3/4/2021

Krebs: Three Top Russian Cybercrime Forums Hacked

Microsoft, FireEye Unmask More Malware Linked to SolarWinds Attackers

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

Senate Includes Nearly $2 Billion in Cyber, Tech Funds to COVID-19 Bill

Researcher Bitsquats Microsoft’s windows.com to Steal Traffic

Thousands of Android and iOS Apps Leak Data From the Cloud

National Surveillance Camera Rollout Roils Privacy Activists

Samsung and Mastercard to Pilot Biometric Payments Card in South Korea

Cryptocurrency Fraudster Steals $16m
Singapore Airlines Frequent Flyer Members Hit in Third-Party SITA Data Security Breach

Indian State Government Website Exposed COVID-19 Lab Test Results

Ransomware Attack on Cochise Eye and Laser (AZ)

8-Day Cyber Attack: Hackers Demanded Millions From Allergy Partners (NC)

34,000 Affected in AllyAlign Health (VA) Data Breach

Hacked SendGrid Accounts Used in Phishing Attacks to Steal Logins

CompuCom MSP Hit by DarkSide Ransomware Cyberattack

Windows DNS SIGRed Bug Gets First Public RCE PoC Exploit

VMware Releases Fix for Severe View Planner RCE Vulnerability

3/3/2021

Workers at Canadian Spy and Cyber Agency Threaten to Strike

State-Sponsored Hackers Rush to Exploit Unpatched Microsoft Exchange Servers

Why Some Governments Are Getting Cyber Crime Gangs to Do Their Hacking for Them

High Alert as New QAnon Date Approaches Thursday

Google to Stop Selling Ads Based on Your Specific Web Browsing

Parler Drops Federal Lawsuit Against Amazon, Files in State Court

BEC Scammers Are Targeting Investors for Massive Payouts

U.S. Government Warns of Social Security Scams Using Fake Federal IDs

Home-Office Photos: A Ripe Cyberattack Vector

Hackers Share Methods to Bypass 3D Secure for Payment Cards
Qualys Hit With Ransomware: Customer Invoices Leaked on Extortionists’ Tor Blog

Navajo Nation Hospital Targeted by Large-Scale Ransomware Hack

University of Memphis Hit with Second Cyber Attack In Six Months

Hollywood’s Elite Private Schools Hacked 

CompuCom MSP Confirms Ongoing Outage Following Malware Incident

Cyber Attack Affecting Hanover Area School District and Others (PA)

Telemarketing Biz CallX Exposes 114,000 in Cloud Config Error

Cash App Phishing Kit Deployed in the Wild, Courtesy of 16Shop

GRUB2 Boot Loader Reveals Multiple High Severity Vulnerabilities

Unpatched Bug in WiFi Mouse App Opens PCs to Attack

3/2/2021

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails (Krebs)

Chinese Cyber Attack: U.S. Congressman Urges Biden to Stand by India

SolarWinds Reports $3.5 Million in Expenses From Supply-Chain Attack

Wray Hints at Federal Response to SolarWinds Hack

Microsoft Warns of Chinese Hackers ‘Hafnium’ Targeting Email Product

Microsoft Shares More on What’s Coming in Windows Server 2022

Microsoft Teams Adds End-to-End Encryption (E2EE) to One-on-One Calls

Microsoft 365 Defender Threat Analytics Enters Public Preview

Gamer Sues Microsoft Over Cyberbullying

Google Teams up With Allianz, Munich Re to Insure Its Cloud Users

Jailbreak Tool Works on iPhones Up to iOS 14.3

Medal of Honor Holders’ Identities Stolen

‘Fake Accounts Used My Pictures to Sell Sex’

Satanic Temple Loses Cyber-squatting Lawsuit

Alarming Cybersecurity Stats: What You Need To Know For 2021
Krebs: Payroll/HR Giant PrismHR Hit by Ransomware?

Malaysia Airlines Discloses a Nine-Year-Long Data Breach

Asian Food Distribution Giant JFC International Hit by Ransomware

Zee5 Once Again Caught In Data Breach; Info Of 9 Mn Users Exposed

CSX Probes ‘Security Incident’ as Hackers Leak Data

Oxfam Australia Confirms Data Breach After Stolen Info Sold Online

Millersville University (PA) Says Network Outage Was the Result of an ‘External Attack’

Ransomware Attack Shuts Down Altona Clinic (MB)

Rookie Coding Mistake Prior to Gab Hack Came From Site’s CTO

Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware

Malicious NPM Packages Target Amazon, Slack With New Dependency Attacks

Compromised Website Images Camouflage ObliqueRAT Malware

Microsoft Fixes Actively Exploited Exchange Zero-Day Bugs, Patch Now

Google Fixes Second Actively Exploited Chrome Zero-Day Bug This Year

3/1/2021

Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions

Chinese Businessman Plotted With GE Insider to Steal Transistor Secrets, Say Feds

U.S. ‘Unprepared’ to Defend against New AI Threats, Report Finds

New York Group Urges Action on Cyber Coordination

Free Cybersecurity Tool Aims to Help Smaller Businesses Stay Safer Online

Scientists Have Built This Ultrafast Laser-Powered Random Number Generator

Krebs: Is Your Browser Extension a Botnet Backdoor?

