NEWS: Outubro (03/10 - 09/10) - 40 Semana de 2021

Cyber Security and Information Security News - Daily Updates !!!

09/10

1.5 Billion Facebook Users’ Personal Information Allegedly Posted for Sale - Honest News Reporter

5 subtle clues that email is really a clever phishing scam - Kim Komando

90% of AWS S3 Buckets Are Vulnerable to Ransomware - WebProNews

Academic Records At Harvard-Westlake School Breached - Canyon News

Bank of America insider charged with money laundering for BEC scams - Bleeping Computer

Chinese Hackers Target Political Issues, Universities In Taiwan, Hong Kong: Report - Republic World

Cryptocurrency Could Prevent Hacking Of Autonomous Vehicles - CarBuzz

Macquarie Health Corporation hit by Windows Hive ransomware - IT Wire

SAS secrets revealed by cut-and-paste error: Plans for enhanced weapons said to be for UK Special Forces are disclosed in 'astonishing' new security blunder by defence officials - Mail Online

Tech and Humans Defend Your Startup Against Ransomware - Grit Daily

Twitch data breach: Everything you need to know - Slash Gear

WeChat Found Scanning User Photos in the Background as a Routine - TechNadu

Weir sees shares fall after cyber attack revealed - The Herald Scotland

08/10

Apache rolled out a new update in a few days to fix incomplete patch for an actively exploited flaw - Security Affairs

BrewDog exposed data for over 200,000 shareholders and customers - Bleeping Computer

BrewDog exposed data of 200,000 shareholders for over a year - ZDNet

Cloudflare Not Liable for Its Users’ Copyright Infringement, Court Rules - TechNadu

Engineering giant Weir Group hit by ransomware attack - Bleeping Computer

Google announces new efforts to protect journalists and high-risk users from cyberattacks - ZDNet

Google warns of APT28 attack attempts against 14,000 Gmail users - Security Affairs

Microsoft: Russia Dominates State-Sponsored Attacks - InfoSecurity Magazine

Microsoft: Russian state hackers behind 53% of attacks on US govt agencies - Bleeping Computer

Mozilla upgrades older Thunderbird clients to the latest version - Bleeping Computer

NatWest Pleads Guilty in £400m Money Laundering Case - InfoSecurity Magazine

Patch management complexity increased by remote work is putting organizations at risk - ZDNet

Ransomware: Cyber criminals are still exploiting these old vulnerabilities, so patch now - ZDNet

Ransomware Group FIN12 Aggressively Going After Healthcare Targets - The Hacker News

Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems - The Hacker News

Russia poses the biggest nation-state cyber threat, says Microsoft - ZDNet

Singapore tweaks cybersecurity strategy with OT emphasis - ZDNet

The Netherlands declares war on ransomware operations - Security Affairs

UK Firms Hit by One Attack Every 47 Seconds Over Summer - InfoSecurity Magazine

Virtual collaboration technology issues plaguing the hybrid workforce - ZDNet

07/10

Apple now requires all apps to make it easy for users to delete their accounts - The Hacker News

Cybersecurity best practices lagging, despite people being aware of the risks - Help Net Security

Data Breach Volumes for 2021 Already Exceed 2020 Total - InfoSecurity Magazine

DTA certifies four cloud providers to store sensitive government data - ZDNet

Electronic warfare: The critical capability of dominating the electromagnetic spectrum - Help Net Security

Finding the right mix: Leveraging policy and incentives to improve healthcare cybersecurity - Help Net Security

Former Kent police officer sentenced for downloading child sex abuse material - ZDNet

Fraudulent robocalls to cost consumers $40 billion in 2022 - Help Net Security

Google warns 14,000 Gmail users targeted by Russian hackers - Bleeping Computer

Infosec Experts: Twitch Breach “As Bad as it Gets” - InfoSecurity Magazine

Marketing, Aerospace, and IT Pros Struggle with Passwords - Security Boulevard

New Security Challenges Require New Mindset - Security Boulevard

New U.S. Government Initiative Holds Contractors Accountable for Cybersecurity - The Hacker News

Operation GhostShell: MalKamak APT targets aerospace and telco firms - Security Affairs

Organizations putting security and compliance at the forefront to strengthen trust perceptions - Help Net Security

Patching Too Tortuous for IT Pros - InfoSecurity Magazine

Penetration Testing Your AWS Environment - A CTO's Guide - The Hacker News

Police Crack Multimillion-Dollar Real Estate Fraud Gang - InfoSecurity Magazine

Smishing on the Rise - InfoSecurity Magazine

Twitch data breach updates: login credentials or card numbers not exposed - Security Affairs

Twitch: No credentials or card numbers exposed in data breach - Bleeping Computer

Which technologies can help legal and compliance teams navigate a changing landscape of risk? - Help Net Security

Why The Biggest Cyberattacks Happen Slowly - Security Boulevard

06/10

91.5% of malware arrived over encrypted connections during Q2 2021 - Help Net Security

