NEWS: Agosto/Setembro (29/08 - 04/09) - 35 Semana de 2021

Cyber Security and Information Security News - Daily Updates !!!

04/09

British ISPs ‘Voip Unlimited’ and ‘Voipfone’ Still Struggling With DDoS Disruption - TechNadu

Cyber Criminal Actors are Targeting the Food and Agriculture Sector with Ransomware Attacks - EIN PressWire

Hive is dangerous new ransomware threat, FBI says - FOX Business

Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack - The Hacker News

PlayStation users warned of scam risks in popular PS4 game - don't fall for this trick - Express

Ransomware attacks are rising, and cities are taking some of the biggest hits - The Philadelphia Inquirer

Ransomware Attacks on Labor Day: FBI Warns as Hackers Work when Offices Close - TechTimes

Turkey fines WhatsApp over data breach - The Jakarta Post

U.S. Cyber Command Warns of Ongoing Attacks Exploiting Atlassian Confluence Flaw - The Hacker News

03/09

Attacks against SolarWinds Serv-U SW were possible due to the lack of ASLR mitigation - Security Affairs

Babuk ransomware's full source code leaked on hacker forum - Bleeping Computer

BitConnect director pleads guilty to role in $2 billion cryptocurrency fraud - ZDNet

CISA, FBI Post Ransomware Alert Ahead of Holiday Weekend - Security Boulevard

Confessions of a ransomware negotiator: Well, somebody's got to talk to the criminals holding data hostage - The Register

Conti ransomware now hacking Exchange servers with ProxyShell exploits - Bleeping Computer

Critical Heap Buffer Overflow in Sudo Plaguing Tyco Illustra Cameras - TechNadu

Dallas Independent School District reports data breach impacting current and former students, staff - The Daily Swig

Dallas Independent School District reveals breach, but details are still missing - Data Breaches Net

Eight US States to Begin Accepting Digital Driving Licenses - Info Security Magazine

FBI: Sextortion complaints spike leads to $8 million in losses - Bleeping Computer

FBI warns of ransomware attacks targeting the food and agriculture sector - Security Affairs

FBI warns of ransomware attacks targeting food and agriculture sector as White House pushes for proactive measures - ZDNet

Fed up with constant cyberattacks, one country is about to make some big changes - ZDNet

FIN7 Hackers Using Windows 11 Themed Documents to Drop Javascript Backdoor - The Hacker News

FTC orders SpyFone to delete all of its surveillance data - ZDNet

Implementing a strategic planning process is key to drive future revenue growth - Help Net Security

Increasing number of investigations calls for advanced technology and dedicated teams - Help Net Security

Modernizing Health Care Security with SASE - Security Boulevard

Over 60,000 domains parked at MarkMonitor could be taken over - Bleeping Computer

Patched: Critical bug with public PoC exploit in Cisco infrastructure virtualization software (CVE-2021-34746) - Help Net Security

Russia Blocks ExpressVPN, NordVPN, and IPVanish for Failure to Comply With Censorship Rules - TechNadu

Tabcorp argues banks should be responsible for handling credit card gambling blocks - ZDNet

Tech CEOs: Multi-Factor Authentication Can Prevent 90% of Attacks - Info Security Magazine

This New Malware Family Using CLFS Log Files to Avoid Detection - The Hacker News

When Cyber-Attacks Lead to Disasters, Does the Stafford Act Apply? - Info Security Magazine

Why should enterprises invest in machine identity management tools? - Help Net Security

Women Make Gains in Cybersecurity, But Gaps Remain - Security Boulevard

02/09

A dropper-as-a-service miscreants pay to push their malware onto potentially 1,000s of victims - The Register

African businesses’ vulnerability to cyber attacks worsened by pandemic: report - The Independent

Autodesk reveals it was targeted by Russian SolarWinds hackers - Bleeping Computer