Cybercrime ‘Help Wanted’: Job Hunting on the Dark Web

Universal Health Services Lost $67 Million Due to Ryuk Ransomware Attack

Tether Cryptocurrency Firm Says Docs in $24 Million Ransom Are ‘Forged’

We Are ‘Not Paying’

Facebook Photo-tagging Lawsuit Settled for $650m

Florida Police Arrest 12 Alleged Online Predators
Passwords, Private Posts Exposed in Hack of Gab Social Network

Hurtigruten Reports Passenger Data Exposed in Cyberattack

European E-Ticketing Platform Ticketcounter Extorted in Data Breach

World’s Leading Dairy Group Lactalis Hit by Cyberattack

Kaman Hit by Ransomware Attack, Biden Foreign Policy Change

New South Wales Transport Agency Extorted by Ransomware Gang After Accellion Attack

Cyber Attack on the Ministry of Finance of Kosovo

City of Kingman (AZ) Government Computer System Hit by Cyberattack

Malware Loader Abuses Google SEO to Expand Payload Delivery

Working Windows and Linux Spectre Exploits Found on VirusTotal

Critical Vulnerability Found in Snow Software’s Inventory Agent

Firewall Vendor Genua Patches Critical Auth Bypass Flaw

2/26-28/2021

Congress Has New Appetite for Breach Law Following SolarWinds Hack: Lawmaker

SolarWinds Officials Throw Intern Under the Bus for ‘solarwinds123’ Password Fail

Lawmakers Blame SolarWinds Hack on ‘Collective Failure’ to Prioritize Cybersecurity

Huawei Backs Supply Chain Security Standards in Wake of SolarWinds Breach

NSA, Microsoft Promote a Zero Trust Approach to Cybersecurity

Pits Microsoft Against Dell, IBM Over How Companies Store Data

U.S. Energy Department Floats Solution to Illicit Crypto Mining Malware

Foreign Perpetrators Among Fraudsters Shamming State’s Unemployment Systems

Cyberattacks Cost Hospitals Millions During Covid-19

Amazon Dismisses Claims Alexa ‘Skills’ Can Bypass Security Vetting Process

What Are These Suspicious Google GVT1.Com URLs?
T-Mobile Discloses Data Breach After Sim Swapping Attacks

Ransomware Gang Hits Ecuador’s Largest Private Bank Banco Pichincha, Ministry of Finance

UK’s Npower Shuts Down Mobile App Following Data Breach

Some San Diegans’ Personal Information Provided to Jewish Family Service Exposed Online

Beware: AOL Phishing Email States Your Account Will Be Closed

Stalkerware Volumes Remain Concerningly High, Despite Bans

Yeezy Fans Face Sneaker-Bot Armies for Boost ‘Sun’ Release

Ryuk Ransomware Now Self-Spreads to Other Windows LAN Devices

Google Shares PoC Exploit for Critical Windows 10 Graphics RCE Bug

Microsoft Fixes Windows 10 Drive Corruption Bug — What You Need to Know

German Prosecutors Are Building AI In-House

Cybersecurity Firm Axonius Raises $100 Million at $1.2 Billion Valuation

2/25/2021

Microsoft Failed to Shore up Defenses That Could Have Limited SolarWinds Hack: U.S. Senator

Microsoft Shares CodeQL Queries to Scan Code for SolarWinds-Like Implants

Amazon’s Lack of Public Disclosure on SolarWinds Hack Angers Lawmakers

North Korean Hackers Target Defense Industry With Custom Malware

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

DHS Secretary Mayorkas Announces New Initiative to Fight ‘Epidemic’ of Cyberattacks

French Minister: Mafia-Type Gangs Likely Behind Cyber Attacks on Hospitals

Insider Cloud Data Theft Plagues Healthcare Sector

Iraqi MP Suffers Online Extortion

Facebook Takes Out Myanmar Military After Bloody Coup

Krebs: How $100M in Jobless Claims Went to Inmates

ByteDance Agrees to $92 Million Privacy Settlement With U.S. TikTok Teens
Steris Touted as Latest Accellion Hack Victim

Dutch Research Council (NWO) Confirms Ransomware Attack, Data Leak

Gore Medical Management (GA) Has 79,100 Patients’ Data on Unauthorized Computer

FBI, State Police Probing Cyber Hack on Saginaw (MI) Township Schools

Ransomware Attack: Network Outage Forces Affton School District (MO) to Virtual

Students’ Information Compromised by Data Breach at Harvard Business School

RMIT University (Australia) Races to Recover From Cyber Attack Before Students Return

Florida Studio Theatre Endures Ransomware Attack

Bengal Health Website Leaks 8 Million COVID-19 Test Results

Oxford University Says Research Not Affected After Expert Flags COVID Lab Hack

Malicious Mozilla Firefox Extension Allows Gmail Takeover

2/24/2021

Ukraine Says Russian Hackers Attack Web-Based State Document System

CrowdStrike Slams Microsoft Over SolarWinds Hack

NASA and the FAA Were Also Breached by the SolarWinds Hackers

More SolarWinds Hack Victims Yet to Be Publicly Identified, Tech Executives Say

Congress Looks Towards New Data Breach Laws as Russian Hack Scope Remains Unknown

Biden Signs Supply Chain Order After ‘Positive’ Meeting With Lawmakers

Biden CIA Pick Pledges to Confront China if Confirmed, Speak ‘Truth to Power’

Tax Season Ushers in Quickbooks Data-Theft Spike

Microsoft Lures Populate Half of Credential-Swiping Phishing Emails

Poor Remote Working Behaviors and Procedures Putting Orgs at Risk

Kroger Data Breach Highlights Urgent Need to Replace Legacy, End-of-Life Tools

Universities Face Double Threat of Ransomware, Data Breaches

Google Funds Linux Maintainers to Boost Linux Kernel Security

IT Security Firm Kaseya Acquires SOC Platform RocketCyber
Medical Data of 500,000 French Residents Leaked Online

Five Eyes Members Warn of Accellion FTA Extortion Attacks

Clop Ransomware Gang Extorts Jet Maker Bombardier After Accellion Breach

Cyberpunk 2077 Patch 1.2 Delayed by CD Projekt Ransomware Attack

LazyScripter Hackers Target Airlines With Remote Access Trojans

Around 45k Patients Impacted in Covenant Healthcare Data Breach (MI)

Kentucky Unemployment Office Warns of Potential Cyber-Attack

Cobb Schools (GA) Code Red Alert Investigated as Cyber Attack

Nvidia’s Anti-Cryptomining GPU Chip May Not Discourage Attacks

Heavily Used Node.js Package Has a Code Injection Vulnerability

Mozilla Patches Bugs in Firefox, Now Blocks Cross-Site Cookie Tracking

VMWare Patches Critical RCE Flaw in vCenter Server

Cisco Fixes Maximum Severity MSO Auth Bypass Vulnerability

2/23/2021

Microsoft President: The Only Reason We Know About SolarWinds Hack Is Because FireEye Told Us

