9/23/2021

FamousSparrow APT Wings in to Spy on Hotels, Governments

Officials Urge Congress to Consider Fining Companies That Fail to Report Cyber Incidents

Banks Share Data to Block Cyberattacks

Ransomware Attackers Targeted This Company: Then Defenders Discovered Something Curious

REvil Affiliates Confirm: Leadership Were Cheating Dirtbags

Google Report Spotlights Uptick in Controversial ‘Geofence Warrants’ by Police

Krebs: Indictment, Lawsuits Revive Trump-Alfa Bank Story
Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers

Illinois Integrated Eligibility System Acknowledges Possible Data Breach 10 Months After Incident

Port of Houston Target of Suspected Nation-State Hack

U.S. Eye-Care Providers Report Data Breaches

Malware Devs Trick Windows Validation With Malformed Certs

Apple Patches New Zero-Day Bug Used to Hack iPhones and Macs

9/22/2021

Republican Lawmakers Raise Security, Privacy Concerns Over Huawei Cloud Services

Lithuania Tells Its Citizens to Throw Xiaomi Mobile Devices in the Bin

Zoom’s $15B Merger With Five9 Probed by Uncle Sam for National Security Risks

Facebook’s Chief Technology Officer Mike Schroepfer to Step Down

FBI, CISA, and NSA Warn of Escalating Conti Ransomware Attacks

Most Business Executives Would Be Willing To Pay Cyber Ransoms: Survey

Internet Users Stressed Out by Cyberattack News: Kaspersky

U.S. Locks Up Call Center Scammer
RaidForums Hacker Data Marketplace Accidentally Exposes Private Staff Page

How REvil May Have Ripped Off Its Own Affiliates

Real Estate Firm Marcus & Millichap Hit With Possible BlackMatter Ransomware

Microsoft Exchange Autodiscover Bugs Leak 100k Windows Credentials

Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation

Apple Will Disable Insecure TLS in Future iOS, macOS Releases

Hackers Are Scanning for Vmware Cve-2021-22005 Targets, Patch Now!

9/21/2021

U.S. Treasury Sanctions Cryptocurrency Exchange for Alleged Role in Ransomware Attacks

FBI Withheld Decryption Key for Kaseya Ransomware Attack for Three Weeks

UK Ministry of Defence Apologises After Afghan Interpreters’ Personal Data Exposed in Email Blunder

Turla APT Plants Novel Backdoor In Wake of Afghan Unrest

Going Beyond Curbing Tech Giants, Xi Wants to Steer Flows of Money and Set Tighter Limits on Profit Making

Facebook’s Latest “Apology” Reveals Security and Safety Disarray

Users Increasingly Willing to Abandon Digital Platforms That Demand Personal Info, Stringent Passwords and Time-Consuming Forms: Study

Why Cryptomining Malware Is a Harbinger of Future Attacks
Marketron Marketing Services Hit by BlackMatter Ransomware

French Shipping Giant CMA CGM Suffers Data Breach

Crystal Valley (MN) Hit by Ransomware, Systems Go Offline

Ukrainian Hackers Hit Family Medical Center (MI) With Ransomware

New Capoae Malware Infiltrates WordPress Sites and Installs Backdoored Plugin

VMware Warns of Critical Bug in Default vCenter Server Installs

New macOS Zero-Day Bug Lets Attackers Run Commands Remotely

Netgear Fixes Dangerous Code Execution Bug in Multiple Routers

How to Fix the Windows 0x0000011b Network Printing Error

9/20/2021

Indonesia Says No Evidence of Alleged Chinese Intel Hack

A New Wave of APT Malware Attack Targeting Organizations in South America

White House Cybersecurity Summit: A Missed Opportunity

Krebs: Does Your Organization Have a Security.txt File?

Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate

TikTok China Just Limited Kids to 40 Minutes’ Use Each Day

Google to Auto-Reset Unused Android App Permissions for Billions of Devices

Europol Breaks Open Extensive Mafia Cybercrime Ring

Former IT Exec Pleads Guilty to Insider Trading Conspiracy
Major Agriculture Group New Cooperative Hit by BlackMatter Ransomware Attack

VoIP.MS Phone Services Disrupted by DDoS Extortion Attack

Israeli Communications Company Voicenter Hit by Major Cyber Attack

Data of 106 Million Visitors to Thailand Breached

Payment API Bungling Exposes Millions of Users’ Payment Data

EventBuilder Misconfiguration Exposes Microsoft Event Registrant Data

Epik Data Breach Impacts 15 Million Users, Including Non-Customers

Hacked Sites Push TeamViewer Using Fake Expired Certificate Alert

Apache OpenOffice Can Be Hijacked by Malicious Documents, Fix Still in Beta

9/17-19/2021

Australia, UK, and U.S. Announce Security Partnership

U.S. to Target Crypto Ransomware Payments With Sanctions

Researchers Compile List of Vulnerabilities Abused by Ransomware Gangs

The FCC Is Trying to Stop Robocalls, but the Scammers Won’t Disappear

Cyberattackers Target Missouri Hospital At Epicenter Of COVID Outbreak, Post Patient Data

