12/5/2022

APT41 Hackers Linked to Chinese Government Stole Millions in COVID Benefits, Secret Service Says

Gunfire at Electrical Grid Kills Power for 45,000 in North Carolina

Syntax Errors Are the Doom of Us All, Including Botnet Authors

Adobe’s Postscript Programming Language Sparked a Revolution: Now You Can Check Out the Source Code

Big Tech and Its Critics Lash Out at Journalism Measure

Cyber Extortion Growing Exponentially in Africa, Middle East and China, Finds Orange

Swiss Digital Giant ABB to Pay $315m in Bribery Case

Sneaky Hackers Reverse Defense Mitigations When Detected

Cybersecurity Should Focus On Managing Risk
‘Team Mysterious Bangladesh’ Hackers Target Indian Education Entity

Iran-Backed APT42 Hackers Targeting Activists, Journalists, Politicians – HRW

French Hospital Halts Operations After Cyber-Attack

Dallas Central Appraisal District Hack Still Causing Issues, Tax Bills May Be Delayed for Thousands

Hackers Hijack Linux Devices Using PRoot Isolated Filesystems

Severe AMI MegaRAC Flaws Impact Servers From AMD, ARM, HPE, Dell, Others

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

CISA Orders Agencies to Patch Exploited Google Chrome Bug by Dec 26th

12/2-4/2022

Never-Before-Seen ‘CryWiper’ Malware Is Nuking Data in Russia’s Courts and Mayors’ Offices

Snowden Receives Russian Passport, Takes Citizenship Oath

North Korean ‘Lazarus’ Hackers Use New, Fake Crypto App ‘BloxHolder’ to Breach Networks, Steal Cryptocurrency

Elon Musk Suspends Ye From Twitter Following Swastika Tweet

Globally Critical Chip ASML Firm Is Driving a Wedge Between the U.S. And Netherlands Over China Tech Policy

Industry Coalition Urges Congress to Hold off on SBOMs Requirements for Defense Contractors

DHS Cyber Board to Examine Hacking Extortion Group Lapsus$

Proton Calendar Rounds Out Security-Focused Big Tech Alternative on iOS

Google Increases Android Security With Memory-Safe Programming Languages

When Hackers Strike, CEOs Become Negotiators, Communicators

Watch Out: Triple-Pronged PayPal Phishing & Fraud Scam

Police Arrest 55 Members of ‘Black Panthers’ SIM Swap Gang

SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist
Rackspace Rocked by ‘Security Incident’ That Has Taken Out Hosted Exchange Services

Cyber Attack on Tamil Nadu Hospital, Hackers Sell Data of 1.5 Lakh Patients

Florida Department of Revenue Tax Website Bug Exposed Filers’ Data

San Diego Unified School District Receives Cybersecurity Threat

Hackers Use Archive Files and HTML Smuggling to Bypass Detection Tools

‘Black Proxies’ Enable Threat Actors to Conduct Malicious Activity

Hackers Sign Android Malware Apps with Compromised Platform Certificates

Android Malware Apps With 2 Million Installs Spotted on Google Play

CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs

Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL

Google Rolls Out New Chrome Browser Update to Patch Yet Another High-Severity Zero-Day Vulnerability

We Are Still Failing to Learn the Most Important Lesson in Cybersecurity: That Needs to Change, Fast

12/1/2022

China Clamps Down on Internet as It Seeks to Stamp Out Covid Protests

Krebs: ConnectWise Quietly Patches Flaw That Helps Phishers

Zuckerberg Slams Apple’s ‘Problematic’ App Store Dominance

Musk Says ‘Misunderstanding’ About Potential Twitter Removal From App Store Resolved

Ye, the Artist Formerly Known as Kanye West, to No Longer Buy Parler

WhatsApp Files on Dark Web Show Millions of Records For Sale

Rising Tether Loans Add Risk to Stablecoin, Crypto World

Now 1Password Remembers Sites That Use Third-Party Accounts Like Google or Facebook to Log In

These File Types Are the Ones Most Commonly Used by Hackers to Hide Their Malware

One Year After Log4Shell, Most Firms Are Still Exposed to Attack

UK Extends NIS Regulations to IT Managed Service Providers
Hackers Leak Another Set of Medibank Customer Data on the Dark Web

FBI: Cuba Ransomware Raked in $60 Million From Over 100 Victims

New DuckLogs Malware Service Claims Having Thousands of ‘Customers’

IKEA Confirms It Was Hit in Significant Cyberattack

Dallam Hartley Counties Hospital District (TX) Reports Data Breach Affecting over 69,000 Patients

Cyber Attack Hits North East London Foundation Trust Finance Systems

Vatican Website Targeted With Multiple Hack Attempts, ‘Abnormal’ Access

New Redigo Malware Drops Stealthy Backdoor on Redis Servers

Spyware Vendor Variston Exploited N-Days in Chrome, Firefox, Windows

Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users

Hyundai App Bugs Allowed Hackers to Remotely Unlock, Start Cars

11/30/2022

Majority of U.S. Defense Contractors Not Meeting Basic Cybersecurity Requirements

Noem Orders TikTok Ban for South Dakota Government

China-Based Hackers UNC4191 Target Southeast Asia With USB-Based Malware

Cloudflare Finds a Way Through China’s Network Defences

North Korea Hackers Using New “Dolphin” Backdoor to Spy on South Korean Targets

Reformed Russian Cybercriminal Warns That Hatred Spreads Hacktivism

Google Moves to Block Invasive Spanish Spyware Framework

Ransomware, SMBs Remain Key Security Concerns Amidst Focus on Critical Infrastructures

Singapore Releases Blueprint to Combat Ransomware Attacks

Cybersecurity Researchers Take Down DDoS Botnet by Accident

LastPass’ Latest Data Breach Exposed Some Customer Information

Whistleblower Reports of Lax Cybersecurity Expected to Rise

Australian Parliament Passes Privacy Penalty Bill: Up to $50M Fines

San Francisco Lawmakers Approve Lethal Robots, but They Can’t Carry Guns

Shares of CrowdStrike Fall After ‘Disappointing’ Earnings, Morgan Stanley Says Buy the Dip

