1/28/2025 January 28, 2025January 28, 2025 ~ The Cyber Beat ~ Leave a comment Krebs: A Tumultuous Week for Federal Cybersecurity EffortsDeepSeek’s Popular AI App Is Explicitly Sending U.S. Data to China…Apple Researchers Reveal the Secret Sauce Behind DeepSeek AIScammers Are Creating Fake News Videos to Blackmail VictimsAI Haters Build Tarpits to Trap and Trick AI Scrapers That Ignore robots.txtMicrosoft Tests Edge Scareware Blocker to Block Tech Support ScamsGoogle Play Will Now Verify VPNs That Prioritize Privacy and SafetyBritish Vishing-as-a-Service Trio SentencedProsecutors Say They Can’t Obtain Murder Conviction After Judge Throws Out Evidence From Facial Recognition Match58% of Ransomware Victims Forced to Shut Down OperationsHow Long Does It Take Hackers to Crack Modern Hashing Algorithms?UK Engineering Firm Smiths Group Hit by Cyber AttackTexas Utility Firm CenterPoint Energy Investigating Potential Leak of Customer Data Tied to 2023 MOVEit BreachAPI Supply Chain Attacks Put Millions of Airline Users at RiskPowerSchool Starts Sending Breach Notifications, but There Are Still Questions Left to AnswerENGlobal Cyber-Attack Exposes Sensitive DataPureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing CyberattacksLynx Ransomware Group Unveiled with Sophisticated Affiliate ProgramHellcat: Baguette Bandits Strike Again With Ransomware and a Side of MockeryHackers Exploiting Flaws in SimpleHelp RMM to Breach NetworksNew Apple CPU Side-Channel Attacks Steal Data From BrowsersSignal Will Let You Sync Old Messages When Linking New Devices
1/27/2025 January 28, 2025January 28, 2025 ~ The Cyber Beat ~ Leave a comment Silicon Valley Is Raving About a Made-in-China DeepSeek AI Model…China’s DeepSeek AI App Sends U.S. Tech Stocks Reeling…DeepSeek’s Top-Ranked AI App Is Restricting Sign-Ups Due to ‘Malicious Attacks’Hackers Hijack Emergency Sirens in Kindergartens Across IsraelUkraine Denies Involvement in Cyberattack Against SlovakiaSweden Seizes Cargo Ship After Another Undersea Cable Hit in Suspected SabotageEU Sanctions Russian GRU Hackers for Cyberattacks Against EstoniaMGM Agrees to Pay $45 Million to Settle Data-Breach LawsuitBrazil Bans Iris Scan Company Co-Founded by Sam Altman From Paying Citizens for Biometric DataDemocrat Members of U.S. Surveillance Watchdog Fired After Refusing to ResignMatagorda County (TX) Issues Disaster Declaration Following CyberattackUniversal Lenders (IL) Sends Data Breach Letters to 19,575 IndividualsHidden Text Salting Disrupts Brand Name Detection SystemsNew Phishing Campaign Targets Mobile Devices with Malicious PDFsMintsLoader Delivers StealC Malware and BOINC in Targeted Cyber AttacksClone2Leak: GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLsApple Fixes This Year’s First Actively Exploited Zero-Day BugCISOs Boost Crisis Simulation Budgets Amid High-Profile Cyber-AttacksBitwarden Makes It Harder to Hack Password Vaults Without MFAMicrosoft Teams Phishing Attack Alerts Coming to Everyone Next Month
1/24-26/2025 January 26, 2025January 26, 2025 ~ The Cyber Beat ~ Leave a comment Cyber Diplomacy Funding Halted as U.S. Issues Broad Freeze on Foreign AidKristi Noem Confirmed by U.S. Senate as Trump’s Homeland SecretaryUK to Examine Undersea Cable Vulnerability as Russian Spy Ship Spotted in British WatersUnitedHealth Estimates Change Healthcare Hack Impacted About 190 Million PeopleRussian Scammers Target Crypto Influencers with InfostealersHacker Infects 18,000 “Script Kiddies” With Fake Malware BuilderCan’t Download TikTok? How About a Used iPhone for $3,000U.S. Privacy Snags a Win as Judge Limits Warrantless FBI SearchesHackers Get $886,250 For 49 Zero-Days at Pwn2Own Automotive 2025TalkTalk Investigates Breach After Data for Sale on Hacking ForumAt Least $69 Million Stolen From Crypto Platform Phemex in Suspected CyberattackGame Developer Big Cheese Studio Targeted in Cyber Attack, PAP ReportsRansomware Gang Uses SSH Tunnels for Stealthy VMware ESXi AccessHackers Use Windows RID Hijacking to Create Hidden Admin AccountMeta’s Llama Framework Flaw Exposes AI Systems to Remote Code Execution RisksCISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities ListMicrosoft: Outdated Exchange Servers Fail to Auto-Mitigate Security BugsZyxel Warns of Bad Signature Update Causing Firewall Boot Loops
1/23/2025 January 24, 2025January 24, 2025 ~ The Cyber Beat ~ Leave a comment Hackers Imitate Kremlin-Linked Group to Target Russian EntitiesFBI: North Korean IT Workers Steal Source Code to Extort EmployersDOJ Indicts Two Americans for Running Laptop Farm Used in North Korea IT Worker ScamGoogle Is Giving IT More Control Over Your Chrome ExtensionsNew GhostGPT AI Chatbot Facilitates Malware Creation and PhishingHundreds of Fake Reddit Sites Push Lumma Stealer MalwareBookmakers Ramp Up Efforts to Combat Arbitrage Betting FraudPayPal Fined by New York for Cybersecurity FailuresTexas Probes Four More Car Companies Over How They Collect and Sell Consumer DataLinkedIn Sued for Allegedly Training AI Models With Private Messages Without ConsentTesla EV Charger Hacked Twice on Second Day of Pwn2Own TokyoCISA: Hackers Still Exploiting Older Ivanti Bugs to Breach NetworksCISOs Dramatically Increase Boardroom Influence but Still Lack Soft SkillsNew Android Identity Check Locks Settings Outside Trusted LocationsFortiGate Config Leaks: Victims’ Email Addresses Published OnlineRansomHub Lays Claim on American Standard, Grohe BreachesPFS Investments Inc. (GA) Files Notice of Recent Data Breach Leaking Confidential InformationExperts Find Shared Codebase Linking Morpheus and HellCat Ransomware PayloadsQakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering FeaturesSubaru Security Flaws Exposed Its System for Tracking Millions of CarsCritical Zero-Days Impact Premium WordPress Real Estate PluginsQNAP Fixes Six Rsync Vulnerabilities in NAS Backup, Recovery AppCustom Backdoor Exploiting Magic Packet Vulnerability in Juniper RoutersPalo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware ExploitsSonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely ExploitationCisco Fixes Critical 9.9-Rated, Make-Me-Admin Bug in Meeting ManagementThe Security Risk of Rampant Shadow AI
1/22/2025 January 22, 2025January 22, 2025 ~ The Cyber Beat ~ Leave a comment Iran and Russia Deepen Cyber Ties With New AgreementTrump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity ReviewTrump Admin Tells All Democrats on Intelligence Oversight Board to ResignKrebs: MasterCard DNS Error Went Unnoticed for YearsWhat PowerSchool Isn’t Saying About Its ‘Massive’ Student Data Breach…PowerSchool Hacker Claims They Stole Data of 62 Million StudentsCloudflare CDN Flaw Leaks User Location Data, Even Through Secure Chat AppsMajor Cybersecurity Vendors’ Credentials Found on Dark WebBreachForums Admin to Be Resentenced After Appeals Court Slams Supervised ReleaseIsraeli Private Eye Wanted in U.S. Over Alleged Hacking for Exxon Lobbyist, Lawyer SaysTrump Frees Silk Road Creator Ross Ulbricht After 11 Years in PrisonConduent Confirms Cybersecurity Incident Behind Recent OutageOctagon (CT) Sends Round of Data Breach Letters Following Recent Cybersecurity IncidentPlushDaemon APT Targeted South Korean VPN SoftwareTelegram CAPTCHA Tricks You Into Running Malicious Powershell ScriptsTycoon 2FA Phishing Kit Upgraded to Bypass Security MeasuresIPany VPN Breached in Supply-Chain Attack to Push Custom MalwareHackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS BotnetCisco Warns of Denial of Service Flaw With PoC Exploit CodeMicrosoft Issues Out-Of-Band Fix for Windows Server 2022 NUMA GlitchHackers Exploit 16 Zero-Days on First Day of Pwn2Own Automotive 2025Why CISOs Must Think Clearly Amid Regulatory Chaos
1/21/2025 January 21, 2025January 21, 2025 ~ The Cyber Beat ~ Leave a comment Russian Ransomware Groups Deploy Email Bombing and Teams VishingCERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security AuditsFake Homebrew Google Ads Target Mac Users With MalwareQuad Foreign Ministers Meet in Washington in Signal of Trump’s China FocusTSA Chief Behind Cyber Directives for Aviation, Pipelines and Rail Ousted by Trump TeamU.S. Department of Homeland Security Firing All Advisory Committee Members, Letter SaysUK’s New Digital IDs Raise Security and Privacy FearsDisciplinary and Special Ed Records of Toronto Students May Have Leaked in PowerSchool BreachCloudflare Mitigated a Record-Breaking 5.6 Tbps DDoS AttackRussian Telecom Giant Rostelecom Investigates Suspected Cyberattack on ContractorGovtech Giant Conduent Won’t Rule Out Cyberattack as Outage Drags OnIntraSystems Data Breach Hits Home Care Patients at Allegheny Health NetworkPNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers13,000 MikroTik Routers Hijacked by Botnet for Malspam and CyberattacksNew Mirai Malware Variant Targets AVTECH Cameras, Huawei RoutersOracle To Address 320 Vulnerabilities in January Patch Update7-Zip Fixes Bug That Bypasses Windows MoTW Security Warnings, Patch NowPatch Procrastination Leaves 50,000 Fortinet Firewalls Vulnerable to Zero-Day