Facebook Employees Flag Drug Cartels and Human Traffickers: The Company’s Response Is Weak

How Facebook Hobbled Mark Zuckerberg’s Bid to Get America Vaccinated

U.S. Gov’t Sites Showing Porn, Viagra Ads Share a Common Software Vendor

App Annie Settlement Signals Closer Scrutiny of Data Brokers

Krebs: Trial Ends in Guilty Verdict for DDoS-for-Hire Boss
AT&T Phone-Unlocking Malware Ring Costs Carrier $200M

Health Dept. Cyber Attack Exposes Most Alaskans’ Personal Data

Web Host Epik Was Warned of a Critical Security Flaw Weeks Before It Was Hacked

Tech Recruiters Jabbed by Fake COVID-19 Passport Scam

New “Elon Musk Club” Crypto Giveaway Scam Promoted via Email

Billions More Android Devices Will Reset Risky App Permissions

OMIGOD: Microsoft Azure VMS Exploited to Drop Mirai, Miners

Microsoft Asks Azure Linux Admins to Manually Patch OMIGOD Bugs

How to Fix Printers Asking for Admins Creds After PrintNightmare Patch

9/16/2021

Senator Hassan Calls on Agencies to Take Action to Prevent Criminal Cryptocurrency Use

CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug

FBI: $113 Million Lost to Online Romance Scams This Year

REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out

7 Steps to a More Secure Social Media Policy

Household Names Hit with £500K Fine for Spamming Consumers
Slot Machine Chain Dotty’s Reveals Data Breach Exposing SSNs, Financial Account Numbers, Biometric Data, Medical Records and More

Republican Governors Association Was Hacked Earlier This Year

Employee, Patient Data Compromised in Earlier Marion County Health Dept. (IN) Cyber Attack

Airline Credential-Theft Takes Off in Widening Campaign

Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks

New Malware Uses Windows Subsystem for Linux for Stealthy Attacks

New Windows Security Updates Break Network Printing

9/15/2021

FTC Warns Health Apps to Notify Consumers Impacted by Data Breaches

Attackers Impersonate DoT in Two-Day Phishing Scam

Ransomware Gang: ‘We’ll Burn Your Data if You Get a Negotiator’

When Cyber War Becomes War

Microsoft Rolls Out Passwordless Login for All Microsoft Accounts

Departing U.K. Privacy Regulator Wants Global Consensus on Data Disputes

Former U.S. Operatives Agree to $1.68M Settlement over Mercenary Hacking Charges
German Election Authority Confirms Likely Cyber Attack

Krebs: Customer Care Giant TTEC Hit By Ransomware

No Patch for High-Severity Bug in Legacy IBM System X Servers

Microsoft Fixes Critical Bugs in Secretly Installed Azure Linux App

MikroTik Shares Info on Securing Routers Hit by Massive Mēris Botnet

Kali Linux 2021.3 Released With New Pentest Tools, Improvements

9/14/2021

Top FBI Official Says There Is ‘No Indication’ Russia Has Taken Action Against Hackers

General Promises ‘Surge’ to Fight Ransomware Attacks

Ex-U.S. Intelligence Operatives in UAE Hacking Case to Cooperate with FBI

The Zero-Trust Approach to Managing Cyber Risk Explained

Nearly 50% of On-Premises Databases Have Vulnerabilities

Kape Technologies to Acquire ExpressVPN

Suffolk County (NY) IT Supervisor Charged with Crypto-Mining

Massachusetts AG Launches Investigation Into T-Mobile Data Breach
Krita Art App Users Targeted by Ransomware Posing as Paid ‘Collaboration’ Opportunities

Anonymous Claims to Have Stolen Huge Trove of Data From Epik, the Right-Wing’s Favorite Web Host

Lubbock Co. (TX) Denies Data Breach, Says Data Temporarily Accessible Under New Software System

ZLoader’s Back, Abusing Google AdWords, Disabling Windows Defender

HP OMEN Gaming Hub Flaw Affects Millions of Windows Computers

Travis CI Flaw Exposed Secrets of Thousands of Open Source Projects

Adobe Snuffs Critical Bugs in Acrobat, Experience Manager

Krebs: Microsoft Patch Tuesday, September 2021 Edition

Fixes Remaining Windows PrintNightmare Vulnerabilities

9/13/2021

Apple Patches iPhone iMessage Vulnerability Exploited by NSO Group

China-Based Mustang Panda Compromises Indonesian Intelligence Agency

Discontent Simmers Over How to Police EU Privacy Rules

FTC Warns of Extortionists Targeting LGBTQ+ Community on Dating Apps

How Likely Is Your Employee To Cause A Data Breach?

