12/3/2020

Coronavirus: Hackers Targeted COVID Vaccine Supply ‘Cold Chain’ According to IBM

U.S. in Talks With Huawei Finance Chief Meng Wanzhou About Resolving Criminal Charges 

Bill to Crack Down on Fraudulent Foreign Firms Listed in U.S. Heads to Trump’s Desk

Edward Snowden Asks Trump to Pardon Wikileaks Founder Julian Assange

Trump Signs Another Executive Order on Governmental AI Development

Op-Ed: Why President-Elect Biden Needs to Appoint a Cybersecurity Czar

Universities Attacked by Phishing Campaign

Credit Card Stealing Malware Hides in Social Media Sharing Icons
Data of 243 Million Brazilians Exposed Online via Website Source Code

As Many as 113,000 Alaskans Impacted by Hack on Voter Registration System

Kmart, Latest Victim of Egregor Ransomware

Metro Vancouver’s Transit System Hit by Ransomware Attack

Clop Gang Gallops Off with 2M Credit Cards from E-Land

DeathStalker APT Spices Things Up with PowerPepper Malware

TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions

Google Play Apps Remain Vulnerable to High-Severity Flaw

12/2/2020

Top Intelligence Official Says China Targeting Foreign Influence at Incoming Biden Administration

North Korea-Linked Hackers Targeted Johnson & Johnson, Novavax in Hunt for COVID Research

APT Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks

Phishing Targets U.S. Brokerage Firms Using FINRA Lookalike Domain

HMRC Phishing Scam Abuses Mail Service to Bypass Spam Filters

Spotify Wrapped 2020 Rollout Marred by Pop Star Hacks

Krebs: Account Hijacking Site OGUsers Hacked, Again

Microsoft Revamps ‘Invasive’ M365 Feature After Privacy Backlash

Hacker Given Three Years for Stealing Secret Nintendo Switch Blueprints, Collecting Child Sex Abuse Videos
Brazilian Aerospace Firm Embraer Hit by Cyberattack

South Africa Absa Bank Embroiled in Data Leak, Rogue Employee Accused of Theft

Cyber Attack Robs Philabundance of Nearly $1M

Online Schooling Giant K12 Inc. Pays Ryuk Ransomware to Stop Data Leak

Electronic Health Records Provider NTreatment Caught Out in Data Breach

Housing Authority of Mcdonough County (IL) Experiences Ransomware Data Breach

Half of Docker Hub Images Feature Critical Flaws

Xerox DocuShare Bugs Allows Data Leaks

Flaw Allowed iPhone Hacking Remotely Through WI-Fi

12/1/2020

China Drafts Rules on Mobile Apps’ Collection of Personal Data

Federal Agencies Warn That Hackers Are Targeting U.S. Think Tanks

FBI Warns of BEC Scammers Using Email Auto-Forwarding in Attacks

Vietnamese State Hackers APT32 (aka Ocean Lotus, BISMUTH) Deploy Coin Miners to Victims

Zoom Impersonation Attacks Aim to Steal Credentials

Amazon Says Sellers Racked up More Than $4.8 Billion in Sales Over Weekend

Facebook-Backed Libra Association Changes Its Name to Diem

Supreme Court Weighs Breadth of Computer Hacking Law

Krebs: Bomb Threat, DDoS Purveyor Gets Eight Years
Personal Information Leaked in Suspected Cyberattack on Israeli Company Shirbit Insurance

Stuller Headquarters (LA) Hit by Cyber Attack

Electronic Medical Records Cracked Open by OpenClinic Bugs

Cayman Islands Bank Records Exposed in Open Azure Blob

Critical Oracle WebLogic Flaw Actively Exploited by DarkIRC Malware

Android Messenger App Still Leaking Photos, Videos

Salesforce to Acquire Slack for $28 Billion

Uber Completes $2.65 Billion Postmates Acquisition

11/30/2020

UK Bans Installation of Huawei 5G Equipment From September

Pandemic, A Driving Force in 2021 Financial Crime

Baltimore Students Told to Ditch Windows PCs After Ransomware Attack

Multiple Red Flags

Vermont Hospitals Still Recovering From October Ransomware Attack

Manchester United Cyberattack Highlights Controversy in Paying Ransomware Attackers

Company Director Disqualified After AMS Marketing Limited Made 75,000 Nuisance Calls

Ajit Pai Formally Announces Plans to Leave FCC

Cybersecurity In The New Normal: Good Enough Is No Longer Enough

Companies Urged to Adjust Hiring Requirements for Cyber Jobs
Healthcare Provider AspenPointe Data Breach Affects 295k Patients

Huntsville City Schools (AL) Close Early for Cybersecurity Threat

Someone Just Moved $5m in BTC From the 2016 Bitfinex Hack

WhatsApp Hack Could Let People Steal Messages, Users Urged to Take Precautions

MacOS Users Targeted By OceanLotus Backdoor

Docker Malware Is Now Common, So Devs Need to Take Docker Security Seriously

Gootkit Malware Returns to Life Alongside REvil Ransomware

Credit card skimmer fills fake PayPal forms with stolen order info

Microsoft Defender for Identity Now Detects Zerologon Attacks

11/27-29/2020

South Korea Says It Foiled North Korea Attempt to Hack Its COVID-19 Vaccine Makers

Christopher Krebs: I’m ‘Most Upset’ I Didn’t Get to Say Goodbye to My Team…’Not How I Wanted to Go Out.’