SolarWinds, Microsoft, FireEye, CrowdStrike Defend Actions in Major Hack – U.S. Senate Hearing

Tech Executives Call for Improved Public-Private Coordination After SolarWinds Hack

Biden Administration to Respond to Russian Hacking, Poisoning in ‘Weeks Not Months’

Vietnam APT32 State Hackers Target Human Rights Defenders With Spyware

Krebs: Checkout Skimmers Powered by Chip Cards

Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

Experts Find a Way to Learn What You’re Typing During Video Calls

Twitter Removes Accounts of Russian Government-Backed Actors

Facebook to Restore Australia News, Pay Media Companies in Compromise With Lawmakers

Louisiana College Cyber-Thief Sentenced
Finnish IT Giant TietoEVRY Hit with Ransomware Attack

Filipino Credit App Cashalo Suffers Data Breach

Clubhouse Confirms Data Spillage of Its Audio Streams

10K Microsoft Email Users Hit in FedEx Phishing Attack

Clop Ransomware Gang Leaks Possible Stolen Bombardier Blueprints of GlobalEye Radar Snoop Jet

Florida Man Discovers Personal Information on the Side of Road

Jamaica’s Amber Group Fixes Second JamCOVID Security Lapse

Flash Version Distributed in China After EOL Is Installing Adware

VMware Warns of Critical Remote Code Execution Flaw in vSphere HTML5 Client

IBM Squashes Critical Remote Code-Execution Flaw

Keybase Patches Bug That Kept Pictures in Cleartext Storage on Mac, Windows Clients

Google Adds Password Checkup Support to Android Autofill

2/22/2021

Chinese Spyware Code Was Copied From America’s NSA: Researchers

Ukraine Accuses Russian Networks of New Massive Cyber Attacks

DHS Announces New Measures to Boost Nation’s Cybersecurity

U.S. House Committees to Hold Feb 26 Hearing on ‘SolarWinds’ Hack

Texas Electric Company Warns of Scammers Threatening to Cut Power

Toledo Public School Students Seeing Effects of Last Year’s Massive Data Breach

Google Lifting Ban on Political Ads Instituted After Capitol Riots

Watchdog Questions Legality of Using Cellphone Data Without Warrants

Former Employee Behind Earthquakes Stadium Hack
French Boat Maker Beneteau to Suspend Some Production After Cyberattack

Silicon Valley VC Firm Sequoia Capital Phished

BBC Reports Theft of 105 Electrical Devices

ServiceNow Admin Credentials Exposed in Cloud Security Blunder

Assume Clubhouse Conversations Are Being Recorded, Researchers Warn

Powerhouse VPN Products Can Be Abused for Large-Scale DDoS Attacks

Accellion FTA Zero-Day Attacks Show Ties to Clop Ransomware, FIN11

Stored XSS Bug in Apple iCloud Domain Disclosed by Bug Bounty Hunter

SHAREit Fixes Security Bugs in App With 1 Billion Downloads

2/19-21/2021

Biden Calls for Creating ‘Rules’ on Cyber, Tech to Combat China and Russia Threats

Krebs: Mexican Politician Removed Over Alleged Ties to Romanian ATM Skimmer Gang

Northern Ireland Customers Warned Over ‘Royal Mail’ Scam Messages

Google Alerts Abused to Push Fake Adobe Flash Updater

CIS Now Offers Free Ransomware Protection to All U.S. Hospitals

Microsoft Edge Is Crowdsourcing Whether to Show Notification Prompts

SonicWall Releases Additional Update for SMA 100 Vulnerability

Tim Berners-Lee Says Australian Law Would Make Internet ‘Unworkable’

EU Decision Frees U.K. to Handle Europeans’ Personal Data

Kaspersky: Decline in DDoS Attacks Linked to Surge in Cryptocurrency Value

Crypto Price Surge Invites a Torrent of Crypto Crime

Tech Industry Is Looking to Replace the Smartphone — What Will Apple Come up With?
Hungary Says Vaccine Registration Website Under Cyber Attack

Kroger Data Breach Exposes Pharmacy and Employee Data (Accellion Vuln)

Underwriters Laboratories (UL) Certification Giant Hit by Ransomware

More U.S. Cities Disclose Data Breaches after AFTS’s Ransomware Attack

Yuba County (CA) Focuses on Recovery After Ransomware Attack

Kia Denies Ransomware Attack

Parents Alerted to NurseryCam Security Breach

New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card

New Silver Sparrow Malware Found on 30,000 Macs Has Security Pros Stumped

Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users

Recently Fixed Windows Zero-Day Actively Exploited Since Mid-2020

Chrome for iOS Will Let You Lock Incognito Mode With Face ID

2/18/2021

SolarWinds Hackers Studied Microsoft Source Code for Authentication and Email

White House Now Says 100 Companies Hit by SolarWinds Hack, but More May Be Impacted

Senate Intelligence Panel to Hold Hearing on SolarWinds Breach Next Week

Congress Faces News Showdown With Facebook, Google

States Push Internet Privacy Rules in Lieu of Federal Standards 

Op-Ed: Hackers Are Targeting COVID-19 Vaccinations. Here’s How to Stop Them

FBI: Telephony Denial-of-Service Attacks Can Lead to Loss of Lives

Apple Adds ‘BlastDoor’ Security Feature to Fight iMessage Hacks

Apple Outlines 2021 Security, Privacy Roadmap

IBM Explores Sale of IBM Watson Health

Software Firm Owner Admits Fraud and CSAM Possession

U.S. Jails Celebrated Nigerian Entrepreneur for Cyber-Fraud
RIPE NCC Internet Registry Discloses SSO Credential Stuffing Attack

34,000 Patients Potentially Impacted by Grand River Medical Group (IA) Data Breach

California DMV Halts Data Transfers After Vendor Breach (AFTS)