TransUnion Class Action Claims Insecure Information Storage Led to Data Breach
Keralty Ransomware Attack Impacts Colombia’s Health Care System

GoTo Says Hackers Breached Its Dev Environment, Cloud Storage

South Staffordshire (UK) Water Reveals Data Hack

Mena Regional Health System (AR) Suffers Data Breach; 85K Patients Impacted

French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm

Ingalls & Snyder (NY) Files Notice of Data Breach Following Unauthorized Access to Network

Data Stolen in Ransomware Attack Against Guilford College (NC)

Crafty Threat Actor ‘CashRewindo’ Uses ‘Aged’ Domains to Evade Security Platforms

Android and iOS Apps with 15 Million Installs Extort Loan Seekers

Google Discovers Windows Exploit Framework Used to Deploy Spyware

Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection

Sirius XM Flaw Unlocks So-Called Smart Cars Thanks to Code Flaw

Critical RCE Bugs in Android Remote Keyboard Apps With 2M Installs

High Severity Zero-Day Flaw Discovered in Quarkus Java Framework

New “Icefall” Bugs Include Critical DoS Flaw

NVIDIA Releases GPU Driver Update to Fix 29 Security Flaws

11/29/2022

Krebs: U.S. Gov’t Apps Bundled Russian Code With Ties to Mobile Malware Developer

Experts Find 16,000+ Scam FIFA World Cup Domains

Killnet Gloats About DDoS Attacks Downing Starlink, White House

U.S. Census Bureau Head Fends Off Critics of ‘Differential Privacy’ Tool

Musk Asks if Apple Hates ‘Free Speech in America’ After Twitter Advertising Drop-off

Twitter Stops Enforcing COVID Misinformation Policy

How Secure a Twitter Replacement Is Mastodon? Let Us Count the Ways

Web App and API Attacks Surge 257% in Financial Services

Cyber Insurers Turn Attention to Catastrophic Hacks

Police Shutter 13,000 Sites in Piracy Crackdown

Spanish Police Dismantle Operation That Made €12M via Investment Scams

The Hunt for the Dark Web’s Biggest Kingpin, Part 6: Endgame

CISA’s Strategic Plan Is Ushering in a New Cybersecurity Era
Columbia Grain International Reports March 2022 Data Breach

PII May Have Been Stolen in Southampton County (VA) Ransomware Attack

Washington County (MD) Cybersecurity Issue Impacts Some Functions

Klamath County Developmental Disability Services (OR) Data Breach

GOP Super PAC Secure Our Freedom Action Fund Lost $158,000 in Email Hack

Trigona Ransomware Spotted in Increasing Attacks Worldwide

Oracle Fusion Middleware Vulnerability Actively Exploited in the Wild: CISA

New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection

Microsoft Defender Boosts Default Protection for All Enterprise Users

Let’s Encrypt Issued Over 3 Billion Certificates, Securing 309M Sites for Free

Lockheed Martin’s Army Cyber Training Platform Goes Civilian

11/28/2022

Twitter Hit With Wave of Porn and Spam Obscuring Tweets About China Protests

Elon Musk Confirms Twitter 2.0 will Bring End-to-End Encryption to Direct Messages

TikTok ‘Invisible Body’ Challenge Exploited to Push Malware

Meta Fined $276 Million Over Facebook Data Leak Involving More Than 533 Million Users

A Peek Inside the FBI’s Unprecedented January 6 Geofence Dragnet

NSA Cyber Director Talks Threats, Opportunities

WSJ Pro Research Survey: Preparedness Results

Don’t Be Fooled by End-Of-The-Year Articles on Cybersecurity Trends

Banks in EU Face Tougher Rules on Using Cloud Computing Giants
Phishing Campaign Impersonating UAE Ministry of Human Resources Grows

Vanuatu Hospital Staff Using Pen and Paper After Cyber Attack That Crippled Public Sector

Durham (ON) Schools Without Email or Phone Services After ‘Cyber Incident’

Community Health Network Notifies 1.5M of Data Breach Stemming From Tracking Tech

Hope Health Systems (MD) Experiences Ransomware Attack, Leading to Data Breach

Malicious Android App Found Powering Account Creation Service

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks

Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services

11/25-27/2022

Election Security a Success, but More Improvements Needed, Experts Say

Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations

New Ransomware Attacks in Ukraine Linked to Russian Sandworm Hackers

The FCC Just Banned These Chinese Cameras and Telecom Hardware From Reaching the U.S.

Apple Tracks You More Than You Think

The Biggest Security Risks of Using Fitness Trackers and Apps to Monitor Your Health

Elon Musk Says Twitter Is Launching ‘Verified’ Service Next Week

For Gaming Companies, Cybersecurity Has Become a Major Value Proposition

Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions

Google Warns: Android ‘Patch Gap’ Is Leaving These Smartphones Vulnerable to Attack
Ragnar Ransomware Gang Targets Belgian Municipality, Hits Police Instead

Vice Society Ransomware Claims Attack on Cincinnati State College

Canadian Menswear Chain Harry Rosen Confirms Cyber Attack

All-India Institute of Medical Sciences (AIIMS) Server Still Down Four Days After Ransomware Attack

Dufferin County Paramedic Service (ON) Electronic Patient Record System Shut Down Due to Cyber Attack

DWIs, Gun Miscues and Dubious Acts Revealed in New York State Police Disciplinary Files