A company spotted a security breach. Then investigators found this new mysterious malware - ZDNet

Asean champions regional efforts in cybersecurity, urges international participation - ZDNet

ATO attacks increased 307% between 2019 and 2021 - Help Net Security

Atom Silo Uses DLL Side-Loading to Deploy Ransomware - Information Security

Becoming a new chief information security officer today: The steps for success - ZDNet

Critical infrastructure IoT security: Going back to basics - Help Net Security

DEF CON 29 Biohacking Village – Pia Zaragoza’s & Joel Isaac’s ‘HC Innovation With People Of All Abilities’ - Security Boulevard

Digital key builds on past practices to create a more secure future - Help Net Security

European Parliament calls for ban on AI-powered mass surveillance - Bleeping Computer

European Parliament passes non-binding resolution to ban facial recognition - ZDNet

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs - Security Affairs

Fired IT admin revenge-hacks school by wiping data, changing passwords - Bleeping Computer

Firefox improves advertising tracker blocking in private browsing - Bleeping Computer

Google to turn on 2-factor authentication by default for 150 million users - The Hacker News

Hackers use stealthy ShellClient malware on aerospace, telco firms - Bleeping Computer

Meet ESPecter: a new UEFI bootkit for cyber spying - ZDNet

Microsoft finds Windows 11 issues with SmartByte networking software - Bleeping Computer

Microsoft shares Windows 11 TPM check bypass for unsupported PCs - Bleeping Computer

Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers - The Hacker News

NCSC: Revoke Admin Access for BYOD Users Immediately - Information Security

Obstacles and threats organizations face when protecting AD - Help Net Security

One in three IT security managers don’t have a formal cybersecurity incident response plan - Help Net Security

Patch Apache HTTP Servers Now to Avoid Zero Day Exploit - Information Security

Ransom Disclosure Act would give victims 48 hours to report payments - Bleeping Computer

Singapore inks pact with Finland to mutually recognise IoT security labels - ZDNet

The Rise of Machine Identities - Security Boulevard

Twitch source code, business data, gamer payouts leaked in massive hack - ZDNet

Twitch Suffers Massive 125GB Data and Source Code Leak Due to Server Misconfiguration - The Hacker News

US Deputy Attorney General launches cryptocurrency enforcement team at DOJ - ZDNet

U.S. govt to sue contractors who hide breach incidents - Bleeping Computer

Vazamento da Twitch revela ganhos de streamers e planos de rival do Steam - G1

Windows 11 bug reverts users back to the Windows 10 taskbar - Bleeping Computer

05/10

Android October patch fixes three critical bugs, 41 flaws in total - Bleeping Computer

APIs and Security: What’s a Security Officer to Do?

- Security Boulevard

Atom Silo ransomware operators target vulnerable Confluence servers - ZDNet

Closing the Security Gaps at the Edge - Security Boulevard

Dark web marketplace White House announces end to its operations - Security Affairs

Domain security remains an underutilized component to curb attacksy - Help Net Security

English High Court Clarifies Appropriate Causes of Action in Data Claim Where Defendant Was a Victim of Third-Party Cyber-Attack - DataBreaches NET

Facebook Blames Global Outage on Configuration Error - InfoSecurity Magazine

Facebook: Outage caused by faulty routing configuration changes - Bleeping Computer

Five proven techniques for building effective fraud management - Help Net Security

For adapting to new cloud security threats, look to “old” technology - Help Net Security

Google to auto-enroll 150 million user accounts into 2FA - Bleeping Computer

Google Pledges $1m to Secure Open Source Project - InfoSecurity Magazine

How CISOs plan to accelerate the adoption of automation - Help Net Security

Large ransom demands and password-guessing attacks escalate - Help Net Security

McAfee Report: Ransomware Adopts New Tactics and Targets - Security Boulevard

Misconfigured Apache Airflow servers leak thousands of credentials - Security Affairs

Misconfigured, old Airflow instances leak Slack, AWS credentials - ZDNet

New Study Links Seemingly Disparate Malware Attacks to Chinese Hackers - The Hacker News

New UEFI bootkit used to backdoor Windows devices since 2012 - Bleeping Computer

Qualys Unfurls Ransomware Risk Assessment Service - Security Boulevard

Ransomware gang encrypts VMware ESXi servers with Python script - Bleeping Computer

Ransomware Hackers Who Attacked Over 100 Companies Arrested in Ukraine - The Hacker News

Reducing InfoSec Threats Takes a Village - Security Boulevard

Security and trust in software remains top priority for buyers - Help Net Security

Telco service provider giant Syniverse had unauthorized access since 2016 - Security Affairs

Tesuque Casino reopens Tuesday after September cyberattack - DataBreaches NET

Text Message Giant Reveals Five-Year Breach - InfoSecurity Magazine

The cybersecurity issues organizations deal with remain complex and numerous - Help Net Security

04/10

A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries - The Hacker News

Coinbase Attackers Bypassed Account Authentication - InfoSecurity Magazine

Combating vulnerability fatigue with automated security validation - Help Net Security

