NEWS: Março-Abril (28/03 - 03/04) - 13 Semana de 2021

03/04

‘Asteelflash’ Hit by REvil and Asked $24 Million Ransom - TechNadu

Attackers are abusing GitHub infrastructure to mine cryptocurrency - Security Affairs

Automated attack abuses GitHub Actions to mine cryptocurrency - Bleeping Computer

Evolution and rise of the Avaddon Ransomware-as-a-Service - Security Affairs

FBI and CISA Warn About APTs Targeting FortiOS VPN Vulnerabilities - TechNadu

The ‘Phobos’ Ransomware Is Getting a Stealth-Boosting Upgrade - TechNadu

02/04

5 key cybersecurity risks in 2021, and how to address them now - Help Net Security

Airlift Express Fixes Vulnerabilities in Its E-commerce Store - Security Affairs

Applications Are Everything and Everywhere – Does Whack-a-Mole Security Work? - Security Boulevard

Asteelflash electronics maker hit by REvil ransomware attack - Bleeping Computer

Brown University hit by cyberattack, some systems still offline - Bleeping Computer

Capital One notifies more clients of SSNs exposed in 2019 data breach - Bleeping Computer

Conti Ransomware gang demanded $40 million ransom to Broward County Public Schools - Security Affairs

Death, taxes, and hacks: How to prevent cyberattacks during tax season - Help Net Security

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers - Security Affairs

FBI and CISA warn of state hackers attacking Fortinet FortiOS servers - Bleeping Computer

Leaky Apps Heighten Supply Chain Risk - Security Boulevard

MacKenzie Scott Grant scam more widespread than initially thought - Bleeping Computer

Massachusetts Auto Inspection System Down Following Malware Attack - TechNadu

Mobile providers exposing sensitive data to leakage and theft - Help Net Security

Popular Twitch AdBlock shuts down after Twitch breaks extension - Bleeping Computer

Qualys says Accellion hackers did not breach production systems - Bleeping Computer

Ransomware gang wanted $40 million in Florida schools cyberattack - Bleeping Computer

Tens of thousands of QNAP SOHO NAS devices affected by unpatched RCEs - Security Affairs

TIM’s Red Team Research (RTR) team found 5 zero-day flaws in the CA eHealth Performance Manager product - Security Affairs

01/04

80% of Global Enterprises Report Firmware Cyberattacks - ThreatPost

Albuquerque hospital releases details about data breach - The Business Journals

‘Boggi Milano’ Ripped by the Ragnarok Ransomware Actors - TechNadu

Booking.com fined €475,000 for late reporting of data breach - Computing

Booking.com fined $557K under GDPR for reporting data breach late - Compliance Week

Chinese Hackers Are Selling Footage From Home Security Cams for $3 - TechNadu

Cybersecurity bill grabs unanimous approval in second House committee - Florida Politics

Cybereason vs. DarkSide Ransomware - Cybereason

Dangerous Game Mods and Cheats Hide Malware Through a VB6 Cryptor - TechNadu

Data Breach Allegations: RBI Orders Forensic Audit Of Mobikwik Systems - BW Business World

Data Breach Impacts 900 University of Chicago Medical Center Patients - 5 Chicago

DeepDotWeb Admin Pleads Guilty to Money Laundering Charges - The Hacker News

DoJ charges man for hacking, tempering with public water facility - HackRead

Fight Online Crime with Grammar - Learning English

Gamers targeted in new malware attack with games cheat codes - HackRead

Google: North Korean hackers are targeting researchers through fake offensive security firm - ZDNet

Hacked companies had backup plans. But they didn't print them out before the attack. - ZDNet

Hackers demanded $17 million worth of bitcoin as ransom from city of Saint John - Atlantic CTV News

Hackers Steal YU Students’ and Employees’ Personal Information in Accellion Security Breach - The Commentator