Cryptopia Got Hacked While in Liquidation Due to a Hack

‘Secure’ Daycare Video Monitoring Product Beamed DVR Admin Creds to All Users

Hackers Abuse Google Apps Script to Steal Credit Cards, Bypass CSP

Half of Apps Contain at Least One Serious Exploitable Vulnerability

Mac Malware Targets Apple’s In-House M1 Processor

U.S. Shares Info on North Korean Malware Used to Steal Cryptocurrency

SDK Bug Lets Attackers Spy on User’s Video Calls Across Dating, Healthcare Apps

Exploit Details Emerge for Unpatched Microsoft Bug

2/17/2021

U.S. Says Threat Posed by North Korea Cyber Activity Part of Policy Review

Krebs: U.S. Indicts North Korean Hackers in Theft of $200 Million

Biden to Take ‘Executive Action’ to Address SolarWinds Breach

White House Cyber Adviser Says It Will Take Months to Investigate Russian Hack

Senate Intel Leader Demands Answers on Florida Water Treatment Center Breach

Stolen Jones Day Law Firm Files Posted on Dark Web

Jones Day Denies Network Breach

China Requiring Bloggers to Obtain Government Credentials

Facebook to Restrict News Content in Australia in Response to Proposed Law

Black and LGBT Edinburgh University students attacked in Zoom meeting

Rising Healthcare Breaches Driven by Hacking and Unsecured Servers

Phishing: These Are the Tricks Crooks Use to Make You Open Malware Email Attachments
Kia Motors America Suffers Ransomware Attack, $20 Million Ransom

Jamaica’s Immigration Website Exposed Thousands of Travelers’ Data

15,600 Patients’ Health Info Exposed in Ransomware Attack on Granite Wellness Centers (CA)

Reliant Federal Credit Union (WY) Reports Data Breach

ECU Suffering Customer Dissatisfaction as Confusion Reigns Over Cyber Attack

Russian Sandworm Hackers Only Hit Orgs With Old Centreon Software

Researchers Unmask Hackers Behind APOMacroSploit Malware Builder

Windows, Linux Devices Hijacked In Two-Year WatchDog Cryptojacking Campaign

Masslogger Swipes Microsoft Outlook, Google Chrome Credentials

Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping

Ninja Forms WordPress Plugin Bug Opens Websites to Hacks

QNAP Patches Critical Vulnerability in Surveillance Station NAS App

2/16/2021

North Korea Accused of Hacking Pfizer for COVID-19 Vaccine Data

Hacker Claims to Have Stolen Files Belonging to Prominent Law Firm Jones Day – Firm Has Ties with Trump

Space Force Starts Transitioning Cybersecurity Professionals Into Its Ranks

Industry Groups Urge Congress to Include Cybersecurity Funding in Coronavirus Relief Package

Firms Patch Greater Number of Systems, but Still Slowly

Under Attack: Hosting & Internet Service Providers

TikTok Hit With European Regulatory Complaints Over Child Safety, Data Privacy

China Blocked Jack Ma’s Ant IPO After Investigation Revealed Likely Beneficiaries

Parler Announces Official Relaunch, Says It Is Back Online

Microsoft Edge Is Getting a New Child-Friendly Kids Mode

Let’s Encrypt Gears Up to Replace 200M Certificates a Day

LastPass to Limit Fans of Free Password Manager to One Device Type Only – Computer or Mobile
Kia Motors America Experiences Massive IT Outage across the U.S.

Omnicom Media Group Reportedly Falls Prey to Cyber Attack

Hoffman Construction Shores up Its Defense Systems After Employee Healthcare Data Breach

Student Data Breached in Cyber Attack on Simon Fraser University (BC)

Lakehead University (ON) Victim of Cyber Attack

French IT Monitoring Firm Centreon Says No Customers Affected by Hacking Campaign

Malvertisers Exploited Browser Zero-Day to Redirect Users to Scams

Unpatched Android App SHAREit with 1 Billion Downloads Threatens Spying, Malware

Misconfigured Baby Monitors Allow Unauthorized Viewing

Microsoft Pulls Bad Windows Update After Patch Tuesday Headaches

Windows 10 Secure Boot Update Triggers BitLocker Key Recovery

Microsoft Releases Azure Firewall Premium in Public Preview

2/15/2021

Langevin Hopeful New Armed Services Panel Will Shine New Spotlight on Cybersecurity

Microsoft: SolarWinds Attack Took More Than 1,000 Engineers to Create

French IT Monitoring Company Centreon’s Software Targeted by Russian ‘Sandworm’ Hackers: Cyber Agency

Mercedes Issues eCall Recall

Krebs: Bluetooth Overlay Skimmer That Blocks Chip

This Phishing Email Promises You a Bonus, but Actually Delivers This Windows Trojan Malware

Workforce Opportunity Services Hits the Cybersecurity Skills Gap Head-On
Cyberattack on Dutch Research Council (NWO) Suspends Research Grants

DDoS Attack Takes Down EXMO Cryptocurrency Exchange Servers

Dax-Côte d’Argent Hospital in France Hit by Ransomware Attack

Recent Campbell County Health (WY) Data Breach Affects 900 Patients

Apple Will Proxy Safe Browsing Requests to Hide iOS Users’ IP From Google

Microsoft Will Alert Office 365 Admins of Forms Phishing Attempts

2/12-14/2021

Facebook Meets Apple in Clash of the Tech Titans—‘We Need to Inflict Pain’

Microsoft President: SolarWinds Hack Was ‘Largest and Most Sophisticated Attack’ Ever

SolarWinds: How They Did It

Copycats Imitate Novel Supply Chain Attack That Hit Tech Giants

‘Annoyingly Believable’ Tax Scam Targets Mobile Users

Scammers Target U.S. Tax Pros in Ongoing IRS Phishing Attacks

It Can Happen to You: Kansas Teen Loses Everything in Ransomware Attack

Three Charged Over Fraudulent Vaccine Website

Egregor Ransomware Members Arrested by Ukrainian, French Police

Years Later, Bloomberg Doubles Down on Disputed Supermicro Supply Chain Hack Story
Pro-India Hackers Use Android Spyware to Spy on Pakistani Military

mHealth Apps Expose Millions to Cyberattacks

Yandex Data Breach Exposes 4K+ Email Accounts

Canadian Discount Car and Truck Rentals Hit by DarkSide Ransomware

Big Huge Games Hit By Cyber Attack

FBI Investigating After Cyber Attack on Central Piedmont Community College (NC)

