12/4/2024 December 5, 2024December 5, 2024 ~ The Cyber Beat ~ Leave a comment U.S. Officials Recommend Encrypted Messaging to Evade Hackers in Telecom Networks‘Large Number’ of Americans’ Metadata Stolen by Chinese Hackers, Senior Official SaysSenators Warn the Pentagon: Get a Handle on China’s Telecom HackingWhite House: Salt Typhoon Hacked Telcos in Dozens of CountriesTrump’s FBI Pick Kash Patel Targeted in Iranian CyberattackA New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus InfectionsShe Was a Russian Socialite and Influencer. Cops Say She’s a Crypto Laundering KingpinUK Disrupts Russian Money Laundering Networks Used by RansomwareKrebs: U.S. Offered $10M for Hacker ‘Wazawaka’ Just Arrested by RussiaRansomware Costs Manufacturing Sector $17bn in DowntimeRussia-Linked Turla Exploits Pakistani Hackers’ Servers to Target Afghan and Indian EntitiesBT Unit Took Servers Offline After Black Basta Ransomware BreachLiverpool Children’s Hospital Confirms Cyber-AttackWirral Hospital Recovery Continues One Week After Cyber IncidentESHA (NJ) Notifies Over 76k People of Recent Data BreachNew DroidBot Android Malware Targets 77 Banking, Crypto AppsResearchers Uncover Backdoor in Solana’s Popular Web3.js npm LibraryJapan Warns of IO-Data Zero-Day Router Flaws Exploited in AttacksCritical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized AccessNavigating the Changing Landscape of Cybersecurity RegulationsFBI Shares Tips on How to Tackle AI-Powered Fraud Schemes
12/3/2024 December 3, 2024December 3, 2024 ~ The Cyber Beat ~ Leave a comment U.S. Official Fighting Chinese Telecom Intrusions Urges More Encryption…U.S. Shares Tips to Block Hackers Behind Recent Telecom BreachesFrench Mobile Operators Join Forces to Tackle Rising FraudFinland Says Latest Fiber-Optic Cable Break Was an Accident, Not SabotageKimsuky Group Adopts New Phishing Tactics to Target VictimsKrebs: Why Phishers Love New TLDs Like .shop, .top and .xyzPolice Shut Down Matrix Encrypted Criminal HubPolice Seizes Largest German Online Crime Marketplace ‘Crimenetwork’ & Arrests AdminData Brokers May Be Banned From Selling Your Social Security NumberTwo Data Brokers Banned From Selling ‘Sensitive’ Location Data by the FTCCyberattack and Financial Troubles Force Stoli’s U.S. Arm to File for BankruptcyData on 760K Workers From Xerox, Nokia, BofA, Morgan Stanley and More Dumped OnlineRansomware Attack Disrupts Operations at U.S. Contractor ENGlobalIndian Online ID Verification Firm Signzy Confirms Security IncidentArthur Center Community Health (MO) Files Notice of Data Breach with Federal GovernmentHorns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript PayloadsCloudflare’s Developer Domains Increasingly Abused by Threat ActorsNachoVPN Tool Exploits Flaws in Popular VPN Clients for System CompromiseExploit Released for Critical WhatsUp Gold RCE Flaw, Patch NowVeeam Warns of Critical RCE Bug in Service Provider ConsoleCisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability
12/2/2024 December 3, 2024December 3, 2024 ~ The Cyber Beat ~ Leave a comment France Accuses Azerbaijan of Online Manipulation CampaignsGerman Intelligence Launches Task Force to Combat Foreign Election InterferenceChinese Lidar Sensors Pose Hacking Risk to U.S. Defense Equipment, Report SaysThe Pressure Is on for Big Tech to Regulate the Broken Digital Advertising IndustryMalicious Ads in Search Results Are Driving New Generations of ScamsINTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 MillionKorea Arrests CEO for Adding DDoS Feature to Satellite ReceiversRussia Sentences Hydra Dark Web Market Leader to Life in PrisonSEC Settles With an Industrial and Commercial Bank of China Unit Over Ransomware Attack, Imposes No FineAre You Being Tracked by an Airtag? Here’s How to CheckCosta Rica State Energy Company Calls in U.S. Experts to Help With Ransomware AttackRetail Outages Drag Into Second Week After Blue Yonder Ransomware Attack$300M Bitcoin Hack Forces Japanese Crypto Exchange DMM Bitcoin to Cease OperationsClipper DEX Says Recent $450K Hack Wasn’t Caused by Private Key LeakCrypto.com Launches Massive $2m Bug Bounty ProgramZane Benefits (UT) Sends Data Breach Letters Confirming Leaked SSNsSmokeLoader Malware Campaign Targets Companies in TaiwanAWS Launches an Incident Response Service to Combat Cybersecurity ThreatsIncident Response Playbooks: Are You Prepared?Apple Patents System for Identifying People When Facial Scans Aren’t Enough
11/29-12/1/2024 December 1, 2024December 1, 2024 ~ The Cyber Beat ~ Leave a comment Cyber-Attacks Could Impact Romanian Presidential Race, Officials ClaimAI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. ElectionsUN, International Orgs Create Advisory Body for Submarine Cables After IncidentsIn the New Space Race, Hackers Are Hitching a Ride Into OrbitIn New Bitcoin Bull Market, It’s Time to Beware of the Same Old Crypto ScamsMet Police Apologises to Honeytrap Victims Over EmailUK Justice System Failing Cybercrime Victims, Cyber Helpline FindsWanted Russian Hacker ‘Wazawaka’ Linked to Hive and LockBit Ransomware ArrestedU.S. Citizen Florida Man Sentenced for Spying on Behalf of China’s Intelligence AgencyUganda Confirms Cyberattack on Central Bank but Minimizes Extent of BreachINC Ransom Claims Cyber-Attack on UK Children’s HospitalRansomHub Claims to Net Data Hat-Trick Against Bologna FCPhishing-as-a-Service “Rockstar 2FA” Targets Microsoft 365 Users with AiTM AttacksNovel Phising Campaign Uses Corrupted Word Documents to Evade SecuritySpyLoan Android Malware on Google Play Installed 8 Million TimesNew Windows Server 2012 Zero-Day Gets Free, Unofficial PatchesTor Needs 200 New Webtunnel Bridges to Fight CensorshipBulgarians Plead Guilty to Spying for Russia Using ‘Advanced Technology’
11/28/2024 November 28, 2024November 28, 2024 ~ The Cyber Beat ~ Leave a comment Undersea Cable Cuts in the Baltic Sea Are Stoking Geopolitical Tensions — Here’s What’s Going OnCloned Customer Voice Beats Bank Security ChecksThe Only Thing Worse Than Being Fired Is Scammers Fooling You Into Thinking You’re FiredTfL Faces Independent Investigation Over Cyber-Attack ResponseAlbanian Drug Smugglers Busted After Cops Decrypt CommsUK Hospital Network Postpones Procedures After CyberattackCrypto Exchange XT.com Suspends Withdrawals After Suspected $1.7M HackXMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto MinerCritical Vulnerabilities Discovered in Industrial Wireless Access PointHow Learning to Fly Made Me a Better Cybersecurity CEO
11/27/2024 November 28, 2024November 28, 2024 ~ The Cyber Beat ~ Leave a comment T-Mobile Says Salt Typhoon Cyber Attackers Had No Access to Customer Data…Salt Typhoon Chinese Hackers Breached T-Mobile’s Routers to Scope Out Network…Salt Typhoon’s Surge Extends Far Beyond U.S. TelcosBritish Government Demands Chinese-Owned Company Appoint a Security Chief With UK ClearancesKrebs: Hacker in Snowflake Extortions May Be a U.S. SoldierPolice Bust Pirate Streaming Service Making €250 Million per MonthAppeals Court Overturns Treasury Sanctions Against Crypto Mixer Tornado CashExxon Lobbyist Investigated Over Hack-And-Leak of Environmentalist Emails, Sources SayMicrosoft Is Being Investigated by the FTC Over Antitrust ConcernsFTC Changes Its Telemarketing Rules to Cover Growing ‘Tech Support Scam’ CallsAkamai Technologies: Bankruptcy Court Approves Bid for Edgio AssetsUK Nuclear Decommissioning Authority Opens Sellafield Cyber CenterBIC, Starbucks, Morrisons Continue Recovery After Blue Yonder Ransomware AttackHoboken (NJ) Hit with Ransomware Cyberattack, Officials SayData Broker SL Data Services Leaves 600K+ Sensitive Files Exposed OnlineCloudflare Says It Lost 55% of Logs Pushed to Customers for 3.5 HoursZello Asks Users to Reset Passwords After Security IncidentContemporary Information Corp (CA) Provides Notice of Data Breach Following Incident at BackChecked, LLCAttack Group APT-C-60 Targets Japan Using Trusted PlatformsHackers Abuse Popular Godot Game Engine to Infect Thousands of PCsNew Bootkit “Bootkitty” Targets Linux Systems via UEFIMatrix Botnet Exploits IoT Devices in Widespread DDoS Botnet CampaignCritical Flaw in ProjectSend Under Active Exploitation Against Public-Facing ServersMicrosoft Re-Releases Exchange Updates After Fixing Mail Delivery
11/26/2024 November 26, 2024November 26, 2024 ~ The Cyber Beat ~ Leave a comment Aggressive Chinese APT Group Earth Estries Targets Governments with New BackdoorsRussian RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks‘CyberVolk’ Hacktivists Use Ransomware in Support of Russian InterestsDarknet Services Fuel Holiday Scams and E-Commerce ExploitsEmergency Vehicle Lights Can Screw up a Car’s Automated Driving SystemMy Car Knows My Secrets, and I’m (Mostly) OK With ThatCrowdStrike Raises Annual Forecast on Steady Cybersecurity DemandOver 1,000 Arrested in Massive ‘Serengeti’ Anti-cybercrime OperationRansomHub Gang Says It Broke Into Networks of Texas City, Minneapolis AgencyNHS Trust Declares Major Incident for “Cybersecurity Reasons”Canadian Privacy Regulators Publish Details of Medical Testing Company LifeLabs Data BreachRadiologic Medical Services (IA) Announces Data Breach After Unauthorized Access to Employee Email AccountNew DDoS Campaign by ‘Matrix’ Exploits IoT Devices and Server MisconfigurationsNew NachoVPN Attack Uses Rogue VPN Servers to Install Malicious UpdatesCritical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote AttacksCISA Urges Agencies to Patch Critical “Array Networks” Flaw Amid Active Attacks
