NEWS: Dezembro (12/12 - 18/12) - 50 Semana de 2021

Cyber Security and Information Security News - Daily Updates !!

18/12

Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability - The Hacker News

Apache Log4j: New Attack Vectors, Ransomware Seen - Bank Info Security

Conti Ransomware Group Exploiting Log4j Vulnerability - HackRead

German audio tech giant Sennheiser exposed 55GB of customers’ data - HackRead

Hall County’s ‘crippling’ cyberattack last year cost $1.7M. Here’s what else we’ve learned since then - Gainesville Times

How to Successfully Handle Press Releases After a Data Breach - Purple Revolver

Mean Time To Detect (MTTD) - Business 2 Community

New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability - The Hacker News

Privacy Commissioner Notified After Data Breach At Five Counties Children’s Centre - Kawartha 411

Ransomware persists even as high-profile attacks have slowed - Independent

Rising ransomware attacks doubles premium for cyber cover - The Times Of India

Telcos Are on Phishers’ Radar, Who Is at Risk? - CircleID

The game of fraud also runs in the name of Cryptocurrency! In this way you can make safe investments - Enter 21st

Three-fourths of organisations in India have been hit by ransomware threat this year: Report - The Hindu Business Line

Upgraded to log4j 2.16? Surprise, there's a 2.17 fixing DoS - Bleeping Computer

17/12

All Log4j, logback bugs we know so far and why you MUST ditch 2.15 - Bleeping Computer

Android malware warning: Over 500,000 users have been infected after downloading this app from Google Play - ZDNet

Attacks on UK Firms Increase Five-Fold During Pandemic - InfoSecurity Magazine

B&K Issues Cyber-attack Notice - InfoSecurity Magazine

CISA: Federal agencies must immediately mitigate Log4J vulnerabilities - ZDNet

CISA: Prepare Now for Holiday Cyber Onslaught - InfoSecurity Magazine

Conti ransomware uses Log4j bug to hack VMware vCenter servers - Bleeping Computer

Credit card info of 1.8 million people stolen from sports gear sites - Bleeping Computer

Digital IDs don’t have to impinge on civil liberties and privacy - Help Net Security

Facebook Bans 7 'Cyber Mercenary' Companies for Spying on 50,000 Users - The Hacker News

Google unleashes security 'fuzzer' on Log4Shell bug in open source software - ZDNet

How to Prevent Customer Support Help Desk Fraud Using VPN and Other Tools - The Hacker News

Immudb: Open-source database, built on a zero trust model - Help Net Security

Log4j: Major IT vendors rush out fixes for this flaw and more ahead of Christmas - ZDNet

Logistics giant warns of BEC emails following ransomware attack - Bleeping Computer

Meta: Surveillance-for-Hire Firms Hit 50,000 Victims - InfoSecurity Magazine

New PseudoManuscrypt Malware Infected Over 35,000 Computers in 2021 - The Hacker News

Ole Miss Students Charged with Cyber-stalking - InfoSecurity Magazine

Ransomware affects the entire retail supply chain this holiday season - ZDNet

Security firm Blumira discovers major new Log4j attack vector - ZDNet

Spider-Man Fans Warned About Scams Leveraging New Movie - InfoSecurity Magazine

TellYouThePass ransomware revived in Linux, Windows Log4j attacks - Bleeping Computer

This company was hit with ransomware, but didn't have to pay up. Here's how they did it - ZDNet

This image looks very different on Apple devices — see for yourself - Bleeping Computer

US emergency directive orders govt agencies to patch Log4j bug - Bleeping Computer

Want to assemble a cyber Dream Team? Look back at the ‘92 Olympics - Help Net Security

Why is a well thought-out approach to cloud migration imperative? - Help Net Security

16/12

3 Ways ZTNA Improves Remote Access Security - Security Boulevard

4 Ways IP Data Can Help Fight Cybercrime - Security Boulevard

60% of UK Workers Have Been Victim of a Cyber-Attack, Yet Awareness Remains Low - InfoSecurity Magazine

Adoption of private 5G networks accelerates, as organizations look to improve security and speed - Help Net Security

All Change at the Top as New Ransomware Groups Emerge - InfoSecurity Magazine

Brazil investigates use of staff credentials in cyberattacks against government bodies - ZDNet

CISA, White House urge organizations to get ready for holiday cyberattacks - ZDNet

CVE-2021-44228: The Log4Shell Vulnerability - Security Boulevard

Europe’s quantum communication plans: Defending against state-sponsored cyber attacks - Help Net Security

Experts: All Breach Victims Should Freeze Credit - InfoSecurity Magazine

Facebook has taken a significant step to combat data scraping vulnerabilities - The Digital Hacker

