NEWS: Outubro - Novembro (31/10 - 06/11) - 44 Semana de 2021

Cyber Security and Information Security News - Daily Updates !!!

06/11

Amazon Black Friday Scam: Fake Email Can Steal Your Credit Card Details, Here's How to Prevent It - ITechPost

CDNetworks Releases State of the Web Security for 2020: Web Application Attacks Surged 740% - AIThority

Debit Card Fraud: A Growing Issue in Financial Services - FinTech

Decentralization may be key to protecting our digital identities - Venture Beat

DeFi protocol bZx falls victim to phishing attack, around $55 million lost - AMBCrypto

Electronic Warfare Associates (EWA) Data Breach: Email Phishing Incident Details - MSSP Alert

Google Ads Becomes Latest Platform Used to Steal Crypto in $500,000 Phishing Attacks - be[in]crypto

HDFC Bank warns customers of cyber fraud; Here’s how to avoid loss of money - Zee News

Inertia is the enemy of cybersecurity - The Hill

Minecraft gamers being targeted by Chaos ransomware in Japan - The Digital Hacker

Moline paid $421,000 to scammers a year ago, but city officials kept it quiet [Quad City Times, Davenport, Iowa] - Insurance News Net

Phishing Is an Insider Risk - It's Time to Tackle It Like One - InfoSecurity Magazine

Proofpoint unearths the use of Squid Game as lure by TA575 to distribute Dridex malware - ITP Net

Ransomware Attack on a Florida Lab - The Digital Hacker

The State of Education Cybersecurity: 3 Lessons for Protecting the Post-Covid Classroom - Elearning Inside

05/11

1.8 TB of Police Helicopter Surveillance Footage Leaks Online - Wired

77% of rootkits are used for espionage purposes - Help Net Security

2021’s 6 Nastiest Malware—and How to Avoid Their Wrath - Channel Futures

BlackBerry report highlights initial access broker providing entry to StrongPity APT, MountLocker and Phobos ransomware gangs - ZDNet

Blocked DDoS events up 75% in the first nine months of 2021 - Help Net Security

Crooks Commandeer Sam's Club Name to Send Scam Emails - AARP

Facial Recognition Firm Could Be Ordered to "Close" in UK, Warn Experts - InfoSecurity Magazine

FBI is involved in probe of 'security incident' at Martin County Tax Collector's Office - TC Palm

Fragmented approach to identity security management creates risk - Help Net Security

Google Ads for Faux Crypto Wallets Net Scammers At Least $500K - Threatpost

Mac Trojan Malware Can Hack Your Apple Device, Run Ads and Steal Info: 8 Ways to Prevent, Remove WizardUpdate - iTechPost

Monterey County told of data breach more than a month afterward - Monterey Herald

Native Tribal Casinos Taking Millions in Ransomware Losses - Threatpost

ONS Reports Huge Spike in Cybercrime and Fraud During COVID-19 - InfoSecurity Magazine

Organizations seldom prioritize cybersecurity over business outcomes - Help Net Security

Philips healthcare infomatics solution vulnerable to SQL injection - Bleeping Computer

Ransom Denied, Black Shadow Leaks Israeli Medical Data - Security Boulevard

Ransomware Attack on Lab in Florida - InfoSecurity Magazine

Reward! Uncle Sam promises $10m for info about DarkSide ransomware gang chiefs - The Register

Social Engineering News: Vishing - Social Engineering

Software development: Why security and constant vigilance are everyone’s responsibilities - Help Net Security

SSL certificate research highlights pitfalls for company data, competition - ZDNet

Students react to Twitch data breach - The Cougar

The IoT is getting a lot bigger, but security is still getting left behind - ZDNet

Twitter hacker charged in sim swapping, cryptocurrency scheme - HackRead

Twitter joins backlash against Australian plan to ID social media users - ZDNet

Ukraine Unmasks Armageddon Group as FSB Officers - InfoSecurity Magazine

U.S. Federal Agencies Ordered to Patch Hundreds of Actively Exploited Flaws - The Hacker News