11/25/2024 November 26, 2024November 26, 2024 ~ The Cyber Beat ~ Leave a comment China Has Utterly Pwned ‘Thousands and Thousands’ of Devices at U.S. TelcosSalt Typhoon Hackers Backdoor Telcos With New GhostSpider MalwareFormer Verizon Employee Gets Four-Year Sentence for Sharing Cyber Secrets With Chinese GovernmentUK Minister Criticized Over ‘Hyperbolic’ Speech on Russia’s Cyber CapabilitiesAmerica’s Rivals Have a New Favorite Weapon: Criminal GangsDOJ: Man Hacked Networks to Pitch Cybersecurity ServicesCyberattacks Cost British Businesses $55 Billion in Past Five Years, Broker SaysNew York State Fines Geico and Travelers $11.3 Million for Data BreachesStarbucks, Others Faces Disruptions Following Ransomware Attack on Software Supplier Blue YonderSpring EQ (PA) Notifies Consumers of Data Breach Stemming from Compromised Employee Email AccountPyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys via Telegram BotBlackBasta Ransomware Brand Picks up Where Conti Left OffCybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New AttacksResearchers Uncover Malware Using BYOVD to Bypass Antivirus ProtectionsQNAP Addresses Critical Flaws Across NAS, Router SoftwareGoing Way Beyond Secure by Demand
11/22-24/2024 November 24, 2024November 24, 2024 ~ The Cyber Beat ~ Leave a comment Russia’s Ballistic Missile Attack on Ukraine Is an Alarming FirstRussia Ready to Wage Cyber War on UK, Minister to SayChinese Hackers Preparing for Conflict, U.S. Cyber Official SaysWhite House Officials Meet with Telecoms Execs on Suspected China HackMicrosoft President Asks Trump to “Push Harder” Against Russian HacksTrump Taps Border Hawk to Head DHS. Will Noem’s ‘Enthusiasm’ Extend to Digital Domain?The Pentagon’s Battle Inside the U.S. For Control of a New Cyber ForceThe U.S. Is Calling Out Foreign Influence Campaigns Faster Than EverGoogle Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News SitesThree-Quarters of Black Friday Spam Emails Identified as ScamsBangkok Busts SMS Blaster Sending 1 Million Scam Texts From a VanMeta Removes Over 2 Million Accounts Pushing Pig Butchering ScamsSupreme Court Tosses Facebook Appeal in Shareholder Lawsuit Arising From Cambridge Analytica Data BreachDeliveryHero Subsidiary Fined $5.2 Million for Tracking Drivers’ GeolocationAndrew Tate’s Site ‘Real World’ Ransacked, Subscriber Data StolenSoftware Company Blue Yonder Providing Services to U.S. and UK Grocery Stores Says It Was Hit by Ransomware AttackMembers Trust Company (FL) Data Breach Following Compromised Email Accounts Affects 11,854 ConsumersRussian Fancy Bear Hackers Breach U.S. Firm Over Wi-Fi From Russia in ‘Nearest Neighbor Attack’Russian Cyber Spies TAG-110 Target Organizations with HatVibe and CherrySpy MalwareChina-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage CampaignAPT-K-47 (aka Mysterious Elephant) Uses Hajj-Themed Lures to Deliver Advanced Asyncshell MalwareNorth Korean Hackers Sapphire Sleet Steal $10M with AI-Driven Scams and Malware on LinkedInPyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python LibrariesHackers Abuse Avast Anti-Rootkit Driver to Disable DefensesMicrosoft Rolls Out Recall to Windows Insiders With Copilot+ PCsMicrosoft Testing Windows 11 Support for Third-Party PasskeysSenators Call for Audit of TSA’s Facial Recognition Tech as Use Expands in Airports
11/21/2024 November 21, 2024November 21, 2024 ~ The Cyber Beat ~ Leave a comment Potential Trump Cyber Picks Coalesce — But Insiders Say There Could Be SurprisesChina’s Surveillance State Is Selling Citizen Data as a Side HustleChinese Ship Casts Shadow Over Baltic Subsea Cable SnipfestNorth Korean Front Companies Impersonate U.S. IT Firms to Fund Missile ProgramsThe AI Effect: Amazon Sees Nearly 1 Billion Cyber Threats a DayGoogle’s AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source ProjectsMicrosoft Disrupts ONNX Phishing-as-a-Service InfrastructureFortinet VPN Design Flaw Hides Successful Brute-Force AttacksA New ‘Ultra-Secure’ Phone Carrier Says It Can Make You Harder to TrackMeta Finally Breaks Its Silence on Pig ButcheringU.S. Seizes PopeyeTools Cybercrime Marketplace, Charges AdministratorsKrebs: Feds Charge Five Men in ‘Scattered Spider’ RoundupDozens of Central Asian Targets Hit in Recent Russia-Linked Cyber-Espionage CampaignCyberattack at French Hospital Exposes Health Data of 750,000 PatientsStop & Shop Races to Restock Shelves After ‘Cybersecurity Issue’Gambling and Lottery Giant International Game Technology Disrupted by Cyberattack, Working to Bring Systems Back OnlineOver 145,000 Industrial Control Systems Across 175 Countries Found Exposed OnlineNow BlueSky Hit with Crypto Scams as It Crosses 20 Million UsersRockford Gastroenterology Associates (IL) Notifies 147,253 of 2023 Data BreachLinux Malware WolfsBane and FireWood Linked to Gelsemium APTVietnam’s Infostealer Crackdown Reveals VietCredCare and DuckTailNodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card DataWarning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign
11/20/2024 November 21, 2024November 21, 2024 ~ The Cyber Beat ~ Leave a comment Chinese APT Group Targets Telecom Firms Linked to Belt and Road InitiativeInside the Booming ‘AI Pimping’ IndustryAmazon and Audible Flooded With ‘Forex Trading’ and Warez Listings60% of Emails with QR Codes Classified as Spam or MaliciousU.S. Charges Five in ‘Scattered Spider’ Hacking SchemeTwo Brothers Indicted for Operating Illegal Sports Streaming Service That Netted $7 MillionMITRE Shares 2024’s Top 25 Most Dangerous Software WeaknessesKrebs: Fintech Giant Finastra Investigating Data BreachNorfolk Sheriff’s Office (VA) Says They Were the ‘Victim of a Cybersecurity Event’Wexford County (MI) Computer Systems Returning After Cyberattack Forced ShutdownFBI Says BianLian Based in Russia, Moving From Ransomware Attacks to ExtortionGhost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile PaymentsFive Privilege Escalation Flaws Found in Ubuntu Needrestart
11/19/2024 November 20, 2024November 20, 2024 ~ The Cyber Beat ~ Leave a comment Data Privacy Experts Predict Some Wins Under Trump 2.0Hacker Is Said to Have Gained Access to File With Damaging Testimony About Matt GaetzRansomware Gangs on Recruitment Drive for Pen TestersLeaked Documents Show What Phones Secretive Tech ‘Graykey’ Can UnlockMicrosoft Shares More Details on Windows 11 Admin ProtectionMicrosoft Announces Its Own Black Hat-Like Hacking Event With Big Rewards for AI SecurityAuto Sector Scrambles to Retool Workforce for Electric and Automated FutureTSA Cyber Disclosure Requirements Worry Natural Gas CompaniesTSA Not Monitoring Transportation Sector Efforts to Stop Ransomware, Watchdog SaysD-Link Urges Users to Retire VPN Routers Impacted by Unfixed RCE FlawHealthcare Org Equinox Notifies 21K Patients and Staff of Data TheftAspen Healthcare Services (TX) Announces Data Breach Following Ransomware AttackAdventHealth (FL) Files Official Notice of Data BreachHackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports BroadcastsSpotify Abused to Promote Pirated Software and Game CheatsHelldown Ransomware Expands to Target VMware and Linux SystemsNgioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT DevicesCISA Tags Progress Kemp Loadmaster Flaw as Exploited in AttacksApple Fixes Two Zero-Days Used in Attacks on Intel-Based MacsOracle Warns of Agile PLM File Disclosure Flaw Exploited in Attacks
11/18/2024 November 19, 2024November 19, 2024 ~ The Cyber Beat ~ Leave a comment Sweden’s ‘Doomsday Prep for Dummies’ Guide Hits Mailboxes TodayNorth Korean IT Worker Network Tied to BeaverTail Phishing CampaignSurge in DocuSign Phishing Attacks Target U.S. State ContractorsMany U.S. Water Systems Exposed to ‘High-Risk’ Vulnerabilities, Watchdog FindsBipartisan Effort to Clean up Cyber Regulations Gets a Boost in House, but Calendar Is TightFake Donald Trump Assassination Story Used in Phishing ScamMicrosoft 365 Admin Portal Abused to Send Sextortion EmailsHeather ‘Razzlekhan’ Morgan Sentenced to 18 Months in Prison, Ending Bitfinex SagaU.S. Charges Phobos Ransomware Admin After South Korea ExtraditionCybersecurity At A Crossroads As Global Threats Hit Record HighsWhy the Demand for Cybersecurity Innovation Is SurgingBrave on iOS Adds New “Shred” Button to Wipe Site-Specific DataGmail’s New Shielded Email Feature Lets Users Create Aliases for Email PrivacyApple Still Blocking Access to News Apps and Podcasts at Moscow’s RequestU.S. Space Tech Giant Maxar Discloses Employee Data BreachBritish Software Company Microlise Confirms Hackers Compromised Corporate DataRockport Mortgage Notifies Individuals of Recent Data Breach Leaking Their Personal InformationGreat Plains Regional Medical Center (OK) Notifies Patients of Data Breach Following Ransomware AttackAI Company iLearningEngines Tells SEC That $250,000 Stolen in CyberattackFord ‘Actively Investigating’ After Employee Data Allegedly Parked on Leak SiteAkira Ransomware Racks Up 30+ Victims in a Single Day‘ClickFix’ Cyber-Attacks for Malware Deployment on the RiseFake Bitwarden Ads on Facebook Push Info-Stealing Chrome ExtensionFake Discount Sites Exploit Black Friday to Hijack Shopper InformationNew Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza StealersCritical 9.8-Rated VMware vCenter RCE Bug Exploited After Patch FumblePalo Alto Networks Patches Two Firewall Zero-Days Used in Attacks