Cyber Monday Looms – But Shoppers Oblivious to Top Retail Threats

One in Seven #BlackFriday Emails Are Malicious

Phishing Lures Employees With Fake ‘Back to Work’ Internal Memos

Office 365 Phishing Abuses Oracle and Amazon Cloud Services

UK NCSC Helping Manchester United Recover from Cyber-Attack

2021 Healthcare Cybersecurity Priorities: Experts Weigh In
IIoT Chip Maker Advantech Hit by Ransomware, $12.5 Million Ransom

MasterChef, Big Brother Producer Banijay Group SAS Hit by DoppelPaymer Ransomware

Delaware County, PA Pays 500k Ransom to DoppelPaymer Ransomware

CBS Last.FM Fixes Admin Password Leakage via Symfony Profiler

Digitally Signed Bandook Malware Once Again Targets Multiple Sectors

Drupal Issues Emergency Fix for Critical Bug With Known Exploits

The Top 20 Cybersecurity Startups To Watch In 2021 Based On Crunchbase

11/26/2020

Personal Data of 16 Million Brazilian COVID-19 Patients Exposed Online

DDoS Attacks Against Online Retailers Increase Four-Fold During Pandemic

Massive Zoom Phishing Targets Thanksgiving Meetings

Privacy Campaigner Flags Concerns About Microsoft’s Creepy Productivity Score

Changing Employee Security Behavior Takes More Than Simple Awareness

A Therapeutic for what Ails Digital Health
Canon Publicly Confirms August Ransomware Attack, Data Theft

US Fertility Patient Data Was Stolen in Ransomware Attack

Israeli Army Exposed the PII of Tens of Thousands of Soldiers

Sophos Alerts Customers of Info Exposure After Security Breach

New Egregor Ransomware Steps into Maze Group’s Shoes

cPanel 2FA Bypassed in Minutes via Brute-Force Attacks

11/25/2020

At China’s Premier Internet Conference, Few Address the Regulatory Elephant in the Room

Trump Administration Extends TikTok Sale Deadline

Government Watchdog Urges Policymakers to Boost Cybersecurity for 5G Networks

Canada’s Proposed Privacy Overhaul Leans Toward European-Style Rules

Parler Hack Claims Are Fake, CEO Says: ‘They Are Just Obsessed With Us’

Laser-Based Hacking from Afar Goes Beyond Amazon Alexa

Phishing Most Frequently Reported Cybercrime in U.S.

Major BEC Phishing Ring Cracked Open with 3 Arrests

Ticketmaster: We’re Not Liable for Credit Card Badness Because the Hack Straddled GDPR Day

Sopra Steria Expects €50 Million Loss After Ryuk Ransomware Attack

Black Friday: The Best Gifts for Hackers
Ransomware Attack Cripples Baltimore County Public Schools: No Timeline for Return to Class

Cyber Attack Takes Rand McNally ELDs Offline

US Fertility Provides Notice of Data Security Incident

Premier Health (OH) Investigates Data Breach

Danish News Agency Ritzau Refuses to Pay After Ransomware Attack

FBI Joins Investigation Into Computer System Hack in Delaware County (PA)

Belden Networking Giant’s Company Data Stolen in Cyberattack

Passwords Exposed for Almost 50,000 Vulnerable Fortinet VPNs

Critical MobileIron RCE Flaw Under Active Attack

Windows 7 and Server 2008 Zero-Day Bug Gets a Free Patch

Why Data Protection And Cybersecurity Can’t Be Separate Functions

11/24/2020

FCC Affirms ZTE Poses U.S. National Security Threat

India Bans 43 More Chinese Apps Over Cybersecurity Concerns

Democrats Urge YouTube to Remove Election Misinformation, Step up Efforts Ahead of Georgia Runoff

Press Facebook, Twitter Too

YouTube Temporarily Suspends, Demonetizes OANN

Federal Authorities Warn of Increased Cyber Targeting During Upcoming Holiday Season

Crooks Impersonate U.S. Gov’t Agencies Offering Financial Aid

U.S. Proposes Funding to Clear Risk Assessment Backlog

Printers’ Cybersecurity Threats Too Often Ignored

Home Depot Reaches $17.5 Million Settlement Over 2014 Data Breach
Cyber-attacks Reported on Three US Healthcare Providers in FL, GA & NY

Australian Legal Services Provider Law in Order Hit With Cyber Attack

Post-Breach, Peatix Data Reportedly Found on Instagram, Telegram

Payday Loans Exposed Records in the Open

Baidu Apps in Google Play Leak Sensitive Data

New WAPDropper Malware Stealthily Subscribes You to Premium Services

Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies

TrickBot Malware Uses Obfuscated Windows Batch Script to Evade Detection

Blackrota Golang Backdoor Packs Heavy Obfuscation Punch

UK Urges Orgs to Patch Critical Mobileiron Cve-2020-15505 Rce Bug

11/23/2020

Alibaba CEO Says China’s Draft Anti-Monopoly Rules ‘Timely and Necessary’

Democrats Accuse GSA of Undermining National Security by Not Certifying Biden Win

President-Elect Biden to Begin Formal Transition Process After Agency Ok

Lawmakers Urge FCC to Assist in Effort to Rip Out, Replace Suspect Network Equipment

European Cloud-Computing Initiative Limits U.S. Companies’ Role

FBI Warns of Recently Registered Domains Spoofing Its Sites

Tesla Model X Key Fobs Could Be Hacked to Steal Cars, Fix Released

Smart Doorbells ‘Easy Target for Hackers’ Study Finds

Apple’s Global Security Boss Accused of Bribing Cops With 200 Free iPads in Exchange for Concealed Gun Permits
Spotify Users Hit with Rash of Account Takeovers

Anonymous Hacks Uganda Police Website

Fake Minecraft Mods Swamp Over 1m Android Devices With Ads

Bristol City Council Data Breach Sends Names of Children to ‘Livid and Upset’ Parents