U.S. Offers $10 Million Reward for Information on DarkSide Ransomware Group - The Hacker News

US Offers $10m Reward to Unmask DarkSide Leaders - InfoSecurity Magazine

04/11

CERT-FR warns of Lockean ransomware attacks against French companies - Security Affairs

CISA shares a catalog of 306 actively exploited vulnerabilities - Security Affairs

Cisco fixes hard-coded credentials and default SSH key issues - Bleeping Computer

Consumers Warned About Rise in Call Center Threats - InfoSecurity Magazine

Critical RCE Vulnerability Reported in Linux Kernel's TIPC Module - The Hacker News

Crypto investors lose $500,000 to Google Ads pushing fake wallets - Bleeping Computer

Cyber Attack Knocks Ohio County Library Computers Offline - Data Breaches Net

Domaining.com reports security incident - Data Breaches Net

Don’t Get ‘Shawshanked’ by DNS Tunneling - Security Boulevard

Hacker allegedly involved in 2020 Twitter hack charged with theft of $784K in crypto - Security Affairs

Hackers gained access to mySA Gov accounts, including licence and rego details - ZDNet

How to ease password pains while maintaining security - Help Net Security

iFood: restaurantes afetados pedem que empresa cubra prejuízo - Tecmundo

Iranian Hacking Group Leaks Patient and LGBTQ Info - InfoSecurity Magazine

Lockean multi-ransomware affiliates linked to attacks on French orgs - Bleeping Computer

Microsoft Exchange ProxyShell exploits used to deploy Babuk ransomware - Bleeping Computer

NSO Group Blacklisted by US for Trade in Spyware - InfoSecurity Magazine

O que é Privacidade e como trabalhar na área - Tecmundo

Organizations can save $1.9 million using workforce passwordless authentication - Help Net Security

Our journey to API security at Raiffeisen Bank International - The Hacker News

Remote code execution flaw patched in Linux Kernel TIPC module - ZDNet

Samsung Galaxy S21 hacked on second day of Pwn2Own Austin - Bleeping Computer

Supply Chain at Risk: Brokers Sell Access to Shipping, Logistics Companies - Security Boulevard

Surge in cyber attacks confirms the need for zero trust security - Help Net Security

Tens of thousands unpatched GitLab servers under attack via CVE-2021-22205 - Help Net Security

The ultimate SaaS Security Posture Management (SSPM) checklist - Help Net Security

Threat Actor Claims 'Groove' Ransomware Gang Was Hoax - InfoSecurity Magazine

Top 10 ways attackers are increasing pressure on their ransomware victims to pay - Help Net Security

Ukraine links members of Gamaredon hacker group to Russian FSB - Bleeping Computer

US Blocks Trade with ‘Legal’ Pegasus Spyware Firm, NSO - Security Boulevard

US indicts UK resident 'PlugwalkJoe' for cryptocurrency theft - ZDNet

03/11

A ransomware reality check for CISOs - Help Net Security

Actors Bait Discord Users With Free Nitro Version to Phish Steam User Credentials - TechNadu

Actors Invade Harvard Website Using Fake Student Identities for Scamming - TechNadu

Alleged Twitter hacker charged with theft of $784K in crypto via SIM swaps - Bleeping Computer

Arrests were made, but the Mekotio Trojan lives on - ZDNet

Beware: Free Discord Nitro phishing targets Steam gamers - Bleeping Computer

BlackMatter ransomware claims to be shutting down due to police pressure - Bleeping Computer

BlackMatter ransomware gang is shutting down due to pressure from law enforcement - Security Affairs

BlackMatter Ransomware Reportedly Shutting Down; Latest Analysis Released - The Hacker News

BlackMatter ransomware to shut down, affiliates transferring victims to LockBit - ZDNet

Brazilians resign to remote work monitoring - ZDNet

CISA orders federal agencies to fix hundreds of exploited security flaws - Bleeping Computer

Clearview AI slammed for breaching Australians' privacy on numerous fronts - ZDNet