Brute-Force Attacks, Vulnerability Exploits Top Initial Attack Vectors

Private Equity Firm Siris Capital in Talks to Acquire Cybersecurity Firm Radware, Sources Say

U.S. Locks Up Oklahoma Man in Nigerian Romance Scam
Over 60 Million Wearable, Fitness Tracking Records Exposed via Unsecured Database

Post-Ida Cyber Attack Hits Jefferson Parish Courts

Anonymous Hacks Texas Republican Party Website in Retaliation for State’s Abortion Ban

How Walgreens’ Sloppy COVID-19 Test Registration System Exposed Patient Data

Linux Implementation of Cobalt Strike Beacon Targeting Organizations Worldwide

WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing

Google Patches 10th Chrome Zero-Day Exploited in the Wild This Year

9/10-12/2021

Stolen Credentials Led to Data Theft at United Nations

Cressida Dick: Tech Giants Make It Impossible to Stop Terrorists

WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud

Krebs: KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Cybersecurity Seen as Rising Risk for Airlines

Hackers Are Leaking Children’s Data — And There’s Little Parents Can Do

Colorado County Clerk Charged with Cybercrime
MyRepublic Data Breach Raises Data-Protection Questions

Technology Giant Olympus Hit by BlackMatter Ransomware

Yonkers (NY) Hacked, No Computers for the Past Week: City Hall Says No Ransom

Fujitsu Confirms Stolen Data Not Connected to Cyberattack on Its Systems

Mēris Botnet Hit Russia’s Yandex With Massive 22 Million RPS DDoS Attack

SOVA, Worryingly Sophisticated Android Trojan, Takes Flight

Windows MSHTML Zero-Day Exploits Shared on Hacking Forums

9/9/2021

United Nations Confirms Its Systems Were Breached This Year

SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’

Cyber-Criminal Targets Dadsnet Founders

91% Of It Teams Have Felt ‘Forced’ to Trade Security for Business Operations

Report Pushes for Changes to Diversify ‘Homogenous’ U.S. Cybersecurity Workforce

In the Hybrid Future, Secure Everything Like You’re Never Going Back

U of Minnesota Partners With Optum, Medtronic to Launch Medical Device Cybersecurity Center

LAPD Told to Harvest Social Media Handles From People They Stop, Suspect or Not

Prison for BEC Scheme Money Launderer
South African Justice Department Is Hit by Ransomware Attack

Brazil’s Health Regulator Hacked After Argentina Qualifier Controversy

Ransomware Attack on Desert Wells Family Medicine (AZ) Corrupts 35,000 Patients’ Records

New Mēris Botnet Breaks DDoS Record With 21.8 Million RPS Attack

Titanfall 2 Allegedly Hacked via “Simple Exploit”

GitHub Finds 7 Code Execution Vulnerabilities in ‘Tar’ and Npm CLI

‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise

Microsoft Fixes Bug Letting Hackers Take Over Azure Containers

Windows MSHTML Zero-Day Defenses Bypassed as New Info Emerges

9/8/2021

Pro-China Social Media Campaign Expands to New Countries, Blames U.S. For COVID

After the 9/11 Attacks, Wall Street Bolstered Its Defenses

The SEC Is Serious About Cybersecurity. Is Your Company?

Spoofing Bug Highlights Cybersecurity for Digital Vaccine Passports

Microsoft Has a $20 Billion Hacking Plan, but Cybersecurity Has a Big Spending Problem

Inside Genesis: The Market Created by Cybercriminals to Make Millions Selling Your Digital Identity

Experts Uncover Mobile Spyware Attacks Targeting Kurdish Ethnic Group

Ukrainian Extradited to U.S. for Allegedly Selling Computer Credentials: DOJ

ProtonMail Welcomes Sir Tim Berners-Lee to Its Advisory Board After Privacy Backlash
New Zealand DDoS Wave Targets Banks, Post Offices, Weather Forecasters and More

Hackers Leak Passwords for 500,000 Fortinet VPN Accounts

Russian Internet Firm Yandex Hit by Major Cyber Attack -Report

Howard University Shuts Down Network After Ransomware Attack

TeamTNT’s New Tools Target Multiple OS

Microsoft: Attackers Exploiting Windows Zero-Day Flaw (Krebs)

HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack

Zoho Patches Actively Exploited Critical ADSelfService Plus Bug

How Much Do You Know About Ransomware? Take Our Quiz

9/7/2021

Bipartisan House Group Introduces Legislation to Set Term Limit for Key Cyber Leader