Investigation underway into Stanford personal data breach - The Mercury News

J&B Importers falls victim to a ransomware attack - Bicycle Retailer

Large Florida school district hit by ransomware attack - ABC News

Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack - ThreatPost

List of data breaches and cyber attacks in March 2021 – 21 million records breached - IT Governance

Major Provider of Cloud IoT Devices Breached - Sonraí

Memorial Hermann patients' personal data may have been compromised, hospital says - ABC13

MobiKwik calls in external auditors to investigate alleged data breach - Fin Extra

Protecting employees from job offer scams can lead to awkward but important conversations - SC Magazine

Ragnarok Ransomware Hits Boggi Milano Menswear - ThreatPost

SolarWinds breach severity perception increasing over time - Help Net Security

SQA figures reveal intensifying threat of cyber-attack - Education Technology

Trillium Health Plan added to tally of healthcare organizations hit by Accellion data breach - Beckers Health IT

Ubiquiti confirms extortion attempt following security breach - Bleeping Computer

University of Maryland, Baltimore says private data published to internet following ransomware attack- Yahoo! News

US DOJ: Phishing attacks use vaccine surveys to steal personal info - Bleeping Computer

VMware patches critical vRealize Operations flaws that could lead to RCE - Help Net Security

Want to get around a CAPTCHA? That’ll be 0.00094c, please - Help Net Security

Why passwords are to blame for loss of revenue, identity attrition and poor customer experiences - Help Net Security

31/03

Arup data breach: Staff bank account numbers and addresses compromised in major data breach at global consultancy firm with office near Edinburgh - Edinburgh News

AFP Investigating “Worst Ever” Cyber Attack On Nine - Channel News

Board directors need to play an active role in protecting their org from cyber risks - Help Net Security

Chinese government-run facial recognition system hacked by tax fraudsters: report - South China Morning Post

Cl0p ransomware gang leaks sensitive data from 6 US universities - HackRead

Cybersecurity groups ask CERT-IN to investigate reported Mobikwik data breach - CNBC TV18

Don't give hackers a home run by using these baseball team names in your passwords - TechRepublic

Fake jQuery files infect WordPress sites with malware - Bleeping Computer

FBI alert on Egregor ransomware highlighted affiliate cybercrime model - CyberScoop

Gaming mods, cheat engines are spreading Trojan malware and planting backdoors - ZD Net

Holding the news to ransom? What we know so far about the Channel 9 cyber attack - Mumbrella

Indian Mobile Phone Gateway MobiKwik Looks Into 110 Million User Data Breach - PYMNTS

Inter-Parliamentary Alliance on China’s website suffers cyber attack - The Sydney Morning Herald

Most Global Chip Companies Show Signs of Compromise - InfoSecurity

NHS Reduces Cyber-Skills Shortages but Breach Problems Remain - InfoSecurity

Organizations suffer downtime despite following cybersecurity recommendations - Help Net Security

Refunds Offered to Victims of Ziggy Ransomware Gang - Digit

Tax refund phishing scam targets university students and staffers - TechRepublic

The Castellón City Council suffers a cyber attack and is left without access to the computer system, municipal website and tax portal - Explica

Three-Quarters of Legal Breaches Caused by Insiders - InfoSecurity

Ubiquiti’s Data Breach Incident May Be a Lot More Catastrophic Than We Thought - TechNadu

UK Cyber Security Council Officially Launches as Independent Body - InfoSecurity

VMware patches critical vRealize Operations platform vulnerabilities - ZDNet

World Backup Day: Why Should Businesses Have this ‘Plan B?’ - CXO Today

30/03

30 Docker images downloaded 20M times in cryptojacking attacks - Security Affairs

93% of consumers concerned about data security when filling out online forms - Help Net Security

A highly sophisticated ransomware attack leaves 36,000 students without email - ZDNet

Cloud security experts wanted: You can be one of them - Help Net Security

Department of Homeland Security email accounts exposed in SolarWinds hack - ZDNet

