NEWS: Julho (18/07 - 24/07) - 29 Semana de 2021

Cyber Security, Information Security and Hacking News !!!!

24/07

Antivirus vs. VPN: Do you need both for online privacy and security? - Kim Komando

Calls for tougher stance toward Russia grow louder as ransomware attacks rage - Siliconangle

Cumbria Trading standards warn public on scam emails - Incumbria

Fake Windows 11 Installers Distributing Malware to Hopeful Users - TechNadu

FBI on High Alert on Olympic Games Potential Cybercriminal Attacks After Massive Data Breach - Tech Times

Florida DEO warns of unemployment data breach affecting nearly 58,000 - Catalyst

Guntrader.uk Hacked and User Details Shared for Free on Forums - TechNadu

Here's what we do and don't know about the cyberattack on Brockton police - The Enterprise

Kaspersky identifies new APT campaign - ITP Net

Microsoft shares mitigations for new PetitPotam NTLM relay attack - Bleeping Computer

Middle East Oil Giants Grapple With Cyberattacks - Markets Insider

New Facebook Messenger Phishing Campaign: It All Begins With an Invitation to Watch a Video - SmallCap News

Obtaining password hashes of Windows systems with PetitPotam attack - Security Affairs

Officials who are US allies among targets of NSO malware, says WhatsApp chief - The Guardian

Phishing scams targeting writers and Goodreads extortion scams - Digital Journal

The work of the Runet was tested in the exercise of disconnection from the global network - E Hacking News

UK National Lottery Community Fund Suffered a Catastrophic Data Breach - TechNadu

US accuses China of “malicious” cyberattacks, including Microsoft hacks | Hacking - Illinois News Live

US Loses $4.2B to Online Scams: Five to Be Aware of Right Now - Creek City Times

23/07

5 tips to mitigate and prevent ransomware attacks - India TV

16 Strategies To Ensure A Phishing Exercise Has A Strong And Lasting Impact - Forbes

40% fell victim to a phishing attack in the past month - Help Net Security

Akamai software update triggered a bug that took offline major sites - Security Affairs

Apple fixes bug that breaks iPhone WiFi when joining rogue hotspots - Bleeping Computer

Attackers deploy cryptominers on Kubernetes clusters via Argo Workflows - Bleeping Computer

Breaking News: You can't believe everything you read on RaidForums…. - Data Breaches

BSides Vancouver 2021 – Ruchi Gautam’s ‘Privacy Concerns In The Connected Car Ecosystem’ - Security Focus

BSides Vancouver 2021 – Vivek Ponnada’s ‘Is The Power Grid A Huge Cybersecurity Risk?’ - Security Focus

Chinese Researchers Hid Malware Inside AI Without Affecting Its Functions - TechNadu

Companies Face Growing Legal Risks Over Ransomware Data Leaks - WSJ Pro Cybersecurity

Conti Ransomware Responsible For Attack On Irish Health Service - Swords Today

Dutch Police Arrest Two Hackers Tied to "Fraud Family" Cybercrime Ring - The Hacker News

Dutch Police Arrested Members of the “Fraud Family” Phishing Scheme - TechNadu

Emma Willard School hit by ransomware attack - Times Union

Estonian hacker Pavel Tsurkan pleads guilty for operating a proxy botnet - Security Affairs

Even after Emotet takedown, Office docs deliver 43% of all malware downloads now - ZDNet

Fear patient data may have been stolen from Auckland DHBs - stuff

Five in trouble with the state for unauthorized access of driver's information - Star Tribune

Government IT decision makers worried about security risks related to cloud migration - Help Net Security

Hidden crypto farm in Frankfurt restaurant exposed - Data Breaches

In the Pegasus world, only the cyber-paranoid survive - mint

‘Kaseya’ Got a Master Decryption Key From REvil and Restoration Is Underway - TechNadu

Kaseya Obtains Universal Decryptor for REvil Ransomware - Threatpost

Kaseya says it has now got the REvil decryption key and it works - ZDNet

Major news sites serve porn after vid.me domain takeover - Bleeping Computer

Microsoft warns over this unusual malware that targets Windows and Linux - ZDNet

Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software - The Hacker News

Nearly 140 phishing incidents observed by CERT-In during H1 2021 - Telecom Economic Times

Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable in Massive Data Breach - Security Affairs

Pro-Trump MAGACOIN crypto launch marred by website data breach - Cointelegraph

ProtonVPN Review 2021 – Total Privacy Protection & Capable Features, at a High Cost! - TechNadu

Ransomware Hits Saudi Aramco, but Nobody is Immune - CXO Today

Researchers find new attack vector against Kubernetes clusters via misconfigured Argo Workflows instances - ZDNet

State Warns Of Driver’s License Phishing Scam - The Post-Journal

States Weigh Bans on Ransomware Payoffs - PEW

Tech firm hit by giant ransomware hack gets key to unlock victims’ data - The Guardian