CD Projekt’s Stolen Source Code Allegedly Sold by Ransomware Gang

Secret Chat in Telegram Left Self-Destructing Media Files On Devices

Google Chrome, Microsoft Edge Getting This Intel Security Feature

2/11/2021

White House Names Anne Neuberger to Lead Response to SolarWinds Hack

Biden to Sign Executive Order Addressing Chip Shortage

Lawmakers Introduce Bipartisan Bill to Allow for Increased Use of Internet-Connected Devices

Military, Nuclear Entities Under Target By Novel Android Malware

U.N. Members Plan New Cyber Group as States Suffer Large-Scale Hacks

Illinois Is State Hit Hardest by Cybercrime

Hackers Ask Only $1,500 for Access to Breached Company Networks

Pre-Valentine’s Day Malware Attack Mimics Flower, Lingerie Stores

India Calls Out Twitter for Differential Treatment

Facebook Tries to Seize Websites Set up for Staff Security Training
Singtel, QIMR Berghofer Report Accellion-Related Data Breaches

Bannock County (ID) Notifies Citizens of Data Breach

Various Malware Lurks in Discord App to Target Gamers

TrickBot’s BazarBackdoor Malware Is Now Coded in Nim to Evade Antivirus

Buggy WordPress Plugin Exposes 100k Sites to Takeover Attacks

12-Year-Old Windows Defender Bug Gives Hackers Admin Rights

Microsoft Warns of an Increasing Number of Web Shell Attacks

Internet Explorer 11 Zero-Day Vulnerability Gets a Free Micropatch

Intel Fixes Vulnerabilities in Windows, Linux Graphics Drivers

Apax to Acquire Herjavec Group

2/10/2021

Biden Holds 1st Call As President With China’s Xi As Trade, Security Issues Loom

TikTok Sale to Oracle, Walmart Is Shelved as Biden Reviews Security

Tencent Executive Held by China Over Links to Corruption Case

Biden Announces U.S. Sanctions against Leaders of Myanmar Military Coup

Iran Has Started Producing Uranium Metal, in Violation of 2015 Accords, IAEA Says

U.N. Experts Point Finger at North Korea for $281 Million Cyber Theft, KuCoin Likely Victim

Europol: 10 Held for Alleged $100m Cryptocurrency Theft From Celebs, Others

Election Commission Approves New Guidelines to Secure, Update Voting Equipment

U.S. Coast Guard Orders Maritime Facilities to Report SolarWinds Breaches

Twitter Complies With Indian Government Orders to Block Hundreds of Accounts

Hybrid, Older Users Most-Targeted by Gmail Attackers

Krebs: What’s Most Interesting About the Florida Water System Hack? That We Heard About It at All.
French Health Insurance Co. Mutuelle Nationale des Hospitaliers (MNH) Hit by RansomExx

Syracuse University Data Breach Exposes Nearly 10,000 Names, Social Security Numbers

British Columbia Real Estate Agency Sustains Unusual Ransomware Attack

Ransomware Group Posts Stolen Chatham County (NC) Health Data Online

Hacker Sets Alleged Auction for Witcher 3, CyberPunk 2077 Source Code

Romance Fraud Surges in Lockdown Following Shift to Online Dating

Hacker Admits Stealing College Girls’ Nude Snaps

Following Oldsmar Attack, FBI Warns About Using Teamviewer and Windows 7

Raspberry PIs Running Ubuntu Added to IoT Patching Service KernelCare

SAP Commerce Critical Security Bug Allows RCE

Intel Squashes High-Severity Graphics Driver Flaws

Microsoft Now Forces Secure RPC to Block Windows Zerologon Attacks

2/9/2021

Huawei Wants Appeals Court to Overturn FCC’s National Security Ban

CEO Says He’d Welcome Phone Call from Biden in First Remarks on New U.S. President

Senators Ask Federal Officials to Designate Leader in ‘Disorganized’ SolarWinds Response

Op-Ed: The SolarWinds Hack Is a Blow: the U.S. Must Prioritize Cybersecurity Now

Cybersecurity Experts Say Oldsmar Water System Attack Highlights Larger Vulnerabilities

New BendyBear APT Malware Gets Linked to Chinese Hacking Group

Google Expands Election Security Offerings for Federal and State Campaigns

Office 365 Will Help Admins Find Impersonation Attack Targets

Hackers Targeted Financial Sector in Mass Extortion Campaign

Gaming Industry Is Fraudsters’ Prime Target

Microsoft: Recent Windows 10 Gaming Issues Caused by Discord Bug

Big Data Is Booming in the U.S., but Other Countries Are Making the Rules

Krebs: Arrest, Raids Tied to ‘U-Admin’ Phishing Kit
Cyberpunk 2077 Makers CD Projekt Hit by Ransomware Hack

HelloKitty Ransomware Behind Attack

Web Hosting Provider No Support Linux Hosting Shuts Down After Cyberattack

Hackley Community Care (MI) Notifies Affected Patients of Data Breach

Kokomo-Howard Public Library (IN) Hit With Ransomware Attack

Researcher Hacks Microsoft, Apple, More in Novel Supply Chain Attack

Android Devices Hunted by LodaRAT Windows Malware

Google Play Boots Barcode Scanner App After Ad Explosion

Actively Exploited Windows Kernel EoP Bug Allows Takeover

Attackers Exploit Critical Adobe Flaw to Target Windows Users

Adobe Fixes Critical Reader Vulnerability Exploited in the Wild

Apple Fixes SUDO Root Privilege Escalation Flaw in macOS

Krebs: Microsoft Patch Tuesday, February 2021 Edition

2/8/2021

Iran ‘Hides Spyware in Wallpaper, Restaurant and Games Apps’