Cybercrime underground flooded with offers for initial access to shipping and logistics orgs - Security Affairs

Cyber-Incident Impacts UK Labour Partye - InfoSecurity Magazine

Einstein’s Wormhole Exposes Salesforce Calendars to Potential Hackers - TechNadu

Facebook to Shut Down Facial Recognition System and Delete Billions of Records - The Hacker News

Google fixes actively exploited Zero-Day Kernel flaw in Android - Security Affairs

Google signs deal with US Air Force, announces FedRAMP High and IL4 authorizations - ZDNet

Holiday Shopping Disruption Beckons as Retail Bot Attacks Surge 13% - InfoSecurity Magazine

How the rise in identity crimes and cyberattacks impacts small businesses - Help Net Security

iFood confirma que ataque foi realizado por funcionário - TecMundo

(IN)SECURE Magazine issue 70 released - Help Net Security

Mapping ATT&CK techniques to CVEs should make risk assessment easier - Help Net Security

Medical school exposes personal data of thousands of students - ZDNet

Mekotio Banking Trojan Resurfaces with New Attacking and Stealth Techniques - The Hacker News

Microsoft: Windows 11 built-in apps might not open on some systems - Bleeping Computer

Only 2% of IT practitioners are confident in their organization’s ability to reduce API security issues - Help Net Security

Proven third-party risk management strategies - Help Net Security

Ransomware attacks increased 148% in Q3 2021, showing no sign of slowing - Help Net Security

Restaurantes têm nomes alterados no iFood por mensagens de apoio a Bolsonaro e contra vacina - G1 Tecnologia

Revealed: The 10 worst hardware security flaws in 2021 - ZDNet

Rooting malware discovered on Google Play, Samsung Galaxy Store - Help Net Security

Student Loans Company Dismissals Highlight Insider Risk - InfoSecurity Magazine

US Sanctions Pegasus-maker NSO Group and 3 Others For Selling Spyware - The Hacker News

While businesses are ramping up their risk mitigation efforts, they could be doing more - Help Net Security

02/11

24-year-old arrested after renting 300 bank accounts to the phishing capital of India - The Economic Times

Active Directory control: How adversaries score even bigger goals via attack paths - Help Net Security

Alert! Hackers Exploiting GitLab Unauthenticated RCE Flaw in the Wild - The Hacker News

Android November patch fixes actively exploited kernel bug - Bleeping Computer

Annual Cost of Child Identity Fraud Almost $1Bn - InfoSecurity Magazine

Beyond ransomware: why ILS capacity will be important to cyber risk - Intelligent Insurer

Canada’s Newfoundland and Labrador Healthcare Possibly Hit by Cyberattack - TechNadu

Cybercriminals sell access to international shipping, logistics giants - ZDNet

Data breach at US physical therapy center impacts more than 6,500 patients - The Daily Swig

'Facebook papers': quais são as acusações contra a gigante da tecnologia - G1 Tecnologia

Facebook vai desativar sistema de reconhecimento facial - G1 Tecnologia

FIN12 Ransomware: Why It’s a Healthcare Threat, How to Prevent an Attack - Health IT Security

Google to Pay Hackers $31,337 for Exploiting Patched Linux Kernel Flaws - The Hacker News

Hackers Deploy ELF on Windows Loaders to Exploit WSL Features - TechNadu

How to Best Protect Your Money From Hackers as Crypto Markets Boom - Beincrypto

iFood hackeado? Nomes de restaurantes alterados por ataques políticos - TecMundo

International Police Operation Targets High Profile Ransomware Attackers - Digit

Lazarus takes aim at defense industry - IT-Online

‘Minecraft’ stolen account list is actually ransomware that attacks cheaters - NME

Most Computer Code Compilers Vulnerable to Novel Attacks - InfoSecurity Magazine

New malware lures fake Chrome update to attack Windows PCs - HackRead

Over 30,000 GitLab servers still unpatched against critical bug - Bleeping Computer

Ransomware fears drive Aussie IT security spending towards $4.6B - ARN

Ransomware Readiness: PCI DSS Compliance And A Sound Backup Recovery Strategy - Forbes