11/15-17/2024 November 17, 2024November 17, 2024 ~ The Cyber Beat ~ Leave a comment Library of Congress Email Systems Hacked Earlier This Year by ‘Foreign Adversary’Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli OrganizationsVietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and AsiaChinese ‘SilkSpecter’ Fraud Network Uses 4,700 Fake Shopping Sites to Steal Credit CardsT-Mobile Confirms It Was Hacked in Recent Wave of Telecom BreachesNew Apple Security Feature Reboots iPhones After 3 Days, Researchers ConfirmNSO Group Used Another WhatsApp Zero-Day After Being Sued, Court Docs SayCyber Schemes Among Projects Getting £20M WindfallBitfinex Hacker Ilya Lichtenstein Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in BitcoinOhio Man Behind Helix Cryptocurrency Mixer Gets 3-Year SentenceKrebs: An Interview With the Target & Home Depot HackerWill Passkeys Ever Replace Passwords? Can They?FTC Reports 50% Drop In Unwanted Call Complaints Since 2021Otsego Public Schools (MI) Hacked; Personal Info ExposedFake AI Video Generators Infect Windows, macOS With InfostealersPhishing Emails Increasingly Use SVG Attachments to Evade DetectionRansomware Groups Use Cloud Services For Data ExfiltrationResearchers Warn of Privilege Escalation Risks in Google’s Vertex AI ML PlatformWarning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN CredentialsPAN-OS Firewall Vulnerability Under Active Exploitation – IoCs ReleasedBotnet Exploits GeoVision Zero-Day to Install Mirai MalwarewatchTowr Finds New Zero-Day Vulnerability in Fortinet ProductsHigh-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment VariablesSecurity Plugin Flaw in Millions of WordPress Sites Gives Admin AccessMicrosoft Pulls Exchange Security Updates Over Mail Delivery IssuesThe Vendor’s Role in Combating Alert FatigueTop Ukrainian Cyber Official Resigns a Year After Taking Office
11/14/2024 November 14, 2024November 14, 2024 ~ The Cyber Beat ~ Leave a comment Trump’s Second Term Is Expected to Bring Big Change to Top U.S. Cyber Agency…More Spyware, Fewer Rules: What Trump’s Return Means for U.S. Cybersecurity…Washington’s Cybersecurity Storm of ComplacencySitting Ducks DNS Attacks Put Global Domains at RiskGoogle Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto SchemesBank of England U-turns on Vulnerability Disclosure RulesCybercriminal Devoid of Boundaries Gets 10-Year Prison SentenceTeen Behind Hundreds of Swatting Attacks Pleads Guilty to Federal ChargesMalware Being Delivered by Mail, Warns Swiss Cyber AgencyHungary Confirms Hack of Defense Procurement AgencyKids’ Shoemaker Start-Rite Trips Over Security Again, Spilling Customer Card InfoMicrosoft Power Pages Misconfiguration Leads to Data ExposureNew Glove Infostealer Malware Bypasses Chrome’s Cookie EncryptionRussian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing EmailsNew RustyAttr Malware Targets macOS Through Extended Attribute AbuseCISA Warns of More Palo Alto Networks Bugs Exploited in AttacksChatGPT Allows Access to Underlying Sandbox OS, “Playbook” Data
11/13/2024 November 13, 2024November 13, 2024 ~ The Cyber Beat ~ Leave a comment China-Linked Hackers Stole Surveillance Data From Telecom Companies, U.S. SaysHamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against IsraelTrump’s Second Term Is Expected to Bring Big Change to Top U.S. Cyber Agency…Top White House Cyber Official Urges Trump to Focus on Ransomware, ChinaThese Are the Passwords You Definitely Shouldn’t Be UsingLeaked Info of 122 Million Linked to B2B Data Aggregator BreachData Broker Amasses 100M+ Records on People – Then Someone Snatches, Sells ItThese Guys Hacked AirPods to Give Their Grandmas Hearing AidsAmazon MOVEit Leaker Claims to Be Ethical HackerChinese National Faces 20 Years in U.S. Prison for Laundering Pig-Butchering ProceedsChina-Linked Group Hacked Tibetan Media and University Sites to Distribute Cobalt Strike PayloadEmbargo Ransomware Fiends Boast They’ve Stolen 1.4TB From U.S. Pharmacy NetworkWisconsin City of Sheboygan Says Ransom Demanded After CyberattackASM Global (CA) Notifies Affected Individuals of Recent Data BreachHive0145 Targets Europe with Advanced Strela Stealer CampaignsNew ShrinkLocker Ransomware Decryptor Recovers Bitlocker PasswordCritical Bug in EoL D-Link NAS Devices Now Exploited in AttacksKrebs: Microsoft Patch Tuesday, November 2024 EditionNIST Says Exploited Vulnerability Backlog Cleared but End-Of-Year Goal for Full List UnlikelyNew Google Pixel AI Feature Analyzes Phone Conversations for Scams
11/12/2024 November 12, 2024November 12, 2024 ~ The Cyber Beat ~ Leave a comment German Interior Minister Warns of Cyber Threat Ahead of ElectionsVolt Typhoon Rebuilds Malware Botnet Following FBI DisruptionSurge in Exploits of Zero-Day Vulnerabilities Is ‘New Normal’ Warns Five Eyes AllianceFBI, CISA, and NSA Reveal Most Exploited Vulnerabilities of 2023Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 91 Flaws…Two Zero-Day Bugs in Microsoft’s Nov. Update Under Active Exploit…Windows 10 KB5046613 Update Released with Fixes For Printer BugsCISOs Turn to Indemnity Insurance as Breach Pressure MountsSignal Introduces Convenient “Call Links” for Private Group ChatsPentagon Leaker Sentenced to 15 Years in Jail After Sharing Military Secrets OnlineDutch Company Behind Hannaford, Stop & Shop Says Cyber Issue Affecting U.S. NetworkDelta, Amazon Confirm Vendor Breach as Dark Web Posts Revive MOVEit Leak ConcernsBBS Financial (MA) Confirms Data Breach Following January 2024 Ransomware AttackNorth Korean Hackers Target macOS Using Flutter-Embedded MalwareTA455’s Iranian Dream Job Campaign Targets Aerospace with MalwarePhishing Tool GoIssue Targets Developers on GitHubNew Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ MisconfigurationD-Link Won’t Fix Critical Bug in 60,000 Exposed EoL ModemsHow Italy Became an Unexpected Spyware Hub
11/11/2024 November 12, 2024 ~ The Cyber Beat ~ Leave a comment Credit Cards Readers Across Israeli Stores, Gas Stations Crash in CyberattackFBI Issues Warning as Crooks Ramp up Emergency Data Request ScamsWEF Introduces Framework to Strengthen Anti-Cybercrime PartnershipsSecurity Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege EscalationThe AI Machine Gun of the Future Is Already HereHalliburton Reports $35 Million Loss After Ransomware AttackOpen Source Security Incidents Aren’t Going AwayAmazon Confirms Employee Data Breach, but Says It’s Limited to Contact InfoHIBP Notifies 57 Million People of Hot Topic Data BreachFood Lion Acknowledges They Were Hit by CyberattackSet Forth, Inc. (IL) Sends Data Breach Letters to 1.5 Million ConsumersEnglish Construction Company (VA) Targeted in Ransomware Attack, Leading to Data Breach Affecting Former EmployeesNew Remcos RAT Variant Targets Windows Users Via PhishingNew Ymir Ransomware Partners With RustyStealer in Attacks
11/8-10/2024 November 10, 2024November 10, 2024 ~ The Cyber Beat ~ Leave a comment Pro-Russian Hacktivists Target South Korea as North Korea Joins Ukraine WarAuthorities Work to Find the Source of Racist Texts Sent to Black People Nationwide After the ElectionTSA Wants to Expand Cyber Rules for Pipelines and RailroadsScattered Spider, BlackCat Claw Their Way Back From Criminal UndergroundScammers Target UK Senior Citizens With Winter Fuel Payment TextsGoogle’s Mysterious ‘search.app’ Links Leave Android Users ConcernedA New iOS 18 Security Feature Makes It Harder for Police to Unlock iPhonesFBI: Spike in Hacked Police Emails, Fake Subpoenas (Krebs)Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money LaunderingIcePeony and Transparent Tribe Target Indian Entities with Cloud-Based ToolsMalicious NPM Packages Target Roblox Users with Data-Stealing MalwareMalicious PyPI Package with 37,000 Downloads Steals AWS KeysHackers Now Use Zip File Concatenation to Evade DetectionCritical Veeam RCE Bug Now Used in Frag Ransomware AttacksUnpatched Mazda Connect Bugs Let Hackers Install Persistent MalwarePalo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat ConcernsD-Link Won’t Fix Critical Flaw Affecting 60,000 Older NAS DevicesHow the Creator of Zero Trust Developed Today’s Most Robust Cybersecurity StrategyRussia’s Internet Watchdog Blocks Thousands of Websites That Use Cloudflare’s Privacy Service
11/7/2024 November 8, 2024November 8, 2024 ~ The Cyber Beat ~ Leave a comment U.S. Agency Warns Employees About Phone Use Amid Ongoing China HackChina-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 BaitChina-Linked Hackers Tasked With Japanese Targets Pursue Them Through EuropeCanada Orders Shutdown of Local TikTok Branch Over Security Concerns764 Terror Network Member Richard Densmore Sentenced to 30 Years in PrisonAkamai Forecasts Fourth-Quarter Revenue Below Estimates on Weak Client SpendingCloudflare’s Q4 Revenue Forecast Falls Short as Cybersec Competition IntensifiesFortinet’s Quarterly Revenue Forecast Disappoints, Shares FallDatadog Raises Annual Forecast Betting on AI-Driven Cybersecurity DemandDefenders Outpace Attackers in AI AdoptionNokia Says Hackers Leaked Third-Party App Source CodeTexas-Based Oilfield Supplier Newpark Resources Faces Disruptions Following Ransomware AttackOrthopedicsNY Files Official Notice of 2023 Data Breach Affecting Patient InformationNorth Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOSDon’t Open That ‘Copyright Infringement’ Email Attachment – It’s an InfostealerAndroxgh0st Botnet Adopts Mozi Payloads, Expands IoT ReachMalicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of DevelopersCISA Warns of Critical Palo Alto Networks Bug Exploited in AttacksHPE Warns of Critical Rce Flaws in Aruba Networking Access PointsThe Power of Process in Creating a Successful Security Posture
11/6/2024 November 7, 2024November 7, 2024 ~ The Cyber Beat ~ Leave a comment Top U.S. Cyber Official Says ‘No Evidence of Malicious Activity’ Impacting ElectionFact Check: Georgia Voter Fraud Video Labeled Russian Disinformation Uses False Personal DataIRISSCON: Organizations Still Falling Victim to Predictable Cyber-AttacksCybercrooks Are Targeting Bengal Cat Lovers in Australia for Some ReasonPeople Urged to Update Some Internet RoutersGermany Drafts Law to Protect Researchers Who Find Security FlawsMajor Ukrainian University Bans Telegram to Reduce CyberthreatsUK Orders Chinese Owners to Relinquish Control of Scottish Semiconductor BusinessMassive Nigerian Cybercrime Bust Sees 130 ArrestedWashington Courts’ Systems Offline Following Weekend CyberattackCyber-Attack on Microlise Disrupts DHL and Serco Tracking ServicesCyberattack Disables Tracking Systems and Panic Alarms on British Prison VansSelectBlinds Says 200,000 Customers Impacted After Hackers Embed Malware on SiteNokia: No Evidence So Far That Hackers Breached Company DataWinos4.0 Malware Found in Game Apps, Targets Windows UsersNew SteelFox Malware Hijacks Windows PCs Using Vulnerable DriverVEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute MalwareCisco Bug Lets Hackers Run Commands as Root on UWRB Access Points