5.4 Million Twitter Users’ Stolen Data Leaked Online — More Shared Privately

Remote Code Execution Vulnerability Found in Windows Internet Key Exchange

ConnectWise Fixes XSS Vulnerability that Could Lead to Remote Code Execution

Google Releases Chrome Patch to Fix New Zero-Day Vuln

11/24/2022

Interpol Seized $130 Million From Cybercriminals Worldwide

‘iSpoof’ Service Dismantled, Main Operator and 145 Users Arrested

I Lost $17,000 in Crypto. Here’s How to Avoid My Very Silly Mistake

10,000 BTC Moves off Crypto Wallet Linked to 2014 Mt. Gox Hack

Where Are We Heading With Data Privacy Regulations?
Bahamut Spyware Group Compromises Android Devices Via Fake VPN Apps

Docker Hub Repositories Hide 1,650+ Malicious Containers

Personal Information Data Breach Prompts Warning From Tehama County (CA)

New RansomExx Ransomware Variant Rewritten in the Rust Programming Language

The Hunt for the Dark Web’s Biggest Kingpin, Part 5: Takedown

11/23/2022

Ukraine War: Blackouts Across Ukraine Amid Wave of Russian Strikes

Dozens of Russian Groups Steal 50 Million User Passwords

Pro-Russian Hacktivists Take Down EU Parliament Site in DDoS Attack

Yanluowang Ransomware’s Russian Links Laid Bare in Online Leaks

Microsoft Says Attackers Are Hacking Energy Grids by Exploiting Decades-Old Software

UK Privacy Tsar Defends Controversial Enforcement Strategy

Panaseer Launches Guidance on Security Controls Ahead of EU’s New Legislation

Meta Removes Pro-U.S. Accounts in Middle East and Central Asia

U.S. Military Influence Campaign

Ducktail Hackers Now Use WhatsApp to Phish for Facebook Ad Accounts

Grassley Presses Musk Over Twitter Data Security Concerns, Whistleblower Allegations

Musk Says He’s Done With Twitter Layoffs

Now Hiring!

Cyber Due Diligence in M&As Uncovers Threats, Improves Valuations
Sonder Takes Steps After Data Breach

Ontario Secondary School Teachers’ Union Notifies Victims of Ransomware Attack

Doctors’ Center Hospital (PR) Announces Breach Affecting Over One Million Patients

Disability Services of the Southwest Has Data Breach

Health Care Management Solutions (WV) Data Breach Affects 500,000 Individuals

Driver’s License Numbers for 470K May Have Been Exposed in Suffolk Cyberattack

Wright & Filippis (MI) Data Breach Affects More than 877k Individuals

Mercyhurst University (PA) Announces Data Breach

GATE Petroleum Company (FL) Announces Data Breach

Hackers Exploiting Abandoned Boa Web Servers to Target Critical Industries

Qakbot Infections Linked to Black Basta Ransomware Campaign

Backdoored Chrome Extension ‘SearchBlox’ Installed by 200,000 Roblox Players

Fake MSI Afterburner Targets Windows Gamers With Miners, Info-Stealers

Mali GPU ‘Patch Gap’ Leaves Android Users Vulnerable to Attacks

11/22/2022

The U.S. Has a Bomb-Sniffing Dog Shortage

Killnet DDoS Hacktivists Target British Royal Family and Others

Experts Warn Threat Actors May Abuse Red Team Tool Nighthawk

This Scam Starts With a Fake Invoice: It Could End With Crooks Stealing Your Data

In Court Appearance, FTX Lawyer Says ‘Substantial Amount’ of Crypto Firm’s Assets Stolen or Missing

U.S. Takes Down Domains Used in ‘Pig Butchering’ Cryptocurrency Scheme

Hackers Are Locking Out Mars Stealer Operators From Their Own Servers

Four Reasons The Cybersecurity Sector Could Remain Recession-Resilient
Hackers Breach Energy Orgs via Bugs in Discontinued Web Server

Receivables Performance Management (WA) Data Breach Impacts over 3.7 Million People

Gateway Rehabilitation Center (PA) Data Breach Impacts 130,000

HomeTrust Mortgage (TX) Reports Data Breach in the Wake of Ransomware Attack

Donut Extortion Group Also Targets Victims With Ransomware

Android File Manager Apps Infect Thousands With Sharkbot Malware

‘ViperSoftX’ Malware Installs Malicious Browser Extensions to Steal Users’ Passwords and Cryptos

AWS Fixes ‘Confused Deputy’ Vulnerability in AppSync

11/21/2022

Red Tape, Potholes and Politics Hamper NATO’s Defence Efforts as the Russia Threat Rises

Cyber as Important as Missile Defences: Ex-NATO General

U.S. Offshore Oil and Gas Installation at ‘Increasing’ Risk of Cyberattack

Autonomous Vehicles Join the List of U.S. National Security Threats

World Cup Phishing Emails Spike in Middle Eastern Countries

Luna Moth Phishing Extortion Campaign Targets Businesses in Multiple Sectors

Attackers Bypass Coinbase and MetaMask 2FA via TeamViewer, Fake Support Chat

Microsoft: Hackers Are Using This ‘Concerning’ Tactic to Dodge Multi-Factor Authentication

The Long, Lonely Wait to Recover a Hacked Facebook Account

Google Wins Legal Battle Against Two Russians Connected with the Glupteba Botnet

Two Estonians Arrested for Running $575M Crypto Ponzi Scheme

Investors Are Pouring Cash Into These 10 Cybersecurity Startups
Daixin Ransomware Gang Steals 5 Million AirAsia Passengers’ and Employees’ Data

Hackers Steal $300K in DraftKings via Credential Stuffing

DraftKings Says No Evidence Systems Were Breached Following Report of a Hack

Westmount (QC) Hit by Ransomware

Commonwealth Care Alliance of California Reports Data Breach Leaking Patient Health Info

Eagle Bank (MD) Data Breach Compromised Customer Social Security Numbers

South Walton Fire District (FL) Warns Patients About Cyber Attack Incident

Notorious Emotet Malware Returns With High-Volume Malspam Campaign

Google Identifies 34 Cracked Versions of Popular Cobalt Strike Hacking Toolkit in the Wild

