NEWS: Dezembro (19/12 - 25/12) - 51 Semana de 2021

Cyber Security and Information Security News - Daily Updates !!

25/12

AvosLocker Ransomware Uses AnyDesk in Safe Mode to Launch - The Headlines of Today

Cert-In discovered a new Ransomware virus disseminated via e-mail - The Digital Hacker

Deep Web vs Dark Web: Understanding the Differences - The Teal Mango

French IT Services Firm Hit by Ransomware Attack - Gov Info Security

Online Threat! Hackers are sending more and more SMS - Spark Chronicles

Should You Block All Monero-Related Domains? Crypto Scams Set To Rise in 2022 - Hacker Noon

Spiderman No Way Home Movie Download Could Land You in Phishing Trap - Sakshi post

There's no such thing as sensitive data - Data Center Dynamics

24/12

4 Ways To Strengthen Your Company’s Cybersecurity Infrastructure To Prevent An Attack - Forbes

5 cybersecurity trends to look out for in 2022 - ITP Net

Albania: Worries grow over personal data breach, as second leaked document distributed - Tirana Times

Albania's Prime Minister Issues Data Leak Apology - InfoSecurity Magazine

Android banking trojan spreads via fake Google Play Store page - Bleeping Computer

Attackers bypass Microsoft security patch to drop Formbook malware - HackRead

Blackmagic fixes critical DaVinci Resolve code execution flaws - Bleeping Computer

Consumer Data Breach Alert: Arthur J. Gallagher & Company - JD Supra

Cryptominers hit 'Spider-Man: No Way Home' fans while torrenting - Sify

Cybersecurity Considerations When Powering Retail IT Systems - Retail Touch Points

Data Breach Alert: Newbridge Securities Corporation - JD Supra

'Diavol' Ransomware Virus Hacks PC Via Email, And Blackmails You To Pay Money - India Times

Double check the message: Malicious actors are impersonating pharma companies - Digital journal

Five Eyes intelligence agencies warns millions at risk as hackers exploit mutating Log4Shell bug - 7News

Global IT services provider Inetum hit by ransomware attack - Bleeping Computer

Hellmann Warns Customers They Could Face Malicious Communications Following Attack - InfoSecurity Magazine

How AI-powered fraud and aggressive ransomware could dominate 2022 - Information Age

New BLISTER Malware Using Code Signing Certificates to Evade Detection - The Hacker News

New Ransomware Variants Flourish Amid Law Enforcement Actions - The Hacker News

NVIDIA apps affected by Log4j vulnerability - Bryt Fm online

Rook ransomware is yet another spawn of the leaked Babuk code - Bleeping Computer

Singapore: OCBC Bank cautions public about SMS phishing scams after customers lose $140,000 in 10 days - The Business Times

Steps you can take today to mitigate the potential of employee data breaches - News From Wales

T-Mobile says Scam Shield has blocked 21 billion scam calls in 2021 - Nation LK

Ubisoft Data breach hits Just Dance Players - Pro Privacy

Unique Cyber-Attacks Fall for First Time Since 2018 - InfoSecurity Magazine

Volvo Security Breach Led to R&D Data Theft by ‘Snatch’ Threat Actors - CPO Magazine

23/12

A flaw in Microsoft Azure App Service exposes customer source code - Security Affairs

Alibaba Suffers Government Crackdown Over Log4j - InfoSecurity Magazine

Apache's new security update for HTTP Server fixes two flaws - ZDNet

APWG’s eCrime 2021 Symposium Shows Cybercrime Evolving - Security Boulevard

Best of 2021 – Combating COMB: 3.2 billion credentials leaked in breach compilation - Security Boulevard

CISA, FBI and NSA Publish Joint Advisory and Scanner for Log4j Vulnerabilities - The Hacker News

CISA Releases Free Scanner to Spot Log4j Exposure - InfoSecurity Magazine

Consumers Warned of Surging Delivery Text Scams Ahead of Christmas - InfoSecurity Magazine

Correios viram alvo de hackers e site está fora do ar - Tudo Celular

Could passwordless be the solution to poor shopping sign-up processes? - Help Net Security

Five cybersecurity predictions for 2022 and beyond - Help Net Security

HackDHS bug bounty program accepts reports of Log4j-related flaws in DHS systems - Security Affairs

Hackers que invadiram Ministério de Saúde atacam Correios - Poder 360

Hackers raspam conta de ONG que cuida de dependentes químicos - Metropoles

How PYSA and Lockbit are Dominating the Ransomware Landscape - CISO Mag

If Your Disclosure of a Data Breach Was “Late,” You May Have to Litigate - Data Breaches Net