11/5/2024 November 5, 2024November 5, 2024 ~ The Cyber Beat ~ Leave a comment The FBI Says Russian Emails Are Sending Fake Bomb Threats to Polling Stations…Russia Is Going All Out on Election Day InterferenceU.S. Warns of Last-Minute Iranian and Russian Election Influence Ops…Officials Warn Against Fake U.S. Election Videos, but See Little DisruptionClickFix Exploits Users with Fake Errors and Malicious CodeInterpol Disrupts Cybercrime Activity on 22,000 IP Addresses, Arrests 41Krebs: Canadian Man Arrested in Snowflake Data ExtortionsA Kansas Pig Butchering: CEO Who Defrauded Bank, Church, Friends Gets 24 YearsFBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber IntrusionsMeta Found to Have Exposed Info on North Korean Defectors to AdvertisersUkraine Accuses Google of Revealing Locations of Its Military SystemsGeorgia Hospital Unable to Access Record System After Ransomware AttackSchneider Electric Ransomware Crew Demands $125K Paid in BaguettesChinese Group Accused of Hacking Singtel in Telecom AttacksChinese Air Fryers May Be Spying on Consumers, Which? WarnsToxicPanda Malware Targets Banking Apps on Android DevicesPakistani Hackers Targeted High-Profile Indian Entities using Custom ElizaRATMalware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat PackagesSynology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS DevicesGoogle Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android SystemGoogle Cloud to Make MFA Mandatory by the End of 2025How to Win at Cyber by Influencing People
11/4/2024 November 5, 2024November 5, 2024 ~ The Cyber Beat ~ Leave a comment U.S. Cybersecurity Chief Says Disinformation Surge Hasn’t Impacted Election…In Final Check-in Before Election Day, CISA Cites Low-Level Threats, and Not Much ElseNakasone Says All the News About Influence Campaigns Ahead of Election Day Is Actually ‘A Sign of Success’Rep. Yvette Clarke on AI-Fueled Disinformation: ‘We Have Not Protected Ourselves in Time for This Election Cycle’U.S. Says Russia Behind Fake Haitian Voters VideoMoldova Elects Pro-West President Maia Sandu Despite Russian InterferenceCustom “Pygmy Goat” Malware Used in Sophos Firewall Hack on Gov’t NetworkInside the Massive Crime Industry That’s Hacking Billion-Dollar CompaniesNorthern Minnesota Man Cost Former Employer $45K in Cryptojacking Scheme, Charges SayNigerian Handed 26-Year Sentence for Real Estate Phishing ScamGoogle Researchers Claim First Vulnerability Found Using AISchneider Electric Confirms Dev Platform Breach After Hacker Steals DataNokia Investigates Breach After Hacker Claims to Steal Source CodeCisco Says DevHub Site Leak Won’t Enable Future BreachesColumbus (OH) Ransomware Attack Exposes Data of 500,000 ResidentsMiddlesbrough Council Targeted in Second Cyber Attack in a WeekHouston Housing Authority Was Victim of a Ransomware Attack, Agency SaysKemlon Products & Development Group (TX) Files Official Notice of Data BreachMeet Interlock — The New Ransomware Targeting FreeBSD ServersWindows Infected With Backdoored Linux VMs in New Phishing AttacksCybercriminals Exploit DocuSign APIs to Send Fake InvoicesSupply Chain Attack Uses Smart Contracts for C2 OpsCritical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning
11/1-3/2024 November 3, 2024November 5, 2024 ~ The Cyber Beat ~ Leave a comment Georgia Says U.S., Election Disinformation Likely Coming From Russian Troll FarmsU.S. Blames Russia Over Video Falsely Alleging Fraudulent Voting in State of GeorgiaChina’s Typhoon Hacks Ahead of U.S. Election Spurred by Elite CompetitionCyber Threats and the Election: What You Need to KnowSophos Warns Chinese Hackers Are Becoming StealthierMicrosoft Warns of Chinese Botnet Exploiting Router Flaws for Credential TheftU.S. and Israel Warn of Iranian Threat Actor’s New TradecraftKrebs: Booking.com Phishers May Leave You With ReservationsThey’re Giving Scammers All Their Money. The Kids Can’t Stop Them.6 IT Contractors Arrested for Defrauding Uncle Sam Out of MillionsDDoS Site Dstat.cc Seized and Two Suspects Arrested in GermanyFlorida Man Accused of Hacking Disney World Menus, Changing Font to WingdingsHack Nintendo’s Alarm Clock to Show Cat Pics? Let’s-A-Go!ChatGPT-4o Can Be Used for Autonomous Voice-Based ScamsOpenAI’s New ChatGPT Search Chrome Extension Feels Like a Search HijackerLA Housing Authority Confirms Breach Claimed by Cactus RansomwareSan Joaquin County Superior Court (CA) Suffering From Tech Outages After CyberattackRansomware Attack Hits German Pharmaceutical Wholesaler AEP, Disrupts Medicine SuppliesYoung People’s Data Feared Stolen in Cyberattack on French Government ContractorSaint Xavier University Notifies Over 200k People of Recent Data BreachMiddlesbrough Council Website Restored After Online AttackA Devon School ‘Blackmailed’ by Hackers in Cyber-AttackLastPass Warns of Fake Support Centers Trying to Steal Customer DataAn Okta Login Bug Bypassed Checking Passwords on Some Long UsernamesMicrosoft SharePoint RCE Bug Exploited to Breach Corporate NetworkZero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to AttackCISA Warns of Critical Software Vulnerabilities in Industrial DevicesMicrosoft Delays Windows Copilot+ Recall Release Over Privacy ConcernsFederal Agency Investigating How Meta Uses Consumer Financial Data for Advertising
10/31/2024 October 31, 2024October 31, 2024 ~ The Cyber Beat ~ Leave a comment Pro-Russia Hackers Claim Council Cyber Attacks, Including Greater ManchesterSuspected Pro-Ukraine Cyberattack Knocks Out Parking Enforcement in Russian CityCanadian Government Data Stolen By Chinese HackersMicrosoft: Chinese Hackers Use Quad7 Botnet to Steal CredentialsInside a Firewall Vendor’s 5-Year War With the Chinese Hackers Hijacking Its DevicesThe Untold Story of Trump’s Failed Attempt to Overthrow Venezuela’s PresidentFBI: Iranian Cyber Group Targeted Summer Olympics With Attack on French Display ProviderUK Finance Firms Told to Beef up Buffers Against Crowdstrike-Like EventsMicrosoft Wants $30 if You Want to Delay Windows 11 Switch2024 Looks Set to Be Another Record-Breaking Year for Ransomware — And It’s Likely Going to Get WorseOver a Thousand Online Shops Hacked to Show Fake Product ListingsLarge Peruvian Bank Warns of Data Theft After Dark Web Post EmergesBlackburn College Still Operating Despite Cyber-AttackSt. Anthony Regional Hospital (IA) Provides Notice of Data BreachLottieFiles Supply Chain Attack Exposes Users to Malicious Crypto Wallet DrainerNew Xiu Gou Phishing Kit Targets U.S., Other Countries with MascotHackers Target Critical Zero-Day Vulnerability in PTZ CamerasLiteSpeed Cache WordPress Plugin Bug Lets Hackers Get Admin AccessqBittorrent Fixes Flaw Exposing Users to MitM Attacks for 14 YearsCybersecurity Job Market Stagnates, Dissatisfaction AboundsRussia to Ban Cryptocurrency Mining in Some Regions Due to Electricity Shortages
10/30/2024 October 31, 2024October 31, 2024 ~ The Cyber Beat ~ Leave a comment Midnight Blizzard Spearphishing Campaign Targets Thousands with RDP FilesNorth Korean Group Collaborates with Play Ransomware in Significant Cyber AttackBeijing Claims It’s Found ‘Underwater Lighthouses’ That Its Foes Use for Espionage‘We’re a Fortress Now’: The Militarization of U.S. Elections Is HereColorado Voting System Partial Passwords Accidentally Posted on Government WebsiteFBI: Upcoming U.S. General Election Fuel Multiple Fraud SchemesFired Disney Staffer Accused of Hacking Menu to Add Profanity, Wingdings, Removes Allergen InfoKrebs: Change Healthcare Breach Hits 100M Americans…UnitedHealth Hires Cybersecurity Veteran as New CISOGoogle’s AI-Fueled Gains in Cloud Bode Well for Amazon, MicrosoftCyber Vendor Netskope Plans 2025 IPOInterbank Confirms Data Breach Following Failed Extortion, Data LeakStarkweather and Shepley Insurance Brokerage (RI) Provides Notice of Recent Data BreachHackers Steal 15,000 Cloud Credentials From Exposed Git Config FilesMalware Campaign Expands Its Use of Fake CAPTCHAsUpdated FakeCall Malware Targets Mobile Devices with VishingMalvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer MalwareResearchers Uncover Python Package Targeting Crypto Wallets with Malicious CodeOpera Browser Fixes Big Security Hole That Could Have Exposed Your InformationApple Rolls Out Major Security Update to Patch macOS and iOS VulnerabilitiesQNAP Patches Second Zero-Day Exploited at Pwn2Own to Get RootWhen Cybersecurity Tools Backfire
10/29/2024 October 29, 2024October 29, 2024 ~ The Cyber Beat ~ Leave a comment Trump Family Members and Biden Aides Among China Hack TargetsMerde! Macron’s Bodyguards Reveal His Location by Sharing Strava DataRussia and China-Linked State Hackers Intensify Attacks on Netherlands, Security Officials WarnSuspicious Social Media Accounts Deployed Ahead of COP29Five Eyes Agencies Launch Startup Security InitiativeSix Senators Tell Biden Administration UN Cybercrime Treaty Must Be ChangedNIS2 Compliance Puts Strain on Business BudgetsTSA Silent on CrowdStrike’s Claim Delta Skipped Required Security UpdateMoneyGram Replaces CEO Weeks After Massive Customer Data BreachRussian Charged by U.S. For Creating RedLine Infostealer MalwareThe Center for Urban Community Services (NY) Notifies 38,000 People of Recent Data BreachChenlun’s Evolving Phishing Tactics Target Trusted BrandsNew LightSpy Spyware Targets iOS with Enhanced CapabilitiesMassive PSAUX Ransomware Attack Targets 22,000 CyberPanel InstancesNew Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel ProcessorsResearchers Uncover Vulnerabilities in Open-Source AI and ML ModelsNew Windows Themes Zero-Day Gets Free, Unofficial PatchesQNAP Fixes NAS Backup Software Zero-Day Exploited at Pwn2OwnHow to Find the Right CISORussia Says It Might Build Its Own Linux Community After Removal of Several Kernel Maintainers