Firefox users can't reach Microsoft.com — here's what to do - Bleeping Computer

Flaws in Lenovo laptops allow escalating to admin privileges - Security Affairs

France Orders Clearview AI to Delete Data - InfoSecurity Magazine

Google Calendar now lets you block invitation phishing attempts - Bleeping Computer

Google: This zero-click iPhone attack was incredible and terrifying - ZDNet

Gumtree classifieds site leaked personal info via the F12 key - Bleeping Computer

Hive ransomware enters big league with hundreds breached in four months - Bleeping Computer

How to implement security into software design from the get-go - Help Net Security

Lenovo laptops vulnerable to bug allowing admin privileges - Bleeping Computer

Log4j flaw: This new threat is going to affect cybersecurity for a long time - ZDNet

Microsoft: Khonsari ransomware hits self-hosted Minecraft servers - Bleeping Computer

New Fileless Malware Uses Windows Registry as Storage to Evade Detection - The Hacker News

New Jersey Cancer Care Providers Settle Data Breach Claim - InfoSecurity Magazine

Online Shoppers Could Face Eight Million Credential Stuffing Attacks Per Day Over Christmas - InfoSecurity Magazine

Online shopping at risk: Mobile application and API cyber attacks at critical high - Help Net Security

Phorpiex botnet returns with new tricks making it harder to disrupt - Bleeping Computer

Regulator: Venues Must Protect User Privacy During COVID19 Checks - InfoSecurity Magazine

Researchers Uncover New Coexistence Attacks On Wi-Fi and Bluetooth Chips - The Hacker News

Security priorities are geared toward ongoing remote and hybrid work - Help Net Security

Suspected Iranian hackers target airline with new backdoor - ZDNet

The Guide to Automating Security Training for Lean Security Teams - The Hacker News

The impact of the Log4j vulnerability on OT networks - Help Net Security

Trust in Legacy Vendors Sinks as Ransomware Spikes - Security Boulevard

US and Australia Enter CLOUD Act Agreement - InfoSecurity Magazine

Variant of Phorpiex botnet used for cryptocurrency attacks in Ethopia, Nigeria, India and more - ZDNet

15/12

After theft of $77.7 million, victim AscendEX to reimburse customers - ZDNet

DHS announces its ‘Hack DHS’ bug bounty program - Security Affairs

DHS Launches Bug Bounty Program - InfoSecurity Magazine

ExpressVPN Now Comes with Protection Against Log4Shell Vulnerability - TechNadu

Find Hidden AirTags Using Apple’s New Android Tracker Detect App - TechNadu

Foundational cloud security with CIS Benchmarks - Help Net Security

Government Experts in Last Minute Seasonal Scam Warning - InfoSecurity Magazine

Grindr Fined €6.5m for Selling User Data Without Explicit Consent - InfoSecurity Magazine

How healthcare providers handle safeguards to protect payment and PII - Help Net Security

How to Determine if Your Network Security is Working - Security Boulevard

Leveraging AIOps for a holistic view of network performance and security - Help Net Security

Log4j flaw: Now state-backed hackers are using bug as part of attacks, warns Microsoft - ZDNet

Log4j Looms Large Over Patch Tuesday - InfoSecurity Magazine

Log4j vulnerability: Why your hot take on it is wrong - TechRepublic

Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations - Help Net Security

Meta targets user information, database scraping in bug bounty expansion - ZDNet

Multiple Nation-State actors are exploiting Log4Shell flaw - Security Affairs

New "Hack DHS" program will pay up to $5,000 for discovered vulnerabilities - ZDNet

Owowa, a malicious IIS Server module used to steal Microsoft Exchange credentials - Security Affairs

Password offenders: Who’s the naughtiest of them all? - Help Net Security

Passwordless verification API transforms every mobile phone into a security token for zero trust access - Help Net Security

Ransomware in 2022: We're all screwed - ZDNet

Singapore-South Korea digital economy deal to sync up on data, payments - ZDNet

The cyber risk future doesn’t look good, but organizations are ready - Help Net Security

UK's New Cyber Strategy Designed to Boost Position as "Global Cyber Power" - InfoSecurity Magazine

U.S. Consumers Lost $148 million to Gift Card Scams in 2021 - CISO Mag

Victims awarded $18 million in GirlsDoPorn online video case, boss on the run - ZDNet

Web App Attacks Surge 251% in Two Years - InfoSecurity Magazine

When Not to Trust Zero-Trust - Security Boulevard

While attackers begin exploiting a second Log4j flaw, a third one emerges - Security Affairs

Why are data professionals investing in data governance programs? - Help Net Security

14/12

Adobe addresses over 60 vulnerabilities in multiple products - Security Affairs

Além da Saúde, CGU, PRF e IFPR também confirmaram invasão por grupo hacker - G1

Anubis Android malware returns to target 394 financial apps - Bleeping Computer

Apple AirTag Android App is Absolutely Awful—Tracker Detect Fail - Security Boulevard