1/17-20/2025 January 21, 2025January 21, 2025 ~ The Cyber Beat ~ Leave a comment Ukraine’s State Registers Restored Following Cyber-AttackIndian APT Group DONOT Misuses App for Intelligence GatheringU.S. Treasury Department Imposes Sanctions on Chinese Company Over Salt Typhoon HackFCC Orders Telecoms to Secure Their Networks After Salt Tyhpoon HacksTrump Revokes Biden Executive Order on Addressing AI RisksHomeland Security Nominee Kristi Noem Bashes CISA, Says Agency Must Be ‘Smaller, More Nimble’Tough New EU Cyber Rules Require Banks to Ramp up Security — But Many Aren’t ReadyTikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025…How to Get around the U.S. TikTok Ban…TikTok Restores Service for U.S. Users Based on Trump’s Promised Executive OrderCanadian IT Company OpenText Corporation Added to Moscow’s List of ‘Undesirable’ OrganizationsFormer CIA Analyst Pleads Guilty to Sharing Top Secret FilesPhilippines Arrests Chinese National Suspected of Spying on Critical InfrastructureCosta Rica Refinery Cyberattack Was First Deployment for New U.S. Response Program, Ambassador SaysData on Half a Million Hotel Guests Exposed After Otelier BreachHPE Launches Investigation After Hacker Claims Data BreachMedusa Ransomware Group Claims Attack on UK’s Gateshead CouncilLifeBridge Health (MD) Posts Notice of 2024 Data Breach Affecting Patient SSNs and Medical InfoEdw. C. Levy Co. (MI) Announces Data Breach Following Ransomware AttackHackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTPPython-Based Bots Exploiting PHP Servers Fuel Gambling Platform ProliferationMalicious PyPi Package Steals Discord Auth Tokens From DevsCritical Flaws in WGS-804HPT Switches Enable RCE and Network ExploitationStrategic Approaches to Threat Detection, Investigation & ResponseFTC Orders GM to Stop Collecting and Selling Driver’s DataFTC Cracks Down on Genshin Impact Gacha Loot Box Practices
1/16/2025 January 16, 2025January 16, 2025 ~ The Cyber Beat ~ Leave a comment Biden’s Cyber Ambassador Urges Trump Not to Cede Ground to Russia and China in Global Tech FightKrebs: Chinese Innovations Spawn Wave of Toll Phishing Via SMSRussian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential HarvestingBiden Issues 11th-Hour Cyber Executive OrderTrump’s Truth Social Users Targeted by Rampant Scams OnlineGitHub’s Deepfake Porn Crackdown Still Isn’t WorkingMiddle Eastern Real Estate Fraud Grows with Online ListingsEnzo Biochem Settles Lawsuit Over 2023 Ransomware Attack for $7.5mGDPR Complaints Filed Against TikTok, Temu for Sending User Data to ChinaU.S. Cracks Down on North Korean IT Worker Army With More SanctionsMicrosoft Expands Testing of Windows 11 Admin Protection FeatureWolf Haldenstein Law Firm Says 3.5 Million Impacted by Data BreachCarruth Compliance Consulting (OR) Sends Out Data Breach Letters Following December 2024 CyberattackClop Ransomware Gang Names Dozens of Victims Hit by Cleo Mass-Hack, but Several Firms Dispute BreachesHackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity StealerPython-Based Malware Powers RansomHub Ransomware to Exploit Network FlawsResearcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint ManagerResearchers Find Exploit Allowing NTLMv1 Despite Active Directory RestrictionsW3 Total Cache Plugin Flaw Exposes 1 Million WordPress Sites to AttacksNew UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
1/15/2025 January 15, 2025January 15, 2025 ~ The Cyber Beat ~ Leave a comment Russian Espionage and Financial Theft Campaigns Have Ramped Up, Ukraine Cyber Agency SaysChina’s Salt Typhoon Spies Spotted on U.S. Gov’t Networks Before Telcos, CISA Boss SaysNorth Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake DomainsLazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99UN Security Council Members Meet on Spyware for First TimeNo New Funding in EU Plan to Tackle Ransomware Attacks Against HospitalsSection 702 Surveillance Powers Remain ‘Indispensable,’ CIA Pick Ratcliffe SaysFederal Court Orders Massive Return of $9.3b in Bitcoin Stolen From Bitfinex in 2016 HackFTC Cracks Down on GoDaddy for Cybersecurity FailingsFrom Gmail to Word, Your Privacy Settings and AI Are Entering Into a New RelationshipDJI Loosens Flight Restrictions, Decides to Trust Operators to Follow FAA RulesCISA Shares Guidance for Microsoft Expanded Logging CapabilitiesSuspected Ukrainian Hackers Impersonating Russian Ministries to Spy on IndustryUnitedHealth Hid Its Change Healthcare Data Breach Notice for MonthsLabel Giant Avery Says Website Hacked to Steal Credit CardsUniversity of Oklahoma Isolates Systems After ‘Unusual Activity’ on IT NetworkE-Benefit Solution Notifies Consumers of Recent Data BreachEncompassCare (OH) Files Notice of Data Breach Affecting Consumers’ Social Security NumbersGoogle Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA CodesMikroTik Botnet Uses Misconfigured SPF DNS Records to Spread MalwareCritical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE AttacksGoogle Cloud Researchers Uncover Flaws in Rsync File Synchronization ToolSAP Fixes Critical Vulnerabilities in NetWeaver Application ServersMicrosoft: Happy 2025. Here’s 161 Security Updates (Krebs)
1/14/2025 January 14, 2025January 14, 2025 ~ The Cyber Beat ~ Leave a comment North Korea Linked to Crypto Heists of Over $650 Million in 2024 AloneU.S. Issues Final Rule Barring Chinese, Russian Connected Car TechHegseth Says Debate Over Cyber Command, NSA Leadership Would Reach ‘Conclusion’FBI Hacked Thousands of Computers to Make PlugX Malware Used by China Uninstall ItselfBiden Opens Federal Land for AI Data Centers, Sets Rules for DevelopersThe UK Wants to Do Its ‘Own Thing’ on AI Regulation, Suggesting a Divergence From U.S. And EUUK Floats Ransomware Payout Ban for Public SectorWyze Cameras Will Use AI to Describe What They SeeThe ‘Largest Illicit Online Marketplace’ Ever Huione Guarantee Is Growing at an Alarming Rate, Report SaysAsset Manager Ashford Settles SEC Allegations It Failed to Disclose Extent of HackRussia’s Largest Platform for State Procurement Hit by Cyberattack From Pro-Ukraine GroupConnecticut City of West Haven Assessing Impact of CyberattackTennessee-Based Mortgage Lender Confirms December CyberattackWP3.XYZ Malware Attacks Add Rogue Admins to 5,000+ WordPress SitesGoogle OAuth Vulnerability Exposes Millions via Failed Startup DomainsHackers Use FastHTTP in New High-Speed Microsoft 365 Password AttacksZero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed InterfacesMicrosoft January 2025 Patch Tuesday Fixes 8 Zero-Days, 159 FlawsSnyk Appears to Deploy ‘Malicious’ Packages Targeting Cursor for Unknown ReasonNew Startups Focus on Deepfakes, Data-in-Motion & Model Security
1/13/2025 January 13, 2025January 13, 2025 ~ The Cyber Beat ~ Leave a comment Russian Malware Campaign Hits Kazakhstan and Central Asian Diplomatic FilesTurks and Caicos Recovering From Pre-Christmas Ransomware AttackCISA Orders Agencies to Patch BeyondTrust Bug Exploited in AttacksPoland Uncovers Russia-Linked Disinformation Campaign Targeting Upcoming Presidential ElectionRep. Don Bacon on Cyber Deterrence: ‘Speak Softly and Carry a Big-@$$ Stick’Expired Domains Allowed Control Over 4,000 Backdoors on Compromised SystemsThe Criminal Question in the Coming Wave of Pro-Crypto LegislationInside the Black Box of Predictive Travel SurveillanceTexas Sues Allstate, Alleging It Violated Data Privacy Rights of 45 Million AmericansWEF Warns of Growing Cyber Inequity Amid Escalating Complexities in CyberspaceA Breach of Gravy Analytics’ Huge Trove of Location Data Threatens the Privacy of MillionsUK Domain Registry Nominet Confirms Breach via Ivanti Zero-DayCyberattack Forces Eindhoven University of Technology to Cancel LecturesHCF Management (OH) Sends Data Breach Letters to Victims Following September 2024 CyberattackOneBlood Confirms Personal Data Stolen in July Ransomware AttackStolen Path of Exile 2 Admin Account Used to Hack Player AccountsHackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto MinersRansomware Abuses Amazon AWS Feature to Encrypt S3 BucketsWordPress Skimmers Evade Detection by Injecting Themselves into Database TablesMicrosoft: macOS Bug Lets Hackers Install Malicious Kernel DriversMicrosoft 365 MFA Outage Fixed
1/10-12/2025 January 13, 2025January 13, 2025 ~ The Cyber Beat ~ Leave a comment As China Hacking Threat Builds, Biden to Order Tougher Cybersecurity StandardsSilk Typhoon Treasury Hackers Also Breached Us Foreign Investments Review OfficeChinese Cyber-Spies Peek Over Shoulder of Officials Probing Real-Estate Deals Near American Military BasesPhishing Texts Trick Apple iMessage Users Into Disabling ProtectionSecret Phone Surveillance Tech Was Likely Deployed at 2024 DNCMicrosoft Sues Hacking Group Exploiting Azure AI for Harmful Content CreationPastor Who Saw Crypto Project in His “Dream” Indicted for FraudNew York Sues to Recover $2 Million in Crypto Stolen in Remote Job ScamsDoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime LaunderingNSO Ruling Is a Victory for WhatsApp, but Could Have a Small Impact on Spyware IndustrySlovakia Hit by Historic Cyber-Attack on Land RegistrySTIIIZY Data Breach Exposes Cannabis Buyers’ IDs and PurchasesTelefónica Confirms Internal Ticketing System Breach After Data LeakThe North Los Angeles County Regional Center Files Notice of Data Breach Following Apparent Ransomware AttackLaramie County (WY) Library System Hit by CyberattackAI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion TacticsFake PoC Exploit Targets Security Researchers with InfostealerNew Web3 Attack Exploits Transaction Simulations to Steal CryptoGoogle Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung DevicesDocker Desktop Blocked on Macs Due to False Malware AlertScammers File First — Get Your IRS Identity Protection PIN Now