10/28/2024 October 28, 2024October 28, 2024 ~ The Cyber Beat ~ Leave a comment Chinese Hackers Said to Have Collected Audio of American Calls…Including Trump AdvisorCybercriminals Pose a Greater Threat of Disruptive U.S. Election Hacks Than Russia or ChinaEvasive Panda’s CloudScout Toolset Targets TaiwanRussian Malware Campaign Targets Ukrainian Recruits Via TelegramJapanese Man Sentenced to 3 Years After Creating Crypto Ransomware With AIRedline, Meta Infostealer Malware Operations Seized by PoliceJPMorgan Chase Sues Scammers Following Viral ‘Infinite Money Glitch’Delta, CrowdStrike Sue Each Other Over Widespread IT Outage That Caused Thousands of CancellationsSinclair Sues Cyber Insurers Over 2021 HackCybersecurity Firm Rapid7 Fields Buyout Interest, Sources SayCyber Firm Armis Security Raises $200 Million at $4.3 Billion ValuationItalian Politicians Express Alarm at Latest Data Breach Allegedly Affecting 800,000 CitizensFree, France’s Second Largest ISP, Confirms Data Breach After LeakTEAM Software (NE) Confirms July 2024 Data Breach Impacting Thousands of SSNsWichita County (TX) Says 47,000 Had SSNs, Medical Treatment Info Leaked During May CyberattackOver 6,500 Patients Affected by Parkland Health in Dallas Possible Data BreachCybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login CredentialsNew Type of Job Scam Targets Financially Vulnerable PopulationsAI-Powered BEC Scams Zero in on ManufacturersBeaverTail Malware Resurfaces in Malicious npm Packages Targeting DevelopersNew Tool Bypasses Google Chrome’s New Cookie Encryption SystemMozilla: ChatGPT Can Be Manipulated Using Hex CodePut End-of-Life Software to Rest
10/25-27/2024 October 27, 2024October 27, 2024 ~ The Cyber Beat ~ Leave a comment Chinese Hackers Are Said to Have Targeted Phones Used by Trump and Vance…Harris Campaign Too…U.S. Panel to Probe Cyber Failures in Massive ‘Salt Typhoon’ Chinese Hack of TelecomsKremlin-Linked APT29 Hackers Target Ukraine’s State, Military Agencies in New Espionage CampaignUkraine Warns of Mass Phishing Campaign Targeting Citizens DataSenator Accuses Sloppy Domain Registrars of Aiding Russian Disinfo CampaignsLinux Creator Approves De-Listing of Several Kernel Maintainers Associated With RussiaClaude AI Gets Bored During Coding Demonstration, Starts Perusing Photos of National Parks InsteadReuters Exposé of Hack-For-Hire World Is Back Online After Indian Court RulingDelta Sues CrowdStrike Over Software Update That Prompted Mass Flight DisruptionsAmazon Seizes Domains Used in Rogue Remote Desktop Campaign to Steal DataFour REvil Ransomware Members Sentenced in Rare Russian Cybercrime ConvictionsHenry Schein Discloses Data Breach a Year After Ransomware AttackRansomHub Gang Allegedly Behind Attack on Mexican Airport OperatorChimienti & Associates (CA) Experiences Data Breach Following Compromised Email AccountCommunity Dental (ME) Files Official Notice of Data Breach After Cyberattack Exposed Patients’ Sensitive InfoBlack Basta Ransomware Poses as IT Support on Microsoft Teams to Breach NetworksNotorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto MiningFog Ransomware Targets SonicWall VPNs to Breach Corporate NetworksResearchers Discover Command Injection Flaw in Wi-Fi Alliance’s Test SuiteNew Windows Driver Signature Bypass Allows Kernel Rootkit InstallsNew Cisco ASA and FTD Features Block VPN Brute-Force Password AttacksQNAP, Synology, Lexmark Devices Hacked on Pwn2Own Day 3…Over 70 Zero-Day Flaws Get Hackers $1 Million at Pwn2Own Ireland
10/24/2024 October 24, 2024October 24, 2024 ~ The Cyber Beat ~ Leave a comment White House Issues AI National Security MemoCybersecurity Teams Largely Ignored in AI Policy DevelopmentVoice-Enabled AI Agents Can Automate Everything, Even Your Phone ScamsApple Will Pay Security Researchers up to $1 Million to Hack Its Private AI CloudMeet ZachXBT, the Masked Vigilante Tracking down Billions in Crypto Scams and TheftsCourts Side With Auto Suppliers in Clash With Carmakers Over Vehicle Data AccessIreland Fines LinkedIn €310 Million Over Targeted AdvertisingCFPB Warns Industry Against ‘Deeply Invasive’ Workplace Digital SurveillanceUnitedHealth Says Change Healthcare Hack Affects Over 100 Million, the Largest Ever U.S. Healthcare Data Breach…How the Ransomware Attack at Change Healthcare Went Down: A TimelineInsurance Admin Landmark Says Data Breach Impacts 800,000 PeopleNew Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion TacticsMandiant Says New Fortinet Flaw Has Been Exploited Since JuneCisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active AttackSamsung Galaxy S24 and Sonos Era Hacked on Pwn2Own Ireland Day 2Why Cybersecurity Acumen Matters in the C-Suite
10/23/2024 October 24, 2024October 24, 2024 ~ The Cyber Beat ~ Leave a comment Microsoft Warns Foreign Disinformation Is Hitting the U.S. Election From All DirectionsGeorgia Election Official Says Battleground State Fended off Cyberattack Likely From a Foreign CountryFormer British PM Cameron Calls for Tech Engagement with China Despite Cyber ThreatsU.S. Energy Sector Vulnerable to Supply Chain AttacksU.S. Government Pledges to Cyber Threat Sharing Via TLP ProtocolGoogle to Let Businesses Create Curated Chrome Web Stores for ExtensionsWhatsApp Now Encrypts Contact Databases for Privacy-Preserving SynchingKrebs: The Global Surveillance Free-for-All in Mobile Ad DataUK Government Weighs Review of Computer Misuse Act to Combat CybercrimeUK Court Says Dissident Can Sue the Saudi Government for Targeting Him With SpywareNigeria Drops Charges Against Tigran Gambaryan, Jailed Binance Exec and Former IRS AgentRussia Says ‘Unprecedented’ Cyber Attack Hits Foreign Ministry Amid BRICS SummitRhysida Ransomware Group Targets Prominent Nonprofit for Disabled People EastersealsData Breach at Autobell Car Wash Impacts 52,714 IndividualsEmbargo Ransomware Gang Deploys Customized Defense Evasion ToolsNew Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade DetectionRansomware Gangs Use LockBit’s Fame to Intimidate Victims in Latest AttacksResearchers Reveal ‘Deceptive Delight’ Method to Jailbreak AI ModelsLazarus Hackers Used Fake DeFi Game to Exploit Google Chrome Zero-DayCISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)Fortinet Warns of New Critical FortiManager Flaw Used in Zero-Day AttacksHackers Exploit 52 Zero-Days on the First Day of Pwn2Own Ireland
10/22/2024 October 22, 2024October 22, 2024 ~ The Cyber Beat ~ Leave a comment TSMC Blows Whistle on Potential Sanctions-Busting Shenanigans From HuaweiPrigozhin Links, Kremlin Funding Put Another Russian Media Company on U.S. ListForeign Influence Operations Will Expand Before Election and Linger Afterward, U.S. Agencies SayExposed United Nations Database Left Sensitive Information Accessible Online75% of US Senate Campaign Websites Fail to Implement DMARCThe Shitposting Cartoon Dogs Sending Trucks, Drones, and Weapons to Ukraine’s Front LinesSenators Seek Biden Administration Review of Undersea Cable VulnerabilitiesLLMjacking and Open-Source Tool Abuse Surge in 2024 Cloud AttacksAWS, Azure Auth Keys Found in Android and iOS Apps Used by MillionsMeta Brings Back Face Scanning to Combat Scams and Account HackingThink Tanks Urge Action to Curb Misuse of Spyware and Hack-for-HireSEC Charges Tech Firms Over Misleading SolarWinds Hack DisclosuresCISA Proposes New Security Requirements to Protect Gov’t, Personal DataGophish Framework Used in Phishing Campaigns to Deploy Remote Access TrojansBumblebee and Latrodectus Malware Return with Sophisticated Phishing StrategiesAkira Ransomware Is Encrypting Victims Again Following Pure Extortion FlingMalicious npm Packages Target Developers’ Ethereum Wallets with SSH BackdoorCybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining AttacksZendesk Helped Internet Archive Secure Account After Hacker Breached Email SystemSchreck Financial Group (KS) Experiences Email-Related Data BreachExploit Released for New Windows Server “WinReg” NTLM Relay AttackFortiGate Admins Report Active Exploitation 0-Day. Vendor Isn’t Talking.Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote AttackersCISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day AttackVMware Releases vCenter Server Update to Fix Critical RCE VulnerabilityThe Struggle for Software Liability: Inside a ‘Very, Very, Very Hard Problem’
10/21/2024 October 21, 2024October 21, 2024 ~ The Cyber Beat ~ Leave a comment Hezbollah Cyberattack Targets Haifa Hospitals After Beirut Hospital BombingCyprus’ Critical Infrastructure Targeted by Coordinated Cyberattacks Linked to Pro-Palestine Groups‘Unprecedented’ Interference Targets Moldova’s ElectionsChina’s Spamouflage Disinformation Campaign Testing Techniques on Sen. Marco RubioChinese Nation-State Hackers APT41 Hit Gambling Sector for Financial GainU.S. Government Says Relying on Chinese Lithium Batteries Is Too RiskyBiden Administration Proposes New Rules Governing Data Transfers to Adversarial NationsICE’s $2 Million Contract With a Spyware Vendor Is Under White House ReviewSophos Buys Secureworks for $859 Mln to Beef up Cybersecurity PortfolioJapanese Watchmaker Casio Warns of Delivery Delays After Ransomware AttackCrypto Payment Services Firm Transak Says More Than 92,000 Affected by Data BreachSpate of Ransomware Attacks on German-Speaking Schools Hits Another in SwitzerlandNetskope Reports Possible Bumblebee Loader ResurgenceOver 6,000 WordPress Hacked to Install Plugins Pushing InfostealersResearchers Discover Severe Security Flaws in Major E2EE Cloud Storage ProvidersHalf of Organizations Have Unmanaged Long-Lived Cloud CredentialsThe Billionaire Behind Trump’s ‘Unhackable’ Phone Is on a Mission to Fight Tesla’s FSDAustralia’s Privacy Watchdog Publishes Guidance on Commercial AI Products