TA416 APT Rebounds With New PlugX Malware Variant

Israel Cyber Directorate Warns of Remotely Exploitable Drupal Flaw

VMware Discloses Critical Zero-Day Vulnerability in Workspace One

TikTok Fixes Bugs Allowing Account Takeover With One Click

Seven Debunked Myths of Cybersecurity

11/20-22/2020

Trump Twitter ‘Hack’: Dutch Police Question Researcher

Joe Biden’s ‘Vote Joe’ Website Defaced by Turkish Hackers

Peters Criticizes Trump for Not Taking Action After Cyberattacks on Hospitals, COVID-19 Researchers

After Trump Fires CISA’s Director, the Agency Is Poised to Become Even More Powerful

Dutch Journalist Gatecrashes EU Defence Video Conference

Think Tank Urges Financial Sector Action on Cyber Threats

FBI Warns of Increasing Ragnar Locker Ransomware Activity

Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns

Hacker Posts Exploits for Over 49,000 Vulnerable Fortinet VPNs

Why Even the Best Free VPNs Are Not a Risk Worth Taking

Green Beret Passed Secrets to Russia

Krebs: Convicted SIM Swapper Gets 3 Years in Jail

FireEye Acquires Respond Software
10M Impacted in Pray.com Data Exposure

Cyber Breach Exposed Thousands of Patients’ Info at Several LSU Medical Centers

Krebs: GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Manchester United Working to ‘Minimize Disruption’ Caused by ‘Cyber Attack’

Korean Retail Giant E-Land Closes Nearly Half of Stores Due to Ransomware Attack

Irish Start-up Glofox Investigates Possible Data Breach

Sugarloaf, Sunday River (ME) Parent Company Investigating Online Attack

Archdiocese of St. Louis Websites Down After Ransomware Attack

LightBot: TrickBot’s New Reconnaissance Malware for High-Value Targets

QBot Partners With Egregor Ransomware in Bot-Fueled Attacks

New Grelos Skimmer Variants Siphon Credit Card Data

VMware Fixes Critical Flaw in ESXi Hypervisor

11/19/2020

Canadian Accusations on China Being Cyber-Crime Threat Are Groundless, Says China

Massive, China-State-Funded Hack Hits Companies Around the World, Report Says

Raytheon Employee Jailed for Exporting Missile Data to China

Cyber Official Krebs’s Ouster Tests Government Relations With Private Sector

IoT Cybersecurity Improvement Act Passed, Heads to President’s Desk

Hard Rock Stadium Ups Cybersecurity

Cybercriminals Batter Automakers With Ransomware, IP Theft 

Tech Firms Fall Short on Misinformation Targeting Latino Voters, Advocates Say

UK GCHQ Put ‘Image Before Cost’ With New Cyber Building

Florida Man Sentenced 36 Months for Stealing $9m From Adoption, Automotive Firms via Business Account Takeover

Best VPNs in 2020
Ransomware Attack Hits Arizona Judicial Branch’s Website and Limits Some Services

Students, Staff Experience Slowdowns After Mansfield Schools (MA) Fall Victim to Cyberattack

Russian Hacker Group REvil Claims Massive Attack on Televangelist Kenneth Copeland

Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack

GO SMS Pro Android App Exposes Private Photos, Videos and Messages

Facebook Messenger Bug Allowed Android Users to Spy on Each Other

Mount Locker Ransomware Now Targets Your TurboTax Tax Returns

Kali Linux 2020.4 Switches the Default Shell From Bash to ZSH

Google’s free services are now phishing campaign’s best friends

Microsoft Rolls Out Protection for Critical Accounts in Office 365

11/18/2020

Canada Names China, Russia as Main Cyber-Crime Threats; Sees Risk to Power Supply

Chinese APT10 Hackers Use Zerologon Exploits Against Japanese Orgs

Krebs: Trump Fires Security Chief Christopher Krebs

Starting Next Year, Chrome Extensions Will Show What Data They Collect From Users

The Ones Who Brought You Let’s Encrypt, Bring You: Tools for Gathering Anonymized App Usage Metrics From Netizens

Los Angeles Police Department Bars Use of Third-Party Facial Recognition Systems, Launches Review

Apple to Pay $113m to Resolve Fight Over Batteries
Cryptocurrency Exchange Liquid Confirms Hack

Flower Firm New Zealand Bloom Victim of Recent Targeted Ransomware Malware

Keene (NH) Officials Urge Vigilance After Data Breach

Ransomware Attack Shuts Jackson County (OR) Website

Egregor Ransomware Shoots Ransom Notes Out of Victims’ Printers

Cisco Webex ‘Ghost’ Flaw Opens Meetings to Snooping

Google Brings New Adaptive Protection Technology to Its Cloud Armor Network Security Service

11/17/2020

Top Cybersecurity Official Christopher Krebs Ousted by Trump

Mark Zuckerberg and Jack Dorsey Face Senate Grilling Over Moderation Practices

‘You’re the Ultimate Editor,’ Twitter’s Jack Dorsey and Facebook’s Mark Zuckerberg Accused of Censoring Conservatives

Apple Lets Some Big Sur Network Traffic Bypass Firewalls

Chinese APT Hackers Target Southeast Asian Government Institutions

Verizon Releases First Cyber-Espionage Report

EU Restrictions Could Force Companies to Change Data Transfer Practices

Krebs: Be Very Sparing in Allowing Site Notifications

Stop Saying You Don’t Need to Worry About Privacy and Cybersecurity Because You Don’t Have Anything to Hide