Bad Bots Focus Attacks on E-Commerce Targets - InfoSecurity Magazine

Bluetooth Bugs Open Billions of Devices to DoS, Code Execution - Threatpost

Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks - The Hacker News

Cisco fixes critical authentication bypass bug with public exploit - Bleeping Computer

Comcast RF Attack Leveraged Remotes for Surveillance - Threatpost

Deerfield offering credit monitoring after data breach potentially exposed residents’ info - Greenfield Recorder

Digital State IDs Start Rollouts Despite Privacy Concerns - Threatpost

Execs don't sound very confident about long-term network security in the WFH era - TechRepublic

FBI warns of ransomware gangs targeting food, agriculture orgs - Bleeping Computer

Gmail and Outlook users are being targeted by a disturbing new email threat, which experts are concerned about - Brinkwire

How companies can keep cybercriminals at bay - Back End News

How SMBs can prevent QR code abuse - BizReport

Layered security strategy vital to combat Microsoft 365 phishing threat - IT Brief

Most local civil society organisations vulnerable to cyber risks – Report - Macau Business

NCC Group Reveals Threefold Increase in Targeted Ransomware Attacks in 2021 - AIthority

New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable - The Hacker News

Official website of Banksy hacked for fake NFT scam - Hackread

Previous employees with access to corporate data remain a threat to businesses - Help Net Security

Ransomware gangs target organizations during holidays and weekends - Help Net Security

Sacked Employee Deletes 21GB of Credit Union Files - InfoSecurity Magazine

Sophos discovers Gootloader mothership controls malicious content - Back End News

The Emergence of Killware: The next lethal malware CISOs need to worry about - DataQuest

UK Researchers Invent Device to Thwart USB Malware - InfoSecurity Magazine

Vulnerabilities allow attackers to remotely deactivate home security system (CVE-2021-39276, CVE-2021-39277) - Help Net Security

What is AS-REP Roasting attack, really? - The Hacker News

WhatsApp Fined €225m for GDPR Violations - InfoSecurity Magazine

WhatsApp patches vulnerability related to image filter functionality - ZDNet

01/09

700,000 French pharmacy Covid test results left publicly available - The Connexion French News

CISA Warns About the Ransomware Risk During the Upcoming Labor Day Holiday - TechNadu

Cream Finance platform pilfered for over $34 million in cryptocurrency - ZDNet

Cybercriminals Abusing Internet-Sharing Services to Monetize Malware Campaigns - The Hacker News

Finding and using the right cybersecurity incident response tools - Help Net Security

Fired NY credit union employee nukes 21GB of data in revenge - Bleeping Computer

Getting ahead of a major blind spot for CISOs: Third-party risk - Help Net Security

Hybrid work is here to stay, but security concerns are high - Help Net Security

Linphone SIP Stack Bug Could Let Attackers Remotely Crash Client Devices - The Hacker News

LockBit gang leaks Bangkok Airways data, hits Accenture customers - Bleeping Computer

LockBit ransomware operators leak 200GB of data belonging to Bangkok Airways - Security Affairs

Logitech Bolt: New wireless protocol provides added security for mice and keyboards - ZDNet

New standard enhances the cybersecurity of pipeline control systems - Help Net Security

OpenSSL Flaws Discovered and Fixed Last Week Affect a Large Number of Products - TechNadu

QNAP Working on Patches for OpenSSL Flaws Affecting its NAS Devices - The Hacker News

Scam artists are recruiting English speakers for business email campaigns - ZDNet

SEC announces sanctions against entities over email account hacking - Security Affairs

Sturdy Hospital in Attleboro sued over data breach - The Sun Chronicle

The cybersecurity metrics required to make Biden’s Executive Order impactful - Help Net Security

This is why the Mozi botnet will linger on - ZDNet

Twitter adds Safety Mode to automatically block online harassment - Bleeping Computer

Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA - Security Affairs

Wawa paying $9-million in cash, gift cards in data breach settlement; Nov. deadline to file claim - 6ABC