With the Pandemic End in Sight, Enterprise Defenders Worry About a Surge in Cyberattacks

Ragnar Locker Gang Warns Victims Not to Call the FBI

REvil Ransomware Group Resurfaces After Brief Hiatus

Microsoft Outlook Shows Real Person’s Contact Info for IDN Phishing Emails

El Salvador Becomes First Country to Adopt Bitcoin as National Currency

Price Tumbles

Cybersecurity Student Scams Senior Out of $55K
Howard University Hit With Ransomware Attack, Cancels Classes

City of Bridgeport (WV) Notifies Residents of Cyber Attack

Texas Right to Life Website Exposed Job Applicants’ Resumes

McDonald’s Leaks Password for Monopoly VIP Database to Winners

Jenkins Hit as Atlassian Confluence Cyberattacks Widen

Booby-Trapped Office Files, No Patch Yet, Says Microsoft

Microsoft Shares Temp Fix for Ongoing Office 365 Zero-Day Attacks

9/6/2021

Russia Responsible for Cyber Attacks on German Parliament: German Foreign Ministry

Pro-Russian Disinformation Systematically Spread Using Western Media Channels

European Regulators Continue to Disrupt Data Transfers to U.S.

IoT Attacks Skyrocket, Doubling in 6 Months

ProtonMail Shares Activist’s IP Address With Authorities Despite Its “No Log” Claims

TrickBot Gang Developer Arrested When Trying to Leave Korea

Irish Police Seize Conti Domains Used in HSE Ransomware Attack
French Government Visa Website Hit by Cyber-Attack That Exposed Applicants’ Personal Data

Krebs: “FudCo” Spam Empire Tied to Pakistani Software Firm

Ransomware Gangs Target Companies Using These Criteria

Traffic Exchange Networks Distributing Malware Disguised as Cracked Software

Critical Auth Bypass Bug Affect NETGEAR Smart Switches — Patch and PoC Released

NPM Package With Millions of Weekly Downloads Has Fixed a Remote Code Execution Flaw

New Chainsaw Tool Helps IR Teams Analyze Windows Event Logs

9/3-5/2021

Why Ransomware Hackers Love a Holiday Weekend

U.S. SEC: Watch Out for Hurricane Ida-Related Investment Scams

Massachusetts Lawmakers to Hold Cybersecurity Hearing

Voting Data From a Colorado County Was Leaked Online: Now the Clerk Is in Hiding

Banksy Was Warned About Website Flaw Before NFT Hack Scam

Irish Health Service Still Recovering Months After Hack: ‘A Cyber-Attack Disrupted My Cancer Treatment’

Regulators Investigate Crypto-Exchange Developer Uniswap Labs

Privacy Alarm in Indonesia Over President’s Leaked Vaccine Certificate

Eight U.S. States to Begin Accepting Digital Driving Licenses

Apple Delays Plans to Scan Devices for Child Abuse Images After Privacy Backlash

FBI: Spike in Sextortion Attacks Cost Victims $8 Million This Year
New Zealand Internet Outage Blamed on DDoS Attack on Nation’s Third Largest Internet Provider

Babuk Ransomware’s Full Source Code Leaked on Hacker Forum

Data Breach at Coalinga State Hospital (CA) Reveals Private Information on Nearly 1,800 Patients

Pittsburgh Public Schools Alert Families to Mailing Error That Exposed Student, Parent Information

Conti Ransomware Now Hacking Exchange Servers With ProxyShell Exploits

FIN7 Capitalizes on Windows 11 Release in Latest Gambit

Watch Out for New Malware Campaign’s ‘Windows 11 Alpha’ Attachment

Google’s TensorFlow Drops YAML Support Due to Code Execution Flaw

Over 60,000 Parked Domains Were Vulnerable to AWS Hijacking

Office 365 to Let Admins Block Active Content on Trusted Docs

9/2/2021

Biden Administration on Alert for Cyberattacks Ahead of Labor Day Weekend

Industry Groups Urge Lawmakers to Streamline Cyber Breach Reporting Rules

FBI Warns of Ransomware Gangs Targeting Food, Agriculture Orgs

Translated Conti Ransomware Playbook Gives Insight Into Attacks

Chinese Regulators Summon 11 Ride-Hailing Firms, Including Didi, Over ‘Illegal Behavior’

Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks

Krebs: Gift Card Gang Extracts Cash From 100k Inboxes Daily

Digital State IDs Start Rollouts Despite Privacy Concerns

WhatsApp Fined €225m for GDPR Violations

To Appeal
Autodesk Reveals It Was Targeted by Russian SolarWinds Hackers

Atlassian Confluence Flaw Actively Exploited to Install Cryptominers

Student, Teacher Personal Info Taken in Dallas Independent School District Data Theft