Vulnerability Prioritization Tops Security Pros’ Challenges

Majority of APAC Firms Pay up in Ransomware Attacks

UK Firms Least Likely to Pay Ransom Globally

New Acquisition Provides Security From Hackers’ View, Palo Alto Networks CEO Says

Equifax $30.5 Million Data Breach Settlement Gets Final Approval
Over 80,000 ID Cards and Fingerprint Scans Exposed in TronicsXchange AWS Cloud Leak

Mercy Iowa City Reports Data Breach, Over 60,000 Iowans Affected

Ransomware Attack Forces Web Hosting Provider managed.com to Take Servers Offline

City of Saint John, New Brunswick Hit by Cyberattack

Port of Kennewick (WA) Victim of Cyber Attack

Montreal’s West End Health Agency Just Beginning to Come Back Online, Weeks After Cyber-Attack

Coil Payments Platform Leaks User Emails in ‘Privacy Policy’ Update

Office 365 Phishing Campaign Detects Sandboxes to Evade Detection

Hackers Are Actively Probing Millions of WordPress Sites

Cisco Patches Critical Flaw After PoC Exploit Code Release

Chrome 87 Released With Performance Boost and Security Fixes

Firefox 83 Boosts Security With HTTPS-Only Mode, Zero-Day Fix

Microsoft Brings Trusted Platform Module Functionality Directly to CPUs Under Securo-Silicon Architecture Pluton

11/16/2020

Huawei Threat ‘No. 1 Concern’ Moving Forward, Trump National Security Adviser Says

Twitter Hires Famous Hacker Peiter Zatko ‘Mudge’ to Head Security Operations

Exposed Database Reveals 100K+ Compromised Facebook Accounts

Zoom Rolls Out Security Enhancements to Stop Zoombombing Trolls

Microsoft President Calls for Global Crackdown on Cyberattacks

Cybercrime Moves to the Cloud to Accelerate Attacks Amid Data Glut

Cybersecurity Is Top Business Worry in ‘Age of Risk’: Marsh & McLennan CEO

Crypto Firm Offers $200,000 Bug Bounty to Hacker Who Stole $2m

Meet the Hackers Who Earn Millions for Saving the Web: Bug Bounties
Dating Site Bumble Leaves Swipes Unsecured for 100M Users

Cold Storage Giant Americold Services Impacted by Cyberattack

Trojanized Security Software Hits South Korea Users in Supply-Chain Attack

Capcom Confirms Data Breach After Gamers’ Data Stolen in Cyberattack

Dozens of Ransomware Gangs Partner With Hackers to Extort Victims

Attackers Target Porn Site Goers in ‘Malsmoke’ Zloader Attack

Citrix SD-WAN Bugs Allow Remote Code Execution

Vulnerability in Firefox for Android Allowed Attackers to Steal Cookies, Local Files

11/13-15/2020

No Voting System Deleted or Lost Votes in U.S. Election: Security Groups

Coronavirus: North Korea and Russia Hackers ‘Targeting Vaccine’

DarkSide Ransomware’s Iranian Hosting Raises U.S. Sanction Concerns

Trump Administration Grants 15-Day Extension on TikTok Divesture Deadline

Apple iOS Safari Feature Can Be Used to Share “Fake News” Headlines

Scams Ramp Up Ahead of Black Friday Cybercriminal Craze

IRS Announces Move to Protect Businesses From Identity Theft

Schools Struggling to Stay Open Get Hit by Ransomware Attacks

ICE Operation Arrests 113 Child Predators

Amazon Sues Instagram, TikTok Influencers Over Knockoff Scam

Ticketmaster Fined £1.25m Over Data Breach
Vertafore Data Breach Hits 28 Million Texan Drivers

Hacker Shares 3.2 Million Pluto TV Accounts for Free on Forum

Hacker Steals $2 Million From Cryptocurrency Service Akropolis

Delaware Division of Public Health Announces Data Breach Incident

Biotech Research Firm Miltenyi Biotec Hit by Ransomware, Data Leaked

Retail Giant Cencosud Hit by Egregor Ransomware Attack, Stores Impacted

India’s Biggest Online Grocer Bigbasket Alerted to Breach, Sale of 20m Users’ Data

Saint John (NB) Suffers ‘Significant Cyber Attack’

District 211 (Chicago) Investigating Possible Hack

New TroubleGrabber Discord Malware Steals Passwords, System Info

11/12/2020

Top Official on U.S. Election Cybersecurity Christopher Krebs Tells Associates He Expects to Be Fired

Senior DHS Cybersecurity Official Bryan Ware to Step Down

Coalition of Election Officials, Stakeholders Says There Is ‘No Evidence’ Votes Were Compromised

Twitter Says It Labeled 300,000 Posts Around the Election

Washington State Could Be the 2021 Battleground for Internet Privacy

ICO Demands Urgent Data Protection Changes from UK Parties

Swiss Spies Knew About Crypto AG Compromise – and Kept It From Gov’t Overseers for Nearly 30 Years

Most Americans Reuse Passwords for Work Devices

New Tool Lets Attackers Easily Create Reply-Chain Phishing Emails

Ransomware Did Not Kill a German Hospital Patient… but It’s Still a Matter of Time

Gwinnett County (GA) Judge Re-Indicted in Computer Hacking Case
Popular Stock Photo Service 123RF Hit by Data Breach, 8.3M Records for Sale

The North Face Resets Passwords After Credential Stuffing Attack

Data Breach Index Site Leaks Over 23,000 Hacked Databases Exposing Over 13 Billion User Records