IoT SAFE — An Innovative Way to Secure IoT - The Hacker News

Log4Shell is a dumpster fire that should have been avoided - Help Net Security

Pain and Suffering for a Data Breach? German Court Issues First Decision of Its Kind in Europe - Data Breaches Net

PCI SSC updates its device security standard for HSMs - Help Net Security

This new ransomware has simple but very clever tricks to evade PC defenses - ZDNet

Three trivial bugs in Microsoft Teams Software remain unpatched - Security Affairs

Up to 120,000 Cops May Have Legal Claim Over 2019 Breach - InfoSecurity Magazine

Watch out for Christmas 2021 credential stuffing attacks! - Help Net Security

22/12

4-Year-Old Bug in Azure App Service Exposed Hundreds of Source Code Repositories - The Hacker News

A new version of the Abcbot bot targets Chinese cloud providers - Security Affairs

Attackers bypass Microsoft patch to deliver Formbook malware - Help Net Security

China suspends deal with Alibaba for not sharing Log4j 0-day first with the government - The Hacker News

CISA releases Apache Log4j scanner to find vulnerable apps - Bleeping Computer

Conti ransomware is exploiting the Log4Shell vulnerability to the tune of millions - TechRepublic

Cybercriminals shifting focus: IT sector most targeted in 2021 - Help Net Security

Dridex malware trolls employees with fake job termination emails - Bleeping Computer

DuckDuckGo developing a robust privacy-focused desktop browser - HackRead

Ghana govt agency exposed 700k citizens’ data in a database mess up - HackRead

How confident can organizations be in their managed services security? - Help Net Security

Iranian Nation-State Adversaries Exploit Log4j Flaw Against Israeli Firms - CISO Mag

“Melding IT and OT Systems Can Create New Attack Vectors and Surfaces” - CISO Mag

Meta warns 50,000 users about ‘surveillance-for-hire’ firms targeting them - The Digital Hacker

Microsoft Teams bug allowing phishing unpatched since March - Bleeping Computer

Monongalia Health System notifies patients and employees of data breach - Data Breaches Net

NIST Password Guidelines 2021: Challenging Traditional Password Management - Security Boulevard

NVIDIA discloses applications impacted by Log4j vulnerability - Bleeping Computer

Open-source software holds the key to solving Log4Shell-like problems - Help Net Security

PYSA ransomware gang is the most active group in November - Security Affairs

Ransomware Empire: Who might blackmail your company? - Help Net Security

Russian Cyber Exec Extradited After Alleged Trading Conspiracy - InfoSecurity Management

Salesforce CTO talks e-commerce cybersecurity threat trends for 2022 - Help Net Security

Security Operations Center (SOC) Performance Falling Short - Security Boulevard

Site da Prefeitura de Brumadinho é invadido por hackers, que deixam vídeo com ameaças a mineradora - G1

Software flaws in walk-through metal detectors made them hackable - HackRead

The gift that keeps on giving: 7 tips to avoid cyber security threats - Security Boulevard

This ransomware strain just started targeting lots more businesses - ZDNet

Ubisoft Reveals Player Data Breach Came from User Error - InfoSecurity Management

US Returns $150m to Sony After Employee BEC Attack - InfoSecurity Management

21/12

5 Application Security Standards You Should Know - Security Boulevard

6 top cybersecurity trends from 2021 and their impact on 2022 - Help Net Security

Belgian defense ministry admits attackers accessed its computer network by exploiting Log4j vulnerability - Data Breaches Net

Best of 2021 – 10 Major Cyber Attacks Witnessed Globally in Q1 2021 - Security Boulevard

Best of 2021 – Leaked Data of Domino’s India Available on Search Engine - Security Boulevard

Ca: Big White issues data breach alert - Data Breaches Net

Combating identity fraud: The key is to avoid stagnation - Help Net Security

Cyber insurance trends: Insurers and insurees must adapt equally to growing threats - Help Net Security

Cybersecurity budgets surge, as skills gap wreaks havoc on 2022 plans - Help Net Security

Data breaches reported so far this year have surpassed full-year 2020 - Data Breaches Net

F-Secure uses flaw in at-home COVID-19 test to fake results - Tech Republic

FBI: Hackers are actively exploiting this flaw on ManageEngine Desktop Central servers - ZDNet

Garrett walk-through metal detectors can be remotely manipulated - Bleeping Computer