Hackers Try to Contaminate Florida Town’s Water Supply Through Computer Breach

Billions of Passwords Offered for $2 in Cyber-Underground

Emotet Takedown: Short-Term Celebration, Long-Term Concerns

iPhone 12 Magnet Array Can Disrupt Implantable Medical Devices

Facebook to Take Down Posts With False Claims About Vaccines

Virginia Lawmakers Poised to Pass New Rules for Internet Privacy

Paralegal’s Pal Admits Outing Witnesses

Crypto Fund Founder Pleads Guilty to $100m Fraud Scheme
Hackers Hit Nebraska Medical Center, U of Nebraska With Malware, Steal Patient and Employee Records

Seattle-based Automatic Funds Transfer Services Hit With Data Breach

Emsisoft Suffers System Breach

Cannabis Cultivator Cann Group Loses $3.6 Million in Cyber Attack

WestRock January Ransomware Attack Hinders Packaging Production

Experian Investigating Whether Serasa Involved in Brazil Data Breach

Android App Barcode Scanner Joins the Dark Side, Sends Malware Update to Millions

Critical WordPress Plugin Flaw Allows Site Takeover

Microsoft to Alert Office 365 Users of Nation-State Hacking Activity

2/5-7/2021

Cruz Blocks Vote on Biden Commerce Secretary Nominee Over Huawei Concerns

Former U.S. Cyber Chief Chris Krebs Calls for Military to Attack Hackers

Industrial Networks See Sharp Uptick in Hackable Security Holes

First Eletrobras, Now Copel Energy Companies Hit by Ransomware Attacks

Several .LK Domains Crashed Due to Cyber Attack

Ziggy Ransomware Shuts Down and Releases Victims’ Decryption Keys

New Phishing Attack Uses Morse Code to Hide Malicious URLs

Don’t Post Your Coronavirus Vaccination Card Selfie on Social Media

Signal Ignores Proxy Censorship Vulnerability, Bans Researchers

Temporary Restrictions on GameStop, Other Stocks Lifted by Robinhood

South Carolina Plans Cyber-Ecosystem
SitePoint Discloses Data Breach After Stolen Info Used in Attacks

SN Servicing Corporation Discloses Ransomware Attack to Multiple States

Hackers Post Patient Medical Records From Florida and Texas Hospital Chains

36,000+ UPMC Patients May Have Had Personal Data Accessed Due to Breach

Winthrop (MA) Public Schools, Town Offices Targeted in Cyber Attack

Chrome Users Have Faced 3 Security Concerns Over the Past 24 Hours

Microsoft Warns of Increasing OAuth Office 365 Phishing Attacks

Unpatched WordPress Plugin Code-Injection Bug Afflicts 50K Sites

Fortinet Fixes Critical Vulnerabilities in SSL VPN and Web Firewall

Mozilla Fixes Windows 10 NTFS Corruption Bug in Firefox

‘Cyberpunk 2077’ Update Fixes a Save File Exploit on PC

2/4/2021

Biden: U.S. Taking ‘Urgent’ Steps to Improve Cybersecurity

House Democrat Warns Big Tech to ‘Step up in Big Way’ or Risk Section 230 Changes

Krebs: Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Israeli Hackers Breach KKK-Affiliated Website

Automated Tools Increasingly Used to Launch Cyber-Attacks

Ransomware Attacks Increasingly Destroy Victims’ Data by Mistake

Hackers Steal StormShield Firewall Source Code in Data Breach

Hacking Group Also Used an IE Zero-Day Against Security Researchers

Clearview AI Raises Disquiet at Privacy Regulators

Data Drought Slows Advance of AI in Cybersecurity

IBM Announces $3M Cybersecurity Grants for US Schools
Brazil’s Eletrobras Says Nuclear Unit Hit With Cyberattack

Oxfam Australia Investigates Data Breach After Database Sold Online

Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months

Victor Central School District (NY) Hit with Ransomware Attack

Woodland Trust Hit by Cyber Attack in December

Nespresso Smart Cards Hacked to Provide Infinite Coffee

Plex Media Servers Actively Abused to Amplify DDoS Attacks

Microsoft Office 365 Attacks Sparked from Google Firebase

Android Devices Prone to Botnet’s DDoS Onslaught

Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices

Google Fixes Chrome Zero-Day Actively Exploited in the Wild

2/3/2021

Hackers Lurked in SolarWinds Email System for at Least 9 Months, CEO Says

Op-Ed: The Best Way for Biden to Go on the Cyber Counterattack

SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover

Federal Cyber Agency Reevaluating Its Role in Countering Election Disinformation

Parler CEO John Matze Says He’s Been Terminated by Board: ‘I Did Not Participate in This Decision’

Myanmar’s New Military Government Bans Facebook

Tulsa Mayor’s Cyber-stalker Jailed

Owners of Fertility App Premom Sued Over Non-Consensual Data Sharing
EscortReviews.com Data Breach Affects 470,000 Members

Over a Dozen Chrome Extensions Caught Hijacking Google Search Results for Millions

New Malware Hijacks Kubernetes Clusters to Mine Monero

Latest acOS Big Sur Also Has SUDO Root Privilege Escalation Flaw

Microsoft Defender ATP Detects Chrome Updates as PHP Backdoors

Cisco Fixes Critical Code Execution Bugs in SMB VPN Routers

Five Critical Android Bugs Patched, Part of Feb. Security Bulletin

SonicWall Fixes Actively Exploited SMA 100 Zero-Day Vulnerability

2/2/2021

Suspected Chinese Hackers Used SolarWinds Bug to Spy on U.S. Payroll Agency

U.S. Court System Ditches Electronic Filing, Goes Paper-Only for Sensitive Docs Following SolarWinds Hack

Officials Applaud Confirmation of Mayorkas as DHS Secretary for Cybersecurity

Hospitals Suffer New Wave of Hacking Attempts

Babyk Ransomware Won’t Hit Charities, Unless They Support LGBT, BLM

Ransomware Gangs Made at Least $350 Million in 2020

Average Ransom Payments Declined Last Quarter

Interview With a Russian Ransomware Cybercriminal

Krebs: ‘ValidCC,’ a Major Payment Card Bazaar and Looter of E-Commerce Sites, Shuttered

Crypto Crook Hired Steven Seagal to Promote Scam, Now Faces Charges

Medical Researcher Jailed for Selling Secrets to China

Google Funds Project to Secure Apache Web Server With New Rust Component
Netgain Ransomware Incident Impacts Local Governments