98K Patients, Employees Impacted by CareATC (OK) Data Breach

Google Play Sign-Ins Allow Covert Location-Tracking

WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted

Comcast RF Attack Leveraged Remotes for Surveillance

Bluetooth Bugs Open Billions of Devices to DoS, Code Execution

Cisco Patches Critical Authentication Bug With Public Exploit

9/1/2021

FTC Bars Alleged ‘Stalkerware’ Company and Its CEO From the Surveillance Business

Krebs: 15-Year-Old Malware Proxy Network VIP72 Goes Dark

BEC Scammers Seek Native English Speakers on Underground

A Fake Banksy NFT Sold for More Than $300,000: Then the Buyer Got His Money Back

Australian Couple Admits “Serious Cyber Hacking Offenses”

Twitter Adds Safety Mode to Automatically Block Online Harassment

Companies Are Tired of Spending Money on Cybersecurity: Here’s How to Change Their Minds

NSA: We ‘Don’t Know When or Even If’ a Quantum Computer Will Ever Be Able to Break Today’s Public-Key Encryption
LockBit Gang Leaks Bangkok Airways Data, Hits Accenture Customers

Fired NY Credit Union Employee Nukes 21gb of Data in Revenge

Half of Businesses Can’t Spot These Signs of Insider Cybersecurity Threats

Linphone SIP Stack Bug Could Let Attackers Remotely Crash Client Devices

Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites

How to Block Windows Plug-and-Play Auto-Installing Insecure Apps

8/31/2021

U.S. Officials, Experts Fear China Ransacked Exchange Servers for Data to Train AI Systems

Canada Accepted 7,300 More Immigration Applications Due to Technical Bug

Agencies Warn of Ransomware Threats Ahead of Labor Day Weekend

LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection

Coinbase Users Fear Hacking After Erroneous Emails

Regulators Tighten Scrutiny of Data Breach Disclosures by Companies

UK Government Considers New Regulations for Video Streaming Platforms
Leaked Guntrader Firearms Data File Shared

Indonesians Told to Delete Unsecured Tracing App

Personal Health Info Potentially Exposed From Denton County (TX) COVID Vax Clinics

Cybercriminal Sells Tool to Hide Malware in AMD, NVIDIA GPUs

Proxyware Services Open Orgs to Abuse

Fortress Home Security Open to Remote Disarmament

WooCommerce Pricing Plugin Allows Malicious Code-Injection

Microsoft 365 Usage Analytics Now Anonymizes User Info by Default

8/30/2021

Biden Administration Establishes Program to Recruit Tech Professionals to Serve in Government

Rights Group Advises Afghans to Delete Data

CISA: Don’t Use Single-Factor Auth on Internet-Exposed Systems

CISA to Host Third Annual President’s Cup Cybersecurity Competition

SEC Sanctions Brokerages Over Email Break-Ins

Army Testing Facial Recognition in Child-Care Centers

China Limits Online Video Games to Three Hours a Week for Young People

Chinese A.I. Firm SenseTime Files for Hong Kong IPO despite Tech Crackdown and U.S. Blacklist

Elon Musk’s Loop Gets Autopilot — And an Intruder

Microsoft Azure Cosmos DB Incident Underscores the Need to Closely Watch Cloud Data
LockBit Gang to Publish 103GB of Bangkok Air Customer Data

DeFi Protocol Cream Finance Hacked for Second Time This Year

DuPage Medical Group (IL) Notifying 600,000 Patients About a Data Breach

Passport & Healthcare Info and Leaked From Indonesia’s COVID-19 Test-and-Trace App for Traveler

Northern Ontario Police Force Recovering From Ransomware Attack

Ransomware Attack on Swiss City Rolle Exposed Citizens’ Data

HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform

Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping

AMD Zen+, Zen 2 CPUs Vulnerable to Attack

QNAP Works on Patches for OpenSSL Bugs Impacting Its NAS Devices

8/27-29/2021

British Embassy Exposed Details of Afghan Workers during Rush to Evacuate

White House Rallies Private Industry in Cyber Battle

China Plans to Ban U.S. IPOs for Data-Heavy Tech Firms

Justice Department Establishes Program to Train Prosecutors to Handle Cyber Cases

Fake DMCA Complaints, DDoS Threats Lead To BazaLoader Malware

Amazon Disables Website Used for ISIS Propaganda

Amazon Web Services Will Give Free USB Security Keys to Some Employees of U.S.-Based Customers

Ragnarok Ransomware Gang Bites the Dust, Releases Decryptor

Ethereum’s Blockchain Just Split in Two
Boston Public Library Discloses Cyberattack, System-Wide Technical Outage