St. Albert Optometry Centre (AB) Involved in Data Breach

APT ‘Hackers For Hire’ “CostaRicto” Target Financial, Entertainment 

FBI Investigating Racist, Anti-Gay Hack of Black Student Union’s Zoom Meeting at Gonzaga

DNS Cache Poisoning Attacks Return Due to Linux Weakness

ModPipe Cyberattackers Serve Up Custom Backdoor for Oracle Restaurant Point-of-Sale Software

Google Fixes More Chrome Zero-Days Exploited in the Wild

Bugs in Critical Infrastructure Gear n Schneider Electric Programmable Logic Controllers Allow Sophisticated Cyberattacks

11/11/2020

Pressure Grows to Reinstall White House Cyber Czar

Facebook, Google to Extend Political Advertising Bans

‘Don’t Weaponise the Net’ Warns Former UK NCSC Cyber-Chief Ciaran Martin

Microsoft Warns Against SMS, Voice Calls for Multi-Factor Authentication

Philippines COVID-19 Data-Sharing App Leaked Healthcare Worker Info

Recent Ransomware Wave Targeting Israel Linked to Iranian Threat Actors

Waves of Attacks on U.S. Hospitals Show a Change in Tactics for Cybercriminals

Vatican Brings in Bots to Protect World’s Oldest Bible

This Risk Threatens Retirees’ Nest Eggs: Here’s How Advisors Are Protecting Them

Europe Tries to Boost Its Cybersecurity Industry

Cybersecurity Skills Shortage Falls for First Time
Animal Jam Kids’ Virtual World Hit by Data Breach, Impacts 46M Accounts

Conway Regional Medical Center (AR) Email Hack Exposes Info of 2,945 Patients

Newcastle Grammar School Targeted in Cyber Attack

Minecraft Apps on Google Play Fleece Players Out of Big Money

Over 2800 e-Shops Running Outdated Magento Software Hit by Credit Card Hackers

Chinese-Linked Muhstik Botnet Targets Oracle WebLogic, Drupal

Criminal Gangs Using Fake Microsoft Teams Updates to Infect Networks With Cobalt Strike

Alleged Source Code of Cobalt Strike Toolkit Shared Online

Nvidia Warns Windows Gamers of GeForce NOW Flaw

Silver Peak SD-WAN Bugs Allow for Network Takeover

Krebs: Patch Tuesday, November 2020 Edition

11/10/2020

Biden’s Hard Stand on Foreign Election Interference Signals Funding Fight

Security Researchers Warn of Uptick in Election Spam

Scammers Impersonating the IRS Threaten Victims With Legal Action

Krebs: Ransomware Group Turns to Facebook Ads

Apple to Deliver ‘Privacy Labels’ for Apps, Revealing Data-Sharing Details

EU Levels New Antitrust Charges Against Amazon

Ex-Microsoft Engineer Gets Nine Years for $10m Digital Theft

Microsoft Patch Tuesday Update Fixes 17 Critical Bugs

Colossal Intel Update Anchored by Critical Privilege-Escalation Bugs

Windows 10 Intel Microcode Released to Fix New CPU Security Bugs
Scalper-Bots Shake Down Desperate PS5, Xbox Series X Shoppers

Cadbury Social Media Scammers Take Chocoholics for a Ride

Ghimob Android Banking Trojan Targets 153 Mobile Apps

5.8 Million RedDoorz User Records for Sale on Hacking Forum

Hacker Sells Access to Pakistani Airlines’ Network

New Platypus Attack Can Steal Data From Intel CPUs

Ubuntu’s Gnome Desktop Could Be Tricked Into Giving Root Access

EA Games’ Origin Client Contained Privilege Escalation Vulnerability

Adobe Releases Security Update for Adobe Reader for Android

11/9/2020

Zoom Lied to Users About End-to-End Encryption for Years, FTC Says

To Implement Heightened Security Program in Settlement

WhatsApp Wants to Host Your Intimate Chats: They’ll Be Deleted in a Week

First Passengers Travel in Virgin’s Levitating Hyperloop Pod System

Uber, Lyft Eager to Take California Labor Win Nationwide

Cyberattack on UVM Health Network Impedes Chemotherapy Appointments

Preventing and Mitigating DDoS Attacks: It’s Elementary

Deepfake Phishing: Is That Actually Your Boss Calling?

Man Admits to Being Part of Anonymous Cyber-Attacks Related to Dakota Access Pipeline

Paralegal Admits Role in Outing Iowa Witnesses

Krebs: Body Found in Canada Identified as Neo-Nazi Spam King

Older Android Phones Will Start Failing on Some Secure Websites in 2021

Hacked In 300 Seconds: iOS 14, Samsung Galaxy S20, Windows 10
Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak

Mashable Customer Data Leaked Online

Long-Term Care Patient Info Mistakenly Released by Lake County Health Dept (IL)

Laptop Manufacturer Compal Hit by DoppelPaymer Ransomware

Ransomware Hits E-Commerce Platform X-Cart

Klamath Falls Hospital (OR) Still Struggling Through Ransomware Attack

Online Classes Resume After Cyber Attack at Saskatoon College

Malicious NPM Project Steals Discord Accounts, Browser Info

Microsoft Exchange Attack Exposes New xHunt Backdoors

Fake Microsoft Teams Updates Lead to Cobalt Strike Deployment

Ultimate Member Plugin for WordPress Allows Site Takeover

New Slipstream NAT Bypass Attacks to Be Blocked by Browsers

Google Chrome to Block Javascript Redirects on Web Page URL Clicks

11/6-8/2020

Unmarked Texts Linked to GOP Firm Urged Vote Protests in Pennsylvania

Facebook Removed Iranian Network of Fake Accounts Targeting Protests in Israel

Twitter Removes Fake AP Account That Called Election Early for Biden

Suspends Bannon

Trump Lawsuit Site to Report Rejected Votes Leaked Voter Data

Alibaba Cloud Growth Outpaces Amazon and Microsoft as Chinese Tech Giant Pushes for Profitability