31/08

A Hacker Used “BlueBomb” to Unlock the Nintendo Wii Mini - TechNadu

Afghanistan’s reported data breach has life-and-death consequences - Fast Company

Attackers Can Remotely Disable Fortress Wi-Fi Home Security Alarms - The Hacker News

Bangkok Airways Admits Attackers Stole Passenger Data - InfoSecurity Magazine

Canada accepted 7,300 more immigration applications due to technical bug - Bleeping Computer

Chinese Developers Reveal Android Gamers' Data - Softpedia News

Coinbase seeds panic among users with erroneous 2FA change alerts - Bleeping Computer

Companies go scot-free despite breach of customer data - The leaflet

Crypto Exchange Bilaxy Loses $21M in Hack - PYMNTS

Cyberattackers are now quietly selling off their victim's internet bandwidth - ZDNet

Cybercriminal sells tool to hide malware in AMD, NVIDIA GPUs - Bleeping Computer

Cybersecurity awareness is one of the skills needed for a post-pandemic economy - Help Net Security

Dallas police data loss nearly triple initial estimate - Herald Sun

Data Breaches in the Financial Sector - News Anyway

Denton County Data Breach Exposes Health Records, Including COVID Vaccination Details - WBAP

Don't want to get hacked? Then avoid these three "exceptionally dangerous" cybersecurity mistakes - ZDNet

Expired driver's licenses open lanes for cybercriminals, text and email scams - USA Today

FBI Flash Alert Warns Organizations of Hive Ransomware Group - Health IT Security

Fujitsu customer data is reportedly being sold on the dark web - TechRadar Pro

Government Efforts Take Cyber Awareness to the Next Level, but an Ocean of Obstacles Lies Ahead - DevPro Journal

Hackers Steal Data from Neuchâtel Cantonal Bank - FINews

How behavioral biometrics can stop social engineering and malware scams dead in their tracks - NuData Security

HPE wars customers of Sudo flaw in Aruba AirWave Management Platform - Security Affairs

Illinois Physicians Notify 600K Patients of Data Breach - InfoSecurity Magazine

Illinois Provider Faces Healthcare Data Breach, 171K Patients Exposed - Health IT Security

Increase in credential phishing and brute force attacks causing financial and reputational damage - Help Net Security

Indonesia Launches Investigation for Possible Breach on Its COVID-19 Tracing App - TechNadu

Initial Access Broker use, stolen account sales spike in cloud service cyberattacks - ZDNet

Kaspersky blocked 5.8M malware attacks 'disguised as popular PC games' last year - PCGamer

Lojas Renner claims that cyberattack did not result in data leakage - The Clare People

Microsoft Exchange ProxyToken flaw can allow attackers to read your emails - Security Affairs

New Mirai Version Adds WebSVN Command Injection to Its Arsenal - TechNadu

QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout - ThreatPost

Ransomware May Have Cost US Schools Over $6bn in 2020 - InfoSecurity Magazine

Researchers Propose Machine Learning-based Bluetooth Authentication Scheme - The Hacker News

Securities and Exchange Commission (SEC) fines brokerage firms over email hacks, customer data exposure - CyberScoop

Singapore government expands bug hunt with hacker rewards scheme - ZDNet

Texas, California, New York, Louisiana, Missouri lead list of states with most ransomware attacks on schools: report - ZDNet

The consumerization of the Cybercrime-as-a-Service market - Help Net Security

The new era of email authentication - Security Infowatch

This phishing attack is using a sneaky trick to steal your passwords, warns Microsoft - ZDNet

Threat actors stole $19 million worth of crypto assets from Cream Finance - Security Affairs

30/08

ACE Takes Down Flixanity, a Highly Popular Pirate Streaming Site - TechNadu

Attackers Use Fake FMWhatsapp to Spread Triada Trojan - CISO Mag

Bangkok Airways apologizes for passport info breach as LockBit ransomware group threatens data leak - ZDNet

