With Governments Most TargetedThe Bitcoin ATM Has Emerged as One of Cryptocurrency’s Biggest ThreatsU.S. Proposes Requiring Reporting for Advanced AI, Cloud ProvidersTechnology Causes “Digital Entropy” as Firms Struggle With GovernanceWhat You Need to Know about Grok AI and Your PrivacyU.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major AttacksCyber-Attack on Payment Gateway Slim CD Exposes 1.7 Million Credit Card DetailsData of Nearly 300,000 Exposed in Avis CyberattackHighline Public Schools (WA) Closes Schools Following CyberattackRansomware Attack Forces London’s Charles Darwin School to Close and Send Students HomeKent’s Biggin Hill School Closes Due to Ransomware AttackWelcome Health (CA) Data Breach Put Confidential Patient Information at RiskRetailData (VA) Data Breach Affects an Unknown Number of ConsumersBlind Eagle Targets Colombian Insurance Sector with Customized Quasar RATQuad7 Botnet Targets More SOHO and VPN Routers, Media ServersAkira Ransomware Actors Exploit SonicWall Bug for RCEMeta Fixes Easily Bypassed WhatsApp ‘View Once’ Privacy FeatureFord Seeks Patent for Tech That Listens to Driver Conversations to Serve Ads
9/6-8/2024 September 8, 2024September 8, 2024 ~ The Cyber Beat ~ Leave a comment U.S. Financial Markets, Public Companies Are a Growing Target for Russian HackersLawmakers Want U.S. to Address Risks Posed by Chinese Agriculture DronesDespite Cyberattacks, Water Security Standards Remain a Pipe DreamResearchers Say a Bug Let Them Add Fake Pilots to Rosters Used for TSA ChecksThe NSA Has a Podcast—Here’s How to Decode ItTelegram Changes Its Tone on Moderating Private Chats After CEO’s Arrest…Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal ActivityRussian Authorities Able to Identify Train Saboteur Teen From Anonymous Telegram AccountAI, Growing Data Risks Expand the Role of Chief Privacy OfficerAmid AI Boom, Tech Can’t Afford to Neglect Spending in These IT AreasSpyware Vendors’ Nebulous Ecosystem Helps Them Evade SanctionsFBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh NationalsYouTube Removes Tenet Media Channel Over Alleged Ties to Russian Disinformation EffortTherapy Sessions Exposed by Mental Health Care Firm Confidant Health’s Unsecured Database900,000 on Medicare in Wisconsin Warned of Data Breach from MOVEitCar Rental Giant Avis Discloses Data Breach Impacting CustomersTransport for London (TfL) Still Affected by ‘Ongoing Cyber Incident’North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job ScamsSextortion Scam Now Use Your “Cheating” Spouse’s Name as a LureSpyAgent Android Malware Steals Your Crypto Recovery Phrases from ImagesNew RAMBO Attack Steals Data Using RAM in Air-Gapped ComputersGeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet MalwareGitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious CodeSonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible ExploitationProgress LoadMaster Vulnerable to 10/10 Severity RCE FlawMicrosoft Office 2024 to Disable ActiveX Controls by DefaultCybersecurity Talent Shortage Prompts White House Action
9/5/2024 September 5, 2024September 5, 2024 ~ The Cyber Beat ~ Leave a comment WhisperGate: Russian Military Hackers ‘Cadet Blizzard’ Linked to Critical Infrastructure…Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare TeamGoogle Searches Are Becoming a Bigger Target of Cybercriminals With the Rise of ‘Malvertising’Brazil Says Its Resistance to Elon Musk Is Global Example…With Musk’s X Banned in Brazil, Its Users Carve Out New Digital Homes…Why It’s So Hard to Fully Block X in BrazilUK Signs Council of Europe AI ConventionMusician Charged With $10M Streaming Royalties Fraud Using AI and BotsMicrosoft Removes Revenge Porn From Bing Search Using New ToolCyber Spending Rises Modestly While Hacking Threats EvolveServices Disrupted as Local Council Near GCHQ’s Headquarters Hit by CyberattackPenpie DeFi Platform Files Reports With FBI, Singapore Police After $27 Million Crypto TheftDr. Daniel Leeman, MD (TX) Notifies 20k+ Patients of Recent Data BreachOnlyFans Hackers Targeted With Infostealer MalwareNew Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading FirmChinese-Speaking Hacker Group ‘Tropic Trooper’ Targets Human Rights Studies in Middle EastLiteSpeed Cache Bug Exposes 6 Million WordPress Sites to Takeover AttacksApache Fixes Critical OFBiz Remote Code Execution VulnerabilityVeeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues
9/4/2024 September 5, 2024September 5, 2024 ~ The Cyber Beat ~ Leave a comment U.S. Cracks Down on Russian Disinformation Before 2024 Election…U.S. Indicts Two RT Employees for Alleged Russian Disinformation EffortNorth Korean Hackers Targets Job Seekers with Fake FreeConference AppRed Teaming Tool MacroPack Abused for Malware DeploymentU.S. Government Set Out to Improve Internet Routing SecurityThe Japanese Robot Controversy Lurking in Israel’s Military Supply ChainTelegram Apologizes to South Korea and Takes Down Smutty DeepfakesReed Smith Is Latest U.S. Law Firm to Shrink China Presence With Beijing ClosureCopilot for Microsoft 365 Might Boost Productivity if You Survive the Compliance MinefieldEuropean Data Privacy Watchdog Closes Case Against X Over Its Grok AI BotPlanned Parenthood Confirms Cyber-Attack as RansomHub Threatens to Leak DataMicrochip Technology Confirms Data Was Stolen in CyberattackHospital Sisters Health System (IL) Data Breach Affects an Unknown Number of PatientsCicada Ransomware May Be a BlackCat/ALPHV Rebrand and UpgradeHackers Inject Malicious JS in Cisco Store to Steal Credit Cards, CredentialsResearchers Find Over 22,000 Removed PyPI Packages at Risk of Revival HijackYubiKeys Have an Unfixable Security Flaw — But It’s Difficult to ExploitCisco Warns of Backdoor Admin Account in Smart Licensing UtilityCisco Fixes Root Escalation Vulnerability With Public Exploit CodeAndroid Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw
9/3/2024 September 3, 2024September 5, 2024 ~ The Cyber Beat ~ Leave a comment Spamouflage Trolls Pretend to Be American Patriots on X, TikTok Ahead of U.S. Presidential ElectionThe U.S. Navy Is Going All in on Starlink…How Navy Chiefs Conspired to Get Themselves Illegal Warship Wi-FiIndicted Pair of Foreign Nationals Were Behind Swatting Attack on Cisa DirectorCivil Rights Groups Call For Spyware ControlsInside the Deepfake Porn Crisis Engulfing Korean SchoolsKrebs: Sextortion Scams Now Include Photos of Your HomeFTC: Over $110 Million Lost to Bitcoin ATM Scams in 2023…Bitcoin ATM Scammers Stole $65 Million in First Half of 2024Dutch Data Watchdog Fines Clearview AI $33M for ‘Illegal’ Data CollectionZscaler Forecasts Annual Results Below Estimates on Weak Cybersecurity SpendingHalliburton Says Hackers Removed Data in August CyberattackOver 1.4M Users Exposed in Tracelo BreachYoung Consulting and Blue Shield of California Announce Data BreachFBI Warns Crypto Firms of Aggressive Social Engineering Attacks from North KoreaRapid Growth of Password Reset Attacks Boosts Fraud and Account TakeoversHacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and BelarusNew Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted AccessZyxel Warns of Critical OS Command Injection Flaw in RoutersD-Link Says It is Not Fixing Four RCE Flaws in DIR-846W RoutersGoogle Releases Pixel Update to Get Rid of Surveillance Vulnerability
9/2/2024 September 2, 2024September 2, 2024 ~ The Cyber Beat ~ Leave a comment U.S. Authorities Issue RansomHub Ransomware AlertSouth Korea Police Investigates Telegram Over Deepfake PornTelegram CEO Was ‘Too Free’ on Content Moderation, Says Russian MinisterVerkada Facing $3M Penalty to Federal Trade Commission After Hackers Viewed Sensitive Video FootageAdmins of MFA Bypass Service Plead Guilty to FraudGerman Air Traffic Control Agency Confirms Cyberattack, Says Current Operations Remain UnaffectedTransport for London Discloses Ongoing “Cyber Security Incident”Business Services Giant CBIZ Discloses Customer Data BreachMalicious npm Packages Mimicking ‘noblox.js’ Compromise Roblox Developers’ SystemsRansomware Gangs Pummel Southeast Asia
8/30-9/1/2024 September 1, 2024September 1, 2024 ~ The Cyber Beat ~ Leave a comment Iranian Hackers Set Up New Network to Target U.S. Political CampaignsCIA Says It Busted Teen Terror Cell Targeting Taylor Swift in ViennaHow the CIA Tries to Recruit Russians to Spy on Their CountryTired of Airport Security Queues? SQL Inject Yourself Into the Cockpit, Claim ResearchersCrowdStrike Exec Will Testify to Congress About July’s Global IT MeltdownCompanies Grapple With Expanding Cyber RulesResearcher Sued for Sharing Data Stolen by Ransomware With MediaDocker-OSX Image Used for Security Research Hit by Apple DMCA Takedown City of Columbus Sues Man After He Discloses The Severity of Recent Ransomware Attack by Rhysida GroupU.S. Indicts Duo Over Alleged Swatting Spree That Targeted Elected OfficialsTelegram: ‘The Dark Web in Your Pocket’Data Breach at Minnesota Human Services Department May Have Compromised Personal Info of 4,000Durex India’s Security Lapse Reveals Personal Data of CustomersToronto School Board Confirms Students’ Info Stolen as LockBit Claims Breach‘Voldemort’: Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage CampaignNorth Korean Hackers Exploit Chrome Zero-Day to Deploy RootkitNew Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike PayloadsNew Malware Masquerades as Palo Alto VPN Targeting Middle East UsersGitHub Comments Abused to Push Password Stealing Malware Masked as FixesCicada3301 Ransomware’s Linux Encryptor Targets VMware ESXi SystemsDon’t Wait for the Next Big Data Breach to Freeze Your Credit