10/18-20/2024 October 20, 2024October 20, 2024 ~ The Cyber Beat ~ Leave a comment ESET Partner Breached to Send Data Wipers to Israeli OrgsNorth Korean IT Workers in Western Firms Now Demanding Ransom for Stolen DataThe Disinformation Warning Coming From the Edge of EuropeU.S. Cybersecurity Chief Says Election Systems Have ‘Never Been More Secure’What the U.S. Army’s 1959 ‘Soldier of Tomorrow’ Got Right About the Future of WarfareGoogle Scholar Has a ‘Verified Email’ for Sir Isaac NewtonMicrosoft Creates Fake Azure Tenants to Pull Phishers Into HoneypotsThe Government Is Getting Fed up With Ransomware Payments Fueling Endless Cycle of CyberattacksKrebs: Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard BreachTech CEO Charged With Fraud Over Security, Reliability ClaimsAfter Rejecting Google Takeover, Cyber Firm Wiz Says It Will IPO ‘When the Stars Align’Instagram Rolls Out New Sextortion Protection MeasuresEurope Launches ‘Gait Recognition’ Pilot Program to Monitor Border CrossingsTech Giant Nidec Confirms Data Breach Following Ransomware AttackCisco Takes DevHub Portal Offline After Hacker Publishes Stolen DataCrypto Platform Radiant Capital Says $50 Million in Digital Coins Stolen Following Account CompromisesThe Internet Archive Hackers Still Have Access to Its Internal Emailing ToolsBoston Children’s Health Physicians Confirms September Data BreachCrypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware AttacksHackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login CredentialsCISA Confirms Veeam Vulnerability Is Being Used in Ransomware AttacksIntel, AMD CPUs on Linux Impacted by Newly Disclosed Spectre BypassmacOS Vulnerability Could Expose User Data, Microsoft WarnsJetpack Fixes 8-Year-Old Flaw Affecting Millions of WordPress SitesOpen Source LLM Tool Primed to Sniff out Python Zero-DaysCISOs: Throwing Cash at Tools Isn’t Helping Detect Breaches
10/17/2024 October 18, 2024October 20, 2024 ~ The Cyber Beat ~ Leave a comment Hamas Leader Yahya Sinwar Killed in Gaza, Israeli Military SaysIntel China Responds to Accusations of Security Issues From Chinese Cyber AssociationUndercover North Korean IT Workers Now Steal Data, Extort EmployersTwo-thirds of Attributable Malware Linked to Nation StatesGPS Jamming Is Screwing With Norwegian PlanesThis Prompt Can Make an AI Chatbot Identify and Extract Personal Details From Your ChatsActivision Says It’s Fixed an Anti-cheat Hack in Modern Warfare III and Call of Duty: WarzoneUncle Sam Puts $10M Bounty on Russian Troll Farm RybarMore Than 5,000 Arrested, Thousands of Websites Disrupted in Crackdown on Illegal Gambling During Euro TournamentFBI Arrests Alabama Man Suspected of Hacking SEC’s X AccountKrebs: Sudanese Brothers Arrested in ‘AnonSudan’ TakedownUkraine Tracks Emailed Bomb Threats to Russia-Linked GroupA Tough New EU Cyber Law Is off to a Messy Start, With Many Countries Failing to Adopt the RulesKroger’s Facial Recognition Plans Draw Increasing Concern From LawmakersJapan’s Ruling Political Party Hit by Cyberattack From Alleged Pro-Russian HackersIndependent Russian News Site Rides Out a Week of DDoS IncidentsMicrosoft Warns It Lost Some Customer’s Security Logs for a MonthTroubled U.S. Insurance Giant Globe Life Hit by Extortion After Data LeakCasio Says ‘No Prospect of Recovery Yet’ After Ransomware AttackInternet Archive Slowly Revives After DDoS BarrageBianLian Ransomware Claims Attack on Boston Children’s Health PhysiciansGeorgetown University Says Group of Students Accessed Sensitive, Academic InformationRussian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT VariantFake Google Meet Conference Errors Push Infostealing MalwareCicada3301 Ransomware Targets Critical Sectors in US and UKRansomHub Overtakes LockBit as Most Prolific Ransomware GroupWeChat Devs Introduced Security Flaws When They Modded TLS, Say ResearchersCISA Seeks Feedback on Upcoming Product Security Flaws GuidanceWhat Cybersecurity Leaders Can Learn From the Game of Golf
10/16/2024 October 17, 2024October 17, 2024 ~ The Cyber Beat ~ Leave a comment China’s New Focus in U.S. Elections Interference Is Not Harris-Trump Presidential RaceChinese Cyber Association Calls for Review of Intel Products Sold in ChinaChina Says Unidentified Foreign Company Conducted Illegal Mapping ServicesFirm Hacked After Accidentally Hiring North Korean Cyber CriminalIranian Hackers Act as Brokers Selling Critical Infrastructure AccessMystery Drones Swarmed a U.S. Military Base for 17 Days. The Pentagon Is Stumped.Hacker Charged With Seeking to Kill Using Cyberattacks on HospitalsUSDoD Hacker Behind National Public Data Breach Arrested in BrazilRussia’s Case Against REvil Hackers Proceeds as Government Recommends 6.5-Year SentenceFor Some Companies, the Real Cost of a Cyberattack Is Telling Everyone About ItFinancial Firms Need to Focus on Cyber Risks Posed by AI, New York Regulator SaysEU AI Act Checker Reveals Big Tech’s Compliance PitfallsEthical Hackers Embrace AI Tools Amid Rising Cyber ThreatsUK Government Launches AI Safety Scheme to Tackle DeepfakesExperts Play Down Significance of Chinese Quantum “Hack”BlackBerry Exploring Options for Cylance BusinessMore Than Two Dozen Countries Have Used Internet Outages to Sway ElectionsVolkswagen Monitoring Data Dump Threat From 8Base Ransomware CrewBillboards Reportedly Hacked, Displayed Antisemitic Messages in Chicago SuburbTexas Tech Health Network Cyber Attack Disrupts Patient Care in El PasoHackers Target Ukraine’s Potential Conscripts With MeduzaStealer MalwareNorth Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT MalwareSidewinder Casts Wide Geographic Net in Latest Attack SpreeAstaroth Banking Malware Resurfaces in Brazil via Spear-Phishing AttackCISA Warns of Active Exploitation in SolarWinds Help Desk Software VulnerabilityCritical Default Credential Bug in Kubernetes Image Builder Allows SSH Root AccessGitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance AccessGoogle: 70% of Exploited Flaws Disclosed in 2023 Were Zero-DaysCISA Urges Improvements in U.S. Software Supply Chain TransparencyFIDO Alliance Drafts New Protocol to Simplify Passkey Transfers Across Different PlatformsAmazon Says 175 Million Customers Now Use Passkeys to Log In
10/15/2024 October 15, 2024October 15, 2024 ~ The Cyber Beat ~ Leave a comment Microsoft: Nation-States Team Up with Cybercriminals for AttacksChina Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking CampaignsBritish Intelligence Services to Protect All UK Schools From Ransomware AttacksNearly 400 U.S. Healthcare Institutions Hit with Ransomware Over Last Year, Microsoft SaysPassword Manager Makers Want to Let You Securely Transfer PasskeysMillions of People Are Using Abusive AI ‘Nudify’ Bots on TelegramThis AI Tool Helped Convict People of Murder. Then Someone Took a Closer LookAI Amplifies Systemic Risk to Financial Sector, Says India’s Reserve Bank BossGmail Users, Beware of New AI Scam That Looks Very AuthenticThis Influencer Was Scammed Out of Thousands in Crypto — And Has a Tip to Help You Avoid FraudHong Kong Police Bust Fraud Ring That Used Face-Swapping Tech for Romance ScamsFinland Seizes Servers of ‘Sipultie’ Dark Web Drugs MarketDarknet Activity Increases Ahead of 2024 Presidential VoteCisco Investigates Breach After Stolen Data for Sale on Hacking ForumCalgary Public Library Forced to Limit Services After CyberattackGryphon Healthcare (TX) Admits up to 400,000 People’s Personal Info Was SnatchedVarsity Brands (TX) Notifies 65,669 of May 2024 Data BreachEDRSilencer Red Team Tool Used in Attacks to Bypass SecurityCerberus Android Banking Trojan Deployed in New Multi-Stage Malicious CampaignNew Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RATNew Linux Variant of FASTCash Malware Targets Payment Switches in ATM HeistsEight Million Users Install 200+ Malicious Apps from Google PlayResearchers Uncover Hijack Loader Malware Using Stolen Code-Signing CertificatesWordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million SitesThe Cybersecurity Burnout Crisis Is Reaching The Breaking PointLLMs Are a New Type of Insider Adversary
10/14/2024 October 14, 2024October 14, 2024 ~ The Cyber Beat ~ Leave a comment Microsoft: Schools Grapple With Thousands of Cyberattacks WeeklyNation-State Attackers Exploiting Ivanti CSA Flaws for Network InfiltrationU.S. DoD Tightens Cybersecurity Standards for Defense ContractorsThe War on Passwords Is One Step Closer to Being OverCrypto-Apocalypse Soon? Chinese Researchers Find a Potential Quantum Attack on Classical EncryptionThe Biggest Data Breaches in 2024: 1 Billion Stolen Records and RisingConfusedPilot Attack Can Manipulate RAG-Based AI SystemsJetpack Fixes Critical Information Disclosure Flaw Existing Since 2016Intesa Under Investigation After Former Employee Spied on Account DataThe Internet Archive Is Back as a Read-Only Service After CyberattacksPokemon Dev Game Freak Confirms Breach After Stolen Data Leaks OnlinemiCare Health Center (MT) Sends Data Breach Letters Following Compromised Email AccountsTelekopye Scammers Target Booking.com and Airbnb UsersTrickMo Malware Steals Android PINs Using Fake Lock ScreenRecently-Patched Firefox Bug Exploited Against Tor Browser Users