Creating Wireless Signals with Ethernet Cable to Steal Data from Air-Gapped Systems - The Hacker News

Cybersecurity budgets for industrial control systems and operational tech increasing: SANS Institute - ZDNet

DEF CON 29 Biohacking Village – Andrea Downing’s ‘No Aggregation Without Representation’ - Security Boulevard

DHS and NIST release post-quantum cryptography guidance - The Record

DNS de WhatsApp, Facebook, Instagram somem da Internet - CISO Advisor

Do you have a plan for your cybersecurity career? Time to skill up! - Help Net Security

Erosion of digital trust: Consumers want more personal information protection - Help Net Security

Ex-Army Technician Gets 12 Years for Role in Fraud Scheme - InfoSecurity Magazine

Facebook goes down, along with Instagram and WhatsApp - ZDNet

Facebook, Instagram and WhatsApp go DOWN worldwide for two hours and counting in catastrophic outage- as phone data service ALSO goes down for EE users in UK and multiple US networks - Daily Mail Online

Facebook, WhatsApp, and Instagram are down worldwide, it’s panic online - Security Affairs

Facebook, WhatsApp, and Instagram down due to DNS outage - Bleeping Computer

Facebook Whistleblower to Testify Before Senate - InfoSecurity Magazine

Fraudster jailed for stealing US military health records, millions in benefits - ZDNet

How collaboration between IT pros and senior leaders could drive the future of risk mitigation - Help Net Security

Human vs. Artificial Intelligence in Autonomous Systems - Security Boulevard

iOS 15.0.1: Bugfixes galore - ZDNet

LockBit 2.0 ransomware hit Israeli defense firm E.M.I.T. Aviation Consulting - Security Affairs

Misconfigured Apache Airflow servers leak thousands of credentials - Bleeping Computer

New APT ChamelGang Targets energy and aviation companies in Russia - Security Affairs

New Atom Silo ransomware targets vulnerable Confluence servers - Bleeping Computer

New offensive cyber force will "confront aggressive behaviour", says Foreign Secretary - ZDNet

Open source: Google is going to pay developers to make projects more secure - ZDNet

Personal Information of More Than 1.5 Billion Facebook Users Sold on Hacker Forum - Privacy Affairs

Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services - The Hacker News

Pottawatomie County paid the ransom to recover its systems - Security Affairs

Prolific Ransomware Operators Arrested in Joint Law Enforcement Action - InfoSecurity Magazine

RaidForums forced to use mirror after Brazilian govt contacts registrar - Bleeping Computer

Ransomware operators behind hundreds of attacks arrested in Ukraine - Bleeping Computer

Ransomware: Police arrest two in operation against 'prolific' gang that targeted big businesses - ZDNet

Running Robust Managed Detection and Response Services - Security Boulevard

The future role of data, AI and the cloud - Help Net Security

The Shortfalls of Mean Time Metrics in Cybersecurity - The Hacker News

Two ransomware operators were arrested in Kyiv with EUROPOL’s support - Security Affairs

UK plans to invest £5 billion in retaliatory cyber-attacks - Bleeping Computer

UK's National Cyber Force Heads to the Northwest - InfoSecurity Magazine

What Happened to Facebook, Instagram, & WhatsApp? - Krebs on Security

03/10

Are organisations prepared for new cybersecurity risks? - Gulf Business

Barclays Hacked by Cyberthieves Using Monzo Account, PISP - Pymnts

Beware these scams and crimes on the rise in South Africa - Business Tech

Britain braces for 'Tier 1' cyber attack: Ben Wallace says UK is building capability to target 'critical infrastructure' of hostile states to retaliate to hacking - Daily Mail Online

Colonial Pipeline: How Hackers ​​​​​​​Exploited A Password Policy Problem - Mondaq

CVE-2021-38647 OMIGOD flaw impacts IBM QRadar Azure - Security Affairs

Google removed 136 vulnerable apps, delete immediately if your phone also has - News Track Live

Got this Flubot malware warning on your Android phone? Beware, it's a trap - Mint

Hackers expose 200 law enforcement officers who 'joined anti-government extremist group the Oath Keepers' - Daily Mail Online

How fraudsters can use the forgotten details of your online life to reel you in - The Guardian

How loyalty programmes can safeguard against sophisticated cyberattacks - Gulf Business

Is hacking the next struggle for US agriculture? - The Star

Johnson Memorial Health struck by cyberattack Saturday - IndyStar

Panama is concerned that the new ICIJ ‘Pandora Papers’ leak may harm the country - The Washington Newsday

Portugal: Cyberattacks up during lockdown - The Portugal News

TA544 group behind a spike in Ursnif malware campaigns targeting Italy - Security Affairs

Telegram bots attack one-time passwords - Your Decommissioning News

Thailand cracks down on SMS scams and phishing calls - Pattayamail

Transnational fraud ring stole millions from Army members, veterans - Bleeping Computer

NEWS: Setembro (26/09 - 02/10) - 39 Semana de 2021