Supply chain cyber attacks expected to increase in 2022 - Continuity Central

Take a survey, spam your friends, download fleeceware - Avast

The Future of Cybersecurity Isn’t What We Expected - Javvad Malik

Toronto subways hit by ransomware as US lawmakers slam 'burdensome' cybersecurity rules - ZDNet

What Is LemonDuck? Cross-Platform Mining Malware That Affects Windows and Linux - Make Use Of

01/11

500 Million Attempted Ransomware Attacks (So Far) In 2021 - MSSP Alert

Atento: dados publicados pelo ransomware Lockbit 2.0 - CISO Advisor

Art Basel's parent company MCH Group warns of possible data breach after criminal cyber attack - The Art Newspaper

Black Shadow Leak Data Hacked From Israeli LGBTQ Platform - TechNadu

BlackShadow hackers breach Israeli hosting firm and extort customers - Bleeping Computer

California Health Network Reports Data Breach - InfoSecurity Magazine

Canadian province health care system disrupted by cyberattack - Bleeping Computer

Celebrity data leaked after ransomware attack on London's Graff jewellers - ITPro

Chaos Ransomware Variant Targets Japanese Minecraft Gamers - TechNadu

China's personal data protection law kicks in today - ZDNet

Conti Group Leak Celebs' Data After Ransom Attack on Jeweller - InfoSecurity Magazine

Critical Flaws Uncovered in Pentaho Business Analytics Software - The Hacker News

Cyber-Incident at South Carolina School District - InfoSecurity Magazine

Europol Ransomware Attack: Company Seizes Over $52,000, 5 Luxury Vehicles From 12 Suspects Who Launched Global Attack - Tech Times

Financial services need to prioritize API security to protect their customers - Help Net Security

Hive ransomware group extends to cloud-based Linux variants - SC Media

Kaspersky's stolen Amazon SES token used in Office 365 phishing - Bleeping Computer

List of data breaches and cyber attacks in October 2021 – 51.2 million records breached - IT Governance

Martin County Tax Collector 'likely' hacked by BlackByte ransomware - TCPalm

Microsoft: This macOS flaw could have let attackers install undetectable malware - ZDNet

Multi-layered security is like a strong NFL defense - Techwire

New Zealand Cybersecurity Company Helps Squelch BlackMatter Ransomware Scheme - TechZone 360

Only 31% of employees are trained against ransomware attacks - Venturebeat

Possible cyberattack hits 'brain' of N.L. health-care system, delaying thousands of appointments - CBC News

Ransomware attack targets Las Vegas Cancer Center patients' personal information - KTNV Las Vegas

Researchers Uncover 'Pink' Botnet Malware That Infected Over 1.6 Million Devices - The Hacker News

South Yorkshire Housing Association warns thousands of customers over possible cyber-incident data breach - The Star

This sneaky trick could allow attackers to hide 'invisible' vulnerabilities in code - ZDNet

Trojan Source attack lets hackers exploit source code - HackRead

Universities and colleges see ransomware as biggest cyber threat - UK Authority

Wheel-Trans users express frustrations as ransomware attack leaves them unable to book new rides - CP24

31/01

12 Men Linked to Various Ransomware Operations Arrested - Tech Dator

A predictive cybersecurity diagnosis for healthcare - Healthcare

Cybercrime 101: What You Don't Know Can Hurt The Most - Tribune

Europol Captures 12 Suspects Believed to Have Used Ransomware to Attack 1,800 Victims in 71 Countries - Gizmodo

Graff multinational jeweller hit by Conti gang. Data of its rich clients are at risk, including Trump and Beckham - Security Affairs

Microsoft warns of rise in password sprays targeting cloud accounts - Bleeping Computer

National Bank of Pakistan gets hit by cyberattack, reports no financial loss or data breach - Wion

Ransomware: German authorities allegedly identify a member of the REvil group - Market Research Telecast

NEWS: Outubro (24/10 - 30/10) - 43 Semana de 2021