Hackers invadem sites do governo e vendem senhas de servidores de órgãos públicos - Agora Notícias Brasil

Hackers invadem sites do governo e vendem senhas de servidores de órgãos públicos - O Globo

How familiar are consumers with data protection best practices? - Help Net Security

HSE given stolen data, including medical records, taken by criminals during cyber attack in May - Data Breaches Net

Joker Malware Resurfaces; Over 500,000 Android Users Affected - CISO Mag

Log4j flaw: 10 questions you need to be asking - ZDNet

Log4j Vulnerability Aftermath - Security Affairs

Log4Shell enumeration, mitigation and attack detection tool - Help Net Security

Meta Platforms processa hackers que se passavam por Facebook, Instagram e WhatsApp - Olhar Digital

Meta Sues to Disrupt Prolific Phishing Campaign - InfoSecurity Magazine

Microsoft Warns of Active Directory Vulnerabilities - CISO Mag

More than 35,000 Java packages impacted by Log4j flaw, Google warns - Security Affairs

New Zero Day in ManageEngine Desktop Central Servers Identified - CISO Mag

Patch these 2 Active Directory flaws to prevent the takeover of Windows domains - Security Affairs

Police found 225 million stolen passwords hidden on a hacked cloud server. Is yours one of them? - ZDNet

Police National Computer not pwned by Clop ransomware crims, insists Home Office - Data Breaches Net

Rethinking cybersecurity becomes imperative as devices and apps move away from physical offices - Help Net Security

Russian hackers made millions by stealing SEC earning reports - Bleeping Computer

Scam Phishing Network Costs Victims $80m Per Month - InfoSecurity Magazine

Secret Backdoors Found in German-made Auerswald VoIP System - The Hacker News

The Analyst Prompt #42: Ransomware Attacks Not Letting Up as 2021 Draws to a Close - Security Boulevard

Top 7 common Cybersecurity Myths — Busted - The Hacker News

Tropic Trooper Cyber Espionage Hackers Targeting Transportation Sector - The Hacker News

Two backdoors detected in Auerswald VoIP ystem - HackRead

Ubisoft confirms Just Dance data breach amid developer exodus - ZDNet

UK British Council Struck by Two Ransomware Attacks in Five Years - InfoSecurity Magazine

UK Cyber Cops Share 225 Million Passwords with Breach Site - InfoSecurity Magazine

Understanding Software Supply Chain and How to Secure It - HackRead

US returns $154 Million in bitcoins stolen by Sony employee - Bleeping Computer

Why the updated OWASP Top 10 list can’t be addressed by WAF? - Help Net Security

Windows 10 21H2 adds ransomware protection to security baseline - Bleeping Computer

20/12

4 Ways Cybercriminals Exploit Remote Teams - HackRead

14 cybersecurity predictions for 2022 and beyond - MIT Technology Review

$30 million stolen from Grim Finance, audit firm blames new hire for vulnerability - ZDNet

After ransomware attack, global logistics firm Hellmann warns of scam calls and mail - ZDNet

Ataque de hackers derruba sistemas e exclui dados da PF e PRF - R7

Avast found backdoor in US Federal Agency Network - HackRead

Belgian Defense Ministry confirms cyberattack through Log4j exploitation - ZDNet

CISA Issues Emergency Directive on Log4j - Security Boulevard

Conveyancing IT crash - company slammed for ‘wall of silence’ - Estate Agent Today

Cyber-Attack Impacts Aussie Companies - InfoSecurity Magazine

Cybercriminals exploit Spiderman: No Way Home popularity to spread malware, push phishing scams: Report - The Hindu Business Line

Cybersecurity company identifies months-long attack on US federal commission - ZDNet

DarkWatchman RAT uses Windows Registry fileless storage mechanism - Security Affairs

Data stolen from Police National Database disappears from dark web - Tech Monitor

Desjardins settles data breach suit for a maximum CA$201m - Coop News

Execs Get 16+ Years After SBA Fraud Scheme - InfoSecurity Magazine

Experts Discover Backdoor Deployed on the U.S. Federal Agency's Network - The Hacker News

FBI: State hackers exploiting new Zoho zero-day since October - Bleeping Computer

GoTestWAF: Open-source project for evaluating web application security solutions - Help Net Security

Hackers, bogus charities and ‘phishing’ emails among Christmas scams reported in Warwickshire - Rugby Observer

Hackers são condenados por falsificação de documento em sistema processual - Consultor Juridico

Healthcare provider Texas ENT alerts 535,000 patients to data breach - The Daily Swig