1/9/2025 January 10, 2025January 10, 2025 ~ The Cyber Beat ~ Leave a comment Japan Faces Prolonged Cyber-Attacks Linked to China’s MirrorFaceIvanti Zero-Day Attacks Infected Devices With Custom Chinese MalwareU.S. Treasury Hack Linked to Silk Typhoon Chinese State HackersHow the U.S. TikTok Ban Would Actually WorkGoogle Messages Takes a Step Towards Secure Messaging Across Apps and Platforms (APK Teardown)Apple Says Siri Isn’t Sending Your Conversations to AdvertisersEU Commission Liable for Breaching EU’s Own Data Protection RulesNew AI Challenges Will Test CISOs & Their Teams in 2025Hackers Claim Massive Breach Gravy Analytics, the Parent Company of Location Data Giant Venntel, Threaten to Leak DataHackers Claim to Breach Russian State Agency Rosreestr Managing Property, Land RecordsLargest U.S. Addiction Treatment Provider BayMark Health Services Notifies Patients of Data BreachPowerSchool Says Hackers Stole Students’ Sensitive Data, Including Social Security Numbers, in Data BreachSome Winston-Salem (NC) City Services Knocked Offline by CyberattackFake CrowdStrike Job Offer Emails Target Devs With Crypto MinersNew Banshee Stealer Variant Bypasses Antivirus with Apple’s XProtect-Inspired Encryption
1/8/2025 January 8, 2025January 8, 2025 ~ The Cyber Beat ~ Leave a comment Cyber Command Overhaul Gets Austin’s Approval, but Plan Faces Uncertain FuturePall Mall Process to Tackle Commercial Hacking Proliferation Raises More Concerns Than SolutionsRussian ISP Confirms Ukrainian Hackers “Destroyed” Its NetworkTikTok’s Fate Divides Trump and Fellow Republicans as Supreme Court Action LoomsNeglected Domains Used in Malspam to Evade SPF and DMARC Security ProtectionsFake Government Officials Use Remote Access Tools for Card FraudScammers Exploit Microsoft 365 to Target PayPal UsersKrebs: A Day in the Life of a Prolific Voice Phishing CrewPowerSchool Hack Exposes Student, Teacher Data From K-12 DistrictsMedical Billing Firm Medusind Discloses Breach Affecting 360,000 PeoplePediatric Home Service (MN) Files Official Notice of Data BreachResearchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion TechniquesHackers Exploit KerioControl Firewall Flaw to Steal Admin CSRF TokensUnpatched Critical Flaws Impact Fancy Product Designer WordPress PluginIvanti Warns of New Connect Secure Flaw Used in Zero-Day AttacksSonicWall Urges Admins to Patch Exploitable SSLVPN Bug Immediately
1/7/2025 January 7, 2025January 7, 2025 ~ The Cyber Beat ~ Leave a comment ‘We Have to Prioritize Cybersecurity’ Within Federal Budgets, Outgoing Cyber Czar SaysCybercriminals Don’t Care About National Cyber PolicyPhishing Click Rates Triple in 2024Finland Finds Russian ‘Spy’ Ship Anchor as Subsea Cable Company Demands Ship’s Seizure for CompensationFormer NSA Cyber Chief Joins Venture Firm DataTribeU.S. Adds Web and Gaming Giant Tencent to List of Chinese Military CompaniesU.S. Cyber Trust Mark Launches as the Energy Star of Smart Home SecurityLicense Plate Readers Are Leaking Real-Time Video Feeds and Vehicle DataTelegram Hands Over Data on Thousands of Users to U.S. Law EnforcementUK Government to Ban Creation of Explicit DeepfakesWashington State Sues T-Mobile Over 2021 Data Breach Security FailuresMeta Ends Fact-Checking on Facebook, Instagram in Free-Speech PitchTurbulence at UN Aviation Agency as Probe Into Potential Data Theft BeginsPittsburgh Regional Transit Employees’, Applicants’ Personal Information Stolen During Ransomware AttackGreen Bay Packers’ Online Store Hacked to Steal Credit CardsCasio Says Data of 8,500 People Exposed in October Ransomware AttackWalker County Schools (GA) Alerting Parents, Educators of Student Information System Data BreachDragonfly Health (AZ) Files Notice of Data Breach with Federal RegulatorsHyperice (CA) Sends Data Breach Letters Following June 2024 CyberattackTeton Orthopaedics (WY) Sends Out Data Breach Letters Following Ransomware AttackNew Mirai Botnet Targets Industrial Routers With Zero-Day ExploitsCISA Warns of Critical Oracle, Mitel Flaws Exploited in AttacksResearchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers
1/6/2025 January 6, 2025January 6, 2025 ~ The Cyber Beat ~ Leave a comment U.S. Cyber Watchdog Says No Indication Breach at Treasury Hit Other Federal AgenciesChinese Hackers Double Cyber-Attacks on TaiwanEagerbee Backdoor Deployed Against Middle Eastern Gov’t Orgs, ISPsRussia Blames Telecom Network Accident for Widespread Internet OutageIndia Proposes Digital Data Rules with Tough Penalties and Cybersecurity RequirementsIoT’s Regulatory Reckoning Is OverduePig Butchering (Romance Baiting) Victim Sues Banks for Allowing Scammers to Open AccountsHackers Reportedly Compromise Argentina’s Airport Security Payroll SystemSchool Districts in Maine, Tennessee Respond to Holiday CyberattacksPacific Pulmonary Medical Group (CA) October 2024 Announces Data BreachNew Infostealer Campaign Uses Discord Videogame LureCybercriminals Target Ethereum Developers with Fake Hardhat npm PackagesNew PhishWP Plugin Enables Sophisticated Payment Page ScamsVulnerable Moxa Devices Expose Industrial Networks to AttacksMediaTek Rings in the New Year With a Parade of Chipset Vulns
1/3-5/2025 January 5, 2025January 5, 2025 ~ The Cyber Beat ~ Leave a comment How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military WeaponsU.S. Sanctions Chinese Cybersecurity Firm for Global Botnet AttacksCyber Investors Expect More Mergers in 2025Cybersecurity Firm Tenable’s CEO Amit Yoran Dies After Battle With CancerCrypto Boss Extradited to Face $40bn Fraud ChargesCryptocurrency Wallet Drainers Stole $494 Million in 2024Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy ViolationsWindows 10 Users Urged to Upgrade to Avoid “Security Fiasco”Russia Orders Yandex to Scrub Maps and Images of Strategic Oil RefineryAtos Group Denies Space Bears’ Ransomware Attack ClaimsLexington Diagnostic Center (KY) Announces Recent Data Breach Involving Sensitive Patient InformationTycon Medical Systems (VA) Sends Data Breach Letters Following Cybersecurity IncidentNew FireScam Android Data-Theft Malware Poses as Telegram Premium AppPLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN AppsBad Tenable Plugin Updates Take down Nessus Agents WorldwideLDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain ControllersResearchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
1/2/2025 January 2, 2025January 2, 2025 ~ The Cyber Beat ~ Leave a comment Treasury’s Sanctions Office Hacked by Chinese Government, Officials Say…‘Office of Foreign Assets Control’‘No Definitive Link’ Found Between New Orleans Attack and Las Vegas Cybertruck Explosion, FBI SaysGlobal Campaign Targets PlugX Malware with Innovative PortalTighter Regulations Proposed for Foreign IT in Drones Used in U.S.Apple Offers to Settle ‘Snooping Siri’ Lawsuit for an Utterly Incredible $95MCrypto Hacks, Scam Losses Reach $29M in December, Lowest in 2024Japan’s Largest Mobile Carrier Says Cyberattack Disrupted Some ServicesHackers Leak Rhode Island Citizens’ Data on Dark WebCrown Mortgage Company (IL) Sends Data Breach Letters Following Recent Cybersecurity IncidentOver 3 Million Mail Servers Without Encryption Exposed to Sniffing AttacksMalicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RATSevere Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API
12/31/2024-1/1/2025 January 1, 2025January 1, 2025 ~ The Cyber Beat ~ Leave a comment What to Know about String of U.S. Hacks Blamed on ChinaU.S. Sanctions Russian & Iranian Groups Over AI-Generated Election DisinformationFinland Identifies Seven Suspects Among Crew of Alleged Russian ‘Spy’ TankerKrebs: U.S. Army Soldier Arrested in AT&T, Verizon ExtortionsHey, Maybe It’s Time to Delete Some Old Chat HistoriesOver 3.1 Million Fake “Stars” on GitHub Projects Used to Boost RankingsIndiana University Health Announces Data Breach Following Compromised Email AccountNew “DoubleClickjacking” Exploit Bypasses Clickjacking Protections on Major WebsitesMisconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to ExploitationNew Details Reveal How Hackers Hijacked 35 Google Chrome ExtensionsThe Biggest Cybersecurity and Cyberattack Stories of 2024These Were the Badly Handled Data Breaches of 2024
12/30/2024 December 30, 2024December 30, 2024 ~ The Cyber Beat ~ Leave a comment China Hacked Treasury Dept. in ‘Major’ Breach, U.S. SaysAT&T and Verizon Say Networks Secure After Salt Typhoon BreachFinland Seizes Suspected Russian Spy Ship and Questions Crew Following Cable BreaksGermany Charges Three Suspected Russian Spies Accused of Surveilling Military SitesTelegram Blocks Russian State Media Channels in Several EU CountriesItalian Websites Subjected to Pro-Russian DDoS Attack Campaign…U.S. Treasury Says Chinese Hackers Stole Documents in ‘Major Incident’…U.S. Treasury Department Breached Through Remote Support PlatformAtos Says Space Bears Ransomware Group Claims It Compromised a DatabaseIn-Home Attendant Services (TX) Files Official Notice of Data BreachRansomware Is 35 Years Old and Now a Billion-Dollar Problem. Here’s How It Could EvolveHappy 15th Anniversary, KrebsOnSecurity!