Billion-dollar natural gas supplier Superior Plus hit with ransomware - ZDNet

Brazilian Ministry of Health hit by second cyberattack in less than a week - ZDNet

Christmas Payroll Fears After Ransomware Hits Software Provider - InfoSecurity Magazine

CISA orders federal agencies to patch Log4Shell by December 24th - Bleeping Computer

Cyberattacks in 2022 Will Look Familiar - Security Boulevard

Cyberattack on BHG opioid treatment network disrupts patient care - Bleeping Computer

Employees think they’re safe from cyberthreats on company devices - Help Net Security

Enterprise email encryption without friction? Yes, it’s possible - Help Net Security

EU Parliament adopts Digital Services Act, but concerns persist - Bleeping Computer

Experts: Log4j Bug Could Be Exploited for “Years” - InfoSecurity Magazine

Google fixed the 17th zero-day in Chrome since the start of the year - Security Affairs

Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware - The Hacker News

Hackers steal Microsoft Exchange credentials using IIS module - Bleeping Computer

How Extended Security Posture Management Optimizes Your Security Stack - The Hacker News

How organizations analyze data to source insights that inform business decisions - Help Net Security

How to thwart SIM swapping attacks? - Help Net Security

Hybrid work is dead, long live “work” - Help Net Security

iOS 15.2’s App Privacy Report: How to turn it on, and what it all means - ZDNet

LastPass to Become Standalone Company - InfoSecurity Magazine

Log4j flaw could be a problem for industrial networks 'for years to come' - ZDNet

Log4j flaw: Nearly half of corporate networks have been targeted by attackers trying to use this vulnerability - ZDNet

Log4j flaw puts hundreds of millions of devices at risk, says US cybersecurity agency - ZDNet

Log4j: List of vulnerable products and vendor advisories - Bleeping Computer

Log4j zero-day flaw: What you need to know and how to protect yourself - ZDNet

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flaws - Bleeping Computer

Microsoft December 2021 Patch Tuesday: Zero-day exploited to spread Emotet malware - ZDNet

Microsoft fixes Windows AppX Installer zero-day used by Emotet - Bleeping Computer

Microsoft releases end-to-end encryption for Teams calls - ZDNet

Modern cars: A growing bundle of security vulnerabilities - Help Net Security

Police Arrest Suspected Ransomware Actor in Romania - InfoSecurity Magazine

Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation - Security Affairs

Preparing for Evolving Phishing Scams - Security Boulevard

Ransomware hits HR solutions provider Kronos, locking customers out of vital services - Help Net Security

Significant Disconnect Between SOC Leaders and Staff - InfoSecurity Magazine

TAG to Open New Global Headquarters - InfoSecurity Magazine

Teleport Adds Windows Support to Infrastructure Security Gateway - Security Boulevard

TinyNuke banking malware targets French organizations - Security Affairs

US CISA orders federal agencies to fix Log4Shell by December 24th - Security Affairs

WAF, RASP and Log4Shell - Security Boulevard

WhatsApp New Privacy Update Hides Your Status and Activity From Strangers - TechNadu

Windows 11 KB5008215 update released with application, VPN fixes - Bleeping Computer

13/12

7 Cloud Vulnerabilities Endangering Your Data! - Security Boulevard

Arrest in Romania of a ransomware affiliate scavenging for sensitive data - Data Breaches Net

Ascendex has lost $77 million worth of RC20, BSC, and Polygon tokens to cyberattack - HackRead

Attackers can get root by crashing Ubuntu’s AccountsService - Bleeping Computer

Bugs in billions of WiFi, Bluetooth chips allow password, data theft - Bleeping Computer

Building Blocks of the Widely Used Qakbot Banking Trojan outlined by Microsoft - The Digital Hacker

Can Your IAST Do This? - Security Boulevard

Canadian federal privacy commissioner says BMO security breach in 2017 affected 113,000 client accounts - Data Breaches Net

CISA adds Log4Shell Log4j flaw to the Known Exploited Vulnerabilities Catalog - Security Affairs

CSAM Found on LSU Professor’s Computer - InfoSecurity Magazine

Darknet operators of “cyber bunker” convicted and sentenced in Germany - Data Breaches Net

Database security market to reach $16,273.8 million by 2028 - Help Net Security

Did Snatch Ransomware Snitch Volvo Cars R&D Data? - CISO Mag

Digital Payment Platform might go through changes as indicated by the RBI Governor - The Digital Hacker

Discerning the scope of a serious Log4j security flaw - The Digital Hacker

EV certificate usage declining: Is the internet becoming more secure? - Help Net Security

Hackers Compromise PM Modi’s Twitter Account To Publish a Bitcoin Post - CISO Mag

Hacker-powered pentests gaining momentum - Help Net Security

How C-suite executives perceive their organizations’ readiness for ransomware attacks - Help Net Security