Bangkok Airways Suffers Cyber Attack

Bilaxy Exchange Reports Hot Wallet Hacked, Amount Lost Still Unknown

T-Mobile Confident No Ongoing Risks to User Data from Recent Hack

CEO: Hacker Brute-Force

Microsoft Warns of Widespread Phishing Attacks Using Open Redirects

Critical Azure Cosmos DB Bug Allows Full Cloud Account Takeover

Parallels Offers ‘Inconvenient’ Fix for High-Severity Bug

8/26/2021

UK Plans New Post-Brexit Privacy Rules to Ease Data Sharing

China’s Microsoft Hack May Have Had A Bigger Purpose Than Just Spying

T-Mobile Hacker Who Stole Data on 50 Million Customers: ‘Their Security Is Awful’

The Real Victims of Mass Crypto-Hacks That Keep Happening

FBI Shares Technical Details for Hive Ransomware

Angry Birds Developer Accused of Illegal Child Data Collection

Surveillance Tech Company Excession Technologies Ltd Sues Police Digital Service over ‘Flawed’ Scoring of Bids on £18m Contract
171,000 Patients Exposed after Hackers Breach Illinois Physician Group Emails

Website For Cook County Clerk Of The Circuit County Down For Maintenance After Servers Breached

Chinese Developers Expose Data Belonging to Android Gamers

Synology: Multiple Products Impacted by OpenSSL RCE Vulnerability

Atlassian Warns of Critical Confluence Flaw

VMware Issues Patches to Fix New Flaws Affecting Multiple Products

8/25/2021

White House Gathers Tech, Education, Banking Leaders for Cyber Meeting

Biden: Cybersecurity Is the ‘Core National Security Challenge’

Google, Microsoft Plan to Spend Billions on Cybersecurity after Meeting with Biden

U.S. Media, Retailers Targeted by New SparklingGoblin APT

FIN8 Cybercrime Gang Backdoors U.S. Orgs with New Sardonic Malware

Krebs: Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

Drug Dealers Get 27 Years After Police Crack EncroChat Comms

Australia Passes Identify and Disrupt Bill
73,000 Patients’ Data Affected in Ransomware Attack on Singapore Eye Clinic

Atlanta Allergy & Asthma Sends Notice of Healthcare Data Breach to 9,800 Patients

California State University, Chico Data Breach Exposes Student Requests for Vaccine Exemptions

Mirai-Style IoT Botnet Is Now Scanning for Router-Pwning Critical Vuln in Realtek Kit

Critical F5 BIG-IP Bug Impacts Customers in Sensitive Sectors

Ethereum Urges Go Devs to Fix Severe Chain-Split Vulnerability

Microsoft: ProxyShell Bugs “Might Be Exploited,” Patch Servers Now!

Microsoft Will Add Secure Preview for Office 365 Quarantined Emails

8/24/2021

Amazon, Apple, Microsoft & Other CEOs Reportedly to Attend White House Cybersecurity Meeting

Bahraini Activists Targeted Using a New iPhone Zero-Day Exploit From NSO Group

New Zero-Click iPhone Exploit Used to Deploy NSO Spyware

Chinese Auto-Maker Accused of Altering Data after Fatal Autonomous Car Accident

HYCU Initiative Offers Free Evaluation for Ransomware Recovery Prospects

Over a Third of Smart Device Owners Do Not Take Security Measures

Samsung Can Remotely Disable Their TVs Worldwide Using TV Block

Coinbase Slammed for What Users Say Is Terrible Customer Service after Hackers Drain Their Accounts
Cyber-thieves Scam Town of Peterborough (NH) Out of $2.3M

CarePointe Ear, Nose and Throat (IN) Targeted in Ransomware Attack

Fake OpenSea Support Staff Are Stealing Cryptowallets and NFTS

Fake Apple Rep Amasses 620,000+ Stolen iCloud Pics, Vids in Hunt for Images of Nude Women to Trade

Pysa Ransomware Gang’s Script Shows Exactly the Files They’re After

Custom WhatsApp Build Delivers Triada Malware

SteelSeries Bug Gives Windows 10 Admin Rights by Plugging in a Device

B. Braun Updates Faulty IV Pump after McAfee Discovers Vuln Allowing Attackers to Change Doses

8/23/2021

UN-Backed Tech Group Adds Taliban to List of Terrorist Organizations

Singapore, U.S. Pledge Deeper Collaboration in Cybersecurity

Hackers Leak Footage of Iranian Prison

Company Data Hoards Create Tempting Targets for Hackers

FBI: OnePercent Group Ransomware Targeted U.S. Orgs since Nov 2020

CISA Warns Admins to Urgently Patch Exchange ProxyShell Bugs

Hacker Behind $600 Million Crypto Heist Returns Final Slice of Stolen Funds

Gets 500k Reward
New Research Finds 38 Million Records Exposed Online Earlier This Year

Nokia Subsidiary SAC Wireless Discloses Data Breach after Conti Ransomware Attack