12/27-29/2024 December 29, 2024December 29, 2024 ~ The Cyber Beat ~ Leave a comment White House: Salt Typhoon Hacks Possible Because Telecoms Lacked Basic Security Measures…U.S. Adds 9th Telcom to List of Companies Hacked by Chinese-Backed Salt Typhoon CyberespionageThe U.S. Proposes Rules to Make Healthcare Data More SecureBiden Administration Finalizes Rule to Block Sale of Americans’ Bulk Data to AdversariesThe Paper Passport Is DyingCISA’s 2024 Review Highlights Major Efforts in Cybersecurity Industry CollaborationRecord-Breaking Ransoms and Breaches: A Timeline of Ransomware in 2024How Cops Taking Down LockBit, ALPHV Led to RansomHub’s Meteoric RiseIt’s Only a Matter of Time Before LLMs Jump Start Supply-Chain AttacksHackers Steal ZAGG Customers’ Credit Cards in Third-Party BreachCustomer Data From 800,000 Electric Cars and Owners Exposed OnlineBlue Yonder Says November Ransomware Attack Not Connected to Cleo VulnerabilityHackers Hijacked Legitimate Chrome Extensions to Try to Steal DataCloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in RussiaFICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks15,000+ Four-Faith Routers Exposed to New Exploit Due to Default CredentialsPalo Alto Releases Patch for PAN-OS DoS Flaw — Update ImmediatelyToo Much ‘Trust,’ Not Enough ‘Verify’
12/26/2024 December 26, 2024December 26, 2024 ~ The Cyber Beat ~ Leave a comment Cyberattack on Ukraine’s State Registers Disrupts Marriage Registration, Real Estate DealsA Weird Windows 11 Bug Won’t Let Some People Install Any Security UpdatesThe Worst Hacks of 2024Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 AccountsUN General Assembly Approves Cybercrime Treaty Despite Industry BacklashJapan Airlines Systems Back to Normal After Cyberattack Delayed FlightNearly Half a Million People Had Data Stolen After Cyberattack on American Addiction CentersNew ‘OtterCookie’ Malware Used to Backdoor Devs in Fake Job OffersInfostealers Dominate as Lumma Stealer Detections Soar by Almost 400%Apache Warns of Critical Flaws in MINA, HugeGraph, Traffic Control
12/24-25/2024 December 25, 2024December 25, 2024 ~ The Cyber Beat ~ Leave a comment U.S. and Japan Blame North Korea for $308m DMM Bitcoin Crypto HeistIran’s Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao MalwareEuropean Space Agency’s Official Store Hacked to Steal Payment CardsAmerican Airlines Resumes Flights After Brief Grounding Ahead of Busy Christmas TravelFormer NSA Cyberspy’s Not-So-Secret Hobby: Hacking Christmas LightsYou Need to Create a Secret Password With Your FamilyMajor Biometric Data Farming Operation UncoveredInside Operation Destabilise: How a Ransomware Investigation Linked Russian Money Laundering and Street-Level Drug DealingRuijie Networks’ Cloud Platform Flaws Could Expose 50,000 Devices to Remote AttacksPittsburgh Regional Transit Attributes Recent Service Disruptions to Ransomware AttackColonial Surety Company (NJ) Announces Data Breach Stemming from May Cybersecurity IncidentClop Ransomware Is Now Extorting 66 Cleo Data-Theft VictimsHow Androxgh0st Rose From Mozi’s Ashes to Become ‘Most Prevalent Malware’New Botnet Exploits Vulnerabilities in NVRs, TP-Link RoutersCISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active ExploitationCritical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now
12/23/2024 December 23, 2024December 23, 2024 ~ The Cyber Beat ~ Leave a comment Inside The Invisible Russia-Ukraine BattlefieldFrance Extends Olympics Security Measures to Christmas MarketInterpol Identifies Over 140 Human Traffickers in New Innovative InitiativeAI Could Generate 10,000 Malware Variants, Evading Detection in 88% of CaseMFA: Shun This Basic Cybersecurity Tactic and Become a Target for HackersFTC Orders Marriott and Starwood to Implement Strict Data SecurityClassified Fighter Jet Specs Leaked on War Thunder – AgainAlta Resources Corporation (WI) Provides Notice of Data Breach Affecting Over 37k PeopleCritical Vulns Found in WordPress Plugins WPLMS and VibeBPAdobe Warns of Critical ColdFusion Bug with PoC Exploit CodeApache Fixes Remote Code Execution Bypass in Tomcat Web ServerNon-Human Identities Gain Momentum, Requires Both Management & Security
12/20-22/2024 December 22, 2024December 22, 2024 ~ The Cyber Beat ~ Leave a comment FAA Banning Drone Flights Over New Jersey, New York SitesUkraine’s State Registers Hit with One of Russia’s Largest Cyberattacks, Officials SayRussia Security Threat Is Far Reaching, Italy’s Prime Minister WarnsLazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware…North Korean Hackers Stole $1.3 Billion Worth of Crypto This YearItaly’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT ProbePegasus Spyware Maker NSO Group Is Liable for Attacks on 1,400 WhatsApp UsersRansomware Attackers Target Industries with Low Downtime ToleranceU.S. Unseals Complaint Against Russian-Israeli Accused of Working for LockBitRomanian Netwalker Ransomware Affiliate Sentenced to 20 Years in PrisonMassive Live Sports Piracy Ring With 812 Million Yearly Visits Taken OfflineThree of the Biggest U.S. Banks Are Facing a Lawsuit for ‘Widespread Fraud’ on Zelle: Bank of America, JPMorgan Chase, and Wells FargoWhat Google’s Quantum Computing Breakthrough Willow Means for the Future of Bitcoin and Other CryptosAscension: Health Data of 5.6 Million Stolen in Ransomware AttackDuke Energy Reports Data Breach Potentially Impacting Over 8 Million CustomersPS Logistics Announces Data Breach Stemming from February 2024 CyberattackSRP Federal Credit Union (SC) Data Breach—240,000 Members Exposed in Attacked Claimed by Nitrogen Ransomware GroupWood County (OH) Agencies Continue Investigating Ransomware AttackKrispy Kreme Breach, Data Theft Claimed by Play Ransomware GangLockBit Admins Tease a New Ransomware Version: LockBit 4.0New FlowerStorm Microsoft Phishing Service Fills Void Left by Rockstar2FARspack npm Packages Compromised with Crypto Mining Malware in Supply Chain AttackHackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access ToolsSophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent ExploitationHow Not To Become A Botnet Victim: A Practical Guide For EveryoneInfosec Experts Divided on Ai’s Potential to Assist Red Teams
12/19/2024 December 19, 2024December 19, 2024 ~ The Cyber Beat ~ Leave a comment UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ AppKrebs: Web Hacking Service ‘Araneida’ Tied to Turkish IT FirmThis VPN Lets Anyone Use Your Internet Connection. What Could Go Wrong?Lumen Technologies Launches Sale of Consumer Fiber UnitU.S. Organizations Still Using Kaspersky Products Despite BanFour Smart Questions for Boards Overseeing CybersecurityU.S. Seeks Extradition of Alleged LockBit Ransomware Developer From IsraelBugs in a Major McDonald’s India Delivery System Exposed Sensitive Customer DataNew Malware Can Kill Engineering Processes in ICS EnvironmentsBadBox Malware Botnet Infects 192,000 Android Devices Despite DisruptionThousands Download Malicious npm Libraries Impersonating Legitimate ToolsJuniper Warns of Mirai Botnet Targeting SSR Devices with Default PasswordsFortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits
12/18/2024 December 18, 2024December 18, 2024 ~ The Cyber Beat ~ Leave a comment U.S. Targets TP-Link With a Potential Ban on the Chinese RoutersU.S. Government Tells Officials, Politicians to Ditch Regular Calls and Texts…Chinese National Cyber Centre Says U.S. Hacks Stole Trade Secrets From Tech FirmsCongress Again Fails to Limit Scope of Spy Powers in New Defense BillKrebs: How to Lose a Crypto Fortune with Just One Bad ClickPhishing Attacks Double in 2024Nigeria Cracks Down on Cryptocurrency Investment Fraud and Romance ScamsRaccoon Stealer Malware Operator Gets 5 Years in Prison After Guilty PleaDutch Regulator Fines Netflix $5 Million for Data Privacy ViolationsQuantum AI Startup SandboxAQ Valued at $5.3 Bln After $300 Mln FundraisingAPT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP‘Bitter’ Cyberspies Target Defense Orgs With New MiyaRAT MalwareHubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential TheftBrighton Jones Files Official Notice of Data Breach Following Email Phishing AttackNew Fake Ledger Data Breach Emails Try to Steal Crypto WalletsA Lightweight App Comes With Some Heavy Consequences, Researchers SayNew Attacks Exploit VSCode Extensions and npm PackagesBeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS ProductsMicrosoft Won’t Let Customers Opt out of Passkey PushRecorded Future CEO Applauds “Undesirable” Designation by Russia