How can AI be made more secure and trustworthy? - Help Net Security

How likely are employees to fall prey to a phishing attack? - Help Net Security

How will cyber threats evolve in 2022? Here’s what experts say - Mint Lounge

Insider Threats: Protecting from Within - InfoSecurity Magazine

Introducing ‘killware’ — malware designed to contaminate, disrupt critical services - The Last Watchdog

IoT, cryptocurrency may spur more attacks in 2022 — Palo Alto Networks - Back End News

Log4j vulnerability now used to install Dridex banking malware - Bleeping Computer

Meta Sues Hackers Behind Facebook, WhatsApp and Instagram Phishing Attacks - The Hacker News

Microsoft warns of easy Windows domain takeover via Active Directory bugs - Bleeping Computer

New DarkWatchman malware spread through phishing emails on Windows machines: What we know so far - India Today

New Hancitor Malware Loader Delivers Malware Via Clipboard - LHN

New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G - The Hacker News

New Log4j Patch Released to Fix DoS Flaw - InfoSecurity Magazine

Over 300 victims lose $760,000 to phishing scams related to delivery firms - The Straits Times

Phishing Attacks Getting Sneakier - Ericom Blog

Ransomware attack on Kronos impacts paychecks, log-in timesheets of employees of several firms - India Today

Ransomware Gang Publish Confidential Police Data on the Dark Web - InfoSecurity Magazine

Rise in Ottawa-area cyberattacks tied to dark web and new wave of criminals - Ottawa Citizens

Robocalls More Than Doubled in 2021, Cost Victims $30B - ThreatPost

Ruled by algorithms, gig workers remain powerless against automated decision-making - ZDNet

Scammers grabbed $7.7 billion worth of cryptocurrency in 2021, say researchers - ZDNet

Shifting security further left: DevSecOps becoming SecDevOps - Help Net Security

Synthetic identity fraud: What is it, and why is it harmful? - Tech Republic

The cybersecurity executive order is not all it’s cracked up to be - Help Net Security

The Log4j saga: New vulnerabilities and attack vectors discovered - Help Net Security

Tech Companies to Protect Data on Undersea Cable - InfoSecurity Magazine

UK govt shares 585 million passwords with Have I Been Pwned - Bleeping Computer

Ukrainian War Games Test Electricity Grid - InfoSecurity Magazine

Zero trust isn’t just for IT, it can also protect targeted critical infrastructure - Help Net Security

19/12

2021 Cyber Review: The Year Ransomware Disrupted Infrastructure - Government Technology

Blackmail group Conti uses “Log4Shell” vulnerability for its ransomware - Market Research Telecast

Caution: Log4j and TellYouThePass ransomware are attacking your servers! - Best Gaming Pro

Correos explains how to avoid being scammed this Christmas - Euro Weekly

Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes - Crypto News

Crypto Users Should Prepare For More Security Threats In 2022 - Bankless Times

Difficult to determine full blast radius of Internet bugs: Google - The Siasat Daily

Facebook Bans Delhi-based IT Firm BellTroX for Hacking Accounts of Senior Govt Officials, Journalists and Others - India com

Grim Finance hacked – $30 million worth of tokens stolen - HackRead

Hackensack Healthcare Providers Settle Investigation with OAG Following Two Data Breaches - Tap into Hackensack

Hive: A terribly lively ransomware franchise - Tech Gaming Report

Lessons India Can Draw From Sri Lanka’s Efforts With Data Protection Legislation - Wire

Meta bans cyber spying firms from its platforms - KBC

NASA: Mars helicopter Ingenuity does not use Log4j - Market Research Telecast

New cyberespionage campaign discovered, possibly linked to Iran - Israel Defense

New stealthy DarkWatchman malware hides in the Windows Registry - Bleeping Computer

Pro Wrestling Tees Issues Out Statement To Customers Following Data Breach - Wrestling Inc

Pro Wrestling Tees Suffers Security Breach, Statement Released - EWrestling News

'Residents should be wary' Councils issue warning on Amazon scam ahead of Christmas - Express

Return of Emotet lights up warning of new ransomware attacks - Play Crazy Game

Russian hackers leak confidential UK police data on the 'dark web' after their ransom was rejected - Mail Online

The biggest cyber hacks of 2021 - Coin Rivet

Urgent Phishing Alert: Warn Your Customers Against AdultFriendFinder Cons Today - Adotas

NEWS: Dezembro (12/12 - 18/12) - 50 Semana de 2021