10/11-13/2024 October 14, 2024October 14, 2024 ~ The Cyber Beat ~ Leave a comment Russian Court Websites Down After Breach Claimed by Pro-Ukraine HackersU.S. Lawmakers Seek Answers From Telecoms on Chinese Hacking ReportPhilippines Calls for Urgency From China, ASEAN in Negotiating South China Sea CodeTrump Campaign Turns to Secure Hardware After Hacking IncidentGroup With Close Ties to Trump Transition Says It Was Targeted in Cyber AttackHackers Took Over Robovacs to Chase Pets and Yell SlursThe FBI Made a Crypto Coin Just to Catch Fraudsters‘Email Scam’ Was Training Exercise, Says RegulatorWhat Internet Data Brokers Have On You — And How You Can Start to Get It BackHow to Stop Your Data From Being Used to Train AIOpenAI Confirms Threat Actors Use ChatGPT to Write MalwareU.S. Border Agency Under Fire for App’s Handling of Personal DataNational Public Data Files for Bankruptcy, Citing Fallout From CyberattackItaly’s Intesa Sanpaolo Apologises for Security Breach Involving PM MeloniCyberattack Targets Healthcare Nonprofit Overseeing 13 Colorado FacilitiesHuge Game Freak Hack Leaks Next Pokémon GameThe Internet Archive Is Still Down but Will Return in ‘Days, Not Weeks’Casio Confirms Customer Data Stolen in a Ransomware AttackOmni Family Health (CA) Breach Affects Personal Info of Current and Former PatientsOilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and GulfINC Ransomware Rebrands to Lynx – Same Code, New Name, Still up to No GoodGitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing AttacksCISA: Hackers Abuse F5 BIG-IP Cookies to Map Internal ServersGoogle Warns uBlock Origin and Other Extensions May Be Disabled SoonMicrosoft Deprecates PPTP and L2TP VPN Protocols in Windows Server
10/10/2024 October 11, 2024October 11, 2024 ~ The Cyber Beat ~ Leave a comment U.S., UK Warn of Russian APT29 Hackers Targeting Zimbra, TeamCity ServersNSA Cyber Chief: Espionage Is Now Russia’s Focus for Cyberattacks on UkraineUkraine Arrests Rogue VPN Operator Providing Access to RunetRussian Cyber Firm Dr.Web Denies Data Leak by Pro-Ukraine Hackers‘Q Day’ Is Coming. It’s Time to Worry About Quantum Security.Meet the Team Paid to Break Into Top-Secret BasesOpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and DisinformationFormer RAC Employees Get Suspended Sentence for Data TheftNew Law in Australia Will Require Mandatory Reporting of Ransomware PaymentsOver 10m Conversations Exposed in AI Call Center HackFore-Get About Privacy, Golf Tech Biz Trackman Leaves 32M Data Records on the FairwayCrooks Stole Personal Info of 77K Fidelity Investments CustomersShoe Show (NC) Data Breach Affects an Estimated 12,856 IndividualsUnderground Ransomware Claims Attack on Casio, Leaks Stolen DataCybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce PlatformsAkira and Fog Ransomware Now Exploit Critical Veeam RCE FlawResearchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol LibrariesGitLab Warns of Critical Arbitrary Branch Pipeline Execution Flaw
10/9/2024 October 9, 2024October 9, 2024 ~ The Cyber Beat ~ Leave a comment National Cyber Director Warns of Ransomware, Chinese Infrastructure Attacks and Cyber Supply Chain ConcernsFTC, CISA Warn of Hurricane-Related Scams as Milton Nears FloridaRecent Dr.Web Cyberattack Claimed by Pro-Ukrainian HacktivistsRussia and Turkey Ban Discord Messaging AppFormer Uber Security Chief Appeals Conviction in ‘Bug-Bounty’ CaseKrebs: Lamborghini Carjackers Lured by $243M Cyberheist69,000 Bitcoins Are Headed for the U.S. TreasuryMexico Faces Over Half of Latin American Cybercrimes Due Largely to U.S. TiesAustralia Introduces First Standalone Cybersecurity LawNew EU ‘Appeals Centre Europe’ to Centralize Complaints Against Facebook, TikTok, YouTubeApple’s iPhone Mirroring Flaw Exposes Employee Privacy RisksSmart TVs Are Spying on EveryoneMarriott Settles for a Piddly $52M After Series of Breaches Affecting MillionsDutch Police Arrest Admin of ‘Bohemia/Cannabia’ Dark Web MarketUkraine Sentences Two Hackers From Russia-Linked Armageddon GroupThe Internet Archive Is Under Attack, With a Breach Revealing Information for 31 Million AccountsCalifornia Superior Court Claimed to Be Attacked by Meow RansomwareCrypto-Stealing Malware Campaign Infects 28,000 PeopleNew BeaverTail Malware Targets Job Seekers via Fake RecruitersN. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform MalwareNew Generation of Malicious QR Codes Uncovered by ResearchersHackers Hide Remcos RAT in GitHub Repository CommentsSiemens Device PIN Susceptible to Remote Brute-Force in Older ModelMozilla Fixes Firefox Zero-Day Actively Exploited in AttacksCISA Says Critical Fortinet RCE Flaw Now Exploited in AttacksPalo Alto Networks Warns of Firewall Hijack Bugs With Public ExploitKrebs: Patch Tuesday, October 2024 EditionGoogle Joins Forces with GASA and DNS RF to Tackle Online Scams at ScaleCloud, AI Talent Gaps Plague Cybersecurity Teams
10/8/2024 October 8, 2024October 8, 2024 ~ The Cyber Beat ~ Leave a comment U.S. Warns of Foreign Interference in Congressional Races Ahead of Election…U.S. Expecting Foreign Actors to Question Validity of ElectionEU Condemns Russia After Detecting ‘Increasing Number’ of Hybrid ActivitiesUkraine’s Defense Ministry Launches Military CERT to Counter Russian Cyberattacks31 New Ransomware Groups Join the Ecosystem in 12 MonthsNew Mamba 2FA Bypass Service Targets Microsoft 365 AccountsWhat Google’s U-Turn on Third-Party Cookies Means for Chrome PrivacyCyber Providers See Strong Demand, but Few Feel Confident Enough to ListCould You Switch Careers Into Cyber-Security?The Perils of Ignoring Cybersecurity BasicsCyberattack Group ‘Awaken Likho’ Targets Russian Government with Advanced ToolsHome Security Firm ADT Inc Reports Unauthorized Activity on Its NetworkMoneyGram Confirms Hackers Stole Customer Data in CyberattackCasio Reports IT Systems Failure After Weekend Network BreachVermilion Parish Schools (LA) Investigating Cyber AttackAccounting Firm Dohman, Akerlund & Eddy (NE) Files Notice of Recent Data BreachGamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script EnginesNew Scanner Finds Linux, UNIX Servers Exposed to CUPS RCE AttacksZero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively ExploitedMicrosoft October 2024 Patch Tuesday Fixes 5 Zero-Days, 118 Flaws
10/7/2024 October 7, 2024October 7, 2024 ~ The Cyber Beat ~ Leave a comment Advanced Threat Group GoldenJackal Exploits Air-Gapped SystemsVulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion AnnuallyBoard-CISO Mismatch on Cyber Responsibility, NCSC Research FindsGet Safe Online Launches New Scam DetectorUkrainian Pleads Guilty to Operating Raccoon Stealer MalwareTelegram App Hosts ‘Underground Markets’ for Southeast Asian Crime Gangs, UN SaysCops Love Facial Recognition, and Withholding Info on Its Use From the CourtsEU Court Limits Meta’s Use of Personal Facebook Data for Targeted AdsUN Cybercrime Treaty Lead Negotiator: U.S. Will Suffer if It Doesn’t Vote YesHacker Attack Disrupts Russian State Media on Putin’s BirthdayAmerican Water Shuts Down Online Services After CyberattackUniversal Music Group Admits Data BreachWestern & Southern Life Files Notice of Data BreachNew Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 CountriesRecently Spotted Trinity Ransomware Spurs Federal Warning to Healthcare IndustryGoogle Blocks Unsafe Android App Sideloading in India for Improved Fraud ProtectionCritical Apache Avro SDK Flaw Allows Remote Code Execution in Java ApplicationsQualcomm Patches High-Severity Zero-Day Exploited in AttacksCybersecurity Is Serious — But It Doesn’t Have to Be Boring
10/4-6/2024 October 6, 2024 ~ The Cyber Beat ~ Leave a comment U.S. Wiretap Systems Targeted in China-Linked HackHospitals at Risk for Cyber AttacksHotels and Travel Firms Battle AI Phone ScamsTech Platforms Urged to Tackle Hamas’ and Hezbollah’s Online PropagandaThis Teenage Hacker Became a Legend Attacking Companies. Then His Rivals Attacked Him.Ryanair Faces GDPR Turbulence Over Customer ID ChecksHarvard Duo Hacks Meta Ray-Bans to Dox Strangers on Sight in SecondsHow Confidence Between Teams Impacts Cyber Incident OutcomesGoogle Removes Kaspersky’s Antivirus Software From Play StoreRussia Arrests U.S.-Sanctioned Cryptex Founder, 95 Other Linked SuspectsIndiana Man Pleads Guilty to Stealing $37 Million in Crypto From 571 VictimsWhite House Official Says Insurance Companies Must Stop Funding Ransomware PaymentsCriminals Are Testing Their Ransomware Campaigns in AfricaLego’s Website Was Hacked to Promote a Crypto ScamAbout a Quarter Million Comcast Subscribers Had Their Data Stolen From Debt Collector…Comcast and Truist Bank Customers Caught up in FBCS Data BreachWard Transport Sends Data Breach Letters Following “Data Security Incident”Outlast Game Development Delayed After Red Barrels CyberattackHighline Public Schools Confirms Ransomware Behind ShutdownMoneyGram: No Evidence Ransomware Is Behind Recent CyberattackNew MedusaLocker Ransomware Variant Deployed by Threat ActorRecently Patched CUPS Flaw Can be Used to Amplify DDoS AttacksApple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password VulnerabilityA New Android Feature Locks Your Screen if Your Phone Is StolenGoogle Is Testing Verified Checkmarks in SearchGoogle Pay Alarms Users With Accidental ‘New Card’ Added Emails