Britain’s GCHQ to Wage Cyber War on Anti-Vaccine Propaganda

Kids Are Secretly Spending Thousands of Their Parents’ Money Betting on Special Video Game Wagering Sites

How Ryuk Ransomware Operators Made $34 Million From One Victim

Brazil Seizes Sites Pirating U.S. TV Shows

U.S. Seizes $24m in Crypto-Fraud Crackdown

European Consumer Groups Begin Suing Over Data Breaches
BigBasket Faces Potential Data Breach; Details of 2 Crore Users Put on Sale on Dark Web

Indian Drug Maker Lupin Suffers Cyber Attack

Luxottica Data Breach Exposes LensCrafters, EyeMed Patient Info

Capcom Ransomware Attackers Demanding $11 Million

Gitpaste-12 Worm Targets Linux Servers, IoT Devices

New Pay2Key Ransomware Encrypts Networks Within One Hour

RansomExx Ransomware Also Encrypts Linux Systems

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug

Apple Patches Bugs Tied to Previously Identified Zero-Days

Yahoo Mail Discontinues Automatic Email Forwarding for Free Users

Office 365 Will Let Admins Review Microsoft Forms Phishing Attempts

11/5/2020

Officials on Alert for Potential Cyber Threats After a Quiet Election Day

Warn Delayed Vote Count Could Lead to Flood of Disinformation

Malspam Campaign Milks Election Uncertainty

Georgia Democrats Sue Governor Kemp Over Unfounded 2018 Hacking Claims

Huawei Challenges FCC Security Risk Label at Fifth Circuit

North Korean Hackers Used ‘Torisma’ Spyware in Job Offers-based Attacks

GEO Group, Company That Runs U.S. Illegal Immigration Detention Centers. Discloses Ransomware Attack

U.S. Seizes More IRGC Domains

U.S. Gov’t Behind $1 Billion Bitcoin Transfer of Silk Road Funds

Ransom Payment No Guarantee Against Doxxing

Zoom Snooping: How Body Language Can Spill Your Password
Campari Hit by Ragnar Locker Ransomware, $15 Million Demanded

Cyber Attack Targets Norwich-Based Flagship Group

Brazil’s Court System Under Massive RansomExx Ransomware Attack

Indonesian Fintech Cermati Suffers Data Breach, Legislators Rush to Regulate Industry

Premium-Rate Phone Fraudsters Hack VoIP Servers of 1200 Companies

Deloitte Hacker IQ Game Forced Offline After Hack

GitHub Denies Getting Hacked

Critical Bug Actively Used to Deploy Cobalt Strike on Oracle Servers

Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched

Apple Patches Three Actively Exploited iOS Zero-Days

11/4/2020

DHS Says No Evidence Foreign Power Could Have Tampered With U.S. Vote

But Cybersecurity Officials Are Still Bracing for Attacks

QBot Phishing Lures Victims Using U.S. Election Interference Emails

Bitcoin: $1bn Address With Silk Road Links ‘Being Transferred’

Ransomware Gangs Don’t Always Delete Stolen Data When Paid

Krebs: Why Paying to Delete Stolen Data is Bonkers

Americans Confident in IoT Device Security

California Voters Support New Internet Privacy Rules, Strengthening State Law

Police to Livestream Ring Camera Footage of Mississippi Residents

Russian Authorities Make Rare Arrest of Malware Author
Japanese Game Dev Capcom Hit by Cyberattack, Business Impacted

Japanese Nuclear Regulator Suffers Cyber Attack

Legion Has Been Hacked, Source Code Leaked Online

Alamance Skin Center (NC) Reports Cyber Attack Breach

Mysterious APT Leaves Curious ‘KilllSomeOne’ Clue

Sneaky Office 365 Phishing Inverts Images to Evade Detection

Google Forms Abused to Phish AT&T Credentials

Apple Search Bot Leaked Internal IPs via Proxy Configuration

VMware Issues Updated Fix For Critical ESXi Flaw

11/3/2020

Cybersecurity Specialist Robert Herjavec Says He’s Confident U.S. Can Safeguard Voting From Hackers

Voting Security Has Come a Long Way Since 2016 — but Vulnerabilities Remain

Officials Express Confidence in Voting Security Amid Early Technical Glitches

FBI Investigating Robocalls Urging People to ‘Stay Home’ on Election Day

Officials on Watch for Disinformation If 2020 Election Results Are Delayed

New Kimsuky Module Makes North Korean Spyware More Powerful

One in Three Attacks Are Coronavirus-Related

Warning After 75,000 ‘Deleted’ Files Found on Used USB Drives

Krebs: Two Charged in SIM Swapping, Vishing Scams

Blackbaud Sued in 23 Class Action Lawsuits After Ransomware Attack
Leading Toy Maker Mattel Hit by Ransomware

Folksam Data Breach Leaks Info of 1M Swedes to Google, Facebook, More

Configuration Snafu Exposes Passwords for Two Million Marijuana Growers

New RegretLocker Ransomware Targets Windows Virtual Machines

These Software Bugs Are Years Old, but Businesses Still Aren’t Patching Them

Adobe Warns Windows, MacOS Users of Critical Acrobat and Reader Flaws

SaltStack Reveals New Critical Vulnerabilities, Patch Now

Oracle Solaris Zero-Day Attack Revealed

11/2/2020

Trump Administration to ‘Vigorously Defend’ TikTok Order After New Legal Setback

Teens Turn to TikTok to Boost Biden

Twitter Unlocks New York Post Account After Two-Week Standoff Over Hunter Biden Laptop

UK Cyber-Threat Agency Confronts COVID-19 Attacks

Cyber-Criminals Target Naked Zoom Users

Truata and Mastercard Launch Privacy-Enhanced Portal for Financial Institutions

Cybersecurity Threats to Corporate America Are Present Now ‘More Than Ever,’ SEC Chair Says

Survey: Cybersecurity Skills Shortage is ‘Bad,’ But There’s Hope

A ‘Virtual’ Normal Has Reshaped Our Lives — but Does It Having Staying Power?