Aurora Infostealer Malware Increasingly Adopted by Cybergangs

Google Chrome Extension Used to Steal Cryptocurrency, Passwords

Thousands of Algolia API Keys Could Expose Users’ Data

Microsoft’s Attempts to Harden Kerberos Authentication Broke It on Windows Servers

11/18-20/2022

Government of Moldova Shaken by Big Hack-And-Leak Operation

Vanuatu: Hackers Strand Pacific Island Government for Over a Week

China and the TikTok Threat: How the White House Cybersecurity Team Is Thinking About It

CISA, NSA, ODNI Publish Software Supply Chain Guidelines For Customers

Shoppers Warned Stay Alert this Black Friday as Hackers Renew Efforts

Krebs: Researchers Quietly Cracked Zeppelin Ransomware Keys

FTX’s Sam Bankman-Fried Cashed Out $300 Million During Funding Spree

Wickr’s Free Encrypted Messaging App Is Shutting Down Next Year

Donald Trump Returns to Twitter After Elon Musk’s Poll

How BlackBerry Moved From Iconic Cellphones to Cybersecurity

Australia’s Hack-Back Plan Against Cyberattackers Raises Familiar Concerns

Cybercriminals Strike Understaffed Organizations on Weekends and Holidays

U.S. Charges BEC Suspects With Targeting Federal Health Care Programs

Indian Government Publishes Draft of Digital Personal Data Protection Bill 2022
Chinese ‘Mustang Panda’ Hackers Actively Targeting Governments Worldwide

Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware

Google Search Results Poisoned With Torrent Sites via Data Studio

Booz Allen Says Former Staffer Downloaded Employees’ Personal Data

Eesti Energia Website Down After Pro-kremlin Cyber Attack

Cyber Attack on Central Depository Services (India)

Patients Receive Letter Informing of Data Breach From Christus Spohn Health System (TX)

Miller County (AR) Offices Impacted by Cyber Attack After Breach Two Weeks Ago

New ‘AXLocker’ Ransomware Encrypts Files, Then Steals Your Discord Account

LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities

New Attacks Use Windows Security Bypass Zero-Day to Drop Malware

Exploit Released for Actively Abused ProxyNotShell Exchange Bug

Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products

Google Looking Outside the Usual Channels to Fix Security Skills Gap

11/17/2022

Wray Tells Lawmakers That FBI Conducts Cyber Offensive Operations

Senate Democrats Ask FTC to Investigate Twitter After ‘Alarming Steps’ by Musk

Meta Employees, Security Guards Fired for Hijacking User Accounts

Meta Keeps Booting Small Business Owners for Being Hacked on Facebook

FTX’s New Boss Reveals Chaos Left Behind by Sam Bankman-Fried

FTX Filing: Sam Bankman-Fried Transferred Assets to Bahamas Government Custody After Bankruptcy

1Password Embraces a Passwordless Future

Security Firms Are Turning NYC’s Street Trees Into Surveillance Posts for Guards

More Than Half of Black Friday Spam Emails Are Scams

UK Government Seeks Further Easing of Data Protection Rules

Chinese Spy Gets 20 Years for Aviation Espionage Plot

U.S. Charges Russian Suspects With Operating Z-Library E-Book Site
Phishing Kit Impersonates Well-Known Brands to Target U.S. Shoppers

Middletown Valley Bank (MD) Data Breach After Unauthorized Access to Computer Network

Innovative Service Technology Management Services (GA) Reports Data Breach

FBI: Hive Ransomware Extorted $100M From Over 1,300 Victims

Previously Unidentified ARCrypter Ransomware Expands Worldwide

QBot Phishing Abuses Windows Control Panel EXE to Infect Devices

High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices

Microsoft Urges Devs to Migrate Away From .Net Core 3.1 ASAP

Zero-Trust Initiatives Stall, as Cyberattack Costs Rocket to $1M per Incident

Google Wins Lawsuit Against Alleged Russian Botnet Herders

Spacecraft Vulnerable to Failure, Thanks to Aerospace Networking Bug

11/16/2022

FBI Head: China Has ‘Stolen More’ U.S. Data ‘Than Every Other Nation Combined’

Russia’s Cyber Forces ‘Underperformed Expectations’ in Ukraine: Senior U.S. Official

Former CISA Director Chris Krebs Praises Government’s Role in Election Security

Hostile States Are Targeting You, Speaker Warns MPs

U.S. Gov’t: Iranian Hackers Breached Federal Agency Using Log4Shell Exploit

State-Backed APT Group Activity Continuing Apace

Germany Says Nein to Qatari World Cup Spyware, Err, Apps

Krebs: Disneyland Malware Team: It’s a Puny World After All

Telehealth Sites Put Addiction Patient Data at Risk

DuckDuckGo’s App Tracking Protection Beta Is Now Available to All Android Users for Testing

Hot Market for Cyber Insurance Begins to Stabilize

Majority of Companies Reduce Cybersecurity Staff Over Holidays
Researchers Discover Hundreds of Amazon RDS Instances Leaking Users’ Personal Data

Magento Stores Targeted in Massive Surge of TrojanOrders Attacks

Data Breach at Arkansas Department of Human Services Releases Medicaid Information

Lake Charles Memorial (LA) Assessing Information After Recent Cyber Attack

Sierra College (CA) Files Notice of Data Breach Following Ransomware Attack

Old Point National Bank (VA) Data Breach Compromises SSNs and Account Numbers

WASP Malware Stings Python Developers According to Researchers

New RapperBot Campaign Aims to Launch DDoS Attacks at Game Servers

Twitter Source Code Indicates End-To-End Encrypted DMs Are Coming

Cybersecurity Best Practice Is Critical for Winning the New Space Race

11/15/2022

Lazarus Backdoor DTrack Evolves to Target Europe and Latin America

Billbug Targets Government Agencies in Multiple Asian Countries

New “Earth Longzhi” APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders

Mayorkas: Ties With Private Sector, Foreign Partners ‘Increasingly Vital’ as Cyber Threats Rise