Rotterdam (NY) Alerts Residents of Data Breach

Data on 3.2 Million DriveSure Clients Exposed on Hacking Forum

Vermont Labor Commissioner Apologizes for Tax Data Breach

Goodwin Procter Law Firm Says It Was Hit by Data Breach of Vendor

Baldwin Wallace University (OH) Was Targeted for Cyber Attack

Oklahoma State Tourism Department Reports Data Breach, No Social Security, Financial Data Compromised

Magento Web Skimmers Piggyback in Ongoing Costway Website Compromise

Tiny Kobalos Malware Bedevils Supercomputers to Steal Logins

Agent Tesla Trojan ‘Kneecaps’ Microsoft’s Anti-Malware Interface

Trickbot Malware Now Maps Victims’ Networks Using Masscan

Microsoft Defender Now Detects macOS System, App Vulnerabilities

Apple Pulls iCloud 12 for Windows 10 With Keychain Sync Feature

2/1/2021

Intel Agency Warns of Threats From China Collecting Sensitive U.S. Health Data

May Have Personal Data of 80% of U.S. Adults

EU Aims to Seal Data-Flow Deals With U.S. and Britain

U.S. Gov’t: Number of Identity Theft Reports Doubled Last Year

Scammers Posing as FBI Agents Threaten Targets With Jail Time

Phishing Campaign Lures U.S. Businesses With Fake PPP Loans

Global Gov’t Outsourcer Serco That Runs Part of the UK COVID-19 Test & Trace Program Hit by Ransomware

Krebs: UK Arrest in ‘SMS Bandits’ Phishing Service

Greek Police to Introduce Live Facial Recognition

6 Cybersecurity Start-Up Trends to Track
Personal Data of 1.4 Million Washington Unemployment Claimants Exposed in State Auditor Hack

Wind River Security Incident Affects SSNs, Passport Numbers

European Volleyball Org’s Azure Bucket Exposed Reporter Passports

Westlake Police Department (OH) Hit by Ransomware That Made Some Evidence Disappear

Florida Healthy Kids Data Hacked, Dating Back to 2013

Alleged Gaming Software Supply-Chain Attack Installs Spyware on NoxPlayer

SonicWall SMA 100 Zero-Day Exploit Actively Used in the Wild

Trickbot Trojan Back from the Dead in New Campaign

Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code

1/29-31/2021

New State Department Cyber Bureau Stirs Opposition

Lawmakers Grill NSA on Years-Old Breach in the Wake of Massive Russian Hack

Xiaomi Sues U.S. in Bid to Remove Itself From Communist Chinese Military Company List

Krebs: The Taxman Cometh for ID Theft Victims

Home Working Increases Cyber-Security Fears

Fonix Ransomware Shuts Down and Releases Master Decryption Key

Vovalex Is Likely the First Ransomware Written in D

Here’s How Law Enforcement’s Emotet Malware Module Works

Cisco’s SpamCop Anti-Spam Service Suffers an Outage After Its Domain Expired

Industrial Gear at Risk from Fuji Code-Execution Bugs

Car Makers Seek Ways to Secure Data Needed to Build Connected Services

Miss England Social Media Accounts Held to Ransom by Cyber-Attackers

Facebook Said to Consider Suing Apple Over App Store Practices

Retired Nevada Cyber-Cop Charged with Forgery and Bigamy
Malicious ‘Home Depot’ Ad Gets Top Spot in Google Search

Florida Medicaid Website Hacked for 7 Years, Hundreds of Thousands Affected

UK Research and Innovation (UKRI) Suffers Ransomware Attack

Asian Delivery Biz Bykea Exposes 400 Million Records in Privacy Snafu

Perl.com Domain Stolen, Now Using Ip Address Tied to Malware

Washington State Auditor’s Office Breached in Software ‘Security Incident’

Ramsey County (MN) Ransomware Attack Exposes Personal Data of Thousands

Lassen Community College (CA) Victim of Cyber Attack; Feather River College Fine Thus Far

Poor Password Security at the British Branch of Mensa?

New Pro-Ocean Malware Worms Through Apache, Oracle, Redis Servers

WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites

Microsoft 365 Becomes Haven for BEC Innovation

Windows Installer Zero-Day Vulnerability Gets Free Micropatch

Apple iOS 14 Thwarts iMessage Attacks With BlastDoor System

1/28/2021

Social Media Influencer Charged with Election Interference

Facebook ‘Supreme Court’ Orders Social Network to Restore 4 Posts in 1st Rulings

Robinhood Restricts Trading of Companies Targeted by Reddit Users

Jack Ma’s Ant Plans Major Revamp in Response to Chinese Pressure

If You Want to Get Through China’s Great Firewall, Don’t Forget Shadowsocks

Utah Ponders Making Online ‘Catfishing’ a Crime

Facial Recognition: Don’t Use It to Snoop on How Staff Are Feeling, Says Watchdog

Microsoft: 8 Trillion Daily Signals Power Our Cybersecurity Services

Talent and Capital Are Shifting Cybersecurity Investors’ Focus Away From Silicon Valley
USCellular Hit by a Data Breach After Hackers Access CRM Software

Crisp Regional Health Services (GA) Falls Victim to Ransomware Attack

Italy CERT Warns of a New Credential Stealing Android Malware ‘Oscorp’

Rocke Group’s Malware Now Has Worm Capabilities

LogoKit Simplifies Office 365, SharePoint ‘Login’ Phishing Pages

Hezbollah Hackers Attack Unpatched Atlassian Servers at Telcos, ISPs

Microsoft: North Korean ‘Zinc’ Hackers ‘Likely’ Hit Researchers With Chrome Exploit

Google Chrome Blocks 7 More Ports to Stop NAT Slipstreaming Attacks

How to Make Cybersecurity a Top Priority for Boards and CFOs

1/27/2021

Biden’s Cyber Priorities Zero in on Russian Hack

McCaul Urges Senators to Block Vote on Commerce Secretary Over Huawei Concerns

What Tech Can the President Use?