Singapore Updates Data Protection Law to Exclude User Consent for ‘Legitimate’ Business Purposes

$100M Botnet Scheme Lands Cybercriminal 8 Years in Jail
Scammers Abuse Google Drive to Send Malicious Links

Hacker Group Uses Solaris Zero-Day to Breach Corporate Networks

Malicious npm Package Opens Backdoors on Programmers’ Computers

GitHub Breaks Site Layout After Forgetting to Renew Certificate

Connecticut Department of Social Services Clients’ Data Exposed

Civmix Website (TX) Is Back Online After Cyber Attack

Maze Ransomware Shuts Down Operations, Denies Creating Cartel

WordPress Pushes Out Multiple Flawed Security Updates

Google Patches One More Actively Exploited Chrome Zero-Day

Oracle Issues Emergency Patch for Critical WebLogic Server Flaw

10/30-11/1/2020

Russian, Iranian and Other Hackers Target 2020 U.S. Election

Crippling Cyberattacks, Disinformation Top Concerns for Election Day

Russian Hackers Targeted California, Indiana Democratic Parties

U.S. Says Iranian Hackers Behind Threatening Emails Accessed Voter Data

Most Important 2020 Election Misinformation Threat Is Not Coming From Overseas: Facebook Former Security Chief Alex Stamos

Biden Campaign Slams Facebook After Thousands of Ads Blocked by Platform’s Pre-election Blackout

Trump and Biden Official Election Apps Vulnerable to Hackers

Facing Surge in Virus, European Countries Try to Fix Their Covid Apps

Chrome Will Soon Have Its Own Dedicated Certificate Root Store

Is Cybersecurity Awareness Month Worth It?

What Are The Fastest Growing Cybersecurity Skills In 2021?

Marriott Fined £0.05 for Each of the 339 Million Hotel Guests Whose Data Was Stolen
Gold Seller JM Bullion Hacked to Steal Customers’ Credit Cards

Over 1M Lazada Redmart Accounts Sold Online After Data Breach

Sonoma Valley Hospital (CA) Hit With Cyber Attack

Chatham County (NC) Systems ‘Inoperable’ After Cyberattack

Tioga Downs Casino Resort Warns of Social Media Hack

Montreal Metro Hacker Demands $2.8m Ransom

Hacker Is Selling 34 Million User Records Stolen From 17 Companies

Wroba Mobile Banking Trojan Spreads to the U.S. via Texts

Firestarter Android Malware Abuses Google Firebase Cloud Messaging

Browser Bugs Exploited to Install 2 New Backdoors–dneSpy & agfSpy–on Targeted Computers

Windows Kernel Zero-Day Vulnerability Used in Targeted Attacks

WordPress Patches 3-Year-Old High-Severity RCE Bug

10/29/2020

Wisconsin Republicans Say Hackers Stole $2.3M

Hacker Releases Hall County’s (GA) Election-Related Files

U.S. Shares Info on Russian ComRAT and Zebrocy Malware (From State-Sponsored Turla and APT 28) Used to Target Parliaments, Embassies

Akamai Sees Doubling in Malicious Internet Traffic as Remote World’s Bad Actors Boom

U.S.: Collaboration Needed to Combat Online Child Exploitation

Krebs: FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals

Cyberattack Targets Networks of Vermont, New York, Oregon Hospitals

Kegtap, Singlemalt, Winekey Malware Serve Up Ransomware to Hospitals

Pandemic Forces Companies to Confront Technology Ethics Questions

Taiwanese Company Admits Stealing US Trade Secrets
Xfinity, McAfee Brands Abused by Parked Domains in Active Campaigns

KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms

Salem’s (NH) Town Computers Offline After Ransomware Attack

University Email Hijacking Attacks Push Phishing, Malware

REvil Gang Promises a Big Video-Game Hit; Claims Massive Revenue

Maze Ransomware Is Shutting Down Its Cybercrime Operation

Oracle WebLogic Server RCE Flaw Under Active Attack

Microsoft Warns of Ongoing Attacks Using Windows Zerologon Flaw

McAfee Debuts Remote Browser Isolation Solution, XDR Platform

10/28/2020

Trump Campaign Website Hacked with Cryptocurrency Scam

Man Arrested for Altering Voter Registration Data of Florida Governor: Police

Microsoft: Iranian Hacking Group Targeting Attendees of Major International Security Conferences

Russian Espionage Group Turla Updates Custom Malware Suite

Germany’s Robert Koch Institute for Infectious Disease Control Hit by Hackers Days Before Arson Attack: Spiegel

FBI Probes String of Recent Ransomware Attacks on U.S. Hospitals

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

How the Pandemic is Reshaping the Bug-Bounty Landscape
Home Depot Blunder Emails Customer Order Info to Strangers