Shocker: EV Charging Infrastructure Is Seriously Insecure

Twitter Says 2FA Still Works, but It’s Looking Into a ‘Few Cases’ Where It Didn’t

The Hunt for the Dark Web’s Biggest Kingpin, Part 4: Face to Face

Krebs: Top Zeus Botnet Suspect “Tank” Arrested in Geneva

Police Celebrate Arrest of 59 Suspected Scammers

Google to Pay $392M in Landmark Privacy Case

Google to Roll Out Privacy Sandbox on Android 13 Starting Early 2023
Suffolk Police Publish Victims Information in Mass Data Breach

Ransomware Attack Keeps Jackson, Hillsdale County Schools (MI) Closed Again

Work Health Solutions (CA) Data Breach After Unauthorized Employee Email Access

Twitter Fixed a Bug That Exposed Advertisers’ Sensitive Credit Details Internally

PCSpoof: New Vulnerability Affects Networking Tech Used by Spacecraft and Aircraft

Researchers Reported Critical SQLi and Access Flaws in Zendesk Analytics Service

Remote Code Execution Discovered in Spotify’s Backstage

Misconfigurations, Vulnerabilities Found in 95% of Applications

How Routine Pen Testing Can Reveal the Unseen Flaws

Cybersecurity Jobs: Five Ways to Help You Build Your Career

11/14/2022

Instagram, Facebook, Twitter, YouTube Suspended in Turkey After Blast

Russian ‘Killnet’ Hackers Claim Cyber Attack On FBI Website

The Hunt for the FTX Thieves Has Begun

Hack or Inside Job? Blockchain Experts Examine Clues and a ‘Stupid Mistake’

GitHub Now Supports Researchers with Private Vulnerability Reporting For Public Repositories

The Long, Solder-Heavy Way to Get Root Access to a Starlink Terminal
Whoosh Confirms Data Breach After Hackers Sell 7.2M User Records

New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks

42,000 Sites Used to Trap Users in ‘Fangxiao’ Brand Impersonation Scheme

Over 15,000 WordPress Sites Compromised in Malicious SEO Campaign

Windows Kerberos Authentication Breaks After November Updates

11/11-13/2022

Bankrupt Crypto Exchange FTX Probing Unauthorized Transactions

At Least $1 Billion of Client Funds Missing at Failed Crypto Firm FTX

FTX Says It’s Removing Trading and Withdrawals, Moving Digital Assets to a Cold Wallet

Bankrupt Crypto Exchange FTX Is Under Criminal Investigation in the Bahamas

Sam Bankman-Fried Reportedly Denies Fleeing to Argentina, Says He’s Still in the Bahamas

Plotting Escape to Non-Extradition Safe Haven Dubai?

Larry David ‘Predicted’ FTX’s Implosion

Crypto.com Withdrawals Rise After CEO Admits Transaction Problem

‘Dark Ships’ Emerge From the Shadows of the Nord Stream Mystery

Twitter C-Level Resignations Continue As Blue Program Creates New Cyber-Risks

Twitter Pauses Paid Verifications After Users Abuse Service to Impersonate Brands and People

Internal Documents Show How Close the FBI Came to Deploying Spyware

NSA Urges Orgs to Use Memory-Safe Programming Languages

U.S. Seized 18 Web Domains Used for Recruiting Money Mules
Microsoft Blames Russian ‘Sandworm’ Hackers for Prestige Ransomware Attacks on Ukraine & Poland

Ukraine Says Russian Hacktivists Use New Somnia Ransomware

Australian Police to Russian Medibank Hackers: ‘We Know Who You Are’

Australia to Consider Banning Paying of Ransoms to Cyber Criminals

Experts Uncover Two Long-Running Android Spyware Campaigns Targeting Uyghurs

World Cup Apps Pose a Data Security and Privacy Nightmare

Canadian Food Retail Giant Sobeys Hit by Black Basta Ransomware

Merced College (CA) Knocked Offline in Apparent Malware Attack

Royal Mail Down: Tracking Unavailable as Outage Exceeds 24 Hours

New Extortion Scam Threatens to Damage Sites’ Reputation, Leak Data

Malicious Google Play Store App Spotted Distributing Xenomorph Banking Trojan

Multiple High-Severity Flaws Affect Widely Used OpenLiteSpeed Web Server Software

Android Phone Owner Accidentally Finds a Way to Bypass Lock Screen

Microsoft Defender Network Protection Generally Available on iOS, Android

11/10/2022

Russian Military Hackers Linked to Ransomware Attacks in Ukraine

Russia’s Sway Over Criminal Ransomware Gangs Is Coming Into Focus

Russian LockBit Ransomware Operator Arrested in Canada

Kaspersky to Kill Its VPN Service in Russia Next Week

Ukraine Arrests Fraud Ring Members Who Made €200 Million per Year

Apple Limits AirDrop in China After Its Use in Protests

Krebs: Lawsuit Seeks Food Benefits Stolen By Skimmers

Twitter Turmoil Worsens

Majority of Security Managers Lack Threat Intelligence Skills

Hacker Rewarded $70,000 for Finding Way to Bypass Google Pixel Phones’ Lock Screens

Is Cybersecurity Awareness Month Anything More Than PR?