Krebs: International Action Targets Emotet Crimeware

Europol: Emotet Malware Will Uninstall Itself on March 25th

Krebs: Arrest, Seizures Tied to NetWalker Ransomware

New Zealand Financial Markets Regulator Says NZX Failed to Meet Tech Standards

Many Cybersecurity Job Candidates Are Subpar, On-the-Job Training Falls Short

Tampa Cybersecurity Firm ReliaQuest Hired to Protect Super Bowl From Hackers

Insurers Defend Covering Ransomware Payments

Grindr Faces $11.7m Data Privacy Fine
Warning Issued Over Hackable ADT’s LifeShield Home Security Cameras

Midland University Update on Auxiliary Systems Ransomware Incident

TeamTNT Cloaks Malware With Open-Source Tool

Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming

New Docker Container Escape Bug Affects Microsoft Azure Functions

Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update

Microsoft Rolls Out Application Guard for Office to All Customers

Here’s how a researcher broke into Microsoft VS Code’s GitHub

Microsoft’s Security Business Swells to $10 Billion

Apple, Facebook Report Increase in Earnings at the End of 2020

1/26/2021

Google: North Korea Hackers Use Social Media to Target Security Researchers

I Was Targeted by North Korean 0-Day Hackers Using a Visual Studio Project

The Massive SolarWinds Hack and the Future of Cyber Espionage

Mimecast Links Security Breach to SolarWinds Hackers

Three Others Too

Biden Presses Putin on Navalny Arrest and Massive Cyber Hack in First Phone Call

Biden Administration Appoints Chris Derusha as Federal CISO

Governors Hear About the Dangers of a Lackluster CyberResponse, Need for FBI Coordination

South African Government Releases Its Own Browser Just to Re-Enable Flash Support

U.S. Cyber Intel Officer Gets 11 Years for Kidnapping Her Kid, Trying to Defect to Russia

Hacker Admits Targeting Major U.S. Websites
Targeted Phishing Attacks Strike High-Ranking Company Executives

23M Gamer Records Exposed in VIPGames Leak

TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks

Pan-Asian Retail Giant Dairy Farm Suffers REvil Ransomware Attack

Scottish Prison Service Hit by Cyber Attack as Hackers ‘From Morocco’ Target Website

Cybercriminals Use Deceased Staff Accounts to Spread Nemty Ransomware

Nefilim Ransomware Gang Hits Jackpot with Ghost Account

DanaBot Malware Roars Back into Relevancy

New Linux SUDO Flaw Lets Local Users Gain Root Privileges

Google Fixes Severe Golang Windows RCE Vulnerability

Nvidia Squashes High-Severity Jetson DoS Flaw

1/25/2021

Biden Admin Vows to Hold China ‘Accountable’ While Weighing Approach to Huawei, TikTok

Assembling Government Cyber Team

Outgoing FCC Chair Issues Final Security Salvo Against China

High-Profile Hacks Spark Calls for Global Cyber Response

EMA Says Some Leaked COVID-19 Documents ‘Taken Out of Context’

Beware of Active UK NHS COVID-19 Vaccination Phishing Campaign

Ransomware Gangs Are Using These Techniques to Make Victims More Likely to Pay Up

Australia’s Securities Regulator Says Server Hit by Cyber Security Breach

Facebook to Grant Researchers Access to Targeting Information About Political Ads

Twitter Launches User Forum to Combat Misinformation

Google Unions Around the World Form Alpha Global Alliance

That Cute Robot Cop Can Instantly Work Out Who You Are
Hacker Leaks Data of 2.28 Million MeetMindful Dating Site Users

Leading Crane Maker Palfinger Hit in Global Cyberattack

Ransomware Gang Taunts IObit With Repeated Forum Hacks

Tata Sky, Croma Site Vulns Exposed Sensitive Customer Data of Millions

323,277 Cook County, Illinois Records Exposed

Ohio Job and Family Services Security Vulnerability May Have Exposed Personal Data

Florida Breast Cancer Practice Takes EHR Offline Following Cyber Attack

WestRock Company Hit With Cyber Attack

Georgetown County (SC) Falls Victim to Cyber Attack

A New Wormable Android Malware Spreading Through WhatsApp

Cisco DNA Center Bug Opens Enterprises to Remote Attack

Former LulzSec Hacker Releases VPN Zero-Day Used to Hack Hacking Team

1/22-24/2021

After Big Hack of U.S. Government, Biden Enlists ‘World Class’ Cybersecurity Team

The Next Pandemic May Be Cyber — How Biden Administration Can Stop It

Democrats Seek Answers on Impact of Russian Cyberattack on Justice Department, Courts

Russian Government Warns of U.S. Retaliatory Cyberattacks

Intelligence Agency Gathers U.S. Smartphone Location Data Without Warrants, Memo Says

SEPA Shrugs off 4,000 Files Dumped Online, Saying It’s Nothing Big

Avaddon Now Uses DDoS Attacks to Force Ransomware Victims to Pay, Joining SunCrypt & RagnarLocker

ADT Tech Hacks Home-Security Cameras to Spy on Women

Tesla Sues Former Employee for Allegedly Stealing Software

Facebook Users Were Mass-Logged Out Friday by Configuration Change

How Cybersecurity Newbs Can Start Out on the Right Foot
SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product

Intel: Hackers Stole Unpublished Earnings Info From Corporate Site

Data Breach at Buyucoin Crypto Exchange Leaks User Info, Trades

Bonobos Clothing Store Suffers a Data Breach, Hacker Leaks 70GB

Clop Ransomware Gang Dumps Sensitive Files From Atlantic Records’ London Ad Agency The7stars Online

MyFreeCams Site Hacked to Steal Info of 2 Million Paying Users, Offering to Sell for Bitcoin

Amazon Kindle RCE Attack Starts with an Email

Discord-Stealing CursedGrabber Malware Invades npm Packages

Experts Detail A Recent Remotely Exploitable Windows Vulnerability

SAP SolMan Exploit Released for Max Severity Pre-Auth Flaw

Drupal Releases Fix for Critical Vulnerability With Known Exploits