10/3/2024 October 3, 2024October 3, 2024 ~ The Cyber Beat ~ Leave a comment Microsoft and U.S. Government Disrupt Russian Star Blizzard OperationsNorth Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber AttacksTikTok More Dangerous to Ukraine Than Telegram for Propaganda, Say Local Disinformation ExpertsUnable to Penetrate Systems, Hackers Spread Lies About VulnerabilitiesCrypto-Doubling Scams Surge Following Presidential DebateLicense Plate Readers Are Creating a U.S.-Wide Database of More Than Just CarsWhat Is the Market Impact of the SEC’s Cyber Disclosure Rules? Not Much.Cybersecurity Spending on the Rise, But Security Leaders Still Feel VulnerableAverage North American CISO Pay Now $565K, Mainly Thanks to One Weird TrickBrits Hate How Big Tech Handles Their Data, but Can’t Be Bothered to Do Much About ItFraudsters Imprisoned for Scamming Apple Out of 6,000 iPhones23andMe is On the Brink. What Happens to All Its DNA Data?Dutch Police: ‘State Actor’ Likely Behind Recent Data BreachDetroit-Area Government Services Impacted by CyberattackFind Great People (SC) Data Breach Affects Personal Information of 12,205 IndividualsNew Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and ProxyjackingCloudflare Blocks Largest Recorded DDoS Attack Peaking at 3.8TbpsKrebs: A Single Cloud Compromise Can Feed an Army of AI Sex BotsThe Secret Weakness Execs Are Overlooking: Non-Human IdentitiesEmail Phishing Attacks Surge as Attackers Bypass Security Controls‘Pig Butchering’ Trading Apps Found on Google Play, App StoreLitespeed Cache Plugin Flaw Allows XSS Attack, Update NowGoogle Adds New Pixel Security Features to Block 2G Exploits and Baseband AttacksAs Ransomware Attacks Surge, UK Privacy Regulator Investigating Fewer Incidents Than EverNorthern Ireland Police Fined for Data Breach Exposing Secret Identities of Officers
10/2/2024 October 2, 2024October 3, 2024 ~ The Cyber Beat ~ Leave a comment Cybersecurity Head Says There’s No Chance a Foreign Adversary Can Change U.S. Election Results, Not Even RussiaChina-Linked CeranaKeeper Targeting Southeast Asia with Data ExfiltrationLazarus: Andariel Hacking Group Shifts Focus to Financial Attacks on U.S. OrganizationsHow North Korea Infiltrated the Crypto IndustryUK’s Nuclear Waste Unit Sellafield Fined for Cybersecurity FailingsThe Feds Still Can’t Get into Eric Adams’ PhoneFCC Is Offering $200 Million to Protect Schools and Libraries From HackersPay Rises for Cyber Chiefs as Hacks, Regulatory Pressure IncreaseShare of Women in UK Cyber Roles Now Just 17%Meta Teams Up with Banks to Target FraudstersTelegram Has Disclosed Criminal Data to Authorities for Years, Durov SaysFIN7 Hackers Launch Deepfake Nude “Generator” Sites to Spread MalwareFake Browser Updates Spread Updated WarmCookie MalwareInternational Police Dismantle Cybercrime Group in West AfricaTIAA Latest Big Firm to Report Data Breach and HackEmpereon Constar Announces Data Breach Following Incident at Partner CompanyHackers Pose as British Postal Carrier to Deliver Prince Ransomware in Destructive CampaignFake Job Applications Deliver Dangerous More_eggs Malware to HR ProfessionalsPyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User DataFake Trading Apps Target Victims Globally via Apple App Store and Google PlayAlert: Adobe Commerce and Magento Stores Under Attack from CosmicSting ExploitCritical Ivanti RCE Flaw With Public Exploit Now Used in AttacksResearchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal FlawAlert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New VulnerabilitiesExperts Warn of DDoS Attacks Using Linux Printing VulnerabilityTwo Simple Give-Me-Control Security Bugs Found in Optigo Network Switches Used in Critical Manufacturing
10/1/2024 October 1, 2024October 1, 2024 ~ The Cyber Beat ~ Leave a comment Iran Fires at Least 180 Missiles Into Israel as Regionwide Conflict GrowsU.S. Accuses Iran of Hacking Former Ambassador to Israel and State Dept. OfficialNotorious Evil Corp Hackers Targeted NATO Allies for Russian IntelligenceICE Signs $2 Million Contract With Spyware Maker Paragon SolutionsKrebs: Crooked Cops, Stolen Laptops & the Ghost of UGNaziEuro Cops Arrest 4 Including Suspected LockBit Dev Chilling on HolidayNCA Unmasks Man It Suspects Is Both ‘Evil Corp Kingpin’ and LockBit AffiliateBritish Hacker Charged in the U.S. For $3.75m Insider Trading SchemeCambodia Arrests Journalist Known for Exposing Cyber Scams and Human TraffickingCalifornia Passes Car Data Privacy Law to Protect Domestic Abuse SurvivorsCybersecurity Firm Proofpoint Considers Pre-IPO Funding as It Plots a Return to Public MarketsRackspace Monitoring Data Stolen in ScienceLogic Zero-Day AttackAustralian e-Tailer digiDirect Customers’ Info Allegedly Stolen and dDumped OnlineCommunity Clinic of Maui Says 123,000 Affected by May CyberattackGlobal Wafers Subsidiary, MEMC, Confirms Recent Data BreachRansomware Attack Forces UMC Health System to Divert Some PatientsThe Playstation Network Is Down in a Global OutageFree Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User CredentialsAI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image RecognitionNew Cryptojacking Attack Targets Docker API to Create Malicious Swarm BotnetArc Browser Launches Bug Bounty Program After Fixing RCE BugMicrosoft Overhauls Security for Publishing Edge Extensions
9/30/2024 September 30, 2024September 30, 2024 ~ The Cyber Beat ~ Leave a comment Watch Out for Hurricane Helene Donation ScamsUK and U.S. Warn of Growing Iranian Spear Phishing ThreatU.S. Sets New Rule That Could Spur AI Chip Shipments to the Middle EastU.S. State CISOs Struggling With Insufficient Cybersecurity Funding…Systems Used by Courts and Governments Across the U.S. Riddled With VulnerabilitiesThe Pig Butchering Invasion Has BegunU.S. Reaches $31.5 Million Settlement With T-Mobile Over Data BreachesMan Charged for Selling Forged License Keys for Network SwitchesRemote ID Verification Tech Is Often Biased, Bungling, and No Good on Its OwnMedia Giant AFP Hit by Cyberattack Impacting News Delivery ServicesCF Medical Data Breach Stems from Incident at Financial Business and Consumer SolutionsVerizon Outage Impacts 100,000 Plus Users Across U.S.Sloppy Entra ID Credentials Attract Hybrid Cloud RansomwareCritical Flaws in Tank Gauge Systems Expose Gas Stations to Remote AttacksCritical RCE Vulnerabilities Found in Common Unix Printing SystemMicrosoft Defender Adds Detection of Unsecure Wi-Fi NetworksJPCERT Shares Windows Event Log Tips to Detect Ransomware AttacksHere’s What to Expect From the Counter Ransomware Initiative Meeting This Week
9/27-29/2024 September 29, 2024September 29, 2024 ~ The Cyber Beat ~ Leave a comment As Hezbollah Threat Loomed, Israel Built up Its Spy AgenciesPentagon Gives Thumbs-Down to Cyber Service Proposal in Defense BillsTesla’s Cybertruck Goes, Inevitably, to WarGovernments Urge Improved Security and Resilience for Undersea CablesWhy It’s Time to Take Warnings About Using Public Wi-Fi, in Places Like Airports, SeriouslyWatch: Can BBC Reporter’s AI Clone Fool His Colleagues?How Pen and Paper Comes to the Rescue in an IT CrisisThe U.S. Government Wants to Cut out Some of Its Weirdest Password RulesIrish Data Protection Commission Fines Meta $102 Million for Storing Passwords in Plain TextUK National Hacked Public Companies for Stock Trading Intel, DOJ SaysAll Dutch Police Officers’ Contact Details Stolen in CyberattackRichmond Community Schools (IN) Suffers Ransomware AttackRansomware Attack Continues at UMC Hospital in Lubbock (TX)Amgen (CA) Announces Third-party Data Breach from Incident at Sirva RelocationMicrosoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware AttacksNew HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking UsersProgress Urges Admins to Patch Critical Whatsup Gold Bugs ASAPMicrosoft: Windows Recall Now Can Be Removed, Is More SecureHow Should CISOs Navigate the SEC Cybersecurity and Disclosure Rules?Red Team Hacker on How She ‘Breaks Into Buildings and Pretends to Be the Bad Guy’
9/26/2024 September 26, 2024September 26, 2024 ~ The Cyber Beat ~ Leave a comment Hurricane Helene Prompts CISA Fraud WarningRussia-Backed Gamaredon Still ‘Most Engaged’ Hacker Group in UkraineN. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted AttacksCloudflare Warns of India-Linked Hackers Targeting South and East Asian EntitiesWatering Hole Attack on Kurdish Sites Distributing Malicious APKs and SpywareIsraeli Military Chief Says Troops Are Preparing for Ground War in Lebanon…Amid Air Strikes and Rockets, an SMS From the EnemyFears of Weakness in Water Cybersecurity Grow After Kansas AttackIranians Indicted in Connection With Trump Campaign HackKrebs: U.S. Indicts 2 Top Russian Hackers, Sanctions CryptexYork Mayor Eric Adams Is Indicted After Years-Long Federal Corruption Investigation Into Bribery and Fraud…Told FBI He Forgot His Phone’s Passcode…Don’t Ever Hand Your Phone to the CopsOver a Third of Employees Secretly Sharing Work Info with AINIST Scraps Passwords Complexity and Mandatory Changes in New GuidelinesChicago Stops Using Controversial ShotSpotter Gunshot Detection SystemKuwait Health Ministry Restoring Systems After Cyberattack Takes Down Hospitals, Healthcare AppData Breach at MC2 Data Leaves 100 Million at Risk of Fraud58K Patients Have Health Info Possibly Exposed in Michigan Medicine BreachRoss, Anglim, Angelini & Co. (NJ) Breach Compromises an Unknown Number of Social Security NumbersCybercriminals Hack UK Rail Network Wi-Fi…Man Arrested After ‘Islamophobic’ Cyber Attack Hits London Stations Wi-FiMoneyGram Services Restored but Questions Remain About Cyber IncidentRichardson (TX) Working With FBI to Address Attempted Ransomware AttackFirst Mobile Crypto Drainer ‘WalletConnect’ Found on Google PlayMalicious Ads Hide Infostealer in League of Legends ‘Download’Automattic Blocks WP Engine’s Access to WordPress ResourcesCUPS Flaws Enable Linux Remote Code Execution, but There’s a CatchMillions of Kia Vehicles Could Be Hacked and Tracked Due to a Simple Website BugPatch Now: Critical Nvidia Bug Allows Container Escape, Complete Host TakeoverHPE Patches Three Critical Security Holes in Aruba PapiTails OS Merges With Tor Project for Better Privacy, Security