The 25 most dangerous software vulnerabilities to watch out for - ZDNet

Transnet Undergoes Apparent Ransomware Hack - IT News Africa

Twitter reveals surprisingly low two-factor auth (2FA) adoption rate - Bleeping Computer

Uber found to have interfered with privacy of over 1 million Australians - ZDNet

UK gun owners urged to be ‘vigilant’ after Guntrader data breach - ITPro

User data privacy decisions can be easily manipulated - Help Net Security

Wake up! Identify API Vulnerabilities Proactively, From Production Back to Code - The Hacker News

West Virginia Center’s Health Data Breach Includes Patients’ PHI - Health IT Security

What Is An Identity and Access Management Solution and How Can Businesses Benefit From It? - Security Affairs

22/07

1,000 GB of local government data exposed by Massachusetts software company - ZDNet

740 ransomware victims named on data leak sites in Q2 2021: report - ZDNet

Akamai has trouble and the internet hiccups again - ZDNet

Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day - Threatpost

Apple security updates: iOS 14.7 fixes WiFiDemon flaw - Help Net Security

Asset inventory management: What’s the ROI? - Help Net Security

Atlassian asks customers to patch critical Jira vulnerability - Bleeping Computer

Attacks on critical infrastructure are dangerous. Soon they could turn deadly, warn analysts - ZDNet

China bans children under 16 from appearing in live-streaming and online video content - ZDNet

DDoS attacks are up, with ever-greater network impact - Help Net Security

Did you know a third of cybersecurity pros have experienced harassment? - Help Net Security

Financial services accounting for nearly 40% of all phishing URLs - Help Net Security

Gun owners' fears after firearms dealer data breach - BBC News

Hackers reportedly demand $50m from Saudi Aramco over data leak - BBC News

How (and Why) Hacker Forums Self-Moderate - Security Boulevard

Lack of cyber in Australian supply chain resilience plan has IBM concerned - ZDNet

Microsoft just published a workaround for this important Windows 10 flaw - ZDNet

Modi government accused of spying on critics and opponents using Pegasus spyware - ZDNet

New Malware Family “Coper” Spreads Among Colombian Android Users - TechNadu

Questions that help CISOs and boards have each other’s back - Help Net Security

Securing UX in Open Banking Apps - Security Boulevard

The Authorities Arrested Fourth Person Involved in 2020 “Twitter Bitcoin Hack” - TechNadu

TicketClub Italy Database Offered in Dark Web - Security Affairs

Thousands of Humana customers have their medical data leaked online by threat actors - Security Affairs

Who is responsible for improving security in the software development environment? - Help Net Security

Why you need to update your iPhone and iPad now - ZDNet

21/07

$49 malware receives major upgrade to strike both Windows and macOS PCs - ZDNet

A unified approach is the future of data backup - Help Net Security

Apple confirms iOS 14.7 unlocking bug headache, especially for enterprise users - ZDNet

Be: Hit by cyberattack, the Courcelles Public Social Action Center persevered to respond to floods and emergency conditions - Data Breaches

China dismisses Exchange attribution and accuses US of whitewashing its cyber heists - ZDNet

Chinese state hackers breached over a dozen US pipeline operators - Bleeping Computer

Chrome just added these big new security and privacy features - ZDNet

CISA warns of stealthy malware found on hacked Pulse Secure devices - Bleeping Computer

DDoS attacks increased 33% in H1 2021 - Help Net Security

Defending Against Pervasive Spyware - Security Boulevard

Despite good defensive measures, ransomware continues to get in - Help Net Security

Easily exploitable, unpatched Windows privilege escalation flaw revealed (CVE-2021-36934) - Help Net Security

Europe’s IT and business services market propelled by growing cloud-based services adoption - Help Net Security

France ANSSI agency warns of APT31 campaign against French organizations - Security Affairs

France warns of APT31 cyberspies targeting French organizations - Bleeping Computer

Google Chrome now comes with up to 50x faster phishing detection - Bleeping Computer

Image encryption technique could keep photos safe on popular cloud photo services - Help Net Security

Indictments, Attribution Unlikely to Deter Chinese Hacking, Researchers Say - Threatpost

Infections of Commodity Malware on macOS on the Rise Again - TechNadu

Joker billing fraud malware found in Google Play Store - ZDNet

Kelihos botmaster Peter Levashov gets time served - Security Affairs

LPE flaw in Linux kernel allows attackers to get root privileges on most distros - Security Affairs

MacOS Being Picked Apart by $49 XLoader Data Stealer - Threatpost

Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers - The Hacker News

Malware Distributors Abuse URL Shortener Services to Spread Dangerous Apps - TechNadu

Man Arrested in Connection with Alleged Role in July 2020 Twitter Hack - Data Breaches