Flashpoint Releases Ransomware Prediction Model for Vulnerabilities
Pupils’ Data Spread Online in Hereford School Cyber Attack

Petersen International Underwriters (CA) Reports Data Breach

United Veterinary Care (FL) Sends Data Breach Letter

Salud Family Health (CO) Reports Data Breach Following Apparent Cyberattack

U.S. Health Dept Warns of Venus Ransomware Targeting Healthcare Orgs

Phishing Drops IceXLoader Malware on Thousands of Home, Corporate Devices

FBI Warns Scammers Now Impersonate Refund Payment Portals

Researchers Uncover PyPI Package Hiding Malicious Code Behind Image File

Worok Hackers Hide New Malware in PNGs Using Steganography

Microsoft Fixes MoTW Zero-Day Used to Drop Malware via ISO Files

11/9/2022

A ‘Handful’ of State Election Websites Hit With Cyberattacks, CISA Official Says

Mississippi Officials Unable to Confirm Actors Behind Election Websites Cyberattack

Russia-Linked APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network

New Chinese Hacking Group Uses Custom ‘Symatic’ Cobalt Strike Loaders

Spyware Scandals Prompt Multiple Calls for Further Bans in Europe

Wells Fargo, Zelle Slammed by Liz Warren Over Rampant Online Banking Fraud

How to Avoid Getting Duped by Medicare Scammers During Open Enrollment

How to Prepare for the End of Card Payments

The Ubertooth One Lets You Take a Bite Out of Bluetooth

IBM Unveils New Chip in Push to Realize Quantum Computing’s Promise

Couple Sentenced to Prison for Trying to Sell Nuclear Warship Secrets
Medibank Warns Customers Their Data Was Leaked by Ransomware Gang

TransUnion Confirms Recent Data Breach

Camping World and Good Sam Announce Data Breach That Leaked Consumer Info

Cyber Attack on an Orange Debt Collection Provider in Spain Exposes Sensitive Data

15,000 Sites Hacked for Massive Google SEO Poisoning Campaign

Several Cyber Attacks Observed Leveraging IPFS Decentralized Network

Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network

New StrelaStealer Malware Steals Your Outlook, Thunderbird Accounts

High-Risk Vulnerability Found in ABB’s Flow Computers

Lenovo Fixes Flaws That Can Be Used to Disable UEFI Secure Boot

Krebs: Patch Tuesday, November 2022 Election Edition

11/8/2022

Ukrainian Hacktivists Claim to Leak Trove of Documents From Russia’s Central Bank

FBI: Russian Hacktivists Achieve Only ‘Limited’ DDoS Success

North Korea Attempted to Hack, Siphon Funds From an Israeli Company

Cyber Agency Remains Vigilant Despite Finding No ‘Credible Threats’ to Election

Cyberattacks That Slowed Champaign County (IL) Election Day Voting Process ‘Resolved’

TrustCor: A Tiny Company With a UPS Store Address Could Help the Gov’t Get Around Browser Security

Highmark Health Finds Cybersecurity Staff in Tight Labor Market

Insider Risk on the Rise: 12% of Employees Take IP When Leaving Jobs

Influencer ‘Hushpuppi’ Gets 11 Years in Prison for Cyber Fraud
Over Thirty Arkansas Counties Impacted by Cyber Attack

Shangri-la Hotel Data Breach Likely Had ‘Minimal’ Impact at Singapore Ministerial Summit

Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines

Malicious Extension Lets Attackers Control Google Chrome Remotely

Citrix Urges Admins to Patch Critical ADC, Gateway Auth Bypass

VMware Fixes Three Critical Auth Bypass Bugs in Remote Access Tool

Microsoft November 2022 Patch Tuesday Fixes 6 Exploited Zero-Days, 68 Flaws

Microsoft Fixes ProxyNotShell Exchange Zero-Days Exploited in Attacks

11/7/2022

Ukraine Looks to Technology to Help Rebuild Its Economy Amid Russia’s Onslaught

Japan Joins Key NATO Cyber Agency

This Hidden Facebook Tool Lets Users Remove Their Email or Phone Number Shared by Others

Microsoft Hits the Switch on Password-Free Smartphone Authentication

Experts Find URLScan Security Scanner Inadvertently Leaks Sensitive URLs and Data

Stolen $3BN Bitcoin Mystery Ends With Popcorn Tin Discovery
Maple Leaf Foods Suffers Outage Following Weekend Cyberattack

Medibank Refuses to Pay Ransom After Data Breach

Ransomware Gang Threatens to Release Stolen Medibank Data

Morrison Products Reports Data Breach, Leaking Victims’ Social Security Numbers

Alinsco Managing General Agency Files Report of Data Breach

Azov Ransomware Is a Wiper, Destroying Data 666 Bytes at a Time

11/4-6/2022

Here’s How Lawmakers Are Tackling Rising Cyber Threats in the Health Sector

Red Cross Wants Digital Symbols to Deter Hackers From Healthcare Institutions

British Gov’t Is Scanning All Internet Devices Hosted in UK

UK Gov’t Data Breach for Millions of Children Ruled Unlawful

CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software

Twitter Slashes Nearly Half Its Workforce as Musk Admits ‘Massive Drop’ in Revenue

Twitter Cut 15 Percent of Its Trust and Safety Staff but Says It Won’t Impact Moderation

Civil Rights Groups Slam Musk’s Mass Twitter Layoffs, Urge Companies to Pause Ads

Former Twitter Chief Jack Dorsey Issues Apology Amid Mass Layoffs: “I Grew the Company Too Quickly”

As Twitter Brings on $8 Fee, Phishing Emails Target Verified Accounts

Krebs: LinkedIn Adds Verified Emails, Profile Creation Dates
National Guard to Offer Midterm Elections Cybersecurity Help

Researchers Detail New Malware Campaign Targeting Indian Government Employees

FBI: Hacktivist Ddos Attacks Had Minor Impact on Critical Orgs

Norman Public Schools (OK) Experiencing Malicious Ransomware Attack

OakBend Medical Center Provides Healthcare Data Breach Notice

Gala Games Debunk Rumors Of Alleged Hack After Token Plunges

Robin Banks Phishing Service Returns to Steal Banking Accounts

Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities

SolarWinds Reaches $26M Settlement With Shareholders, Expects SEC Action

Microsoft Sued for Open-Source Piracy Through Github Copilot

11/3/2022

RomCom Weaponized KeePass and SolarWinds Instances to Target Ukraine, Maybe UK

Cyber Threat Landscape Shaped by Ukraine Conflict, ENISA Report Reveals

TikTok Confirms Chinese Staff Can Access UK and EU User Data

Congressional Report Finds Health Care Sector ‘Uniquely Vulnerable’ to Cyber Attacks