Cedar County Memorial Hospital (MO) Hit With Ransomware Attack

TrickBot Linux Variants Active in the Wild Despite Recent Takedown

QNAP Warns of New QTS Bugs That Allow Take Over of Devices

Microsoft’s SMBGhost Flaw Still Haunts 108K Windows Systems

Microsoft Defender ATP Adds Vulnerable Windows Device Tracking

Microsoft Shares List of URLs Required by Microsoft Defender ATP

Krebs: Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

10/27/2020

Election Officials Warn of Widespread Suspicious Email Campaign

Facebook Removes Accounts Linked to Foreign Influence Efforts Ahead of Election

China Clamping Down on Mobile Web Browsers Over Dissemination of ‘Chaos’

How the 2020 Election War on Bots and Trolls Differs From 2016

Some Ballot Requests May Be Affected by Cyber Attack in Chenango County (NY)

U.S. Homeland Security Agency Faulted for Election Planning Around Potential Violence

Zoom Finally Adds End-to-End Encryption for All, for Free – With Caveats

Remote Workers Ignore Training to Open Suspicious Emails

Amazon Fires Employee Who Leaked Customer Names, Emails

Former California Police Captain Pleads Guilty in eBay Cyberstalking Case

Florida Woman Arrested for Hacking Home Camera System

Student Teacher Jailed for Sexting Children
Enel Group Hit by Ransomware Again, Netwalker Demands $14 Million

Steelcase Furniture Giant Hit by Ryuk Ransomware Attack

Lax Security Exposes Smart-Irrigation Systems to Attack Across the Globe

Data Breach at Swedish Security Company Gunnebo Leaks 38,000 Sensitive Documents

Aussie Media Monitoring Provider Isentia Hit by Cyber Attack

Sky Lakes Medical Center (OR) Targeted in Ransomware Attack

Medical Supplies Manufacturer DeRoyal Industries Suffers Ransomware Attack

Wall Township School District (NJ) Hit With Cyber-Attack

Car Theft in Chicago May Have Involved a Hack; ‘We’ve Never Had This Kind of Electronic Break Into the Vehicle’

FBI: Hackers Stole Government Source Code via SonarQube Instances

Majority of Microsoft 365 Admins Don’t Enable MFA

Mac Users Unable to Print After Apple Revoked Hp Certificate

10/23-26/2020

National Guard Called in to Thwart Cyberattack in Louisiana Weeks Before Election

Georgia Election Data Hit in Ransomware Attack

Russians Who Pose Election Threat Have Hacked Nuclear Plants and Power Grid

Facebook Says It’s Helped 4.4M People Register to Vote This Year

China Says Honours Its Obligations Over North Korea Sanctions

Treasury Sanctions Russian Group Accused of Targeting U.S. Critical Facilities With Destructive Malware

French Court Asks Microsoft for Safeguards Against U.S. Surveillance of Health Data

Hospitals Brace for More Cyberattacks as Coronavirus Cases Rise

Study Shows Which Messengers Leak Your Data, Drain Your Battery, and More

Experts Warn of Privacy Risks Caused by Link Previews in Messaging Apps

Why Cybersecurity Awareness Month Still Matters

Harvest Finance Places Bounty on Hacker

Microsoft IE Browser Death March Hastens
Therapy Patients Blackmailed for Cash After Finland Clinic Vastaamo Data Breach

Nando’s Hackers Feast on Customer Accounts

‘Among Us’ Mobile Game Under Siege by Attackers

WastedLocker Ransomware Hits Boyne Resorts Ski Resort Operator

Stelco Announces Cybersecurity Attack

News Agency Press Trust of India’s (PTI) Hit With Ransomware Attack, News Publishing Disrupted for Several Hours

New ‘Abaddon’ RAT Malware Gets Commands via Discord, Has Ransomware Feature

Containerd Bug Exposes Cloud Account Credentials

Massive Nitro Data Breach Impacts Microsoft, Google, Apple, More

Adware Found in 21 Android Apps With More Than 7 Million Downloads

Google Employees Personal Info Exposed in Law Firm Data Breach

Krebs: Google Mending Another Crack in Widevine

Microsoft Upgrades Password Spray Attack Detection Capabilities

HPE Fixes Maximum Severity Remote Auth Bypass Bug in SSMC Console

10/22/2020

Iran Seeking to Intimidate U.S. Voters With Spoofed Emails, Intelligence Official Says

‘Dumb Mistake’ Exposed Iranian Hand Behind Fake Proud Boys U.S. Election Emails

Five Takeaways on Iran, Russia Election Interference

Russian State Hackers Stole Data From U.S. Government Networks

EU Sanctions Russian Hackers Over 2015 German Parliament Attack

Voter Websites In California And Florida Could Be Vulnerable To Hacks, Report Finds

Cybersecurity Company Finds Hacker Selling Info on 186 Million U.S. Voters

Researcher: I Hacked Trump’s Twitter by Guessing Password

Twitter Says ‘No Evidence’ Trump’s Account Was Hacked With Laughably Bad Password

Krebs: The Now-Defunct Firms Behind 8chan, QAnon
Dr Reddy’s: COVID Vaccine-Maker Suffers Cyber-Attack

Japanese Drug Firm Shionogi & Co. Hit by Cyberattack, Data Breach

French IT Giant Sopra Steria Hit by Ryuk Ransomware

Lewd Tweets on Fort Bragg Account Were From Administrator, Not a Hack as Army First Said

Microsoft Teams Phishing Attack Targets Office 365 Users

Facebook, News and XSS Underpin Complex Browser Locker Attack

NVIDIA Patches High Severity GeForce Experience Vulnerabilities

Snyk to Automatically Check Docker Official Images for Security Problems

Security Experts Alarmed by ‘Broken’ Cyber Market

Fraud Analysts Miss Dark Web Data