Microsoft acquires privileged access management vendor CloudKnox Security - ZDNet

Microsoft shares workarounds for new Windows 10 zero-day bug - Bleeping Computer

Most companies still rely on manual tools and tech for internal audit processes - Help Net Security

Multiple Modem Routers Vulnerable to Unauthenticated Attacks - TechNadu

New Bill Could Force U.S. Businesses to Report Data Breaches Quicker - Security Boulevar

New Chrome Site Isolation and Phishing Detection Up the Browser’s Security Stance - TechNadu

NordVPN’s Obfuscated Servers Greyed Out, Not Working, or Missing? – Here’s How to Re-Enable Specialty Servers! - TechNadu

NordVPN’s Kill Switch Not Working? – You’ll Want to Try These 5 Fixes! - TechNadu

NPM package steals Chrome passwords on Windows via recovery tool - Bleeping Computer

NPM Package Steals Passwords via Chrome’s Account-Recovery Tool - Threatpost

Pegasus scandal: Are we all becoming unknowing spies? - BBC

PrintNightmare: How To Check If Your Systems Are Still Vulnerable - Security Boulevard

Risk Based Vulnerability Management – Time to Move Away From the Whack-a-Mole Model - CISO Mag

Security and Culture are Key to Digital Transformation - Security Boulevard

Several New Critical Flaws Affect CODESYS Industrial Automation Software - The Hacker News

The U.S. Has Been Buying Surveillance Cameras From Blacklisted Chinese Companies - TechNadu

This password-stealing Windows malware is distributed via ads in search results - ZDNet

TikTok, Snapchat account hijacker arrested for role in Twitter hack - Bleeping Computer

US House terminates deal with iConstituent after company waited days to raise ransomware alarm - ZDNet

XLoader, a $49 spyware that could target both Windows and macOS devices - Security Affairs

XLoader malware steals logins from macOS and Windows systems - Bleeping Computer

XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems - The Hacker News

What is a security champion and do you need one? - Security Boulevard

20/07

16-year-old bug in printer software gives hackers admin rights - Bleeping Computer

16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines - ThreatPost

A New Security Paradigm: External Attack Surface Management - ThreatPost

Beware the crypto scammers: Fraudsters fleece British couple of £15,000 in NINE minutes through phishing scam - This is Money

Biden administration debating whether and how to sanction China for ransomware attacks - CNN

Browser Hijacking, Malware Pop-Ups, And “Legit-Looking” Phishing – It’s A Wild Web - Martech Series

Bug hunters asked to probe Microsoft Teams mobile apps, can earn up to $30k - Help Net Security

Calling out China for cyberattacks is risky — but a lawless digital world is even riskier - Outlook India

China Flatly Denies Hacking Allegations and Calls the U.S. ‘Irresponsible’ - TechNadu

China hits back at ‘fabricated’ US hacking allegations - Aljazeera

China rejects hacking charges, accuses US of cyberspying - WSAZ 3

Combating deepfakes: How we can future-proof our biometric identities - Help Net Security

Cybersecurity company warns of American Rescue Plan Act scams as first IRS child tax credit payments released - ZDNet

Data breach over Pegasus snooping reported months ago - Mathrubhumi

Deepfakes: The Next Big Threat - Security Boulevard

Even highly skilled IT professionals fall prey to phishing attacks - TechRadar Pro

FBI: Threat actors may be targeting the 2020 Tokyo Summer Olympics - Bleeping Computer

Flash May Be Dead, but ‘Shlayer’ Campaigns Are Still Using It as a Disguise - TechNadu

Fortinet fixes bug letting unauthenticated hackers run code as root - Bleeping Computer

GDPR 3 years on: 43% of UK organisations reported to the ICO for a data breach - NetImperative

Geneva, Ohio discloses ransomware attack - Data Breaches Net

Google Cloud rolls out new security tools as threat landscape heats up - ZDNet

Google is using machine learning to stop DDoS attacks - ZDNet

Hacker behind LinkedIn scraping did it "for fun" - Computing

Hackers Put 1 TB of Saudi Aramco Stolen Data for Sale - Ihold

How do I select a data recovery solution for my business? - Help Net Security

Hundreds of touchscreen ticket machines are offline after a ransomware attack - ZDNet

IoT malware attacks rose 700% during the pandemic - Help Net Security

Is differential privacy the ideal privacy-enhancing computation technique for your business? - Help Net Security

Is Digital Forensics Possible in a COVID-19 scenario? - CISO Mag

Microsoft heads to court to take on imposter, homoglyph domains - ZDNet

MosaicLoader Malware Delivers Facebook Stealers, RATs - Threatpost

Most financial services mobile apps still rely on passwords, even with added friction - Help Net Security

Nasty Linux systemd security bug revealed - ZDNet

New MosaicLoader malware targets software pirates via online ads - Bleeping Computer