12/17/2024 December 17, 2024December 17, 2024 ~ The Cyber Beat ~ Leave a comment Intel Officials Warned Police That U.S. Cities Aren’t Ready for Hostile DronesU.S. Unveils New National Cyber Incident Response PlanSophisticated TA397 Malware Targets Turkish Defense SectorThe Mask APT Resurfaces with Sophisticated Multi-Platform Malware ArsenalStop Calling Online Scams ‘Pig Butchering,’ Interpol WarnsDrug Dealers Have Moved on to Social MediaFacebook Owner Meta Hit with 251 Million Euros in Fines for 2018 Data BreachCoder Wrote a Bug So Bad Security Guards Wanted a Word When He Arrived at WorkPositive Behavior Supports Corporation Reports Data Breach Affecting Sensitive Client InformationHackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan AttacksHackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security DetectionAttackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate MalwareCybercriminals Exploit Google Calendar to Spread Malicious LinksOver 25,000 SonicWall VPN Firewalls Exposed to Critical FlawsCritical Security Hole in Apache Struts Under ExploitCISA Orders Federal Agencies to Secure Microsoft 365 Tenants
12/16/2024 December 17, 2024December 17, 2024 ~ The Cyber Beat ~ Leave a comment Trump Administration Wants to Go on Cyber Offensive Against ChinaFederal Money Is Helping States Overhaul Cybersecurity. What Happens if It Dries Up?Russia Recruits Ukrainian Kids for Sabotage and ReconnaissanceSerbian Authorities Are Reportedly Hacking and Installing Spyware on Activists’ Phones: NoviSpyYouTube Creators Targeted in Global Phishing CampaignNew Investment Scam Leverages AI, Social Media Ads to Target Victims WorldwideThe Education Industry: Why Its Data Must Be ProtectedHackers Can Jailbreak Digital License Plates to Make Others Pay Their Tolls and TicketsIsraeli Spyware Firm Paragon Acquired by U.S. Investment GroupBlackBerry Offloads Cylance for a Fraction of What It Paid in 2019Kali Linux 2024.4 Released With 14 New Tools, Deprecates Some FeaturesTexas Tech University System Data Breach Impacts 1.4 Million PatientsConnectOnCall Breach Exposes Health Data of Over 910,000 PatientsHackers Orchestrate Cyberattack Against PIH Health, Claiming Massive Data BreachRhode Island Confirms Data Breach After Brain Cipher Ransomware AttackCicada3301 Ransomware Claims Attack on French Peugeot DealershipNamibia’s State Telecom Provider Says Hackers Leaked Data After It Refused to Pay RansomFBI Spots HiatusRAT Malware Attacks Targeting Web Cameras, DVRsDeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA PagesNew Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHPWindows Kernel Bug Now Exploited in Attacks to Gain SYSTEM Privileges
12/13-15/2024 December 16, 2024December 16, 2024 ~ The Cyber Beat ~ Leave a comment Winnti Hackers Target Other Threat Actors With New Glutton PHP BackdoorThai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading TechniquesUkraine Uncovers Russian Spy Network Recruiting Teens for Espionage“Hazardous Drone Operation” Leads to Two Arrests in BostonGame-Like ‘Task Scams’ Stole More Than $220 Million in Six MonthsThe Simple Math Behind Public Key CryptographyMajor Cloud Providers Could Get Key Role in AI Chip Access Outside the U.S., Sources SayPeak Design Denies Snitching on Luigi MangioneUnitedHealth’s Optum Left an AI Chatbot, Used by Employees to Ask Questions About Claims, Exposed to the InternetUK Shoppers Frustrated as Bots Snap Up Popular Christmas GiftsGermany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole ActionRussia Blocks Viber in Latest Attempt to Censor CommunicationsRhode Island’s Online Benefits System Shuts Down After CyberattackSRP Federal Credit Union (SC) Says 240,000 Impacted by Recent CyberattackAuto Parts Giant LKQ Says Cyberattack Disrupted Canadian Business UnitJapanese Game and Anime Publisher Kadokawa Reportedly Pays $3 Million Ransom to Russia-Linked HackersYoung Life Announces Data Breach Affecting Employees and Volunteers390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC ExploitsCISA Confirms Critical Cleo Bug Exploitation in Ransomware Attacks…Clop Ransomware Claims Responsibility for Cleo Data Theft AttacksAkira and RansomHub Surge as Ransomware Claims Reach All-Time HighCitrix Shares Mitigations for Ongoing Netscaler Password Spray AttacksCISA Warns Water Facilities to Secure HMI Systems Exposed Online
12/12/2024 December 13, 2024December 16, 2024 ~ The Cyber Beat ~ Leave a comment Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet StatesNorth Korea’s Fake IT Worker Scam Hauled in at Least $88 Million Over Six Years…U.S. Offers $5 Million for Info on North Korean IT Worker FarmsTelecoms Haven’t Notified Most Victims of Chinese Phone Data Hacking Campaign, Sources SayGoogle Says Its Breakthrough Quantum Chip Can’t Break Modern CryptographyPolice Refer Westminster ‘Honeytrap’ to ProsecutorsSpain Busts Voice Phishing Ring for Defrauding 10,000 Bank CustomersPolice Shuts Down Rydox Cybercrime Market, Arrests 3 AdminsInsurance Worker Sentenced After Illegally Accessing Claimants’ DataBitcoin ATM Firm Byte Federal Hacked via GitLab Flaw, 58K Users ExposedOver 300K Prometheus Instances Exposed: Credentials and API Keys Leaking OnlineRemcos RAT Malware Evolves with New TechniquesNew Stealthy Pumakit Linux Rootkit Malware Spotted in the WildNew IOCONTROL Malware Used in Critical Infrastructure AttacksResearchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOSWordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable PluginsSecurity Flaws in WordPress Woffice Theme Prompts Urgent UpdateCleo Patches Critical Zero-Day Exploited in Data Theft Attacks
12/11/2024 December 11, 2024December 11, 2024 ~ The Cyber Beat ~ Leave a comment Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast AsiaChinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017Secret Blizzard Targets Ukrainian Military with Custom Malware Kazuar BackdoorThe ‘Ghost Gun’ Linked to Luigi Mangione Shows Just How Far 3D-Printed Weapons Have ComeSnowflake Pledges to Make MFA MandatoryKrebs: How Cryptocurrency Turns to Cash in Russian BanksU.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos FirewallsSouth Korea Takes Down Fraudulent Online Trading Network Used to Extort $6.3MOperation PowerOFF Takes Down DDoS BoostersKrispy Kreme Security Hole Leads to Cyberattack, Frosting OrdersLynx Ransomware Behind Electrica Energy Supplier CyberattackSabre (TX) Sends Data Breach Letter to Employees Announcing Leaked SSNs and MoreSophisticated Scam Targets UAE Residents with Fake Police FinesZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 CommsNew Malware Technique Could Exploit Windows UI Framework to Evade EDR ToolsMicrosoft Azure MFA Flaw Allowed Easy Access BypassMicrosoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without AlertsKrebs: Patch Tuesday, December 2024 Edition
12/10/2024 December 10, 2024December 10, 2024 ~ The Cyber Beat ~ Leave a comment Wyden Proposes Bill to Secure U.S. Telecoms After Salt Typhoon HacksU.S. Sanctions Chinese Firm Sichuan Silence Information Technology Company Over Potentially Deadly Ransomware AttackNvidia Probed in China Over Possible Antimonopoly ViolationsChinese Hackers Use Visual Studio Code Tunnels for Remote AccessPoker Cheaters Allegedly Use Tiny Hidden Cameras to Spot Dealt CardsNew Jersey Mayors Pen Letter Demanding Action on Mysterious Drone SightingsAI Safety Is Hard to Steer With Science in Flux, U.S. Official SaysAvast Antivirus Owner Gen Digital Acquires MoneyLion in $1 Bln DealFTC Distributes $72 Million in Fortnite Refunds From Epic GamesNext Congress Likely to Tussle Over Cyber OversightNemesis and ShinyHunters Hackers Exploit AWS Misconfigurations in Massive Data BreachHighgate Hotels Sends Out Data Breach Letters Following CyberattackFake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing ScamNew AppLite Malware Targets Banking Apps in Phishing CampaignCleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation UrgedBadRAM: $10 Security Flaw in Amd Could Allow Hackers to Access Cloud Computing SecretsWPForms Bug Allows Stripe Refunds on Millions of WordPress SitesIvanti Warns of Maximum Severity CSA Auth Bypass VulnerabilityMicrosoft December 2024 Patch Tuesday Fixes 1 Exploited Zero-Day, 71 Flaws