Phishing Attack Exposes Medical Information for 12,000 Patients at Revere Health (UT)

Researchers Detail Modus Operandi of ShinyHunters Cyber Crime Group

Phishing Campaign Uses UPS.com XSS Vuln to Distribute Malware

Attackers Actively Exploiting Realtek SDK Flaws

Razer to Fix Windows Installer That Grants Admin Powers If You Plug in a Mouse

8/20-22/2021

China Passes Major Data Protection Law as Regulatory Scrutiny on Tech Sector Intensifies

Jack Ma’s Costliest Business Lesson: China Has Only One Leader

State Department Hit by Cyber Attack, Source Says

US Census Bureau Failed Breach Response, Watchdog Says

Schools, Colleges Brace for Cyberattacks as Students Return

Inside Afghanistan’s Cryptocurrency Underground as the Country Plunges into Turmoil

Cybersecurity Jobs: This Is What We’re Getting Wrong When Hiring – And Here’s How to Fix It

“Cybersecurity Is the New Seat Belt” Says STX Next

SynAck Ransomware Decryptor Lets Victims Recover Files for Free

Web Censorship Systems Can Facilitate Massive DDoS Attacks

Why Phone Scams Are So Difficult to Tackle

Key QAnon Influencer ‘GhostEzra’ Identified

New York Man Gets Three Years for Stealing Nude Photos from College Victims
T-Mobile Data Breach Just Got Worse — Now at 54 Million Customers

AT&T Denies Data Breach after Hacker Auctions 70 Million User Database

NYC Teachers’ Social Security Numbers Exposed

Twin Falls County (ID) Identifies Ransomware as Source of Computer Problems

Personal Data Breached in Rockwood School District (MO) Ransomware Attack

Mozi IoT Botnet Now Also Targets Netgear, Huawei, and ZTE Network Gateways

Microsoft Exchange Servers Being Hacked by New LockFile Ransomware

LockFile Ransomware Uses PetitPotam Attack to Hijack Windows Domains

Cloudflare Mitigated One of the Largest DDoS Attack Involving 17.2 Million RPS

Pegasus iPhone Hacks Used as Lure in Extortion Scheme

Razer Bug Lets You Become a Windows 10 Admin by Plugging in a Mouse

Microsoft Shares Guidance on Securing Windows 365 Cloud PCs

8/19/2021

North Korea Linked APT InkySquid Exploiting Known IE Bugs

The Pandemic Revealed the Health Risks of Hospital Ransomware Attacks

COVID-19 Contact-Tracing Data Exposed, Fake Vax Cards Circulate

You Can Post LinkedIn Jobs as Any Employer — So Can Attackers

Wanted: Disgruntled Employees to Deploy Ransomware (Krebs)

CISA Shares Guidance on How to Prevent Ransomware Data Breaches

Facebook Hit With New Antitrust Suit From Federal Trade Commission

Woman’s Facebook Account Hacked, Loses More than a Decade’s Worth of Friends

CEO Tried Funding His Startup by Asking Insiders to Deploy Ransomware

Florida Women Charged Over Sexually Exploitative Child Modeling Sites
More than $90 Million in Cryptocurrency Stolen from Japanese Exchange Liquid

JPMorgan Chase Notifies Montana Customers of Data Breach

Brazil’s Clothing Chain Renner Suffers Ransomware Attack and Systems Are Down

Data Stolen as Social Housing Group Suffers Ransomware Attack

Attempted Marion County (IN) Cyberattack Delaying Some Death Certificates

What To Do If You Think You’re Affected by the T-Mobile Breach

Ransomware: Amateur Attack Shows How Clueless Criminals Are Trying to Get In on the Action

Critical Cisco Bug in Small Business Routers to Remain Unpatched

Hackers Can Bypass Cisco Security Products in Data Theft Attacks

New Unofficial Windows Patch Fixes More PetitPotam Attack Vectors

8/18/2021

Census Bureau Computer Servers Target of January 2020 Cyberattack

Hacks Rank Among Top Power Grid Risks, Watchdog Says

China Orders Annual Security Reviews for All Critical Information Infrastructure Operators

Facebook Shares AI Advancements Improving Content Moderation

Feds Expected to Reveal New Strategy in Facebook Antitrust Fight

Bitcoin Mixer Owner Pleads Guilty to Laundering over $300 Million

Airline Employee Jailed for Spending Passengers’ Money
Krebs: T-Mobile Breach Exposed SSN/DOB of 40M+ People