New Crimson Kingsnake Gang Impersonates Law Firms in BEC Attacks

Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers

OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa

Soccer Fans, You’re Being Watched

Zurich and Mondelez Reach NotPetya Settlement, but Cyber-Risk May Increase

Economic Uncertainty Isn’t Stopping Cybercrime Recruitment — It’s Fueling It
OPERA1ER Hackers Steal Over $11 Million From Banks and Telcos

LockBit Ransomware Claims Attack on Continental Automotive Giant

Royal Mail Customer Data Leak Shutters Online Click and Drop

Cyber Incident at Boeing Subsidiary Jeppesen Causes Flight Planning Disruptions

DSB Danish Train Standstill on Saturday Caused by Cyber Attack

Ethos Group Confirms Recent Data Breach

Three Rivers Provider Network Confirms Data Breach Impacting Victims’ SSNs

North Idaho College Recovering From Cyberattack That Led to Network Shutdown

St. Luke’s Health (TX) Suffers Third-Party Data Breach, Unrelated to CommonSpirit Attack

New Clipboard Hijacker ‘Laplas Clipper’ Replaces Crypto Wallet Addresses With Lookalikes

11/2/2022

EU Expands Cyber Rules for Airline Flight Safety

U.S. Treasury Thwarts DDoS Attack From Russian Killnet Group

Cyber-Attacks on Small Firms: The U.S. Economy’s ‘Achilles Heel’?

Mobile Phishing Attacks on Government Staff Soar

U.S. Gov’t Employees Exposed to Mobile Attacks From Outdated Android, iOS

Twitter Verified Status Users Flooded with Scams

French Defense Firm Thales Denies Ransomware Attack After Leak Site Posting

Rust: The ‘Viral’ Secure Programming Language That’s Taking Over Tech

The Flipper Zero Is a Swiss Army Knife of Antennas

U.S. Hacker Group Indicted For Million-Dollar RICO Conspiracy

Vitali Kremez Found Dead After Apparent Scuba Diving Accident
Vodafone Italy Discloses Data Breach After Reseller Hacked

Australian Real Estate Agency Harcourts Reveals Names, Addresses Possibly Compromised in Attack

Alma Radio Telescope in Chile Taken Down by Cyber Attack

Crypto Exchange Deribit Loses $28 Million in a Hack

Multi-Color Corporation Reports Data Breach Affecting Sensitive Employee and Dependent Info

CorrectCare Integrated Health Announces Data Breach Impacting Individuals Incarcerated

Hundreds of U.S. News Sites Push Malware in Supply-Chain Attack

Dozens of PyPI Packages Caught Dropping ‘W4SP’ Info-Stealing Malware

Emotet Botnet Starts Blasting Malware Again After 5 Month Break

Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software

11/1/2022

U.S. Treasury Thwarted Attack by Russian Hacker Group Last Month-Official

China-Backed APT10 Supercharges Spy Game With Custom Fileless Backdoor

Senior Cyber Official: Disinfo Campaigns a ‘Significant Concern’ Ahead of Midterms

CISA Publishes Multi-Factor Authentication Guidelines to Tackle Phishing

Government by Gmail Catches up With UK Minister… Who Is Reappointed Anyway

U.S. Banks Report More Than $1 Billion in Potential Ransomware Payments in 2021

Krebs: Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Russian Hacker Behind Massive Data Breach Released From U.S. Prison

Layoffs Mount as Cybersecurity Vendors Hunker Down

Nearly a Third of Cybersecurity Leaders Considering Quitting

Non-Traditional Applicants Could Be Answer to Cyber Talent Shortage
Osaka Hospital Halts Services After Ransomware Attack

Thomson Reuters Database Leak Exposed 3TB of Sensitive Platform and Customer Data

France’s Defence Group Thales Says Hackers Claim to Have Stolen Data

Dropbox Discloses Breach After Hacker Stole 130 Github Repositories

Flambeau (WI) Reports Data Breach Impacting 10,447 Individuals

Pinnacle Claims Management (CA) Files Notice of Data Breach

Google Ad for GIMP.org Served Info-Stealing Malware via Lookalike Site

New SandStrike Spyware Infects Android Devices via Malicious VPN App

Malicious Android Apps With 1M+ Installs Found on Google Play

Researchers Disclose Details of Critical ‘CosMiss’ RCE Flaw Affecting Azure Cosmos DB

OpenSSL 3 Patch, Once Heartbleed-Level “Critical,” Arrives as a Lesser “High”

10/31/2022

Ransomware Hackers Hit Australian Defence Communications Platform

U.S. Convenes Over 30 Countries to Address Ransomware as Hacks of Hospitals, Critical Infrastructure Continue

Data Breach of Missile Maker MBDA May Have Been Real: CloudSEK

NSA Shares Supply Chain Security Tips for Software Suppliers

CISA, FBI, MS-ISAC Publish Guidelines For Federal Agencies on DDoS Attacks

The Hunter Cat Is Kinda Like a Bodyguard for Your Credit Card
Education Tech Giant Chegg Gets an F From FTC for Security After Sensitive Info on 40 Million Users Stolen

Hackers Selling Access to 576 Corporate Networks for $4 Million

U.S. Vision Data Breach Involves Patients of Nationwide Optometry, P.C., SightCare, Inc. & Nationwide Vision Center

New Azov Data Wiper Tries to Frame Researchers and BleepingComputer

Hacking Group Abuses Antivirus Software to Launch LODEINFO Malware

Mozilla Firefox Fixes Freezes Caused by New Windows 11 Feature

10/28-30/2022

Inside a U.S. Military Cyber Team’s Defence of Ukraine

Liz Truss Phone Hack Claim Prompts Calls for Investigation

Federal Bans Aren’t Stopping U.S. States From Buying Forbidden Chinese Kit

‘Complex Threat Environment’ Ahead of Midterm Elections, Top Cybersecurity Official Says