12/9/2024 December 10, 2024December 10, 2024 ~ The Cyber Beat ~ Leave a comment China’s Salt Typhoon Recorded Top American Officials’ Calls, Says White House…U.S. Agencies to Brief House on Chinese Salt Typhoon Telecom HackingPhishing Scam Targets Ukrainian Defense CompaniesRadiant Links $50 Million Crypto Heist to North Korean HackersPolice Arrest UHC CEO Shooting Suspect, App Developer Luigi MangioneCybercrime Gang Arrested After Turning Airbnbs Into Fraud CentersFederal Appeals Court Upholds Law Threatening U.S. TikTok BanProposal for Cyber Force Study Is Watered down in Final Defense Bill…The Case For and Against Creating a Military Cyber ForceRussia Disrupts Internet Access in Multiple Regions to Test ‘Sovereign Internet’Romanian Energy Supplier Electrica Hit by Ransomware AttackU.S. Subsidiaries of Japanese Water Treatment Company, Green Tea Maker Kurita Water Industries Hit with RansomwareRansomware Attack Hits Leading Heart Surgery Device Maker ArtivionAmergis Healthcare Staffing (MD) Reports Data Breach Stemming from Compromised Email AccountsBlack Basta Ransomware Evolves with Email Bombing, QR Codes, and Social EngineeringSocks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked DevicesOpenWrt Sysupgrade Flaw Let Hackers Push Malicious Firmware ImagesResearchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AILarge-Scale Incidents & the Art of Vulnerability Prioritization
12/6-8/2024 December 9, 2024December 9, 2024 ~ The Cyber Beat ~ Leave a comment FCC Chair Proposes Cybersecurity Rules in Response to China’s Salt Typhoon Telecom HackHow Chinese Insiders Are Stealing Data Scooped up by President XI’s National Surveillance SystemRomania Exposes TikTok Propaganda Campaign Supporting Pro-Russian Candidate…Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTokUK Cybersecurity Agency Unconcerned About Changes to Cisa Under TrumpHackers Using Fake Video Conferencing Apps to Steal Web3 Professionals’ DataQR Codes Bypass Browser Isolation for Malicious C2 CommunicationThe Weight-Loss Drug Boom Has Become One of the Internet’s Biggest ScamsWhy SOC Roles Need to Evolve to Attract a New GenerationPirated Corporate Software Infects Russian Businesses With Info-Stealing MalwareDeloitte Denies Breach, Claims Cyber-Attack Targeted Single ClientAnna Jaques Hospital (MA) Ransomware Breach Exposed Data of 300K PatientsBlue Yonder SaaS Giant Breached by Termite Ransomware GangCardano Foundation X Account Hacked, Scam Links Posted, Then RemovedUltralytics AI Model Hijacked to Infect Thousands With CryptominerMore_eggs MaaS Expands Operations with RevC2 Backdoor and Venom LoaderResearchers Uncover Flaws in Popular Open-Source Machine Learning FrameworksNew Windows Zero-Day Exposes NTLM Credentials, Gets Unofficial Patch
12/5/2024 December 6, 2024December 6, 2024 ~ The Cyber Beat ~ Leave a comment U.S. Phone Companies Could Face Fines for Weak Security Under a Proposed New RuleResearchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese HackersHackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus BackdoorNew Android Spyware Found on Phone Seized by Russian FSBU.S. Arrests Scattered Spider Suspect Linked to Telecom HacksNebraska Man Pleads Guilty to Dumb Cryptojacking OperationEuropol Shuts Down Manson Market Fraud Marketplace, Seizes 50 ServersTexas Accuses Four Companies of Sharing Sensitive User Data Without Proper Notice and ConsentShe Escaped an Abusive Marriage—Now She Helps Women Battle Cyber HarassmentRomania’s Election Systems Targeted in Over 85,000 CyberattacksRansomware Hackers Target NHS Hospitals With New CyberattacksMajor USAID Contractor Chemonics Says 263,000 Affected by 2023 Data BreachHoboken Government Recovering From Ransomware Attack as Conti-Linked Gang Takes CreditPointClickCare Data Breach Affects Residents of Multiple Long-Term Care FacilitiesANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against JapanPro-Russian Hacktivist Group ‘Noname’ Claims 6600 Attacks Targeting EuropeMitel MiCollab Zero-Day Flaw Gets Proof-of-Concept ExploitVulnerability Management Challenges in IoT & OT Environments
12/4/2024 December 5, 2024December 5, 2024 ~ The Cyber Beat ~ Leave a comment U.S. Officials Recommend Encrypted Messaging to Evade Hackers in Telecom Networks‘Large Number’ of Americans’ Metadata Stolen by Chinese Hackers, Senior Official SaysSenators Warn the Pentagon: Get a Handle on China’s Telecom HackingWhite House: Salt Typhoon Hacked Telcos in Dozens of CountriesTrump’s FBI Pick Kash Patel Targeted in Iranian CyberattackA New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus InfectionsShe Was a Russian Socialite and Influencer. Cops Say She’s a Crypto Laundering KingpinUK Disrupts Russian Money Laundering Networks Used by RansomwareKrebs: U.S. Offered $10M for Hacker ‘Wazawaka’ Just Arrested by RussiaRansomware Costs Manufacturing Sector $17bn in DowntimeRussia-Linked Turla Exploits Pakistani Hackers’ Servers to Target Afghan and Indian EntitiesBT Unit Took Servers Offline After Black Basta Ransomware BreachLiverpool Children’s Hospital Confirms Cyber-AttackWirral Hospital Recovery Continues One Week After Cyber IncidentESHA (NJ) Notifies Over 76k People of Recent Data BreachNew DroidBot Android Malware Targets 77 Banking, Crypto AppsResearchers Uncover Backdoor in Solana’s Popular Web3.js npm LibraryJapan Warns of IO-Data Zero-Day Router Flaws Exploited in AttacksCritical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized AccessNavigating the Changing Landscape of Cybersecurity RegulationsFBI Shares Tips on How to Tackle AI-Powered Fraud Schemes
12/3/2024 December 3, 2024December 3, 2024 ~ The Cyber Beat ~ Leave a comment U.S. Official Fighting Chinese Telecom Intrusions Urges More Encryption…U.S. Shares Tips to Block Hackers Behind Recent Telecom BreachesFrench Mobile Operators Join Forces to Tackle Rising FraudFinland Says Latest Fiber-Optic Cable Break Was an Accident, Not SabotageKimsuky Group Adopts New Phishing Tactics to Target VictimsKrebs: Why Phishers Love New TLDs Like .shop, .top and .xyzPolice Shut Down Matrix Encrypted Criminal HubPolice Seizes Largest German Online Crime Marketplace ‘Crimenetwork’ & Arrests AdminData Brokers May Be Banned From Selling Your Social Security NumberTwo Data Brokers Banned From Selling ‘Sensitive’ Location Data by the FTCCyberattack and Financial Troubles Force Stoli’s U.S. Arm to File for BankruptcyData on 760K Workers From Xerox, Nokia, BofA, Morgan Stanley and More Dumped OnlineRansomware Attack Disrupts Operations at U.S. Contractor ENGlobalIndian Online ID Verification Firm Signzy Confirms Security IncidentArthur Center Community Health (MO) Files Notice of Data Breach with Federal GovernmentHorns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript PayloadsCloudflare’s Developer Domains Increasingly Abused by Threat ActorsNachoVPN Tool Exploits Flaws in Popular VPN Clients for System CompromiseExploit Released for Critical WhatsUp Gold RCE Flaw, Patch NowVeeam Warns of Critical RCE Bug in Service Provider ConsoleCisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability
12/2/2024 December 3, 2024December 3, 2024 ~ The Cyber Beat ~ Leave a comment France Accuses Azerbaijan of Online Manipulation CampaignsGerman Intelligence Launches Task Force to Combat Foreign Election InterferenceChinese Lidar Sensors Pose Hacking Risk to U.S. Defense Equipment, Report SaysThe Pressure Is on for Big Tech to Regulate the Broken Digital Advertising IndustryMalicious Ads in Search Results Are Driving New Generations of ScamsINTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 MillionKorea Arrests CEO for Adding DDoS Feature to Satellite ReceiversRussia Sentences Hydra Dark Web Market Leader to Life in PrisonSEC Settles With an Industrial and Commercial Bank of China Unit Over Ransomware Attack, Imposes No FineAre You Being Tracked by an Airtag? Here’s How to CheckCosta Rica State Energy Company Calls in U.S. Experts to Help With Ransomware AttackRetail Outages Drag Into Second Week After Blue Yonder Ransomware Attack$300M Bitcoin Hack Forces Japanese Crypto Exchange DMM Bitcoin to Cease OperationsClipper DEX Says Recent $450K Hack Wasn’t Caused by Private Key LeakCrypto.com Launches Massive $2m Bug Bounty ProgramZane Benefits (UT) Sends Data Breach Letters Confirming Leaked SSNsSmokeLoader Malware Campaign Targets Companies in TaiwanAWS Launches an Incident Response Service to Combat Cybersecurity ThreatsIncident Response Playbooks: Are You Prepared?Apple Patents System for Identifying People When Facial Scans Aren’t Enough