Facial recognition camera projects raise concerns in Eastern Europe - ZDNet

How much of the data created and replicated should be stored? - Help Net Security

How Sky Global was Indicted for Selling Security - Security Boulevard

Leaders need to find ways to increase internal audit capacity without increasing budgets - Help Net Security

Leading Indian fintech platform MobiKwik denies data breach - Bleeping Computer

Microsoft Exchange attacks increase while WannaCry gets a restart - Bleeping Computer

Panasonic, McAfee team up to tackle vehicle cybersecurity - ZDNet

Ransomware group targets universities in Maryland, California in new data leaks - ZDNet

Ransomware: Why we're now facing a perfect storm - ZDNet

Reflected XSS Vulnerability In “Ivory Search” WP Plugin Impact Over 60K sites - Security Affairs

Scammers target universities in ongoing IRS phishing attacks - Bleeping Computer

Scammers Trick Steam Users with “Accidental Reports” - TechNadu

US govt warns that buying fake COVID-19 vaccine cards is a crime - Bleeping Computer

VMware addresses SSRF flaw in vRealize Operations that allows stealing admin credentials - Security Affairs

VMware fixes bug allowing attackers to steal admin credentials - Bleeping Computer

29/03

Attackers tried to insert backdoor into PHP source code - Help Net Security

Billions of records have been hacked already. Make cybersecurity a priority or risk disaster, warns analyst - ZDNet

Brian Krebs: No, I didn’t hack your Microsoft Exchange server - ZDNet

China-linked RedEcho APT took down part of its C2 domains - Security Affairs

Como o cadastro único criado pelo governo pode colocar seus dados em risco? - Tilt

Docker Hub images downloaded 20M times come with cryptominers - Bleeping Computer

Flaws in Ovarro TBox RTUs Could Open Industrial Systems to Remote Attacks - The Hacker News

Harris Federation hit by ransomware attack affecting 50 schools - Bleeping Computer

How do I select a bot protection solution for my business? - Help Net Security

How to Effectively Prevent Email Spoofing Attacks in 2021? - The Hacker News

London-based academies Harris Federation hit by ransomware attack - Security Affairs

Microsoft working to fix Windows 10 21H1 update install issue - Bleeping Computer

MobiKwik Suffers Major Breach — KYC Data of 3.5 Million Users Exposed - The Hacker News

New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems - The Hacker News

Official PHP Git server targeted in attempt to bury malware in code base - ZDNet

Securing Vaccine Passport Applications - Security Boulevard

Stop using your employees as scapegoats: Change their behavior - Help Net Security

The importance of a zero trust-based approach to identity security - Help Net Security

This Android malware hides as a System Update app to spy on you - ZDNet

Why certificate automation is no longer just “nice to have” - Help Net Security

Will AI Short Circuit Cybersecurity? - Security Boulevard

28/03

Apple discovers a serious vulnerability that has already been exploited by hackers and asks users to update their devices - Vegan News

CompuCom MSP expects over $20M in losses after ransomware attack - Bleeping Computer

Critical netmask networking bug impacts thousands of applications - Bleeping Computer

Crypto ransomware is a threat the average American is concerned about, says cybersecurity expert - TokenPost

Cyber insurance giant CNA hit by ransomware attack - Graham Cluley

Data breach reported at Lexington-based senior care service - The Dispatch

FBI: Cybercrime losses topped US$4.2 billion in 2020 - MenaFN

Married At First Sight fans complain they are unable to watch the show because 9Now streaming is 'skipping like a CD from 2001' - after network cyber attack - Mail Online

Multiple cyber threats lurking compromised systems, says Microsoft - Business Standard

New data reveals 150,000% increase in Royal Mail and DPD scams in the past year - Lancashire Telegraph

Oil And Gas Giant Shell The Latest Victim Of The Accellion Hack - Wonderful Engineering

Ransomware admin is refunding victims their ransom payments - Bleeping Computer