Israel’s Largest Ultra-Orthodox Party Suffers Database Leak, Exposing Info on Millions of Voters

The Election That Saved the Internet From Russia and China

Elon Musk Closes Twitter Deal, Immediately Fires Top Executives

Twitter Is Drafting Broad Job Cuts, Days After Elon Musk’s Takeover

New Open-Source Tool Scans Public AWS S3 Buckets for Secrets

Student Arrested for Running One of Germany’s Largest Dark Web Markets, ‘Deutschland im Deep Web’
Largest EU Copper Producer Aurubis Suffers Cyberattack, IT Outage

WakeMed Health & Hospitals (NC) Announces Data Breach Affecting 495,808 Patients

These Dropper Apps On Play Store Targeting Over 200 Banking and Cryptocurrency Wallets

Cranefly Hackers Use Stealthy Techniques to Deliver and Control Malware

High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices

Connectwise Fixes RCE Bug Exposing Thousands of Servers to Attacks

Exploit Released for Critical VMware RCE Vulnerability, Patch Now

Google Fixes Seventh Chrome Zero-Day Exploited in Attacks This Year

Actively Exploited Windows MoTW Zero-Day Gets Unofficial pPatch

10/27/2022

U.S. Cyber Officials Prioritizing Securing Critical Sectors, Foreign Partnerships Amid Rising Threats

U.S. Officials Say Tech Companies Must Build Secure Products

Japan to Citizens: Get a Digital ID or Health Insurance Gets Harder

Slovak Parliament Suspends Voting Due to Suspected Cyberattack

New York Post Hacked With Offensive Headlines Targeting Politicians

New York Post Fires Employee Who Posted Racist, Sexist Articles to Website, Twitter

Microsoft Links Raspberry Robin Worm to Clop Ransomware Attacks

Never Pay the Ransom — A Cybersecurity CEO Explains Why

Amazon Accidentally Exposed an Internal Server Packed With Prime Video Viewing Habits

Apple iOS and macOS Flaw Could’ve Let Apps Eavesdrop on Your Conversations with Siri
Twilio Discloses Another Hack From June, Blames Voice Phishing

Michigan Medicine Notifies Patients of Health Information Breach

Ascension St. Vincent’s Coastal Cardiology Data Breach After Ransomware Attack

Drinik Android Malware Now Targets Users of 18 Indian Banks

Fodcha DDoS Botnet Reaches 1Tbps in Power, Injects Ransoms in Packets

Kiss-a-Dog Cryptojacking Campaign Targets Docker and Kubernetes

Not So Nice: Purpleurchin Cryptocurrency Miners Spotted Scouring Free Github, Heroku Accounts

Researchers Expose Over 80 ShadowPad Malware C2 Servers

OpenSSL Warns of Critical Security Vulnerability With Upcoming Patch

Apple Fixes Recently Disclosed Zero-Day on Older iPhones, iPads

10/26/2022

Pro-Chinese Disinformation Group Attempts to Undermine U.S. Political System, Influence Voters

White House Unveils Cyber Plan for Chemical Sector

The Feds’ New Open-Access Policy: Who’s Gonna Pay For It?

Ransomware Threat Shifts from U.S. to EMEA and APAC

Ransomware Gangs Ramp Up Industrial Attacks in U.S.

These Ransomware Victims Are Making the Highest Ransom Payments

LinkedIn’s New Security Features Combat Fake Profiles, Threat Actors

Hinge Plans to Add Video Verification Feature as ‘Romance Scams’ Soar

British Hacker Charged for Allegedly Running the Real Deal Dark Web Market

A Bug in Apple MacOS Ventura Breaks Third-Party Security Tools
Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military

Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans

Australian Clinical Labs Announces Medlab Pathology Data Breach Affects 223,000 Accounts

15 Anesthesia Practices Confirm Recent Data Breach From Incident at “Management Company”

Phoenix Programs of Florida Experienced Data Breach Following Compromised Email Accounts

Urology of Greater Atlanta Announces Data Breach, Does Not Disclose Impact

Medibank Now Says Hackers Accessed All Its Customers’ Personal Data

Microsoft Fixes Windows Vulnerable Driver Blocklist Sync Issue

Google Chrome Pays $57K (and Counting) in Bug Bounties for Latest Update

10/25/2022

Sen. Wyden Urges FTC to Access Classified Info to Combat Foreign Hacks

WhatsApp Back Online After Worldwide Outage

New Samsung Maintenance Mode Protects Your Data During Phone Repairs

Gone Phishing: UK Data Watchdog Fines Construction Biz £4.4M for Poor Infosec Hygiene

Dutch Police Arrest Hacker Who Breached Healthcare Software Vendor

Ukrainian Charged for Operating Raccoon Stealer Malware Service

The Hunt for the Dark Web’s Biggest Kingpin, Part 1: The Shadow

Cybersecurity Teams Are Reaching Their Breaking Point: We Should All Be Worried

Remote Work Has Changed Everything: And It’s Still Getting Weirder

About Workers’ Cybersecurity Awareness: 4 Misconceptions
Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company

See Tickets Discloses 2.5 Years-Long Credit Card Theft Breach

Microsoft: Vice Society targets schools with multiple ransomware families

Cyber Attack Suspected in Erie County (PA) 911 Failure Sunday Night

Choice Health Insurance Confirms Recent Data Breach

Massive Cryptomining Campaign Abuses Free-Tier Cloud Dev Resources

22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library

Researchers Detail Windows Event Log Vulnerabilities: LogCrusher and OverLog

Cisco Warns Admins to Patch AnyConnect Flaw Exploited in Attacks

VMware Fixes Critical Cloud Foundation Remote Code Execution Bug