11/29-12/1/2024 December 1, 2024December 1, 2024 ~ The Cyber Beat ~ Leave a comment Cyber-Attacks Could Impact Romanian Presidential Race, Officials ClaimAI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. ElectionsUN, International Orgs Create Advisory Body for Submarine Cables After IncidentsIn the New Space Race, Hackers Are Hitching a Ride Into OrbitIn New Bitcoin Bull Market, It’s Time to Beware of the Same Old Crypto ScamsMet Police Apologises to Honeytrap Victims Over EmailUK Justice System Failing Cybercrime Victims, Cyber Helpline FindsWanted Russian Hacker ‘Wazawaka’ Linked to Hive and LockBit Ransomware ArrestedU.S. Citizen Florida Man Sentenced for Spying on Behalf of China’s Intelligence AgencyUganda Confirms Cyberattack on Central Bank but Minimizes Extent of BreachINC Ransom Claims Cyber-Attack on UK Children’s HospitalRansomHub Claims to Net Data Hat-Trick Against Bologna FCPhishing-as-a-Service “Rockstar 2FA” Targets Microsoft 365 Users with AiTM AttacksNovel Phising Campaign Uses Corrupted Word Documents to Evade SecuritySpyLoan Android Malware on Google Play Installed 8 Million TimesNew Windows Server 2012 Zero-Day Gets Free, Unofficial PatchesTor Needs 200 New Webtunnel Bridges to Fight CensorshipBulgarians Plead Guilty to Spying for Russia Using ‘Advanced Technology’
11/28/2024 November 28, 2024November 28, 2024 ~ The Cyber Beat ~ Leave a comment Undersea Cable Cuts in the Baltic Sea Are Stoking Geopolitical Tensions — Here’s What’s Going OnCloned Customer Voice Beats Bank Security ChecksThe Only Thing Worse Than Being Fired Is Scammers Fooling You Into Thinking You’re FiredTfL Faces Independent Investigation Over Cyber-Attack ResponseAlbanian Drug Smugglers Busted After Cops Decrypt CommsUK Hospital Network Postpones Procedures After CyberattackCrypto Exchange XT.com Suspends Withdrawals After Suspected $1.7M HackXMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto MinerCritical Vulnerabilities Discovered in Industrial Wireless Access PointHow Learning to Fly Made Me a Better Cybersecurity CEO
11/27/2024 November 28, 2024November 28, 2024 ~ The Cyber Beat ~ Leave a comment T-Mobile Says Salt Typhoon Cyber Attackers Had No Access to Customer Data…Salt Typhoon Chinese Hackers Breached T-Mobile’s Routers to Scope Out Network…Salt Typhoon’s Surge Extends Far Beyond U.S. TelcosBritish Government Demands Chinese-Owned Company Appoint a Security Chief With UK ClearancesKrebs: Hacker in Snowflake Extortions May Be a U.S. SoldierPolice Bust Pirate Streaming Service Making €250 Million per MonthAppeals Court Overturns Treasury Sanctions Against Crypto Mixer Tornado CashExxon Lobbyist Investigated Over Hack-And-Leak of Environmentalist Emails, Sources SayMicrosoft Is Being Investigated by the FTC Over Antitrust ConcernsFTC Changes Its Telemarketing Rules to Cover Growing ‘Tech Support Scam’ CallsAkamai Technologies: Bankruptcy Court Approves Bid for Edgio AssetsUK Nuclear Decommissioning Authority Opens Sellafield Cyber CenterBIC, Starbucks, Morrisons Continue Recovery After Blue Yonder Ransomware AttackHoboken (NJ) Hit with Ransomware Cyberattack, Officials SayData Broker SL Data Services Leaves 600K+ Sensitive Files Exposed OnlineCloudflare Says It Lost 55% of Logs Pushed to Customers for 3.5 HoursZello Asks Users to Reset Passwords After Security IncidentContemporary Information Corp (CA) Provides Notice of Data Breach Following Incident at BackChecked, LLCAttack Group APT-C-60 Targets Japan Using Trusted PlatformsHackers Abuse Popular Godot Game Engine to Infect Thousands of PCsNew Bootkit “Bootkitty” Targets Linux Systems via UEFIMatrix Botnet Exploits IoT Devices in Widespread DDoS Botnet CampaignCritical Flaw in ProjectSend Under Active Exploitation Against Public-Facing ServersMicrosoft Re-Releases Exchange Updates After Fixing Mail Delivery
11/26/2024 November 26, 2024November 26, 2024 ~ The Cyber Beat ~ Leave a comment Aggressive Chinese APT Group Earth Estries Targets Governments with New BackdoorsRussian RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks‘CyberVolk’ Hacktivists Use Ransomware in Support of Russian InterestsDarknet Services Fuel Holiday Scams and E-Commerce ExploitsEmergency Vehicle Lights Can Screw up a Car’s Automated Driving SystemMy Car Knows My Secrets, and I’m (Mostly) OK With ThatCrowdStrike Raises Annual Forecast on Steady Cybersecurity DemandOver 1,000 Arrested in Massive ‘Serengeti’ Anti-cybercrime OperationRansomHub Gang Says It Broke Into Networks of Texas City, Minneapolis AgencyNHS Trust Declares Major Incident for “Cybersecurity Reasons”Canadian Privacy Regulators Publish Details of Medical Testing Company LifeLabs Data BreachRadiologic Medical Services (IA) Announces Data Breach After Unauthorized Access to Employee Email AccountNew DDoS Campaign by ‘Matrix’ Exploits IoT Devices and Server MisconfigurationsNew NachoVPN Attack Uses Rogue VPN Servers to Install Malicious UpdatesCritical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote AttacksCISA Urges Agencies to Patch Critical “Array Networks” Flaw Amid Active Attacks
11/25/2024 November 26, 2024November 26, 2024 ~ The Cyber Beat ~ Leave a comment China Has Utterly Pwned ‘Thousands and Thousands’ of Devices at U.S. TelcosSalt Typhoon Hackers Backdoor Telcos With New GhostSpider MalwareFormer Verizon Employee Gets Four-Year Sentence for Sharing Cyber Secrets With Chinese GovernmentUK Minister Criticized Over ‘Hyperbolic’ Speech on Russia’s Cyber CapabilitiesAmerica’s Rivals Have a New Favorite Weapon: Criminal GangsDOJ: Man Hacked Networks to Pitch Cybersecurity ServicesCyberattacks Cost British Businesses $55 Billion in Past Five Years, Broker SaysNew York State Fines Geico and Travelers $11.3 Million for Data BreachesStarbucks, Others Faces Disruptions Following Ransomware Attack on Software Supplier Blue YonderSpring EQ (PA) Notifies Consumers of Data Breach Stemming from Compromised Employee Email AccountPyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys via Telegram BotBlackBasta Ransomware Brand Picks up Where Conti Left OffCybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New AttacksResearchers Uncover Malware Using BYOVD to Bypass Antivirus ProtectionsQNAP Addresses Critical Flaws Across NAS, Router SoftwareGoing Way Beyond Secure by Demand
11/22-24/2024 November 24, 2024November 24, 2024 ~ The Cyber Beat ~ Leave a comment Russia’s Ballistic Missile Attack on Ukraine Is an Alarming FirstRussia Ready to Wage Cyber War on UK, Minister to SayChinese Hackers Preparing for Conflict, U.S. Cyber Official SaysWhite House Officials Meet with Telecoms Execs on Suspected China HackMicrosoft President Asks Trump to “Push Harder” Against Russian HacksTrump Taps Border Hawk to Head DHS. Will Noem’s ‘Enthusiasm’ Extend to Digital Domain?The Pentagon’s Battle Inside the U.S. For Control of a New Cyber ForceThe U.S. Is Calling Out Foreign Influence Campaigns Faster Than EverGoogle Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News SitesThree-Quarters of Black Friday Spam Emails Identified as ScamsBangkok Busts SMS Blaster Sending 1 Million Scam Texts From a VanMeta Removes Over 2 Million Accounts Pushing Pig Butchering ScamsSupreme Court Tosses Facebook Appeal in Shareholder Lawsuit Arising From Cambridge Analytica Data BreachDeliveryHero Subsidiary Fined $5.2 Million for Tracking Drivers’ GeolocationAndrew Tate’s Site ‘Real World’ Ransacked, Subscriber Data StolenSoftware Company Blue Yonder Providing Services to U.S. and UK Grocery Stores Says It Was Hit by Ransomware AttackMembers Trust Company (FL) Data Breach Following Compromised Email Accounts Affects 11,854 ConsumersRussian Fancy Bear Hackers Breach U.S. Firm Over Wi-Fi From Russia in ‘Nearest Neighbor Attack’Russian Cyber Spies TAG-110 Target Organizations with HatVibe and CherrySpy MalwareChina-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage CampaignAPT-K-47 (aka Mysterious Elephant) Uses Hajj-Themed Lures to Deliver Advanced Asyncshell MalwareNorth Korean Hackers Sapphire Sleet Steal $10M with AI-Driven Scams and Malware on LinkedInPyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python LibrariesHackers Abuse Avast Anti-Rootkit Driver to Disable DefensesMicrosoft Rolls Out Recall to Windows Insiders With Copilot+ PCsMicrosoft Testing Windows 11 Support for Third-Party PasskeysSenators Call for Audit of TSA’s Facial Recognition Tech as Use Expands in Airports