Boston Public Library discloses cyberattack - Security Affairs

CISA: Don’t use single-factor auth on Internet-exposed systems - Bleeping Computer

Consumers value privacy more than potential savings when purchasing insurance - Help Net Security

Cyber-thieves Hit DeFi Platform Again - InfoSecurity Magazine

Cyber threats, passenger vessels and superyachts: The current state of play - Help Net Security

Debunking myths about consumer expectations around mobile apps security - Help Net Security

DEF CON 29 Main Stage – Zhipeng Huo’s, Yuebin Sun’s & Chuanda Ding’s ‘Reveal And Exploit: IPC Logic Bugs In Apple’ - Security Boulevard

File upload security best practices rarely implemented to protect web applications - Help Net Security

Hacking IoT Security with Aaron Guzman - Security Boulevard

How Does MTA-STS Improve Your Email Security? - The Hacker News

How enterprises use security operations to modernize their business - Help Net Security

Hybrid work here to stay: What does that mean for security? - ZDNet

Israeli firm "bright data" (Luminati Networks) enable the attacks against Karapatan - Security Affairs

LockBit Gang to Publish 103GB of Bangkok Air Customer Data - ThreatPost

Men, Executives Pose Higher Cybersecurity Risk - Security Boulevard

Microsoft Exchange ProxyToken bug can let hackers steal user email - Bleeping Computer

Microsoft shares guidance on securing Azure Cosmos DB accounts - Bleeping Computer

New variant of Konni RAT used in a campaign that targeted Russia - Security Affairs

Operationalize AWS security responsibilities in the cloud - Help Net Security

QNAP works on patches for OpenSSL bugs impacting its NAS devices - Bleeping Computer

Rethinking Cloud Infrastructure Authentication - Security Boulevard

Rights Group Advises Afghans to Delete Data - InfoSecurity Magazine

Serverless security market size to reach $5.1 billion by 2026 - Help Net Security

Singapore touts need for security, use cases as 5G rollouts gather steam - ZDNet

T-Mobile Hacker Identified, China’s New Privacy Law, Tesla Bot Announcement - Security Boulevard

Unmanaged SaaS Data Brings Supply Chain Risks - Security Boulevard

US DoJ announces the creation of Cyber Fellowship Program - Security Affairs

‘Web Hosting Canada’ Informs of a Major Ongoing Security Incident - TechNadu

Why torrenting on Elon Musk’s Starlink is not a good idea? - HackRead

Why WAFs Don’t Work According to a Hacker - Security Boulevar

29/08

1 GB of data belonging to Puma available on Marketo - Security Affairs

Apple launches service program for iPhone 12 no sound issues - Bleeping Computer

Australia: Agencies urged to educate staff more after reporting 34 data breaches - The Riotact

Chico State students are conflicted about university's vaccination exemption data breach - KRCR

Cyberattacks, data loss among top management concerns today - The Manila Times

DDoS attacks target the Philippine human rights alliance Karapatan - Security Affairs

DEF CON 29 Main Stage – Kelly Kaoudis’ & Sick Codes’ ‘Rotten Code, Aging Standards & Pwning IPv4 Parsing’ - Security Boulevard

DEF CON 29 Main Stage – Rion Carter’s ‘Why Does My Security Camera Scream Like A Banshee?’ - Security Boulevard

Envision Credit Union ‘taking all appropriate steps’ after possible cyber attack - Data Breach Net

Get Lifetime Access to 24 Professional Cybersecurity Certification Prep Courses - The Hacker News

Japan has no time to waste in boosting its cyberdefenses - The Japan Times

Less than two months after its launch and inaugural hack, GETTR is leaking data - Data Breach Net

Some Synology products impacted by recently disclosed OpenSSL flaws - Security Affairs

T-Mobile hacker used brute force attack to steal customers’ data - HackRead

There's no easy fix to the worsening ransomware epidemic - The Star

NEWS: Agosto (22/08 - 28/08) - 34 Semana de 2021