How Cybersecurity Awareness Shifted in 2021 - Security Boulevard

How SASE Enables and Secures 5G Networks - Security Boulevard

How worried should organizations be about their phishing click rate? - Help Net Security

Karakurt: A New Emerging Data Theft and Cyber Extortion Hacking Group - The Hacker News

Latest Apple iOS Update Patches Remote Jailbreak Exploit for iPhones - The Hacker News

Lewis & Clark Community College to resume classes from Tuesday in the midst of ransomware attack - The Digital Hacker

Log4j flaw: Attackers are making thousands of attempts to exploit this severe vulnerability - ZDNet

Log4j zero-day flaw: What you need to know and how to protect yourself - ZDNet

Log4Shell was in the wild at least nine days before public disclosure - Security Affairs

Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation - Help Net Security

Log4Shell was in the wild at least nine days before public disclosure - Security Affairs

Malicious PyPI packages with over 10,000 downloads taken down - Bleeping Computer

Microsoft Details Building Blocks of Widely Active Qakbot Banking Trojan - The Hacker News

Police arrests ransomware affiliate behind high-profile attacks - Bleeping Computer

Ransomware Affiliate Arrested in Romania; 51 Stolen Data Brokers Arrested in Ukraine - The Hacker News

“Sadistic” Online Extortionist Jailed for 32 Years - InfoSecurity Magazine

Site da Câmara de Vereadores do Rio sai do ar após ataque hacker - G1

Świętokrzyskie: Personal data leaked from the commune office in Nowiny - Data Breaches Net

Top 3 SaaS Security Threats for 2022 - The Hacker News

Two Linux botnets already exploit Log4Shell flaw in Log4j - Security Affairs

Ukraine arrests 51 for selling data of 300 million people in US, EU - Bleeping Computer

Ultimate guide to the CCSP: Build the most needed skill in cybersecurity - Help Net Security

Unused identities: A growing security threat - Help Net Security

Virginia legislative agencies and commissions hit with ransomware attack - ZDNet

Why is trust in legacy vendors on shaky ground? - Help Net Security

Woman finds medical records stacked next to recycling bin in Sharpstown neighborhood - Data Breaches Net

Worldwide Log4j Attacks That Can Deploy Malware Affect Steam, Minecraft, and iCloud - TechNadu

“Worst-Case Scenario” Log4j Exploit Travels the Globe - InfoSecurity Magazine

12/12

4 Philippine government agencies among prime targets of ‘China-sponsored’ spies, says US cyber firm - Manila Bulletin

5 tips to help seniors avoid scams this holiday season - Boston Herald

Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack - The Hacker News

BadgerDAO reveals cause behind exploit, details recovery plan - AMBCrypto

BDO clients lose money due to alleged online banking hack - Rappler

Beware! New Gmail email threat is here along with Omicron! Know how to avoid - Hindu Time

Brazil Health Ministry Website Targeted by Hackers, COVID-19 Vaccine Data At Risk - News18

Crypto Bot Trading Alert - San Francisco Examiner

Cyber security breach could target nearly all companies: Cyber watchdog - NL Times

Cybersecurity firm gives tips to confidently shop online - SunStar

Digital Assets Are Facing An Increasing Security Threat; How Can Corporations and Individuals Mitigate this Risk? - Recently Heard

DVLA scam: DVLA issues urgent warning to motorists - North Wales Chronicle

How to protect your financial data as the Cabinet Office is fined £500k for address leaks - Express

Log4j RCE activity began on December 1 as botnets start using vulnerability - ZDNet

Log4Shell: This dangerous exploit can affect everything from Apple to Minecraft - Giz China

Main cyber security technology predictions for 2022 - InfoTech Lead

Microsoft Asks Windows Users to Share Potentially Insecure Drivers - PC Magazine

Phishing attacks in Brazil grow 41% in 2021 - Play Crazy Game

Quebec shuts down thousands of sites as disclosure of the Log4Shell flaw - Security Affairs

Russian National Sentenced for Providing Crypting Service for Kelihos Botnet - Imperial Valley News

Schools face increasing risk of cyberattacks - Riverhead News Review

The Brazilian Ministry of Health’s website was hacked, and vaccination data was stolen - Nokia News

The Ongoing Evolution of Modern Ransomware - Tahawultech

Top 10 Cybersecurity Challenges to be Prepared for in 2022 - Analytics Insight

Trickbot rebirths Emotet: 140,000 Victims in 149 countries in 10 months - Zawya

Types of Cyber Threats and How to Prevent Them - The Next Hint

Understanding Cybersecurity in a Work From Home World - My Background Check

Volvo Data Breach: A Cause for Concern? - Pirate Press

NEWS: Dezembro (05/12 - 11/12) - 49 Semana de 2021