11/21/2024 November 21, 2024November 21, 2024 ~ The Cyber Beat ~ Leave a comment Potential Trump Cyber Picks Coalesce — But Insiders Say There Could Be SurprisesChina’s Surveillance State Is Selling Citizen Data as a Side HustleChinese Ship Casts Shadow Over Baltic Subsea Cable SnipfestNorth Korean Front Companies Impersonate U.S. IT Firms to Fund Missile ProgramsThe AI Effect: Amazon Sees Nearly 1 Billion Cyber Threats a DayGoogle’s AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source ProjectsMicrosoft Disrupts ONNX Phishing-as-a-Service InfrastructureFortinet VPN Design Flaw Hides Successful Brute-Force AttacksA New ‘Ultra-Secure’ Phone Carrier Says It Can Make You Harder to TrackMeta Finally Breaks Its Silence on Pig ButcheringU.S. Seizes PopeyeTools Cybercrime Marketplace, Charges AdministratorsKrebs: Feds Charge Five Men in ‘Scattered Spider’ RoundupDozens of Central Asian Targets Hit in Recent Russia-Linked Cyber-Espionage CampaignCyberattack at French Hospital Exposes Health Data of 750,000 PatientsStop & Shop Races to Restock Shelves After ‘Cybersecurity Issue’Gambling and Lottery Giant International Game Technology Disrupted by Cyberattack, Working to Bring Systems Back OnlineOver 145,000 Industrial Control Systems Across 175 Countries Found Exposed OnlineNow BlueSky Hit with Crypto Scams as It Crosses 20 Million UsersRockford Gastroenterology Associates (IL) Notifies 147,253 of 2023 Data BreachLinux Malware WolfsBane and FireWood Linked to Gelsemium APTVietnam’s Infostealer Crackdown Reveals VietCredCare and DuckTailNodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card DataWarning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign
11/20/2024 November 21, 2024November 21, 2024 ~ The Cyber Beat ~ Leave a comment Chinese APT Group Targets Telecom Firms Linked to Belt and Road InitiativeInside the Booming ‘AI Pimping’ IndustryAmazon and Audible Flooded With ‘Forex Trading’ and Warez Listings60% of Emails with QR Codes Classified as Spam or MaliciousU.S. Charges Five in ‘Scattered Spider’ Hacking SchemeTwo Brothers Indicted for Operating Illegal Sports Streaming Service That Netted $7 MillionMITRE Shares 2024’s Top 25 Most Dangerous Software WeaknessesKrebs: Fintech Giant Finastra Investigating Data BreachNorfolk Sheriff’s Office (VA) Says They Were the ‘Victim of a Cybersecurity Event’Wexford County (MI) Computer Systems Returning After Cyberattack Forced ShutdownFBI Says BianLian Based in Russia, Moving From Ransomware Attacks to ExtortionGhost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile PaymentsFive Privilege Escalation Flaws Found in Ubuntu Needrestart
11/19/2024 November 20, 2024November 20, 2024 ~ The Cyber Beat ~ Leave a comment Data Privacy Experts Predict Some Wins Under Trump 2.0Hacker Is Said to Have Gained Access to File With Damaging Testimony About Matt GaetzRansomware Gangs on Recruitment Drive for Pen TestersLeaked Documents Show What Phones Secretive Tech ‘Graykey’ Can UnlockMicrosoft Shares More Details on Windows 11 Admin ProtectionMicrosoft Announces Its Own Black Hat-Like Hacking Event With Big Rewards for AI SecurityAuto Sector Scrambles to Retool Workforce for Electric and Automated FutureTSA Cyber Disclosure Requirements Worry Natural Gas CompaniesTSA Not Monitoring Transportation Sector Efforts to Stop Ransomware, Watchdog SaysD-Link Urges Users to Retire VPN Routers Impacted by Unfixed RCE FlawHealthcare Org Equinox Notifies 21K Patients and Staff of Data TheftAspen Healthcare Services (TX) Announces Data Breach Following Ransomware AttackAdventHealth (FL) Files Official Notice of Data BreachHackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports BroadcastsSpotify Abused to Promote Pirated Software and Game CheatsHelldown Ransomware Expands to Target VMware and Linux SystemsNgioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT DevicesCISA Tags Progress Kemp Loadmaster Flaw as Exploited in AttacksApple Fixes Two Zero-Days Used in Attacks on Intel-Based MacsOracle Warns of Agile PLM File Disclosure Flaw Exploited in Attacks
11/18/2024 November 19, 2024November 19, 2024 ~ The Cyber Beat ~ Leave a comment Sweden’s ‘Doomsday Prep for Dummies’ Guide Hits Mailboxes TodayNorth Korean IT Worker Network Tied to BeaverTail Phishing CampaignSurge in DocuSign Phishing Attacks Target U.S. State ContractorsMany U.S. Water Systems Exposed to ‘High-Risk’ Vulnerabilities, Watchdog FindsBipartisan Effort to Clean up Cyber Regulations Gets a Boost in House, but Calendar Is TightFake Donald Trump Assassination Story Used in Phishing ScamMicrosoft 365 Admin Portal Abused to Send Sextortion EmailsHeather ‘Razzlekhan’ Morgan Sentenced to 18 Months in Prison, Ending Bitfinex SagaU.S. Charges Phobos Ransomware Admin After South Korea ExtraditionCybersecurity At A Crossroads As Global Threats Hit Record HighsWhy the Demand for Cybersecurity Innovation Is SurgingBrave on iOS Adds New “Shred” Button to Wipe Site-Specific DataGmail’s New Shielded Email Feature Lets Users Create Aliases for Email PrivacyApple Still Blocking Access to News Apps and Podcasts at Moscow’s RequestU.S. Space Tech Giant Maxar Discloses Employee Data BreachBritish Software Company Microlise Confirms Hackers Compromised Corporate DataRockport Mortgage Notifies Individuals of Recent Data Breach Leaking Their Personal InformationGreat Plains Regional Medical Center (OK) Notifies Patients of Data Breach Following Ransomware AttackAI Company iLearningEngines Tells SEC That $250,000 Stolen in CyberattackFord ‘Actively Investigating’ After Employee Data Allegedly Parked on Leak SiteAkira Ransomware Racks Up 30+ Victims in a Single Day‘ClickFix’ Cyber-Attacks for Malware Deployment on the RiseFake Bitwarden Ads on Facebook Push Info-Stealing Chrome ExtensionFake Discount Sites Exploit Black Friday to Hijack Shopper InformationNew Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza StealersCritical 9.8-Rated VMware vCenter RCE Bug Exploited After Patch FumblePalo Alto Networks Patches Two Firewall Zero-Days Used in Attacks
11/15-17/2024 November 17, 2024November 17, 2024 ~ The Cyber Beat ~ Leave a comment Library of Congress Email Systems Hacked Earlier This Year by ‘Foreign Adversary’Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli OrganizationsVietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and AsiaChinese ‘SilkSpecter’ Fraud Network Uses 4,700 Fake Shopping Sites to Steal Credit CardsT-Mobile Confirms It Was Hacked in Recent Wave of Telecom BreachesNew Apple Security Feature Reboots iPhones After 3 Days, Researchers ConfirmNSO Group Used Another WhatsApp Zero-Day After Being Sued, Court Docs SayCyber Schemes Among Projects Getting £20M WindfallBitfinex Hacker Ilya Lichtenstein Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in BitcoinOhio Man Behind Helix Cryptocurrency Mixer Gets 3-Year SentenceKrebs: An Interview With the Target & Home Depot HackerWill Passkeys Ever Replace Passwords? Can They?FTC Reports 50% Drop In Unwanted Call Complaints Since 2021Otsego Public Schools (MI) Hacked; Personal Info ExposedFake AI Video Generators Infect Windows, macOS With InfostealersPhishing Emails Increasingly Use SVG Attachments to Evade DetectionRansomware Groups Use Cloud Services For Data ExfiltrationResearchers Warn of Privilege Escalation Risks in Google’s Vertex AI ML PlatformWarning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN CredentialsPAN-OS Firewall Vulnerability Under Active Exploitation – IoCs ReleasedBotnet Exploits GeoVision Zero-Day to Install Mirai MalwarewatchTowr Finds New Zero-Day Vulnerability in Fortinet ProductsHigh-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment VariablesSecurity Plugin Flaw in Millions of WordPress Sites Gives Admin AccessMicrosoft Pulls Exchange Security Updates Over Mail Delivery IssuesThe Vendor’s Role in Combating Alert FatigueTop Ukrainian Cyber Official Resigns a Year After Taking Office