U.S. Telecoms Agency to Probe T-Mobile Data Breach

Pine Labs Faces Alleged Data Breach; 50,000 Unique Records Exposed

Bogus Cryptomining Apps Infest Google Play

HolesWarm Malware Exploits Unpatched Windows, Linux Servers

Diavol Ransomware Sample Shows Stronger Connection to TrickBot Gang

GitHub Urges Users to Enable 2FA after Going Passwordless

8/17/2021

Rubio Reiterates Calls for TikTok Ban after China’s Reported Ownership Stake

Facebook Says It Will Keep Ban on Taliban Content

WhatsApp Can’t Ban the Taliban Because It Can’t Read Their Texts

Iranian APT Hackers Impersonate HR Employees to Hit Israeli Targets

Brazilian Government Discloses National Treasury Ransomware Attack

Conti Ransomware Prioritizes Revenue and Cyberinsurance Data Theft

LockBit 2.0 Ransomware Proliferates Globally

Phishing Costs Reach New High of $14.8M for Large Companies

Crypto Platform Hit by $600 Million Heist Asks Hacker to Become Its Chief Security Advisor

Chicago Pharmacist Arrested After Selling CDC COVID-19 Vaccination Cards On eBay

Apple: CSAM Image-Detection Backdoor ‘Narrow’ in Scope
Chase Bank Accidentally Leaked Customer Info to Other Customers

Records Missing from Illinois Vaccination Portal

Indiana Contact Tracing Data Breached

Japan’s Tokio Marine Is the Latest Insurer to Be Victimized by Ransomware

Krebs: T-Mobile Investigating Claims of Massive Data Breach

Malicious Ads Target Cryptocurrency Users With Cinobi Banking Trojan

Malware Campaign Uses Clever ‘CAPTCHA’ to Bypass Browser Warning

Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop

CISA Releases Alert on BadAlloc Vulnerability in BlackBerry Products

If You Haven’t Updated ThroughTek DVR since 2018 Do So Now, Warns Mandiant of Critical Vuln

Fortinet Delays Patching Zero-Day Allowing Remote Server Takeover

8/16/2021

Afghan Broadcasters for U.S. Government Radio Fear Taliban Backlash

Secret Terrorist Watchlist with 2 Million Records Exposed Online

Colonial Pipeline Reports Data Breach after May Ransomware Attack

Tech Hack Notification Delays Can Leave Corporate Customers in the Lurch

Anonymous Messaging App Yik Yak Returns after 4-Year Shutdown

Tesla Autopilot Faces U.S. Safety Regulator’s Scrutiny after Crashes with Emergency Vehicles

Education Giant Pearson Fined $1M for Downplaying Data Breach

Sim Swap Scammer Pleads Guilty to Instagram Account Hijacks, Crypto Theft
T-Mobile Confirms Servers Were Hacked, Investigates Data Breach

Dallas Cops Lost 8TB of Criminal Case Data during Bungled Migration

SUNY Research Foundation Breach Potentially Affects 47,000

Malware Dev Infects Own PC and Data Ends up on Intel Platform

Troubling New Disk-Level Encryption Ransomware ‘DeepBlueMagic’ Surfaces

XSS Bug in SEOPress WordPress Plugin Allows Site Takeover

Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients

Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets

8/13-15/2021

Crypto Hacker Offered Reward After $600m Heist

How Hackers Stole and Returned $600M in Tokens From Poly Network

UN Calls for Moratorium on Sale of Surveillance Tech Like NSO Group’s Pegasus

Krebs: New Anti Anti-Money Laundering Services for Crooks

SynAck Ransomware Releases Decryption Keys After El_Cometa Rebrand

Mysterious Hacker Group Suspected in July Cyberattack on Iranian Trains

Cost of Cyberattacks Significantly Higher for Smaller Healthcare Organizations

App Store Competition Targeted by Bipartisan Senate Bill

Senators Want Answers About Amazon’s Biometric Data Collection

Amazon’s Plan to Track Worker Keystrokes: A Sign of Controls to Come?

Facebook Adds End-to-End Encryption for Audio and Video Calls in Messenger

Microsoft Teams Will Alert Users of Incoming Spam Calls
Hacker Claims to Steal Data of 100 Million T-Mobile Customers

Ford Bug Exposed Customer and Employee Records From Internal Systems

Emails From Lithuanian Ministry of Foreign Affairs for Sale on Data-Trading Forum

Cyberattack Hits Israel’s Bar Ilan University: ‘Data Is Being Erased Right Now’

Memorial Health Systems (OH) Experiences Cyber Attack

U.S. Brokers Warned of Ongoing Phishing Attacks Impersonating FINRA

WordPress Sites Abused in Aggah Spear-Phishing Campaign

Cyberattackers Embrace CAPTCHAs to Hide Phishing, Malware

Hackers Spotted Using Morse Code in Phishing Attacks to Evade Detection

Vice Society Ransomware Joins Ongoing PrintNightmare Attacks

Researchers Find Vulns in Wodify Gym Management Web App Used With CrossFit

Windows 365 Exposes Microsoft Azure Credentials in Plaintext