New Survey Reveals Extensive Devastation in the Aftermath of Ransomware Attacks - CISION PR Newswire

Northern's ticket machines hit by ransomware cyber attack - BBC News

Over 68K Advocate Aurora Patients Impacted by Elekta Health Data Breach - Health IT Security

Providing Security as a Service in the Wake of a High-Profile Ransomware Attack - XaaS Journal

Ransomware incident at major cloud provider disrupts real estate, title industry - Data Breaches Net

Ransomware: International cooperation is needed to curb these cybersecurity threats, says expert - TechRepublic

Researchers flag 7-years-old privilege escalation flaw in Linux kernel (CVE-2021-33909) - Help Net Security

Rising Threats Target Cloud Providers, Virtual Infrastructure - Security Boulevard

Saudi Aramco Loses 1TB of Data Following Data Breach - Softpedia News

Spanish Users Targeted by Novel Campaign Using an Old Malware Strain - TechNadu

The Android apps on your phone each have 39 security vulnerabilities on average - ZDNet

The growing threat of ransomware attacks on hospitals - AAMC

This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection - The Hacker News

Transgender charity Mermaids fined £25k for data protection breach - Digital Health

US legal eagles representing Apple, IBM, and more take 5 months to inform clients of ransomware data breach - The Register

What is phishing? - Tech Central

Your iPhone and the Pegasus spyware hack: What you need to know - TechRepublic

Zero-Trust is an Adjective Without a Noun - Security Boulevard

19/07

Application security tools ineffective against new and growing threats - Help Net Security

CTIR Gov coordenará Rede Federal de Gestão de Incidentes - CISO Advisor

Ericsson takes a thumping in Mainland China for second quarter - ZDNet

Experts disclose critical flaws in Advantech router monitoring tool - Security Affairs

Experts show how to bypass Windows Hello feature to login on Windows 10 PCs - Security Affairs

Facebook fights Biden claim that social media is 'killing people' through anti-vax, COVID-19 misinformation spread - ZDNet

Five Critical Password Security Rules Your Employees Are Ignoring - The Hacker News

Half of organizations are ineffective at countering phishing and ransomware threats - Help Net Security

How to balance employee IT security policies - Help Net Security

iPhones running latest iOS hacked to deploy NSO Group spyware - Bleeping Computer

iPhone WiFi bug morphs into zero-click hacking, but there's a fix - Bleeping Computer

Kaseya Breach: Key Takeaways for Managed Service Providers - Security Boulevard

New Leak Reveals Abuse of Pegasus Spyware to Target Journalists Globally - The Hacker News

NSO Group's Pegasus spyware used against journalists, political activists worldwide: report - ZDNet

Pegasus Project – how governments use Pegasus spyware against journalists - Security Affairs

Protect your smartphone from radio-based attacks - Help Net Security

Protecting Phones From Pegasus-Like Spyware Attacks - Threatpost

Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability - The Hacker News

Researchers Warn of Linux Cryptojacking Attackers Operating from Romania - The Hacker News

Security for Startups in a DevOps World: Infrastructure, IAM, and Remote Environments - Security Boulevard

Schneider Electric Patches 13 Vulnerabilities Affecting its EVlink Charging Stations - CISO Mag

Swedish man sentenced for gold-backed cryptocurrency scam - ZDNet

The Second Wave of a Ransomware Pandemic - Security Boulevard

There are new unpatched bugs in Windows Print Spooler - Help Net Security

Threat actor claims to have stolen 1 TB of data belonging to Saudi Aramco - Security Affairs

Top 5 NCSC Cloud Security Principles for Compliance - Security Boulevard

Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely - The Hacker News

US and Global Allies Accuse China of Massive Microsoft Exchange Attack - The Hacker News

Vaccinate your data: Addressing and adapting to new data risks - Help Net Security

WiFiDemon – Recently discovered iPhone Wi-Fi bug could also allow RCE - Security Affairs

Windows 10 security: Here's how researchers managed to fool Windows Hello - ZDNet

White House Accuses China of Microsoft Exchange Attack - Security Boulevard

18/07

94% of organizations suffer insider data breaches - The Manila Times

Chinese government issues new vulnerability disclosure regulations - Security Affairs

Comparis customers targeted by scammers after ransomware attack - Bleeping Computer

HelloKitty ransomware gang targets vulnerable SonicWall devices - Security Affairs

Instagram implements ‘Security Checkup’ to help users recover compromised accounts - Security Affairs

New Windows print spooler zero day exploitable via remote print servers - Bleeping Computer

Ransomware hits law firm counseling Fortune 500, Global 500 companies - Bleeping Computer

Staff, patients concerned about data breach at university hospital - Jamaica Gleaner

Windows 11 features, expected release date, and latest news - Bleeping Computer